예제 #1
0
        protected void Overlay(string name)
        {
            string shorterVersion = name.TrimStart(new char[] { '_' });

            _is64          = (_profile.Architecture == "AMD64");
            _addressSpace  = _dataProvider.ActiveAddressSpace;
            _structureSize = (int)_profile.GetStructureSize(name);
            if (_structureSize == -1)
            {
                throw new ArgumentException("Error: Profile didn't contain a definition for " + name);
            }
            if (_virtualAddress == 0)
            {
                _buffer = _dataProvider.ReadPhysicalMemory(_physicalAddress, (uint)_structureSize);
            }
            else
            {
                _physicalAddress = _addressSpace.vtop(_virtualAddress);
                _buffer          = _dataProvider.ReadMemoryBlock(_virtualAddress, (uint)_structureSize);
            }
            if (_buffer == null)
            {
                throw new ArgumentException("Invallid address " + _virtualAddress.ToString("x12"));
            }
            var      dll         = _profile.GetStructureAssembly(name);
            Type     t           = dll.GetType("liveforensics." + shorterVersion);
            GCHandle pinedPacket = GCHandle.Alloc(_buffer, GCHandleType.Pinned);

            _members = Marshal.PtrToStructure(Marshal.UnsafeAddrOfPinnedArrayElement(_buffer, 0), t);
            pinedPacket.Free();
        }