private static uint NtQueryInformationProcess(IntPtr hProcess, Data.Native.PROCESSINFOCLASS processInfoClass, out IntPtr pProcInfo) { int processInformationLength; uint retLen = 0; switch (processInfoClass) { case Data.Native.PROCESSINFOCLASS.ProcessWow64Information: pProcInfo = Marshal.AllocHGlobal(IntPtr.Size); RtlZeroMemory(pProcInfo, IntPtr.Size); processInformationLength = IntPtr.Size; break; case Data.Native.PROCESSINFOCLASS.ProcessBasicInformation: var pbi = new Data.Native.PROCESS_BASIC_INFORMATION(); pProcInfo = Marshal.AllocHGlobal(Marshal.SizeOf(pbi)); RtlZeroMemory(pProcInfo, Marshal.SizeOf(pbi)); Marshal.StructureToPtr(pbi, pProcInfo, true); processInformationLength = Marshal.SizeOf(pbi); break; default: throw new InvalidOperationException($"Invalid ProcessInfoClass: {processInfoClass}"); } object[] parameters = { hProcess, processInfoClass, pProcInfo, processInformationLength, retLen }; var result = (uint)Generic.DynamicApiInvoke("ntdll.dll", "NtQueryInformationProcess", typeof(Delegates.NtQueryInformationProcess), ref parameters); pProcInfo = (IntPtr)parameters[2]; return(result); }
public static Data.Native.NTSTATUS NtQueryInformationProcess(IntPtr hProcess, Data.Native.PROCESSINFOCLASS processInfoClass, out IntPtr pProcInfo) { int processInformationLength; UInt32 RetLen = 0; switch (processInfoClass) { case Data.Native.PROCESSINFOCLASS.ProcessWow64Information: pProcInfo = Marshal.AllocHGlobal(IntPtr.Size); RtlZeroMemory(pProcInfo, IntPtr.Size); processInformationLength = IntPtr.Size; break; case Data.Native.PROCESSINFOCLASS.ProcessBasicInformation: Data.Native.PROCESS_BASIC_INFORMATION PBI = new Data.Native.PROCESS_BASIC_INFORMATION(); pProcInfo = Marshal.AllocHGlobal(Marshal.SizeOf(PBI)); RtlZeroMemory(pProcInfo, Marshal.SizeOf(PBI)); Marshal.StructureToPtr(PBI, pProcInfo, true); processInformationLength = Marshal.SizeOf(PBI); break; default: throw new InvalidOperationException($"Invalid ProcessInfoClass: {processInfoClass}"); } object[] funcargs = { hProcess, processInfoClass, pProcInfo, processInformationLength, RetLen }; Data.Native.NTSTATUS retValue = (Data.Native.NTSTATUS)Generic.DynamicAPIInvoke(@"ntdll.dll", @"NtQueryInformationProcess", typeof(DELEGATES.NtQueryInformationProcess), ref funcargs); if (retValue != Data.Native.NTSTATUS.Success) { throw new UnauthorizedAccessException("Access is denied."); } // Update the modified variables pProcInfo = (IntPtr)funcargs[2]; return(retValue); }