This article describes how to use hot keys to capture a crash dump of a process.The UserModeProcessDumper8_1_2929_5.exe tool can be installed on your system as part of the Platform Software Development Kit (SDK), a Windows Debugger tool, or as a stand-alone program. It can be downloaded as part of the Windows Debugger tool package from the Microsoft Download Center. Click the following Microsoft Web site to download the file:
The preceding download site contains the entire Windows Debugger tool package. It can be easily installed on any computer that runs Microsoft Windows NT or Microsoft Windows 2000. An icon is displayed for User Dump Setup in the Debugging Tools group.
If you install the Windows Debugger tool package, it may alter the default User mode exception handler and the Drwtsn32 program may need to be re-registered as the default program by using the following command line:
To use the Userdump tool, perform the following steps:
Run the Setup.exe program that is included with the Userdump tool. This procedure installs a kernel-mode driver, the Userdump.sys file, and it also creates a Process Dump icon in Control Panel.
In Control Panel, click the Process Dump icon.
Click the Hot Keys tab.
Select the letter "A" (or another letter of your choice) in the drop-down box. This letter is going to be your hot key to inform the Userdump.exe tool when a crash dump must be created for a specific process.
Enter your process name, for example, "notepad.exe", in the box labeled "Enter the name of the application here".
Click OK again to quit Process Dump.
Start the Microsoft Windows Notepad.exe program.
When the Notepad.exe program is running on your computer, hold down CTRL+ALT+SHIFT and while holding down all three keys at once, type:
Then release the CTRL, ALT, and SHIFT keys.
When you are ready to create a crash dump, press the key that has letter "A" on it (or whatever key you may have chosen in the preceding step #5).
A gray box is displayed in the upper left-hand corner of your screen informing you that the Userdump.exe tool is creating a crash dump in the C:\Winnt folder. However, the file is now named "Notepad.dmp". You must verify that the crash dump has been created.