public StructViewer(int pid, IntPtr address, StructDef struc)
{
InitializeComponent();
_struct = struc;
treeStruct.Model = _model;
treeStruct.ContextMenu = menuStruct;
GenericViewMenu.AddMenuItems(copyMenuItem.MenuItems, treeStruct);
try
{
FieldValue[] values;
_struct.Offset = address;
_struct.IOProvider = new ProcessMemoryIO(pid);
_struct.Structs = Program.Structs;
values = _struct.Read();
_model.Nodes.Add(new StructNode(new FieldValue
{
Name = "Struct",
FieldType = FieldType.StringUTF16,
Value = string.Empty
}));
foreach (FieldValue val in values)
{
this.AddNode(_model.Nodes[0], val);
}
treeStruct.Root.Children[0].IsExpanded = true;
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to view the struct", ex);
this.Error = true;
}
}
public override void Search()
{
Results.Clear();
ProcessHandle phandle;
int count = 0;
bool opt_priv = (bool)Params["private"];
bool opt_img = (bool)Params["image"];
bool opt_map = (bool)Params["mapped"];
string structName = (string)Params["struct"];
int align = (int)BaseConverter.ToNumberParse((string)Params["struct_align"]);
if (!Program.Structs.ContainsKey(structName))
{
CallSearchError("Struct '" + structName + "' is not defined.");
return;
}
StructDef structDef = Program.Structs[structName];
string structLen = structDef.Size.ToString();
structDef.IOProvider = new ProcessMemoryIO(PID);
try
{
phandle = new ProcessHandle(PID, ProcessHacker.Native.Security.ProcessAccess.QueryInformation);
}
catch
{
CallSearchError("Could not open process: " + Win32.GetLastErrorMessage());
return;
}
phandle.EnumMemory(info =>
{
// skip unreadable areas
if (info.Protect == MemoryProtection.AccessDenied)
{
return(true);
}
if (info.State != MemoryState.Commit)
{
return(true);
}
if ((!opt_priv) && (info.Type == MemoryType.Private))
{
return(true);
}
if ((!opt_img) && (info.Type == MemoryType.Image))
{
return(true);
}
if ((!opt_map) && (info.Type == MemoryType.Mapped))
{
return(true);
}
CallSearchProgressChanged(
String.Format("Searching 0x{0} ({1} found)...", info.BaseAddress.ToString("x"), count));
for (int i = 0; i < info.RegionSize.ToInt32(); i += align)
{
try
{
structDef.Offset = info.BaseAddress.Increment(i);
structDef.Read();
// read succeeded, add it to the results
Results.Add(new string[]
{
Utils.FormatAddress(info.BaseAddress),
String.Format("0x{0:x}", i), structLen, string.Empty
});
count++;
}
catch
{
}
}
return(true);
});
phandle.Dispose();
CallSearchFinished();
}