712 lines
16 KiB
C
712 lines
16 KiB
C
#ifndef _NTMMAPI_H
|
|
#define _NTMMAPI_H
|
|
|
|
#if (PHNT_MODE == PHNT_MODE_KERNEL)
|
|
|
|
// Protection constants
|
|
|
|
#define PAGE_NOACCESS 0x01
|
|
#define PAGE_READONLY 0x02
|
|
#define PAGE_READWRITE 0x04
|
|
#define PAGE_WRITECOPY 0x08
|
|
#define PAGE_EXECUTE 0x10
|
|
#define PAGE_EXECUTE_READ 0x20
|
|
#define PAGE_EXECUTE_READWRITE 0x40
|
|
#define PAGE_EXECUTE_WRITECOPY 0x80
|
|
#define PAGE_GUARD 0x100
|
|
#define PAGE_NOCACHE 0x200
|
|
#define PAGE_WRITECOMBINE 0x400
|
|
|
|
#define PAGE_REVERT_TO_FILE_MAP 0x80000000
|
|
#define PAGE_ENCLAVE_THREAD_CONTROL 0x80000000
|
|
#define PAGE_TARGETS_NO_UPDATE 0x40000000
|
|
#define PAGE_TARGETS_INVALID 0x40000000
|
|
#define PAGE_ENCLAVE_UNVALIDATED 0x20000000
|
|
|
|
// Region and section constants
|
|
|
|
#define MEM_COMMIT 0x1000
|
|
#define MEM_RESERVE 0x2000
|
|
#define MEM_DECOMMIT 0x4000
|
|
#define MEM_RELEASE 0x8000
|
|
#define MEM_FREE 0x10000
|
|
#define MEM_PRIVATE 0x20000
|
|
#define MEM_MAPPED 0x40000
|
|
#define MEM_RESET 0x80000
|
|
#define MEM_TOP_DOWN 0x100000
|
|
#define MEM_WRITE_WATCH 0x200000
|
|
#define MEM_PHYSICAL 0x400000
|
|
#define MEM_ROTATE 0x800000
|
|
#define MEM_DIFFERENT_IMAGE_BASE_OK 0x800000
|
|
#define MEM_RESET_UNDO 0x1000000
|
|
#define MEM_LARGE_PAGES 0x20000000
|
|
#define MEM_4MB_PAGES 0x80000000
|
|
|
|
#define SEC_FILE 0x800000
|
|
#define SEC_IMAGE 0x1000000
|
|
#define SEC_PROTECTED_IMAGE 0x2000000
|
|
#define SEC_RESERVE 0x4000000
|
|
#define SEC_COMMIT 0x8000000
|
|
#define SEC_NOCACHE 0x10000000
|
|
#define SEC_WRITECOMBINE 0x40000000
|
|
#define SEC_LARGE_PAGES 0x80000000
|
|
#define SEC_IMAGE_NO_EXECUTE (SEC_IMAGE | SEC_NOCACHE)
|
|
#define MEM_IMAGE SEC_IMAGE
|
|
|
|
#endif
|
|
|
|
// private
|
|
typedef enum _MEMORY_INFORMATION_CLASS
|
|
{
|
|
MemoryBasicInformation, // MEMORY_BASIC_INFORMATION
|
|
MemoryWorkingSetInformation, // MEMORY_WORKING_SET_INFORMATION
|
|
MemoryMappedFilenameInformation, // UNICODE_STRING
|
|
MemoryRegionInformation, // MEMORY_REGION_INFORMATION
|
|
MemoryWorkingSetExInformation, // MEMORY_WORKING_SET_EX_INFORMATION
|
|
MemorySharedCommitInformation, // MEMORY_SHARED_COMMIT_INFORMATION
|
|
MemoryImageInformation // MEMORY_IMAGE_INFORMATION
|
|
} MEMORY_INFORMATION_CLASS;
|
|
|
|
#if (PHNT_MODE == PHNT_MODE_KERNEL)
|
|
|
|
typedef struct _MEMORY_BASIC_INFORMATION
|
|
{
|
|
PVOID BaseAddress;
|
|
PVOID AllocationBase;
|
|
ULONG AllocationProtect;
|
|
SIZE_T RegionSize;
|
|
ULONG State;
|
|
ULONG Protect;
|
|
ULONG Type;
|
|
} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;
|
|
#endif
|
|
|
|
typedef struct _MEMORY_WORKING_SET_BLOCK
|
|
{
|
|
ULONG_PTR Protection : 5;
|
|
ULONG_PTR ShareCount : 3;
|
|
ULONG_PTR Shared : 1;
|
|
ULONG_PTR Node : 3;
|
|
#ifdef _WIN64
|
|
ULONG_PTR VirtualPage : 52;
|
|
#else
|
|
ULONG VirtualPage : 20;
|
|
#endif
|
|
} MEMORY_WORKING_SET_BLOCK, *PMEMORY_WORKING_SET_BLOCK;
