public static IntPtr NtOpenProcess(UInt32 ProcessId, Data.Win32.Kernel32.ProcessAccessFlags DesiredAccess)
{
// Create OBJECT_ATTRIBUTES & CLIENT_ID ref's
IntPtr ProcessHandle = IntPtr.Zero;
Data.Native.OBJECT_ATTRIBUTES oa = new Data.Native.OBJECT_ATTRIBUTES();
Data.Native.CLIENT_ID ci = new Data.Native.CLIENT_ID();
ci.UniqueProcess = (IntPtr)ProcessId;
// Craft an array for the arguments
object[] funcargs =
{
ProcessHandle, DesiredAccess, oa, ci
};
Data.Native.NTSTATUS retValue = (Data.Native.NTSTATUS)Generic.DynamicAPIInvoke(@"ntdll.dll", @"NtOpenProcess", typeof(DELEGATES.NtOpenProcess), ref funcargs);
if (retValue != Data.Native.NTSTATUS.Success && retValue == Data.Native.NTSTATUS.InvalidCid)
{
throw new InvalidOperationException("An invalid client ID was specified.");
}
if (retValue != Data.Native.NTSTATUS.Success)
{
throw new UnauthorizedAccessException("Access is denied.");
}
// Update the modified variables
ProcessHandle = (IntPtr)funcargs[0];
return(ProcessHandle);
}
/// <summary>
/// Uses DynamicInvocation to call the OpenProcess Win32 API. https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess
/// </summary>
/// <author>The Wover (@TheRealWover)</author>
/// <param name="dwDesiredAccess"></param>
/// <param name="bInheritHandle"></param>
/// <param name="dwProcessId"></param>
/// <returns></returns>
public static IntPtr OpenProcess(Data.Win32.Kernel32.ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, UInt32 dwProcessId)
{
// Craft an array for the arguments
object[] funcargs =
{
dwDesiredAccess, bInheritHandle, dwProcessId
};
return((IntPtr)Generic.DynamicAPIInvoke(@"kernel32.dll", @"OpenProcess",
typeof(Delegates.OpenProcess), ref funcargs));
}
