BlackBone
Windows memory hacking library
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros
BlackBoneDef.h
Go to the documentation of this file.
1 #pragma once
2 
3 #define BLACKBONE_DEVICE_NAME L"BlackBone"
4 #define BLACKBONE_DEVICE_FILE L"\\\\.\\" ## BLACKBONE_DEVICE_NAME
5 
6 #define FILE_DEVICE_BLACKBONE 0x00008005
7 
8 /*
9  Disable process DEP
10 
11  Input:
12  DISABLE_DEP
13 
14  Input size:
15  sizeof(DISABLE_DEP)
16 
17  Output:
18  void
19 
20  Output size:
21  0
22 */
23 #define IOCTL_BLACKBONE_DISABLE_DEP (ULONG)CTL_CODE(FILE_DEVICE_BLACKBONE, 0x800, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
24 
25 /*
26  Change process protection state
27 
28  Input:
29  SET_PROC_PROTECTION
30 
31  Input size:
32  sizeof(SET_PROC_PROTECTION)
33 
34  Output:
35  void
36 
37  Output size:
38  0
39 */
40 #define IOCTL_BLACKBONE_SET_PROTECTION (ULONG)CTL_CODE(FILE_DEVICE_BLACKBONE, 0x801, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
41 
42 /*
43  Change handle access rights
44 
45  Input:
46  GRANT_ACCESS
47 
48  Input size:
49  sizeof(GRANT_ACCESS)
50 
51  Output:
52  void
53 
54  Output size:
55  0
56 */
57 #define IOCTL_BLACKBONE_GRANT_ACCESS (ULONG)CTL_CODE(FILE_DEVICE_BLACKBONE, 0x802, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
58 
59 /*
60  Read or write virtual memory of target process
61 
62  Input:
63  COPY_MEMORY
64 
65  Input size:
66  sizeof(COPY_MEMORY)
67 
68  Output:
69  void
70 
71  Output size:
72  0
73 */
74 #define IOCTL_BLACKBONE_COPY_MEMORY (ULONG)CTL_CODE(FILE_DEVICE_BLACKBONE, 0x803, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
75 
76 /*
77  Allocate or free memory
78 
79  Input:
80  ALLOCATE_FREE_MEMORY
81 
82  Input size:
83  sizeof(ALLOCATE_FREE_MEMORY)
84 
85  Output:
86  ALLOCATE_FREE_MEMORY_RESULT
87 
88  Output size:
89  sizeof(ALLOCATE_FREE_MEMORY_RESULT)
90 */
91 #define IOCTL_BLACKBONE_ALLOCATE_FREE_MEMORY (ULONG)CTL_CODE(FILE_DEVICE_BLACKBONE, 0x804, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
92 
93 /*
94  Change protection of memory region
95 
96  Input:
97  PROTECT_MEMORY
98 
99  Input size:
100  sizeof(PROTECT_MEMORY)
101 
102  Output:
103  void
104 
105  Output size:
106  0
107 */
108 #define IOCTL_BLACKBONE_PROTECT_MEMORY (ULONG)CTL_CODE(FILE_DEVICE_BLACKBONE, 0x805, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
109 
110 /*
111  Map entire address space of target process into calling process
112 
113  Input:
114  MAP_MEMORY
115 
116  Input size:
117  sizeof(MAP_MEMORY)
118 
119  Output:
120  ULONG sizeRequired - if output buffer isn't large enough to hold output data
