Here are the examples of the csharp api System.Runtime.InteropServices.Marshal.GetDelegateForFunctionPointer(System.IntPtr, System.Type) taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.
1627 Examples
19
View Source File : TestGame.cs
License : Microsoft Public License
Project Creator : 0x0ade
License : Microsoft Public License
Project Creator : 0x0ade
private T GetDelegate<T>(IntPtr ptr) where T : clreplaced
{
if (ptr == IntPtr.Zero)
return null;
return Marshal.GetDelegateForFunctionPointer(ptr, typeof(T)) as T;
}
19
View Source File : PInvokeHooks.cs
License : zlib License
Project Creator : 0x0ade
License : zlib License
Project Creator : 0x0ade
public static IntPtr CallWindowProc(IntPtr lpPrevWndFunc, IntPtr hWnd, uint Msg, IntPtr wParam, IntPtr lParam) {
if (lpPrevWndFunc == IntPtr.Zero)
return IntPtr.Zero;
return (IntPtr) Marshal.GetDelegateForFunctionPointer(lpPrevWndFunc, typeof(MulticastDelegate))
.DynamicInvoke(hWnd, Msg, wParam, lParam);
}
19
View Source File : X86Assembly.cs
License : MIT License
Project Creator : 20chan
License : MIT License
Project Creator : 20chan
public static Delegate CompileMachineCode(byte[] codes, out IntPtr buffer, Type delegateType = null)
{
buffer = WinAPI.VirtualAlloc(IntPtr.Zero, (uint)codes.Length, WinAPI.AllocationType.Commit | WinAPI.AllocationType.Reserve, WinAPI.MemoryProtection.ExecuteReadWrite);
Marshal.Copy(codes, 0, buffer, codes.Length);
return Marshal.GetDelegateForFunctionPointer(buffer, delegateType ?? typeof(IntDelegate));
}
19
View Source File : UnmanagedLibrary.cs
License : Mozilla Public License 2.0
Project Creator : agebullhu
License : Mozilla Public License 2.0
Project Creator : agebullhu
public TDelegate GetUnmanagedFunction<TDelegate>(string functionName) where TDelegate : clreplaced
{
IntPtr p = Platform.LoadProcedure(_handle, functionName);
if (p == IntPtr.Zero)
{
throw new MissingMethodException("Unable to find function '" + functionName + "' in dynamically loaded library.");
}
// Ideally, we'd just make the constraint on TDelegate be
// System.Delegate, but compiler error CS0702 (constrained can't be System.Delegate)
// prevents that. So we make the constraint system.object and do the cast from object-->TDelegate.
return (TDelegate)(object)Marshal.GetDelegateForFunctionPointer(p, typeof(TDelegate));
}
19
View Source File : Opcode.cs
License : MIT License
Project Creator : AlexGyver
License : MIT License
Project Creator : AlexGyver
public static void Open() {
int p = (int)Environment.OSVersion.Platform;
byte[] rdtscCode;
byte[] cpuidCode;
if (IntPtr.Size == 4) {
rdtscCode = RDTSC_32;
cpuidCode = CPUID_32;
} else {
rdtscCode = RDTSC_64;
if ((p == 4) || (p == 128)) { // Unix
cpuidCode = CPUID_64_LINUX;
} else { // Windows
cpuidCode = CPUID_64_WINDOWS;
}
}
size = (ulong)(rdtscCode.Length + cpuidCode.Length);
if ((p == 4) || (p == 128)) { // Unix
replacedembly replacedembly =
replacedembly.Load("Mono.Posix, Version=2.0.0.0, Culture=neutral, " +
"PublicKeyToken=0738eb9f132ed756");
Type syscall = replacedembly.GetType("Mono.Unix.Native.Syscall");
MethodInfo mmap = syscall.GetMethod("mmap");
Type mmapProts = replacedembly.GetType("Mono.Unix.Native.MmapProts");
object mmapProtsParam = Enum.ToObject(mmapProts,
(int)mmapProts.GetField("PROT_READ").GetValue(null) |
(int)mmapProts.GetField("PROT_WRITE").GetValue(null) |
(int)mmapProts.GetField("PROT_EXEC").GetValue(null));
Type mmapFlags = replacedembly.GetType("Mono.Unix.Native.MmapFlags");
object mmapFlagsParam = Enum.ToObject(mmapFlags,
(int)mmapFlags.GetField("MAP_ANONYMOUS").GetValue(null) |
(int)mmapFlags.GetField("MAP_PRIVATE").GetValue(null));
codeBuffer = (IntPtr)mmap.Invoke(null, new object[] { IntPtr.Zero,
size, mmapProtsParam, mmapFlagsParam, -1, 0 });
} else { // Windows
codeBuffer = NativeMethods.VirtualAlloc(IntPtr.Zero,
(UIntPtr)size, AllocationType.COMMIT | AllocationType.RESERVE,
MemoryProtection.EXECUTE_READWRITE);
}
Marshal.Copy(rdtscCode, 0, codeBuffer, rdtscCode.Length);
Rdtsc = Marshal.GetDelegateForFunctionPointer(
codeBuffer, typeof(RdtscDelegate)) as RdtscDelegate;
IntPtr cpuidAddress = (IntPtr)((long)codeBuffer + rdtscCode.Length);
Marshal.Copy(cpuidCode, 0, cpuidAddress, cpuidCode.Length);
Cpuid = Marshal.GetDelegateForFunctionPointer(
cpuidAddress, typeof(CpuidDelegate)) as CpuidDelegate;
}
19
View Source File : NVAPI.cs
License : MIT License
Project Creator : AlexGyver
License : MIT License
Project Creator : AlexGyver
private static void GetDelegate<T>(uint id, out T newDelegate)
where T : clreplaced {
IntPtr ptr = nvapi_QueryInterface(id);
if (ptr != IntPtr.Zero) {
newDelegate =
Marshal.GetDelegateForFunctionPointer(ptr, typeof(T)) as T;
} else {
newDelegate = null;
}
}
19
View Source File : common.cs
License : MIT License
Project Creator : allisterb
