/// <summary>
/// Get list of page filenames.
/// </summary>
/// <returns>The list of page file names.</returns>
public static IEnumerable <string> GetPageFileNames()
{
using (SafeHGlobalBuffer buffer = new SafeHGlobalBuffer(0x10000))
{
AllocateSafeBuffer(buffer, SystemInformationClass.SystemPageFileInformation);
int offset = 0;
while (true)
{
var pagefile_info = buffer.GetStructAtOffset <SystemPageFileInformation>(offset).Result;
yield return(pagefile_info.PageFileName.ToString());
if (pagefile_info.NextEntryOffset == 0)
{
break;
}
offset += pagefile_info.NextEntryOffset;
}
}
}
private NtResult <IContext> GetAmd64Context(ContextFlags flags, bool throw_on_error)
{
var context = new ContextAmd64
{
ContextFlags = flags
};
// Buffer needs to be 16 bytes aligned, so allocate some extract space in case.
using (var buffer = new SafeHGlobalBuffer(Marshal.SizeOf(context) + 16))
{
int write_ofs = 0;
long ptr = buffer.DangerousGetHandle().ToInt64();
// Almost certainly 16 byte aligned, but just in case.
if ((ptr & 0xF) != 0)
{
write_ofs = (int)(0x10 - (ptr & 0xF));
}
Marshal.StructureToPtr(context, buffer.DangerousGetHandle() + write_ofs, false);
var sbuffer = buffer.GetStructAtOffset <ContextAmd64>(write_ofs);
return(NtSystemCalls.NtGetContextThread(Handle, sbuffer).CreateResult(throw_on_error, () => sbuffer.Result).Cast <IContext>());
}
}
private IContext GetAmd64Context(ContextFlags flags)
{
var context = new ContextAmd64();
context.ContextFlags = flags;
// Buffer needs to be 16 bytes aligned, so allocate some extract space in case.
using (var buffer = new SafeHGlobalBuffer(Marshal.SizeOf(context) + 16))
{
int write_ofs = 0;
long ptr = buffer.DangerousGetHandle().ToInt64();
// Almost certainly 8 byte aligned, but just in case.
if ((ptr & 0xF) != 0)
{
write_ofs = (int)(0x10 - (ptr & 0xF));
}
Marshal.StructureToPtr(context, buffer.DangerousGetHandle() + write_ofs, false);
var sbuffer = buffer.GetStructAtOffset <ContextAmd64>(write_ofs);
NtSystemCalls.NtGetContextThread(Handle, sbuffer).ToNtException();
return(sbuffer.Result);
}
}
/// <summary>
/// Get all process information for the system.
/// </summary>
/// <returns>The list of process information.</returns>
public static IEnumerable <NtProcessInformation> GetProcessInformation()
{
using (SafeHGlobalBuffer process_info = new SafeHGlobalBuffer(0x10000))
{
AllocateSafeBuffer(process_info, SystemInformationClass.SystemProcessInformation);
int offset = 0;
while (true)
{
var process_buffer = process_info.GetStructAtOffset <SystemProcessInformation>(offset);
var process_entry = process_buffer.Result;
SystemThreadInformation[] thread_info = new SystemThreadInformation[process_entry.NumberOfThreads];
process_buffer.Data.ReadArray(0, thread_info, 0, thread_info.Length);
yield return(new NtProcessInformation(process_entry, thread_info.Select(t => new NtThreadInformation(process_entry.ImageName.ToString(), t))));
if (process_entry.NextEntryOffset == 0)
{
break;
}
offset += process_entry.NextEntryOffset;
}
}
}