public IntPtr GetModuleBase(string moduleName)
{
ByteStack callStack = new ByteStack(payloadSize);
callStack.Push(Encoding.Unicode.GetBytes(moduleName));
RemoteCallInformation remoteCallInfo =
new RemoteCallInformation
{
functionIdentifier = FunctionIdentifier.GET_MODULE_BASE,
payload = callStack.GetBytes()
};
byte[] result = callbackWatcher.SendAndWaitForCallback(getBytes(remoteCallInfo));
return(result == null ? IntPtr.Zero : fromBytes <IntPtr>(result));
}
//return saved in host
public void OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId)
{
ByteStack callStack = new ByteStack(payloadSize);
callStack.Push(getBytes(dwDesiredAccess));
callStack.Push(getBytes(bInheritHandle));
callStack.Push(getBytes(dwProcessId));
RemoteCallInformation remoteCallInfo =
new RemoteCallInformation
{
functionIdentifier = FunctionIdentifier.OPEN_PROCESS,
payload = callStack.GetBytes()
};
//send to client
socket.SendBytes(getBytes(remoteCallInfo));
}
public IntPtr GetProcAddress(IntPtr hModule, string procName)
{
ByteStack callStack = new ByteStack(payloadSize);
callStack.Push(getBytes(hModule));
callStack.Push(Encoding.ASCII.GetBytes(procName));
RemoteCallInformation remoteCallInfo =
new RemoteCallInformation
{
functionIdentifier = FunctionIdentifier.GET_PROC_ADDRESS,
payload = callStack.GetBytes()
};
//send to client
//receive answer
byte[] result = callbackWatcher.SendAndWaitForCallback(getBytes(remoteCallInfo));
return(result == null ? IntPtr.Zero : fromBytes <IntPtr>(result));
}
public T ReadProcessMemory <T>(IntPtr lpBaseAddress)
{
ByteStack callStack = new ByteStack(payloadSize);
callStack.Push(getBytes(lpBaseAddress));
callStack.Push(getBytes(Marshal.SizeOf(typeof(T))));
RemoteCallInformation remoteCallInfo =
new RemoteCallInformation
{
functionIdentifier = FunctionIdentifier.READ_PROCESS_MEMORY,
payload = callStack.GetBytes()
};
//send to client
//receive answer
byte[] result = callbackWatcher.SendAndWaitForCallback(getBytes(remoteCallInfo));
return(fromBytes <T>(result));
}
