/// <summary>
/// Called when the repeated task completes.
/// </summary>
protected override void OnEnd()
{
// Prefilter items with negative penalties (ie constantly changing variables)
this.Snapshot.SetAllValidBits(false);
foreach (SnapshotRegion region in this.Snapshot)
{
for (IEnumerator <SnapshotElementIterator> enumerator = region.IterateElements(PointerIncrementMode.LabelsOnly); enumerator.MoveNext();)
{
SnapshotElementIterator element = enumerator.Current;
if ((Int16)element.ElementLabel > 0)
{
element.SetValid(true);
}
}
}
this.Snapshot.DiscardInvalidRegions();
SnapshotManager.GetInstance().SaveSnapshot(this.Snapshot);
this.CleanUp();
LabelThresholderViewModel.GetInstance().OpenLabelThresholder();
}
/// <summary>
/// Prevents a default instance of the <see cref="ScanResultsViewModel" /> class from being created.
/// </summary>
private ScanResultsViewModel() : base("Scan Results")
{
this.ContentId = ScanResultsViewModel.ToolContentId;
this.ChangeTypeSByteCommand = new RelayCommand(() => Task.Run(() => this.ChangeType(typeof(SByte))), () => true);
this.ChangeTypeInt16Command = new RelayCommand(() => Task.Run(() => this.ChangeType(typeof(Int16))), () => true);
this.ChangeTypeInt32Command = new RelayCommand(() => Task.Run(() => this.ChangeType(typeof(Int32))), () => true);
this.ChangeTypeInt64Command = new RelayCommand(() => Task.Run(() => this.ChangeType(typeof(Int64))), () => true);
this.ChangeTypeByteCommand = new RelayCommand(() => Task.Run(() => this.ChangeType(typeof(Byte))), () => true);
this.ChangeTypeUInt16Command = new RelayCommand(() => Task.Run(() => this.ChangeType(typeof(UInt16))), () => true);
this.ChangeTypeUInt32Command = new RelayCommand(() => Task.Run(() => this.ChangeType(typeof(UInt32))), () => true);
this.ChangeTypeUInt64Command = new RelayCommand(() => Task.Run(() => this.ChangeType(typeof(UInt64))), () => true);
this.ChangeTypeSingleCommand = new RelayCommand(() => Task.Run(() => this.ChangeType(typeof(Single))), () => true);
this.ChangeTypeDoubleCommand = new RelayCommand(() => Task.Run(() => this.ChangeType(typeof(Double))), () => true);
this.FirstPageCommand = new RelayCommand(() => Task.Run(() => this.FirstPage()), () => true);
this.LastPageCommand = new RelayCommand(() => Task.Run(() => this.LastPage()), () => true);
this.PreviousPageCommand = new RelayCommand(() => Task.Run(() => this.PreviousPage()), () => true);
this.NextPageCommand = new RelayCommand(() => Task.Run(() => this.NextPage()), () => true);
this.AddAddressCommand = new RelayCommand <ScanResult>((address) => Task.Run(() => this.AddAddress(address)), (address) => true);
this.ScanResultsObservers = new List <IScanResultsObserver>();
this.ObserverLock = new Object();
this.ActiveType = typeof(Int32);
this.addresses = new ObservableCollection <ScanResult>();
SnapshotManager.GetInstance().Subscribe(this);
MainViewModel.GetInstance().Subscribe(this);
this.UpdateScanResults();
}
public void ApplyThreshold()
{
lock (this.SnapshotLock)
{
if (this.Snapshot == null)
{
return;
}
}
Object lowerValue = this.Histogram.Keys[this.LowerIndex];
Object upperValue = this.Histogram.Keys[this.UpperIndex];
lock (this.SnapshotLock)
{
if (!this.Inverted)
{
this.Snapshot.SetAllValidBits(false);
foreach (SnapshotRegion region in this.Snapshot)
{
for (IEnumerator <SnapshotElementIterator> enumerator = region.IterateElements(PointerIncrementMode.LabelsOnly); enumerator.MoveNext();)
{
SnapshotElementIterator element = enumerator.Current;
dynamic label = element.GetElementLabel();
if (label >= lowerValue && label <= upperValue)
{
element.SetValid(true);
}
}
}
}
else
{
this.Snapshot.SetAllValidBits(true);
foreach (SnapshotRegion region in this.Snapshot)
{
for (IEnumerator <SnapshotElementIterator> enumerator = region.IterateElements(PointerIncrementMode.LabelsOnly); enumerator.MoveNext();)
{
SnapshotElementIterator element = enumerator.Current;
dynamic label = element.GetElementLabel();
if (label >= lowerValue && label <= upperValue)
{
element.SetValid(false);
}
}
}
}
this.Snapshot.DiscardInvalidRegions();
}
SnapshotManager.GetInstance().SaveSnapshot(this.Snapshot);
this.UpdateHistogram(forceUpdate: true);
}
/// <summary>
/// Called when the repeated task completes.