121  MAP_MEMORY_REGION_RESULT result - if buffer is large enough to hold output data
122 
123  Output size:
124  sizeof(ULONG) - if output buffer isn't large enough to hold output data
125  >= sizeof(MAP_MEMORY_REGION_RESULT) - if buffer is large enough to hold output data
126 */
127 #define IOCTL_BLACKBONE_MAP_MEMORY (ULONG)CTL_CODE(FILE_DEVICE_BLACKBONE, 0x806, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
128 
129 /*
130  Map single memory region into calling process
131 
132  Input:
133  MAP_MEMORY_REGION
134 
135  Input size:
136  sizeof(MAP_MEMORY_REGION)
137 
138  Output:
139  MAP_MEMORY_REGION_RESULT
140 
141  Output size:
142  sizeof(MAP_MEMORY_REGION_RESULT)
143 */
144 #define IOCTL_BLACKBONE_MAP_REGION (ULONG)CTL_CODE(FILE_DEVICE_BLACKBONE, 0x807, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
145 
146 /*
147  Unmap all mapped memory from calling process
148 
149  Input:
150  UNMAP_MEMORY
151 
152  Input size:
153  sizeof(UNMAP_MEMORY)
154 
155  Output:
156  void
157 
158  Output size:
159  0
160 */
161 #define IOCTL_BLACKBONE_UNMAP_MEMORY (ULONG)CTL_CODE(FILE_DEVICE_BLACKBONE, 0x808, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
162 
163 /*
164  Unmap single memory region from calling process
165 
166  Input:
167  UNMAP_MEMORY_REGION
168 
169  Input size:
170  sizeof(UNMAP_MEMORY_REGION)
171 
172  Output:
173  UNMAP_MEMORY_REGION_RESULT
174 
175  Output size:
176  sizeof(UNMAP_MEMORY_REGION_RESULT)
177 */
178 #define IOCTL_BLACKBONE_UNMAP_REGION (ULONG)CTL_CODE(FILE_DEVICE_BLACKBONE, 0x809, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
179 
180 /*
181  Unlink target VAD from process VAD tree
182 
183  Input:
184  HIDE_VAD
185 
186  Input size:
187  sizeof(HIDE_VAD)
188 
189  Output:
190  NULL
191 
192  Output size:
193  0
194 */
195 #define IOCTL_BLACKBONE_HIDE_VAD (ULONG)CTL_CODE(FILE_DEVICE_BLACKBONE, 0x80A, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
196 
197 /*
198  Inject dll into arbitrary process
199 
200  Input:
201  INJECT_DLL
202 
203  Input size:
204  sizeof(INJECT_DLL)
205 
206  Output:
207  NULL
208 
209  Output size:
210  0
211 */
212 #define IOCTL_BLACKBONE_INJECT_DLL (ULONG)CTL_CODE(FILE_DEVICE_BLACKBONE, 0x80B, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
213 
214 
215 /*
216  Manually map system driver
217 
218  Input:
219  MMAP_DRIVER
220 
221  Input size:
222  sizeof(MMAP_DRIVER)
223 
224  Output:
225  NULL
226 
227  Output size:
228  0
229 */
230 #define IOCTL_BLACKBONE_MAP_DRIVER (ULONG)CTL_CODE(FILE_DEVICE_BLACKBONE, 0x80C, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
231 
232 
236 typedef struct _DISABLE_DEP
237 {
238  ULONG pid; // Process ID
239 } DISABLE_DEP, *PDISABLE_DEP;
240 
244 typedef struct _SET_PROC_PROTECTION
245 {
246  ULONG pid; // Process ID
247  BOOLEAN enableState; // TRUE to enable, FALSE to disable
248 } SET_PROC_PROTECTION, *PSET_PROC_PROTECTION;
249 
253 typedef struct _HANDLE_GRANT_ACCESS
254 {
255  ULONGLONG handle; // Handle to modify
256  ULONG pid; // Process ID
257  ULONG access; // Access flags to grant
258 } HANDLE_GRANT_ACCESS, *PHANDLE_GRANT_ACCESS;
259 
263 typedef struct _COPY_MEMORY
264 {
265  ULONGLONG localbuf; // Buffer address
266  ULONGLONG targetPtr; // Target address
267  ULONGLONG size; // Buffer size
268  ULONG pid; // Target process id
269  BOOLEAN write; // TRUE if write operation, FALSE if read
270 } COPY_MEMORY, *PCOPY_MEMORY;
271 
275 typedef struct _ALLOCATE_FREE_MEMORY
276 {
277  ULONGLONG base; // Region base address
278  ULONGLONG size; // Region size
279  ULONG pid; // Target process id
280  ULONG protection; // Memory protection for allocation
281  ULONG type; // MEM_RESERVE/MEM_COMMIT/MEM_DECOMMIT/MEM_RELEASE
282  BOOLEAN allocate; // TRUE if allocation, FALSE is freeing
283  BOOLEAN physical; // If set to TRUE, physical pages will be directly mapped into UM space
284 } ALLOCATE_FREE_MEMORY, *PALLOCATE_FREE_MEMORY;
285 
289 typedef struct _ALLOCATE_FREE_MEMORY_RESULT
290 {
291  ULONGLONG address; // Address of allocation
292  ULONGLONG size; // Allocated size
293 } ALLOCATE_FREE_MEMORY_RESULT, *PALLOCATE_FREE_MEMORY_RESULT;
294 
298 typedef struct _PROTECT_MEMORY
299 {
300  ULONGLONG base; // Region base address
301  ULONGLONG size; // Region size
302  ULONG pid; // Target process id
303  ULONG newProtection; // New protection value
304 } PROTECT_MEMORY, *PPROTECT_MEMORY;
305 
309 typedef struct _MAP_MEMORY
310 {
311  ULONG pid; // Target process id
312  wchar_t pipeName[32]; // Hook pipe name
313  BOOLEAN mapSections; // Set to TRUE to map sections
314 } MAP_MEMORY, *PMAP_MEMORY;
315 
319 typedef struct _MAP_MEMORY_RESULT_ENTRY
320 {
321  ULONGLONG originalPtr; // Address in target process
322  ULONGLONG newPtr; // Mapped address in host process
323  ULONG size; // Region size
324 } MAP_MEMORY_RESULT_ENTRY, *PMAP_MEMORY_RESULT_ENTRY;
325 
329 typedef struct _MAP_MEMORY_RESULT
330 {
331  ULONGLONG pipeHandle; // Pipe handle in target process
332  ULONGLONG targetPage; // Address of shared page in target process
333  ULONGLONG hostPage; // Address of shared page in host process
334 
335  ULONG count; // Number of REMAP_MEMORY_RESULT_ENTRY entries
336 
337  // List of remapped regions (variable-sized array)
