상속: AMemoryRunDetector, IMemAwareChecking
예제 #1
0
        public Vtero(string MemoryDump) :this()
        {
            MemFile = MemoryDump.ToLower();

            if (MemFile.EndsWith(".dmp"))
            {
                var dump = new CrashDump(MemFile);
                if (dump.IsSupportedFormat())
                    DetectedDesc = dump.PhysMemDesc;
            }
            else if(MemFile.EndsWith(".vmss") || MemFile.EndsWith(".vmsn") || MemFile.EndsWith(".vmem"))
            {
                var dump = new VMWare(MemFile);
                if (dump.IsSupportedFormat())
                {
                    DetectedDesc = dump.PhysMemDesc;

                    MemFile = dump.MemFile;
                }
            }

            scan = new Scanner(MemFile);
            FileSize = new FileInfo(MemFile).Length;

        }
예제 #2
0
        void DeriveMemoryDescriptors()
        {
            if (ProgressBarz.BaseMessage == null || string.IsNullOrWhiteSpace(ProgressBarz.BaseMessage.ToString()))
                ProgressBarz.BaseMessage = new ConsoleString("Value Scan for memory descriptors in progress");

            AMemoryRunDetector Detected = null;

            if (MemFile.EndsWith(".dmp"))
            {
                Detected = new CrashDump(MemFile);
                Detected.IsSupportedFormat(this);

            } else if (MemFile.EndsWith(".vmem"))
            {
                Detected = new VMWare(MemFile);
                if (Detected.IsSupportedFormat(this))
                    MemFile = Detected.MemFile;
            }

            // try XEN!
            if(Detected == null)
            {
                Detected = new XEN(MemFile);
                if (Detected != null)
                    Detected.IsSupportedFormat(this);
            }

            // if the memory run is defined as 0 count then it's implicitly 1
            if (Detected == null || Detected.PhysMemDesc == null || Detected.PhysMemDesc.NumberOfPages < 1)
            {
                Detected = new BasicRunDetector(MemFile);
                if (Detected != null)
                    Detected.IsSupportedFormat(this);
            }

            if (Vtero.VerboseOutput)
            {
                if (Detected.LogicalPhysMemDesc != null)
                    WriteColor(ConsoleColor.Yellow, $"Windows/Logical Memory Run: {Detected.LogicalPhysMemDesc}" + Environment.NewLine + Environment.NewLine + Environment.NewLine);
                else if (Detected.PhysMemDesc != null)
                    WriteColor(ConsoleColor.Green, $"HW Memory Run: {Detected.PhysMemDesc}" + Environment.NewLine + Environment.NewLine + Environment.NewLine);
            }

            MRD = Detected;
            MemAccess = Mem.InitMem(MemFile, Detected);
        }