internal ManagedProcess(Process process)
{
Process = process;
EnableDebuggerPrivileges();
IsWow64 = IsWow64Process();
Assembler = new Assembler(IsWow64);
MemoryManager = new MemoryManager(Process.SafeHandle);
Peb = new ManagedPeb(IsWow64, MemoryManager, Process.SafeHandle);
Modules = GetModules();
PdbFile = new Lazy <PdbFile>(() => new PdbFile(Modules.Find(module => module.Name.Equals("ntdll.dll", StringComparison.OrdinalIgnoreCase)), IsWow64));
}
/// <summary>
/// Initializes a new instance of the <see cref="MemorySharp"/> class.
/// </summary>
/// <param name="process">Process to open.</param>
public MemorySharp(Process process)
{
// Save the reference of the process
Native = process;
// Open the process with all rights
Handle = MemoryCore.OpenProcess(ProcessAccessFlags.AllAccess, process.Id);
// Initialize the PEB
Peb = new ManagedPeb(this, ManagedPeb.FindPeb(Handle));
// Create instances of the factories
Factories = new List <IFactory>();
Factories.AddRange(
new IFactory[] {
Assembly = new AssemblyFactory(this),
Memory = new MemoryFactory(this),
Modules = new ModuleFactory(this),
Threads = new ThreadFactory(this),
Windows = new WindowFactory(this)
});
}
/// <summary>
/// Gets the address(es) of the heap in the target process.
/// </summary>
/// <returns>The heap addresses in the target process.</returns>
public IEnumerable <NormalizedRegion> GetHeapAddresses(Process process)
{
ManagedPeb peb = new ManagedPeb(process == null ? IntPtr.Zero : process.Handle);
throw new NotImplementedException();
}
/// <summary>
/// Gets the address(es) of the heap in the target process
/// </summary>
/// <returns>The heap addresses in the target process</returns>
public IEnumerable <NormalizedRegion> GetHeapAddresses()
{
ManagedPeb peb = new ManagedPeb(this.SystemProcess == null ? IntPtr.Zero : this.SystemProcess.Handle);
return(null);
}