JSI Tip 10057. The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image on the fly, without attaching a debugger, or terminating target processes.


The Microsoft Download Center User Mode Process Dumper Version 8.0 page contains the following overview:

The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated dump file can be analyzed or debugged by using the standard debugging tools.

The userdump generates dump file by several triggers;

  • Dump by specifying PID or process name from command line

  • Dump automatically when process being monitored caused exceptions

  • Dump automatically when process being monitored exited

  • Dump by pressing hot key sequence



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish