0
任何有關開始使用示例代碼的幫助信息,請參見C++/CLI Win32 debugger library for x86以監視進程異常。通過調試API監視進程異常
一些代碼,我做的是:
using System;
using DebugLibrary;
namespace DebugTeste01
{
class Program
{
static void Main(string[] args)
{
DebugUtil.DebugActiveProcess(4932);
DebugEvent de = new DebugEvent();
ThreadContext tc = new ThreadContext();
LDTEntry ldte = new LDTEntry();
do
{
debug_evt = DebugUtil.WaitForDebugEvent(0xffffffff);
de = (DebugEvent)debug_evt;
Process proc = Process.GetProcessById(de.processId);
object meminfo = DebugUtil.GetMemoryInfo(proc.Handle);
//...
object modinf = DebugUtil.GetModuleInfo(proc.Handle);
//...
switch (debug_evt.GetType().ToString())
{
case "DebugLibrary.DebugEvent_CreateProcess":
{
DebugEvent_CreateProcess decp = (DebugEvent_CreateProcess)debug_evt;
//some action, logging, etc.
}
break;
case "DebugLibrary.DebugEvent_LoadDll":
{
DebugEvent_LoadDll dect = (DebugEvent_LoadDll)debug_evt;
//some action, logging, etc.
}
break;
case "DebugLibrary.DebugEvent_CreateThread":
{
DebugEvent_CreateThread dect = (DebugEvent_CreateThread)debug_evt;
//some action, logging, etc.
}
break;
case "DebugLibrary.DebugEvent_ExitThread":
{
DebugEvent_ExitThread dect = (DebugEvent_ExitThread)debug_evt;
//some action, logging, etc.
}
break;
case "DebugLibrary.DebugEvent_Exception":
{
DebugEvent_Exception dect = (DebugEvent_Exception)debug_evt;
ExceptionRecord exbp = dect.exceptionRecord;
switch (exbp.GetType().ToString())
{
case "Breakpoint":
{
//some action, logging, etc.
exbp = null;
}
break;
case "AccessViolation":
{
//some action, logging, etc.
exbp = null;
}
break;
//more case
}
}
break;
default:
{
//some action, logging, etc.
debug_evt = null;
}
break;
}
try
{
DebugUtil.ContinueDebugEvent(de.processId, de.threadId, false);
}
catch
{
break;
}
}
while (true);
}
}
}
[編輯] 2012年3月14日
好文章:Using the Windows Debugging API
[編輯] 2012年3月14日
改進執行工作。
現在它有一個最終應用程序的初始骨架結構。
代碼的目的是展示如何使用API,但首先必須瞭解它的工作原理。 – lsalamon 2012-03-13 18:36:16