private void DumpStacks()
{
using (var snap = new Toolhelp32Snapshot(Toolhelp32SnapshotFlags.Thread)) {
foreach (var threadEntry in snap.GetThreads(process.ProcessId))
{
Console.WriteLine($"Thread # {threadEntry.ThreadId}");
DumpThread(threadEntry);
}
}
}
public IEnumerable <ModuleEntry> GetModules()
{
using (var snap = new Toolhelp32Snapshot(Toolhelp32SnapshotFlags.Module, ProcessId)) {
//using yield explicitly to avoid `snap` being disposed early
foreach (var module in snap.GetModules())
{
yield return(module);
}
}
}
public IEnumerable <ThreadEntry> GetThreads()
{
using (var snap = new Toolhelp32Snapshot(Toolhelp32SnapshotFlags.Thread, ProcessId)) {
//using yield explicitly to avoid `snap` being disposed early
foreach (var thread in snap.GetThreads())
{
yield return(thread);
}
}
}
private void Run()
{
using (var snap = new Toolhelp32Snapshot(Toolhelp32SnapshotFlags.Process)) {
var entry = snap.GetProcesses().FirstOrDefault(p => p.Executable == executableName);
process = entry.Open(ProcessAccessRights.QueryInformation | ProcessAccessRights.VMOperation | ProcessAccessRights.VMRead);
}
GatherModules();
CheckMappedImages();
}
public void Connect()
{
try {
using (var snap = new Toolhelp32Snapshot(Toolhelp32SnapshotFlags.Process)) {
var procEntry = snap.GetProcesses().FirstOrDefault(p => p.Executable == executableName);
if (procEntry == null)
{
throw new ProcessNotFoundException();
}
process = procEntry.Open(ProcessAccessRights.VMOperation | ProcessAccessRights.VMRead | ProcessAccessRights.Synchronize | ProcessAccessRights.QueryInformation);
}
resolver = new SymbolResolver();
var modules = process.GetModules().ToList();
ModuleEntry mainModule = modules.First(m => m.Name == executableName);
foreach (var module in modules)
{
string pdbPath = PDBForModule(module);
if (!File.Exists(pdbPath))
{
continue;
}
resolver.AddPdb(pdbPath, module.BaseAddress);
}
rawMemoryReader = new LiveProcessMemoryAccessor(process);
cachedMemoryReader = new CachedProcessMemoryAccessor(rawMemoryReader);
readOnlyCachedMemoryReader = new ReadOnlyCachedProcessMemoryAccessor(cachedMemoryReader, process);
rttiReader = new RTTIReader(cachedMemoryReader);
var g_engineSymb = resolver.FindGlobal("g_engine");
g_engineAddr = mainModule.BaseAddress + (int)g_engineSymb.relativeVirtualAddress;
} catch (Win32Exception err) when(err.NativeErrorCode == IncompleteReadException.ErrorNumber)
{
process = null;
throw new IncompleteReadException(err);
}
}
private Program(string[] args)
{
executableName = args[0];
using (var snap = new Toolhelp32Snapshot(Toolhelp32SnapshotFlags.Process)) {
var procEntry = snap.GetProcesses().FirstOrDefault(p => p.Executable == executableName);
if (procEntry is null)
{
throw new ProcessNotFoundException();
}
process = procEntry.Open(ProcessAccessRights.VMOperation | ProcessAccessRights.VMRead | ProcessAccessRights.Synchronize | ProcessAccessRights.QueryInformation);
}
ModuleEntry mainModule = process.GetModules().First(m => m.Name == executableName);
string pdbPath = mainModule.Path.Replace(".exe", ".pdb");
resolver = new SymbolResolver();
resolver.AddPdb(pdbPath, mainModule.BaseAddress);
memoryReader = new LiveProcessMemoryAccessor(process);
}
static NativeProcess GetShellProcess()
{
using (var snap = new Toolhelp32Snapshot(Toolhelp32SnapshotFlags.Process)) {
return(snap.GetProcesses().Where(p => p.Executable == "explorer.exe").First().Open(ProcessAccessRights.CreateProcess));
}
}
