本文整理汇总了C#中Binarysharp.MemoryManagement.Native.SafeMemoryHandle类的典型用法代码示例。如果您正苦于以下问题:C# SafeMemoryHandle类的具体用法?C# SafeMemoryHandle怎么用?C# SafeMemoryHandle使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
SafeMemoryHandle类属于Binarysharp.MemoryManagement.Native命名空间,在下文中一共展示了SafeMemoryHandle类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: HandleToThread
/// <summary>
/// Converts an handle into a <see cref="ProcessThread"/> object assuming this is a thread handle.
/// </summary>
/// <param name="threadHandle">A valid handle to an opened thread.</param>
/// <returns>A <see cref="ProcessThread"/> object from the specified handle.</returns>
public static ProcessThread HandleToThread(SafeMemoryHandle threadHandle)
{
// Search the thread by iterating the processes list
foreach (var process in Process.GetProcesses())
{
var ret = process.Threads.Cast<ProcessThread>().FirstOrDefault(t => t.Id == HandleToThreadId(threadHandle));
if (ret != null)
return ret;
}
// If no thread was found, throws a exception like the First() function with no element
throw new InvalidOperationException("Sequence contains no matching element");
}示例2: Free
/// <summary>
/// Releases a region of memory within the virtual address space of a specified process.
/// </summary>
/// <param name="processHandle">A handle to a process.</param>
/// <param name="address">A pointer to the starting address of the region of memory to be freed.</param>
public static void Free(SafeMemoryHandle processHandle, IntPtr address)
{
// Check if the handles are valid
HandleManipulator.ValidateAsArgument(processHandle, "processHandle");
HandleManipulator.ValidateAsArgument(address, "address");
// Free the memory
if (!NativeMethods.VirtualFreeEx(processHandle, address, 0, MemoryReleaseFlags.Release))
{
// If the memory wasn't correctly freed, throws an exception
throw new Win32Exception(string.Format("The memory page 0x{0} cannot be freed.", address.ToString("X")));
}
}示例3: HandleToProcessId
/// <summary>
/// Converts an handle into a process id assuming this is a process handle.
/// </summary>
/// <param name="processHandle">A valid handle to an opened process.</param>
/// <returns>A process id from the specified handle.</returns>
public static int HandleToProcessId(SafeMemoryHandle processHandle)
{
// Check if the handle is valid
ValidateAsArgument(processHandle, "processHandle");
// Find the process id
var ret = NativeMethods.GetProcessId(processHandle);
// If the process id is valid
if (ret != 0)
return ret;
// Else the function failed, throws an exception
throw new Win32Exception("Couldn't find the process id of the specified handle.");
}示例4: Allocate
/// <summary>
/// Reserves a region of memory within the virtual address space of a specified process.
/// </summary>
/// <param name="processHandle">The handle to a process.</param>
/// <param name="size">The size of the region of memory to allocate, in bytes.</param>
/// <param name="protectionFlags">The memory protection for the region of pages to be allocated.</param>
/// <param name="allocationFlags">The type of memory allocation.</param>
/// <returns>The base address of the allocated region.</returns>
public static IntPtr Allocate(SafeMemoryHandle processHandle, int size, MemoryProtectionFlags protectionFlags = MemoryProtectionFlags.ExecuteReadWrite,
MemoryAllocationFlags allocationFlags = MemoryAllocationFlags.Commit)
{
// Check if the handle is valid
HandleManipulator.ValidateAsArgument(processHandle, "processHandle");
// Allocate a memory page
var ret = NativeMethods.VirtualAllocEx(processHandle, IntPtr.Zero, size, allocationFlags, protectionFlags);
// Check whether the memory page is valid
if (ret != IntPtr.Zero)
return ret;
// If the pointer isn't valid, throws an exception
throw new Win32Exception(string.Format("Couldn't allocate memory of {0} byte(s).", size));
}示例5: GetThreadContext
/// <summary>
/// Retrieves the context of the specified thread.
/// </summary>
/// <param name="threadHandle">A handle to the thread whose context is to be retrieved.</param>
/// <param name="contextFlags">Determines which registers are returned or set.</param>
/// <returns>A <see cref="ThreadContext"/> structure that receives the appropriate context of the specified thread.</returns>
public static ThreadContext GetThreadContext(SafeMemoryHandle threadHandle, ThreadContextFlags contextFlags = ThreadContextFlags.Full)
{
// Check if the handle is valid
HandleManipulator.ValidateAsArgument(threadHandle, "threadHandle");
// Allocate a thread context structure
var context = new ThreadContext {ContextFlags = contextFlags};
// Set the context flag
// Get the thread context
if (NativeMethods.GetThreadContext(threadHandle, ref context))
return context;
// Else couldn't get the thread context, throws an exception
throw new Win32Exception("Couldn't get the thread context.");
}示例6: CreateRemoteThread
/// <summary>
/// Creates a thread that runs in the virtual address space of another process.
