Exemple #1
0
        unsafe void IProgressTask.Execute(IProgress progress)
        {
            this.progress = progress;
            if (infos.Length == 0)
            {
                return;
            }

            uint maxSize = infos.Max(a => a.Size);
            var  buf     = new byte[maxSize];

            byte[] buf2 = null;
            foreach (var info in infos)
            {
                progress.ThrowIfCancellationRequested();
                progress.SetDescription(Path.GetFileName(info.Filename));

                simpleProcessReader.Read(info.ProcessHandle, info.Address, buf, 0, info.Size);
                progress.ThrowIfCancellationRequested();
                currentProgress++;
                progress.SetTotalProgress(currentProgress);

                byte[] data     = buf;
                int    dataSize = (int)info.Size;
                if (info.MemoryLayout)
                {
                    if (buf2 == null)
                    {
                        buf2 = new byte[buf.Length];
                    }
                    data = buf2;
                    progress.ThrowIfCancellationRequested();
                    Array.Clear(buf2, 0, dataSize);
                    WritePEFile(buf, buf2, dataSize, out dataSize);
                }

                var file = File.Create(info.Filename);
                try {
                    file.Write(data, 0, dataSize);
                    currentProgress++;
                    progress.SetTotalProgress(currentProgress);
                }
                catch {
                    file.Dispose();
                    try { File.Delete(info.Filename); }
                    catch { }
                    throw;
                }
                finally {
                    file.Dispose();
                }
            }
        }
        public bool UpdateMemory()
        {
            if (Process.HasExited)
            {
                return(false);
            }
            //TODO: Only compare the smallest possible region, eg. all MD and IL bodies. Don't include writable sects.
            var newData = new byte[data.Length];

            simpleProcessReader.Read(Process.CorProcess.Handle, Address, newData, 0, data.Length);
            if (Equals(data, newData))
            {
                return(false);
            }
            Array.Copy(newData, data, data.Length);
            return(true);
        }
        public static MemoryModuleDefFile Create(SimpleProcessReader simpleProcessReader, DnModule dnModule, bool loadSyms)
        {
            Debug.Assert(!dnModule.IsDynamic);
            Debug.Assert(dnModule.Address != 0);
            ulong  address  = dnModule.Address;
            var    process  = dnModule.Process;
            var    data     = new byte[dnModule.Size];
            string location = dnModule.IsInMemory ? string.Empty : dnModule.Name;

            simpleProcessReader.Read(process.CorProcess.Handle, address, data, 0, data.Length);

            var peImage = new PEImage(data, GetImageLayout(dnModule), true);
            var module  = ModuleDefMD.Load(peImage);

            module.Location = location;
            bool autoUpdateMemory = false;            //TODO: Init to default value

            if (GacInfo.IsGacPath(dnModule.Name))
            {
                autoUpdateMemory = false;                       // GAC files are not likely to decrypt methods in memory
            }
            return(new MemoryModuleDefFile(simpleProcessReader, process, address, data, dnModule.IsInMemory, module, loadSyms, autoUpdateMemory));
        }
		public static MemoryModuleDefFile Create(SimpleProcessReader simpleProcessReader, DnModule dnModule, bool loadSyms) {
			Debug.Assert(!dnModule.IsDynamic);
			Debug.Assert(dnModule.Address != 0);
			ulong address = dnModule.Address;
			var process = dnModule.Process;
			var data = new byte[dnModule.Size];
			string location = dnModule.IsInMemory ? string.Empty : dnModule.Name;

			simpleProcessReader.Read(process.CorProcess.Handle, address, data, 0, data.Length);

			var peImage = new PEImage(data, GetImageLayout(dnModule), true);
			var module = ModuleDefMD.Load(peImage);
			module.Location = location;
			bool autoUpdateMemory = false;//TODO: Init to default value
			if (GacInfo.IsGacPath(dnModule.Name))
				autoUpdateMemory = false;	// GAC files are not likely to decrypt methods in memory
			return new MemoryModuleDefFile(simpleProcessReader, process, address, data, dnModule.IsInMemory, module, loadSyms, autoUpdateMemory);
		}