Daeth

Process Dumping doesn't work

13 posts in this topic

I'm trying to dump a process' memory to a file in the temporary directory, similar to Microsoft's ProcDump. The code uses the MinidumpWriteDump function in the dbghelp.dll. Here is the following code. (You need to open Notepad to start)

#NoTrayIcon
#RequireAdmin
#include <WinAPI.au3>
Global Const $MiniDumpNormal = "0x00000000"
Global Const $MiniDumpWithDataSegs = "0x00000001"
Global Const $MiniDumpWithFullMemory = "0x00000002"
Global Const $MiniDumpWithHandleData = "0x00000004"
Global Const $MiniDumpFilterMemory = "0x00000008"
Global Const $MiniDumpScanMemory = "0x00000010"
Global Const $MiniDumpWithUnloadedModules = "0x00000020"
Global Const $MiniDumpWithIndirectlyReferencedMemory = "0x00000040"
Global Const $MiniDumpFilterModulePaths = "0x00000080"
Global Const $MiniDumpWithProcessThreadData = "0x00000100"
Global Const $MiniDumpWithPrivateReadWriteMemory = "0x00000200"
Global Const $MiniDumpWithoutOptionalData = "0x00000400"
Global Const $MiniDumpWithFullMemoryInfo = "0x00000800"
Global Const $MiniDumpWithThreadInfo = "0x00001000"
Global Const $MiniDumpWithCodeSegs = "0x00002000"
Global Const $MiniDumpWithoutAuxiliaryState = "0x00004000"
Global Const $MiniDumpWithFullAuxiliaryState = "0x00008000"
Global Const $MiniDumpWithPrivateWriteCopyMemory = "0x00010000"
Global Const $MiniDumpIgnoreInaccessibleMemory = "0x00020000"
Global Const $MiniDumpWithTokenInformation = "0x00040000"
Global Const $MiniDumpWithModuleHeaders = "0x00080000"
Global Const $MiniDumpFilterTriage = "0x00100000"
Global Const $MiniDumpValidTypeFlags = "0x001fffff"
Global $iProcessPID = ProcessWait("notepad.exe")
Global $hProcess = _WinAPI_OpenProcess("0x0400", 0, $iProcessPID)
Global $hFile = _WinAPI_CreateFile(@TempDir & "\test.dmp", 1)
ConsoleWrite("$iProcessPID = " & $iProcessPID & @CRLF & "$hProcess = " & $hProcess & @CRLF & "$hFile = " & $hFile & @CRLF)
DumpFile($hProcess, $iProcessPID, $hFile, $MiniDumpWithFullMemory)
_WinAPI_CloseHandle($hFile)
_WinAPI_CloseHandle($hProcess)
Exit

Func DumpFile($hProcess, $iPID, $hFile, $dDumpType)
    $hDLL = DllOpen(@SystemDir & "\dbghelp.dll")
    $aResult = DllCall($hDLL, "BOOL", "MiniDumpWriteDump", "HANDLE", $hProcess, "DWORD", $iPID, "HANDLE", $hFile, "DWORD", $dDumpType, "DWORD", Null, "DWORD", Null, "DWORD", Null)
    DllClose($hDLL)
    ConsoleWrite($aResult[0])
EndFunc

$aResult[0] always returns 0, and the "test.dmp" file is always 0 kilobytes.

Share this post


Link to post
Share on other sites



#3 ·  Posted (edited)

@JohnOne I still get a return value of 0 with that code. I tried with this, but still to no avail:

Global $hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, 0, $iProcessPID, True)

Could there be anything wrong with the DllCall?

Edited by Daeth

Share this post


Link to post
Share on other sites

@OP: you should be content - that zero as a return value means "success" a dump file was created!

Share this post


Link to post
Share on other sites

@PACaleala No, according to MSDN, it says the return value should be True if a successful dump file was written. Furthermore, the dump file created is 0 bytes.

Share this post


Link to post
Share on other sites

Comment the require admin line and insert the next line before the "Exit" line:

if FileExists(@TempDir & "\test.dmp") Then run ("notepad" & " " & @TempDir & "\test.dmp")

Now run the script from SciTe

Share this post


Link to post
Share on other sites

What is that meant to do? There's nothing in the dumpfile.

