1 use crate::winapi_local::um::winnt::PMEM_EXTENDED_PARAMETER; 2 use winapi::shared::basetsd::{PSIZE_T, PULONG_PTR, SIZE_T, ULONG_PTR}; 3 use winapi::shared::ntdef::{ 4 BOOLEAN, HANDLE, LARGE_INTEGER, NTSTATUS, PHANDLE, PLARGE_INTEGER, POBJECT_ATTRIBUTES, PULONG, 5 PUNICODE_STRING, PVOID, UCHAR, ULONG, ULONGLONG, UNICODE_STRING, USHORT, 6 }; 7 use winapi::um::winnt::{ 8 ACCESS_MASK, PCFG_CALL_TARGET_INFO, STANDARD_RIGHTS_REQUIRED, SYNCHRONIZE, 9 }; 10 ENUM!{enum MEMORY_INFORMATION_CLASS { 11 MemoryBasicInformation = 0, 12 MemoryWorkingSetInformation = 1, 13 MemoryMappedFilenameInformation = 2, 14 MemoryRegionInformation = 3, 15 MemoryWorkingSetExInformation = 4, 16 MemorySharedCommitInformation = 5, 17 MemoryImageInformation = 6, 18 MemoryRegionInformationEx = 7, 19 MemoryPrivilegedBasicInformation = 8, 20 MemoryEnclaveImageInformation = 9, 21 MemoryBasicInformationCapped = 10, 22 }} 23 STRUCT!{struct MEMORY_WORKING_SET_BLOCK { 24 Bitfields: ULONG_PTR, 25 }} 26 #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] 27 BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [ 28 Protection set_Protection[0..5], 29 ShareCount set_ShareCount[5..8], 30 Shared set_Shared[8..9], 31 Node set_Node[9..12], 32 VirtualPage set_VirtualPage[12..64], 33 ]} 34 #[cfg(target_arch = "x86")] 35 BITFIELD!{MEMORY_WORKING_SET_BLOCK Bitfields: ULONG_PTR [ 36 Protection set_Protection[0..5], 37 ShareCount set_ShareCount[5..8], 38 Shared set_Shared[8..9], 39 Node set_Node[9..12], 40 VirtualPage set_VirtualPage[12..32], 41 ]} 42 pub type PMEMORY_WORKING_SET_BLOCK = *mut MEMORY_WORKING_SET_BLOCK; 43 STRUCT!{struct MEMORY_WORKING_SET_INFORMATION { 44 NumberOfEntries: ULONG_PTR, 45 WorkingSetInfo: [MEMORY_WORKING_SET_BLOCK; 1], 46 }} 47 pub type PMEMORY_WORKING_SET_INFORMATION = *mut MEMORY_WORKING_SET_INFORMATION; 48 STRUCT!{struct MEMORY_REGION_INFORMATION { 49 AllocationBase: PVOID, 50 AllocationProtect: ULONG, 51 RegionType: ULONG, 52 RegionSize: SIZE_T, 53 CommitSize: SIZE_T, 54 }} 55 BITFIELD!{MEMORY_REGION_INFORMATION RegionType: ULONG [ 56 Private set_Private[0..1], 57 MappedDataFile set_MappedDataFile[1..2], 58 MappedImage set_MappedImage[2..3], 59 MappedPageFile set_MappedPageFile[3..4], 60 MappedPhysical set_MappedPhysical[4..5], 61 DirectMapped set_DirectMapped[5..6], 62 SoftwareEnclave set_SoftwareEnclave[6..7], 63 PageSize64K set_PageSize64K[7..8], 64 PlaceholderReservation set_PlaceholderReservation[8..9], 65 Reserved set_Reserved[9..32], 66 ]} 67 pub type PMEMORY_REGION_INFORMATION = *mut MEMORY_REGION_INFORMATION; 68 ENUM!{enum MEMORY_WORKING_SET_EX_LOCATION { 69 MemoryLocationInvalid = 0, 70 MemoryLocationResident = 1, 71 MemoryLocationPagefile = 2, 72 MemoryLocationReserved = 3, 73 }} 74 UNION!