程序崩溃后，利用minidump文件重现崩溃前的调用栈

    windows服务器上线后，如果出现崩溃，则很难找到其崩溃问题，而通过日志文件来达到目的又需要打印太多信息，导致服务性能下降，影响业务处理，而minidump的基本可以完美的重现崩溃之前的调用信息。

BOOL make_minidump(EXCEPTION_POINTERS* e)
{
    char name[MAX_PATH];
    {
        char* nameEnd = name + GetModuleFileNameA(GetModuleHandleA(0), name, MAX_PATH) - strlen(".exe");

        SYSTEMTIME t;
        GetLocalTime(&t);
        sprintf_s(nameEnd, sizeof(name) - (int)(nameEnd - name),
            "_%4d%02d%02d_%02d%02d%02d.dmp",
            t.wYear, t.wMonth, t.wDay, t.wHour, t.wMinute, t.wSecond);
    }

    HANDLE hFile = CreateFileA(name, GENERIC_WRITE, FILE_SHARE_READ, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
    if (hFile == INVALID_HANDLE_VALUE)
        return FALSE;

    MINIDUMP_TYPE mdType = MINIDUMP_TYPE(MiniDumpWithDataSegs |
        MiniDumpWithFullMemory |
        MiniDumpWithHandleData |
        MiniDumpFilterMemory |
        MiniDumpScanMemory);

    MINIDUMP_EXCEPTION_INFORMATION exceptionInfo;
    exceptionInfo.ThreadId = GetCurrentThreadId();
    exceptionInfo.ExceptionPointers = e;
    exceptionInfo.ClientPointers = FALSE;
    BOOL dumped = MiniDumpWriteDump(
        GetCurrentProcess(),
        GetCurrentProcessId(),
        hFile,
        mdType,
        e ? &exceptionInfo : NULL,
        NULL,
        NULL);

    FlushFileBuffers(hFile);
    CloseHandle(hFile);

    return dumped;
}

LONG CALLBACK unhandled_handler(EXCEPTION_POINTERS* ep)
{
    BOOL bDumpped = make_minidump(ep);

    TCHAR szModule[MAX_PATH];
    memset(szModule, 0, sizeof(szModule));

    ULONG_PTR baseModule = NULL;
    ULONG_PTR offsetModule = NULL;

    MEMORY_BASIC_INFORMATION mbi;
    EXCEPTION_RECORD * pER = ep->ExceptionRecord;
    SIZE_T cb = VirtualQuery(pER->ExceptionAddress, &mbi, sizeof(mbi));
    if (cb == sizeof(mbi))
    {
        if (GetModuleFileName((HMODULE)mbi.AllocationBase, szModule, MAX_PATH))
        {
            baseModule = (ULONG_PTR)mbi.AllocationBase;
            offsetModule = (ULONG_PTR)pER->ExceptionAddress - (ULONG_PTR)mbi.AllocationBase;
        }
    }

    // Force the program to exit after crash file dump.
    //    *** PS. exit(0) is not function in this program (not sure what is the problem), so use TaskKill instead tentatively
    DWORD procId = GetCurrentProcessId();
    char cmd[100];
    sprintf_s(cmd, sizeof(cmd) - 1, "TaskKill /PID %d /F", procId);
    //    LOG("Terminate program by command[%S]\r\n", cmd);
    system(cmd);

    return EXCEPTION_EXECUTE_HANDLER;
}

void DisableSetUnhandledExceptionFilter()
{
    void* addr = (void*)GetProcAddress(LoadLibraryA("kernel32.dll"),
        "SetUnhandledExceptionFilter");

    if (addr)
    {
        unsigned char code[16];
        int size = 0;

        code[size++] = 0x33;
        code[size++] = 0xC0;
        code[size++] = 0xC2;
        code[size++] = 0x04;
        code[size++] = 0x00;

        DWORD dwOldFlag, dwTempFlag;
        //PAGE_EXECUTE_READWRITE win10
        //PAGE_READWRITE win7
        VirtualProtect(addr, size, PAGE_EXECUTE_READWRITE, &dwOldFlag);
        WriteProcessMemory(GetCurrentProcess(), addr, code, size, NULL);
        VirtualProtect(addr, size, dwOldFlag, &dwTempFlag);
    }
}

int main()
{
    //dump文件
    LPTOP_LEVEL_EXCEPTION_FILTER filter = SetUnhandledExceptionFilter(unhandled_handler);

    // 此函数一旦成功调用，之后对 SetUnhandledExceptionFilter 的调用将无效  
    DisableSetUnhandledExceptionFilter();

    return 0;
}

通过

 //dump文件
    LPTOP_LEVEL_EXCEPTION_FILTER filter = SetUnhandledExceptionFilter(unhandled_handler);

    // 此函数一旦成功调用，之后对 SetUnhandledExceptionFilter 的调用将无效  
    DisableSetUnhandledExceptionFilter();

调用之后，出现崩溃时，程序会自动生成.dmp文件，将此文件放在包含程序调试信息的pbd同级目录下，用vs打开dmp文件，随后运行调试，就可以看到崩溃前的调用栈信息了。