internal IntPtr Invoke(SafeProcessHandle processHandle, int allocationSize, Enumerations.MemoryProtectionType protectionType) { // Initialise a buffer to store the returned address of the allocated memory region var memoryRegionAddressBuffer = MemoryTools.AllocateMemoryForBuffer(IntPtr.Size); // Store the size of the allocation in a buffer var allocationSizeBuffer = MemoryTools.StoreStructureInBuffer(allocationSize); // Perform the syscall const Enumerations.MemoryAllocationType allocationType = Enumerations.MemoryAllocationType.Commit | Enumerations.MemoryAllocationType.Reserve; var syscallResult = _ntAllocateVirtualMemoryDelegate(processHandle, memoryRegionAddressBuffer, 0, allocationSizeBuffer, allocationType, protectionType); if (syscallResult != Enumerations.NtStatus.Success) { ExceptionHandler.ThrowWin32Exception("Failed to allocate memory in the target process", syscallResult); } // Marshal the returned address of the memory region from the buffer var memoryRegionAddress = Marshal.PtrToStructure <IntPtr>(memoryRegionAddressBuffer); MemoryTools.FreeMemoryForBuffer(memoryRegionAddressBuffer); MemoryTools.FreeMemoryForBuffer(allocationSizeBuffer); return(memoryRegionAddress); }
internal IntPtr Invoke(SafeProcessHandle processHandle, IntPtr baseAddress, int size, Enumerations.MemoryProtectionType protectionType) { // Store the base address of the allocation in a buffer var baseAddressBuffer = LocalMemoryTools.StoreStructureInBuffer(baseAddress); // Store the size of the allocation in a buffer var sizeBuffer = LocalMemoryTools.StoreStructureInBuffer(size); // Perform the syscall const Enumerations.MemoryAllocationType allocationType = Enumerations.MemoryAllocationType.Commit | Enumerations.MemoryAllocationType.Reserve; var syscallResult = _ntAllocateVirtualMemoryDelegate(processHandle, baseAddressBuffer, 0, sizeBuffer, allocationType, protectionType); if (syscallResult != Enumerations.NtStatus.Success) { ExceptionHandler.ThrowWin32Exception("Failed to allocate memory in the target process", syscallResult); } try { return(Marshal.PtrToStructure <IntPtr>(baseAddressBuffer)); } finally { LocalMemoryTools.FreeMemoryForBuffer(baseAddressBuffer); LocalMemoryTools.FreeMemoryForBuffer(sizeBuffer); } }
internal Enumerations.MemoryProtectionType Invoke(SafeProcessHandle processHandle, IntPtr baseAddress, int protectionSize, Enumerations.MemoryProtectionType newProtectionType) { // Store the base address of the memory region to protect in a buffer var baseAddressBuffer = MemoryTools.StoreStructureInBuffer(baseAddress); // Store the protection size in a buffer var protectionSizeBuffer = MemoryTools.StoreStructureInBuffer(protectionSize); // Initialise a buffer to store the returned old protection of the memory region var oldProtectionBuffer = MemoryTools.AllocateMemoryForBuffer(sizeof(ulong)); // Perform the syscall var syscallResult = _ntProtectVirtualMemoryDelegate(processHandle, baseAddressBuffer, protectionSizeBuffer, newProtectionType, oldProtectionBuffer); if (syscallResult != Enumerations.NtStatus.Success) { ExceptionHandler.ThrowWin32Exception("Failed to protect memory in the target process", syscallResult); } // Marshal the returned old protection of the memory region from the buffer var oldProtection = (Enumerations.MemoryProtectionType)Marshal.PtrToStructure <ulong>(oldProtectionBuffer); MemoryTools.FreeMemoryForBuffer(baseAddressBuffer); MemoryTools.FreeMemoryForBuffer(protectionSizeBuffer); MemoryTools.FreeMemoryForBuffer(oldProtectionBuffer); return(oldProtection); }
internal Enumerations.MemoryProtectionType ProtectVirtualMemory(IntPtr baseAddress, int protectionSize, Enumerations.MemoryProtectionType newProtectionType) { return((Enumerations.MemoryProtectionType)_syscallManager.InvokeSyscall <NtProtectVirtualMemory>(_processHandle, baseAddress, protectionSize, newProtectionType)); }
internal IntPtr AllocateVirtualMemory(int allocationSize, Enumerations.MemoryProtectionType protectionType) { return((IntPtr)_syscallManager.InvokeSyscall <NtAllocateVirtualMemory>(_processHandle, allocationSize, protectionType)); }
internal static extern IntPtr VirtualAlloc(IntPtr baseAddress, uint allocationSize, Enumerations.MemoryAllocationType allocationType, Enumerations.MemoryProtectionType protectionType);