public static IntPtr CreateRemoteThread( Process p, IntPtr address, IntPtr param, CreateThreadFlags flags) { return(Kernel32.CreateRemoteThread(p.Id, address, param, flags)); }
public static IntPtr CreateRemoteThread( int pid, IntPtr address, IntPtr param, CreateThreadFlags flags) { IntPtr processHandle = Kernel32.GetProcessHandle(new IntPtr(pid), ProcessAccessFlags.CreateThread | ProcessAccessFlags.VMOperation | ProcessAccessFlags.VMRead | ProcessAccessFlags.VMWrite | ProcessAccessFlags.QueryInformation); IntPtr remoteThread = Kernel32.CreateRemoteThread(processHandle, IntPtr.Zero, 0U, address, param, (uint)flags, IntPtr.Zero); if (remoteThread == IntPtr.Zero) { throw new Win32Exception(Marshal.GetLastWin32Error()); } Kernel32.CloseProcessHandle(processHandle); return(remoteThread); }
public static bool CallRemoteFunction(int pid, string module, string function, IntPtr param) { IntPtr hModule = Kernel32.LoadLibraryEx(module, LoadLibraryFlags.LoadAsDataFile); IntPtr procAddress = Kernel32.GetProcAddress(hModule, function); if (hModule == IntPtr.Zero || procAddress == IntPtr.Zero) { return(false); } IntPtr remoteThread = Kernel32.CreateRemoteThread(pid, procAddress, param, CreateThreadFlags.RunImmediately); if (remoteThread != IntPtr.Zero) { int num = (int)Kernel32.WaitForSingleObject(remoteThread, uint.MaxValue); } return(remoteThread != IntPtr.Zero); }