/// <summary> /// Save the opened key into a file. /// </summary> /// <param name="path">The file path to save to.</param> /// <param name="flags">Save key flags</param> public void Save(string path, SaveKeyFlags flags) { using (NtFile file = NtFile.Create(path, null, FileAccessRights.GenericWrite | FileAccessRights.Synchronize, FileAttributes.Normal, FileShareMode.None, FileOpenOptions.SynchronousIoNonAlert, FileDisposition.Create, null)) { Save(file, flags); } }
/// <summary> /// Create a kernel dump for current system. /// </summary> /// <param name="path">The path to the output file.</param> /// <param name="flags">Flags</param> /// <param name="page_flags">Page flags</param> public static void CreateKernelDump(string path, SystemDebugKernelDumpControlFlags flags, SystemDebugKernelDumpPageControlFlags page_flags) { NtToken.EnableDebugPrivilege(); using (NtFile file = NtFile.Create(path, FileAccessRights.Synchronize | FileAccessRights.GenericWrite | FileAccessRights.GenericRead, FileShareMode.Read, FileOpenOptions.SynchronousIoNonAlert | FileOpenOptions.WriteThrough | FileOpenOptions.NoIntermediateBuffering, FileDisposition.OverwriteIf, null)) { using (var buffer = new SystemDebugKernelDumpConfig() { FileHandle = file.Handle.DangerousGetHandle(), Flags = flags, PageFlags = page_flags }.ToBuffer()) { NtSystemCalls.NtSystemDebugControl(SystemDebugCommand.SysDbgGetLiveKernelDump, buffer, buffer.Length, SafeHGlobalBuffer.Null, 0, out int ret_length).ToNtException(); } } }