Skip to content

wow64 support, more unit tests, jit stub #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
susMdT wants to merge 3 commits into
base: main
Choose a base branch
from
Open

wow64 support, more unit tests, jit stub #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9709dbb
move to jit and more unit tests and some fixes
Mar 3, 2024
6e72b92
wow64
Mar 4, 2024
52ad025
restore old sample
Mar 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 3 additions & 5 deletions CsWhispers.Generator/CsWhispers.Generator.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<TargetFramework>netstandard2.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<LangVersion>12</LangVersion>
<LangVersion>12.0</LangVersion>
<EnforceExtendedAnalyzerRules>true</EnforceExtendedAnalyzerRules>
<GeneratePackageOnBuild>true</GeneratePackageOnBuild>
<IncludeBuildOutput>false</IncludeBuildOutput>
Expand All @@ -18,6 +18,8 @@
<Title>CsWhispers</Title>
<Description>Source generator to add D/Invoke and indirect syscall methods to a C# project.</Description>
<Copyright>Copyright (c) Daniel Duggan 2024</Copyright>
<Configurations>Debug</Configurations>
<Platforms>AnyCPU;x86</Platforms>
</PropertyGroup>

<ItemGroup>
Expand All @@ -28,10 +30,6 @@
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>

<PropertyGroup Condition=" '$(Configuration)' == 'Release' ">
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Microsoft.CodeAnalysis.Analyzers" Version="3.3.4">
<PrivateAssets>all</PrivateAssets>
Expand Down
15 changes: 7 additions & 8 deletions CsWhispers.Generator/Source/MEMORY_BASIC_INFORMATION.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,11 @@

public unsafe struct MEMORY_BASIC_INFORMATION
{
void* BaseAddress;
void* AllocationBase;
uint AllocationProtect;
ushort PartitionId;
nuint RegionSize;
uint State;
uint Protect;
uint Type;
public void* BaseAddress;
public void* AllocationBase;
public uint AllocationProtect;
public nuint RegionSize;
public uint State;
public uint Protect;
public uint Type;
}
19 changes: 3 additions & 16 deletions CsWhispers.Generator/Source/NtAllocateVirtualMemory.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ public static unsafe partial class Syscalls
{
private const string ZwAllocateVirtualMemoryHash = "D80FB8F3EA00B69B2CAAB144EB70BE34";

private static int NtAllocateVirtualMemoryJit() { return 5; }

public static NTSTATUS NtAllocateVirtualMemory(
HANDLE processHandle,
void* baseAddress,
Expand All @@ -18,15 +20,7 @@ public static NTSTATUS NtAllocateVirtualMemory(

fixed (byte* buffer = stub)
{
var ptr = (IntPtr)buffer;
var size = new IntPtr(stub.Length);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
0x00000020,
out var oldProtect);
IntPtr ptr = PrepareJit(nameof(NtAllocateVirtualMemoryJit), buffer, stub.Length);

var ntAllocateVirtualMemory = Marshal.GetDelegateForFunctionPointer<ZwAllocateVirtualMemory>(ptr);

Expand All @@ -38,13 +32,6 @@ public static NTSTATUS NtAllocateVirtualMemory(
allocationType,
protect);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
oldProtect,
out _);

return status;
}
}
Expand Down
21 changes: 4 additions & 17 deletions CsWhispers.Generator/Source/NtClose.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,35 +4,22 @@ namespace CsWhispers;

public static unsafe partial class Syscalls
{
private const string ZwCloseHash = "F11693417BD581AAA27083765DB7A812";
private const string ZwCloseHash = "D5E973CE71E99CE43DB3C3FFFFEB4623";

private static int NtCloseJit() { return 5; }

public static NTSTATUS NtClose(HANDLE handle)
{
var stub = GetSyscallStub(ZwCloseHash);

fixed (byte* buffer = stub)
{
var ptr = (IntPtr)buffer;
var size = new IntPtr(stub.Length);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
0x00000020,
out var oldProtect);
IntPtr ptr = PrepareJit(nameof(NtCloseJit), buffer, stub.Length);

var ntClose = Marshal.GetDelegateForFunctionPointer<ZwClose>(ptr);

var status = ntClose(handle);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
oldProtect,
out _);

return status;
}
}
Expand Down
19 changes: 3 additions & 16 deletions CsWhispers.Generator/Source/NtCreateSection.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ public static unsafe partial class Syscalls
{
private const string ZwCreateSectionHash = "12C4C6E5EB9B290330CA3A7E5D43D0FA";

private static int NtCreateSectionJit() { return 5; }

public static NTSTATUS NtCreateSection(
HANDLE* sectionHandle,
uint desiredAccess,
Expand All @@ -19,15 +21,7 @@ public static NTSTATUS NtCreateSection(

fixed (byte* buffer = stub)
{
var ptr = (IntPtr)buffer;
var size = new IntPtr(stub.Length);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
0x00000020,
out var oldProtect);
IntPtr ptr = PrepareJit(nameof(NtCreateSectionJit), buffer, stub.Length);

var ntCreateSection = Marshal.GetDelegateForFunctionPointer<ZwCreateSection>(ptr);

