Here are the examples of the csharp api class DriverExploits.ElevateHandle.FindKernelProcedure(string) taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.
1 Example
0
1. Example
Project: loadlibrayy
Source File: ElevateHandle.cs
Source File: ElevateHandle.cs
private static NT.ProcessContext FindProcessInfo(uint targetProcessId) { NT.ProcessContext processContext = new NT.ProcessContext() { ProcessId = 0 }; // GET POINTER TO THE SYSTEM EPROCESS ulong eprocessPointer = (ulong)FindKernelProcedure("PsInitialSystemProcess"); // READ EPROCESS ADDRESS ulong ntosEntry = Driver.ReadSystemAddress<ulong>(eprocessPointer); var listHead = ntosEntry + g_OffsetProcessLinks; var lastLink = Driver.ReadSystemAddress<ulong>(listHead + sizeof(ulong)); // ITERATE ALL PROCESSES for (var currentLink = listHead; currentLink != lastLink; currentLink = Driver.ReadSystemAddress<ulong>(currentLink)) { var currentEntry = currentLink - g_OffsetProcessLinks; var processId = Driver.ReadSystemAddress<ulong>(currentEntry + g_OffsetProcessId); // PID is a match if (processId == targetProcessId) { processContext.ProcessId = targetProcessId; processContext.DirectoryBase = Driver.ReadSystemAddress<ulong>(currentEntry + g_OffsetDirectoryTable); processContext.KernelEntry = currentEntry; break; } } return processContext; }