BlackBone
Windows memory hacking library
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros
Remap.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "Private.h"
4 #include "VadRoutines.h"
5 #include "BlackBoneDef.h"
6 
7 typedef enum _ATTACHED_CONTEXT
8 {
9  ContextNone, // Running in system context
10  ContextHost, // Running in the context of host process
11  ContextTarget, // Running in the context of target process
12 } ATTACHED_CONTEXT;
13 
17 typedef struct _PROCESS_CONTEXT
18 {
19  HANDLE pid; // Process ID
20  PVOID sharedPage; // Address of kernel shared page
21 } PROCESS_CONTEXT, *PPROCESS_CONTEXT;
22 
23 
27 typedef struct _PROCESS_MAP_ENTRY
28 {
29  PROCESS_CONTEXT host; // Hosting process context
30  PROCESS_CONTEXT target; // Target process context
31 
32  PVOID pSharedPage; // Address of kernel-shared page allocated from non-paged pool
33  PMDL pMDLShared; // MDL of kernel-shared page
34 
35  HANDLE targetPipe; // Hook pipe handle in target process
36 
37  LIST_ENTRY pageList; // List of REMAP_ENTRY structures
38 } PROCESS_MAP_ENTRY, *PPROCESS_MAP_ENTRY;
39 
40 
44 typedef struct _MAP_ENTRY
45 {
46  LIST_ENTRY link; // Linked list link
47  ULONG_PTR originalPtr; // Original memory address in target process
48  ULONG_PTR newPtr; // Mapped memory address in host process
49  ULONG_PTR size; // Region size
50 
51  PMDL pMdl; // Region MDL entry
52  BOOLEAN locked; // MDL is locked
53  BOOLEAN shared; // Regions has shared pages
54  BOOLEAN readonly; // Region must be mapped as readonly
55 } MAP_ENTRY, *PMAP_ENTRY;
56 
57 extern DYNAMIC_DATA dynData;
58 extern RTL_AVL_TABLE g_ProcessPageTables;
59 extern KGUARDED_MUTEX g_globalLock;
60 
67 NTSTATUS BBMapMemory( IN PMAP_MEMORY pRemap, OUT PPROCESS_MAP_ENTRY* ppEntry );
68 
75 NTSTATUS BBMapMemoryRegion( IN PMAP_MEMORY_REGION pRegion, OUT PMAP_MEMORY_REGION_RESULT pResult );
76 
82 NTSTATUS BBUnmapMemory( IN PUNMAP_MEMORY pUnmap );
83 
89 NTSTATUS BBUnmapMemoryRegion( IN PUNMAP_MEMORY_REGION pRegion );
90 
97 NTSTATUS BBGetRequiredRemapOutputSize( IN PLIST_ENTRY pList, OUT PULONG_PTR pSize );
98 
105 PPROCESS_MAP_ENTRY BBLookupProcessEntry( IN HANDLE pid, IN BOOLEAN asHost );
106 
111 VOID BBCleanupProcessEntry( IN PPROCESS_MAP_ENTRY pProcessEntry );
112 
116 VOID BBCleanupProcessTable();
117 
122 VOID BBCleanupHostProcess( IN PPROCESS_MAP_ENTRY pProcessEntry );
123 
124 //
125 // AVL table routines
126 //
127 RTL_GENERIC_COMPARE_RESULTS AvlCompare( IN RTL_AVL_TABLE *Table, IN PVOID FirstStruct, IN PVOID SecondStruct );
128 PVOID AvlAllocate( IN RTL_AVL_TABLE *Table, IN CLONG ByteSize );
129 VOID AvlFree( IN RTL_AVL_TABLE *Table, IN PVOID Buffer );
AvlFree
VOID AvlFree(IN RTL_AVL_TABLE *Table, IN PVOID Buffer)
Definition: Remap.c:198
BBMapMemory
NTSTATUS BBMapMemory(IN PMAP_MEMORY pRemap, OUT PPROCESS_MAP_ENTRY *ppEntry)
Map entire address space of target process into current
Definition: Remap.c:689
_MAP_ENTRY::readonly
BOOLEAN readonly
Definition: Remap.h:54
MAP_ENTRY
struct _MAP_ENTRY MAP_ENTRY
Mapped memory region info
_DYNAMIC_DATA
OS-dependent stuff
Definition: Private.h:96
ATTACHED_CONTEXT
enum _ATTACHED_CONTEXT ATTACHED_CONTEXT
BlackBoneDef.h
_PROCESS_MAP_ENTRY::pSharedPage
PVOID pSharedPage
Definition: Remap.h:32
_PROCESS_CONTEXT::sharedPage
PVOID sharedPage
Definition: Remap.h:20
BBLookupProcessEntry
PPROCESS_MAP_ENTRY BBLookupProcessEntry(IN HANDLE pid, IN BOOLEAN asHost)
Search process entry in list by PID
Definition: Remap.c:1263
g_ProcessPageTables
RTL_AVL_TABLE g_ProcessPageTables
Definition: Remap.c:4
