Beispiel #1
0
        public static NTSTATUS NtCreateFile10(out Microsoft.Win32.SafeHandles.SafeFileHandle fileHandle,
                                              Int32 desiredAccess,
                                              ref OBJECT_ATTRIBUTES objectAttributes,
                                              out IO_STATUS_BLOCK ioStatusBlock,
                                              ref Int64 allocationSize,
                                              UInt32 fileAttributes,
                                              System.IO.FileShare shareAccess,
                                              UInt32 createDisposition,
                                              UInt32 createOptions,
                                              IntPtr eaBuffer,
                                              UInt32 eaLength)
        {
            byte[] syscall = bNtCreateFile10;

            unsafe
            {
                fixed(byte *ptr = syscall)
                {
                    IntPtr memoryAddress = (IntPtr)ptr;

                    if (!Natives.VirtualProtect(memoryAddress,
                                                (UIntPtr)syscall.Length, 0x40, out uint oldprotect))
                    {
                        throw new Win32Exception();
                    }

                    Delegates.NtCreateFile myAssemblyFunction = (Delegates.NtCreateFile)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtCreateFile));

                    return((NTSTATUS)myAssemblyFunction(out fileHandle,
                                                        desiredAccess,
                                                        ref objectAttributes,
                                                        out ioStatusBlock,
                                                        ref allocationSize,
                                                        fileAttributes,
                                                        shareAccess,
                                                        createDisposition,
                                                        createOptions,
                                                        eaBuffer,
                                                        eaLength));
                }
            }
        }
Beispiel #2
0
        public static NTSTATUS ZwClose10(IntPtr handle)
        {
            byte[] syscall = bZwClose10;

            unsafe
            {
                fixed(byte *ptr = syscall)
                {
                    IntPtr memoryAddress = (IntPtr)ptr;

                    if (!Natives.VirtualProtect(memoryAddress,
                                                (UIntPtr)syscall.Length, 0x40, out uint oldprotect))
                    {
                        throw new Win32Exception();
                    }

                    Delegates.ZwClose myAssemblyFunction = (Delegates.ZwClose)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwClose));

                    return((NTSTATUS)myAssemblyFunction(handle));
                }
            }
        }
Beispiel #3
0
        public static NTSTATUS ZwOpenProcess10(ref IntPtr hProcess, ProcessAccessFlags processAccess, OBJECT_ATTRIBUTES objAttribute, ref CLIENT_ID clientid)
        {
            byte[] syscall = bZwOpenProcess10;

            unsafe
            {
                fixed(byte *ptr = syscall)
                {
                    IntPtr memoryAddress = (IntPtr)ptr;

                    if (!Natives.VirtualProtect(memoryAddress,
                                                (UIntPtr)syscall.Length, 0x40, out uint oldprotect))
                    {
                        throw new Win32Exception();
                    }

                    Delegates.ZwOpenProcess myAssemblyFunction = (Delegates.ZwOpenProcess)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwOpenProcess));

                    return((NTSTATUS)myAssemblyFunction(out hProcess, processAccess, objAttribute, ref clientid));
                }
            }
        }
Beispiel #4
0
        public static NTSTATUS NtFreeVirtualMemory10(IntPtr hProcess, ref IntPtr BaseAddress, ref uint RegionSize, ulong FreeType)
        {
            byte[] syscall = bNtFreeVirtualMemory10;

            unsafe
            {
                fixed(byte *ptr = syscall)
                {
                    IntPtr memoryAddress = (IntPtr)ptr;

                    if (!Natives.VirtualProtect(memoryAddress,
                                                (UIntPtr)syscall.Length, 0x40, out uint oldprotect))
                    {
                        throw new Win32Exception();
                    }

                    Delegates.NtFreeVirtualMemory myAssemblyFunction = (Delegates.NtFreeVirtualMemory)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtFreeVirtualMemory));

                    return((NTSTATUS)myAssemblyFunction(hProcess, ref BaseAddress, ref RegionSize, FreeType));
                }
            }
        }
Beispiel #5
0
        public static NTSTATUS ZwQuerySystemInformation10(SYSTEM_INFORMATION_CLASS SystemInformationClass, IntPtr SystemInformation, uint SystemInformationLength, ref uint ReturnLength)
        {
            byte[] syscall = bZwQuerySystemInformation10;

            unsafe
            {
                fixed(byte *ptr = syscall)
                {
                    IntPtr memoryAddress = (IntPtr)ptr;

                    if (!Natives.VirtualProtect(memoryAddress,
                                                (UIntPtr)syscall.Length, 0x40, out uint oldprotect))
                    {
                        throw new Win32Exception();
                    }

                    Delegates.ZwQuerySystemInformation myAssemblyFunction = (Delegates.ZwQuerySystemInformation)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwQuerySystemInformation));

                    return((NTSTATUS)myAssemblyFunction(SystemInformationClass, SystemInformation, SystemInformationLength, ref ReturnLength));
                }
            }
        }
Beispiel #6
0
        public static NTSTATUS ZwProtectVirtualMemory10(IntPtr hProcess, ref IntPtr lpBaseAddress, ref uint NumberOfBytesToProtect, uint NewAccessProtection, ref uint lpNumberOfBytesWritten)
        {
            byte[] syscall = bZwProtectVirtualMemory10;

            unsafe
            {
                fixed(byte *ptr = syscall)
                {
                    IntPtr memoryAddress = (IntPtr)ptr;

                    if (!Natives.VirtualProtect(memoryAddress,
                                                (UIntPtr)syscall.Length, 0x40, out uint oldprotect))
                    {
                        throw new Win32Exception();
                    }

                    Delegates.ZwProtectVirtualMemory myAssemblyFunction = (Delegates.ZwProtectVirtualMemory)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwProtectVirtualMemory));

                    return((NTSTATUS)myAssemblyFunction(hProcess, ref lpBaseAddress, ref NumberOfBytesToProtect, NewAccessProtection, ref lpNumberOfBytesWritten));
                }
            }
        }