public static extern NtStatus NtQueryInformationProcess( SafeKernelObjectHandle ProcessHandle, ProcessInformationClass ProcessInformationClass, SafeBuffer ProcessInformation, int ProcessInformationLength, out int ReturnLength );
public void KphQueryInformationProcess( ProcessHandle processHandle, ProcessInformationClass processInformationClass, IntPtr processInformation, int processInformationLength, out int returnLength ) { byte *inData = stackalloc byte[0x14]; int returnLengthLocal; *(int *)inData = processHandle; *(int *)(inData + 0x4) = (int)processInformationClass; *(int *)(inData + 0x8) = processInformation.ToInt32(); *(int *)(inData + 0xc) = processInformationLength; *(int *)(inData + 0x10) = (int)&returnLengthLocal; try { _fileHandle.IoControl(CtlCode(Control.KphQueryInformationProcess), inData, 0x14, null, 0); } finally { returnLength = returnLengthLocal; } }
private void WinApiIsProcessDebugPort() { ProcessInformationClass flag = ProcessInformationClass.ProcessDebugPort; bool check = Functions.WinApiNtQueryInformationProcess <IntPtr>(Process, flag) != IntPtr.Zero; LoggingService.Info($"{System.Reflection.MethodBase.GetCurrentMethod().Name}() => {check}."); }
internal unsafe T QueryInformationProcess <T>(ProcessInformationClass infoClass, ref T buff, out uint returnSize) where T : unmanaged { fixed(void *buffP = &buff) { PInvoke.NTSTATUS status = NtQueryInformationProcess(handle, infoClass, buffP, (uint)sizeof(T), out returnSize); if (status.Severity != PInvoke.NTSTATUS.SeverityCode.STATUS_SEVERITY_SUCCESS) { throw new PInvoke.NTStatusException(status); } return(buff); } }
public uint Call(IntPtr handle, ProcessInformationClass pic, out IMemoryPointer result, int resultLength, out IMemoryPointer bytesRead) { IMemoryPointer bytesReadInternal = GameSharpProcess.Instance.AllocateManagedMemory(resultLength); IMemoryPointer resultInternal = GameSharpProcess.Instance.AllocateManagedMemory(resultLength); uint retval = Call <uint>(handle, pic, resultInternal.Address, (uint)resultLength, bytesReadInternal.Address); bytesRead = bytesReadInternal; result = resultInternal; return(retval); }
internal static T QueryInformation <T>(this Process process, ProcessInformationClass informationClass) where T : unmanaged { Span <byte> informationBlock = stackalloc byte[Unsafe.SizeOf <T>()]; var ntStatus = Ntdll.NtQueryInformationProcess(process.SafeHandle, informationClass, out informationBlock[0], informationBlock.Length, out _); if (ntStatus != NtStatus.Success) { throw new Win32Exception(Ntdll.RtlNtStatusToDosError(ntStatus)); } return(MemoryMarshal.Read <T>(informationBlock)); }
public void KphSetInformationProcess( ProcessHandle processHandle, ProcessInformationClass processInformationClass, IntPtr processInformation, int processInformationLength ) { byte *inData = stackalloc byte[0x10]; *(int *)inData = processHandle; *(int *)(inData + 0x4) = (int)processInformationClass; *(int *)(inData + 0x8) = processInformation.ToInt32(); *(int *)(inData + 0xc) = processInformationLength; _fileHandle.IoControl(CtlCode(Control.KphSetInformationProcess), inData, 0x10, null, 0); }
internal unsafe T[] QueryInformationProcessArrayInternal <T>(ProcessInformationClass infoClass, ref T[] buff, ref uint validItemCount) where T : unmanaged { uint returnSize = 0; fixed(void *buffP = buff) { try { PInvoke.NTSTATUS status = NtQueryInformationProcess(handle, infoClass, buffP, (uint)sizeof(T) * validItemCount, out returnSize); if (status.Severity != PInvoke.NTSTATUS.SeverityCode.STATUS_SEVERITY_SUCCESS) { throw new PInvoke.NTStatusException(status); } return(buff); } finally { validItemCount = returnSize / ((uint)sizeof(T)); } } }
