public void UpdateContext()
{
bool Result = NativeMethods.GetThreadContext(Handle, ref ContextCache);
if (!Result)
{
return;
}
uint ebp = ContextCache.ebp;
CallstackCache = new DebuggerCallstack();
CallstackCache.AddFrame(new DebuggerStackFrame(new IntPtr(ContextCache.eip), new IntPtr(ebp), new IntPtr(ContextCache.esp)));
uint ReturnAddr = 0;
do
{
if (!OwningProcess.ReadMemory(new IntPtr(ebp + 4), ref ReturnAddr))
{
break;
}
if (!OwningProcess.ReadMemory(new IntPtr(ebp), ref ebp))
{
break;
}
if (ebp == 0 || ReturnAddr == ebp)
{
break;
}
CallstackCache.AddFrame(new DebuggerStackFrame(new IntPtr(ReturnAddr), new IntPtr(ebp)));
}while (CallstackCache.CanCollect);
}
public void UpdateContext()
{
bool Result = NativeMethods.GetThreadContext(Handle, ref ContextCache);
if (!Result)
{
return;
}
uint ebp = ContextCache.ebp;
CallstackCache = new DebuggerCallstack();
CallstackCache.AddFrame(new DebuggerStackFrame(ContextCache));
// Walk the stack to find the return address of the previous call
// This only works for specific calling conventions
uint ReturnAddr = 0;
do
{
try
{
if (!OwningProcess.ReadMemory(new IntPtr(ebp + 4), ref ReturnAddr))
{
break;
}
if (!OwningProcess.ReadMemory(new IntPtr(ebp), ref ebp))
{
break;
}
if (ebp == 0 || ReturnAddr == ebp)
{
break;
}
CallstackCache.AddFrame(new DebuggerStackFrame(ReturnAddr, ebp));
}
catch
{
break;
}
}while (CallstackCache.CanCollect);
}
async void UpdateIPSessions()
{
try
{
while (!cts.IsCancellationRequested)
{
Kernel32.GetDeviceNameMap();
listView1.BeginUpdate();
sessions = Iphlpapi.GetIPSessions();
IPAddress ipAddress;
// add/update items
foreach (Iphlpapi.IPSession session in sessions)
{
// get process info
string filePath = Psapi.GetProcessFileName(session.OwningPid);
int imageIndex = 0;
if (processList.ContainsKey(session.OwningPid))
{
imageIndex = processList[session.OwningPid].ImageListIndex;
}
else if (processList.Where(i => i.Value.Path == filePath).Count() > 0)
{
OwningProcess owningProcess = processList.Where(i => i.Value.Path == filePath).First().Value;
processList.TryAdd(session.OwningPid, owningProcess);
imageIndex = owningProcess.ImageListIndex;
}
else
{
System.Drawing.Icon icon = null;
if (filePath != "")
icon = System.Drawing.Icon.ExtractAssociatedIcon(filePath);
if (icon != null)
{
imageList1.Images.Add(icon);
imageIndex = imageList1.Images.Count - 1;
OwningProcess owningProcess = new OwningProcess();
owningProcess.Path = filePath;
owningProcess.ImageListIndex = imageIndex;
processList.TryAdd(session.OwningPid, owningProcess);
}
}
// add process in TV
if (!treeView1.Nodes[0].Nodes.ContainsKey(Path.GetFileName(filePath) + " (" + session.OwningPid + ")"))
treeView1.Nodes[0].Nodes.Add(Path.GetFileName(filePath) + " (" + session.OwningPid + ")",
Path.GetFileName(filePath) + " (" + session.OwningPid + ")", imageIndex, imageIndex).Parent.Expand();
// filter
if (session.SocketID.LocalEP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork && comboBox1.SelectedIndex == 1 ||
session.SocketID.LocalEP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6 && comboBox1.SelectedIndex == 0)
continue;
