阅读:1566回复:5
关于dump内存的请教
各位大侠,最近想做一个当系统bug check 或 page fault的时候把想要的堆栈,寄存器等信息dump出来的驱动。我看msdn上介绍了一个函数,就是注册一个bug check callback routine ,有没有那位大侠做过类似的东西,来指点一下。我的邮箱:xx_qiang@163.com
|
|
沙发#
发布于:2004-12-27 20:51
KeRegisterBugCheckCallback
The KeRegisterBugCheckCallback routine registers a BugCheckCallback routine, which executes when the system issues a bug check. BOOLEAN KeRegisterBugCheckCallback( IN PKBUGCHECK_CALLBACK_RECORD CallbackRecord, IN PKBUGCHECK_CALLBACK_ROUTINE CallbackRoutine, IN PVOID Buffer, IN ULONG Length, IN PUCHAR Component ); Parameters CallbackRecord Pointer to a callback record that was previously initialized by KeInitializeCallbackRecord, for which the caller provides nonpaged storage. CallbackRoutine Pointer to the driver-supplied BugCheckCallback routine. Buffer Pointer to a caller-supplied buffer, which must be in resident memory, such as nonpaged pool. Length Specifies the size in bytes of the caller-allocated buffer. Component Pointer to a zero-terminated ANSI string that identifies the caller. This string usually contains the name of the device driver, or possibly of its device. Return Value KeRegisterBugCheckCallback returns TRUE if the caller-supplied routine is successfully added to the set of registered bug-check callbacks. Headers Declared in ntddk.h. Include ntddk.h. Comments The KeRegisterBugCheckCallback routine registers a BugCheckCallback routine, the simplest kind of bug-check callback routine. To register other kinds of bug-check callbacks, such as BugCheckDumpIoCallback and BugCheckSecondaryDumpDataCallback routines, see KeRegisterBugCheckReasonCallback. The BugCheckCallback routine is executed when the system issues a bug check. A driver can use the routine to reset the device to a known state. For more information, see BugCheckCallback. Drivers can use the KeDeregisterBugCheckCallback routine to remove the callback. Any driver that can be unloaded must remove all of its callbacks in its Unload routine. The given Component string is used to identify the driver during crash-dump debugging. To display the crash dump data corresponding to any specified Component string, you can use the !bugdump debugger extension. It is also possible to debug the bug check callback routine itself. For information about debuggers and debugger extensions, see Debugging Tools for NT-Based Operating Systems. Callers of KeRegisterBugCheckCallback can be running at any IRQL. |
|
|
板凳#
发布于:2004-12-27 21:30
DDK有个dump内存的例子你可以看看
|
|
|
地板#
发布于:2004-12-27 21:49
叫viewcmd
我没具体没看过 |
|
|
地下室#
发布于:2004-12-27 22:10
在debugging目录里面,自己看看吧
|
|
|
5楼#
发布于:2004-12-28 17:20
谢谢各位大侠,真是感激。
|
|