338  MAP_MEMORY_RESULT_ENTRY entries[1];
339 } MAP_MEMORY_RESULT, *PMAP_MEMORY_RESULT;
340 
344 typedef struct _MAP_MEMORY_REGION
345 {
346  ULONGLONG base; // Region base address
347  ULONG pid; // Target process id
348  ULONG size; // Region size
349 } MAP_MEMORY_REGION, *PMAP_MEMORY_REGION;
350 
354 typedef struct _MAP_MEMORY_REGION_RESULT
355 {
356  ULONGLONG originalPtr; // Address in target process
357  ULONGLONG newPtr; // Mapped address in host process
358  ULONGLONG removedPtr; // Unmapped region base, in case of conflicting region
359  ULONG size; // Mapped region size
360  ULONG removedSize; // Unmapped region size
361 } MAP_MEMORY_REGION_RESULT, *PMAP_MEMORY_REGION_RESULT;
362 
366 typedef struct _UNMAP_MEMORY
367 {
368  ULONG pid; // Target process ID
369 } UNMAP_MEMORY, *PUNMAP_MEMORY;
370 
374 typedef struct _UNMAP_MEMORY_REGION
375 {
376  ULONGLONG base; // Region base address
377  ULONG pid; // Target process ID
378  ULONG size; // Region size
379 } UNMAP_MEMORY_REGION, *PUNMAP_MEMORY_REGION;
380 
381 
385 typedef struct _HIDE_VAD
386 {
387  ULONGLONG base; // Region base address
388  ULONGLONG size; // Region size
389  ULONG pid; // Target process ID
390 } HIDE_VAD, *PHIDE_VAD;
391 
392 typedef enum _InjectType
393 {
394  IT_Thread, // CreateThread into LdrLoadDll
395  IT_Apc, // Force user APC into LdrLoadDll
396 } InjectType;
397 
401 typedef struct _INJECT_DLL
402 {
403  wchar_t FullDllPath[512]; // Fully-qualified path to the target dll
404  wchar_t initArg[512]; // Init routine argument
405  ULONG initRVA; // Init routine RVA, if 0 - no init routine
406  ULONG pid; // Target process ID
407  BOOLEAN wait; // Wait on injection thread
408  InjectType type; // Type of injection
409 } INJECT_DLL, *PINJECT_DLL;
410 
414 typedef struct _MMAP_DRIVER
415 {
416  wchar_t FullPath[512]; // Fully-qualified path to the driver
417 } MMAP_DRIVER, *PMMAP_DRIVER;
_MAP_MEMORY_RESULT::pipeHandle
ULONGLONG pipeHandle
Definition: BlackBoneDef.h:331
_MAP_MEMORY_RESULT_ENTRY::newPtr
ULONGLONG newPtr
Definition: BlackBoneDef.h:322
_MAP_MEMORY_RESULT::hostPage
ULONGLONG hostPage
Definition: BlackBoneDef.h:333
_INJECT_DLL::initRVA
ULONG initRVA
Definition: BlackBoneDef.h:405
PINJECT_DLL
struct _INJECT_DLL * PINJECT_DLL
_UNMAP_MEMORY::pid
ULONG pid
Definition: BlackBoneDef.h:368
PHIDE_VAD
struct _HIDE_VAD * PHIDE_VAD
HIDE_VAD
struct _HIDE_VAD HIDE_VAD
Input for IOCTL_BLACKBONE_HIDE_VAD
_MAP_MEMORY_REGION_RESULT::newPtr
ULONGLONG newPtr
Definition: BlackBoneDef.h:357
PMAP_MEMORY
struct _MAP_MEMORY * PMAP_MEMORY
MAP_MEMORY_RESULT
struct _MAP_MEMORY_RESULT MAP_MEMORY_RESULT
