如何從WinDbg擴展中提取用戶流？

Question

我已經在轉儲中嵌入了一個自定義流（即傳遞給MiniDumpWriteDump函數的UserStreamParam參數）。現在，我試圖從WinDbg擴展中提取流。 （請注意，我已驗證我可以使用MiniDumpReadDumpStream函數檢索該流）。

我正在使用IDebugAdvanced2::Request方法和DEBUG_REQUEST_READ_USER_MINIDUMP_STREAM請求。我能夠從標準流中檢索數據。例如，以下片段將正確檢索misc信息流的內容。

DEBUG_READ_USER_MINIDUMP_STREAM rums = {}; 
rums.StreamType = MiscInfoStream; 
rums.Buffer = &buf; 
rums.BufferSize = sizeof buf; 
hr = p->Request(DEBUG_REQUEST_READ_USER_MINIDUMP_STREAM, 
    &rums, sizeof rums, 0, 0, 0); 

然而，試圖找回我自己的流將導致錯誤（0x80070570，ERROR_FILE_CORRUPT）和WinDbg的輸出

Dir entry 11, ??? stream has unknown stream type 6381921 

注意，顯示爲.dumpdebug輸出的一部分相同的消息。

Stream 11: type ??? (6381921), size 00000038, RVA 00033FA9 
Dir entry 11, ??? stream has unknown stream type 6381921 

什麼問題？如何檢索我的用戶流的內容？

Answer 1

即使未經過測試，如果使用自定義值（大於LastReservedStream = 0xFFFF）而不是MiscInfoStream填充StreamType，它應該可以工作。

Answer 2

很晚答案

StreamType cannot be UserDefined StreamTypes

jen-lung chiu of ms在osronline發佈這樣的WinDbg列出早就回了

不知道最新的dbgeng有此限制淘汰

你要麼與檢索獨立的dbghelp函數

（使用dbghe不推薦WinDBG的擴展內部LP函數）

或自己解析流與fopen（）函數的fread（）等由具有userStreams在它

（oleg staradumov debuginfo.com writeuserstream.cpp）的用戶轉儲輸出下面

userstream:\>type ..\usrstr.cpp 


#include <stdio.h> 
#include <engextcpp.hpp> 
#include <dbghelp.h> 

const ULONG MBUFFSIZE = 0x1000; 
PVOID Buff = 0; 

int __cdecl ReadUserStream (char *dmpfile) 
{ 
    PMINIDUMP_HEADER MiniHeader = 0; 
    PMINIDUMP_DIRECTORY MiniDir = 0; 
    PMINIDUMP_USER_STREAM userstream = 0; 
    size_t result = 0; 
    ULONG Streams =0; 
    ULONG i = 0; 
    FILE * fp = fopen(dmpfile,"rb"); 
    if (fp) 
    { 
     result = fread(Buff, 1, sizeof(MINIDUMP_HEADER), fp); 
     if (result == sizeof(MINIDUMP_HEADER)) 
     { 
      MiniHeader = (PMINIDUMP_HEADER) Buff; 
      Streams = MiniHeader->NumberOfStreams; 
      for (i = 0; i < Streams; i++) 
      { 
       result = fread(Buff, 1, sizeof(MINIDUMP_DIRECTORY), fp); 
       if (result == sizeof(MINIDUMP_DIRECTORY)) 
       { 
        MiniDir = (PMINIDUMP_DIRECTORY) Buff; 
        if (MiniDir->StreamType > LastReservedStream) 
        { 
         userstream = (PMINIDUMP_USER_STREAM)Buff; 
         ULONG savedbuffsize = userstream->BufferSize; 
         ULONG savedtype = userstream->Type; 
         PCHAR savedbufferptr = (PCHAR)userstream->Buffer; 
         long pos = ftell(fp); 
         fseek(fp, (long)savedbufferptr,SEEK_SET); 
         result = fread(Buff, 1, savedbuffsize, fp); 
         if (result == savedbuffsize) 
         { 
          printf(
           "\n" 
           "Datastream Type = %.8x\n" 
           "Buffer Size  = %.8x\n" 
           "Buffer   = %p\n" 
           "Buffer content = %s\n" 
           "\n", 
           savedtype, 
           savedbuffsize, 
           savedbufferptr, 
           Buff 
           ); 
          fseek(fp,pos,SEEK_SET); 
          continue; 
         } 
         else 
         { 
          printf(
           "failed to read buffer contents at offset %p of 
user stream %x\n", 
           savedbufferptr, 
           savedtype); 
          fseek(fp,pos,SEEK_SET); 
          continue; 
         } 
        } 

       } 
       else 
       { 
        printf("failed to fread Minidump directory exiting \n"); 
        goto getout; 
       } 

      } 
     } 
     else 
     { 
      printf("failed to fread Minidump header exiting \n"); 
      goto getout; 
     } 
    } 
    else 
    { 
     printf("failed to open dmp file exiting \n"); 
     goto getout; 
    } 
getout: 
    if (fp) 
     fclose(fp); 
    return 0; 
} 

int __cdecl main (int argc, char * argv[]) 
{ 
    if (argc !=2) 
    { 
     printf("Usage %s %s\n",argv[0],"somedump.dmp"); 
     return 0; 
    } 
    Buff = malloc(MBUFFSIZE); 
    if (Buff) 
    { 
     ReadUserStream(argv[1]); 
     free(Buff); 
     return 0; 
    } 
    else 
    { 
     printf("malloc failed exiting\n"); 
     return 0; 
    } 
} 

userstream:\>usrstr.exe 
Usage usrstr.exe somedump.dmp 

userstream:\>usrstr.exe test.dmp 
Datastream Type = 00010000 
Buffer Size  = 00000021 
Buffer   = 000010B6 
Buffer content = This is the first data stream... 


Datastream Type = 00010001 
Buffer Size  = 00000023 
Buffer   = 000010D7 
Buffer content = and this is the second data stream