{union MEMORY_WORKING_SET_EX_BLOCK_u { 75 Bitfields: ULONG_PTR, 76 Invalid: ULONG_PTR, 77 }} 78 STRUCT!{struct MEMORY_WORKING_SET_EX_BLOCK { 79 u: MEMORY_WORKING_SET_EX_BLOCK_u, 80 }} 81 #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] 82 BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [ 83 Valid set_Valid[0..1], 84 ShareCount set_ShareCount[1..4], 85 Win32Protection set_Win32Protection[4..15], 86 Shared set_Shared[15..16], 87 Node set_Node[16..22], 88 Locked set_Locked[22..23], 89 LargePage set_LargePage[23..24], 90 Priority set_Priority[24..27], 91 Reserved set_Reserved[27..30], 92 SharedOriginal set_SharedOriginal[30..31], 93 Bad set_Bad[31..32], 94 ReservedUlong set_ReservedUlong[32..64], 95 ]} 96 #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] 97 BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [ 98 Invalid_Valid set_Invalid_Valid[0..1], 99 Invalid_Reserved0 set_Invalid_Reserved0[1..15], 100 Invalid_Shared set_Invalid_Shared[15..16], 101 Invalid_Reserved1 set_Invalid_Reserved1[16..21], 102 Invalid_PageTable set_Invalid_PageTable[21..22], 103 Invalid_Location set_Invalid_Location[22..24], 104 Invalid_Priority set_Invalid_Priority[24..27], 105 Invalid_ModifiedList set_Invalid_ModifiedList[27..28], 106 Invalid_Reserved2 set_Invalid_Reserved2[28..30], 107 Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31], 108 Invalid_Bad set_Invalid_Bad[31..32], 109 Invalid_ReservedUlong set_Invalid_ReservedUlong[32..64], 110 ]} 111 #[cfg(target_arch = "x86")] 112 BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Bitfields: ULONG_PTR [ 113 Valid set_Valid[0..1], 114 ShareCount set_ShareCount[1..4], 115 Win32Protection set_Win32Protection[4..15], 116 Shared set_Shared[15..16], 117 Node set_Node[16..22], 118 Locked set_Locked[22..23], 119 LargePage set_LargePage[23..24], 120 Priority set_Priority[24..27], 121 Reserved set_Reserved[27..30], 122 SharedOriginal set_SharedOriginal[30..31], 123 Bad set_Bad[31..32], 124 ]} 125 #[cfg(target_arch = "x86")] 126 BITFIELD!{unsafe MEMORY_WORKING_SET_EX_BLOCK_u Invalid: ULONG_PTR [ 127 Invalid_Valid set_Invalid_Valid[0..1], 128 Invalid_Reserved0 set_Invalid_Reserved0[1..15], 129 Invalid_Shared set_Invalid_Shared[15..16], 130 Invalid_Reserved1 set_Invalid_Reserved1[16..21], 131 Invalid_PageTable set_Invalid_PageTable[21..22], 132 Invalid_Location set_Invalid_Location[22..24], 133 Invalid_Priority set_Invalid_Priority[24..27], 134 Invalid_ModifiedList set_Invalid_ModifiedList[27..28], 135 Invalid_Reserved2 set_Invalid_Reserved2[28..30], 136 Invalid_SharedOriginal set_Invalid_SharedOriginal[30..31], 137 Invalid_Bad set_Invalid_Bad[31..32], 138 ]} 139 pub type PMEMORY_WORKING_SET_EX_BLOCK = *mut MEMORY_WORKING_SET_EX_BLOCK; 140 STRUCT!