License : MIT License
Project Creator : allisterb
public static global::IntelMKL.XerblaEntry MklSetXerbla(global::IntelMKL.XerblaEntry xerbla)
{
var __arg0 = xerbla == null ? global::System.IntPtr.Zero : Marshal.GetFunctionPointerForDelegate(xerbla);
var __ret = __Internal.MklSetXerbla(__arg0);
var __ptr0 = __ret;
return __ptr0 == IntPtr.Zero ? null : (global::IntelMKL.XerblaEntry)Marshal.GetDelegateForFunctionPointer(__ptr0, typeof(global::IntelMKL.XerblaEntry));
}
19
View Source File : common.cs
License : MIT License
Project Creator : allisterb
License : MIT License
Project Creator : allisterb
public static global::IntelMKL.ProgressEntry MklSetProgress(global::IntelMKL.ProgressEntry progress)
{
var __arg0 = progress == null ? global::System.IntPtr.Zero : Marshal.GetFunctionPointerForDelegate(progress);
var __ret = __Internal.MklSetProgress(__arg0);
var __ptr0 = __ret;
return __ptr0 == IntPtr.Zero ? null : (global::IntelMKL.ProgressEntry)Marshal.GetDelegateForFunctionPointer(__ptr0, typeof(global::IntelMKL.ProgressEntry));
}
19
View Source File : UnmangedLibrary.cs
License : GNU General Public License v3.0
Project Creator : AndreiFedarets
License : GNU General Public License v3.0
Project Creator : AndreiFedarets
public T GetFunction<T>(string functionName) where T : clreplaced
{
IntPtr procedurePointer = Kernel32.GetProcAddress(Library, functionName);
if (procedurePointer == IntPtr.Zero)
{
return null;
}
Delegate procedure = Marshal.GetDelegateForFunctionPointer(procedurePointer, typeof(T));
object procedureObject = procedure;
return (T)procedureObject;
}
19
View Source File : DemoCommandPluginNet.cs
License : MIT License
Project Creator : aniskop
License : MIT License
Project Creator : aniskop
[DllExport("RegisterCallback", CallingConvention = CallingConvention.Cdecl)]
public static void RegisterCallback(int index, IntPtr function)
{
if (index == COMMAND_FEEDBACK_CALLBACK)
{
commandFeedbackCallback = (IdeCommandFeedback)Marshal.GetDelegateForFunctionPointer(function, typeof(IdeCommandFeedback));
}
}
19
View Source File : DemoPlugin.cs
License : MIT License
Project Creator : aniskop
License : MIT License
Project Creator : aniskop
[DllExport("RegisterCallback", CallingConvention = CallingConvention.Cdecl)]
public static void RegisterCallback(int index, IntPtr function)
{
switch (index)
{
case CREATE_WINDOW_CALLBACK:
createWindowCallback = (IdeCreateWindow)Marshal.GetDelegateForFunctionPointer(function, typeof(IdeCreateWindow));
break;
case SET_TEXT_CALLBACK:
setTextCallback = (IdeSetText)Marshal.GetDelegateForFunctionPointer(function, typeof(IdeSetText));
break;
}
}
19
View Source File : VPOManager.cs
License : GNU General Public License v3.0
Project Creator : anotak
License : GNU General Public License v3.0
Project Creator : anotak
private void ProcessingThread(object index)
{
// Get function pointers
VPO_GetError GetError = (VPO_GetError)Marshal.GetDelegateForFunctionPointer(GetProcAddress(dlls[(int)index], "VPO_GetError"), typeof(VPO_GetError));
VPO_LoadWAD LoadWAD = (VPO_LoadWAD)Marshal.GetDelegateForFunctionPointer(GetProcAddress(dlls[(int)index], "VPO_LoadWAD"), typeof(VPO_LoadWAD));
VPO_OpenMap OpenMap = (VPO_OpenMap)Marshal.GetDelegateForFunctionPointer(GetProcAddress(dlls[(int)index], "VPO_OpenMap"), typeof(VPO_OpenMap));
VPO_FreeWAD FreeWAD = (VPO_FreeWAD)Marshal.GetDelegateForFunctionPointer(GetProcAddress(dlls[(int)index], "VPO_FreeWAD"), typeof(VPO_FreeWAD));
VPO_CloseMap CloseMap = (VPO_CloseMap)Marshal.GetDelegateForFunctionPointer(GetProcAddress(dlls[(int)index], "VPO_CloseMap"), typeof(VPO_CloseMap));
VPO_OpenDoorSectors OpenDoors = (VPO_OpenDoorSectors)Marshal.GetDelegateForFunctionPointer(GetProcAddress(dlls[(int)index], "VPO_OpenDoorSectors"), typeof(VPO_OpenDoorSectors)); //mxd
VPO_TestSpot TestSpot = (VPO_TestSpot)Marshal.GetDelegateForFunctionPointer(GetProcAddress(dlls[(int)index], "VPO_TestSpot"), typeof(VPO_TestSpot));
try
{
// Load the map
bool isHexen = General.Map.HEXEN;
if (LoadWAD(filename) != 0)
{
throw new Exception("VPO is unable to read this file: " + GetError());
}
if(OpenMap(mapname, ref isHexen) != 0) throw new Exception("VPO is unable to open this map: " + GetError());
OpenDoors(BuilderPlug.InterfaceForm.OpenDoors ? 1 : -1); //mxd
// Processing
Queue<TilePoint> todo = new Queue<TilePoint>(POINTS_PER_ITERATION);
Queue<PointData> done = new Queue<PointData>(POINTS_PER_ITERATION);
while(true)
{
lock(points)
{
// Flush done points to the results
int numdone = done.Count;
for(int i = 0; i < numdone; i++)
results.Enqueue(done.Dequeue());
// Get points from the waiting queue into my todo queue for processing
int numtodo = Math.Min(POINTS_PER_ITERATION, points.Count);
for(int i = 0; i < numtodo; i++)
todo.Enqueue(points.Dequeue());
}
// Don't keep locking!
