PoshCode Archive  Artifact Content

Artifact d40d7f358ad4f1d9febb994a6fce4308187a247a93d910b8a4699feabd444b18:

  • File Write-MiniDump.ps1 — part of check-in [20e676ff03] at 2018-06-10 13:45:16 on branch trunk — Actually, this is only an idea and I’m not sure that it’ll be useful because I usually use Sysinternals ProcDump tool (hello, Mark!) (user: greg zakharov size: 3906)

# encoding: ascii
# api: powershell
# title: Write-MiniDump
# description: Actually, this is only an idea and I’m not sure that it’ll be useful because I usually use Sysinternals ProcDump tool (hello, Mark!)
# version: 0.1
# type: function
# author: greg zakharov
# license: CC0
# function: Write-MiniDump
# x-poshcode-id: 4740
# x-archived: 2015-10-25T15:14:05
# x-published: 2015-12-25T14:33:00
#
#
Set-Alias wmd Write-MiniDump

function Write-MiniDump {
  <#
    .SYNOPSIS
        Creates mini dump of trouble process.
    .EXAMPLE
        PS C:\>Write-MiniDump (ps notepad)
        Creates full memory dump of notepad process(es).
    .EXAMPLE
        PS C:\>ps notepad | wmd -dp E:\dbg -dt 0
        Creates normal dump of notepad process(es) into E:\dbg folder.
    .NOTES
        C++
        typedef enum _MINIDUMP_TYPE { 
          MiniDumpNormal                          = 0x00000000,
          MiniDumpWithDataSegs                    = 0x00000001,
          MiniDumpWithFullMemory                  = 0x00000002,
          MiniDumpWithHandleData                  = 0x00000004,
          MiniDumpFilterMemory                    = 0x00000008,
          MiniDumpScanMemory                      = 0x00000010,
          MiniDumpWithUnloadedModules             = 0x00000020,
          MiniDumpWithIndirectlyReferencedMemory  = 0x00000040,
          MiniDumpFilterModulePaths               = 0x00000080,
          MiniDumpWithProcessThreadData           = 0x00000100,
          MiniDumpWithPrivateReadWriteMemory      = 0x00000200,
          MiniDumpWithoutOptionalData             = 0x00000400,
          MiniDumpWithFullMemoryInfo              = 0x00000800,
          MiniDumpWithThreadInfo                  = 0x00001000,
          MiniDumpWithCodeSegs                    = 0x00002000,
          MiniDumpWithoutAuxiliaryState           = 0x00004000,
          MiniDumpWithFullAuxiliaryState          = 0x00008000,
          MiniDumpWithPrivateWriteCopyMemory      = 0x00010000,
          MiniDumpIgnoreInaccessibleMemory        = 0x00020000,
          MiniDumpWithTokenInformation            = 0x00040000,
          MiniDumpWithModuleHeaders               = 0x00080000,
          MiniDumpFilterTriage                    = 0x00100000,
          MiniDumpValidTypeFlags                  = 0x001fffff
        } MINIDUMP_TYPE;
  #>
  [CmdletBinding(DefaultParameterSetName="Process", SupportsShouldProcess=$true)]
  param(
    [Parameter(Mandatory=$true,
               Position=0,
               ValueFromPipeline=$true)]
    [Diagnostics.Process[]]$Processes,
    
    [Parameter(Position=1)]
    [Alias("dp")]
    [ValidateScript({Test-Path $_})]
    [String]$DumpPath = $pwd.Path,
    
    [Parameter(Position=2)]
    [Alias("dt")]
    [ValidateSet(0, 0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x80, 0x100, 0x200, 0x400, 0x800, 0x1000,
                  0x2000, 0x4000, 0x8000, 0x10000, 0x200000, 0x40000, 0x80000, 0x100000, 0x1fffff)]
    [UInt32]$DumpType = 0x2
  )
  
  begin {
    $wer = [PSObject].Assembly.GetType('System.Management.Automation.WindowsErrorReporting')
    $get = $wer.GetNestedType('NativeMethods', 'NonPublic')
    $api = $get.GetMethod('MiniDumpWriteDump', ([Reflection.BindingFlags]'NonPublic, Static'))
  }
  process {
    foreach ($p in $Processes) {
      if ($PSCmdlet.ShouldProcess($p.Name, "Create mini dump")) {
        $dmp = Join-Path $DumpPath "$($p.Name)_$($p.Id)_$(date -u %d%m%Y).dmp"
        
        try {
          $str = New-Object IO.FileStream($dmp, [IO.FileMode]::Create)
          [void]$api.Invoke($null, @($p.Handle, $p.Id, $str.SafeFileHandle, $DumpType,
                                      [IntPtr]::Zero, [IntPtr]::Zero, [IntPtr]::Zero))
        }
        finally {
          if ($str -ne $null) {$str.Close()}
        }
      }
    }
  }
  end {
  }
}