Exemple #1
0
    internal IntPtr AllocateBuffer(int bufferSize)
    {
        var buffer = _processContext.CallRoutine <IntPtr>(_processContext.GetFunctionAddress("kernel32.dll", "HeapAlloc"), _heapAddress, HeapAllocationType.ZeroMemory, bufferSize);

        if (buffer == IntPtr.Zero)
        {
            throw new ApplicationException("Failed to allocate a buffer in the process heap");
        }

        _bufferCache.Add(buffer);

        return(buffer);
    }
Exemple #2
0
        private void BuildImportAddressTable()
        {
            Parallel.ForEach(_peImage.ImportDirectory.GetImportDescriptors(), importDescriptor =>
            {
                foreach (var function in importDescriptor.Functions)
                {
                    // Write the address of the function into the import address table

                    var functionAddress = function.Name is null ? _processContext.GetFunctionAddress(importDescriptor.Name, function.Ordinal) : _processContext.GetFunctionAddress(importDescriptor.Name, function.Name);

                    MemoryMarshal.Write(_dllBytes.Span.Slice(function.Offset), ref functionAddress);
                }
            });
        }
Exemple #3
0
        private void BuildImportAddressTable()
        {
            Parallel.ForEach(_peImage.ImportDirectory.GetImportDescriptors(), importDescriptor =>
            {
                foreach (var function in importDescriptor.Functions)
                {
                    // Write the address of the function into the import address table

                    var functionAddress = function.Name is null ? _processContext.GetFunctionAddress(importDescriptor.Name, function.Ordinal) : _processContext.GetFunctionAddress(importDescriptor.Name, function.Name);

                    if (functionAddress == IntPtr.Zero)
                    {
                        throw new ApplicationException("Failed to resolve the address of a function in a module");
                    }

                    MemoryMarshal.Write(_dllBytes.Span.Slice(function.Offset), ref functionAddress);
                }
            });
        }
Exemple #4
0
 internal SafePebLock(ProcessContext processContext)
 {
     _processContext = processContext;
     processContext.CallRoutine(processContext.GetFunctionAddress("ntdll.dll", "RtlAcquirePebLock"));
 }
Exemple #5
0
 public void Dispose()
 {
     Executor.IgnoreExceptions(() => _processContext.CallRoutine(_processContext.GetFunctionAddress("ntdll.dll", "RtlReleasePebLock")));
 }
Exemple #6
0
 public void Dispose()
 {
     _processContext.CallRoutine(_processContext.GetFunctionAddress("ntdll.dll", "RtlReleasePebLock"));
 }