How to generate a process dump file using the userdump.exe utility in Windows XP / 2003

Back to "Troubleshooting" section

­Applies to All Kaspersky Lab products for business

Once you have a Kaspersky Lab application installed, you may experience an operating system crash (BSOD) or deadlock. For example, on system boot or when running a task. Most probably it happens due to a hardware or software conflict.

When Kaspersky Anti-Virus crashes, it automatically creates a dump file inside С:\Documents and Settings\All Users\Application Data\Kaspersky Lab\.

This is a hidden folder. You should enable the visibility of hidden files and folders to be able to access it.

If no application crash dump file was created automatically, you can generate an avp.exe process dump using the User Mode Process Dumper Version 8.1 (C) Microsoft Corporation (hereinafter userdump).

 Windows Vista / Windows 7 /Windows 8 / Windows Server 2008 (R2) allows generating a process dump file via Windows task manager.

Install User Mode Process Dumper (userdump)

• Download User Mode Process Dumper Version 8.1 (C) Microsoft Corporation.
• Extract the downloaded archive into a folder (C:\kktools\userdump8.1, by default).
• Run setup.exe from the folder:
  
  
  • if you are using a 32 bit Windows XP / 2003, C:\kktools\userdump8.1\x86.
  • if you are using a 64 bit Windows XP / 2003, C:\kktools\userdump8.1\x64.
    
    
• Click Next in the Setup Wizard.
• (32 bit OS only) Select Disable "Dump on Process Termination" feature in the Terminate Mode window and click Next.
  
  
  
  
• Then click Finish and wait for the installation to complete.
• Click No in the User Mode Process Dump Setup window.

Generate a process dump file

• Kaspersky Anti-Virus self-defense has to be disabled before generating an avp.exe process dump file.
• Click Start > Run > type cmd and press Enter.
• Enter the following command: userdump PID <full_dump_file_path>. For example , if the avp.exe process PID is 3624:
  
  userdump 3624 C:\avp.dmp
  
  When generating an avp.exe process dump file, you should indicate the PID of the process running under the System account.
  
  
• Press Enter.
• Wait for the generation process to complete.
  
  
  
  
• Check that the avp.dmp file on disk C: has been created.

You should attach the dump file to the Technical Support request along with a detailed description of the situation.

Useful references

How to get the PID (process ID) of processes running in MS Windows