How can i take a user dump using powershell

powershell powershell-2.0 dump coredump
12,753

Solution 1

Based on this article from Risksense. MiniDump function from native comsvcs.dll Windows dll could be used.

Like:

Powershell -c rundll32.exe C:\Windows\System32\comsvcs.dll, MiniDump {ID-of-the-process} $Env:TEMP\my_dump_file.bin full

Solution 2

The easiest way is to use Procdump from Sysinternals toolkit. Use Get-Process to get process id, which you can pass to Procdump for actual dumping.

Edit:

I'd still rather use readily available tools instead of the hard way. Have you got a valid business reason? Since you insist, there is a Win32 API call that creates user mode memory dumps. It can be invoked from .Net code, so either use P/Invoke or embed C# into your Powershell code. This is left as an exercise to the reader.

Share:
12,753
Shree
Author by

Shree

Updated on June 04, 2022

Comments

  • Shree
    Shree about 2 years

    I want to take user dump of a process using powershell How can i do it? The same I get on rightclicking the process in Taskmanager

  • Shree
    Shree over 11 years
    Is there a way to do it using some internal commands of Powershell or cmd or using wmi:?
  • vonPryz
    vonPryz over 11 years
    Win32_product looks like a typo to me. In addition, Win32_process does provide you a handle for process, but not a way to create a memory dump for one.
  • Shree
    Shree over 11 years
    I wanted to have this because I need this script to run on a number of different Machines. and I dont want to install them on each of them .
  • zett42
    zett42 almost 4 years
    Note that the dump file path cannot have spaces (quoting doesn't work). For the directory part of the path, one can work around by setting the current directory (or specify argument -WorkingDirectory for Start-Process) so we only have to pass the filename of the dump file to rundll32.
  • user
    user about 3 years
    How to use procdump to collect a core on demand, i.e., now instead of waiting the process to crash or something else ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Get-ADUser filter by property length
PowerShell Tee-Object without overwriting file
Search for special characters in a string in PowerShell
How can a Windows PowerShell script pass its parameters through to another script invocation?
ERROR: Description = Invalid query
Load powershell script to be callable at any time
Convert PowerShell script into non-readable format
Powershell search matching string in word document
Apply service packs (.msu file) update using powershell scripts on local server
Pass a Team City Parameter to a PowerShell file