public static bool TryGetSizeOfImage(DbgProcess process, ulong address, bool isFileLayout, out uint imageSize)
{
imageSize = 0;
try {
var buffer = new byte[0x2000];
process.ReadMemory(address, buffer, 0, buffer.Length);
if (BitConverter.ToUInt16(buffer, 0) != 0x5A4D)
{
return(false);
}
using (var peImage = new PEImage(buffer, null, isFileLayout ? ImageLayout.File : ImageLayout.Memory, verify: true)) {
ulong length = GetImageSize(peImage);
Debug.Assert(length <= uint.MaxValue);
if (length > uint.MaxValue)
{
return(false);
}
imageSize = (uint)length;
return(true);
}
}
catch (BadImageFormatException) {
return(false);
}
catch (IOException) {
return(false);
}
catch (Exception ex) {
Debug.Fail(ex.ToString());
return(false);
}
}
public unsafe override void UpdateMemory()
{
if (disposed)
{
throw new ObjectDisposedException(nameof(DbgRawMetadataImpl));
}
process?.ReadMemory(moduleAddress, address.ToPointer(), size);
}
public unsafe DbgRawMetadataImpl(DbgProcess process, bool isFileLayout, ulong moduleAddress, int moduleSize)
{
lockObj = new object();
referenceCounter = 1;
this.isFileLayout = isFileLayout;
size = moduleSize;
isProcessMemory = true;
try {
// Prevent allocation on the LOH. We'll also be able to free the memory as soon as it's not needed.
address = NativeMethods.VirtualAlloc(IntPtr.Zero, new IntPtr(moduleSize), NativeMethods.MEM_COMMIT, NativeMethods.PAGE_READWRITE);
if (address == IntPtr.Zero)
{
throw new OutOfMemoryException();
}
process.ReadMemory(moduleAddress, (byte *)address.ToPointer(), size);
(metadataAddress, metadataSize) = GetMetadataInfo();
}
catch {
Dispose();
throw;
}
}
public unsafe DbgRawMetadataImpl(DbgProcess process, bool isFileLayout, ulong moduleAddress, int moduleSize)
{
lockObj = new object();
referenceCounter = 1;
this.isFileLayout = isFileLayout;
size = moduleSize;
try {
// Prevent allocation on the LOH. We'll also be able to free the memory as soon as it's not needed.
address = NativeMethods.VirtualAlloc(IntPtr.Zero, new IntPtr(moduleSize), NativeMethods.MEM_COMMIT, NativeMethods.PAGE_READWRITE);
if (address == IntPtr.Zero)
{
throw new OutOfMemoryException();
}
process.ReadMemory(moduleAddress, (byte *)address.ToPointer(), size);
try {
var peImage = new PEImage(address, size, isFileLayout ? ImageLayout.File : ImageLayout.Memory, true);
var dotNetDir = peImage.ImageNTHeaders.OptionalHeader.DataDirectories[14];
if (dotNetDir.VirtualAddress != 0 && dotNetDir.Size >= 0x48)
{
var cor20 = new ImageCor20Header(peImage.CreateStream(dotNetDir.VirtualAddress, 0x48), true);
var mdStart = (long)peImage.ToFileOffset(cor20.MetaData.VirtualAddress);
metadataAddress = new IntPtr((byte *)address + mdStart);
metadataSize = (int)cor20.MetaData.Size;
}
}
catch (Exception ex) when(ex is IOException || ex is BadImageFormatException)
{
Debug.Fail("Couldn't read .NET metadata");
}
}
catch {
Dispose();
throw;
}
}
int?GetOffsetToArrayData()
{
var byteType = thread.Domain.Corlib.GetType("System.Byte");
var arrayType = thread.Domain.Corlib.GetType("System.Array");
var typeType = thread.Domain.Corlib.GetType("System.Type");
if (byteType is null || arrayType is null || typeType is null)
{
return(null);
}
var createInstanceMethod = GetCreateInstance(arrayType);
if (createInstanceMethod is null)
{
return(null);
}
var args = new Value[2] {
byteType.GetTypeObject(),
new PrimitiveValue(thread.VirtualMachine, ElementType.I4, randomData.Length),
};
var arrayMirror = Call(createInstanceMethod, args) as ArrayMirror;
if (arrayMirror is null)
{
return(null);
}
var threadTmp = thread;
arrayMirror.SetValues(0, randomData.Select(a => new PrimitiveValue(threadTmp.VirtualMachine, ElementType.U1, a)).ToArray());
var arrayData = process.ReadMemory((ulong)arrayMirror.Address, randomData.Length + 0x80);
var res = GetIndex(arrayData, randomData);
arrayMirror.SetValues(0, randomData.Select(a => new PrimitiveValue(threadTmp.VirtualMachine, ElementType.U1, (byte)0)).ToArray());
return(res);
}
public void Initialize(DbgProcess process, ulong address)
{
process.ReadMemory(address, data);
dataIndex = 0;
}
