public void UpdateContext() { bool Result = NativeMethods.GetThreadContext(Handle, ref ContextCache); if (!Result) { return; } uint ebp = ContextCache.ebp; CallstackCache = new DebuggerCallstack(); CallstackCache.AddFrame(new DebuggerStackFrame(new IntPtr(ContextCache.eip), new IntPtr(ebp), new IntPtr(ContextCache.esp))); uint ReturnAddr = 0; do { if (!OwningProcess.ReadMemory(new IntPtr(ebp + 4), ref ReturnAddr)) { break; } if (!OwningProcess.ReadMemory(new IntPtr(ebp), ref ebp)) { break; } if (ebp == 0 || ReturnAddr == ebp) { break; } CallstackCache.AddFrame(new DebuggerStackFrame(new IntPtr(ReturnAddr), new IntPtr(ebp))); }while (CallstackCache.CanCollect); }
public void UpdateContext() { bool Result = NativeMethods.GetThreadContext(Handle, ref ContextCache); if (!Result) { return; } uint ebp = ContextCache.ebp; CallstackCache = new DebuggerCallstack(); CallstackCache.AddFrame(new DebuggerStackFrame(ContextCache)); // Walk the stack to find the return address of the previous call // This only works for specific calling conventions uint ReturnAddr = 0; do { try { if (!OwningProcess.ReadMemory(new IntPtr(ebp + 4), ref ReturnAddr)) { break; } if (!OwningProcess.ReadMemory(new IntPtr(ebp), ref ebp)) { break; } if (ebp == 0 || ReturnAddr == ebp) { break; } CallstackCache.AddFrame(new DebuggerStackFrame(ReturnAddr, ebp)); } catch { break; } }while (CallstackCache.CanCollect); }
async void UpdateIPSessions() { try { while (!cts.IsCancellationRequested) { Kernel32.GetDeviceNameMap(); listView1.BeginUpdate(); sessions = Iphlpapi.GetIPSessions(); IPAddress ipAddress; // add/update items foreach (Iphlpapi.IPSession session in sessions) { // get process info string filePath = Psapi.GetProcessFileName(session.OwningPid); int imageIndex = 0; if (processList.ContainsKey(session.OwningPid)) { imageIndex = processList[session.OwningPid].ImageListIndex; } else if (processList.Where(i => i.Value.Path == filePath).Count() > 0) { OwningProcess owningProcess = processList.Where(i => i.Value.Path == filePath).First().Value; processList.TryAdd(session.OwningPid, owningProcess); imageIndex = owningProcess.ImageListIndex; } else { System.Drawing.Icon icon = null; if (filePath != "") icon = System.Drawing.Icon.ExtractAssociatedIcon(filePath); if (icon != null) { imageList1.Images.Add(icon); imageIndex = imageList1.Images.Count - 1; OwningProcess owningProcess = new OwningProcess(); owningProcess.Path = filePath; owningProcess.ImageListIndex = imageIndex; processList.TryAdd(session.OwningPid, owningProcess); } } // add process in TV if (!treeView1.Nodes[0].Nodes.ContainsKey(Path.GetFileName(filePath) + " (" + session.OwningPid + ")")) treeView1.Nodes[0].Nodes.Add(Path.GetFileName(filePath) + " (" + session.OwningPid + ")", Path.GetFileName(filePath) + " (" + session.OwningPid + ")", imageIndex, imageIndex).Parent.Expand(); // filter if (session.SocketID.LocalEP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork && comboBox1.SelectedIndex == 1 || session.SocketID.LocalEP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6 && comboBox1.SelectedIndex == 0) continue; if (treeView1.SelectedNode != null && treeView1.SelectedNode.Parent != null) if (session.OwningPid != uint.Parse(Regex.Replace(treeView1.SelectedNode.Text, @"^.*\((\d+)\)$", "$1"))) continue; if (filterProtocol.SelectedIndex == 0 && session.SocketID.Protocol != IP.ProtocolFamily.TCP || filterProtocol.SelectedIndex == 1 && session.SocketID.Protocol != IP.ProtocolFamily.UDP) continue; // update existing items bool found = false; foreach (ListViewItem item in listView1.Items) { // find item if (session.SocketID.Equals(item.Tag)) { found = true; item.SubItems[6].Text = session.State; IPEndPoint remoteEP; // resolve IP if (resolveIP.Checked) { if (((IP.SocketID)item.Tag).Protocol == IP.ProtocolFamily.UDP) { if ((remoteEP = UdpDetector.Table.GetRemoteEP(((IP.SocketID)item.Tag).LocalEP)) != null) if (!DnsRescords.ContainsKey(remoteEP.Address)) ResolveIP(remoteEP.Address); else if (DnsRescords[remoteEP.Address] != "") item.SubItems[3].Text = DnsRescords[remoteEP.Address]; } else if (((IP.SocketID)item.Tag).Protocol == IP.ProtocolFamily.TCP) { if (!DnsRescords.ContainsKey(((IP.SocketID)item.Tag).RemoteEP.Address)) ResolveIP(((IP.SocketID)item.Tag).RemoteEP.Address); else if (DnsRescords[((IP.SocketID)item.Tag).RemoteEP.Address] != "") item.SubItems[3].Text = DnsRescords[((IP.SocketID)item.Tag).RemoteEP.Address]; } } else { if (!IPAddress.TryParse(item.SubItems[3].Text, out ipAddress)) item.SubItems[3].Text = ((IP.SocketID)item.Tag).RemoteEP.Address.ToString(); } // update remote UDP EP if (((IP.SocketID)item.Tag).Protocol == IP.ProtocolFamily.UDP && (item.SubItems[3].Text == "0.0.0.0" || item.SubItems[3].Text == "::" || item.SubItems[4].Text == "0") && (remoteEP = UdpDetector.Table.GetRemoteEP(((IP.SocketID)item.Tag).LocalEP)) != null) { item.SubItems[3].Text = remoteEP.Address.ToString(); item.SubItems[4].Text = remoteEP.Port.ToString(); } // update bytes if (getBytes.Checked == true) { ByteCounter.ByteTable.Bytes bytes = ByteCounter.Table.GetBytes((IP.SocketID)item.Tag); if (bytes.Received > 0 || bytes.Sent > 0) { item.SubItems[7].Text = Unit.AutoScale(bytes.Received, "B"); item.SubItems[8].Text = Unit.AutoScale(bytes.Sent, "B"); } else { item.SubItems[7].Text = ""; item.SubItems[8].Text = ""; } } } } if (!found) listView1.Items.Add(new ListViewItem(new string[] { Path.GetFileName(filePath) + " (" + session.OwningPid + ")", session.SocketID.LocalEP.Address.ToString(), session.SocketID.LocalEP.Port.ToString(), session.SocketID.RemoteEP.Address.ToString(), session.SocketID.RemoteEP.Port.ToString(), session.SocketID.Protocol.ToString(), session.State, "", "" }, imageIndex)).Tag = session.SocketID; } // delete items foreach (ListViewItem item in listView1.Items) { if (!sessions.Any((i) => i.SocketID.Equals(item.Tag)) || item.SubItems[1].Text.Contains(':') && comboBox1.SelectedIndex == 0 || !item.SubItems[1].Text.Contains(':') && comboBox1.SelectedIndex == 1 || filterProtocol.SelectedIndex == 0 && item.SubItems[5].Text != "TCP" || filterProtocol.SelectedIndex == 1 && item.SubItems[5].Text != "UDP") { item.Remove(); } else if (treeView1.SelectedNode != null && treeView1.SelectedNode.Parent != null) if (item.SubItems[0].Text != treeView1.SelectedNode.Text) item.Remove(); } foreach (KeyValuePair<uint, OwningProcess> process in processList) if (sessions.Find(i => i.OwningPid == process.Key) == null) { treeView1.Nodes[0].Nodes.RemoveByKey(Path.GetFileName(process.Value.Path) + " (" + process.Key + ")"); OwningProcess value; processList.TryRemove(process.Key, out value); } foreach (ColumnHeader column in listView1.Columns) column.Width = -2; listView1.Sort(); listView1.EndUpdate(); //Unit.Compare("10.5 KB", "10.5 B"); await TaskEx.Delay(1000); } } catch (Exception e) { Global.WriteLog(e.ToString()); } }
async void UpdateIPSessions() { try { while (!cts.IsCancellationRequested) { Kernel32.GetDeviceNameMap(); listView1.BeginUpdate(); sessions = Iphlpapi.GetIPSessions(); IPAddress ipAddress; // add/update items foreach (Iphlpapi.IPSession session in sessions) { // get process info string filePath = ""; int imageIndex = 0; if (processList.ContainsKey(session.OwningPid)) { imageIndex = processList[session.OwningPid].ImageListIndex; filePath = processList[session.OwningPid].Path; } else if (processList.Where(i => i.Value.Path == filePath).Count() > 0) { OwningProcess owningProcess = processList.Where(i => i.Value.Path == filePath).First().Value; processList.TryAdd(session.OwningPid, owningProcess); imageIndex = owningProcess.ImageListIndex; filePath = owningProcess.Path; } else { System.Drawing.Icon icon = null; filePath = Psapi.GetProcessFileName(session.OwningPid); if (filePath != "") { icon = System.Drawing.Icon.ExtractAssociatedIcon(filePath); } if (icon != null) { imageList1.Images.Add(icon); imageIndex = imageList1.Images.Count - 1; OwningProcess owningProcess = new OwningProcess(); owningProcess.Path = filePath; owningProcess.ImageListIndex = imageIndex; processList.TryAdd(session.OwningPid, owningProcess); } } // add process in TV if (!treeView1.Nodes[0].Nodes.ContainsKey(Path.GetFileName(filePath) + " (" + session.OwningPid + ")")) { treeView1.Nodes[0].Nodes.Add(Path.GetFileName(filePath) + " (" + session.OwningPid + ")", Path.GetFileName(filePath) + " (" + session.OwningPid + ")", imageIndex, imageIndex).Parent.Expand(); } // filter if (session.SocketID.LocalEP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork && comboBox1.SelectedIndex == 1 || session.SocketID.LocalEP.