BlackBone
Windows memory hacking library
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros
Imports.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "NativeEnums.h"
4 #include "NativeStructs.h"
5 
6 NTSYSAPI
7 NTSTATUS
8 NTAPI
9 ZwQuerySystemInformation(
10  IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
11  OUT PVOID SystemInformation,
12  IN ULONG SystemInformationLength,
13  OUT PULONG ReturnLength OPTIONAL
14  );
15 
16 NTSYSAPI
17 NTSTATUS
18 NTAPI
19 ZwSetSystemInformation(
20  IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
21  IN PVOID SystemInformation,
22  IN ULONG SystemInformationLength
23  );
24 
25 NTSYSAPI
26 NTSTATUS
27 NTAPI
28 ZwQueryInformationProcess(
29  IN HANDLE ProcessHandle,
30  IN PROCESSINFOCLASS ProcessInformationClass,
31  OUT PVOID ProcessInformation,
32  IN ULONG ProcessInformationLength,
33  IN PULONG ReturnLength
34  );
35 
36 NTSYSAPI
37 NTSTATUS
38 NTAPI
39 ZwQueryInformationThread(
40  IN HANDLE ThreadHandle,
41  IN THREADINFOCLASS ThreadInformationClass,
42  OUT PVOID ThreadInformation,
43  IN ULONG ThreadInformationLength,
44  OUT PULONG ReturnLength OPTIONAL
45  );
46 
47 NTSYSAPI
48 NTSTATUS
49 NTAPI
50 ZwQueryVirtualMemory(
51  IN HANDLE ProcessHandle,
52  IN PVOID BaseAddress,
53  IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
54  OUT PVOID Buffer,
55  IN ULONG Length,
56  OUT PULONG ResultLength
57  );
58 
59 NTSTATUS
60 NTAPI
61 ZwCreateThreadEx(
62  OUT PHANDLE hThread,
63  IN ACCESS_MASK DesiredAccess,
64  IN PVOID ObjectAttributes,
65  IN HANDLE ProcessHandle,
66  IN PVOID lpStartAddress,
67  IN PVOID lpParameter,
68  IN ULONG Flags,
69  IN SIZE_T StackZeroBits,
70  IN SIZE_T SizeOfStackCommit,
71  IN SIZE_T SizeOfStackReserve,
72  IN PNT_PROC_THREAD_ATTRIBUTE_LIST AttributeList
73  );
74 
75 NTKERNELAPI
76 NTSTATUS
77 NTAPI
78 MmCopyVirtualMemory(
79  IN PEPROCESS FromProcess,
80  IN PVOID FromAddress,
81  IN PEPROCESS ToProcess,
82  OUT PVOID ToAddress,
83  IN SIZE_T BufferSize,
84  IN KPROCESSOR_MODE PreviousMode,
85  OUT PSIZE_T NumberOfBytesCopied
86  );
87 
88 NTSYSAPI
89 PPEB
90 NTAPI
91 PsGetProcessPeb( IN PEPROCESS Process );
92 
93 NTSYSAPI
94 PVOID
95 NTAPI
96 PsGetProcessWow64Process( IN PEPROCESS Process );
97 
98 NTSYSAPI
99 PVOID
100 NTAPI
101 PsGetCurrentProcessWow64Process( );
102 
103 NTKERNELAPI
104 BOOLEAN
105 NTAPI
106 KeTestAlertThread( IN KPROCESSOR_MODE AlertMode );
107 
108 NTSYSAPI
109 BOOLEAN
110 NTAPI
111 PsIsProtectedProcess( IN PEPROCESS Process );
112 
113 
114 typedef VOID( NTAPI *PKNORMAL_ROUTINE )
115  (
116  PVOID NormalContext,
117  PVOID SystemArgument1,
118  PVOID SystemArgument2
119  );
120 