if(todo.Count == 0)
Thread.Sleep(31);
// Process the points
while(todo.Count > 0)
{
TilePoint p = todo.Dequeue();
PointData pd = new PointData();
pd.point = p;
for(int i = 0; i < TEST_ANGLES.Length; i++)
{
pd.result = (PointResult)TestSpot(p.x, p.y, TEST_HEIGHT, TEST_ANGLES[i],
ref pd.visplanes, ref pd.drawsegs, ref pd.openings, ref pd.solidsegs);
}
done.Enqueue(pd);
}
}
}
catch(ThreadInterruptedException)
{
}
finally
{
CloseMap();
FreeWAD();
}
}
19
View Source File : UnmanagedLibrary.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : anoyetta
License : BSD 3-Clause "New" or "Revised" License
Project Creator : anoyetta
public TDelegate GetUnmanagedFunction<TDelegate>(string functionName)
where TDelegate : clreplaced
{
IntPtr p = NativeMethod.GetProcAddress(m_hLibrary, functionName);
// Failure is a common case, especially for adaptive code.
if (p == IntPtr.Zero)
{
return null;
}
Delegate function = Marshal.GetDelegateForFunctionPointer(
p, typeof(TDelegate));
// Ideally, we'd just make the constraint on TDelegate be
// System.Delegate, but compiler error CS0702
// (constrained can't be System.Delegate)
// prevents that. So we make the constraint system.object and do the
// cast from object-->TDelegate.
object o = function;
return (TDelegate)o;
}
19
View Source File : DLLFromMemory.cs
License : MIT License
Project Creator : arsium
License : MIT License
Project Creator : arsium
void MemoryLoadLibrary(byte[] data)
{
if (data.Length < Marshal.SizeOf(typeof(IMAGE_DOS_HEADER))) throw new DllException("Not a valid executable file");
IMAGE_DOS_HEADER DosHeader = BytesReadStructAt<IMAGE_DOS_HEADER>(data, 0);
if (DosHeader.e_magic != Win.IMAGE_DOS_SIGNATURE) throw new BadImageFormatException("Not a valid executable file");
if (data.Length < DosHeader.e_lfanew + Marshal.SizeOf(typeof(IMAGE_NT_HEADERS))) throw new DllException("Not a valid executable file");
IMAGE_NT_HEADERS OrgNTHeaders = BytesReadStructAt<IMAGE_NT_HEADERS>(data, DosHeader.e_lfanew);
if (OrgNTHeaders.Signature != Win.IMAGE_NT_SIGNATURE) throw new BadImageFormatException("Not a valid PE file");
if (OrgNTHeaders.FileHeader.Machine != GetMachineType()) throw new BadImageFormatException("Machine type doesn't fit (i386 vs. AMD64)");
if ((OrgNTHeaders.OptionalHeader.SectionAlignment & 1) > 0) throw new BadImageFormatException("Wrong section alignment"); //Only support multiple of 2
if (OrgNTHeaders.OptionalHeader.AddressOfEntryPoint == 0) throw new DllException("Module has no entry point");
SYSTEM_INFO systemInfo;
Win.GetNativeSystemInfo(out systemInfo);
uint lastSectionEnd = 0;
int ofSection = Win.IMAGE_FIRST_SECTION(DosHeader.e_lfanew, OrgNTHeaders.FileHeader.SizeOfOptionalHeader);
for (int i = 0; i != OrgNTHeaders.FileHeader.NumberOfSections; i++, ofSection += Sz.IMAGE_SECTION_HEADER)
{
IMAGE_SECTION_HEADER Section = BytesReadStructAt<IMAGE_SECTION_HEADER>(data, ofSection);
uint endOfSection = Section.VirtualAddress + (Section.SizeOfRawData > 0 ? Section.SizeOfRawData : OrgNTHeaders.OptionalHeader.SectionAlignment);
if (endOfSection > lastSectionEnd) lastSectionEnd = endOfSection;
}
uint alignedImageSize = AlignValueUp(OrgNTHeaders.OptionalHeader.SizeOfImage, systemInfo.dwPageSize);
uint alignedLastSection = AlignValueUp(lastSectionEnd, systemInfo.dwPageSize);
if (alignedImageSize != alignedLastSection) throw new BadImageFormatException("Wrong section alignment");
IntPtr oldHeader_OptionalHeader_ImageBase;
if (Is64BitProcess) oldHeader_OptionalHeader_ImageBase = (IntPtr)unchecked((long)(OrgNTHeaders.OptionalHeader.ImageBaseLong));
else oldHeader_OptionalHeader_ImageBase = (IntPtr)unchecked((int)(OrgNTHeaders.OptionalHeader.ImageBaseLong>>32));
// reserve memory for image of library
pCode = Win.VirtualAlloc(oldHeader_OptionalHeader_ImageBase, (UIntPtr)OrgNTHeaders.OptionalHeader.SizeOfImage, AllocationType.RESERVE | AllocationType.COMMIT, MemoryProtection.READWRITE);
//pCode = IntPtr.Zero; //test relocation with this
// try to allocate memory at arbitrary position
if (pCode == IntPtr.Zero) pCode = Win.VirtualAlloc(IntPtr.Zero, (UIntPtr)OrgNTHeaders.OptionalHeader.SizeOfImage, AllocationType.RESERVE | AllocationType.COMMIT, MemoryProtection.READWRITE);
if (pCode == IntPtr.Zero) throw new DllException("Out of Memory");
if (Is64BitProcess && PtrSpanBoundary(pCode, alignedImageSize, 32))
{
// Memory block may not span 4 GB (32 bit) boundaries.
