/// <summary>
/// Gets a random pointer from the pointer collection.
/// </summary>
/// <returns>A random discovered pointer, or null if unable to find one.</returns>
public Pointer GetRandomPointer(Int32 levelIndex)
{
if (levelIndex >= this.Levels.Count || this.Levels[levelIndex].StaticPointers == null)
{
return(null);
}
Snapshot currentSnapshot = this.Levels[levelIndex].StaticPointers;
ExtractedPointer pointer = this.ExtractRandomPointer(currentSnapshot);
UInt64 pointerBase = pointer.BaseAddress;
List <Int32> offsets = new List <Int32>();
foreach (Level level in this.Levels.Take(levelIndex + 1).Reverse())
{
IEnumerable <Int32> shuffledOffsets = Enumerable.Range(-(Int32)this.MaxOffset, (Int32)(this.MaxOffset * 2) + 1).Shuffle();
Boolean found = false;
// Brute force all possible offsets in a random order to find the next path (this guarantees uniform path probabilities)
foreach (Int32 nextRandomOffset in shuffledOffsets)
{
UInt64 newDestination = nextRandomOffset < 0 ? pointer.Destination.Subtract(-nextRandomOffset, wrapAround: false) : pointer.Destination.Add(nextRandomOffset, wrapAround: false);
SnapshotRegion snapshotRegion = level.HeapPointers.SnapshotRegions.Select(x => x).Where(y => newDestination >= y.BaseAddress && newDestination <= y.EndAddress).FirstOrDefault();
if (snapshotRegion != null)
{
// We may have sampled an offset that results in a mis-aligned index, so just randomly take an element from this snapshot rather than using the random offset
SnapshotElementIndexer randomElement = snapshotRegion[Random.Next(0, snapshotRegion.GetElementCount(PointerSize.ToSize()))];
UInt64 baseAddress = randomElement.GetBaseAddress(PointerSize.ToSize());
Int32 alignedOffset = pointer.Destination >= baseAddress ? -((Int32)(pointer.Destination - baseAddress)) : ((Int32)(baseAddress - pointer.Destination));
pointer = this.ExtractPointerFromElement(randomElement);
offsets.Add(alignedOffset);
found = true;
break;
}
}
if (!found)
{
Logger.Log(LogLevel.Error, "Unable to collect a pointer, encountered dead end path");
return(null);
}
}
return(new Pointer(pointerBase, this.PointerSize, offsets.ToArray()));
}
/// <summary>
/// Loads the results for the current page.
/// </summary>
private void LoadScanResults()
{
Snapshot snapshot = SessionManager.Session.SnapshotManager.GetActiveSnapshot();
IList <ScanResult> newAddresses = new List <ScanResult>();
if (snapshot != null)
{
UInt64 startIndex = Math.Min(ScanResultsViewModel.PageSize * this.CurrentPage, snapshot.ElementCount);
UInt64 endIndex = Math.Min((ScanResultsViewModel.PageSize * this.CurrentPage) + ScanResultsViewModel.PageSize, snapshot.ElementCount);
for (UInt64 index = startIndex; index < endIndex; index++)
{
SnapshotElementIndexer element = snapshot[index, this.ActiveType.Size];
String label = element.GetElementLabel() != null?element.GetElementLabel().ToString() : String.Empty;
Object currentValue = element.HasCurrentValue() ? element.LoadCurrentValue(this.ActiveType) : null;
Object previousValue = element.HasPreviousValue() ? element.LoadPreviousValue(this.ActiveType) : null;
String moduleName = String.Empty;
UInt64 address = MemoryQueryer.Instance.AddressToModule(SessionManager.Session.OpenedProcess, element.GetBaseAddress(this.ActiveType.Size), out moduleName);
PointerItem pointerItem = new PointerItem(SessionManager.Session, baseAddress: address, dataType: this.ActiveType, moduleName: moduleName, value: currentValue);
newAddresses.Add(new ScanResult(new PointerItemView(pointerItem), previousValue, label));
}
}
this.Addresses = new FullyObservableCollection <ScanResult>(newAddresses);
// Ensure results are visible
this.IsVisible = true;
this.IsSelected = true;
this.IsActive = true;
}
private ExtractedPointer ExtractPointerFromElement(SnapshotElementIndexer element)
{
return(new ExtractedPointer(element.GetBaseAddress(PointerSize.ToSize()), element.HasCurrentValue()
? (this.PointerSize == PointerSize.Byte4 ? (UInt32)element.LoadCurrentValue(PointerSize.ToDataType())
: (UInt64)element.LoadCurrentValue(PointerSize.ToDataType())) : 0));
}