121 typedef VOID( NTAPI* PKKERNEL_ROUTINE)
122  (
123  PRKAPC Apc,
124  PKNORMAL_ROUTINE *NormalRoutine,
125  PVOID *NormalContext,
126  PVOID *SystemArgument1,
127  PVOID *SystemArgument2
128  );
129 
130 typedef VOID( NTAPI *PKRUNDOWN_ROUTINE )( PRKAPC Apc );
131 
132 NTKERNELAPI
133 VOID
134 NTAPI
135 KeInitializeApc(
136  IN PKAPC Apc,
137  IN PKTHREAD Thread,
138  IN KAPC_ENVIRONMENT ApcStateIndex,
139  IN PKKERNEL_ROUTINE KernelRoutine,
140  IN PKRUNDOWN_ROUTINE RundownRoutine,
141  IN PKNORMAL_ROUTINE NormalRoutine,
142  IN KPROCESSOR_MODE ApcMode,
143  IN PVOID NormalContext
144  );
145 
146 NTKERNELAPI
147 BOOLEAN
148 NTAPI
149 KeInsertQueueApc(
150  PKAPC Apc,
151  PVOID SystemArgument1,
152  PVOID SystemArgument2,
153  KPRIORITY Increment
154  );
155 
156 NTSYSAPI
157 PIMAGE_NT_HEADERS
158 NTAPI
159 RtlImageNtHeader( PVOID Base );
160 
161 NTSYSAPI
162 PVOID
163 NTAPI
164 RtlImageDirectoryEntryToData(
165  PVOID ImageBase,
166  BOOLEAN MappedAsImage,
167  USHORT DirectoryEntry,
168  PULONG Size
169  );
KeInsertQueueApc
NTKERNELAPI BOOLEAN NTAPI KeInsertQueueApc(PKAPC Apc, PVOID SystemArgument1, PVOID SystemArgument2, KPRIORITY Increment)
PsGetProcessWow64Process
NTSYSAPI PVOID NTAPI PsGetProcessWow64Process(IN PEPROCESS Process)
_NT_PROC_THREAD_ATTRIBUTE_LIST
Definition: NativeStructs.h:301
MmCopyVirtualMemory
NTKERNELAPI NTSTATUS NTAPI MmCopyVirtualMemory(IN PEPROCESS FromProcess, IN PVOID FromAddress, IN PEPROCESS ToProcess, OUT PVOID ToAddress, IN SIZE_T BufferSize, IN KPROCESSOR_MODE PreviousMode, OUT PSIZE_T NumberOfBytesCopied)
StackZeroBits
IN ACCESS_MASK IN PVOID IN HANDLE IN PVOID IN PVOID IN ULONG IN SIZE_T StackZeroBits
Definition: Private.h:115
NTSTATUS
typedef NTSTATUS(NTAPI *fnNtCreateThreadEx)(OUT PHANDLE hThread
lpParameter
IN ACCESS_MASK IN PVOID IN HANDLE IN PVOID IN PVOID lpParameter
Definition: Private.h:115
NativeEnums.h
PsGetCurrentProcessWow64Process
NTSYSAPI PVOID NTAPI PsGetCurrentProcessWow64Process()
ZwQueryInformationThread
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread(IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL)
RtlImageDirectoryEntryToData
NTSYSAPI PVOID NTAPI RtlImageDirectoryEntryToData(PVOID ImageBase, BOOLEAN MappedAsImage, USHORT DirectoryEntry, PULONG Size)
ZwQueryVirtualMemory
NTSYSAPI NTSTATUS NTAPI ZwQueryVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN MEMORY_INFORMATION_CLASS MemoryInformationClass, OUT PVOID Buffer, IN ULONG Length, OUT PULONG ResultLength)
NormalRoutine
PKNORMAL_ROUTINE * NormalRoutine
Definition: Imports.h:124
SystemArgument1
PVOID SystemArgument1
Definition: Imports.h:117
RtlImageNtHeader
NTSYSAPI PIMAGE_NT_HEADERS NTAPI RtlImageNtHeader(PVOID Base)