/// </summary>
protected override void OnEnd()
{
SnapshotManager.GetInstance().SaveSnapshot(this.Snapshot);
LabelThresholderViewModel.GetInstance().OpenLabelThresholder();
this.Snapshot = null;
base.OnEnd();
}
/// <summary>
/// Called when the scan ends.
/// </summary>
protected override void OnEnd()
{
this.Snapshot.DiscardInvalidRegions();
SnapshotManager.GetInstance().SaveSnapshot(this.Snapshot);
Snapshot = null;
base.OnEnd();
}
/// <summary>
/// Performs the value collection scan.
/// </summary>
protected override void OnBegin()
{
Snapshot snapshot = SnapshotManager.GetInstance().GetActiveSnapshot(createIfNone: true).Clone(this.ScannerName);
snapshot.ReadAllMemory();
SnapshotManager.GetInstance().SaveSnapshot(snapshot);
base.OnBegin();
}
public LabelThresholderModel(Action onUpdateHistogram) : base(
scannerName: "Label Thresholder",
isRepeated: false,
dependencyBehavior: null)
{
this.ItemLock = new Object();
this.SnapshotLock = new Object();
this.ProgressLock = new Object();
this.OnUpdateHistogram = onUpdateHistogram;
Task.Run(() => SnapshotManager.GetInstance().Subscribe(this));
}
/// <summary>
/// Gets the snapshot generated by the prefilter.
/// </summary>
/// <returns>The snapshot generated by the prefilter.</returns>
public Snapshot GetPrefilteredSnapshot()
{
Snapshot snapshot = SnapshotManager.GetInstance().CreateSnapshotFromSettings();
foreach (ISnapshotPrefilter prefilter in this.Prefilters)
{
snapshot = prefilter.Apply(snapshot);
}
return(snapshot);
}
public LabelThresholderModel(Action onUpdateHistogram) : base(
taskName: "Label Thresholder",
isRepeated: false,
trackProgress: true
)
{
this.ItemLock = new Object();
this.SnapshotLock = new Object();
this.ProgressLock = new Object();
this.OnUpdateHistogram = onUpdateHistogram;
Task.Run(() => SnapshotManager.GetInstance().Subscribe(this));
}
public void ApplyThreshold()
{
lock (this.SnapshotLock)
{
if (this.Snapshot == null)
{
return;
}
}
dynamic lowerValue = this.Histogram.Keys[this.LowerIndex];
dynamic upperValue = this.Histogram.Keys[this.UpperIndex];
lock (this.SnapshotLock)
{
if (!this.Inverted)
{
this.Snapshot.SetAllValidBits(false);
foreach (SnapshotRegion region in this.Snapshot)
{
foreach (SnapshotElementRef element in region)
{
if (((dynamic)element).GetElementLabel() >= lowerValue && ((dynamic)element).GetElementLabel() <= upperValue)
{
element.SetValid(true);
}
}
}
}
else
{
this.Snapshot.SetAllValidBits(true);
foreach (SnapshotRegion region in this.Snapshot)
{
foreach (SnapshotElementRef element in region)
{
if (((dynamic)element).GetElementLabel() >= lowerValue && ((dynamic)element).GetElementLabel() <= upperValue)
{
element.SetValid(false);
}
}
}
}
this.Snapshot.DiscardInvalidRegions();
}
SnapshotManager.GetInstance().SaveSnapshot(this.Snapshot);
this.UpdateHistogram(forceUpdate: true);
}
/// <summary>
/// Called when the scan begins.
