How give full memory dump from "services.exe" process on w

#28183 by forbiddenhi
Sun Apr 03, 2016 8:11 am

Hi
How give full memory dump from "services.exe" process on windows?
thanks

Username

forbiddenhi

Posts

Joined

Sat Jun 06, 2015 9:01 am

Re: How give full memory dump from "services.exe" process on

#28194 by Brock
Mon Apr 04, 2016 4:46 am

Full memory dump or mini dump file format, like Task Manager "Create Dump File" when selecting the process?

Accept nothing less than STATUS_SUCCESS

Username

Brock

Posts

222

Joined

Wed Apr 28, 2010 3:13 am

Location

Valparaiso, Florida USA

Contact

Re: How give full memory dump from "services.exe" process on

#28206 by forbiddenhi
Tue Apr 05, 2016 9:56 am

Access denied on windows 8.1 x64 !!!
running cmd as admin by result is access denied.

Username

forbiddenhi

Posts

Joined

Sat Jun 06, 2015 9:01 am

Re: How give full memory dump from "services.exe" process on

#28213 by Brock
Wed Apr 06, 2016 2:04 am

That's because services.exe is considered a protected process on Windows 8.1 - Usermode processes will fail to acquire the needed handle access rights to the process. You can use NtSystemDebugControl() from usermode, IIRC it was brought back to life with some information classes on Windows 8/8.1, or simply do this from a driver.

Accept nothing less than STATUS_SUCCESS

Username

Brock

Posts

222

Joined

Wed Apr 28, 2010 3:13 am

Location

Valparaiso, Florida USA

Contact

Page 1 of 1
4 posts