Attach a debbuger like WinDBG or x64dbg directly to the file system. about memprocfs HOT 3 CLOSED

If debugging Windows it should auto-generate a memory.dmp file which you should be able to open in WinDbg.

Setting breakpoints and such aren't working though, but it will detect os, kernel and processes and automatically download required symbols and such.

If wanting to patch something you'll have to open process virtual memory (or physical memory) in your hexeditor and patch. Note tho that patching .exe/,dll/.sys image in one process will likely patch it in all processes since writes goes down to physical memory. Patching heaps/stacks and such generally have no such side effects.

from memprocfs.

Is it your intend not to include the dump file per process or is it my PC that doesnt have one?

from memprocfs.

only full dump is currently available, I'm unsure about per-process minidumps, it's on my todo-list to look into but I'm not sure about the complexibility.

you should be able to switch into process context in WinDbg already though .... replace the ffff-value in .process with your process EPROCESS address.

kd> .process /r /p ffff8b8f8a5780c0
kd> lmu
start             end                 module name
00007ff6`d2f40000 00007ff6`d2f48000   LogonUI    (deferred)             
00007ff8`dcc20000 00007ff8`dcf54000   msftedit   (deferred)  
...

0: kd> u 00007ff6`d2f41010
LogonUI!wWinMain:
00007ff6`d2f41010 4053            push    rbx
00007ff6`d2f41012 4883ec70        sub     rsp,70h
00007ff6`d2f41016 498bd8          mov     rbx,r8
00007ff6`d2f41019 ff1561210000    call    qword ptr [LogonUI!_imp_GetCurrentProcess (00007ff6`d2f43180)]
...

from memprocfs.