Dump Process Memory via MiniDumpWriteDump - Delphi
DarkCoderSc
Jean-Pierre LESUEUR
uses
System.SysUtils, Winapi.Windows;
// ...
const MiniDumpNormal = $00000000;
MiniDumpWithDataSegs = $00000001;
MiniDumpWithFullMemory = $00000002;
MiniDumpWithHandleData = $00000004;
MiniDumpFilterMemory = $00000008;
MiniDumpScanMemory = $00000010;
MiniDumpWithUnloadedModules = $00000020;
MiniDumpWithIndirectlyReferencedMemory = $00000040;
MiniDumpFilterModulePaths = $00000080;
MiniDumpWithProcessThreadData = $00000100;
MiniDumpWithPrivateReadWriteMemory = $00000200;
MiniDumpWithoutOptionalData = $00000400;
MiniDumpWithFullMemoryInfo = $00000800;
MiniDumpWithThreadInfo = $00001000;
MiniDumpWithCodeSegs = $00002000;
MiniDumpWithoutAuxiliaryState = $00004000;
MiniDumpWithFullAuxiliaryState = $00008000;
MiniDumpWithPrivateWriteCopyMemory = $00010000;
MiniDumpIgnoreInaccessibleMemory = $00020000;
MiniDumpWithTokenInformation = $00040000;
MiniDumpWithModuleHeaders = $00080000;
MiniDumpFilterTriage = $00100000;
MiniDumpWithAvxXStateContext = $00200000;
MiniDumpWithIptTrace = $00400000;
MiniDumpScanInaccessiblePartialPages = $00800000;
MiniDumpFilterWriteCombinedMemory = $01000000;
MiniDumpValidTypeFlags = $01ffffff;
// ...
type
MINIDUMP_EXCEPTION_INFORMATION = record
ThreadId : DWORD;
ExceptionPointers : PExceptionPointers;
ClientPointers : BOOL;
end;
TMiniDumpExceptionInformation = MINIDUMP_EXCEPTION_INFORMATION;
PMiniDumpExceptionInformation = ^TMiniDumpExceptionInformation;
MINIDUMP_USER_STREAM = record
Type_ : ULONG;
BufferSize : ULONG;
Buffer : Pointer;
end;
TMiniDumpUserStream = MINIDUMP_USER_STREAM;
PMiniDumpUserStream = ^TMiniDumpUserStream;
MINIDUMP_USER_STREAM_INFORMATION = record
UserStreamCount : ULONG;
UserStreamArray : PMiniDumpUserStream;
end;
TMiniDumpUserStreamInformation = MINIDUMP_USER_STREAM_INFORMATION;
PMiniDumpUserStreamInformation = ^TMiniDumpUserStreamInformation;
TMiniDumpCallbackRoutine = function(
CallbackParam : Pointer;
CallbackInput : Pointer;
var CallbackOutput : Pointer
): BOOL; stdcall;
MINIDUMP_CALLBACK_INFORMATION = record
CallbackRoutine : TMiniDumpCallbackRoutine;
CallbackParam : Pointer;
end;
TMiniDumpCallbackInformation = MINIDUMP_CALLBACK_INFORMATION;
PMiniDumpCallbackInformation = ^TMiniDumpCallbackInformation;
// ...
function MiniDumpWriteDump(
hProcess : THandle;
ProcessId : DWORD;
hFile : THandle;
DumpType : DWORD;
ExceptionParam : PMiniDumpExceptionInformation;
UserStreamParam : PMiniDumpUserStreamInformation;
CallbackParam : PMiniDumpCallbackInformation
) : BOOL; stdcall; external 'DbgHelp.dll';
// ...
procedure DumpProcessMemory(const ATargetProcessId : Cardinal; const AOutputPath : String);
begin
var hProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, ATargetProcessId);
if hProcess = 0 then
raise EWindowsException.Create('OpenProcess');
try
var hFile := CreateFileW(PWideChar(AOutputPath), GENERIC_WRITE, 0, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
if hFile = INVALID_HANDLE_VALUE then
raise EWindowsException.Create('CreateFileW');
try
// Adjust flags accordingly to suit dump detail requirements
var AFlags := MiniDumpWithFullMemory or MiniDumpWithHandleData or
MiniDumpWithThreadInfo or MiniDumpWithProcessThreadData or
MiniDumpWithFullMemoryInfo or MiniDumpWithUnloadedModules or
MiniDumpWithFullAuxiliaryState or MiniDumpIgnoreInaccessibleMemory or
MiniDumpWithTokenInformation (* or ... *);
if not MiniDumpWriteDump(hProcess, ATargetProcessId, hFile, AFlags, nil, nil, nil) then
raise EWindowsException.Create('Error Message', GetLastError() and $FFFF (* HRESULT *));
finally
CloseHandle(hFile);
end;
finally
CloseHandle(hProcess);
end;
end;
// ...
begin
try
var AOutputFile := 'C:\Temp\process.dmp';
DumpProcessMemory(<target_process_id>, AOutputFile);
WriteLn('Done.');
except
on e : Exception do
WriteLn(e.Message);
end;
// ...Creating and researching code snippets takes time and effort. You’re welcome to share them through your own platforms, but please don’t forget to credit the original author, here: Jean-Pierre LESUEUR.
Depends On
Implemented By Technique
Process Dump
Featured Windows APIs
Created
June 11, 2025
Last Revised
June 11, 2025