/// <summary>
/// Determines if a process is 32 bit
/// </summary>
/// <param name="process">The process to check</param>
/// <returns>Returns true if the process is 32 bit, otherwise false</returns>
public Boolean IsProcess32Bit(NormalizedProcess process)
{
Boolean isWow64;
// First do the simple check if seeing if the OS is 32 bit, in which case the process wont be 64 bit
if (this.IsOperatingSystem32Bit())
{
return(true);
}
// No process provided, assume 32 bit
if (process == null)
{
return(true);
}
try
{
if (this.SystemProcess == null || !NativeMethods.IsWow64Process(this.SystemProcess.Handle, out isWow64))
{
// Error, assume 32 bit
return(true);
}
}
catch
{
// Error, assume 32 bit
return(true);
}
return(isWow64);
}
/// <summary>
/// Recieves a process update.
/// </summary>
/// <param name="process">The newly selected process.</param>>
public void Update(NormalizedProcess process)
{
// Raise event to update process name in the view
this.RaisePropertyChanged(nameof(this.ProcessName));
this.RefreshProcessList();
}
public void Update(NormalizedProcess process)
{
this.TargetProcess = process;
// Disabled for now
// this.UninstallHook();
// this.InstallHook();
}
public void Update(NormalizedProcess process)
{
if (process != null)
{
this.BaseAddress = EngineCore.GetInstance().VirtualMemory.GetModules().FirstOrDefault()?.BaseAddress.ToUInt64() ?? 0UL;
this.LoadInstructions();
}
}
public void Update(NormalizedProcess process)
{
if (process == null)
{
return;
}
this.SystemProcess = Process.GetProcessById(process.ProcessId);
}
/// <summary>
/// Makes the target process selection.
/// </summary>
/// <param name="process">The process being selected.</param>
private void SelectProcess(NormalizedProcess process)
{
if (process == null)
{
return;
}
EngineCore.GetInstance().Processes.OpenProcess(process);
this.IsVisible = false;
}
/// <summary>
/// Recieves a process update.
/// </summary>
/// <param name="process">The newly selected process.</param>>
public void Update(NormalizedProcess process)
{
lock (this.ChunkLock)
{
if (this.ChunkList.Count > 0)
{
this.ChunkList.Clear();
OutputViewModel.GetInstance().Log(OutputViewModel.LogLevel.Info, "Prefilter cleared");
}
}
}
/// <summary>
/// Recieves a process update.
/// </summary>
/// <param name="process">The newly selected process.</param>>
public void Update(NormalizedProcess process)
{
lock (this.RegionLock)
{
if (this.PrefilteredSnapshot.ByteCount > 0)
{
this.PrefilteredSnapshot = new Snapshot();
OutputViewModel.GetInstance().Log(OutputViewModel.LogLevel.Info, "Pointer Prefilter cleared");
}
}
}
/// <summary>
/// Prevents a default instance of the <see cref="ProcessSelectorViewModel" /> class from being created.
/// </summary>
private ProcessSelectorViewModel() : base("Process Selector")
{
this.IconSource = Images.SelectProcess;
this.RefreshProcessListCommand = new RelayCommand(() => Task.Run(() => this.RefreshProcessList()), () => true);
this.SelectProcessCommand = new RelayCommand <NormalizedProcess>((process) => Task.Run(() => this.SelectProcess(process)), (process) => true);
this.detachProcess = new NormalizedProcess(0, "-- Detach from Process --", DateTime.Now, isSystemProcess: false, hasWindow: false, icon: null);
ProcessSelectorTask processSelectorTask = new ProcessSelectorTask(this.RefreshProcessList);
// Subscribe async to avoid a deadlock situation
Task.Run(() => { DockingViewModel.GetInstance().RegisterViewModel(this); });
// Subscribe to process events (async call as to avoid locking on GetInstance() if engine is being constructed)
Task.Run(() => { EngineCore.GetInstance().Processes.Subscribe(this); });
}
/// <summary>
/// Opens a process for editing.