Expand All @@ -40,13 +34,6 @@ public static NTSTATUS NtCreateSection(
allocationAttributes,
fileHandle);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
oldProtect,
out _);

return status;
}
}
Expand Down
21 changes: 4 additions & 17 deletions CsWhispers.Generator/Source/NtCreateThreadEx.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ namespace CsWhispers;
public static unsafe partial class Syscalls
{
private const string ZwCreateThreadExHash = "434AE47989589026C54B874E5D12D365";


private static int NtCreateThreadExJit() { return 5; }

public static NTSTATUS NtCreateThreadEx(
HANDLE* threadHandle,
uint desiredAccess,
Expand All @@ -23,15 +25,7 @@ public static NTSTATUS NtCreateThreadEx(

fixed (byte* buffer = stub)
{
var ptr = (IntPtr)buffer;
var size = new IntPtr(stub.Length);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
0x00000020,
out var oldProtect);
IntPtr ptr = PrepareJit(nameof(NtCreateThreadExJit), buffer, stub.Length);

var ntCreateThreadEx = Marshal.GetDelegateForFunctionPointer<ZwCreateThreadEx>(ptr);

Expand All @@ -48,13 +42,6 @@ public static NTSTATUS NtCreateThreadEx(
maximumStackSize,
attributeList);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
oldProtect,
out _);

return status;
}
}
Expand Down
21 changes: 4 additions & 17 deletions CsWhispers.Generator/Source/NtFreeVirtualMemory.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,25 +6,19 @@ public static unsafe partial class Syscalls
{
private const string ZwFreeVirtualMemoryHash = "A2356248E8839427AE2D390367DC1A40";

private static int NtFreeVirtualMemoryJit() { return 5; }

public static NTSTATUS NtFreeVirtualMemory(
HANDLE processHandle,
void* baseAddress,
uint* regionSize,
uint freeType)
{
var stub = GetSyscallStub(ZwCloseHash);
var stub = GetSyscallStub(ZwFreeVirtualMemoryHash);

fixed (byte* buffer = stub)
{
var ptr = (IntPtr)buffer;
var size = new IntPtr(stub.Length);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
0x00000020,
out var oldProtect);
IntPtr ptr = PrepareJit(nameof(NtFreeVirtualMemoryJit), buffer, stub.Length);

var ntFreeVirtualMemory = Marshal.GetDelegateForFunctionPointer<ZwFreeVirtualMemory>(ptr);

Expand All @@ -34,13 +28,6 @@ public static NTSTATUS NtFreeVirtualMemory(
regionSize,
freeType);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
oldProtect,
out _);

return status;
}
}
Expand Down
19 changes: 3 additions & 16 deletions CsWhispers.Generator/Source/NtMapViewOfSection.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ public static unsafe partial class Syscalls
{
private const string ZwMapViewOfSectionHash = "C72A45E418708097B7D23865D6187D5E";

private static int NtMapViewOfSectionJit() { return 5; }

public static NTSTATUS NtMapViewOfSection(
HANDLE sectionHandle,
HANDLE processHandle,
Expand All @@ -22,15 +24,7 @@ public static NTSTATUS NtMapViewOfSection(

fixed (byte* buffer = stub)
{
var ptr = (IntPtr)buffer;
var size = new IntPtr(stub.Length);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
0x00000020,
out var oldProtect);
IntPtr ptr = PrepareJit(nameof(NtMapViewOfSectionJit), buffer, stub.Length);

var ntMapViewOfSection = Marshal.GetDelegateForFunctionPointer<ZwMapViewOfSection>(ptr);

Expand All @@ -46,13 +40,6 @@ public static NTSTATUS NtMapViewOfSection(
allocationType,
win32Protect);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
oldProtect,
out _);

return status;
}
}
Expand Down
19 changes: 3 additions & 16 deletions CsWhispers.Generator/Source/NtOpenFile.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ public static unsafe partial class Syscalls
{
private const string ZwOpenFileHash = "568DFAF213A08F28C9D58D1234D4218A";

private static int NtOpenFileJit() { return 5; }

public static NTSTATUS NtOpenFile(
HANDLE* fileHandle,
uint desiredAccess,
Expand All @@ -18,15 +20,7 @@ public static NTSTATUS NtOpenFile(

fixed (byte* buffer = stub)
{
var ptr = (IntPtr)buffer;
var size = new IntPtr(stub.Length);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
0x00000020,
out var oldProtect);
IntPtr ptr = PrepareJit(nameof(NtOpenFileJit), buffer, stub.Length);

var ntOpenFile = Marshal.GetDelegateForFunctionPointer<ZwOpenFile>(ptr);

Expand All @@ -38,13 +32,6 @@ public static NTSTATUS NtOpenFile(
shareAccess,
openOptions);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
oldProtect,
out _);

return status;
}
}
Expand Down
22 changes: 4 additions & 18 deletions CsWhispers.Generator/Source/NtOpenProcess.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,41 +6,27 @@ public static unsafe partial class Syscalls
{
private const string ZwOpenProcessHash = "00B6CA92B16374B1C81FC54DFE03DF52";

private static int NtOpenProcessJit() { return 5; }

public static NTSTATUS NtOpenProcess(
HANDLE* processHandle,
uint desiredAccess,
OBJECT_ATTRIBUTES* objectAttributes,
CLIENT_ID* clientId)
{
var stub = GetSyscallStub(ZwOpenProcessHash);

fixed (byte* buffer = stub)
{
var ptr = (IntPtr)buffer;
var size = new IntPtr(stub.Length);
IntPtr ptr = PrepareJit(nameof(NtOpenProcessJit), buffer, stub.Length);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
0x00000020,
out var oldProtect);

var ntOpenProcess = Marshal.GetDelegateForFunctionPointer<ZwOpenProcess>(ptr);

var status = ntOpenProcess(
processHandle,
desiredAccess,
objectAttributes,
clientId);

Native.NtProtectVirtualMemory(
new HANDLE((IntPtr)(-1)),
ref ptr,
ref size,
oldProtect,
out _);

return status;
}
}
Expand Down
Loading