/// <summary>
/// Overrides the <see cref="Execute"/> method exposed by the <see cref="SwedishCodeActivity{T}"/> class.
/// </summary>
/// <param name="context">The execution context passed when invoked.</param>
/// <returns>A string back to the caller.</returns>
/// <inheritdoc cref="SwedishCodeActivity{T}"/>
protected override object Execute(CodeActivityContext context)
{
// TODO: Move to SwedishCodeActivity (with void signature)
FirstArgument = FirstInArgument;
SecondArgument = SecondInArgument;
string stringProcessId = context.GetValue(FirstArgument);
string targetPath = context.GetValue(SecondArgument);
// Sanity check to help the caller out.
if (!targetPath.EndsWith("\\"))
{
targetPath += "\\";
}
// We want this to hard fail.
int processId = int.Parse(stringProcessId);
using (Process process = Process.GetProcessById(processId))
{
// Process contains a list of loaded modules, which also contains the
// Native Images loaded, as well; which /can/ be important for debugging
// purposes (thus, the need to copy them out).
ProcessModuleCollection modules = process.Modules;
// Should always be the case, since we're running in the LSA context,
// but better safe to check than to be sorry and null-reference.
if (modules.Count > 0)
{
// Added overhead but necessary for parallel operations.
List <ProcessModule> modulesList = modules.Cast <ProcessModule>().ToList();
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.AppendLine("Copied: ");
Parallel.ForEach(
modulesList,
module =>
{
string targetPathQualified = targetPath + module.ModuleName;
// TODO: Requires investigation. This is a workaround to prevent duplication
if (!File.Exists(targetPathQualified))
{
File.Copy(module.FileName, targetPathQualified);
stringBuilder.AppendLine(module.ModuleName);
}
});
return(stringBuilder.ToString());
}
else
{
return("No modules were found to copy...");
}
}
}
public void TestModuleCollectionBehavior()
{
ProcessModule[] mArray = Process.GetCurrentProcess().Modules.Cast <ProcessModule>().ToArray();
// Constructor
ProcessModuleCollection moduleCollection = new ProcessModuleCollection(mArray);
// Count
Assert.Equal(mArray.Count(), moduleCollection.Count);
// get_item, Contains, IndexOf
for (int i = 0; i < mArray.Count(); i++)
{
Assert.Equal(mArray[i], moduleCollection[i]);
Assert.True(moduleCollection.Contains(mArray[i]));
Assert.Equal(i, moduleCollection.IndexOf(mArray[i]));
}
// CopyTo
ProcessModule[] moduleArray = new ProcessModule[moduleCollection.Count + 1];
moduleCollection.CopyTo(moduleArray, 1);
for (int i = 0; i < mArray.Count(); i++)
{
Assert.Equal(mArray[i], moduleArray[i + 1]);
}
Assert.Throws <ArgumentOutOfRangeException>(() => moduleCollection.CopyTo(moduleArray, -1));
// Explicit interface implementations
Assert.False(((ICollection)moduleCollection).IsSynchronized);
Assert.NotNull(((ICollection)moduleCollection).SyncRoot);
moduleArray = new ProcessModule[moduleCollection.Count];
((ICollection)moduleCollection).CopyTo(moduleArray, 0);
Assert.Equal(moduleCollection.Cast <ProcessModule>().ToArray(), moduleArray);
// GetEnumerator
IEnumerator enumerator = moduleCollection.GetEnumerator();
Assert.Throws <InvalidOperationException>(() => enumerator.Current);
for (int i = 0; i < moduleCollection.Count; i++)
{
enumerator.MoveNext();
Assert.Equal(moduleCollection[i], enumerator.Current);
}
}
public void TestModuleCollectionBehavior()
{
