├── .gitattributes
├── .gitignore
├── CopyOnWriteDump.csproj
├── CopyOnWriteDump.exe
├── CopyOnWriteDump.sln
├── CopyOnWriteDump32.exe
├── Program.cs
└── README.md
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
64 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 |
4 | # User-specific files
5 | *.suo
6 | *.user
7 | *.userosscache
8 | *.sln.docstates
9 |
10 | # User-specific files (MonoDevelop/Xamarin Studio)
11 | *.userprefs
12 |
13 | # Build results
14 | [Dd]ebug/
15 | [Dd]ebugPublic/
16 | [Rr]elease/
17 | [Rr]eleases/
18 | [Xx]64/
19 | [Xx]86/
20 | [Bb]uild/
21 | bld/
22 | [Bb]in/
23 | [Oo]bj/
24 |
25 | # Visual Studio 2015 cache/options directory
26 | .vs/
27 | # Uncomment if you have tasks that create the project's static files in wwwroot
28 | #wwwroot/
29 |
30 | # MSTest test Results
31 | [Tt]est[Rr]esult*/
32 | [Bb]uild[Ll]og.*
33 |
34 | # NUNIT
35 | *.VisualState.xml
36 | TestResult.xml
37 |
38 | # Build Results of an ATL Project
39 | [Dd]ebugPS/
40 | [Rr]eleasePS/
41 | dlldata.c
42 |
43 | # DNX
44 | project.lock.json
45 | artifacts/
46 |
47 | *_i.c
48 | *_p.c
49 | *_i.h
50 | *.ilk
51 | *.meta
52 | *.obj
53 | *.pch
54 | *.pdb
55 | *.pgc
56 | *.pgd
57 | *.rsp
58 | *.sbr
59 | *.tlb
60 | *.tli
61 | *.tlh
62 | *.tmp
63 | *.tmp_proj
64 | *.log
65 | *.vspscc
66 | *.vssscc
67 | .builds
68 | *.pidb
69 | *.svclog
70 | *.scc
71 |
72 | # Chutzpah Test files
73 | _Chutzpah*
74 |
75 | # Visual C++ cache files
76 | ipch/
77 | *.aps
78 | *.ncb
79 | *.opendb
80 | *.opensdf
81 | *.sdf
82 | *.cachefile
83 | *.VC.db
84 |
85 | # Visual Studio profiler
86 | *.psess
87 | *.vsp
88 | *.vspx
89 | *.sap
90 |
91 | # TFS 2012 Local Workspace
92 | $tf/
93 |
94 | # Guidance Automation Toolkit
95 | *.gpState
96 |
97 | # ReSharper is a .NET coding add-in
98 | _ReSharper*/
99 | *.[Rr]e[Ss]harper
100 | *.DotSettings.user
101 |
102 | # JustCode is a .NET coding add-in
103 | .JustCode
104 |
105 | # TeamCity is a build add-in
106 | _TeamCity*
107 |
108 | # DotCover is a Code Coverage Tool
109 | *.dotCover
110 |
111 | # NCrunch
112 | _NCrunch_*
113 | .*crunch*.local.xml
114 | nCrunchTemp_*
115 |
116 | # MightyMoose
117 | *.mm.*
118 | AutoTest.Net/
119 |
120 | # Web workbench (sass)
121 | .sass-cache/
122 |
123 | # Installshield output folder
124 | [Ee]xpress/
125 |
126 | # DocProject is a documentation generator add-in
127 | DocProject/buildhelp/
128 | DocProject/Help/*.HxT
129 | DocProject/Help/*.HxC
130 | DocProject/Help/*.hhc
131 | DocProject/Help/*.hhk
132 | DocProject/Help/*.hhp
133 | DocProject/Help/Html2
134 | DocProject/Help/html
135 |
136 | # Click-Once directory
137 | publish/
138 |
139 | # Publish Web Output
140 | *.[Pp]ublish.xml
141 | *.azurePubxml
142 |
143 | # TODO: Un-comment the next line if you do not want to checkin
144 | # your web deploy settings because they may include unencrypted
145 | # passwords
146 | #*.pubxml
147 | *.publishproj
148 |
149 | # NuGet Packages
150 | *.nupkg
151 | # The packages folder can be ignored because of Package Restore
152 | **/packages/*
153 | # except build/, which is used as an MSBuild target.
