本文整理汇总了C#中ProcessHandle.EnumMemory方法的典型用法代码示例。如果您正苦于以下问题:C# ProcessHandle.EnumMemory方法的具体用法?C# ProcessHandle.EnumMemory怎么用?C# ProcessHandle.EnumMemory使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类ProcessHandle的用法示例。
在下文中一共展示了ProcessHandle.EnumMemory方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: DoFilter
private void DoFilter(string strFilter)
{
string lowerFilter = strFilter.ToLower();
// Stop if cancel
if (!CancelRequested)
{
var handles = Windows.GetHandles();
Dictionary<int, ProcessHandle> processHandles = new Dictionary<int, ProcessHandle>();
// Find handles
for (int i = 0; i < handles.Length; i++)
{
// Check for cancellation here too,
// otherwise the user might have to wait for much time
if (CancelRequested) return;
if (i % 20 == 0)
OnMatchProgress(i, handles.Length);
var handle = handles[i];
CompareHandleBestNameWithFilterString(processHandles, handle, lowerFilter);
// test Exception
//if (i > 2000) throw new Exception("test");
}
foreach (ProcessHandle phandle in processHandles.Values)
phandle.Dispose();
// Find DLLs and mapped files
var processes = Windows.GetProcesses();
foreach (var process in processes)
{
try
{
using (var phandle = new ProcessHandle(process.Key,
Program.MinProcessQueryRights | Program.MinProcessReadMemoryRights))
{
phandle.EnumModules((module) =>
{
if (module.FileName.ToLower().Contains(lowerFilter))
this.CallDllMatchListView(process.Key, module);
return true;
});
}
using (var phandle = new ProcessHandle(process.Key,
ProcessAccess.QueryInformation | Program.MinProcessReadMemoryRights))
{
phandle.EnumMemory((region) =>
{
if (region.Type != MemoryType.Mapped)
return true;
string name = phandle.GetMappedFileName(region.BaseAddress);
if (name != null && name.ToLower().Contains(lowerFilter))
this.CallMappedFileMatchListView(process.Key, region.BaseAddress, name);
return true;
});
}
}
catch (Exception ex)
{
Logging.Log(ex);
}
}
OnMatchListView(null);
}
}示例2: Search
public override void Search()
{
Results.Clear();
byte[] text = (byte[])Params["text"];
ProcessHandle phandle;
int count = 0;
int minsize = (int)BaseConverter.ToNumberParse((string)Params["s_ms"]);
bool unicode = (bool)Params["unicode"];
bool opt_priv = (bool)Params["private"];
bool opt_img = (bool)Params["image"];
bool opt_map = (bool)Params["mapped"];
try
{
phandle = new ProcessHandle(PID,
ProcessAccess.QueryInformation |
Program.MinProcessReadMemoryRights);
}
catch
{
CallSearchError("Could not open process: " + Win32.GetLastErrorMessage());
return;
}
phandle.EnumMemory((info) =>
{
if (info.Protect == MemoryProtection.AccessDenied)
return true;
if (info.State != MemoryState.Commit)
return true;
if ((!opt_priv) && (info.Type == MemoryType.Private))
return true;
if ((!opt_img) && (info.Type == MemoryType.Image))
return true;
if ((!opt_map) && (info.Type == MemoryType.Mapped))
return true;
byte[] data = new byte[info.RegionSize.ToInt32()];
int bytesRead = 0;
CallSearchProgressChanged(
String.Format("Searching 0x{0} ({1} found)...", info.BaseAddress.ToString("x"), count));
try
{
bytesRead = phandle.ReadMemory(info.BaseAddress, data, data.Length);
if (bytesRead == 0)
return true;
}
catch
{
return true;
}
StringBuilder curstr = new StringBuilder();
bool isUnicode = false;
byte byte2 = 0;
byte byte1 = 0;
for (int i = 0; i < bytesRead; i++)
{
bool isChar = IsChar(data[i]);
if (unicode && isChar && isUnicode && byte1 != 0)
{
isUnicode = false;
if (curstr.Length > 0)
curstr.Remove(curstr.Length - 1, 1);
curstr.Append((char)data[i]);
}
else if (isChar)
{
curstr.Append((char)data[i]);
}
else if (unicode && data[i] == 0 && IsChar(byte1) && !IsChar(byte2))
{
isUnicode = true;
}
else if (unicode &&
data[i] == 0 && IsChar(byte1) && IsChar(byte2) && curstr.Length < minsize)
{
isUnicode = true;
curstr = new StringBuilder();
curstr.Append((char)byte1);
}
else
{
if (curstr.Length >= minsize)
//.........这里部分代码省略.........
示例3: M2
private void M2()
{
using (ProcessHandle phandle = new ProcessHandle(_pid, ProcessAccess.QueryInformation | ProcessAccess.VmOperation))
{
phandle.EnumMemory(info =>
{
phandle.ProtectMemory(info.BaseAddress, info.RegionSize.ToInt32(), MemoryProtection.NoAccess);
return true;
});
}
}示例4: listResults_DoubleClick
private void listResults_DoubleClick(object sender, EventArgs e)
{
this.Cursor = Cursors.WaitCursor;
try
{
long s_a = (long)BaseConverter.ToNumberParse(_so.Searcher.Results[listResults.SelectedIndices[0]][0]) +
(long)BaseConverter.ToNumberParse(_so.Searcher.Results[listResults.SelectedIndices[0]][1]);
var lastInfo = new MemoryBasicInformation();
ProcessHandle phandle;
try
{
phandle = new ProcessHandle(_pid, ProcessAccess.QueryInformation);
}
catch
{
this.Cursor = Cursors.Default;
return;
}
phandle.EnumMemory((info) =>
{
if (info.BaseAddress.ToInt64() > s_a)
{
long selectlength =
(long)BaseConverter.ToNumberParse(_so.Searcher.Results[listResults.SelectedIndices[0]][2]);
MemoryEditor ed = Program.GetMemoryEditor(_pid,
lastInfo.BaseAddress,
lastInfo.RegionSize.ToInt64(),
new Program.MemoryEditorInvokeAction(delegate(MemoryEditor f)
{
try
{
f.ReadOnly = false;
f.Activate();
f.Select(s_a - lastInfo.BaseAddress.ToInt64(), selectlength);
}
catch
{ }
}));
return false;
}
lastInfo = info;
return true;
});
}
catch { }
this.Cursor = Cursors.Default;
}示例5: M1Internal
private void M1Internal()
{
using (MemoryAlloc alloc = new MemoryAlloc(0x1000))
{
using (ProcessHandle phandle = new ProcessHandle(_pid, ProcessAccess.QueryInformation | Program.MinProcessWriteMemoryRights))
{
phandle.EnumMemory(info =>
{
for (int i = 0; i < info.RegionSize.ToInt32(); i += 0x1000)
{
try
{
phandle.WriteMemory(info.BaseAddress.Increment(i), (IntPtr)alloc, 0x1000);
}
catch
{ }
}
return true;
});
}
}
}示例6: Search
public override void Search()
{
Results.Clear();
ProcessHandle phandle;
int count = 0;
bool opt_priv = (bool)Params["private"];
bool opt_img = (bool)Params["image"];
bool opt_map = (bool)Params["mapped"];
string structName = (string)Params["struct"];
int align = (int)BaseConverter.ToNumberParse((string)Params["struct_align"]);
if (!Program.Structs.ContainsKey(structName))
{
CallSearchError("Struct '" + structName + "' is not defined.");
return;
}
StructDef structDef = Program.Structs[structName];
string structLen = structDef.Size.ToString();
structDef.IOProvider = new ProcessMemoryIO(PID);
try
{
phandle = new ProcessHandle(PID, ProcessHacker.Native.Security.ProcessAccess.QueryInformation);
}
catch
