internal IntPtr AllocateBuffer(int bufferSize) { var buffer = _processContext.CallRoutine <IntPtr>(_processContext.GetFunctionAddress("kernel32.dll", "HeapAlloc"), _heapAddress, HeapAllocationType.ZeroMemory, bufferSize); if (buffer == IntPtr.Zero) { throw new ApplicationException("Failed to allocate a buffer in the process heap"); } _bufferCache.Add(buffer); return(buffer); }
private void BuildImportAddressTable() { Parallel.ForEach(_peImage.ImportDirectory.GetImportDescriptors(), importDescriptor => { foreach (var function in importDescriptor.Functions) { // Write the address of the function into the import address table var functionAddress = function.Name is null ? _processContext.GetFunctionAddress(importDescriptor.Name, function.Ordinal) : _processContext.GetFunctionAddress(importDescriptor.Name, function.Name); MemoryMarshal.Write(_dllBytes.Span.Slice(function.Offset), ref functionAddress); } }); }
private void BuildImportAddressTable() { Parallel.ForEach(_peImage.ImportDirectory.GetImportDescriptors(), importDescriptor => { foreach (var function in importDescriptor.Functions) { // Write the address of the function into the import address table var functionAddress = function.Name is null ? _processContext.GetFunctionAddress(importDescriptor.Name, function.Ordinal) : _processContext.GetFunctionAddress(importDescriptor.Name, function.Name); if (functionAddress == IntPtr.Zero) { throw new ApplicationException("Failed to resolve the address of a function in a module"); } MemoryMarshal.Write(_dllBytes.Span.Slice(function.Offset), ref functionAddress); } }); }
internal SafePebLock(ProcessContext processContext) { _processContext = processContext; processContext.CallRoutine(processContext.GetFunctionAddress("ntdll.dll", "RtlAcquirePebLock")); }
public void Dispose() { Executor.IgnoreExceptions(() => _processContext.CallRoutine(_processContext.GetFunctionAddress("ntdll.dll", "RtlReleasePebLock"))); }
public void Dispose() { _processContext.CallRoutine(_processContext.GetFunctionAddress("ntdll.dll", "RtlReleasePebLock")); }