154 | !**/packages/build/
155 | # Uncomment if necessary however generally it will be regenerated when needed
156 | #!**/packages/repositories.config
157 | # NuGet v3's project.json files produces more ignoreable files
158 | *.nuget.props
159 | *.nuget.targets
160 |
161 | # Microsoft Azure Build Output
162 | csx/
163 | *.build.csdef
164 |
165 | # Microsoft Azure Emulator
166 | ecf/
167 | rcf/
168 |
169 | # Microsoft Azure ApplicationInsights config file
170 | ApplicationInsights.config
171 |
172 | # Windows Store app package directory
173 | AppPackages/
174 | BundleArtifacts/
175 |
176 | # Visual Studio cache files
177 | # files ending in .cache can be ignored
178 | *.[Cc]ache
179 | # but keep track of directories ending in .cache
180 | !*.[Cc]ache/
181 |
182 | # Others
183 | ClientBin/
184 | [Ss]tyle[Cc]op.*
185 | ~$*
186 | *~
187 | *.dbmdl
188 | *.dbproj.schemaview
189 | *.pfx
190 | *.publishsettings
191 | node_modules/
192 | orleans.codegen.cs
193 |
194 | # RIA/Silverlight projects
195 | Generated_Code/
196 |
197 | # Backup & report files from converting an old project file
198 | # to a newer Visual Studio version. Backup files are not needed,
199 | # because we have git ;-)
200 | _UpgradeReport_Files/
201 | Backup*/
202 | UpgradeLog*.XML
203 | UpgradeLog*.htm
204 |
205 | # SQL Server files
206 | *.mdf
207 | *.ldf
208 |
209 | # Business Intelligence projects
210 | *.rdl.data
211 | *.bim.layout
212 | *.bim_*.settings
213 |
214 | # Microsoft Fakes
215 | FakesAssemblies/
216 |
217 | # GhostDoc plugin setting file
218 | *.GhostDoc.xml
219 |
220 | # Node.js Tools for Visual Studio
221 | .ntvs_analysis.dat
222 |
223 | # Visual Studio 6 build log
224 | *.plg
225 |
226 | # Visual Studio 6 workspace options file
227 | *.opt
228 |
229 | # Visual Studio LightSwitch build output
230 | **/*.HTMLClient/GeneratedArtifacts
231 | **/*.DesktopClient/GeneratedArtifacts
232 | **/*.DesktopClient/ModelManifest.xml
233 | **/*.Server/GeneratedArtifacts
234 | **/*.Server/ModelManifest.xml
235 | _Pvt_Extensions
236 |
237 | # LightSwitch generated files
238 | GeneratedArtifacts/
239 | ModelManifest.xml
240 |
241 | # Paket dependency manager
242 | .paket/paket.exe
243 |
244 | # FAKE - F# Make
245 | .fake/
--------------------------------------------------------------------------------
/CopyOnWriteDump.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {1B2E00E1-ED60-478B-95C5-51AC1E9CBB61}
8 | Exe
9 | CopyOnWriteDump
10 | CopyOnWriteDump
11 | v4.5.1
12 | false
13 | true
14 | 4
15 | prompt
16 | TRACE
17 |
18 |
19 | true
20 | full
21 | false
22 | bin\Debug\
23 | DEBUG;TRACE
24 |
25 |
26 | pdbonly
27 | true
28 | bin\Release\
29 | false
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
--------------------------------------------------------------------------------
/CopyOnWriteDump.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mjsabby/CopyOnWriteDump/2eca84066640db920659ff3c832b7705a6f8d224/CopyOnWriteDump.exe