System.Collections.Generic.List<IntPtr> BlockedMemory = new System.Collections.Generic.List<IntPtr>();
while (PtrSpanBoundary(pCode, alignedImageSize, 32))
{
BlockedMemory.Add(pCode);
pCode = Win.VirtualAlloc(IntPtr.Zero, (UIntPtr)alignedImageSize, AllocationType.RESERVE | AllocationType.COMMIT, MemoryProtection.READWRITE);
if (pCode == IntPtr.Zero) break;
}
foreach (IntPtr ptr in BlockedMemory) Win.VirtualFree(ptr, IntPtr.Zero, AllocationType.RELEASE);
if (pCode == IntPtr.Zero) throw new DllException("Out of Memory");
}
// commit memory for headers
IntPtr headers = Win.VirtualAlloc(pCode, (UIntPtr)OrgNTHeaders.OptionalHeader.SizeOfHeaders, AllocationType.COMMIT, MemoryProtection.READWRITE);
if (headers == IntPtr.Zero) throw new DllException("Out of Memory");
// copy PE header to code
Marshal.Copy(data, 0, headers, (int)(OrgNTHeaders.OptionalHeader.SizeOfHeaders));
pNTHeaders = PtrAdd(headers, DosHeader.e_lfanew);
IntPtr locationDelta = PtrSub(pCode, oldHeader_OptionalHeader_ImageBase);
if (locationDelta != IntPtr.Zero)
{
// update relocated position
Marshal.OffsetOf(typeof(IMAGE_NT_HEADERS), "OptionalHeader");
Marshal.OffsetOf(typeof(IMAGE_OPTIONAL_HEADER), "ImageBaseLong");
IntPtr pImageBase = PtrAdd(pNTHeaders, Of.IMAGE_NT_HEADERS_OptionalHeader + (Is64BitProcess ? Of64.IMAGE_OPTIONAL_HEADER_ImageBase : Of32.IMAGE_OPTIONAL_HEADER_ImageBase));
PtrWrite(pImageBase, pCode);
}
// copy sections from DLL file block to new memory location
CopySections(ref OrgNTHeaders, pCode, pNTHeaders, data);
// adjust base address of imported data
_isRelocated = (locationDelta != IntPtr.Zero ? PerformBaseRelocation(ref OrgNTHeaders, pCode, locationDelta) : true);
// load required dlls and adjust function table of imports
ImportModules = BuildImportTable(ref OrgNTHeaders, pCode);
// mark memory pages depending on section headers and release
// sections that are marked as "discardable"
FinalizeSections(ref OrgNTHeaders, pCode, pNTHeaders, systemInfo.dwPageSize);
// TLS callbacks are executed BEFORE the main loading
ExecuteTLS(ref OrgNTHeaders, pCode, pNTHeaders);
// get entry point of loaded library
IsDll = ((OrgNTHeaders.FileHeader.Characteristics & Win.IMAGE_FILE_DLL) != 0);
if (OrgNTHeaders.OptionalHeader.AddressOfEntryPoint != 0)
{
if (IsDll)
{
// notify library about attaching to process
IntPtr dllEntryPtr = PtrAdd(pCode, OrgNTHeaders.OptionalHeader.AddressOfEntryPoint);
_dllEntry = (DllEntryDelegate)Marshal.GetDelegateForFunctionPointer(dllEntryPtr, typeof(DllEntryDelegate));
_initialized = (_dllEntry != null && _dllEntry(pCode, DllReason.DLL_PROCESS_ATTACH, IntPtr.Zero));
if (!_initialized) throw new DllException("Can't attach DLL to process");
}
else
{
IntPtr exeEntryPtr = PtrAdd(pCode, OrgNTHeaders.OptionalHeader.AddressOfEntryPoint);
_exeEntry = (ExeEntryDelegate)Marshal.GetDelegateForFunctionPointer(exeEntryPtr, typeof(ExeEntryDelegate));
}
}
}
19
View Source File : DLLFromMemory.cs
License : MIT License
Project Creator : arsium
License : MIT License
Project Creator : arsium
static void ExecuteTLS(ref IMAGE_NT_HEADERS OrgNTHeaders, IntPtr pCode, IntPtr pNTHeaders)
{
if (OrgNTHeaders.OptionalHeader.TLSTable.VirtualAddress == 0) return;
IMAGE_TLS_DIRECTORY tlsDir = PtrRead<IMAGE_TLS_DIRECTORY>(PtrAdd(pCode, OrgNTHeaders.OptionalHeader.TLSTable.VirtualAddress));
IntPtr pCallBack = tlsDir.AddressOfCallBacks;
if (pCallBack != IntPtr.Zero)
{
for (IntPtr Callback; (Callback = PtrRead<IntPtr>(pCallBack)) != IntPtr.Zero; pCallBack = PtrAdd(pCallBack, IntPtr.Size))
{
ImageTlsDelegate tls = (ImageTlsDelegate)Marshal.GetDelegateForFunctionPointer(Callback, typeof(ImageTlsDelegate));
tls(pCode, DllReason.DLL_PROCESS_ATTACH, IntPtr.Zero);
}
}
}
19
View Source File : ShellCodeLoader.cs
License : MIT License
Project Creator : arsium
License : MIT License
Project Creator : arsium
private void Kernel32Delegates()
{
IntPtr ExportedVirtualAlloc = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.KERNEL32), "VirtualAlloc");
Imports.Delegates.VirtualAlloc VirtualAlloc = (Imports.Delegates.VirtualAlloc)Marshal.GetDelegateForFunctionPointer(ExportedVirtualAlloc, typeof(Imports.Delegates.VirtualAlloc));
this.ptr = VirtualAlloc(IntPtr.Zero, (IntPtr)ShellCode.Length, Imports.TypeAlloc.MEM_COMMIT | Imports.TypeAlloc.MEM_RESERVE, Imports.PageProtection.PAGE_EXECUTE_READWRITE);
UIntPtr writtenBytes;
IntPtr ExportedWriteProcessMemory = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.KERNEL32), "WriteProcessMemory");
Imports.Delegates.WriteProcessMemory WriteProcessMemory = (Imports.Delegates.WriteProcessMemory)Marshal.GetDelegateForFunctionPointer(ExportedWriteProcessMemory, typeof(Imports.Delegates.WriteProcessMemory));
WriteProcessMemory(Imports.GetCurrentProcess(), ptr, ShellCode, (UIntPtr)ShellCode.Length, out writtenBytes);
Imports.PageProtection flOld;
IntPtr ExportedVirtualProtect = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.KERNEL32), "VirtualProtect");
Imports.Delegates.VirtualProtect VirtualProtect = (Imports.Delegates.VirtualProtect)Marshal.GetDelegateForFunctionPointer(ExportedVirtualProtect, typeof(Imports.Delegates.VirtualProtect));
VirtualProtect(ptr, RegionSize, Imports.PageProtection.PAGE_EXECUTE_READ, out flOld);
ShellCodeCaller load = (ShellCodeCaller)Marshal.GetDelegateForFunctionPointer(ptr, typeof(ShellCodeCaller));
load();
IntPtr ExportedVirtualFree = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.KERNEL32), "VirtualFree");
Imports.Delegates.VirtualFree VirtualFree = (Imports.Delegates.VirtualFree)Marshal.GetDelegateForFunctionPointer(ExportedVirtualFree, typeof(Imports.Delegates.VirtualFree));
Imports.VirtualFree(ptr, (uint)0, Imports.FreeType.MEM_RELEASE);
}
19
View Source File : DLLFromMemory.cs
