lib/html/_native_subsystem_8h_source.html

 #pragma once


 #include "../Include/Winheaders.h"

 #include "../Include/Types.h"

 #include "../Include/Macro.h"


 #include <string>

 #include <list>

 #include <vector>

 #include <unordered_set>

 #include <cassert>


 namespace blackbone

 {


 enum CreateThreadFlags

 {

     NoThreadFlags   = 0x0000,

     CreateSuspended = 0x0001,

     NoDllCallbacks  = 0x0002,

     HideFromDebug   = 0x0004,

 };


 ENUM_OPS(CreateThreadFlags)


 class Native

 {

 public:

     typedef std::list<ModuleData> listModules;


 public:

     BLACKBONE_API Native( HANDLE hProcess, bool x86OS = false );

     BLACKBONE_API ~Native();


     BLACKBONE_API inline const Wow64Barrier& GetWow64Barrier() const { return _wowBarrier; }


     virtual NTSTATUS VirualAllocExT( ptr_t& lpAddress, size_t dwSize, DWORD flAllocationType, DWORD flProtect );


     virtual NTSTATUS VirualFreeExT( ptr_t lpAddress, size_t dwSize, DWORD dwFreeType );


     virtual NTSTATUS VirtualProtectExT( ptr_t lpAddress, DWORD64 dwSize, DWORD flProtect, DWORD* flOld );


     virtual NTSTATUS ReadProcessMemoryT( ptr_t lpBaseAddress, LPVOID lpBuffer, size_t nSize, DWORD64 *lpBytes = nullptr );


     virtual NTSTATUS WriteProcessMemoryT( ptr_t lpBaseAddress, LPCVOID lpBuffer, size_t nSize, DWORD64 *lpBytes = nullptr );


     virtual NTSTATUS VirtualQueryExT( ptr_t lpAddress, PMEMORY_BASIC_INFORMATION64 lpBuffer );


     virtual NTSTATUS VirtualQueryExT( ptr_t lpAddress, MEMORY_INFORMATION_CLASS infoClass, LPVOID lpBuffer, size_t bufSize );


     virtual NTSTATUS QueryProcessInfoT( PROCESSINFOCLASS infoClass, LPVOID lpBuffer, uint32_t bufSize );


     virtual NTSTATUS SetProcessInfoT( PROCESSINFOCLASS infoClass, LPVOID lpBuffer, uint32_t bufSize );


     virtual NTSTATUS CreateRemoteThreadT( HANDLE& hThread, ptr_t entry, ptr_t arg, CreateThreadFlags flags );


     virtual NTSTATUS GetThreadContextT( HANDLE hThread, _CONTEXT64& ctx );


     virtual NTSTATUS GetThreadContextT( HANDLE hThread, _CONTEXT32& ctx );


     virtual NTSTATUS SetThreadContextT( HANDLE hThread, _CONTEXT64& ctx );


     virtual NTSTATUS SetThreadContextT( HANDLE hThread, _CONTEXT32& ctx );


     virtual ptr_t getPEB( _PEB32* ppeb );


     virtual ptr_t getPEB( _PEB64* ppeb );


     virtual ptr_t getTEB( HANDLE hThread, _TEB32* pteb );


     virtual ptr_t getTEB( HANDLE hThread, _TEB64* pteb );


     BLACKBONE_API size_t EnumRegions( std::list<MEMORY_BASIC_INFORMATION64>& results, bool includeFree = false );


     BLACKBONE_API size_t EnumModules( listModules& result, eModSeachType search = LdrList, eModType mtype = mt_default );


     BLACKBONE_API inline ptr_t minAddr() const { return 0x10000; }


     BLACKBONE_API inline ptr_t maxAddr() const { return 0x7FFFFFFEFFFF; }


     BLACKBONE_API inline uint32_t pageSize() const { return _pageSize; }

 private:


     template<typename T>

     size_t EnumModulesT( Native::listModules& result );


     size_t EnumSections( listModules& result );


     size_t EnumPEHeaders( listModules& result );


 protected:

     HANDLE _hProcess;           // Process handle

     Wow64Barrier _wowBarrier;   // WOW64 barrier info

     uint32_t _pageSize;

 };


 }

blackbone::Native
Definition: NativeSubsystem.h:27

blackbone::_PEB_T
Definition: NativeStructures.h:163

blackbone::Native::maxAddr
BLACKBONE_API ptr_t maxAddr() const
Get highest possible valid address value
Definition: NativeSubsystem.h:217

blackbone::_TEB_T
Definition: NativeStructures.h:71

blackbone::Native::minAddr
BLACKBONE_API ptr_t minAddr() const
Get lowest possible valid address value
Definition: NativeSubsystem.h:211

blackbone::Wow64Barrier
Definition: Types.h:31

blackbone::_CONTEXT_T< DWORD64 >
Definition: NativeStructures.h:442

blackbone
Definition: AsmHelper32.cpp:6

blackbone::_CONTEXT_T< DWORD >
Definition: NativeStructures.h:412

blackbone::Native::pageSize
BLACKBONE_API uint32_t pageSize() const
Get page size
Definition: NativeSubsystem.h:223