NTSTATUS PhpProcessMiniDumpThreadStart( __in PVOID Parameter ) { PPROCESS_MINIDUMP_CONTEXT context = Parameter; MINIDUMP_CALLBACK_INFORMATION callbackInfo; callbackInfo.CallbackRoutine = PhpProcessMiniDumpCallback; callbackInfo.CallbackParam = context; if (PhWriteMiniDumpProcess( context->ProcessHandle, context->ProcessId, context->FileHandle, context->DumpType, NULL, NULL, &callbackInfo )) { context->Succeeded = TRUE; } else { // We may have an old version of dbghelp - in that case, try // using minimal dump flags. if (GetLastError() == HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER) && PhWriteMiniDumpProcess( context->ProcessHandle, context->ProcessId, context->FileHandle, MiniDumpWithFullMemory | MiniDumpWithHandleData, NULL, NULL, &callbackInfo )) { context->Succeeded = TRUE; } else { SendMessage( context->WindowHandle, WM_PH_MINIDUMP_STATUS_UPDATE, PH_MINIDUMP_ERROR, (LPARAM)GetLastError() ); } } SendMessage( context->WindowHandle, WM_PH_MINIDUMP_STATUS_UPDATE, PH_MINIDUMP_COMPLETED, 0 ); return STATUS_SUCCESS; }
NTSTATUS PhpProcessMiniDumpThreadStart( _In_ PVOID Parameter ) { PPROCESS_MINIDUMP_CONTEXT context = Parameter; MINIDUMP_CALLBACK_INFORMATION callbackInfo; callbackInfo.CallbackRoutine = PhpProcessMiniDumpCallback; callbackInfo.CallbackParam = context; #ifdef _WIN64 if (context->IsWow64) { if (PhUiConnectToPhSvcEx(NULL, Wow64PhSvcMode, FALSE)) { NTSTATUS status; if (NT_SUCCESS(status = PhSvcCallWriteMiniDumpProcess( context->ProcessHandle, context->ProcessId, context->FileHandle, context->DumpType ))) { context->Succeeded = TRUE; } else { SendMessage( context->WindowHandle, WM_PH_MINIDUMP_STATUS_UPDATE, PH_MINIDUMP_ERROR, (LPARAM)PhNtStatusToDosError(status) ); } PhUiDisconnectFromPhSvc(); goto Completed; } else { if (PhShowMessage2( context->WindowHandle, TDCBF_YES_BUTTON | TDCBF_NO_BUTTON, TD_WARNING_ICON, L"The 32-bit version of Process Hacker could not be located.", L"A 64-bit dump will be created instead. Do you want to continue?" ) == IDNO) { PhDeleteFile(context->FileHandle); goto Completed; } } } #endif if (PhWriteMiniDumpProcess( context->ProcessHandle, context->ProcessId, context->FileHandle, context->DumpType, NULL, NULL, &callbackInfo )) { context->Succeeded = TRUE; } else { SendMessage( context->WindowHandle, WM_PH_MINIDUMP_STATUS_UPDATE, PH_MINIDUMP_ERROR, (LPARAM)GetLastError() ); } #ifdef _WIN64 Completed: #endif SendMessage( context->WindowHandle, WM_PH_MINIDUMP_STATUS_UPDATE, PH_MINIDUMP_COMPLETED, 0 ); return STATUS_SUCCESS; }
NTSTATUS PhpProcessMiniDumpThreadStart( _In_ PVOID Parameter ) { PPROCESS_MINIDUMP_CONTEXT context = Parameter; MINIDUMP_CALLBACK_INFORMATION callbackInfo; callbackInfo.CallbackRoutine = PhpProcessMiniDumpCallback; callbackInfo.CallbackParam = context; #ifdef _WIN64 if (context->IsWow64) { if (PhUiConnectToPhSvcEx(NULL, Wow64PhSvcMode, FALSE)) { NTSTATUS status; PPH_STRING dbgHelpPath; dbgHelpPath = PhGetStringSetting(L"DbgHelpPath"); PhSvcCallLoadDbgHelp(dbgHelpPath->Buffer); PhDereferenceObject(dbgHelpPath); if (NT_SUCCESS(status = PhSvcCallWriteMiniDumpProcess( context->ProcessHandle, context->ProcessId, context->FileHandle, context->DumpType ))) { context->Succeeded = TRUE; } else { // We may have an old version of dbghelp - in that case, try using minimal dump flags. if (status == STATUS_INVALID_PARAMETER && NT_SUCCESS(status = PhSvcCallWriteMiniDumpProcess( context->ProcessHandle, context->ProcessId, context->FileHandle, MiniDumpWithFullMemory | MiniDumpWithHandleData ))) { context->Succeeded = TRUE; } else { SendMessage( context->WindowHandle, WM_PH_MINIDUMP_STATUS_UPDATE, PH_MINIDUMP_ERROR, (LPARAM)PhNtStatusToDosError(status) ); } } PhUiDisconnectFromPhSvc(); goto Completed; } else { if (PhShowMessage( context->WindowHandle, MB_YESNO | MB_ICONWARNING, L"The process is 32-bit, but the 32-bit version of Process Hacker could not be located. " L"A 64-bit dump will be created instead. Do you want to continue?" ) == IDNO) { FILE_DISPOSITION_INFORMATION dispositionInfo; IO_STATUS_BLOCK isb; dispositionInfo.DeleteFile = TRUE; NtSetInformationFile( context->FileHandle, &isb, &dispositionInfo, sizeof(FILE_DISPOSITION_INFORMATION), FileDispositionInformation ); goto Completed; } } } #endif if (PhWriteMiniDumpProcess( context->ProcessHandle, context->ProcessId, context->FileHandle, context->DumpType, NULL, NULL, &callbackInfo )) { context->Succeeded = TRUE; } else { // We may have an old version of dbghelp - in that case, try using minimal dump flags. if (GetLastError() == HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER) && PhWriteMiniDumpProcess( context->ProcessHandle, context->ProcessId, context->FileHandle, MiniDumpWithFullMemory | MiniDumpWithHandleData, NULL, NULL, &callbackInfo )) { context->Succeeded = TRUE; } else { SendMessage( context->WindowHandle, WM_PH_MINIDUMP_STATUS_UPDATE, PH_MINIDUMP_ERROR, (LPARAM)GetLastError() ); } } #ifdef _WIN64 Completed: #endif SendMessage( context->WindowHandle, WM_PH_MINIDUMP_STATUS_UPDATE, PH_MINIDUMP_COMPLETED, 0 ); return STATUS_SUCCESS; }