Dump Process: The operation could not be completed. Access is denied.

If you are having trouble creating a dump file from a process owned by the system user, then read on and I will show you how to resolve this.

Before we start, you will need the following tools and information:

Now, within a command prompt, use psexec to execute cmd as the system user:

C:\Users\USER\Desktop\PSTools>psexec -i -s -d cmd
The output of this command should look something like this:
PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

cmd started on HOSTNAME with process ID 2716.

Along with the above output, a new command prompt window will have now opened.

You will know if you have successfully executed cmd as the system user as your prompt will look like this:

C:\Windows\System32>

Now it’s time to use procdump to create your dump file, so switch to the directory where procdump has been downloaded to:

cd ..\..\Users\USER\Desktop

Then, using the PID we obtained earlier, we tell prodcump which process to create a dump file from:

C:\Users\USER\Desktop\PSTools>procdump -ma 7832

ProcDump v7.1 - Writes process dump files
Copyright (C) 2009-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
With contributions from Andrew Richards

[11:56:32] Dump 1 initiated: C:\Users\USER\Desktop\Powershell.exe_150714_115632.dmp
[11:56:36] Dump 1 writing: Estimated dump file size is 271 MB.
[11:56:37] Dump 1 complete: 271 MB written in 5.6 seconds
[11:56:38] Dump count reached.

Congratulations, you now have a dump file ready for debugging!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.