if (treeView1.SelectedNode != null &&
treeView1.SelectedNode.Parent != null)
if (session.OwningPid != uint.Parse(Regex.Replace(treeView1.SelectedNode.Text, @"^.*\((\d+)\)$", "$1")))
continue;
if (filterProtocol.SelectedIndex == 0 && session.SocketID.Protocol != IP.ProtocolFamily.TCP ||
filterProtocol.SelectedIndex == 1 && session.SocketID.Protocol != IP.ProtocolFamily.UDP)
continue;
// update existing items
bool found = false;
foreach (ListViewItem item in listView1.Items)
{
// find item
if (session.SocketID.Equals(item.Tag))
{
found = true;
item.SubItems[6].Text = session.State;
IPEndPoint remoteEP;
// resolve IP
if (resolveIP.Checked)
{
if (((IP.SocketID)item.Tag).Protocol == IP.ProtocolFamily.UDP)
{
if ((remoteEP = UdpDetector.Table.GetRemoteEP(((IP.SocketID)item.Tag).LocalEP)) != null)
if (!DnsRescords.ContainsKey(remoteEP.Address))
ResolveIP(remoteEP.Address);
else if (DnsRescords[remoteEP.Address] != "")
item.SubItems[3].Text = DnsRescords[remoteEP.Address];
}
else if (((IP.SocketID)item.Tag).Protocol == IP.ProtocolFamily.TCP)
{
if (!DnsRescords.ContainsKey(((IP.SocketID)item.Tag).RemoteEP.Address))
ResolveIP(((IP.SocketID)item.Tag).RemoteEP.Address);
else if (DnsRescords[((IP.SocketID)item.Tag).RemoteEP.Address] != "")
item.SubItems[3].Text = DnsRescords[((IP.SocketID)item.Tag).RemoteEP.Address];
}
}
else
{
if (!IPAddress.TryParse(item.SubItems[3].Text, out ipAddress))
item.SubItems[3].Text = ((IP.SocketID)item.Tag).RemoteEP.Address.ToString();
}
// update remote UDP EP
if (((IP.SocketID)item.Tag).Protocol == IP.ProtocolFamily.UDP &&
(item.SubItems[3].Text == "0.0.0.0" || item.SubItems[3].Text == "::" ||
item.SubItems[4].Text == "0") &&
(remoteEP = UdpDetector.Table.GetRemoteEP(((IP.SocketID)item.Tag).LocalEP)) != null)
{
item.SubItems[3].Text = remoteEP.Address.ToString();
item.SubItems[4].Text = remoteEP.Port.ToString();
}
// update bytes
if (getBytes.Checked == true)
{
ByteCounter.ByteTable.Bytes bytes = ByteCounter.Table.GetBytes((IP.SocketID)item.Tag);
if (bytes.Received > 0 || bytes.Sent > 0)
{
item.SubItems[7].Text = Unit.AutoScale(bytes.Received, "B");
item.SubItems[8].Text = Unit.AutoScale(bytes.Sent, "B");
}
else
{
item.SubItems[7].Text = "";
item.SubItems[8].Text = "";
}
}
}
}
if (!found)
listView1.Items.Add(new ListViewItem(new string[] {
Path.GetFileName(filePath) + " (" + session.OwningPid + ")",
session.SocketID.LocalEP.Address.ToString(),
session.SocketID.LocalEP.Port.ToString(),
session.SocketID.RemoteEP.Address.ToString(),
session.SocketID.RemoteEP.Port.ToString(),
session.SocketID.Protocol.ToString(),
session.State,
"", "" }, imageIndex)).Tag = session.SocketID;
}
// delete items
foreach (ListViewItem item in listView1.Items)
{
if (!sessions.Any((i) => i.SocketID.Equals(item.Tag)) ||
item.SubItems[1].Text.Contains(':') && comboBox1.SelectedIndex == 0 ||
!item.SubItems[1].Text.Contains(':') && comboBox1.SelectedIndex == 1 ||
filterProtocol.SelectedIndex == 0 && item.SubItems[5].Text != "TCP" ||
filterProtocol.SelectedIndex == 1 && item.SubItems[5].Text != "UDP")
{
item.Remove();
}
else if (treeView1.SelectedNode != null &&
treeView1.SelectedNode.Parent != null)
