-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.h
204 lines (192 loc) · 8.43 KB
/
main.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
#pragma once
struct RTL_PROCESS_MODULE_INFORMATION
{
void *Section;
void *MappedBase;
void *ImageBase;
unsigned long ImageSize;
unsigned long Flags;
unsigned short LoadOrderIndex;
unsigned short InitOrderIndex;
unsigned short LoadCount;
unsigned short OffsetToFileName;
char FullPathName[ 0x0100 ];
};
struct RTL_PROCESS_MODULES
{
unsigned long NumberOfModules;
RTL_PROCESS_MODULE_INFORMATION Modules[ 1 ];
};
typedef struct _MMVAD_FLAGS2
{
struct /* bitfield */
{
/* 0x0000 */ unsigned long FileOffset : 24; /* bit position: 0 */
/* 0x0000 */ unsigned long Large : 1; /* bit position: 24 */
/* 0x0000 */ unsigned long TrimBehind : 1; /* bit position: 25 */
/* 0x0000 */ unsigned long Inherit : 1; /* bit position: 26 */
/* 0x0000 */ unsigned long NoValidationNeeded : 1; /* bit position: 27 */
/* 0x0000 */ unsigned long PrivateDemandZero : 1; /* bit position: 28 */
/* 0x0000 */ unsigned long Spare : 3; /* bit position: 29 */
}; /* bitfield */
} MMVAD_FLAGS2, *PMMVAD_FLAGS2; /* size: 0x0004 */
typedef struct _MI_VAD_SEQUENTIAL_INFO
{
struct /* bitfield */
{
/* 0x0000 */ unsigned __int64 Length : 12; /* bit position: 0 */
/* 0x0000 */ unsigned __int64 Vpn : 52; /* bit position: 12 */
}; /* bitfield */
} MI_VAD_SEQUENTIAL_INFO, *PMI_VAD_SEQUENTIAL_INFO; /* size: 0x0008 */
typedef struct _MMVAD_FLAGS
{
struct /* bitfield */
{
/* 0x0000 */ unsigned long Lock : 1; /* bit position: 0 */
/* 0x0000 */ unsigned long LockContended : 1; /* bit position: 1 */
/* 0x0000 */ unsigned long DeleteInProgress : 1; /* bit position: 2 */
/* 0x0000 */ unsigned long NoChange : 1; /* bit position: 3 */
/* 0x0000 */ unsigned long VadType : 3; /* bit position: 4 */
/* 0x0000 */ unsigned long Protection : 5; /* bit position: 7 */
/* 0x0000 */ unsigned long PreferredNode : 6; /* bit position: 12 */
/* 0x0000 */ unsigned long PageSize : 2; /* bit position: 18 */
/* 0x0000 */ unsigned long PrivateMemory : 1; /* bit position: 20 */
}; /* bitfield */
} MMVAD_FLAGS, *PMMVAD_FLAGS; /* size: 0x0004 */
typedef struct _MM_PRIVATE_VAD_FLAGS
{
struct /* bitfield */
{
/* 0x0000 */ unsigned long Lock : 1; /* bit position: 0 */
/* 0x0000 */ unsigned long LockContended : 1; /* bit position: 1 */
/* 0x0000 */ unsigned long DeleteInProgress : 1; /* bit position: 2 */
/* 0x0000 */ unsigned long NoChange : 1; /* bit position: 3 */
/* 0x0000 */ unsigned long VadType : 3; /* bit position: 4 */
/* 0x0000 */ unsigned long Protection : 5; /* bit position: 7 */
/* 0x0000 */ unsigned long PreferredNode : 6; /* bit position: 12 */
/* 0x0000 */ unsigned long PageSize : 2; /* bit position: 18 */
/* 0x0000 */ unsigned long PrivateMemoryAlwaysSet : 1; /* bit position: 20 */
/* 0x0000 */ unsigned long WriteWatch : 1; /* bit position: 21 */
/* 0x0000 */ unsigned long FixedLargePageSize : 1; /* bit position: 22 */
/* 0x0000 */ unsigned long ZeroFillPagesOptional : 1; /* bit position: 23 */
/* 0x0000 */ unsigned long Graphics : 1; /* bit position: 24 */
/* 0x0000 */ unsigned long Enclave : 1; /* bit position: 25 */
/* 0x0000 */ unsigned long ShadowStack : 1; /* bit position: 26 */
/* 0x0000 */ unsigned long PhysicalMemoryPfnsReferenced : 1; /* bit position: 27 */
}; /* bitfield */
} MM_PRIVATE_VAD_FLAGS, *PMM_PRIVATE_VAD_FLAGS; /* size: 0x0004 */
typedef struct _MM_GRAPHICS_VAD_FLAGS
{
struct /* bitfield */
{
/* 0x0000 */ unsigned long Lock : 1; /* bit position: 0 */
/* 0x0000 */ unsigned long LockContended : 1; /* bit position: 1 */
/* 0x0000 */ unsigned long DeleteInProgress : 1; /* bit position: 2 */
/* 0x0000 */ unsigned long NoChange : 1; /* bit position: 3 */
/* 0x0000 */ unsigned long VadType : 3; /* bit position: 4 */
/* 0x0000 */ unsigned long Protection : 5; /* bit position: 7 */
