private T ReadProcessStruct <T>(int processId, IntPtr address) where T : struct { IntPtr buffer = MarshalUtility.AllocEmptyStruct <T>(); if (kernelDriver.CopyVirtualMemory(processId, address, buffer, Marshal.SizeOf <T>())) { return(MarshalUtility.GetStructFromMemory <T>(buffer)); } return(default(T)); }
private int GetProcessListRequiredBufferSize() { IntPtr operationPointer = MarshalUtility.AllocEmptyStruct <KERNEL_PROCESS_LIST_OPERATION>(); int operationSize = Marshal.SizeOf <KERNEL_PROCESS_LIST_OPERATION>(); if (WinApi.DeviceIoControl(driverHandle, IO_GET_PROCESS_LIST, operationPointer, operationSize, operationPointer, operationSize, IntPtr.Zero, IntPtr.Zero)) { KERNEL_PROCESS_LIST_OPERATION operation = MarshalUtility.GetStructFromMemory <KERNEL_PROCESS_LIST_OPERATION>(operationPointer); if (operation.processCount == 0 && operation.bufferSize > 0) { return(operation.bufferSize); } } return(0); }