Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can i take a user dump using powershell

I want to take user dump of a process using powershell How can i do it? The same I get on rightclicking the process in Taskmanager

like image 253
Shree Avatar asked Mar 20 '13 12:03

Shree


People also ask

How do I Export a list of users from AD?

1. Run Netwrix Auditor → Click “Reports” → Navigate to Active Directory → “Active Directory State-in-Time” → Select “User Accounts” → Click “View”. 2. To export the report to a CVV file, click the "Export" button → Choose “CSV” → Click "Save".

How do I Export a list of users from Active Directory using PowerShell?

All you need to do is open ADUC, navigate to your desired OU, and click the Export List button. This will export all of the accounts in the OU to a tab delimited text file. If you want to view the data in CSV form just change the extension from .

How do I get all users in an OU PowerShell?

Simply open the “User Accounts” report, specify the path to the OU you're interested in and run the report. You'll get a list of the members of that OU with the following user account properties: name, logon name and status.


2 Answers

Based on this article from Risksense. MiniDump function from native comsvcs.dll Windows dll could be used.

Like:

Powershell -c rundll32.exe C:\Windows\System32\comsvcs.dll, MiniDump {ID-of-the-process} $Env:TEMP\my_dump_file.bin full
like image 152
Renat Avatar answered Sep 22 '22 17:09

Renat


The easiest way is to use Procdump from Sysinternals toolkit. Use Get-Process to get process id, which you can pass to Procdump for actual dumping.

Edit:

I'd still rather use readily available tools instead of the hard way. Have you got a valid business reason? Since you insist, there is a Win32 API call that creates user mode memory dumps. It can be invoked from .Net code, so either use P/Invoke or embed C# into your Powershell code. This is left as an exercise to the reader.

like image 31
vonPryz Avatar answered Sep 22 '22 17:09

vonPryz