public IEnumerable <ModuleInfo> EnumerateModules()
{
foreach (var client in AADExtensions.EnumerateAADClients(processId))
{
var runtime = client.Runtime;
foreach (var module in client.EnumerateModules())
{
var peInfo = client.GetPEInfo(module);
if (peInfo.IsInvalid)
{
// may be ngen image and corresponding IL image not loaded TODO: get native image, not IL image
yield return(new DotNetModuleInfo(module.AssemblyName, unchecked ((nuint)(-1)), 0, "NGEN", module.DomainName, $"v{runtime.FileVersion}"));
continue;
}
var layout = peInfo.LoadedLayout;
Debug2.Assert(!layout.IsInvalid);
yield return(new DotNetModuleInfo(module.AssemblyName, (nuint)layout.ImageBase, layout.ImageSize, peInfo.FilePath, module.DomainName, $"v{runtime.FileVersion}"));
}
}
}
public override bool DumpModule(nuint moduleHandle, ImageLayout __imageLayout_dont_use, string filePath)
{
var clients = AADExtensions.EnumerateAADClients(process.Id);
if (!FindModule(clients, moduleHandle, out var client, out var module))
{
return(false);
}
var peInfo = client.GetPEInfo(module);
var metadataInfo = client.GetMetadataInfo(module);
var imageLayout = FindMetadataImageLayout(peInfo, metadataInfo.MetadataAddress);
if (imageLayout is null)
{
throw new InvalidOperationException("Can't find the PEImageLayout where the metadata is located");
}
moduleHandle = (nuint)imageLayout.ImageBase;
var data = DumpModule(process.Id, moduleHandle, peInfo.InMemory);
if (data is null)
{
throw new InvalidOperationException("Can't dump module");
}
AddressToRVA(metadataInfo, imageLayout);
if (peInfo.InMemory)
{
FileLayoutToMemoryLayout(ref data, metadataInfo, imageLayout);
}
FixSectionHeaders(data);
FixDotNetHeaders(data, metadataInfo, imageLayout);
File.WriteAllBytes(filePath, data);
return(true);
}
