forked from pig4210/xlib
-
Notifications
You must be signed in to change notification settings - Fork 0
/
xlib_nt.cpp
136 lines (102 loc) · 4.15 KB
/
xlib_nt.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#include "xlib_nt.h"
#ifdef FOR_RING0
#else //#ifdef FOR_RING0
#define DEFINE_FUNCTION_START(rettype,calltype,funcname,...) \
rettype calltype funcname(__VA_ARGS__)\
{\
typedef rettype (calltype * nt_##funcname)(__VA_ARGS__);\
static const nt_##funcname gk_##funcname =\
(nt_##funcname)Get_NTDLL_Proc(#funcname);\
return gk_##funcname(
#define DEFINE_FUNCTION_END(...) \
__VA_ARGS__);\
}
static void* Get_NTDLL_Proc(__in LPCSTR lpProcName)
{
static const HMODULE gk_hmod_ntdll = GetModuleHandle(TEXT("ntdll"));
return GetProcAddress(gk_hmod_ntdll,lpProcName);
}
DEFINE_FUNCTION_START(NTSTATUS,XLIB_NTAPI,ZwQuerySystemInformation,
__in SYSTEM_INFORMATION_CLASS SystemInformationClass,
__inout PVOID SystemInformation,
__in ULONG_PTR SystemInformationLength,
__out_opt PULONG_PTR ReturnLength
)
DEFINE_FUNCTION_END(SystemInformationClass,SystemInformation,
SystemInformationLength,ReturnLength)
DEFINE_FUNCTION_START(NTSTATUS,XLIB_NTAPI,ZwProtectVirtualMemory,
__in_opt HANDLE ProcessHandle,
__inout PVOID* BaseAddress,
__inout PULONG_PTR NumberOfBytesToProtect,
__in ULONG_PTR NewAccessProtection,
__out PULONG_PTR OldAccessProtection
)
DEFINE_FUNCTION_END(ProcessHandle,BaseAddress,
NumberOfBytesToProtect,NewAccessProtection,OldAccessProtection)
DEFINE_FUNCTION_START(VOID,XLIB_NTAPI,RtlInitUnicodeString,
__out PUNICODE_STRING DestinationString,
__in_opt PCWSTR SourceString
)
DEFINE_FUNCTION_END(DestinationString,SourceString)
DEFINE_FUNCTION_START(VOID,XLIB_NTAPI,RtlInitAnsiString,
__out PANSI_STRING DestinationString,
__in_opt PCSZ SourceString
)
DEFINE_FUNCTION_END(DestinationString,SourceString)
DEFINE_FUNCTION_START(NTSTATUS,XLIB_NTAPI,RtlUnicodeStringToAnsiString,
__inout PANSI_STRING DestinationString,
__in PCUNICODE_STRING SourceString,
__in BOOLEAN AllocateDestinationString
)
DEFINE_FUNCTION_END(DestinationString,SourceString,
AllocateDestinationString)
DEFINE_FUNCTION_START(NTSTATUS,XLIB_NTAPI,RtlAnsiStringToUnicodeString,
__inout PUNICODE_STRING DestinationString,
__in PCANSI_STRING SourceString,
__in BOOLEAN AllocateDestinationString
)
DEFINE_FUNCTION_END(DestinationString,SourceString,
AllocateDestinationString)
DEFINE_FUNCTION_START(VOID,XLIB_NTAPI,RtlFreeUnicodeString,
__inout PUNICODE_STRING UnicodeString
)
DEFINE_FUNCTION_END(UnicodeString)
//注意Ring3下不提供RtlFreeAnsiString
VOID XLIB_NTAPI RtlFreeAnsiString(
__inout PANSI_STRING AnsiString
)
{
RtlFreeUnicodeString((PUNICODE_STRING)AnsiString);
}
DEFINE_FUNCTION_START(NTSTATUS,XLIB_NTAPI,ZwQueryInformationProcess,
__in HANDLE ProcessHandle,
__in PROCESSINFOCLASS ProcessInformationClass,
__out_bcount_opt(ProcessInformationLength) PVOID ProcessInformation,
__in ULONG_PTR ProcessInformationLength,
__out_opt PULONG_PTR ReturnLength
)
DEFINE_FUNCTION_END(ProcessHandle,ProcessInformationClass,
ProcessInformation,ProcessInformationLength,
ReturnLength)
DEFINE_FUNCTION_START(NTSTATUS,XLIB_NTAPI,ZwQueryObject,
__in_opt HANDLE Handle,
__in OBJECT_INFORMATION_CLASS ObjectInformationClass,
_Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
__in ULONG_PTR ObjectInformationLength,
__out_opt PULONG_PTR ReturnLength
)
DEFINE_FUNCTION_END(Handle,ObjectInformationClass,ObjectInformation,
ObjectInformationLength,ReturnLength)
DEFINE_FUNCTION_START(NTSTATUS,XLIB_NTAPI,ZwDuplicateObject,
__in HANDLE hSourceProcessHandle,
__in HANDLE hSourceHandle,
__in HANDLE hTargetProcessHandle,
__out LPHANDLE lpTargetHandle,
__in DWORD dwDesiredAccess,
__in BOOL bInheritHandle,
__in DWORD dwOptions
)
DEFINE_FUNCTION_END(hSourceProcessHandle,hSourceHandle,
hTargetProcessHandle,lpTargetHandle,dwDesiredAccess,
bInheritHandle,dwOptions)
#endif //#ifdef FOR_RING0