[UnmanagedFunctionPointer(CallingConvention.StdCall)]
public delegate NTSTATUS NtOpenProcess(
ref IntPtr processHandle,
PROCESS_ACCESS desiredAccess,
ref Native.OBJECT_ATTRIBUTES objectAttributes,
ref CLIENT_ID clientId);
Also see:
const int pid = 1234;
var oa = new Native.OBJECT_ATTRIBUTES();
var cid = new CLIENT_ID
{
UniqueProcess = (IntPtr)pid
};
var hProcess = IntPtr.Zero;
object[] parameters =
{
hProcess, PROCESS_ACCESS.PROCESS_ALL_ACCESS, oa, cid
};
var status = (NTSTATUS)Generic.DynamicApiInvoke(
"ntdll.dll",
"NtOpenProcess",
typeof(NtOpenProcess),
ref parameters);
if (status == NTSTATUS.Success)
hProcess = (IntPtr)parameters[0];
const int pid = 1234;
var oa = new Native.OBJECT_ATTRIBUTES();
var cid = new CLIENT_ID
{
UniqueProcess = (IntPtr)pid
};
var stub = Map.GetSyscallStub("NtOpenProcess");
var ntOpenProcess = Marshal.GetDelegateForFunctionPointer<NtOpenProcess>(stub);
var hProcess = IntPtr.Zero;
var status = ntOpenProcess(
ref hProcess,
PROCESS_ACCESS.PROCESS_ALL_ACCESS,
ref oa,
ref cid);