/* 0x0000 */ unsigned long PreferredNode : 6; /* bit position: 12 */
/* 0x0000 */ unsigned long PageSize : 2; /* bit position: 18 */
/* 0x0000 */ unsigned long PrivateMemoryAlwaysSet : 1; /* bit position: 20 */
/* 0x0000 */ unsigned long WriteWatch : 1; /* bit position: 21 */
/* 0x0000 */ unsigned long FixedLargePageSize : 1; /* bit position: 22 */
/* 0x0000 */ unsigned long ZeroFillPagesOptional : 1; /* bit position: 23 */
/* 0x0000 */ unsigned long GraphicsAlwaysSet : 1; /* bit position: 24 */
/* 0x0000 */ unsigned long GraphicsUseCoherentBus : 1; /* bit position: 25 */
/* 0x0000 */ unsigned long GraphicsNoCache : 1; /* bit position: 26 */
/* 0x0000 */ unsigned long GraphicsPageProtection : 3; /* bit position: 27 */
}; /* bitfield */
} MM_GRAPHICS_VAD_FLAGS, *PMM_GRAPHICS_VAD_FLAGS; /* size: 0x0004 */
typedef struct _MM_SHARED_VAD_FLAGS
{
struct /* bitfield */
{
/* 0x0000 */ unsigned long Lock : 1; /* bit position: 0 */
/* 0x0000 */ unsigned long LockContended : 1; /* bit position: 1 */
/* 0x0000 */ unsigned long DeleteInProgress : 1; /* bit position: 2 */
/* 0x0000 */ unsigned long NoChange : 1; /* bit position: 3 */
/* 0x0000 */ unsigned long VadType : 3; /* bit position: 4 */
/* 0x0000 */ unsigned long Protection : 5; /* bit position: 7 */
/* 0x0000 */ unsigned long PreferredNode : 6; /* bit position: 12 */
/* 0x0000 */ unsigned long PageSize : 2; /* bit position: 18 */
/* 0x0000 */ unsigned long PrivateMemoryAlwaysClear : 1; /* bit position: 20 */
/* 0x0000 */ unsigned long PrivateFixup : 1; /* bit position: 21 */
/* 0x0000 */ unsigned long HotPatchAllowed : 1; /* bit position: 22 */
}; /* bitfield */
} MM_SHARED_VAD_FLAGS, *PMM_SHARED_VAD_FLAGS; /* size: 0x0004 */
typedef struct _MMVAD_FLAGS1
{
struct /* bitfield */
{
/* 0x0000 */ unsigned long CommitCharge : 31; /* bit position: 0 */
/* 0x0000 */ unsigned long MemCommit : 1; /* bit position: 31 */
}; /* bitfield */
} MMVAD_FLAGS1, *PMMVAD_FLAGS1; /* size: 0x0004 */
typedef struct _MMVAD_SHORT
{
union
{
struct
{
/* 0x0000 */ struct _MMVAD_SHORT *NextVad;
/* 0x0008 */ void *ExtraCreateInfo;
}; /* size: 0x0010 */
/* 0x0000 */ struct _RTL_BALANCED_NODE VadNode;
}; /* size: 0x0018 */
/* 0x0018 */ unsigned long StartingVpn;
/* 0x001c */ unsigned long EndingVpn;
/* 0x0020 */ unsigned char StartingVpnHigh;
/* 0x0021 */ unsigned char EndingVpnHigh;
/* 0x0022 */ unsigned char CommitChargeHigh;
/* 0x0023 */ unsigned char SpareNT64VadUChar;
/* 0x0024 */ long ReferenceCount;
/* 0x0028 */ EX_PUSH_LOCK PushLock;
union
{
union
{
/* 0x0030 */ unsigned long LongFlags;
/* 0x0030 */ struct _MMVAD_FLAGS VadFlags;
/* 0x0030 */ struct _MM_PRIVATE_VAD_FLAGS PrivateVadFlags;
/* 0x0030 */ struct _MM_GRAPHICS_VAD_FLAGS GraphicsVadFlags;
/* 0x0030 */ struct _MM_SHARED_VAD_FLAGS SharedVadFlags;
/* 0x0030 */ volatile unsigned long VolatileVadLong;
}; /* size: 0x0004 */
} /* size: 0x0004 */ u;
union
{
union
{
/* 0x0034 */ unsigned long LongFlags1;
/* 0x0034 */ struct _MMVAD_FLAGS1 VadFlags1;
}; /* size: 0x0004 */
} /* size: 0x0004 */ u1;
/* 0x0038 */ struct _MI_VAD_EVENT_BLOCK *EventList;
} MMVAD_SHORT, *PMMVAD_SHORT; /* size: 0x0040 */
typedef struct _MMVAD
{
/* 0x0000 */ struct _MMVAD_SHORT Core;
union
{
union
{
/* 0x0040 */ unsigned long LongFlags2;
/* 0x0040 */ volatile struct _MMVAD_FLAGS2 VadFlags2;
}; /* size: 0x0004 */
} /* size: 0x0004 */ u2;
/* 0x0044 */ long Padding_770;
/* 0x0048 */ struct _SUBSECTION *Subsection;
/* 0x0050 */ struct _MMPTE *FirstPrototypePte;
/* 0x0058 */ struct _MMPTE *LastContiguousPte;
/* 0x0060 */ struct _LIST_ENTRY ViewLinks;
/* 0x0070 */ struct _EPROCESS *VadsProcess;
union
{
union
{
/* 0x0078 */ struct _MI_VAD_SEQUENTIAL_INFO SequentialVa;
/* 0x0078 */ struct _MMEXTEND_INFO *ExtendedInfo;
}; /* size: 0x0008 */
} /* size: 0x0008 */ u4;
/* 0x0080 */ struct _FILE_OBJECT *FileObject;
} MMVAD, *PMMVAD; /* size: 0x0088 */