C# (CSharp) VirtualQueryUtility.VirtualQueryFunction Beispiele

Beispiel #1

 /// <summary>
 /// Creates a new <see cref="MemoryBufferHelper"/> for the specified process.
 /// </summary>
 /// <param name="process">The process.</param>
 public MemoryBufferHelper(Process process)
 {
     Process               = process;
     _bufferSearcher       = new MemoryBufferSearcher(process);
     _virtualQueryFunction = VirtualQueryUtility.GetVirtualQueryFunction(process);
     _allocateMemoryMutex  = MutexObtainer.MakeMutex(CreateBufferMutexName());
 }

Beispiel #2

        /// <summary>
        /// Returns a list of pages that exist within a set process' memory.
        /// </summary>
        /// <returns></returns>
        public static List <MEMORY_BASIC_INFORMATION> GetPages(Process process)
        {
            // Is this Windows on Windows 64? (x86 app running on x64 Windows)
            IsWow64Process(process.Handle, out bool isWow64);
            GetSystemInfo(out SYSTEM_INFO systemInfo);

            // This should work.
            nuint currentAddress = 0;
            nuint maxAddress     = 0x7FFFFFFF; // 32bit (with Address Range Extension)

            // Check if 64bit.
            if (systemInfo.wProcessorArchitecture == ProcessorArchitecture.PROCESSOR_ARCHITECTURE_AMD64 && !isWow64)
            {
                maxAddress = systemInfo.lpMaximumApplicationAddress;
            }

            // Support Large Address Aware
            if (IntPtr.Size == 4 && (nuint)systemInfo.lpMaximumApplicationAddress > maxAddress)
            {
                maxAddress = (nuint)systemInfo.lpMaximumApplicationAddress;
            }

            // Get the VirtualQuery function implementation to use.
            // Local is faster and works for current process; Remote is for another process.
            VirtualQueryUtility.VirtualQueryFunction virtualQueryFunction = VirtualQueryUtility.GetVirtualQueryFunction(process);

            // Shorthand for convenience.
            List <MEMORY_BASIC_INFORMATION> memoryPages = new List <MEMORY_BASIC_INFORMATION>(8192);

            // Until we get all of the pages.
            while (currentAddress <= maxAddress)
            {
                // Get our info from VirtualQueryEx.
                var memoryInformation = new MEMORY_BASIC_INFORMATION();
                var result            = virtualQueryFunction(process.Handle, (nuint)currentAddress, ref memoryInformation);
                if (result == (UIntPtr)0)
                {
                    break;
                }

                // Add the page and increment address iterator to go to next page.
                memoryPages.Add(memoryInformation);
                currentAddress += memoryInformation.RegionSize;
            }

            return(memoryPages);
        }

Beispiel #3

 /// <summary>
 /// Creates a new <see cref="MemoryBufferHelper"/> for the specified process.
 /// </summary>
 /// <param name="process">The process.</param>
 public MemoryBufferHelper(Process process)
 {
     Process               = process;
     _bufferSearcher       = new MemoryBufferSearcher(process);
     _virtualQueryFunction = VirtualQueryUtility.GetVirtualQueryFunction(process);
 }