Inheritance: IMemAwareChecking
AMemoryRunDetector Class Documentation
Exemplo n.º 1
0
 public Vtero(string MemoryDump, AMemoryRunDetector MD) : this(MemoryDump)
 {
     MRD = MD;
 }
Exemplo n.º 2
0
        void DeriveMemoryDescriptors()
        {
            if (ProgressBarz.BaseMessage == null || string.IsNullOrWhiteSpace(ProgressBarz.BaseMessage.ToString()))
                ProgressBarz.BaseMessage = new ConsoleString("Value Scan for memory descriptors in progress");

            AMemoryRunDetector Detected = null;

            if (MemFile.EndsWith(".dmp"))
            {
                Detected = new CrashDump(MemFile);
                Detected.IsSupportedFormat(this);

            } else if (MemFile.EndsWith(".vmem"))
            {
                Detected = new VMWare(MemFile);
                if (Detected.IsSupportedFormat(this))
                    MemFile = Detected.MemFile;
            }

            // try XEN!
            if(Detected == null)
            {
                Detected = new XEN(MemFile);
                if (Detected != null)
                    Detected.IsSupportedFormat(this);
            }

            // if the memory run is defined as 0 count then it's implicitly 1
            if (Detected == null || Detected.PhysMemDesc == null || Detected.PhysMemDesc.NumberOfPages < 1)
            {
                Detected = new BasicRunDetector(MemFile);
                if (Detected != null)
                    Detected.IsSupportedFormat(this);
            }

            if (Vtero.VerboseOutput)
            {
                if (Detected.LogicalPhysMemDesc != null)
                    WriteColor(ConsoleColor.Yellow, $"Windows/Logical Memory Run: {Detected.LogicalPhysMemDesc}" + Environment.NewLine + Environment.NewLine + Environment.NewLine);
                else if (Detected.PhysMemDesc != null)
                    WriteColor(ConsoleColor.Green, $"HW Memory Run: {Detected.PhysMemDesc}" + Environment.NewLine + Environment.NewLine + Environment.NewLine);
            }

            MRD = Detected;
            MemAccess = Mem.InitMem(MemFile, Detected);
        }
Exemplo n.º 3
0
        public static Mem InitMem(String mFile, AMemoryRunDetector Detector, uint[] BitmapArray = null) //: this()
        {
            
            var thiz = new Mem();

            thiz.StartOfMemory = Detector != null ? Detector.StartOfMem : 0;

            if (Detector != null)
            {
                thiz.StartOfMemory = Detector.StartOfMem;
                thiz.MD = Detector;
            }
#if USE_BITMAP
            // maybe there's a bit map we can use from a DMP file
            if (BitmapArray != null)
                pfnTableIdx = new WAHBitArray(WAHBitArray.TYPE.Bitarray, BitmapArray);
            else
                pfnTableIdx = new WAHBitArray();

            // 32bit's of pages should be plenty?
            pfnTableIdx.Length = (int) (MapViewSize / 0x1000);
#endif

            if (File.Exists(mFile))
            {
                thiz.MemoryDump = mFile;
                thiz.FileSize = new FileInfo(mFile).Length;

                if (Detector != null)
                    thiz.MD = Detector;
            }

            thiz.SetupStreams();

            return thiz;
        }