/* Call Shellcode */ public long GetProcAddress(long hModule, string functionName) { var getProcAddressParams = new GetProcAddressParams(hModule, WriteNullTerminatedASCIIString(functionName)); long lpParameter = (long)_circularBuffer.Add(ref getProcAddressParams); IntPtr threadHandle = CreateRemoteThread(_targetProcess.Handle, IntPtr.Zero, UIntPtr.Zero, (IntPtr)_getProcAddressShellPtr, (IntPtr)lpParameter, CREATE_THREAD_FLAGS.RUN_IMMEDIATELY, out uint threadId); WaitForSingleObject(threadHandle, uint.MaxValue); _memory.Read((IntPtr)_getProcAddressReturnValuePtr, out long value); return(value); }
/// <summary> /// Tests the "Add" functionality of the <see cref="MemoryBuffer"/>; including /// the return of the correct pointer and CanItemFit. /// </summary> private unsafe void MemoryBufferAddGeneric(MemoryBuffer buffer, Process process) { // Setup test. ExternalMemory externalMemory = new ExternalMemory(process); // Disable item alignment. var bufferHeader = buffer.Properties; buffer.Properties = bufferHeader; // Get remaining space, items to place. int remainingBufferSpace = bufferHeader.Remaining; int structSize = Struct.GetSize <RandomIntStruct>(); int itemsToFit = remainingBufferSpace / structSize; // Generate array of random int structs. RandomIntStruct[] randomIntStructs = new RandomIntStruct[itemsToFit]; for (int x = 0; x < itemsToFit; x++) { randomIntStructs[x] = RandomIntStruct.BuildRandomStruct(); } // Fill the buffer and verify each item as it's added. for (int x = 0; x < itemsToFit; x++) { IntPtr writeAddress = buffer.Add(ref randomIntStructs[x], false, 1); // Read back and compare. externalMemory.Read(writeAddress, out RandomIntStruct actual); Assert.Equal(randomIntStructs[x], actual); } // Compare again, running the entire array this time. IntPtr bufferStartPtr = bufferHeader.DataPointer; for (int x = 0; x < itemsToFit; x++) { IntPtr readAddress = bufferStartPtr + (x * structSize); // Read back and compare. externalMemory.Read(readAddress, out RandomIntStruct actual); Assert.Equal(randomIntStructs[x], actual); } // The array is full, calling CanItemFit should return false. Assert.False(buffer.CanItemFit(ref randomIntStructs[0])); // Likewise, calling Add should return IntPtr.Zero. var randIntStr = RandomIntStruct.BuildRandomStruct(); Assert.Equal(IntPtr.Zero, buffer.Add(ref randIntStr, false, 1)); }
/// <summary> /// Tests the "Add" functionality of the <see cref="MemoryBuffer"/>, with raw data; /// including the return of the correct pointer and CanItemFit. /// </summary> private unsafe void MemoryBufferAddByteArray(MemoryBuffer buffer, Process process) { // Setup test. ExternalMemory externalMemory = new ExternalMemory(process); // Disable item alignment. var bufferHeader = buffer.Properties; buffer.Properties = bufferHeader; // Get remaining space, items to place. int remainingBufferSpace = bufferHeader.Remaining; var randomByteArray = RandomByteArray.GenerateRandomByteArray(remainingBufferSpace); byte[] rawArray = randomByteArray.Array; // Fill the buffer with the whole array. buffer.Add(rawArray, 1); // Compare against the array written. IntPtr bufferStartPtr = bufferHeader.DataPointer; for (int x = 0; x < remainingBufferSpace; x++) { IntPtr readAddress = bufferStartPtr + x; // Read back and compare. externalMemory.Read(readAddress, out byte actual); Assert.Equal(rawArray[x], actual); } // The array is full, calling CanItemFit should return false. Assert.False(buffer.CanItemFit(sizeof(byte))); // Likewise, calling Add should return IntPtr.Zero. byte testByte = 55; Assert.Equal(IntPtr.Zero, buffer.Add(ref testByte, false, 1)); }