aboutsummaryrefslogtreecommitdiff
path: root/KMemDriver/Imports.h
blob: 44f53cc9fe6b1269bcc0adf327a6fd5bca5212ad (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

#pragma once

#include <ntddk.h>
#include <wdm.h>


extern POBJECT_TYPE* IoDriverObjectType;

NTKERNELAPI
NTSTATUS
NTAPI
MmCopyVirtualMemory
(
	PEPROCESS SourceProcess,
	PVOID SourceAddress,
	PEPROCESS TargetProcess,
	PVOID TargetAddress,
	SIZE_T BufferSize,
	KPROCESSOR_MODE PreviousMode,
	PSIZE_T ReturnSize
);

NTKERNELAPI
NTSTATUS
NTAPI
PsLookupProcessByProcessId(
	_In_ HANDLE ProcessId,
	_Outptr_ PEPROCESS *Process
);

typedef struct _KAPC_STATE
{
	LIST_ENTRY ApcListHead[2];
	PKPROCESS Process;
	UCHAR KernelApcInProgress;
	UCHAR KernelApcPending;
	UCHAR UserApcPending;
} KAPC_STATE, *PKAPC_STATE, *PRKAPC_STATE;

NTKERNELAPI
VOID
NTAPI
KeStackAttachProcess(
	PRKPROCESS   PROCESS,
	PRKAPC_STATE ApcState
);

NTKERNELAPI
VOID
NTAPI
KeUnstackDetachProcess(
	PRKAPC_STATE ApcState
);

NTKERNELAPI
PPEB
NTAPI
PsGetProcessPeb(PEPROCESS Process);

NTKERNELAPI
NTSTATUS
NTAPI
ObOpenObjectByPointer(
	PVOID           Object,
	ULONG           HandleAttributes,
	PACCESS_STATE   PassedAccessState,
	ACCESS_MASK     DesiredAccess,
	POBJECT_TYPE    ObjectType,
	KPROCESSOR_MODE AccessMode,
	PHANDLE         Handle
);

typedef enum _MEMORY_INFORMATION_CLASS {
	MemoryBasicInformation
} MEMORY_INFORMATION_CLASS;

NTKERNELAPI
NTSTATUS
NTAPI
ZwQueryVirtualMemory(
	_In_      HANDLE                   ProcessHandle,
	_In_opt_  PVOID                    BaseAddress,
	_In_      MEMORY_INFORMATION_CLASS MemoryInformationClass,
	_Out_     PVOID                    MemoryInformation,
	_In_      SIZE_T                   MemoryInformationLength,
	_Out_opt_ PSIZE_T                  ReturnLength
);

NTKERNELAPI
NTSTATUS
NTAPI
ZwProtectVirtualMemory(
	IN HANDLE ProcessHandle,
	IN PVOID* BaseAddress, /* THIS IS ACTUALLY AN IN_OUT */
	IN SIZE_T* NumberOfBytesToProtect,
	IN ULONG NewAccessProtection,
	OUT PULONG OldAccessProtection
);

NTKERNELAPI
NTSTATUS
NTAPI
ObReferenceObjectByName(
	PUNICODE_STRING ObjectName,
	ULONG Attributes,
	PACCESS_STATE Passed,
	ACCESS_MASK DesiredAccess,
	POBJECT_TYPE ObjectType,
	KPROCESSOR_MODE Access,
	PVOID ParseContext,
	PVOID* ObjectPtr
);
Powered by cgit, Themed by Ted Yin.