static GenericRemotePtr()
{
ProcessMemory m = new mwg.InterProcess.ProcessMemory("notepad");
if (!m.Available)
{
return;
}
Diag::ProcessModule mod = null;
foreach (Diag::ProcessModule mod2 in m.Process.Modules)
{
if (mod2.ModuleName.ToString() == "nodepad.exe")
{
continue;
}
mod = mod2;
break;
}
if (mod == null)
{
return;
}
#if RemoteBytePtr
mNotepad1 = (RemoteBytePtr)m + mod.BaseAddress;
#endif
mNotepad2 = (RemotePtr <byte>)m + (long)mod.BaseAddress;
}
public Module(ProcessMemory mem, Diag::ProcessModule mod)
{
this.mem = mem;
this.mod = mod;
this.mbase = mem.GetPtr(mod.BaseAddress);
// DOS Header
this.dhead = mbase.Reinterpret <IMAGE.DOS_HEADER>();
if (dhead[0].magic != IMAGE.SIGNATURE.DOS)
{
dhead = default(RemotePtr <IMAGE.DOS_HEADER>);
return;
}
// COFF Header
remote_ptr ptr = mbase + dhead[0].lfanew;
if (ptr.Read <uint>() != (uint)IMAGE.SIGNATURE.NT)
{
return;
}
this.chead = (ptr + 4).Reinterpret <IMAGE.FILE_HEADER>();
// Optional Header
ohead = (chead + 1).Reinterpret <IMAGE.STD_OPTIONAL_HEADER>();
omagic = ohead[0].Magic;
}
private static Diag::ProcessModule GetNotepadModule(Log log, out ProcessMemory m)
{
const string TARGET = "notepad.exe";
m = new mwg.InterProcess.ProcessMemory(TARGET);
if (!m.Available)
{
log.WriteLine("!現在 notepad.exe が利用出来ません。起動しているかどうか確認して下さい。");
return(null);
}
Diag::ProcessModule mod = null;
foreach (Diag::ProcessModule mod2 in m.Process.Modules)
{
//log.Lock();
//try{dumpModuleHeader(log,m,mod2);}
//finally{log.Unlock();}
if (mod2.ModuleName.ToString() != TARGET)
{
continue;
}
mod = mod2;
break;
}
if (mod == null)
{
log.WriteLine("!プロセス notepad.exe 内にモジュール 'notepad.exe' が見つかりませんでした。");
return(null);
}
return(mod);
}
private unsafe static void dumpModuleHeader1(Log log, ProcessMemory m, Diag::ProcessModule mod)
{
log.WriteLine("モジュール " + mod.ModuleName + ":");
log.AddIndent();
log.WriteVar("Base-Address", "0x" + mod.BaseAddress.ToString("X8"));
log.WriteVar("Module-Size", "0x" + mod.ModuleMemorySize.ToString("X8"));
try{
RemotePtr <byte> mbase = (RemotePtr <byte>)m + mod.BaseAddress;
IMAGE.DOS_HEADER dosHeader
= mbase.Read <IMAGE.DOS_HEADER>();
if (dosHeader.magic != IMAGE.SIGNATURE.DOS)
{
log.WriteLine("!モジュールの先頭が DOS Header ではありません。");
return;
}
RemotePtr <byte> pe = mbase + dosHeader.lfanew;
if (pe.Read <uint>() != (uint)IMAGE.SIGNATURE.NT)
{
log.WriteLine("!IMAGE Header が見つかりません。");
return;
}
IMAGE.FILE_HEADER coffHeader = (pe += 4).Read <IMAGE.FILE_HEADER>();
log.WriteLine("IMAGE 形式: COFF Header");
log.AddIndent();
log.WriteVar("対象機種", coffHeader.MachineDescription);
log.WriteVar("セクション数", coffHeader.NumberOfSections);
log.WriteVar("タイムスタンプ", coffHeader.TimeDateStamp);
log.WriteVar("シンボル表の位置", "0x" + coffHeader.PointerToSymbolTable.ToString("X8"));
log.WriteVar("シンボルの数", coffHeader.NumberOfSymbols);
log.WriteVar("拡張ヘッダの大きさ", "0x" + coffHeader.SizeOfOptionalHeader.ToString("X4"));
log.WriteVar("属性", coffHeader.Characteristics);
log.RemoveIndent();
switch ((pe += sizeof(IMAGE.FILE_HEADER)).Read <IMAGE.OPTIONAL_MAGIC>())
{
case IMAGE.OPTIONAL_MAGIC.NT_HDR32:
log.WriteLine("種別: PE32");
dumpPE32Header(log, mbase, pe);
break;
case IMAGE.OPTIONAL_MAGIC.ROM_HDR:
log.WriteLine("種別: Rom Image");
break;
case IMAGE.OPTIONAL_MAGIC.NT_HDR64:
log.WriteLine("種別: PE32+");
break;
default:
log.WriteLine("未知の拡張ヘッダです。");
break;
}
}finally{
log.RemoveIndent();
}
}
private static void dumpModuleHeader2(Log log, ProcessMemory m, Diag::ProcessModule mod)
{
Module module = new Module(m, mod);
ImageImportDirectory import = null;
foreach (ImageDataDirectory dir in module.Directories)
{
if (dir.pData.IsNull)
{
continue;
}
log.WriteLine("DirectoryEntry: " + afh.Enum.GetDescription(dir.DirectoryType));
log.AddIndent();
log.WriteVar("RVA of Data", "0x" + dir.pData.Address.ToString("X8"));
log.WriteVar("Size of Data", "0x" + dir.DataSize.ToString("X8"));
log.RemoveIndent();
if (dir is ImageImportDirectory)
{
import = (ImageImportDirectory)dir;
}
}
if (import == null)
{
return;
}
log.WriteLine("============================================================");
log.WriteLine(" IMPORT TABLE ");
log.WriteLine("============================================================");
foreach (ImageImportDirectory.ImportModule imod in import)
{
log.WriteVar("Importing from", imod.Name);
log.WriteVar("ForwarderChain", imod.ForwarderChain);
log.WriteVar("TimeDateStamp", imod.TimeDateStamp);
foreach (ImageImportDirectory.ImportFunction ifunc in imod)
{
log.WriteLine(
"dllimport {0} \t@ 0x{1:X8}",
ifunc.Name,
(uint)(System.IntPtr)ifunc.pFptr[0]
);
}
log.WriteLine("------------------------------------------------------------");
}
}
public static void chkProcessMemory(Log log)
{
ProcessMemory m;
Diag::ProcessModule mod = GetNotepadModule(log, out m);
if (mod == null)
{
return;
}
log.Lock();
try{
dumpModuleHeader2(log, m, mod);
}finally{
log.Unlock();
}
}
public static void chkProcessMemory2(Log log)
{
ProcessMemory mem;
Diag::ProcessModule mod = GetNotepadModule(log, out mem);
if (mod == null)
{
return;
}
Module module = new Module(mem, mod);
Forms::Form f = new System.Windows.Forms.Form();
Forms::PropertyGrid grid = new System.Windows.Forms.PropertyGrid();
grid.Dock = Forms::DockStyle.Fill;
grid.SelectedObject = module;
f.Controls.Add(grid);
f.ShowDialog();
f.Dispose();
}
