@ -1,6 +1,8 @@
# pragma once
# pragma once
# include <Windows.h>
# include <Windows.h>
# include <winternl.h>
# include <winternl.h>
# include <cstdint>
# include <cstddef>
# pragma comment(lib, "ntdll.lib")
# pragma comment(lib, "ntdll.lib")
# if _DEBUG
# if _DEBUG
@ -246,105 +248,105 @@ using ZwLockVirtualMemory = NTSTATUS (__fastcall*)(
typedef union _virt_addr_t
typedef union _virt_addr_t
{
{
PVOID value ;
void * value ;
struct
struct
{
{
ULONG64 offset : 12 ;
std: : uint64_t offset : 12 ;
ULONG64 pt_index : 9 ;
std: : uint64_t pt_index : 9 ;
ULONG64 pd_index : 9 ;
std: : uint64_t pd_index : 9 ;
ULONG64 pdpt_index : 9 ;
std: : uint64_t pdpt_index : 9 ;
ULONG64 pml4_index : 9 ;
std: : uint64_t pml4_index : 9 ;
ULONG64 reserved : 16 ;
std: : uint64_t reserved : 16 ;
} ;
} ;
} virt_addr_t , * pvirt_addr_t ;
} virt_addr_t , * pvirt_addr_t ;
static_assert ( sizeof ( virt_addr_t ) = = sizeof ( PVOID ) , " Size mismatch, only 64-bit supported. " ) ;
static_assert ( sizeof ( virt_addr_t ) = = sizeof ( PVOID ) , " Size mismatch, only 64-bit supported. " ) ;
typedef union _pml4e
typedef union _pml4e
{
{
ULONG64 value ;
std: : uint64_t value ;
struct
struct
{
{
ULONG64 present : 1 ; // Must be 1, region invalid if 0.
std: : uint64_t present : 1 ; // Must be 1, region invalid if 0.
ULONG64 ReadWrite : 1 ; // If 0, writes not allowed.
std: : uint64_t ReadWrite : 1 ; // If 0, writes not allowed.
ULONG64 user_supervisor : 1 ; // If 0, user-mode accesses not allowed.
std: : uint64_t user_supervisor : 1 ; // If 0, user-mode accesses not allowed.
ULONG64 PageWriteThrough : 1 ; // Determines the memory type used to access PDPT.
std: : uint64_t PageWriteThrough : 1 ; // Determines the memory type used to access PDPT.
ULONG64 page_cache : 1 ; // Determines the memory type used to access PDPT.
std: : uint64_t page_cache : 1 ; // Determines the memory type used to access PDPT.
ULONG64 accessed : 1 ; // If 0, this entry has not been used for translation.
std: : uint64_t accessed : 1 ; // If 0, this entry has not been used for translation.
ULONG64 Ignored1 : 1 ;
std: : uint64_t Ignored1 : 1 ;
ULONG64 page_size : 1 ; // Must be 0 for PML4E.
std: : uint64_t page_size : 1 ; // Must be 0 for PML4E.
ULONG64 Ignored2 : 4 ;
std: : uint64_t Ignored2 : 4 ;
ULONG64 pfn : 36 ; // The page frame number of the PDPT of this PML4E.
std: : uint64_t pfn : 36 ; // The page frame number of the PDPT of this PML4E.
ULONG64 Reserved : 4 ;
std: : uint64_t Reserved : 4 ;
ULONG64 Ignored3 : 11 ;
std: : uint64_t Ignored3 : 11 ;
ULONG64 nx : 1 ; // If 1, instruction fetches not allowed.
std: : uint64_t nx : 1 ; // If 1, instruction fetches not allowed.
