Future/hypervisor
1
0
Fork 0
mirror of https://github.com/momo5502/hypervisor.git synced 2025-08-30 13:43:16 +00:00
Code Activity
Files
051dee0214243a1a5a1e01aa73357c1cb4f249d0
hypervisor/src/driver/nt_ext.hpp
momo5502 30873e4ebb More progress with syscall hooking
2024-05-10 22:15:15 +02:00

173 lines
3.2 KiB
C++
Raw Blame History

#pragma once
#ifdef __cplusplus
extern "C"
{
#endif
// ----------------------------------------
NTKERNELAPI
_IRQL_requires_max_(APC_LEVEL)
_IRQL_requires_min_(PASSIVE_LEVEL)
_IRQL_requires_same_
VOID
KeGenericCallDpc(
_In_ PKDEFERRED_ROUTINE Routine,
_In_opt_ PVOID Context
);
// ----------------------------------------
NTKERNELAPI
_IRQL_requires_(DISPATCH_LEVEL)
_IRQL_requires_same_
VOID
KeSignalCallDpcDone(
_In_ PVOID SystemArgument1
);
// ----------------------------------------
NTKERNELAPI
_IRQL_requires_(DISPATCH_LEVEL)
_IRQL_requires_same_
LOGICAL
KeSignalCallDpcSynchronize(
_In_ PVOID SystemArgument2
);
// ----------------------------------------
#if (NTDDI_VERSION < NTDDI_WIN8)
_Must_inspect_result_
_IRQL_requires_max_(DISPATCH_LEVEL)
NTKERNELAPI
_When_(return != NULL, _Post_writable_byte_size_ (NumberOfBytes)) PVOID
MmAllocateContiguousNodeMemory(
_In_ SIZE_T NumberOfBytes,
_In_ PHYSICAL_ADDRESS LowestAcceptableAddress,
_In_ PHYSICAL_ADDRESS HighestAcceptableAddress,
_In_opt_ PHYSICAL_ADDRESS BoundaryAddressMultiple,
_In_ ULONG Protect,
_In_ NODE_REQUIREMENT PreferredNode
);
#endif
// ----------------------------------------
typedef struct _MM_COPY_ADDRESS {
union {
PVOID VirtualAddress;
PHYSICAL_ADDRESS PhysicalAddress;
};
} MM_COPY_ADDRESS, * PMMCOPY_ADDRESS;
#define MM_COPY_MEMORY_PHYSICAL 0x1
#define MM_COPY_MEMORY_VIRTUAL 0x2
_IRQL_requires_max_(APC_LEVEL)
NTKERNELAPI
NTSTATUS
MmCopyMemory(
_In_ PVOID TargetAddress,
_In_ MM_COPY_ADDRESS SourceAddress,
_In_ SIZE_T NumberOfBytes,
_In_ ULONG Flags,
_Out_ PSIZE_T NumberOfBytesTransferred
);
// ----------------------------------------
NTSYSAPI
VOID
NTAPI
RtlCaptureContext(
_Out_ PCONTEXT ContextRecord
);
// ----------------------------------------
typedef struct _KAPC_STATE
{
LIST_ENTRY ApcListHead[MaximumMode];
struct _KPROCESS* Process;
BOOLEAN KernelApcInProgress;
BOOLEAN KernelApcPending;
BOOLEAN UserApcPending;
} KAPC_STATE, *PKAPC_STATE, *PRKAPC_STATE;
// ----------------------------------------
NTKERNELAPI
VOID
KeStackAttachProcess(
__inout PEPROCESS PROCESS,
__out PRKAPC_STATE ApcState
);
// ----------------------------------------
NTKERNELAPI
VOID
KeUnstackDetachProcess(
__in PRKAPC_STATE ApcState
);
// ----------------------------------------
NTKERNELAPI
NTSTATUS
PsLookupProcessByProcessId(
IN HANDLE ProcessId,
OUT PEPROCESS* Process
);
// ----------------------------------------
NTKERNELAPI
PVOID
PsGetProcessSectionBaseAddress(
__in PEPROCESS Process
);
// ----------------------------------------
NTKERNELAPI
PPEB
NTAPI
PsGetProcessPeb(
IN PEPROCESS Process
);
// ----------------------------------------
NTKERNELAPI
PCSTR
PsGetProcessImageFileName(
__in PEPROCESS Process
);
// ----------------------------------------
__kernel_entry NTSYSCALLAPI
NTSTATUS
NTAPI
NtCreateFile(
_Out_ PHANDLE FileHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
_In_opt_ PLARGE_INTEGER AllocationSize,
_In_ ULONG FileAttributes,
_In_ ULONG ShareAccess,
_In_ ULONG CreateDisposition,
_In_ ULONG CreateOptions,
_In_reads_bytes_opt_(EaLength) PVOID EaBuffer,
_In_ ULONG EaLength
);
#ifdef __cplusplus
}
#endif
View Git Blame Copy Permalink