static List <COMIPIDEntry> ParseIPIDEntries <T>(SafeProcessHandle process, IntPtr ipid_table, SymbolResolver resolver)
where T : struct, IPIDEntryNativeInterface
{
List <COMIPIDEntry> entries = new List <COMIPIDEntry>();
PageAllocator palloc = new PageAllocator(process, ipid_table);
if (palloc.Pages.Length == 0 || palloc.EntrySize < Marshal.SizeOf(typeof(T)))
{
return(entries);
}
foreach (IntPtr page in palloc.Pages)
{
using (var buf = process.ReadBuffer(page, palloc.EntriesPerPage * palloc.EntrySize))
{
if (buf == null)
{
continue;
}
for (int entry_index = 0; entry_index < palloc.EntriesPerPage; ++entry_index)
{
IPIDEntryNativeInterface ipid_entry = buf.Read <T>((ulong)(entry_index * palloc.EntrySize));
if ((ipid_entry.Flags != 0xF1EEF1EE) && (ipid_entry.Flags != 0))
{
entries.Add(new COMIPIDEntry(ipid_entry, process, resolver));
}
}
}
}
return(entries);
}
private static SafeBuffer ReadSid(SafeProcessHandle process, IntPtr address)
{
SidHeader header = process.ReadStruct <SidHeader>(address);
if (header.Revision != 1)
{
return(SafeHGlobalBuffer.Null);
}
return(process.ReadBuffer(address, 8 + header.RidCount * 4));
}
private static SafeBuffer ReadAcl(SafeProcessHandle process, IntPtr address)
{
AclHeader header = process.ReadStruct <AclHeader>(address);
if (header.AclRevision > 4)
{
return(SafeHGlobalBuffer.Null);
}
if (header.AclSize < Marshal.SizeOf(typeof(AclHeader)))
{
return(SafeHGlobalBuffer.Null);
}
return(process.ReadBuffer(address, header.AclSize));
}
