Skip to main content

How to capture & download Process Dump in Windows for a Specific Process

How to capture & download Process Dump in Windows for a Specific Process

Updated over 2 weeks ago

Overview

This article explains how to collect a memory/process dump for a specific application or service running on a Windows system. This is particularly helpful for troubleshooting issues such as:

  • High memory or CPU usage by a process

  • Application hang or crash

  • Unresponsive services

The primary audience for this article includes Technical Support Engineers, System Administrators, and Developers who require detailed diagnostics for running processes on Windows systems.

Error Scenarios and Causes

Symptom: Application is not responding, or consuming high memory/CPU

Cause:

  • Memory leak or unhandled exception

  • Infinite loop or deadlock

  • External resource bottleneck (e.g., disk, network)

Procedures Covered in This Article

  • Capture Process Dump using Task Manager

  • Capture Process Dump using Procdump Utility (Sysinternals)

A. Capture Process Dump using Task Manager

Prerequisites

  • Administrator rights on the Windows system

  • Target process must be running

Procedure

1. Press Ctrl + Shift + Esc to open the Task Manager.

2. Go to the Details tab.

3. Locate the target process (e.g., java.exe, app.exe, etc.).

4. Right-click on the process and choose Create dump file.

5. A prompt will confirm dump creation and show the location (typically: %LocalAppData%\Temp\processname.DMP).

6. Navigate to the path and copy the file to a secure location for further analysis.

B. Capture Process Dump using Procdump Utility (Sysinternals)

Prerequisites

  • Administrator rights

  • Download and extract Procdump

Procedure

  1. Open Command Prompt as Administrator.

  2. Navigate to the folder containing procdump.exe.

  3. Use one of the following commands based on your requirement:

  4. To capture a full memory dump:

    procdump -ma <ProcessName or PID> C:\Dumps\process.dmp

    -ma: Full memory dump

    No trigger condition, runs immediately

  5. To capture on high CPU usage (>80%) sustained for 10 seconds:

    procdump -ma -c 80 -s 10 <ProcessName> C:\Dumps\highcpu.dmp

    -ma: Full dump

    -c 80: Trigger if CPU usage > 80%

    -s 10: For at least 10 seconds continuously

  6. ·To capture when process crashes:

    procdump -e -ma <ProcessName> C:\Dumps\crashdump.dmp

    -e: Monitor for unhandled exceptions (crashes)

    -ma: Full dump when a crash is detected

  7. Tip: You can find the process ID using:
    tasklist | findstr <process-name>

  8. Shows running processes and their PIDs so you can use them with procdump.

See also

Related Articles
How to collect a crash dump in Windows
How to export event viewer in Windows Client OS for debugging Insync Client-related Issues
How to restart Druva inSync service and processes on Windows OS based devices
How to capture & Download Procmon Logs in Windows
Did this answer your question?