Whether this is possible I don't know, but it would mighty useful!
这是否可能我不知道,但它会非常有用!
I have a process that fails periodically (running in Windows 2000). I then have just one chance to react to it before having to restart it and painfully wait for it to fail again. I didn't write the process so don't have the source to debug. The failure is seemingly random.
我有一个定期失败的进程(在Windows 2000中运行)。然后我只有一次机会对它做出反应,然后再重新启动它并痛苦地等待它再次失败。我没有写过程,所以没有调试源。失败似乎是随机的。
With a snapshot of the process I could repeatedly and quickly test reactions to the failure.
通过该过程的快照,我可以反复并快速测试对失败的反应。
I had thought of running inside a VM but this isn't possible in this instance.
我曾想过在VM内部运行,但在这种情况下这是不可能的。
EDIT: @Jon Cage asked:
编辑:@Jon Cage问:
When you say a snapshot, you mean capturing a process when it's about to fail (including memory, program state etc. etc.) ...and then replaying it's final few seconds repeatedly to see what effect it has on some other component?
当你说快照时,你的意思是捕获一个即将失败的进程(包括内存,程序状态等等)......然后重复最后几秒重复它以查看它对其他组件有什么影响?
This is exactly what I mean!
这正是我的意思!
3 个解决方案
#1
1
I think minidump is what you are looking for.
我认为minidump就是你要找的东西。
You can also used Userdump:
您也可以使用Userdump:
The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated dump file can be analyzed or debugged by using the standard debugging tools.
用户模式进程转储程序(userdump)即时转储任何正在运行的Win32进程内存映像(包括系统进程,如csrss.exe,winlogon.exe,services.exe等),而无需附加调试程序或终止目标进程。可以使用标准调试工具分析或调试生成的转储文件。
This article shows you how to use it.
本文介绍如何使用它。
#2
0
My best bet is to start the process in a debugger (OllyDbg being my preferred tool). The process will pause on an exception, and you can try to figure out what happened shortly before that.
我最好的办法是在调试器中启动该过程(OllyDbg是我的首选工具)。该过程将暂停异常,您可以尝试弄清楚之前不久发生的事情。
This needs some understanding of assembler and does not allow to create a snapshot of the process for later analysis. You would need to write your own debugger for that - it should be theoretically possible.
这需要对汇编程序有所了解,并且不允许创建进程的快照以供以后分析。您需要为此编写自己的调试器 - 理论上应该是可行的。
#3
0
What are you trying to capture? UDP/TCP messages? Some inter-process communication?
你想要捕捉什么? UDP / TCP消息?一些进程间通信?
The reason I ask is that it is probably easier to capture what the software is outputting (rather than the process itself) and then writing a new process to simulate those same interactions? I've being doing just that with a small python script in some of my current projects...
我问的原因是它可能更容易捕获软件输出的内容(而不是过程本身),然后编写一个新的过程来模拟这些相同的交互?在我目前的一些项目中,我正在用一个小的python脚本做这个...
#1
1
I think minidump is what you are looking for.
我认为minidump就是你要找的东西。
You can also used Userdump:
您也可以使用Userdump:
The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated dump file can be analyzed or debugged by using the standard debugging tools.
用户模式进程转储程序(userdump)即时转储任何正在运行的Win32进程内存映像(包括系统进程,如csrss.exe,winlogon.exe,services.exe等),而无需附加调试程序或终止目标进程。可以使用标准调试工具分析或调试生成的转储文件。
This article shows you how to use it.
本文介绍如何使用它。
#2
0
My best bet is to start the process in a debugger (OllyDbg being my preferred tool). The process will pause on an exception, and you can try to figure out what happened shortly before that.
我最好的办法是在调试器中启动该过程(OllyDbg是我的首选工具)。该过程将暂停异常,您可以尝试弄清楚之前不久发生的事情。
This needs some understanding of assembler and does not allow to create a snapshot of the process for later analysis. You would need to write your own debugger for that - it should be theoretically possible.
这需要对汇编程序有所了解,并且不允许创建进程的快照以供以后分析。您需要为此编写自己的调试器 - 理论上应该是可行的。
#3
0
What are you trying to capture? UDP/TCP messages? Some inter-process communication?
你想要捕捉什么? UDP / TCP消息?一些进程间通信?
The reason I ask is that it is probably easier to capture what the software is outputting (rather than the process itself) and then writing a new process to simulate those same interactions? I've being doing just that with a small python script in some of my current projects...
我问的原因是它可能更容易捕获软件输出的内容(而不是过程本身),然后编写一个新的过程来模拟这些相同的交互?在我目前的一些项目中,我正在用一个小的python脚本做这个...