通过Debug引擎API读取转储文件

Question

我使用Debug引擎API编写了一个小程序来读取转储文件。 我正在通过代码执行!analyze -v命令。

我能够获得几乎所有可以使用上述命令提取的细节，但不能获得进程名称和图像名称和模块名称

我真的不知道我哪里出错了。

我尝试的事情：

1. 将dll的ext，exts，Kdexts，kext复制到我的exe所在的同一个文件夹中 本。

2. 还复制了symsrv.dll。

3. 我正在使用的符号路径 symbols->SetSymbolPath("srv*http://msdl.microsoft.com/download/symbols")其中符号是IDebugSymbols指针

但到目前为止它没有用。

我得到的结果是：

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_OBJECT_TERMINATION (f4) A process or thread crucial to system
operation has unexpectedly exited or been terminated. Several
processes and threads are necessary for the operation of the system;
when they are terminated (for any reason), the system can no longer
function. Arguments: Arg1: 00000003, Process Arg2: 84d97860,
Terminating object Arg3: 84d979cc, Process image file name Arg4:
8285cec0, Explanatory message (ascii)

Debugging Details:
------------------

***** Debugger could not find nt in module list, module list might be incorrect,  error 0x80070057.

-----------------------------------------------                              
|         NT symbols are not available         | 
|         reduced functionality                | 
|                                              |
------------------------------------------------ 
unable to get nt!KiCurrentEtwBufferOffset 
unable to get nt!KiCurrentEtwBufferBase

PROCESS_OBJECT: 84d97860

IMAGE_NAME:  Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP:  0

FAULTING_MODULE: 00000000 

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xF4

CURRENT_IRQL:  0

STACK_TEXT:   WARNING: Frame IP not in any known module. Following
frames may be wrong. 950dbc9c 829223af 000000f4 00000003 84d97860
0x82722bfc 950dbcc0 828a0009 8285cec0 84d979cc 84d97ad0 0x829223af
950dbcf0 8289ff4c 84d97860 8447b030 00000001 0x828a0009 950dbd24
826818c6 000001e0 00000001 001cebb0 0x8289ff4c 950dbd34 77be70f4
badb0d00 001ceba8 00000000 0x826818c6 950dbd38 badb0d00 001ceba8
00000000 00000000 0x77be70f4 950dbd3c 001ceba8 00000000 00000000
00000000 0xbadb0d00 950dbd40 00000000 00000000 00000000 00000000
0x1ceba8


STACK_COMMAND:  kb

BUCKET_ID:  CORRUPT_MODULELIST

MODULE_NAME: Unknown_Module  *** Followup info cannot be found !!!
Please contact "Debugger Team"