C# (CSharp) Squalr.Engine.Scanning.Scanners.Pointers PointerRebase.Scan Examples

Programming Language: C# (CSharp)

Namespace/Package Name: Squalr.Engine.Scanning.Scanners.Pointers

Class/Type: PointerRebase

Method/Function: Scan

Examples at hotexamples.com: 3

C# (CSharp) Squalr.Engine.Scanning.Scanners.Pointers PointerRebase.Scan - 3 examples found. These are the top rated real world C# (CSharp) examples of Squalr.Engine.Scanning.Scanners.Pointers.PointerRebase.Scan extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

Scan(3)

Example #1

Show file

        /// <summary>
        /// Performs a pointer scan for a given address.
        /// </summary>
        /// <param name="address">The address for which to perform a pointer scan.</param>
        /// <param name="maxOffset">The maximum pointer offset.</param>
        /// <param name="depth">The maximum pointer search depth.</param>
        /// <param name="alignment">The pointer scan alignment.</param>
        /// <param name="taskIdentifier">The unique identifier to prevent duplicate tasks.</param>
        /// <returns>Atrackable task that returns the scan results.</returns>
        public static TrackableTask <PointerBag> Scan(UInt64 newAddress, Int32 alignment, PointerBag oldPointerBag, String taskIdentifier = null)
        {
            try
            {
                return(TrackableTask <PointerBag>
                       .Create(PointerRetargetScan.Name, taskIdentifier, out UpdateProgress updateProgress, out CancellationToken cancellationToken)
                       .With(Task <PointerBag> .Run(() =>
                {
                    try
                    {
                        cancellationToken.ThrowIfCancellationRequested();

                        Stopwatch stopwatch = new Stopwatch();
                        stopwatch.Start();

                        // Step 1) Create a snapshot of the new target address
                        Snapshot targetAddress = new Snapshot(new SnapshotRegion[] { new SnapshotRegion(new ReadGroup(newAddress, oldPointerBag.PointerSize.ToSize(), oldPointerBag.PointerSize.ToDataType(), alignment), 0, oldPointerBag.PointerSize.ToSize()) });

                        // Step 2) Collect heap pointers
                        Snapshot heapPointers = SnapshotManager.GetSnapshot(Snapshot.SnapshotRetrievalMode.FromHeaps, oldPointerBag.PointerSize.ToDataType());
                        TrackableTask <Snapshot> heapValueCollector = ValueCollector.CollectValues(heapPointers);
                        heapPointers = heapValueCollector.Result;

                        // Step 3) Rebuild levels
                        IList <Level> levels = new List <Level>();

                        if (oldPointerBag.Depth > 0)
                        {
                            // Create 1st level with target address and previous static pointers
                            levels.Add(new Level(targetAddress, oldPointerBag.Levels.First().StaticPointers));

                            // Copy over all old static pointers, and replace the heaps with a full heap
                            foreach (Level level in oldPointerBag.Levels.Skip(1))
                            {
                                levels.Add(new Level(heapPointers, level.StaticPointers));
                            }
                        }

                        // Exit if canceled
                        cancellationToken.ThrowIfCancellationRequested();

                        // Step 4) Perform a rebase from the old static addresses onto the new heaps
                        PointerBag newPointerBag = new PointerBag(levels, oldPointerBag.MaxOffset, oldPointerBag.PointerSize);
                        TrackableTask <PointerBag> pointerRebaseTask = PointerRebase.Scan(newPointerBag, readMemory: true, performUnchangedScan: true);
                        PointerBag rebasedPointerBag = pointerRebaseTask.Result;

                        stopwatch.Stop();
                        Logger.Log(LogLevel.Info, "Pointer retarget complete in: " + stopwatch.Elapsed);