License : MIT License
Project Creator : arsium
License : MIT License
Project Creator : arsium
public TDelegate GetDelegateFromFuncName<TDelegate>(string funcName) where TDelegate : clreplaced
{
if (!typeof(Delegate).IsreplacedignableFrom(typeof(TDelegate))) throw new ArgumentException(typeof(TDelegate).Name + " is not a delegate");
TDelegate res = Marshal.GetDelegateForFunctionPointer((IntPtr)GetPtrFromFuncName(funcName), typeof(TDelegate)) as TDelegate;
if (res == null) throw new DllException("Unable to get managed delegate");
return res;
}
19
View Source File : DLLFromMemory.cs
License : MIT License
Project Creator : arsium
License : MIT License
Project Creator : arsium
public Delegate GetDelegateFromFuncName(string funcName, Type delegateType)
{
if (delegateType == null) throw new ArgumentNullException("delegateType");
if (!typeof(Delegate).IsreplacedignableFrom(delegateType)) throw new ArgumentException(delegateType.Name + " is not a delegate");
Delegate res = Marshal.GetDelegateForFunctionPointer(GetPtrFromFuncName(funcName), delegateType);
if (res == null) throw new DllException("Unable to get managed delegate");
return res;
}
19
View Source File : ShellCodeLoader.cs
License : MIT License
Project Creator : arsium
License : MIT License
Project Creator : arsium
private void Kernel32()
{
this.ptr = Imports.VirtualAlloc(IntPtr.Zero, (IntPtr)ShellCode.Length, Imports.TypeAlloc.MEM_COMMIT | Imports.TypeAlloc.MEM_RESERVE, Imports.PageProtection.PAGE_EXECUTE_READWRITE);
UIntPtr writtenBytes;
Imports.WriteProcessMemory(Imports.GetCurrentProcess(), ptr, ShellCode, (UIntPtr)ShellCode.Length, out writtenBytes);
Imports.PageProtection flOld;
Imports.VirtualProtect(ptr, RegionSize, Imports.PageProtection.PAGE_EXECUTE_READ, out flOld);
ShellCodeCaller load = (ShellCodeCaller)Marshal.GetDelegateForFunctionPointer(ptr, typeof(ShellCodeCaller));
load();
Imports.VirtualFree(ptr, (uint)0, Imports.FreeType.MEM_RELEASE);
}
19
View Source File : ShellCodeLoader.cs
License : MIT License
Project Creator : arsium
License : MIT License
Project Creator : arsium
private void NTDelegates()
{
IntPtr ExportedNtAllocateVirtualMemory = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.NTDLL), "NtAllocateVirtualMemory");
Imports.Delegates.NtAllocateVirtualMemory NtAllocateVirtualMemory = (Imports.Delegates.NtAllocateVirtualMemory)Marshal.GetDelegateForFunctionPointer(ExportedNtAllocateVirtualMemory, typeof(Imports.Delegates.NtAllocateVirtualMemory));
NtAllocateVirtualMemory(Imports.GetCurrentProcess(), ref ptr, IntPtr.Zero, ref RegionSize, Imports.TypeAlloc.MEM_COMMIT | Imports.TypeAlloc.MEM_RESERVE, Imports.PageProtection.PAGE_EXECUTE_READWRITE);
UIntPtr bytesWritten;
IntPtr ExportedNtWriteVirtualMemory = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.NTDLL), "NtWriteVirtualMemory");
Imports.Delegates.NtWriteVirtualMemory NtWriteVirtualMemory = (Imports.Delegates.NtWriteVirtualMemory)Marshal.GetDelegateForFunctionPointer(ExportedNtWriteVirtualMemory, typeof(Imports.Delegates.NtWriteVirtualMemory));
NtWriteVirtualMemory(Imports.GetCurrentProcess(), ptr, ShellCode, (UIntPtr)ShellCode.Length, out bytesWritten);
Imports.PageProtection flOld = new Imports.PageProtection();
IntPtr ExportedNtProtectVirtualMemory = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.NTDLL), "NtProtectVirtualMemory");
Imports.Delegates.NtProtectVirtualMemory NtProtectVirtualMemory = (Imports.Delegates.NtProtectVirtualMemory)Marshal.GetDelegateForFunctionPointer(ExportedNtProtectVirtualMemory, typeof(Imports.Delegates.NtProtectVirtualMemory));
NtProtectVirtualMemory(Imports.GetCurrentProcess(), ref ptr, ref RegionSize, Imports.PageProtection.PAGE_EXECUTE_READ, ref flOld);
ShellCodeCaller load = (ShellCodeCaller)Marshal.GetDelegateForFunctionPointer(ptr, typeof(ShellCodeCaller));
load();
IntPtr ExportedNtFreeVirtualMemory = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.NTDLL), "NtFreeVirtualMemory");
Imports.Delegates.NtFreeVirtualMemory NtFreeVirtualMemory = (Imports.Delegates.NtFreeVirtualMemory)Marshal.GetDelegateForFunctionPointer(ExportedNtFreeVirtualMemory, typeof(Imports.Delegates.NtFreeVirtualMemory));
NtFreeVirtualMemory(Imports.GetCurrentProcess(), ref ptr, ref RegionSize, Imports.FreeType.MEM_RELEASE);
}
19
View Source File : Program.cs
License : MIT License
Project Creator : atredispartners
License : MIT License
Project Creator : atredispartners
private static void LoadProxyStubsForCollectorService()
{
var intPtr = NativeMethods.LoadLibraryEx(Environment.Is64BitProcess
? @"C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Proxy.dll"
: @"C:\Windows\SysWOW64\DiagSvcs\DiagnosticsHub.StandardCollector.Proxy.dll",
IntPtr.Zero, 0);
if (intPtr == IntPtr.Zero)
throw new Exception("Invalid proxy dll pointer");
var procAddress = NativeMethods.GetProcAddress(intPtr, "ManualRegisterInterfaces");
if (procAddress == IntPtr.Zero)
throw new Exception("Invalid ManualRegisterInterfaces pointer");
var manualRegisterInterfacesDelegate = (ManualRegisterInterfacesDelegate)Marshal.GetDelegateForFunctionPointer(procAddress, typeof(ManualRegisterInterfacesDelegate));
Marshal.ThrowExceptionForHR(manualRegisterInterfacesDelegate());
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS NtCreateFile10(out Microsoft.Win32.SafeHandles.SafeFileHandle fileHandle,
Int32 desiredAccess,
ref OBJECT_ATTRIBUTES objectAttributes,
out IO_STATUS_BLOCK ioStatusBlock,
ref Int64 allocationSize,
UInt32 fileAttributes,
System.IO.FileShare shareAccess,
UInt32 createDisposition,
UInt32 createOptions,
IntPtr eaBuffer,
UInt32 eaLength)
{
byte[] syscall = bNtCreateFile10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.NtCreateFile myreplacedemblyFunction = (Delegates.NtCreateFile)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtCreateFile));