{struct MEMORY_WORKING_SET_EX_INFORMATION { 141 VirtualAddress: PVOID, 142 VirtualAttributes: MEMORY_WORKING_SET_EX_BLOCK, 143 }} 144 pub type PMEMORY_WORKING_SET_EX_INFORMATION = *mut MEMORY_WORKING_SET_EX_INFORMATION; 145 STRUCT!{struct MEMORY_SHARED_COMMIT_INFORMATION { 146 CommitSize: SIZE_T, 147 }} 148 pub type PMEMORY_SHARED_COMMIT_INFORMATION = *mut MEMORY_SHARED_COMMIT_INFORMATION; 149 STRUCT!{struct MEMORY_IMAGE_INFORMATION { 150 ImageBase: PVOID, 151 SizeOfImage: SIZE_T, 152 ImageFlags: ULONG, 153 }} 154 BITFIELD!{MEMORY_IMAGE_INFORMATION ImageFlags: ULONG [ 155 ImagePartialMap set_ImagePartialMap[0..1], 156 ImageNotExecutable set_ImageNotExecutable[1..2], 157 ImageSigningLevel set_ImageSigningLevel[2..6], 158 Reserved set_Reserved[6..32], 159 ]} 160 pub type PMEMORY_IMAGE_INFORMATION = *mut MEMORY_IMAGE_INFORMATION; 161 STRUCT!{struct MEMORY_ENCLAVE_IMAGE_INFORMATION { 162 ImageInfo: MEMORY_IMAGE_INFORMATION, 163 UniqueID: [UCHAR; 32], 164 AuthorID: [UCHAR; 32], 165 }} 166 pub type PMEMORY_ENCLAVE_IMAGE_INFORMATION = *mut MEMORY_ENCLAVE_IMAGE_INFORMATION; 167 pub const MMPFNLIST_ZERO: u32 = 0; 168 pub const MMPFNLIST_FREE: u32 = 1; 169 pub const MMPFNLIST_STANDBY: u32 = 2; 170 pub const MMPFNLIST_MODIFIED: u32 = 3; 171 pub const MMPFNLIST_MODIFIEDNOWRITE: u32 = 4; 172 pub const MMPFNLIST_BAD: u32 = 5; 173 pub const MMPFNLIST_ACTIVE: u32 = 6; 174 pub const MMPFNLIST_TRANSITION: u32 = 7; 175 pub const MMPFNUSE_PROCESSPRIVATE: u32 = 0; 176 pub const MMPFNUSE_FILE: u32 = 1; 177 pub const MMPFNUSE_PAGEFILEMAPPED: u32 = 2; 178 pub const MMPFNUSE_PAGETABLE: u32 = 3; 179 pub const MMPFNUSE_PAGEDPOOL: u32 = 4; 180 pub const MMPFNUSE_NONPAGEDPOOL: u32 = 5; 181 pub const MMPFNUSE_SYSTEMPTE: u32 = 6; 182 pub const MMPFNUSE_SESSIONPRIVATE: u32 = 7; 183 pub const MMPFNUSE_METAFILE: u32 = 8; 184 pub const MMPFNUSE_AWEPAGE: u32 = 9; 185 pub const MMPFNUSE_DRIVERLOCKPAGE: u32 = 10; 186 pub const MMPFNUSE_KERNELSTACK: u32 = 11; 187 STRUCT!{struct MEMORY_FRAME_INFORMATION { 188 Bitfields: ULONGLONG, 189 }} 190 BITFIELD!{MEMORY_FRAME_INFORMATION Bitfields: ULONGLONG [ 191 UseDescription set_UseDescription[0..4], 192 ListDescription set_ListDescription[4..7], 193 Reserved0 set_Reserved0[7..8], 194 Pinned set_Pinned[8..9], 195 DontUse set_DontUse[9..57], 196 Priority set_Priority[57..60], 197 Reserved set_Reserved[60..64], 198 ]} 199 STRUCT!{struct FILEOFFSET_INFORMATION { 200 Bitfields: ULONGLONG, 201 }} 202 BITFIELD!{FILEOFFSET_INFORMATION Bitfields: ULONGLONG [ 203 DontUse set_DontUse[0..9], 204 Offset set_Offset[9..57], 205 Reserved set_Reserved[57..64], 206 ]} 207 STRUCT!{struct PAGEDIR_INFORMATION { 208 Bitfields: ULONGLONG, 209 }} 210 BITFIELD!