// CrashAnalyzer_v2.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "CrashAnalyzer.h"
#define LOGFOLDER "c:\\MemDump"
logger g_logger(LOGFOLDER);
/*void GetRtlFreeHeap(UINT pid)
{
HANDLE hProcess=::OpenProcess(PROCESS_ALL_ACCESS,false,pid);
BOOL b=SymInitialize(hProcess,NULL,TRUE);
if(b==false)
{
DWORD d=GetLastError();
MessageBoxA(0,"Object debug information not found","Error",0);
return ;
}
PSYMBOL_INFO s=(SYMBOL_INFO*)malloc(sizeof(SYMBOL_INFO)+2048);
ZeroMemory(s,sizeof(SYMBOL_INFO)+2048);
s->SizeOfStruct=sizeof(SYMBOL_INFO);
s->MaxNameLen=1024;
SymFromName(hProcess,"RtlFreeHeap",s);
String str;
sprintf_s(str.string,"%s\\inter_%u",LOGFOLDER,::GetCurrentProcessId());
FILE *fp=fopen(str,"w");
fprintf(fp,"%llx",s->Address);
fclose(fp);
free(s);
CloseHandle(hProcess);
}*/
int _tmain(int argc, _TCHAR* argv[])
{
String tempBuffer;
printf("Crash Analyzer by ASif Bahrainwala, mail at:- asif_bahrainwala@hotmail.com, PID=%u,TID=%u",::GetCurrentProcessId(),GetCurrentThreadId());
int pid=0;
printf("\n\nEnter ProcessiD to be debugged :");
scanf("%u",&pid);
sprintf(tempBuffer,"To analyze process %u",pid);
g_logger.Log(tempBuffer,pid,0);
//injecting DLL
{
String strPath;
GetCurrentDirectoryA(sizeof(strPath),strPath.string); //get the directory
strcat(strPath,"\\MemoryCheckerModule.dll");
HANDLE hProcess=::OpenProcess(PROCESS_ALL_ACCESS ,false,pid);
if(hProcess)
{
void *p=VirtualAllocEx (hProcess,NULL,strlen(strPath.string)+10,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
SIZE_T size=0;
WriteProcessMemory(hProcess,p,strPath.string,sizeof(strPath)+1,&size);
CreateRemoteThread(hProcess,0,0,( LPTHREAD_START_ROUTINE)LoadLibraryA,p,0,0);
CloseHandle(hProcess);
}
else
{
printf("PID invalid / access denied");
return 1; //cannot find process
}
}
//attach to process
BOOL bo=DebugActiveProcess(pid);
if(bo==0)
{
sprintf(tempBuffer,"CrashAnalyzer cannot attach to process, GetLastError: %u",GetLastError()); g_logger.Log(tempBuffer,pid,0);
MessageBoxA(0,tempBuffer,"Error",0);
return 1;
}
EnterDebugLoop();
return 0;
}