incomingTraceQueue = new LinkedList<>();
19 |
20 | //=================================================================
21 | /**
22 | *
23 | * @param passedParent
24 | */
25 | public MemoryTupleHandler( MainFrame passedParent ) {
26 | super( MainFrame.Executor );
27 | theParentFrame = passedParent;
28 | }
29 |
30 | //=================================================================
31 | /**
32 | * Main loop
33 | */
34 | @Override
35 | public void go() {
36 |
37 | Object[] anObjArr;
38 | while( !shutdownRequested ){
39 |
40 | //Wait till something is added to the queue
41 | waitToBeNotified();
42 |
43 | //Waits until a msg comes in
44 | while( !isIncomingEmpty() ){
45 |
46 |
47 | // Handle the next message
48 | synchronized(incomingTraceQueue) {
49 | anObjArr = (Object[])incomingTraceQueue.poll();
50 | }
51 |
52 | //Handles a message if there is one
53 | if(anObjArr != null){
54 | handleIncoming(anObjArr);
55 | anObjArr = null;
56 | }
57 |
58 | }
59 | }
60 | }
61 |
62 | //===============================================================
63 | /**
64 | * Handles incoming messages
65 | *
66 | * @param theMessage
67 | * @return
68 | */
69 | private void handleIncoming( Object[] anObjArr ) {
70 |
71 | //String aStr = null;
72 | if( anObjArr != null && anObjArr.length == 2){
73 |
74 | Long address = (Long)anObjArr[0];
75 | Trace theTrace = (Trace)anObjArr[1];
76 | theParentFrame.addTrace( address, theTrace );
77 |
78 | }
79 | }
80 |
81 |
82 | //===============================================================
83 | /**
84 | * Checks if the incoming queue is empty
85 | *
86 | * @return
87 | */
88 | public boolean isIncomingEmpty(){
89 |
90 | boolean retVal;
91 |
92 | synchronized(incomingTraceQueue) {
93 | retVal = incomingTraceQueue.isEmpty();
94 | }
95 | return retVal;
96 | }
97 |
98 | //===============================================================
99 | /**
100 | * Queues a MemoryTuple
101 | *
102 | * @param address
103 | * @param passedTrace
104 | */
105 | public void processIncoming( long address, Trace passedTrace) {
106 |
107 | //Copy over the bytes
108 | if(passedTrace != null){
109 |
110 | synchronized(incomingTraceQueue) {
111 | incomingTraceQueue.add(new Object[]{ address, passedTrace });
112 | }
113 | beNotified();
114 |
115 | }
116 | }
117 |
118 |
119 | }
120 |
--------------------------------------------------------------------------------
/HeapMonitor/src/heapmonitor/FreeJPanel.form:
--------------------------------------------------------------------------------
1 |
2 |
3 |
67 |
--------------------------------------------------------------------------------
/HeapMonitor/src/heapmonitor/AllocationJPanel.form:
--------------------------------------------------------------------------------
1 |
2 |
3 |
67 |
--------------------------------------------------------------------------------
/Observer/libs/MinHook/src/HDE32/table32.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Hacker Disassembler Engine 32 C
3 | * Copyright (c) 2008-2009, Vyacheslav Patkov.
4 | * All rights reserved.
5 | *
6 | */
7 |
8 | #define C_NONE 0x00
9 | #define C_MODRM 0x01
10 | #define C_IMM8 0x02
11 | #define C_IMM16 0x04
12 | #define C_IMM_P66 0x10
13 | #define C_REL8 0x20
14 | #define C_REL32 0x40
15 | #define C_GROUP 0x80
16 | #define C_ERROR 0xff
17 |
18 | #define PRE_ANY 0x00
19 | #define PRE_NONE 0x01
20 | #define PRE_F2 0x02
21 | #define PRE_F3 0x04
22 | #define PRE_66 0x08
23 | #define PRE_67 0x10
24 | #define PRE_LOCK 0x20
25 | #define PRE_SEG 0x40
26 | #define PRE_ALL 0xff
27 |
28 | #define DELTA_OPCODES 0x4a
29 | #define DELTA_FPU_REG 0xf1
30 | #define DELTA_FPU_MODRM 0xf8
31 | #define DELTA_PREFIXES 0x130
32 | #define DELTA_OP_LOCK_OK 0x1a1
33 | #define DELTA_OP2_LOCK_OK 0x1b9
34 | #define DELTA_OP_ONLY_MEM 0x1cb
35 | #define DELTA_OP2_ONLY_MEM 0x1da
36 |
37 | unsigned char hde32_table[] = {
38 | 0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,
39 | 0xa8,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xac,0xaa,0xb2,0xaa,0x9f,0x9f,
40 | 0x9f,0x9f,0xb5,0xa3,0xa3,0xa4,0xaa,0xaa,0xba,0xaa,0x96,0xaa,0xa8,0xaa,0xc3,
41 | 0xc3,0x96,0x96,0xb7,0xae,0xd6,0xbd,0xa3,0xc5,0xa3,0xa3,0x9f,0xc3,0x9c,0xaa,
42 | 0xaa,0xac,0xaa,0xbf,0x03,0x7f,0x11,0x7f,0x01,0x7f,0x01,0x3f,0x01,0x01,0x90,
43 | 0x82,0x7d,0x97,0x59,0x59,0x59,0x59,0x59,0x7f,0x59,0x59,0x60,0x7d,0x7f,0x7f,
44 | 0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x9a,0x88,0x7d,
45 | 0x59,0x50,0x50,0x50,0x50,0x59,0x59,0x59,0x59,0x61,0x94,0x61,0x9e,0x59,0x59,
46 | 0x85,0x59,0x92,0xa3,0x60,0x60,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,
47 | 0x59,0x59,0x9f,0x01,0x03,0x01,0x04,0x03,0xd5,0x03,0xcc,0x01,0xbc,0x03,0xf0,
48 | 0x10,0x10,0x10,0x10,0x50,0x50,0x50,0x50,0x14,0x20,0x20,0x20,0x20,0x01,0x01,
49 | 0x01,0x01,0xc4,0x02,0x10,0x00,0x00,0x00,0x00,0x01,0x01,0xc0,0xc2,0x10,0x11,
50 | 0x02,0x03,0x11,0x03,0x03,0x04,0x00,0x00,0x14,0x00,0x02,0x00,0x00,0xc6,0xc8,
51 | 0x02,0x02,0x02,0x02,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0xff,0xca,
52 | 0x01,0x01,0x01,0x00,0x06,0x00,0x04,0x00,0xc0,0xc2,0x01,0x01,0x03,0x01,0xff,
53 | 0xff,0x01,0x00,0x03,0xc4,0xc4,0xc6,0x03,0x01,0x01,0x01,0xff,0x03,0x03,0x03,
54 | 0xc8,0x40,0x00,0x0a,0x00,0x04,0x00,0x00,0x00,0x00,0x7f,0x00,0x33,0x01,0x00,
55 | 0x00,0x00,0x00,0x00,0x00,0xff,0xbf,0xff,0xff,0x00,0x00,0x00,0x00,0x07,0x00,
56 | 0x00,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
57 | 0x00,0xff,0xff,0x00,0x00,0x00,0xbf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
58 | 0x7f,0x00,0x00,0xff,0x4a,0x4a,0x4a,0x4a,0x4b,0x52,0x4a,0x4a,0x4a,0x4a,0x4f,
59 | 0x4c,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x55,0x45,0x40,0x4a,0x4a,0x4a,
60 | 0x45,0x59,0x4d,0x46,0x4a,0x5d,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,
61 | 0x4a,0x4a,0x4a,0x4a,0x4a,0x61,0x63,0x67,0x4e,0x4a,0x4a,0x6b,0x6d,0x4a,0x4a,
62 | 0x45,0x6d,0x4a,0x4a,0x44,0x45,0x4a,0x4a,0x00,0x00,0x00,0x02,0x0d,0x06,0x06,
63 | 0x06,0x06,0x0e,0x00,0x00,0x00,0x00,0x06,0x06,0x06,0x00,0x06,0x06,0x02,0x06,
64 | 0x00,0x0a,0x0a,0x07,0x07,0x06,0x02,0x05,0x05,0x02,0x02,0x00,0x00,0x04,0x04,
65 | 0x04,0x04,0x00,0x00,0x00,0x0e,0x05,0x06,0x06,0x06,0x01,0x06,0x00,0x00,0x08,
66 | 0x00,0x10,0x00,0x18,0x00,0x20,0x00,0x28,0x00,0x30,0x00,0x80,0x01,0x82,0x01,
67 | 0x86,0x00,0xf6,0xcf,0xfe,0x3f,0xab,0x00,0xb0,0x00,0xb1,0x00,0xb3,0x00,0xba,
68 | 0xf8,0xbb,0x00,0xc0,0x00,0xc1,0x00,0xc7,0xbf,0x62,0xff,0x00,0x8d,0xff,0x00,
69 | 0xc4,0xff,0x00,0xc5,0xff,0x00,0xff,0xff,0xeb,0x01,0xff,0x0e,0x12,0x08,0x00,
70 | 0x13,0x09,0x00,0x16,0x08,0x00,0x17,0x09,0x00,0x2b,0x09,0x00,0xae,0xff,0x07,
71 | 0xb2,0xff,0x00,0xb4,0xff,0x00,0xb5,0xff,0x00,0xc3,0x01,0x00,0xc7,0xff,0xbf,
72 | 0xe7,0x08,0x00,0xf0,0x02,0x00
73 | };
74 |
--------------------------------------------------------------------------------
/HeapMonitor/build.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 | Builds, tests, and runs the project HeapMonitor.
12 |
13 |
73 |
74 |
--------------------------------------------------------------------------------
/Observer/libs/MinHook/src/HDE64/src/table64.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Hacker Disassembler Engine 64 C
3 | * Copyright (c) 2008-2009, Vyacheslav Patkov.
4 | * All rights reserved.
