Procdump for Linux

If you have administered Windows computers or assisted in Windows malware removal, then there is a good chance you have heard of the popular free Sysinternals utilities. 

These utilities were created by a company called Winternals that was purchased by Microsoft in 2006 and offered power users the ability to manipulate files, processes, and various Windows internals in a highly granular way.

According to a Tweet, Microsoft is now porting these utilities to Linux starting with the Windows ProcDump utility.

ProcDump is a utility that allows users to create crash dumps, or core dumps, of processes based upon certain criteria such as high CPU utilization, various time intervals, when the process has an unhandled exception, or when it hangs.

Now Linux users can either compile ProcDump or install a precompiled binary. Instructions on how to do this can be found at the project's GitHub page.

ProcDump Demonstration
ProcDump Demonstration

The Linux version of ProcDump does not offer all of the same features that the Windows version does. For example, the Linux version only allows you to create core dumps based on CPU utilization, memory usage, or over various intervals of time.

The options for the Linux version are shown below.

Usage: procdump [OPTIONS...] TARGET
      -C          CPU threshold at which to create a dump of the process from 0 to 100 * nCPU
      -c          CPU threshold below which to create a dump of the process from 0 to 100 * nCPU
      -M          Memory commit threshold in MB at which to create a dump
      -m          Trigger when memory commit drops below specified MB value.
      -n          Number of dumps to write before exiting
      -s          Consecutive seconds before dump is written (default is 10)
   TARGET must be exactly one of these:
      -p          pid of the process
      -w          Name of the process executable

Microsoft plans on porting other Sysinternals utilities

Microsoft has also announced that ProcMon for Linux is already under development and that they plan on porting more Sysinternals tools as well.

Users have already requested Process Explorer, and if there are any other recommendations, Microsoft appears to be willing and ready to listen.

Related Articles:

Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks

Microsoft November 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities

Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities

The Intel Microcode Boot Loader Protects Older CPUs From Spectre

iSH - An iOS Linux Shell for Your iPhone or iPad