17 User Mode Process Dumper

원문 : http://www.microsoft.com/Downloads/details.aspx?FamilyID=e089ca41-6a87-40c8-bf69-28ac08570b7e&displaylang=en

 

User Mode Process Dumper Version 8.1

Brief Description
Microsoft Support Professionals Toolkit for Windows
The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image on the fly, without attaching a debugger, or terminating target processes.

On This Page

Quick Details
File Name: UserModeProcessDumper8_1_2929_5.exe
Version: 8.1.2929.5
Date Published: 4/4/2007
Language: English
Download Size: 3.5 MB
Estimated Download Time: Dial-up (56K)DSL/Cable (256K)DSL/Cable (768K)T1 (1.5M) 9 min 

Overview

The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated dump file can be analyzed or debugged by using the standard debugging tools.

The userdump generates dump file by several triggers;
  • Dump by specifying PID or process name from command line
  • Dump automatically when process being monitored caused exceptions
  • Dump automatically when process being monitored exited
  • Dump by pressing hot key sequence


Updates in April 4,2007 (Build 8.1.2929.5)
  • Userdum is now fully compatible with Windows Server 2003 SP2 and Windows XP x64 Edition SP2. Previously, Process Monitoring did not function on SP2 of these operating systems. The same problem also occurred if a hotfix for KB919341 or KB909613 was applied to SP1 of these operating systems. This problem has been fixed.
  • System crash problem on Windows 2000 SP4 has been fixed. Bugcheck 0x1E (BucketID = userdump!ExtractImageFileName+26) could happen when a process monitored by Exit Monitor went to zombie state (the process is not alive but still remains in the system process list) and another process attempted to terminate the process in zombie state. Exit Monitor no longer dumps processes in zombie state in this case as they don’t have any meaningful memory image.
Updates in August 7,2006 (Build 8.1.2929.4)
  • Thread time information is added to the dump file by default so that debugger extension !runaway works.
  • Added all other meaningful MiniDumpWriteDump() options available in dbghelp.dll V6.4.7.1
  • Comment stream is added to the dump file indicating that the dump file was generated by userdump.exe. Comment includes Computer Name and how userdump.exe was launched
  • New userdump.exe -W option is added to add Window handle information. udext.dll debugger extension DLL is provided to see this information by debugger to debug the dump file.
  • EXEs and DLLs are now installed to %windir%\system32\kktools\ folder and this location is added to system path.
  • Userdump.exe is linked with dbghelp.dll dynamically for x86, too. You now need userdump.exe and dbghelp.dll provided with userdump.exe even in command line mode. The same dbghelp.dll is also installed for full-featured mode.
  • Userdump.exe no longer uses system provided dbghelp.dll on x64 and IPF. Instead, dbghelp.dll provided with userdump is always used on all platforms – x86, x64, and IPF.
  • Process Monitoring and Hot Key snapshot support long process names up to 32 bytes.
  • Process Monitoring supports "Switch the dumper" option to specify an alternative dumper such as sqldumper.exe.
  • Process Exit Monitoring supports dumping both a process being killed and a process who called NtTerminateProcess() in the cross-process termination scenario.
  • Process Exit Monitoring allows to specify either Complete minidump, Small minidump, or No dump .
  • Process Exception Monitoring allows to specify Complete minidump or Small minidump.
  • Process Exception Monitoring can catch exceptions raised by calling RaiseException() in WOW64 processes.
  • Process Exception Monitoring always catches exceptions raised by RaiseException() regardless of "Ignore exceptions that occur inside Kernel32.dll" switch.
  • The control panel applet was refined for better GUI.
  • Non-privileged users can no longer launch the control panel applet.
  • Improved event logging to log at the beginning and the end of dumping and indicates process names/PIDs.

 Top of page

System Requirements

  • Supported Operating Systems: Windows 2000 Service Pack 3; Windows 2000 Service Pack 4; Windows Server 2003; Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2; Windows XP Embedded Service Pack 1; Windows XP Embedded Service Pack 2
You need a debugger tool which support dump file analysis like "Debugging Tools for Windows"

 Top of page

Instructions

  1. If the previous version of the User Mode Process Dumper is installed, you need to uninstall first.

  2. Click the Download button on this page to start the download. Do one of the following:

    1. To start the installation immediately, click Open or Run this program from its current location

    2. To copy the download to your computer for installation at a later time, click Save or Save this program to disk.

  3. To install the User Mode Process Dumper, run the UserModeProcessDumper8_1_2929_5.exe package. After you accept the Software License Terms, all necessary files are copied to the C:\kktools\userdump8.1 folder.

  4. Go to C:\kktools\userdump8.1\Architecture folder or the folder you specified in the previous step, and run setup.exe.

  5. Prior to starting and using the User Mode Process Dumper, please be sure to read the readme.htm file, which is located in the C:\kktools\userdump8.1 folder.

 Top of page

Additional Information

Microsoft and partners are jointly developing tools to improve Windows supportability. This joint-development project started from 1998 and has counted 8th phase already. At phase 8 project, the following partners are participating in the project.
  • Fujitsu Limited.
  • Hitachi, Ltd.
  • Nihon Unisys, Ltd.
  • NTT Data Corporation
  • Toshiba Corporation

Tools are owned and released by Microsoft Corporation under the name of "Microsoft Support Professionals Toolkit for Windows".

 Top of page

 Top of page

 Top of page

 Top of page

 

이 글은 스프링노트에서 작성되었습니다.

+ Recent posts