5 | *
6 | */
7 |
8 | #define C_NONE 0x00
9 | #define C_MODRM 0x01
10 | #define C_IMM8 0x02
11 | #define C_IMM16 0x04
12 | #define C_IMM_P66 0x10
13 | #define C_REL8 0x20
14 | #define C_REL32 0x40
15 | #define C_GROUP 0x80
16 | #define C_ERROR 0xff
17 |
18 | #define PRE_ANY 0x00
19 | #define PRE_NONE 0x01
20 | #define PRE_F2 0x02
21 | #define PRE_F3 0x04
22 | #define PRE_66 0x08
23 | #define PRE_67 0x10
24 | #define PRE_LOCK 0x20
25 | #define PRE_SEG 0x40
26 | #define PRE_ALL 0xff
27 |
28 | #define DELTA_OPCODES 0x4a
29 | #define DELTA_FPU_REG 0xfd
30 | #define DELTA_FPU_MODRM 0x104
31 | #define DELTA_PREFIXES 0x13c
32 | #define DELTA_OP_LOCK_OK 0x1ae
33 | #define DELTA_OP2_LOCK_OK 0x1c6
34 | #define DELTA_OP_ONLY_MEM 0x1d8
35 | #define DELTA_OP2_ONLY_MEM 0x1e7
36 |
37 | unsigned char hde64_table[] = {
38 | 0xa5,0xaa,0xa5,0xb8,0xa5,0xaa,0xa5,0xaa,0xa5,0xb8,0xa5,0xb8,0xa5,0xb8,0xa5,
39 | 0xb8,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xac,0xc0,0xcc,0xc0,0xa1,0xa1,
40 | 0xa1,0xa1,0xb1,0xa5,0xa5,0xa6,0xc0,0xc0,0xd7,0xda,0xe0,0xc0,0xe4,0xc0,0xea,
41 | 0xea,0xe0,0xe0,0x98,0xc8,0xee,0xf1,0xa5,0xd3,0xa5,0xa5,0xa1,0xea,0x9e,0xc0,
42 | 0xc0,0xc2,0xc0,0xe6,0x03,0x7f,0x11,0x7f,0x01,0x7f,0x01,0x3f,0x01,0x01,0xab,
43 | 0x8b,0x90,0x64,0x5b,0x5b,0x5b,0x5b,0x5b,0x92,0x5b,0x5b,0x76,0x90,0x92,0x92,
44 | 0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x6a,0x73,0x90,
45 | 0x5b,0x52,0x52,0x52,0x52,0x5b,0x5b,0x5b,0x5b,0x77,0x7c,0x77,0x85,0x5b,0x5b,
46 | 0x70,0x5b,0x7a,0xaf,0x76,0x76,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,
47 | 0x5b,0x5b,0x86,0x01,0x03,0x01,0x04,0x03,0xd5,0x03,0xd5,0x03,0xcc,0x01,0xbc,
48 | 0x03,0xf0,0x03,0x03,0x04,0x00,0x50,0x50,0x50,0x50,0xff,0x20,0x20,0x20,0x20,
49 | 0x01,0x01,0x01,0x01,0xc4,0x02,0x10,0xff,0xff,0xff,0x01,0x00,0x03,0x11,0xff,
50 | 0x03,0xc4,0xc6,0xc8,0x02,0x10,0x00,0xff,0xcc,0x01,0x01,0x01,0x00,0x00,0x00,
51 | 0x00,0x01,0x01,0x03,0x01,0xff,0xff,0xc0,0xc2,0x10,0x11,0x02,0x03,0x01,0x01,
52 | 0x01,0xff,0xff,0xff,0x00,0x00,0x00,0xff,0x00,0x00,0xff,0xff,0xff,0xff,0x10,
53 | 0x10,0x10,0x10,0x02,0x10,0x00,0x00,0xc6,0xc8,0x02,0x02,0x02,0x02,0x06,0x00,
54 | 0x04,0x00,0x02,0xff,0x00,0xc0,0xc2,0x01,0x01,0x03,0x03,0x03,0xca,0x40,0x00,
55 | 0x0a,0x00,0x04,0x00,0x00,0x00,0x00,0x7f,0x00,0x33,0x01,0x00,0x00,0x00,0x00,
56 | 0x00,0x00,0xff,0xbf,0xff,0xff,0x00,0x00,0x00,0x00,0x07,0x00,0x00,0xff,0x00,
57 | 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,
58 | 0x00,0x00,0x00,0xbf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x7f,0x00,0x00,
59 | 0xff,0x40,0x40,0x40,0x40,0x41,0x49,0x40,0x40,0x40,0x40,0x4c,0x42,0x40,0x40,
60 | 0x40,0x40,0x40,0x40,0x40,0x40,0x4f,0x44,0x53,0x40,0x40,0x40,0x44,0x57,0x43,
61 | 0x5c,0x40,0x60,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,
62 | 0x40,0x40,0x64,0x66,0x6e,0x6b,0x40,0x40,0x6a,0x46,0x40,0x40,0x44,0x46,0x40,
63 | 0x40,0x5b,0x44,0x40,0x40,0x00,0x00,0x00,0x00,0x06,0x06,0x06,0x06,0x01,0x06,
64 | 0x06,0x02,0x06,0x06,0x00,0x06,0x00,0x0a,0x0a,0x00,0x00,0x00,0x02,0x07,0x07,
65 | 0x06,0x02,0x0d,0x06,0x06,0x06,0x0e,0x05,0x05,0x02,0x02,0x00,0x00,0x04,0x04,
66 | 0x04,0x04,0x05,0x06,0x06,0x06,0x00,0x00,0x00,0x0e,0x00,0x00,0x08,0x00,0x10,
67 | 0x00,0x18,0x00,0x20,0x00,0x28,0x00,0x30,0x00,0x80,0x01,0x82,0x01,0x86,0x00,
68 | 0xf6,0xcf,0xfe,0x3f,0xab,0x00,0xb0,0x00,0xb1,0x00,0xb3,0x00,0xba,0xf8,0xbb,
69 | 0x00,0xc0,0x00,0xc1,0x00,0xc7,0xbf,0x62,0xff,0x00,0x8d,0xff,0x00,0xc4,0xff,
70 | 0x00,0xc5,0xff,0x00,0xff,0xff,0xeb,0x01,0xff,0x0e,0x12,0x08,0x00,0x13,0x09,
71 | 0x00,0x16,0x08,0x00,0x17,0x09,0x00,0x2b,0x09,0x00,0xae,0xff,0x07,0xb2,0xff,
72 | 0x00,0xb4,0xff,0x00,0xb5,0xff,0x00,0xc3,0x01,0x00,0xc7,0xff,0xbf,0xe7,0x08,
73 | 0x00,0xf0,0x02,0x00
74 | };
75 |
--------------------------------------------------------------------------------
/HeapMonitor/src/heapmonitor/ManagedRunnable.java:
--------------------------------------------------------------------------------
1 |
2 | /*
3 | * ManagedRunnable.java
4 | *
5 | * Created on June 2, 2013 10:21 PM
6 | */
7 |
8 | package heapmonitor;
9 |
10 | import java.util.concurrent.Executor;
11 |
12 | /**
13 | *
14 | *
15 | */
16 | abstract public class ManagedRunnable implements Runnable {
17 |
18 | protected volatile boolean shutdownRequested = false;
19 | private volatile boolean isRunning = false;
20 | private volatile boolean notified = false;
21 | protected final Executor theExecutor;
22 |
23 | //===============================================================
24 | /**
25 | * Base constructor
26 | * @param passedExecutor
27 | */
28 | protected ManagedRunnable( Executor passedExecutor ) {
29 | theExecutor = passedExecutor;
30 | }
31 |
32 | //===============================================================
33 | /**
34 | * Starts the detector thread
35 | */
36 | public synchronized void start(){
37 | if( !isRunning ){
38 | theExecutor.execute( this );
39 | }
40 | }
41 |
42 | //===============================================================
43 | /**
44 | * Used for setting the run flags
45 | */
46 | @Override //Runnable
47 | final public void run() {
48 |
49 | //Set flag
50 | isRunning = true;
51 |
52 | //Run the main function
53 | go();
54 |
55 | //Set flag
56 | isRunning = false;
57 |
58 | }
59 |
60 | //===============================================================
61 | /**
62 | * The main thread function
63 | */
64 | abstract protected void go();
65 |
66 | //===============================================================
67 | /**
68 | * Shut down the detector
69 | */
70 | public synchronized void shutdown(){
71 | shutdownRequested = true;
72 | notifyAll();
73 | }
74 |
75 |
76 | // ==========================================================================
77 | /**
78 | * Causes the calling {@link Thread} to wait() until notified by
79 | * another.
80 | *
81 | * This method most certainly "blocks".
82 | * @param anInt
83 | */
84 | public synchronized void waitToBeNotified( Integer... anInt ) {
85 |
86 | while( !notified && !shutdownRequested) { //Until notified...
87 |
88 | try {
89 |
90 | //Add a timeout if necessary
91 | if( anInt.length > 0 ){
92 |
93 | wait( anInt[0]);
94 | break;
95 |
96 | } else {
97 | wait(); //Wait here until notified
98 | }
99 |
100 | } catch( InterruptedException ex ) {
101 | }
102 |
103 | }
104 | notified = false;
105 | }
106 |
107 | //===============================================================
108 | /**
109 | * Notifies the thread
110 | */
111 | protected synchronized void beNotified() {
112 | notified = true;
113 | notifyAll();
114 | }
115 |
116 | // ==========================================================================
117 | /**
118 | * Checks the shutdown flag.
119 | *
120 | * @return
121 | */
122 | public synchronized boolean finished() {
123 | return shutdownRequested;
124 | }
125 |
126 | // ==========================================================================
127 | /**
128 | * Check if the running flag has been set
129 | *
130 | * @return
131 | */
132 | public boolean isRunning() {
133 | return isRunning;
134 | }
135 | }
--------------------------------------------------------------------------------
/Observer/libs/MinHook/COPYING.txt:
--------------------------------------------------------------------------------
1 | /*
2 | * MinHook - The Minimalistic API Hooking Library for x64/x86
3 | * Copyright (c) 2009 Tsuda Kageyu.
4 | * All rights reserved.
5 | *
6 | * Redistribution and use in source and binary forms, with or without
7 | * modification, are permitted provided that the following conditions
8 | * are met:
9 | *
10 | * 1. Redistributions of source code must retain the above copyright
11 | * notice, this list of conditions and the following disclaimer.
12 | * 2. Redistributions in binary form must reproduce the above copyright
13 | * notice, this list of conditions and the following disclaimer in the
14 | * documentation and/or other materials provided with the distribution.
15 | * 3. The name of the author may not be used to endorse or promote products
16 | * derived from this software without specific prior written permission.
17 | *
18 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | ================================================================================
31 | Portions of this software are Copyright (c) 2008-2009, Vyacheslav Patkov.
32 | ================================================================================
33 | /*
34 | * Hacker Disassembler Engine 32 C
35 | * Copyright (c) 2008-2009, Vyacheslav Patkov.
36 | * All rights reserved.
37 | *
38 | */
39 |
40 | /*
41 | * Hacker Disassembler Engine 64 C
42 | * Copyright (c) 2008-2009, Vyacheslav Patkov.
43 | * All rights reserved.
44 | *
45 | */
46 |
47 | ================================================================================
48 | Portions of this software are Copyright (c) 2005-2007 Paul Hsieh.
49 | ================================================================================
50 | /* A portable stdint.h
51 | ****************************************************************************
52 | * BSD License:
53 | ****************************************************************************
54 | *
55 | * Copyright (c) 2005-2007 Paul Hsieh
56 | * All rights reserved.
57 | *
58 | * Redistribution and use in source and binary forms, with or without
59 | * modification, are permitted provided that the following conditions
60 | * are met:
61 | *
62 | * 1. Redistributions of source code must retain the above copyright
63 | * notice, this list of conditions and the following disclaimer.
64 | * 2. Redistributions in binary form must reproduce the above copyright
65 | * notice, this list of conditions and the following disclaimer in the
66 | * documentation and/or other materials provided with the distribution.
67 | * 3. The name of the author may not be used to endorse or promote products
68 | * derived from this software without specific prior written permission.
69 | *
70 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
71 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
72 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
73 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
74 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
75 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
76 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
77 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
78 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
79 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
80 |
--------------------------------------------------------------------------------
/Observer/libs/MinHook/MinHook.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {672868F4-6952-4D53-9BCA-22277B95027D}
15 | Win32Proj
16 | MinHook
17 |
18 |
19 |
20 | StaticLibrary
21 | true
22 | v110
23 | Unicode
24 |
25 |
26 | StaticLibrary
27 | false
28 | v110
29 | true
30 | Unicode
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 | Level3
48 | Disabled
49 | WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)
50 |
51 |
52 | Windows
53 | true
54 |
55 |
56 |
57 |
58 | Level3
59 |
60 |
61 | MaxSpeed
62 | true
63 | true
64 | WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)
65 |
66 |
67 | Windows
68 | true
69 | true
70 | true
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
--------------------------------------------------------------------------------
/Observer/HeapMonitor.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 2012
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DllInjector", "DllInjector\DllInjector.vcxproj", "{964F661B-8FA0-4DEF-836F-0D0720972D02}"
5 | ProjectSection(ProjectDependencies) = postProject
6 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9} = {F3C8DD27-15AB-4B73-A499-C32181ACACC9}
7 | EndProjectSection
8 | EndProject
9 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Observer", "Observer\Observer.vcxproj", "{F3C8DD27-15AB-4B73-A499-C32181ACACC9}"
10 | EndProject
11 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libMinHook", "libs\MinHook\build\libMinHook.vcxproj", "{65021938-D251-46FA-BC3D-85C385D4C06D}"
12 | EndProject
13 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TestAllocations", "TestAllocations\TestAllocations.vcxproj", "{5D63EFBE-1839-4708-9814-81170AF56313}"
14 | EndProject
15 | Global
16 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
17 | Debug|Mixed Platforms = Debug|Mixed Platforms
18 | Debug|Win32 = Debug|Win32
19 | Debug|x64 = Debug|x64
20 | Release|Mixed Platforms = Release|Mixed Platforms
21 | Release|Win32 = Release|Win32
22 | Release|x64 = Release|x64
23 | EndGlobalSection
24 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
25 | {964F661B-8FA0-4DEF-836F-0D0720972D02}.Debug|Mixed Platforms.ActiveCfg = Debug|x64
26 | {964F661B-8FA0-4DEF-836F-0D0720972D02}.Debug|Mixed Platforms.Build.0 = Debug|x64
27 | {964F661B-8FA0-4DEF-836F-0D0720972D02}.Debug|Win32.ActiveCfg = Debug|Win32
28 | {964F661B-8FA0-4DEF-836F-0D0720972D02}.Debug|Win32.Build.0 = Debug|Win32
29 | {964F661B-8FA0-4DEF-836F-0D0720972D02}.Debug|x64.ActiveCfg = Debug|x64
30 | {964F661B-8FA0-4DEF-836F-0D0720972D02}.Debug|x64.Build.0 = Debug|x64
31 | {964F661B-8FA0-4DEF-836F-0D0720972D02}.Release|Mixed Platforms.ActiveCfg = Release|Win32
32 | {964F661B-8FA0-4DEF-836F-0D0720972D02}.Release|Mixed Platforms.Build.0 = Release|Win32
33 | {964F661B-8FA0-4DEF-836F-0D0720972D02}.Release|Win32.ActiveCfg = Release|Win32
34 | {964F661B-8FA0-4DEF-836F-0D0720972D02}.Release|Win32.Build.0 = Release|Win32
35 | {964F661B-8FA0-4DEF-836F-0D0720972D02}.Release|x64.ActiveCfg = Release|x64
36 | {964F661B-8FA0-4DEF-836F-0D0720972D02}.Release|x64.Build.0 = Release|x64
37 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9}.Debug|Mixed Platforms.ActiveCfg = Debug|x64
38 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9}.Debug|Mixed Platforms.Build.0 = Debug|x64
39 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9}.Debug|Win32.ActiveCfg = Debug|Win32
40 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9}.Debug|Win32.Build.0 = Debug|Win32
41 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9}.Debug|x64.ActiveCfg = Debug|x64
42 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9}.Debug|x64.Build.0 = Debug|x64
43 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9}.Release|Mixed Platforms.ActiveCfg = Release|Win32
44 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9}.Release|Mixed Platforms.Build.0 = Release|Win32
45 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9}.Release|Win32.ActiveCfg = Release|Win32
46 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9}.Release|Win32.Build.0 = Release|Win32
47 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9}.Release|x64.ActiveCfg = Release|x64
48 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9}.Release|x64.Build.0 = Release|x64
49 | {65021938-D251-46FA-BC3D-85C385D4C06D}.Debug|Mixed Platforms.ActiveCfg = Debug|x64
50 | {65021938-D251-46FA-BC3D-85C385D4C06D}.Debug|Mixed Platforms.Build.0 = Debug|x64
51 | {65021938-D251-46FA-BC3D-85C385D4C06D}.Debug|Win32.ActiveCfg = Debug|Win32
52 | {65021938-D251-46FA-BC3D-85C385D4C06D}.Debug|Win32.Build.0 = Debug|Win32
53 | {65021938-D251-46FA-BC3D-85C385D4C06D}.Debug|x64.ActiveCfg = Debug|x64
54 | {65021938-D251-46FA-BC3D-85C385D4C06D}.Debug|x64.Build.0 = Debug|x64
55 | {65021938-D251-46FA-BC3D-85C385D4C06D}.Release|Mixed Platforms.ActiveCfg = Release|Win32
56 | {65021938-D251-46FA-BC3D-85C385D4C06D}.Release|Mixed Platforms.Build.0 = Release|Win32
57 | {65021938-D251-46FA-BC3D-85C385D4C06D}.Release|Win32.ActiveCfg = Release|Win32
58 | {65021938-D251-46FA-BC3D-85C385D4C06D}.Release|Win32.Build.0 = Release|Win32
59 | {65021938-D251-46FA-BC3D-85C385D4C06D}.Release|x64.ActiveCfg = Release|x64
60 | {65021938-D251-46FA-BC3D-85C385D4C06D}.Release|x64.Build.0 = Release|x64
61 | {5D63EFBE-1839-4708-9814-81170AF56313}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
62 | {5D63EFBE-1839-4708-9814-81170AF56313}.Debug|Mixed Platforms.Build.0 = Debug|Win32
63 | {5D63EFBE-1839-4708-9814-81170AF56313}.Debug|Win32.ActiveCfg = Debug|Win32
64 | {5D63EFBE-1839-4708-9814-81170AF56313}.Debug|Win32.Build.0 = Debug|Win32
65 | {5D63EFBE-1839-4708-9814-81170AF56313}.Debug|x64.ActiveCfg = Debug|x64
66 | {5D63EFBE-1839-4708-9814-81170AF56313}.Release|Mixed Platforms.ActiveCfg = Release|Win32
67 | {5D63EFBE-1839-4708-9814-81170AF56313}.Release|Mixed Platforms.Build.0 = Release|Win32
68 | {5D63EFBE-1839-4708-9814-81170AF56313}.Release|Win32.ActiveCfg = Release|Win32
69 | {5D63EFBE-1839-4708-9814-81170AF56313}.Release|Win32.Build.0 = Release|Win32
70 | {5D63EFBE-1839-4708-9814-81170AF56313}.Release|x64.ActiveCfg = Release|x64
71 | {5D63EFBE-1839-4708-9814-81170AF56313}.Release|x64.Build.0 = Release|x64
72 | EndGlobalSection
73 | GlobalSection(SolutionProperties) = preSolution
74 | HideSolutionNode = FALSE
75 | EndGlobalSection
76 | EndGlobal
77 |
--------------------------------------------------------------------------------
/Observer/libs/MinHook/include/MinHook.h:
--------------------------------------------------------------------------------
1 | /*
2 | * MinHook - Minimalistic API Hook Library
3 | * Copyright (C) 2009 Tsuda Kageyu. All rights reserved.
