XADM: How to Use Userdump.exe to Capture the State of the Information Store

This article provides a brief description of how to use the Userdump.exe utility to capture the state of a process that is associated with Exchange Server. This utility can be very useful when you troubleshoot servers that have stopped responding and unresponsive processes, or when you gather thread information for a particular process. Detailed documentation (the Userdocs.doc file) accompanies the utility.

Although this article focuses primarily on how to dump the state of the information store (Store.exe), it also applies to the directory (Dsamain.exe) as well as any other user mode process.

You can install the Userdump.exe utility as part of the Microsoft Platform Software Development Kit (SDK), the Microsoft Windows Debuggers, or as a stand-alone application. You can download the Userdump.exe utility as part of the OEM Support Tools package from the following Microsoft Web site: You can install the Userdump utility by using Setup.exe, or you can also extract and manually invoke the executable file (Userdump.exe) by using the command line.

If you run Setup to install the Userdump utility, some additional features (described in detail in the Userdocs.doc that accompanies the Userdump utility) are enabled, such as the following:

• Process self dumping. The Userdump utility supports a feature that allows an application to cause itself to be dumped, for example, in an exception handler block or a top-level unhandled exception filter.
• Hot-key process snapshot. You can associate a single keystroke with an image binary and trigger a dump.
• Exception monitoring. The Userdump utility can monitor applications that are running for exceptions, and can automatically generate dumps when certain exceptions occur. You configure the rules that dictate whether an exception triggers a dump for each application by using a page in the Process Dump utility in Control Panel.

Command-Line Process Snapshot

If you invoke the Userdump utility with no arguments, usage is displayed:

Displaying a Process List with the "userdump -p" Command

If you specify the -p command-line parameter, as shown in the following example, a list of processes and process IDs that are currently running is displayed. If you specify -p is as the first argument, any other arguments are ignored. In Microsoft Windows NT Server version 4.0 and Microsoft Windows 2000 Server systems, you can also display process IDs by using the Processes tab in Task Manager, which you can activate by pressing CTRL+SHIFT+ESC.

Dumping Running Processes

Invoke Userdump.exe at the command line with a process identifier (in decimal or 0x-prefixed hexadecimal notation) or application name and the file name of the dump file that you want to create. The application name is the name of the binary, including the base and extension but no path specification. If the process argument is a valid decimal or 0x-prefixed hexadecimal number, it is interpreted as a process ID. When you specify the process ID 1188, which is the process ID for the information store Store.exe, as shown in the example above, only that process is dumped: If the process argument is not a valid decimal or 0x-prefixed hexadecimal number, it is interpreted as the name of an image binary. The image binary name should be the base name with no path specifiers, for example: If you do not specify a dump file name, the dump file is placed in the current folder by using a name based on the image binary file name, as shown in the following example: The target process is unaffected, although the process threads are frozen while the process is read by the Userdump.exe utility, and the target process continues to run unaltered after the dump is finished.