return (NTSTATUS)myreplacedemblyFunction(out fileHandle,
desiredAccess,
ref objectAttributes,
out ioStatusBlock,
ref allocationSize,
fileAttributes,
shareAccess,
createDisposition,
createOptions,
eaBuffer,
eaLength);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwCreateSection10(ref IntPtr section, uint desiredAccess, IntPtr pAttrs, ref LARGE_INTEGER pMaxSize, uint pageProt, uint allocationAttribs, IntPtr hFile)
{
byte[] syscall = bZwCreateSection10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwCreateSection myreplacedemblyFunction = (Delegates.ZwCreateSection)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwCreateSection));
return (NTSTATUS)myreplacedemblyFunction(out section, desiredAccess, pAttrs, ref pMaxSize, pageProt, allocationAttribs, hFile);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwOpenProcess10(ref IntPtr hProcess, ProcessAccessFlags processAccess, OBJECT_ATTRIBUTES objAttribute, ref CLIENT_ID clientid)
{
byte[] syscall = bZwOpenProcess10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwOpenProcess myreplacedemblyFunction = (Delegates.ZwOpenProcess)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwOpenProcess));
return (NTSTATUS)myreplacedemblyFunction(out hProcess, processAccess, objAttribute, ref clientid);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwClose10(IntPtr handle)
{
byte[] syscall = bZwClose10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwClose myreplacedemblyFunction = (Delegates.ZwClose)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwClose));
return (NTSTATUS)myreplacedemblyFunction(handle);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwWriteVirtualMemory10(IntPtr hProcess, ref IntPtr lpBaseAddress, IntPtr lpBuffer, uint nSize, ref IntPtr lpNumberOfBytesWritten)
{
byte[] syscall = bZwWriteVirtualMemory10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwWriteVirtualMemory myreplacedemblyFunction = (Delegates.ZwWriteVirtualMemory)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwWriteVirtualMemory));
return (NTSTATUS)myreplacedemblyFunction(hProcess, lpBaseAddress, lpBuffer, nSize, ref lpNumberOfBytesWritten);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwProtectVirtualMemory10(IntPtr hProcess, ref IntPtr lpBaseAddress, ref uint NumberOfBytesToProtect, uint NewAccessProtection, ref uint lpNumberOfBytesWritten)
{
byte[] syscall = bZwProtectVirtualMemory10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwProtectVirtualMemory myreplacedemblyFunction = (Delegates.ZwProtectVirtualMemory)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwProtectVirtualMemory));
return (NTSTATUS)myreplacedemblyFunction(hProcess, ref lpBaseAddress, ref NumberOfBytesToProtect, NewAccessProtection, ref lpNumberOfBytesWritten);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwQuerySystemInformation10(SYSTEM_INFORMATION_CLreplaced SystemInformationClreplaced, IntPtr SystemInformation, uint SystemInformationLength, ref uint ReturnLength)
{
byte[] syscall = bZwQuerySystemInformation10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwQuerySystemInformation myreplacedemblyFunction = (Delegates.ZwQuerySystemInformation)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwQuerySystemInformation));
return (NTSTATUS)myreplacedemblyFunction(SystemInformationClreplaced, SystemInformation, SystemInformationLength, ref ReturnLength);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS NtAllocateVirtualMemory10(IntPtr hProcess, ref IntPtr BaseAddress, IntPtr ZeroBits, ref IntPtr RegionSize, ulong AllocationType, ulong Protect)
{
byte[] syscall = bNtAllocateVirtualMemory10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.NtAllocateVirtualMemory myreplacedemblyFunction = (Delegates.NtAllocateVirtualMemory)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtAllocateVirtualMemory));
return (NTSTATUS)myreplacedemblyFunction(hProcess, ref BaseAddress, ZeroBits, ref RegionSize, AllocationType, Protect);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS NtFreeVirtualMemory10(IntPtr hProcess, ref IntPtr BaseAddress, ref uint RegionSize, ulong FreeType)
{
byte[] syscall = bNtFreeVirtualMemory10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.NtFreeVirtualMemory myreplacedemblyFunction = (Delegates.NtFreeVirtualMemory)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtFreeVirtualMemory));
return (NTSTATUS)myreplacedemblyFunction(hProcess, ref BaseAddress, ref RegionSize, FreeType);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwResumeThread10(IntPtr hThread, out ulong PreviousSuspendCount)
{
byte[] syscall = bZwResumeThread10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwResumeThread myreplacedemblyFunction = (Delegates.ZwResumeThread)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwResumeThread));
return (NTSTATUS)myreplacedemblyFunction( hThread, out PreviousSuspendCount);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwSetInformationThread10(IntPtr hThread, uint ThreadInformationClreplaced, IntPtr ThreadInformation, ulong ThreadInformationLength)
{
byte[] syscall = bZwSetInformationThread10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwSetInformationThread myreplacedemblyFunction = (Delegates.ZwSetInformationThread)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwSetInformationThread));
return (NTSTATUS)myreplacedemblyFunction( hThread, ThreadInformationClreplaced, ThreadInformation, ThreadInformationLength);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwQueueApcThread10(IntPtr hThread, IntPtr pfnAPC, IntPtr dwData)
{
