128 lines
2.8 KiB
C
128 lines
2.8 KiB
C
#pragma once
|
|
|
|
#include <ntifs.h>
|
|
#include <minwindef.h>
|
|
|
|
#ifdef __cplusplus
|
|
extern "C"
|
|
{
|
|
#endif
|
|
|
|
NTKERNELAPI NTSTATUS IoCreateDriver(PUNICODE_STRING DriverName,
|
|
PDRIVER_INITIALIZE InitializationFunction);
|
|
|
|
NTKERNELAPI NTSTATUS MmCopyVirtualMemory(PEPROCESS SourceProcess, PVOID SourceAddress,
|
|
PEPROCESS TargetProcess, PVOID TargetAddress,
|
|
SIZE_T BufferSize, KPROCESSOR_MODE PreviousMode,
|
|
PSIZE_T ReturnSize);
|
|
|
|
NTSTATUS ZwProtectVirtualMemory(
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PVOID* BaseAddress,
|
|
IN OUT SIZE_T* NumberOfBytesToProtect,
|
|
IN ULONG NewAccessProtection,
|
|
OUT PULONG OldAccessProtection);
|
|
|
|
NTKERNELAPI PPEB NTAPI PsGetProcessPeb(IN PEPROCESS Process);
|
|
|
|
typedef struct _PEB_LDR_DATA
|
|
{
|
|
ULONG Length;
|
|
UCHAR Initialized;
|
|
PVOID SsHandle;
|
|
LIST_ENTRY InLoadOrderModuleList;
|
|
LIST_ENTRY InMemoryOrderModuleList;
|
|
LIST_ENTRY InInitializationOrderModuleList;
|
|
} PEB_LDR_DATA, * PPEB_LDR_DATA;
|
|
|
|
typedef struct _PEB_LDR_DATA32
|
|
{
|
|
ULONG Length;
|
|
UCHAR Initialized;
|
|
ULONG SsHandle;
|
|
LIST_ENTRY32 InLoadOrderModuleList;
|
|
LIST_ENTRY32 InMemoryOrderModuleList;
|
|
LIST_ENTRY32 InInitializationOrderModuleList;
|
|
} PEB_LDR_DATA32, * PPEB_LDR_DATA32;
|
|
|
|
typedef struct _PEB
|
|
{
|
|
UCHAR InheritedAddressSpace;
|
|
UCHAR ReadImageFileExecOptions;
|
|
UCHAR BeingDebugged;
|
|
UCHAR BitField;
|
|
PVOID Mutant;
|
|
PVOID ImageBaseAddress;
|
|
PPEB_LDR_DATA Ldr;
|
|
PVOID ProcessParameters;
|
|
PVOID SubSystemData;
|
|
PVOID ProcessHeap;
|
|
PVOID FastPebLock;
|
|
PVOID AtlThunkSListPtr;
|
|
PVOID IFEOKey;
|
|
PVOID CrossProcessFlags;
|
|
PVOID KernelCallbackTable;
|
|
ULONG SystemReserved;
|
|
ULONG AtlThunkSListPtr32;
|
|
PVOID ApiSetMap;
|
|
} PEB, * PPEB;
|
|
|
|
typedef struct _PEB32
|
|
{
|
|
UCHAR InheritedAddressSpace;
|
|
UCHAR ReadImageFileExecOptions;
|
|
UCHAR BeingDebugged;
|
|
UCHAR BitField;
|
|
ULONG Mutant;
|
|
ULONG ImageBaseAddress;
|
|
ULONG Ldr;
|
|
ULONG ProcessParameters;
|
|
ULONG SubSystemData;
|
|
ULONG ProcessHeap;
|
|
ULONG FastPebLock;
|
|
ULONG AtlThunkSListPtr;
|
|
ULONG IFEOKey;
|
|
ULONG CrossProcessFlags;
|
|
ULONG UserSharedInfoPtr;
|
|
ULONG SystemReserved;
|
|
ULONG AtlThunkSListPtr32;
|
|
ULONG ApiSetMap;
|
|
} PEB32, * PPEB32;
|
|
|
|
typedef struct _LDR_DATA_TABLE_ENTRY
|
|
{
|
|
LIST_ENTRY InLoadOrderLinks;
|
|
LIST_ENTRY InMemoryOrderLinks;
|
|
LIST_ENTRY InInitializationOrderLinks;
|
|
PVOID DllBase;
|
|
PVOID EntryPoint;
|
|
ULONG SizeOfImage;
|
|
UNICODE_STRING FullDllName;
|
|
UNICODE_STRING BaseDllName;
|
|
ULONG Flags;
|
|
USHORT LoadCount;
|
|
USHORT TlsIndex;
|
|
LIST_ENTRY HashLinks;
|
|
ULONG TimeDateStamp;
|
|
} LDR_DATA_TABLE_ENTRY, * PLDR_DATA_TABLE_ENTRY;
|
|
|
|
typedef struct _LDR_DATA_TABLE_ENTRY32
|
|
{
|
|
LIST_ENTRY32 InLoadOrderLinks;
|
|
LIST_ENTRY32 InMemoryOrderLinks;
|
|
LIST_ENTRY32 InInitializationOrderLinks;
|
|
ULONG DllBase;
|
|
ULONG EntryPoint;
|
|
ULONG SizeOfImage;
|
|
UNICODE_STRING32 FullDllName;
|
|
UNICODE_STRING32 BaseDllName;
|
|
ULONG Flags;
|
|
USHORT LoadCount;
|
|
USHORT TlsIndex;
|
|
LIST_ENTRY32 HashLinks;
|
|
ULONG TimeDateStamp;
|
|
} LDR_DATA_TABLE_ENTRY32, * PLDR_DATA_TABLE_ENTRY32;
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif |