#include "Private.h"
#include "VadRoutines.h"
#include "BlackBoneDef.h"

Data Structures
struct	_PROCESS_CONTEXT
	Process-specific data More...

struct	_PROCESS_MAP_ENTRY
	Target - host correspondence More...

struct	_MAP_ENTRY
	Mapped memory region info More...

Typedefs
typedef enum _ATTACHED_CONTEXT	ATTACHED_CONTEXT

typedef struct _PROCESS_CONTEXT	PROCESS_CONTEXT
	Process-specific data More...

typedef struct _PROCESS_CONTEXT *	PPROCESS_CONTEXT

typedef struct _PROCESS_MAP_ENTRY	PROCESS_MAP_ENTRY
	Target - host correspondence More...

typedef struct _PROCESS_MAP_ENTRY *	PPROCESS_MAP_ENTRY

typedef struct _MAP_ENTRY	MAP_ENTRY
	Mapped memory region info More...

typedef struct _MAP_ENTRY *	PMAP_ENTRY

Enumerations
enum	_ATTACHED_CONTEXT { ContextNone, ContextHost, ContextTarget }

Functions
NTSTATUS	BBMapMemory (IN PMAP_MEMORY pRemap, OUT PPROCESS_MAP_ENTRY *ppEntry)
	Map entire address space of target process into current More...

NTSTATUS	BBMapMemoryRegion (IN PMAP_MEMORY_REGION pRegion, OUT PMAP_MEMORY_REGION_RESULT pResult)
	Map specific memory region More...

NTSTATUS	BBUnmapMemory (IN PUNMAP_MEMORY pUnmap)
	Unmap any mapped memory from host and target processes More...

NTSTATUS	BBUnmapMemoryRegion (IN PUNMAP_MEMORY_REGION pRegion)
	Unmap specific memory region More...

NTSTATUS	BBGetRequiredRemapOutputSize (IN PLIST_ENTRY pList, OUT PULONG_PTR pSize)
	Calculate size required to store mapping info More...

PPROCESS_MAP_ENTRY	BBLookupProcessEntry (IN HANDLE pid, IN BOOLEAN asHost)
	Search process entry in list by PID More...

VOID	BBCleanupProcessEntry (IN PPROCESS_MAP_ENTRY pProcessEntry)
	Unmap all regions, delete MDLs, close handles, remove entry from table More...

VOID	BBCleanupProcessTable ()
	Clear global process map table More...

VOID	BBCleanupHostProcess (IN PPROCESS_MAP_ENTRY pProcessEntry)
	Unmap any mapped pages from host process More...

RTL_GENERIC_COMPARE_RESULTS	AvlCompare (IN RTL_AVL_TABLE *Table, IN PVOID FirstStruct, IN PVOID SecondStruct)

PVOID	AvlAllocate (IN RTL_AVL_TABLE *Table, IN CLONG ByteSize)

VOID	AvlFree (IN RTL_AVL_TABLE *Table, IN PVOID Buffer)

Variables
DYNAMIC_DATA	dynData

RTL_AVL_TABLE	g_ProcessPageTables

KGUARDED_MUTEX	g_globalLock

Typedef Documentation

typedef enum _ATTACHED_CONTEXT ATTACHED_CONTEXT

typedef struct _MAP_ENTRY MAP_ENTRY

Mapped memory region info

typedef struct _MAP_ENTRY * PMAP_ENTRY

typedef struct _PROCESS_CONTEXT * PPROCESS_CONTEXT

typedef struct _PROCESS_MAP_ENTRY * PPROCESS_MAP_ENTRY

typedef struct _PROCESS_CONTEXT PROCESS_CONTEXT

Process-specific data

typedef struct _PROCESS_MAP_ENTRY PROCESS_MAP_ENTRY

Target - host correspondence

Enumeration Type Documentation

enum _ATTACHED_CONTEXT

Enumerator
ContextNone
ContextHost
ContextTarget

Function Documentation

PVOID AvlAllocate	(	IN RTL_AVL_TABLE *	Table,
		IN CLONG	ByteSize
	)

RTL_GENERIC_COMPARE_RESULTS AvlCompare	(	IN RTL_AVL_TABLE *	Table,
		IN PVOID	FirstStruct,
		IN PVOID	SecondStruct
	)

VOID AvlFree	(	IN RTL_AVL_TABLE *	Table,
		IN PVOID	Buffer
	)

VOID BBCleanupHostProcess ( IN PPROCESS_MAP_ENTRY pProcessEntry )

Unmap any mapped pages from host process

Parameters

pProcessEntry Process entry

VOID BBCleanupProcessEntry ( IN PPROCESS_MAP_ENTRY pProcessEntry )

Unmap all regions, delete MDLs, close handles, remove entry from table

Parameters

pProcessEntry Process entry

VOID BBCleanupProcessTable ( )

Clear global process map table

NTSTATUS BBGetRequiredRemapOutputSize	(	IN PLIST_ENTRY	pList,
		OUT PULONG_PTR	pSize
	)

Calculate size required to store mapping info

Parameters

pList	Mapped regions list
pSize	Resulting size

Returns: Status code

PPROCESS_MAP_ENTRY BBLookupProcessEntry	(	IN HANDLE	pid,
		IN BOOLEAN	asHost
	)

Search process entry in list by PID

Parameters

pid	PID.
asHost	If set to TRUE, pid is treated as host PID

Returns: Found entry, NULL in not found

NTSTATUS BBMapMemory	(	IN PMAP_MEMORY	pRemap,
		OUT PPROCESS_MAP_ENTRY *	ppEntry
	)

Map entire address space of target process into current

Parameters

pRemap	Mapping params
ppEntry	Mapped context

Returns: Status code

Map entire address space of target process into current

Parameters

pRemap	Mapping params
ppEntry	Mapped context

Returns: Status code

NTSTATUS BBMapMemoryRegion	(	IN PMAP_MEMORY_REGION	pRegion,
		OUT PMAP_MEMORY_REGION_RESULT	pResult
	)

Map specific memory region

Parameters

pRegion	Region data
pResult	Mapping results

Returns: Status code

NTSTATUS BBUnmapMemory ( IN PUNMAP_MEMORY pUnmap )

Unmap any mapped memory from host and target processes

Parameters

pUnmap Request params

Returns: Status code

NTSTATUS BBUnmapMemoryRegion ( IN PUNMAP_MEMORY_REGION pRegion )

Unmap specific memory region

Parameters

pRegion Region info

Returns: Status ode

Variable Documentation

DYNAMIC_DATA dynData

KGUARDED_MUTEX g_globalLock

RTL_AVL_TABLE g_ProcessPageTables

Data Structures

Typedefs

Enumerations

Functions

Variables

Typedef Documentation

Enumeration Type Documentation

Function Documentation

Variable Documentation