{PAGEDIR_INFORMATION Bitfields: ULONGLONG [ 211 DontUse set_DontUse[0..9], 212 PageDirectoryBase set_PageDirectoryBase[9..57], 213 Reserved set_Reserved[57..64], 214 ]} 215 STRUCT!{struct UNIQUE_PROCESS_INFORMATION { 216 Bitfields: ULONGLONG, 217 }} 218 BITFIELD!{UNIQUE_PROCESS_INFORMATION Bitfields: ULONGLONG [ 219 DontUse set_DontUse[0..9], 220 UniqueProcessKey set_UniqueProcessKey[9..57], 221 Reserved set_Reserved[57..64], 222 ]} 223 pub type PUNIQUE_PROCESS_INFORMATION = *mut UNIQUE_PROCESS_INFORMATION; 224 UNION!{union MMPFN_IDENTITY_u1 { 225 e1: MEMORY_FRAME_INFORMATION, 226 e2: FILEOFFSET_INFORMATION, 227 e3: PAGEDIR_INFORMATION, 228 e4: UNIQUE_PROCESS_INFORMATION, 229 }} 230 UNION!{union MMPFN_IDENTITY_u2 { 231 e1: ULONG_PTR, 232 e2_CombinedPage: ULONG_PTR, 233 FileObject: ULONG_PTR, 234 UniqueFileObjectKey: ULONG_PTR, 235 ProtoPteAddress: ULONG_PTR, 236 VirtualAddress: ULONG_PTR, 237 }} 238 STRUCT!{struct MMPFN_IDENTITY { 239 u1: MMPFN_IDENTITY_u1, 240 PageFrameIndex: ULONG_PTR, 241 u2: MMPFN_IDENTITY_u2, 242 }} 243 BITFIELD!{unsafe MMPFN_IDENTITY_u2 e1: ULONG_PTR [ 244 Image set_Image[0..1], 245 Mismatch set_Mismatch[1..2], 246 ]} 247 pub type PMMPFN_IDENTITY = *mut MMPFN_IDENTITY; 248 STRUCT!{struct MMPFN_MEMSNAP_INFORMATION { 249 InitialPageFrameIndex: ULONG_PTR, 250 Count: ULONG_PTR, 251 }} 252 pub type PMMPFN_MEMSNAP_INFORMATION = *mut MMPFN_MEMSNAP_INFORMATION; 253 ENUM!{enum SECTION_INFORMATION_CLASS { 254 SectionBasicInformation = 0, 255 SectionImageInformation = 1, 256 SectionRelocationInformation = 2, 257 SectionOriginalBaseInformation = 3, 258 SectionInternalImageInformation = 4, 259 MaxSectionInfoClass = 5, 260 }} 261 STRUCT!{struct SECTION_BASIC_INFORMATION { 262 BaseAddress: PVOID, 263 AllocationAttributes: ULONG, 264 MaximumSize: LARGE_INTEGER, 265 }} 266 pub type PSECTION_BASIC_INFORMATION = *mut SECTION_BASIC_INFORMATION; 267 STRUCT!{struct SECTION_IMAGE_INFORMATION_u1_s { 268 SubSystemMinorVersion: USHORT, 269 SubSystemMajorVersion: USHORT, 270 }} 271 UNION!{union SECTION_IMAGE_INFORMATION_u1 { 272 s: SECTION_IMAGE_INFORMATION_u1_s, 273 SubSystemVersion: ULONG, 274 }} 275 STRUCT!{struct SECTION_IMAGE_INFORMATION_u2_s { 276 MajorOperatingSystemVersion: USHORT, 277 MinorOperatingSystemVersion: USHORT, 278 }} 279 UNION!{union SECTION_IMAGE_INFORMATION_u2 { 280 s: SECTION_IMAGE_INFORMATION_u2_s, 281 OperatingSystemVersion: ULONG, 282 }} 283 STRUCT!{struct SECTION_IMAGE_INFORMATION { 284 TransferAddress: PVOID, 285 ZeroBits: ULONG, 286 MaximumStackSize: SIZE_T, 287 CommittedStackSize: SIZE_T, 288 SubSystemType: ULONG, 289 u1: SECTION_IMAGE_INFORMATION_u1, 290 u2: SECTION_IMAGE_INFORMATION_u2, 291 ImageCharacteristics: USHORT, 292 DllCharacteristics: USHORT, 293 Machine: USHORT, 294 ImageContainsCode: BOOLEAN, 295 ImageFlags: UCHAR, 296 LoaderFlags: ULONG, 297 ImageFileSize: ULONG, 298 CheckSum: ULONG, 299 }} 300 BITFIELD!