Dump With FREB

Adrian Jenkins
3 min readJun 2, 2022

In this article we will learn how to take FREB files and dump simultaneously.


  • Install Failed Request Tracing Module

Install-WindowsFeature -name Web-Http-Tracing

After downloading it, do the following:

  1. Unzip it and copy the “procdump.exe”
  2. Create a folder called “procdump” at C drive level => “C:\procdump”
  3. Paste the “procdump.exe” in that folder

This will be that path where FREB will find procdump executable.

Example Image:

  • Create a folder called “generated_dumps” at C drive level => “C:\generated_dumps”

This is where the generated dumps will be written.

Example Image:

In this example I will create a FREB rule to generate a file if a request takes at least 8 seconds. In addition to this, FREB will be configure to do a custom action if time taken trigger is met. It will generate a dump.

Go to your site/application where you want to set the FREB rule and create your rule normally.

Now we need to allow Failed Request Tracing Module to accept custom actions

Go at Server level

  • Configuration Editor > system.applicationHost/sites > Collection > … > Select Your Site > traceFailedRequestLogging > customActionEnabled : True

Close window and in the Actions pane click “apply”.

We just allowed Failed Request Tracing Module to do custom actions.

Now, go to your site where you created the rule:

  • Configuration Editor > system.webServer/tracing/traceFailedRequests > Collection > … > Select the rule that you have created

In here, fill the following attributes with the path where the executable is, the command + path where you would like files to store and with the limit of this custom action:

  • customActionExe : C:\procdump\procdump.exe
  • customActionsParams: -accepteula -ma %1% C:\generated_dumps
  • customActionTriggerLimit: 3 (It will generate a maximum of three dumps)

The “%1%” is vital as it will pass the PID of w3wp.exe to procdump.

Close window and in the Actions pane click “apply”.

Reproduce issue and voila:

As we set a maximum of three for custom action, only three dumps will be written.

That is it.

If you want to reset count, you will have to edit “customActionTriggerLimit”, set another number and save it. It is not enough to only erase dumps.