我试图让进程转储。但是当我使用标志MiniDumpWithFullMemory时,函数崩溃了。
也许我使用DuplicateHandle错了......我不知道。
MiniDumpWithFullMemory是获取一般信息的必要标志还是我只能使用其他标志(如下面的代码清单)?
我需要获取转储才能将其发送到VirusTotal ...
以下是代码:
#include <iostream>
#include <windows.h>
using namespace std;
#pragma comment(lib, "dbghelp.lib")
#include <dbghelp.h>
#include <stdio.h>
void WriteFullDump(wchar_t* path_to_dump, HANDLE hProc)
{
const DWORD Flags = MiniDumpWithHandleData|
MiniDumpWithHandleData|
MiniDumpWithDataSegs|
MiniDumpScanMemory |
MiniDumpFilterMemory|
MiniDumpNormal|
MiniDumpWithUnloadedModules|
MiniDumpWithThreadInfo;
HANDLE hFile = CreateFile(path_to_dump, GENERIC_WRITE, 0, nullptr,CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, nullptr);
BOOL Result = MiniDumpWriteDump(hProc,
GetProcessId(hProc),
hFile,
(MINIDUMP_TYPE)Flags,
nullptr,
nullptr,
nullptr);
CloseHandle(hFile);
if (!Result)
{
cout << Result << endl;
std::cerr << "Looks like an error: MiniDumpWriteDump failed" << endl;
cout << GetLastError() << endl;
}
CloseHandle(hFile);
return;
}
int main()
{
wchar_t* path = L"C:\\C++\\122332.txt";
int pid;
cin >> pid;
HANDLE proc = OpenProcess(PROCESS_DUP_HANDLE, 1, pid);
HANDLE pseudoproc;
HANDLE my = GetCurrentProcess();
DuplicateHandle(proc, proc, my, &pseudoproc, PROCESS_QUERY_INFORMATION, 1, DUPLICATE_SAME_ACCESS);
WriteFullDump(path,proc);
CloseHandle(proc);
cout << "Finished!" << endl;
char g;
cin >> g;
return 0;
}