                        return rebasedPointerBag;
                    }
                    catch (OperationCanceledException ex)
                    {
                        Logger.Log(LogLevel.Warn, "Pointer retarget canceled", ex);
                    }
                    catch (Exception ex)
                    {
                        Logger.Log(LogLevel.Error, "Error performing pointer retarget", ex);
                    }

                    return null;
                }, cancellationToken)));
            }
            catch (TaskConflictException ex)
            {
                Logger.Log(LogLevel.Warn, "A pointer scan is already scheduled.");
                throw ex;
            }
        }

Example #2

Show file

File: PointerScan.cs Project: wau/Squalr

        /// <summary>
        /// Performs a pointer scan for a given address.
        /// </summary>
        /// <param name="address">The address for which to perform a pointer scan.</param>
        /// <param name="maxOffset">The maximum pointer offset.</param>
        /// <param name="depth">The maximum pointer search depth.</param>
        /// <param name="alignment">The pointer scan alignment.</param>
        /// <returns>Atrackable task that returns the scan results.</returns>
        public static TrackableTask <PointerBag> Scan(UInt64 address, UInt32 maxOffset, Int32 depth, Int32 alignment)
        {
            TrackableTask <PointerBag> pointerScanTask = TrackableTask <PointerBag> .Create(PointerScan.Name, out UpdateProgress updateProgress, out CancellationToken cancellationToken);

            return(pointerScanTask.With(Task.Factory.StartNew <PointerBag>(() =>
            {
                try
                {
                    cancellationToken.ThrowIfCancellationRequested();

                    PointerSize pointerSize = Processes.Default.IsOpenedProcess32Bit() ? PointerSize.Byte4 : PointerSize.Byte8;

                    Stopwatch stopwatch = new Stopwatch();
                    stopwatch.Start();

                    // Step 1) Create a snapshot of the target address
                    Snapshot targetAddress = new Snapshot(new SnapshotRegion[] { new SnapshotRegion(new ReadGroup(address, pointerSize.ToSize(), pointerSize.ToDataType(), alignment), 0, pointerSize.ToSize()) });

                    // Step 2) Collect static pointers
                    Snapshot staticPointers = SnapshotManager.GetSnapshot(Snapshot.SnapshotRetrievalMode.FromModules, pointerSize.ToDataType());
                    TrackableTask <Snapshot> valueCollector = ValueCollector.CollectValues(staticPointers);
                    staticPointers = valueCollector.Result;

                    // Step 3) Collect heap pointers
                    Snapshot heapPointers = SnapshotManager.GetSnapshot(Snapshot.SnapshotRetrievalMode.FromHeaps, pointerSize.ToDataType());
                    TrackableTask <Snapshot> heapValueCollector = ValueCollector.CollectValues(heapPointers);
                    heapPointers = heapValueCollector.Result;

                    // Step 3) Build levels
                    IList <Level> levels = new List <Level>();

                    if (depth > 0)
                    {
                        // Create 1st level with target address and static pointers
                        levels.Add(new Level(targetAddress, staticPointers));

                        // Initialize each level with all static addresses and all heap addresses
                        for (Int32 index = 0; index < depth - 1; index++)
                        {
                            levels.Add(new Level(heapPointers, staticPointers));
                        }
                    }

                    // Exit if canceled
                    cancellationToken.ThrowIfCancellationRequested();

                    // Step 4) Rebase to filter out unwanted pointers
                    PointerBag newPointerBag = new PointerBag(levels, maxOffset, pointerSize);
                    TrackableTask <PointerBag> pointerRebaseTask = PointerRebase.Scan(newPointerBag, readMemory: false, performUnchangedScan: false);
                    PointerBag rebasedPointerBag = pointerRebaseTask.Result;

