You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35 lines
829 B
35 lines
829 B
4 years ago
|
#pragma once
|
||
|
|
#include <Windows.h>
|
||
|
|
#include <winternl.h>
|
||
|
|
|
||
|
|
#pragma comment(lib, "ntdll.lib")
|
||
|
|
#define PAGE_4KB 0x1000
|
||
|
|
|
||
|
|
constexpr auto SystemModuleInformation = 11;
|
||
|
|
typedef struct _RTL_PROCESS_MODULE_INFORMATION
|
||
|
|
{
|
||
|
|
HANDLE Section;
|
||
|
|
PVOID MappedBase;
|
||
|
|
PVOID ImageBase;
|
||
|
|
ULONG ImageSize;
|
||
|
|
ULONG Flags;
|
||
|
|
USHORT LoadOrderIndex;
|
||
|
|
USHORT InitOrderIndex;
|
||
|
|
USHORT LoadCount;
|
||
|
|
USHORT OffsetToFileName;
|
||
|
|
UCHAR FullPathName[256];
|
||
|
|
} RTL_PROCESS_MODULE_INFORMATION, * PRTL_PROCESS_MODULE_INFORMATION;
|
||
|
|
|
||
|
|
typedef struct _RTL_PROCESS_MODULES
|
||
|
|
{
|
||
|
|
ULONG NumberOfModules;
|
||
|
|
RTL_PROCESS_MODULE_INFORMATION Modules[1];
|
||
|
|
} RTL_PROCESS_MODULES, * PRTL_PROCESS_MODULES;
|
||
|
|
|
||
|
|
typedef LARGE_INTEGER PHYSICAL_ADDRESS, * PPHYSICAL_ADDRESS;
|
||
|
|
|
||
|
|
using PEPROCESS = PVOID;
|
||
|
|
using PsLookupProcessByProcessId = NTSTATUS(__fastcall*)(
|
||
|
|
HANDLE ProcessId,
|
||
|
|
PEPROCESS* Process
|
||
|
|
);
|