Squalr

 using Squalr . Engine . Logging ;

.. .

// Receive logs from the engine
Logger . Subscribe ( new EngineLogEvents ( ) ) ;

.. .

class EngineLogEvents : ILoggerObserver
{
	public void OnLogEvent ( LogLevel logLevel , string message , string innerMessage )
	{
		Console . WriteLine ( message ) ;
		Console . WriteLine ( innerMessage ) ;
	}
}

 using Squalr . Engine . OS ;
.. .

IEnumerable < Process > processes = Processes . Default . GetProcesses ( ) ;

// Pick a process. For this example, we are just grabbing the first one.
Process process = processes . FirstOrDefault ( ) ;

Processes . Default . OpenedProcess = process ;

 using Squalr . Engine . Memory ;

.. .

Reader . Default . Read < Int32 > ( address ) ;
Writer . Default . Write < Int32 > ( address ) ;
Allocator . Alloc ( address , 256 ) ;
IEnumerable < NormalizedRegion > regions = Query . GetVirtualPages ( requiredProtection , excludedProtection , allowedTypes , startAddress , endAddress ) ;
IEnumerable < NormalizedModule > modules = Query . GetModules ( ) ;

 using Squalr . Engine . Architecture ;
using Squalr . Engine . Architecture . Assemblers ;

.. .

// Perform assembly
AssemblerResult result = Assembler . Default . Assemble ( assembly : "mov eax, 5" , isProcess32Bit : true , baseAddress : 0x10000 ) ;

Console . WriteLine ( BitConverter . ToString ( result . Bytes ) . Replace ( "-" , " " ) ) ;

// Disassemble the result (we will get the same instructions back)
Instruction [ ] instructions = Disassembler . Default . Disassemble ( bytes : result . Bytes , isProcess32Bit : true , baseAddress : 0x10000 ) ;

Console . WriteLine ( instructions [ 0 ] . Mnemonic ) ;

 using Squalr . Engine . Scanning ;
using Squalr . Engine . Scanning . Scanners ;
using Squalr . Engine . Scanning . Scanners . Constraints ;
using Squalr . Engine . Scanning . Snapshots ;

.. .

DataType dataType = DataType . Int32 ;

// Collect values
TrackableTask < Snapshot > valueCollectorTask = ValueCollector . CollectValues (
	SnapshotManager . GetSnapshot ( Snapshot . SnapshotRetrievalMode . FromActiveSnapshotOrPrefilter , dataType ) ) ;

// Perform manual scan on value collection complete
valueCollectorTask . CompletedCallback += ( ( completedValueCollection ) =>
{
	Snapshot snapshot = completedValueCollection . Result ;
	
	// Constraints
	ScanConstraintCollection scanConstraints = new ScanConstraintCollection ( ) ;
	scanConstraints . AddConstraint ( new ScanConstraint ( ScanConstraint . ConstraintType . Equal , 25 ) ) ;

	TrackableTask < Snapshot > scanTask = ManualScanner . Scan (
		snapshot ,
		allScanConstraints ) ;

	SnapshotManager . SaveSnapshot ( scanTask . Result ) ;
} ) ;
	
	
for ( UInt64 index = 0 ; index < snapshot . ElementCount ; index ++ )
{
	SnapshotElementIndexer element = snapshot [ index ] ;

	Object currentValue = element . HasCurrentValue ( ) ? element . LoadCurrentValue ( ) : null ;
	Object previousValue = element . HasPreviousValue ( ) ? element . LoadPreviousValue ( ) : null ;
}

 // Example: Tracing write events on a float
BreakpointSize size = Debugger . Default . SizeToBreakpointSize ( sizeof ( float ) ) ;
CancellationTokenSource cancellationTokenSource = Debugger . Default . FindWhatWrites ( 0x10000 , size , this . CodeTraceEvent ) ;

.. .

// When finished, cancel the instruction collection
cancellationTokenSource . cancel ( ) ;

.. .

private void CodeTraceEvent ( CodeTraceInfo codeTraceInfo )
{
	Console . WriteLine ( codeTraceInfo . Instruction . Address . ToString ( "X" ) ) ;
	Console . WriteLine ( codeTraceInfo . Instruction . Mnemonic ) ;
}