4 | *
5 | * Redistribution and use in source and binary forms, with or without
6 | * modification, are permitted provided that the following conditions
7 | * are met:
8 | *
9 | * 1. Redistributions of source code must retain the above copyright
10 | * notice, this list of conditions and the following disclaimer.
11 | * 2. Redistributions in binary form must reproduce the above copyright
12 | * notice, this list of conditions and the following disclaimer in the
13 | * documentation and/or other materials provided with the distribution.
14 | * 3. The name of the author may not be used to endorse or promote products
15 | * derived from this software without specific prior written permission.
16 | *
17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 | */
28 |
29 | #pragma once
30 |
31 | #include
32 |
33 | // MinHook Error Codes.
34 | typedef enum MH_STATUS
35 | {
36 | // Unknown error. Should not be returned.
37 | MH_UNKNOWN = -1,
38 |
39 | // Successful.
40 | MH_OK = 0,
41 |
42 | // MinHook is already initialized.
43 | MH_ERROR_ALREADY_INITIALIZED,
44 |
45 | // MinHook is not initialized yet, or already uninitialized.
46 | MH_ERROR_NOT_INITIALIZED,
47 |
48 | // The hook for the specified target function is already created.
49 | MH_ERROR_ALREADY_CREATED,
50 |
51 | // The hook for the specified target function is not created yet.
52 | MH_ERROR_NOT_CREATED,
53 |
54 | // The hook for the specified target function is already enabled.
55 | MH_ERROR_ENABLED,
56 |
57 | // The hook for the specified target function is not enabled yet, or already disabled.
58 | MH_ERROR_DISABLED,
59 |
60 | // The specified pointer is invalid. It points the address of non-allocated and/or non-executable region.
61 | MH_ERROR_NOT_EXECUTABLE,
62 |
63 | // The specified target function cannot be hooked.
64 | MH_ERROR_UNSUPPORTED_FUNCTION,
65 |
66 | // Failed to allocate memory.
67 | MH_ERROR_MEMORY_ALLOC,
68 |
69 | // Failed to change the memory protection.
70 | MH_ERROR_MEMORY_PROTECT
71 | }
72 | MH_STATUS;
73 |
74 | // Can be passed as a parameter to MH_EnableHook, MH_DisableHook, MH_QueueEnableHook or MH_QueueDisableHook.
75 | #define MH_ALL_HOOKS NULL
76 |
77 | #if defined __cplusplus
78 | extern "C" {
79 | #endif
80 |
81 | // Initialize the MinHook library.
82 | MH_STATUS WINAPI MH_Initialize();
83 |
84 | // Uninitialize the MinHook library.
85 | MH_STATUS WINAPI MH_Uninitialize();
86 |
87 | // Creates the Hook for the specified target function, in disabled state.
88 | // Parameters:
89 | // pTarget [in] A pointer to the target function, which will be overridden by the detour function.
90 | // pDetour [in] A pointer to the detour function, which will override the target function.
91 | // ppOriginal [out] A pointer to the trampoline function, which will be used to call the original target function.
92 | MH_STATUS WINAPI MH_CreateHook(void* pTarget, void* const pDetour, void** ppOriginal);
93 |
94 | // Removes the already created hook.
95 | // Parameters:
96 | // pTarget [in] A pointer to the target function.
97 | MH_STATUS WINAPI MH_RemoveHook(void* pTarget);
98 |
99 | // Enables the already created hook.
100 | // Parameters:
101 | // pTarget [in] A pointer to the target function.
102 | // If this parameter is MH_ALL_HOOKS, all created hooks are enabled in one go.
103 | MH_STATUS WINAPI MH_EnableHook(void* pTarget);
104 |
105 | // Disables the already created hook.
106 | // Parameters:
107 | // pTarget [in] A pointer to the target function.
108 | // If this parameter is MH_ALL_HOOKS, all created hooks are disabled in one go.
109 | MH_STATUS WINAPI MH_DisableHook(void* pTarget);
110 |
111 | // Queues to enable the already created hook.
112 | // Parameters:
113 | // pTarget [in] A pointer to the target function.
114 | // If this parameter is MH_ALL_HOOKS, all created hooks are queued to be enabled.
115 | MH_STATUS WINAPI MH_QueueEnableHook(void* pTarget);
116 |
117 | // Queues to disable the already created hook.
118 | // Parameters:
119 | // pTarget [in] A pointer to the target function.
120 | // If this parameter is MH_ALL_HOOKS, all created hooks are queued to be disabled.
121 | MH_STATUS WINAPI MH_QueueDisableHook(void* pTarget);
122 |
123 | // Applies all queued changes in one go.
124 | MH_STATUS WINAPI MH_ApplyQueued();
125 |
126 | #if defined __cplusplus
127 | }
128 | #endif
129 |
130 |
--------------------------------------------------------------------------------
/Observer/Observer/Observer_dyn.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 | #include "dbghelp.h"
4 | #include
5 | #include
6 | #include
7 |
8 | const int backtraceSize = 100;
9 |
10 | class Trace {
11 |
12 | public:
13 | Trace(){
14 | this->getTrace();
15 | };
16 | std::string trace_str;
17 |
18 | private:
19 | void getTrace(){
20 |
21 | std::stringstream stream;
22 | unsigned long retLong;
23 | void *backtrace[backtraceSize];
24 | unsigned short frames;
25 | char tmpBuf[24];
26 | char lineNum[20];
27 |
28 | frames = CaptureStackBackTrace(0, backtraceSize, backtrace, &retLong);
29 |
30 | HANDLE process = GetCurrentProcess();
31 |
32 | const int MAXSYMBOLNAME = 128 - sizeof(IMAGEHLP_SYMBOL);
33 | char symbol64_buf[sizeof(IMAGEHLP_SYMBOL) + MAXSYMBOLNAME] = {0};
34 | IMAGEHLP_SYMBOL *symbol = reinterpret_cast(symbol64_buf);
35 | symbol->SizeOfStruct = sizeof(IMAGEHLP_SYMBOL);
36 | symbol->MaxNameLength = MAXSYMBOLNAME - 1;
37 |
38 | // Print out stack trace. Skip the first frame (that's our hook function.)
39 | for(size_t i = 1; i < frames; ++i){
40 |
41 | size_t curr_trace = (size_t)backtrace[i];
42 | if( curr_trace ){
43 |
44 | sprintf_s(tmpBuf, "%p", curr_trace);
45 | // Output stack frame symbols if available.
46 | if(SymGetSymFromAddr(process, (DWORD64)curr_trace, 0, symbol)){
47 |
48 | stream << symbol->Name;
49 |
50 | // Output filename + line info if available.
