RomCheater/Docking/FloatingRamDumperDialog.cs

#region Logging Defines
// include this any class or method that required logging, and comment-out what is not needed

#region Enabled logging levels
#define LOGGING_ENABLE_INFO
#define LOGGING_ENABLE_WARN
#define LOGGING_ENABLE_DEBUG
#define LOGGING_ENABLE_VERBOSEDEBUG
#define LOGGING_ENABLE_ERROR
#define LOGGING_ENABLE_VERBOSEERROR
#define LOGGING_ENABLE_PROFILER
#endregion
#endregion
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using WeifenLuo.WinFormsUI.Docking;
using RomCheater.PluginFramework.Interfaces;
using System.Diagnostics;
using System.IO;
using RomCheater.Logging;
using System.Reflection;
using Sojaner.MemoryScanner.MemoryProviers;
using Sojaner.MemoryScanner;

namespace RomCheater.Docking
{
    public partial class FloatingRamDumperDialog : DockContent, 
        IAcceptsPlugin<IConfigPlugin>,
        IAcceptsProcess<Process>,
        IAcceptsProcessAndConfig
    {
        #region sub-classes
        private const int BYTE_CORRECTION_VALUE = 23;
        public enum DumpSize
        {
            Bytes,
            KiloBytes,
            MegaBytes,
            GigaBytes,
        }
        #endregion
        private DumpSize dumpSize = DumpSize.Bytes;

        public FloatingRamDumperDialog() { InitializeComponent(); this.AcceptedPlugin = null; this.AcceptedProcess = null; }
        public FloatingRamDumperDialog(IConfigPlugin config) : this() { this.AcceptedPlugin = config; }
        public FloatingRamDumperDialog(IConfigPlugin config, Process process) : this() { this.AcceptedPlugin = config; this.AcceptedProcess = process; }
       
        private void FloatingRamDumperDialog_Load(object sender, EventArgs e)
        {
            txtStart.Value = MemorySizeConstants.MinimumAddress;
            txtEnd.Value = MemorySizeConstants.MinimumAddress + MemorySizeConstants.MaximumAddressSize;
        }


