Exemplo n.º 1
0
        public static ulong GetKernelBase()
        {
            ulong buffer;
            uint  bufferSize = 2048;

            buffer = (ulong)Marshal.AllocHGlobal((int)bufferSize);

            uint status = NT.NtQuerySystemInformation(11 /*SystemModuleInformation*/, buffer, (uint)bufferSize, out bufferSize);

            if (status == 0xC0000004L /*STATUS_INFO_LENGTH_MISMATCH*/)
            {
                Marshal.FreeHGlobal((IntPtr)buffer);
                buffer = (ulong)Marshal.AllocHGlobal((int)bufferSize);

                status = NT.NtQuerySystemInformation(11 /*SystemModuleInformation*/, buffer, (uint)bufferSize, out bufferSize);
            }

            if (status != 0)
            {
                throw new Exception("GetKernelBase Failed");
            }

            NT._RTL_PROCESS_MODULES *modulesPointer = (NT._RTL_PROCESS_MODULES *)buffer;

            return((ulong)modulesPointer->Modules.ImageBase);
        }