MiniDumpWriteDump another process












2















I'm trying to create a service with the goal of monitor the applications created by my company.



When the app gets the state of No responding, the service have to generate a a dump with MiniDumpWriteDump.



The problem is: when using HANDLE of another process, the MiniDumpWriteDump doesn't work. The .dmp file stays empty.



GetLastError returns 0xD0000008 (3489660936)



That function is to get HANDLE by pid:



void CDumpGenerator::FindAndSetHandle()
{
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;

EnableDebugPriv();

hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
return;

pe32.dwSize = sizeof(PROCESSENTRY32);

if (!Process32First(hProcessSnap, &pe32))
{
CloseHandle(hProcessSnap);

return;
}

do
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_DUP_HANDLE, FALSE, pe32.th32ProcessID);

if (hProcess != NULL)
CloseHandle(hProcess);

if (pe32.th32ProcessID == this->pid)
{
this->processHandle = hProcess;

break;
}
} while (Process32Next(hProcessSnap, &pe32));

CloseHandle(hProcessSnap);
}


EnableDebugPriv:



void EnableDebugPriv()
{
HANDLE hToken;
LUID luid;
TOKEN_PRIVILEGES tkp;

OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);

LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid);

tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = luid;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

AdjustTokenPrivileges(hToken, false, &tkp, sizeof(tkp), NULL, NULL);

CloseHandle(hToken);
}


And i'm calling MiniDumpWriteDump this way:



auto dumped = MiniDumpWriteDump(
this->processHandle,
this->pid,
hFile,
MINIDUMP_TYPE(MiniDumpNormal | MiniDumpWithThreadInfo | MiniDumpWithProcessThreadData | MiniDumpWithFullMemoryInfo),
nullptr,
&userStream,
nullptr);


When I change this->processHandle to GetCurrentProcess() works fine.



Handle being set:



enter image description here



Here is the GetLastError()



enter image description here










share|improve this question




















  • 1





    Improve the error reporting so we don't have to guess why "it didn't work". Call GetLastError() when it returns FALSE. Also run SysInternals' ProcDump utility to see if it has any better luck, that localizes the problem.

    – Hans Passant
    Nov 23 '18 at 12:51













  • @HansPassant The GetLastError returns me 0xD0000008. I didn't knew about ProcDump. I will see.

    – Kevin Kouketsu
    Nov 23 '18 at 12:56











  • That's obscure, but looks a lot like an "invalid handle" error. It is notable that FindAndSetHandle() can't tell you that it failed to find the process, that's not good. Could be the hFile as well.

    – Hans Passant
    Nov 23 '18 at 13:18











  • @HansPassant I change to GetCurrentProcess works and all dump is wrote so I think it's not CreateFileA. When I was debugging line by line on FindAndSetHandle I see the processHandle being setted.

    – Kevin Kouketsu
    Nov 23 '18 at 13:22











  • Another bug in FindAndSetHandle() is that it generates a bad handle value when OpenProcess() failed. Do take care of the basics, cuts down on the guessing.

    – Hans Passant
    Nov 23 '18 at 13:44
















2















I'm trying to create a service with the goal of monitor the applications created by my company.



When the app gets the state of No responding, the service have to generate a a dump with MiniDumpWriteDump.



The problem is: when using HANDLE of another process, the MiniDumpWriteDump doesn't work. The .dmp file stays empty.



GetLastError returns 0xD0000008 (3489660936)



That function is to get HANDLE by pid:



void CDumpGenerator::FindAndSetHandle()
{
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;

EnableDebugPriv();

hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
return;

pe32.dwSize = sizeof(PROCESSENTRY32);

if (!Process32First(hProcessSnap, &pe32))
{
CloseHandle(hProcessSnap);

return;
}

do
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_DUP_HANDLE, FALSE, pe32.th32ProcessID);

if (hProcess != NULL)
CloseHandle(hProcess);

if (pe32.th32ProcessID == this->pid)
{
this->processHandle = hProcess;

break;
}
} while (Process32Next(hProcessSnap, &pe32));