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6 && comboBox1.SelectedIndex == 0) { continue; } if (treeView1.SelectedNode != null && treeView1.SelectedNode.Parent != null) { if (session.OwningPid != uint.Parse(Regex.Replace(treeView1.SelectedNode.Text, @"^.*\((\d+)\)$", "$1"))) { continue; } } if (filterProtocol.SelectedIndex == 0 && session.SocketID.Protocol != IP.ProtocolFamily.TCP || filterProtocol.SelectedIndex == 1 && session.SocketID.Protocol != IP.ProtocolFamily.UDP) { continue; } // update existing items bool found = false; foreach (ListViewItem item in listView1.Items) { // find item if (session.SocketID.Equals(item.Tag)) { found = true; item.SubItems[6].Text = session.State; IPEndPoint remoteEP; // resolve IP if (resolveIP.Checked) { if (((IP.SocketID)item.Tag).Protocol == IP.ProtocolFamily.UDP) { if ((remoteEP = UdpDetector.Table.GetRemoteEP(((IP.SocketID)item.Tag).LocalEP)) != null) { if (!DnsRescords.ContainsKey(remoteEP.Address)) { ResolveIP(remoteEP.Address); } else if (DnsRescords[remoteEP.Address] != "") { item.SubItems[3].Text = DnsRescords[remoteEP.Address]; } } } else if (((IP.SocketID)item.Tag).Protocol == IP.ProtocolFamily.TCP) { if (!DnsRescords.ContainsKey(((IP.SocketID)item.Tag).RemoteEP.Address)) { ResolveIP(((IP.SocketID)item.Tag).RemoteEP.Address); } else if (DnsRescords[((IP.SocketID)item.Tag).RemoteEP.Address] != "") { item.SubItems[3].Text = DnsRescords[((IP.SocketID)item.Tag).RemoteEP.Address]; } } } else { if (!IPAddress.TryParse(item.SubItems[3].Text, out ipAddress)) { item.SubItems[3].Text = ((IP.SocketID)item.Tag).RemoteEP.Address.ToString(); } } // update remote UDP EP if (((IP.SocketID)item.Tag).Protocol == IP.ProtocolFamily.UDP && (item.SubItems[3].Text == "0.0.0.0" || item.SubItems[3].Text == "::" || item.SubItems[4].Text == "0") && (remoteEP = UdpDetector.Table.GetRemoteEP(((IP.SocketID)item.Tag).LocalEP)) != null) { item.SubItems[3].Text = remoteEP.Address.ToString(); item.SubItems[4].Text = remoteEP.Port.ToString(); } // update bytes if (getBytes.Checked == true) { ByteCounter.ByteTable.Bytes bytes = ByteCounter.Table.GetBytes((IP.SocketID)item.Tag); if (bytes.Received > 0 || bytes.Sent > 0) { item.SubItems[7].Text = Unit.AutoScale(bytes.Received, "B"); item.SubItems[8].Text = Unit.AutoScale(bytes.Sent, "B"); } else { item.SubItems[7].Text = ""; item.SubItems[8].Text = ""; } } } } if (!found) { listView1.Items.Add(new ListViewItem(new string[] { Path.GetFileName(filePath) + " (" + session.OwningPid + ")", session.SocketID.LocalEP.Address.ToString(), session.SocketID.LocalEP.Port.ToString(), session.SocketID.RemoteEP.Address.ToString(), session.SocketID.RemoteEP.Port.ToString(), session.SocketID.Protocol.ToString(), session.State, "", "" }, imageIndex)).Tag = session.SocketID; } } // delete items foreach (ListViewItem item in listView1.Items) { if (!sessions.Any((i) => i.SocketID.Equals(item.Tag)) || item.SubItems[1].Text.Contains(':') && comboBox1.SelectedIndex == 0 || !item.SubItems[1].Text.Contains(':') && comboBox1.SelectedIndex == 1 || filterProtocol.SelectedIndex == 0 && item.SubItems[5].Text != "TCP" || filterProtocol.SelectedIndex == 1 && item.SubItems[5].Text != "UDP") { item.Remove(); } else if (treeView1.SelectedNode != null && treeView1.SelectedNode.Parent != null) { if (item.SubItems[0].Text != treeView1.SelectedNode.Text) { item.Remove(); } } } foreach (KeyValuePair <uint, OwningProcess> process in processList) { if (sessions.Find(i => i.OwningPid == process.Key) == null) { treeView1.Nodes[0].Nodes.RemoveByKey(Path.GetFileName(process.Value.Path) + " (" + process.Key + ")"); OwningProcess value; processList.TryRemove(process.Key, out value); } } foreach (ColumnHeader column in listView1.Columns) { column.Width = -2; } listView1.Sort(); listView1.EndUpdate(); //Unit.Compare("10.5 KB", "10.5 B"); await TaskEx.Delay(1000); } } catch (Exception e) { Global.WriteLog(e.ToString()); } }