Using windbg, open the dump file and run '!analyze -v', there will be PROCESS_NAME property listed in the result, eg, PROCESS_NAME: notmyfault64.exe.
But how to get the PROCESS_NAME by windows debugging API?
One possible way is using IDebugClient::OpenDumpFile() to open the dump file and then use IDebugControl::Execute() to execute '!analyze -v' and grab the PROCESS_NAME from the output. But it's looks like a workaround.
Is there any direct way to get the PROCESS_NAME via the debugging API? eg, IDebugSymbols3::GetModuleNames()? I tried the code like this:
ULONG loaded = 0, unloaded = 0;
symbols->GetNumberModules(&loaded, &unloaded);
const ULONG count = loaded + unloaded;
DEBUG_MODULE_PARAMETERS* parameters = new DEBUG_MODULE_PARAMETERS[count];
symbols->GetModuleParameters(loaded, 0, NULL, parameters);
for (int i = 0; i < count; i++) {
symbols->GetModuleNames(DEBUG_ANY_ID, parameters[i].Base, ImageNameBuffer, MAX_PATH + 1, &ImageNameSize,
ModuleNameBuffer, MAX_PATH + 1, &ModuleNameSize,
LoadedImageNameBuffer, MAX_PATH + 1,
&LoadedImageNameSize);
std::cout << ImageNameBuffer<<", base level:"<<i << "\n";
}
But how to decide which index or base should be for the module name?
And also there are some example here: https://medium.com/swlh/windows-debugger-api-the-end-of-versioned-structures-ac4acaa351bd , the question is also how to choose the correct process name to be the same with Windbg analyze result?
And so to the IMAGE_NAME and MODULE_NAME in windbg analyze result, how to get them by IDebugClient?
Thanks!