Ruptura
RepositoryFinancesDiscussionsDiscordZulip
  • Home
  • Usage
  • Tasks
    • Assembly Injection
    • Function Hooking
    • Call Tracing
    • System Access
Powered by GitBook

Copyright © Vezel Contributors

On this page
Edit on GitHub
Export as PDF
  1. Tasks

System Access

Last updated 2 years ago

The Vezel.Ruptura.System library provides convenient managed wrappers for native Win32 APIs and kernel objects. The focus is primarily on functionality that is not readily available in .NET, but there is still some overlap.

For example, you could enumerate all threads in a process like so:

using var snapshot = SnapshotObject.Create(SnapshotFlags.Threads, ProcessObject.CurrentId);

foreach (ThreadSnapshot threadSnapshot in snapshot.EnumerateThreads())
{
    using var thread = ThreadObject.OpenId(threadSnapshot.Id, ThreadAccess.GetLimitedInfo);

    Console.WriteLine($"{thread.Id}: {thread.Description}");
}

Instances of classes derived from KernelObject (such as the SnapshotObject and ThreadObject instances in the above code) are thin wrappers around objects, with a few niceties on top, such as a settable IsInheritable property and equality operators based on . KernelObject inherits from , so like SafeHandle, you can rely on KernelObject instances being usable in finalizers. On top of that, they expose a bunch of relevant Win32 APIs for the particular object type.

Some kernel objects are waitable. This is the case for ProcessObject and ThreadObject, for example. They derive from SynchronizationObject (which derives from KernelObject). You could wait for a thread to exit like this:

using var thread = ThreadObject.OpenId(id, ThreadAccess.Synchronize);

if (thread.Wait(TimeSpan.FromSeconds(5), alertable: false) == WaitResult.TimedOut)
    throw new TimeoutException();

(WaitResult.Alerted can only occur if alertable is set to true. Also, WaitResult.Abandoned is only relevant when waiting on a mutex.)

SafeHandle
CompareObjectHandles
CriticalFinalizerObject