public static SafeMemoryHandle CreateThread(SafeMemoryHandle processHandle, IntPtr startMethodAddress, IntPtr parameterAddress, SecurityAttributes threadAttributes = default(SecurityAttributes), ThreadCreationFlags creationFlags = 0, int stackSize = 0) { int threadId; SafeMemoryHandle threadHandle = Imports.CreateRemoteThread( processHandle, ref threadAttributes, stackSize, startMethodAddress, parameterAddress, creationFlags, out threadId); if (threadHandle.IsInvalid) { throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " + $"Unable to create thread with " + $"0x{processHandle.DangerousGetHandle().ToString("X")} using " + $"0x{startMethodAddress.ToString($"X{IntPtr.Size}")}(0x{parameterAddress.ToString($"X{IntPtr.Size}")}) " + $"Attributes[InheritHandle: {threadAttributes.InheritHandle}, " + $"Length: {threadAttributes.Length}, " + $"SecurityDescriptor: {threadAttributes.SecurityDescriptor.ToString($"X{IntPtr.Size}")}] " + $"CreationFlags: 0x{creationFlags.ToString("X")} StackSize: {stackSize}"); } return(threadHandle); }
public static bool Free(SafeMemoryHandle processHandle, IntPtr address, int size = 0, MemoryFreeType free = MemoryFreeType.MEM_RELEASE) { if (!Imports.VirtualFreeEx(processHandle, address, size, free)) { throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " + $"Unable to free memory from process handle " + $"0x{processHandle.DangerousGetHandle().ToString("X")} at 0x{address.ToString($"X{IntPtr.Size}")}[Size: {size}]"); } return(true); }
public static IntPtr GetProcAddress(SafeMemoryHandle moduleHandle, string methodName) { IntPtr address = Imports.GetProcAddress(moduleHandle, methodName); if (address == IntPtr.Zero) { throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " + $"Unable to get address of 0x{moduleHandle.DangerousGetHandle().ToString("X")}({methodName})"); } return(address); }
public static bool Is64BitProcess(SafeMemoryHandle processHandle) { bool Is64BitProcess; if (!Imports.IsWow64Process(processHandle, out Is64BitProcess)) { throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " + $"Unable to determine if process handle 0x{processHandle.DangerousGetHandle().ToString("X")} is 64 bit"); } return(!Is64BitProcess); }
public static int GetProcessId(SafeMemoryHandle processHandle) { int pId = Imports.GetProcessId(processHandle); if (pId == 0) { throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " + $"Unable to get Id from process handle 0x{processHandle.DangerousGetHandle().ToString("X")}"); } return(pId); }
public static MemoryBasicInformation Query(SafeMemoryHandle processHandle, IntPtr address, int size) { MemoryBasicInformation memInfo; if (Imports.VirtualQueryEx(processHandle, address, out memInfo, size) == 0) { throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " + $"Unable to retrieve memory information with " + $"0x{processHandle.DangerousGetHandle().ToString("X")} from " + $"0x{address.ToString($"X{IntPtr.Size}")}[Size: {size}]"); } return(memInfo); }
public static MemoryProtectionType ChangeMemoryProtection(SafeMemoryHandle processHandle, IntPtr address, int size, MemoryProtectionType newProtect = MemoryProtectionType.PAGE_EXECUTE_READWRITE) { MemoryProtectionType oldProtect; if (!Imports.VirtualProtectEx(processHandle, address, size, newProtect, out oldProtect)) { throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " + $"Unable to change memory protection of process handle " + $"0x{processHandle.DangerousGetHandle().ToString("X")} at 0x{address.ToString($"X{IntPtr.Size}")}[Size: {size}] to {newProtect.ToString("X")}"); } return(oldProtect); }
public static IntPtr Alloc(SafeMemoryHandle processHandle, [Optional] IntPtr address, int size, MemoryProtectionType protect = MemoryProtectionType.PAGE_EXECUTE_READWRITE) { IntPtr memAddress = Imports.VirtualAllocEx(processHandle, address, size, MemoryAllocationState.MEM_COMMIT, protect); if (memAddress == IntPtr.Zero) { throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " + $"Unable to allocate memory to process handle " + $"0x{processHandle.DangerousGetHandle().ToString("X")} at 0x{address.ToString($"X{IntPtr.Size}")}[Size: {size}]"); } return(memAddress); }
public static string GetClassName(SafeMemoryHandle windowHandle) { StringBuilder className = new StringBuilder(char.MaxValue); if (Imports.GetClassName(windowHandle, className, className.Capacity) == 0) { throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " + $"Unable to get class name from window handle 0x{windowHandle.DangerousGetHandle().ToString("X")}"); } return(className.ToString()); }