/// <summary> /// Loads the results for the current page. /// </summary> private void LoadScanResults() { Snapshot snapshot = SnapshotManager.GetSnapshot(Snapshot.SnapshotRetrievalMode.FromActiveSnapshot, this.ActiveType); IList <ScanResult> newAddresses = new List <ScanResult>(); if (snapshot != null) { UInt64 startIndex = Math.Min(ScanResultsViewModel.PageSize * this.CurrentPage, snapshot.ElementCount); UInt64 endIndex = Math.Min((ScanResultsViewModel.PageSize * this.CurrentPage) + ScanResultsViewModel.PageSize, snapshot.ElementCount); for (UInt64 index = startIndex; index < endIndex; index++) { SnapshotElementIndexer element = snapshot[index]; String label = element.GetElementLabel() != null?element.GetElementLabel().ToString() : String.Empty; Object currentValue = element.HasCurrentValue() ? element.LoadCurrentValue() : null; Object previousValue = element.HasPreviousValue() ? element.LoadPreviousValue() : null; String moduleName = String.Empty; UInt64 address = Query.Default.AddressToModule(element.BaseAddress, out moduleName); PointerItem pointerItem = new PointerItem(baseAddress: address, dataType: this.ActiveType, moduleName: moduleName, value: currentValue); newAddresses.Add(new ScanResult(new PointerItemView(pointerItem), previousValue, label)); } } this.Addresses = new FullyObservableCollection <ScanResult>(newAddresses); // Ensure results are visible this.IsVisible = true; this.IsSelected = true; this.IsActive = true; }
private ExtractedPointer ExtractRandomPointer(Snapshot snapshot) { SnapshotRegion extractedRegion = snapshot.SnapshotRegions[Random.Next(0, snapshot.SnapshotRegions.Length)]; SnapshotElementIndexer extractedElement = extractedRegion[Random.Next(0, extractedRegion.GetElementCount(PointerSize.ToSize()))]; return(this.ExtractPointerFromElement(extractedElement)); }
private void StartScan(int index, Int64 searchAddress, bool validatingProcess = false) { if (index > 0) { SnapshotManager.ClearSnapshots(); } ConstraintNode scanConstraints = new ScanConstraint(ScanConstraint.ConstraintType.Equal, searchAddress, dataType); TrackableTask <Snapshot> valueCollectorTask = ValueCollector.CollectValues( SnapshotManager.GetSnapshot(Snapshot.SnapshotRetrievalMode.FromActiveSnapshotOrPrefilter, dataType), TrackableTask.UniversalIdentifier); valueCollectorTask.OnCompletedEvent += ((completedValueCollectionTask) => { Snapshot snapshot = valueCollectorTask.Result; TrackableTask <Snapshot> scanTask = ManualScanner.Scan( snapshot, scanConstraints, TrackableTask.UniversalIdentifier); SnapshotManager.SaveSnapshot(scanTask.Result); snapshot = scanTask.Result; scannedAddresses.Add(new List <Int64>()); if (snapshot != null) { for (UInt64 i = 0; i < snapshot.ElementCount; ++i) { SnapshotElementIndexer element = snapshot[i]; Object currentValue = element.HasCurrentValue() ? element.LoadCurrentValue() : null; Object previousValue = element.HasPreviousValue() ? element.LoadPreviousValue() : null; String moduleName = String.Empty; UInt64 address = Query.Default.AddressToModule(element.BaseAddress, out moduleName); PointerItem pointerItem = new PointerItem(baseAddress: address, dataType: dataType, moduleName: moduleName, value: currentValue); pointerItem.ForceResolveAddress(); scannedAddresses[index].Add(Int64.Parse(pointerItem.AddressSpecifier, NumberStyles.HexNumber, CultureInfo.CurrentCulture)); } } int nextIteration = index + 1; if (nextIteration < addressesToFind.Count) { StartScan(nextIteration, addressesToFind[nextIteration], validatingProcess); } else { SearchLogic(validatingProcess); } }); }
/// <summary> /// Gets a random pointer from the pointer collection. /// </summary> /// <returns>A random discovered pointer, or null if unable to find one.</returns> public Pointer GetRandomPointer(Int32 levelIndex) { if (levelIndex >= this.Levels.Count || this.Levels[levelIndex].StaticPointers == null) { return(null); } Snapshot currentSnapshot = this.Levels[levelIndex].StaticPointers; ExtractedPointer pointer = this.ExtractRandomPointer(currentSnapshot); UInt64 pointerBase = pointer.BaseAddress; List <Int32> offsets = new List <Int32>(); foreach (Level level in this.Levels.Take(levelIndex + 1).Reverse()) { IEnumerable <Int32> shuffledOffsets = Enumerable.Range(-(Int32)this.MaxOffset, (Int32)(this.MaxOffset * 2) + 1).Shuffle(); Boolean found = false; // Brute force all possible offsets in a random order to find the next path (this guarantees uniform path probabilities) foreach (Int32 nextRandomOffset in shuffledOffsets) { UInt64 newDestination = nextRandomOffset < 0 ? pointer.Destination.Subtract(-nextRandomOffset, wrapAround: false) : pointer.Destination.Add(nextRandomOffset, wrapAround: false); SnapshotRegion snapshotRegion = level.HeapPointers.SnapshotRegions.Select(x => x).Where(y => newDestination >= y.BaseAddress && newDestination <= y.EndAddress).FirstOrDefault(); if (snapshotRegion != null) { // We may have sampled an offset that results in a mis-aligned index, so just randomly take an element from this snapshot rather than using the random offset SnapshotElementIndexer randomElement = snapshotRegion[Random.Next(0, snapshotRegion.GetElementCount(PointerSize.ToSize()))]; UInt64 baseAddress = randomElement.GetBaseAddress(PointerSize.ToSize()); Int32 alignedOffset = pointer.Destination >= baseAddress ? -((Int32)(pointer.Destination - baseAddress)) : ((Int32)(baseAddress - pointer.Destination)); pointer = this.ExtractPointerFromElement(randomElement); offsets.Add(alignedOffset); found = true; break; } } if (!found) { Logger.Log(LogLevel.Error, "Unable to collect a pointer, encountered dead end path"); return(null); } } return(new Pointer(pointerBase, this.PointerSize, offsets.ToArray())); }
private ExtractedPointer ExtractPointerFromElement(SnapshotElementIndexer element) { return(new ExtractedPointer(element.GetBaseAddress(PointerSize.ToSize()), element.HasCurrentValue() ? (this.PointerSize == PointerSize.Byte4 ? (UInt32)element.LoadCurrentValue(PointerSize.ToDataType()) : (UInt64)element.LoadCurrentValue(PointerSize.ToDataType())) : 0)); }