{SECTION_IMAGE_INFORMATION ImageFlags: UCHAR [ 301 ComPlusNativeReady set_ComPlusNativeReady[0..1], 302 ComPlusILOnly set_ComPlusILOnly[1..2], 303 ImageDynamicallyRelocated set_ImageDynamicallyRelocated[2..3], 304 ImageMappedFlat set_ImageMappedFlat[3..4], 305 BaseBelow4gb set_BaseBelow4gb[4..5], 306 ComPlusPrefer32bit set_ComPlusPrefer32bit[5..6], 307 Reserved set_Reserved[6..8], 308 ]} 309 pub type PSECTION_IMAGE_INFORMATION = *mut SECTION_IMAGE_INFORMATION; 310 STRUCT!{struct SECTION_INTERNAL_IMAGE_INFORMATION { 311 SectionInformation: SECTION_IMAGE_INFORMATION, 312 ExtendedFlags: ULONG, 313 }} 314 BITFIELD!{SECTION_INTERNAL_IMAGE_INFORMATION ExtendedFlags: ULONG [ 315 ImageExportSuppressionEnabled set_ImageExportSuppressionEnabled[0..1], 316 Reserved set_Reserved[1..32], 317 ]} 318 pub type PSECTION_INTERNAL_IMAGE_INFORMATION = *mut SECTION_INTERNAL_IMAGE_INFORMATION; 319 ENUM!{enum SECTION_INHERIT { 320 ViewShare = 1, 321 ViewUnmap = 2, 322 }} 323 pub const SEC_BASED: u32 = 0x200000; 324 pub const SEC_NO_CHANGE: u32 = 0x400000; 325 pub const SEC_GLOBAL: u32 = 0x20000000; 326 pub const MEM_EXECUTE_OPTION_DISABLE: u32 = 0x1; 327 pub const MEM_EXECUTE_OPTION_ENABLE: u32 = 0x2; 328 pub const MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION: u32 = 0x4; 329 pub const MEM_EXECUTE_OPTION_PERMANENT: u32 = 0x8; 330 pub const MEM_EXECUTE_OPTION_EXECUTE_DISPATCH_ENABLE: u32 = 0x10; 331 pub const MEM_EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE: u32 = 0x20; 332 pub const MEM_EXECUTE_OPTION_VALID_FLAGS: u32 = 0x3f; 333 EXTERN!{extern "system" { 334 fn NtAllocateVirtualMemory( 335 ProcessHandle: HANDLE, 336 BaseAddress: *mut PVOID, 337 ZeroBits: ULONG_PTR, 338 RegionSize: PSIZE_T, 339 AllocationType: ULONG, 340 Protect: ULONG, 341 ) -> NTSTATUS; 342 fn NtFreeVirtualMemory( 343 ProcessHandle: HANDLE, 344 BaseAddress: *mut PVOID, 345 RegionSize: PSIZE_T, 346 FreeType: ULONG, 347 ) -> NTSTATUS; 348 fn NtReadVirtualMemory( 349 ProcessHandle: HANDLE, 350 BaseAddress: PVOID, 351 Buffer: PVOID, 352 BufferSize: SIZE_T, 353 NumberOfBytesRead: PSIZE_T, 354 ) -> NTSTATUS; 355 fn NtWriteVirtualMemory( 356 ProcessHandle: HANDLE, 357 BaseAddress: PVOID, 358 Buffer: PVOID, 359 BufferSize: SIZE_T, 360 NumberOfBytesWritten: PSIZE_T, 361 ) -> NTSTATUS; 362 fn NtProtectVirtualMemory( 363 ProcessHandle: HANDLE, 364 BaseAddress: *mut PVOID, 365 RegionSize: PSIZE_T, 366 NewProtect: ULONG, 367 OldProtect: PULONG, 368 ) -> NTSTATUS; 369 fn NtQueryVirtualMemory( 370 ProcessHandle: HANDLE, 371 BaseAddress: PVOID, 372 MemoryInformationClass: MEMORY_INFORMATION_CLASS, 373 MemoryInformation: PVOID, 374 MemoryInformationLength: SIZE_T, 375 ReturnLength: PSIZE_T, 376 ) -> NTSTATUS; 377 }} 378 ENUM!