Getting a Full Memory Dump for a Process

To diagnose a problem for a remote customer, sometimes the easiest way is to have the customer generate a full memory dump for the process, and share the memory dump.

In Vista, task manager can generate a full memory dump from the Processes tab.

In Windows XP , this functionality does not exist. However, Windows XP ships a debugger ntsd.exe in the box. We can use it to generate a full memory dump.

C:\temp>ntsd -p 316
...
0:002> .dump /f c:\temp\foo.dmp
Creating c:\temp\foo.dmp - user full dump
0:002>