/// <summary> /// Determines if a process is 32 bit /// </summary> /// <param name="process">The process to check</param> /// <returns>Returns true if the process is 32 bit, otherwise false</returns> public Boolean IsProcess32Bit(NormalizedProcess process) { Boolean isWow64; // First do the simple check if seeing if the OS is 32 bit, in which case the process wont be 64 bit if (this.IsOperatingSystem32Bit()) { return(true); } // No process provided, assume 32 bit if (process == null) { return(true); } try { if (this.SystemProcess == null || !NativeMethods.IsWow64Process(this.SystemProcess.Handle, out isWow64)) { // Error, assume 32 bit return(true); } } catch { // Error, assume 32 bit return(true); } return(isWow64); }
/// <summary> /// Recieves a process update. /// </summary> /// <param name="process">The newly selected process.</param>> public void Update(NormalizedProcess process) { // Raise event to update process name in the view this.RaisePropertyChanged(nameof(this.ProcessName)); this.RefreshProcessList(); }
public void Update(NormalizedProcess process) { this.TargetProcess = process; // Disabled for now // this.UninstallHook(); // this.InstallHook(); }
public void Update(NormalizedProcess process) { if (process != null) { this.BaseAddress = EngineCore.GetInstance().VirtualMemory.GetModules().FirstOrDefault()?.BaseAddress.ToUInt64() ?? 0UL; this.LoadInstructions(); } }
public void Update(NormalizedProcess process) { if (process == null) { return; } this.SystemProcess = Process.GetProcessById(process.ProcessId); }
/// <summary> /// Makes the target process selection. /// </summary> /// <param name="process">The process being selected.</param> private void SelectProcess(NormalizedProcess process) { if (process == null) { return; } EngineCore.GetInstance().Processes.OpenProcess(process); this.IsVisible = false; }
/// <summary> /// Recieves a process update. /// </summary> /// <param name="process">The newly selected process.</param>> public void Update(NormalizedProcess process) { lock (this.ChunkLock) { if (this.ChunkList.Count > 0) { this.ChunkList.Clear(); OutputViewModel.GetInstance().Log(OutputViewModel.LogLevel.Info, "Prefilter cleared"); } } }
/// <summary> /// Recieves a process update. /// </summary> /// <param name="process">The newly selected process.</param>> public void Update(NormalizedProcess process) { lock (this.RegionLock) { if (this.PrefilteredSnapshot.ByteCount > 0) { this.PrefilteredSnapshot = new Snapshot(); OutputViewModel.GetInstance().Log(OutputViewModel.LogLevel.Info, "Pointer Prefilter cleared"); } } }
/// <summary> /// Prevents a default instance of the <see cref="ProcessSelectorViewModel" /> class from being created. /// </summary> private ProcessSelectorViewModel() : base("Process Selector") { this.IconSource = Images.SelectProcess; this.RefreshProcessListCommand = new RelayCommand(() => Task.Run(() => this.RefreshProcessList()), () => true); this.SelectProcessCommand = new RelayCommand <NormalizedProcess>((process) => Task.Run(() => this.SelectProcess(process)), (process) => true); this.detachProcess = new NormalizedProcess(0, "-- Detach from Process --", DateTime.Now, isSystemProcess: false, hasWindow: false, icon: null); ProcessSelectorTask processSelectorTask = new ProcessSelectorTask(this.RefreshProcessList); // Subscribe async to avoid a deadlock situation Task.Run(() => { DockingViewModel.GetInstance().RegisterViewModel(this); }); // Subscribe to process events (async call as to avoid locking on GetInstance() if engine is being constructed) Task.Run(() => { EngineCore.GetInstance().Processes.Subscribe(this); }); }
/// <summary> /// Opens a process for editing. /// </summary> /// <param name="process">The process to be opened.</param> public void OpenProcess(NormalizedProcess process) { if (process != null) { OutputViewModel.GetInstance().Log(OutputViewModel.LogLevel.Info, "Attached to process: " + process.ProcessName); } this.OpenedProcess = process; if (this.processListeners != null) { foreach (IProcessObserver listener in this.processListeners) { listener.Update(process); } } }
/// <summary> /// Recieves a process update. This is an optimization over grabbing the process from the <see cref="IProcessAdapter"/> component /// of the <see cref="EngineCore"/> every time we need it, which would be cumbersome when doing hundreds of thousands of memory read/writes. /// </summary> /// <param name="process">The newly selected process.</param> public void Update(NormalizedProcess process) { if (process == null) { // Avoid setter functions this.systemProcess = null; return; } try { this.SystemProcess = Process.GetProcessById(process.ProcessId); } catch { // Avoid setter functions this.systemProcess = null; } }
/// <summary> /// Opens an existing local process object. /// </summary> /// <param name="accessFlags">The access level to the process object.</param> /// <param name="process">The identifier of the local process to be opened.</param> /// <returns>An open handle to the specified process.</returns> public static IntPtr OpenProcess(ProcessAccessFlags accessFlags, NormalizedProcess process) { return(NativeMethods.OpenProcess(accessFlags, false, process == null ? 0 : process.ProcessId)); }
/// <summary> /// Collects .Net objects in the external process. /// </summary> protected override void OnUpdate() { this.UpdateInterval = DotNetObjectCollector.PollingTime; ProxyCommunicator proxyCommunicator = ProxyCommunicator.GetInstance(); NormalizedProcess process = EngineCore.GetInstance()?.Processes?.GetOpenedProcess(); IProxyService proxyService = proxyCommunicator.GetProxyService(EngineCore.GetInstance().Processes.IsOpenedProcess32Bit()); if (proxyService == null) { return; } try { if (process == null || !proxyService.RefreshHeap(process.ProcessId)) { return; } List <DotNetObject> objectTrees = new List <DotNetObject>(); HashSet <UInt64> visited = new HashSet <UInt64>(); foreach (UInt64 rootRef in proxyService.GetRoots()) { String rootName = proxyService.GetRootName(rootRef); Type rootType = Conversions.TypeCodeToType((TypeCode)proxyService.GetRootType(rootRef)); if (rootRef == 0 || rootName == null) { continue; } foreach (String excludedPrefix in excludedPrefixes) { if (rootName.StartsWith(excludedPrefix, StringComparison.OrdinalIgnoreCase)) { rootName = rootName.Substring(excludedPrefix.Length, rootName.Length - excludedPrefix.Length).Trim(); } } if (excludedNameSpaces.Any(x => rootName.StartsWith(x, StringComparison.OrdinalIgnoreCase))) { continue; } if (rootType != null) { if (excludedNameSpaces.Any(x => rootType.Name.StartsWith(x, StringComparison.OrdinalIgnoreCase))) { continue; } } if (visited.Contains(rootRef)) { continue; } try { DotNetObject rootObject = new DotNetObject(null, rootRef, rootType, rootName); visited.Add(rootRef); objectTrees.Add(rootObject); this.RecursiveBuild(proxyService, visited, rootObject, rootRef); } catch { } } this.ObjectTrees = objectTrees; } catch { } base.OnUpdate(); }
/// <summary> /// Makes the target process selection. /// </summary> /// <param name="process">The process being selected.</param> private void SelectProcess(NormalizedProcess process) { this.SelectedProcess = process; this.IsVisible = false; }
/// <summary> /// Determines if a process is 64 bit /// </summary> /// <param name="process">The process to check</param> /// <returns>Returns true if the process is 64 bit, otherwise false</returns> public Boolean IsProcess64Bit(NormalizedProcess process) { return(!this.IsProcess32Bit(process)); }