dumpfile.cpp

内核导出信息的原代码

// dumpfile.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <Windows.h>
#include <DbgHelp.h>
int main(int argc, char* argv[])
{
	char ModuleFileName[MAX_PATH];
	char* PathNameEnd;
	char* ExtName;
	HANDLE ProcessHandle;
	DWORD ProcessID;
	BOOL bSuccess;
	HANDLE DumpFileHandle;
	ProcessID = GetCurrentProcessId();
	ProcessHandle = GetCurrentProcess();
	GetModuleFileName(NULL,ModuleFileName,MAX_PATH);
	PathNameEnd = strrchr(ModuleFileName,'\\');
	if(PathNameEnd==NULL)
	{
		strcpy(ModuleFileName,"c:\\mindump.dmp");
	}
	else
	{
		PathNameEnd++;
		ExtName = strrchr(PathNameEnd,'.');
		if(ExtName)
		{
			strcpy(ExtName,".dmp");
		}
		else
		{
			strcat(PathNameEnd,".dmp");
		}
	}
	DumpFileHandle = CreateFile(ModuleFileName,GENERIC_WRITE|GENERIC_READ,FILE_SHARE_WRITE|FILE_SHARE_READ,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
	if(DumpFileHandle==INVALID_HANDLE_VALUE)
	{
		::MessageBox(NULL,"open dump file error.","error!",MB_OK);
		return 0;
	}
	bSuccess = MiniDumpWriteDump(ProcessHandle,ProcessID,DumpFileHandle, MiniDumpNormal,NULL,NULL,NULL);
	if(bSuccess==FALSE)
	{
		::MessageBox(NULL,"MiniDumpWriteDump error.","error!",MB_OK);
	}
	bSuccess = MiniDumpWriteDump(ProcessHandle,ProcessID,DumpFileHandle,  MiniDumpWithFullMemory,NULL,NULL,NULL);
	if(bSuccess==FALSE)
	{
		::MessageBox(NULL,"MiniDumpWriteDump error.","error!",MB_OK);
	}
	CloseHandle(DumpFileHandle);
	HANDLE hDumpFile;
	hDumpFile = CreateFile(ModuleFileName,GENERIC_WRITE|GENERIC_READ,FILE_SHARE_WRITE|FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
	if(hDumpFile==INVALID_HANDLE_VALUE)
	{
		::MessageBox(NULL,"open C:\\WINDOWS\\MEMORY.DMP error!","error!",MB_OK);
	}
	DWORD dwHigh,dwLow;
	HANDLE hMapFileHandle;
	dwLow = GetFileSize(hDumpFile,&dwHigh);
	hMapFileHandle = CreateFileMapping(hDumpFile,NULL,PAGE_READWRITE,dwHigh,dwLow,NULL);
	if(hMapFileHandle==NULL)
	{
		::MessageBox(NULL,"CreateFileMapping error!","error!",MB_OK);
		CloseHandle(hDumpFile);
		return true;
	}
	LPVOID lpBaseAddress;
	lpBaseAddress = MapViewOfFile(hMapFileHandle,FILE_MAP_READ|FILE_MAP_WRITE,0,0,(dwHigh<<32)+dwLow);
	if(lpBaseAddress==NULL)
	{
		::MessageBox(NULL,"MapViewOfFile error!","error!",MB_OK);
		CloseHandle(hDumpFile);
		CloseHandle(hMapFileHandle);
	}
	PMINIDUMP_DIRECTORY OutDirectory;
	//memset(OutDirectory,0,sizeof(MINIDUMP_DIRECTORY));
	PVOID StreamPointer;
	ULONG StreamSize;
	PMINIDUMP_THREAD_LIST pThreadList;
	bSuccess = MiniDumpReadDumpStream(lpBaseAddress,ThreadListStream,&OutDirectory,&StreamPointer,&StreamSize);
	if(bSuccess==false)
	{
		::MessageBox(NULL,"MiniDumpReadDumpStream!","error!",MB_OK);
		CloseHandle(hDumpFile);
		CloseHandle(hMapFileHandle);
		UnmapViewOfFile(lpBaseAddress);
		return -1;
	}
	CloseHandle(hDumpFile);
	CloseHandle(hMapFileHandle);
	UnmapViewOfFile(lpBaseAddress);
	return 0;
}