static List <COMIPIDEntry> ParseIPIDEntries <T>(SafeProcessHandle process, IntPtr ipid_table, SymbolResolver resolver) where T : struct, IPIDEntryNativeInterface { List <COMIPIDEntry> entries = new List <COMIPIDEntry>(); PageAllocator palloc = new PageAllocator(process, ipid_table); if (palloc.Pages.Length == 0 || palloc.EntrySize < Marshal.SizeOf(typeof(T))) { return(entries); } foreach (IntPtr page in palloc.Pages) { using (var buf = process.ReadBuffer(page, palloc.EntriesPerPage * palloc.EntrySize)) { if (buf == null) { continue; } for (int entry_index = 0; entry_index < palloc.EntriesPerPage; ++entry_index) { IPIDEntryNativeInterface ipid_entry = buf.Read <T>((ulong)(entry_index * palloc.EntrySize)); if ((ipid_entry.Flags != 0xF1EEF1EE) && (ipid_entry.Flags != 0)) { entries.Add(new COMIPIDEntry(ipid_entry, process, resolver)); } } } } return(entries); }
private static SafeBuffer ReadSid(SafeProcessHandle process, IntPtr address) { SidHeader header = process.ReadStruct <SidHeader>(address); if (header.Revision != 1) { return(SafeHGlobalBuffer.Null); } return(process.ReadBuffer(address, 8 + header.RidCount * 4)); }
private static SafeBuffer ReadAcl(SafeProcessHandle process, IntPtr address) { AclHeader header = process.ReadStruct <AclHeader>(address); if (header.AclRevision > 4) { return(SafeHGlobalBuffer.Null); } if (header.AclSize < Marshal.SizeOf(typeof(AclHeader))) { return(SafeHGlobalBuffer.Null); } return(process.ReadBuffer(address, header.AclSize)); }