private void cbShowObject_SelectedIndexChanged(object sender, EventArgs e)
{
if (cbShowObject.Text != null)
{
if ((cbShowObject.Text == "") || cbShowObject.Text.Contains("None"))
{
return;
}
else
{
int index = KernelObjects.IndexOfThisObject(KernelObjects.Registered, cbShowObject.Text.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries).First().Trim());
if (index != -1)
{
KernelObjects.Registered[index].ShowFieldsInfo();
}
else
{
MessageBox.Show("Selected object has been removed.", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Warning);
cbShowObject.Text = "";
}
}
}
// cbShowObject.Text = "";
}
private void MainForm_Load(object sender, EventArgs e)
{
if (InitDevice())
{
isDriverLoaded = true;
InitializeAppearance();
GetProcess();
// For Test...
//kernelObjects = new KernelObjects(this);
//return;
CommunicationThread = new Thread(CommunicationRoutine);
CommunicationThread.Start();
if (CommunicationThread != null && CommunicationThread.ThreadState == ThreadState.Running)
{
kernelObjects = new KernelObjects(this);
return;
}
else
{
MessageBox.Show("Failed to Create the User Communication Thread.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
DisConnect();
}
}
Dispose();
Close();
}
private void addFileToolStripMenuItem_Click(object sender, EventArgs e)
{
string fileName = null;
if (openFileDialog1.ShowDialog() == DialogResult.OK)
{
fileName = openFileDialog1.FileName;
if (fileName != null)
{
Thread parsingThread = new Thread(() => KernelObjects.AddFileToParse(fileName));
parsingThread.Start();
}
}
}
private void showOBJECTToolStripMenuItem_DropDownOpening(object sender, EventArgs e)
{
cbShowObject.Items.Clear();
string[] tmp = KernelObjects.GetRegisteredObjectsList();
if (tmp != null)
{
cbShowObject.Size = new Size((int)(tmp[0].Length * 7.7), 31);
cbShowObject.Items.AddRange(tmp);
}
else
{
cbShowObject.Size = new Size(255, 31);
cbShowObject.Text = " None";
}
}
private void GetRequiredOffsets(REQUIRED_OFFSET Required)
{
R_MESSAGE_FORM message = new R_MESSAGE_FORM();
message.Required = new REQUIRED_OFFSET();
message.Type = RESPONSE_REQUIRED_OFFSET;
if (Required != null)
{
message.Required.ObjectName = Required.ObjectName.Trim();
message.Required.FieldName = Required.FieldName.Trim();
// Query to 'KernelObjects' class.
if ((message.Required.ObjectName.Length > 0) && (message.Required.FieldName.Length > 0))
{
int tmp = KernelObjects.IndexOfThisObject(KernelObjects.Registered, message.Required.ObjectName);
if (tmp != -1)
{
tmp = KernelObjects.Registered[tmp].GetFieldOffset(message.Required.FieldName);
if (tmp != -1)
{
message.Required.Offset = (uint)tmp;
}
}
}
}
if (message.Required.Offset == 0)
{
message.Res = 0xFFFF; // Signal for Failure.
//MessageBox.Show("Failed to get offset required by Driver : " + Required.ObjectName + "!" + Required.FieldName);
Thread messageThread = new Thread(() => MessageBox.Show("Failed to get Offset that required by Driver : " + Required.ObjectName + "!" + Required.FieldName));
messageThread.Start();
}
SendControlMessage(message.Type, message);
}
private void ShowKernelObjectContents(B_MESSAGE_FORM message)
{
if (dumpedByteStream != null)
{
// It's the first message for this dump.
if (receivedByteStreamLength == 0)
{
startAddressForThisStream = message.Address;
}
// Error check.
if ((message.Res != 0) || (startAddressForThisStream + receivedByteStreamLength != message.Address) || (receivedByteStreamLength + message.Size > dumpedByteStream.Length))
{
InitializeCurrentDump(); // 이거 에러 상황 전까지 받은 데이터는 그냥 출력하는 걸로 바꿀 수도...
if (message.Res != 0x89)
{
MessageBox.Show(String.Format("Error occured while dumping at 0x{0:X8}.", message.Address), "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
// else -> Failed to get Offset.
return;
}
// Store the received data.
uint currentStartIndex = message.Address - startAddressForThisStream;
for (uint i = 0; i < message.Size; i++)
{
dumpedByteStream[currentStartIndex + i] = message.bMessage[i];
}
receivedByteStreamLength += message.Size;
// Received whole data.
if (receivedByteStreamLength == dumpedByteStream.Length)
{
TreeView currentTree = null;
string currentObjectName = null;
int indexForKernelObjectInRegistered = -1;
switch (this.tabProcess.SelectedIndex)
{
case 0:
// _EPROCESS
currentTree = this.tvEprocess;
currentObjectName = "_EPROCESS";
break;
case 1:
break;
default:
break;
}
indexForKernelObjectInRegistered = KernelObjects.IndexOfThisObject(KernelObjects.Registered, currentObjectName);
if ((currentTree != null) && (indexForKernelObjectInRegistered != -1))
{
// Parsing Start...
List <string> parsed = KernelObjects.Registered[indexForKernelObjectInRegistered].ShowFieldsInfo(true);
if ((parsed != null) && (parsed.Count > 1))
{
AppendTree(currentTree, new TreeNode(parsed[0]));
for (int i = 1; i < parsed.Count; i++)
{
string[] splitLine = parsed[i].Split(new char[] { '!' }, StringSplitOptions.RemoveEmptyEntries);
AppendTree(currentTree, new TreeNode(splitLine[0]), currentTree.Nodes[0].Nodes);
if (splitLine.Length > 1)
{
for (int j = 1; j < splitLine.Length; j++)
{
AppendTree(currentTree, new TreeNode(splitLine[j]), currentTree.Nodes[0].LastNode.Nodes);
}
}
}
}
// For Test...
//AppendTree(currentTree, new TreeNode(currentObjectName));
//AppendTree(currentTree, new TreeNode(String.Format("0x{0:X2}{1:X2}{2:X2}{3:X2}", dumpedByteStream[3], dumpedByteStream[2], dumpedByteStream[1], dumpedByteStream[0])), currentTree.Nodes[0].Nodes);
//AppendTree(currentTree, new TreeNode(String.Format("0x{0:X2}{1:X2}{2:X2}{3:X2}", dumpedByteStream[7], dumpedByteStream[6], dumpedByteStream[5], dumpedByteStream[4])), currentTree.Nodes[0].Nodes);
}
}
}
else
{
// 위에 에러날 상황과 연계해서 생각해봐야 함. 에러나기 전까지 받은 것들 출력할지 말지.
MessageBox.Show("The 'dumpedByteStream' Buffer does not exist.\r\nTHIS MESSAGE IS FOR TEST.", "Error");
InitializeCurrentDump();
}
}
