public int GetModuleSummaryList(int pid, out ModuleSummary[] result)
{
result = new ModuleSummary[0];
if (driverHandle != WinApi.INVALID_HANDLE_VALUE)
{
// Im lazy as f**k, so I just open a LARGE buffer
int bufferSize = 1000 * 533;
IntPtr bufferPointer = MarshalUtility.AllocZeroFilled(bufferSize);
KERNEL_QUERY_PROCESS_INFO_OPERATION operation = new KERNEL_QUERY_PROCESS_INFO_OPERATION
{
targetProcessId = pid,
bufferSize = bufferSize,
bufferAddress = (ulong)bufferPointer.ToInt64()
};
IntPtr operationPointer = MarshalUtility.CopyStructToMemory(operation);
int operationSize = Marshal.SizeOf <KERNEL_QUERY_PROCESS_INFO_OPERATION>();
if (WinApi.DeviceIoControl(driverHandle, IO_QUERY_PROCESS_INFO, operationPointer, operationSize, operationPointer, operationSize, IntPtr.Zero, IntPtr.Zero))
{
operation = MarshalUtility.GetStructFromMemory <KERNEL_QUERY_PROCESS_INFO_OPERATION>(operationPointer);
if (operation.moduleCount > 0)
{
byte[] managedBuffer = new byte[bufferSize];
Marshal.Copy(bufferPointer, managedBuffer, 0, bufferSize);
Marshal.FreeHGlobal(bufferPointer);
result = new ModuleSummary[operation.moduleCount];
using (BinaryReader reader = new BinaryReader(new MemoryStream(managedBuffer)))
{
for (int i = 0; i < result.Length; i++)
{
result[i] = ModuleSummary.FromStream(reader);
}
}
return(result.Length);
}
}
else
{
int errCode = Marshal.GetLastWin32Error();
IntPtr tempptr = IntPtr.Zero;
string msg = null;
WinApi.FormatMessage(0x1300, ref tempptr, errCode, 0, ref msg, 255, ref tempptr);
MessageBox.Show(msg);
}
}
return(0);
}
public int Compare(object x, object y)
{
if ((x is ListViewItem) && (y is ListViewItem))
{
ModuleSummary p1 = ((ListViewItem)x).Tag as ModuleSummary;
ModuleSummary p2 = ((ListViewItem)y).Tag as ModuleSummary;
if (!(p1 == null || p2 == null))
{
int result = 0;
switch (columnIndex)
{
case 0:
result = p1.ModuleBase.CompareTo(p2.ModuleBase);
break;
case 1:
result = p1.ModuleFileName.CompareTo(p2.ModuleFileName);
break;
case 2:
result = p1.ModuleEntryPoint.CompareTo(p2.ModuleEntryPoint);
break;
case 3:
result = p1.ModuleImageSize.CompareTo(p2.ModuleImageSize);
break;
case 4:
result = p1.IsWOW64.CompareTo(p2.IsWOW64);
break;
}
if (sortOrder == SortOrder.Descending)
{
result = -result;
}
return(result);
}
}
return(0);
}
