更新时间:2022-05-17 02:27:25
的唯一安全的方法来做到这一点是造成蓝屏,并有Windows获得转储本身。造成蓝屏发生过 KeBugCheckEx
内核功能,你需要一个定制的设备驱动程序以编程方式调用它。或者你也可以使用 CrashOnCtrlScroll
注册表伎俩和触发它自己。
The only safe way to do it is to cause a bluescreen and have Windows get the dump itself. Causing a bluescreen happens through KeBugCheckEx
kernel function and you need a custom-built device driver to call it programmatically. Or you can use CrashOnCtrlScroll
registry trick and trigger it yourself.
或者你也可以使用两台电脑连接的内核调试器系统,并触发使用的 .crash
的调试器命令。
Or you can connect a kernel debugger to the system using two computers and trigger a memory dump using .crash
debugger command.
有像LiveKD方法Sysinternals公司做局部检查内核在同一台计算机上,但他们不是准确,因为内存不断变化。这是不可能使用这些方法来获得一个健康的转储。
There are methods like LiveKD from SysInternals to do partial kernel inspection on the same computer but they are not "accurate" because memory changes continuously. It's impossible to get a healthy dump using those methods.
做所有这些使用C#是没有意义的。
Doing all these using C# is, pointless.