public static bool ListMemory(FMemoryInfos memories, int processId)
{
memories.Clear();
// List modules
FModuleInfoCollection modules = RModule.ListProcess(processId);
// List memory
uint address = 0;
SMemoryBasicInformation mbi = new SMemoryBasicInformation();
int size = Marshal.SizeOf(mbi);
IntPtr process = RKernel32.OpenProcess(EProcessAccess.QueryInformation, true, processId);
if (!RApi.IsValidHandle(process))
{
return(false);
}
while (RKernel32.VirtualQueryEx(process, address, ref mbi, size) > 0)
{
FMemoryInfo memory = new FMemoryInfo();
memory.AllocationBase = mbi.AllocationBase;
memory.AllocationProtect = mbi.AllocationProtect;
memory.BaseAddress = mbi.BaseAddress;
memory.Protect = mbi.Protect;
memory.RegionSize = mbi.RegionSize;
memory.State = mbi.State;
memory.Type = mbi.Type;
memory.Module = modules.FindByAddress(mbi.AllocationBase);
memories.Push(memory);
address = mbi.BaseAddress + mbi.RegionSize;
}
;
RKernel32.CloseHandle(process);
return(true);
}
public void Open(int id, EProcessAccess access)
{
_id = id;
_handle = RKernel32.OpenProcess(access, false, _id);
if (_handle == IntPtr.Zero)
{
throw new FFatalException("Open process error. (id={0})", _id);
}
}