public static extern NtStatus NtQueryVirtualMemory(
SafeKernelObjectHandle ProcessHandle,
IntPtr BaseAddress,
MemoryInformationClass MemoryInformationClass,
SafeBuffer MemoryInformation,
IntPtr MemoryInformationLength,
out IntPtr ReturnLength
);
internal static extern NTSTATUS PInvoke_NtQueryVirtualMemory(IntPtr ProcessHandle, IntPtr BaseAddress, MemoryInformationClass InfoClass, IntPtr Info, uint InfoLength, out uint ReturnLength);
/// <summary>
///
/// </summary>
/// <param name="ProcessHandle"></param>
/// <param name="BaseAddress"></param>
/// <param name="InfoClass"></param>
/// <param name="Info"></param>
/// <param name="InfoLength"></param>
/// <param name="ReturnLength"></param>
/// <returns></returns>
public static NTSTATUS NtQueryVirtualMemory(IntPtr ProcessHandle, IntPtr BaseAddress, MemoryInformationClass InfoClass, IntPtr Info, uint InfoLength, out uint ReturnLength, [CallerMemberName] string callerName = "")
{
if (!PInvokeDebugger.LoggingEnabled)
{
return(PInvoke_NtQueryVirtualMemory(ProcessHandle, BaseAddress, InfoClass, Info, InfoLength, out ReturnLength));
}
NTSTATUS returnValue = PInvoke_NtQueryVirtualMemory(ProcessHandle, BaseAddress, InfoClass, Info, InfoLength, out ReturnLength);
PInvokeDebugInfo debugInfo = PInvokeDebugInfo.TraceDebugInfo(
ModuleName,
nameof(NtQueryVirtualMemory),
callerName,
returnValue,
nameof(ProcessHandle), ProcessHandle,
nameof(BaseAddress), BaseAddress,
nameof(InfoClass), InfoClass,
nameof(Info), Info,
nameof(InfoLength), InfoLength,
nameof(ReturnLength), ReturnLength
);
PInvokeDebugger.SafeCapture(debugInfo);
return(returnValue);
}
public extern static int ZwQueryVirtualMemory(IntPtr ProcessHandle, int BaseAddress, MemoryInformationClass _MemoryInformationClass, [Out] byte[] MSN, Int32 MemoryInformationLength, out int Zero);
public extern static int ZwQueryVirtualMemory(IntPtr ProcessHandle, int BaseAddress, MemoryInformationClass _MemoryInformationClass, [Out] out MEMORY_SECTION_NAME mbi, Int32 MemoryInformationLength, out int Zero);
public unsafe extern static int ZwQueryVirtualMemory(IntPtr ProcessHandle, int BaseAddress, MemoryInformationClass _MemoryInformationClass, [Out] void *mbi, Int32 MemoryInformationLength, out int Zero);
public extern static int ZwQueryVirtualMemory(IntPtr ProcessHandle, int BaseAddress, MemoryInformationClass _MemoryInformationClass, IntPtr MemoryInformation, Int32 MemoryInformationLength, out int ReturnLenth);
internal static extern int NtQueryVirtualMemoryDelegate(
IntPtr processHandle, IntPtr baseAddress, MemoryInformationClass memoryInformationClass,
IntPtr memoryInformation, ulong length, ref ulong returnLength);