|
|
|
|
typedef struct _MEMORY_WORKING_SET_INFORMATION
|
|
{
|
|
ULONG_PTR NumberOfEntries;
|
|
MEMORY_WORKING_SET_BLOCK WorkingSetInfo[1];
|
|
} MEMORY_WORKING_SET_INFORMATION, *PMEMORY_WORKING_SET_INFORMATION;
|
|
|
|
// private
|
|
typedef struct _MEMORY_REGION_INFORMATION
|
|
{
|
|
PVOID AllocationBase;
|
|
ULONG AllocationProtect;
|
|
ULONG RegionType;
|
|
SIZE_T RegionSize;
|
|
} MEMORY_REGION_INFORMATION, *PMEMORY_REGION_INFORMATION;
|
|
|
|
// private
|
|
typedef struct _MEMORY_WORKING_SET_EX_BLOCK
|
|
{
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
ULONG_PTR Valid : 1;
|
|
ULONG_PTR ShareCount : 3;
|
|
ULONG_PTR Win32Protection : 11;
|
|
ULONG_PTR Shared : 1;
|
|
ULONG_PTR Node : 6;
|
|
ULONG_PTR Locked : 1;
|
|
ULONG_PTR LargePage : 1;
|
|
ULONG_PTR Priority : 3;
|
|
ULONG_PTR Reserved : 3;
|
|
ULONG_PTR SharedOriginal : 1;
|
|
ULONG_PTR Bad : 1;
|
|
#ifdef _WIN64
|
|
ULONG_PTR ReservedUlong : 32;
|
|
#endif
|
|
};
|
|
struct
|
|
{
|
|
ULONG_PTR Valid : 1;
|
|
ULONG_PTR Reserved0 : 14;
|
|
ULONG_PTR Shared : 1;
|
|
ULONG_PTR Reserved1 : 5;
|
|
ULONG_PTR PageTable : 1;
|
|
ULONG_PTR Location : 2;
|
|
ULONG_PTR Priority : 3;
|
|
ULONG_PTR ModifiedList : 1;
|
|
ULONG_PTR Reserved2 : 2;
|
|
ULONG_PTR SharedOriginal : 1;
|
|
ULONG_PTR Bad : 1;
|
|
#ifdef _WIN64
|
|
ULONG_PTR ReservedUlong : 32;
|
|
#endif
|
|
} Invalid;
|
|
};
|
|
} MEMORY_WORKING_SET_EX_BLOCK, *PMEMORY_WORKING_SET_EX_BLOCK;
|
|
|
|
// private
|
|
typedef struct _MEMORY_WORKING_SET_EX_INFORMATION
|
|
{
|
|
PVOID VirtualAddress;
|
|
union
|
|
{
|
|
MEMORY_WORKING_SET_EX_BLOCK VirtualAttributes;
|
|
ULONG_PTR Long;
|
|
} u1;
|
|
} MEMORY_WORKING_SET_EX_INFORMATION, *PMEMORY_WORKING_SET_EX_INFORMATION;
|
|
|
|
// private
|
|
typedef struct _MEMORY_SHARED_COMMIT_INFORMATION
|
|
{
|
|
SIZE_T CommitSize;
|
|
} MEMORY_SHARED_COMMIT_INFORMATION, *PMEMORY_SHARED_COMMIT_INFORMATION;
|
|
|
|
// private
|
|
typedef struct _MEMORY_IMAGE_INFORMATION
|
|
{
|
|
PVOID ImageBase;
|
|
SIZE_T SizeOfImage;
|
|
union
|
|
{
|
|
ULONG ImageFlags;
|
|
struct
|
|
{
|
|
ULONG ImagePartialMap : 1;
|
|
ULONG ImageNotExecutable : 1;
|
|
ULONG Reserved : 30;
|
|
};
|
|
};
|
|
} MEMORY_IMAGE_INFORMATION, *PMEMORY_IMAGE_INFORMATION;
|
|
|
|
#define MMPFNLIST_ZERO 0
|
|
#define MMPFNLIST_FREE 1
|
|
#define MMPFNLIST_STANDBY 2
|
|
#define MMPFNLIST_MODIFIED 3
|
|
#define MMPFNLIST_MODIFIEDNOWRITE 4
|
|
#define MMPFNLIST_BAD 5
|
|
#define MMPFNLIST_ACTIVE 6
|
|
#define MMPFNLIST_TRANSITION 7
|
|
|
|
#define MMPFNUSE_PROCESSPRIVATE 0
|
|
#define MMPFNUSE_FILE 1
|
|
#define MMPFNUSE_PAGEFILEMAPPED 2
|
|
#define MMPFNUSE_PAGETABLE 3
|
|
#define MMPFNUSE_PAGEDPOOL 4
|
|
#define MMPFNUSE_NONPAGEDPOOL 5
|
|
#define MMPFNUSE_SYSTEMPTE 6
|
|
#define MMPFNUSE_SESSIONPRIVATE 7
|
|
#define MMPFNUSE_METAFILE 8
|
|
#define MMPFNUSE_AWEPAGE 9
|
|
#define MMPFNUSE_DRIVERLOCKPAGE 10
|
|
|
|
typedef struct _MEMORY_FRAME_INFORMATION
|
|
