Brief Description
Microsoft Support Professionals Toolkit for Windows
The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image on the fly, without attaching a debugger, or terminating target processes.
The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image on the fly, without attaching a debugger, or terminating target processes.
Overview
The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated dump file can be analyzed or debugged by using the standard debugging tools.
The userdump generates dump file by several triggers;
- Dump by specifying PID or process name from command line
- Dump automatically when process being monitored caused exceptions
- Dump automatically when process being monitored exited
- Dump by pressing hot key sequence
Changes from the Version 8.0
- Thread time information is added to the dump file by default so that debugger extension !runaway works.
- Added all other meaningful MiniDumpWriteDump() options available in dbghelp.dll V6.4.7.1
- Comment stream is added to the dump file indicating that the dump file was generated by userdump.exe. Comment includes Computer Name and how userdump.exe was launched
- New userdump.exe -W option is added to add Window handle information. udext.dll debugger extension DLL is provided to see this information by debugger to debug the dump file.
- EXEs and DLLs are now installed to %windir%/system32/kktools/ folder and this location is added to system path.
- Userdump.exe is linked with dbghelp.dll dynamically for x86, too. You now need userdump.exe and dbghelp.dll provided with userdump.exe even in command line mode. The same dbghelp.dll is also installed for full-featured mode.
- Userdump.exe no longer uses system provided dbghelp.dll on x64 and IPF. Instead, dbghelp.dll provided with userdump is always used on all platforms – x86, x64, and IPF.
- Process Monitoring and Hot Key snapshot support long process names up to 32 bytes.
- Process Monitoring supports "Switch the dumper" option to specify an alternative dumper such as sqldumper.exe.
- Process Exit Monitoring supports dumping both a process being killed and a process who called NtTerminateProcess() in the cross-process termination scenario.
- Process Exit Monitoring allows to specify either Complete minidump, Small minidump, or No dump .
- Process Exception Monitoring allows to specify Complete minidump or Small minidump.
- Process Exception Monitoring can catch exceptions raised by calling RaiseException() in WOW64 processes.
- Process Exception Monitoring always catches exceptions raised by RaiseException() regardless of "Ignore exceptions that occur inside Kernel32.dll" switch.
- The control panel applet was refined for better GUI.
- Non-privileged users can no longer launch the control panel applet.
- Improved event logging to log at the beginning and the end of dumping and indicates process names/PIDs.
System Requirements
- Supported Operating Systems: Windows 2000 Service Pack 3; Windows 2000 Service Pack 4; Windows Server 2003; Windows Server 2003 Service Pack 1; Windows XP Embedded Service Pack 1; Windows XP Embedded Service Pack 2
You need a debugger tool which support dump file analysis like "Debugging Tools for Windows"
Instructions
- If the previous version of the User Mode Process Dumper is installed, you need to uninstall first.
- Click the Download button on this page to start the download. Do one of the following:
- To start the installation immediately, click Open or Run this program from its current location
- To copy the download to your computer for installation at a later time, click Save or Save this program to disk.
- To install the User Mode Process Dumper, run the UserModeProcessDumper8_1_2929_4.exe package. After you accept the Software License Terms, all necessary files are copied to the C:/kktools/userdump8.1 folder.
- Go to C:/kktools/userdump8.1/Architecture folder or the folder you specified in the previous step, and run setup.exe.
- Prior to starting and using the User Mode Process Dumper, please be sure to read the readme.htm file, which is located in the C:/kktools/userdump8.1 folder.
Additional Information
Microsoft and partners are jointly developing tools to improve Windows supportability. This joint-development project started from 1998 and has counted 8th phase already. At phase 8 project, the following partners are participating in the project.
- Fujitsu Limited.
- Hitachi, Ltd.
- Nihon Unisys, Ltd.
- NTT Data Corporation
- Toshiba Corporation
Tools are owned and released by Microsoft Corporation under the name of "Microsoft Support Professionals Toolkit for Windows".