/// <summary> /// Get list of page filenames. /// </summary> /// <returns>The list of page file names.</returns> public static IEnumerable <string> GetPageFileNames() { using (SafeHGlobalBuffer buffer = new SafeHGlobalBuffer(0x10000)) { AllocateSafeBuffer(buffer, SystemInformationClass.SystemPageFileInformation); int offset = 0; while (true) { var pagefile_info = buffer.GetStructAtOffset <SystemPageFileInformation>(offset).Result; yield return(pagefile_info.PageFileName.ToString()); if (pagefile_info.NextEntryOffset == 0) { break; } offset += pagefile_info.NextEntryOffset; } } }
private NtResult <IContext> GetAmd64Context(ContextFlags flags, bool throw_on_error) { var context = new ContextAmd64 { ContextFlags = flags }; // Buffer needs to be 16 bytes aligned, so allocate some extract space in case. using (var buffer = new SafeHGlobalBuffer(Marshal.SizeOf(context) + 16)) { int write_ofs = 0; long ptr = buffer.DangerousGetHandle().ToInt64(); // Almost certainly 16 byte aligned, but just in case. if ((ptr & 0xF) != 0) { write_ofs = (int)(0x10 - (ptr & 0xF)); } Marshal.StructureToPtr(context, buffer.DangerousGetHandle() + write_ofs, false); var sbuffer = buffer.GetStructAtOffset <ContextAmd64>(write_ofs); return(NtSystemCalls.NtGetContextThread(Handle, sbuffer).CreateResult(throw_on_error, () => sbuffer.Result).Cast <IContext>()); } }
private IContext GetAmd64Context(ContextFlags flags) { var context = new ContextAmd64(); context.ContextFlags = flags; // Buffer needs to be 16 bytes aligned, so allocate some extract space in case. using (var buffer = new SafeHGlobalBuffer(Marshal.SizeOf(context) + 16)) { int write_ofs = 0; long ptr = buffer.DangerousGetHandle().ToInt64(); // Almost certainly 8 byte aligned, but just in case. if ((ptr & 0xF) != 0) { write_ofs = (int)(0x10 - (ptr & 0xF)); } Marshal.StructureToPtr(context, buffer.DangerousGetHandle() + write_ofs, false); var sbuffer = buffer.GetStructAtOffset <ContextAmd64>(write_ofs); NtSystemCalls.NtGetContextThread(Handle, sbuffer).ToNtException(); return(sbuffer.Result); } }
/// <summary> /// Get all process information for the system. /// </summary> /// <returns>The list of process information.</returns> public static IEnumerable <NtProcessInformation> GetProcessInformation() { using (SafeHGlobalBuffer process_info = new SafeHGlobalBuffer(0x10000)) { AllocateSafeBuffer(process_info, SystemInformationClass.SystemProcessInformation); int offset = 0; while (true) { var process_buffer = process_info.GetStructAtOffset <SystemProcessInformation>(offset); var process_entry = process_buffer.Result; SystemThreadInformation[] thread_info = new SystemThreadInformation[process_entry.NumberOfThreads]; process_buffer.Data.ReadArray(0, thread_info, 0, thread_info.Length); yield return(new NtProcessInformation(process_entry, thread_info.Select(t => new NtThreadInformation(process_entry.ImageName.ToString(), t)))); if (process_entry.NextEntryOffset == 0) { break; } offset += process_entry.NextEntryOffset; } } }