CloseHandle(hProcessSnap);
}


EnableDebugPriv:



void EnableDebugPriv()
{
HANDLE hToken;
LUID luid;
TOKEN_PRIVILEGES tkp;

OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);

LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid);

tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = luid;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

AdjustTokenPrivileges(hToken, false, &tkp, sizeof(tkp), NULL, NULL);

CloseHandle(hToken);
}


And i'm calling MiniDumpWriteDump this way:



auto dumped = MiniDumpWriteDump(
this->processHandle,
this->pid,
hFile,
MINIDUMP_TYPE(MiniDumpNormal | MiniDumpWithThreadInfo | MiniDumpWithProcessThreadData | MiniDumpWithFullMemoryInfo),
nullptr,
&userStream,
nullptr);


When I change this->processHandle to GetCurrentProcess() works fine.



Handle being set:



enter image description here



Here is the GetLastError()



enter image description here










share|improve this question




















  • 1





    Improve the error reporting so we don't have to guess why "it didn't work". Call GetLastError() when it returns FALSE. Also run SysInternals' ProcDump utility to see if it has any better luck, that localizes the problem.

    – Hans Passant
    Nov 23 '18 at 12:51













  • @HansPassant The GetLastError returns me 0xD0000008. I didn't knew about ProcDump. I will see.

    – Kevin Kouketsu
    Nov 23 '18 at 12:56











  • That's obscure, but looks a lot like an "invalid handle" error. It is notable that FindAndSetHandle() can't tell you that it failed to find the process, that's not good. Could be the hFile as well.

    – Hans Passant
    Nov 23 '18 at 13:18











  • @HansPassant I change to GetCurrentProcess works and all dump is wrote so I think it's not CreateFileA. When I was debugging line by line on FindAndSetHandle I see the processHandle being setted.

    – Kevin Kouketsu
    Nov 23 '18 at 13:22











  • Another bug in FindAndSetHandle() is that it generates a bad handle value when OpenProcess() failed. Do take care of the basics, cuts down on the guessing.

    – Hans Passant
    Nov 23 '18 at 13:44














2












2








2








I'm trying to create a service with the goal of monitor the applications created by my company.



When the app gets the state of No responding, the service have to generate a a dump with MiniDumpWriteDump.



The problem is: when using HANDLE of another process, the MiniDumpWriteDump doesn't work. The .dmp file stays empty.



GetLastError returns 0xD0000008 (3489660936)



That function is to get HANDLE by pid:



void CDumpGenerator::FindAndSetHandle()
{
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;

EnableDebugPriv();

hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
return;

pe32.dwSize = sizeof(PROCESSENTRY32);

if (!Process32First(hProcessSnap, &pe32))
{
CloseHandle(hProcessSnap);

return;
}

do
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_DUP_HANDLE, FALSE, pe32.th32ProcessID);

if (hProcess != NULL)
CloseHandle(hProcess);

if (pe32.th32ProcessID == this->pid)
{
this->processHandle = hProcess;

break;
}
} while (Process32Next(hProcessSnap, &pe32));

CloseHandle(hProcessSnap);
}


EnableDebugPriv:



void EnableDebugPriv()
{
HANDLE hToken;
LUID luid;
TOKEN_PRIVILEGES tkp;

OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);

LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid);

tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = luid;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

AdjustTokenPrivileges(hToken, false, &tkp, sizeof(tkp), NULL, NULL);

CloseHandle(hToken);
}


And i'm calling MiniDumpWriteDump this way:



auto dumped = MiniDumpWriteDump(
this->processHandle,
this->pid,
hFile,
MINIDUMP_TYPE(MiniDumpNormal | MiniDumpWithThreadInfo | MiniDumpWithProcessThreadData | MiniDumpWithFullMemoryInfo),
nullptr,
&userStream,
nullptr);


When I change this->processHandle to GetCurrentProcess() works fine.



Handle being set:



enter image description here



Here is the GetLastError()



enter image description here










share|improve this question
















I'm trying to create a service with the goal of monitor the applications created by my company.



When the app gets the state of No responding, the service have to generate a a dump with MiniDumpWriteDump.



The problem is: when using HANDLE of another process, the MiniDumpWriteDump doesn't work. The .dmp file stays empty.



