本文整理汇总了C#中ProcessHandle.EnumModules方法的典型用法代码示例。如果您正苦于以下问题:C# ProcessHandle.EnumModules方法的具体用法?C# ProcessHandle.EnumModules怎么用?C# ProcessHandle.EnumModules使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类ProcessHandle的用法示例。
在下文中一共展示了ProcessHandle.EnumModules方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: SandboxieFilter
private bool SandboxieFilter(int pid, ref Color color)
{
try
{
using (var phandle = new ProcessHandle(pid, ProcessAccess.QueryInformation | ProcessAccess.VmRead))
{
bool isSandboxie = false;
phandle.EnumModules((module) =>
{
if (module.BaseName.Equals("SbieDll.dll", StringComparison.InvariantCultureIgnoreCase))
{
isSandboxie = true;
return false;
}
return true;
});
if (isSandboxie)
{
color = Color.Black;
return true;
}
}
}
catch
{ }
return false;
}示例2: DoFilter
private void DoFilter(string strFilter)
{
string lowerFilter = strFilter.ToLower();
// Stop if cancel
if (!CancelRequested)
{
var handles = Windows.GetHandles();
Dictionary<int, ProcessHandle> processHandles = new Dictionary<int, ProcessHandle>();
// Find handles
for (int i = 0; i < handles.Length; i++)
{
// Check for cancellation here too,
// otherwise the user might have to wait for much time
if (CancelRequested) return;
if (i % 20 == 0)
OnMatchProgress(i, handles.Length);
var handle = handles[i];
CompareHandleBestNameWithFilterString(processHandles, handle, lowerFilter);
// test Exception
//if (i > 2000) throw new Exception("test");
}
foreach (ProcessHandle phandle in processHandles.Values)
phandle.Dispose();
// Find DLLs and mapped files
var processes = Windows.GetProcesses();
foreach (var process in processes)
{
try
{
using (var phandle = new ProcessHandle(process.Key,
Program.MinProcessQueryRights | Program.MinProcessReadMemoryRights))
{
phandle.EnumModules((module) =>
{
if (module.FileName.ToLower().Contains(lowerFilter))
this.CallDllMatchListView(process.Key, module);
return true;
});
}
using (var phandle = new ProcessHandle(process.Key,
ProcessAccess.QueryInformation | Program.MinProcessReadMemoryRights))
{
phandle.EnumMemory((region) =>
{
if (region.Type != MemoryType.Mapped)
return true;
string name = phandle.GetMappedFileName(region.BaseAddress);
if (name != null && name.ToLower().Contains(lowerFilter))
this.CallMappedFileMatchListView(process.Key, region.BaseAddress, name);
return true;
});
}
}
catch (Exception ex)
{
Logging.Log(ex);
}
}
OnMatchListView(null);
}
}示例3: EventProperties
public EventProperties(LogEvent even)
{
InitializeComponent();
_event = even;
textSystemCall.Text = MainWindow.SysCallNames.ContainsKey(even.Event.CallNumber) ? MainWindow.SysCallNames[even.Event.CallNumber] : "(unknown)";
textTime.Text = _event.Event.Time.ToString();
textMode.Text = _event.Event.Mode == KProcessorMode.UserMode ? "User-mode" : "Kernel-mode";
for (int i = 0; i < _event.Event.Arguments.Length; i++)
{
ListViewItem item = new ListViewItem();
item.Text = i.ToString();
item.SubItems.Add(new ListViewItem.ListViewSubItem(item, "0x" + _event.Event.Arguments[i].ToString("x")));
if (_event.Arguments[i] != null)
{
string text = "";
SsData data = _event.Arguments[i];
if (data is SsSimple)
{
text = (data as SsSimple).Argument.ToString();
}
else if (data is SsHandle)
{
SsHandle handle = data as SsHandle;
if (!string.IsNullOrEmpty(handle.Name))
text = handle.TypeName + ": " + handle.Name;
else
text = handle.TypeName + ": PID: " + handle.ProcessId.ToString() +
", TID: " + handle.ThreadId.ToString();
}
else if (data is SsUnicodeString)
{
text = (data as SsUnicodeString).String;
}
else if (data is SsObjectAttributes)
{