/// </summary>
protected override void OnBegin()
{
// Initialize snapshot
this.Snapshot = SnapshotManager.GetInstance().GetActiveSnapshot(createIfNone: true).Clone(this.ScannerName);
if (this.Snapshot == null || this.ScanConstraintManager == null || this.ScanConstraintManager.Count() <= 0)
{
this.Cancel();
return;
}
this.Snapshot.SetAllValidBits(true);
}
/// <summary>
/// Called when the scan ends.
/// </summary>
protected override void OnEnd()
{
if (this.CallBack == null)
{
SnapshotManager.GetInstance().SaveSnapshot(this.Snapshot);
}
else
{
this.CallBack?.Invoke(this.Snapshot);
}
this.Snapshot = null;
this.UpdateProgress(ScheduledTask.MaximumProgress);
}
/// <summary>
/// Loads the results for the current page.
/// </summary>
private void LoadScanResults()
{
Snapshot snapshot = SnapshotManager.GetInstance().GetActiveSnapshot(createIfNone: false);
ObservableCollection <ScanResult> newAddresses = new ObservableCollection <ScanResult>();
if (snapshot == null)
{
this.addresses = newAddresses;
this.RaisePropertyChanged(nameof(this.Addresses));
return;
}
UInt64 startIndex = Math.Min(ScanResultsViewModel.PageSize * this.CurrentPage, snapshot.ElementCount);
UInt64 endIndex = Math.Min((ScanResultsViewModel.PageSize * this.CurrentPage) + ScanResultsViewModel.PageSize, snapshot.ElementCount);
for (UInt64 index = startIndex; index < endIndex; index++)
{
SnapshotElementIterator element = snapshot[index];
String label = String.Empty;
if (element.GetElementLabel() != null)
{
label = element.GetElementLabel().ToString();
}
String currentValue = String.Empty;
if (element.HasCurrentValue())
{
currentValue = element.GetCurrentValue().ToString();
}
String previousValue = String.Empty;
if (element.HasPreviousValue())
{
previousValue = element.GetPreviousValue().ToString();
}
newAddresses.Add(new ScanResult(element.BaseAddress, currentValue, previousValue, label));
}
this.addresses = newAddresses;
this.RaisePropertyChanged(nameof(this.Addresses));
// Ensure results are visible
this.IsVisible = true;
this.IsSelected = true;
this.IsActive = true;
}
protected override void OnBegin()
{
// Initialize labeled snapshot
this.Snapshot = SnapshotManager.GetInstance().GetActiveSnapshot(createIfNone: true).Clone();
this.Snapshot.LabelType = typeof(UInt16);
if (this.Snapshot == null)
{
return;
}
// Initialize change counts to zero
this.Snapshot.SetElementLabels <UInt16>(0);
base.OnBegin();
}
protected override void OnBegin()
{
this.InitializeObjects();
// Initialize labeled snapshot
this.Snapshot = SnapshotManager.GetInstance().GetActiveSnapshot(createIfNone: true).Clone(this.TaskName);
this.Snapshot.SetLabelType(typeof(Int16));
if (this.Snapshot == null)
{
this.Cancel();
return;
}
// Initialize with no correlation
this.Snapshot.SetElementLabels <Int16>(0);
this.TimeOutIntervalMs = SettingsViewModel.GetInstance().InputCorrelatorTimeOutInterval;
}
/// <summary>
/// Prevents a default instance of the <see cref="ScanResultsViewModel" /> class from being created.
