/// <summary>
/// Query a license value. While technically not directly a registry key
/// it has many of the same properties such as using the same registry
/// value types.
/// </summary>
/// <param name="name">The name of the license value.</param>
/// <param name="throw_on_error">True to throw an exception on error</param>
/// <returns>The license value key</returns>
public static NtResult <NtKeyValue> QueryLicenseValue(string name, bool throw_on_error)
{
RegistryValueType type;
int ret_length;
UnicodeString name_string = new UnicodeString(name);
NtStatus status = NtSystemCalls.NtQueryLicenseValue(name_string, out type, SafeHGlobalBuffer.Null, 0, out ret_length);
if (status != NtStatus.STATUS_BUFFER_TOO_SMALL)
{
return(status.CreateResultFromError <NtKeyValue>(throw_on_error));
}
using (var buffer = new SafeHGlobalBuffer(ret_length))
{
return(NtSystemCalls.NtQueryLicenseValue(name_string, out type, buffer, buffer.Length, out ret_length)
.CreateResult(throw_on_error, () => new NtKeyValue(name, type, buffer.ToArray(), 0)));
}
}
/// <summary>
/// Get security descriptor as a byte array
/// </summary>
/// <param name="security_information">What parts of the security descriptor to retrieve</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <return>The NT status result and security descriptor.</return>
public NtResult <byte[]> GetSecurityDescriptorBytes(SecurityInformation security_information, bool throw_on_error)
{
// Just do a check here, no point checking if ReadControl not available.
if (!IsAccessMaskGranted(GenericAccessRights.ReadControl))
{
return(NtStatus.STATUS_ACCESS_DENIED.CreateResultFromError <byte[]>(throw_on_error));
}
NtStatus status = NtSystemCalls.NtQuerySecurityObject(Handle, security_information, null, 0, out int return_length);
if (status != NtStatus.STATUS_BUFFER_TOO_SMALL)
{
return(status.CreateResult(throw_on_error, () => new byte[0]));
}
byte[] buffer = new byte[return_length];
return(NtSystemCalls.NtQuerySecurityObject(Handle, security_information, buffer,
buffer.Length, out return_length).CreateResult(throw_on_error, () => buffer));
}
/// <summary>
/// Set the cached signing level for a file.
/// </summary>
/// <param name="handle">The handle to the file to set the cache on.</param>
/// <param name="flags">Flags to set for the cache.</param>
/// <param name="signing_level">The signing level to cache</param>
/// <param name="source_files">A list of source file for the cache.</param>
/// <param name="catalog_path">Optional directory path to look for catalog files.</param>
public static void SetCachedSigningLevel(SafeKernelObjectHandle handle,
int flags, SigningLevel signing_level,
IEnumerable <SafeKernelObjectHandle> source_files,
string catalog_path)
{
IntPtr[] handles = source_files?.Select(f => f.DangerousGetHandle()).ToArray();
int handles_count = handles == null ? 0 : handles.Length;
if (catalog_path != null)
{
CachedSigningLevelInformation info = new CachedSigningLevelInformation(catalog_path);
NtSystemCalls.NtSetCachedSigningLevel2(flags, signing_level, handles, handles_count, handle, info).ToNtException();
}
else
{
NtSystemCalls.NtSetCachedSigningLevel(flags, signing_level, handles, handles_count, handle).ToNtException();
}
}
/// <summary>
/// Create a kernel dump for current system.
/// </summary>
/// <param name="path">The path to the output file.</param>
/// <param name="flags">Flags</param>
/// <param name="page_flags">Page flags</param>
public static void CreateKernelDump(string path, SystemDebugKernelDumpControlFlags flags, SystemDebugKernelDumpPageControlFlags page_flags)
{
NtToken.EnableDebugPrivilege();
using (NtFile file = NtFile.Create(path, FileAccessRights.Synchronize | FileAccessRights.GenericWrite | FileAccessRights.GenericRead,
FileShareMode.Read, FileOpenOptions.SynchronousIoNonAlert | FileOpenOptions.WriteThrough | FileOpenOptions.NoIntermediateBuffering, FileDisposition.OverwriteIf,
null))
{
using (var buffer = new SystemDebugKernelDumpConfig()
{
FileHandle = file.Handle.DangerousGetHandle(),
Flags = flags,
PageFlags = page_flags
}.ToBuffer())
{
NtSystemCalls.NtSystemDebugControl(SystemDebugCommand.SysDbgGetLiveKernelDump, buffer, buffer.Length,
SafeHGlobalBuffer.Null, 0, out int ret_length).ToNtException();
}
}
}
/// <summary>
/// Query memory information for a process.
