public MemoryIO GetMetaBlock(out long position) { //Prepare MemoryIO meta = null; //Open? bool open = io.Open; if (!open) { io.OpenIO(); } //Get Position position = header.IndexOffset + header.IndexLength; //Read io.Position = position; meta = new MemoryIO(io.In.ReadBytes(header.MetaLength)); //Close? if (!open) { io.CloseIO(); } //Return return(meta); }
private byte[] ReadFromRVA(uint rva, int size) { if (IsDynamic) { return(null); } ulong addr = _clrModule.ImageBase; Debug.Assert(addr != 0); if (addr == 0) { return(null); } var offs = RVAToAddressOffset(rva); if (offs == null) { return(null); } addr += offs.Value; byte[] data = new byte[size]; MemoryIO.ReadBytes(_processId, (IntPtr)_clrModule.ImageBase, data, out uint numOfRead); data = data.Take((int)numOfRead).ToArray(); //var data = module.Process.CorProcess.ReadMemory(addr, size); Debug.Assert(data != null && data.Length == size); return(data); }
private ImageSectionHeader[] GetOrCreateSectionHeaders() { var h = _sectionHeaders; if (h != null) { return(h); } try { ulong addr = _clrModule.ImageBase; if (addr == 0) { return(_sectionHeaders = ArrayAddIn.Empty <ImageSectionHeader>()); } var data = new byte[0x1000]; //module.Process.CorProcess.ReadMemory(module.Address, data, 0, data.Length, out int sizeRead); MemoryIO.ReadBytes(_processId, (IntPtr)_clrModule.ImageBase, data); using (var peImage = new PEImage(data, !IsDynamic && IsInMemory ? ImageLayout.File : ImageLayout.Memory, true)) return(_sectionHeaders = peImage.ImageSectionHeaders.ToArray()); } catch { Debug.Fail("Couldn't read section headers"); } return(_sectionHeaders = ArrayAddIn.Empty <ImageSectionHeader>()); }
private bool TryFindVerilogMemPort(string ioName, MemoryIO memory, out IContainerIO foundIO) { foreach (MemPort port in memory.GetIOInOrder()) { if (ioName.Contains(port.Name)) { int portNameStart = ioName.IndexOf(port.Name); string remaining = ioName.Substring(0, portNameStart); string portPath = ioName.Substring(portNameStart); if (TryFindIO(portPath, memory, false, out foundIO)) { if (foundIO is ScalarIO) { return(true); } if (TryFindIO(remaining, foundIO, false, out var fullFoundIO)) { if (fullFoundIO is not ScalarIO) { foundIO = null; return(false); } foundIO = fullFoundIO; return(true); } } } } foundIO = null; return(false); }
public void Invoke() { int blockSize = 512; Configuration.VolumeName = FilePath; if (BytesPerSlice > int.MaxValue) { throw new CommandLineArgumentException("Argument to -s is too large."); } int bytesPerSlice = (int)BytesPerSlice; Geometry g = new Geometry(bytesPerSlice, ReedSolomon.N, ReedSolomon.K, TrackCount); Configuration.Geometry = g; Configuration.FileSystemID = Guid.NewGuid(); Options options = Options.None; if (doNotVerifyHashes) { options |= Options.DoNotVerifyClusterHashes; } if (doNotVerifySignatures) { options |= Options.DoNotVerifyClusterSignatures; } Configuration.Options = options; CngKey encryptionKey = CryptoSettingsOptions.GetEncryptionKey(); CngKey decryptionKey = CryptoSettingsOptions.GetDecryptionKey(); CngKey signingKey = CryptoSettingsOptions.GetSigningKey(); Configuration.CryptoSettings = new CryptoSettings(decryptionKey, signingKey, encryptionKey); long size = g.CalculateFileSystemSize(blockSize); if (size > int.MaxValue) { throw new CommandLineArgumentException("File system size is too large."); } using (MemoryIO io = new MemoryIO((int)size, blockSize)) using (FileStream fio = new FileStream(FilePath, FileMode.Create, FileAccess.Write)) { using (var f = FileSystem.Create(io)) { } fio.Write(io.Bytes, 0, (int)io.SizeBytes); } }