{enum VIRTUAL_MEMORY_INFORMATION_CLASS { 379 VmPrefetchInformation = 0, 380 VmPagePriorityInformation = 1, 381 VmCfgCallTargetInformation = 2, 382 VmPageDirtyStateInformation = 3, 383 }} 384 STRUCT!{struct MEMORY_RANGE_ENTRY { 385 VirtualAddress: PVOID, 386 NumberOfBytes: SIZE_T, 387 }} 388 pub type PMEMORY_RANGE_ENTRY = *mut MEMORY_RANGE_ENTRY; 389 STRUCT!{struct CFG_CALL_TARGET_LIST_INFORMATION { 390 NumberOfEntries: ULONG, 391 Reserved: ULONG, 392 NumberOfEntriesProcessed: PULONG, 393 CallTargetInfo: PCFG_CALL_TARGET_INFO, 394 Section: PVOID, 395 FileOffset: ULONGLONG, 396 }} 397 pub type PCFG_CALL_TARGET_LIST_INFORMATION = *mut CFG_CALL_TARGET_LIST_INFORMATION; 398 EXTERN!{extern "system" { 399 fn NtSetInformationVirtualMemory( 400 ProcessHandle: HANDLE, 401 VmInformationClass: VIRTUAL_MEMORY_INFORMATION_CLASS, 402 NumberOfEntries: ULONG_PTR, 403 VirtualAddresses: PMEMORY_RANGE_ENTRY, 404 VmInformation: PVOID, 405 VmInformationLength: ULONG, 406 ) -> NTSTATUS; 407 fn NtLockVirtualMemory( 408 ProcessHandle: HANDLE, 409 BaseAddress: *mut PVOID, 410 RegionSize: PSIZE_T, 411 MapType: ULONG, 412 ) -> NTSTATUS; 413 fn NtUnlockVirtualMemory( 414 ProcessHandle: HANDLE, 415 BaseAddress: *mut PVOID, 416 RegionSize: PSIZE_T, 417 MapType: ULONG, 418 ) -> NTSTATUS; 419 fn NtCreateSection( 420 SectionHandle: PHANDLE, 421 DesiredAccess: ACCESS_MASK, 422 ObjectAttributes: POBJECT_ATTRIBUTES, 423 MaximumSize: PLARGE_INTEGER, 424 SectionPageProtection: ULONG, 425 AllocationAttributes: ULONG, 426 FileHandle: HANDLE, 427 ) -> NTSTATUS; 428 fn NtCreateSectionEx( 429 SectionHandle: PHANDLE, 430 DesiredAccess: ACCESS_MASK, 431 ObjectAttributes: POBJECT_ATTRIBUTES, 432 MaximumSize: PLARGE_INTEGER, 433 SectionPageProtection: ULONG, 434 AllocationAttributes: ULONG, 435 FileHandle: HANDLE, 436 ExtendedParameters: PMEM_EXTENDED_PARAMETER, 437 ExtendedParameterCount: ULONG, 438 ) -> NTSTATUS; 439 fn NtOpenSection( 440 SectionHandle: PHANDLE, 441 DesiredAccess: ACCESS_MASK, 442 ObjectAttributes: POBJECT_ATTRIBUTES, 443 ) -> NTSTATUS; 444 fn NtMapViewOfSection( 445 SectionHandle: HANDLE, 446 ProcessHandle: HANDLE, 447 BaseAddress: *mut PVOID, 448 ZeroBits: ULONG_PTR, 449 CommitSize: SIZE_T, 450 SectionOffset: PLARGE_INTEGER, 451 ViewSize: PSIZE_T, 452 InheritDisposition: SECTION_INHERIT, 453 AllocationType: ULONG, 454 Win32Protect: ULONG, 455 ) -> NTSTATUS; 456 fn NtUnmapViewOfSection( 457 ProcessHandle: HANDLE, 458 BaseAddress: PVOID, 459 ) -> NTSTATUS; 460 fn NtUnmapViewOfSectionEx( 461 ProcessHandle: HANDLE, 462 BaseAddress: PVOID, 463 Flags: ULONG, 464 ) -> NTSTATUS; 465 fn NtExtendSection( 466 SectionHandle: HANDLE, 467 NewSectionSize: PLARGE_INTEGER, 468 ) -> NTSTATUS; 469 