diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2024-05-26 21:37:40 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2024-05-28 21:37:40 +0200 |
| commit | b15e90ab5ef30d606544c85695627e9e4c29d7a3 (patch) | |
| tree | 278d40ec7dcb5e6d2a278751ee033df1c6313ea3 | |
| parent | 45c5c880c7be81b186a033253075c951553f9e30 (diff) | |
Added MmMapIoSpaceEx.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| -rw-r--r-- | CRT/ntdll_zw_functions.c | 27 | ||||
| -rw-r--r-- | CRT/ntdll_zw_functions.txt | 1 |
2 files changed, 28 insertions, 0 deletions
diff --git a/CRT/ntdll_zw_functions.c b/CRT/ntdll_zw_functions.c index 3cd6fde..7fac930 100644 --- a/CRT/ntdll_zw_functions.c +++ b/CRT/ntdll_zw_functions.c @@ -8,6 +8,7 @@ extern "C" { #endif +typedef PVOID NTAPI (*MmMapIoSpaceEx_t) (_In_ PHYSICAL_ADDRESS PhysicalAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG Protect); typedef NTSTATUS NTAPI (*ObOpenObjectByPointer_t) (_In_ PVOID obj, _In_ ULONG HandleAttributes, _In_ PACCESS_STATE PassedAccessState, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE objType, _In_ KPROCESSOR_MODE AccessMode, _Out_ PHANDLE Handle); typedef NTSTATUS NTAPI (*MmCopyMemory_t) (_In_ PVOID TargetAddress, _In_ PVOID SourceAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG Flags, _Out_ PSIZE_T NumberOfBytesTransferred); typedef NTSTATUS NTAPI (*MmCopyVirtualMemory_t) (_In_ PEPROCESS SourceProcess, _In_ PVOID SourceAddress, _In_ PEPROCESS TargetProcess, _In_ PVOID TargetAddress, _In_ SIZE_T BufferSize, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PSIZE_T ReturnSize); @@ -18,6 +19,7 @@ typedef NTSTATUS NTAPI (*ZwQueryVirtualMemory_t) (_In_ HANDLE ProcessHandle, _In typedef NTSTATUS NTAPI (*ZwProtectVirtualMemory_t) (_In_ HANDLE ProcessHandle, _In_ _Out_ PVOID* BaseAddress, _In_ _Out_ PSIZE_T NumberOfBytesToProtect, _In_ ULONG NewAccessProtection, _Out_ PULONG OldAccessProtection); typedef NTSTATUS NTAPI (*ZwQuerySystemInformation_t) (_In_ int SystemInformationClass, _Inout_ PVOID SystemInformation, _In_ ULONG SystemInformationLength, _Out_opt_ PULONG ReturnLength); +static MmMapIoSpaceEx_t _MmMapIoSpaceEx = NULL; static ObOpenObjectByPointer_t _ObOpenObjectByPointer = NULL; static MmCopyMemory_t _MmCopyMemory = NULL; static MmCopyVirtualMemory_t _MmCopyVirtualMemory = NULL; @@ -34,6 +36,21 @@ int __cdecl ntdll_zw_functions (void) UNICODE_STRING fnName; #ifdef __cplusplus + RtlInitUnicodeString(&fnName, skCrypt(L"MmMapIoSpaceEx")); +#else + RtlInitUnicodeString(&fnName, L"MmMapIoSpaceEx"); +#endif + _MmMapIoSpaceEx = (MmMapIoSpaceEx_t)MmGetSystemRoutineAddress(&fnName); + if (_MmMapIoSpaceEx == NULL) + { +#ifdef __cplusplus + DbgPrint(skCrypt("%s\n"), skCrypt("System routine MmMapIoSpaceEx not found.")); +#else + DbgPrint("%s\n", "System routine MmMapIoSpaceEx not found."); +#endif + retval++; + } +#ifdef __cplusplus RtlInitUnicodeString(&fnName, skCrypt(L"ObOpenObjectByPointer")); #else RtlInitUnicodeString(&fnName, L"ObOpenObjectByPointer"); @@ -173,6 +190,16 @@ int __cdecl ntdll_zw_functions (void) } +PVOID NTAPI MmMapIoSpaceEx (_In_ PHYSICAL_ADDRESS PhysicalAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG Protect) +{ + return _MmMapIoSpaceEx (PhysicalAddress, NumberOfBytes, Protect); +} + +PVOID NTAPI WrapperMmMapIoSpaceEx (_In_ PHYSICAL_ADDRESS PhysicalAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG Protect) +{ + return _MmMapIoSpaceEx (PhysicalAddress, NumberOfBytes, Protect); +} + NTSTATUS NTAPI ObOpenObjectByPointer (_In_ PVOID obj, _In_ ULONG HandleAttributes, _In_ PACCESS_STATE PassedAccessState, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE objType, _In_ KPROCESSOR_MODE AccessMode, _Out_ PHANDLE Handle) { if (_ObOpenObjectByPointer == NULL) diff --git a/CRT/ntdll_zw_functions.txt b/CRT/ntdll_zw_functions.txt index eeee056..76a9106 100644 --- a/CRT/ntdll_zw_functions.txt +++ b/CRT/ntdll_zw_functions.txt @@ -1,3 +1,4 @@ +PVOID NTAPI MmMapIoSpaceEx(_In_ PHYSICAL_ADDRESS PhysicalAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG Protect); NTSTATUS NTAPI ObOpenObjectByPointer (_In_ PVOID obj, _In_ ULONG HandleAttributes, _In_ PACCESS_STATE PassedAccessState, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE objType, _In_ KPROCESSOR_MODE AccessMode, _Out_ PHANDLE Handle); NTSTATUS NTAPI MmCopyMemory (_In_ PVOID TargetAddress, _In_ PVOID SourceAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG Flags, _Out_ PSIZE_T NumberOfBytesTransferred); NTSTATUS NTAPI MmCopyVirtualMemory (_In_ PEPROCESS SourceProcess, _In_ PVOID SourceAddress, _In_ PEPROCESS TargetProcess, _In_ PVOID TargetAddress, _In_ SIZE_T BufferSize, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PSIZE_T ReturnSize); |