I am trying to convert some code from C to VB but the memory API functions really confuse me.


Here is the code:

Code:
-----  dwfp2.cpp
#define WIN32_LEAN_AND_MEAN
#define STRICT

#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include <tlhelp32.h>


#pragma check_stack (off)
DWORD exec_func(FARPROC SfcTerminateWatcherThread)
{
   SfcTerminateWatcherThread();
   return 0;
}
void after_thread_func(void){}
#pragma check_stack 


int adjust_privileges(void);
DWORD get_process_pid(char *);
int inject_thread(DWORD, LPVOID);


int main(int argc, char *argv[])
{
    if(argc < 2){
        printf("%s [process name]\n", argv[0]);
        return 1;
    }

    FARPROC pSTWT = GetProcAddress(LoadLibrary("sfc.dll"), (LPCSTR)2);
    if(pSTWT == NULL){
        printf("Error: SfcTerminateWatcherThread\n");
        return -1;
    }
    
    int err = 0;
    if(err = adjust_privileges()){
        printf("Error: adjust_privileges:%d\n", err);
        return -1;
    }
    
    DWORD dwPID;
    if((dwPID = get_process_pid(argv[1])) == 0){
        printf("Error: get_process_pid\n");
        return -1;
    }
    
    if(err = inject_thread(dwPID, pSTWT)){
        printf("Error: inject_thread:%d\n", err);
        return -1;
    }
    
    printf("Windows File Protection Disabled.\n");
    return 0;
}


int adjust_privileges(void)
{
    int ret = 0;
    HANDLE hToken = NULL;

    try{
        if( ! OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
            throw 1;
            
        LUID luid;
        if( ! LookupPrivilegeValue(NULL, "SeDebugPrivilege", &luid))
            throw 2;
            
        TOKEN_PRIVILEGES tk_priv;
        tk_priv.PrivilegeCount = 1;
        tk_priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
        tk_priv.Privileges[0].Luid = luid;
        
        if( ! AdjustTokenPrivileges(hToken, FALSE, &tk_priv, 0, NULL, NULL))
            throw 3;

    }catch(int err){
        ret = err;
    }

    CloseHandle(hToken);
    return ret;
}


DWORD get_process_pid(char *psname)
{
    DWORD pid = 0;

    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if(hSnap == INVALID_HANDLE_VALUE)
        return 0;

    PROCESSENTRY32 pe;
    pe.dwSize = sizeof(pe);

    BOOL bResult = Process32First(hSnap, &pe);
    while(bResult){
        if( ! strcmp(pe.szExeFile, psname))
            pid = pe.th32ProcessID;
        bResult = Process32Next(hSnap, &pe);
    }
    
    CloseHandle(hSnap);
    return pid;
}


int inject_thread(DWORD dwPID, LPVOID pfunc)
{
    int ret = 0;
    
    HANDLE hProcess = NULL;
    LPVOID remote_mem = NULL;

    try{
        if((hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID)) == NULL)
            throw 1;
        
        remote_mem = VirtualAllocEx(hProcess, NULL, 
            (SIZE_T)((char *)after_thread_func - (char *)exec_func),
            MEM_COMMIT, PAGE_READWRITE);
        if(remote_mem == NULL)
            throw 2;
        
        BOOL wFlag = WriteProcessMemory(hProcess, remote_mem, (char *)exec_func,
            (SIZE_T)((char *)after_thread_func - (char *)exec_func), (SIZE_T *)0);
        if(wFlag == FALSE)
            throw 3;
        
        HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, 
        (LPTHREAD_START_ROUTINE)remote_mem, pfunc, 0, NULL);
        if(hThread == NULL)
            throw 4;
            
        if(WaitForSingleObject(hThread, 10 * 1000) == WAIT_TIMEOUT)
            throw 5;
            
        CloseHandle(hThread);
        
    }catch(int err){
        if(err > 2)
            VirtualFreeEx(hProcess, remote_mem, 0, MEM_RELEASE);
        ret = err;
    }
    
    CloseHandle(hProcess);
    return ret;
}
-----


Here is what I have so far:
(I stopped at the VirtualAllocEx b/c I am not sure what this means: (SIZE_T)((char *)after_thread_func - (char *)exec_func) )
Code:
Public Sub InjectCode2()

    Dim pSFCModule As Long
    Dim pSTWT As Long       'SfcTerminateWatcherThread
    
    Dim pDataRemote As Long
    Dim lSize As Long
    
    'Get Handles:
    pSFCModule = LoadLibrary("sfc.dll")
    pSTWT = GetProcAddress2(pSFCModule, 2)
        MsgBox pSTWT
        
    'Enable Debug privilege
    Call EnableProcessPrivileges(GetCurrentProcessId, SE_Debug)
    
    'Open Process:
    Call EnableProcessPrivileges(GetCurrentProcessId, SE_Debug)
    hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, lPID)
        MsgBox hProcess
    
    
    pDataRemote = VirtualAllocEx(hProcess, 0, lSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
    


End Sub