/// <summary>
/// Query memory information for a process.
/// </summary>
/// <param name="process">The process to query.</param>
/// <param name="base_address">The base address.</param>
/// <returns>The memory information for the region.</returns>
/// <exception cref="NtException">Thrown on error.</exception>
public static MemoryInformation QueryMemoryInformation(SafeKernelObjectHandle process, long base_address)
{
MemoryBasicInformation basic_info = new MemoryBasicInformation();
string mapped_image_path = String.Empty;
using (var buffer = new SafeStructureInOutBuffer <MemoryBasicInformation>())
{
IntPtr ret_length;
NtSystemCalls.NtQueryVirtualMemory(process,
new IntPtr(base_address), MemoryInformationClass.MemoryBasicInformation,
buffer, buffer.LengthIntPtr, out ret_length).ToNtException();
basic_info = buffer.Result;
}
if (basic_info.Type == MemoryType.Image || basic_info.Type == MemoryType.Mapped)
{
var name = QuerySectionName(process, base_address, false);
if (name.IsSuccess)
{
mapped_image_path = name.Result;
}
}
return(new MemoryInformation(basic_info, mapped_image_path));
}
/// <summary>
/// Query memory information for a process.
/// </summary>
/// <param name="process">The process to query.</param>
/// <param name="base_address">The base address.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The memory information for the region.</returns>
/// <exception cref="NtException">Thrown on error.</exception>
public static NtResult <MemoryInformation> QueryMemoryInformation(SafeKernelObjectHandle process, long base_address, bool throw_on_error)
{
MemoryBasicInformation basic_info = new MemoryBasicInformation();
string mapped_image_path = string.Empty;
using (var buffer = new SafeStructureInOutBuffer <MemoryBasicInformation>())
{
NtStatus status = NtSystemCalls.NtQueryVirtualMemory(process,
new IntPtr(base_address), MemoryInformationClass.MemoryBasicInformation,
buffer, buffer.LengthIntPtr, out IntPtr ret_length);
if (!status.IsSuccess())
{
return(status.CreateResultFromError <MemoryInformation>(throw_on_error));
}
basic_info = buffer.Result;
}
if (basic_info.Type == MemoryType.Image || basic_info.Type == MemoryType.Mapped)
{
var name = QuerySectionName(process, base_address, false);
if (name.IsSuccess)
{
mapped_image_path = name.Result;
}
}
return(new MemoryInformation(basic_info, mapped_image_path).CreateResult());
}
internal MemoryInformation(MemoryBasicInformation basic_info, string mapped_image_path)
{
BaseAddress = basic_info.BaseAddress.ToInt64();
AllocationBase = basic_info.AllocationBase.ToInt64();
AllocationProtect = basic_info.AllocationProtect;
RegionSize = basic_info.RegionSize.ToInt64();
State = basic_info.State;
Protect = basic_info.Protect;
Type = basic_info.Type;
MappedImagePath = mapped_image_path ?? string.Empty;
}
