# Take one UMDH stack-tagged heap snapshot of a running process. # # Requirements: # - gflags /i acclient.exe +ust (one-time, registry-set) # - _NT_SYMBOL_PATH pointing at acclient.pdb directory # - umdh.exe on PATH (Windows Debugging Tools) param( [Parameter(Mandatory=$true)][int]$ProcessId, [Parameter(Mandatory=$true)][string]$Out ) $ErrorActionPreference = "Stop" if (-not $env:_NT_SYMBOL_PATH) { Write-Warning "_NT_SYMBOL_PATH not set — symbols may not resolve" } & umdh.exe -p:$ProcessId -f:$Out if (-not (Test-Path $Out)) { throw "umdh produced no output at $Out" } $size = (Get-Item $Out).Length Write-Host "snapshot: $Out ($size bytes)"