WOW64-x64 interface More...

#include <Wow64Local.h>

Public Member Functions
template<typename... Args>
DWORD64	X64Call (ptr_t func, Args...args)
	Call 64 bit function More...

template<typename... Args>
DWORD64	X64Syscall (int idx, Args...args)
	Perform a syscall More...

BLACKBONE_API void	memcpy64 (DWORD64, DWORD64, DWORD)
	Copy memory beyond 4GB limit More...

BLACKBONE_API DWORD64	getTEB64 (_TEB64 &out)
	Get native bit TEB More...

BLACKBONE_API DWORD64	GetModuleHandle64 (const wchar_t lpModuleName, DWORD pSize=nullptr)
	Gets 64 bit module base More...

BLACKBONE_API DWORD64	getNTDLL64 (DWORD *pSize=nullptr)
	Get 64 bit ntdll base More...

BLACKBONE_API DWORD64	getLdrGetProcedureAddress ()
	Get 'LdrGetProcedureAddress' address More...

BLACKBONE_API DWORD64	GetProcAddress64 (DWORD64 hModule, const char *funcName)
	64 bit implementation of GetProcAddress More...

BLACKBONE_API DWORD64	LoadLibrary64 (const wchar_t *path)
	Load 64 bit module into current process More...

Detailed Description

WOW64-x64 interface

Member Function Documentation

DWORD64 blackbone::Wow64Local::getLdrGetProcedureAddress ( )

Get 'LdrGetProcedureAddress' address

Returns: 'LdrGetProcedureAddress' address, 0 if not found

DWORD64 blackbone::Wow64Local::GetModuleHandle64	(	const wchar_t *	lpModuleName,
		DWORD *	pSize = `nullptr`
	)

Gets 64 bit module base

Parameters

lpModuleName	Module name
pSize	Found module size

Returns: Module base address, 0 if not found

DWORD64 blackbone::Wow64Local::getNTDLL64 ( DWORD * pSize = nullptr )

Get 64 bit ntdll base

Parameters

pSize Image size

Returns: ntdll address

DWORD64 blackbone::Wow64Local::GetProcAddress64	(	DWORD64	hModule,
		const char *	funcName
	)

64 bit implementation of GetProcAddress

Parameters

hModule	Module base
funcName	Function name or ordinal

Returns: Procedure address, 0 if not found

DWORD64 blackbone::Wow64Local::getTEB64 ( _TEB64 & out )

Get native bit TEB

Parameters

out	TEB structure

Returns: TEB pointer

DWORD64 blackbone::Wow64Local::LoadLibrary64 ( const wchar_t * path )

Load 64 bit module into current process

Parameters

path	Module path

Returns: Module base address

BLACKBONE_API void blackbone::Wow64Local::memcpy64	(	DWORD64	,
		DWORD64	,
		DWORD
	)

Copy memory beyond 4GB limit

Parameters

dst	Destination address
src	Source address
size	Region size

template<typename... Args>

DWORD64 blackbone::Wow64Local::X64Call	(	ptr_t	func,
		Args...	args
	)

inline

Call 64 bit function

Parameters

func	Function pointer
args	Function argumetns

Returns: Function return value

template<typename... Args>

DWORD64 blackbone::Wow64Local::X64Syscall	(	int	idx,
		Args...	args
	)

inline

Perform a syscall

Parameters

idx	Syscall index
args	Syscall arguments

Returns: Syscall result

The documentation for this class was generated from the following files:

C:/Users/Ton/Documents/Visual Studio 2013/Projects/BlackBone/src/BlackBone/Subsystem/Wow64Local.h
C:/Users/Ton/Documents/Visual Studio 2013/Projects/BlackBone/src/BlackBone/Subsystem/Wow64Local.cpp

Public Member Functions

Detailed Description

Member Function Documentation