public Vtero(string MemoryDump) :this()
{
MemFile = MemoryDump.ToLower();
if (MemFile.EndsWith(".dmp"))
{
var dump = new CrashDump(MemFile);
if (dump.IsSupportedFormat())
DetectedDesc = dump.PhysMemDesc;
}
else if(MemFile.EndsWith(".vmss") || MemFile.EndsWith(".vmsn") || MemFile.EndsWith(".vmem"))
{
var dump = new VMWare(MemFile);
if (dump.IsSupportedFormat())
{
DetectedDesc = dump.PhysMemDesc;
MemFile = dump.MemFile;
}
}
scan = new Scanner(MemFile);
FileSize = new FileInfo(MemFile).Length;
}
void DeriveMemoryDescriptors()
{
if (ProgressBarz.BaseMessage == null || string.IsNullOrWhiteSpace(ProgressBarz.BaseMessage.ToString()))
ProgressBarz.BaseMessage = new ConsoleString("Value Scan for memory descriptors in progress");
AMemoryRunDetector Detected = null;
if (MemFile.EndsWith(".dmp"))
{
Detected = new CrashDump(MemFile);
Detected.IsSupportedFormat(this);
} else if (MemFile.EndsWith(".vmem"))
{
Detected = new VMWare(MemFile);
if (Detected.IsSupportedFormat(this))
MemFile = Detected.MemFile;
}
// try XEN!
if(Detected == null)
{
Detected = new XEN(MemFile);
if (Detected != null)
Detected.IsSupportedFormat(this);
}
// if the memory run is defined as 0 count then it's implicitly 1
if (Detected == null || Detected.PhysMemDesc == null || Detected.PhysMemDesc.NumberOfPages < 1)
{
Detected = new BasicRunDetector(MemFile);
if (Detected != null)
Detected.IsSupportedFormat(this);
}
if (Vtero.VerboseOutput)
{
if (Detected.LogicalPhysMemDesc != null)
WriteColor(ConsoleColor.Yellow, $"Windows/Logical Memory Run: {Detected.LogicalPhysMemDesc}" + Environment.NewLine + Environment.NewLine + Environment.NewLine);
else if (Detected.PhysMemDesc != null)
WriteColor(ConsoleColor.Green, $"HW Memory Run: {Detected.PhysMemDesc}" + Environment.NewLine + Environment.NewLine + Environment.NewLine);
}
MRD = Detected;
MemAccess = Mem.InitMem(MemFile, Detected);
}
