static List <COMIPIDEntry> ParseIPIDEntries <T>(NtProcess process, IntPtr ipid_table, ISymbolResolver resolver)
where T : struct, IPIDEntryNativeInterface
{
List <COMIPIDEntry> entries = new List <COMIPIDEntry>();
PageAllocator palloc = new PageAllocator(process, ipid_table);
if (palloc.Pages.Length == 0 || palloc.EntrySize < Marshal.SizeOf(typeof(T)))
{
return(entries);
}
foreach (IntPtr page in palloc.Pages)
{
int total_size = palloc.EntriesPerPage * palloc.EntrySize;
var data = process.ReadMemory(page.ToInt64(), palloc.EntriesPerPage * palloc.EntrySize);
if (data.Length < total_size)
{
continue;
}
using (var buf = new SafeHGlobalBuffer(data))
{
for (int entry_index = 0; entry_index < palloc.EntriesPerPage; ++entry_index)
{
IPIDEntryNativeInterface ipid_entry = buf.Read <T>((ulong)(entry_index * palloc.EntrySize));
if ((ipid_entry.Flags != 0xF1EEF1EE) && (ipid_entry.Flags != 0))
{
entries.Add(new COMIPIDEntry(ipid_entry, process, resolver));
}
}
}
}
return(entries);
}
public SafeHGlobalBuffer ReadBuffer(IntPtr ptr, int length)
{
SafeHGlobalBuffer buf = new SafeHGlobalBuffer(length);
bool success = false;
try
{
IntPtr out_length;
success = ReadProcessMemory(this, ptr, buf, new IntPtr(buf.Length), out out_length);
if (success)
{
return(buf);
}
}
finally
{
if (!success)
{
buf.Close();
}
}
return(null);
}
private static extern int PackageIdFromFullName(string packageFullName, int flags,
ref int bufferLength,
SafeHGlobalBuffer buffer
);
