5 Ways to Create a Process Dump in Windows
When an application crashes, hangs, or behaves unexpectedly, a process dump captures the program’s memory and execution state so you can diagnose the problem. Below are five practical methods to create process dumps in Windows, when to use each, and step-by-step instructions.
1) Task Manager — quick full dump (user-facing, easy)
When to use: Fast capture for a single process when you have GUI access. Steps:
- Open Task Manager (Ctrl+Shift+Esc).
- Find the target process under the Processes tab.
- Right-click the process and choose Create dump file.
- Note the path shown (usually in %LOCALAPPDATA%\CrashDumps). Copy the .dmp file for analysis.
Notes: Produces a full user-mode dump suitable for basic debugging; minimal options for customization.
2) ProcDump (Sysinternals) — powerful and scriptable
When to use: Triggered dumps on exceptions, CPU/RAM thresholds, or hangs; automation-friendly. Steps:
- Download ProcDump from Microsoft Sysinternals and extract procdump.exe.
- Basic manual dump:
Code
procdump -maC:\dumps\process.dmp - Example: capture on unhandled exception and write minidump:
Code
procdump -e -ma -n 1C:\dumps - For CPU spike capture:
Code
procdump -c 80 -s 10 -maC:\dumps
Notes: -ma produces a full memory dump; -mp for minidump variants. Ideal for production and automated monitoring.
3) Windows Error Reporting (WER) / LocalDumps — automatic and post-crash
When to use: Collect dumps automatically on crashes across many machines. Steps:
- Create registry key:
Code
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps - Under LocalDumps create values:
- DumpFolder (REG_EXPAND_SZ) = C:\dumps
- DumpCount (REG_DWORD) = 10
- DumpType (REGDWORD) = 2(2 = full dump, 1 = mini dump)
- Restart affected service or wait for next crash; WER will write dumps to DumpFolder.
Notes: Good for long-term collection in enterprise environments. Use carefully to manage disk usage.
4) WinDbg (or cdb) — controlled live debugging dump
When to use: When you need precise control, stack context, or are already attached for debugging. Steps:
- Install Windows SDK Debugging Tools (WinDbg).
- Attach to process:
- In WinDbg: File → Attach to a Process → choose PID.
- Create a dump:
Code
.dump /ma C:\dumps\process.dmp - Detach or continue debugging.
Notes: Best when you need additional live inspection before dump. Requires debugging familiarity.
5) PowerShell (Start-Process + CreateDump via Debugging Tools) — scriptable via built-ins
When to use: Automated scripts or when you prefer PowerShell-only workflows. Steps (using built-in MiniDumpWriteDump via script or using procdump invoked from PowerShell):
- With ProcDump from PowerShell:
Code
Start-Process -FilePath “procdump.exe” -ArgumentList “-ma”,””,“C:\dumps\process.dmp” -NoNewWindow -Wait - Or use a PowerShell function that calls native MiniDumpWriteDump via P/Invoke (advanced; search for community implementations).
Notes: PowerShell makes integrating dumps into deployment scripts and scheduled tasks easy.
Which method to choose
- Quick GUI: Task Manager.
- Automated/triggered: ProcDump or WER LocalDumps.
- Deep debugging: WinDbg.
- Scripting / orchestration: PowerShell + ProcDump.
Tips for sharing and analyzing dumps
- Strip PII before sharing; include matching symbols (.pdb) and application build info.
- Use WinDbg, Visual Studio, or automated services like Debugging Tools to analyze.
- Keep dumps compressed and limit retention to control disk usage.
If you want, I can provide a ready-to-run ProcDump script to capture dumps on high CPU or a PowerShell function that wraps MiniDumpWriteDump.
Leave a Reply