Ejemplo n.º 1
0
        /// <summary>
        /// Enumerates heap information.
        /// </summary>
        /// <param name="callback">The callback for the enumeration.</param>
        public void EnumHeaps(DebugEnumHeapsDelegate callback)
        {
            RtlDebugInformation debugInfo = this.GetDebugInformation();

            if (debugInfo.Heaps == IntPtr.Zero)
            {
                throw new InvalidOperationException("Heap information does not exist.");
            }

            MemoryRegion heapInfo = new MemoryRegion(debugInfo.Heaps);
            var          heaps    = heapInfo.ReadStruct <RtlProcessHeaps>();

            for (int i = 0; i < heaps.NumberOfHeaps; i++)
            {
                RtlHeapInformation heap = heapInfo.ReadStruct <RtlHeapInformation>(RtlProcessHeaps.HeapsOffset, RtlHeapInformation.SizeOf, i);

                if (!callback(new HeapInformation(heap)))
                {
                    break;
                }
            }
        }
Ejemplo n.º 2
0
        /// <summary>
        /// Enumerates module information.
        /// </summary>
        /// <param name="callback">The callback for the enumeration.</param>
        public void EnumModules(DebugEnumModulesDelegate callback)
        {
            RtlDebugInformation debugInfo = this.GetDebugInformation();

            if (debugInfo.Modules == IntPtr.Zero)
            {
                throw new InvalidOperationException("Module information does not exist.");
            }

            MemoryRegion      modulesInfo = new MemoryRegion(debugInfo.Modules);
            RtlProcessModules modules     = modulesInfo.ReadStruct <RtlProcessModules>();

            for (int i = 0; i < modules.NumberOfModules; i++)
            {
                var module = modulesInfo.ReadStruct <RtlProcessModuleInformation>(RtlProcessModules.ModulesOffset, RtlProcessModuleInformation.SizeOf, i);

                if (!callback(new ModuleInformation(module)))
                {
                    break;
                }
            }
        }