/// </summary>
/// <param name="processHandle">A handle to the process in which the thread is to be created.</param>
/// <param name="startAddress">A pointer to the application-defined function to be executed by the thread and represents the starting address of the thread in the remote process.</param>
/// <param name="parameter">A pointer to a variable to be passed to the thread function.</param>
/// <param name="creationFlags">The flags that control the creation of the thread.</param>
/// <returns>A handle to the new thread.</returns>
public static SafeMemoryHandle CreateRemoteThread(SafeMemoryHandle processHandle, IntPtr startAddress, IntPtr parameter, ThreadCreationFlags creationFlags = ThreadCreationFlags.Run)
{
// Check if the handles are valid
HandleManipulator.ValidateAsArgument(processHandle, "processHandle");
HandleManipulator.ValidateAsArgument(startAddress, "startAddress");
// Create the remote thread
int threadId;
var ret = NativeMethods.CreateRemoteThread(processHandle, IntPtr.Zero, 0, startAddress, parameter, creationFlags, out threadId);
// If the thread is created
if (!ret.IsClosed && !ret.IsInvalid)
return ret;
// Else couldn't create thread, throws an exception
throw new Win32Exception(string.Format("Couldn't create the thread at 0x{0}.", startAddress.ToString("X")));
}示例7: GetExitCodeThread
/// <summary>
/// Retrieves the termination status of the specified thread.
/// </summary>
/// <param name="threadHandle">A handle to the thread.</param>
/// <returns>
/// Nullable type: the return value is A pointer to a variable to receive the thread termination status or
/// <code>null</code> if it is running.
/// </returns>
public static IntPtr? GetExitCodeThread(SafeMemoryHandle threadHandle)
{
// Check if the handle is valid
HandleManipulationHelper.ValidateAsArgument(threadHandle, "threadHandle");
// Create the variable storing the output exit code
IntPtr exitCode;
// Get the exit code of the thread
if (!NativeMethods.GetExitCodeThread(threadHandle, out exitCode))
throw new Win32Exception("Couldn't get the exit code of the thread.");
// If the thread is still active
if (exitCode == new IntPtr(259))
return null;
return exitCode;
}示例8: ChangeProtection
/// <summary>
/// Changes the protection on a region of committed pages in the virtual address space of a specified process.
/// </summary>
/// <param name="processHandle">A handle to the process whose memory protection is to be changed.</param>
/// <param name="address">
/// A pointer to the base address of the region of pages whose access protection attributes are to be
/// changed.
/// </param>
/// <param name="size">The size of the region whose access protection attributes are changed, in bytes.</param>
/// <param name="protection">The memory protection option.</param>
/// <returns>The old protection of the region in a <see cref="Native.MemoryBasicInformation" /> structure.</returns>
public static MemoryProtectionFlags ChangeProtection(SafeMemoryHandle processHandle, IntPtr address, int size, MemoryProtectionFlags protection)
{
// Check if the handles are valid
HandleManipulator.ValidateAsArgument(processHandle, "processHandle");
HandleManipulator.ValidateAsArgument(address, "address");
// Create the variable storing the old protection of the memory page
MemoryProtectionFlags oldProtection;
// Change the protection in the target process
if (NativeMethods.VirtualProtectEx(processHandle, address, size, protection, out oldProtection))
{
// Return the old protection
return oldProtection;
}
// Else the protection couldn't be changed, throws an exception
throw new Win32Exception(string.Format("Couldn't change the protection of the memory at 0x{0} of {1} byte(s) to {2}.", address.ToString("X"), size, protection));
}示例9: Find
/// <summary>
/// Performs a pattern scan.
/// </summary>
/// <param name="processHandle">The process the <see cref="ProcessModule" /> containing the data resides in.</param>
/// <param name="processModule">The <see cref="ProcessModule" /> that contains the pattern data resides in.</param>
/// <param name="data">The array of bytes containing the data to search for matches in.</param>
/// <param name="mask">
/// The mask that defines the byte pattern we are searching for.
/// <example>
/// <code>
/// var bytes = new byte[]{55,45,00,00,55} ;
/// var mask = "xx??x";
/// </code>
/// </example>
/// </param>
/// <param name="offsetToAdd">The offset to add to the offset result found from the pattern.</param>
/// <param name="reBase">If the address should be rebased to this Instance's base address.</param>
/// <param name="wildCardChar">
/// [Optinal] The 'wild card' defines the <see cref="char" /> value that the mask uses to differentiate
/// between pattern data that is relevant, and pattern data that should be ignored. The default value is 'x'.
