unsafe public IrpArrivedViewModel(int index, string driverName, IrpArrivedInfoBase *info) : base(index, driverName, &info->Header)
{
ProcessId = info->ProcessId;
ThreadId = info->ThreadId;
MajorCode = info->MajorFunction;
switch (MajorCode)
{
case IrpMajorCode.PNP:
MinorCode = ((IrpMinorCodePnp)info->MinorFunction).ToString();
break;
case IrpMajorCode.POWER:
MinorCode = ((IrpMinorCodePower)info->MinorFunction).ToString();
break;
case IrpMajorCode.SYSTEM_CONTROL:
MinorCode = ((IrpMinorCodeWmi)info->MinorFunction).ToString();
break;
}
IrpType = IrpType.Sent;
Icon = "/icons/irp-sent.ico";
DriverObject = info->DriverObject.ToInt64();
DeviceObject = info->DeviceObject.ToInt64();
Irp = info->Irp.ToInt64();
if (ProcessId == 4)
{
ProcessName = "System";
}
else
{
using (var process = OpenProcess(ProcessAccessMask.QueryLimitedInformation, false, ProcessId)) {
if (!process.IsInvalid)
{
int size = _sb.Capacity;
if (QueryFullProcessImageName(process, ImageNameType.Normal, _sb, ref size))
{
ProcessName = Path.GetFileName(_sb.ToString());
}
}
}
}
Details = GetDetails(info);
DataSize = info->DataSize;
if (DataSize > 0)
{
Data = new byte[DataSize];
fixed(byte *p = Data)
{
Buffer.MemoryCopy((byte *)info + info->Header.Size - DataSize, p, DataSize, DataSize);
}
}
Function = MajorCode.ToString() + (MinorCode == null ? null : (" / " + MinorCode));
}