{
|
|
ULONGLONG UseDescription : 4; // MMPFNUSE_*
|
|
ULONGLONG ListDescription : 3; // MMPFNLIST_*
|
|
ULONGLONG Reserved0 : 1; // reserved for future expansion
|
|
ULONGLONG Pinned : 1; // 1 - pinned, 0 - not pinned
|
|
ULONGLONG DontUse : 48; // *_INFORMATION overlay
|
|
ULONGLONG Priority : 3; // rev
|
|
ULONGLONG Reserved : 4; // reserved for future expansion
|
|
} MEMORY_FRAME_INFORMATION;
|
|
|
|
typedef struct _FILEOFFSET_INFORMATION
|
|
{
|
|
ULONGLONG DontUse : 9; // MEMORY_FRAME_INFORMATION overlay
|
|
ULONGLONG Offset : 48; // mapped files
|
|
ULONGLONG Reserved : 7; // reserved for future expansion
|
|
} FILEOFFSET_INFORMATION;
|
|
|
|
typedef struct _PAGEDIR_INFORMATION
|
|
{
|
|
ULONGLONG DontUse : 9; // MEMORY_FRAME_INFORMATION overlay
|
|
ULONGLONG PageDirectoryBase : 48; // private pages
|
|
ULONGLONG Reserved : 7; // reserved for future expansion
|
|
} PAGEDIR_INFORMATION;
|
|
|
|
typedef struct _MMPFN_IDENTITY
|
|
{
|
|
union
|
|
{
|
|
MEMORY_FRAME_INFORMATION e1; // all
|
|
FILEOFFSET_INFORMATION e2; // mapped files
|
|
PAGEDIR_INFORMATION e3; // private pages
|
|
} u1;
|
|
ULONG_PTR PageFrameIndex; // all
|
|
union
|
|
{
|
|
PVOID FileObject; // mapped files
|
|
PVOID VirtualAddress; // everything else
|
|
} u2;
|
|
} MMPFN_IDENTITY, *PMMPFN_IDENTITY;
|
|
|
|
typedef struct _MMPFN_MEMSNAP_INFORMATION
|
|
{
|
|
ULONG_PTR InitialPageFrameIndex;
|
|
ULONG_PTR Count;
|
|
} MMPFN_MEMSNAP_INFORMATION, *PMMPFN_MEMSNAP_INFORMATION;
|
|
|
|
typedef enum _SECTION_INFORMATION_CLASS
|
|
{
|
|
SectionBasicInformation,
|
|
SectionImageInformation,
|
|
SectionRelocationInformation, // name:wow64:whNtQuerySection_SectionRelocationInformation
|
|
MaxSectionInfoClass
|
|
} SECTION_INFORMATION_CLASS;
|
|
|
|
typedef struct _SECTION_BASIC_INFORMATION
|
|
{
|
|
PVOID BaseAddress;
|
|
ULONG AllocationAttributes;
|
|
LARGE_INTEGER MaximumSize;
|
|
} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
|
|
|
|
// symbols
|
|
typedef struct _SECTION_IMAGE_INFORMATION
|
|
{
|
|
PVOID TransferAddress;
|
|
ULONG ZeroBits;
|
|
SIZE_T MaximumStackSize;
|
|
SIZE_T CommittedStackSize;
|
|
ULONG SubSystemType;
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
USHORT SubSystemMinorVersion;
|
|
USHORT SubSystemMajorVersion;
|
|
};
|
|
ULONG SubSystemVersion;
|
|
};
|
|
ULONG GpValue;
|
|
USHORT ImageCharacteristics;
|
|
USHORT DllCharacteristics;
|
|
USHORT Machine;
|
|
BOOLEAN ImageContainsCode;
|
|
union
|
|
{
|
|
UCHAR ImageFlags;
|
|
struct
|
|
{
|
|
UCHAR ComPlusNativeReady : 1;
|
|
UCHAR ComPlusILOnly : 1;
|
|
UCHAR ImageDynamicallyRelocated : 1;
|
|
UCHAR ImageMappedFlat : 1;
|
|
UCHAR BaseBelow4gb : 1;
|
|
UCHAR Reserved : 3;
|
|
};
|
|
};
|
|
ULONG LoaderFlags;
|
|
ULONG ImageFileSize;
|
|
ULONG CheckSum;
|
|
} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
|
|
|
|
#if (PHNT_MODE != PHNT_MODE_KERNEL)
|
|
typedef enum _SECTION_INHERIT
|
|
{
|
|
ViewShare = 1,
|
|