/// </param>
/// <param name="pattern">The byte array that contains the pattern of bytes we're looking for.</param>
/// <returns>A new <see cref="PatternScanResult" /> instance.</returns>
public static PatternScanResult Find(SafeMemoryHandle processHandle, ProcessModule processModule, byte[] data,
byte[] pattern,
string mask, int offsetToAdd, bool reBase, char wildCardChar = 'x')
{
for (var offset = 0; offset < data.Length; offset++)
{
if (mask.Where((m, b) => m == 'x' && pattern[b] != data[b + offset]).Any()) continue;
var found = MemoryCore.Read<IntPtr>(processHandle,
processModule.BaseAddress + offset + offsetToAdd);
var result = new PatternScanResult
{
OriginalAddress = found,
Address = reBase ? found : found.Subtract(processModule.BaseAddress),
Offset = (IntPtr) offset
};
return result;
}
// If this is reached, the pattern was not found.
throw new Exception("The pattern scan for the pattern mask: " + "[" + mask + "]" + " was not found.");
}示例10: FindPeb
/// <summary>
/// Finds the Process Environment Block address of a specified process.
/// </summary>
/// <param name="processHandle">A handle of the process.</param>
/// <returns>A <see cref="IntPtr"/> pointer of the PEB.</returns>
public static IntPtr FindPeb(SafeMemoryHandle processHandle)
{
return MemoryCore.NtQueryInformationProcess(processHandle).PebBaseAddress;
}示例11: WaitForSingleObject
/// <summary>
/// Waits an infinite amount of time for the specified object to become signaled.
/// </summary>
/// <param name="handle">A handle to the object.</param>
/// <returns>If the function succeeds, the return value indicates the event that caused the function to return.</returns>
public static WaitValues WaitForSingleObject(SafeMemoryHandle handle)
{
// Check if the handle is valid
HandleManipulationHelper.ValidateAsArgument(handle, "handle");
// Wait for single object
var ret = NativeMethods.WaitForSingleObject(handle, 0xFFFFFFFF);
// If the function failed
if (ret == WaitValues.Failed)
throw new Win32Exception("The WaitForSingleObject function call failed.");
return ret;
}示例12: SuspendThread
public static extern uint SuspendThread(SafeMemoryHandle hThread);示例13: TerminateThread
public static extern bool TerminateThread(SafeMemoryHandle hThread, int dwExitCode);示例14: WriteBytes
/// <summary>
/// Writes data to an area of memory in a specified process.
/// </summary>
/// <param name="processHandle">A handle to the process memory to be modified.</param>
/// <param name="address">A pointer to the base address in the specified process to which data is written.</param>
/// <param name="byteArray">A buffer that contains data to be written in the address space of the specified process.</param>
/// <returns>The number of bytes written.</returns>
public static int WriteBytes(SafeMemoryHandle processHandle, IntPtr address, byte[] byteArray)
{
// Check if the handles are valid
HandleManipulator.ValidateAsArgument(processHandle, "processHandle");
HandleManipulator.ValidateAsArgument(address, "address");
// Create the variable storing the number of bytes written
int nbBytesWritten;
// Write the data to the target process
if (NativeMethods.WriteProcessMemory(processHandle, address, byteArray, byteArray.Length, out nbBytesWritten))
{
// Check whether the length of the data written is equal to the inital array
if (nbBytesWritten == byteArray.Length)
return nbBytesWritten;
}
// Else the data couldn't be written, throws an exception
throw new Win32Exception(string.Format("Couldn't write {0} bytes to 0x{1}", byteArray.Length, address.ToString("X")));
}示例15: Query
/// <summary>
/// Retrieves information about a range of pages within the virtual address space of a specified process.
/// </summary>
/// <param name="processHandle">A handle to the process whose memory information is queried.</param>
/// <param name="baseAddress">A pointer to the base address of the region of pages to be queried.</param>
/// <returns>A <see cref="Native.MemoryBasicInformation"/> structures in which information about the specified page range is returned.</returns>
public static MemoryBasicInformation Query(SafeMemoryHandle processHandle, IntPtr baseAddress)
{
// Allocate the structure to store information of memory
MemoryBasicInformation memoryInfo;
// Query the memory region
if(NativeMethods.VirtualQueryEx(processHandle, baseAddress, out memoryInfo, MarshalType<MemoryBasicInformation>.Size) != 0)
return memoryInfo;
// Else the information couldn't be got
throw new Win32Exception(string.Format("Couldn't query information about the memory region 0x{0}", baseAddress.ToString("X")));
}