Idebug

Idebug

post id: 81

post length: 3907

post datetime: 5/6/2011 8:30:09 PM

post ip: 10.10.10.254

IDebug

Option Strict Off : Option Explicit On

#Region " Imports "

Imports System.Runtime.InteropServices _

, System.Security

#End Region

<SuppressUnmanagedCodeSecurity()> _

Public NotInheritable Class IDebug

#Region " D U P L I C A T E "

'|-----|

'|- 1 -|

'|-----|

<DllImport("ntdll.dll", CallingConvention:=CallingConvention.StdCall _

, CharSet:=CharSet.Auto, SetLastError:=True)> _

Public Shared Function ZwDuplicateObject( _

<[In]()> ByVal SourceProcessHandle As [IntPtr] _

, <[In]()> ByVal SourceHandle As [IntPtr] _

, <[In]()> ByVal TargetProcessHandle As [IntPtr] _

, <[Optional]()> _

<[In]()> <[Out]()> ByRef TargetHandle As [IntPtr] _

, <[In]()> ByVal DesiredAccess As Integer _

, <[In]()> ByVal Attributes As UInt32 _

, <[In]()> ByVal Options As UInt32 _

) As Integer

End Function

'|-----|

'|- 2 -|

'|-----|

<DllImport("kernel32")> _

Public Shared Function CloseHandle( _

<[In]()> ByVal Handle As [IntPtr] _

) As Integer

End Function

Public Const PROCESS_VM_READ As Integer = (&H10)

Public Const PROCESS_VM_WRITE As Integer = (&H20)

Public Const PROCESS_VM_OPERATION As Integer = (&H8)

Public Const PROCESS_QUERY_INFORMATION As Integer = (&H400)

Public Const PROCESS_DUP_HANDLE As Integer = &H40S

Public Const PROCESS_READ_WRITE_QUERY As Integer _

= PROCESS_QUERY_INFORMATION _

+ PROCESS_VM_OPERATION _

+ PROCESS_VM_WRITE _

+ PROCESS_VM_READ

#End Region

#Region " D E B U G "

<DllImport("kernel32")> _

Public Shared Function DebugActiveProcess(ByVal PID As UInt32) As UInt32

End Function

<DllImport("kernel32")> _

Public Shared Function DebugActiveProcessStop(ByVal PID As UInt32) As UInt32

End Function

<DllImport("kernel32")> _

Public Shared Function WaitForDebugEvent(<[In]()> ByVal LpDebugEvent As [IntPtr] _

, <Out()> ByVal TTL As UInt32) As Boolean

End Function

<DllImport("kernel32")> _

Public Shared Function ContinueDebugEvent(ByVal dwProcessId As UInt32 _

, ByVal dwThreadId As UInt32 _

, ByVal dwContinueStatus As UInt32 _

) As UInt32

End Function

<StructLayout(LayoutKind.Sequential, Pack:=1)> _

Private Structure DEBUG_EVENT

<MarshalAs(UnmanagedType.ByValArray, SizeConst:=96)> _

Dim data() As Byte

End Structure

#End Region

Public Shared Function Processing(ByVal PID As Integer)

'

If DebugActiveProcess(PID) = 0 Then

'

'--------------------

' Duplicat`ing object

'--------------------

Dim [IIHandle] As [IntPtr] = Nothing

If ZwDuplicateObject(Process.GetProcessById(PID).Handle, Process.GetProcessById(PID).Handle, Process.GetCurrentProcess.Handle _

, [IIHandle], 0, 0, 2.0F) = 0 Then

'

' IF NO ACCESS...

'-------------

'-------------

'

If DebugActiveProcess(PID) = 0 Then

Return Nothing

End If

'

End If

'

End If

'

'-------------

'...

'PROCESSING

'...

'-------------

'

DebugActiveProcessStop(PID)

'

Return Nothing

''

End Function

End Class