internal IntPtr[] QueryInformationProcessArray <T>(ProcessInformationClass infoClass) { uint validItems = 1; IntPtr[] buff; for (; ;) { buff = new IntPtr[validItems]; try { QueryInformationProcessArrayInternal(infoClass, ref buff, ref validItems); } catch (PInvoke.NTStatusException err) when(err.NativeErrorCode == PInvoke.NTSTATUS.Code.STATUS_INFO_LENGTH_MISMATCH) { continue; } break; } return(buff); }
/// <summary> /// Wrapper for the NtQueryInformationProcess delegate, this will make the code more readable. /// </summary> /// <typeparam name="T"></typeparam> /// <param name="process"></param> /// <param name="pic"></param> /// <returns></returns> public static T NtQueryInformationProcess <T>(GameSharpProcess process, ProcessInformationClass pic) where T : struct { T returnResult = default; uint ntResult = NtQueryInformationProcessWrapper.Call(process.NativeHandle, pic, out IMemoryPointer returnPtr, Marshal.SizeOf <T>(), out IMemoryPointer _); // https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55 if (ntResult == 0) { returnResult = returnPtr.Read <T>(); } //else //{ // LoggingService.Error( // $"Flag: {pic.ToString()}" + // $", Couldn't query NtQueryInformationProcess, Error code: {Marshal.GetLastWin32Error().ToString("X")}" + // $", Return value of NtQueryInformationProcess function is 0x{ntResult.ToString("X")}"); //} return(returnResult); }
/// <summary> /// /// </summary> /// <param name="ProcessHandle"></param> /// <param name="InfoClass"></param> /// <param name="Info"></param> /// <param name="InfoLength"></param> /// <param name="ReturnLength"></param> /// <returns></returns> public static NTSTATUS NtQueryInformationProcess(IntPtr ProcessHandle, ProcessInformationClass InfoClass, IntPtr Info, uint InfoLength, out uint ReturnLength, [CallerMemberName] string callerName = "") { if (!PInvokeDebugger.LoggingEnabled) { return(PInvoke_NtQueryInformationProcess(ProcessHandle, InfoClass, Info, InfoLength, out ReturnLength)); } NTSTATUS returnValue = PInvoke_NtQueryInformationProcess(ProcessHandle, InfoClass, Info, InfoLength, out ReturnLength); PInvokeDebugInfo debugInfo = PInvokeDebugInfo.TraceDebugInfo( ModuleName, nameof(NtQueryInformationProcess), callerName, returnValue, nameof(ProcessHandle), ProcessHandle, nameof(InfoClass), InfoClass, nameof(Info), Info, nameof(InfoLength), InfoLength, nameof(ReturnLength), ReturnLength ); PInvokeDebugger.SafeCapture(debugInfo); return(returnValue); }
internal static extern NtStatus NtQueryInformationProcess(SafeProcessHandle processHandle, ProcessInformationClass processInformationClass, IntPtr processInformation, int bufferSize, IntPtr returnLength);
internal static extern NtStatus NtQueryInformationProcess(SafeProcessHandle processHandle, ProcessInformationClass processInformationClass, ref byte processInformation, int processInformationLength, out int returnLength);
public static unsafe extern int NtQueryInformationProcess(SafeHandle hProcess, ProcessInformationClass infoClass, void *buffer, int size, int *actualSize = null);
public static extern int NtQueryInformationProcess(SafeMemoryHandle processHandle, ProcessInformationClass infoclass, ref ProcessBasicInformation processinfo, int length, IntPtr bytesread);
public void KphSetInformationProcess( ProcessHandle processHandle, ProcessInformationClass processInformationClass, IntPtr processInformation, int processInformationLength ) { byte* inData = stackalloc byte[0x10]; *(int*)inData = processHandle; *(int*)(inData + 0x4) = (int)processInformationClass; *(int*)(inData + 0x8) = processInformation.ToInt32(); *(int*)(inData + 0xc) = processInformationLength; _fileHandle.IoControl(CtlCode(Control.KphSetInformationProcess), inData, 0x10, null, 0); }
