Go to the source code of this file.
|
| NTSTATUS | BBDisableDEP (IN PDISABLE_DEP pData) |
| | Disable process DEP Has no effect on native x64 process More...
|
| |
| NTSTATUS | BBSetProtection (IN PSET_PROC_PROTECTION pProtection) |
| | Enable/disable process protection flag More...
|
| |
| NTSTATUS | BBGrantAccess (IN PHANDLE_GRANT_ACCESS pAccess) |
| | Change handle granted access More...
|
| |
| NTSTATUS | BBAllocateFreeMemory (IN PALLOCATE_FREE_MEMORY pAllocFree, OUT PALLOCATE_FREE_MEMORY_RESULT pResult) |
| | Allocate/Free process memory More...
|
| |
| NTSTATUS | BBCopyMemory (IN PCOPY_MEMORY pCopy) |
| | Read/write process memory More...
|
| |
| NTSTATUS | BBProtectMemory (IN PPROTECT_MEMORY pProtect) |
| | Change process memory protection More...
|
| |
| NTSTATUS | BBHideVAD (IN PHIDE_VAD pData) |
| | Hide VAD containing target address More...
|
| |
| NTSTATUS | BBInjectDll (IN PINJECT_DLL pData) |
| | Inject dll into process More...
|
| |
| NTSTATUS | BBExecuteInNewThread (IN PVOID pBaseAddress, IN PVOID pParam, IN ULONG flags, IN BOOLEAN wait, OUT PNTSTATUS pExitStatus) |
| | Create new thread in the target process More...
|
| |
| NTSTATUS | BBQueueUserApc (IN PETHREAD pThread, IN PVOID pUserFunc, IN PVOID Arg1) |
| | Send user-mode APC to the target thread More...
|
| |
| VOID | BBProcessNotify (IN HANDLE ParentId, IN HANDLE ProcessId, IN BOOLEAN Create) |
| | Process termination handler More...
|
| |
| PMEM_PHYS_PROCESS_ENTRY | BBLookupPhysProcessEntry (IN HANDLE pid) |
| | Find memory allocation process entry More...
|
| |
| void | BBCleanupPhysMemEntry (IN PMEM_PHYS_ENTRY pEntry, BOOLEAN attached) |
| |
| void | BBCleanupProcessPhysEntry (IN PMEM_PHYS_PROCESS_ENTRY pEntry, BOOLEAN attached) |
| |
| void | BBCleanupProcessPhysList () |
| |
Allocated physical region entry
Per-process list of physical regions
Allocate/Free process memory
- Parameters
-
| pAllocFree | Request params. |
| pResult | Allocated region info. |
- Returns
- Status code
| void BBCleanupProcessPhysList |
( |
| ) |
|
Read/write process memory
- Parameters
-
- Returns
- Status code
Disable process DEP Has no effect on native x64 process
- Parameters
-
- Returns
- Status code
| NTSTATUS BBExecuteInNewThread |
( |
IN PVOID |
pBaseAddress, |
|
|
IN PVOID |
pParam, |
|
|
IN ULONG |
flags, |
|
|
IN BOOLEAN |
wait, |
|
|
OUT PNTSTATUS |
pExitStatus |
|
) |
| |
Create new thread in the target process
- Parameters
-
| pBaseAddress | Thread start address |
| pParam | Thread argument |
| flags | Thread creation flags |
| wait | If set to TRUE - wait for thread completion |
| pExitStatus | Thread exit status |
- Returns
- Status code
Create new thread in the target process
- Parameters
-
| pBaseAddress | Thread start address |
| pParam | Thread argument |
| flags | Thread creation flags |
| wait | If set to TRUE - wait for thread completion |
| pExitStatus | Thread exit status |
- Returns
- Status code
Change handle granted access
- Parameters
-
- Returns
- Status code
Hide VAD containing target address
- Parameters
-
- Returns
- Status code
Inject dll into process
- Parameters
-
| pid | Target PID |
| pPath | TFull-qualified dll path |
- Returns
- Status code
Find memory allocation process entry
- Parameters
-
- Returns
- Found entry, NULL if not found
| VOID BBProcessNotify |
( |
IN HANDLE |
ParentId, |
|
|
IN HANDLE |
ProcessId, |
|
|
IN BOOLEAN |
Create |
|
) |
| |
Process termination handler
- Parameters
-
| ParentId | Parent PID |
| ProcessId | PID |
| Create | TRUE if process was created |
Change process memory protection
- Parameters
-
- Returns
- Status code
| NTSTATUS BBQueueUserApc |
( |
IN PETHREAD |
pThread, |
|
|
IN PVOID |
pUserFunc, |
|
|
IN PVOID |
Arg1 |
|
) |
| |
Send user-mode APC to the target thread
- Parameters
-
| pThread | Target thread |
| pUserFunc | APC function |
| Arg1 | Argument 1 |
- Returns
- Status code
Enable/disable process protection flag
- Parameters
-
| pProtection | Request params |
- Returns
- Status code
| LIST_ENTRY g_PhysProcesses |
1.8.8 
