我根据从转储文件扫描内存的wdk示例编写了一个简单的程序。
现在,我希望在流程运行期间也这样做,并且我面临几个问题:
我不知道如何打破正在运行的过程
离开我的程序时,debugee关闭了,而我叫DetachProcess。
由于
void ApplyCommandLineArguments(void)
{
HRESULT Status;
// Install output callbacks so we get any output that the
// later calls produce.
if ((Status = g_Client->SetOutputCallbacks(&g_OutputCb)) != S_OK)
{
Exit(1, "SetOutputCallbacks failed, 0x%X\n", Status);
}
if (isDump())
{
// Everything's set up so open the dump file.
if ((Status = g_Client->OpenDumpFile(g_DumpFile)) != S_OK)
{
Exit(1, "OpenDumpFile failed, 0x%X\n", Status);
}
// Finish initialization by waiting for the event that
// caused the dump. This will return immediately as the
// dump file is considered to be at its event.
if ((Status = g_Control->WaitForEvent(DEBUG_WAIT_DEFAULT,
INFINITE)) != S_OK)
{
Exit(1, "WaitForEvent failed, 0x%X\n", Status);
}
}
else
{
if ((Status = g_Client->AttachProcess(0,GetPid(),0/*DEBUG_ATTACH_NONINVASIVE*/)) != S_OK)
{
Exit(1, "AttachProcess failed, 0x%X\n", Status);
}
}
// Everything is now initialized and we can make any
// queries we want.
}