Tested with ReactOS 0.4.14-dev-844-gea35843.
To reproduce the problem, do the following:
- Download ProcDump v9.0 here: https://download.sysinternals.com/files/Procdump.zip.
- Extract it from zip archive to any directory.
- Right click on the folder where it has been extracted -> "Command Prompt Here".
- In opened cmd, type "procdump -mm processname.exe". Alternatively, you can specify PID or any other information of the process which is visisble in taskmgr. This will (try to) generate a minidump file(s) from the specified process. For example, I tried kbswitch.exe, but you can use for the test any other running process which you want.
- After typing the command, press Enter. After pressing, the tool will crash due to unimplemented RtlGetUnloadEventTrace() (in ntdll.dll) and VerifierEnumerateResource() (in verifier.dll):
To fix it, I implemented RtlGetUnloadEventTrace() according to https://docs.microsoft.com/en-us/windows/win32/devnotes/rtlgetunloadeventtrace, and after my changes, it crashes only due to VerifierEnumerateResource(). Since this function is implemented in verifier.dll, after replacing this dll onto version from Win2k3, ProcDump does no longer crash and generates the minidump file(s) successfully. So I think my RtlGetUnloadEventTrace implementation is correct.
Although there also exists RtlGetUnloadEventTraceEx function, it can't be implemented in ReactOS for now and returned in RtlGetUnloadEventTrace at least due to the two following reasons:
- This function is Vista+, while non-Ex function appeared since Windows XP SP2, see https://www.geoffchappell.com/studies/windows/win32/ntdll/api/index.htm.
- It has a different parameters and implementation unlike non-Ex function, according to MSDN: https://docs.microsoft.com/en-us/windows/win32/devnotes/rtlgetunloadeventtraceex, so can't be used in pair with RtlGetUnloadEventTrace().