问题
I want to take user dump of a process using powershell How can i do it? The same I get on rightclicking the process in Taskmanager
回答1:
The easiest way is to use Procdump from Sysinternals toolkit. Use Get-Process to get process id, which you can pass to Procdump for actual dumping.
Edit:
I'd still rather use readily available tools instead of the hard way. Have you got a valid business reason? Since you insist, there is a Win32 API call that creates user mode memory dumps. It can be invoked from .Net code, so either use P/Invoke or embed C# into your Powershell code. This is left as an exercise to the reader.
回答2:
Hi sorry I'm not much help. I've never used a DUP file before. But there is a WMI class called Win32_Process:
Get-WMIObject -Class Win32_Process
Not sure if that's the info you are looking for. Has different properties than Get-Process.
回答3:
I had a similar use case where I needed to create a dump for an IIS process. Granted I could have used DebugDiag, but I ended up going down this path. Here's what I used (and works pretty well, I should add):
$procid = Get-Process | Where-Object {$_.ProcessName -eq 'w3wp'} | Select-Object ProcessName,Id
New-Item -Path "c:\temp\Dumps" -Type directory -Force
cmd.exe /c "c:\temp\procdump64.exe" $procid.id -accepteula -mp "c:\temp\Dumps"
Furthermore, you could use these dump files for analysis using DebugDiag too. So it's a win-win in my opinion.
PS: Theoretically, one could also get the Process ID using the
Get-CimInstancecmdlet. So something like this would also work:
Get-CimInstance -Query "SELECT * from Win32_Process WHERE name LIKE 'w3wp%'"
回答4:
Based on this article from Risksense. MiniDump function from native comsvcs.dll Windows dll could be used.
Like:
Powershell -c rundll32.exe C:\Windows\System32\comsvcs.dll, MiniDump {ID-of-the-process} $Env:TEMP\my_dump_file.bin full
来源:https://stackoverflow.com/questions/15523460/how-can-i-take-a-user-dump-using-powershell