Menu
Since windows Vista, we have the nice option to create a memory dump of a process directly from Task Manager. Sadly, Windows Server 2003 does not have this option yet :( I found ways to do a complete system-wide memory dump, but that's a bit too much.
Is there a way to dump a single process? As this is a production Server, I do not want to install any heavy-weight tools or and service that runs in the background, ideally I'd just like to dump the process, copy the dump to my own machine and debug it there.
571
Enable memory dump settingIn Control Panel, select System and Security > System. Select Advanced system settings, and then select the Advanced tab. In the Startup and Recovery area, select Settings. Make sure that Kernel memory dump or Complete memory dump is selected under Writing Debugging Information.
A complete memory dump records all the contents of system memory when your computer stops unexpectedly. A complete memory dump may contain data from processes that were running when the memory dump was collected.
You can attach the Windows debugger (ntsd or windbg) to the proccess, then when you want to create a dump of the process you can use the .dump command:
0:000> .dump /ma myprocess-crash.dmp
Creating myprocess-crash.dmp - mini user dump
Dump successfully written
0:000>
Yes, look for userdump.exe. See this KB article.
29
I think this 'answer' should be a comment under jeffamaphone's answer but I do not have enough reputation to comment.
Windows Server 2003 ships with ntsd so there is no need to install anything. Get the Process ID of the process and attach ntsd to the process:
C:> ntsd -p 4356
Then use ntsd to dump the process:
.dump /f c:\MyDumpFiles\foo.dmp
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
