/// <summary> /// Returns a collection of handles that are currently active within the system /// </summary> /// <returns>A collection of active handles</returns> public static ICollection <HandleInfo> GetHandles() { byte[] buffer; NtStatus status; int size = 1024; uint actualSize = 0; do { buffer = new byte[size]; status = NtDll.NtQuerySystemInformation(SystemInformationType.HandleInformation, buffer, Convert.ToUInt32(size), ref actualSize); if (status != NtStatus.Success && status != NtStatus.BufferTooSmall && status != NtStatus.InfoLengthMismatch) { throw new Win32Exception("Could not retrieve system handle information"); } size = Convert.ToInt32(actualSize); } while (status != NtStatus.Success); int count = Seriz.Parse <int>(buffer); NtDll.SystemHandle[] systemHandles = Seriz.Parse <NtDll.SystemHandle>(buffer.Skip(4).ToArray(), count); List <HandleInfo> results = new List <HandleInfo>(); foreach (var handle in systemHandles) { results.Add(new HandleInfo(Convert.ToInt32(handle.ProcessId), handle.Type, new IntPtr(handle.Handle), handle.AccessMask)); } return(results); }
/// <summary> /// Reads an array of structures or instances of a formatted class from given address in virtual memory of the process /// </summary> /// <typeparam name="T">The type of structure or formatted class to be read</typeparam> /// <param name="address">The address to be read from</param> /// <param name="count">The number of elements in the array to be read</param> /// <returns>The array of structures or instances read from virtual memory of the process</returns> /// <exception cref="ArgumentException">If count is equal to or less than zero</exception> /// <exception cref="Win32Exception">On Windows API error</exception> /// <exception cref="InvalidOperationException">If the call succeeds but too few bytes were read</exception> public T[] Read <T>(IntPtr address, Int32 count) { if (count <= 0) { throw new ArgumentException("Count must be greater than zero"); } int size = Marshal.SizeOf <T>(); int totalSize = size * count; if (Buffer.Length < totalSize) { Buffer = new byte[totalSize]; } Read(address, Buffer, totalSize); return(Seriz.Parse <T>(Buffer, count)); }
/// <summary> /// Writes an array of structures or instances of a formatted class to given address in virtual memory of the process /// </summary> /// <typeparam name="T">The type of the structure or formatted class to be written</typeparam> /// <param name="address">The address to be written to</param> /// <param name="values">The array of structures or instances of a formatted class to be written</param> /// <exception cref="ArgumentException">If the given array is empty</exception> /// <exception cref="Win32Exception">On Windows API error</exception> /// <exception cref="InvalidOperationException">If the call succeeds but too few bytes were written</exception> public void Write <T>(IntPtr address, T[] values) { if (values == null) { throw new ArgumentNullException(nameof(values)); } if (values.Length == 0) { throw new ArgumentException("Cannot write an empty array"); } int size = Marshal.SizeOf <T>(); int totalSize = size * values.Length; if (Buffer.Length < totalSize) { Buffer = new byte[totalSize]; } Seriz.Serialize(Buffer, values); Write(address, Buffer, totalSize); }