if (item.SubItems[0].Text != treeView1.SelectedNode.Text)
item.Remove();
}
foreach (KeyValuePair<uint, OwningProcess> process in processList)
if (sessions.Find(i => i.OwningPid == process.Key) == null)
{
treeView1.Nodes[0].Nodes.RemoveByKey(Path.GetFileName(process.Value.Path) + " (" + process.Key + ")");
OwningProcess value;
processList.TryRemove(process.Key, out value);
}
foreach (ColumnHeader column in listView1.Columns)
column.Width = -2;
listView1.Sort();
listView1.EndUpdate();
//Unit.Compare("10.5 KB", "10.5 B");
await TaskEx.Delay(1000);
}
}
catch (Exception e) { Global.WriteLog(e.ToString()); }
}
async void UpdateIPSessions()
{
try
{
while (!cts.IsCancellationRequested)
{
Kernel32.GetDeviceNameMap();
listView1.BeginUpdate();
sessions = Iphlpapi.GetIPSessions();
IPAddress ipAddress;
// add/update items
foreach (Iphlpapi.IPSession session in sessions)
{
// get process info
string filePath = "";
int imageIndex = 0;
if (processList.ContainsKey(session.OwningPid))
{
imageIndex = processList[session.OwningPid].ImageListIndex;
filePath = processList[session.OwningPid].Path;
}
else if (processList.Where(i => i.Value.Path == filePath).Count() > 0)
{
OwningProcess owningProcess = processList.Where(i => i.Value.Path == filePath).First().Value;
processList.TryAdd(session.OwningPid, owningProcess);
imageIndex = owningProcess.ImageListIndex;
filePath = owningProcess.Path;
}
else
{
System.Drawing.Icon icon = null;
filePath = Psapi.GetProcessFileName(session.OwningPid);
if (filePath != "")
{
icon = System.Drawing.Icon.ExtractAssociatedIcon(filePath);
}
if (icon != null)
{
imageList1.Images.Add(icon);
imageIndex = imageList1.Images.Count - 1;
OwningProcess owningProcess = new OwningProcess();
owningProcess.Path = filePath;
owningProcess.ImageListIndex = imageIndex;
processList.TryAdd(session.OwningPid, owningProcess);
}
}
// add process in TV
if (!treeView1.Nodes[0].Nodes.ContainsKey(Path.GetFileName(filePath) + " (" + session.OwningPid + ")"))
{
treeView1.Nodes[0].Nodes.Add(Path.GetFileName(filePath) + " (" + session.OwningPid + ")",
Path.GetFileName(filePath) + " (" + session.OwningPid + ")", imageIndex, imageIndex).Parent.Expand();
}
// filter
if (session.SocketID.LocalEP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork && comboBox1.SelectedIndex == 1 ||
session.SocketID.LocalEP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6 && comboBox1.SelectedIndex == 0)
{
continue;
}
if (treeView1.SelectedNode != null &&
treeView1.SelectedNode.Parent != null)
{
if (session.OwningPid != uint.Parse(Regex.Replace(treeView1.SelectedNode.Text, @"^.*\((\d+)\)$", "$1")))
{
continue;
}
}
if (filterProtocol.SelectedIndex == 0 && session.SocketID.Protocol != IP.ProtocolFamily.TCP ||
filterProtocol.SelectedIndex == 1 && session.SocketID.Protocol != IP.ProtocolFamily.UDP)
{
continue;
}
// update existing items
bool found = false;
foreach (ListViewItem item in listView1.Items)
{
// find item
if (session.SocketID.Equals(item.Tag))
{
found = true;
item.SubItems[6].Text = session.State;
IPEndPoint remoteEP;
// resolve IP
if (resolveIP.Checked)
{
if (((IP.SocketID)item.Tag).Protocol == IP.ProtocolFamily.UDP)