/// </summary>
/// <param name="process">The process to be opened.</param>
public void OpenProcess(NormalizedProcess process)
{
if (process != null)
{
OutputViewModel.GetInstance().Log(OutputViewModel.LogLevel.Info, "Attached to process: " + process.ProcessName);
}
this.OpenedProcess = process;
if (this.processListeners != null)
{
foreach (IProcessObserver listener in this.processListeners)
{
listener.Update(process);
}
}
}
/// <summary>
/// Recieves a process update. This is an optimization over grabbing the process from the <see cref="IProcessAdapter"/> component
/// of the <see cref="EngineCore"/> every time we need it, which would be cumbersome when doing hundreds of thousands of memory read/writes.
/// </summary>
/// <param name="process">The newly selected process.</param>
public void Update(NormalizedProcess process)
{
if (process == null)
{
// Avoid setter functions
this.systemProcess = null;
return;
}
try
{
this.SystemProcess = Process.GetProcessById(process.ProcessId);
}
catch
{
// Avoid setter functions
this.systemProcess = null;
}
}
/// <summary>
/// Opens an existing local process object.
/// </summary>
/// <param name="accessFlags">The access level to the process object.</param>
/// <param name="process">The identifier of the local process to be opened.</param>
/// <returns>An open handle to the specified process.</returns>
public static IntPtr OpenProcess(ProcessAccessFlags accessFlags, NormalizedProcess process)
{
return(NativeMethods.OpenProcess(accessFlags, false, process == null ? 0 : process.ProcessId));
}
/// <summary>
/// Collects .Net objects in the external process.
/// </summary>
protected override void OnUpdate()
{
this.UpdateInterval = DotNetObjectCollector.PollingTime;
ProxyCommunicator proxyCommunicator = ProxyCommunicator.GetInstance();
NormalizedProcess process = EngineCore.GetInstance()?.Processes?.GetOpenedProcess();
IProxyService proxyService = proxyCommunicator.GetProxyService(EngineCore.GetInstance().Processes.IsOpenedProcess32Bit());
if (proxyService == null)
{
return;
}
try
{
if (process == null || !proxyService.RefreshHeap(process.ProcessId))
{
return;
}
List <DotNetObject> objectTrees = new List <DotNetObject>();
HashSet <UInt64> visited = new HashSet <UInt64>();
foreach (UInt64 rootRef in proxyService.GetRoots())
{
String rootName = proxyService.GetRootName(rootRef);
Type rootType = Conversions.TypeCodeToType((TypeCode)proxyService.GetRootType(rootRef));
if (rootRef == 0 || rootName == null)
{
continue;
}
foreach (String excludedPrefix in excludedPrefixes)
{
if (rootName.StartsWith(excludedPrefix, StringComparison.OrdinalIgnoreCase))
{
rootName = rootName.Substring(excludedPrefix.Length, rootName.Length - excludedPrefix.Length).Trim();
}
}
if (excludedNameSpaces.Any(x => rootName.StartsWith(x, StringComparison.OrdinalIgnoreCase)))
{
continue;
}
if (rootType != null)
{
if (excludedNameSpaces.Any(x => rootType.Name.StartsWith(x, StringComparison.OrdinalIgnoreCase)))
{
continue;
}
}
if (visited.Contains(rootRef))
{
continue;
}
try
{
DotNetObject rootObject = new DotNetObject(null, rootRef, rootType, rootName);
visited.Add(rootRef);
objectTrees.Add(rootObject);
this.RecursiveBuild(proxyService, visited, rootObject, rootRef);
}
catch
{
}
}
this.ObjectTrees = objectTrees;
}
catch
{
}
base.OnUpdate();
}
/// <summary>
/// Makes the target process selection.
/// </summary>
/// <param name="process">The process being selected.</param>
private void SelectProcess(NormalizedProcess process)
{
this.SelectedProcess = process;
this.IsVisible = false;
}
/// <summary>
/// Determines if a process is 64 bit
/// </summary>
/// <param name="process">The process to check</param>
/// <returns>Returns true if the process is 64 bit, otherwise false</returns>
public Boolean IsProcess64Bit(NormalizedProcess process)
{
return(!this.IsProcess32Bit(process));
}
