The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated dump file can be analyzed or debugged by using the standard debugging tools.
The userdump generates dump file by several triggers;
- Dump by specifying PID or process name from command line
- Dump automatically when process being monitored caused exceptions
- Dump automatically when process being monitored exited
- Dump by pressing hot key sequence
|