--------------------------------------------------------------------------------
/CopyOnWriteDump.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26430.6
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CopyOnWriteDump", "CopyOnWriteDump.csproj", "{1B2E00E1-ED60-478B-95C5-51AC1E9CBB61}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Release|Any CPU = Release|Any CPU
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {1B2E00E1-ED60-478B-95C5-51AC1E9CBB61}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {1B2E00E1-ED60-478B-95C5-51AC1E9CBB61}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {1B2E00E1-ED60-478B-95C5-51AC1E9CBB61}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | {1B2E00E1-ED60-478B-95C5-51AC1E9CBB61}.Release|Any CPU.Build.0 = Release|Any CPU
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | EndGlobal
23 |
--------------------------------------------------------------------------------
/CopyOnWriteDump32.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mjsabby/CopyOnWriteDump/2eca84066640db920659ff3c832b7705a6f8d224/CopyOnWriteDump32.exe
--------------------------------------------------------------------------------
/Program.cs:
--------------------------------------------------------------------------------
1 | namespace CopyOnWriteDump
2 | {
3 | using System;
4 | using System.ComponentModel;
5 | using System.Diagnostics;
6 | using System.IO;
7 | using System.Runtime.InteropServices;
8 | using DWORD = System.Int32;
9 | using HANDLE = System.IntPtr;
10 | using HPSS = System.IntPtr;
11 | using PVOID = System.IntPtr;
12 | using PMINIDUMP_CALLBACK_INPUT = System.IntPtr;
13 | using PMINIDUMP_CALLBACK_OUTPUT = System.IntPtr;
14 | using PMINIDUMP_EXCEPTION_INFORMATION = System.IntPtr;
15 | using PMINIDUMP_USER_STREAM_INFORMATION = System.IntPtr;
16 | using PMINIDUMP_CALLBACK_INFORMATION = System.IntPtr;
17 | using BOOL = System.Int32;
18 |
19 | internal enum MINIDUMP_CALLBACK_TYPE : uint
20 | {
21 | ModuleCallback,
22 | ThreadCallback,
23 | ThreadExCallback,
24 | IncludeThreadCallback,
25 | IncludeModuleCallback,
26 | MemoryCallback,
27 | CancelCallback,
28 | WriteKernelMinidumpCallback,
29 | KernelMinidumpStatusCallback,
30 | RemoveMemoryCallback,
31 | IncludeVmRegionCallback,
32 | IoStartCallback,
33 | IoWriteAllCallback,
34 | IoFinishCallback,
35 | ReadMemoryFailureCallback,
36 | SecondaryFlagsCallback,
37 | IsProcessSnapshotCallback,
38 | VmStartCallback,
39 | VmQueryCallback,
40 | VmPreReadCallback,
41 | }
42 |
43 | internal struct MINIDUMP_CALLBACK_INFORMATION
44 | {
45 | public IntPtr CallbackRoutine;
46 | public PVOID CallbackParam;
47 | }
48 |
49 | struct MINIDUMP_CALLBACK_OUTPUT
50 | {
51 | public int Status; // HRESULT
52 | }
53 |
54 | [Flags]
55 | internal enum PSS_CAPTURE_FLAGS : uint
56 | {
57 | PSS_CAPTURE_NONE = 0x00000000,
