/// <summary>
/// Starts the scan using the current constraints.
/// </summary>
private void StartScan()
{
// Create a constraint manager that includes the current active constraint
ConstraintNode scanConstraints = this.ActiveConstraint.Clone();
if (!scanConstraints.IsValid())
{
Logger.Log(LogLevel.Warn, "Unable to start scan with given constraints");
return;
}
DataType dataType = ScanResultsViewModel.GetInstance().ActiveType;
// Collect values
TrackableTask <Snapshot> valueCollectorTask = ValueCollector.CollectValues(
SnapshotManager.GetSnapshot(Snapshot.SnapshotRetrievalMode.FromActiveSnapshotOrPrefilter, dataType));
TaskTrackerViewModel.GetInstance().TrackTask(valueCollectorTask);
// Perform manual scan on value collection complete
valueCollectorTask.OnCompletedEvent += ((completedValueCollection) =>
{
Snapshot snapshot = valueCollectorTask.Result;
TrackableTask <Snapshot> scanTask = ManualScanner.Scan(
snapshot,
scanConstraints);
TaskTrackerViewModel.GetInstance().TrackTask(scanTask);
SnapshotManager.SaveSnapshot(scanTask.Result);
});
}
private void StartScan(int index, Int64 searchAddress, bool validatingProcess = false)
{
if (index > 0)
{
SnapshotManager.ClearSnapshots();
}
ConstraintNode scanConstraints = new ScanConstraint(ScanConstraint.ConstraintType.Equal, searchAddress, dataType);
TrackableTask <Snapshot> valueCollectorTask = ValueCollector.CollectValues(
SnapshotManager.GetSnapshot(Snapshot.SnapshotRetrievalMode.FromActiveSnapshotOrPrefilter, dataType),
TrackableTask.UniversalIdentifier);
valueCollectorTask.OnCompletedEvent += ((completedValueCollectionTask) =>
{
Snapshot snapshot = valueCollectorTask.Result;
TrackableTask <Snapshot> scanTask = ManualScanner.Scan(
snapshot,
scanConstraints,
TrackableTask.UniversalIdentifier);
SnapshotManager.SaveSnapshot(scanTask.Result);
snapshot = scanTask.Result;
scannedAddresses.Add(new List <Int64>());
if (snapshot != null)
{
for (UInt64 i = 0; i < snapshot.ElementCount; ++i)
{
SnapshotElementIndexer element = snapshot[i];
Object currentValue = element.HasCurrentValue() ? element.LoadCurrentValue() : null;
Object previousValue = element.HasPreviousValue() ? element.LoadPreviousValue() : null;
String moduleName = String.Empty;
UInt64 address = Query.Default.AddressToModule(element.BaseAddress, out moduleName);
PointerItem pointerItem = new PointerItem(baseAddress: address, dataType: dataType, moduleName: moduleName, value: currentValue);
pointerItem.ForceResolveAddress();
scannedAddresses[index].Add(Int64.Parse(pointerItem.AddressSpecifier, NumberStyles.HexNumber, CultureInfo.CurrentCulture));
}
}
int nextIteration = index + 1;
if (nextIteration < addressesToFind.Count)
{
StartScan(nextIteration, addressesToFind[nextIteration], validatingProcess);
}
else
{
SearchLogic(validatingProcess);
}
});
}
/// <summary>
/// Starts the scan using the current constraints.
/// </summary>
private void StartScan()
{
// Create a constraint manager that includes the current active constraint
DataTypeBase dataType = ScanResultsViewModel.GetInstance().ActiveType;
ScanConstraints scanConstraints = new ScanConstraints(dataType, this.ActiveConstraint?.Clone());
if (!scanConstraints.IsValid())
{
Logger.Log(LogLevel.Warn, "Unable to start scan with given constraints");
return;
}
try
{
// Collect values
TrackableTask <Snapshot> valueCollectorTask = ValueCollector.CollectValues(
SessionManager.Session.OpenedProcess,
SessionManager.Session.SnapshotManager.GetActiveSnapshotCreateIfNone(SessionManager.Session.OpenedProcess),
TrackableTask.UniversalIdentifier
);
TaskTrackerViewModel.GetInstance().TrackTask(valueCollectorTask);
// Perform manual scan on value collection complete
valueCollectorTask.OnCompletedEvent += ((completedValueCollectionTask) =>
{
Snapshot snapshot = valueCollectorTask.Result;
TrackableTask <Snapshot> scanTask = ManualScanner.Scan(
snapshot,
scanConstraints,
TrackableTask.UniversalIdentifier);
TaskTrackerViewModel.GetInstance().TrackTask(scanTask);
SessionManager.Session.SnapshotManager.SaveSnapshot(scanTask.Result);
});
}
catch (TaskConflictException)
{
}
}
public Int32 Handle()
{
// If set to 0.0, assume unset and set to 1.0. Otherwise, clamp in bounds.
