Exemplo n.º 1
0
        public static MemoryDomainProxy[] GetInterfaces()
        {
            try
            {
                Console.WriteLine($"getInterfaces()");
                try
                {
                    if (ProcessExtensions.GetProcessSafe(p) == null)
                    {
                        Console.WriteLine($"p was null!");
                        return(Array.Empty <MemoryDomainProxy>());
                    }
                }
                catch (Exception e)
                {
                    Console.WriteLine($"GetInterfaces threw an exception!\n{e.Message}\n{e.StackTrace}");
                    return(Array.Empty <MemoryDomainProxy>());
                }

                List <MemoryDomainProxy> interfaces = new List <MemoryDomainProxy>();

                var _p = ProcessExtensions.GetProcessSafe(p);
                if (IsProcessBlacklisted(_p))
                {
                    return(Array.Empty <MemoryDomainProxy>());
                }

                ProcessExtensions.GetSystemInfo(out var info);
                IntPtr minAddr   = info.minimumApplicationAddress;
                IntPtr maxAddr   = info.maximumApplicationAddress;
                long   minAddr_l = (long)info.minimumApplicationAddress;
                long   maxAddr_l = (long)info.maximumApplicationAddress;
                while (minAddr_l < maxAddr_l)
                {
                    _p = ProcessExtensions.GetProcessSafe(p);
                    if (_p == null)
                    {
                        return(Array.Empty <MemoryDomainProxy>());
                    }

                    if (ProcessExtensions.VirtualQueryEx(_p, minAddr, out var mbi) == false)
                    {
                        break;
                    }

                    if (mbi.State == (uint)ProcessExtensions.MemoryType.MEM_COMMIT &&
                        mbi.Protect != ProcessExtensions.MemoryProtection.NoAccess &&   //Hard blacklist
                        mbi.Protect != ProcessExtensions.MemoryProtection.ZeroAccess && //Hard blacklist
                        (mbi.Protect | ProtectMode) == ProtectMode)
                    {
                        var name = ProcessExtensions.GetMappedFileNameW(_p.Handle, mbi.BaseAddress);
                        if (string.IsNullOrWhiteSpace(name) || !IsPathBlacklisted(name))
                        {
                            if (string.IsNullOrWhiteSpace(name))
                            {
                                name = "UNKNOWN";
                            }
                            var filters = S.GET <StubForm>().tbFilterText.Text.Split('\n').Select(x => x.Trim()).ToArray();
                            if (!UseFiltering || filters.Any(x => name.ToUpper().Contains(x.ToUpper())))
                            {
                                Console.WriteLine($"Adding mbi {name.Split('\\').Last()}  {mbi.Protect} | {ProtectMode}");
                                ProcessMemoryDomain pmd = new ProcessMemoryDomain(_p, mbi.BaseAddress, (long)mbi.RegionSize);
                                interfaces.Add(new MemoryDomainProxy(pmd));
                            }
                        }
                    }
                    minAddr_l += (long)mbi.RegionSize;
                    minAddr    = (IntPtr)minAddr_l;
                }

                Console.WriteLine("Done adding domains");
                Thread.Sleep(1000);
                return(interfaces.ToArray());
            }
            catch (Exception ex)
            {
                if (VanguardCore.ShowErrorDialog(ex, true) == DialogResult.Abort)
                {
                    throw new RTCV.NetCore.AbortEverythingException();
                }

                return(Array.Empty <MemoryDomainProxy>());
            }
        }