-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathSelectMem.cpp
127 lines (99 loc) · 3 KB
/
SelectMem.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#include "SelectMem.h"
#include <string>
#include <vector>
#include <gcroot.h>
#include <xlib.h>
using namespace std;
using namespace SignatureMatcher;
extern bool g_img_code;
extern bool g_img_vm;
System::Void SelectMem::SelectMem_Load(System::Object^ sender, System::EventArgs^ e)
{
UNREFERENCED_PARAMETER(sender);
UNREFERENCED_PARAMETER(e);
xmsg msg;
if(g_img_vm)
{
ModuleSnap ms;
for(auto m : ms)
{
int index = DGV_mem->Rows->Add();
msg.clear();
msg << (void*)m.modBaseAddr;
DGV_mem->Rows[index]->Cells[0]->Value = gcnew System::String(msg.c_str());
const pe tmppe(m.hModule);
const xblk blk(g_img_code ? tmppe.GetImage() : tmppe.GetCode());
msg.clear();
msg << blk.end();
DGV_mem->Rows[index]->Cells[1]->Value = gcnew System::String(msg.c_str());
DGV_mem->Rows[index]->Cells[2]->Value = gcnew System::String(m.szExePath);
}
}
else
{
vector<xblk> vblk;
MEMORY_BASIC_INFORMATION mbi;
void* mem = nullptr;
bool ignore = true;
size_t size = 0;
for(void* lp = 0;
(VirtualQueryEx(GetCurrentProcess(), lp, &mbi, sizeof(mbi)) == sizeof(MEMORY_BASIC_INFORMATION));
lp = (void*)((size_t)lp + mbi.RegionSize), size += mbi.RegionSize
)
{
void* const nowmem = (mbi.State & MEM_FREE) ? mbi.BaseAddress : mbi.AllocationBase;
if(mem != nowmem)
{
if(!ignore)
{
vblk.push_back(xblk(mem, size));
}
mem = nowmem;
size = 0;
}
ignore = false;
if(!(mbi.State & (MEM_COMMIT | MEM_RESERVE)))
{
ignore = true;
continue;
}
}
char modname[MAX_PATH];
for(auto blk : vblk)
{
int index = DGV_mem->Rows->Add();
msg.clear();
msg << (void*)blk.start();
DGV_mem->Rows[index]->Cells[0]->Value = gcnew System::String(msg.c_str());
msg.clear();
msg << blk.end();
DGV_mem->Rows[index]->Cells[1]->Value = gcnew System::String(msg.c_str());
modname[0] = '\0';
HMODULE hmod = nullptr;
if(GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS,
(LPCWSTR)blk.start(), &hmod))
{
GetModuleFileNameA(hmod, (LPSTR)&modname, sizeof(modname));
DGV_mem->Rows[index]->Cells[2]->Value = gcnew System::String(modname);
}
}
}
}
System::Void SelectMem::DGV_mem_DoubleClick(System::Object^ sender, System::EventArgs^ e)
{
UNREFERENCED_PARAMETER(sender);
UNREFERENCED_PARAMETER(e);
this->DialogResult = ::DialogResult::OK;
Close();
}
System::Void SelectMem::DGV_mem_KeyDown(System::Object^ sender, System::Windows::Forms::KeyEventArgs^ e)
{
UNREFERENCED_PARAMETER(sender);
UNREFERENCED_PARAMETER(e);
if(e->KeyData == Keys::Enter)
{
e->Handled = true;
this->DialogResult = ::DialogResult::OK;
Close();
}
}