public int GetModuleSummaryList(int pid, out ModuleSummary[] result) { result = new ModuleSummary[0]; if (driverHandle != WinApi.INVALID_HANDLE_VALUE) { // Im lazy as f**k, so I just open a LARGE buffer int bufferSize = 1000 * 533; IntPtr bufferPointer = MarshalUtility.AllocZeroFilled(bufferSize); KERNEL_QUERY_PROCESS_INFO_OPERATION operation = new KERNEL_QUERY_PROCESS_INFO_OPERATION { targetProcessId = pid, bufferSize = bufferSize, bufferAddress = (ulong)bufferPointer.ToInt64() }; IntPtr operationPointer = MarshalUtility.CopyStructToMemory(operation); int operationSize = Marshal.SizeOf <KERNEL_QUERY_PROCESS_INFO_OPERATION>(); if (WinApi.DeviceIoControl(driverHandle, IO_QUERY_PROCESS_INFO, operationPointer, operationSize, operationPointer, operationSize, IntPtr.Zero, IntPtr.Zero)) { operation = MarshalUtility.GetStructFromMemory <KERNEL_QUERY_PROCESS_INFO_OPERATION>(operationPointer); if (operation.moduleCount > 0) { byte[] managedBuffer = new byte[bufferSize]; Marshal.Copy(bufferPointer, managedBuffer, 0, bufferSize); Marshal.FreeHGlobal(bufferPointer); result = new ModuleSummary[operation.moduleCount]; using (BinaryReader reader = new BinaryReader(new MemoryStream(managedBuffer))) { for (int i = 0; i < result.Length; i++) { result[i] = ModuleSummary.FromStream(reader); } } return(result.Length); } } else { int errCode = Marshal.GetLastWin32Error(); IntPtr tempptr = IntPtr.Zero; string msg = null; WinApi.FormatMessage(0x1300, ref tempptr, errCode, 0, ref msg, 255, ref tempptr); MessageBox.Show(msg); } } return(0); }
public bool GetProcessSummaryList(out ProcessSummary[] result) { result = new ProcessSummary[0]; if (driverHandle != WinApi.INVALID_HANDLE_VALUE) { int requiredBufferSize = GetProcessListRequiredBufferSize(); if (requiredBufferSize > 0) { IntPtr bufferPointer = MarshalUtility.AllocZeroFilled(requiredBufferSize); KERNEL_PROCESS_LIST_OPERATION operation = new KERNEL_PROCESS_LIST_OPERATION { bufferAddress = (ulong)bufferPointer.ToInt64(), bufferSize = requiredBufferSize }; IntPtr operationPointer = MarshalUtility.CopyStructToMemory(operation); int operationSize = Marshal.SizeOf <KERNEL_PROCESS_LIST_OPERATION>(); if (WinApi.DeviceIoControl(driverHandle, IO_GET_PROCESS_LIST, operationPointer, operationSize, operationPointer, operationSize, IntPtr.Zero, IntPtr.Zero)) { operation = MarshalUtility.GetStructFromMemory <KERNEL_PROCESS_LIST_OPERATION>(operationPointer); if (operation.processCount > 0) { byte[] managedBuffer = new byte[requiredBufferSize]; Marshal.Copy(bufferPointer, managedBuffer, 0, requiredBufferSize); Marshal.FreeHGlobal(bufferPointer); result = new ProcessSummary[operation.processCount]; using (BinaryReader reader = new BinaryReader(new MemoryStream(managedBuffer))) { for (int i = 0; i < result.Length; i++) { result[i] = ProcessSummary.FromStream(reader); } } return(true); } } } } return(false); }
public bool CopyVirtualMemory(int targetProcessId, IntPtr targetAddress, IntPtr bufferAddress, int bufferSize) { if (driverHandle != WinApi.INVALID_HANDLE_VALUE) { KERNEL_COPY_MEMORY_OPERATION operation = new KERNEL_COPY_MEMORY_OPERATION { targetProcessId = targetProcessId, targetAddress = (ulong)targetAddress.ToInt64(), bufferAddress = (ulong)bufferAddress.ToInt64(), bufferSize = bufferSize }; IntPtr operationPointer = MarshalUtility.CopyStructToMemory(operation); bool result = WinApi.DeviceIoControl(driverHandle, IO_COPY_MEMORY, operationPointer, Marshal.SizeOf <KERNEL_COPY_MEMORY_OPERATION>(), IntPtr.Zero, 0, IntPtr.Zero, IntPtr.Zero); Marshal.FreeHGlobal(operationPointer); return(result); } return(false); }