private void unloadSelectedModulesToolStripMenuItem_Click(object sender, EventArgs e)
{
foreach (ListViewItem i in lvModules.SelectedItems)
{
ModuleListViewItem item = (ModuleListViewItem)i;
IntPtr pHandle = PELoader.OpenProcessHandle(ProcessID);
DllInjector.UnloadDll(pHandle, item.ModuleInfomation.ModuleBaseAddress);
PELoader.CloseProcessHandle(pHandle);
PopulateList();
}
}
private void findUnlistedImageSectorsToolStripMenuItem_Click(object sender, EventArgs e)
{
MEMORY_BASIC_INFORMATION memInfo = new MEMORY_BASIC_INFORMATION();
int mem_size = Marshal.SizeOf(memInfo);
uint currentAddress = 0;
IntPtr hProc = PELoader.OpenProcessHandle(ProcessID);
while (NativeMethods.VirtualQueryEx(hProc, currentAddress, out memInfo, mem_size) != 0)
{
if (FoundModules.Contains(memInfo.AllocationBase))
{
currentAddress += memInfo.RegionSize;
continue;
}
if (memInfo.Protect == 0x1)//memInfo.Type != 0x1000000
{
currentAddress += memInfo.RegionSize;
continue;
}
IMAGE_DOS_HEADER header = PELoader.StructFromMemory <IMAGE_DOS_HEADER>(hProc, memInfo.AllocationBase);
if (!FoundModules.Contains(memInfo.BaseAddress))
{
byte[] buffer = new byte[memInfo.RegionSize];
NativeMethods.ReadProcessMemory(hProc, memInfo.BaseAddress, buffer, buffer.Length, 0);
for (int i = 0; i < buffer.Length - 1; i++)
{
if (buffer[i] == 'M' && buffer[i + 1] == 'Z')
{
lvModules.Items.Add(new ModuleListViewItem(ProcessID, memInfo.BaseAddress + i));
}
}
FoundModules.Add(memInfo.BaseAddress);
}
/*
* if(header.e_magic[0] == 'M' && header.e_magic[1] == 'Z')
* lvModules.Items.Add(new ModuleListViewItem(ProcessID, memInfo.AllocationBase));
* FoundModules.Add(memInfo.AllocationBase);
*/
currentAddress += memInfo.RegionSize;//0x1000000
}
PELoader.CloseProcessHandle(hProc);
}
void PopulateList()
{
IntPtr pHandle = PELoader.OpenProcessHandle(ProcessID);
if (pHandle == IntPtr.Zero)
{
MessageBox.Show("Failed to load process");
this.DialogResult = DialogResult.OK;
return;
}
int size = 0;
if (!NativeMethods.EnumProcessModulesEx(pHandle, null, 0, out size, 0x01))
{
MessageBox.Show("Failed to get module count");
this.DialogResult = DialogResult.OK;
return;
}
lvModules.Items.Clear();
FoundModules.Clear();
int ModuleCount = size / Marshal.SizeOf(typeof(IntPtr));
IntPtr[] modules = new IntPtr[ModuleCount];
if (!NativeMethods.EnumProcessModulesEx(pHandle, modules, size, out size, 0x01))
{
MessageBox.Show("Failed to get modules");
this.DialogResult = DialogResult.OK;
return;
}
FoundModules.AddRange(modules);
foreach (IntPtr m in modules)
{
lvModules.Items.Add(new ModuleListViewItem(ProcessID, m));
}
PELoader.CloseProcessHandle(pHandle);
}