-
Notifications
You must be signed in to change notification settings - Fork 116
Expand file tree
/
Copy pathUtils.h
More file actions
80 lines (61 loc) · 2.93 KB
/
Utils.h
File metadata and controls
80 lines (61 loc) · 2.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#pragma once
typedef struct _SEARCH_CONTEXT {
IN LPBYTE SearchPattern;
IN SIZE_T PatternSize;
OUT LPBYTE Result;
SIZE_T MemoryBlockSize;
}SEARCH_CONTEXT, * PSEARCH_CONTEXT;
NTSTATUS NTAPI RtlFindMemoryBlockFromModuleSection(
_In_ HMODULE ModuleHandle,
_In_ LPCSTR SectionName,
_Inout_ PSEARCH_CONTEXT SearchContext
);
NTSTATUS NTAPI RtlResolveDllNameUnicodeString(
_In_opt_ PCWSTR DllName,
_In_opt_ PCWSTR DllFullName,
_Out_ PUNICODE_STRING BaseDllName,
_Out_ PUNICODE_STRING FullDllName
);
BOOL NTAPI LdrpExecuteTLS(PMEMORYMODULE module);
BOOL NTAPI LdrpCallInitializers(PMEMORYMODULE module, DWORD dwReason);
BOOLEAN NTAPI RtlIsValidImageBuffer(
_In_ PVOID Buffer,
_Out_opt_ size_t* Size
);
BOOLEAN NTAPI VirtualAccessCheck(LPCVOID pBuffer, size_t size, ACCESS_MASK protect);
BOOLEAN NTAPI VirtualAccessCheckNoException(LPCVOID pBuffer, size_t size, ACCESS_MASK protect);
#define ProbeForRead(pBuffer, size) VirtualAccessCheck(pBuffer, size, PAGE_READONLY | PAGE_READWRITE | PAGE_EXECUTE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY | PAGE_WRITECOPY)
#define ProbeForWrite(pBuffer, size) VirtualAccessCheck(pBuffer, size, PAGE_READWRITE | PAGE_WRITECOPY | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)
#define ProbeForReadWrite ProbeForWrite
#define ProbeForExecute(pBuffer, size) VirtualAccessCheck(pBuffer, size, PAGE_EXECUTE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)
#define _ProbeForRead(pBuffer, size) VirtualAccessCheckNoException(pBuffer, size, PAGE_READONLY | PAGE_READWRITE | PAGE_EXECUTE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY | PAGE_WRITECOPY)
#define _ProbeForWrite(pBuffer, size) VirtualAccessCheckNoException(pBuffer, size, PAGE_READWRITE | PAGE_WRITECOPY | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)
#define _ProbeForReadWrite _ProbeForWrite
#define _ProbeForExecute(pBuffer, size) VirtualAccessCheckNoException(pBuffer, size, PAGE_EXECUTE | PAGE_EXECUTE_READ | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)
#define RtlClearBit(BitMapHeader,BitNumber) RtlClearBits((BitMapHeader),(BitNumber),1)
#define RTL_VERIFY_FLAGS_MAJOR_VERSION 0
#define RTL_VERIFY_FLAGS_MINOR_VERSION 1
#define RTL_VERIFY_FLAGS_BUILD_NUMBERS 2
#define RTL_VERIFY_FLAGS_DEFAULT RTL_VERIFY_FLAGS_MAJOR_VERSION|RTL_VERIFY_FLAGS_MINOR_VERSION|RTL_VERIFY_FLAGS_BUILD_NUMBERS
BOOL NTAPI RtlVerifyVersion(
_In_ DWORD MajorVersion,
_In_ DWORD MinorVersion,
_In_ DWORD BuildNumber,
_In_ BYTE Flags
);
BOOL NTAPI RtlIsWindowsVersionOrGreater(
_In_ DWORD MajorVersion,
_In_ DWORD MinorVersion,
_In_ DWORD BuildNumber
);
BOOL NTAPI RtlIsWindowsVersionInScope(
_In_ DWORD MinMajorVersion,
_In_ DWORD MinMinorVersion,
_In_ DWORD MinBuildNumber,
_In_ DWORD MaxMajorVersion,
_In_ DWORD MaxMinorVersion,
_In_ DWORD MaxBuildNumber
);
#ifndef _WIN64
int NTAPI RtlCaptureImageExceptionValues(PVOID BaseAddress, PDWORD SEHandlerTable, PDWORD SEHandlerCount);
#endif