MiniDumpWriteDump段故障？

Question

我正在尝试转储一个进程，比如calc.exe

当我运行我的程序时，我得到

Program received signal SIGSEGV, Segmentation fault.
0x0000000000401640 in MiniDumpWriteDump ()

以下是代码

#include <windows.h>
#include <dbghelp.h>

int main(){
    HANDLE hFile = CreateFileA(
        "calc.dmp",
        GENERIC_READ | GENERIC_WRITE,
        FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE,
        NULL,
        CREATE_ALWAYS,
        FILE_ATTRIBUTE_NORMAL,
        NULL
    );

    DWORD procID = 196;

    HANDLE hProc = OpenProcess(
        PROCESS_ALL_ACCESS,
        FALSE,
        procID
    );

    MiniDumpWriteDump(
        hProc,
        procID,
        hFile,
        MiniDumpWithFullMemory,
        NULL,
        NULL,
        NULL
    );

    CloseHandle(hFile);
}

Answer 1

您的示例可以在32位和64位windows上运行，但它必须使用相同的“位”进行编译(64位Windows上为64位，32位Windows上为32位)。

我只添加了一个窗口枚举和一种提供procID作为参数的方法。应该检查返回值的函数是否有错误。

#include <windows.h>
#include <dbghelp.h>
#include <stdio.h>
#define TRYTO(b,a) if (!(a)) { \
fprintf(stderr,"Unable to " b "\n"); exit(1);}
static BOOL CALLBACK FunkyCallback(HWND hWnd, LPARAM lParam ){
    char b[100]; RECT Rect;
    DWORD pid;
    if(!GetParent(hWnd)){
        GetWindowText(hWnd, b, 99); GetWindowRect(hWnd,&Rect);
        GetWindowThreadProcessId(hWnd, &pid);
        printf("%li: %s left:%li top:%li\n",pid,b,Rect.left,Rect.top);
    }
    return TRUE;
}
int main(int argc, char ** argv){
    HANDLE hFile;
    DWORD procID;
    HANDLE hProc;
    if (argc > 1){
        TRYTO("create file",(
            hFile = CreateFile(
                "proc.dmp",
                GENERIC_READ | GENERIC_WRITE,
                FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE,
                NULL,
                CREATE_ALWAYS,
                FILE_ATTRIBUTE_NORMAL,
                NULL
            ))!=INVALID_HANDLE_VALUE);
        DWORD procID = atoi(argv[1]);
        TRYTO("open process",(
            hProc = OpenProcess(
                PROCESS_ALL_ACCESS,
                FALSE,
                procID
            )));
        TRYTO("write dump",(
            MiniDumpWriteDump(
                hProc,
                procID,
                hFile,
                MiniDumpNormal,
                NULL,
                NULL,
                NULL
            )));
        fprintf(stderr,"Successfully created proc.dmp.\n",argv[0]);
        CloseHandle(hFile);
    } else { 
        EnumChildWindows(GetDesktopWindow(),FunkyCallback, 0);
        fprintf(stderr,"Usage: %s procID\n",argv[0]);
    }
}

编译说明

在带有Mingw64的Linux上进行了测试。Fedora Linux has packages here。我将64位dbghelp.dll从Windows Server2008Windows/system32复制到源文件夹。objdump -f可以确认动态链接库是64位还是32位。编译行类似于

/usr/bin/x86_64-w64-mingw32-gcc dmp.c -L. -l dbghelp -o dmp.exe

链接

• Link to .DLL on Windows
• Wine
• Link to DLL with MingW
• C FAQ system dependencies