Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Expand file tree

/

Utils.h

Copy path
More file actions
More file actions

Latest commit

 

History

History
History
79 lines (61 loc) · 2.96 KB
/

Utils.h

File metadata and controls

79 lines (61 loc) · 2.96 KB
Copy raw file
Download raw file
Open symbols panel
Edit and raw actions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#pragma once
typedef struct _SEARCH_CONTEXT {
IN LPBYTE SearchPattern;
IN SIZE_T PatternSize;
OUT LPBYTE Result;
SIZE_T MemoryBlockSize;
}SEARCH_CONTEXT, * PSEARCH_CONTEXT;
NTSTATUS NTAPI RtlFindMemoryBlockFromModuleSection(
_In_ HMODULE ModuleHandle,
_In_ LPCSTR SectionName,
_Inout_ PSEARCH_CONTEXT SearchContext
);
NTSTATUS NTAPI RtlResolveDllNameUnicodeString(
_In_opt_ PCWSTR DllName,
_In_opt_ PCWSTR DllFullName,
_Out_ PUNICODE_STRING BaseDllName,
_Out_ PUNICODE_STRING FullDllName
);
BOOL NTAPI LdrpExecuteTLS(PMEMORYMODULE module);
BOOL NTAPI LdrpCallInitializers(PMEMORYMODULE module, DWORD dwReason);
BOOLEAN NTAPI RtlIsValidImageBuffer(
_In_ PVOID Buffer,
_Out_opt_ size_t* Size
);
BOOLEAN NTAPI VirtualAccessCheck(LPCVOID pBuffer, size_t size, ACCESS_MASK protect);
BOOLEAN NTAPI VirtualAccessCheckNoException(LPCVOID pBuffer, size_t size, ACCESS_MASK protect);
#define ProbeForRead(pBuffer, size) VirtualAccessCheck(pBuffer, size, PAGE_READONLY | PAGE_READWRITE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE)
#define ProbeForWrite(pBuffer, size) VirtualAccessCheck(pBuffer, size, PAGE_READWRITE | PAGE_EXECUTE_WRITECOPY | PAGE_WRITECOPY | PAGE_EXECUTE_READWRITE)
#define ProbeForReadWrite(pBuffer, size) VirtualAccessCheck(pBuffer, size, PAGE_EXECUTE_READWRITE | PAGE_READWRITE)
#define ProbeForExecute(pBuffer, size) VirtualAccessCheck(pBuffer, size, PAGE_EXECUTE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)
#define _ProbeForRead(pBuffer, size) VirtualAccessCheckNoException(pBuffer, size, PAGE_READONLY | PAGE_READWRITE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE)
#define _ProbeForWrite(pBuffer, size) VirtualAccessCheckNoException(pBuffer, size, PAGE_READWRITE | PAGE_EXECUTE_WRITECOPY | PAGE_WRITECOPY | PAGE_EXECUTE_READWRITE)
#define _ProbeForReadWrite(pBuffer, size) VirtualAccessCheckNoException(pBuffer, size, PAGE_EXECUTE_READWRITE | PAGE_READWRITE)
#define _ProbeForExecute(pBuffer, size) VirtualAccessCheckNoException(pBuffer, size, PAGE_EXECUTE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)
#define RtlClearBit(BitMapHeader,BitNumber) RtlClearBits((BitMapHeader),(BitNumber),1)
#define RTL_VERIFY_FLAGS_MAJOR_VERSION 0
#define RTL_VERIFY_FLAGS_MINOR_VERSION 1
#define RTL_VERIFY_FLAGS_BUILD_NUMBERS 2
#define RTL_VERIFY_FLAGS_DEFAULT RTL_VERIFY_FLAGS_MAJOR_VERSION|RTL_VERIFY_FLAGS_MINOR_VERSION|RTL_VERIFY_FLAGS_BUILD_NUMBERS
BOOL NTAPI RtlVerifyVersion(
_In_ DWORD MajorVersion,
_In_ DWORD MinorVersion,
_In_ DWORD BuildNumber,
_In_ BYTE Flags
);
BOOL NTAPI RtlIsWindowsVersionOrGreater(
_In_ DWORD MajorVersion,
_In_ DWORD MinorVersion,
_In_ DWORD BuildNumber
);
BOOL NTAPI RtlIsWindowsVersionInScope(
_In_ DWORD MinMajorVersion,
_In_ DWORD MinMinorVersion,
_In_ DWORD MinBuildNumber,
_In_ DWORD MaxMajorVersion,
_In_ DWORD MaxMinorVersion,
_In_ DWORD MaxBuildNumber
);
#ifndef _WIN64
int NTAPI RtlCaptureImageExceptionValues(PVOID BaseAddress, PDWORD SEHandlerTable, PDWORD SEHandlerCount);
#endif
Morty Proxy This is a proxified and sanitized view of the page, visit original site.