« ProcessHistory for 32-bit and 64-bit platforms
Preview of DumpDepends tool »

Dumping processes without breaking them

You can do it on any Windows system without installing any additional tools like Userdump or WinDbg. And your process won’t be interrupted while the dump is being saved and will continue to work. Use the following command:

ntsd -pvr -p 'PID' -c ".dump /ma /u process.dmp; q"

PID is a decimal process ID you can get from Task Manager, for example. 

Note: on x64 system to dump a 32-bit process (shown as *32 in Task Manager) you need to use NTSD from \Windows\SysWOW64 folder.

- Dmitry Vostokov -

This entry was posted on Saturday, October 28th, 2006 at 12:34 pm and is filed under Crash Dump Analysis, Tools. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Dumping processes without breaking them”

  1. Chris Says:
    May 25th, 2007 at 4:45 pm

    recieve an error that switches are invalid and don’t see switches on man page.

  2. Dmitry Vostokov Says:
    May 26th, 2007 at 8:35 am

    This is because I forgot to mention that it will work only in Windows 2003.
    On Windows 2000 and XP there is an older version of NTSD.

    Thanks,
    Dmitry

Leave a Reply

You must be logged in to post a comment.