private static void SetMiniMutantInformation1(MiniDumpHandle handle, IntPtr address) { handle.Type = MiniDumpHandleType.MUTEX1; var additional_info = Marshal.PtrToStructure<MUTEX_ADDITIONAL_INFO_1>(address); handle.MutexUnknown = new MutexUnknownFields() { Field1 = additional_info.Unknown1, Field2 = additional_info.Unknown2 }; }
/// <summary> /// Reads sctructure form given handle if possible /// </summary> /// <param name="pObjectInfo">object info struct</param> /// <param name="handle">context handle</param> /// <param name="address">calculate rva address</param> /// <param name="baseOfView">base of mapped minidump file</param> /// <returns>Information structure or default value if no info detected</returns> public static unsafe MINIDUMP_HANDLE_OBJECT_INFORMATION DealWithHandleInfo(MINIDUMP_HANDLE_OBJECT_INFORMATION pObjectInfo, MiniDumpHandle handle, IntPtr address, IntPtr baseOfView) { switch (pObjectInfo.InfoType) { case MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE.MiniHandleObjectInformationNone: SetMiniHandleObjectInformationNone(handle, address); break; case MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE.MiniThreadInformation1: SetMiniThreadInformation1(handle, address); break; case MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE.MiniMutantInformation1: SetMiniMutantInformation1(handle, address); break; case MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE.MiniMutantInformation2: SetMiniMutantInformation2(handle, address); break; case MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE.MiniProcessInformation1: SetMiniProcessInformation1(handle, address); break; case MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE.MiniProcessInformation2: SetMiniProcessInformation2(handle, address); break; case MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE.MiniEventInformation1: SetMiniEventInformation1(handle, address); break; case MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE.MiniSectionInformation1: SetMiniSectionInformation1(handle, address); break; case MINIDUMP_HANDLE_OBJECT_INFORMATION_TYPE.MiniHandleObjectInformationTypeMax: SetMiniHandleObjectInformationTypeMax(handle, address); break; default: break; } if (pObjectInfo.NextInfoRva == 0) { return default(MINIDUMP_HANDLE_OBJECT_INFORMATION); } else { pObjectInfo = SafeMemoryMappedViewStreamHandler .ReadStruct<MINIDUMP_HANDLE_OBJECT_INFORMATION>(IntPtr.Add(baseOfView, (int)pObjectInfo.NextInfoRva)); } return pObjectInfo; }
private static void SetMiniMutantInformation2(MiniDumpHandle handle, IntPtr address) { handle.Type = MiniDumpHandleType.MUTEX2; var additional_info = Marshal.PtrToStructure<MUTEX_ADDITIONAL_INFO_2>(address); handle.OwnerProcessId = additional_info.OwnerProcessId; handle.OwnerThreadId = additional_info.OwnerThreadId; }
private static void SetMiniHandleObjectInformationTypeMax(MiniDumpHandle handle, IntPtr address) { handle.Type = MiniDumpHandleType.TYPE_MAX; }
private static void SetMiniHandleObjectInformationNone(MiniDumpHandle handle, IntPtr address) { handle.Type = MiniDumpHandleType.NONE; }
private static void SetMiniEventInformation1(MiniDumpHandle handle, IntPtr address) { handle.Type = MiniDumpHandleType.EVENT; }
private static void SetMiniThreadInformation1(MiniDumpHandle handle, IntPtr address) { handle.Type = MiniDumpHandleType.THREAD; var additional_info = Marshal.PtrToStructure<THREAD_ADDITIONAL_INFO>(address); handle.OwnerProcessId = additional_info.ProcessId; handle.OwnerThreadId = additional_info.ThreadId; }
private static void SetMiniSectionInformation1(MiniDumpHandle handle, IntPtr address) { handle.Type = MiniDumpHandleType.SECTION; }
private static unsafe void SetMiniProcessInformation2(MiniDumpHandle handle, IntPtr address) { handle.Type = MiniDumpHandleType.PROCESS2; var additional_info = Marshal.PtrToStructure<PROCESS_ADDITIONAL_INFO_2>(address); handle.OwnerProcessId = additional_info.ProcessId; handle.OwnerThreadId = 0; }
private static void SetMiniProcessInformation1(MiniDumpHandle handle, IntPtr address) { handle.Type = MiniDumpHandleType.PROCESS1; }
/// <summary> /// Constructs handles wrapped class with MINIDUMP_HANDLE_DESCRIPTOR_2 struct data /// </summary> /// <param name="handle">minidump struct descriptor</param> /// <param name="streamPointer">stream pointer</param> /// <returns></returns> private async Task<MiniDumpHandle > GetHandleData(MINIDUMP_HANDLE_DESCRIPTOR_2 handle, IntPtr streamPointer) { string objectName, typeName; typeName = objectName = null; if (handle.ObjectNameRva != 0) { objectName = await GetMiniDumpString(handle.ObjectNameRva, streamPointer); } if (handle.TypeNameRva != 0) { typeName = await GetMiniDumpString(handle.TypeNameRva, streamPointer); } var result = new MiniDumpHandle (handle, objectName, typeName); if (handle.HandleCount > 0) { if (handle.ObjectInfoRva > 0) { var info = await SafeMemoryMappedViewStreamHandler.ReadStruct<MINIDUMP_HANDLE_OBJECT_INFORMATION>(handle.ObjectInfoRva, streamPointer, _safeMemoryMappedViewHandle); if (info.NextInfoRva != 0) { IntPtr address = IntPtr.Add(_baseOfView, handle.ObjectInfoRva); MINIDUMP_HANDLE_OBJECT_INFORMATION pObjectInfo = SafeMemoryMappedViewStreamHandler.ReadStruct<MINIDUMP_HANDLE_OBJECT_INFORMATION>(address); do { pObjectInfo = ObjectInformationHandler .DealWithHandleInfo(pObjectInfo, result, address, _baseOfView); } while (pObjectInfo.NextInfoRva != 0 && pObjectInfo.SizeOfInfo != 0); } } } if (handle.PointerCount > 0) { //TODO: The meaning of this member depends on the handle type and the operating system. //This is the number kernel references to the object that this handle refers to. } if (handle.GrantedAccess > 0) { //TODO: The meaning of this member depends on the handle type and the operating system. } if (handle.Attributes > 0) { //TODO: //The attributes for the handle, this corresponds to OBJ_INHERIT, OBJ_CASE_INSENSITIVE, etc. } return result; }