How to capture a memory dump of a W3WP process that consumes too much CPU

If you want to find out why a W3WP worker process is consuming so much CPU, you can use ProcDump. You might also use LogParser to look at the time-taken field, but to get to the root cause you will need to get deep into the source. Before you can get a memory dump, you need the PID of the worker process. You can get the PID in a number of ways. Below I illustrate using either PowerShell or AppCmd, for example.

Here is a previous article I wrote that covers how to get the PID of a worker process in PowerShell. Figure 1 illustrated the specific PowerShell command.

image

Figure 1, finding the W3WP PID using PowerShell

You can also find the PID using AppCmd, as shown in Figure 2. I wrote a more detailed article about how to do this here.

image

Figure 2, finding the W3WP PID using AppCmd

When you have found the PID (Process ID), you can use it as a parameter of the ProcDump command. Enter this ProcDump command, shown in Figure 3, to capture a 64-bit full memory dump when the CPU consumption is greater than 90% for 5 seconds:

C:>procdump -64 -ma -c 90 -s 5 -o PID c:\PID.dmp

image

Figure 3, a ProcDump command to capture CPU consumption

Then you can use tools like Debug Diagnostic or WinDbg to analyze the memory dump and find out what is consuming the CPU.