public static NTSTATUS ZwQuerySystemInformation10(SYSTEM_INFORMATION_CLASS SystemInformationClass, IntPtr SystemInformation, uint SystemInformationLength, ref uint ReturnLength)
{
byte[] syscall = bZwQuerySystemInformation10;
GCHandle pinnedArray = GCHandle.Alloc(syscall, GCHandleType.Pinned);
IntPtr memoryAddress = pinnedArray.AddrOfPinnedObject();
if (!Natives.VirtualProtect(memoryAddress,
(UIntPtr)syscall.Length, memoryPtrotection, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwQuerySystemInformation myAssemblyFunction = (Delegates.ZwQuerySystemInformation)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwQuerySystemInformation));
return((NTSTATUS)myAssemblyFunction(SystemInformationClass, SystemInformation, SystemInformationLength, ref ReturnLength));
}
public static NTSTATUS ZwQuerySystemInformation10(SYSTEM_INFORMATION_CLASS SystemInformationClass, IntPtr SystemInformation, uint SystemInformationLength, ref uint ReturnLength)
{
byte[] syscall = bZwQuerySystemInformation10;
unsafe
{
fixed(byte *ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtectEx(Process.GetCurrentProcess().Handle, memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwQuerySystemInformation myAssemblyFunction = (Delegates.ZwQuerySystemInformation)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwQuerySystemInformation));
return((NTSTATUS)myAssemblyFunction(SystemInformationClass, SystemInformation, SystemInformationLength, ref ReturnLength));
}
}
}
