0

実行時にメモ帳をドライブのどこかにテキスト ドキュメントにダンプする実行可能ファイルを作成しようとしています。ファイルをスキャンしてキーワードを検出し、見つかった場合にエンド ユーザーに警告できるようにするため、これは重要です。

これは私が現在持っているコードです:

Private Const ProcessQueryInformation As Integer = &H400
Private Const ProcessVmRead As Integer = &H10

<DllImport("dbghelp", CallingConvention:=CallingConvention.Winapi, SetLastError:=True)>
Private Shared Function MiniDumpWriteDump(
    ByVal hProcess As SafeFileHandle,
    ByVal processId As Int32,
    ByVal hFile As SafeFileHandle,
    ByVal dumpType As MinidumpType,
    ByVal exceptionParam As IntPtr,
    ByVal userStreamParam As IntPtr,
    ByVal callbackParam As IntPtr) As <MarshalAs(UnmanagedType.Bool)> Boolean
End Function

<DllImport("kernel32", CallingConvention:=CallingConvention.Winapi, SetLastError:=True)>
Public Shared Function OpenProcess(
    ByVal dwDesiredAccess As UInteger,
    ByVal bInheritHandle As Boolean,
    ByVal dwProcessId As Integer) As SafeFileHandle
End Function

<Flags()>
Private Enum MinidumpType
    MiniDumpNormal = 0
    MiniDumpWithDataSegs = 1
    MiniDumpWithFullMemory = 2
    MiniDumpWithHandleData = 4
    MiniDumpFilterMemory = 8
    MiniDumpScanMemory = &H10
    MiniDumpWithUnloadedModules = &H20
    MiniDumpWithIndirectlyReferencedMemory = &H40
    MiniDumpFilterModulePaths = &H80
    MiniDumpWithProcessThreadData = &H100
    MiniDumpWithPrivateReadWriteMemory = &H200
    MiniDumpWithoutOptionalData = &H400
    MiniDumpWithFullMemoryInfo = &H800
    MiniDumpWithThreadInfo = &H1000
    MiniDumpWithCodeSegs = &H2000
    MiniDumpWithoutAuxiliaryState = &H4000
    MiniDumpWithFullAuxiliaryState = &H8000
End Enum


Private Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
    ' Get the process id.
    Dim id As Integer = GetProcessId("notepad")
    ' Get the process handle from the id.
    Dim hProcess As SafeFileHandle = Nothing ' We could define a SafeProcessHandle...       
    Try
        hProcess = OpenProcess(ProcessVmRead Or ProcessQueryInformation, False, id)
        ' Check result...
        If hProcess Is Nothing Then
            If Marshal.GetLastWin32Error = 0 Then
                Throw New Win32Exception
            End If
        End If
        Dim oneFileName As String = "C:\dump.txt"
        Using oneFile As FileStream = New FileStream(oneFileName, FileMode.Create)
            MiniDumpWriteDump(hProcess, id, oneFile.SafeFileHandle, MinidumpType.MiniDumpWithFullMemory,
                              Nothing, Nothing, Nothing)
            oneFile.Flush()
        End Using
    Finally
        If hProcess IsNot Nothing Then
            hProcess.Close()
            hProcess.Dispose()
        End If
    End Try
End Sub

Private Function GetProcessId(ByVal processName As String) As Integer
    Dim id As Integer = -1
    Dim processes() As Process = Process.GetProcessesByName(processName)
    If processes.Count = 0 Then Throw New ArgumentException("Could not find the process specified", "processName")
    id = processes(0).Id ' There could be many processes - we just grab the first.
    For Each p As Process In processes
        p.Dispose()
    Next
    Return id
End Function

私の問題は、このコードを実行するたびに空白のテキスト ドキュメントが表示されることです。関数 MiniDumpWriteDump が false を返すことはわかっていますが、その理由がわかりません。それが私がここにいる理由です。

参考までに、これはすべてのプロセスで発生しますが、それ自体です。

4

1 に答える 1

0

これがこの質問に対する答えです。検索不足でせっかちな私をお許しください!

MiniDumpWriteDump (C#) は、特定のプロセスに対して長さゼロのダンプ ファイルを生成します

于 2016-04-08T04:40:48.127 に答える