/// <summary> /// Gets a random pointer from the pointer collection. /// </summary> /// <returns>A random discovered pointer, or null if unable to find one.</returns> public Pointer GetRandomPointer(Int32 levelIndex) { if (levelIndex >= this.Levels.Count || this.Levels[levelIndex].StaticPointers == null) { return(null); } Snapshot currentSnapshot = this.Levels[levelIndex].StaticPointers; ExtractedPointer pointer = this.ExtractRandomPointer(currentSnapshot); UInt64 pointerBase = pointer.BaseAddress; List <Int32> offsets = new List <Int32>(); foreach (Level level in this.Levels.Take(levelIndex + 1).Reverse()) { IEnumerable <Int32> shuffledOffsets = Enumerable.Range(-(Int32)this.MaxOffset, (Int32)(this.MaxOffset * 2) + 1).Shuffle(); Boolean found = false; // Brute force all possible offsets in a random order to find the next path (this guarantees uniform path probabilities) foreach (Int32 nextRandomOffset in shuffledOffsets) { UInt64 newDestination = nextRandomOffset < 0 ? pointer.Destination.Subtract(-nextRandomOffset, wrapAround: false) : pointer.Destination.Add(nextRandomOffset, wrapAround: false); SnapshotRegion snapshotRegion = level.HeapPointers.SnapshotRegions.Select(x => x).Where(y => newDestination >= y.BaseAddress && newDestination <= y.EndAddress).FirstOrDefault(); if (snapshotRegion != null) { // We may have sampled an offset that results in a mis-aligned index, so just randomly take an element from this snapshot rather than using the random offset SnapshotElementIndexer randomElement = snapshotRegion[Random.Next(0, snapshotRegion.GetElementCount(PointerSize.ToSize()))]; UInt64 baseAddress = randomElement.GetBaseAddress(PointerSize.ToSize()); Int32 alignedOffset = pointer.Destination >= baseAddress ? -((Int32)(pointer.Destination - baseAddress)) : ((Int32)(baseAddress - pointer.Destination)); pointer = this.ExtractPointerFromElement(randomElement); offsets.Add(alignedOffset); found = true; break; } } if (!found) { Logger.Log(LogLevel.Error, "Unable to collect a pointer, encountered dead end path"); return(null); } } return(new Pointer(pointerBase, this.PointerSize, offsets.ToArray())); }
/// <summary> /// Loads the results for the current page. /// </summary> private void LoadScanResults() { Snapshot snapshot = SessionManager.Session.SnapshotManager.GetActiveSnapshot(); IList <ScanResult> newAddresses = new List <ScanResult>(); if (snapshot != null) { UInt64 startIndex = Math.Min(ScanResultsViewModel.PageSize * this.CurrentPage, snapshot.ElementCount); UInt64 endIndex = Math.Min((ScanResultsViewModel.PageSize * this.CurrentPage) + ScanResultsViewModel.PageSize, snapshot.ElementCount); for (UInt64 index = startIndex; index < endIndex; index++) { SnapshotElementIndexer element = snapshot[index, this.ActiveType.Size]; String label = element.GetElementLabel() != null?element.GetElementLabel().ToString() : String.Empty; Object currentValue = element.HasCurrentValue() ? element.LoadCurrentValue(this.ActiveType) : null; Object previousValue = element.HasPreviousValue() ? element.LoadPreviousValue(this.ActiveType) : null; String moduleName = String.Empty; UInt64 address = MemoryQueryer.Instance.AddressToModule(SessionManager.Session.OpenedProcess, element.GetBaseAddress(this.ActiveType.Size), out moduleName); PointerItem pointerItem = new PointerItem(SessionManager.Session, baseAddress: address, dataType: this.ActiveType, moduleName: moduleName, value: currentValue); newAddresses.Add(new ScanResult(new PointerItemView(pointerItem), previousValue, label)); } } this.Addresses = new FullyObservableCollection <ScanResult>(newAddresses); // Ensure results are visible this.IsVisible = true; this.IsSelected = true; this.IsActive = true; }
private ExtractedPointer ExtractPointerFromElement(SnapshotElementIndexer element) { return(new ExtractedPointer(element.GetBaseAddress(PointerSize.ToSize()), element.HasCurrentValue() ? (this.PointerSize == PointerSize.Byte4 ? (UInt32)element.LoadCurrentValue(PointerSize.ToDataType()) : (UInt64)element.LoadCurrentValue(PointerSize.ToDataType())) : 0)); }