17

Are there any tools to dump the running application from memory in Windows 7?

Gaff
  • 18,569
  • 15
  • 57
  • 68
abmv
  • 315
  • 1
  • 6
  • 15

3 Answers3

18

just "right click" the process in the taskmanager and select "create memory dump"

alt text

Gaff
  • 18,569
  • 15
  • 57
  • 68
akira
  • 61,009
  • 17
  • 135
  • 165
  • can i still be able to run that file? – abmv Jun 01 '10 at 10:12
  • @abmv: "run" as in .. start the dump? or do you ask if the dumping process stops the process? if it is the latter: dumping the memory does not stop the process. – akira Jun 01 '10 at 10:41
  • well i'm looking for something like PROCDUMP32 – abmv Jun 02 '10 at 16:56
  • @abmv: well, that is not what you asked for in the first place. a good tool for reverse engineering is "ida pro" (http://www.hex-rays.com/idapro). – akira Jun 02 '10 at 19:08
  • i guess the word dump was misleading thanks for you reply – abmv Jun 03 '10 at 07:02
  • Do note that you can only do this on Windows 6.x variants (Win7/Vista/2008). Win5.x cannot do this without [Process Explorer](http://technet.microsoft.com/en-us/sysinternals/bb896653) from SysInternals. – Breakthrough Jul 12 '11 at 13:46
  • yep, but thats what OP wanted :) – akira Jul 13 '11 at 11:14
2

Simplest is probably procdump from SysInternals.

The Debugging Tools for Windows gives more advanced options (e.g. automatically dump the process on certain conditions).

Richard
  • 8,952
  • 3
  • 26
  • 27
0

You can use adplus -crash -p <process id> -o <place to put the dump> from command line if the process you want to dump is crashing at some point. see here

panny
  • 655
  • 9
  • 23