How to get the dump file of a process in Windows?

A dump is a snapshot of an application at the point in time the dump is taken. It shows what was being executed, which modules are loaded, and if saved with a heap, contains a snapshot of what was in the application’s memory at that point in time. Beginning in Windows Vista, the Windows Task Manager has included support for creating dump files. This can be very useful and is slightly quicker and less complicated than creating a dump using ProcDump or Visual Studio.

Standart Task Manager

1. Open Task Manager.
2. If you are using:
   • Windows 7, go to the Processes tab.
   • Windows 11, the Processes tab will be opened by default. Proceed to the next step.
   • Windows 8, 8.1, 10 or Windows Server 2008, click More details.
3. Right-click the process for which you need to create a dump file. Select Create memory dump file.
4. Getting a process dump in Microsoft Windows.
5. Wait until you get the notification on successful creation of the file.

Process Explorer

1. Download Process Explorer from Windows Sysinternals site.
2. Unzip the archive and start Process Explorer. If you are going to dump a process running under another user (e.g. NT AUTHORITY\SYSTEM), you must run the program as an administrator.
3. Right-click the process for which you need to create a dump file. Select Create Dump → Create Full Dump.
4. Select a folred to keep the dump file.
5. Wait until you get the notification on successful creation of the file.

https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

ProcDump (via CLI)

ProcDump, a Windows Sysinternals tool. It allows you to create dumps of the processes in any scenario that may arise while troubleshooting issues with windows apps.

1. Download ProcDump from Windows Sysinternals site.
2. Create a folder where dumps will be stored (e.g. c:\dmp\).
3. Unzip the archive and put files in to the created directory.
4. Run a console, for example cmd. I recommend running it with administrative privileges. And go to the folder
5. Depending on the issue (immediate process crash, hanging process, lock-up etc.)
   • Situations when processes are crashing (e.g. right upon starting, or they crash randomly) can be universally handled by the following command:

     procdump64 -e -ma -w <process_name>

     this will execute ProcDump to monitor for the process to start (if it's not running yet) and create a full process memory dump as soon as it encounters an unhandled exception and crashes.

   • If you need to create a dump file of the running process in its current state, use the following command:

     procdump64 -ma -s 5 -n 3  <process_name>

     (this command will write 3 mini dumps 5 seconds apart) or using PID (useful if multiple processes with the same name are running):

     procdump -ma <PID>

https://learn.microsoft.com/en-us/sysinternals/downloads/procdump