public static IntPtr NtOpenProcess(UInt32 ProcessId, Data.Win32.Kernel32.ProcessAccessFlags DesiredAccess) { // Create OBJECT_ATTRIBUTES & CLIENT_ID ref's IntPtr ProcessHandle = IntPtr.Zero; Data.Native.OBJECT_ATTRIBUTES oa = new Data.Native.OBJECT_ATTRIBUTES(); Data.Native.CLIENT_ID ci = new Data.Native.CLIENT_ID(); ci.UniqueProcess = (IntPtr)ProcessId; // Craft an array for the arguments object[] funcargs = { ProcessHandle, DesiredAccess, oa, ci }; Data.Native.NTSTATUS retValue = (Data.Native.NTSTATUS)Generic.DynamicAPIInvoke(@"ntdll.dll", @"NtOpenProcess", typeof(DELEGATES.NtOpenProcess), ref funcargs); if (retValue != Data.Native.NTSTATUS.Success && retValue == Data.Native.NTSTATUS.InvalidCid) { throw new InvalidOperationException("An invalid client ID was specified."); } if (retValue != Data.Native.NTSTATUS.Success) { throw new UnauthorizedAccessException("Access is denied."); } // Update the modified variables ProcessHandle = (IntPtr)funcargs[0]; return(ProcessHandle); }
/// <summary> /// Uses DynamicInvocation to call the OpenProcess Win32 API. https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess /// </summary> /// <author>The Wover (@TheRealWover)</author> /// <param name="dwDesiredAccess"></param> /// <param name="bInheritHandle"></param> /// <param name="dwProcessId"></param> /// <returns></returns> public static IntPtr OpenProcess(Data.Win32.Kernel32.ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, UInt32 dwProcessId) { // Craft an array for the arguments object[] funcargs = { dwDesiredAccess, bInheritHandle, dwProcessId }; return((IntPtr)Generic.DynamicAPIInvoke(@"kernel32.dll", @"OpenProcess", typeof(Delegates.OpenProcess), ref funcargs)); }