/// <summary>
/// Save the opened key into a file.
/// </summary>
/// <param name="path">The file path to save to.</param>
/// <param name="flags">Save key flags</param>
public void Save(string path, SaveKeyFlags flags)
{
using (NtFile file = NtFile.Create(path, null, FileAccessRights.GenericWrite | FileAccessRights.Synchronize,
FileAttributes.Normal, FileShareMode.None, FileOpenOptions.SynchronousIoNonAlert, FileDisposition.Create, null))
{
Save(file, flags);
}
}
/// <summary>
/// Create a kernel dump for current system.
/// </summary>
/// <param name="path">The path to the output file.</param>
/// <param name="flags">Flags</param>
/// <param name="page_flags">Page flags</param>
public static void CreateKernelDump(string path, SystemDebugKernelDumpControlFlags flags, SystemDebugKernelDumpPageControlFlags page_flags)
{
NtToken.EnableDebugPrivilege();
using (NtFile file = NtFile.Create(path, FileAccessRights.Synchronize | FileAccessRights.GenericWrite | FileAccessRights.GenericRead,
FileShareMode.Read, FileOpenOptions.SynchronousIoNonAlert | FileOpenOptions.WriteThrough | FileOpenOptions.NoIntermediateBuffering, FileDisposition.OverwriteIf,
null))
{
using (var buffer = new SystemDebugKernelDumpConfig()
{
FileHandle = file.Handle.DangerousGetHandle(),
Flags = flags,
PageFlags = page_flags
}.ToBuffer())
{
NtSystemCalls.NtSystemDebugControl(SystemDebugCommand.SysDbgGetLiveKernelDump, buffer, buffer.Length,
SafeHGlobalBuffer.Null, 0, out int ret_length).ToNtException();
}
}
}
