public static extern uint VirtualQueryEx(IntPtr handle, uint address, out MEMORY_BASIC_INFORMATION info, int size);
private void findUnlistedImageSectorsToolStripMenuItem_Click(object sender, EventArgs e)
{
MEMORY_BASIC_INFORMATION memInfo = new MEMORY_BASIC_INFORMATION();
int mem_size = Marshal.SizeOf(memInfo);
uint currentAddress = 0;
IntPtr hProc = PELoader.OpenProcessHandle(ProcessID);
while(NativeMethods.VirtualQueryEx(hProc, currentAddress, out memInfo, mem_size) != 0)
{
if (FoundModules.Contains(memInfo.AllocationBase))
{
currentAddress += memInfo.RegionSize;
continue;
}
if (memInfo.Protect == 0x1)//memInfo.Type != 0x1000000
{
currentAddress += memInfo.RegionSize;
continue;
}
IMAGE_DOS_HEADER header = PELoader.StructFromMemory<IMAGE_DOS_HEADER>(hProc, memInfo.AllocationBase);
if (!FoundModules.Contains(memInfo.BaseAddress))
{
byte[] buffer = new byte[memInfo.RegionSize];
NativeMethods.ReadProcessMemory(hProc, memInfo.BaseAddress, buffer, buffer.Length, 0);
for (int i = 0; i < buffer.Length - 1; i++)
{
if (buffer[i] == 'M' && buffer[i + 1] == 'Z')
lvModules.Items.Add(new ModuleListViewItem(ProcessID, memInfo.BaseAddress + i));
}
FoundModules.Add(memInfo.BaseAddress);
}
/*
if(header.e_magic[0] == 'M' && header.e_magic[1] == 'Z')
lvModules.Items.Add(new ModuleListViewItem(ProcessID, memInfo.AllocationBase));
FoundModules.Add(memInfo.AllocationBase);
*/
currentAddress += memInfo.RegionSize;//0x1000000
}
PELoader.CloseProcessHandle(hProc);
}