ViewUnmap = 2
|
|
} SECTION_INHERIT;
|
|
#endif
|
|
|
|
#define SEC_BASED 0x200000
|
|
#define SEC_NO_CHANGE 0x400000
|
|
#define SEC_GLOBAL 0x20000000
|
|
|
|
#define MEM_EXECUTE_OPTION_DISABLE 0x1
|
|
#define MEM_EXECUTE_OPTION_ENABLE 0x2
|
|
#define MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION 0x4
|
|
#define MEM_EXECUTE_OPTION_PERMANENT 0x8
|
|
#define MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE 0x10
|
|
#define MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE 0x20
|
|
#define MEM_EXECUTE_OPTION_VALID_FLAGS 0x3f
|
|
|
|
// Virtual memory
|
|
|
|
#if (PHNT_MODE != PHNT_MODE_KERNEL)
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAllocateVirtualMemory(
|
|
_In_ HANDLE ProcessHandle,
|
|
_Inout_ _At_(*BaseAddress, _Readable_bytes_(*RegionSize) _Writable_bytes_(*RegionSize) _Post_readable_byte_size_(*RegionSize)) PVOID *BaseAddress,
|
|
_In_ ULONG_PTR ZeroBits,
|
|
_Inout_ PSIZE_T RegionSize,
|
|
_In_ ULONG AllocationType,
|
|
_In_ ULONG Protect
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtFreeVirtualMemory(
|
|
_In_ HANDLE ProcessHandle,
|
|
_Inout_ PVOID *BaseAddress,
|
|
_Inout_ PSIZE_T RegionSize,
|
|
_In_ ULONG FreeType
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtReadVirtualMemory(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_opt_ PVOID BaseAddress,
|
|
_Out_writes_bytes_(BufferSize) PVOID Buffer,
|
|
_In_ SIZE_T BufferSize,
|
|
_Out_opt_ PSIZE_T NumberOfBytesRead
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWriteVirtualMemory(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_opt_ PVOID BaseAddress,
|
|
_In_reads_bytes_(BufferSize) PVOID Buffer,
|
|
_In_ SIZE_T BufferSize,
|
|
_Out_opt_ PSIZE_T NumberOfBytesWritten
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtProtectVirtualMemory(
|
|
_In_ HANDLE ProcessHandle,
|
|
_Inout_ PVOID *BaseAddress,
|
|
_Inout_ PSIZE_T RegionSize,
|
|
_In_ ULONG NewProtect,
|
|
_Out_ PULONG OldProtect
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryVirtualMemory(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ PVOID BaseAddress,
|
|
_In_ MEMORY_INFORMATION_CLASS MemoryInformationClass,
|
|
_Out_writes_bytes_(MemoryInformationLength) PVOID MemoryInformation,
|
|
_In_ SIZE_T MemoryInformationLength,
|
|
_Out_opt_ PSIZE_T ReturnLength
|
|
);
|
|
|
|
#endif
|
|
|
|
// begin_private
|
|
|
|
typedef enum _VIRTUAL_MEMORY_INFORMATION_CLASS
|
|
{
|
|
VmPrefetchInformation,
|
|
VmPagePriorityInformation,
|
|
VmCfgCallTargetInformation
|
|
} VIRTUAL_MEMORY_INFORMATION_CLASS;
|
|
|
|
typedef struct _MEMORY_RANGE_ENTRY
|
|
{
|
|
PVOID VirtualAddress;
|
|
SIZE_T NumberOfBytes;
|
|
} MEMORY_RANGE_ENTRY, *PMEMORY_RANGE_ENTRY;
|
|
|
|
// end_private
|
|
|
|
#if (PHNT_MODE != PHNT_MODE_KERNEL)
|
|
|
|
#if (PHNT_VERSION >= PHNT_THRESHOLD)
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetInformationVirtualMemory(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ VIRTUAL_MEMORY_INFORMATION_CLASS VmInformationClass,
|
|
_In_ ULONG_PTR NumberOfEntries,
|
|
_In_reads_ (NumberOfEntries) PMEMORY_RANGE_ENTRY VirtualAddresses,
|
|
_In_reads_bytes_ (VmInformationLength) PVOID VmInformation,
|
|
_In_ ULONG VmInformationLength
|
|
);
|
|
|
|
#endif
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtLockVirtualMemory(
|
|
_In_ HANDLE ProcessHandle,
|
|
_Inout_ PVOID *BaseAddress,
|
|
_Inout_ PSIZE_T RegionSize,
|
|
_In_ ULONG MapType
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtUnlockVirtualMemory(
|
|
_In_ HANDLE ProcessHandle,
|
|
_Inout_ PVOID *BaseAddress,
|
|
_Inout_ PSIZE_T RegionSize,
|
|
_In_ ULONG MapType
|
|
);
|
|
|
|
#endif
|
|
|
|
// Sections
|
|
|
|
#if (PHNT_MODE != PHNT_MODE_KERNEL)
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateSection(
|
|
_Out_ PHANDLE SectionHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_opt_ PLARGE_INTEGER MaximumSize,
|
|
_In_ ULONG SectionPageProtection,
|
|
_In_ ULONG AllocationAttributes,
|
|
_In_opt_ HANDLE FileHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenSection(
|
|
_Out_ PHANDLE SectionHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtMapViewOfSection(
|
|
_In_ HANDLE SectionHandle,
|
|
_In_ HANDLE ProcessHandle,
|
|
_Inout_ _At_(*BaseAddress, _Readable_bytes_(*ViewSize) _Writable_bytes_(*ViewSize) _Post_readable_byte_size_(*ViewSize)) PVOID *BaseAddress,
|
|
_In_ ULONG_PTR ZeroBits,
|
|
_In_ SIZE_T CommitSize,
|
|
_Inout_opt_ PLARGE_INTEGER SectionOffset,
|
|
_Inout_ PSIZE_T ViewSize,
|
|
_In_ SECTION_INHERIT InheritDisposition,
|
|
_In_ ULONG AllocationType,
|
|
_In_ ULONG Win32Protect
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtUnmapViewOfSection(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_opt_ PVOID BaseAddress
|
|
);
|
|
|
|
#if (PHNT_VERSION >= PHNT_WIN8)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtUnmapViewOfSectionEx(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_opt_ PVOID BaseAddress,
|
|
_In_ ULONG Flags
|
|
);
|
|
#endif
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtExtendSection(
|
|
_In_ HANDLE SectionHandle,
|
|
_Inout_ PLARGE_INTEGER NewSectionSize
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQuerySection(
|
|
_In_ HANDLE SectionHandle,
|
|
_In_ SECTION_INFORMATION_CLASS SectionInformationClass,
|
|
_Out_writes_bytes_(SectionInformationLength) PVOID SectionInformation,
|
|
_In_ SIZE_T SectionInformationLength,
|
|
_Out_opt_ PSIZE_T ReturnLength
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAreMappedFilesTheSame(
|
|
_In_ PVOID File1MappedAsAnImage,
|
|
_In_ PVOID File2MappedAsFile
|
|
);
|
|
|
|
#endif
|
|
|
|
// Partitions
|
|
|
|
// private
|
|
typedef enum _MEMORY_PARTITION_INFORMATION_CLASS
|
|
{
|
|
SystemMemoryPartitionInformation,
|
|
SystemMemoryPartitionMoveMemory,
|
|
SystemMemoryPartitionAddPagefile,
|
|
SystemMemoryPartitionCombineMemory
|
|
} MEMORY_PARTITION_INFORMATION_CLASS;
