private static void DumpProcessModule(MemoryObject modulesMo, ILoadedModule module)
{
using (var child = modulesMo.CreateChild(module.BaseAddress.ToString("x")))
{
BinaryWriter bw = new BinaryWriter(child.GetWriteStream());
bw.Write("Name", module.BaseName);
bw.Write("FileName", module.FileName);
bw.Write("Size", module.Size);
bw.Write("BaseAddress", module.BaseAddress);
bw.Write("Flags", (int)module.Flags);
try
{
var info = System.Diagnostics.FileVersionInfo.GetVersionInfo(module.FileName);
bw.Write("FileDescription", info.FileDescription);
bw.Write("FileCompanyName", info.CompanyName);
bw.Write("FileVersion", info.FileVersion);
}
catch
{ }
bw.Close();
}
}
private void CallDllMatchListView(int pid, ILoadedModule module)
{
ListViewItem item = new ListViewItem();
item.Name = pid.ToString() + " " + module.BaseAddress.ToString();
item.Text = Program.ProcessProvider.Dictionary[pid].Name +
" (" + pid.ToString() + ")";
item.Tag = pid;
item.SubItems.Add(new ListViewItem.ListViewSubItem(item, "DLL"));
item.SubItems.Add(new ListViewItem.ListViewSubItem(item, module.FileName));
item.SubItems.Add(new ListViewItem.ListViewSubItem(item, Utils.FormatAddress(module.BaseAddress)));
OnMatchListView(item);
}
private void CallDllMatchListView(int pid, ILoadedModule module)
{
ListViewItem item = new ListViewItem
{
Name = pid.ToString() + " " + module.BaseAddress.ToString(),
Text = Program.ProcessProvider.Dictionary[pid].Name + " (" + pid.ToString() + ")",
Tag = pid
};
item.SubItems.Add(new ListViewItem.ListViewSubItem(item, "DLL"));
item.SubItems.Add(new ListViewItem.ListViewSubItem(item, module.FileName));
item.SubItems.Add(new ListViewItem.ListViewSubItem(item, Utils.FormatAddress(module.BaseAddress)));
OnMatchListView(item);
}