ProcessModule[] mArray = Process.GetCurrentProcess().Modules.Cast<ProcessModule>().ToArray();
// Constructor
ProcessModuleCollection moduleCollection = new ProcessModuleCollection(mArray);
// Count
Assert.Equal(mArray.Count(), moduleCollection.Count);
// get_item, Contains, IndexOf
for (int i = 0; i < mArray.Count(); i++)
{
Assert.Equal(mArray[i], moduleCollection[i]);
Assert.True(moduleCollection.Contains(mArray[i]));
Assert.Equal(i, moduleCollection.IndexOf(mArray[i]));
}
// CopyTo
ProcessModule[] moduleArray = new ProcessModule[moduleCollection.Count + 1];
moduleCollection.CopyTo(moduleArray, 1);
for (int i = 0; i < mArray.Count(); i++)
{
Assert.Equal(mArray[i], moduleArray[i + 1]);
}
Assert.Throws<ArgumentOutOfRangeException>(() => moduleCollection.CopyTo(moduleArray, -1));
// Explicit interface implementations
Assert.False(((ICollection)moduleCollection).IsSynchronized);
Assert.NotNull(((ICollection)moduleCollection).SyncRoot);
moduleArray = new ProcessModule[moduleCollection.Count];
((ICollection)moduleCollection).CopyTo(moduleArray, 0);
Assert.Equal(moduleCollection.Cast<ProcessModule>().ToArray(), moduleArray);
// GetEnumerator
IEnumerator enumerator = moduleCollection.GetEnumerator();
Assert.Throws<InvalidOperationException>(() => enumerator.Current);
for (int i = 0; i < moduleCollection.Count; i++)
{
enumerator.MoveNext();
Assert.Equal(moduleCollection[i], enumerator.Current);
}
}
public unsafe static IEnumerable <ProcessModule> AppendHiddenModules(this ProcessModuleCollection collection, Process process = null)
{
var hModules = new IntPtr[1024];
var gcHandle = GCHandle.Alloc(hModules, GCHandleType.Pinned); // Don't forget to free this later
var pModules = gcHandle.AddrOfPinnedObject();
var size = (uint)(Marshal.SizeOf(typeof(IntPtr)) * (hModules.Length));
IntPtr minAddress;
IntPtr maxAddress;
uint hProcess;
MEMORY_BASIC_INFORMATION memBasicInfo;
uint regionSize = 0;
var sysInfo = new SYSTEM_INFO();
var processsModuleType = typeof(ProcessModule);
var moduleInfoType = processsModuleType.Assembly.GetTypes().SingleOrDefault(t => t.FullName == "System.Diagnostics.ModuleInfo");
var processModuleConstructor = processsModuleType.GetConstructor(BindingFlags.NonPublic | BindingFlags.Instance, null, new Type[] { moduleInfoType }, null);
var list = new List <ProcessModule>(collection.Cast <ProcessModule>());
var listAddFrom = new List <ProcessModule>();
GetSystemInfo(out sysInfo);
minAddress = sysInfo.MinimumApplicationAddress;
maxAddress = sysInfo.MaximumApplicationAddress;
if (process == null)
{
process = Process.GetCurrentProcess();
}
hProcess = OpenProcess(ProcessAccessFlags.QueryInformation | ProcessAccessFlags.VirtualMemoryRead, false, (uint)process.Id);
memBasicInfo = new MEMORY_BASIC_INFORMATION();
while (minAddress.ToPointer() < maxAddress.ToPointer())
{
uint length = 0;
var builder = new StringBuilder(1024);
builder.Clear();
VirtualQueryEx(hProcess, minAddress, out memBasicInfo, 28);
regionSize = memBasicInfo.RegionSize;
if (memBasicInfo.Protect == AllocationProtectEnum.PAGE_READONLY | memBasicInfo.Protect == AllocationProtectEnum.PAGE_READWRITE | memBasicInfo.Protect == AllocationProtectEnum.PAGE_EXECUTE_READ | memBasicInfo.Protect == AllocationProtectEnum.PAGE_EXECUTE_READWRITE)
{
length = GetMappedFileName(hProcess, memBasicInfo.BaseAddress, builder, 1024);
if (length != 0)
{
uint bytesRead = 0;
var buffer = new byte[memBasicInfo.RegionSize];
var deviceName = builder.ToString();