Share this post


Link to post
Share on other sites
#include <WinAPI.au3>
;~ #RequireAdmin try to un-comment if not work for you

Local $hFile = _WinAPI_CreateFile(@ScriptDir & "\Test.dmp", 1) ; Creates a new file. If a file exists, it is overwritten
_DumpFile(@AutoItPID, $hFile)
_WinAPI_CloseHandle($hFile)

Func _DumpFile($iPID, $hFile, $dDumpType = 0)
    Local $hProcess = DllCall("kernel32.dll", "handle", "OpenProcess", "dword", 0x0450, "bool", 0, "dword", $iPID)
    If @error Then Return SetError(@error, @extended, 0)
    $aResult = DllCall("dbghelp.dll", "bool", "MiniDumpWriteDump", "handle", $hProcess[0], "dword", $iPID, "handle", $hFile, "dword", $dDumpType, "dword", "", "dword", "", "dword", "")
    DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess[0])
    If $aResult[0] = 0 Then Return SetError(@error, @extended, False)
    Return $aResult[0]
EndFunc

ivbrlh.png

2 people like this

Nothing is so strong as gentleness. Nothing is so gentle as real strength

 

Share this post


Link to post
Share on other sites

@Terenz Hmm that's odd, your code writes a dump file for @AutoItPID, so I tried using @AutoItPID, in my script as well - which actually works. How do I create a dump file of a system process or "notepad.exe". 

I tested the DumpFile on different applications such as "chrome.exe", but "notepad.exe" doesn't work. When I use the sysinternals 'ProcDump' tool and create a process dump of notepad.exe (procdump -ma notepad.exe), it worked fine.

Share this post


Link to post
Share on other sites

?

#include <WinAPI.au3>
;~ #RequireAdmin try to un-comment if not work for you

Local $iPID = Run("notepad.exe")
;~ Local $iPID = ProcessWait("notepad.exe")
Local $hFile = _WinAPI_CreateFile(@ScriptDir & "\Test.dmp", 1) ; Creates a new file. If a file exists, it is overwritten
_DumpFile($iPID, $hFile)
_WinAPI_CloseHandle($hFile)
ProcessClose($iPID)

Func _DumpFile($iPID, $hFile, $dDumpType = 0)
    Local $hProcess = DllCall("kernel32.dll", "handle", "OpenProcess", "dword", 0x0450, "bool", 0, "dword", $iPID)
    If @error Then Return SetError(@error, @extended, 0)
    $aResult = DllCall("dbghelp.dll", "bool", "MiniDumpWriteDump", "handle", $hProcess[0], "dword", $iPID, "handle", $hFile, "dword", $dDumpType, "dword", "", "dword", "", "dword", "")
    DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess[0])
    If $aResult[0] = 0 Then Return SetError(@error, @extended, False)
    Return $aResult[0]
EndFunc

35hqpn4.png

1 person likes this

Nothing is so strong as gentleness. Nothing is so gentle as real strength

 

Share this post


Link to post
Share on other sites

@JohnOne you're a genius! That did the trick. How did you know that would solve the problem?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • Viki
      By Viki
      This is my first time here so please dont bombard me that what a silly question I am asking!!
      I have 500 rows (A1:A500) in a spreadsheet and I just want to copy one by one row and then paste into another application and then press enter, loop should repeat this until finishes all 500 rows.
      I have looked at clipget(), clip(put() but dont know how to select next row in next turn. I also looked at Array to store but again no luck. Can some guide me please..
    • DineshPawar
      By DineshPawar
      0down votefavorite   In my current project, Excel macro open AutoIt script using a function Call Shell("location of autoit script").
      For proper functioning of AutoIt script it's need to be close parent Excel workbook, so this closing Excel action is written in AutoIt script itself.
      But as soon as AutoIt script close parent Excel workbook then script get pause and it do nothing.
      How open the AutoIt script from Excel workbook and after that parent Workbook get close?
    • AndroidZero
      By AndroidZero
      I want to animate transparent GIFs on my gui.
      I searched, read and tested a lot UDFs
      At the end none fits to me
      I wrote my own animated function, but its flickering sometimes just for a miliseconds but still doesnt looks good.

