internal IntPtr Invoke(SafeProcessHandle processHandle, IntPtr baseAddress, int size, Enumerations.MemoryProtectionType protectionType)
{
// Store the base address of the allocation in a buffer
var baseAddressBuffer = LocalMemoryTools.StoreStructureInBuffer(baseAddress);
// Store the size of the allocation in a buffer
var sizeBuffer = LocalMemoryTools.StoreStructureInBuffer(size);
// Perform the syscall
const Enumerations.MemoryAllocationType allocationType = Enumerations.MemoryAllocationType.Commit | Enumerations.MemoryAllocationType.Reserve;
var syscallResult = _ntAllocateVirtualMemoryDelegate(processHandle, baseAddressBuffer, 0, sizeBuffer, allocationType, protectionType);
if (syscallResult != Enumerations.NtStatus.Success)
{
ExceptionHandler.ThrowWin32Exception("Failed to allocate memory in the target process", syscallResult);
}
try
{
return(Marshal.PtrToStructure <IntPtr>(baseAddressBuffer));
}
finally
{
LocalMemoryTools.FreeMemoryForBuffer(baseAddressBuffer);
LocalMemoryTools.FreeMemoryForBuffer(sizeBuffer);
}
}
internal IntPtr Invoke(SafeProcessHandle processHandle, int allocationSize, Enumerations.MemoryProtectionType protectionType)
{
// Initialise a buffer to store the returned address of the allocated memory region
var memoryRegionAddressBuffer = MemoryTools.AllocateMemoryForBuffer(IntPtr.Size);
// Store the size of the allocation in a buffer
var allocationSizeBuffer = MemoryTools.StoreStructureInBuffer(allocationSize);
// Perform the syscall
const Enumerations.MemoryAllocationType allocationType = Enumerations.MemoryAllocationType.Commit | Enumerations.MemoryAllocationType.Reserve;
var syscallResult = _ntAllocateVirtualMemoryDelegate(processHandle, memoryRegionAddressBuffer, 0, allocationSizeBuffer, allocationType, protectionType);
if (syscallResult != Enumerations.NtStatus.Success)
{
ExceptionHandler.ThrowWin32Exception("Failed to allocate memory in the target process", syscallResult);
}
// Marshal the returned address of the memory region from the buffer
var memoryRegionAddress = Marshal.PtrToStructure <IntPtr>(memoryRegionAddressBuffer);
MemoryTools.FreeMemoryForBuffer(memoryRegionAddressBuffer);
MemoryTools.FreeMemoryForBuffer(allocationSizeBuffer);
return(memoryRegionAddress);
}
internal static IntPtr AllocateMemoryForBuffer(int allocationSize)
{
// Allocate memory for a buffer in the local process
const Enumerations.MemoryAllocationType allocationType = Enumerations.MemoryAllocationType.Commit | Enumerations.MemoryAllocationType.Reserve;
var buffer = PInvoke.VirtualAlloc(IntPtr.Zero, (uint)allocationSize, allocationType, Enumerations.MemoryProtectionType.ExecuteReadWrite);
if (buffer == IntPtr.Zero)
{
ExceptionHandler.ThrowWin32Exception("Failed to allocate memory in the local process");
}
// Zero the memory in the buffer
PInvoke.RtlZeroMemory(buffer, (uint)allocationSize);
return(buffer);
}
internal static extern IntPtr VirtualAlloc(IntPtr baseAddress, uint allocationSize, Enumerations.MemoryAllocationType allocationType, Enumerations.MemoryProtectionType protectionType);