byte[] syscall = bZwQueueApcThread10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwQueueApcThread myreplacedemblyFunction = (Delegates.ZwQueueApcThread)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwQueueApcThread));
return (NTSTATUS)myreplacedemblyFunction( hThread, pfnAPC, dwData);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwUnmapViewOfSection10(IntPtr hSection, IntPtr address)
{
byte[] syscall = bZwUnmapViewOfSection10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwUnMapViewOfSection myreplacedemblyFunction = (Delegates.ZwUnMapViewOfSection)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwUnMapViewOfSection));
return (NTSTATUS)myreplacedemblyFunction( hSection, address);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwMapViewOfSection10(IntPtr section, IntPtr process, ref IntPtr baseAddr, IntPtr zeroBits, IntPtr commitSize, IntPtr stuff, ref IntPtr viewSize, int inheritDispo, uint alloctype, uint protect)
{
byte[] syscall = bZwMapViewOfSection10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwMapViewOfSection myreplacedemblyFunction = (Delegates.ZwMapViewOfSection)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwMapViewOfSection));
return (NTSTATUS)myreplacedemblyFunction( section, process, ref baseAddr, zeroBits, commitSize, stuff, ref viewSize, inheritDispo, alloctype, protect);
}
}
}
19
View Source File : Natives.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static UInt32 LdrLoadDll(IntPtr PathToFile, UInt32 dwFlags, ref Natives.UNICODE_STRING ModuleFileName, ref IntPtr ModuleHandle)
{
IntPtr proc = GetProcAddress(GetNtDll(), "LdrLoadDll");
NativeSysCall.Delegates.LdrLoadDll LdrLoadDll = (NativeSysCall.Delegates.LdrLoadDll)Marshal.GetDelegateForFunctionPointer(proc, typeof(NativeSysCall.Delegates.LdrLoadDll));
return (uint)LdrLoadDll(PathToFile, dwFlags, ref ModuleFileName, ref ModuleHandle);
}
19
View Source File : Natives.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static bool ReadFile(IntPtr hFile, [Out] byte[] lpBuffer, uint nNumberOfBytesToRead, out uint lpNumberOfBytesRead, IntPtr lpOverlapped)
{
IntPtr proc = GetProcAddress(GetKernelbase(), "ReadFile");
NativeSysCall.Delegates.ReadFile ReadFile = (NativeSysCall.Delegates.ReadFile)Marshal.GetDelegateForFunctionPointer(proc, typeof(NativeSysCall.Delegates.ReadFile));
return ReadFile(hFile, lpBuffer, nNumberOfBytesToRead, out lpNumberOfBytesRead, lpOverlapped);
}
19
View Source File : Natives.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static bool VirtualProtect(IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect)
{
IntPtr proc = GetProcAddress(GetKernelbase(), "VirtualProtect");
NativeSysCall.Delegates.VirtualProtect VirtualProtect = (NativeSysCall.Delegates.VirtualProtect)Marshal.GetDelegateForFunctionPointer(proc, typeof(NativeSysCall.Delegates.VirtualProtect));
return VirtualProtect(lpAddress, dwSize, flNewProtect, out lpflOldProtect);
}
19
View Source File : Natives.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static void RtlInitUnicodeString(ref Natives.UNICODE_STRING DestinationString, [MarshalAs(UnmanagedType.LPWStr)] string SourceString)
{
IntPtr proc = GetProcAddress(GetNtDll(), "RtlInitUnicodeString");
NativeSysCall.Delegates.RtlInitUnicodeString RtlInitUnicodeString = (NativeSysCall.Delegates.RtlInitUnicodeString)Marshal.GetDelegateForFunctionPointer(proc, typeof(NativeSysCall.Delegates.RtlInitUnicodeString));
RtlInitUnicodeString(ref DestinationString, SourceString);
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwProtectVirtualMemory10(IntPtr hProcess, ref IntPtr lpBaseAddress, ref uint NumberOfBytesToProtect, uint NewAccessProtection, ref uint lpNumberOfBytesWritten)
{
byte[] syscall = bZwProtectVirtualMemory10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!Natives.VirtualProtect(memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwProtectVirtualMemory myreplacedemblyFunction = (Delegates.ZwProtectVirtualMemory)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwProtectVirtualMemory));
return (NTSTATUS)myreplacedemblyFunction(hProcess, ref lpBaseAddress, ref NumberOfBytesToProtect, NewAccessProtection, ref lpNumberOfBytesWritten);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwOpenProcess10(ref IntPtr hProcess, ProcessAccessFlags processAccess, OBJECT_ATTRIBUTES objAttribute, ref CLIENT_ID clientid)
{
byte[] syscall = bZwOpenProcess10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!Natives.VirtualProtect(memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwOpenProcess myreplacedemblyFunction = (Delegates.ZwOpenProcess)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwOpenProcess));
return (NTSTATUS)myreplacedemblyFunction(out hProcess, processAccess, objAttribute, ref clientid);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwClose10(IntPtr handle)
{
byte[] syscall = bZwClose10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!Natives.VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwClose myreplacedemblyFunction = (Delegates.ZwClose)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwClose));
return (NTSTATUS)myreplacedemblyFunction(handle);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwWriteVirtualMemory10(IntPtr hProcess, ref IntPtr lpBaseAddress, IntPtr lpBuffer, uint nSize, ref IntPtr lpNumberOfBytesWritten)
{
byte[] syscall = bZwWriteVirtualMemory10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!Natives.VirtualProtect( memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwWriteVirtualMemory myreplacedemblyFunction = (Delegates.ZwWriteVirtualMemory)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwWriteVirtualMemory));
return (NTSTATUS)myreplacedemblyFunction(hProcess, lpBaseAddress, lpBuffer, nSize, ref lpNumberOfBytesWritten);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS ZwQuerySystemInformation10(SYSTEM_INFORMATION_CLreplaced SystemInformationClreplaced, IntPtr SystemInformation, uint SystemInformationLength, ref uint ReturnLength)