58 | PSS_CAPTURE_VA_CLONE = 0x00000001,
59 | PSS_CAPTURE_RESERVED_00000002 = 0x00000002,
60 | PSS_CAPTURE_HANDLES = 0x00000004,
61 | PSS_CAPTURE_HANDLE_NAME_INFORMATION = 0x00000008,
62 | PSS_CAPTURE_HANDLE_BASIC_INFORMATION = 0x00000010,
63 | PSS_CAPTURE_HANDLE_TYPE_SPECIFIC_INFORMATION = 0x00000020,
64 | PSS_CAPTURE_HANDLE_TRACE = 0x00000040,
65 | PSS_CAPTURE_THREADS = 0x00000080,
66 | PSS_CAPTURE_THREAD_CONTEXT = 0x00000100,
67 | PSS_CAPTURE_THREAD_CONTEXT_EXTENDED = 0x00000200,
68 | PSS_CAPTURE_RESERVED_00000400 = 0x00000400,
69 | PSS_CAPTURE_VA_SPACE = 0x00000800,
70 | PSS_CAPTURE_VA_SPACE_SECTION_INFORMATION = 0x00001000,
71 | PSS_CREATE_BREAKAWAY_OPTIONAL = 0x04000000,
72 | PSS_CREATE_BREAKAWAY = 0x08000000,
73 | PSS_CREATE_FORCE_BREAKAWAY = 0x10000000,
74 | PSS_CREATE_USE_VM_ALLOCATIONS = 0x20000000,
75 | PSS_CREATE_MEASURE_PERFORMANCE = 0x40000000,
76 | PSS_CREATE_RELEASE_SECTION = 0x80000000
77 | }
78 |
79 | internal enum PSS_QUERY_INFORMATION_CLASS
80 | {
81 | PSS_QUERY_PROCESS_INFORMATION = 0,
82 | PSS_QUERY_VA_CLONE_INFORMATION = 1,
83 | PSS_QUERY_AUXILIARY_PAGES_INFORMATION = 2,
84 | PSS_QUERY_VA_SPACE_INFORMATION = 3,
85 | PSS_QUERY_HANDLE_INFORMATION = 4,
86 | PSS_QUERY_THREAD_INFORMATION = 5,
87 | PSS_QUERY_HANDLE_TRACE_INFORMATION = 6,
88 | PSS_QUERY_PERFORMANCE_COUNTERS = 7
89 | }
90 |
91 | [Flags]
92 | internal enum MINIDUMP_TYPE : int
93 | {
94 | MiniDumpNormal = 0x00000000,
95 | MiniDumpWithDataSegs = 0x00000001,
96 | MiniDumpWithFullMemory = 0x00000002,
97 | MiniDumpWithHandleData = 0x00000004,
98 | MiniDumpFilterMemory = 0x00000008,
99 | MiniDumpScanMemory = 0x00000010,
100 | MiniDumpWithUnloadedModules = 0x00000020,
101 | MiniDumpWithIndirectlyReferencedMemory = 0x00000040,
102 | MiniDumpFilterModulePaths = 0x00000080,
103 | MiniDumpWithProcessThreadData = 0x00000100,
104 | MiniDumpWithPrivateReadWriteMemory = 0x00000200,
105 | MiniDumpWithoutOptionalData = 0x00000400,
106 | MiniDumpWithFullMemoryInfo = 0x00000800,
107 | MiniDumpWithThreadInfo = 0x00001000,
108 | MiniDumpWithCodeSegs = 0x00002000,
109 | MiniDumpWithoutAuxiliaryState = 0x00004000,
110 | MiniDumpWithFullAuxiliaryState = 0x00008000,
111 | MiniDumpWithPrivateWriteCopyMemory = 0x00010000,
112 | MiniDumpIgnoreInaccessibleMemory = 0x00020000,
113 | MiniDumpWithTokenInformation = 0x00040000,
114 | MiniDumpWithModuleHeaders = 0x00080000,
115 | MiniDumpFilterTriage = 0x00100000,
116 | MiniDumpValidTypeFlags = 0x001fffff
117 | }
118 |
119 | [UnmanagedFunctionPointer(CallingConvention.StdCall)]
120 | internal delegate BOOL MiniDumpCallback(PVOID CallbackParam, PMINIDUMP_CALLBACK_INPUT CallbackInput, PMINIDUMP_CALLBACK_OUTPUT CallbackOutput);
121 |
122 | public static class Program
123 | {
124 | [DllImport("kernel32")]
125 | internal static extern DWORD PssCaptureSnapshot(HANDLE ProcessHandle, PSS_CAPTURE_FLAGS CaptureFlags, DWORD ThreadContextFlags, out HPSS SnapshotHandle);