SsObjectAttributes oa = data as SsObjectAttributes;
text = "";
if (oa.RootDirectory != null)
text = oa.RootDirectory.Name;
if (oa.ObjectName != null)
{
if (!string.IsNullOrEmpty(text))
text = text + "\\" + oa.ObjectName.String;
else
text = oa.ObjectName.String;
}
}
else if (data is SsClientId)
{
text = "PID: " + (data as SsClientId).Original.ProcessId.ToString() +
", TID: " + (data as SsClientId).Original.ThreadId.ToString();
}
item.SubItems.Add(new ListViewItem.ListViewSubItem(item, text));
item.SubItems.Add(new ListViewItem.ListViewSubItem(item, _event.Arguments[i].GetType().Name.Remove(0, 2)));
}
else
{
item.SubItems.Add(new ListViewItem.ListViewSubItem(item, ""));
item.SubItems.Add(new ListViewItem.ListViewSubItem(item, ""));
}
listArguments.Items.Add(item);
}
SymbolProvider.Options = SymbolOptions.DeferredLoads | SymbolOptions.UndName;
try
{
using (var phandle = new ProcessHandle(_event.Event.ProcessId,
ProcessAccess.QueryInformation | ProcessAccess.VmRead))
{
_symbols = new SymbolProvider(phandle);
phandle.EnumModules((module) =>
{
_symbols.LoadModule(module.FileName, module.BaseAddress, module.Size);
return true;
});
Windows.EnumKernelModules((module) =>
{
_symbols.LoadModule(module.FileName, module.BaseAddress);
return true;
});
_symbols.PreloadModules = true;
for (int i = 0; i < _event.Event.StackTrace.Length; i++)
{
var address = _event.Event.StackTrace[i];
string fileName;
IntPtr baseAddress;
//.........这里部分代码省略.........
示例4: DoFilter
private void DoFilter()
{
// Stop if cancel
if (!CancelRequested)
{
var handles = Windows.GetHandles();
Dictionary<int, ProcessHandle> processHandles = new Dictionary<int, ProcessHandle>();
// Find handles
for (int i = 0; i < handles.Length; i++)
{
// Check for cancellation here too,
// otherwise the user might have to wait for much time
if (CancelRequested) return;
if (i % 20 == 0)
OnMatchProgress(i, handles.Length);
var handle = handles[i];
CompareHandleBestNameWithFilter(processHandles, handle);
// test Exception
//if (i > 2000) throw new Exception("test");
}
foreach (ProcessHandle phandle in processHandles.Values)
phandle.Dispose();
// Find DLLs and mapped files
Dictionary<int, SystemProcess> processes = Windows.GetProcesses();
foreach (KeyValuePair<int, SystemProcess> process in processes)
{
try
{
// Modules
using (ProcessHandle phandle = new ProcessHandle(process.Key, Program.MinProcessQueryRights | Program.MinProcessReadMemoryRights))
{
phandle.EnumModules(module =>
{
if (module.FileName.Contains(strFilterLower, StringComparison.OrdinalIgnoreCase))
this.CallDllMatchListView(process.Key, module);
return true;
});
}
// Memory
using (ProcessHandle phandle = new ProcessHandle(process.Key, ProcessAccess.QueryInformation | Program.MinProcessReadMemoryRights))
{
phandle.EnumMemory(region =>
{
if (region.Type != MemoryType.Mapped)
return true;
string name = phandle.GetMappedFileName(region.BaseAddress);
if (!string.IsNullOrEmpty(name) && name.Contains(strFilterLower, StringComparison.OrdinalIgnoreCase))
this.CallMappedFileMatchListView(process.Key, region.BaseAddress, name);
return true;
});
}
// WOW64 Modules
if (OSVersion.Architecture == OSArch.Amd64)
{
using (DebugBuffer buffer = new DebugBuffer())
{
buffer.Query(
process.Key,
RtlQueryProcessDebugFlags.Modules32 |
RtlQueryProcessDebugFlags.NonInvasive
);
buffer.EnumModules(module =>
{
if (module.FileName.Contains(strFilterLower, StringComparison.OrdinalIgnoreCase))
this.CallDllMatchListView(process.Key, module);
return true;
});
}
}
}
catch (Exception ex)
{
Logging.Log(ex);
}
}
OnMatchListView(null);
}
}