Output for IOCTL_BLACKBONE_REMAP_REGION
_MAP_MEMORY_REGION_RESULT::originalPtr
ULONGLONG originalPtr
Definition: BlackBoneDef.h:356
_HIDE_VAD
Input for IOCTL_BLACKBONE_HIDE_VAD
Definition: BlackBoneDef.h:385
_COPY_MEMORY::localbuf
ULONGLONG localbuf
Definition: BlackBoneDef.h:265
_INJECT_DLL::initArg
wchar_t initArg[512]
Definition: BlackBoneDef.h:404
_ALLOCATE_FREE_MEMORY_RESULT::size
ULONGLONG size
Definition: BlackBoneDef.h:292
_MAP_MEMORY_REGION_RESULT::removedSize
ULONG removedSize
Definition: BlackBoneDef.h:360
IT_Apc
Definition: BlackBoneDef.h:395
_INJECT_DLL::pid
ULONG pid
Definition: BlackBoneDef.h:406
PPROTECT_MEMORY
struct _PROTECT_MEMORY * PPROTECT_MEMORY
_MAP_MEMORY_REGION
Input for IOCTL_BLACKBONE_REMAP_REGION
Definition: BlackBoneDef.h:344
_MAP_MEMORY_RESULT::targetPage
ULONGLONG targetPage
Definition: BlackBoneDef.h:332
COPY_MEMORY
struct _COPY_MEMORY COPY_MEMORY
Input for IOCTL_BLACKBONE_COPY_MEMORY
PALLOCATE_FREE_MEMORY_RESULT
struct _ALLOCATE_FREE_MEMORY_RESULT * PALLOCATE_FREE_MEMORY_RESULT
_MAP_MEMORY_RESULT_ENTRY::size
ULONG size
Definition: BlackBoneDef.h:323
_MAP_MEMORY::mapSections
BOOLEAN mapSections
Definition: BlackBoneDef.h:313
INJECT_DLL
struct _INJECT_DLL INJECT_DLL
Input for IOCTL_BLACKBONE_INJECT_DLL
_ALLOCATE_FREE_MEMORY_RESULT::address
ULONGLONG address
Definition: BlackBoneDef.h:291
PMMAP_DRIVER
struct _MMAP_DRIVER * PMMAP_DRIVER
PMAP_MEMORY_RESULT
struct _MAP_MEMORY_RESULT * PMAP_MEMORY_RESULT
_MAP_MEMORY_RESULT::count
ULONG count
Definition: BlackBoneDef.h:335
_UNMAP_MEMORY_REGION::pid
ULONG pid
Definition: BlackBoneDef.h:377
MAP_MEMORY_REGION_RESULT
struct _MAP_MEMORY_REGION_RESULT MAP_MEMORY_REGION_RESULT
Output for IOCTL_BLACKBONE_REMAP_REGION
_InjectType
_InjectType
Definition: BlackBoneDef.h:392
PHANDLE_GRANT_ACCESS
struct _HANDLE_GRANT_ACCESS * PHANDLE_GRANT_ACCESS
PUNMAP_MEMORY
struct _UNMAP_MEMORY * PUNMAP_MEMORY
_UNMAP_MEMORY_REGION::size
ULONG size
Definition: BlackBoneDef.h:378
_COPY_MEMORY
Input for IOCTL_BLACKBONE_COPY_MEMORY
Definition: BlackBoneDef.h:263
_HANDLE_GRANT_ACCESS::access
ULONG access
Definition: BlackBoneDef.h:257
_HANDLE_GRANT_ACCESS
Input for IOCTL_BLACKBONE_GRANT_ACCESS
Definition: BlackBoneDef.h:253
_COPY_MEMORY::pid
ULONG pid
Definition: BlackBoneDef.h:268
_UNMAP_MEMORY
Input for IOCTL_BLACKBONE_UNMAP_MEMORY
Definition: BlackBoneDef.h:366
_MMAP_DRIVER::FullPath
wchar_t FullPath[512]
Definition: BlackBoneDef.h:416
_ALLOCATE_FREE_MEMORY::allocate
BOOLEAN allocate
Definition: BlackBoneDef.h:282
ALLOCATE_FREE_MEMORY_RESULT
struct _ALLOCATE_FREE_MEMORY_RESULT ALLOCATE_FREE_MEMORY_RESULT