fn NtQuerySection( 470 SectionHandle: HANDLE, 471 SectionInformationClass: SECTION_INFORMATION_CLASS, 472 SectionInformation: PVOID, 473 SectionInformationLength: SIZE_T, 474 ReturnLength: PSIZE_T, 475 ) -> NTSTATUS; 476 fn NtAreMappedFilesTheSame( 477 File1MappedAsAnImage: PVOID, 478 File2MappedAsFile: PVOID, 479 ) -> NTSTATUS; 480 }} 481 pub const MEMORY_PARTITION_QUERY_ACCESS: u32 = 0x0001; 482 pub const MEMORY_PARTITION_MODIFY_ACCESS: u32 = 0x0002; 483 pub const MEMORY_PARTITION_ALL_ACCESS: u32 = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE 484 | MEMORY_PARTITION_QUERY_ACCESS | MEMORY_PARTITION_MODIFY_ACCESS; 485 ENUM!{enum MEMORY_PARTITION_INFORMATION_CLASS { 486 SystemMemoryPartitionInformation = 0, 487 SystemMemoryPartitionMoveMemory = 1, 488 SystemMemoryPartitionAddPagefile = 2, 489 SystemMemoryPartitionCombineMemory = 3, 490 SystemMemoryPartitionInitialAddMemory = 4, 491 SystemMemoryPartitionGetMemoryEvents = 5, 492 SystemMemoryPartitionMax = 6, 493 }} 494 STRUCT!{struct MEMORY_PARTITION_CONFIGURATION_INFORMATION { 495 Flags: ULONG, 496 NumaNode: ULONG, 497 Channel: ULONG, 498 NumberOfNumaNodes: ULONG, 499 ResidentAvailablePages: ULONG_PTR, 500 CommittedPages: ULONG_PTR, 501 CommitLimit: ULONG_PTR, 502 PeakCommitment: ULONG_PTR, 503 TotalNumberOfPages: ULONG_PTR, 504 AvailablePages: ULONG_PTR, 505 ZeroPages: ULONG_PTR, 506 FreePages: ULONG_PTR, 507 StandbyPages: ULONG_PTR, 508 StandbyPageCountByPriority: [ULONG_PTR; 8], 509 RepurposedPagesByPriority: [ULONG_PTR; 8], 510 MaximumCommitLimit: ULONG_PTR, 511 DonatedPagesToPartitions: ULONG_PTR, 512 PartitionId: ULONG, 513 }} 514 pub type PMEMORY_PARTITION_CONFIGURATION_INFORMATION = 515 *mut MEMORY_PARTITION_CONFIGURATION_INFORMATION; 516 STRUCT!{struct MEMORY_PARTITION_TRANSFER_INFORMATION { 517 NumberOfPages: ULONG_PTR, 518 NumaNode: ULONG, 519 Flags: ULONG, 520 }} 521 pub type PMEMORY_PARTITION_TRANSFER_INFORMATION = *mut MEMORY_PARTITION_TRANSFER_INFORMATION; 522 STRUCT!{struct MEMORY_PARTITION_PAGEFILE_INFORMATION { 523 PageFileName: UNICODE_STRING, 524 MinimumSize: LARGE_INTEGER, 525 MaximumSize: LARGE_INTEGER, 526 Flags: ULONG, 527 }} 528 pub type PMEMORY_PARTITION_PAGEFILE_INFORMATION = *mut MEMORY_PARTITION_PAGEFILE_INFORMATION; 529 STRUCT!{struct MEMORY_PARTITION_PAGE_COMBINE_INFORMATION { 530 StopHandle: HANDLE, 531 Flags: ULONG, 532 TotalNumberOfPages: ULONG_PTR, 533 }} 534 pub type PMEMORY_PARTITION_PAGE_COMBINE_INFORMATION = 535 *mut MEMORY_PARTITION_PAGE_COMBINE_INFORMATION; 536 STRUCT!{struct MEMORY_PARTITION_PAGE_RANGE { 537 StartPage: ULONG_PTR, 538 NumberOfPages: ULONG_PTR, 539 }} 540 pub type PMEMORY_PARTITION_PAGE_RANGE = *mut MEMORY_PARTITION_PAGE_RANGE; 541 STRUCT!