C# (CSharp) MemoryExplorer.ModelObjects DriverExtension 예제들

프로그래밍 언어: C# (CSharp)

네임스페이스/패키지 이름: MemoryExplorer.ModelObjects

클래스/타입: DriverExtension

hotexamples.com에서의 예제들: 2

C# (CSharp) MemoryExplorer.ModelObjects DriverExtension - 2개의 예제가 발견되었습니다. 이것들은 오픈소스 프로젝트에서 추출된 C# (CSharp)의 MemoryExplorer.ModelObjects.DriverExtension에 대한 실세계 최고 등급의 예제들입니다. 예제들을 평가하여 예제의 품질 향상에 도움을 줄 수 있습니다.

예제 #1

파일 보기

        private void Initialise()
        {
            Overlay("_DRIVER_OBJECT");
            byte[]        dnBuffer = Members.DriverName;
            UnicodeString us       = new UnicodeString(_profile, _dataProvider, dnBuffer);

            _driverName = us.Name;
            _driverExtensionVirtualAddress = Members.DriverExtension & 0xffffffffffff;
            if (_driverExtensionVirtualAddress != 0)
            {
                _driverExtension = new DriverExtension(_profile, _dataProvider, virtualAddress: _driverExtensionVirtualAddress);
            }
            _driverSize  = Members.DriverSize;
            _driverStart = Members.DriverStart & 0xffffffffffff;


            //_is64 = (_profile.Architecture == "AMD64");
            //AddressBase addressSpace = _dataProvider.ActiveAddressSpace;
            //if (_virtualAddress != 0)
            //    _physicalAddress = addressSpace.vtop(_virtualAddress);
            //if (_physicalAddress == 0)
            //    throw new ArgumentException("Error - Address is ZERO for _DRIVER_OBJECT");
            ////_physicalAddress = _dataProvider.ActiveAddressSpace.vtop(_virtualAddress, _dataProvider.IsLive);

            //_structureSize = (uint)_profile.GetStructureSize("_DRIVER_OBJECT");
            //if (_structureSize == -1)
            //    throw new ArgumentException("Error - Profile didn't contain a definition for _DRIVER_OBJECT");
            //if (_virtualAddress == 0)
            //    _buffer = _dataProvider.ReadPhysicalMemory(_physicalAddress, (uint)_structureSize);
            //else
            //    _buffer = _dataProvider.ReadMemoryBlock(_virtualAddress, (uint)_structureSize);
            //_structure = _profile.GetEntries("_DRIVER_OBJECT");
            //Structure s = GetStructureMember("DriverName");
            //if (s.EntryType == "_UNICODE_STRING")
            //{
            //    UnicodeString us = new UnicodeString(_profile, _dataProvider, physicalAddress: _physicalAddress + s.Offset);
            //    _driverName = us.Name;
            //}
            //// get the driver extension
            //if (DriverExtensionVirtualAddress != 0)
            //{
            //    _driverExtension = new DriverExtension(_profile, _dataProvider, physicalAddress: _physicalAddress + (ulong)_structureSize);
            //}
        }

예제 #2

파일 보기

파일: DriverObject.cs 프로젝트: redteamcaliber/Memory-Explorer

        private void Initialise()
        {
            _is64 = (_profile.Architecture == "AMD64");
            AddressBase addressSpace = _dataProvider.ActiveAddressSpace;

            if (_virtualAddress != 0)
            {
                _physicalAddress = addressSpace.vtop(_virtualAddress);
            }
            if (_physicalAddress == 0)
            {
                throw new ArgumentException("Error - Address is ZERO for _DRIVER_OBJECT");
            }
            //_physicalAddress = _dataProvider.ActiveAddressSpace.vtop(_virtualAddress, _dataProvider.IsLive);

            _structureSize = (uint)_profile.GetStructureSize("_DRIVER_OBJECT");
            if (_structureSize == -1)
            {
                throw new ArgumentException("Error - Profile didn't contain a definition for _DRIVER_OBJECT");
            }
            if (_virtualAddress == 0)
            {
                _buffer = _dataProvider.ReadPhysicalMemory(_physicalAddress, (uint)_structureSize);
            }
            else
            {
                _buffer = _dataProvider.ReadMemoryBlock(_virtualAddress, (uint)_structureSize);
            }
            _structure = _profile.GetEntries("_DRIVER_OBJECT");
            Structure s = GetStructureMember("DriverName");

            if (s.EntryType == "_UNICODE_STRING")
            {
                UnicodeString us = new UnicodeString(_profile, _dataProvider, physicalAddress: _physicalAddress + s.Offset);
                _driverName = us.Name;
            }
            // get the driver extension
            if (DriverExtensionVirtualAddress != 0)
            {
                _driverExtension = new DriverExtension(_profile, _dataProvider, physicalAddress: _physicalAddress + (ulong)_structureSize);
            }
        }