From 9128c38e0fcb4d46504f72b33f1eb0574247f681 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Sat, 7 Oct 2023 16:16:30 +0200
Subject: initial commit

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 memory.hpp | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 memory.hpp

(limited to 'memory.hpp')

diff --git a/memory.hpp b/memory.hpp
new file mode 100644
index 0000000..8594a7b
--- /dev/null
+++ b/memory.hpp
@@ -0,0 +1,49 @@
+#ifndef MEMORY_H
+#define MEMORY_H 1
+
+#include <cstdint>
+#include <cstdlib>
+#include <EASTL/string.h>
+#include <EASTL/vector.h>
+#include <ntifs.h>
+#include <wdm.h>
+
+#include "stringify.hpp"
+
+struct Process {
+  uint32_t NumberOfThreads;
+  eastl::wstring ProcessName;
+  uint64_t UniqueProcessId;
+  uint32_t HandleCount;
+};
+
+struct Module {
+  uint64_t DllBase;
+  uint64_t EntryPoint;
+  uint32_t SizeOfImage;
+  eastl::wstring FullDllName;
+  eastl::wstring BaseDllName;
+  uint32_t Flags;
+  uint16_t LoadCount;
+  uint16_t TlsIndex;
+};
+
+struct Page {
+  eastl::string toString() const { return ::toString(BaseAddress, RegionSize, Type, State, Protect); }
+
+  uint64_t BaseAddress;
+  uint64_t AllocationBase;
+  uint32_t AllocationProtect;
+  size_t RegionSize;
+  uint32_t State;
+  uint32_t Protect;
+  uint32_t Type;
+};
+
+eastl::vector<Process> GetProcesses();
+NTSTATUS OpenProcess(_In_ HANDLE pid, _Out_ PEPROCESS *pep, _Out_ HANDLE *obj);
+NTSTATUS CloseProcess(_In_ _Out_ PEPROCESS *pep, _In_ _Out_ HANDLE *obj);
+eastl::vector<Page> GetPages(_In_ HANDLE obj, SIZE_T maxPages = 1024, ULONG_PTR startAddress = 0);
+eastl::vector<Module> GetModules(_In_ PEPROCESS Process, _In_ BOOLEAN isWow64);
+
+#endif
-- 
cgit v1.2.3