private T ReadProcessStruct <T>(int processId, IntPtr address) where T : struct
{
IntPtr buffer = MarshalUtility.AllocEmptyStruct <T>();
if (kernelDriver.CopyVirtualMemory(processId, address, buffer, Marshal.SizeOf <T>()))
{
return(MarshalUtility.GetStructFromMemory <T>(buffer));
}
return(default(T));
}
private int GetProcessListRequiredBufferSize()
{
IntPtr operationPointer = MarshalUtility.AllocEmptyStruct <KERNEL_PROCESS_LIST_OPERATION>();
int operationSize = Marshal.SizeOf <KERNEL_PROCESS_LIST_OPERATION>();
if (WinApi.DeviceIoControl(driverHandle, IO_GET_PROCESS_LIST, operationPointer, operationSize, operationPointer, operationSize, IntPtr.Zero, IntPtr.Zero))
{
KERNEL_PROCESS_LIST_OPERATION operation = MarshalUtility.GetStructFromMemory <KERNEL_PROCESS_LIST_OPERATION>(operationPointer);
if (operation.processCount == 0 && operation.bufferSize > 0)
{
return(operation.bufferSize);
}
}
return(0);
}
