public static NTSTATUS ZwOpenProcess10(ref IntPtr hProcess, ProcessAccessFlags processAccess, OBJECT_ATTRIBUTES objAttribute, ref CLIENT_ID clientid) { byte[] syscall = bZwOpenProcess10; IntPtr memoryAddress = msil.getAdrressWithMSIL(syscall); Delegates.ZwOpenProcess myAssemblyFunction = (Delegates.ZwOpenProcess)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwOpenProcess)); return((NTSTATUS)myAssemblyFunction(out hProcess, processAccess, objAttribute, ref clientid)); }
public static NTSTATUS ZwOpenProcess10(ref IntPtr hProcess, ProcessAccessFlags processAccess, OBJECT_ATTRIBUTES objAttribute, ref CLIENT_ID clientid) { byte[] syscall = bZwOpenProcess10; GCHandle pinnedArray = GCHandle.Alloc(syscall, GCHandleType.Pinned); IntPtr memoryAddress = pinnedArray.AddrOfPinnedObject(); if (!Natives.VirtualProtect(memoryAddress, (UIntPtr)syscall.Length, memoryPtrotection, out uint oldprotect)) { throw new Win32Exception(); } Delegates.ZwOpenProcess myAssemblyFunction = (Delegates.ZwOpenProcess)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwOpenProcess)); return((NTSTATUS)myAssemblyFunction(out hProcess, processAccess, objAttribute, ref clientid)); }
public static NTSTATUS ZwOpenProcess10(ref IntPtr hProcess, ProcessAccessFlags processAccess, OBJECT_ATTRIBUTES objAttribute, ref CLIENT_ID clientid) { byte[] syscall = bZwOpenProcess10; unsafe { fixed(byte *ptr = syscall) { IntPtr memoryAddress = (IntPtr)ptr; if (!VirtualProtectEx(Process.GetCurrentProcess().Handle, memoryAddress, (UIntPtr)syscall.Length, 0x40, out uint oldprotect)) { throw new Win32Exception(); } Delegates.ZwOpenProcess myAssemblyFunction = (Delegates.ZwOpenProcess)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwOpenProcess)); return((NTSTATUS)myAssemblyFunction(out hProcess, processAccess, objAttribute, ref clientid)); } } }