Access Denied when running PROCDUMP

Summary

Just a quick blog post that details why you may receive an “Access Denied” when running PROCDUMP and a quick fix for this scenario.

Problem Description

Unable to dump a process with PROCDUMP due to an “Access Denied” error.

Example:

ProcDump v9.0 – Sysinternals process dump utility

Copyright (C) 2009-2017 Mark Russinovich and Andrew Richards

Sysinternals – www.sysinternals.com

Error opening OWSTIMER.EXE (10008): Access is denied. (0x00000005, 5)

Cause

As you can see from my command window, I’m running the command prompt as “Administrator” and still seeing “access denied”. In this case, the issue is occurring because the user does not have the “Debug Programs” local security policy set. If the user running PROCDUMP does not have this policy, you will not have the required access to attach to a system process using a debugger (procdump in this example).

Debug programs

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/debug-programs

Resolution

To resolve this issue, change the local security policy and add the user running PROCDUMP inside the “Debug Programs” policy.

Example:

Conclusion

When you are involved resolving a difficult issue, the last thing you need is to troubleshoot the tools that are used to help you identity the issue. I hope this provided a quick fix and you can move onto creating and analyzing the process memory for issue at hand.

Important Notes:

  • After making this change you will need to sign out of the PC and sign back in.
  • In this example, I’m adding the local Administrators group which is the default setting.

Now you should be able to attach to the target process and create a memory dump without error.

Example:

4 Comments


  1. Awesome post! Keep up the great work!

    Reply

  2. Great content! Super high-quality! Keep it up!

    Reply

  3. Greetings! I know this is somewhat off topic but I was wondering which blog platform are you using for
    this site? I’m getting tired of WordPress because I’ve had problems with hackers and
    I’m looking at options for another platform. I would be fantastic
    if you could point me in the direction of a good platform.

    Reply

    1. I actually use WordPress, and with some popular add-ons you can prevent people trying to hack and make self promoting comments /wink .

      Reply

Leave a Reply