126 |
127 | [DllImport("kernel32")]
128 | internal static extern DWORD PssFreeSnapshot(HANDLE ProcessHandle, HPSS SnapshotHandle);
129 |
130 | [DllImport("kernel32")]
131 | internal static extern DWORD PssQuerySnapshot(HPSS SnapshotHandle, PSS_QUERY_INFORMATION_CLASS InformationClass, out IntPtr Buffer, DWORD BufferLength);
132 |
133 | [DllImport("kernel32")]
134 | internal static extern BOOL CloseHandle(HANDLE hObject);
135 |
136 | [DllImport("kernel32")]
137 | internal static extern BOOL GetProcessId(HANDLE hObject);
138 |
139 | [DllImport("dbghelp")]
140 | internal static extern DWORD MiniDumpWriteDump(HANDLE hProcess, DWORD ProcessId, HANDLE hFile, MINIDUMP_TYPE DumpType, PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam, PMINIDUMP_CALLBACK_INFORMATION CallbackParam);
141 |
142 | internal static BOOL MiniDumpCallbackMethod(PVOID param, PMINIDUMP_CALLBACK_INPUT input, PMINIDUMP_CALLBACK_OUTPUT output)
143 | {
144 | unsafe
145 | {
146 | if (Marshal.ReadByte(input + sizeof(int) + IntPtr.Size) == (int)MINIDUMP_CALLBACK_TYPE.IsProcessSnapshotCallback)
147 | {
148 | var o = (MINIDUMP_CALLBACK_OUTPUT*)output;
149 | o->Status = 1;
150 | }
151 | }
152 |
153 | return 1;
154 | }
155 |
156 | public static int Main(string[] args)
157 | {
158 | if (args.Length != 2)
159 | {
160 | Console.WriteLine("Usage: CopyOnWriteDump ");
161 | return -1;
162 | }
163 |
164 | var pid = int.Parse(args[0]);
165 | var fileName = args[1];
166 | HANDLE handle;
167 | try
168 | {
169 | var p = Process.GetProcessById(pid);
170 | handle = p.Handle;
171 | }
172 | catch (ArgumentException)
173 | {
174 | Console.WriteLine($"Process identified by {pid} does not exist");
175 | return -2;
176 | }
177 |
178 | var flags = PSS_CAPTURE_FLAGS.PSS_CAPTURE_VA_CLONE |
179 | PSS_CAPTURE_FLAGS.PSS_CAPTURE_HANDLES |
180 | PSS_CAPTURE_FLAGS.PSS_CAPTURE_HANDLE_NAME_INFORMATION |
181 | PSS_CAPTURE_FLAGS.PSS_CAPTURE_HANDLE_BASIC_INFORMATION |
182 | PSS_CAPTURE_FLAGS.PSS_CAPTURE_HANDLE_TYPE_SPECIFIC_INFORMATION |
183 | PSS_CAPTURE_FLAGS.PSS_CAPTURE_HANDLE_TRACE |
184 | PSS_CAPTURE_FLAGS.PSS_CAPTURE_THREADS |
185 | PSS_CAPTURE_FLAGS.PSS_CAPTURE_THREAD_CONTEXT |
186 | PSS_CAPTURE_FLAGS.PSS_CREATE_MEASURE_PERFORMANCE ;
187 |
188 | HPSS snapshotHandle;
189 | Stopwatch sw = new Stopwatch();
190 |
191 | sw.Start();
192 | DWORD hr = PssCaptureSnapshot(handle, flags, IntPtr.Size == 8 ? 0x0010001F : 0x0001003F, out snapshotHandle);
193 | sw.Stop();
194 |
195 | if (hr != 0)
196 | {
197 | Console.WriteLine($"PssCaptureSnapshot failed. ({hr})");
198 | return hr;
199 | }
200 |
201 | Console.WriteLine($"Snapshot Creation Time: {sw.ElapsedMilliseconds}ms");
202 |
203 | sw.Reset();
204 | sw.Start();
205 |
206 | using (var fs = new FileStream(fileName, FileMode.Create))
207 | {
208 | var callbackDelegate = new MiniDumpCallback(MiniDumpCallbackMethod);