} ;
} ;
} pml4e , * ppml4e ;
} pml4e , * ppml4e ;
static_assert ( sizeof ( pml4e ) = = sizeof ( PVOID ) , " Size mismatch, only 64-bit supported. " ) ;
static_assert ( sizeof ( pml4e ) = = sizeof ( PVOID ) , " Size mismatch, only 64-bit supported. " ) ;
typedef union _pdpte
typedef union _pdpte
{
{
ULONG64 value ;
std: : uint64_t value ;
struct
struct
{
{
ULONG64 present : 1 ; // Must be 1, region invalid if 0.
std: : uint64_t present : 1 ; // Must be 1, region invalid if 0.
ULONG64 rw : 1 ; // If 0, writes not allowed.
std: : uint64_t rw : 1 ; // If 0, writes not allowed.
ULONG64 user_supervisor : 1 ; // If 0, user-mode accesses not allowed.
std: : uint64_t user_supervisor : 1 ; // If 0, user-mode accesses not allowed.
ULONG64 PageWriteThrough : 1 ; // Determines the memory type used to access PD.
std: : uint64_t PageWriteThrough : 1 ; // Determines the memory type used to access PD.
ULONG64 page_cache : 1 ; // Determines the memory type used to access PD.
std: : uint64_t page_cache : 1 ; // Determines the memory type used to access PD.
ULONG64 accessed : 1 ; // If 0, this entry has not been used for translation.
std: : uint64_t accessed : 1 ; // If 0, this entry has not been used for translation.
ULONG64 Ignored1 : 1 ;
std: : uint64_t Ignored1 : 1 ;
ULONG64 page_size : 1 ; // If 1, this entry maps a 1GB page.
std: : uint64_t page_size : 1 ; // If 1, this entry maps a 1GB page.
ULONG64 Ignored2 : 4 ;
std: : uint64_t Ignored2 : 4 ;
ULONG64 pfn : 36 ; // The page frame number of the PD of this PDPTE.
std: : uint64_t pfn : 36 ; // The page frame number of the PD of this PDPTE.
ULONG64 Reserved : 4 ;
std: : uint64_t Reserved : 4 ;
ULONG64 Ignored3 : 11 ;
std: : uint64_t Ignored3 : 11 ;
ULONG64 nx : 1 ; // If 1, instruction fetches not allowed.
std: : uint64_t nx : 1 ; // If 1, instruction fetches not allowed.
} ;
} ;
} pdpte , * ppdpte ;
} pdpte , * ppdpte ;
static_assert ( sizeof ( pdpte ) = = sizeof ( PVOID ) , " Size mismatch, only 64-bit supported. " ) ;
static_assert ( sizeof ( pdpte ) = = sizeof ( PVOID ) , " Size mismatch, only 64-bit supported. " ) ;
typedef union _pde
typedef union _pde
{
{
ULONG64 value ;
std: : uint64_t value ;
struct
struct
{
{
ULONG64 present : 1 ; // Must be 1, region invalid if 0.
std: : uint64_t present : 1 ; // Must be 1, region invalid if 0.
ULONG64 rw : 1 ; // If 0, writes not allowed.
std: : uint64_t rw : 1 ; // If 0, writes not allowed.
ULONG64 user_supervisor : 1 ; // If 0, user-mode accesses not allowed.
std: : uint64_t user_supervisor : 1 ; // If 0, user-mode accesses not allowed.
ULONG64 PageWriteThrough : 1 ; // Determines the memory type used to access PT.
std: : uint64_t PageWriteThrough : 1 ; // Determines the memory type used to access PT.
ULONG64 page_cache : 1 ; // Determines the memory type used to access PT.
std: : uint64_t page_cache : 1 ; // Determines the memory type used to access PT.
ULONG64 accessed : 1 ; // If 0, this entry has not been used for translation.
std: : uint64_t accessed : 1 ; // If 0, this entry has not been used for translation.
ULONG64 Ignored1 : 1 ;
std: : uint64_t Ignored1 : 1 ;
ULONG64 page_size : 1 ; // If 1, this entry maps a 2MB page.
std: : uint64_t page_size : 1 ; // If 1, this entry maps a 2MB page.
