public static NTSTATUS NtCreateFile10(out IntPtr fileHandle, Int32 desiredAccess, ref OBJECT_ATTRIBUTES objectAttributes, out IO_STATUS_BLOCK ioStatusBlock, ref Int64 allocationSize, UInt32 fileAttributes, System.IO.FileShare shareAccess, UInt32 createDisposition, UInt32 createOptions, IntPtr eaBuffer, UInt32 eaLength)
{
byte[] syscall = bNtCreateFile10;
IntPtr memoryAddress = msil.getAdrressWithMSIL(syscall);
Delegates.NtCreateFile myAssemblyFunction = (Delegates.NtCreateFile)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtCreateFile));
return((NTSTATUS)myAssemblyFunction(out fileHandle, desiredAccess, ref objectAttributes, out ioStatusBlock, ref allocationSize, fileAttributes, shareAccess, createDisposition, createOptions, eaBuffer, eaLength));
}
public static NTSTATUS NtCreateFile10(out Microsoft.Win32.SafeHandles.SafeFileHandle fileHandle,
Int32 desiredAccess,
ref OBJECT_ATTRIBUTES objectAttributes,
out IO_STATUS_BLOCK ioStatusBlock,
ref Int64 allocationSize,
UInt32 fileAttributes,
System.IO.FileShare shareAccess,
UInt32 createDisposition,
UInt32 createOptions,
IntPtr eaBuffer,
UInt32 eaLength)
{
byte[] syscall = bNtCreateFile10;
unsafe
{
fixed(byte *ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtectEx(Process.GetCurrentProcess().Handle, memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.NtCreateFile myAssemblyFunction = (Delegates.NtCreateFile)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtCreateFile));
return((NTSTATUS)myAssemblyFunction(out fileHandle,
desiredAccess,
ref objectAttributes,
out ioStatusBlock,
ref allocationSize,
fileAttributes,
shareAccess,
createDisposition,
createOptions,
eaBuffer,
eaLength));
}
}
}
public static NTSTATUS NTCreateFile(
out Microsoft.Win32.SafeHandles.SafeFileHandle FileHandle,
FileAccess DesiredAcces,
ref OBJECT_ATTRIBUTES ObjectAttributes,
ref IO_STATUS_BLOCK IoStatusBlock,
ref long AllocationSize,
FileAttributes FileAttributes,
FileShare ShareAccess,
CreationDisposition CreateDisposition,
CreateOption CreateOptions,
IntPtr EaBuffer,
uint EaLength)
{
byte[] syscall = bNtCreateFile;
unsafe
{
fixed(byte *ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect(memoryAddress, (UIntPtr)syscall.Length, (uint)AllocationProtect.PAGE_EXECUTE_READWRITE, out uint lpflOldProtect))
{
throw new Win32Exception();
}
Delegates.NtCreateFile assembledFunction = (Delegates.NtCreateFile)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtCreateFile));
return((NTSTATUS)assembledFunction(out FileHandle,
DesiredAcces,
ref ObjectAttributes,
ref IoStatusBlock,
ref AllocationSize,
FileAttributes,
ShareAccess,
CreateDisposition,
CreateOptions,
EaBuffer,
EaLength));
}
}
}