Output for IOCTL_BLACKBONE_ALLOCATE_FREE_MEMORY
_COPY_MEMORY::size
ULONGLONG size
Definition: BlackBoneDef.h:267
_COPY_MEMORY::write
BOOLEAN write
Definition: BlackBoneDef.h:269
_PROTECT_MEMORY
Input for IOCTL_BLACKBONE_PROTECT_MEMORY
Definition: BlackBoneDef.h:298
_MAP_MEMORY_REGION::size
ULONG size
Definition: BlackBoneDef.h:348
_ALLOCATE_FREE_MEMORY_RESULT
Output for IOCTL_BLACKBONE_ALLOCATE_FREE_MEMORY
Definition: BlackBoneDef.h:289
HANDLE_GRANT_ACCESS
struct _HANDLE_GRANT_ACCESS HANDLE_GRANT_ACCESS
Input for IOCTL_BLACKBONE_GRANT_ACCESS
IT_Thread
Definition: BlackBoneDef.h:394
UNMAP_MEMORY
struct _UNMAP_MEMORY UNMAP_MEMORY
Input for IOCTL_BLACKBONE_UNMAP_MEMORY
_MAP_MEMORY_REGION_RESULT::size
ULONG size
Definition: BlackBoneDef.h:359
_MAP_MEMORY_REGION::pid
ULONG pid
Definition: BlackBoneDef.h:347
_MAP_MEMORY::pipeName
wchar_t pipeName[32]
Definition: BlackBoneDef.h:312
_MAP_MEMORY_REGION_RESULT::removedPtr
ULONGLONG removedPtr
Definition: BlackBoneDef.h:358
_PROTECT_MEMORY::base
ULONGLONG base
Definition: BlackBoneDef.h:300
_INJECT_DLL::wait
BOOLEAN wait
Definition: BlackBoneDef.h:407
_PROTECT_MEMORY::size
ULONGLONG size
Definition: BlackBoneDef.h:301
_MAP_MEMORY_REGION_RESULT
Output for IOCTL_BLACKBONE_REMAP_REGION
Definition: BlackBoneDef.h:354
_INJECT_DLL::FullDllPath
wchar_t FullDllPath[512]
Definition: BlackBoneDef.h:403
PROTECT_MEMORY
struct _PROTECT_MEMORY PROTECT_MEMORY
Input for IOCTL_BLACKBONE_PROTECT_MEMORY
PMAP_MEMORY_RESULT_ENTRY
struct _MAP_MEMORY_RESULT_ENTRY * PMAP_MEMORY_RESULT_ENTRY
_ALLOCATE_FREE_MEMORY::size
ULONGLONG size
Definition: BlackBoneDef.h:278
_MAP_MEMORY_RESULT_ENTRY::originalPtr
ULONGLONG originalPtr
Definition: BlackBoneDef.h:321
_PROTECT_MEMORY::newProtection
ULONG newProtection
Definition: BlackBoneDef.h:303
_ALLOCATE_FREE_MEMORY::physical
BOOLEAN physical
Definition: BlackBoneDef.h:283
_MAP_MEMORY
Input for IOCTL_BLACKBONE_REMAP_MEMORY
Definition: BlackBoneDef.h:309
_COPY_MEMORY::targetPtr
ULONGLONG targetPtr
Definition: BlackBoneDef.h:266
_MAP_MEMORY_RESULT::entries
MAP_MEMORY_RESULT_ENTRY entries[1]
Definition: BlackBoneDef.h:338
_PROTECT_MEMORY::pid
ULONG pid
Definition: BlackBoneDef.h:302
PCOPY_MEMORY
struct _COPY_MEMORY * PCOPY_MEMORY
_HIDE_VAD::size
ULONGLONG size
Definition: BlackBoneDef.h:388
_UNMAP_MEMORY_REGION::base
ULONGLONG base
Definition: BlackBoneDef.h:376
_ALLOCATE_FREE_MEMORY
Input for IOCTL_BLACKBONE_ALLOCATE_FREE_MEMORY
Definition: BlackBoneDef.h:275
UNMAP_MEMORY_REGION
struct _UNMAP_MEMORY_REGION UNMAP_MEMORY_REGION
Input for IOCTL_BLACKBONE_UNMAP_REGION
_HANDLE_GRANT_ACCESS::handle
ULONGLONG handle
Definition: BlackBoneDef.h:255