/// </summary>
/// <param name="process">The process to query.</param>
/// <param name="base_address">The base address.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The memory information for the region.</returns>
/// <exception cref="NtException">Thrown on error.</exception>
public static NtResult <MemoryInformation> QueryMemoryInformation(SafeKernelObjectHandle process, long base_address, bool throw_on_error)
{
MemoryBasicInformation basic_info = new MemoryBasicInformation();
string mapped_image_path = string.Empty;
using (var buffer = new SafeStructureInOutBuffer <MemoryBasicInformation>())
{
NtStatus status = NtSystemCalls.NtQueryVirtualMemory(process,
new IntPtr(base_address), MemoryInformationClass.MemoryBasicInformation,
buffer, buffer.LengthIntPtr, out IntPtr ret_length);
if (!status.IsSuccess())
{
return(status.CreateResultFromError <MemoryInformation>(throw_on_error));
}
basic_info = buffer.Result;
}
MemoryRegionInformation region_info = new MemoryRegionInformation();
using (var buffer = new SafeStructureInOutBuffer <MemoryRegionInformation>())
{
NtStatus status = NtSystemCalls.NtQueryVirtualMemory(process,
new IntPtr(base_address), MemoryInformationClass.MemoryRegionInformationEx,
buffer, buffer.LengthIntPtr, out IntPtr ret_length);
if (status.IsSuccess())
{
region_info = buffer.Result;
}
}
if (basic_info.Type == MemoryType.Image || basic_info.Type == MemoryType.Mapped)
{
var name = QuerySectionName(process, base_address, false);
if (name.IsSuccess)
{
mapped_image_path = name.Result;
}
}
return(new MemoryInformation(basic_info, mapped_image_path, region_info).CreateResult());
}
/// <summary>
/// Do an access check between a security descriptor and a token to determine the allowed access.
/// </summary>
/// <param name="sd">The security descriptor</param>
/// <param name="token">The access token.</param>
/// <param name="access_rights">The set of access rights to check against</param>
/// <param name="principal">An optional principal SID used to replace the SELF SID in a security descriptor.</param>
/// <param name="generic_mapping">The type specific generic mapping (get from corresponding NtType entry).</param>
/// <returns>The allowed access mask as a unsigned integer.</returns>
/// <exception cref="NtException">Thrown if an error occurred in the access check.</exception>
public static AccessMask GetAllowedAccess(SecurityDescriptor sd, NtToken token,
AccessMask access_rights, Sid principal, GenericMapping generic_mapping)
{
if (sd == null)
{
throw new ArgumentNullException("sd");
}
if (token == null)
{
throw new ArgumentNullException("token");
}
if (access_rights.IsEmpty)
{
return(AccessMask.Empty);
}
using (SafeBuffer sd_buffer = sd.ToSafeBuffer())
{
using (NtToken imp_token = DuplicateForAccessCheck(token))
{
using (var privs = new SafePrivilegeSetBuffer())
{
int buffer_length = privs.Length;
using (var self_sid = principal != null ? principal.ToSafeBuffer() : SafeSidBufferHandle.Null)
{
NtSystemCalls.NtAccessCheckByType(sd_buffer, self_sid, imp_token.Handle, access_rights,
SafeHGlobalBuffer.Null, 0, ref generic_mapping, privs,
ref buffer_length, out AccessMask granted_access, out NtStatus result_status).ToNtException();
if (result_status.IsSuccess())
{
return(granted_access);
}
return(AccessMask.Empty);
}
}
}
}
}
/// <summary>
/// Query state data for the WNF object.