{struct MEMORY_PARTITION_INITIAL_ADD_INFORMATION { 542 Flags: ULONG, 543 NumberOfRanges: ULONG, 544 NumberOfPagesAdded: ULONG_PTR, 545 PartitionRanges: [MEMORY_PARTITION_PAGE_RANGE; 1], 546 }} 547 pub type PMEMORY_PARTITION_INITIAL_ADD_INFORMATION = *mut MEMORY_PARTITION_INITIAL_ADD_INFORMATION; 548 STRUCT!{struct MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION { 549 Flags: ULONG, 550 HandleAttributes: ULONG, 551 DesiredAccess: ULONG, 552 LowCommitCondition: HANDLE, 553 HighCommitCondition: HANDLE, 554 MaximumCommitCondition: HANDLE, 555 }} 556 BITFIELD!{MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION Flags: ULONG [ 557 CommitEvents set_CommitEvents[0..1], 558 Spare set_Spare[1..32], 559 ]} 560 pub type PMEMORY_PARTITION_MEMORY_EVENTS_INFORMATION = 561 *mut MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION; 562 EXTERN!{extern "system" { 563 fn NtCreatePartition( 564 PartitionHandle: PHANDLE, 565 DesiredAccess: ACCESS_MASK, 566 ObjectAttributes: POBJECT_ATTRIBUTES, 567 PreferredNode: ULONG, 568 ) -> NTSTATUS; 569 fn NtOpenPartition( 570 PartitionHandle: PHANDLE, 571 DesiredAccess: ACCESS_MASK, 572 ObjectAttributes: POBJECT_ATTRIBUTES, 573 ) -> NTSTATUS; 574 fn NtManagePartition( 575 PartitionInformationClass: MEMORY_PARTITION_INFORMATION_CLASS, 576 PartitionInformation: PVOID, 577 PartitionInformationLength: ULONG, 578 ) -> NTSTATUS; 579 fn NtMapUserPhysicalPages( 580 VirtualAddress: PVOID, 581 NumberOfPages: ULONG_PTR, 582 UserPfnArray: PULONG_PTR, 583 ) -> NTSTATUS; 584 fn NtMapUserPhysicalPagesScatter( 585 VirtualAddresses: *mut PVOID, 586 NumberOfPages: ULONG_PTR, 587 UserPfnArray: PULONG_PTR, 588 ) -> NTSTATUS; 589 fn NtAllocateUserPhysicalPages( 590 ProcessHandle: HANDLE, 591 NumberOfPages: PULONG_PTR, 592 UserPfnArray: PULONG_PTR, 593 ) -> NTSTATUS; 594 fn NtFreeUserPhysicalPages( 595 ProcessHandle: HANDLE, 596 NumberOfPages: PULONG_PTR, 597 UserPfnArray: PULONG_PTR, 598 ) -> NTSTATUS; 599 fn NtOpenSession( 600 SessionHandle: PHANDLE, 601 DesiredAccess: ACCESS_MASK, 602 ObjectAttributes: POBJECT_ATTRIBUTES, 603 ) -> NTSTATUS; 604 fn NtGetWriteWatch( 605 ProcessHandle: HANDLE, 606 Flags: ULONG, 607 BaseAddress: PVOID, 608 RegionSize: SIZE_T, 609 UserAddressArray: *mut PVOID, 610 EntriesInUserAddressArray: PULONG_PTR, 611 Granularity: PULONG, 612 ) -> NTSTATUS; 613 fn NtResetWriteWatch( 614 ProcessHandle: HANDLE, 615 BaseAddress: PVOID, 616 RegionSize: SIZE_T, 617 ) -> NTSTATUS; 618 fn NtCreatePagingFile( 619 PageFileName: PUNICODE_STRING, 620 MinimumSize: PLARGE_INTEGER, 621 MaximumSize: PLARGE_INTEGER, 622 Priority: ULONG, 623 ) -> NTSTATUS; 624 fn NtFlushInstructionCache( 625 ProcessHandle: HANDLE, 626 BaseAddress: PVOID, 627 Length: SIZE_T, 628 ) -> NTSTATUS; 629 fn NtFlushWriteBuffer() -> NTSTATUS; 630 }} 631