|
BlackBone
Windows memory hacking library
|
|
BlackBone
Windows memory hacking library
|
Functions | |
| NTSTATUS | BBAllocateFreePhysical (IN PEPROCESS pProcess, IN PALLOCATE_FREE_MEMORY pAllocFree, OUT PALLOCATE_FREE_MEMORY_RESULT pResult) |
| Allocate kernel memory and map into User space. Or free previously allocated memory More... | |
| PMEM_PHYS_ENTRY | BBLookupPhysMemEntry (IN PLIST_ENTRY pList, IN PVOID pBase) |
| Find allocated memory region entry More... | |
| NTSTATUS | BBDisableDEP (IN PDISABLE_DEP pData) |
| Disable process DEP Has no effect on native x64 process More... | |
| NTSTATUS | BBSetProtection (IN PSET_PROC_PROTECTION pProtection) |
| Enable/disable process protection flag More... | |
| NTSTATUS | BBGrantAccess (IN PHANDLE_GRANT_ACCESS pAccess) |
| Change handle granted access More... | |
| NTSTATUS | BBCopyMemory (IN PCOPY_MEMORY pCopy) |
| Read/write process memory More... | |
| NTSTATUS | BBAllocateFreeMemory (IN PALLOCATE_FREE_MEMORY pAllocFree, OUT PALLOCATE_FREE_MEMORY_RESULT pResult) |
| Allocate/Free process memory More... | |
| NTSTATUS | BBProtectMemory (IN PPROTECT_MEMORY pProtect) |
| Change process memory protection More... | |
| NTSTATUS | BBHideVAD (IN PHIDE_VAD pData) |
| Hide VAD containing target address More... | |
| PMEM_PHYS_PROCESS_ENTRY | BBLookupPhysProcessEntry (IN HANDLE pid) |
| Find memory allocation process entry More... | |
| void | BBCleanupPhysMemEntry (IN PMEM_PHYS_ENTRY pEntry, BOOLEAN attached) |
| void | BBCleanupProcessPhysEntry (IN PMEM_PHYS_PROCESS_ENTRY pEntry, BOOLEAN attached) |
| void | BBCleanupProcessPhysList () |
Variables | |
| LIST_ENTRY | g_PhysProcesses |
| NTSTATUS BBAllocateFreeMemory | ( | IN PALLOCATE_FREE_MEMORY | pAllocFree, |
| OUT PALLOCATE_FREE_MEMORY_RESULT | pResult | ||
| ) |
Allocate/Free process memory
| pAllocFree | Request params. |
| pResult | Allocated region info. |
| NTSTATUS BBAllocateFreePhysical | ( | IN PEPROCESS | pProcess, |
| IN PALLOCATE_FREE_MEMORY | pAllocFree, | ||
| OUT PALLOCATE_FREE_MEMORY_RESULT | pResult | ||
| ) |
Allocate kernel memory and map into User space. Or free previously allocated memory
| pProcess | Target process object |
| pAllocFree | Request params. |
| pResult | Allocated region info. |
| void BBCleanupPhysMemEntry | ( | IN PMEM_PHYS_ENTRY | pEntry, |
| BOOLEAN | attached | ||
| ) |
| void BBCleanupProcessPhysEntry | ( | IN PMEM_PHYS_PROCESS_ENTRY | pEntry, |
| BOOLEAN | attached | ||
| ) |
| void BBCleanupProcessPhysList | ( | ) |
| NTSTATUS BBCopyMemory | ( | IN PCOPY_MEMORY | pCopy | ) |
Read/write process memory
| pCopy | Request params |
| NTSTATUS BBDisableDEP | ( | IN PDISABLE_DEP | pData | ) |
Disable process DEP Has no effect on native x64 process
| pData | Request params |
| NTSTATUS BBGrantAccess | ( | IN PHANDLE_GRANT_ACCESS | pAccess | ) |
Change handle granted access
| pAccess | Request params |
Hide VAD containing target address
| pData | Address info |
| PMEM_PHYS_ENTRY BBLookupPhysMemEntry | ( | IN PLIST_ENTRY | pList, |
| IN PVOID | pBase | ||
| ) |
Find allocated memory region entry
| pList | Region list |
| pBase | Region base |
| PMEM_PHYS_PROCESS_ENTRY BBLookupPhysProcessEntry | ( | IN HANDLE | pid | ) |
Find memory allocation process entry
| pid | Target PID |
| NTSTATUS BBProtectMemory | ( | IN PPROTECT_MEMORY | pProtect | ) |
Change process memory protection
| pProtect | Request params |
| NTSTATUS BBSetProtection | ( | IN PSET_PROC_PROTECTION | pProtection | ) |
Enable/disable process protection flag
| pProtection | Request params |
| LIST_ENTRY g_PhysProcesses |
1.8.8 