GetLastError returns 0xD0000008 (3489660936)



That function is to get HANDLE by pid:



void CDumpGenerator::FindAndSetHandle()
{
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;

EnableDebugPriv();

hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
return;

pe32.dwSize = sizeof(PROCESSENTRY32);

if (!Process32First(hProcessSnap, &pe32))
{
CloseHandle(hProcessSnap);

return;
}

do
{
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_DUP_HANDLE, FALSE, pe32.th32ProcessID);

if (hProcess != NULL)
CloseHandle(hProcess);

if (pe32.th32ProcessID == this->pid)
{
this->processHandle = hProcess;

break;
}
} while (Process32Next(hProcessSnap, &pe32));

CloseHandle(hProcessSnap);
}


EnableDebugPriv:



void EnableDebugPriv()
{
HANDLE hToken;
LUID luid;
TOKEN_PRIVILEGES tkp;

OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);

LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid);

tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = luid;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

AdjustTokenPrivileges(hToken, false, &tkp, sizeof(tkp), NULL, NULL);

CloseHandle(hToken);
}


And i'm calling MiniDumpWriteDump this way:



auto dumped = MiniDumpWriteDump(
this->processHandle,
this->pid,
hFile,
MINIDUMP_TYPE(MiniDumpNormal | MiniDumpWithThreadInfo | MiniDumpWithProcessThreadData | MiniDumpWithFullMemoryInfo),
nullptr,
&userStream,
nullptr);


When I change this->processHandle to GetCurrentProcess() works fine.



Handle being set:



enter image description here



Here is the GetLastError()



enter image description here







c dump minidumpwritedump






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 23 '18 at 13:26







Kevin Kouketsu

















asked Nov 23 '18 at 12:45









Kevin KouketsuKevin Kouketsu

362213




362213








  • 1





    Improve the error reporting so we don't have to guess why "it didn't work". Call GetLastError() when it returns FALSE. Also run SysInternals' ProcDump utility to see if it has any better luck, that localizes the problem.

    – Hans Passant
    Nov 23 '18 at 12:51













  • @HansPassant The GetLastError returns me 0xD0000008. I didn't knew about ProcDump. I will see.

    – Kevin Kouketsu
    Nov 23 '18 at 12:56











  • That's obscure, but looks a lot like an "invalid handle" error. It is notable that FindAndSetHandle() can't tell you that it failed to find the process, that's not good. Could be the hFile as well.

    – Hans Passant
    Nov 23 '18 at 13:18











  • @HansPassant I change to GetCurrentProcess works and all dump is wrote so I think it's not CreateFileA. When I was debugging line by line on FindAndSetHandle I see the processHandle being setted.

    – Kevin Kouketsu
    Nov 23 '18 at 13:22











  • Another bug in FindAndSetHandle() is that it generates a bad handle value when OpenProcess() failed. Do take care of the basics, cuts down on the guessing.

    – Hans Passant
    Nov 23 '18 at 13:44














  • 1





    Improve the error reporting so we don't have to guess why "it didn't work". Call GetLastError() when it returns FALSE. Also run SysInternals' ProcDump utility to see if it has any better luck, that localizes the problem.

    – Hans Passant
    Nov 23 '18 at 12:51













  • @HansPassant The GetLastError returns me 0xD0000008. I didn't knew about ProcDump. I will see.

    – Kevin Kouketsu
    Nov 23 '18 at 12:56











  • That's obscure, but looks a lot like an "invalid handle" error. It is notable that FindAndSetHandle() can't tell you that it failed to find the process, that's not good. Could be the hFile as well.

    – Hans Passant
    Nov 23 '18 at 13:18











  • @HansPassant I change to GetCurrentProcess works and all dump is wrote so I think it's not CreateFileA. When I was debugging line by line on FindAndSetHandle I see the processHandle being setted.

    – Kevin Kouketsu
    Nov 23 '18 at 13:22











  • Another bug in FindAndSetHandle() is that it generates a bad handle value when OpenProcess() failed. Do take care of the basics, cuts down on the guessing.