{
byte[] syscall = bZwQuerySystemInformation10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!Natives.VirtualProtect(memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.ZwQuerySystemInformation myreplacedemblyFunction = (Delegates.ZwQuerySystemInformation)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.ZwQuerySystemInformation));
return (NTSTATUS)myreplacedemblyFunction(SystemInformationClreplaced, SystemInformation, SystemInformationLength, ref ReturnLength);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS NtAllocateVirtualMemory10(IntPtr hProcess, ref IntPtr BaseAddress, IntPtr ZeroBits, ref UIntPtr RegionSize, ulong AllocationType, ulong Protect)
{
byte[] syscall = bNtAllocateVirtualMemory10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!Natives.VirtualProtect(memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.NtAllocateVirtualMemory myreplacedemblyFunction = (Delegates.NtAllocateVirtualMemory)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtAllocateVirtualMemory));
return (NTSTATUS)myreplacedemblyFunction(hProcess, ref BaseAddress, ZeroBits, ref RegionSize, AllocationType, Protect);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS NtFreeVirtualMemory10(IntPtr hProcess, ref IntPtr BaseAddress, ref uint RegionSize, ulong FreeType)
{
byte[] syscall = bNtFreeVirtualMemory10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!Natives.VirtualProtect(memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.NtFreeVirtualMemory myreplacedemblyFunction = (Delegates.NtFreeVirtualMemory)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtFreeVirtualMemory));
return (NTSTATUS)myreplacedemblyFunction(hProcess, ref BaseAddress, ref RegionSize, FreeType);
}
}
}
19
View Source File : NativeSysCall.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
License : BSD 3-Clause "New" or "Revised" License
Project Creator : b4rtik
public static NTSTATUS NtCreateFile10(out Microsoft.Win32.SafeHandles.SafeFileHandle fileHandle,
Int32 desiredAccess,
ref OBJECT_ATTRIBUTES objectAttributes,
out IO_STATUS_BLOCK ioStatusBlock,
ref Int64 allocationSize,
UInt32 fileAttributes,
System.IO.FileShare shareAccess,
UInt32 createDisposition,
UInt32 createOptions,
IntPtr eaBuffer,
UInt32 eaLength)
{
byte[] syscall = bNtCreateFile10;
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!Natives.VirtualProtect(memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.NtCreateFile myreplacedemblyFunction = (Delegates.NtCreateFile)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtCreateFile));
return (NTSTATUS)myreplacedemblyFunction(out fileHandle,
desiredAccess,
ref objectAttributes,
out ioStatusBlock,
ref allocationSize,
fileAttributes,
shareAccess,
createDisposition,
createOptions,
eaBuffer,
eaLength);
}
}
}
19
View Source File : syscalls.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : badBounty
License : BSD 3-Clause "New" or "Revised" License
Project Creator : badBounty
public static NTSTATUS NtCreateSection(ref IntPtr section, uint desiredAccess, IntPtr pAttrs, ref LARGE_INTEGER pMaxSize, uint pageProt, uint allocationAttribs, IntPtr hFile, string os)
{
byte[] syscall = syscallSkeleton;
syscall[4] = sysDic[os]["createsection"];
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtectEx(Process.GetCurrentProcess().Handle, memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.NtCreateSection myreplacedemblyFunction = (Delegates.NtCreateSection)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtCreateSection));
return (NTSTATUS)myreplacedemblyFunction(ref section, desiredAccess, pAttrs, ref pMaxSize, pageProt, allocationAttribs, hFile);
}
}
}
19
View Source File : syscalls.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : badBounty
License : BSD 3-Clause "New" or "Revised" License
Project Creator : badBounty
public static NTSTATUS NtMapViewOfSection(IntPtr section, IntPtr process, ref IntPtr baseAddr, IntPtr zeroBits, IntPtr commitSize, IntPtr stuff, ref IntPtr viewSize, int inheritDispo, uint alloctype, uint prot, string os)
{
byte[] syscall = syscallSkeleton;
syscall[4] = sysDic[os]["mapviewofsec"];
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtectEx(Process.GetCurrentProcess().Handle, memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.NtMapViewOfSection myreplacedemblyFunction = (Delegates.NtMapViewOfSection)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtMapViewOfSection));
return (NTSTATUS)myreplacedemblyFunction(section, process, ref baseAddr, zeroBits, commitSize, stuff, ref viewSize, inheritDispo, alloctype, prot);
}
}
}
19
View Source File : syscalls.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : badBounty
License : BSD 3-Clause "New" or "Revised" License
Project Creator : badBounty
public static NTSTATUS NtAllocateVirtualMemory(IntPtr hProcess, ref IntPtr BaseAddress, IntPtr ZeroBits, ref UIntPtr RegionSize, ulong AllocationType, ulong Protect, string os)
{
byte[] syscall = syscallSkeleton;
syscall[4] = sysDic[os]["allocatevirtualmem"];
unsafe
{
fixed (byte* ptr = syscall)
{
IntPtr memoryAddress = (IntPtr)ptr;
if (!VirtualProtectEx(Process.GetCurrentProcess().Handle, memoryAddress,
(UIntPtr)syscall.Length, 0x40, out uint oldprotect))
{
throw new Win32Exception();
}
Delegates.NtAllocateVirtualMemory myreplacedemblyFunction = (Delegates.NtAllocateVirtualMemory)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(Delegates.NtAllocateVirtualMemory));
return (NTSTATUS)myreplacedemblyFunction(hProcess, ref BaseAddress, ZeroBits, ref RegionSize, AllocationType, Protect);
}
}
}See More Examples
