private static void NtQueryInformationProcess(int flag, string flagName)
{
NtQueryInformationProcess ntQueryInformationProcess = new NtQueryInformationProcess();
using (IMemoryAddress result = GameSharpProcess.Instance.AllocateManagedMemory(IntPtr.Size))
{
int queryState = ntQueryInformationProcess.Call <int>(GameSharpProcess.Instance.Handle, flag, result.Address, (uint)4, null);
// STATUS_SUCCESS = 0, so if API call was successful queryState should contain 0.
if (queryState == 0)
{
if (!result.Read <bool>())
{
LoggingService.Info($"{flagName} => We're being debugged!");
}
}
}
}
/// <summary>
/// Wrapper for the NtQueryInformationProcess delegate, this will make the code more readable.
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="process"></param>
/// <param name="pic"></param>
/// <returns></returns>
public static T NtQueryInformationProcess <T>(GameSharpProcess process, ProcessInformationClass pic) where T : struct
{
T returnResult = default;
uint ntResult = NtQueryInformationProcessWrapper.Call(process.NativeHandle, pic, out IMemoryPointer returnPtr, Marshal.SizeOf <T>(), out IMemoryPointer _);
// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55
if (ntResult == 0)
{
returnResult = returnPtr.Read <T>();
}
//else
//{
// LoggingService.Error(
// $"Flag: {pic.ToString()}" +
// $", Couldn't query NtQueryInformationProcess, Error code: {Marshal.GetLastWin32Error().ToString("X")}" +
// $", Return value of NtQueryInformationProcess function is 0x{ntResult.ToString("X")}");
//}
return(returnResult);
}