public Memory(string name, FIRIO inputType, ulong size, int readLatency, int writeLatency, ReadUnderWrite ruw, FirrtlNode defNode) : base(defNode) { if (!inputType.IsPassiveOfType <Input>()) { throw new Exception("Input type must be a passive input type."); } this.Name = name; this.InputType = inputType.Copy(this); this.Size = size; this.ReadLatency = readLatency; this.WriteLatency = writeLatency; this.RUW = ruw; this.MemIO = new MemoryIO(this, name, new List <FIRIO>(), InputType, GetAddressWidth()); }
static void Main(string[] args) { uint processId; Pointer pointer; int value; processId = (uint)Process.Start("Tutorial-i386.exe").Id; Console.WriteLine("Go to \"Step 6\" then continue"); Console.ReadKey(); pointer = new Pointer("Tutorial-i386.exe", 0x1FD630, 0); MemoryIO.ReadInt32(processId, pointer, out value); Console.WriteLine($"Current value:{value}. Now we lock it"); while (true) { MemoryIO.WriteInt32(processId, pointer, 5000); Thread.Sleep(1); } }
public static byte[] Copy(uint processId, IntPtr processHandle, IntPtr moduleHandle, bool is64) { byte[] buffer; buffer = new byte[GetImageSize(processHandle, moduleHandle, is64)]; MemoryIO.EnumPages(processId, moduleHandle, pageInfo => { int startOffset; int endOffset; startOffset = (int)((ulong)pageInfo.Address - (ulong)moduleHandle); //以p为起点,远程进程中页面起点映射到buffer中的偏移 endOffset = startOffset + (int)pageInfo.Size; //以p为起点,远程进程中页面终点映射到buffer中的偏移 fixed(byte *p = buffer) if (startOffset < 0) { //页面前半部分超出buffer ReadProcessMemory(processHandle, moduleHandle, p, (size_t)((ulong)pageInfo.Size - ((ulong)moduleHandle - (ulong)pageInfo.Address)), null); return(true); } else { if (endOffset <= buffer.Length) { //整个页面都可以存入buffer ReadProcessMemory(processHandle, pageInfo.Address, p + startOffset, pageInfo.Size, null); return(true); } else { //页面后半部分/全部超出buffer ReadProcessMemory(processHandle, pageInfo.Address, p + startOffset, pageInfo.Size - (endOffset - buffer.Length), null); return(false); } } }); return(buffer); }
public void Invoke() { int blockSize = 512; Options options = Options.None; if (doNotVerifyHashes) { options |= Options.DoNotVerifyClusterHashes; } if (doNotVerifySignatures) { options |= Options.DoNotVerifyClusterSignatures; } Configuration.Options = options; CngKey encryptionKey = CryptoSettingsOptions.GetEncryptionKey(); CngKey decryptionKey = CryptoSettingsOptions.GetDecryptionKey(); CngKey signingKey = CryptoSettingsOptions.GetSigningKey(); Configuration.CryptoSettings = new CryptoSettings(decryptionKey, signingKey, encryptionKey); long size = new FileInfo(FilePath).Length; using (MemoryIO io = new MemoryIO((int)size, blockSize)) using (FileStream fio = new FileStream(FilePath, FileMode.Open)) { fio.Read(io.Bytes, 0, (int)io.SizeBytes); using (var fs = FileSystem.Mount(io)) { SRFSDokan d = new SRFSDokan(fs); d.Mount("S:\\"); } fio.Position = 0; fio.Write(io.Bytes, 0, (int)io.SizeBytes); } }
/// <summary> /// 枚举模块导出函数 /// </summary> /// <param name="processHandle">进程句柄</param> /// <param name="moduleHandle">模块句柄</param> /// <param name="callback">回调函数</param> /// <returns></returns> internal static bool EnumFunctionsInternal(IntPtr processHandle, IntPtr moduleHandle, EnumFunctionsCallback callback) { int ntHeaderOffset; bool is64; int iedRVA; IMAGE_EXPORT_DIRECTORY ied; int[] nameOffsets; string functionName; short ordinal; int addressOffset; if (!MemoryIO.ReadInt32Internal(processHandle, moduleHandle + 0x3C, out