/// </summary>
private ScanResultsViewModel() : base("Scan Results")
{
this.ContentId = ScanResultsViewModel.ToolContentId;
this.ChangeTypeCommand = new RelayCommand <Type>((type) => Task.Run(() => this.ChangeType(type)), (type) => true);
this.SelectScanResultsCommand = new RelayCommand <Object>((selectedItems) => this.SelectedScanResults = (selectedItems as IList)?.Cast <ScanResult>(), (selectedItems) => true);
this.FirstPageCommand = new RelayCommand(() => Task.Run(() => this.FirstPage()), () => true);
this.LastPageCommand = new RelayCommand(() => Task.Run(() => this.LastPage()), () => true);
this.PreviousPageCommand = new RelayCommand(() => Task.Run(() => this.PreviousPage()), () => true);
this.NextPageCommand = new RelayCommand(() => Task.Run(() => this.NextPage()), () => true);
this.AddScanResultCommand = new RelayCommand <ScanResult>((scanResult) => Task.Run(() => this.AddScanResult(scanResult)), (scanResult) => true);
this.AddScanResultsCommand = new RelayCommand <Object>((selectedItems) => Task.Run(() => this.AddScanResults(this.SelectedScanResults)), (selectedItems) => true);
this.ScanResultsObservers = new List <IScanResultsObserver>();
this.ObserverLock = new Object();
this.ActiveType = typeof(Int32);
this.addresses = new ObservableCollection <ScanResult>();
SnapshotManager.GetInstance().Subscribe(this);
DockingViewModel.GetInstance().RegisterViewModel(this);
this.UpdateScanResults();
}
/// <summary>
/// Called when the repeated task completes.
/// </summary>
protected override void OnEnd()
{
// Prefilter items with negative penalties (ie constantly changing variables)
this.Snapshot.SetAllValidBits(false);
foreach (SnapshotRegion region in this.Snapshot)
{
foreach (SnapshotElementRef element in region)
{
if ((Int16)element.ElementLabel > 0)
{
element.SetValid(true);
}
}
}
this.Snapshot.DiscardInvalidRegions();
SnapshotManager.GetInstance().SaveSnapshot(this.Snapshot);
this.CleanUp();
LabelThresholderViewModel.GetInstance().OpenLabelThresholder();
base.OnEnd();
}
/// <summary>
/// Called when the scan ends.
/// </summary>
protected override void OnEnd()
{
SnapshotManager.GetInstance().SaveSnapshot(this.Snapshot);
Snapshot = null;
}
/// <summary>
/// Queries virtual pages from the OS to dertermine if any allocations or deallocations have happened.
/// </summary>
/// <returns>The collected pages.</returns>
private IEnumerable <RegionProperties> CollectNewPages()
{
List <RegionProperties> newRegions = new List <RegionProperties>();
// Gather current regions from the target process
IEnumerable <NormalizedRegion> queriedVirtualRegions = SnapshotManager.GetInstance().CollectSnapshotRegions();
List <NormalizedRegion> queriedChunkedRegions = new List <NormalizedRegion>();
// Chunk all virtual regions into a standardized size
queriedVirtualRegions.ForEach(x => queriedChunkedRegions.AddRange(x.ChunkNormalizedRegion(ChunkLinkedListPrefilter.ChunkSize)));
// Sort our lists (descending)
IOrderedEnumerable <NormalizedRegion> queriedRegionsSorted = queriedChunkedRegions.OrderByDescending(x => x.BaseAddress.ToUInt64());
IOrderedEnumerable <RegionProperties> currentRegionsSorted;
lock (this.ChunkLock)
{
currentRegionsSorted = this.ChunkList.OrderByDescending(x => x.BaseAddress.ToUInt64());
}
// Create comparison stacks
Stack <RegionProperties> currentRegionStack = new Stack <RegionProperties>();
Stack <NormalizedRegion> queriedRegionStack = new Stack <NormalizedRegion>();
currentRegionsSorted.ForEach(x => currentRegionStack.Push(x));
queriedRegionsSorted.ForEach(x => queriedRegionStack.Push(x));
// Begin stack based comparison algorithm to resolve our chunk processing queue
NormalizedRegion queriedRegion = queriedRegionStack.Count == 0 ? null : queriedRegionStack.Pop();
RegionProperties currentRegion = currentRegionStack.Count == 0 ? null : currentRegionStack.Pop();
while (queriedRegionStack.Count > 0 && currentRegionStack.Count > 0)
{
if (queriedRegion < currentRegion)
{
// New region we have not seen yet
newRegions.Add(new RegionProperties(queriedRegion));
queriedRegion = queriedRegionStack.Pop();
}
else if (queriedRegion > currentRegion)
{
// Region that went missing (deallocated)
currentRegion = currentRegionStack.Pop();
}
else
{
// Region we have already seen
queriedRegion = queriedRegionStack.Pop();
currentRegion = currentRegionStack.Pop();
}
}
// Add remaining queried regions
while (queriedRegionStack.Count > 0)
{
newRegions.Add(new RegionProperties(queriedRegion));
queriedRegion = queriedRegionStack.Pop();
}
return(newRegions);
}
/// <summary>
/// Performs the value collection scan.
