Menu
I want to take user dump of a process using powershell How can i do it? The same I get on rightclicking the process in Taskmanager
253
1. Run Netwrix Auditor → Click “Reports” → Navigate to Active Directory → “Active Directory State-in-Time” → Select “User Accounts” → Click “View”. 2. To export the report to a CVV file, click the "Export" button → Choose “CSV” → Click "Save".
All you need to do is open ADUC, navigate to your desired OU, and click the Export List button. This will export all of the accounts in the OU to a tab delimited text file. If you want to view the data in CSV form just change the extension from .
Simply open the “User Accounts” report, specify the path to the OU you're interested in and run the report. You'll get a list of the members of that OU with the following user account properties: name, logon name and status.
Based on this article from Risksense. MiniDump function from native comsvcs.dll Windows dll could be used.
Like:
Powershell -c rundll32.exe C:\Windows\System32\comsvcs.dll, MiniDump {ID-of-the-process} $Env:TEMP\my_dump_file.bin full
The easiest way is to use Procdump from Sysinternals toolkit. Use Get-Process to get process id, which you can pass to Procdump for actual dumping.
Edit:
I'd still rather use readily available tools instead of the hard way. Have you got a valid business reason? Since you insist, there is a Win32 API call that creates user mode memory dumps. It can be invoked from .Net code, so either use P/Invoke or embed C# into your Powershell code. This is left as an exercise to the reader.
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
