dump文件调试技巧（产生Dump文件）

主函数：

 

#include "stdafx.h"
#include "DumpFile.h"




int _tmain(int argc, _TCHAR* argv[])
{
    //SetUnhandledExceptionFilter();
    DeclareDumpFile();


    int aTemp = 1;
    aTemp++;
    int *p = NULL;
    *p=1;
    return 0;
}

 

DumpFile.h文件

 

#pragma once
#include <windows.h>
#include < Dbghelp.h>
#include <iostream>  
#include <vector>  
using namespace std; 




#pragma comment(lib, "Dbghelp.lib")




namespace NSDumpFile
{ 
    void CreateDumpFile(LPCWSTR lpstrDumpFilePathName, EXCEPTION_POINTERS *pException)  
    {
        // 创建Dump文件  
        //  
        HANDLE hDumpFile = CreateFile(lpstrDumpFilePathName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);  




        // Dump信息  
        //  
        MINIDUMP_EXCEPTION_INFORMATION dumpInfo;  
        dumpInfo.ExceptionPointers = pException;  
        dumpInfo.ThreadId = GetCurrentThreadId();  
        dumpInfo.ClientPointers = TRUE;  




        // 写入Dump文件内容  
        //  
        MiniDumpWriteDump(GetCurrentProcess(), GetCurrentProcessId(), hDumpFile, MiniDumpNormal, &dumpInfo, NULL, NULL);  




        CloseHandle(hDumpFile);  
    }  




    LPTOP_LEVEL_EXCEPTION_FILTER WINAPI MyDummySetUnhandledExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter)
    {
        return NULL;
    }




    BOOL PreventSetUnhandledExceptionFilter()
    {
        HMODULE hKernel32 = LoadLibrary(_T("kernel32.dll"));
        if (hKernel32 ==   NULL)
            return FALSE;




        void *pOrgEntry = GetProcAddress(hKernel32, "SetUnhandledExceptionFilter");
        if(pOrgEntry == NULL)
            return FALSE;




        unsigned char newJump[ 100 ];
        DWORD dwOrgEntryAddr = (DWORD) pOrgEntry;
        dwOrgEntryAddr += 5; // add 5 for 5 op-codes for jmp far




        void *pNewFunc = &MyDummySetUnhandledExceptionFilter;
        DWORD dwNewEntryAddr = (DWORD) pNewFunc;
        DWORD dwRelativeAddr = dwNewEntryAddr -  dwOrgEntryAddr;




        newJump[ 0 ] = 0xE9;  // JMP absolute
        memcpy(&newJump[ 1 ], &dwRelativeAddr, sizeof(pNewFunc));
        SIZE_T bytesWritten;
        BOOL bRet = WriteProcessMemory(GetCurrentProcess(),    pOrgEntry, newJump, sizeof(pNewFunc) + 1, &bytesWritten);
        return bRet;
    }




    LONG WINAPI UnhandledExceptionFilterEx(struct _EXCEPTION_POINTERS *pException)
    {
        //MessageBox(NULL, _T("Stop"), _T("Tip"), MB_OK);
        TCHAR szMbsFile[MAX_PATH] = { 0 };
        ::GetModuleFileName(NULL, szMbsFile, MAX_PATH);
        TCHAR* pFind = _tcsrchr(szMbsFile, '\\');
        if(pFind)
        {
            *(pFind+1) = 0;
            _tcscat(szMbsFile, _T("CrashDumpFile.dmp"));
            CreateDumpFile(szMbsFile, pException);
        }




        // TODO: MiniDumpWriteDump
        FatalAppExit(-1,  _T("Fatal Error"));
        return EXCEPTION_CONTINUE_SEARCH;
    }




    void RunCrashHandler()
    {
        SetUnhandledExceptionFilter(UnhandledExceptionFilterEx);
        PreventSetUnhandledExceptionFilter();
    }
};




#define DeclareDumpFile() NSDumpFile::RunCrashHandler();