我正在尝试获取有关某些进程句柄的minidump信息。
我正在获取MINIDUMP_HANDLE_DESCRIPTOR_2类型的句柄列表,我正在尝试阅读有关句柄的信息,我可以使用ObjectInfoRva访问该句柄。
但是,我总是得到这个例外:
发生System.ArgumentException HResult = -2147024809 Message = Not 缓冲区中有足够的可用空间。源= mscorlib程序
这是我的方法
public unsafe DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION ReadInfo(uint rva)
{
try
{
DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION result = default(DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION);
byte* baseOfView = null;
_safeMemoryMappedViewHandle.AcquirePointer(ref baseOfView);
IntPtr position = new IntPtr(baseOfView + rva);
result = _safeMemoryMappedViewHandle.Read<DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION>((ulong)position);
return result;
}
finally
{
_safeMemoryMappedViewHandle.ReleasePointer();
}
}
MINIDUMP_HANDLE_DESCRIPTOR_2声明:
public struct MINIDUMP_HANDLE_DESCRIPTOR_2
{
public UInt64 Handle;
public uint TypeNameRva;
public uint ObjectNameRva;
public UInt32 Attributes;
public UInt32 GrantedAccess;
public UInt32 HandleCount;
public UInt32 PointerCount;
public uint ObjectInfoRva;
public UInt32 Reserved0;
}
_safeMemoryMappedViewHandle已初始化 - 这就是我首先获得句柄列表的方式。
我做错了什么?
答案 0 :(得分:0)
问题在于baseOfView指针 - 我没有正确计算它。我需要根据基本流地址设置偏移量...
这是ReadInfo函数的一个版本,最终对我有用:
public unsafe DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION ReadInfo(uint rva, IntPtr streamPtr)
{
DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION result = new DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION();
try
{
byte* baseOfView = null;
_safeMemoryMappedViewHandle.AcquirePointer(ref baseOfView);
ulong offset = (ulong)streamPtr - (ulong)baseOfView;
result = _safeMemoryMappedViewHandle.Read<DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION>(offset);
}
finally
{
_safeMemoryMappedViewHandle.ReleasePointer();
}
return result;
}