Dump running Win32 process memory image

User Mode Process Dumper ver. 8.1 (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated dump file can be analyzed or debugged by using the standard debugging tools.

The userdump generates dump file by several triggers;

  • Dump by specifying PID or process name from command line
  • Dump automatically when process being monitored caused exceptions
  • Dump automatically when process being monitored exited
  • Dump by pressing hot key sequence

Download from Microsoft.

%d bloggers like this: