我需要编写一个工具来侦听某些目标进程(在客户环境中崩溃),一旦它崩溃,它应该通过启动 DebugDiag 并传递命令行参数来生成转储。代码需要用 C# 编写。我已经完成了一些编码,但该工具从未检测到启动的进程。这是代码:
static void Main(string[] args)
{
ManagementEventWatcher startWatch = new ManagementEventWatcher(
new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace"));
startWatch.EventArrived
+= new EventArrivedEventHandler(startWatch_EventArrived);
startWatch.Start();
Console.WriteLine("Press ENTER to exit");
Console.ReadLine();
startWatch.Stop();
}
static void startWatch_EventArrived(object sender, EventArrivedEventArgs e)
{
string name = e.NewEvent.Properties["ProcessName"].Value as string;
Console.WriteLine("Process started: {0}", name);
if (name != null && name.Contains("My Process.exe"))
{
string procpath = "C:\\Program Files\\DebugDiag";
string filename = Path.Combine(procpath, "DbgHost.exe");
var proc = System.Diagnostics.Process.Start(filename, "-dump My Process.exe");
}
}
还请告知这是否是将命令行参数传递给 DebugDiag @Bruno 的方式,我使用 ProcDump 实现了您的建议。现在它可以工作一次,这意味着当我启动我的目标进程(32 位)时,ProcDump 也会启动,但是我的应用程序是这样的,当我在其中启动一个工作区时,它会启动另一个同名的进程,这一次 ProcDump 未能启动,在调试时我发现它抛出了一个异常,说 32 位进程无法调试 64 位进程并且我所有的目标进程都是 32 位的... 代码:
static void startWatch_EventArrived(object sender, EventArrivedEventArgs e)
{
string name = e.NewEvent.Properties["ProcessName"].Value as string;
Console.WriteLine("Process started: {0}", name);
if (name != null && name.Contains("MyProcess.exe"))
{
string procpath = "C:\\Procdump";
string filename = Path.Combine(procpath, "procdump.exe");
var proc = System.Diagnostics.Process.Start(filename, "-e -f -mp -n 25 -w -accepteula MyProcess.exe MyProcess_crash");
}
}