From dd89bb8ad4fe184a34b5dbdda237e640fc82121b Mon Sep 17 00:00:00 2001 From: midipix Date: Mon, 27 Jul 2015 04:01:18 -0400 Subject: entered advanced internal development stage. --- include/ntapi/nt_memory.h | 199 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 199 insertions(+) create mode 100644 include/ntapi/nt_memory.h (limited to 'include/ntapi/nt_memory.h') diff --git a/include/ntapi/nt_memory.h b/include/ntapi/nt_memory.h new file mode 100644 index 0000000..72bc452 --- /dev/null +++ b/include/ntapi/nt_memory.h @@ -0,0 +1,199 @@ +#ifndef _NT_MEMORY_H_ +#define _NT_MEMORY_H_ + +#include +#include "nt_object.h" + +typedef enum _nt_memory_info_class { + NT_MEMORY_BASIC_INFORMATION, + NT_MEMORY_WORKING_SET_LIST, + NT_MEMORY_SECTION_NAME, + NT_MEMORY_BASIC_VLM_INFORMATION +} nt_memory_info_class; + +/* memory allocation granularity: same on all supported systems */ +#define NT_ALLOCATION_GRANULARITY (0x10000) + +/* memory (de)allocation types */ +#define NT_MEM_PAGE_GUARD 0x00000100 /* protect */ +#define NT_MEM_COMMIT 0x00001000 /* commit */ +#define NT_MEM_RESERVE 0x00002000 /* reserve only */ +#define NT_MEM_DECOMMIT 0x00004000 /* decommit but maintain reservavion */ +#define NT_MEM_RELEASE 0x00008000 /* decommit and cancel reservation */ +#define NT_MEM_RESET 0x00080000 /* make obsolete */ +#define NT_MEM_TOP_DOWN 0x00100000 /* allocate at highest possible address using a slow and possibly buggy algorithm */ +#define NT_MEM_WRITE_WATCH 0x00200000 /* track writes */ +#define NT_MEM_PHYSICAL 0x00400000 /* physical view */ +#define NT_MEM_RESET_UNDO AVOID 0x01000000 /* only after a successful NT_MEM_RESET */ +#define NT_MEM_LARGE_PAGES 0x20000000 /* use large-page support */ +#define NT_MEM_FREE 0x00010000 /* informational only: nt_memory_basic_information.state */ +#define NT_MEM_IMAGE 0x01000000 /* informational only: nt_memory_basic_information.type */ +#define NT_MEM_MAPPED 0x00040000 /* informational only: nt_memory_basic_information.type */ +#define NT_MEM_PRIVATE 0x00020000 /* informational only: nt_memory_basic_information.type */ + + +/* memory page access bits */ +#define NT_PAGE_NOACCESS (uint32_t)0x01 +#define NT_PAGE_READONLY (uint32_t)0x02 +#define NT_PAGE_READWRITE (uint32_t)0x04 +#define NT_PAGE_WRITECOPY (uint32_t)0x08 +#define NT_PAGE_EXECUTE (uint32_t)0x10 +#define NT_PAGE_EXECUTE_READ (uint32_t)0x20 +#define NT_PAGE_EXECUTE_READWRITE (uint32_t)0x40 +#define NT_PAGE_EXECUTE_WRITECOPY (uint32_t)0x80 + + +/* working set list entries: basic attributes */ +#define NT_WSLE_PAGE_NOT_ACCESSED 0x0000 +#define NT_WSLE_PAGE_READONLY 0x0001 +#define NT_WSLE_PAGE_EXECUTE 0x0002 +#define NT_WSLE_PAGE_EXECUTE_READ 0x0003 +#define NT_WSLE_PAGE_READWRITE 0x0004 +#define NT_WSLE_PAGE_WRITECOPY 0x0005 +#define NT_WSLE_PAGE_EXECUTE_READWRITE 0x0006 +#define NT_WSLE_PAGE_EXECUTE_WRITECOPY 0x0007 + +/* working set list entries: extended attributes */ +#define NT_WSLE_PAGE_NO_CACHE 0x0008 +#define NT_WSLE_PAGE_GUARD_PAGE 0x0010 +#define NT_WSLE_PAGE_SHARE_COUNT_MASK 0x00E0 +#define NT_WSLE_PAGE_SHAREABLE 0x0100 + +/* ntapi_zw_lock_virtual_memory lock types */ +#define NT_LOCK_VM_IN_WSL 0x0001 +#define NT_LOCK_VM_IN_RAM 0x0002 + + +typedef struct _nt_memory_basic_information { + void * base_address; + void * allocation_base; + uint32_t allocation_protect; + size_t region_size; + uint32_t state; + uint32_t