public MiniDumpMemoryReader(string path)
{
if (string.IsNullOrWhiteSpace(path))
{
throw new ArgumentNullException("path");
}
_fileStream = File.Open(path, FileMode.Open, FileAccess.Read, FileShare.Read);
var mem = new FileMemoryReader(path);
var header = mem.Read <MiniDump.Header>(0x00);
var dirs = mem.Read <MiniDump.Directory>(header.StreamDirectoryRva, (int)header.NumberOfStreams);
var moduleList = dirs.SingleOrDefault(a => a.StreamType == MiniDump.StreamType.ModuleListStream);
if (moduleList.StreamType != MiniDump.StreamType.ModuleListStream)
{
throw new InvalidOperationException("The minidump file does not contain a module list.");
}
var modules = mem.Read <MiniDump.List <MiniDump.Module> >(moduleList.Location.Rva).Items;
var mainModule = modules.FirstOrDefault(a => a.VersionInfo.FileType == 1);
var mainModuleNameLength = mem.Read <int>(mainModule.ModuleNameRva);
var mainModuleNameBuffer = mem.ReadBytes(mainModule.ModuleNameRva + sizeof(int), mainModuleNameLength);
var mainModuleName = Encoding.Unicode.GetString(mainModuleNameBuffer);
MainModuleName = System.IO.Path.GetFileNameWithoutExtension(mainModuleName);
MainModuleVersion = mainModule.VersionInfo.FileVersion;
ImageBase = mainModule.BaseOfImage;
var memory64ListDir = dirs.SingleOrDefault(a => a.StreamType == MiniDump.StreamType.Memory64ListStream);
if (memory64ListDir.StreamType != MiniDump.StreamType.Memory64ListStream)
{
throw new InvalidOperationException("The minidump file does not contain a full memory dump.");
}
var memory64List = mem.Read <MiniDump.Memory64List>(memory64ListDir.Location.Rva);
var rva = memory64List.BaseRva;
var ranges = memory64List.MemoryRanges;
var pages = new List <Page>();
for (int i = 0; i < ranges.Length; i++)
{
pages.Add(new Page
{
StartOfMemoryRange = (uint)ranges[i].StartOfMemoryRange,
DataSize = (uint)ranges[i].DataSize,
Rva = (uint)rva
});
rva += ranges[i].DataSize;
}
_pages = pages;
_pageStarts = _pages.Select(a => a.StartOfMemoryRange).ToList();
_minValidAddress = _pages[0].StartOfMemoryRange;
_maxValidAddress = _pages[_pages.Count - 1].StartOfMemoryRange + _pages[_pages.Count - 1].DataSize;
_pointerSize = 4; // TODO: Get 32-bit vs 64-bit info from the minidump somewhere..
}
public static DateTime RetrieveLinkerTimestamp(this Process process)
{
using (var reader = new FileMemoryReader(process.MainModule.FileName))
{
if (reader.Read<short>(0x00) != 0x5A4D)
throw new InvalidDataException("No MZ header.");
int peHeaderLocation = reader.Read<int>(0x3C);
int unixTimestamp = reader.Read<int>(peHeaderLocation + 0x08);
return new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddSeconds(unixTimestamp);
}
}
public static DateTime RetrieveLinkerTimestamp(this Process process)
{
using (var reader = new FileMemoryReader(process.MainModule.FileName))
{
if (reader.Read <short>(0x00) != 0x5A4D)
{
throw new InvalidDataException("No MZ header.");
}
int peHeaderLocation = reader.Read <int>(0x3C);
int unixTimestamp = reader.Read <int>(peHeaderLocation + 0x08);
return(new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddSeconds(unixTimestamp));
}
}
public MiniDumpMemoryReader(string path)
{
if (string.IsNullOrWhiteSpace(path))
{
throw new ArgumentNullException("path");
}
_fileStream = File.Open(path, FileMode.Open, FileAccess.Read, FileShare.Read);
var mem = new FileMemoryReader(path);
var header = mem.Read <MiniDump.Header>(0x00);
var dirs = mem.Read <MiniDump.Directory>(header.StreamDirectoryRva, (int)header.NumberOfStreams);
var moduleList = dirs.SingleOrDefault(a => a.StreamType == MiniDump.StreamType.ModuleListStream);
if (moduleList.StreamType != MiniDump.StreamType.ModuleListStream)
{
throw new InvalidOperationException("The minidump file does not contain a module list.");
}
var modules = mem.Read <MiniDump.List <MiniDump.Module> >(moduleList.Location.Rva).Items;
var threadList = dirs.SingleOrDefault(x => x.StreamType == MiniDump.StreamType.ThreadListStream);
if (threadList.StreamType == MiniDump.StreamType.ThreadListStream)
{
_threads = mem.Read <MiniDump.List <MiniDump.Thread> >(threadList.Location.Rva).Items;
}
var mainModule = modules.FirstOrDefault(a => a.VersionInfo.FileType == 1);
MainModuleVersion = mainModule.VersionInfo.FileVersion;
ImageBase = mainModule.BaseOfImage;
var memory64ListDir = dirs.SingleOrDefault(a => a.StreamType == MiniDump.StreamType.Memory64ListStream);
if (memory64ListDir.StreamType != MiniDump.StreamType.Memory64ListStream)
{
throw new InvalidOperationException("The minidump file does not contain a full memory dump.");
}
var memory64List = mem.Read <MiniDump.Memory64List>(memory64ListDir.Location.Rva);
var rva = memory64List.BaseRva;
var ranges = memory64List.MemoryRanges;
var pages = new List <Page>();
for (int i = 0; i < ranges.Length; i++)
{
pages.Add(new Page
{
StartOfMemoryRange = ranges[i].StartOfMemoryRange,
DataSize = ranges[i].DataSize,
Rva = rva
});
rva += ranges[i].DataSize;
}
_pages = pages;
_pageStarts = _pages.Select(a => a.StartOfMemoryRange).ToList();
_minValidAddress = _pages[0].StartOfMemoryRange;
_maxValidAddress = _pages[_pages.Count - 1].StartOfMemoryRange + _pages[_pages.Count - 1].DataSize;
var pe = new PEHeaderReader(ReadBytes(ImageBase, 2048));
_pointerSize = pe.Is32BitHeader ? 4 : 8;
}
