public static List<MyProcessModule> GetProcessModules(LinuxProcess process)
{
Debug.Print("Linux.GetProcessModules");
List<MyProcessModule> mpm = new List<MyProcessModule>();
string txt = File.ReadAllText(process.path + "/maps");
string[] lines = txt.Split('\n');
foreach (string l in lines)
{
MyProcessModule mo = new MyProcessModule();
Debug.Print("{0}", l);
Regex r = new Regex("^([a-f0-9]+)-([a-f0-9]+) +.{4} +[a-f0-9]+ +[0-9:]+ +[0-9]+ +(.+)$");
if (r.IsMatch(l))
{
Match m = r.Match(l);
Debug.Print("-->{0} {1} {2}<--", m.Groups[1].Value, m.Groups[2].Value, m.Groups[3].Value);
mo.BaseAddress = (IntPtr)Convert.ToInt32(m.Groups[1].Value, 16);
mo.ModuleMemorySize = (int)(Convert.ToUInt32(m.Groups[2].Value, 16) - (long)mo.BaseAddress);
mo.ModuleName = Path.GetFileName(m.Groups[3].Value);
}
else
{
mo.ModuleName = "empty";
}
mpm.Add(mo);
}
Debug.Print("{0} Modules found.", mpm.Count);
return mpm;
}
//Umstandsweg dank Microsoft
public static List<MyProcessModule> GetProcessModules(Process process)
{
IntPtr processHandle = process.Handle;
List<MyProcessModule> modules = new List<MyProcessModule>();
IntPtr[] modhHandles = new IntPtr[0];
int lpcbNeeded = 0;
try
{
EnumProcessModulesEx(processHandle, modhHandles, 0, out lpcbNeeded, LIST_MODULES_ALL);
modhHandles = new IntPtr[lpcbNeeded / IntPtr.Size];
EnumProcessModulesEx(processHandle, modhHandles, modhHandles.Length * IntPtr.Size, out lpcbNeeded, LIST_MODULES_ALL);
//Zum Test auf 32 Bit System ...
//EnumProcessModules(processHandle, modhHandles, 0, out lpcbNeeded);
//EnumProcessModules(processHandle, modhHandles, modhHandles.Length * IntPtr.Size, out lpcbNeeded);
}
catch (EntryPointNotFoundException)
{
foreach (ProcessModule m in process.Modules)
{
MyProcessModule pm = new MyProcessModule();
pm.ModuleName = m.ModuleName;
pm.BaseAddress = m.BaseAddress;
pm.ModuleMemorySize = m.ModuleMemorySize;
modules.Add(pm);
}
return modules;
}
for (int i = 0; i < modhHandles.Length; i++)
{
ModuleInfo modi = new ModuleInfo();
StringBuilder modName = new StringBuilder(256);
if (GetModuleFileNameEx(processHandle, modhHandles[i], modName, modName.Capacity) != 0)
if (GetModuleInformation(processHandle, modhHandles[i], out modi, System.Runtime.InteropServices.Marshal.SizeOf(modi)))
{
MyProcessModule pm = new MyProcessModule();
pm.ModuleMemorySize = modi.SizeOfImage;
pm.BaseAddress = modi.BaseOfDll;
string modFileName = Path.GetFileName(modName.ToString());
Debug.Print(modFileName.ToString());
pm.ModuleName = modFileName.ToString();
modules.Add(pm);
}
}
return modules;
}
public static bool connect()
{
uint MaxAddress = 0x7fffffff;
Int64 address = 0;
bool result;
itemEntries = new List<CItemEntry>();
resourceEntries = new List<CResourceEntry>();
string[] processes;
if (!isLinux)
processes = new string[] { "plugin-container", "iexplore", "chrome" }; //plugin-container für Chrome und Firefox ... IE macht wieder sein eigenes Ding
else
processes = new string[] { "plugin-containe", "plugin-container" };
foreach (string pname in processes)
{
List<MyProcess> pList = new List<MyProcess>();
if (!isLinux)
foreach (Process p in Process.GetProcessesByName(pname))
pList.Add(new MyProcess(p));
else
foreach (LinuxProcess p in Linux.GetProcessesByName(pname))
pList.Add(new MyProcess(p));
foreach (MyProcess p in pList)
{
Main = p;
npswf = null;
Debug.Print("Process: {0}", pname);
if (!isLinux)
{
foreach (MyProcessModule mo in GetProcessModules(p.Process))
{
Debug.Print(mo.ModuleName.ToUpper());
if (mo.ModuleName.ToUpper() == "NPSWF32.DLL") //wird von Firefox geladen
{
npswf = mo;
break;
}
if (mo.ModuleName.ToUpper() == "GCSWF32.DLL") //wird von Chrome geladen
{
npswf = mo;
break;
}
if ((mo.ModuleName.ToUpper().Substring(0, 5) == "FLASH") && (mo.ModuleName.ToUpper().Substring(mo.ModuleName.Length - 4, 4) == ".OCX")) //Flash*.ocx ... Internet Explorer ...
