private IpcCircularBuffer(Section section, string sectionName, Semaphore readSemaphore, Semaphore writeSemaphore)
{
BufferHeader header;
_section = section;
_sectionView = section.MapView(Marshal.SizeOf(typeof(BufferHeader)));
header = _sectionView.ReadStruct <BufferHeader>();
_sectionView.Dispose();
if (readSemaphore == null || writeSemaphore == null)
{
_readSemaphore = new Semaphore(sectionName + "_" + header.ReadSemaphoreId.ToString("x"));
_writeSemaphore = new Semaphore(sectionName + "_" + header.WriteSemaphoreId.ToString("x"));
}
else
{
_readSemaphore = readSemaphore;
_writeSemaphore = writeSemaphore;
}
_sectionView = _section.MapView(header.BlockSize * header.NumberOfBlocks);
_header = (BufferHeader *)_sectionView.Memory;
_data = &_header->Data;
}
protected override void DisposeObject(bool disposing)
{
if (_view != null)
{
_view.Dispose(disposing);
}
}
public MainWindow()
{
InitializeComponent();
Win32.LoadLibrary("C:\\Program Files\\Debugging Tools for Windows (x86)\\dbghelp.dll");
SymbolProvider symbols = new SymbolProvider(ProcessHandle.Current);
SymbolProvider.Options |= SymbolOptions.PublicsOnly;
IntPtr ntdllBase = Loader.GetDllHandle("ntdll.dll");
FileHandle ntdllFileHandle = null;
Section section = null;
ProcessHandle.Current.EnumModules((module) =>
{
if (module.BaseName.Equals("ntdll.dll", StringComparison.InvariantCultureIgnoreCase))
{
section = new Section(
ntdllFileHandle = new FileHandle(@"\??\" + module.FileName,
FileShareMode.ReadWrite,
FileAccess.GenericExecute | FileAccess.GenericRead
),
true,
MemoryProtection.ExecuteRead
);
symbols.LoadModule(module.FileName, module.BaseAddress, module.Size);
return(false);
}
return(true);
});
SectionView view = section.MapView((int)ntdllFileHandle.GetSize());
ntdllFileHandle.Dispose();
symbols.EnumSymbols("ntdll!Zw*", (symbol) =>
{
int number = Marshal.ReadInt32(
(symbol.Address.ToIntPtr().Decrement(ntdllBase)).Increment(view.Memory).Increment(1));
_sysCallNames.Add(
number,
"Nt" + symbol.Name.Substring(2)
);
_reverseSysCallNames.Add(
"Nt" + symbol.Name.Substring(2),
number
);
return(true);
});
view.Dispose();
section.Dispose();
symbols.Dispose();
KProcessHacker.Instance = new KProcessHacker();
_logger = new SsLogger(4096, false);
_logger.EventBlockReceived += new EventBlockReceivedDelegate(logger_EventBlockReceived);
_logger.ArgumentBlockReceived += new ArgumentBlockReceivedDelegate(logger_ArgumentBlockReceived);
_logger.AddProcessIdRule(FilterType.Exclude, ProcessHandle.GetCurrentId());
_logger.AddPreviousModeRule(FilterType.Include, KProcessorMode.UserMode);
//_logger.Start();
listEvents.SetDoubleBuffered(true);
}