ntHeaderOffset)) { return(false); } if (!Process32.Is64BitProcessInternal(processHandle, out is64)) { return(false); } if (is64) { if (!MemoryIO.ReadInt32Internal(processHandle, moduleHandle + ntHeaderOffset + 0x88, out iedRVA)) { return(false); } } else { if (!MemoryIO.ReadInt32Internal(processHandle, moduleHandle + ntHeaderOffset + 0x78, out iedRVA)) { return(false); } } if (!ReadProcessMemory(processHandle, moduleHandle + iedRVA, &ied, (size_t)40, null)) { return(false); } if (ied.NumberOfNames == 0) { //无按名称导出函数 return(true); } nameOffsets = new int[ied.NumberOfNames]; fixed(void *p = &nameOffsets[0]) if (!ReadProcessMemory(processHandle, moduleHandle + (int)ied.AddressOfNames, p, (size_t)(ied.NumberOfNames * 4), null)) return(false); for (int i = 0; i < ied.NumberOfNames; i++) { if (!MemoryIO.ReadStringInternal(processHandle, moduleHandle + nameOffsets[i], out functionName, 40, false, Encoding.ASCII)) { return(false); } if (!MemoryIO.ReadInt16Internal(processHandle, moduleHandle + ((int)ied.AddressOfNameOrdinals + i * 2), out ordinal)) { return(false); } if (!MemoryIO.ReadInt32Internal(processHandle, moduleHandle + ((int)ied.AddressOfFunctions + ordinal * 4), out addressOffset)) { return(false); } if (!callback(moduleHandle + addressOffset, functionName, ordinal)) { return(true); } } return(true); }
/// <summary> /// 获取远程进程函数地址 /// </summary> /// <param name="processHandle">进程句柄</param> /// <param name="moduleName">模块名</param> /// <param name="functionName">函数名</param> /// <returns></returns> internal static IntPtr GetProcAddressInternal(IntPtr processHandle, string moduleName, string functionName) { IntPtr moduleHandle; int ntHeaderOffset; bool is64; int iedRVA; IMAGE_EXPORT_DIRECTORY ied; int[] nameOffsets; string name; short ordinal; int addressOffset; moduleHandle = GetHandleInternal(processHandle, false, moduleName); if (moduleHandle == IntPtr.Zero) { return(IntPtr.Zero); } if (!MemoryIO.ReadInt32Internal(processHandle, moduleHandle + 0x3C, out ntHeaderOffset)) { return(IntPtr.Zero); } if (!Process32.Is64BitProcessInternal(processHandle, out is64)) { return(IntPtr.Zero); } if (is64) { if (!MemoryIO.ReadInt32Internal(processHandle, moduleHandle + ntHeaderOffset + 0x88, out iedRVA)) { return(IntPtr.Zero); } } else { if (!MemoryIO.ReadInt32Internal(processHandle, moduleHandle + ntHeaderOffset + 0x78, out iedRVA)) { return(IntPtr.Zero); } } if (!ReadProcessMemory(processHandle, moduleHandle + iedRVA, &ied, (size_t)40, null)) { return(IntPtr.Zero); } nameOffsets = new int[ied.NumberOfNames]; fixed(void *p = &nameOffsets[0]) if (!ReadProcessMemory(processHandle, moduleHandle + (int)ied.AddressOfNames, p, (size_t)(ied.NumberOfNames * 4), null)) return(IntPtr.Zero); for (int i = 0; i < ied.NumberOfNames; i++) { if (!MemoryIO.ReadStringInternal(processHandle, moduleHandle + nameOffsets[i], out name, 40, false, Encoding.ASCII)) { return(IntPtr.Zero); } if (name == functionName) { if (!MemoryIO.ReadInt16Internal(processHandle, moduleHandle + (int)ied.AddressOfNameOrdinals + i * 2, out ordinal)) { return(IntPtr.Zero); } if (!MemoryIO.ReadInt32Internal(processHandle, moduleHandle + (int)ied.AddressOfFunctions + ordinal * 4, out addressOffset)) { return(IntPtr.Zero); } return(moduleHandle + addressOffset); } } return(IntPtr.Zero); }
/// <summary> /// 杀死函数,让函数不执行任何动作 /// </summary> /// <param name="entry">函数入口地址</param> /// <returns></returns> public static bool Kill(IntPtr entry) { return(MemoryIO.WriteByteInternal(CURRENT_PROCESS, entry, 0xC3)); }