private void heapsProcessMenuItem_Click(object sender, EventArgs e) { try { HeapsWindow heapsWindow; using (DebugBuffer buffer = new DebugBuffer()) { this.Cursor = Cursors.WaitCursor; try { buffer.Query( processSelectedPid, RtlQueryProcessDebugFlags.HeapSummary | RtlQueryProcessDebugFlags.HeapEntries ); } finally { this.Cursor = Cursors.Default; } heapsWindow = new HeapsWindow(processSelectedPid, buffer.GetHeaps()); } heapsWindow.ShowDialog(); } catch (WindowsException ex) { PhUtils.ShowException("Unable to get heap information", ex); } }
private void DoFilter() { // Stop if cancel if (!CancelRequested) { var handles = Windows.GetHandles(); Dictionary<int, ProcessHandle> processHandles = new Dictionary<int, ProcessHandle>(); // Find handles for (int i = 0; i < handles.Length; i++) { // Check for cancellation here too, // otherwise the user might have to wait for much time if (CancelRequested) return; if (i % 20 == 0) OnMatchProgress(i, handles.Length); var handle = handles[i]; CompareHandleBestNameWithFilter(processHandles, handle); // test Exception //if (i > 2000) throw new Exception("test"); } foreach (ProcessHandle phandle in processHandles.Values) phandle.Dispose(); // Find DLLs and mapped files Dictionary<int, SystemProcess> processes = Windows.GetProcesses(); foreach (KeyValuePair<int, SystemProcess> process in processes) { try { // Modules using (ProcessHandle phandle = new ProcessHandle(process.Key, Program.MinProcessQueryRights | Program.MinProcessReadMemoryRights)) { phandle.EnumModules(module => { if (module.FileName.Contains(strFilterLower, StringComparison.OrdinalIgnoreCase)) this.CallDllMatchListView(process.Key, module); return true; }); } // Memory using (ProcessHandle phandle = new ProcessHandle(process.Key, ProcessAccess.QueryInformation | Program.MinProcessReadMemoryRights)) { phandle.EnumMemory(region => { if (region.Type != MemoryType.Mapped) return true; string name = phandle.GetMappedFileName(region.BaseAddress); if (!string.IsNullOrEmpty(name) && name.Contains(strFilterLower, StringComparison.OrdinalIgnoreCase)) this.CallMappedFileMatchListView(process.Key, region.BaseAddress, name); return true; }); } // WOW64 Modules if (OSVersion.Architecture == OSArch.Amd64) { using (DebugBuffer buffer = new DebugBuffer()) { buffer.Query( process.Key, RtlQueryProcessDebugFlags.Modules32 | RtlQueryProcessDebugFlags.NonInvasive ); buffer.EnumModules(module => { if (module.FileName.Contains(strFilterLower, StringComparison.OrdinalIgnoreCase)) this.CallDllMatchListView(process.Key, module); return true; }); } } } catch (Exception ex) { Logging.Log(ex); } } OnMatchListView(null); } }