public static extern Int32 NtQueryInformationProcess(IntPtr processHandle, ProcessInformationClass processInformationClass, ref ProcessBasicInformation processInformation, Int32 processInformationLength, out Int32 returnLength);
public static extern uint NtQueryInformationProcess(SafeHandle handle, ProcessInformationClass processInformationClass, IntPtr processInformation, uint processInformationLength, out uint returnLength);
internal static extern unsafe PInvoke.NTSTATUS NtQueryInformationProcess(SafeProcessHandle handle, ProcessInformationClass informationClass, void *buffer, uint bufferLength, out uint returnLength);
/// <summary> /// Wrapper for the defautl WinApi NtQueryInformationProcess, makes the code more readable. /// </summary> /// <typeparam name="T"></typeparam> /// <param name="process"></param> /// <param name="pic"></param> /// <returns></returns> public static T WinApiNtQueryInformationProcess <T>(GameSharpProcess process, ProcessInformationClass pic) where T : struct { T returnResult = default; IMemoryPointer ntResult = process.AllocateManagedMemory(Marshal.SizeOf <T>()); uint result = Ntdll.NtQueryInformationProcess(process.NativeHandle, pic, ntResult.Address, Marshal.SizeOf <T>(), out int _); if (result == 0) { returnResult = ntResult.Read <T>(); } else { LoggingService.Error( $"Couldn't query NtQueryInformationProcess, Error code: {Marshal.GetLastWin32Error().ToString("X")}, " + $"Return value of NtQueryInformationProcess function is 0x{result.ToString("X")}."); } return(returnResult); }
public static extern uint NtQueryInformationProcess(IntPtr processHandle, ProcessInformationClass processInformationClass, IntPtr processInformation, int bufferSize, out int returnLength);
public static extern NtStatus NtQueryInformationProcess( [In] IntPtr ProcessHandle, [In] ProcessInformationClass ProcessInformationClass, out int ProcessInformation, [In] int ProcessInformationLength, [Optional] out int ReturnLength);
internal static extern NTSTATUS PInvoke_NtQueryInformationProcess(IntPtr ProcessHandle, ProcessInformationClass InfoClass, IntPtr Info, uint InfoLength, out uint ReturnLength);
public static extern int NtQueryInformationProcess(IntPtr hProcess, ProcessInformationClass infoClass, IntPtr buffer, uint size, out uint actualSize);
public void KphQueryInformationProcess( ProcessHandle processHandle, ProcessInformationClass processInformationClass, IntPtr processInformation, int processInformationLength, out int returnLength ) { byte* inData = stackalloc byte[0x14]; int returnLengthLocal; *(int*)inData = processHandle; *(int*)(inData + 0x4) = (int)processInformationClass; *(int*)(inData + 0x8) = processInformation.ToInt32(); *(int*)(inData + 0xc) = processInformationLength; *(int*)(inData + 0x10) = (int)&returnLengthLocal; try { _fileHandle.IoControl(CtlCode(Control.KphQueryInformationProcess), inData, 0x14, null, 0); } finally { returnLength = returnLengthLocal; } }
public static extern unsafe Hresult QueryInformationProcess( [In] SafeProcessHandle processHandle, [In] ProcessInformationClass processInformationClass, [In, Out] ProcessBasicInformation *processInformation, [In, MarshalAs(UnmanagedType.I4)] int processInformationLength, [In, Out, Optional] long *returnLength);
public static extern int NtSetInformationProcess(IntPtr hProcss, ProcessInformationClass info, ref int memoryPriority, int size);