        #region  IAcceptsProcess<Process> Members
        public Process AcceptedProcess { get; set; }
        #endregion
        #region IAcceptsPlugin<IConfigPlugin> Members
        public IConfigPlugin AcceptedPlugin { get; set; }
        #endregion
        #region ram-dump specific
        private void radioBTNBytes_CheckedChanged(object sender, EventArgs e) { dumpSize = DumpSize.Bytes; }
        private void radioBTNKiloBytes_CheckedChanged(object sender, EventArgs e) { dumpSize = DumpSize.KiloBytes; }
        private void radioBTNMegaBytes_CheckedChanged(object sender, EventArgs e) { dumpSize = DumpSize.MegaBytes; }
        private void radioBTNGigaBytes_CheckedChanged(object sender, EventArgs e) { dumpSize = DumpSize.GigaBytes; }
        private void btnCalcEndAddr_Click(object sender, EventArgs e)
        {
            long start = 0;
            long end = 0;
            start = txtStart.Value;
            switch (dumpSize)
            {
                case DumpSize.Bytes:
                    end = (long)(Convert.ToDouble(txtDumpSize.Text) * 1.0 + (double)start) + BYTE_CORRECTION_VALUE;
                    txtEnd.Value = end;
                    break;
                case DumpSize.KiloBytes:
                    end = (long)(Convert.ToDouble(txtDumpSize.Text) * 1000.0 + (double)start) + BYTE_CORRECTION_VALUE;
                    txtEnd.Value = end;
                    break;
                case DumpSize.MegaBytes:
                    end = (long)(Convert.ToDouble(txtDumpSize.Text) * 1000000.0 + (double)start) + BYTE_CORRECTION_VALUE;
                    txtEnd.Value = end;
                    break;
                case DumpSize.GigaBytes:
                    end = (long)(Convert.ToDouble(txtDumpSize.Text) * 1000000000.0 + (double)start) + BYTE_CORRECTION_VALUE;
                    txtEnd.Value = end;
                    break;
            }
        }
        private void btnCalcStartAddr_Click(object sender, EventArgs e)
        {
            long start = 0;
            long end = 0;
            end = txtEnd.ToInt64();
            switch (dumpSize)
            {
                case DumpSize.Bytes:
                    start = (long)((double)end - (Convert.ToDouble(txtDumpSize.Text) * 1.0)) + BYTE_CORRECTION_VALUE;
                    txtStart.Value = (long)start;
                    break;
                case DumpSize.KiloBytes:
                    start = (long)((double)end - (Convert.ToDouble(txtDumpSize.Text) * 1000.0)) + BYTE_CORRECTION_VALUE;
                    txtStart.Value = (long)start;
                    break;
                case DumpSize.MegaBytes:
                    start = (long)((double)end - (Convert.ToDouble(txtDumpSize.Text) * 1000000.0)) + BYTE_CORRECTION_VALUE;
                    txtStart.Value = (long)start;
                    break;
                case DumpSize.GigaBytes:
                    start = (long)((double)end - (Convert.ToDouble(txtDumpSize.Text) * 1000000000.0)) + BYTE_CORRECTION_VALUE;
                    txtStart.Value = (long)start;
                    break;
            }
        }
        private void btnCalcDumpSize_Click(object sender, EventArgs e)
        {
            long start = txtStart.Value;
            long end = txtEnd.Value;
            long byte_diff = (end - start) + BYTE_CORRECTION_VALUE;
            switch (dumpSize)
            {
                case DumpSize.Bytes:
                    txtDumpSize.Text = string.Format("{0:n2}", (double)byte_diff);
                    break;
                case DumpSize.KiloBytes:
                    txtDumpSize.Text = string.Format("{0:n3}", (double)byte_diff / 1000.0);
                    break;
                case DumpSize.MegaBytes:
                    txtDumpSize.Text = string.Format("{0:n6}", (double)byte_diff / 1000000.0);
                    break;
                case DumpSize.GigaBytes:
                    txtDumpSize.Text = string.Format("{0:n9}", (double)byte_diff / 1000000000.0);
                    break;
            }
        }
        private void btnDumpRam_Click(object sender, EventArgs e)
        {
            if (this.AcceptedProcess == null)
            {
                MessageBox.Show("Please select a process to dump memory from", "", MessageBoxButtons.OK, MessageBoxIcon.Error);
                return;
            }
            DialogResult result = dumpsaver.ShowDialog();
            if (result != DialogResult.OK) return;
            DumpRam(txtStart.Value, txtEnd.Value, dumpsaver.FileName);
        }
        #endregion

        #region memory support
        private void DumpRam(long start, long end, string filename)
        {
            uint byte_count = (uint)(end - start);
            string arch = ProcessorAssemblyArchitecture.GetProcessorArchitecture(typeof(FloatingRamDumperDialog).Assembly);
            if (arch == ProcessorAssemblyArchitecture.x86)
            {
                // intptr is 4 bytes on x86
                if (end > int.MaxValue)
                    logger.Warn.WriteLine("Warning: DumpRam(): ending address is greater than 0x{0:x8} and we are running x86, this will exceed the max value for IntPtr", int.MaxValue);
            }
            else if (arch == ProcessorAssemblyArchitecture.x64)
            {
                // inptr is 8 bytes on x64
                if (end > uint.MaxValue)
                    logger.Warn.WriteLine("Warning: DumpRam(): ending address is greater than 0x{0:x8} and we are running x64, this will exceed the max value for UIntPtr", int.MaxValue);
            }
            else if (arch == ProcessorAssemblyArchitecture.AnyCpu)
            {
                if (IntPtr.Size == 4) //x86
                {
                    if (end > int.MaxValue)
                        logger.Warn.WriteLine("Warning: DumpRam(): ending address is greater than 0x{0:x8} and we are running x86, this will exceed the max value for IntPtr", int.MaxValue);
                }
                else if (IntPtr.Size == 8) //x64
                {
                }
                else // unknown
                {
                    if (end > uint.MaxValue)
                        logger.Warn.WriteLine("Warning: DumpRam(): ending address is greater than 0x{0:x8} and we are running x64, this will exceed the max value for UIntPtr", int.MaxValue);
                }
            }
            else
            {
                throw new InvalidProgramException(string.Format("Unexcepted processor aritecture: expected x86, x64, or AnyCpu(Msil) but we have: {0}", arch));
            }
            DumpRam(start, byte_count, filename);
        }
        private void DumpRam(long start, uint count, string filename)
        {
            if (this.AcceptedProcess == null) return;    
            int bytesReadSize;
            using (GenericMemoryProvider provider = new GenericMemoryProvider((IAcceptsProcessAndConfig)this))
            {
                provider.OpenProvider();
                if (provider.WriteProcessMemoryToFile(filename, (int)start, count, out bytesReadSize))
                {
                    MessageBox.Show(string.Format("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", start, start + count, filename, string.Format("0x{0:x4} {1}.exe", this.AcceptedProcess.Id, AcceptedProcess.ProcessName)), "", MessageBoxButtons.OK, MessageBoxIcon.Information);
                }
                else
                {
                    MessageBox.Show(string.Format("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", start, start + count, filename, string.Format("0x{0:x4} {1}.exe", this.AcceptedProcess.Id, AcceptedProcess.ProcessName)), "", MessageBoxButtons.OK, MessageBoxIcon.Error);
                }
                provider.CloseProvider();
            }