byte[] bytes;
string magic;
string signature;
ReadProcessMemory(hProcess, memBasicInfo.BaseAddress, buffer, memBasicInfo.RegionSize, ref bytesRead);
if (bytesRead >= (DOSHeader.Size + PEHeader.Size))
{
var assemblyReader = new BinaryReader(buffer.ToMemory());
var dosHeader = DOSHeader.ReadDOSHeader(assemblyReader);
bytes = BitConverter.GetBytes(dosHeader.MagicBytes);
magic = ASCIIEncoding.ASCII.GetString(bytes, 0, 2);
if (magic == "MZ")
{
var peheader = PEHeader.ReadPEHeader(assemblyReader, dosHeader.COFFHeaderAddress);
bytes = BitConverter.GetBytes(peheader.SignatureBytes);
signature = ASCIIEncoding.ASCII.GetString(bytes, 0, 2);
if (signature == "PE")
{
string fileName;
Files.ConvertDevicePathToLocalPath(deviceName, out fileName);
if (!collection.Cast <ProcessModule>().Any(m => m.FileName.AsCaseless() == fileName))
{
var moduleInfo = Activator.CreateInstance(moduleInfoType);
string baseName;
ProcessModule processModule;
baseName = Path.GetFileName(fileName);
moduleInfoType.SetFieldValue("baseName", moduleInfo, baseName);
moduleInfoType.SetFieldValue("baseOfDll", moduleInfo, new IntPtr(memBasicInfo.BaseAddress));
moduleInfoType.SetFieldValue("entryPoint", moduleInfo, new IntPtr(peheader.AddressOfEntryPoint));
moduleInfoType.SetFieldValue("fileName", moduleInfo, fileName);
moduleInfoType.SetFieldValue("sizeOfImage", moduleInfo, (int)peheader.SizeOfImage);
processModule = (ProcessModule)processModuleConstructor.Invoke(new object[] { moduleInfo });
regionSize = peheader.SizeOfImage;
listAddFrom.Add(processModule);
}
}
}
}
}
}
minAddress += (int)regionSize;
}
return(list.Concat(listAddFrom));
}
public void SetItems(ProcessModuleCollection processModules)
{
if (this.Created == false)
{
return;
}
List <ListViewItem> list = new List <ListViewItem>();
List <ProcessModule> processModuleList = processModules.Cast <ProcessModule>().ToList();
processModuleList.Sort(delegate(ProcessModule a, ProcessModule b)
{
return(a.BaseAddress.ToInt64().CompareTo(b.BaseAddress.ToInt64()));
});
try
{
foreach (ProcessModule processModule in processModuleList)
{
ListViewItem item = new ListViewItem();
item.Text = processModule.ModuleName;
string startAddress = String.Format("0x{0}", processModule.BaseAddress.ToString("X16"));
string endAddress = String.Format("0x{0}", (processModule.BaseAddress.ToInt64() + processModule.ModuleMemorySize).ToString("X16"));
string entryPointAddress = String.Format("0x{0}", processModule.EntryPointAddress.ToString("X16"));
item.SubItems.Add(startAddress);
item.SubItems.Add(endAddress);
item.SubItems.Add(entryPointAddress);
item.SubItems.Add(processModule.FileVersionInfo.ProductVersion);
item.SubItems.Add(processModule.FileVersionInfo.FileVersion);
item.SubItems.Add(processModule.FileVersionInfo.FileDescription);
item.SubItems.Add(processModule.FileVersionInfo.FileName);
try
{
string fileName = processModule.FileVersionInfo.FileName;
string extension = Path.GetExtension(fileName).ToLower();
item.ImageKey = extension;
if (SmallImageList.Images.ContainsKey(extension) == false)
{
Icon icon = IconTools.GetIconForFile(fileName, ShellIconSize.SmallIcon);
if (icon != null)
{
SmallImageList.Images.Add(icon);
SmallImageList.Images.SetKeyName(SmallImageList.Images.Count - 1, extension);
}
}
}
catch
{
}
item.Tag = processModule;
list.Add(item);
}
}
catch
{
}
BeginUpdate();
Items.Clear();
Items.AddRange(list.ToArray());
AutoResizeColumns();
EndUpdate();
}