int IDebugEventCallbacksWide.CreateProcess(ulong ImageFileHandle, ulong Handle, ulong BaseOffset, uint ModuleSize, string ModuleName, string ImageName, uint CheckSum, uint TimeDateStamp, ulong InitialThreadHandle, ulong ThreadDataOffset, ulong StartOffset) { Debug.WriteLine("IDebugEventCallbacksWide.CreateProcess"); uint id; SystemObjects.GetCurrentProcessId(out id); ulong peb; SystemObjects.GetCurrentProcessPeb(out peb); uint pid; SystemObjects.GetCurrentProcessSystemId(out pid); var process = new TargetProcess { PID = pid, hProcess = Handle, hFile = ImageFileHandle, BaseOffset = BaseOffset, ModuleSize = ModuleSize, ImageName = ImageName, TimeStamp = DateTime.FromFileTime(TimeDateStamp), ModuleName = ModuleName, Index = (int)id, Peb = peb }; _processes.Add(process); OnProcessCreated(process); uint tindex, tid; SystemObjects.GetCurrentThreadId(out tindex); SystemObjects.GetCurrentThreadSystemId(out tid); var thread = new TargetThread(process) { Index = tindex, TID = tid, StartAddress = StartOffset, Teb = ThreadDataOffset, Handle = InitialThreadHandle, ProcessIndex = id }; process.AddThread(thread); OnThreadCreated(new ThreadCreatedEventArgs(thread, process)); return((int)DEBUG_STATUS.NO_CHANGE); }
void OnProcessCreated(TargetProcess process) { ProcessCreated?.Invoke(this, new ProcessCreatedEventArgs(process)); }
public TargetThread(TargetProcess process) { Process = process; }
public TargetModule(TargetProcess process) { Process = process; }
internal ModuleEventArgs(TargetProcess process, TargetModule module) { Module = module; Process = process; }
internal ThreadExitedEventArgs(TargetThread thread, TargetProcess process) { Process = process; Thread = thread; }
internal ProcessExitedEventArgs(TargetProcess process) { Process = process; }
internal ThreadCreatedEventArgs(TargetThread thread, TargetProcess process) { Thread = thread; Process = process; }