/// <summary>
/// Uses DynamicInvocation to call the VirtualAllocEx Win32 API. https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualallocex
/// </summary>
/// <returns>Returns the base address of allocated region if successful, otherwise return NULL.</returns>
public static IntPtr VirtualAllocEx(
IntPtr hProcess,
IntPtr lpAddress,
uint dwSize,
Execute.Win32.Kernel32.AllocationType flAllocationType,
Execute.Win32.Kernel32.MemoryProtection flProtect)
{
// Craft an array for the arguments
object[] funcargs =
{
hProcess, lpAddress, dwSize, flAllocationType, flProtect
};
IntPtr retValue = (IntPtr)Generic.DynamicAPIInvoke(@"kernel32.dll", @"VirtualAllocEx",
typeof(Delegates.VirtualAllocEx), ref funcargs);
return(retValue);
}
public static void NtFreeVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, ref IntPtr RegionSize, Execute.Win32.Kernel32.AllocationType FreeType)
{
// Craft an array for the arguments
object[] funcargs =
{
ProcessHandle, BaseAddress, RegionSize, FreeType
};
Execute.Native.NTSTATUS retValue = (Execute.Native.NTSTATUS)Generic.DynamicAPIInvoke(@"ntdll.dll", @"NtFreeVirtualMemory", typeof(DELEGATES.NtFreeVirtualMemory), ref funcargs);
if (retValue == Execute.Native.NTSTATUS.AccessDenied)
{
// STATUS_ACCESS_DENIED
throw new UnauthorizedAccessException("Access is denied.");
}
if (retValue == Execute.Native.NTSTATUS.InvalidHandle)
{
// STATUS_INVALID_HANDLE
throw new InvalidOperationException("An invalid HANDLE was specified.");
}
if (retValue != Execute.Native.NTSTATUS.Success)
{
// STATUS_OBJECT_TYPE_MISMATCH == 0xC0000024
throw new InvalidOperationException("There is a mismatch between the type of object that is required by the requested operation and the type of object that is specified in the request.");
}
}
public static IntPtr NtAllocateVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, IntPtr ZeroBits, ref IntPtr RegionSize, Execute.Win32.Kernel32.AllocationType AllocationType, UInt32 Protect)
{
// Craft an array for the arguments
object[] funcargs =
{
ProcessHandle, BaseAddress, ZeroBits, RegionSize, AllocationType, Protect
};
Execute.Native.NTSTATUS retValue = (Execute.Native.NTSTATUS)Generic.DynamicAPIInvoke(@"ntdll.dll", @"NtAllocateVirtualMemory", typeof(DELEGATES.NtAllocateVirtualMemory), ref funcargs);
if (retValue == Execute.Native.NTSTATUS.AccessDenied)
{
// STATUS_ACCESS_DENIED
throw new UnauthorizedAccessException("Access is denied.");
}
if (retValue == Execute.Native.NTSTATUS.AlreadyCommitted)
{
// STATUS_ALREADY_COMMITTED
throw new InvalidOperationException("The specified address range is already committed.");
}
if (retValue == Execute.Native.NTSTATUS.CommitmentLimit)
{
// STATUS_COMMITMENT_LIMIT
throw new InvalidOperationException("Your system is low on virtual memory.");
}
if (retValue == Execute.Native.NTSTATUS.ConflictingAddresses)
{
// STATUS_CONFLICTING_ADDRESSES
throw new InvalidOperationException("The specified address range conflicts with the address space.");
}
if (retValue == Execute.Native.NTSTATUS.InsufficientResources)
{
// STATUS_INSUFFICIENT_RESOURCES
throw new InvalidOperationException("Insufficient system resources exist to complete the API call.");
}
if (retValue == Execute.Native.NTSTATUS.InvalidHandle)
{
// STATUS_INVALID_HANDLE
throw new InvalidOperationException("An invalid HANDLE was specified.");
}
if (retValue == Execute.Native.NTSTATUS.InvalidPageProtection)
{
// STATUS_INVALID_PAGE_PROTECTION
throw new InvalidOperationException("The specified page protection was not valid.");
}
if (retValue == Execute.Native.NTSTATUS.NoMemory)
{
// STATUS_NO_MEMORY
throw new InvalidOperationException("Not enough virtual memory or paging file quota is available to complete the specified operation.");
}
if (retValue == Execute.Native.NTSTATUS.ObjectTypeMismatch)
{
// STATUS_OBJECT_TYPE_MISMATCH
throw new InvalidOperationException("There is a mismatch between the type of object that is required by the requested operation and the type of object that is specified in the request.");
}
if (retValue != Execute.Native.NTSTATUS.Success)
{
// STATUS_PROCESS_IS_TERMINATING == 0xC000010A
throw new InvalidOperationException("An attempt was made to duplicate an object handle into or out of an exiting process.");
}
BaseAddress = (IntPtr)funcargs[1];
return(BaseAddress);
}
public static extern IntPtr VirtualAlloc(
IntPtr lpStartAddr,
uint size,
Execute.Win32.Kernel32.AllocationType flAllocationType,
uint flProtect
);