            //ProcessMemoryReader provider = new ProcessMemoryReader();
            //provider.ReadProcess = this.AcceptedProcess;
            //provider.OpenProcess();
            //provider.WriteProcessMemoryToFile(filename, (int)start, count, out bytesReadSize);
            //provider.CloseHandle();

        }
        #endregion
    }
}
1	william	414	#region Logging Defines
2			// include this any class or method that required logging, and comment-out what is not needed
3	william	415
4	william	414	#region Enabled logging levels
5			#define LOGGING_ENABLE_INFO
6			#define LOGGING_ENABLE_WARN
7			#define LOGGING_ENABLE_DEBUG
8			#define LOGGING_ENABLE_VERBOSEDEBUG
9			#define LOGGING_ENABLE_ERROR
10			#define LOGGING_ENABLE_VERBOSEERROR
11			#define LOGGING_ENABLE_PROFILER
12			#endregion
13			#endregion
14			using System;
15	william	148	using System.Collections.Generic;
16			using System.ComponentModel;
17			using System.Data;
18			using System.Drawing;
19			using System.Linq;
20			using System.Text;
21			using System.Windows.Forms;
22			using WeifenLuo.WinFormsUI.Docking;
23	william	153	using RomCheater.PluginFramework.Interfaces;
24			using System.Diagnostics;
25	william	157	using System.IO;
26	william	164	using RomCheater.Logging;
27			using System.Reflection;
28	william	238	using Sojaner.MemoryScanner.MemoryProviers;
29	william	252	using Sojaner.MemoryScanner;
30	william	148
31			namespace RomCheater.Docking
32			{
33	william	243	public partial class FloatingRamDumperDialog : DockContent,
34			IAcceptsPlugin<IConfigPlugin>,
35			IAcceptsProcess<Process>,
36			IAcceptsProcessAndConfig
37	william	148	{
38	william	154	#region sub-classes
39			private const int BYTE_CORRECTION_VALUE = 23;
40			public enum DumpSize
41			{
42			Bytes,
43			KiloBytes,
44			MegaBytes,
45			GigaBytes,
46			}
47			#endregion
48			private DumpSize dumpSize = DumpSize.Bytes;
49
50	william	153	public FloatingRamDumperDialog() { InitializeComponent(); this.AcceptedPlugin = null; this.AcceptedProcess = null; }
51			public FloatingRamDumperDialog(IConfigPlugin config) : this() { this.AcceptedPlugin = config; }
52			public FloatingRamDumperDialog(IConfigPlugin config, Process process) : this() { this.AcceptedPlugin = config; this.AcceptedProcess = process; }
53	william	154
54	william	148	private void FloatingRamDumperDialog_Load(object sender, EventArgs e)
55			{
56	william	282	txtStart.Value = MemorySizeConstants.MinimumAddress;
57	william	382	txtEnd.Value = MemorySizeConstants.MinimumAddress + MemorySizeConstants.MaximumAddressSize;
58	william	148	}
59	william	153
60
61	william	238	#region IAcceptsProcess<Process> Members
62	william	153	public Process AcceptedProcess { get; set; }
63			#endregion
64			#region IAcceptsPlugin<IConfigPlugin> Members
65			public IConfigPlugin AcceptedPlugin { get; set; }
66			#endregion
67	william	196	#region ram-dump specific
68			private void radioBTNBytes_CheckedChanged(object sender, EventArgs e) { dumpSize = DumpSize.Bytes; }
69			private void radioBTNKiloBytes_CheckedChanged(object sender, EventArgs e) { dumpSize = DumpSize.KiloBytes; }
70			private void radioBTNMegaBytes_CheckedChanged(object sender, EventArgs e) { dumpSize = DumpSize.MegaBytes; }
71			private void radioBTNGigaBytes_CheckedChanged(object sender, EventArgs e) { dumpSize = DumpSize.GigaBytes; }
72	william	154	private void btnCalcEndAddr_Click(object sender, EventArgs e)
73			{
74	william	249	long start = 0;
75			long end = 0;
76	william	154	start = txtStart.Value;
77			switch (dumpSize)
78			{
79			case DumpSize.Bytes:
80	william	249	end = (long)(Convert.ToDouble(txtDumpSize.Text) * 1.0 + (double)start) + BYTE_CORRECTION_VALUE;
81	william	154	txtEnd.Value = end;
82			break;
83			case DumpSize.KiloBytes:
84	william	249	end = (long)(Convert.ToDouble(txtDumpSize.Text) * 1000.0 + (double)start) + BYTE_CORRECTION_VALUE;
85	william	154	txtEnd.Value = end;
86			break;
87			case DumpSize.MegaBytes:
88	william	249	end = (long)(Convert.ToDouble(txtDumpSize.Text) * 1000000.0 + (double)start) + BYTE_CORRECTION_VALUE;
89	william	154	txtEnd.Value = end;
90			break;
91			case DumpSize.GigaBytes:
92	william	249	end = (long)(Convert.ToDouble(txtDumpSize.Text) * 1000000000.0 + (double)start) + BYTE_CORRECTION_VALUE;
93	william	154	txtEnd.Value = end;
94			break;
95			}
96			}
97			private void btnCalcStartAddr_Click(object sender, EventArgs e)
98			{
99			long start = 0;
100			long end = 0;
101			end = txtEnd.ToInt64();
102			switch (dumpSize)
103			{
104			case DumpSize.Bytes:
105			start = (long)((double)end - (Convert.ToDouble(txtDumpSize.Text) * 1.0)) + BYTE_CORRECTION_VALUE;
106	william	249	txtStart.Value = (long)start;
107	william	154	break;
108			case DumpSize.KiloBytes:
109			start = (long)((double)end - (Convert.ToDouble(txtDumpSize.Text) * 1000.0)) + BYTE_CORRECTION_VALUE;
110	william	249	txtStart.Value = (long)start;
111	william	154	break;
112			case DumpSize.MegaBytes:
113			start = (long)((double)end - (Convert.ToDouble(txtDumpSize.Text) * 1000000.0)) + BYTE_CORRECTION_VALUE;
114	william	249	txtStart.Value = (long)start;
115	william	154	break;
116			case DumpSize.GigaBytes:
117			start = (long)((double)end - (Convert.ToDouble(txtDumpSize.Text) * 1000000000.0)) + BYTE_CORRECTION_VALUE;
118	william	249	txtStart.Value = (long)start;
119	william	154	break;
120			}
121			}
122			private void btnCalcDumpSize_Click(object sender, EventArgs e)
123			{
124	william	249	long start = txtStart.Value;
125			long end = txtEnd.Value;
126			long byte_diff = (end - start) + BYTE_CORRECTION_VALUE;
127	william	154	switch (dumpSize)
128			{
129			case DumpSize.Bytes:
130			txtDumpSize.Text = string.Format("{0:n2}", (double)byte_diff);
131			break;
132			case DumpSize.KiloBytes:
133			txtDumpSize.Text = string.Format("{0:n3}", (double)byte_diff / 1000.0);
134			break;
135			case DumpSize.MegaBytes:
136			txtDumpSize.Text = string.Format("{0:n6}", (double)byte_diff / 1000000.0);
137			break;
138			case DumpSize.GigaBytes:
139			txtDumpSize.Text = string.Format("{0:n9}", (double)byte_diff / 1000000000.0);
140			break;
141			}
142			}
143	william	156	private void btnDumpRam_Click(object sender, EventArgs e)
144			{
145			if (this.AcceptedProcess == null)
146			{
147			MessageBox.Show("Please select a process to dump memory from", "", MessageBoxButtons.OK, MessageBoxIcon.Error);
148			return;
149			}
150			DialogResult result = dumpsaver.ShowDialog();
151			if (result != DialogResult.OK) return;
152			DumpRam(txtStart.Value, txtEnd.Value, dumpsaver.FileName);
153			}
154	william	196	#endregion
155	william	156
156			#region memory support
157	william	249	private void DumpRam(long start, long end, string filename)
158	william	156	{
159			uint byte_count = (uint)(end - start);
160	william	168	string arch = ProcessorAssemblyArchitecture.GetProcessorArchitecture(typeof(FloatingRamDumperDialog).Assembly);
161			if (arch == ProcessorAssemblyArchitecture.x86)
162			{
163			// intptr is 4 bytes on x86
164	william	164	if (end > int.MaxValue)
165	william	168	logger.Warn.WriteLine("Warning: DumpRam(): ending address is greater than 0x{0:x8} and we are running x86, this will exceed the max value for IntPtr", int.MaxValue);
166			}
167			else if (arch == ProcessorAssemblyArchitecture.x64)
168			{
169			// inptr is 8 bytes on x64
170			if (end > uint.MaxValue)
171			logger.Warn.WriteLine("Warning: DumpRam(): ending address is greater than 0x{0:x8} and we are running x64, this will exceed the max value for UIntPtr", int.MaxValue);
172			}
173	william	246	else if (arch == ProcessorAssemblyArchitecture.AnyCpu)
174			{
175			if (IntPtr.Size == 4) //x86
176			{
177			if (end > int.MaxValue)
178			logger.Warn.WriteLine("Warning: DumpRam(): ending address is greater than 0x{0:x8} and we are running x86, this will exceed the max value for IntPtr", int.MaxValue);
179			}
180			else if (IntPtr.Size == 8) //x64
181			{
182			}
183			else // unknown
184			{
185			if (end > uint.MaxValue)
186			logger.Warn.WriteLine("Warning: DumpRam(): ending address is greater than 0x{0:x8} and we are running x64, this will exceed the max value for UIntPtr", int.MaxValue);
187			}
188			}
189	william	168	else
190			{
191	william	246	throw new InvalidProgramException(string.Format("Unexcepted processor aritecture: expected x86, x64, or AnyCpu(Msil) but we have: {0}", arch));
192	william	168	}
193	william	156	DumpRam(start, byte_count, filename);
194			}
195	william	249	private void DumpRam(long start, uint count, string filename)
196	william	156	{
197	william	252	if (this.AcceptedProcess == null) return;
198			int bytesReadSize;
199	william	398	using (GenericMemoryProvider provider = new GenericMemoryProvider((IAcceptsProcessAndConfig)this))
200	william	169	{
201	william	398	provider.OpenProvider();
202			if (provider.WriteProcessMemoryToFile(filename, (int)start, count, out bytesReadSize))
203			{
204			MessageBox.Show(string.Format("Succefully dumped memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", start, start + count, filename, string.Format("0x{0:x4} {1}.exe", this.AcceptedProcess.Id, AcceptedProcess.ProcessName)), "", MessageBoxButtons.OK, MessageBoxIcon.Information);
205			}
206			else
207			{
208			MessageBox.Show(string.Format("Failed to dump memory (0x{0:x8}-0x{1:x8}) from pid=({3}) to file {2}", start, start + count, filename, string.Format("0x{0:x4} {1}.exe", this.AcceptedProcess.Id, AcceptedProcess.ProcessName)), "", MessageBoxButtons.OK, MessageBoxIcon.Error);
209			}
210			provider.CloseProvider();
211	william	169	}
212	william	252
213			//ProcessMemoryReader provider = new ProcessMemoryReader();
214			//provider.ReadProcess = this.AcceptedProcess;
215			//provider.OpenProcess();
216			//provider.WriteProcessMemoryToFile(filename, (int)start, count, out bytesReadSize);
217			//provider.CloseHandle();
218
219	william	156	}
220			#endregion
221	william	148	}
222			}