Intensity = Intensity <= 0.0 ? 1.0 : Math.Clamp(Intensity, 0.0, 1.0);
// Collect values
TrackableTask <Snapshot> valueCollectorTask = ValueCollector.CollectValues(
SessionManager.Session.SnapshotManager.GetActiveSnapshotCreateIfNone(SessionManager.Session.OpenedProcess, DataTypeBase.Int32),
TrackableTask.UniversalIdentifier);
// Recollect values
TrackableTask <Snapshot> valueRecollectorTask = ValueCollector.CollectValues(
valueCollectorTask.Result,
TrackableTask.UniversalIdentifier);
// Scan for any changed values
TrackableTask <Snapshot> scanTask = ManualScanner.Scan(
valueRecollectorTask.Result,
new ScanConstraint(ScanConstraint.ConstraintType.Changed, DataTypeBase.Int32),
TrackableTask.UniversalIdentifier);
Random random = new Random();
// Start overwriting any memory that changed with 0s
foreach (SnapshotRegion region in scanTask.Result.SnapshotRegions)
{
for (Int32 index = 0; index < region.ElementCount; index++)
{
if (random.NextDouble() <= Intensity)
{
MemoryWriter.Instance.Write <Int32>(SessionManager.Session.OpenedProcess, region[index].BaseAddress, 0);
}
}
}
return(0);
}
/// <summary>
/// Performs a pointer scan for a given address.
/// </summary>
/// <param name="address">The address for which to perform a pointer scan.</param>
/// <param name="maxOffset">The maximum pointer offset.</param>
/// <param name="depth">The maximum pointer search depth.</param>
/// <param name="alignment">The pointer scan alignment.</param>
/// <param name="taskIdentifier">The unique identifier to prevent duplicate tasks.</param>
/// <returns>Atrackable task that returns the scan results.</returns>
public static TrackableTask <PointerBag> Scan(Process process, PointerBag previousPointerBag, Boolean readMemory, Boolean performUnchangedScan, String taskIdentifier = null)
{
try
{
TrackableTask <PointerBag> pointerScanTask = TrackableTask <PointerBag> .Create(PointerRebase.Name, taskIdentifier, out UpdateProgress updateProgress, out CancellationToken cancellationToken);
return(pointerScanTask.With(Task <PointerBag> .Run(() =>
{
try
{
cancellationToken.ThrowIfCancellationRequested();
Stopwatch stopwatch = new Stopwatch();
stopwatch.Start();
DataTypeBase pointerDataType = previousPointerBag.PointerSize.ToDataType();
ScanConstraint scanConstraint = new ScanConstraint(ScanConstraint.ConstraintType.Unchanged);
ScanConstraints scanConstraints = new ScanConstraints(pointerDataType, scanConstraint);
IList <Level> oldLevels = previousPointerBag.Levels;
IList <Level> newLevels = new List <Level>();
for (Int32 levelIndex = 0; levelIndex < oldLevels.Count; levelIndex++)
{
Snapshot updatedStaticPointers = oldLevels[levelIndex].StaticPointers;
Snapshot updatedHeapPointers = oldLevels[levelIndex].HeapPointers;
// Step 1) Re-read values of all pointers
if (readMemory)
{
TrackableTask <Snapshot> staticValueCollector = ValueCollector.CollectValues(process, updatedStaticPointers);
// Does not apply to target address
if (levelIndex > 0)
{
TrackableTask <Snapshot> heapValueCollector = ValueCollector.CollectValues(process, updatedHeapPointers);
updatedHeapPointers = heapValueCollector.Result;
}
updatedStaticPointers = staticValueCollector.Result;
}
// Step 2) A neat (optional) trick: Scan for unchanged values to filter out dynamic pointers
if (performUnchangedScan)
{
TrackableTask <Snapshot> staticValueScanner = ManualScanner.Scan(updatedStaticPointers, scanConstraints);
// Does not apply to target address
if (levelIndex > 0)
{
TrackableTask <Snapshot> heapValueScanner = ManualScanner.Scan(updatedHeapPointers, scanConstraints);
