Troubleshoot Err 5: Access Denied When Attempt AppHang ProcDump

[hjlbx]

Briefly explain your current issue(s)

Unable to create process dump using ProcDump due to "Access is denied."

Steps taken to resolve, but have been unsuccessful

Tried Admin powershell; same result.

Hello,


During an Emsisoft Internet Security app hang (forced for testing) I attempt to create full mem dumps for both a2guard and a2service.


I am logged-on as user with admin privileges (whoami confirms), open an administrator command prompt and then run from procdump directory:


procdump.exe -ma a2guard

procdump.exe -ma a2service


I've also tried the -64 switch.


In each case, CLI returns: "Error 5: 0x00000005 Access is denied."



Any suggestions?



Use psexec.exe to raise CLI to NT AUTHORITY\SYSTEM ?



Thanks.

 

[vivid]

In your case, you could use Process Explorer to create the mentioned dumps.

 

[hjlbx]

In your case, you could use Process Explorer to create the mentioned dumps.

Hello vivid,

You are absolutely correct.

However, from what I understand, that type of dump contains a lot of "noise."

The -ma dump contains only threads and handles.

I'm waiting for a reply from Emsisoft as to whether or not they can use the type of dump you suggest.

 

[hjlbx]

Fix: Disable Emsisoft's Self-Protection.

That would help...wouldn't it.

 

[vivid]

The -ma dump contains only threads and handles.

procdump <process name or service name or PID> implies simple dump with thread and handle only
procdump -ma <process name or service name or PID> implies full dump with all process memory

 

[hjlbx]

Hello vivid,

You are absolutely correct.

An error on my part.