51 | IMAGEHLP_LINE64 lineSymbol;
52 | lineSymbol.SizeOfStruct = sizeof(IMAGEHLP_LINE64);
53 | DWORD displacement;
54 |
55 | if(SymGetLineFromAddr64(process, (DWORD64)curr_trace, &displacement, &lineSymbol)){
56 | stream << "\t" << lineSymbol.FileName;
57 | stream << ":";
58 |
59 | //Add line number
60 | _ltoa_s(lineSymbol.LineNumber, lineNum, 10 );
61 | stream << lineNum;
62 |
63 | } else {
64 | stream << "\t";
65 | }
66 |
67 | //stream << "\t(" << std::setw(sizeof(void*)*2) << std::setfill('0') << curr_trace
68 | stream << "\t(";
69 | stream << tmpBuf;
70 | stream << ")\n";
71 |
72 | } else {
73 | //stream << "\t" << "\t(" << std::setw(sizeof(void*)*2) << std::setfill('0') << curr_trace << ")\n";
74 | stream << "\t\t(";
75 | stream << tmpBuf;
76 | stream << ")\n";
77 | }
78 |
79 | } else{
80 | break;
81 | }
82 | }
83 |
84 | //Set the stream
85 | trace_str.assign( stream.str() );
86 | }
87 | };
88 |
89 | //******************************************************************************
90 | class MemoryMessage{
91 | public:
92 | MemoryMessage(size_t *ptr, Trace *trace ){
93 | this->ptr = ptr;
94 | this->trace = trace;
95 | };
96 | char* getBytes( DWORD *retBytes ){
97 | DWORD buf_size = 12;
98 | char *retPtr = NULL;
99 |
100 | //Check that an address
101 | if( trace ){
102 |
103 | buf_size += trace->trace_str.length();
104 | retPtr = (char *)malloc(buf_size);
105 | memset(retPtr, 0, buf_size );
106 |
107 | //Add address and stack trace
108 | *(long *)retPtr = (size_t)ptr;
109 | *(int *)((char*)retPtr + 8) = trace->trace_str.length();
110 | memcpy( (char*)retPtr + 12, trace->trace_str.c_str(), trace->trace_str.length() );
111 |
112 | }
113 |
114 | *retBytes = buf_size;
115 | return retPtr;
116 |
117 | }
118 | byte msg_type;
119 | private:
120 | size_t *ptr;
121 | Trace *trace;
122 | };
123 |
124 | class MallocMessage : public MemoryMessage{
125 | public:
126 | MallocMessage(DWORD size, size_t *ptr, Trace *trace ) : MemoryMessage( ptr, trace) {
127 | this->size = size;
128 | msg_type = (byte)0x12;
129 | };
130 |
131 | char* getBytes( DWORD *retBytes ){
132 | DWORD ret_size = 0;
133 | DWORD child_size = 0;
134 | char *retPtr = NULL;
135 | char *basePtr = NULL;
136 |
137 | //Get data from the base class
138 | basePtr = this->MemoryMessage::getBytes( &child_size );
139 | if( basePtr && child_size > 0 ){
140 |
141 | ret_size = child_size + 5;
142 | retPtr = (char *)malloc( ret_size);
143 | memset(retPtr, 0, ret_size );
144 |
145 | //Add type
146 | *(byte *)retPtr = (byte)msg_type;
147 | //Add size
148 | *((DWORD *)((char *)(retPtr + 1))) = size;
149 | //Add internal
150 | memcpy(retPtr + 5, basePtr, child_size );
151 | //Free internal buffer
152 | free(basePtr);
153 | }
154 |
155 | *retBytes = ret_size;
156 | return retPtr;
157 | }
158 | private:
159 | DWORD size;
160 | };
161 |
162 | class FreeMessage : public MemoryMessage{
163 | public:
164 | FreeMessage( size_t *ptr, Trace *trace ) : MemoryMessage( ptr, trace) {
165 | msg_type = (byte)0x13;
166 | };
167 |
168 | char* getBytes( DWORD *retBytes ){
169 | DWORD ret_size = 0;
170 | DWORD child_size = 0;
171 | char *retPtr = NULL;
172 | char *basePtr = NULL;
173 |
174 | //Get data from the base class
175 | basePtr = this->MemoryMessage::getBytes( &child_size );
176 | if( basePtr && child_size > 0 ){
177 |
178 | ret_size = child_size + 1;
179 | retPtr = (char *)malloc( ret_size);
180 | memset(retPtr, 0, ret_size );
181 |
182 | //Add type
183 | *(byte *)retPtr = (byte)msg_type;
184 | //Add internal
185 | memcpy(retPtr + 1, basePtr, child_size );
186 | //Free internal buffer
187 | free(basePtr);
188 |
189 | }
190 |
191 | *retBytes = ret_size;
192 | return retPtr;
193 |
194 | }
195 | };
--------------------------------------------------------------------------------
/HeapMonitor/src/heapmonitor/MemoryChunk.java:
--------------------------------------------------------------------------------
1 |
2 | package heapmonitor;
3 |
4 | import java.awt.Color;
5 | import java.text.SimpleDateFormat;
6 | import java.util.ArrayList;
7 | import java.util.Collections;
8 | import java.util.List;
9 | import java.util.Stack;
10 |
11 | /**
12 | *
13 | * @author b0yd
14 | */
15 | public class MemoryChunk {
16 |
17 | protected final long memoryAddress;
18 | protected final Stack allocationList = new Stack<>();
19 | protected final Stack freeList = new Stack<>();
20 | private Color memoryColor = Color.BLUE;
21 |
22 | private boolean allocated = false;
23 |
24 | //=================================================================
25 | /**
26 | *
27 | * @param passedAddress
28 | */
29 | public MemoryChunk( long passedAddress ) {
30 | memoryAddress = passedAddress;
31 | }
32 |
33 | //=================================================================
34 | /**
35 | *
36 | * @param passedAllocation
37 | */
38 | public void addAllocation( AllocationTrace passedAllocation ){
39 | allocated = true;
40 |
41 | allocationList.push(passedAllocation);
42 | if( allocationList.size() > 20 )
43 | allocationList.removeElementAt(0);
44 |
45 | }
46 |
47 | //=================================================================
48 | /**
49 | *
50 | * @return
51 | */
52 | public int getAllocatedSize(){
53 |
54 | int retSize = 0;
55 | if( allocated && !allocationList.isEmpty() ){
56 | AllocationTrace aTrace = allocationList.peek();
57 | retSize = aTrace.getSize();
58 | }
59 | return retSize;
60 | }
61 |
62 | //=================================================================
63 | /**
64 | *
65 | * @param freeTrace
66 | */
67 | public void addFree( Trace freeTrace ){
68 | allocated = false;
69 | freeList.push(freeTrace);
70 | if( freeList.size() > 20 )
71 | freeList.removeElementAt(0);
72 | }
73 |
74 | //==================================================================
75 | /**
76 | *
77 | * @return
78 | */
79 | @Override
80 | public String toString(){
81 | String retStr = String.format("0x%08X", memoryAddress );
82 | if( allocated && !allocationList.isEmpty() ){
83 | AllocationTrace aTrace = allocationList.peek();
84 | retStr += ":" + String.format("0x%08X", aTrace.getSize() );
85 | }
86 | return retStr;
87 | }
88 |
89 | //==================================================================
90 | /**
91 | *
92 | * @return
93 | */
94 | public boolean isAllocated() {
95 | return allocated;
96 | }
97 |
98 | //==================================================================
99 | /**
100 | *
101 | * @return
102 | */
103 | public long getAddress() {
104 | return memoryAddress;
105 | }
106 |
107 | //==================================================================
108 | /**
109 | *
110 | * @return
111 | */
112 | public byte[] getLastTrace() {
113 | byte[] traceArr = null;
114 | if( allocated && !allocationList.isEmpty() ){
115 | AllocationTrace aTrace = allocationList.peek();
116 | traceArr = aTrace.traceByteArr;
117 | } else if( !freeList.isEmpty() ){
118 | Trace aTrace = freeList.peek();
119 | traceArr = aTrace.traceByteArr;
120 | }
121 | return traceArr;
122 | }
123 |
124 | //==================================================================
125 | /**
126 | *
127 | * @return
128 | */
129 | public String getTraceHistory() {
130 |
131 | SimpleDateFormat format = new SimpleDateFormat("MM/dd/yyyy-hh:mm:ss:SSSZ ");
132 |
133 | String retStr = "";
134 | List allTraces = new ArrayList<>();
135 |
136 | //Add allocations
137 | allTraces.addAll(allocationList);
138 |
139 | //Add frees
140 | allTraces.addAll(freeList);
141 |
142 | //Sort
143 | Collections.sort( allTraces );
144 |
145 | for( Trace aTrace : allTraces ){
146 |
147 | retStr += " " + format.format( aTrace.dateReceived );
148 |
149 | //Add size
150 | if( aTrace instanceof AllocationTrace ){
151 | AllocationTrace allocTrace = (AllocationTrace)aTrace;
152 | retStr += "\nMALLOC Size: " + allocTrace.getSize();
153 | } else {
154 | retStr += "\nFREE";
155 | }
156 |
157 | retStr += "\n";
158 | retStr += Trace.processStackTrace( aTrace.traceByteArr );
159 | retStr += "\n";
160 |
161 | }
162 |
163 | return retStr;
164 |
165 | }
166 |
167 | //========================================================================
168 | /**
169 | *
170 | * @param passedColor
171 | */
172 | public void setColor( Color passedColor ){
173 | memoryColor = passedColor;
174 | }
175 |
176 | //=========================================================================
177 | /**
178 | *
179 | * @return
180 | */
181 | public Color getColor() {
182 | return memoryColor;
183 | }
184 | }
185 |
--------------------------------------------------------------------------------
/HeapMonitor/src/heapmonitor/MemoryMapLabel.java:
--------------------------------------------------------------------------------
1 | package heapmonitor;
2 |
3 | import java.awt.Color;
4 | import java.awt.Cursor;
5 | import java.awt.Graphics;
6 | import java.awt.event.MouseAdapter;
7 | import java.awt.event.MouseEvent;
8 | import java.awt.event.MouseMotionListener;
9 | import java.awt.image.BufferedImage;
10 | import java.util.Map.Entry;
11 | import java.util.TreeMap;
12 | import javax.swing.BorderFactory;
13 | import javax.swing.JLabel;
14 | import javax.swing.SwingUtilities;
15 |
16 | /**
17 | *
18 | * @author b0yd
19 | */
20 | public class MemoryMapLabel extends JLabel {
21 |
22 | public static final int MEMORY_MAP_LABEL_WIDTH = 755;
23 | public static final int MEMORY_MAP_LABEL_HEIGHT = 24;
24 |
25 | private final MemoryJPanel parentPanel;
26 | private BufferedImage memoryMapImage;
27 | private final Object lockObj = new Object();
28 |
29 | private volatile long curr_start_address = 0;
30 | private volatile long curr_end_address = 0;
31 |
32 | //======================================================================
33 | /**
34 | *
35 | */
36 | public MemoryMapLabel( MemoryJPanel passedParent ) {
37 | initialize();
38 | memoryMapImage = new BufferedImage( MEMORY_MAP_LABEL_WIDTH, MEMORY_MAP_LABEL_HEIGHT, BufferedImage.TYPE_INT_ARGB);
39 | parentPanel = passedParent;
40 | }
41 |
42 | //=======================================================================
43 | /**
44 | *
45 | * @param g
46 | */
47 | @Override
48 | public void paintComponent( Graphics g ){
49 | //super.paintComponent(g);
50 | synchronized(lockObj ){
51 | g.drawImage(memoryMapImage, 0, 0, null);
52 | }
53 | }
54 |
55 | //=======================================================================
56 | /**
57 | *
58 | * @param passedMemMap
59 | */
60 | public void updateMemoryMap( TreeMap passedMemMap ){
61 | synchronized(lockObj ){
62 |
63 | curr_start_address = passedMemMap.firstKey();
64 | curr_end_address = passedMemMap.lastKey();
65 |
66 | long range = curr_end_address - curr_start_address;
67 | if( range != 0 ){
68 |
69 | double pixel_per_byte = (double)MEMORY_MAP_LABEL_WIDTH/(double)range;
70 |
71 | //Get the graphics
72 | Graphics g = memoryMapImage.getGraphics();