ULONG64 Ignored2 : 4 ;
std: : uint64_t Ignored2 : 4 ;
ULONG64 pfn : 36 ; // The page frame number of the PT of this PDE.
std: : uint64_t pfn : 36 ; // The page frame number of the PT of this PDE.
ULONG64 Reserved : 4 ;
std: : uint64_t Reserved : 4 ;
ULONG64 Ignored3 : 11 ;
std: : uint64_t Ignored3 : 11 ;
ULONG64 nx : 1 ; // If 1, instruction fetches not allowed.
std: : uint64_t nx : 1 ; // If 1, instruction fetches not allowed.
} ;
} ;
} pde , * ppde ;
} pde , * ppde ;
static_assert ( sizeof ( pde ) = = sizeof ( PVOID ) , " Size mismatch, only 64-bit supported. " ) ;
static_assert ( sizeof ( pde ) = = sizeof ( PVOID ) , " Size mismatch, only 64-bit supported. " ) ;
typedef union _pte
typedef union _pte
{
{
ULONG64 value ;
std: : uint64_t value ;
struct
struct
{
{
ULONG64 present : 1 ; // Must be 1, region invalid if 0.
std: : uint64_t present : 1 ; // Must be 1, region invalid if 0.
ULONG64 rw : 1 ; // If 0, writes not allowed.
std: : uint64_t rw : 1 ; // If 0, writes not allowed.
ULONG64 user_supervisor : 1 ; // If 0, user-mode accesses not allowed.
std: : uint64_t user_supervisor : 1 ; // If 0, user-mode accesses not allowed.
ULONG64 PageWriteThrough : 1 ; // Determines the memory type used to access the memory.
std: : uint64_t PageWriteThrough : 1 ; // Determines the memory type used to access the memory.
ULONG64 page_cache : 1 ; // Determines the memory type used to access the memory.
std: : uint64_t page_cache : 1 ; // Determines the memory type used to access the memory.
ULONG64 accessed : 1 ; // If 0, this entry has not been used for translation.
std: : uint64_t accessed : 1 ; // If 0, this entry has not been used for translation.
ULONG64 Dirty : 1 ; // If 0, the memory backing this page has not been written to.
std: : uint64_t Dirty : 1 ; // If 0, the memory backing this page has not been written to.
ULONG64 PageAccessType : 1 ; // Determines the memory type used to access the memory.
std: : uint64_t PageAccessType : 1 ; // Determines the memory type used to access the memory.
ULONG64 Global : 1 ; // If 1 and the PGE bit of CR4 is set, translations are global.
std: : uint64_t Global : 1 ; // If 1 and the PGE bit of CR4 is set, translations are global.
ULONG64 Ignored2 : 3 ;
std: : uint64_t Ignored2 : 3 ;
ULONG64 pfn : 36 ; // The page frame number of the backing physical page.
std: : uint64_t pfn : 36 ; // The page frame number of the backing physical page.
ULONG64 reserved : 4 ;
std: : uint64_t reserved : 4 ;
ULONG64 Ignored3 : 7 ;
std: : uint64_t Ignored3 : 7 ;
ULONG64 ProtectionKey : 4 ; // If the PKE bit of CR4 is set, determines the protection key.
std: : uint64_t ProtectionKey : 4 ; // If the PKE bit of CR4 is set, determines the protection key.
ULONG64 nx : 1 ; // If 1, instruction fetches not allowed.
std: : uint64_t nx : 1 ; // If 1, instruction fetches not allowed.
} ;
} ;
} pte , * ppte ;
} pte , * ppte ;
static_assert ( sizeof ( pte ) = = sizeof ( PVOID ) , " Size mismatch, only 64-bit supported. " ) ;
static_assert ( sizeof ( pte ) = = sizeof ( PVOID ) , " Size mismatch, only 64-bit supported. " ) ;