使用 MiniDump 获取句柄信息导致 ArgumentException
Getting handle information with MiniDump causes ArgumentException
我正在尝试获取有关某些进程句柄的小型转储信息。
我得到了一个 MINIDUMP_HANDLE_DESCRIPTOR_2 类型的句柄列表,我正在尝试读取有关我可以使用 ObjectInfoRva.
访问的句柄的信息
但是,我总是得到这个异常:
System.ArgumentException occurred HResult=-2147024809 Message=Not
enough space available in the buffer. Source=mscorlib
这就是我的方法
public unsafe DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION ReadInfo(uint rva)
{
try
{
DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION result = default(DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION);
byte* baseOfView = null;
_safeMemoryMappedViewHandle.AcquirePointer(ref baseOfView);
IntPtr position = new IntPtr(baseOfView + rva);
result = _safeMemoryMappedViewHandle.Read<DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION>((ulong)position);
return result;
}
finally
{
_safeMemoryMappedViewHandle.ReleasePointer();
}
}
MINIDUMP_HANDLE_DESCRIPTOR_2声明:
public struct MINIDUMP_HANDLE_DESCRIPTOR_2
{
public UInt64 Handle;
public uint TypeNameRva;
public uint ObjectNameRva;
public UInt32 Attributes;
public UInt32 GrantedAccess;
public UInt32 HandleCount;
public UInt32 PointerCount;
public uint ObjectInfoRva;
public UInt32 Reserved0;
}
_safeMemoryMappedViewHandle 已初始化 - 这就是我首先获得句柄列表的方式。
我做错了什么?
问题出在 baseOfView 指针上 - 我没有计算正确。我需要根据基本流地址设置相应的偏移量...
这是最终对我有用的 ReadInfo 函数的一个版本:
public unsafe DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION ReadInfo(uint rva, IntPtr streamPtr)
{
DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION result = new DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION();
try
{
byte* baseOfView = null;
_safeMemoryMappedViewHandle.AcquirePointer(ref baseOfView);
ulong offset = (ulong)streamPtr - (ulong)baseOfView;
result = _safeMemoryMappedViewHandle.Read<DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION>(offset);
}
finally
{
_safeMemoryMappedViewHandle.ReleasePointer();
}
return result;
}
我正在尝试获取有关某些进程句柄的小型转储信息。
我得到了一个 MINIDUMP_HANDLE_DESCRIPTOR_2 类型的句柄列表,我正在尝试读取有关我可以使用 ObjectInfoRva.
但是,我总是得到这个异常:
System.ArgumentException occurred HResult=-2147024809 Message=Not enough space available in the buffer. Source=mscorlib
这就是我的方法
public unsafe DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION ReadInfo(uint rva)
{
try
{
DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION result = default(DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION);
byte* baseOfView = null;
_safeMemoryMappedViewHandle.AcquirePointer(ref baseOfView);
IntPtr position = new IntPtr(baseOfView + rva);
result = _safeMemoryMappedViewHandle.Read<DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION>((ulong)position);
return result;
}
finally
{
_safeMemoryMappedViewHandle.ReleasePointer();
}
}
MINIDUMP_HANDLE_DESCRIPTOR_2声明:
public struct MINIDUMP_HANDLE_DESCRIPTOR_2
{
public UInt64 Handle;
public uint TypeNameRva;
public uint ObjectNameRva;
public UInt32 Attributes;
public UInt32 GrantedAccess;
public UInt32 HandleCount;
public UInt32 PointerCount;
public uint ObjectInfoRva;
public UInt32 Reserved0;
}
_safeMemoryMappedViewHandle 已初始化 - 这就是我首先获得句柄列表的方式。
我做错了什么?
问题出在 baseOfView 指针上 - 我没有计算正确。我需要根据基本流地址设置相应的偏移量...
这是最终对我有用的 ReadInfo 函数的一个版本:
public unsafe DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION ReadInfo(uint rva, IntPtr streamPtr)
{
DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION result = new DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION();
try
{
byte* baseOfView = null;
_safeMemoryMappedViewHandle.AcquirePointer(ref baseOfView);
ulong offset = (ulong)streamPtr - (ulong)baseOfView;
result = _safeMemoryMappedViewHandle.Read<DbgHelp.MINIDUMP_HANDLE_OBJECT_INFORMATION>(offset);
}
finally
{
_safeMemoryMappedViewHandle.ReleasePointer();
}
return result;
}