73 | //Paint background first
74 | g.setColor(Color.WHITE);
75 | g.fillRect(0, 0, MEMORY_MAP_LABEL_WIDTH, MEMORY_MAP_LABEL_HEIGHT);
76 |
77 | //Set color for the rest
78 | g.setColor(Color.BLUE);
79 |
80 | for ( Entry anEntry : passedMemMap.entrySet() ) {
81 | long chunk_address = anEntry.getKey();
82 | MemoryChunk aChunk = anEntry.getValue();
83 | if( aChunk.isAllocated() ){
84 | int start_location = (int)(Math.floor( ((double)chunk_address - (double)curr_start_address) * pixel_per_byte));
85 | int size = (int) ((double)aChunk.getAllocatedSize() * pixel_per_byte);
86 | if( size == 0)
87 | size = 1;
88 |
89 | g.fillRect(start_location, 0, size, MEMORY_MAP_LABEL_HEIGHT);
90 | }
91 | }
92 | }
93 | }
94 |
95 | //Repaint if the adddress space is open
96 | SwingUtilities.invokeLater( new Runnable(){
97 | @Override
98 | public void run() {
99 | repaint();
100 | }
101 | });
102 | }
103 |
104 | //=======================================================================
105 | /**
106 | *
107 | */
108 | private void initialize() {
109 |
110 | //Set border
111 | setBorder( BorderFactory.createLineBorder(Color.black) );
112 |
113 | //Add mouse listener for click
114 | addMouseListener( new MouseAdapter(){
115 |
116 | @Override
117 | public void mouseClicked(MouseEvent evt) {
118 |
119 | if (evt.getClickCount() == 1) {
120 |
121 | int x = evt.getX();
122 | int y = evt.getY();
123 |
124 | long range = curr_end_address - curr_start_address;
125 | if( range != 0 ){
126 | double pixel_per_byte = (double)MEMORY_MAP_LABEL_WIDTH/(double)range;
127 | long clicked_address = (long) ( curr_start_address + ( (double)x / pixel_per_byte));
128 |
129 | long baseaddr = (clicked_address >> 16) << 16;
130 | parentPanel.loadMemoryPage(baseaddr, true);
131 | }
132 |
133 | }
134 | }
135 |
136 | });
137 |
138 | //Change mouse cursor
139 | addMouseMotionListener( new MouseMotionListener(){
140 |
141 | @Override
142 | public void mouseDragged(MouseEvent e) {
143 | }
144 |
145 | //Change the cursor
146 | @Override
147 | public void mouseMoved(MouseEvent e) {
148 | setCursor(new Cursor(Cursor.HAND_CURSOR));
149 | }
150 |
151 | });
152 | }
153 |
154 | //========================================================================
155 | /**
156 | *
157 | */
158 | public void clear() {
159 | memoryMapImage = new BufferedImage( MEMORY_MAP_LABEL_WIDTH, MEMORY_MAP_LABEL_HEIGHT, BufferedImage.TYPE_INT_ARGB);
160 | }
161 |
162 | }
163 |
--------------------------------------------------------------------------------
/HeapMonitor/src/heapmonitor/SocketHandler.java:
--------------------------------------------------------------------------------
1 | package heapmonitor;
2 |
3 | import java.io.DataInputStream;
4 | import java.io.IOException;
5 | import java.net.Socket;
6 | import java.net.SocketException;
7 | import java.net.SocketTimeoutException;
8 | import java.nio.ByteBuffer;
9 | import java.nio.ByteOrder;
10 | import java.util.logging.Level;
11 | import java.util.logging.Logger;
12 |
13 | /**
14 | *
15 | * @author b0yd
16 | */
17 | public class SocketHandler implements Runnable {
18 |
19 | private final Socket theClientSocket;
20 | private final MainFrame theParentFrame;
21 |
22 | public static final byte ALLOCATE = 0x12;
23 | public static final byte FREE = 0x13;
24 | public static final byte SOCKET_CLOSED = -1;
25 |
26 | //=================================================================
27 | /**
28 | *
29 | * @param parentFrame
30 | * @param clientSocket
31 | */
32 | public SocketHandler(MainFrame parentFrame, Socket clientSocket) {
33 | theParentFrame = parentFrame;
34 | theClientSocket = clientSocket;
35 | }
36 |
37 | //=================================================================
38 | /**
39 | * Main receive loop
40 | *
41 | * Protocol format
42 | *
43 | * Allocation
44 | * [ 1 byte - message type ][ 4 byte - allocation size ][ 8 bytes - address ]
45 | * [ 4 bytes - trace size ][ (trace_size bytes) trace string array ]
46 | *
47 | * Free
48 | * [ 1 byte - message type ][ 8 bytes - address ]
49 | * [ 4 bytes - trace size ][ (trace_size bytes) trace string array ]
50 | *
51 | *
52 | *
53 | */
54 | @Override
55 | public void run() {
56 |
57 | try {
58 |
59 | boolean socketClosed = false;
60 | //Create the handler and start it
61 | MemoryTupleHandler aHandler = new MemoryTupleHandler(theParentFrame);
62 | aHandler.start();
63 |
64 | theClientSocket.setSoTimeout(1000);
65 | DataInputStream dataStream = new DataInputStream( theClientSocket.getInputStream() );
66 | byte[] sizeArr = new byte[4];
67 | byte[] addrArr = new byte[8];
68 | byte[] traceLen = new byte[4];
69 |
70 | while( !socketClosed ){
71 |
72 | Trace aTrace = null;
73 | try{
74 |
75 | //Get message type
76 | byte messageType = (byte)dataStream.read();
77 | long address = 0;
78 | switch( messageType){
79 | case ALLOCATE:
80 |
81 | //Get allocation size
82 | dataStream.readFully(sizeArr);
83 | int size = ByteBuffer.wrap(sizeArr).order(ByteOrder.LITTLE_ENDIAN).getInt();
84 |
85 | //Get address
86 | dataStream.readFully(addrArr);
87 | address = ByteBuffer.wrap(addrArr).order(ByteOrder.LITTLE_ENDIAN).getLong();
88 |
89 | //Get trace len
90 | dataStream.readFully(traceLen);
91 | int trace_len = ByteBuffer.wrap(traceLen).order(ByteOrder.LITTLE_ENDIAN).getInt();
92 |
93 | //Get trace data
94 | byte[] traceByteArr = new byte[trace_len];
95 | dataStream.readFully(traceByteArr);
96 |
97 | //Create tuple
98 | aTrace = new AllocationTrace( traceByteArr, size);
99 | break;
100 |
101 | case FREE:
102 | //Get address
103 | dataStream.readFully(addrArr);
104 | address = ByteBuffer.wrap(addrArr).order(ByteOrder.LITTLE_ENDIAN).getLong();
105 |
106 | //Get trace len
107 | dataStream.readFully(traceLen);
108 | trace_len = ByteBuffer.wrap(traceLen).order(ByteOrder.LITTLE_ENDIAN).getInt();
109 |
110 | //Get trace data
111 | traceByteArr = new byte[trace_len];
112 | dataStream.readFully(traceByteArr);
113 |
114 | //Create tuple
115 | aTrace = new Trace( traceByteArr );
116 |
117 | break;
118 | case SOCKET_CLOSED:
119 | socketClosed = true;
120 | break;
121 | default:
122 | System.err.println("Unknown message type detected.");
123 | break;
124 | }
125 |
126 | //Add to queue to be processed
127 | if( address != 0 && aTrace != null )
128 | aHandler.processIncoming(address, aTrace);
129 |
130 |
131 | } catch(SocketTimeoutException ex){
132 | }
133 | }
134 | } catch (SocketException ex) {
135 | if( !ex.getMessage().contains("Connection reset"))
136 | Logger.getLogger(SocketHandler.class.getName()).log(Level.SEVERE, null, ex);
137 | } catch (IOException ex) {
138 | Logger.getLogger(SocketHandler.class.getName()).log(Level.SEVERE, null, ex);
139 | }
140 |
141 | //Set socket handler to null
142 | theParentFrame.setSocketHandler(null);
143 |
144 | }
145 |
146 | //==========================================================================
147 | /**
148 | *
149 | */
150 | public void disconnect() {
151 | try {
152 | theClientSocket.close();
153 | } catch (IOException ex) {
154 | }
155 | }
156 |
157 | }
158 |
--------------------------------------------------------------------------------
/Observer/Observer/Observer.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "dbghelp.h"
4 | #include
5 |
6 | const int backtraceSize = 64;
7 |
8 | class Trace {
9 |
10 | public:
11 | Trace(HANDLE passedHeapHandle){
12 | heapHandle = passedHeapHandle;
13 | trace_str_buf_size = 0;
14 | this->walkStack();
15 | };
16 |
17 | ~Trace(){
18 | if( trace_str_buf != NULL && heapHandle != NULL )
19 | HeapFree(heapHandle, 0 , trace_str_buf);
20 |
21 | };
22 | char *trace_str_buf;
23 | DWORD trace_str_buf_size;
24 | HANDLE heapHandle;
25 |
26 | private:
27 |
28 | void appendToTrace( char *str, size_t size ){
29 |
30 | if( heapHandle != NULL){
31 | if( trace_str_buf_size == 0 ){
32 |
33 | //Create a buffer and copy into it
34 | trace_str_buf_size = 0x100000;
35 | trace_str_buf = (char *)HeapAlloc(heapHandle, HEAP_ZERO_MEMORY, trace_str_buf_size);
36 | strncpy_s(trace_str_buf, trace_str_buf_size, str, size );
37 |
38 | } else if( strlen(trace_str_buf) + size > trace_str_buf_size) {
39 |
40 | //Add more space
41 | trace_str_buf_size += 0x100000;
42 | trace_str_buf = (char *)HeapReAlloc(heapHandle, HEAP_ZERO_MEMORY, trace_str_buf, trace_str_buf_size);
43 | if( trace_str_buf == NULL)
44 | return;
45 | //Concatenate the string
46 | strncat_s(trace_str_buf, trace_str_buf_size, str, size);
47 |
48 | } else {
49 |
50 | //Concatenate the string
51 | strncat_s(trace_str_buf, trace_str_buf_size, str, size);
52 | }
53 | }
54 |
55 | }
56 |
57 | void walkStack(){
58 |
59 | CONTEXT Context = {0};
60 | STACKFRAME64 stk;
61 | memset(&stk, 0, sizeof(stk));
62 |
63 | HANDLE hThread = GetCurrentThread();
64 | HANDLE currProc = GetCurrentProcess();
65 |
66 | const int MAXSYMBOLNAME = 128 - sizeof(IMAGEHLP_SYMBOL);
67 | char symbol64_buf[sizeof(IMAGEHLP_SYMBOL) + MAXSYMBOLNAME] = {0};
68 | IMAGEHLP_SYMBOL *symbol = reinterpret_cast(symbol64_buf);
69 | symbol->SizeOfStruct = sizeof(IMAGEHLP_SYMBOL);
70 | symbol->MaxNameLength = MAXSYMBOLNAME - 1;
71 |
72 | DWORD IMG_ARCH = IMAGE_FILE_MACHINE_I386;
73 | RtlCaptureContext( &Context );
74 | #ifdef _WIN64
75 | IMG_ARCH = IMAGE_FILE_MACHINE_AMD64;
76 | stk.AddrPC.Offset = Context.Rip;
77 | stk.AddrPC.Mode = AddrModeFlat;
78 | stk.AddrStack.Offset = Context.Rsp;
79 | stk.AddrStack.Mode = AddrModeFlat;
80 | stk.AddrFrame.Offset = Context.Rbp;
81 | stk.AddrFrame.Mode = AddrModeFlat;
82 | #elif _WIN32
83 | stk.AddrPC.Offset = Context.Eip;
84 | stk.AddrPC.Mode = AddrModeFlat;
85 | stk.AddrStack.Offset = Context.Esp;
86 | stk.AddrStack.Mode = AddrModeFlat;
87 | stk.AddrFrame.Offset = Context.Ebp;
88 | stk.AddrFrame.Mode = AddrModeFlat;
89 | #endif
90 |
91 | char tmpBuf[24];
92 | char lineNum[20];
93 | DWORD str_len = 0;
94 | for(ULONG Frame = 0; ; Frame++)
95 | {
96 | BOOL result = StackWalk64(
97 | IMG_ARCH, // __in DWORD MachineType,
98 | currProc, // __in HANDLE hProcess,
99 | hThread, // __in HANDLE hThread,
100 | &stk, // __inout LP STACKFRAME64 StackFrame,
101 | &Context, // __inout PVOID ContextRecord,
102 | NULL, // __in_opt PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine,
103 | SymFunctionTableAccess64, // __in_opt PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine,
104 | SymGetModuleBase64, // __in_opt PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine,
105 | NULL // __in_opt PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress
106 | );
107 |
108 | size_t curr_trace = (ULONG64)stk.AddrPC.Offset;
109 | if( curr_trace ){
110 |
111 | sprintf_s(tmpBuf, "%p", curr_trace);
112 | // Output stack frame symbols if available.
113 | if(SymGetSymFromAddr(currProc, (DWORD64)curr_trace, 0, symbol)){
114 |
115 | appendToTrace(symbol->Name, strlen(symbol->Name));
116 |
117 | // Output filename + line info if available.
