13
4
Are there any tools to dump the running application from memory in Windows 7?
abmv
Posted 2010-04-23T07:11:01.890
Reputation: 276
How can I dump the memory of a process in Windows 7?
Answers
14
just "right click" the process in the taskmanager and select "create memory dump"
akira
Posted 2010-04-23T07:11:01.890
Reputation: 52 754
2
Simplest is probably procdump from SysInternals.
The Debugging Tools for Windows gives more advanced options (e.g. automatically dump the process on certain conditions).
Richard
Posted 2010-04-23T07:11:01.890
Reputation: 8 152
0
You can use adplus -crash -p <process id> -o <place to put the dump> from command line if the process you want to dump is crashing at some point. see here
panny
Posted 2010-04-23T07:11:01.890
Reputation: 615
can i still be able to run that file? – abmv – 2010-06-01T10:12:20.143
@abmv: "run" as in .. start the dump? or do you ask if the dumping process stops the process? if it is the latter: dumping the memory does not stop the process. – akira – 2010-06-01T10:41:15.300
well i'm looking for something like PROCDUMP32 – abmv – 2010-06-02T16:56:34.120
@abmv: well, that is not what you asked for in the first place. a good tool for reverse engineering is "ida pro" (http://www.hex-rays.com/idapro).
– akira – 2010-06-02T19:08:57.680i guess the word dump was misleading thanks for you reply – abmv – 2010-06-03T07:02:59.223
Do note that you can only do this on Windows 6.x variants (Win7/Vista/2008). Win5.x cannot do this without Process Explorer from SysInternals.
– Breakthrough – 2011-07-12T13:46:50.460yep, but thats what OP wanted :) – akira – 2011-07-13T11:14:52.307