Could anyone tell me what API does the windows inbuilt Task Manager use to dump the process I choose?
If I'm right, it's not the MiniDumpWriteDump. If not this, then what? Thanks a lot!
Short answer, it uses MiniDumpWriteDump.
Details (some unnecessary details was skipped):
In Windows 7 version, there is some wrapper function in the task manager executable gets called along with the process ID and the executable name, e.g foo.exe, whenever you want to dump a process.
It obtains a handle to the process using OpenProcess and stores it in some structure allocated in the heap using HeapAlloc.
It gets the temp directory in some local variable using GetTempPathW, append the executable name, e.g foo.exe, using PathAppendW, and removes the extension using PathRemoveExtension to becomes foo without .exe and then adds a new extension using PathAddExtensionW, and calls PathYetAnotherMakeUniqueName to check if the path not used or generate a new path like foo(2).DMP. Finally it gets a handle to the file using CreateFile.
It duplicate the handle using DuplicateHandle and store it in that structure and creates a new thread and pass the structure as an argument to the thread function.
The thread calls using the argument MiniDumpWriteDump with DumpType set to 0x1826:
MiniDumpWithFullMemory | MiniDumpWithHandleData | MiniDumpWithUnloadedModules | MiniDumpWithFullMemoryInfo | MiniDumpWithThreadInfo