@msdn=http://search.microsoft.com/search/results.aspx?qu=$$$ @pinvoke=http://pinvoke.net/$$$.htm Summary: The VirtualAllocExNuma API - Reserves, commits, or changes the state of a region of memory within the virtual address space of the specified process, and specifies the NUMA node for the physical memory. !!!!C# Signature: [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)] static extern IntPtr VirtualAllocExNuma(IntPtr hProcess, IntPtr lpAddress,uint dwSize, UInt32 flAllocationType, UInt32 flProtect, UInt32 nndPreferred); !!!!VB Signature: None. !!!!User-Defined Types: None. !!!!Alternative Managed API: Do you know one? Please contribute it! !!!!Notes: None. !!!!Tips & Tricks: Please add some! !!!!Sample Code: LPVOID mem; //virtualallocexnuma is used for bypass sandbox. As this api is not present inside sandox environmrnt. mem = VirtualAllocExNuma(GetCurrentProcess(), NULL, 1000, MEM_COMMIT | MEM_RESERVE, 0x4, 0); // if inside sandbox then virtualallocexnuma will fail and mem will be null. if inside normal machine then it will return address within current process adress space. // Therefore effectively we are preventing execution of out exploit in AV's sandbox if (!mem) { exit(0); } Documentation: VirtualAllocExNuma@msdn on MSDN
Edit kernel32.VirtualA...
You do not have permission to change this page. If you feel this is in error, please send feedback with the contact link on the main page.