private IpcCircularBuffer(Section section, string sectionName, Semaphore readSemaphore, Semaphore writeSemaphore) { BufferHeader header; _section = section; _sectionView = section.MapView(Marshal.SizeOf(typeof(BufferHeader))); header = _sectionView.ReadStruct <BufferHeader>(); _sectionView.Dispose(); if (readSemaphore == null || writeSemaphore == null) { _readSemaphore = new Semaphore(sectionName + "_" + header.ReadSemaphoreId.ToString("x")); _writeSemaphore = new Semaphore(sectionName + "_" + header.WriteSemaphoreId.ToString("x")); } else { _readSemaphore = readSemaphore; _writeSemaphore = writeSemaphore; } _sectionView = _section.MapView(header.BlockSize * header.NumberOfBlocks); _header = (BufferHeader *)_sectionView.Memory; _data = &_header->Data; }
protected override void DisposeObject(bool disposing) { if (_view != null) { _view.Dispose(disposing); } }
public MainWindow() { InitializeComponent(); Win32.LoadLibrary("C:\\Program Files\\Debugging Tools for Windows (x86)\\dbghelp.dll"); SymbolProvider symbols = new SymbolProvider(ProcessHandle.Current); SymbolProvider.Options |= SymbolOptions.PublicsOnly; IntPtr ntdllBase = Loader.GetDllHandle("ntdll.dll"); FileHandle ntdllFileHandle = null; Section section = null; ProcessHandle.Current.EnumModules((module) => { if (module.BaseName.Equals("ntdll.dll", StringComparison.InvariantCultureIgnoreCase)) { section = new Section( ntdllFileHandle = new FileHandle(@"\??\" + module.FileName, FileShareMode.ReadWrite, FileAccess.GenericExecute | FileAccess.GenericRead ), true, MemoryProtection.ExecuteRead ); symbols.LoadModule(module.FileName, module.BaseAddress, module.Size); return(false); } return(true); }); SectionView view = section.MapView((int)ntdllFileHandle.GetSize()); ntdllFileHandle.Dispose(); symbols.EnumSymbols("ntdll!Zw*", (symbol) => { int number = Marshal.ReadInt32( (symbol.Address.ToIntPtr().Decrement(ntdllBase)).Increment(view.Memory).Increment(1)); _sysCallNames.Add( number, "Nt" + symbol.Name.Substring(2) ); _reverseSysCallNames.Add( "Nt" + symbol.Name.Substring(2), number ); return(true); }); view.Dispose(); section.Dispose(); symbols.Dispose(); KProcessHacker.Instance = new KProcessHacker(); _logger = new SsLogger(4096, false); _logger.EventBlockReceived += new EventBlockReceivedDelegate(logger_EventBlockReceived); _logger.ArgumentBlockReceived += new ArgumentBlockReceivedDelegate(logger_ArgumentBlockReceived); _logger.AddProcessIdRule(FilterType.Exclude, ProcessHandle.GetCurrentId()); _logger.AddPreviousModeRule(FilterType.Include, KProcessorMode.UserMode); //_logger.Start(); listEvents.SetDoubleBuffered(true); }