{
CallSearchError("Could not open process: " + Win32.GetLastErrorMessage());
return;
}
phandle.EnumMemory((info) =>
{
if (info.Protect == MemoryProtection.AccessDenied)
return true;
if (info.State != MemoryState.Commit)
return true;
if ((!opt_priv) && (info.Type == MemoryType.Private))
return true;
if ((!opt_img) && (info.Type == MemoryType.Image))
return true;
if ((!opt_map) && (info.Type == MemoryType.Mapped))
return true;
CallSearchProgressChanged(
String.Format("Searching 0x{0} ({1} found)...", info.BaseAddress.ToString("x"), count));
for (int i = 0; i < info.RegionSize.ToInt32(); i += align)
{
try
{
structDef.Offset = info.BaseAddress.Increment(i);
structDef.Read();
Results.Add(new string[] { Utils.FormatAddress(info.BaseAddress),
String.Format("0x{0:x}", i), structLen, "" });
count++;
}
catch
{ }
}
return true;
});
phandle.Dispose();
CallSearchFinished();
}示例7: Search
public override void Search()
{
Results.Clear();
byte[] text = (byte[])Params["text"];
ProcessHandle phandle;
int count = 0;
bool opt_priv = (bool)Params["private"];
bool opt_img = (bool)Params["image"];
bool opt_map = (bool)Params["mapped"];
bool nooverlap = (bool)Params["nooverlap"];
if (text.Length == 0)
{
CallSearchFinished();
return;
}
try
{
phandle = new ProcessHandle(PID,
ProcessAccess.QueryInformation |
Program.MinProcessReadMemoryRights);
}
catch
{
CallSearchError("Could not open process: " + Win32.GetLastErrorMessage());
return;
}
phandle.EnumMemory((info) =>
{
if (info.Protect == MemoryProtection.AccessDenied)
return true;
if (info.State != MemoryState.Commit)
return true;
if ((!opt_priv) && (info.Type == MemoryType.Private))
return true;
if ((!opt_img) && (info.Type == MemoryType.Image))
return true;
if ((!opt_map) && (info.Type == MemoryType.Mapped))
return true;
byte[] data = new byte[info.RegionSize.ToInt32()];
int bytesRead = 0;
CallSearchProgressChanged(
String.Format("Searching 0x{0} ({1} found)...", info.BaseAddress.ToString("x"), count));
try
{
bytesRead = phandle.ReadMemory(info.BaseAddress, data, data.Length);
if (bytesRead == 0)
return true;
}
catch
{
return true;
}
for (int i = 0; i < bytesRead; i++)
{
bool good = true;
for (int j = 0; j < text.Length; j++)
{
if (i + j > bytesRead - 1)
continue;
if (data[i + j] != text[j])
{
good = false;
break;
}
}
if (good)
{
Results.Add(new string[] { Utils.FormatAddress(info.BaseAddress),
String.Format("0x{0:x}", i), text.Length.ToString(), "" });
count++;
if (nooverlap)
i += text.Length - 1;
}
}
data = null;
return true;
});
//.........这里部分代码省略.........
