必威体育Betway必威体育官网
当前位置:首页 > IT技术

windows下生成dumpfile程序崩溃的问题(WriteProcessMemory)

时间:2019-06-25 23:43:11来源:IT技术作者:seo实验室小编阅读:67次「手机版」
 

writeprocessmemory

之前在win xp和win7没有问题,用了Win10就出问题了.

解决办法:virtualProtect函数使用VirtualProtectEx代替即可!

所有代码如下:

#ifndef __DUMP_H__
#define __DUMP_H__
#include <stdlib.h>
#include <stdio.h>
#include <ostream>
#ifdef _MSC_VER
#include <windows.h>
#include <DbgHelp.h>
#pragma comment(lib, "dbghelp.lib")

#ifndef _M_IX86  
#ERROR "The following code only works for x86!"  
#endif  

inline BOOL IsDataSectionneeded(const WCHAR* pModuleName)
{
	if (pModuleName == 0)
	{
		return false;
	}

	WCHAR szFileName[_MAX_FNAME] = L"";
	_wsplitpath_s(pModuleName, NULL, 0, NULL, 0, szFileName, _MAX_FNAME, NULL, 0);

	if (_wcsicmp(szFileName, L"ntdll") == 0)
		return TRUE;

	return FALSE;
}

inline BOOL CALLBACK MiniDumpCallback(PVOID                            pParam,
	const PMINIDUMP_CALLBACK_INPUT   pInput,
	PMINIDUMP_CALLBACK_OUTPUT        pOutput)
{
	if (pInput == 0 || pOutput == 0)
		return FALSE;

	switch (pInput->CallbackType)
	{
	case ModuleCallback:
		if (pOutput->ModuleWriteFlags & ModuleWriteDataSeg)
			if (!IsDataSectionNeeded(pInput->Module.FullPath))
				pOutput->ModuleWriteFlags &= (~ModuleWriteDataSeg);
	case IncludeModuleCallback:
	case IncludeThreadCallback:
	case ThreadCallback:
	case ThreadExCallback:
		return TRUE;
	default:;
	}

	return FALSE;
}

inline void CreateMiniDump(EXCEPTION_POINTERS* pep, LPCTSTR strFileName)
{
	handle hFile = CreateFile(strFileName, GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);

	if ((hFile != NULL) && (hFile != INvalid_HANDLE_VALUE))
	{
		MINIDUMP_EXCEPTION_INFORMATION mdei;
		mdei.ThreadId = GetCurrentThreadId();
		mdei.ExceptionPointers = pep;
		mdei.ClientPointers = NULL;

		MINIDUMP_CALLBACK_INFORMATION mci;
		mci.CallbackRoutine = (MINIDUMP_CALLBACK_ROUTINE)MiniDumpCallback;
		mci.CallbackParam = 0;

		//dump信息较多
		MINIDUMP_TYPE mdt = (MINIDUMP_TYPE)(
			MiniDumpWithPrivateReadWriteMemory |
			MiniDumpWithFullMemory |
			MiniDumpWithDataSegs |
			MiniDumpWithHandleData |
			MiniDumpWithFullMemoryInfo |
			MiniDumpWithThreadInfo |
			MiniDumpWithUnloadedModules |
			MiniDumpWithindirectlyReferencedMemory |
			MiniDumpWithFullAuxiliaryState |
			MiniDumpWithPrivateWriteCopyMemory |
			MiniDumpignoreInaccessibleMemory |
			MiniDumpWithTokenInformation |
			MiniDumpFilterMemory
			);
		MiniDumpWriteDump(GetCurrentProcess(), GetCurrentProcessId(),
			hFile, mdt, (pep != 0) ? &mdei : 0, 0, &mci);

		//MiniDumpWriteDump(GetCurrentProcess(), GetCurrentProcessId(), hFile, MiniDumpNormal, (pep != 0) ? &mdei : 0, NULL, &mci);  //普通dump,小

		CloseHandle(hFile);
	}
}




std::ostream& operator<<(std::ostream& os, const EXCEPTION_RECORD& red)
{
	return os << "   Thread ID:" << GetCurrentThreadId()
		<< "   ExceptionCode: " << red.ExceptionCode << "/n"
		<< "   ExceptionFlags: " << red.ExceptionFlags << "/n"
		<< "   ExceptionAddress: " << red.ExceptionAddress << "/n"
		<< "   Numberparameters: " << red.NumberParameters;
}


LONG WINAPI GPTUnhandledExceptionFilter(PEXCEPTION_POINTERS pExceptionInfo)
{
	FILE *fp;
	fopen_s(&fp, "DumpInfo.txt", "a+");
	char buffer[256];
	sprintf_s(buffer, "%s", "   Server Dead,CreatDump!!\n");

	static char __time[1024];
	SYSTEMTIME s;
	GetlocalTime(&s);
	sprintf_s(__time, "[%d-%d-%d %d:%d:%d]", s.wYear, s.wMonth, s.wDay, s.wHour, s.wMinute, s.wSecond);

	fwrite(__time, strlen(__time), 1, fp);
	fwrite(buffer, strlen(buffer), 1, fp);
	fclose(fp);

	//StackWalker sw;
	//sw.Showcallstack();//actionlog.txt

	CreateMiniDump(pExceptionInfo, "Exception.dmp");
	//std::cerr << "未知错误:" << (*pExceptionInfo->ExceptionRecord) << std::endl;
	//exit(pExceptionInfo->ExceptionRecord->ExceptionCode);

	return EXCEPTION_EXECUTE_handler;    // 程序停止运行
}

// 此函数一旦成功调用,之后对 SetUnhandledExceptionFilter 的调用将无效  
void disableSetUnhandledExceptionFilter()
{
	void* addr = (void*)GetProcAddress(loadlibrary("kernel32.dll"), "SetUnhandledExceptionFilter");

	if (addr && !IsBadReadPtr(addr, sizeof(void*)))
	{
		unsigned char code[16];
		int size = 0;
		code[size++] = 0x33;
		code[size++] = 0xC0;
		code[size++] = 0xC2;
		code[size++] = 0x04;
		code[size++] = 0x00;

		Dword dwOldFlag, dwTempFlag;
		if (VirtualProtectEx(GetCurrentProcess(), addr, size, PAGE_EXECUTE_READWRITE, &dwOldFlag) == 0)
			return;
		writeprocessmemory(GetCurrentProcess(), addr, code, size, NULL);
		VirtualProtectEx(GetCurrentProcess(), addr, size, dwOldFlag, &dwTempFlag);
	}
}

void InitMinDump()
{
	//注册异常处理函数  
	SetUnhandledExceptionFilter(GPTUnhandledExceptionFilter);

	//使SetUnhandledExceptionFilter  
	DisableSetUnhandledExceptionFilter();
}
#endif
#endif

相关阅读

通过WriteProcessMemory改写进程的内存

http://www.cnblogs.com/feiyucq/archive/2009/10/21/1587628.html以PROCESS_ALL_ACCESS权限打开进程以后既能够使用ReadProcessM

分享到:

栏目导航

推荐阅读

热门阅读