{
if ((remoteEP = UdpDetector.Table.GetRemoteEP(((IP.SocketID)item.Tag).LocalEP)) != null)
{
if (!DnsRescords.ContainsKey(remoteEP.Address))
{
ResolveIP(remoteEP.Address);
}
else if (DnsRescords[remoteEP.Address] != "")
{
item.SubItems[3].Text = DnsRescords[remoteEP.Address];
}
}
}
else if (((IP.SocketID)item.Tag).Protocol == IP.ProtocolFamily.TCP)
{
if (!DnsRescords.ContainsKey(((IP.SocketID)item.Tag).RemoteEP.Address))
{
ResolveIP(((IP.SocketID)item.Tag).RemoteEP.Address);
}
else if (DnsRescords[((IP.SocketID)item.Tag).RemoteEP.Address] != "")
{
item.SubItems[3].Text = DnsRescords[((IP.SocketID)item.Tag).RemoteEP.Address];
}
}
}
else
{
if (!IPAddress.TryParse(item.SubItems[3].Text, out ipAddress))
{
item.SubItems[3].Text = ((IP.SocketID)item.Tag).RemoteEP.Address.ToString();
}
}
// update remote UDP EP
if (((IP.SocketID)item.Tag).Protocol == IP.ProtocolFamily.UDP &&
(item.SubItems[3].Text == "0.0.0.0" || item.SubItems[3].Text == "::" ||
item.SubItems[4].Text == "0") &&
(remoteEP = UdpDetector.Table.GetRemoteEP(((IP.SocketID)item.Tag).LocalEP)) != null)
{
item.SubItems[3].Text = remoteEP.Address.ToString();
item.SubItems[4].Text = remoteEP.Port.ToString();
}
// update bytes
if (getBytes.Checked == true)
{
ByteCounter.ByteTable.Bytes bytes = ByteCounter.Table.GetBytes((IP.SocketID)item.Tag);
if (bytes.Received > 0 || bytes.Sent > 0)
{
item.SubItems[7].Text = Unit.AutoScale(bytes.Received, "B");
item.SubItems[8].Text = Unit.AutoScale(bytes.Sent, "B");
}
else
{
item.SubItems[7].Text = "";
item.SubItems[8].Text = "";
}
}
}
}
if (!found)
{
listView1.Items.Add(new ListViewItem(new string[] {
Path.GetFileName(filePath) + " (" + session.OwningPid + ")",
session.SocketID.LocalEP.Address.ToString(),
session.SocketID.LocalEP.Port.ToString(),
session.SocketID.RemoteEP.Address.ToString(),
session.SocketID.RemoteEP.Port.ToString(),
session.SocketID.Protocol.ToString(),
session.State,
"", ""
}, imageIndex)).Tag = session.SocketID;
}
}
// delete items
foreach (ListViewItem item in listView1.Items)
{
if (!sessions.Any((i) => i.SocketID.Equals(item.Tag)) ||
item.SubItems[1].Text.Contains(':') && comboBox1.SelectedIndex == 0 ||
!item.SubItems[1].Text.Contains(':') && comboBox1.SelectedIndex == 1 ||
filterProtocol.SelectedIndex == 0 && item.SubItems[5].Text != "TCP" ||
filterProtocol.SelectedIndex == 1 && item.SubItems[5].Text != "UDP")
{
item.Remove();
}
else if (treeView1.SelectedNode != null &&
treeView1.SelectedNode.Parent != null)
{
if (item.SubItems[0].Text != treeView1.SelectedNode.Text)
{
item.Remove();
}
}
}
foreach (KeyValuePair <uint, OwningProcess> process in processList)
{
if (sessions.Find(i => i.OwningPid == process.Key) == null)
{
treeView1.Nodes[0].Nodes.RemoveByKey(Path.GetFileName(process.Value.Path) + " (" + process.Key + ")");
OwningProcess value;
processList.TryRemove(process.Key, out value);
}
}
foreach (ColumnHeader column in listView1.Columns)
{
column.Width = -2;
}
listView1.Sort();
listView1.EndUpdate();
//Unit.Compare("10.5 KB", "10.5 B");
await TaskEx.Delay(1000);
}
}
catch (Exception e) { Global.WriteLog(e.ToString()); }
}