/// </summary>
/// <param name="type_id">Optional Type ID.</param>
/// <param name="explicit_scope">Optional explicit scope.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The state data.</returns>
public NtResult <WnfStateData> QueryStateData(WnfTypeId type_id, IntPtr explicit_scope, bool throw_on_error)
{
int tries = 10;
int size = 4096;
while (tries-- > 0)
{
using (var buffer = new SafeHGlobalBuffer(size)) {
NtStatus status = NtSystemCalls.NtQueryWnfStateData(StateName, type_id,
explicit_scope, out int changestamp, buffer, ref size);
if (status == NtStatus.STATUS_BUFFER_TOO_SMALL)
{
continue;
}
return(status.CreateResult(throw_on_error, () => new WnfStateData(buffer.ReadBytes(size), changestamp)));
}
}
return(NtStatus.STATUS_BUFFER_TOO_SMALL.CreateResultFromError <WnfStateData>(throw_on_error));
}
/// <summary>
/// Read structured memory array from a process.
/// </summary>
/// <param name="process">The process to read from.</param>
/// <param name="base_address">The base address in the process.</param>
/// <param name="count">The number of elements in the array to read.</param>
/// <returns>The read structure.</returns>
/// <exception cref="NtException">Thrown on error.</exception>
/// <typeparam name="T">Type of structure to read.</typeparam>
public static T[] ReadMemoryArray <T>(SafeKernelObjectHandle process, long base_address, int count) where T : new()
{
int element_size = Marshal.SizeOf(typeof(T));
using (var buffer = new SafeHGlobalBuffer(element_size * count))
{
NtSystemCalls.NtReadVirtualMemory(process,
new IntPtr(base_address), buffer, buffer.Length, out int return_length).ToNtException();
if (return_length != buffer.Length)
{
throw new NtException(NtStatus.STATUS_PARTIAL_COPY);
}
T[] result = new T[count];
for (int i = 0; i < count; ++i)
{
int offset = i * element_size;
result[i] = (T)Marshal.PtrToStructure(buffer.DangerousGetHandle() + offset, typeof(T));
}
return(result);
}
}
/// <summary>
/// Enumerate window handles.
/// </summary>
/// <param name="desktop">Desktop containing the Windows. Optional.</param>
/// <param name="parent">The parent Window. Optional.</param>
/// <param name="enum_children">True to enumerate child Windows.</param>
/// <param name="hide_immersive">Hide immersive Windows.</param>
/// <param name="thread_id">The thread ID that owns the Window.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The enumerated Window Handles.</returns>
public static NtResult <IEnumerable <NtWindow> > GetWindows(NtDesktop desktop, NtWindow parent,
bool enum_children, bool hide_immersive, int thread_id, bool throw_on_error)
{
int count = 64;
while (true)
{
IntPtr[] handles = new IntPtr[count];
NtStatus status = NtSystemCalls.NtUserBuildHwndList(desktop.GetHandle(), parent.Handle, enum_children,
hide_immersive, thread_id, handles.Length, handles, out int required_count);
if (status.IsSuccess())
{
return(handles.Take(required_count).Select(i => new NtWindow(i)).CreateResult());
}
if (status != NtStatus.STATUS_BUFFER_TOO_SMALL || count > required_count)
{
return(status.CreateResultFromError <IEnumerable <NtWindow> >(throw_on_error));
}
count = required_count;
}
}
/// <summary>
/// Get a list of handles
/// </summary>
/// <param name="pid">A process ID to filter on. If -1 will get all handles</param>
/// <param name="allow_query">True to allow the handles returned to query for certain properties</param>
/// <returns>The list of handles</returns>
public static IEnumerable <NtHandle> GetHandles(int pid, bool allow_query)
{
SafeHGlobalBuffer handleInfo = new SafeHGlobalBuffer(0x10000);
try
{
NtStatus status = 0;
int return_length = 0;
while ((status = NtSystemCalls.NtQuerySystemInformation(SystemInformationClass.SystemHandleInformation,
handleInfo.DangerousGetHandle(),
handleInfo.Length,
out return_length)) == NtStatus.STATUS_INFO_LENGTH_MISMATCH)
{
int length = handleInfo.Length * 2;
handleInfo.Close();
handleInfo = new SafeHGlobalBuffer(length);
}
status.ToNtException();
IntPtr handleInfoBuf = handleInfo.DangerousGetHandle();
int handle_count = Marshal.ReadInt32(handleInfoBuf);
List <NtHandle> ret = new List <NtHandle>();
handleInfoBuf += IntPtr.Size;
for (int i = 0; i < handle_count; ++i)
{
SystemHandleTableInfoEntry entry = (SystemHandleTableInfoEntry)Marshal.PtrToStructure(handleInfoBuf, typeof(SystemHandleTableInfoEntry));
if (pid == -1 || entry.UniqueProcessId == pid)
{
ret.Add(new NtHandle(entry, allow_query));
}
handleInfoBuf += Marshal.SizeOf(typeof(SystemHandleTableInfoEntry));
}
return(ret);
}
finally
{
handleInfo.Close();
}
}
/// <summary>
/// Create a Window Station by name.
