X86 OS subsystem. Used More...

#include <x86Subsystem.h>

Inheritance diagram for blackbone::x86Native:

Public Member Functions
BLACKBONE_API	x86Native (HANDLE hProcess)

virtual NTSTATUS	VirtualQueryExT (ptr_t lpAddress, PMEMORY_BASIC_INFORMATION64 lpBuffer)
	Query virtual memory More...

virtual NTSTATUS	GetThreadContextT (HANDLE hThread, _CONTEXT32 &ctx)
	Get WOW64 thread context More...

virtual NTSTATUS	GetThreadContextT (HANDLE hThread, _CONTEXT64 &ctx)
	Get native thread context More...

virtual NTSTATUS	SetThreadContextT (HANDLE hThread, _CONTEXT32 &ctx)
	Set WOW64 thread context More...

virtual NTSTATUS	SetThreadContextT (HANDLE hThread, _CONTEXT64 &ctx)
	Set native thread context More...

virtual ptr_t	getPEB (_PEB32 *ppeb)
	Gets WOW64 PEB More...

virtual ptr_t	getPEB (_PEB64 *ppeb)
	Get native PEB More...

virtual ptr_t	getTEB (HANDLE hThread, _TEB32 *pteb)
	Get WOW64 TEB More...

virtual ptr_t	getTEB (HANDLE hThread, _TEB64 *pteb)
	Get native TEB More...

Public Member Functions inherited from blackbone::Native
BLACKBONE_API	Native (HANDLE hProcess, bool x86OS=false)

BLACKBONE_API const Wow64Barrier &	GetWow64Barrier () const

virtual NTSTATUS	VirualAllocExT (ptr_t &lpAddress, size_t dwSize, DWORD flAllocationType, DWORD flProtect)
	Allocate virtual memory More...

virtual NTSTATUS	VirualFreeExT (ptr_t lpAddress, size_t dwSize, DWORD dwFreeType)
	Free virtual memory More...

virtual NTSTATUS	VirtualProtectExT (ptr_t lpAddress, DWORD64 dwSize, DWORD flProtect, DWORD *flOld)
	Change memory protection More...

virtual NTSTATUS	ReadProcessMemoryT (ptr_t lpBaseAddress, LPVOID lpBuffer, size_t nSize, DWORD64 *lpBytes=nullptr)
	Read virtual memory More...

virtual NTSTATUS	WriteProcessMemoryT (ptr_t lpBaseAddress, LPCVOID lpBuffer, size_t nSize, DWORD64 *lpBytes=nullptr)
	Write virtual memory More...

virtual NTSTATUS	VirtualQueryExT (ptr_t lpAddress, MEMORY_INFORMATION_CLASS infoClass, LPVOID lpBuffer, size_t bufSize)
	Query virtual memory More...

virtual NTSTATUS	QueryProcessInfoT (PROCESSINFOCLASS infoClass, LPVOID lpBuffer, uint32_t bufSize)
	Call NtQueryInformationProcess for underlying process More...

virtual NTSTATUS	SetProcessInfoT (PROCESSINFOCLASS infoClass, LPVOID lpBuffer, uint32_t bufSize)
	Call NtSetInformationProcess for underlying process More...

virtual NTSTATUS	CreateRemoteThreadT (HANDLE &hThread, ptr_t entry, ptr_t arg, CreateThreadFlags flags)
	Creates new thread in the remote process More...

BLACKBONE_API size_t	EnumRegions (std::list< MEMORY_BASIC_INFORMATION64 > &results, bool includeFree=false)
	Enumerate valid memory regions More...

BLACKBONE_API size_t	EnumModules (listModules &result, eModSeachType search=LdrList, eModType mtype=mt_default)
	Enumerate process modules More...

BLACKBONE_API ptr_t	minAddr () const
	Get lowest possible valid address value More...

BLACKBONE_API ptr_t	maxAddr () const
	Get highest possible valid address value More...

BLACKBONE_API uint32_t	pageSize () const
	Get page size More...

Additional Inherited Members
Public Types inherited from blackbone::Native
typedef std::list< ModuleData >	listModules

Protected Attributes inherited from blackbone::Native
HANDLE	_hProcess

Wow64Barrier	_wowBarrier

uint32_t	_pageSize

Detailed Description

X86 OS subsystem. Used

Member Function Documentation

ptr_t blackbone::x86Native::getPEB ( _PEB32 * ppeb )

virtual

Gets WOW64 PEB

Parameters

ppeb	Retrieved PEB

Returns: PEB pointer

Reimplemented from blackbone::Native.

ptr_t blackbone::x86Native::getPEB ( _PEB64 * ppeb )

virtual

Get native PEB

Parameters

ppeb	Retrieved PEB

Returns: PEB pointer

Reimplemented from blackbone::Native.

ptr_t blackbone::x86Native::getTEB	(	HANDLE	hThread,
		_TEB32 *	pteb
	)

virtual

Get WOW64 TEB

Parameters

ppeb	Retrieved TEB

Returns: TEB pointer

Reimplemented from blackbone::Native.

ptr_t blackbone::x86Native::getTEB	(	HANDLE	hThread,
		_TEB64 *	pteb
	)

virtual

Get native TEB

Parameters

ppeb	Retrieved TEB

Returns: TEB pointer

Reimplemented from blackbone::Native.

NTSTATUS blackbone::x86Native::GetThreadContextT	(	HANDLE	hThread,
		_CONTEXT32 &	ctx
	)

virtual

Get WOW64 thread context

Parameters

hThread	Thread handle.
ctx	Thread context

Returns: Status code

Reimplemented from blackbone::Native.

NTSTATUS blackbone::x86Native::GetThreadContextT	(	HANDLE	hThread,
		_CONTEXT64 &	ctx
	)

virtual

Get native thread context

Parameters

hThread	Thread handle.
ctx	Thread context

Returns: Status code

Reimplemented from blackbone::Native.

NTSTATUS blackbone::x86Native::SetThreadContextT	(	HANDLE	hThread,
		_CONTEXT32 &	ctx
	)

virtual

Set WOW64 thread context

Parameters

hThread	Thread handle.
ctx	Thread context

Returns: Status code

Reimplemented from blackbone::Native.

NTSTATUS blackbone::x86Native::SetThreadContextT	(	HANDLE	hThread,
		_CONTEXT64 &	ctx
	)

virtual

Set native thread context

Parameters

hThread	Thread handle.
ctx	Thread context

Returns: Status code

Reimplemented from blackbone::Native.

NTSTATUS blackbone::x86Native::VirtualQueryExT	(	ptr_t	lpAddress,
		PMEMORY_BASIC_INFORMATION64	lpBuffer
	)

virtual

Query virtual memory

Parameters

lpAddress	Address to query
lpBuffer	Retrieved memory info

Returns: Status code

Reimplemented from blackbone::Native.

The documentation for this class was generated from the following files:

C:/Users/Ton/Documents/Visual Studio 2013/Projects/BlackBone/src/BlackBone/Subsystem/x86Subsystem.h
C:/Users/Ton/Documents/Visual Studio 2013/Projects/BlackBone/src/BlackBone/Subsystem/x86Subsystem.cpp

Public Member Functions

Additional Inherited Members

Detailed Description

Member Function Documentation