_PROCESS_MAP_ENTRY::pageList
LIST_ENTRY pageList
Definition: Remap.h:37
ContextTarget
Definition: Remap.h:11
PROCESS_CONTEXT
struct _PROCESS_CONTEXT PROCESS_CONTEXT
Process-specific data
_MAP_MEMORY_REGION
Input for IOCTL_BLACKBONE_REMAP_REGION
Definition: BlackBoneDef.h:344
_PROCESS_MAP_ENTRY
Target - host correspondence
Definition: Remap.h:27
NTSTATUS
typedef NTSTATUS(NTAPI *fnNtCreateThreadEx)(OUT PHANDLE hThread
_MAP_ENTRY::newPtr
ULONG_PTR newPtr
Definition: Remap.h:48
g_globalLock
KGUARDED_MUTEX g_globalLock
Definition: Remap.c:5
PMAP_ENTRY
struct _MAP_ENTRY * PMAP_ENTRY
BBCleanupProcessEntry
VOID BBCleanupProcessEntry(IN PPROCESS_MAP_ENTRY pProcessEntry)
Unmap all regions, delete MDLs, close handles, remove entry from table
Definition: Remap.c:1135
_PROCESS_MAP_ENTRY::target
PROCESS_CONTEXT target
Definition: Remap.h:30
_UNMAP_MEMORY
Input for IOCTL_BLACKBONE_UNMAP_MEMORY
Definition: BlackBoneDef.h:366
_PROCESS_MAP_ENTRY::targetPipe
HANDLE targetPipe
Definition: Remap.h:35
PPROCESS_MAP_ENTRY
struct _PROCESS_MAP_ENTRY * PPROCESS_MAP_ENTRY
_MAP_ENTRY::size
ULONG_PTR size
Definition: Remap.h:49
_PROCESS_MAP_ENTRY::pMDLShared
PMDL pMDLShared
Definition: Remap.h:33
BBCleanupHostProcess
VOID BBCleanupHostProcess(IN PPROCESS_MAP_ENTRY pProcessEntry)
Unmap any mapped pages from host process
Definition: Remap.c:1209
ContextNone
Definition: Remap.h:9
_MAP_MEMORY_REGION_RESULT
Output for IOCTL_BLACKBONE_REMAP_REGION
Definition: BlackBoneDef.h:354
_MAP_ENTRY
Mapped memory region info
Definition: Remap.h:44
_MAP_ENTRY::locked
BOOLEAN locked
Definition: Remap.h:52
PPROCESS_CONTEXT
struct _PROCESS_CONTEXT * PPROCESS_CONTEXT
BBUnmapMemoryRegion
NTSTATUS BBUnmapMemoryRegion(IN PUNMAP_MEMORY_REGION pRegion)
Unmap specific memory region
Definition: Remap.c:996
BBCleanupProcessTable
VOID BBCleanupProcessTable()
Clear global process map table
Definition: Remap.c:1246
AvlAllocate
PVOID AvlAllocate(IN RTL_AVL_TABLE *Table, IN CLONG ByteSize)
Definition: Remap.c:190
_PROCESS_MAP_ENTRY::host
PROCESS_CONTEXT host
Definition: Remap.h:29
_MAP_MEMORY
Input for IOCTL_BLACKBONE_REMAP_MEMORY
Definition: BlackBoneDef.h:309
Private.h
BBGetRequiredRemapOutputSize
NTSTATUS BBGetRequiredRemapOutputSize(IN PLIST_ENTRY pList, OUT PULONG_PTR pSize)
Calculate size required to store mapping info
Definition: Remap.c:1306
BBMapMemoryRegion
NTSTATUS BBMapMemoryRegion(IN PMAP_MEMORY_REGION pRegion, OUT PMAP_MEMORY_REGION_RESULT pResult)
Map specific memory region
Definition: Remap.c:814
_MAP_ENTRY::originalPtr
ULONG_PTR originalPtr
Definition: Remap.h:47
_PROCESS_CONTEXT
Process-specific data
Definition: Remap.h:17
ContextHost
Definition: Remap.h:10
dynData
DYNAMIC_DATA dynData
Definition: BlackBoneDrv.c:7
AvlCompare
RTL_GENERIC_COMPARE_RESULTS AvlCompare(IN RTL_AVL_TABLE *Table, IN PVOID FirstStruct, IN PVOID SecondStruct)
Definition: Remap.c:158
VOID
typedef VOID(NTAPI *PKNORMAL_ROUTINE)(PVOID NormalContext
_MAP_ENTRY::link
LIST_ENTRY link
Definition: Remap.h:46
_UNMAP_MEMORY_REGION
Input for IOCTL_BLACKBONE_UNMAP_REGION
Definition: BlackBoneDef.h:374
_PROCESS_CONTEXT::pid
HANDLE pid
Definition: Remap.h:19
VadRoutines.h
_MAP_ENTRY::shared
BOOLEAN shared
Definition: Remap.h:53
PROCESS_MAP_ENTRY
struct _PROCESS_MAP_ENTRY PROCESS_MAP_ENTRY
Target - host correspondence
_ATTACHED_CONTEXT
_ATTACHED_CONTEXT
Definition: Remap.h:7
_MAP_ENTRY::pMdl
PMDL pMdl
Definition: Remap.h:51
BBUnmapMemory
NTSTATUS BBUnmapMemory(IN PUNMAP_MEMORY pUnmap)
Unmap any mapped memory from host and target processes
Definition: Remap.c:967