|
|
|
|
#if (PHNT_MODE != PHNT_MODE_KERNEL)
|
|
|
|
#if (PHNT_VERSION >= PHNT_THRESHOLD)
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreatePartition(
|
|
_Out_ PHANDLE PartitionHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ ULONG PreferredNode
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenPartition(
|
|
_Out_ PHANDLE PartitionHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtManagePartition(
|
|
_In_ MEMORY_PARTITION_INFORMATION_CLASS PartitionInformationClass,
|
|
_In_ PVOID PartitionInformation,
|
|
_In_ ULONG PartitionInformationLength
|
|
);
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
// User physical pages
|
|
|
|
#if (PHNT_MODE != PHNT_MODE_KERNEL)
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtMapUserPhysicalPages(
|
|
_In_ PVOID VirtualAddress,
|
|
_In_ ULONG_PTR NumberOfPages,
|
|
_In_reads_opt_(NumberOfPages) PULONG_PTR UserPfnArray
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtMapUserPhysicalPagesScatter(
|
|
_In_reads_(NumberOfPages) PVOID *VirtualAddresses,
|
|
_In_ ULONG_PTR NumberOfPages,
|
|
_In_reads_opt_(NumberOfPages) PULONG_PTR UserPfnArray
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAllocateUserPhysicalPages(
|
|
_In_ HANDLE ProcessHandle,
|
|
_Inout_ PULONG_PTR NumberOfPages,
|
|
_Out_writes_(*NumberOfPages) PULONG_PTR UserPfnArray
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtFreeUserPhysicalPages(
|
|
_In_ HANDLE ProcessHandle,
|
|
_Inout_ PULONG_PTR NumberOfPages,
|
|
_In_reads_(*NumberOfPages) PULONG_PTR UserPfnArray
|
|
);
|
|
|
|
#endif
|
|
|
|
// Sessions
|
|
|
|
#if (PHNT_MODE != PHNT_MODE_KERNEL)
|
|
|
|
#if (PHNT_VERSION >= PHNT_VISTA)
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenSession(
|
|
_Out_ PHANDLE SessionHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
#endif
|
|
|
|
#endif
|
|
|
|
// Misc.
|
|
|
|
#if (PHNT_MODE != PHNT_MODE_KERNEL)
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtGetWriteWatch(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ ULONG Flags,
|
|
_In_ PVOID BaseAddress,
|
|
_In_ SIZE_T RegionSize,
|
|
_Out_writes_(*EntriesInUserAddressArray) PVOID *UserAddressArray,
|
|
_Inout_ PULONG_PTR EntriesInUserAddressArray,
|
|
_Out_ PULONG Granularity
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtResetWriteWatch(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ PVOID BaseAddress,
|
|
_In_ SIZE_T RegionSize
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreatePagingFile(
|
|
_In_ PUNICODE_STRING PageFileName,
|
|
_In_ PLARGE_INTEGER MinimumSize,
|
|
_In_ PLARGE_INTEGER MaximumSize,
|
|
_In_ ULONG Priority
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtFlushInstructionCache(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_opt_ PVOID BaseAddress,
|
|
_In_ SIZE_T Length
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtFlushWriteBuffer(
|
|
VOID
|
|
);
|
|
|
|
#endif
|
|
|
|
#endif
|