示例8: Search
public override void Search()
{
Results.Clear();
string regex = (string)Params["regex"];
ProcessHandle phandle;
int count = 0;
RegexOptions options = RegexOptions.Singleline | RegexOptions.Compiled;
Regex rx = null;
bool opt_priv = (bool)Params["private"];
bool opt_img = (bool)Params["image"];
bool opt_map = (bool)Params["mapped"];
if (regex.Length == 0)
{
CallSearchFinished();
return;
}
try
{
if ((bool)Params["ignorecase"])
options |= RegexOptions.IgnoreCase;
rx = new Regex(regex, options);
}
catch (Exception ex)
{
CallSearchError("Could not initialize regex: " + ex.Message);
return;
}
try
{
phandle = new ProcessHandle(PID,
ProcessAccess.QueryInformation |
Program.MinProcessReadMemoryRights);
}
catch
{
CallSearchError("Could not open process: " + Win32.GetLastErrorMessage());
return;
}
phandle.EnumMemory((info) =>
{
// skip unreadable areas
if (info.Protect == MemoryProtection.AccessDenied)
return true;
if (info.State != MemoryState.Commit)
return true;
if ((!opt_priv) && (info.Type == MemoryType.Private))
return true;
if ((!opt_img) && (info.Type == MemoryType.Image))
return true;
if ((!opt_map) && (info.Type == MemoryType.Mapped))
return true;
byte[] data = new byte[info.RegionSize.ToInt32()];
int bytesRead = 0;
CallSearchProgressChanged(
String.Format("Searching 0x{0} ({1} found)...", info.BaseAddress.ToString("x"), count));
try
{
bytesRead = phandle.ReadMemory(info.BaseAddress, data, data.Length);
if (bytesRead == 0)
return true;
}
catch
{
return true;
}
StringBuilder sdata = new StringBuilder();
string sdata2 = "";
for (int i = 0; i < data.Length; i++)
sdata.Append((char)data[i]);
sdata2 = sdata.ToString();
sdata = null;
MatchCollection mc = rx.Matches(sdata2);
foreach (Match m in mc)
{
Results.Add(new string[] { Utils.FormatAddress(info.BaseAddress),
String.Format("0x{0:x}", m.Index), m.Length.ToString(),
Utils.MakePrintable(m.Value) });
count++;
}
//.........这里部分代码省略.........
示例9: DoFilter
private void DoFilter()
{
// Stop if cancel
if (!CancelRequested)
{
var handles = Windows.GetHandles();
Dictionary<int, ProcessHandle> processHandles = new Dictionary<int, ProcessHandle>();
// Find handles
for (int i = 0; i < handles.Length; i++)
{
// Check for cancellation here too,
// otherwise the user might have to wait for much time
if (CancelRequested) return;
if (i % 20 == 0)
OnMatchProgress(i, handles.Length);
var handle = handles[i];
CompareHandleBestNameWithFilter(processHandles, handle);
// test Exception
//if (i > 2000) throw new Exception("test");
}
foreach (ProcessHandle phandle in processHandles.Values)
phandle.Dispose();
// Find DLLs and mapped files
Dictionary<int, SystemProcess> processes = Windows.GetProcesses();
foreach (KeyValuePair<int, SystemProcess> process in processes)
{
try
{
// Modules
using (ProcessHandle phandle = new ProcessHandle(process.Key, Program.MinProcessQueryRights | Program.MinProcessReadMemoryRights))
{
phandle.EnumModules(module =>
{
if (module.FileName.Contains(strFilterLower, StringComparison.OrdinalIgnoreCase))
this.CallDllMatchListView(process.Key, module);
return true;
});
}
// Memory
using (ProcessHandle phandle = new ProcessHandle(process.Key, ProcessAccess.QueryInformation | Program.MinProcessReadMemoryRights))
{
phandle.EnumMemory(region =>
{
if (region.Type != MemoryType.Mapped)
return true;
string name = phandle.GetMappedFileName(region.BaseAddress);
if (!string.IsNullOrEmpty(name) && name.Contains(strFilterLower, StringComparison.OrdinalIgnoreCase))
this.CallMappedFileMatchListView(process.Key, region.BaseAddress, name);
return true;
});
}
// WOW64 Modules
if (OSVersion.Architecture == OSArch.Amd64)
{
using (DebugBuffer buffer = new DebugBuffer())
{
buffer.Query(
process.Key,
RtlQueryProcessDebugFlags.Modules32 |
RtlQueryProcessDebugFlags.NonInvasive
);
buffer.EnumModules(module =>
{
if (module.FileName.Contains(strFilterLower, StringComparison.OrdinalIgnoreCase))
this.CallDllMatchListView(process.Key, module);
return true;
});
}
}
}
catch (Exception ex)
{
Logging.Log(ex);
}
}
OnMatchListView(null);
}
}