/// </summary>
/// <param name="object_attributes">Object attributes for the Window Station.</param>
/// <param name="desired_access">Desired access for the Window Station.</param>
/// <param name="kbd_dll_path">Path to Keyboard DLL e.g. kbusa.dll.</param>
/// <param name="keyboard_locale">Locale ID, e.g. 0x4090409.</param>
/// <param name="language_id">Language ID e.g. 0x409.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The Window Station.</returns>
public static NtResult <NtWindowStation> Create(ObjectAttributes object_attributes, WindowStationAccessRights desired_access, string kbd_dll_path,
int language_id, int keyboard_locale, bool throw_on_error)
{
string dll_path;
IntPtr layout_offset;
IntPtr nls_offset;
using (var kbd_dll = SafeLoadLibraryHandle.LoadLibrary(kbd_dll_path, LoadLibraryFlags.None, throw_on_error))
{
if (!kbd_dll.IsSuccess)
{
return(kbd_dll.Cast <NtWindowStation>());
}
dll_path = kbd_dll.Result.FullPath;
layout_offset = GetKdbLayoutOffset(kbd_dll.Result, 1);
nls_offset = GetKdbLayoutOffset(kbd_dll.Result, 2);
}
using (var buffer = new SafeHGlobalBuffer(0x318))
{
BufferUtils.FillBuffer(buffer, 0);
using (var file = NtFile.Open(NtFileUtils.DosFileNameToNt(dll_path), null,
FileAccessRights.GenericRead | FileAccessRights.Synchronize, FileShareMode.Read | FileShareMode.Delete,
FileOpenOptions.NonDirectoryFile | FileOpenOptions.SynchronousIoNonAlert, throw_on_error))
{
if (!file.IsSuccess)
{
return(file.Cast <NtWindowStation>());
}
var handle = NtSystemCalls.NtUserCreateWindowStation(object_attributes, desired_access, file.Result.Handle,
layout_offset, nls_offset, buffer, new UnicodeString($"{language_id:X08}"), keyboard_locale);
if (handle.IsInvalid)
{
return(NtObjectUtils.CreateResultFromDosError <NtWindowStation>(throw_on_error));
}
return(new NtWindowStation(handle).CreateResult());
}
}
}
/// <summary>
/// Query the directory for a list of entries.
