17 User Mode Process Dumper
User Mode Process Dumper Version 8.1
Brief Description
Microsoft Support Professionals Toolkit for Windows
The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image on the fly, without attaching a debugger, or terminating target processes.
The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image on the fly, without attaching a debugger, or terminating target processes.
On This Page
Quick Details
| File Name: | UserModeProcessDumper8_1_2929_5.exe | |
| Version: | 8.1.2929.5 | |
| Date Published: | 4/4/2007 | |
| Language: | English | |
| Download Size: | 3.5 MB | |
| Estimated Download Time: | 9 min 56K | Dial-up (56K)DSL/Cable (256K)DSL/Cable (768K)T1 (1.5M) 9 min |
Overview
The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated dump file can be analyzed or debugged by using the standard debugging tools.
The userdump generates dump file by several triggers;
Updates in April 4,2007 (Build 8.1.2929.5)
The userdump generates dump file by several triggers;
- Dump by specifying PID or process name from command line
- Dump automatically when process being monitored caused exceptions
- Dump automatically when process being monitored exited
- Dump by pressing hot key sequence
Updates in April 4,2007 (Build 8.1.2929.5)
- Userdum is now fully compatible with Windows Server 2003 SP2 and Windows XP x64 Edition SP2. Previously, Process Monitoring did not function on SP2 of these operating systems. The same problem also occurred if a hotfix for KB919341 or KB909613 was applied to SP1 of these operating systems. This problem has been fixed.
- System crash problem on Windows 2000 SP4 has been fixed. Bugcheck 0x1E (BucketID = userdump!ExtractImageFileName+26) could happen when a process monitored by Exit Monitor went to zombie state (the process is not alive but still remains in the system process list) and another process attempted to terminate the process in zombie state. Exit Monitor no longer dumps processes in zombie state in this case as they don’t have any meaningful memory image.
- Thread time information is added to the dump file by default so that debugger extension !runaway works.
- Added all other meaningful MiniDumpWriteDump() options available in dbghelp.dll V6.4.7.1
- Comment stream is added to the dump file indicating that the dump file was generated by userdump.exe. Comment includes Computer Name and how userdump.exe was launched
- New userdump.exe -W option is added to add Window handle information. udext.dll debugger extension DLL is provided to see this information by debugger to debug the dump file.
- EXEs and DLLs are now installed to %windir%\system32\kktools\ folder and this location is added to system path.
- Userdump.exe is linked with dbghelp.dll dynamically for x86, too. You now need userdump.exe and dbghelp.dll provided with userdump.exe even in command line mode. The same dbghelp.dll is also installed for full-featured mode.
- Userdump.exe no longer uses system provided dbghelp.dll on x64 and IPF. Instead, dbghelp.dll provided with userdump is always used on all platforms – x86, x64, and IPF.
- Process Monitoring and Hot Key snapshot support long process names up to 32 bytes.
- Process Monitoring supports "Switch the dumper" option to specify an alternative dumper such as sqldumper.exe.
- Process Exit Monitoring supports dumping both a process being killed and a process who called NtTerminateProcess() in the cross-process termination scenario.
- Process Exit Monitoring allows to specify either Complete minidump, Small minidump, or No dump .
- Process Exception Monitoring allows to specify Complete minidump or Small minidump.
- Process Exception Monitoring can catch exceptions raised by calling RaiseException() in WOW64 processes.
- Process Exception Monitoring always catches exceptions raised by RaiseException() regardless of "Ignore exceptions that occur inside Kernel32.dll" switch.
- The control panel applet was refined for better GUI.
- Non-privileged users can no longer launch the control panel applet.
- Improved event logging to log at the beginning and the end of dumping and indicates process names/PIDs.
System Requirements
- Supported Operating Systems: Windows 2000 Service Pack 3; Windows 2000 Service Pack 4; Windows Server 2003; Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2; Windows XP Embedded Service Pack 1; Windows XP Embedded Service Pack 2
Instructions
- If the previous version of the User Mode Process Dumper is installed, you need to uninstall first.
- Click the Download button on this page to start the download. Do one of the following:
- To start the installation immediately, click Open or Run this program from its current location
- To copy the download to your computer for installation at a later time, click Save or Save this program to disk.
- To start the installation immediately, click Open or Run this program from its current location
- To install the User Mode Process Dumper, run the UserModeProcessDumper8_1_2929_5.exe package. After you accept the Software License Terms, all necessary files are copied to the C:\kktools\userdump8.1 folder.
- Go to C:\kktools\userdump8.1\Architecture folder or the folder you specified in the previous step, and run setup.exe.
- Prior to starting and using the User Mode Process Dumper, please be sure to read the readme.htm file, which is located in the C:\kktools\userdump8.1 folder.
Additional Information
Microsoft and partners are jointly developing tools to improve Windows supportability. This joint-development project started from 1998 and has counted 8th phase already. At phase 8 project, the following partners are participating in the project.
Tools are owned and released by Microsoft Corporation under the name of "Microsoft Support Professionals Toolkit for Windows".
- Fujitsu Limited.
- Hitachi, Ltd.
- Nihon Unisys, Ltd.
- NTT Data Corporation
- Toshiba Corporation
Tools are owned and released by Microsoft Corporation under the name of "Microsoft Support Professionals Toolkit for Windows".
What Others Are Downloading
Others who downloaded User Mode Process Dumper Version 8.1 also downloaded:
이 글은 스프링노트에서 작성되었습니다.
'Windows System Application' 카테고리의 다른 글
| 드라이버를 분석하느라 당분간 NDS나 PSP쪽을 못할 것 같습니다. ^^;;; (2) | 2008.05.19 |
|---|---|
| 18 Path 관련 Shell API (0) | 2008.02.09 |
| 15 오디오 드라이버를 이용한 exploit 개발 (0) | 2008.01.14 |
| 13 안티 크래킹 관련 자료 (4) | 2007.12.08 |
| 온라인 게임 해킹( Cheating in On-line Games )에 관한 내용 자료들 (0) | 2007.11.16 |