Creating a W3WP Memory dump on Windows Server 2003

On a web server with multiple application pools, there most likely will be multiple W3WP processes. Therefore, the first action to take when creating a memory dump of a W3WP worker process is to find which one you need to get the dump of.

I wrote a short article on how to get a worker process memory dump for IIS 6, IIS 7 and IIS 7.5 here.

Specifically for IIS 6, open IIS 6 Management Console and select the web site which is having the problem, in this example, let’s assume the “Default Web Site”. Right-click the “Default Web Site” and then select Properties as shown in Figure 1.

Figure 1, popup menu for Default Web Site

Selecting Properties will open the Default Web Site Properties window as shown in Figure 2. Select the Home Directory tab and you will find the application pool which is being used for the web site selected in the Application pool dropdown, in this case DefaultAppPool.

Figure 2, Default Web Site Properties window

Next, use the iisapp.vbs script to show a list of all running application pools with associated PID, as shown in Figure 3:

Figure 3, using the iisapp.vbs script to find PID and AppPoolId

You can find the same in Task Manager, but unfortunately, it will not show you the name of the application pool. See the following Figure 4.

Figure 4, Task Manager w3wp.exe process and PID without associated application pool name

Once you have the PID of the w3wp.exe worker process, download ProcDump from here, and execute the “example” command line shown in Figure 5.

Figure 5, ProcDump command example

Note: The command shown in figure 5 will create a 32bit memory dump, ProcDump creates a 32bit dump by default. If your worker process and OS are 64bit you need to add the -64 parameter to capture the dump correctly, simply place -64 before the –ma, as the following command shows:

C:\>procdump –64 –ma –o 2028 w3wp-2028.dmp

Another example:

If you are experiencing high CPU utilization and want to create the memory dump once the CPU has exceed 90 percent for 15 seconds, your command would be similar to the following:

C:\>procdump –ma –c 90 –s 15 –o 2028 w3wp-2028.dmp

Closing:

There are numerous parameters which can be passed to ProcDump and are discussed in detail on the ProcDump download page.

Once the dump is created you can analyze it using WinDbg and find the reason for its incorrect behavior.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

The Best C# Programmer In The World - Benjamin Perkins

articles about C# and numerous other technologies

Figure 1, popup menu for Default Web Site

Figure 2, Default Web Site Properties window

Figure 3, using the iisapp.vbs script to find PID and AppPoolId

Figure 4, Task Manager w3wp.exe process and PID without associated application pool name

Figure 5, ProcDump command example