/// <summary>
/// Collects .Net objects in the external process.
/// </summary>
protected override void OnUpdate()
{
this.UpdateInterval = DotNetObjectCollector.PollingTime;
ProxyCommunicator proxyCommunicator = ProxyCommunicator.GetInstance();
NormalizedProcess process = EngineCore.GetInstance()?.Processes?.GetOpenedProcess();
IProxyService proxyService = proxyCommunicator.GetProxyService(EngineCore.GetInstance().Processes.IsOpenedProcess32Bit());
if (proxyService == null)
{
return;
}
try
{
if (process == null || !proxyService.RefreshHeap(process.ProcessId))
{
return;
}
List <DotNetObject> objectTrees = new List <DotNetObject>();
HashSet <UInt64> visited = new HashSet <UInt64>();
foreach (UInt64 rootRef in proxyService.GetRoots())
{
String rootName = proxyService.GetRootName(rootRef);
Type rootType = Conversions.TypeCodeToType((TypeCode)proxyService.GetRootType(rootRef));
if (rootRef == 0 || rootName == null)
{
continue;
}
foreach (String excludedPrefix in excludedPrefixes)
{
if (rootName.StartsWith(excludedPrefix, StringComparison.OrdinalIgnoreCase))
{
rootName = rootName.Substring(excludedPrefix.Length, rootName.Length - excludedPrefix.Length).Trim();
}
}
if (excludedNameSpaces.Any(x => rootName.StartsWith(x, StringComparison.OrdinalIgnoreCase)))
{
continue;
}
if (rootType != null)
{
if (excludedNameSpaces.Any(x => rootType.Name.StartsWith(x, StringComparison.OrdinalIgnoreCase)))
{
continue;
}
}
if (visited.Contains(rootRef))
{
continue;
}
try
{
DotNetObject rootObject = new DotNetObject(null, rootRef, rootType, rootName);
visited.Add(rootRef);
objectTrees.Add(rootObject);
this.RecursiveBuild(proxyService, visited, rootObject, rootRef);
}
catch
{
}
}
this.ObjectTrees = objectTrees;
}
catch
{
}
base.OnUpdate();
}
/// <summary>
/// Assemble the specified assembly code at a base address.
/// </summary>
/// <param name="isProcess32Bit">Whether or not the assembly is in the context of a 32 bit program.</param>
/// <param name="assembly">The assembly code.</param>
/// <param name="baseAddress">The address where the code is rebased.</param>
/// <param name="message">The logs generated by the assembler.</param>
/// <returns>An array of bytes containing the assembly code.</returns>
public Byte[] Assemble(Boolean isProcess32Bit, String assembly, IntPtr baseAddress, out String message, out String innerMessage)
{
// Call proxy service, which simply passes the asm code to Fasm.net to assemble the instructions
// Note: for assembling instructions, we must always use the 32-bit proxy service to assemble both x86/x64 instructions
return(ProxyCommunicator.GetInstance().GetProxyService(true).Assemble(isProcess32Bit, assembly, baseAddress.ToUInt64(), out message, out innerMessage));
}