209 | var callbackParam = Marshal.AllocHGlobal(IntPtr.Size * 2);
210 |
211 | unsafe
212 | {
213 | var ptr = (MINIDUMP_CALLBACK_INFORMATION*)callbackParam;
214 | ptr->CallbackRoutine = Marshal.GetFunctionPointerForDelegate(callbackDelegate);
215 | ptr->CallbackParam = IntPtr.Zero;
216 | }
217 |
218 | var minidumpFlags = MINIDUMP_TYPE.MiniDumpWithDataSegs |
219 | MINIDUMP_TYPE.MiniDumpWithTokenInformation |
220 | MINIDUMP_TYPE.MiniDumpWithPrivateWriteCopyMemory |
221 | MINIDUMP_TYPE.MiniDumpWithPrivateReadWriteMemory |
222 | MINIDUMP_TYPE.MiniDumpWithUnloadedModules |
223 | MINIDUMP_TYPE.MiniDumpWithFullMemory |
224 | MINIDUMP_TYPE.MiniDumpWithHandleData |
225 | MINIDUMP_TYPE.MiniDumpWithThreadInfo |
226 | MINIDUMP_TYPE.MiniDumpWithFullMemoryInfo |
227 | MINIDUMP_TYPE.MiniDumpWithProcessThreadData |
228 | MINIDUMP_TYPE.MiniDumpWithModuleHeaders ;
229 |
230 | hr = MiniDumpWriteDump(snapshotHandle, pid, fs.SafeFileHandle.DangerousGetHandle(), minidumpFlags, IntPtr.Zero, IntPtr.Zero, callbackParam);
231 |
232 | IntPtr vaCloneHandle;
233 | PssQuerySnapshot(snapshotHandle, PSS_QUERY_INFORMATION_CLASS.PSS_QUERY_VA_CLONE_INFORMATION, out vaCloneHandle, IntPtr.Size);
234 |
235 | var cloneProcessId = GetProcessId(vaCloneHandle);
236 |
237 | PssFreeSnapshot(Process.GetCurrentProcess().Handle, snapshotHandle);
238 | CloseHandle(vaCloneHandle);
239 |
240 | try
241 | {
242 | Process.GetProcessById(cloneProcessId).Kill();
243 | }
244 | catch (Win32Exception)
245 | {
246 | }
247 |
248 | Marshal.FreeHGlobal(callbackParam);
249 | GC.KeepAlive(callbackDelegate);
250 |
251 | if (hr == 0)
252 | {
253 | Console.WriteLine($"MiniDumpWriteDump failed. ({Marshal.GetHRForLastWin32Error()})");
254 | return hr;
255 | }
256 | }
257 |
258 | sw.Stop();
259 | Console.WriteLine($"Minidump Creation Time: {sw.ElapsedMilliseconds}ms");
260 |
261 | return 0;
262 | }
263 | }
264 | }
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # CoWDump
2 |
3 | CopyOnWriteDump is a tool that uses the [Process Snapshotting](https://msdn.microsoft.com/en-us/library/dn469412(v=vs.85).aspx) APIs available in Windows 8.1+ and Windows Server 2012 R2+ to capture full memory dumps of Win32 user-mode processes.
4 |
5 | Process Snapshotting APIs use [Copy-on-Write](https://en.wikipedia.org/wiki/Copy-on-write) semantics to capture a "snapshot" of the target process. The target process is suspended for the duration of snapshot creation (its latency is usually orders of magnitude lower than capturing a full memory dump) and is then resumed.
6 |
7 | ## Download
8 |
9 | * 64-bit Processes: [CopyOnWriteDump.exe](https://github.com/mjsabby/CoWDump/raw/master/CopyOnWriteDump.exe)
10 | * 32-bit Processes (even when using on 64-bit Windows): [CopyOnWriteDump32.exe](https://github.com/mjsabby/CoWDump/raw/master/CopyOnWriteDump32.exe)
11 |
--------------------------------------------------------------------------------