/// <summary> /// Initializes this data element. /// </summary> /// <param name="data">The read-in data array.</param> /// <param name="index">The index in the data array in which to start reading from, this is incremented according to the size of the data measurement read in.</param> /// /// <param name="time">The time of the measurement with respect to the start time of the measurement.</param> public oSingleData(byte[] data, ref int index, double time) { if (index + minSize - 1 >= data.Length) { // Not enough data index = -1; return; } // Load this call information this.time = time; this.destination = oMemoryFunctions.ByteArrayToUint(data, index); this.source = oMemoryFunctions.ByteArrayToUint(data, index + 4); this.esp = oMemoryFunctions.ByteArrayToUint(data, index + 8); this.ecx = oMemoryFunctions.ByteArrayToUint(data, index + 12); this.edx = oMemoryFunctions.ByteArrayToUint(data, index + 16); this.eax = oMemoryFunctions.ByteArrayToUint(data, index + 20); // Load the arguments int numParameters = (int)oMemoryFunctions.ByteArrayToUint(data, index + 24); if (index + minSize + 4 * numParameters > data.Length || numParameters > 0x100) { // Not enough data index = -1; return; } arguments = new uint[numParameters]; for (int i = 0; i < arguments.Length; i++) { arguments[i] = oMemoryFunctions.ByteArrayToUint(data, index + 28 + i * 4); } // Load the dereferences int derefSize = dereference.getSize(); int numDereferences = (int)oMemoryFunctions.ByteArrayToUint(data, index + 28 + numParameters * 4); if (index + minSize + 4 * numParameters + numDereferences * derefSize > data.Length) { // Not enough data index = -1; return; } dereferences = new dereference[numDereferences]; for (int i = 0; i < dereferences.Length; i++) { // Input this dereference structure dereferences[i] = new dereference(data, index + 32 + numParameters * 4 + i * derefSize); } // Update the index index += minSize + 4 * numParameters + numDereferences * derefSize; }
/// <summary> /// Interprets the specified value and dereference according to the current interpretation method. /// </summary> /// <param name="data">The argument value.</param> /// <param name="dereference">The dereferenced data. This should be null if there are no dereferences.</param> /// <param name="autodetermine">If true, this funciton will change DISPLAY_TYPE depending on the dereference.</param> /// <returns></returns> public string getValueString(uint data, dereference dereference) { // Autodetect this type if required if (!detectedType) { // Detect the type of dereference byte[] derefData = dereference.data; if (derefData[0] >= 0x20 && derefData[0] <= 0x7E && derefData[1] == 0 && derefData[2] >= 0x20 && derefData[2] <= 0x7E && derefData[3] == 0) { // Unicode with no offset displayMethod = DISPLAY_TYPE.ULONG_UNICODE; } else if (derefData[0] >= 0x20 && derefData[0] <= 0x7E && derefData[1] >= 0x20 && derefData[1] <= 0x7E && derefData[2] >= 0x20 && derefData[2] <= 0x7E) { // Ascii with no offset displayMethod = DISPLAY_TYPE.ULONG_ASCII; } else { // Binary dereference displayMethod = DISPLAY_TYPE.ULONG_DATA; } detectedType = true; } string result = getValueString(data); if (displayMethod == DISPLAY_TYPE.ULONG_ASCII || displayMethod == DISPLAY_TYPE.ULONG_ASCII_F || displayMethod == DISPLAY_TYPE.ULONG_DATA || displayMethod == DISPLAY_TYPE.ULONG_STRUCT || displayMethod == DISPLAY_TYPE.ULONG_UNICODE) { // Setup the dereference result = result + "="; // Add the dereference string according to the type byte[] derefData = dereference.data; int i = 0; switch (displayMethod) { case DISPLAY_TYPE.ULONG_UNICODE: // Print until a null or invalid character result = result + "\""; i = 0; while (i < derefData.Length && derefData[i] >= 32 && derefData[i] <= 126) { result = result + (char)derefData[i]; i += 2; } result = result + "\""; break; case DISPLAY_TYPE.ULONG_ASCII: // Print until a null or invalid character result = result + "'"; i = 0; while (i < derefData.Length && derefData[i] >= 32 && derefData[i] <= 126) { result = result + (char)derefData[i]; i++; } result = result + "'"; break; case DISPLAY_TYPE.ULONG_ASCII_F: // Force the printing of the whole buffer as ascii result = result + "'"; i = 0; while (i < derefData.Length) { if (derefData[i] > 31) { result = result + (char)derefData[i]; } else { result = result + '.'; } i++; } result = result + "'"; break; default: // Interpret as a data pointer result = result + "["; i = 0; while (i < derefData.Length) { string byteData = derefData[i].ToString("X"); while (byteData.Length < 2) { byteData = "0" + byteData; } result = result + byteData + " "; i += 1; } result = result.TrimEnd(new char[] { ' ' }) + "]"; break; } } return(result); }