                    // Exit if canceled
                    cancellationToken.ThrowIfCancellationRequested();

                    stopwatch.Stop();
                    Logger.Log(LogLevel.Info, "Pointer scan complete in: " + stopwatch.Elapsed);

                    return rebasedPointerBag;
                }
                catch (OperationCanceledException ex)
                {
                    Logger.Log(LogLevel.Warn, "Pointer scan canceled", ex);
                }
                catch (Exception ex)
                {
                    Logger.Log(LogLevel.Error, "Error performing pointer scan", ex);
                }

                return null;
            }, cancellationToken)));
        }

Example #3

Show file

File: PointerScan.cs Project: ilikemlik/Squalr

        /// <summary>
        /// Performs a pointer scan for a given address.
        /// </summary>
        /// <param name="address">The address for which to perform a pointer scan.</param>
        /// <param name="maxOffset">The maximum pointer offset.</param>
        /// <param name="depth">The maximum pointer search depth.</param>
        /// <param name="alignment">The pointer scan alignment.</param>
        /// <param name="taskIdentifier">The unique identifier to prevent duplicate tasks.</param>
        /// <returns>Atrackable task that returns the scan results.</returns>
        public static TrackableTask <PointerBag> Scan(Process process, UInt64 address, UInt32 maxOffset, Int32 depth, Int32 alignment, PointerSize pointerSize, String taskIdentifier = null)
        {
            try
            {
                return(TrackableTask <PointerBag>
                       .Create(PointerScan.Name, taskIdentifier, out UpdateProgress updateProgress, out CancellationToken cancellationToken)
                       .With(Task <PointerBag> .Run(() =>
                {
                    try
                    {
                        cancellationToken.ThrowIfCancellationRequested();

                        Stopwatch stopwatch = new Stopwatch();
                        stopwatch.Start();

                        // Step 1) Create a snapshot of the target address
                        Snapshot targetAddress = new Snapshot(new SnapshotRegion[] { new SnapshotRegion(new ReadGroup(address, pointerSize.ToSize()), 0, pointerSize.ToSize()) });

                        // Step 2) Collect static pointers
                        Snapshot staticPointers = SnapshotQuery.GetSnapshot(process, SnapshotQuery.SnapshotRetrievalMode.FromModules);
                        TrackableTask <Snapshot> valueCollector = ValueCollector.CollectValues(process, staticPointers);
                        staticPointers = valueCollector.Result;

                        // Step 3) Collect heap pointers
                        Snapshot heapPointers = SnapshotQuery.GetSnapshot(process, SnapshotQuery.SnapshotRetrievalMode.FromHeaps);
                        TrackableTask <Snapshot> heapValueCollector = ValueCollector.CollectValues(process, heapPointers);
                        heapPointers = heapValueCollector.Result;

                        // Step 4) Build levels
                        IList <Level> levels = new List <Level>();

                        if (depth > 0)
                        {
                            // Create 1st level with target address and static pointers
                            levels.Add(new Level(targetAddress, staticPointers));

                            // Initialize each level with all static addresses and all heap addresses
                            for (Int32 index = 0; index < depth - 1; index++)
                            {
                                levels.Add(new Level(heapPointers, staticPointers));
                            }
                        }

                        // Exit if canceled
                        cancellationToken.ThrowIfCancellationRequested();

                        // Step 4) Rebase to filter out unwanted pointers
                        PointerBag newPointerBag = new PointerBag(levels, maxOffset, pointerSize);
                        TrackableTask <PointerBag> pointerRebaseTask = PointerRebase.Scan(process, newPointerBag, readMemory: false, performUnchangedScan: false);
                        PointerBag rebasedPointerBag = pointerRebaseTask.Result;

                        // Exit if canceled
                        cancellationToken.ThrowIfCancellationRequested();

                        stopwatch.Stop();
                        Logger.Log(LogLevel.Info, "Pointer scan complete in: " + stopwatch.Elapsed);

                        return rebasedPointerBag;
                    }
                    catch (OperationCanceledException ex)
                    {
                        Logger.Log(LogLevel.Warn, "Pointer scan canceled", ex);
                    }
                    catch (Exception ex)
                    {
                        Logger.Log(LogLevel.Error, "Error performing pointer scan", ex);
                    }

                    return null;
                }, cancellationToken)));
            }
            catch (TaskConflictException ex)
            {
                Logger.Log(LogLevel.Warn, "A pointer scan is already scheduled.");
                throw ex;
            }
        }