Пример #1
0
        public static string ReadZeroTerminatedString(this IDebuggeeProcess process, IntPtr address, bool unicode, int maxLength = 0x100)
        {
            // We do not know the size of the string, therefore read the memory in chunks and search for a zero byte.

            const int bufferSize = 256;
            var       encoding   = unicode ? Encoding.ASCII : Encoding.Unicode;
            var       builder    = new StringBuilder();

            IntPtr currentAddress = address;

            byte[] buffer = new byte[bufferSize];
            string lastChunk;
            int    nullIndex;

            do
            {
                process.ReadMemory(currentAddress, buffer, 0, buffer.Length);
                lastChunk = encoding.GetString(buffer);
                nullIndex = lastChunk.IndexOf('\0');
                builder.Append(lastChunk);
                currentAddress += bufferSize;
            } while (nullIndex == -1 && builder.Length < 0x100);

            // If \0 was found, remove everything after this character. Otherwise just return the raw string.
            string rawString = builder.ToString();

            return(nullIndex != -1
                ? rawString.Remove(builder.Length - (lastChunk.Length - nullIndex))
                : rawString);
        }
Пример #2
0
        public static string ReadString(this IDebuggeeProcess process, IntPtr address, int length, bool unicode)
        {
            byte[] data = new byte[length];
            process.ReadMemory(address, data, 0, data.Length);
            var encoding = unicode ? Encoding.ASCII : Encoding.Unicode;

            return(encoding.GetString(data));
        }
Пример #3
0
        public byte[] ReadBytes(int count)
        {
            var buffer = new byte[count];

            _process.ReadMemory((IntPtr)Position, buffer, 0, count);

            // Int3 breakpoints are changes in code and therefore change the memory of a process.
            // To still view the original memory, we need to obtain all breakpoints and revert the
            // changed code in the read memory.

            NegateInt3Breakpoints(count, buffer);

            Position += buffer.Length;
            return(buffer);
        }
Пример #4
0
        private void DumpMemory(IDebuggeeProcess process, ulong address, int rows, X86OperandSize size, Logger logger)
        {
            const int rowSize = 0x10;

            var buffer = new byte[rows * rowSize];

            process.ReadMemory((IntPtr)address, buffer, 0, buffer.Length);

            int stepSize = 0;

            switch (size)
            {
            case X86OperandSize.Byte:
                stepSize = 1;
                break;

            case X86OperandSize.Word:
                stepSize = 2;
                break;

            case X86OperandSize.Dword:
                stepSize = 4;
                break;

            default:
                throw new ArgumentOutOfRangeException(nameof(size));
            }

            for (int row = 0; row < rows; row++)
            {
                logger.Write("{0:X8}:  ", address + (ulong)(row * rowSize));

                var builder = new StringBuilder();
                for (int col = 0; col < rowSize; col += stepSize)
                {
                    if (col % 4 == 0)
                    {
                        logger.Write(" ");
                    }

                    ulong currentValue = 0;
                    switch (size)
                    {
                    case X86OperandSize.Byte:
                        currentValue = buffer[row * rowSize + col];
                        break;

                    case X86OperandSize.Word:
                        currentValue = BitConverter.ToUInt16(buffer, row * rowSize + col);
                        break;

                    case X86OperandSize.Dword:
                        currentValue = BitConverter.ToUInt32(buffer, row * rowSize + col);
                        break;
                    }

                    logger.Write("{0} ", currentValue.ToString("X" + (stepSize * 2)));

                    if (stepSize == 1)
                    {
                        char currentChar = (char)currentValue;
                        builder.Append(char.IsControl(currentChar) ? '.' : currentChar);
                    }
                }

                logger.WriteLine("  " + builder.ToString());
            }
        }