public static bool TryGetSizeOfImage(DbgProcess process, ulong address, bool isFileLayout, out uint imageSize) { imageSize = 0; try { var buffer = new byte[0x2000]; process.ReadMemory(address, buffer, 0, buffer.Length); if (BitConverter.ToUInt16(buffer, 0) != 0x5A4D) { return(false); } using (var peImage = new PEImage(buffer, null, isFileLayout ? ImageLayout.File : ImageLayout.Memory, verify: true)) { ulong length = GetImageSize(peImage); Debug.Assert(length <= uint.MaxValue); if (length > uint.MaxValue) { return(false); } imageSize = (uint)length; return(true); } } catch (BadImageFormatException) { return(false); } catch (IOException) { return(false); } catch (Exception ex) { Debug.Fail(ex.ToString()); return(false); } }
public unsafe override void UpdateMemory() { if (disposed) { throw new ObjectDisposedException(nameof(DbgRawMetadataImpl)); } process?.ReadMemory(moduleAddress, address.ToPointer(), size); }
public unsafe DbgRawMetadataImpl(DbgProcess process, bool isFileLayout, ulong moduleAddress, int moduleSize) { lockObj = new object(); referenceCounter = 1; this.isFileLayout = isFileLayout; size = moduleSize; isProcessMemory = true; try { // Prevent allocation on the LOH. We'll also be able to free the memory as soon as it's not needed. address = NativeMethods.VirtualAlloc(IntPtr.Zero, new IntPtr(moduleSize), NativeMethods.MEM_COMMIT, NativeMethods.PAGE_READWRITE); if (address == IntPtr.Zero) { throw new OutOfMemoryException(); } process.ReadMemory(moduleAddress, (byte *)address.ToPointer(), size); (metadataAddress, metadataSize) = GetMetadataInfo(); } catch { Dispose(); throw; } }
public unsafe DbgRawMetadataImpl(DbgProcess process, bool isFileLayout, ulong moduleAddress, int moduleSize) { lockObj = new object(); referenceCounter = 1; this.isFileLayout = isFileLayout; size = moduleSize; try { // Prevent allocation on the LOH. We'll also be able to free the memory as soon as it's not needed. address = NativeMethods.VirtualAlloc(IntPtr.Zero, new IntPtr(moduleSize), NativeMethods.MEM_COMMIT, NativeMethods.PAGE_READWRITE); if (address == IntPtr.Zero) { throw new OutOfMemoryException(); } process.ReadMemory(moduleAddress, (byte *)address.ToPointer(), size); try { var peImage = new PEImage(address, size, isFileLayout ? ImageLayout.File : ImageLayout.Memory, true); var dotNetDir = peImage.ImageNTHeaders.OptionalHeader.DataDirectories[14]; if (dotNetDir.VirtualAddress != 0 && dotNetDir.Size >= 0x48) { var cor20 = new ImageCor20Header(peImage.CreateStream(dotNetDir.VirtualAddress, 0x48), true); var mdStart = (long)peImage.ToFileOffset(cor20.MetaData.VirtualAddress); metadataAddress = new IntPtr((byte *)address + mdStart); metadataSize = (int)cor20.MetaData.Size; } } catch (Exception ex) when(ex is IOException || ex is BadImageFormatException) { Debug.Fail("Couldn't read .NET metadata"); } } catch { Dispose(); throw; } }
int?GetOffsetToArrayData() { var byteType = thread.Domain.Corlib.GetType("System.Byte"); var arrayType = thread.Domain.Corlib.GetType("System.Array"); var typeType = thread.Domain.Corlib.GetType("System.Type"); if (byteType is null || arrayType is null || typeType is null) { return(null); } var createInstanceMethod = GetCreateInstance(arrayType); if (createInstanceMethod is null) { return(null); } var args = new Value[2] { byteType.GetTypeObject(), new PrimitiveValue(thread.VirtualMachine, ElementType.I4, randomData.Length), }; var arrayMirror = Call(createInstanceMethod, args) as ArrayMirror; if (arrayMirror is null) { return(null); } var threadTmp = thread; arrayMirror.SetValues(0, randomData.Select(a => new PrimitiveValue(threadTmp.VirtualMachine, ElementType.U1, a)).ToArray()); var arrayData = process.ReadMemory((ulong)arrayMirror.Address, randomData.Length + 0x80); var res = GetIndex(arrayData, randomData); arrayMirror.SetValues(0, randomData.Select(a => new PrimitiveValue(threadTmp.VirtualMachine, ElementType.U1, (byte)0)).ToArray()); return(res); }
public void Initialize(DbgProcess process, ulong address) { process.ReadMemory(address, data); dataIndex = 0; }