       
      Below is my code for Testing and also the GIF images you need for it.
      GUIChangeImage() is the Animation Function.
      CODE:
      ;************FOR GATHER HTML SOURCE CODE********************** #include <IE.au3> #include <InetConstants.au3> ;************FOR GUI*********** #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #include <WinAPIFiles.au3> ;**********FOR BUTTON ********** #include <ButtonConstants.au3> #include <StaticConstants.au3> ;**********FOR STRINGS ********** #include <StringConstants.au3> #include <String.au3> ;**********FOR COMBOBOX ********** #include <StringConstants.au3> #include <EditConstants.au3> #include <GuiEdit.au3> #include <GuiComboBox.au3> ;**********FOR FONTS ********** #include <FontConstants.au3> ;**********FOR GIF ANIMATION ********** #include <GIFAnimation.au3> ;**********FOR PROCESS ********** #include <Process.au3> #include <SendMessage.au3> #include <GDIPlus.au3> #include <WinAPIDiag.au3> Opt("GUIOnEventMode",1) Global Const $SC_DRAGMOVE = 0xF012 Global $hGUIAccountCreator Global $graphics_path = @ScriptDir & "\graphics" Global $fontSize_TextBody = 8.5, $fontName_TextBody = "", $fontWeight_TextBody = $FW_BOLD, $fontColor_TextBody = 0x5A2800 GUI_open_AccountCreator() Func GUI_open_AccountCreator() Global $hGUIAccountCreator = GUICreate("Tibia Account Creator - SubZero", 350, 400, -1, -1, $WS_POPUP, BitOR($WS_EX_LAYERED, $WS_EX_TOPMOST)) GUISetOnEvent($GUI_EVENT_CLOSE, "GUI_Close_AccountCreator") GUICtrlCreatePic($graphics_path & "\WindowAccountCreator.gif", 0, 0, 350, 400) GUICtrlSetState(-1, $GUI_DISABLE) ;********* GUI CONTROLS (LABELS,INPUTS,COMBOBOXES) ********************************************************************** GUICtrlCreateLabel(" Create New Account", 25,47,103,14,$SS_CENTERIMAGE) GUICtrlSetBkColor(-1, $GUI_BKCOLOR_TRANSPARENT) GUICtrlSetFont(-1,8,$fontWeight_TextBody,0,$fontName_TextBody,1) GUICtrlSetColor(-1,0xFFFFFF) GUICtrlCreateLabel("Account Name:",30,75,75,14) GUICtrlSetBkColor(-1, $GUI_BKCOLOR_TRANSPARENT) GUICtrlSetFont(-1,8,$fontWeight_TextBody,0,$fontName_TextBody,1) GUICtrlSetColor(-1,0x5A2800) Global $inptBox_Acc = GUICtrlCreateInput("",130,75,150,20) GUICtrlCreateLabel("Email Adress:",30,100,70,14) GUICtrlSetBkColor(-1, $GUI_BKCOLOR_TRANSPARENT) GUICtrlSetFont(-1,8,$fontWeight_TextBody,0,$fontName_TextBody,1) GUICtrlSetColor(-1,0x5A2800) Global $inptBox_Email = GUICtrlCreateInput("",130,100,150,20) GUICtrlCreateLabel("Password:",30,125,55,14) GUICtrlSetBkColor(-1, $GUI_BKCOLOR_TRANSPARENT) GUICtrlSetFont(-1,8,$fontWeight_TextBody,0,$fontName_TextBody,1) GUICtrlSetColor(-1,0x5A2800) Global $inptBox_Passwd = GUICtrlCreateInput("",130,125,150,20,$ES_PASSWORD) GUICtrlSetData($inptBox_Passwd, "") GUICtrlCreateLabel("Character Name:",30,170,83,14) GUICtrlSetBkColor(-1, $GUI_BKCOLOR_TRANSPARENT) GUICtrlSetFont(-1,8,$fontWeight_TextBody,0,$fontName_TextBody,1) GUICtrlSetColor(-1,0x5A2800) Global $inptBox_CharName = GUICtrlCreateInput("",130,170,150,20) GUICtrlCreateLabel("Sex:",30,195,23,14) GUICtrlSetBkColor(-1, $GUI_BKCOLOR_TRANSPARENT) GUICtrlSetFont(-1,$fontSize_TextBody,$fontWeight_TextBody,0,$fontName_TextBody,1) GUICtrlSetFont(-1,8,$fontWeight_TextBody,0,$fontName_TextBody,1) GUICtrlSetColor(-1,$fontColor_TextBody) Global $comboBox_sex = GUICtrlCreateCombo("",130,195,150,20,$CBS_DROPDOWNLIST) ;LoadSexIntoComboBox() GUICtrlCreateLabel("World Location:",30,240,77) GUICtrlSetBkColor(-1, $GUI_BKCOLOR_TRANSPARENT) GUICtrlSetFont(-1,$fontSize_TextBody,$fontWeight_TextBody,0,$fontName_TextBody,1) GUICtrlSetFont(-1,8,$fontWeight_TextBody,0,$fontName_TextBody,1) GUICtrlSetColor(-1,$fontColor_TextBody) Global $comboBox_world = GUICtrlCreateCombo("",130,240,150,20,BitOr($CBS_DROPDOWNLIST, $WS_VSCROLL)) ;LoadWorldsIntoComboBox() Global $label_status = GUICtrlCreateLabel("",20,360,200,30) GUICtrlSetBkColor(-1, $GUI_BKCOLOR_TRANSPARENT) ;********* GUI CONTROLS (LABELS,INPUTS,COMBOBOXES) ********************************************************************** ;********* CONTROL PICS ********************************************************************** Global $btn_randAccName = GUICtrlCreatePic($graphics_path & "\Die_Static.gif", 280, 75, 26, 26) GUICtrlSetTip($btn_randAccName, "Generate a random account name") GUICtrlSetCursor($btn_randAccName,0) ;GUICtrlSetOnEvent($btn_randAccName,"GenerateRandomAccName") GUICtrlSetOnEvent($btn_randAccName,"GUIChangeImage") Global $btn_x = GUICtrlCreatePic("", 315, 5, 40, 36) GUICtrlSetTip($btn_x, "Close") GUICtrlSetCursor($btn_x,0) GUICtrlSetOnEvent($btn_x,"GUI_Close_AccountCreator") Global $btn_donate = GUICtrlCreatePic("", 112, 313, 126, 47) GUICtrlSetTip($btn_donate, "Donate") GUICtrlSetCursor($btn_donate,0) ;GUICtrlSetOnEvent($btn_donate,"Donate") ;********* CONTROL PICS ********************************************************************** ;********* GDI+ DRAW ********************************************************************** _GDIPlus_Startup() Local $hImg = _GDIPlus_ImageLoadFromFile($graphics_path & "\X_Tic-Tac-Toe_Token.gif") Local $hHBMP = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hImg) _WinAPI_DeleteObject(GUICtrlSendMsg($btn_x, 0x0172, $IMAGE_BITMAP, $hHBMP)) _GDIPlus_ImageDispose($hImg) Local $hImg = _GDIPlus_ImageLoadFromFile($graphics_path & "\Die_Static.gif") Local $hHBMP = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hImg) _WinAPI_DeleteObject(GUICtrlSendMsg($btn_randAccName, 0x0172, $IMAGE_BITMAP, $hHBMP)) _GDIPlus_ImageDispose($hImg) Local $hImg = _GDIPlus_ImageLoadFromFile($graphics_path & "\btn_donateCC_LG.gif") Local $hHBMP = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hImg) _WinAPI_DeleteObject(GUICtrlSendMsg($btn_donate, 0x0172, $IMAGE_BITMAP, $hHBMP)) _GDIPlus_ImageDispose($hImg) _GDIPlus_Shutdown() ;********* GDI+ DRAW ********************************************************************** _WinAPI_SetLayeredWindowAttributes($hGUIAccountCreator, 0x26f50b) GUISetIcon(@ScriptDir & "\TibiaInfo.ico") GUISetState(@SW_SHOW, $hGUIAccountCreator) WinSetOnTop($hGUIAccountCreator,"",1) GUIRegisterMsg($WM_LBUTTONDOWN, "_WM_LBUTTONDOWN") EndFunc Func GUIChangeImage() _GDIPlus_Startup() GUICtrlDelete($btn_randAccName) Local $btn_randAccName = GUICtrlCreatePic("", 280, 75, 26, 26) Local $hImg = _GDIPlus_ImageLoadFromFile($graphics_path & "\Die_Frame2.gif") Local $hHBMP = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hImg) _WinAPI_DeleteObject(GUICtrlSendMsg($btn_randAccName, 0x0172, $IMAGE_BITMAP, $hHBMP)) _GDIPlus_ImageDispose($hImg) _WinAPI_SetLayeredWindowAttributes($hGUIAccountCreator, 0x26f50b) Sleep(100) GUICtrlDelete($btn_randAccName) Local $btn_randAccName = GUICtrlCreatePic("", 280, 75, 26, 26) Local $hImg = _GDIPlus_ImageLoadFromFile($graphics_path & "\Die_Frame3.gif") Local $hHBMP = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hImg) _WinAPI_DeleteObject(GUICtrlSendMsg($btn_randAccName, 0x0172, $IMAGE_BITMAP, $hHBMP)) _GDIPlus_ImageDispose($hImg) _WinAPI_SetLayeredWindowAttributes($hGUIAccountCreator, 0x26f50b) Sleep(100) GUICtrlDelete($btn_randAccName) Local $btn_randAccName = GUICtrlCreatePic("", 280, 75, 26, 26) Local $hImg = _GDIPlus_ImageLoadFromFile($graphics_path & "\Die_Frame4.gif") Local $hHBMP = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hImg) _WinAPI_DeleteObject(GUICtrlSendMsg($btn_randAccName, 0x0172, $IMAGE_BITMAP, $hHBMP)) _GDIPlus_ImageDispose($hImg) _WinAPI_SetLayeredWindowAttributes($hGUIAccountCreator, 0x26f50b) Sleep(100) GUICtrlDelete($btn_randAccName) Local $btn_randAccName = GUICtrlCreatePic("", 280, 75, 26, 26) Local $hImg = _GDIPlus_ImageLoadFromFile($graphics_path & "\Die_Frame5.gif") Local $hHBMP = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hImg) _WinAPI_DeleteObject(GUICtrlSendMsg($btn_randAccName, 0x0172, $IMAGE_BITMAP, $hHBMP)) _GDIPlus_ImageDispose($hImg) _WinAPI_SetLayeredWindowAttributes($hGUIAccountCreator, 0x26f50b) Sleep(100) GUICtrlDelete($btn_randAccName) Local $btn_randAccName = GUICtrlCreatePic("", 280, 75, 26, 26) GUICtrlSetCursor($btn_randAccName,0) GUICtrlSetOnEvent($btn_randAccName,"GUIChangeImage") Local $hImg = _GDIPlus_ImageLoadFromFile($graphics_path & "\Die_Static.gif") Local $hHBMP = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hImg) _WinAPI_DeleteObject(GUICtrlSendMsg($btn_randAccName, 0x0172, $IMAGE_BITMAP, $hHBMP)) _GDIPlus_ImageDispose($hImg) _WinAPI_SetLayeredWindowAttributes($hGUIAccountCreator, 0x26f50b) _GDIPlus_Shutdown() EndFunc Func GUI_Close_AccountCreator() Exit EndFunc Func _WM_LBUTTONDOWN($hWnd, $iMsg, $wParam, $lParam) _SendMessage($hGUIAccountCreator, $WM_SYSCOMMAND, $SC_DRAGMOVE, 0) EndFunc While 1 Sleep(10) WEnd  
      IMAGES:
       
       








    • ur
      By ur
      I am maintaining all the reusable code in a separate file as library.au3.
      In that file I have referenced some dependent files using fileinstall, so that they will be extracted when necessary.
       
      Problem is, if I use a function in the library.au3 in another script which doesn't require this dependent file, as I am including the whole file using include tag, it is embedding that file also.
      Is there any way to exclude that.
       
    • GAM
      By GAM
      Am trying to execute perl script from autoit script but its not running. Th command that I have given is...
      $rootDir = automation Run("cmd.exe /" & "C:\" & $rootDir & "\updatesource.pl") Can someone help please!