public IntPtr GetModuleBase(string moduleName) { ByteStack callStack = new ByteStack(payloadSize); callStack.Push(Encoding.Unicode.GetBytes(moduleName)); RemoteCallInformation remoteCallInfo = new RemoteCallInformation { functionIdentifier = FunctionIdentifier.GET_MODULE_BASE, payload = callStack.GetBytes() }; byte[] result = callbackWatcher.SendAndWaitForCallback(getBytes(remoteCallInfo)); return(result == null ? IntPtr.Zero : fromBytes <IntPtr>(result)); }
//return saved in host public void OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId) { ByteStack callStack = new ByteStack(payloadSize); callStack.Push(getBytes(dwDesiredAccess)); callStack.Push(getBytes(bInheritHandle)); callStack.Push(getBytes(dwProcessId)); RemoteCallInformation remoteCallInfo = new RemoteCallInformation { functionIdentifier = FunctionIdentifier.OPEN_PROCESS, payload = callStack.GetBytes() }; //send to client socket.SendBytes(getBytes(remoteCallInfo)); }
public IntPtr GetProcAddress(IntPtr hModule, string procName) { ByteStack callStack = new ByteStack(payloadSize); callStack.Push(getBytes(hModule)); callStack.Push(Encoding.ASCII.GetBytes(procName)); RemoteCallInformation remoteCallInfo = new RemoteCallInformation { functionIdentifier = FunctionIdentifier.GET_PROC_ADDRESS, payload = callStack.GetBytes() }; //send to client //receive answer byte[] result = callbackWatcher.SendAndWaitForCallback(getBytes(remoteCallInfo)); return(result == null ? IntPtr.Zero : fromBytes <IntPtr>(result)); }
public T ReadProcessMemory <T>(IntPtr lpBaseAddress) { ByteStack callStack = new ByteStack(payloadSize); callStack.Push(getBytes(lpBaseAddress)); callStack.Push(getBytes(Marshal.SizeOf(typeof(T)))); RemoteCallInformation remoteCallInfo = new RemoteCallInformation { functionIdentifier = FunctionIdentifier.READ_PROCESS_MEMORY, payload = callStack.GetBytes() }; //send to client //receive answer byte[] result = callbackWatcher.SendAndWaitForCallback(getBytes(remoteCallInfo)); return(fromBytes <T>(result)); }