internal void WriteVirtualMemory <TStructure>(IntPtr baseAddress, TStructure structureToWrite) where TStructure : struct
{
// Store the structure to write in a buffer
var structureBuffer = LocalMemoryTools.StoreStructureInBuffer(structureToWrite);
// Marshal the structure into bytes
var structureBytes = new byte[Marshal.SizeOf <TStructure>()];
Marshal.Copy(structureBuffer, structureBytes, 0, Marshal.SizeOf <TStructure>());
// Write the structure into the memory region
WriteVirtualMemory(baseAddress, structureBytes);
}
internal void WriteVirtualMemory(IntPtr baseAddress, byte[] bytesToWrite)
{
// Store the bytes to write in a buffer
var bytesToWriteBuffer = LocalMemoryTools.StoreBytesInBuffer(bytesToWrite);
// Adjust the protection of the memory region to ensure it has write privileges
var oldProtectionType = ProtectVirtualMemory(baseAddress, bytesToWrite.Length, Enumerations.MemoryProtectionType.ReadWrite);
// Write the bytes into the memory region
_syscallManager.InvokeSyscall <NtWriteVirtualMemory>(_processHandle, baseAddress, bytesToWriteBuffer, bytesToWrite.Length);
// Restore the old protection of the memory region
ProtectVirtualMemory(baseAddress, bytesToWrite.Length, oldProtectionType);
LocalMemoryTools.FreeMemoryForBuffer(bytesToWriteBuffer);
}
internal TStructure ReadVirtualMemory <TStructure>(IntPtr baseAddress) where TStructure : struct
{
// Read the bytes of the structure from the memory region
var structureBytes = ReadVirtualMemory(baseAddress, Marshal.SizeOf <TStructure>());
// Marshal the bytes into a structure
var structureBytesBuffer = LocalMemoryTools.StoreBytesInBuffer(structureBytes);
try
{
return(Marshal.PtrToStructure <TStructure>(structureBytesBuffer));
}
finally
{
LocalMemoryTools.FreeMemoryForBuffer(structureBytesBuffer);
}
}
internal byte[] ReadVirtualMemory(IntPtr baseAddress, int bytesToRead)
{
// Adjust the protection of the memory region to ensure it has read privileges
var oldProtectionType = ProtectVirtualMemory(baseAddress, bytesToRead, Enumerations.MemoryProtectionType.ReadWrite);
// Read the specified number of bytes from the memory region
var bytesReadBuffer = (IntPtr)_syscallManager.InvokeSyscall <NtReadVirtualMemory>(_processHandle, baseAddress, bytesToRead);
var bytesRead = new byte[bytesToRead];
Marshal.Copy(bytesReadBuffer, bytesRead, 0, bytesToRead);
// Restore the old protection of the memory region
ProtectVirtualMemory(baseAddress, bytesToRead, oldProtectionType);
LocalMemoryTools.FreeMemoryForBuffer(bytesReadBuffer);
return(bytesRead);
}