/// </summary>
/// <returns>The list of entries.</returns>
/// <exception cref="NtException">Thrown on error</exception>
public IEnumerable <ObjectDirectoryInformation> Query()
{
string base_path = FullPath.TrimEnd('\\');
using (SafeStructureInOutBuffer <OBJECT_DIRECTORY_INFORMATION> buffer
= new SafeStructureInOutBuffer <OBJECT_DIRECTORY_INFORMATION>(2048, true))
{
NtStatus status;
int context = 0;
int return_length = 0;
while ((status = NtSystemCalls.NtQueryDirectoryObject(Handle, buffer, buffer.Length, false,
true, ref context, out return_length)) == NtStatus.STATUS_MORE_ENTRIES)
{
buffer.Resize(buffer.Length * 2);
}
if (status == NtStatus.STATUS_NO_MORE_ENTRIES)
{
yield break;
}
status.ToNtException();
IntPtr current = buffer.DangerousGetHandle();
string name = String.Empty;
while (true)
{
OBJECT_DIRECTORY_INFORMATION dir_info = (OBJECT_DIRECTORY_INFORMATION)Marshal.PtrToStructure(current, typeof(OBJECT_DIRECTORY_INFORMATION));
name = dir_info.Name.ToString();
if (name.Length == 0)
{
break;
}
yield return(new ObjectDirectoryInformation(this, base_path, dir_info));
current += Marshal.SizeOf(dir_info);
}
}
}
private SafeStructureInOutBuffer <T> Query <T>(ProcessInfoClass info_class) where T : new()
{
int return_length = 0;
NtStatus status = NtSystemCalls.NtQueryInformationProcess(Handle, info_class, SafeHGlobalBuffer.Null, 0, out return_length);
if (status != NtStatus.STATUS_INFO_LENGTH_MISMATCH && status != NtStatus.STATUS_BUFFER_TOO_SMALL)
{
throw new NtException(status);
}
SafeStructureInOutBuffer <T> buffer = new SafeStructureInOutBuffer <T>(return_length, false);
try
{
NtSystemCalls.NtQueryInformationProcess(Handle, info_class, buffer, buffer.Length, out return_length).ToNtException();
return(buffer);
}
catch
{
buffer.Close();
throw;
}
}
private NtResult <IContext> GetAmd64Context(ContextFlags flags, bool throw_on_error)
{
var context = new ContextAmd64
{
ContextFlags = flags
};
// Buffer needs to be 16 bytes aligned, so allocate some extract space in case.
using (var buffer = new SafeHGlobalBuffer(Marshal.SizeOf(context) + 16))
{
int write_ofs = 0;
long ptr = buffer.DangerousGetHandle().ToInt64();
// Almost certainly 16 byte aligned, but just in case.
if ((ptr & 0xF) != 0)
{
write_ofs = (int)(0x10 - (ptr & 0xF));
}
Marshal.StructureToPtr(context, buffer.DangerousGetHandle() + write_ofs, false);
var sbuffer = buffer.GetStructAtOffset <ContextAmd64>(write_ofs);
return(NtSystemCalls.NtGetContextThread(Handle, sbuffer).CreateResult(throw_on_error, () => sbuffer.Result).Cast <IContext>());
}
}
private IContext GetAmd64Context(ContextFlags flags)
{
var context = new ContextAmd64();
context.ContextFlags = flags;
// Buffer needs to be 16 bytes aligned, so allocate some extract space in case.
using (var buffer = new SafeHGlobalBuffer(Marshal.SizeOf(context) + 16))
{
int write_ofs = 0;
long ptr = buffer.DangerousGetHandle().ToInt64();
// Almost certainly 8 byte aligned, but just in case.
if ((ptr & 0xF) != 0)
{
write_ofs = (int)(0x10 - (ptr & 0xF));
}
Marshal.StructureToPtr(context, buffer.DangerousGetHandle() + write_ofs, false);
var sbuffer = buffer.GetStructAtOffset <ContextAmd64>(write_ofs);
NtSystemCalls.NtGetContextThread(Handle, sbuffer).ToNtException();
return(sbuffer.Result);
}
}
private static SafeHGlobalBuffer EnumEnvironmentValues(SystemEnvironmentValueInformationClass info_class)
{
int ret_length = 0;
NtStatus status = NtSystemCalls.NtEnumerateSystemEnvironmentValuesEx(info_class, SafeHGlobalBuffer.Null, ref ret_length);
if (status != NtStatus.STATUS_BUFFER_TOO_SMALL)
{
throw new NtException(status);
}
var buffer = new SafeHGlobalBuffer(ret_length);
try
{
ret_length = buffer.Length;
NtSystemCalls.NtEnumerateSystemEnvironmentValuesEx(info_class,
buffer, ref ret_length).ToNtException();
return(buffer);
}
catch
{
buffer.Dispose();
throw;
}
}
/// <summary>
/// Query memory information for a process.
