public static SafeMemoryHandle CreateThread(SafeMemoryHandle processHandle,
IntPtr startMethodAddress, IntPtr parameterAddress,
SecurityAttributes threadAttributes = default(SecurityAttributes),
ThreadCreationFlags creationFlags = 0, int stackSize = 0)
{
int threadId;
SafeMemoryHandle threadHandle = Imports.CreateRemoteThread(
processHandle,
ref threadAttributes,
stackSize,
startMethodAddress,
parameterAddress,
creationFlags,
out threadId);
if (threadHandle.IsInvalid)
{
throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " +
$"Unable to create thread with " +
$"0x{processHandle.DangerousGetHandle().ToString("X")} using " +
$"0x{startMethodAddress.ToString($"X{IntPtr.Size}")}(0x{parameterAddress.ToString($"X{IntPtr.Size}")}) " +
$"Attributes[InheritHandle: {threadAttributes.InheritHandle}, " +
$"Length: {threadAttributes.Length}, " +
$"SecurityDescriptor: {threadAttributes.SecurityDescriptor.ToString($"X{IntPtr.Size}")}] " +
$"CreationFlags: 0x{creationFlags.ToString("X")} StackSize: {stackSize}");
}
return(threadHandle);
}
public static bool Free(SafeMemoryHandle processHandle, IntPtr address, int size = 0, MemoryFreeType free = MemoryFreeType.MEM_RELEASE)
{
if (!Imports.VirtualFreeEx(processHandle, address, size, free))
{
throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " +
$"Unable to free memory from process handle " +
$"0x{processHandle.DangerousGetHandle().ToString("X")} at 0x{address.ToString($"X{IntPtr.Size}")}[Size: {size}]");
}
return(true);
}
public static IntPtr GetProcAddress(SafeMemoryHandle moduleHandle, string methodName)
{
IntPtr address = Imports.GetProcAddress(moduleHandle, methodName);
if (address == IntPtr.Zero)
{
throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " +
$"Unable to get address of 0x{moduleHandle.DangerousGetHandle().ToString("X")}({methodName})");
}
return(address);
}
public static bool Is64BitProcess(SafeMemoryHandle processHandle)
{
bool Is64BitProcess;
if (!Imports.IsWow64Process(processHandle, out Is64BitProcess))
{
throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " +
$"Unable to determine if process handle 0x{processHandle.DangerousGetHandle().ToString("X")} is 64 bit");
}
return(!Is64BitProcess);
}
public static int GetProcessId(SafeMemoryHandle processHandle)
{
int pId = Imports.GetProcessId(processHandle);
if (pId == 0)
{
throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " +
$"Unable to get Id from process handle 0x{processHandle.DangerousGetHandle().ToString("X")}");
}
return(pId);
}
public static MemoryBasicInformation Query(SafeMemoryHandle processHandle, IntPtr address, int size)
{
MemoryBasicInformation memInfo;
if (Imports.VirtualQueryEx(processHandle, address, out memInfo, size) == 0)
{
throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " +
$"Unable to retrieve memory information with " +
$"0x{processHandle.DangerousGetHandle().ToString("X")} from " +
$"0x{address.ToString($"X{IntPtr.Size}")}[Size: {size}]");
}
return(memInfo);
}
public static MemoryProtectionType ChangeMemoryProtection(SafeMemoryHandle processHandle, IntPtr address, int size,
MemoryProtectionType newProtect = MemoryProtectionType.PAGE_EXECUTE_READWRITE)
{
MemoryProtectionType oldProtect;
if (!Imports.VirtualProtectEx(processHandle, address, size, newProtect, out oldProtect))
{
throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " +
$"Unable to change memory protection of process handle " +
$"0x{processHandle.DangerousGetHandle().ToString("X")} at 0x{address.ToString($"X{IntPtr.Size}")}[Size: {size}] to {newProtect.ToString("X")}");
}
return(oldProtect);
}
public static IntPtr Alloc(SafeMemoryHandle processHandle, [Optional] IntPtr address, int size,
MemoryProtectionType protect = MemoryProtectionType.PAGE_EXECUTE_READWRITE)
{
IntPtr memAddress = Imports.VirtualAllocEx(processHandle, address, size, MemoryAllocationState.MEM_COMMIT, protect);
if (memAddress == IntPtr.Zero)
{
throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " +
$"Unable to allocate memory to process handle " +
$"0x{processHandle.DangerousGetHandle().ToString("X")} at 0x{address.ToString($"X{IntPtr.Size}")}[Size: {size}]");
}
return(memAddress);
}
public static string GetClassName(SafeMemoryHandle windowHandle)
{
StringBuilder className = new StringBuilder(char.MaxValue);
if (Imports.GetClassName(windowHandle, className, className.Capacity) == 0)
{
throw new Win32Exception($"[Win32 Error: {Marshal.GetLastWin32Error()}] " +
$"Unable to get class name from window handle 0x{windowHandle.DangerousGetHandle().ToString("X")}");
}
return(className.ToString());
}