updatedHeapPointers = heapValueScanner.Result;
}
updatedStaticPointers = staticValueScanner.Result;
}
Stopwatch levelStopwatch = new Stopwatch();
levelStopwatch.Start();
// Step 3) Rebase heap onto new previous heap
if (levelIndex > 0)
{
IVectorSearchKernel heapSearchKernel = SearchKernelFactory.GetSearchKernel(newLevels.Last().HeapPointers, previousPointerBag.MaxOffset, previousPointerBag.PointerSize);
TrackableTask <Snapshot> heapFilterTask = PointerFilter.Filter(pointerScanTask, updatedHeapPointers, heapSearchKernel, previousPointerBag.PointerSize, newLevels.Last().HeapPointers, previousPointerBag.MaxOffset);
updatedHeapPointers = heapFilterTask.Result;
}
// Step 4) Filter static pointers that still point into the updated heap
IVectorSearchKernel staticSearchKernel = SearchKernelFactory.GetSearchKernel(updatedHeapPointers, previousPointerBag.MaxOffset, previousPointerBag.PointerSize);
TrackableTask <Snapshot> staticFilterTask = PointerFilter.Filter(pointerScanTask, updatedStaticPointers, staticSearchKernel, previousPointerBag.PointerSize, updatedHeapPointers, previousPointerBag.MaxOffset);
updatedStaticPointers = staticFilterTask.Result;
levelStopwatch.Stop();
Logger.Log(LogLevel.Info, "Pointer rebase from level " + (levelIndex) + " => " + (levelIndex + 1) + " completed in: " + levelStopwatch.Elapsed);
newLevels.Add(new Level(updatedHeapPointers, updatedStaticPointers));
}
// Exit if canceled
cancellationToken.ThrowIfCancellationRequested();
PointerBag pointerBag = new PointerBag(newLevels, previousPointerBag.MaxOffset, previousPointerBag.PointerSize);
stopwatch.Stop();
Logger.Log(LogLevel.Info, "Pointer rebase complete in: " + stopwatch.Elapsed);
return pointerBag;
}
catch (OperationCanceledException ex)
{
Logger.Log(LogLevel.Warn, "Pointer rebase canceled", ex);
}
catch (Exception ex)
{
Logger.Log(LogLevel.Error, "Error performing pointer rebase", ex);
}
return null;
}, cancellationToken)));
}
catch (TaskConflictException ex)
{
Logger.Log(LogLevel.Warn, "A pointer scan is already scheduled.");
throw ex;
}
}
public Int32 Handle()
{
DataTypeBase dataType = ScanSettings.DataType;
ScanConstraint.ConstraintType constraintType = ScanConstraint.ConstraintType.Equal;
if (String.IsNullOrWhiteSpace(this.Constraint))
{
// Default to equals
this.Constraint = "e";
}
switch (this.Constraint.ToLower())
{
case "le":
break;
case "l":
break;
case "g":
break;
case "ge":
break;
case "e":
break;
case "c":
break;
case "u":
break;
case "i":
break;
case "d":
break;
default:
Console.WriteLine("Unknown constraint type '" + this.Constraint + "', defaulting to equal");
break;
}
if (!SyntaxChecker.CanParseValue(dataType, this.Value))
{
Console.WriteLine("Failed to parse '" + this.Value + "' as data type " + dataType?.ToString());
return(-1);
}
ScanConstraint scanConstraints = new ScanConstraint(constraintType, dataType, Conversions.ParsePrimitiveStringAsPrimitive(dataType, this.Value));
// Collect values
TrackableTask <Snapshot> valueCollectorTask = ValueCollector.CollectValues(
SessionManager.Session.SnapshotManager.GetActiveSnapshotCreateIfNone(SessionManager.Session.OpenedProcess, dataType),
TrackableTask.UniversalIdentifier);
// Perform manual scan
Snapshot snapshot = valueCollectorTask.Result;
TrackableTask <Snapshot> scanTask = ManualScanner.Scan(
snapshot,
scanConstraints,
TrackableTask.UniversalIdentifier);
SessionManager.Session.SnapshotManager.SaveSnapshot(scanTask.Result);
Console.WriteLine();
return(0);
}
