Ejemplo n.º 1
0
        public MemorySectionsProcessor()
        {
            var libraryPath = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), "NativeCore.dll");
            var handle      = LoadLibrary(libraryPath);

            _enumerateRemoteSectionsAndModulesDelegate = GetFunctionDelegate <EnumerateRemoteSectionsAndModulesDelegate>(handle, "EnumerateRemoteSectionsAndModules");
            Instance = this;
        }
Ejemplo n.º 2
0
        public void SetActiveNativeMethod(MethodInfo methodInfo)
        {
            Contract.Requires(methodInfo != null);

            switch (methodInfo.Method)
            {
            case RequestFunction.EnumerateProcesses:
                fnEnumerateProcesses       = methodInfo.FunctionPtr;
                enumerateProcessesDelegate = Marshal.GetDelegateForFunctionPointer <EnumerateProcessesDelegate>(fnEnumerateProcesses);
                break;

            case RequestFunction.EnumerateRemoteSectionsAndModules:
                fnEnumerateRemoteSectionsAndModules       = methodInfo.FunctionPtr;
                enumerateRemoteSectionsAndModulesDelegate = Marshal.GetDelegateForFunctionPointer <EnumerateRemoteSectionsAndModulesDelegate>(fnEnumerateRemoteSectionsAndModules);
                break;

            case RequestFunction.IsProcessValid:
                fnIsProcessValid       = methodInfo.FunctionPtr;
                isProcessValidDelegate = Marshal.GetDelegateForFunctionPointer <IsProcessValidDelegate>(fnIsProcessValid);
                break;

            case RequestFunction.OpenRemoteProcess:
                fnOpenRemoteProcess       = methodInfo.FunctionPtr;
                openRemoteProcessDelegate = Marshal.GetDelegateForFunctionPointer <OpenRemoteProcessDelegate>(fnOpenRemoteProcess);
                break;

            case RequestFunction.CloseRemoteProcess:
                fnCloseRemoteProcess       = methodInfo.FunctionPtr;
                closeRemoteProcessDelegate = Marshal.GetDelegateForFunctionPointer <CloseRemoteProcessDelegate>(fnCloseRemoteProcess);
                break;

            case RequestFunction.ReadRemoteMemory:
                fnReadRemoteMemory       = methodInfo.FunctionPtr;
                readRemoteMemoryDelegate = Marshal.GetDelegateForFunctionPointer <ReadRemoteMemoryDelegate>(fnReadRemoteMemory);
                break;

            case RequestFunction.WriteRemoteMemory:
                fnWriteRemoteMemory       = methodInfo.FunctionPtr;
                writeRemoteMemoryDelegate = Marshal.GetDelegateForFunctionPointer <WriteRemoteMemoryDelegate>(fnWriteRemoteMemory);
                break;

            case RequestFunction.DisassembleRemoteCode:
                fnDisassembleRemoteCode       = methodInfo.FunctionPtr;
                disassembleRemoteCodeDelegate = Marshal.GetDelegateForFunctionPointer <DisassembleRemoteCodeDelegate>(fnDisassembleRemoteCode);
                break;

            case RequestFunction.ControlRemoteProcess:
                fnControlRemoteProcess       = methodInfo.FunctionPtr;
                controlRemoteProcessDelegate = Marshal.GetDelegateForFunctionPointer <ControlRemoteProcessDelegate>(fnControlRemoteProcess);
                break;
            }
        }
        public NativeCoreWrapper(IntPtr handle)
        {
            if (handle.IsNull())
            {
                throw new ArgumentNullException();
            }

            enumerateProcessesDelegate = GetFunctionDelegate <EnumerateProcessesDelegate>(handle, "EnumerateProcesses");

            enumerateRemoteSectionsAndModulesDelegate = GetFunctionDelegate <EnumerateRemoteSectionsAndModulesDelegate>(handle, "EnumerateRemoteSectionsAndModules");
            openRemoteProcessDelegate         = GetFunctionDelegate <OpenRemoteProcessDelegate>(handle, "OpenRemoteProcess");
            isProcessValidDelegate            = GetFunctionDelegate <IsProcessValidDelegate>(handle, "IsProcessValid");
            closeRemoteProcessDelegate        = GetFunctionDelegate <CloseRemoteProcessDelegate>(handle, "CloseRemoteProcess");
            readRemoteMemoryDelegate          = GetFunctionDelegate <ReadRemoteMemoryDelegate>(handle, "ReadRemoteMemory");
            writeRemoteMemoryDelegate         = GetFunctionDelegate <WriteRemoteMemoryDelegate>(handle, "WriteRemoteMemory");
            controlRemoteProcessDelegate      = GetFunctionDelegate <ControlRemoteProcessDelegate>(handle, "ControlRemoteProcess");
            attachDebuggerToProcessDelegate   = GetFunctionDelegate <AttachDebuggerToProcessDelegate>(handle, "AttachDebuggerToProcess");
            detachDebuggerFromProcessDelegate = GetFunctionDelegate <DetachDebuggerFromProcessDelegate>(handle, "DetachDebuggerFromProcess");
            awaitDebugEventDelegate           = GetFunctionDelegate <AwaitDebugEventDelegate>(handle, "AwaitDebugEvent");
            handleDebugEventDelegate          = GetFunctionDelegate <HandleDebugEventDelegate>(handle, "HandleDebugEvent");
            setHardwareBreakpointDelegate     = GetFunctionDelegate <SetHardwareBreakpointDelegate>(handle, "SetHardwareBreakpoint");
        }