    – Hans Passant
    Nov 23 '18 at 13:44








1




1





Improve the error reporting so we don't have to guess why "it didn't work". Call GetLastError() when it returns FALSE. Also run SysInternals' ProcDump utility to see if it has any better luck, that localizes the problem.

– Hans Passant
Nov 23 '18 at 12:51







Improve the error reporting so we don't have to guess why "it didn't work". Call GetLastError() when it returns FALSE. Also run SysInternals' ProcDump utility to see if it has any better luck, that localizes the problem.

– Hans Passant
Nov 23 '18 at 12:51















@HansPassant The GetLastError returns me 0xD0000008. I didn't knew about ProcDump. I will see.

– Kevin Kouketsu
Nov 23 '18 at 12:56





@HansPassant The GetLastError returns me 0xD0000008. I didn't knew about ProcDump. I will see.

– Kevin Kouketsu
Nov 23 '18 at 12:56













That's obscure, but looks a lot like an "invalid handle" error. It is notable that FindAndSetHandle() can't tell you that it failed to find the process, that's not good. Could be the hFile as well.

– Hans Passant
Nov 23 '18 at 13:18





That's obscure, but looks a lot like an "invalid handle" error. It is notable that FindAndSetHandle() can't tell you that it failed to find the process, that's not good. Could be the hFile as well.

– Hans Passant
Nov 23 '18 at 13:18













@HansPassant I change to GetCurrentProcess works and all dump is wrote so I think it's not CreateFileA. When I was debugging line by line on FindAndSetHandle I see the processHandle being setted.

– Kevin Kouketsu
Nov 23 '18 at 13:22





@HansPassant I change to GetCurrentProcess works and all dump is wrote so I think it's not CreateFileA. When I was debugging line by line on FindAndSetHandle I see the processHandle being setted.

– Kevin Kouketsu
Nov 23 '18 at 13:22













Another bug in FindAndSetHandle() is that it generates a bad handle value when OpenProcess() failed. Do take care of the basics, cuts down on the guessing.

– Hans Passant
Nov 23 '18 at 13:44





Another bug in FindAndSetHandle() is that it generates a bad handle value when OpenProcess() failed. Do take care of the basics, cuts down on the guessing.

– Hans Passant
Nov 23 '18 at 13:44












1 Answer
1






active

oldest

votes


















1














I just solved the problem removing this part



hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_DUP_HANDLE, FALSE, pe32.th32ProcessID);

// This close handle
if (hProcess != NULL)
CloseHandle(hProcess);


It's a simple thing that went unseen. So we need close handle on other part of code like destructor or anything else.






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53446982%2fminidumpwritedump-another-process%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    I just solved the problem removing this part



    hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_DUP_HANDLE, FALSE, pe32.th32ProcessID);

    // This close handle
    if (hProcess != NULL)
    CloseHandle(hProcess);


    It's a simple thing that went unseen. So we need close handle on other part of code like destructor or anything else.






    share|improve this answer




























      1














      I just solved the problem removing this part



      hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_DUP_HANDLE, FALSE, pe32.th32ProcessID);

      // This close handle
      if (hProcess != NULL)
      CloseHandle(hProcess);


      It's a simple thing that went unseen. So we need close handle on other part of code like destructor or anything else.






      share|improve this answer


























        1












        1








        1







        I just solved the problem removing this part



        hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_DUP_HANDLE, FALSE, pe32.th32ProcessID);

        // This close handle
        if (hProcess != NULL)
        CloseHandle(hProcess);


        It's a simple thing that went unseen. So we need close handle on other part of code like destructor or anything else.






        share|improve this answer













        I just solved the problem removing this part



        hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_DUP_HANDLE, FALSE, pe32.th32ProcessID);

        // This close handle
        if (hProcess != NULL)
        CloseHandle(hProcess);


        It's a simple thing that went unseen. So we need close handle on other part of code like destructor or anything else.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 27 '18 at 11:35









        Kevin KouketsuKevin Kouketsu

        362213




        362213






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53446982%2fminidumpwritedump-another-process%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            404 Error Contact Form 7 ajax form submitting

            How to know if a Active Directory user can login interactively

            Refactoring coordinates for Minecraft Pi buildings written in Python