Routines.h

Go to the documentation of this file.

#pragma once

#include "BlackBoneDef.h"
#include "Private.h"
#include "VadRoutines.h"

typedef struct _MEM_PHYS_ENTRY
{
    LIST_ENTRY link;
    ULONG_PTR size;     // Region size
    PVOID pMapped;      // Mapped address
    PMDL pMDL;          // Related MDL
    PVOID ptr;          // Actual ptr in NonPagedPool
} MEM_PHYS_ENTRY, *PMEM_PHYS_ENTRY;

typedef struct _MEM_PHYS_PROCESS_ENTRY
{
    LIST_ENTRY link;
    HANDLE pid;             // Process ID
    LIST_ENTRY pVadList;    // List of mapped regions
} MEM_PHYS_PROCESS_ENTRY, *PMEM_PHYS_PROCESS_ENTRY;

extern LIST_ENTRY g_PhysProcesses;


NTSTATUS BBDisableDEP( IN PDISABLE_DEP pData );

NTSTATUS BBSetProtection( IN PSET_PROC_PROTECTION pProtection );

NTSTATUS BBGrantAccess( IN PHANDLE_GRANT_ACCESS pAccess );

NTSTATUS BBAllocateFreeMemory( IN PALLOCATE_FREE_MEMORY pAllocFree, OUT PALLOCATE_FREE_MEMORY_RESULT pResult );

NTSTATUS BBCopyMemory( IN PCOPY_MEMORY pCopy );

NTSTATUS BBProtectMemory( IN PPROTECT_MEMORY pProtect );

NTSTATUS BBHideVAD( IN PHIDE_VAD pData );

NTSTATUS BBInjectDll( IN PINJECT_DLL pData );

NTSTATUS BBExecuteInNewThread(
    IN PVOID pBaseAddress, 
    IN PVOID pParam, 
    IN ULONG flags, 
    IN BOOLEAN wait, 
    OUT PNTSTATUS pExitStatus 
    );

NTSTATUS BBQueueUserApc( IN PETHREAD pThread, IN PVOID pUserFunc, IN PVOID Arg1);

VOID BBProcessNotify( IN HANDLE ParentId, IN HANDLE ProcessId, IN BOOLEAN Create );

PMEM_PHYS_PROCESS_ENTRY BBLookupPhysProcessEntry( IN HANDLE pid );

//
// Memory allocation cleanup routines
//
void BBCleanupPhysMemEntry( IN PMEM_PHYS_ENTRY pEntry, BOOLEAN attached );
void BBCleanupProcessPhysEntry( IN PMEM_PHYS_PROCESS_ENTRY pEntry, BOOLEAN attached );
void BBCleanupProcessPhysList();