/// </summary>
protected override void OnBegin()
{
this.Snapshot = SnapshotManager.GetInstance().GetActiveSnapshot(createIfNone: true).Clone(this.TaskName);
}
/// <summary>
/// Gradually gathers pointers in the running process.
/// </summary>
private void GatherPointers()
{
Boolean isOpenedProcess32Bit = EngineCore.GetInstance().Processes.IsOpenedProcess32Bit();
dynamic invalidPointerMin = isOpenedProcess32Bit ? (UInt32)UInt16.MaxValue : (UInt64)UInt16.MaxValue;
dynamic invalidPointerMax = isOpenedProcess32Bit ? Int32.MaxValue : Int64.MaxValue;
ConcurrentHashSet <IntPtr> foundPointers = new ConcurrentHashSet <IntPtr>();
// Test for conditions where we set the final found set and take a new snapshot to parse
if (this.CurrentSnapshot == null || this.CurrentSnapshot.GetRegionCount() <= 0 || this.processedCount >= this.CurrentSnapshot.GetRegionCount())
{
this.processedCount = 0;
this.CurrentSnapshot = SnapshotManager.GetInstance().CollectSnapshot(useSettings: true, usePrefilter: false).Clone();
this.FoundPointers = this.ConstructingSet;
this.ConstructingSet = new HashSet <IntPtr>();
}
List <SnapshotRegion> sortedRegions = new List <SnapshotRegion>(this.CurrentSnapshot.GetSnapshotRegions().OrderBy(x => x.GetTimeSinceLastRead()));
// Process the allowed amount of chunks from the priority queue
Parallel.For(
0,
Math.Min(sortedRegions.Count, PointerCollector.RegionLimit),
SettingsViewModel.GetInstance().ParallelSettings,
(index) =>
{
Interlocked.Increment(ref this.processedCount);
SnapshotRegion region = sortedRegions[index];
Boolean success;
// Set to type of a pointer
region.ElementType = EngineCore.GetInstance().Processes.IsOpenedProcess32Bit() ? typeof(UInt32) : typeof(UInt64);
// Enforce 4-byte alignment of pointers
region.Alignment = sizeof(Int32);
// Read current page data for chunk
region.ReadAllRegionMemory(out success);
// Read failed; Deallocated page
if (!success)
{
return;
}
if (region.GetCurrentValues() == null || region.GetCurrentValues().Length <= 0)
{
return;
}
foreach (SnapshotElementRef element in region)
{
// Enforce user mode memory pointers
if (element.LessThanValue(invalidPointerMin) || element.GreaterThanValue(invalidPointerMax))
{
continue;
}
// Enforce 4-byte alignment of destination
if (element.GetCurrentValue() % 4 != 0)
{
continue;
}
IntPtr Value = new IntPtr(element.GetCurrentValue());
// Check if it is possible that this pointer is valid, if so keep it
if (this.CurrentSnapshot.ContainsAddress(Value))
{
foundPointers.Add(Value);
}
}
// Clear the saved values, we do not need them now
region.SetCurrentValues(null);
});
IEnumerable <IntPtr> pointers = foundPointers.ToList();
this.ConstructingSet.UnionWith(pointers);
this.FoundPointers.UnionWith(pointers);
}