/// </summary>
/// <param name="process">The process to query.</param>
/// <param name="base_address">The base address.</param>
/// <returns>The memory information for the region.</returns>
/// <exception cref="NtException">Thrown on error.</exception>
public static MemoryInformation QueryMemoryInformation(SafeKernelObjectHandle process, long base_address)
{
MemoryBasicInformation basic_info = new MemoryBasicInformation();
string mapped_image_path = String.Empty;
using (var buffer = new SafeStructureInOutBuffer <MemoryBasicInformation>())
{
NtSystemCalls.NtQueryVirtualMemory(process,
new IntPtr(base_address), MemoryInformationClass.MemoryBasicInformation,
buffer, buffer.LengthIntPtr, out IntPtr ret_length).ToNtException();
basic_info = buffer.Result;
}
if (basic_info.Type == MemoryType.Image || basic_info.Type == MemoryType.Mapped)
{
var name = QuerySectionName(process, base_address, false);
if (name.IsSuccess)
{
mapped_image_path = name.Result;
}
}
return(new MemoryInformation(basic_info, mapped_image_path));
}
private SafeStructureInOutBuffer <T> QueryKey <T>(KeyInformationClass info_class) where T : new()
{
int return_length;
NtStatus status = NtSystemCalls.NtQueryKey(Handle, info_class, SafeHGlobalBuffer.Null, 0, out return_length);
if (status != NtStatus.STATUS_BUFFER_OVERFLOW && status != NtStatus.STATUS_INFO_LENGTH_MISMATCH && status != NtStatus.STATUS_BUFFER_TOO_SMALL)
{
status.ToNtException();
}
SafeStructureInOutBuffer <T> buffer = new SafeStructureInOutBuffer <T>(return_length, false);
try
{
NtSystemCalls.NtQueryKey(Handle, info_class, buffer, buffer.Length, out return_length).ToNtException();
return(Interlocked.Exchange(ref buffer, null));
}
finally
{
if (buffer != null)
{
buffer.Close();
}
}
}
private static Dictionary <string, NtType> LoadTypes()
{
var type_factories = NtTypeFactory.GetAssemblyNtTypeFactories(Assembly.GetExecutingAssembly());
using (var type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>())
{
Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase);
int return_length;
NtStatus status = NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectAllInformation,
type_info.DangerousGetHandle(), type_info.Length, out return_length);
if (status != NtStatus.STATUS_INFO_LENGTH_MISMATCH)
{
status.ToNtException();
}
type_info.Resize(return_length);
int alignment = IntPtr.Size - 1;
NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectAllInformation,
type_info.DangerousGetHandle(), type_info.Length, out return_length).ToNtException();
ObjectAllTypesInformation result = type_info.Result;
IntPtr curr_typeinfo = type_info.DangerousGetHandle() + IntPtr.Size;
for (int count = 0; count < result.NumberOfTypes; ++count)
{
ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation));
string name = info.Name.ToString();
NtTypeFactory factory = type_factories.ContainsKey(name) ? type_factories[name] : _generic_factory;
NtType ti = new NtType(count + 2, info, factory);
ret[ti.Name] = ti;
int offset = (info.Name.MaximumLength + alignment) & ~alignment;
curr_typeinfo = info.Name.Buffer + offset;
}
return(ret);
}
}
/// <summary>
/// Create an event object
/// </summary>
/// <param name="object_attributes">The event object attributes</param>
/// <param name="type">The type of the event</param>
/// <param name="initial_state">The initial state of the event</param>
/// <param name="desired_access">The desired access for the event</param>
/// <param name="throw_on_error">True to throw an exception on error.</param>
/// <returns>The NT status code and object result.</returns>
public static NtResult <NtEvent> Create(ObjectAttributes object_attributes, EventType type, bool initial_state, EventAccessRights desired_access, bool throw_on_error)
{
SafeKernelObjectHandle handle;
return(NtSystemCalls.NtCreateEvent(out handle, desired_access, object_attributes, type, initial_state).CreateResult(throw_on_error, () => new NtEvent(handle)));
}
/// <summary>
/// Method to query information for this object type.