118 | IMAGEHLP_LINE64 lineSymbol;
119 | lineSymbol.SizeOfStruct = sizeof(IMAGEHLP_LINE64);
120 | DWORD displacement;
121 |
122 | if(SymGetLineFromAddr64(currProc, (DWORD64)curr_trace, &displacement, &lineSymbol)){
123 |
124 | appendToTrace( "\t", 1);
125 | appendToTrace( lineSymbol.FileName, strlen(lineSymbol.FileName));
126 | appendToTrace( ":", 1);
127 |
128 | //Add line number
129 | _ltoa_s(lineSymbol.LineNumber, lineNum, 10 );
130 | appendToTrace( lineNum, strlen(lineNum));
131 |
132 | } else {
133 | appendToTrace( "\t", 1);
134 | }
135 |
136 | appendToTrace( "\t", 1);
137 |
138 | appendToTrace( tmpBuf, strlen(tmpBuf));
139 |
140 | appendToTrace( ")\n", 2);
141 |
142 | } else {
143 |
144 | appendToTrace("\t\t(", 14);
145 |
146 | appendToTrace(tmpBuf, strlen(tmpBuf));
147 |
148 | appendToTrace( ")\n", 2);
149 | }
150 |
151 | }
152 |
153 | if(!result)
154 | break;
155 | }
156 |
157 |
158 | }
159 |
160 | };
161 |
162 | //******************************************************************************
163 | class MemoryMessage{
164 | public:
165 | MemoryMessage(size_t *ptr, Trace *trace ){
166 | this->ptr = ptr;
167 | this->trace = trace;
168 | };
169 |
170 | size_t getBytes(char* buf, size_t max_size){
171 | size_t ret_size = 0;
172 | size_t buf_size = 12;
173 |
174 | //Check that an address
175 | if( trace ){
176 |
177 | DWORD trace_len = (DWORD)strlen(trace->trace_str_buf);
178 | buf_size += trace_len;
179 | if( buf && buf_size <= max_size ){
180 | ret_size = buf_size;
181 | memset(buf, 0, ret_size );
182 |
183 | //Add address and stack trace
184 | *(long *)buf = (long)ptr;
185 | *(DWORD *)((char*)buf + 8) = (DWORD)trace_len;
186 | memcpy( (char*)buf + 12, trace->trace_str_buf, trace_len );
187 | } else {
188 | printf("MemoryMessage: Unable to create MemoryMessage, buffer is too small.\nProvided: %d, Needed: %d\n", max_size, buf_size );
189 | }
190 | }
191 | return ret_size;
192 |
193 | }
194 | byte msg_type;
195 | private:
196 | size_t *ptr;
197 | Trace *trace;
198 | };
199 |
200 | class MallocMessage : public MemoryMessage{
201 | public:
202 | MallocMessage(DWORD size, size_t *ptr, Trace *trace ) : MemoryMessage( ptr, trace) {
203 | this->size = size;
204 | msg_type = (byte)0x12;
205 | };
206 |
207 | size_t getBytes(char* buf, DWORD max_size){
208 | size_t ret_size = 0;
209 | size_t buf_size = 0;
210 |
211 | //Get data from the base class
212 | buf_size = this->MemoryMessage::getBytes(buf + 5, max_size - 5);
213 | if( buf_size > 0 ){
214 |
215 | buf_size += 5;
216 | if( buf && buf_size <= max_size ){
217 |
218 | ret_size = buf_size;
219 | //Add type
220 | *(byte *)buf = (byte)msg_type;
221 | //Add size
222 | *((DWORD *)((char *)(buf + 1))) = size;
223 |
224 | } else {
225 | printf("MallocMessage: Unable to create MallocMessage, buffer is too small.\nProvided:%d, Needed:%d\n", max_size, buf_size );
226 | }
227 | }
228 |
229 | return ret_size;
230 | }
231 | private:
232 | DWORD size;
233 | };
234 |
235 | class FreeMessage : public MemoryMessage{
236 | public:
237 | FreeMessage( size_t *ptr, Trace *trace ) : MemoryMessage( ptr, trace) {
238 | msg_type = (byte)0x13;
239 | };
240 |
241 | size_t getBytes(char* buf, DWORD max_size){
242 | size_t ret_size = 0;
243 | size_t buf_size = 0;
244 |
245 | //Get data from the base class
246 | buf_size = this->MemoryMessage::getBytes(buf + 1, max_size - 1);
247 |
248 | if( buf && buf_size > 0 ){
249 |
250 | buf_size += 1;
251 | if( buf && buf_size <= max_size ){
252 | ret_size = buf_size;
253 |
254 | //Add type
255 | *(byte *)buf = (byte)msg_type;
256 |
257 | } else {
258 | printf("FreeMessage: Unable to create FreeMessage, buffer is too small.\nProvided:%d, Needed:%d\n", max_size, buf_size );
259 | }
260 | }
261 |
262 | return ret_size;
263 |
264 | }
265 | };
--------------------------------------------------------------------------------
/HeapMonitor/src/heapmonitor/FreeJPanel.java:
--------------------------------------------------------------------------------
1 | package heapmonitor;
2 |
3 | import static heapmonitor.MainFrame.COLORIZE_ALLOC;
4 | import java.awt.Color;
5 | import java.awt.Component;
6 | import java.awt.Font;
7 | import java.awt.event.MouseAdapter;
8 | import java.awt.event.MouseEvent;
9 | import javax.swing.DefaultListCellRenderer;
10 | import javax.swing.DefaultListModel;
11 | import javax.swing.JList;
12 | import javax.swing.JMenuItem;
13 | import javax.swing.JPopupMenu;
14 | import javax.swing.event.ListSelectionEvent;
15 | import javax.swing.event.ListSelectionListener;
16 |
17 | /**
18 | *
19 | * @author b0yd
20 | */
21 | public class FreeJPanel extends javax.swing.JPanel {
22 |
23 | private final MainFrame parentFrame;
24 | private boolean autoScroll = false;
25 |
26 | /**
27 | * Creates new form AllocationJPanel
28 | * @param parent
29 | */
30 | public FreeJPanel( MainFrame parent ) {
31 | initComponents();
32 | initializeComponents();
33 | parentFrame = parent;
34 | }
35 |
36 | //=======================================================================
37 | /**
38 | *
39 | */
40 | private void initializeComponents() {
41 |
42 | DefaultListModel listModel = new DefaultListModel();
43 | freeJList.setModel(listModel);
44 | freeJList.setFont( new Font(Font.MONOSPACED, Font.PLAIN, 12 ));
45 | freeJList.addListSelectionListener( new ListSelectionListener() {
46 |
47 | @Override
48 | public void valueChanged(ListSelectionEvent e) {
49 | if( !e.getValueIsAdjusting()){
50 | loadMemoryAddr();
51 | }
52 | }
53 | });
54 |
55 | freeJList.addMouseListener( new MouseAdapter(){
56 | @Override
57 | public void mouseReleased(MouseEvent e){
58 | if(e.isPopupTrigger()){
59 | doTreePopupMenuLogic(e);
60 | }
61 | }
62 | });
63 |
64 | freeJList.setCellRenderer( new DefaultListCellRenderer(){
65 | @Override
66 | public Component getListCellRendererComponent( JList list, Object value, int index, boolean isSelected, boolean cellHasFocus ) {
67 | Component c = super.getListCellRendererComponent( list, value, index, isSelected, cellHasFocus );
68 | if( value instanceof MemoryChunk ){
69 | MemoryChunk mem = (MemoryChunk)value;
70 | Color val_c = mem.getColor();
71 | if( val_c != Color.BLUE ) {
72 | c.setBackground( val_c ); //yellow every even row
73 | }
74 | }
75 | return c;
76 | }
77 | });
78 | }
79 |
80 |
81 | //=======================================================================
82 | /**
83 | * Determines what menu options to show on the popup menu based on the
84 | * {@link XmlObject} object contained in the currently selected node.
85 | *
86 | * @param e the {@code MouseEvent} that triggered the popup
87 | */
88 | public void doTreePopupMenuLogic( MouseEvent e ) {
89 |
90 | JPopupMenu popup = new JPopupMenu();
91 | JMenuItem menuItem;
92 |
93 | menuItem = new JMenuItem( "Colorize");
94 | menuItem.setActionCommand( MainFrame.COLORIZE_FREE );
95 | menuItem.addActionListener(parentFrame);
96 | menuItem.setEnabled( true );
97 | popup.add(menuItem);
98 |
99 | if( popup.getComponentCount() > 0 )
100 | popup.show(e.getComponent(), e.getX(), e.getY());
101 |
102 | }
103 |
104 | //=======================================================================
105 | /**
106 | *
107 | * @return
108 | */
109 | public MemoryChunk getSelected() {
110 | return (MemoryChunk)freeJList.getSelectedValue();
111 | }
112 |
113 | private void loadMemoryAddr(){
114 | MemoryChunk aChunk = (MemoryChunk)freeJList.getSelectedValue();
115 | if( aChunk != null ){
116 | parentFrame.getTracePanel().setStackTraceTextArea( aChunk.getTraceHistory() );
117 | parentFrame.getMemoryPanel().loadMemoryPage( aChunk.getAddress(), false );
118 | }
119 | }
120 |
121 | /**
122 | * This method is called from within the constructor to initialize the form.
123 | * WARNING: Do NOT modify this code. The content of this method is always
124 | * regenerated by the Form Editor.
125 | */
126 | @SuppressWarnings("unchecked")
127 | // //GEN-BEGIN:initComponents
128 | private void initComponents() {
129 |
130 | allocationScrollPane = new javax.swing.JScrollPane();
131 |
132 | allocationScrollPane.setBorder(null);
133 | allocationScrollPane.setPreferredSize(new java.awt.Dimension(45, 165));
134 |
135 | allocationScrollPane.setViewportView(freeJList);
136 |
137 | javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
138 | this.setLayout(layout);
139 | layout.setHorizontalGroup(
140 | layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
141 | .addGap(0, 185, Short.MAX_VALUE)
142 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
143 | .addGroup(layout.createSequentialGroup()
144 | .addComponent(allocationScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 185, javax.swing.GroupLayout.PREFERRED_SIZE)
145 | .addGap(0, 0, Short.MAX_VALUE)))
146 | );
147 | layout.setVerticalGroup(
148 | layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
149 | .addGap(0, 353, Short.MAX_VALUE)
150 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
151 | .addComponent(allocationScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 353, Short.MAX_VALUE))
152 | );
153 | }// //GEN-END:initComponents
154 |
155 |
156 | // Variables declaration - do not modify//GEN-BEGIN:variables
157 | private javax.swing.JScrollPane allocationScrollPane;
158 | private final javax.swing.JList freeJList = new javax.swing.JList();
159 | // End of variables declaration//GEN-END:variables
160 |
161 | //=======================================================================
162 | /**
163 | *
164 | * @param aChunk
165 | */
166 | public void addFree(MemoryChunk aChunk) {
167 | DefaultListModel listModel = (DefaultListModel) freeJList.getModel();
168 | listModel.removeElement( aChunk );
169 | listModel.addElement( aChunk );
170 |
171 | //If autoscroll
172 | if( autoScroll ){
173 | int lastIndex = listModel.getSize() - 1;
174 | if (lastIndex >= 0) {
175 | freeJList.ensureIndexIsVisible(lastIndex);
176 | }
177 | }
178 | }
179 |
180 | //=======================================================================
181 | /**
182 | *
183 | * @param aChunk
184 | */
185 | public void removeMemoryChunk(MemoryChunk aChunk) {
186 | DefaultListModel listModel = (DefaultListModel) freeJList.getModel();
187 | listModel.removeElement( aChunk );
188 | }
189 |
190 | //=======================================================================
191 | /**
192 | *
193 | */
194 | public void clearPanel() {
195 | DefaultListModel listModel = (DefaultListModel)freeJList.getModel();
196 | listModel.clear();
197 | }
198 |
199 | //=========================================================================
200 | /**
201 | *
202 | * @param selected
203 | */
204 | public void setAutoscrollFlag(boolean selected) {
205 | autoScroll = selected;
206 | }
207 |
208 | //=========================================================================
209 | /**
210 | *
211 | * @param object
212 | */
213 | public void setSelected(Object object) {
214 | if( object == null)
215 | freeJList.clearSelection();
216 | else
217 | freeJList.setSelectedValue(object, true);
218 | }
219 | }
220 |
--------------------------------------------------------------------------------
/HeapMonitor/src/heapmonitor/AllocationJPanel.java:
--------------------------------------------------------------------------------
1 |
2 | package heapmonitor;
3 |
4 | import java.awt.Color;
5 | import java.awt.Component;
6 | import java.awt.Font;
7 | import java.awt.event.MouseAdapter;
8 | import java.awt.event.MouseEvent;
9 | import javax.swing.DefaultListCellRenderer;
10 | import javax.swing.DefaultListModel;
11 | import javax.swing.JList;
12 | import javax.swing.JMenuItem;
13 | import javax.swing.JPopupMenu;
14 | import javax.swing.event.ListSelectionEvent;
15 | import javax.swing.event.ListSelectionListener;
16 |
17 | /**
18 | *
19 | * @author b0yd
20 | */
21 | public class AllocationJPanel extends javax.swing.JPanel {
22 |
23 | private final MainFrame parentFrame;
24 | private boolean autoScroll = false;
25 |
26 | /**
27 | * Creates new form AllocationJPanel
28 | * @param parent
29 | */
30 | public AllocationJPanel( MainFrame parent ) {
31 | initComponents();
32 | initializeComponents();
33 | parentFrame = parent;
34 | }
35 |
36 | //=======================================================================
37 | /**
38 | *
39 | */
40 | private void initializeComponents() {
41 |
42 | DefaultListModel listModel = new DefaultListModel();
43 | allocationJList.setModel(listModel);
44 | allocationJList.setFont( new Font(Font.MONOSPACED, Font.PLAIN, 12 ));
45 | allocationJList.addListSelectionListener( new ListSelectionListener() {
46 |
47 | @Override
48 | public void valueChanged(ListSelectionEvent e) {
49 | if( !e.getValueIsAdjusting())
50 | loadMemoryAddr();
51 | }
52 | });
53 |
54 | allocationJList.addMouseListener( new MouseAdapter(){
55 | @Override
56 | public void mouseReleased(MouseEvent e){
57 | if(e.isPopupTrigger()){
58 | doTreePopupMenuLogic(e);
59 | }
60 | }
61 | });
62 |
63 | allocationJList.setCellRenderer( new DefaultListCellRenderer(){
64 | @Override
65 | public Component getListCellRendererComponent( JList list, Object value, int index, boolean isSelected, boolean cellHasFocus ) {
66 | Component c = super.getListCellRendererComponent( list, value, index, isSelected, cellHasFocus );
67 | if( value instanceof MemoryChunk ){
68 | MemoryChunk mem = (MemoryChunk)value;
69 | Color val_c = mem.getColor();
70 | if( val_c != Color.BLUE ) {
71 | c.setBackground( val_c ); //yellow every even row
72 | }
73 | }
74 | return c;
75 | }
76 | });
77 |
78 |
79 | }
80 |
81 | //=======================================================================
82 | /**
83 | * Determines what menu options to show on the popup menu based on the
84 | * {@link XmlObject} object contained in the currently selected node.
85 | *
86 | * @param e the {@code MouseEvent} that triggered the popup
87 | */
88 | public void doTreePopupMenuLogic( MouseEvent e ) {
89 |
90 | JPopupMenu popup = new JPopupMenu();
91 | JMenuItem menuItem;
92 |
93 | menuItem = new JMenuItem( "Colorize" );
94 | menuItem.setActionCommand( MainFrame.COLORIZE_ALLOC );
95 | menuItem.addActionListener(parentFrame);
96 | menuItem.setEnabled( true );
97 | popup.add(menuItem);
98 |
99 | if( popup.getComponentCount() > 0 )
100 | popup.show(e.getComponent(), e.getX(), e.getY());
101 |
102 | }
103 |
104 | private void loadMemoryAddr(){
105 | MemoryChunk aChunk = (MemoryChunk)allocationJList.getSelectedValue();
106 | if( aChunk != null ){
107 | parentFrame.getTracePanel().setStackTraceTextArea( aChunk.getTraceHistory() );
108 | parentFrame.getMemoryPanel().loadMemoryPage( aChunk.getAddress(), false );
109 | }
110 | }
111 | /**
112 | * This method is called from within the constructor to initialize the form.
113 | * WARNING: Do NOT modify this code. The content of this method is always
114 | * regenerated by the Form Editor.
