internal IntPtr AllocateBuffer(int bufferSize) { var buffer = _processContext.CallRoutine <IntPtr>(_processContext.GetFunctionAddress("kernel32.dll", "HeapAlloc"), _heapAddress, HeapAllocationType.ZeroMemory, bufferSize); if (buffer == IntPtr.Zero) { throw new ApplicationException("Failed to allocate a buffer in the process heap"); } _bufferCache.Add(buffer); return(buffer); }
private void CallInitialisationRoutines(DllReason reason) { // Call the entry point of any TLS callbacks foreach (var callbackAddress in _peImage.TlsDirectory.GetTlsCallbacks().Select(callBack => DllBaseAddress + callBack.RelativeAddress)) { _processContext.CallRoutine(callbackAddress, DllBaseAddress, reason, 0); } if (_peImage.Headers.PEHeader !.AddressOfEntryPoint == 0) { return; } // Call the entry point of the DLL var entryPointAddress = DllBaseAddress + _peImage.Headers.PEHeader !.AddressOfEntryPoint; if (!_processContext.CallRoutine <bool>(entryPointAddress, DllBaseAddress, reason, 0)) { throw new ApplicationException($"Failed to call the entry point of the DLL with {reason:G}"); } }
internal SafePebLock(ProcessContext processContext) { _processContext = processContext; processContext.CallRoutine(processContext.GetFunctionAddress("ntdll.dll", "RtlAcquirePebLock")); }
public void Dispose() { Executor.IgnoreExceptions(() => _processContext.CallRoutine(_processContext.GetFunctionAddress("ntdll.dll", "RtlReleasePebLock"))); }
public void Dispose() { _processContext.CallRoutine(_processContext.GetFunctionAddress("ntdll.dll", "RtlReleasePebLock")); }