PDISABLE_DEP
struct _DISABLE_DEP * PDISABLE_DEP
_DISABLE_DEP
Input for IOCTL_BLACKBONE_DISABLE_DEP
Definition: BlackBoneDef.h:236
PMAP_MEMORY_REGION_RESULT
struct _MAP_MEMORY_REGION_RESULT * PMAP_MEMORY_REGION_RESULT
MAP_MEMORY
struct _MAP_MEMORY MAP_MEMORY
Input for IOCTL_BLACKBONE_REMAP_MEMORY
_MAP_MEMORY_RESULT
Output for IOCTL_BLACKBONE_REMAP_REGION
Definition: BlackBoneDef.h:329
_HIDE_VAD::base
ULONGLONG base
Definition: BlackBoneDef.h:387
_SET_PROC_PROTECTION::pid
ULONG pid
Definition: BlackBoneDef.h:246
PUNMAP_MEMORY_REGION
struct _UNMAP_MEMORY_REGION * PUNMAP_MEMORY_REGION
ALLOCATE_FREE_MEMORY
struct _ALLOCATE_FREE_MEMORY ALLOCATE_FREE_MEMORY
Input for IOCTL_BLACKBONE_ALLOCATE_FREE_MEMORY
_SET_PROC_PROTECTION
Input for IOCTL_BLACKBONE_SET_PROTECTION
Definition: BlackBoneDef.h:244
_UNMAP_MEMORY_REGION
Input for IOCTL_BLACKBONE_UNMAP_REGION
Definition: BlackBoneDef.h:374
_MAP_MEMORY_REGION::base
ULONGLONG base
Definition: BlackBoneDef.h:346
_MAP_MEMORY::pid
ULONG pid
Definition: BlackBoneDef.h:311
PSET_PROC_PROTECTION
struct _SET_PROC_PROTECTION * PSET_PROC_PROTECTION
_HANDLE_GRANT_ACCESS::pid
ULONG pid
Definition: BlackBoneDef.h:256
_ALLOCATE_FREE_MEMORY::protection
ULONG protection
Definition: BlackBoneDef.h:280
_INJECT_DLL::type
InjectType type
Definition: BlackBoneDef.h:408
_ALLOCATE_FREE_MEMORY::pid
ULONG pid
Definition: BlackBoneDef.h:279
SET_PROC_PROTECTION
struct _SET_PROC_PROTECTION SET_PROC_PROTECTION
Input for IOCTL_BLACKBONE_SET_PROTECTION
_HIDE_VAD::pid
ULONG pid
Definition: BlackBoneDef.h:389
_DISABLE_DEP::pid
ULONG pid
Definition: BlackBoneDef.h:238
_MMAP_DRIVER
Input for IOCTL_BLACKBONE_MAP_DRIVER
Definition: BlackBoneDef.h:414
PALLOCATE_FREE_MEMORY
struct _ALLOCATE_FREE_MEMORY * PALLOCATE_FREE_MEMORY
MMAP_DRIVER
struct _MMAP_DRIVER MMAP_DRIVER
Input for IOCTL_BLACKBONE_MAP_DRIVER
MAP_MEMORY_REGION
struct _MAP_MEMORY_REGION MAP_MEMORY_REGION
Input for IOCTL_BLACKBONE_REMAP_REGION
_INJECT_DLL
Input for IOCTL_BLACKBONE_INJECT_DLL
Definition: BlackBoneDef.h:401
_SET_PROC_PROTECTION::enableState
BOOLEAN enableState
Definition: BlackBoneDef.h:247
MAP_MEMORY_RESULT_ENTRY
struct _MAP_MEMORY_RESULT_ENTRY MAP_MEMORY_RESULT_ENTRY
Remapped region info
PMAP_MEMORY_REGION
struct _MAP_MEMORY_REGION * PMAP_MEMORY_REGION
DISABLE_DEP
struct _DISABLE_DEP DISABLE_DEP
Input for IOCTL_BLACKBONE_DISABLE_DEP
InjectType
enum _InjectType InjectType
_ALLOCATE_FREE_MEMORY::base
ULONGLONG base
Definition: BlackBoneDef.h:277
_MAP_MEMORY_RESULT_ENTRY
Remapped region info
Definition: BlackBoneDef.h:319
_ALLOCATE_FREE_MEMORY::type
ULONG type
Definition: BlackBoneDef.h:281