How to use the Userdump.exe tool to create a dump file

Article translations Article translations
Article ID: 241215 - View products that this article applies to.
This article was previously published under Q241215
Expand all | Collapse all

On This Page

SUMMARY

You can use the Userdump.exe tool to generate a user dump of a process that shuts down with an exception or that stops responding (hangs).

MORE INFORMATION

To create a dump (.dmp) file for a process that shuts down with an exception

  1. Run the Setup.exe program for your processor.

    Notes
    • By default, this Setup.exe program is included with the Userdump.exe tool in the C:\kktools\userdump8.0 folder.
    • This Setup.exe program installs a kernel-mode driver, installs the Userdump.sys file, and creates the Process Dump icon in Control Panel.
    • Unless you have a specific need, disable the "dump on process termination" feature when you run the Setup.exe program.
  2. In Control Panel, double-click Process Dump.
  3. On the Exception Monitoring tab, click New, add the appropriate program name to the Monitor list, and then click OK. For example, add a program name such as Lsass.exe, Winlogon.exe, Mtx.exe, or Dllhost.exe.
  4. In the Monitor box, click the program name that you added in step 3, and then click Rules.
  5. Click to select Custom Rules, select the type of error that you want to trigger for the program that you added in step 3 in the Custom rules list, and then click OK.

    For example, select the Access violation (c0000005) error type.
When the monitored program generates an access violation error message, the Userdump.exe tool starts, and then the Userdump.exe tool creates a dump (.dmp) file in the %SystemRoot% folder. By analyzing this .dmp file, you may be able to isolate the cause of Winlogon access violation error messages.

To create a dump file for a hanging process

  1. Run the Setup.exe program for your processor.

    Notes
    • By default, this Setup.exe program is included with the Userdump.exe tool in the C:\kktools\userdump8.0 folder.
    • This Setup.exe program installs a kernel-mode driver, installs the Userdump.sys file, and creates the Process Dump icon in Control Panel.
    • Unless you have a specific need, disable the "dump on process termination" feature when you run the Setup.exe program.
  2. When the program stops responding, move to the version of Userdump.exe for your processor at the command prompt, and then type the following command:
    userdump PID
    Note In this command, PID is a placeholder for the process ID (PID) of the program that has stopped responding. To obtain the PID of the program, open Task Manager, and then click the Process tab.
When you run the userdump PID command, a .dmp file is generated. You can use this dump file to perform post-mortem debugging with a program such as the Windbg.exe tool.

If you run Setup to install the Userdump.exe tool, some additional features are enabled. These additional features of the Userdump.exe tool are described in detail in the Userdocs.doc file that accompanies the Userdump.exe tool. These additional features include the following:
  • Process self-dumping. You can configure the Userdump.exe tool to automatically create a dump file for a certain program when that program encounters a certain kind of error, such as an exception handler block or a top-level unhandled exception filter.
  • Hot-key process snapshot. You can associate a single keystroke with an image binary to trigger the Userdump.exe tool to create a dump file.
  • Exception monitoring. The Userdump.exe tool can monitor programs for exceptions and can automatically generate dump files when certain exceptions occur. You can configure whether an exception triggers a dump file for each program by using the Process Dump utility. You can access the Process Dump utility from Control Panel.

REFERENCES

To download version 8.1 of the Userdump.exe tool and its documentation, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=E089CA41-6A87-40C8-BF69-28AC08570B7E&displaylang=en
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
258833 How to troubleshoot high CPU utilization of an MTS or COM+ process
To download the latest Debugging Tools for Windows (32-bit version), visit the following Microsoft Web site:
http://www.microsoft.com/whdc/devtools/ddk/default.mspx

Properties

Article ID: 241215 - Last Review: September 11, 2011 - Revision: 8.0
APPLIES TO
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
Keywords: 
kbhowto KB241215

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com