SizeOfStackReserve
IN ACCESS_MASK IN PVOID IN HANDLE IN PVOID IN PVOID IN ULONG IN SIZE_T IN SIZE_T IN SIZE_T SizeOfStackReserve
Definition: Private.h:115
ProcessHandle
IN ACCESS_MASK IN PVOID IN HANDLE ProcessHandle
Definition: Private.h:115
ZwCreateThreadEx
NTSTATUS NTAPI ZwCreateThreadEx(OUT PHANDLE hThread, IN ACCESS_MASK DesiredAccess, IN PVOID ObjectAttributes, IN HANDLE ProcessHandle, IN PVOID lpStartAddress, IN PVOID lpParameter, IN ULONG Flags, IN SIZE_T StackZeroBits, IN SIZE_T SizeOfStackCommit, IN SIZE_T SizeOfStackReserve, IN PNT_PROC_THREAD_ATTRIBUTE_LIST AttributeList)
Definition: Private.c:240
NativeStructs.h
_PEB
Definition: NativeStructs.h:387
lpStartAddress
IN ACCESS_MASK IN PVOID IN HANDLE IN PVOID lpStartAddress
Definition: Private.h:115
NormalContext
PKNORMAL_ROUTINE PVOID * NormalContext
Definition: Imports.h:124
PsIsProtectedProcess
NTSYSAPI BOOLEAN NTAPI PsIsProtectedProcess(IN PEPROCESS Process)
PsGetProcessPeb
NTSYSAPI PPEB NTAPI PsGetProcessPeb(IN PEPROCESS Process)
Flags
IN ACCESS_MASK IN PVOID IN HANDLE IN PVOID IN PVOID IN ULONG Flags
Definition: Private.h:115
ZwSetSystemInformation
NTSYSAPI NTSTATUS NTAPI ZwSetSystemInformation(IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN PVOID SystemInformation, IN ULONG SystemInformationLength)
VOID
typedef VOID(NTAPI *PKNORMAL_ROUTINE)(PVOID NormalContext
KeTestAlertThread
NTKERNELAPI BOOLEAN NTAPI KeTestAlertThread(IN KPROCESSOR_MODE AlertMode)
KeInitializeApc
NTKERNELAPI VOID NTAPI KeInitializeApc(IN PKAPC Apc, IN PKTHREAD Thread, IN KAPC_ENVIRONMENT ApcStateIndex, IN PKKERNEL_ROUTINE KernelRoutine, IN PKRUNDOWN_ROUTINE RundownRoutine, IN PKNORMAL_ROUTINE NormalRoutine, IN KPROCESSOR_MODE ApcMode, IN PVOID NormalContext)
ObjectAttributes
IN ACCESS_MASK IN PVOID ObjectAttributes
Definition: Private.h:115
ZwQuerySystemInformation
NTSYSAPI NTSTATUS NTAPI ZwQuerySystemInformation(IN SYSTEM_INFORMATION_CLASS SystemInformationClass, OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL)
KAPC_ENVIRONMENT
enum _KAPC_ENVIRONMENT KAPC_ENVIRONMENT
MEMORY_INFORMATION_CLASS
enum _MEMORY_INFORMATION_CLASS MEMORY_INFORMATION_CLASS
SYSTEM_INFORMATION_CLASS
enum _SYSTEM_INFORMATION_CLASS SYSTEM_INFORMATION_CLASS
SystemArgument2
PVOID PVOID SystemArgument2
Definition: Imports.h:117
ZwQueryInformationProcess
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess(IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, IN PULONG ReturnLength)
DesiredAccess
IN ACCESS_MASK DesiredAccess
Definition: Private.h:115
SizeOfStackCommit
IN ACCESS_MASK IN PVOID IN HANDLE IN PVOID IN PVOID IN ULONG IN SIZE_T IN SIZE_T SizeOfStackCommit
Definition: Private.h:115