NTSTATUS PhpProcessMiniDumpThreadStart(
__in PVOID Parameter
)
{
PPROCESS_MINIDUMP_CONTEXT context = Parameter;
MINIDUMP_CALLBACK_INFORMATION callbackInfo;
callbackInfo.CallbackRoutine = PhpProcessMiniDumpCallback;
callbackInfo.CallbackParam = context;
if (PhWriteMiniDumpProcess(
context->ProcessHandle,
context->ProcessId,
context->FileHandle,
context->DumpType,
NULL,
NULL,
&callbackInfo
))
{
context->Succeeded = TRUE;
}
else
{
// We may have an old version of dbghelp - in that case, try
// using minimal dump flags.
if (GetLastError() == HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER) && PhWriteMiniDumpProcess(
context->ProcessHandle,
context->ProcessId,
context->FileHandle,
MiniDumpWithFullMemory | MiniDumpWithHandleData,
NULL,
NULL,
&callbackInfo
))
{
context->Succeeded = TRUE;
}
else
{
SendMessage(
context->WindowHandle,
WM_PH_MINIDUMP_STATUS_UPDATE,
PH_MINIDUMP_ERROR,
(LPARAM)GetLastError()
);
}
}
SendMessage(
context->WindowHandle,
WM_PH_MINIDUMP_STATUS_UPDATE,
PH_MINIDUMP_COMPLETED,
0
);
return STATUS_SUCCESS;
}
NTSTATUS PhpProcessMiniDumpThreadStart(
_In_ PVOID Parameter
)
{
PPROCESS_MINIDUMP_CONTEXT context = Parameter;
MINIDUMP_CALLBACK_INFORMATION callbackInfo;
callbackInfo.CallbackRoutine = PhpProcessMiniDumpCallback;
callbackInfo.CallbackParam = context;
#ifdef _WIN64
if (context->IsWow64)
{
if (PhUiConnectToPhSvcEx(NULL, Wow64PhSvcMode, FALSE))
{
NTSTATUS status;
if (NT_SUCCESS(status = PhSvcCallWriteMiniDumpProcess(
context->ProcessHandle,
context->ProcessId,
context->FileHandle,
context->DumpType
)))
{
context->Succeeded = TRUE;
}
else
{
SendMessage(
context->WindowHandle,
WM_PH_MINIDUMP_STATUS_UPDATE,
PH_MINIDUMP_ERROR,
(LPARAM)PhNtStatusToDosError(status)
);
}
PhUiDisconnectFromPhSvc();
goto Completed;
}
else
{
if (PhShowMessage2(
context->WindowHandle,
TDCBF_YES_BUTTON | TDCBF_NO_BUTTON,
TD_WARNING_ICON,
L"The 32-bit version of Process Hacker could not be located.",
L"A 64-bit dump will be created instead. Do you want to continue?"
) == IDNO)
{
PhDeleteFile(context->FileHandle);
goto Completed;
}
}
}
#endif
if (PhWriteMiniDumpProcess(
context->ProcessHandle,
context->ProcessId,
context->FileHandle,
context->DumpType,
NULL,
NULL,
&callbackInfo
))
{
context->Succeeded = TRUE;
}
else
{
SendMessage(
context->WindowHandle,
WM_PH_MINIDUMP_STATUS_UPDATE,
PH_MINIDUMP_ERROR,
(LPARAM)GetLastError()
);
}
#ifdef _WIN64
Completed:
#endif
SendMessage(
context->WindowHandle,
WM_PH_MINIDUMP_STATUS_UPDATE,
PH_MINIDUMP_COMPLETED,
0
);
return STATUS_SUCCESS;
}
NTSTATUS PhpProcessMiniDumpThreadStart(
_In_ PVOID Parameter
)
{
PPROCESS_MINIDUMP_CONTEXT context = Parameter;
MINIDUMP_CALLBACK_INFORMATION callbackInfo;
callbackInfo.CallbackRoutine = PhpProcessMiniDumpCallback;
callbackInfo.CallbackParam = context;
#ifdef _WIN64
if (context->IsWow64)
{
if (PhUiConnectToPhSvcEx(NULL, Wow64PhSvcMode, FALSE))
{
NTSTATUS status;
PPH_STRING dbgHelpPath;
dbgHelpPath = PhGetStringSetting(L"DbgHelpPath");
PhSvcCallLoadDbgHelp(dbgHelpPath->Buffer);
PhDereferenceObject(dbgHelpPath);
if (NT_SUCCESS(status = PhSvcCallWriteMiniDumpProcess(
context->ProcessHandle,
context->ProcessId,
context->FileHandle,
context->DumpType
)))
{
context->Succeeded = TRUE;
}
else
{
// We may have an old version of dbghelp - in that case, try using minimal dump flags.
if (status == STATUS_INVALID_PARAMETER && NT_SUCCESS(status = PhSvcCallWriteMiniDumpProcess(
context->ProcessHandle,
context->ProcessId,
context->FileHandle,
MiniDumpWithFullMemory | MiniDumpWithHandleData
)))
{
context->Succeeded = TRUE;
}
else
{
SendMessage(
context->WindowHandle,
WM_PH_MINIDUMP_STATUS_UPDATE,
PH_MINIDUMP_ERROR,
(LPARAM)PhNtStatusToDosError(status)
);
}
}
PhUiDisconnectFromPhSvc();
goto Completed;
}
else
{
if (PhShowMessage(
context->WindowHandle,
MB_YESNO | MB_ICONWARNING,
L"The process is 32-bit, but the 32-bit version of Process Hacker could not be located. "
L"A 64-bit dump will be created instead. Do you want to continue?"
) == IDNO)
{
FILE_DISPOSITION_INFORMATION dispositionInfo;
IO_STATUS_BLOCK isb;
dispositionInfo.DeleteFile = TRUE;
NtSetInformationFile(
context->FileHandle,
&isb,
&dispositionInfo,
sizeof(FILE_DISPOSITION_INFORMATION),
FileDispositionInformation
);
goto Completed;
}
}
}
#endif
if (PhWriteMiniDumpProcess(
context->ProcessHandle,
context->ProcessId,
context->FileHandle,
context->DumpType,
NULL,
NULL,
&callbackInfo
))
{
context->Succeeded = TRUE;
}
else
{
// We may have an old version of dbghelp - in that case, try using minimal dump flags.
if (GetLastError() == HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER) && PhWriteMiniDumpProcess(
context->ProcessHandle,
context->ProcessId,
context->FileHandle,
MiniDumpWithFullMemory | MiniDumpWithHandleData,
NULL,
NULL,
&callbackInfo
))
{
context->Succeeded = TRUE;
}
else
{
SendMessage(
context->WindowHandle,
WM_PH_MINIDUMP_STATUS_UPDATE,
PH_MINIDUMP_ERROR,
(LPARAM)GetLastError()
);
}
}
#ifdef _WIN64
Completed:
#endif
SendMessage(
context->WindowHandle,
WM_PH_MINIDUMP_STATUS_UPDATE,
PH_MINIDUMP_COMPLETED,
0
);
return STATUS_SUCCESS;
}
