/// <summary>
/// Loads the results for the current page.
/// </summary>
private void LoadScanResults()
{
Snapshot snapshot = SnapshotManager.GetSnapshot(Snapshot.SnapshotRetrievalMode.FromActiveSnapshot, this.ActiveType);
IList <ScanResult> newAddresses = new List <ScanResult>();
if (snapshot != null)
{
UInt64 startIndex = Math.Min(ScanResultsViewModel.PageSize * this.CurrentPage, snapshot.ElementCount);
UInt64 endIndex = Math.Min((ScanResultsViewModel.PageSize * this.CurrentPage) + ScanResultsViewModel.PageSize, snapshot.ElementCount);
for (UInt64 index = startIndex; index < endIndex; index++)
{
SnapshotElementIndexer element = snapshot[index];
String label = element.GetElementLabel() != null?element.GetElementLabel().ToString() : String.Empty;
Object currentValue = element.HasCurrentValue() ? element.LoadCurrentValue() : null;
Object previousValue = element.HasPreviousValue() ? element.LoadPreviousValue() : null;
String moduleName = String.Empty;
UInt64 address = Query.Default.AddressToModule(element.BaseAddress, out moduleName);
PointerItem pointerItem = new PointerItem(baseAddress: address, dataType: this.ActiveType, moduleName: moduleName, value: currentValue);
newAddresses.Add(new ScanResult(new PointerItemView(pointerItem), previousValue, label));
}
}
this.Addresses = new FullyObservableCollection <ScanResult>(newAddresses);
// Ensure results are visible
this.IsVisible = true;
this.IsSelected = true;
this.IsActive = true;
}
private ExtractedPointer ExtractRandomPointer(Snapshot snapshot)
{
SnapshotRegion extractedRegion = snapshot.SnapshotRegions[Random.Next(0, snapshot.SnapshotRegions.Length)];
SnapshotElementIndexer extractedElement = extractedRegion[Random.Next(0, extractedRegion.GetElementCount(PointerSize.ToSize()))];
return(this.ExtractPointerFromElement(extractedElement));
}
private void StartScan(int index, Int64 searchAddress, bool validatingProcess = false)
{
if (index > 0)
{
SnapshotManager.ClearSnapshots();
}
ConstraintNode scanConstraints = new ScanConstraint(ScanConstraint.ConstraintType.Equal, searchAddress, dataType);
TrackableTask <Snapshot> valueCollectorTask = ValueCollector.CollectValues(
SnapshotManager.GetSnapshot(Snapshot.SnapshotRetrievalMode.FromActiveSnapshotOrPrefilter, dataType),
TrackableTask.UniversalIdentifier);
valueCollectorTask.OnCompletedEvent += ((completedValueCollectionTask) =>
{
Snapshot snapshot = valueCollectorTask.Result;
TrackableTask <Snapshot> scanTask = ManualScanner.Scan(
snapshot,
scanConstraints,
TrackableTask.UniversalIdentifier);
SnapshotManager.SaveSnapshot(scanTask.Result);
snapshot = scanTask.Result;
scannedAddresses.Add(new List <Int64>());
if (snapshot != null)
{
for (UInt64 i = 0; i < snapshot.ElementCount; ++i)
{
SnapshotElementIndexer element = snapshot[i];
Object currentValue = element.HasCurrentValue() ? element.LoadCurrentValue() : null;
Object previousValue = element.HasPreviousValue() ? element.LoadPreviousValue() : null;
String moduleName = String.Empty;
UInt64 address = Query.Default.AddressToModule(element.BaseAddress, out moduleName);
PointerItem pointerItem = new PointerItem(baseAddress: address, dataType: dataType, moduleName: moduleName, value: currentValue);
pointerItem.ForceResolveAddress();
scannedAddresses[index].Add(Int64.Parse(pointerItem.AddressSpecifier, NumberStyles.HexNumber, CultureInfo.CurrentCulture));
}
}
int nextIteration = index + 1;
if (nextIteration < addressesToFind.Count)
{
StartScan(nextIteration, addressesToFind[nextIteration], validatingProcess);
}
else
{
SearchLogic(validatingProcess);
}
});
}
/// <summary>
/// Gets a random pointer from the pointer collection.
/// </summary>
/// <returns>A random discovered pointer, or null if unable to find one.</returns>
public Pointer GetRandomPointer(Int32 levelIndex)
{
if (levelIndex >= this.Levels.Count || this.Levels[levelIndex].StaticPointers == null)
{
return(null);
}
Snapshot currentSnapshot = this.Levels[levelIndex].StaticPointers;
ExtractedPointer pointer = this.ExtractRandomPointer(currentSnapshot);
UInt64 pointerBase = pointer.BaseAddress;
List <Int32> offsets = new List <Int32>();
foreach (Level level in this.Levels.Take(levelIndex + 1).Reverse())
{
IEnumerable <Int32> shuffledOffsets = Enumerable.Range(-(Int32)this.MaxOffset, (Int32)(this.MaxOffset * 2) + 1).Shuffle();
Boolean found = false;
// Brute force all possible offsets in a random order to find the next path (this guarantees uniform path probabilities)
foreach (Int32 nextRandomOffset in shuffledOffsets)
{
UInt64 newDestination = nextRandomOffset < 0 ? pointer.Destination.Subtract(-nextRandomOffset, wrapAround: false) : pointer.Destination.Add(nextRandomOffset, wrapAround: false);
SnapshotRegion snapshotRegion = level.HeapPointers.SnapshotRegions.Select(x => x).Where(y => newDestination >= y.BaseAddress && newDestination <= y.EndAddress).FirstOrDefault();
if (snapshotRegion != null)
{
// We may have sampled an offset that results in a mis-aligned index, so just randomly take an element from this snapshot rather than using the random offset
SnapshotElementIndexer randomElement = snapshotRegion[Random.Next(0, snapshotRegion.GetElementCount(PointerSize.ToSize()))];
UInt64 baseAddress = randomElement.GetBaseAddress(PointerSize.ToSize());
Int32 alignedOffset = pointer.Destination >= baseAddress ? -((Int32)(pointer.Destination - baseAddress)) : ((Int32)(baseAddress - pointer.Destination));
pointer = this.ExtractPointerFromElement(randomElement);
offsets.Add(alignedOffset);
found = true;
break;
}
}
if (!found)
{
Logger.Log(LogLevel.Error, "Unable to collect a pointer, encountered dead end path");
return(null);
}
}
return(new Pointer(pointerBase, this.PointerSize, offsets.ToArray()));
}
private ExtractedPointer ExtractPointerFromElement(SnapshotElementIndexer element)
{
return(new ExtractedPointer(element.GetBaseAddress(PointerSize.ToSize()), element.HasCurrentValue()
? (this.PointerSize == PointerSize.Byte4 ? (UInt32)element.LoadCurrentValue(PointerSize.ToDataType())
: (UInt64)element.LoadCurrentValue(PointerSize.ToDataType())) : 0));
}
