Just a short explanation of how to take process dump using CDB.
First you need to get Debugging Tools for Windows. To get Debugging Tools as a standalone tool set you can just download Windows SDK and during installation select Debugging Tools for Windows:
Once Debugging tools for Windows are downloaded and installed you can find cdb.exe in the following location – C:\Program Files (x86)\Windows Kits\10\Debuggers\x64 (note that number highlighted in bold may vary depending on SDK version installed – in my case it is 10, and you obviously have cdb.exe for different platforms – x86/x64 etc. – just navigate to appropriate subfolder of Debuggers folder).
To take dump launch CMD in elevated mode, switch directory to CDB location and execute cdb -p <PROCESS PID> to take crash dump (remember that PID information can be found in Task Manager or retrieved with PowerShell using Get-Process “%ProcessName%” | select -expand id):
At this stage CDB is attached to process and closing this CMD window will terminate process you are attached to. Once CDB is loaded type in the following commands:
..loadby sos clr
You will receive “No export Thread found” error – it can be ignored, and some more commands needs to be executed. First run !StopOnException -create System.StackOverflowException it may not work from the first attempt, just re-run it once again until you see confirmation that breakpoint was created:
Once breakpoint is set type gn and wait for process crash:
When process crashed the following commands have to be executed:
.dump /ma /u C:\dumps\process.dmp
Repeat typing gn until you get “there is no debugee” message. Your dump will be written in the location you specified above (C:\dumps\process.dmp).