{
npswf = mo;
break;
}
}
}
else
{
foreach (MyProcessModule mo in Linux.GetProcessModules(p.LinuxProcess))
{
Debug.Print("Module ...");
Debug.Print(mo.ModuleName.ToUpper());
if (mo.ModuleName.ToUpper() == "LIBFLASHPLAYER.SO")
{
npswf = mo;
int i = 0;
foreach (MyProcessModule mo2 in Linux.GetProcessModules(p.LinuxProcess))
if (mo2.ModuleName.ToUpper() == "LIBFLASHPLAYER.SO")
if (i++ >= 1)
npswf.ModuleMemorySize += mo2.ModuleMemorySize;
break;
}
}
}
Debug.Print("End module list loop");
if (npswf == null) continue; //nix gefunden ... versuche es mit nächstem Prozess
Debug.Print("npswf found ...");
RemoteMemoryStream rms = new RemoteMemoryStream(p.Handle);
Int64 size;
uint br = 0;
address = 0;
MEMORY_BASIC_INFORMATION m = new MEMORY_BASIC_INFORMATION();
do
{
result = VirtualQueryEx(p.Handle, (IntPtr)address, out m, (uint)Marshal.SizeOf(m));
if (!result) break; //am ende angekommen ... wir können aufhören
Debug.Print("Searching in:{0:x} - {1:x} Size: {2:x}", (long)m.BaseAddress, (long)m.BaseAddress + (long)m.RegionSize, m.RegionSize);
size = m.RegionSize.ToInt64();
if (size > Params.maxmemsize)
{
address = m.BaseAddress.ToInt64() + m.RegionSize.ToInt64();
continue;
}
if (size == 0)
{
address = m.BaseAddress.ToInt64() + m.RegionSize.ToInt64();
continue;
}
rms.Seek(m.BaseAddress, SeekOrigin.Begin);
findMainClass(p.Handle, rms, m.BaseAddress.ToInt64(), m.RegionSize.ToInt64());
if (buildingEntries!=null)
{
break;
}
//if ((fClass.Count != 0) && (Main != null) && ((itemEntries.Count > 0) && (!Params.buildingsonly))) break;
address = m.BaseAddress.ToInt64() + m.RegionSize.ToInt64();
} while (address <= MaxAddress);
if ((Main != null) && (itemEntries.Count > 0 && (!Params.buildingsonly))) break;
}
if ((Main != null) && ((itemEntries.Count > 0) && (!Params.buildingsonly))) break;
}
if ((Main == null) || ((itemEntries.Count == 0) && (!Params.buildingsonly)))
{
string errorcode = "";
if (Main == null)
errorcode += "1";
else
errorcode += "0";
if (itemEntries.Count == 0)
errorcode += "1";
else
errorcode += "0";
if (resourceEntries.Count == 0) //kein KO-Kriterium, aber dennoch hilfreich bei der Fehlersuche
errorcode += "1";
else
errorcode += "0";
if (npswf == null)
errorcode += "1";
else
errorcode += "0";
MessageBox.Show("Fehlercode: " + errorcode + "\nDaten konnten nicht abgefangen werden.\nEntweder ist das Spiel noch nicht gestartet, oder die Version dieses Programms ist veraltet!", "", MessageBoxButtons.OK, MessageBoxIcon.Error);
return false;
}
return true;
}