115 | */
116 | @SuppressWarnings("unchecked")
117 | // //GEN-BEGIN:initComponents
118 | private void initComponents() {
119 |
120 | allocationScrollPane = new javax.swing.JScrollPane();
121 |
122 | allocationScrollPane.setBorder(null);
123 | allocationScrollPane.setPreferredSize(new java.awt.Dimension(45, 165));
124 |
125 | allocationScrollPane.setViewportView(allocationJList);
126 |
127 | javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
128 | this.setLayout(layout);
129 | layout.setHorizontalGroup(
130 | layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
131 | .addGap(0, 185, Short.MAX_VALUE)
132 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
133 | .addGroup(layout.createSequentialGroup()
134 | .addComponent(allocationScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 185, javax.swing.GroupLayout.PREFERRED_SIZE)
135 | .addGap(0, 0, Short.MAX_VALUE)))
136 | );
137 | layout.setVerticalGroup(
138 | layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
139 | .addGap(0, 353, Short.MAX_VALUE)
140 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
141 | .addComponent(allocationScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 353, Short.MAX_VALUE))
142 | );
143 | }// //GEN-END:initComponents
144 |
145 |
146 | // Variables declaration - do not modify//GEN-BEGIN:variables
147 | private final javax.swing.JList allocationJList = new javax.swing.JList();
148 | private javax.swing.JScrollPane allocationScrollPane;
149 | // End of variables declaration//GEN-END:variables
150 |
151 | //=======================================================================
152 | /**
153 | *
154 | * @return
155 | */
156 | public MemoryChunk getSelected() {
157 | return (MemoryChunk)allocationJList.getSelectedValue();
158 | }
159 |
160 |
161 | //=======================================================================
162 | /**
163 | *
164 | * @param aChunk
165 | */
166 | public void setSelected(MemoryChunk aChunk) {
167 | if( aChunk == null )
168 | allocationJList.clearSelection();
169 | else
170 | allocationJList.setSelectedValue(aChunk, true);
171 | }
172 |
173 |
174 |
175 | //=======================================================================
176 | /**
177 | *
178 | * @param aChunk
179 | */
180 | public void addMemoryChunk(MemoryChunk aChunk) {
181 | DefaultListModel listModel = (DefaultListModel) allocationJList.getModel();
182 | listModel.removeElement( aChunk );
183 | listModel.addElement( aChunk );
184 |
185 | //If autoscroll
186 | if( autoScroll ){
187 | int lastIndex = listModel.getSize() - 1;
188 | if (lastIndex >= 0) {
189 | allocationJList.ensureIndexIsVisible(lastIndex);
190 | }
191 | }
192 | }
193 |
194 | //=======================================================================
195 | /**
196 | *
197 | */
198 | public void clearPanel() {
199 | DefaultListModel listModel = (DefaultListModel)allocationJList.getModel();
200 | listModel.clear();
201 | }
202 |
203 | //=========================================================================
204 | /**
205 | *
206 | * @param aChunk
207 | */
208 | public void removeMemoryChunk(MemoryChunk aChunk) {
209 | DefaultListModel listModel = (DefaultListModel) allocationJList.getModel();
210 | listModel.removeElement( aChunk );
211 | }
212 |
213 | //=========================================================================
214 | /**
215 | *
216 | * @param selected
217 | */
218 | public void setAutoscrollFlag(boolean selected) {
219 | autoScroll = selected;
220 | }
221 | }
222 |
--------------------------------------------------------------------------------
/Observer/DllInjector/DllInjector.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Debug
10 | x64
11 |
12 |
13 | Release
14 | Win32
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {964F661B-8FA0-4DEF-836F-0D0720972D02}
23 | Win32Proj
24 | DllInjector
25 | DllInjector
26 |
27 |
28 |
29 | Application
30 | true
31 | v110
32 | MultiByte
33 |
34 |
35 | Application
36 | true
37 | v110
38 | MultiByte
39 |
40 |
41 | Application
42 | false
43 | v110
44 | true
45 | MultiByte
46 | Static
47 |
48 |
49 | Application
50 | false
51 | v110
52 | true
53 | MultiByte
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 | true
73 | $(ProjectName)_Win32
74 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
75 | build\$(Platform)\$(Configuration)\
76 |
77 |
78 | true
79 | $(ProjectName)_x64
80 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
81 | build\$(Platform)\$(Configuration)\
82 |
83 |
84 | false
85 | $(ProjectName)_Win32
86 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
87 | build\$(Platform)\$(Configuration)\
88 |
89 |
90 | false
91 | $(ProjectName)_x64
92 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
93 | build\$(Platform)\$(Configuration)\
94 |
95 |
96 |
97 |
98 |
99 | Level3
100 | Disabled
101 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
102 | MultiThreadedDebug
103 |
104 |
105 | Console
106 | true
107 |
108 |
109 |
110 |
111 |
112 |
113 | Level3
114 | Disabled
115 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
116 | MultiThreadedDebug
117 |
118 |
119 | Console
120 | true
121 |
122 |
123 |
124 |
125 | Level3
126 |
127 |
128 | MaxSpeed
129 | true
130 | true
131 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
132 | MultiThreaded
133 |
134 |
135 | Console
136 | true
137 | true
138 | true
139 |
140 |
141 |
142 |
143 | Level3
144 |
145 |
146 | MaxSpeed
147 | true
148 | true
149 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
150 | MultiThreaded
151 |
152 |
153 | Console
154 | true
155 | true
156 | true
157 |
158 |
159 |
160 |
161 |
162 |
163 |
164 |
165 |
--------------------------------------------------------------------------------
/Observer/TestAllocations/TestAllocations.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Debug
10 | x64
11 |
12 |
13 | Release
14 | Win32
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {5D63EFBE-1839-4708-9814-81170AF56313}
23 | Win32Proj
24 | TestAllocations
25 |
26 |
27 |
28 | Application
29 | true
30 | v110
31 | Unicode
32 |
33 |
34 | Application
35 | true
36 | v110
37 | Unicode
38 |
39 |
40 | Application
41 | false
42 | v110
43 | true
44 | Unicode
45 |
46 |
47 | Application
48 | false
49 | v110
50 | true
51 | Unicode
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 | true
71 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
72 | build\$(Platform)\$(Configuration)\
73 |
74 |
75 | true
76 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
77 | build\$(Platform)\$(Configuration)\
78 |
79 |
80 | false
81 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
82 | build\$(Platform)\$(Configuration)\
83 |
84 |
85 | false
86 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
87 | build\$(Platform)\$(Configuration)\
88 |
89 |
90 |
91 | Use
92 | Level3
93 | Disabled
94 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
95 | true
96 |
97 |
98 | Console
99 | true
100 |
101 |
102 |
103 |
104 | Use
105 | Level3
106 | Disabled
107 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
108 | true
109 |
110 |
111 | Console
112 | true
113 |
114 |
115 |
116 |
117 | Level3
118 | Use
119 | MaxSpeed
120 | true
121 | true
122 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
123 | true
124 |
125 |
126 | Console
127 | true
128 | true
129 | true
130 |
131 |
132 |
133 |
134 | Level3
135 | Use
136 | MaxSpeed
137 | true
138 | true
139 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
140 | true
141 |
142 |
143 | Console
144 | true
145 | true
146 | true
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 | Create
159 | Create
160 | Create
161 | Create
162 |
163 |
164 |
165 |
166 |
167 |
168 |
--------------------------------------------------------------------------------
/Observer/DllInjector/DllInjector.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | #include
5 | #include
6 | #include
7 |
8 | #pragma comment (lib, "Advapi32.lib")
9 |
10 | typedef LONG (NTAPI *NtSuspendProcess)(IN HANDLE ProcessHandle);
11 | typedef LONG (NTAPI *NtResumeProcess)(IN HANDLE ProcessHandle);
12 | typedef NTSTATUS (NTAPI *NtRtlCreateUserThread)( IN HANDLE ProcessHandle,
13 | IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
14 | IN BOOLEAN CreateSuspended,
15 | IN ULONG StackZeroBits,
16 | IN OUT PULONG StackReserved,
17 | IN OUT PULONG StackCommit,
18 | IN PVOID StartAddress,
19 | IN PVOID StartParameter OPTIONAL,
20 | OUT PHANDLE ThreadHandle,
21 | OUT VOID* ClientID
22 | );
23 |
24 | // Inject a DLL into the target process by creating a new thread at LoadLibrary
25 | // Waits for injected thread to finish and returns its exit code.
26 | //
27 | // Originally from :
28 | // http://www.codeproject.com/Articles/2082/API-hooking-revealed
29 | int LoadLibraryInjection(HANDLE proc, const char *dllName){
30 |
31 | int retVal;
32 | LPVOID RemoteString, LoadLibAddy;
33 | LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
34 |
35 | RemoteString = (LPVOID)VirtualAllocEx(proc, NULL, strlen(dllName) + 1, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
36 | if(RemoteString == NULL){
37 | CloseHandle(proc); // Close the process handle.
38 | throw std::runtime_error("LoadLibraryInjection: Error on VirtualAllocEx.");
39 | }
40 |
41 | if(WriteProcessMemory(proc, (LPVOID)RemoteString, dllName,strlen(dllName) + 1, NULL) == 0){
42 | VirtualFreeEx(proc, RemoteString, 0, MEM_RELEASE); // Free the memory we were going to use.
43 | CloseHandle(proc); // Close the process handle.
44 | throw std::runtime_error("LoadLibraryInjection: Error on WriteProcessMemeory.");
45 | }
46 |
47 | HANDLE hThread;
48 | NtRtlCreateUserThread pfnNtRtlCreateUserThread = (NtRtlCreateUserThread)GetProcAddress( GetModuleHandleA("ntdll"), "RtlCreateUserThread");
49 | NTSTATUS retNtVal = pfnNtRtlCreateUserThread(proc, NULL, FALSE, 0, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, &hThread, NULL);
50 | //if((hThread = CreateRemoteThread(proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL)) == NULL){
51 | if( retNtVal ){
52 | VirtualFreeEx(proc, RemoteString, 0, MEM_RELEASE); // Free the memory we were going to use.
53 | CloseHandle(proc); // Close the process handle.
54 | throw std::runtime_error("LoadLibraryInjection: Error on CreateRemoteThread.");
55 | }
56 |
57 | // Wait for the thread to finish.
58 | WaitForSingleObject(hThread, INFINITE);
59 |
60 | // Lets see what it says...
61 | //DWORD dwThreadExitCode=0;
62 | GetExitCodeThread(hThread, (LPDWORD)&retVal);
63 |
64 | // No need for this handle anymore, lets get rid of it.
65 | CloseHandle(hThread);
66 |
67 | // Lets clear up that memory we allocated earlier.
68 | VirtualFreeEx(proc, RemoteString, 0, MEM_RELEASE);
69 |
70 | return retVal;
71 | }
72 |
73 | std::string getDirectoryOfFile(const std::string &file){
74 | size_t pos = (std::min)(file.find_last_of("/"), file.find_last_of("\\"));
75 | if(pos == std::string::npos)
76 | return ".";
77 | else
78 | return file.substr(0, pos);
79 | }
80 |
81 |
82 | //Suspend the process
83 | NTSTATUS suspend(HANDLE processHandle){
84 |
85 | NtSuspendProcess pfnNtSuspendProcess = (NtSuspendProcess)GetProcAddress( GetModuleHandleA("ntdll"), "NtSuspendProcess");
86 | return pfnNtSuspendProcess(processHandle);
87 | }
88 |
89 | //Resume the process
90 | NTSTATUS resume(HANDLE processHandle){
91 |
92 | NtResumeProcess pfnNtResumeProcess = (NtResumeProcess)GetProcAddress( GetModuleHandleA("ntdll"), "NtResumeProcess");
93 | return pfnNtResumeProcess(processHandle);
94 | }
95 |
96 | //START OF CODE
97 | int enableSEPrivilege(LPCTSTR name)
98 | {
99 | HANDLE hToken;
100 | LUID luid;
101 | TOKEN_PRIVILEGES tkp;
102 |
103 | if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken)) return 0;
104 |
105 | if(!LookupPrivilegeValue(NULL, name, &luid)) return 0;
106 |
107 | tkp.PrivilegeCount = 1;
108 | tkp.Privileges[0].Luid = luid;
109 | tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
110 |
111 | if(!AdjustTokenPrivileges(hToken, false, &tkp, sizeof(tkp), NULL, NULL)) return 0;
112 |
113 | if(GetLastError() == ERROR_NOT_ALL_ASSIGNED) return 0;
114 |
115 | CloseHandle(hToken);
116 | return 1;
117 | }
118 |
119 |
120 | extern "C" int main(int argc, char* argv[]){
121 |
122 |
123 | if(argc < 2){
124 | std::cout << "No arguments specified!\n\n";
125 | std::cout << "Usage: DllInjector -p pid -e -a [args to pass to exe]\n\n"
126 | " -p Provide the process pid if you wish to attach to a running process\n"
127 | " -e Path to exe to launch \n"
128 | " -d Path to dll to inject \n"
129 | " -a Any arguments for the specified exe\n";
130 |
131 | return -1;
132 | }
133 |
134 | //Loop through args and set flags
135 | char *curArg;
136 | char *injectionTarget = NULL;
137 | int processId = 0;
138 | std::string commandLine = "";
139 | std::string dllPath = "";
140 |
141 | for( int i =1; i < argc; i++){
142 | curArg = argv[i];
143 | if( strcmp(curArg, "-p") == 0 ){
144 |
145 | //Get the process id
146 | if( argc > i + 1 ){
147 | char *procIdStr = argv[i+1];
148 | processId = atoi(procIdStr);
149 | }
150 |
151 | } else if( strcmp(curArg, "-e") == 0){
152 | //Get the exe path
153 | if( argc > i + 1){
154 | injectionTarget = argv[i+1];
155 | commandLine = injectionTarget;
156 | i++;
157 | }
158 | } else if( strcmp(curArg, "-a") == 0){
159 |
160 | //Loop through the args
161 | for(int j = i+1; j < argc; ++j){
162 | commandLine += " " + std::string(argv[j]);
163 | }
164 |
165 | } else if( strcmp(curArg, "-d") == 0){
166 | //Get the process id
167 | if( argc > i + 1){
168 | dllPath = argv[i+1];
169 | i++;
170 | }
171 | break;
172 | }
173 | }
174 |
175 | //Make sure dll exists
176 | if ( GetFileAttributesA((LPCSTR)dllPath.c_str()) == INVALID_FILE_ATTRIBUTES ){
177 | std::cerr << "DLL does not exist. Please check path: (" << dllPath << ").\n\n";
178 | return -1;
179 | }
180 |
181 | // Start our new process with a suspended main thread.