/// </summary>
/// <param name="info_class">The information class.</param>
/// <param name="buffer">The buffer to return data in.</param>
/// <param name="return_length">Return length from the query.</param>
/// <returns>The NT status code for the query.</returns>
public override NtStatus QueryInformation(EventInformationClass info_class, SafeBuffer buffer, out int return_length)
{
return(NtSystemCalls.NtQueryEvent(Handle, info_class, buffer, buffer.GetLength(), out return_length));
}
/// <summary>
/// Pulse the event state.
/// </summary>
/// <param name="throw_on_error">True to throw an exception on error.</param>
/// <returns>The previous state of the event and NT status.</returns>
public NtResult <int> Pulse(bool throw_on_error)
{
return(NtSystemCalls.NtPulseEvent(Handle, out int previous_state).CreateResult(throw_on_error, () => previous_state));
}
/// <summary>
/// Clear the event state
/// </summary>
/// <param name="throw_on_error">True to throw an exception on error.</param>
/// <returns>The NT status code.</returns>
public NtStatus Clear(bool throw_on_error)
{
return(NtSystemCalls.NtClearEvent(Handle).ToNtException(throw_on_error));
}
/// <summary>
/// Open an event object
/// </summary>
/// <param name="object_attributes">The event object attributes</param>
/// <param name="desired_access">The desired access for the event</param>
/// <param name="throw_on_error">True to throw an exception on error.</param>
/// <returns>The NT status code and object result.</returns>
public static NtResult <NtEvent> Open(ObjectAttributes object_attributes, EventAccessRights desired_access, bool throw_on_error)
{
SafeKernelObjectHandle handle;
return(NtSystemCalls.NtOpenEvent(out handle, desired_access, object_attributes).CreateResult(throw_on_error, () => new NtEvent(handle)));
}
/// <summary> /// Make the object a permanent object /// </summary> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The NT status code.</returns> public NtStatus MakePermanent(bool throw_on_error) => NtSystemCalls.NtMakePermanentObject(Handle).ToNtException(throw_on_error);
/// <summary> /// Make the object a temporary object /// </summary> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The NT status code.</returns> public NtStatus MakeTemporary(bool throw_on_error) => NtSystemCalls.NtMakeTemporaryObject(Handle).ToNtException(throw_on_error);
/// <summary>
/// Terminate this job object.
/// </summary>
/// <param name="status">The termination status.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The NT status code.</returns>
public NtStatus Terminate(NtStatus status, bool throw_on_error)
{
return(NtSystemCalls.NtTerminateJobObject(Handle, status).ToNtException(throw_on_error));
}
/// <summary>
/// Assign a process to this job object.
/// </summary>
/// <param name="throw_on_error">True to throw on error.</param>
/// <param name="process">The process to assign.</param>
/// <returns>The NT status code.</returns>
public NtStatus AssignProcess(NtProcess process, bool throw_on_error)
{
return(NtSystemCalls.NtAssignProcessToJobObject(Handle, process.Handle).ToNtException(throw_on_error));
}
/// <summary>
/// Convert Job object into a Silo
/// </summary>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The NT status code.</returns>
public NtStatus CreateSilo(bool throw_on_error)
{
return(NtSystemCalls.NtSetInformationJobObject(Handle, JobObjectInformationClass.JobObjectCreateSilo,
SafeHGlobalBuffer.Null, 0).ToNtException(throw_on_error));
}
/// <summary>
/// Method to set information for this object type.
/// </summary>
/// <param name="info_class">The information class.</param>
/// <param name="buffer">The buffer to set data from.</param>
/// <returns>The NT status code for the set.</returns>
public override NtStatus SetInformation(ResourceManagerInformationClass info_class, SafeBuffer buffer)
{
return(NtSystemCalls.NtSetInformationResourceManager(Handle, info_class, buffer, buffer.GetLength()));
}
