The User Mode Process Dumper (UserDump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated Dump File can be analyzed or debugged by using the standard debugging tools.
The userdump generates dump file by several triggers;
· Dump by specifying PID or process name from command line
· Dump automatically when process being monitored caused exceptions
· Dump automatically when process being monitored exited
· Dump by pressing hot key sequence