182 | std::cout << "Starting process with heap profiling enabled..." << std::endl;
183 |
184 | //If process id was given
185 | HANDLE processHandle;
186 | HANDLE threadHandle = 0;
187 |
188 | if( processId != 0 ){
189 |
190 | DWORD dwResult = enableSEPrivilege(SE_DEBUG_NAME);
191 | processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processId );
192 | if( processHandle == NULL ){
193 | std::cerr << "Error attaching to process " << processId << std::endl;
194 | return -1;
195 | }
196 |
197 | std::cout << "Target process id: " << processId << std::endl;
198 |
199 | NTSTATUS retVal = suspend(processHandle );
200 | if( retVal ){
201 | std::cerr << "Error suspending process " << processId << " Code: " << retVal << std::endl;
202 | return 1;
203 | }
204 |
205 | } else if( !commandLine.empty() ){
206 |
207 | // Start our new process with a suspended main thread.
208 | std::cout << "Target exe path: " << injectionTarget << std::endl;
209 | std::cout << "Target exe command line: " << commandLine << std::endl;
210 |
211 |
212 | DWORD flags = CREATE_SUSPENDED;
213 | PROCESS_INFORMATION pi;
214 | STARTUPINFOA si;
215 | GetStartupInfoA(&si);
216 |
217 | if(CreateProcessA(NULL, (LPSTR)commandLine.c_str(), NULL, NULL, 0, flags, NULL,
218 | (LPSTR)".", &si, &pi) == 0){
219 | int err = GetLastError();
220 | std::cerr << "Error creating process " << injectionTarget << " Code: " << err << std::endl;
221 | return -1;
222 | }
223 |
224 | processHandle = pi.hProcess;
225 | threadHandle = pi.hThread;
226 |
227 | }
228 |
229 | try{
230 |
231 | int retVal = LoadLibraryInjection(processHandle, dllPath.c_str());
232 | if( retVal == 0 ){
233 | throw std::runtime_error("LoadLibrary failed!");
234 | }
235 |
236 | } catch(const std::exception &e){
237 | std::cerr << "\n";
238 | std::cerr << "Error while injecting process: " << e.what() << "\n\n";
239 | std::cerr << "Check that the hook dll (" << dllPath << " is in the correct location.\n\n";
240 |
241 | if( processId != 0 )
242 | resume(processHandle);
243 |
244 | // TODO: figure out how to terminate thread. This does not always work.
245 | return -1;
246 | }
247 |
248 | // Once the injection thread has returned it is safe to resume the main thread.
249 | if( threadHandle){
250 | ResumeThread(threadHandle);
251 | std::cout << "Resuming thread handle.\n" << std::endl;
252 | } else if( processId != 0 ){
253 | if( !resume(processHandle))
254 | std::cout << "Sucessfully resumed process.\n" << std::endl;
255 | }
256 |
257 | std::cout << "Sucessfully injected Hooking DLL.\n" << std::endl;
258 |
259 | return 0;
260 | }
261 |
--------------------------------------------------------------------------------
/Observer/libs/MinHook/build/libMinHook.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
15 |
18 |
19 |
20 |
21 |
22 |
29 |
32 |
35 |
38 |
41 |
44 |
56 |
59 |
62 |
65 |
69 |
72 |
75 |
78 |
81 |
84 |
85 |
92 |
95 |
98 |
101 |
104 |
108 |
120 |
123 |
126 |
129 |
133 |
136 |
139 |
142 |
145 |
148 |
149 |
157 |
160 |
163 |
166 |
169 |
172 |
184 |
187 |
190 |
193 |
197 |
200 |
203 |
206 |
209 |
212 |
213 |
221 |
224 |
227 |
230 |
233 |
237 |
249 |
252 |
255 |
258 |
262 |
265 |
268 |
271 |
274 |
277 |
278 |
279 |
280 |
281 |
282 |
285 |
288 |
291 |
292 |
295 |
296 |
299 |
300 |
301 |
304 |
307 |
308 |
311 |
312 |
315 |
316 |
317 |
320 |
323 |
324 |
327 |
328 |
331 |
332 |
335 |
336 |
339 |
340 |
341 |
344 |
347 |
348 |
351 |
352 |
355 |
356 |
359 |
360 |
363 |
364 |
365 |
366 |
369 |
370 |
373 |
374 |
375 |
376 |
377 |
378 |
--------------------------------------------------------------------------------
/Observer/libs/MinHook/build/MinHook.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
15 |
18 |
19 |
20 |
21 |
22 |
29 |
32 |
35 |
38 |
41 |
44 |
55 |
58 |
61 |
64 |
74 |
77 |
80 |
83 |
86 |
89 |
92 |
95 |
96 |
104 |
107 |
110 |
113 |
116 |
119 |
130 |
133 |
136 |
139 |
151 |
154 |
157 |
160 |
163 |
166 |
169 |
172 |
173 |
180 |
183 |
186 |
189 |
192 |
196 |
207 |
210 |
213 |
216 |
225 |
228 |
231 |
234 |
237 |
240 |
243 |
246 |
247 |
255 |
258 |
261 |
264 |
267 |
271 |
282 |
285 |
288 |
291 |
303 |
306 |
309 |
312 |
315 |
318 |
321 |
324 |
325 |
326 |
327 |
328 |
329 |
332 |
335 |
340 |
341 |
344 |
349 |
350 |
353 |
358 |
359 |
362 |
367 |
368 |
369 |
372 |
373 |
376 |
377 |
380 |
381 |
382 |
383 |
384 |
385 |
--------------------------------------------------------------------------------
/Observer/libs/MinHook/build/libMinHook.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Debug
10 | x64
11 |
12 |
13 | Release
14 | Win32
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {65021938-D251-46FA-BC3D-85C385D4C06D}
23 | libMinHook
24 | Win32Proj
25 |
26 |
27 |
28 | StaticLibrary
29 | Unicode
30 | true
31 | v110_xp
32 |
33 |
34 | StaticLibrary
35 | Unicode
36 | v110
37 |
38 |
39 | StaticLibrary
40 | Unicode
41 | true
42 | v110
43 |
44 |
45 | StaticLibrary
46 | Unicode
47 | v110
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 | <_ProjectFileVersion>10.0.40219.1
67 | AllRules.ruleset
68 |
69 |
70 | AllRules.ruleset
71 |
72 |
73 | AllRules.ruleset
74 |
75 |
76 | AllRules.ruleset
77 |
78 |
79 |
80 |
81 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
82 | build\$(Platform)\$(Configuration)\
83 |
84 |
85 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
86 | build\$(Platform)\$(Configuration)\
87 |
88 |
89 |
90 | Disabled
91 | $(ProjectDir)\..\include;%(AdditionalIncludeDirectories)
92 | WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)
93 | true
94 | EnableFastChecks
95 | MultiThreadedDebug
96 |
97 |
98 | Level3
99 | EditAndContinue
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 | X64
108 |
109 |
110 | Disabled
111 | $(ProjectDir)\..\include;%(AdditionalIncludeDirectories)
112 | WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)
113 | true
114 | EnableFastChecks
115 | MultiThreadedDebug
116 |
117 |
118 | Level3
119 | ProgramDatabase
120 |
121 |
122 |
123 |
124 |
125 | MaxSpeed
126 | true
127 | $(ProjectDir)\..\include;%(AdditionalIncludeDirectories)
128 | WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)
129 | MultiThreaded
130 | true
131 |
132 |
133 | Level3
134 | ProgramDatabase
135 | NoExtensions
136 |
137 |
138 |
139 |
140 |
141 | X64
142 |
143 |
144 | MaxSpeed
145 | true
146 | $(ProjectDir)\..\include;%(AdditionalIncludeDirectories)
147 | WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)
148 | MultiThreaded
149 | true
150 |
151 |
152 | Level3
153 | ProgramDatabase
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
163 |
164 |
165 |
166 |
167 |
168 |
169 |
170 |
171 |
172 |
173 |
174 |
175 |
176 |
177 |
178 |
179 |
180 |
181 |
182 |
183 |
184 |
--------------------------------------------------------------------------------
/Observer/Observer/Observer.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Debug
10 | x64
11 |
12 |
13 | Release
14 | Win32
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {F3C8DD27-15AB-4B73-A499-C32181ACACC9}
23 | Win32Proj
24 | Observer
25 | Observer
26 |
27 |
28 |
29 | DynamicLibrary
30 | true
31 | v110
32 | Unicode
33 |
34 |
35 | DynamicLibrary
36 | true
37 | v110
38 | Unicode
39 |
40 |
41 | DynamicLibrary
42 | false
43 | v110
44 | true
45 | Unicode
46 | Static
47 |
48 |
49 | DynamicLibrary
50 | false
51 | v110
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 | true
73 | $(ProjectName)_Win32
74 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
75 | build\$(Platform)\$(Configuration)\
76 |
77 |
78 | true
79 | $(ProjectName)_x64
80 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
81 | build\$(Platform)\$(Configuration)\
82 |
83 |
84 | false
85 | $(ProjectName)_Win32
86 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
87 | build\$(Platform)\$(Configuration)\
88 |
89 |
90 | false
91 | $(ProjectName)_x64
92 | $(SolutionDir)dist\$(Platform)\$(Configuration)\
93 | build\$(Platform)\$(Configuration)\
94 |
95 |
96 |
97 |
98 |
99 | Level3
100 | Disabled
101 | WIN32;_DEBUG;_WINDOWS;_USRDLL;HEAPYINJECT_EXPORTS;%(PreprocessorDefinitions)
102 | $(SolutionDir)\libs\MinHook\include;%(AdditionalIncludeDirectories)
103 | ProgramDatabase
104 | MultiThreadedDebug
105 |
106 |
107 | Windows
108 | true
109 | $(SolutionDir)\libs\dbghelp\lib\x86
110 | dbghelp.lib;%(AdditionalDependencies)
111 |
112 |
113 |
114 |
115 |
116 |
117 | Level3
118 | Disabled
119 | WIN32;_DEBUG;_WINDOWS;_USRDLL;HEAPYINJECT_EXPORTS;%(PreprocessorDefinitions)
120 | $(SolutionDir)\libs\MinHook\include;%(AdditionalIncludeDirectories)
121 | MultiThreadedDebug
122 |
123 |
124 | Windows
125 | true
126 | $(SolutionDir)\libs\dbghelp\lib\x64
127 | dbghelp.lib;%(AdditionalDependencies)
128 |
129 |
130 |
131 |
132 | Level3
133 |
134 |
135 | MaxSpeed
136 | true
137 | true
138 | WIN32;NDEBUG;_WINDOWS;_USRDLL;HEAPYINJECT_EXPORTS;%(PreprocessorDefinitions)
139 | $(SolutionDir)\libs\MinHook\include;%(AdditionalIncludeDirectories)
140 | MultiThreaded
141 |
142 |
143 | Windows
144 | true
145 | true
146 | true
147 | $(SolutionDir)\libs\dbghelp\lib\x86
148 | dbghelp.lib;%(AdditionalDependencies)
149 |
150 |
151 |
152 |
153 | Level3
154 |
155 |
156 | MaxSpeed
157 | true
158 | true
159 | WIN32;NDEBUG;_WINDOWS;_USRDLL;HEAPYINJECT_EXPORTS;%(PreprocessorDefinitions)
160 | $(SolutionDir)\libs\MinHook\include;%(AdditionalIncludeDirectories)
161 | MultiThreaded
162 |
163 |
164 | Windows
165 | true
166 | true
167 | true
168 | $(SolutionDir)\libs\dbghelp\lib\x64
169 | dbghelp.lib;%(AdditionalDependencies)
170 |
171 |
172 |
173 |
174 |
175 |
176 |
177 |
178 |
179 |
180 | {65021938-d251-46fa-bc3d-85c385d4c06d}
181 |
182 |
183 |
184 |
185 |
186 |
--------------------------------------------------------------------------------