0) install the windows debugging tools x64 or x86: http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx

1) stop the application service or kill the application

2) enable diagnostic:

Gflags.exe -i <application or service>.exe +ust

Note: this create a registry value which is read when the process starts up that allows the system to keep track of the functions

allocating memory inside the process

3) restart you application (windows service) or your application

4) get the service/application Process ID: using Tlist, using taskman or procexp

5) take a first measure :#1:

umdh.exe -p:<PID> -f:output1.txt

6) … wait few hours or days…

7) take a second measure #2:

umdh.exe -p:<PID> -f:output2.txt

8) To begin the analysis we must first determine what changes occurred between the periods defined by the two dumps we just made. To get this information, run the

umdh.exe one last time, with a slight modification in its command lineumdh output1.txt output2.txt > ars-diff.txt

9) check the DIFF file and send this to the application support team

10) stop diagnostic:

Gflags.exe -i <application or service>.exe -ust

Note: Once you have the dump(s), the diagnostic should be disabled to avoid performance degradation

Web References:

https://htcondor-wiki.cs.wisc.edu/index.cgi/wiki?p=LeakDetectionInUserMode

http://www.vinaytechs.com/2010/01/how-to-get-crash-or-hang-dump.html

http://msdn.microsoft.com/en-us/library/bb787181(VS.85).aspx