protect; + uint32_t type; +} nt_memory_basic_information; + + +typedef struct _nt_memory_working_set_list { + uintptr_t number_of_pages; + uintptr_t nt_working_set_list_entry[]; +} nt_memory_working_set_list; + + +typedef struct _nt_memory_section_name { + nt_unicode_string section_name; + wchar16_t section_name_buffer[]; +} nt_memory_section_name, nt_mem_sec_name; + + +typedef int32_t __stdcall ntapi_zw_allocate_virtual_memory( + __in void * hprocess, + __in_out void ** base_address, + __in uint32_t zero_bits, + __in_out size_t * allocation_size, + __in uint32_t allocation_type, + __in uint32_t protect); + + +typedef int32_t __stdcall ntapi_zw_free_virtual_memory( + __in void * hprocess, + __in_out void ** base_address, + __in_out size_t * free_size, + __in uint32_t deallocation_type); + + +typedef int32_t __stdcall ntapi_zw_query_virtual_memory( + __in void * hprocess, + __in void * base_address, + __in nt_memory_info_class mem_info_class, + __out void * mem_info, + __in size_t mem_info_length, + __out size_t * returned_length __optional); + + +typedef int32_t __stdcall ntapi_zw_protect_virtual_memory( + __in void * hprocess, + __in void ** base_address, + __in size_t * protect_size, + __in uint32_t protect_type_new, + __out uint32_t * protect_type_old); + + +typedef int32_t __stdcall ntapi_zw_read_virtual_memory( + __in void * hprocess, + __in void * base_address, + __out char * buffer, + __in size_t buffer_length, + __out size_t * bytes_written); + + +typedef int32_t __stdcall ntapi_zw_write_virtual_memory( + __in void * hprocess, + __in void * base_address, + __in char * buffer, + __in size_t buffer_length, + __out size_t * bytes_written); + + +typedef int32_t __stdcall ntapi_zw_lock_virtual_memory( + __in void * hprocess, + __in_out void ** base_address, + __in_out size_t * lock_size, + __in uint32_t lock_type); + + +typedef int32_t __stdcall ntapi_zw_unlock_virtual_memory( + __in void * hprocess, + __in_out void ** base_address, + __in_out size_t * lock_size, + __in uint32_t lock_type); + + +typedef int32_t __stdcall ntapi_zw_flush_virtual_memory( + __in void * hprocess, + __in_out void ** base_address, + __in_out size_t * flush_size, + __in nt_io_status_block * flush_type); + + +typedef int32_t __stdcall ntapi_zw_allocate_user_physical_pages( + __in void * hprocess, + __in_out uintptr_t * number_of_pages, + __out uintptr_t * arr_page_frame_numbers); + + +typedef int32_t __stdcall ntapi_zw_free_user_physical_pages( + __in void * hprocess, + __in_out uintptr_t * number_of_pages, + __in uintptr_t * arr_page_frame_numbers); + + +typedef int32_t __stdcall ntapi_zw_map_user_physical_pages( + __in void * base_address, + __in_out uintptr_t * number_of_pages, + __in uintptr_t * arr_page_frame_numbers); + + +typedef int32_t __stdcall ntapi_zw_map_user_physical_pages_scatter( + __in void ** virtual_addresses, + __in_out uintptr_t * number_of_pages, + __in uintptr_t * arr_page_options); + + +typedef uint32_t __stdcall ntapi_zw_get_write_watch( + __in void * hprocess, + __in uint32_t flags, + __in void * base_address, + __in size_t region_size, + __out uintptr_t * buffer, + __in_out uintptr_t * buffer_entries, + __out uintptr_t * granularity); + + +typedef uint32_t __stdcall ntapi_zw_reset_write_watch( + __in void * hprocess, + __in void * base_address, + __in size_t region_size); + +#endif -- cgit v1.2.3