internal IntPtr Invoke(SafeProcessHandle processHandle, int allocationSize, Enumerations.MemoryProtectionType protectionType)
{
// Initialise a buffer to store the returned address of the allocated memory region
var memoryRegionAddressBuffer = MemoryTools.AllocateMemoryForBuffer(IntPtr.Size);
// Store the size of the allocation in a buffer
var allocationSizeBuffer = MemoryTools.StoreStructureInBuffer(allocationSize);
// Perform the syscall
const Enumerations.MemoryAllocationType allocationType = Enumerations.MemoryAllocationType.Commit | Enumerations.MemoryAllocationType.Reserve;
var syscallResult = _ntAllocateVirtualMemoryDelegate(processHandle, memoryRegionAddressBuffer, 0, allocationSizeBuffer, allocationType, protectionType);
if (syscallResult != Enumerations.NtStatus.Success)
{
ExceptionHandler.ThrowWin32Exception("Failed to allocate memory in the target process", syscallResult);
}
// Marshal the returned address of the memory region from the buffer
var memoryRegionAddress = Marshal.PtrToStructure <IntPtr>(memoryRegionAddressBuffer);
MemoryTools.FreeMemoryForBuffer(memoryRegionAddressBuffer);
MemoryTools.FreeMemoryForBuffer(allocationSizeBuffer);
return(memoryRegionAddress);
}
internal IntPtr Invoke(SafeProcessHandle processHandle, IntPtr baseAddress, int size, Enumerations.MemoryProtectionType protectionType)
{
// Store the base address of the allocation in a buffer
var baseAddressBuffer = LocalMemoryTools.StoreStructureInBuffer(baseAddress);
// Store the size of the allocation in a buffer
var sizeBuffer = LocalMemoryTools.StoreStructureInBuffer(size);
// Perform the syscall
const Enumerations.MemoryAllocationType allocationType = Enumerations.MemoryAllocationType.Commit | Enumerations.MemoryAllocationType.Reserve;
var syscallResult = _ntAllocateVirtualMemoryDelegate(processHandle, baseAddressBuffer, 0, sizeBuffer, allocationType, protectionType);
if (syscallResult != Enumerations.NtStatus.Success)
{
ExceptionHandler.ThrowWin32Exception("Failed to allocate memory in the target process", syscallResult);
}
try
{
return(Marshal.PtrToStructure <IntPtr>(baseAddressBuffer));
}
finally
{
LocalMemoryTools.FreeMemoryForBuffer(baseAddressBuffer);
LocalMemoryTools.FreeMemoryForBuffer(sizeBuffer);
}
}
internal Enumerations.MemoryProtectionType Invoke(SafeProcessHandle processHandle, IntPtr baseAddress, int protectionSize, Enumerations.MemoryProtectionType newProtectionType)
{
// Store the base address of the memory region to protect in a buffer
var baseAddressBuffer = MemoryTools.StoreStructureInBuffer(baseAddress);
// Store the protection size in a buffer
var protectionSizeBuffer = MemoryTools.StoreStructureInBuffer(protectionSize);
// Initialise a buffer to store the returned old protection of the memory region
var oldProtectionBuffer = MemoryTools.AllocateMemoryForBuffer(sizeof(ulong));
// Perform the syscall
var syscallResult = _ntProtectVirtualMemoryDelegate(processHandle, baseAddressBuffer, protectionSizeBuffer, newProtectionType, oldProtectionBuffer);
if (syscallResult != Enumerations.NtStatus.Success)
{
ExceptionHandler.ThrowWin32Exception("Failed to protect memory in the target process", syscallResult);
}
// Marshal the returned old protection of the memory region from the buffer
var oldProtection = (Enumerations.MemoryProtectionType)Marshal.PtrToStructure <ulong>(oldProtectionBuffer);
MemoryTools.FreeMemoryForBuffer(baseAddressBuffer);
MemoryTools.FreeMemoryForBuffer(protectionSizeBuffer);
MemoryTools.FreeMemoryForBuffer(oldProtectionBuffer);
return(oldProtection);
}
internal Enumerations.MemoryProtectionType ProtectVirtualMemory(IntPtr baseAddress, int protectionSize, Enumerations.MemoryProtectionType newProtectionType)
{
return((Enumerations.MemoryProtectionType)_syscallManager.InvokeSyscall <NtProtectVirtualMemory>(_processHandle, baseAddress, protectionSize, newProtectionType));
}
internal IntPtr AllocateVirtualMemory(int allocationSize, Enumerations.MemoryProtectionType protectionType)
{
return((IntPtr)_syscallManager.InvokeSyscall <NtAllocateVirtualMemory>(_processHandle, allocationSize, protectionType));
}
internal static extern IntPtr VirtualAlloc(IntPtr baseAddress, uint allocationSize, Enumerations.MemoryAllocationType allocationType, Enumerations.MemoryProtectionType protectionType);
