_xeroxz
/
Voyager
2
2
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '34cacd54a9'
${ noResults }
Voyager/Voyager/example/util/nt.hpp

89 lines
3.1 KiB
Raw Blame History

#pragma once
#include <Windows.h>
#include <winternl.h>
#pragma comment(lib, "ntdll.lib")
#define PAGE_4KB 0x1000
constexpr auto SystemModuleInformation = 11;
typedef struct _RTL_PROCESS_MODULE_INFORMATION
{
HANDLE Section;
PVOID MappedBase;
PVOID ImageBase;
ULONG ImageSize;
ULONG Flags;
USHORT LoadOrderIndex;
USHORT InitOrderIndex;
USHORT LoadCount;
USHORT OffsetToFileName;
UCHAR FullPathName[256];
} RTL_PROCESS_MODULE_INFORMATION, * PRTL_PROCESS_MODULE_INFORMATION;
typedef struct _RTL_PROCESS_MODULES
{
ULONG NumberOfModules;
RTL_PROCESS_MODULE_INFORMATION Modules[1];
} RTL_PROCESS_MODULES, * PRTL_PROCESS_MODULES;
typedef LARGE_INTEGER PHYSICAL_ADDRESS, * PPHYSICAL_ADDRESS;
using PEPROCESS = PVOID;
using PsLookupProcessByProcessId = NTSTATUS(__fastcall*)(
HANDLE ProcessId,
PEPROCESS* Process
);
typedef union
{
std::uint64_t flags;
struct
{
std::uint64_t reserved1 : 3;
/**
* @brief Page-level Write-Through
*
* [Bit 3] Controls the memory type used to access the first paging structure of the current paging-structure hierarchy.
* This bit is not used if paging is disabled, with PAE paging, or with 4-level paging if CR4.PCIDE=1.
*
* @see Vol3A[4.9(PAGING AND MEMORY TYPING)]
*/
std::uint64_t page_level_write_through : 1;
#define CR3_PAGE_LEVEL_WRITE_THROUGH_BIT 3
#define CR3_PAGE_LEVEL_WRITE_THROUGH_FLAG 0x08
#define CR3_PAGE_LEVEL_WRITE_THROUGH_MASK 0x01
#define CR3_PAGE_LEVEL_WRITE_THROUGH(_) (((_) >> 3) & 0x01)
/**
* @brief Page-level Cache Disable
*
* [Bit 4] Controls the memory type used to access the first paging structure of the current paging-structure hierarchy.
* This bit is not used if paging is disabled, with PAE paging, or with 4-level paging2 if CR4.PCIDE=1.
*
* @see Vol3A[4.9(PAGING AND MEMORY TYPING)]
*/
std::uint64_t page_level_cache_disable : 1;
#define CR3_PAGE_LEVEL_CACHE_DISABLE_BIT 4
#define CR3_PAGE_LEVEL_CACHE_DISABLE_FLAG 0x10
#define CR3_PAGE_LEVEL_CACHE_DISABLE_MASK 0x01
#define CR3_PAGE_LEVEL_CACHE_DISABLE(_) (((_) >> 4) & 0x01)
std::uint64_t reserved2 : 7;
/**
* @brief Address of page directory
*
* [Bits 47:12] Physical address of the 4-KByte aligned page directory (32-bit paging) or PML4 table (64-bit paging) used
* for linear-address translation.
*
* @see Vol3A[4.3(32-BIT PAGING)]
* @see Vol3A[4.5(4-LEVEL PAGING)]
*/
std::uint64_t pml4_pfn : 36;
#define CR3_ADDRESS_OF_PAGE_DIRECTORY_BIT 12
#define CR3_ADDRESS_OF_PAGE_DIRECTORY_FLAG 0xFFFFFFFFF000
#define CR3_ADDRESS_OF_PAGE_DIRECTORY_MASK 0xFFFFFFFFF
#define CR3_ADDRESS_OF_PAGE_DIRECTORY(_) (((_) >> 12) & 0xFFFFFFFFF)
std::uint64_t reserved3 : 16;
};
} cr3;
Reference in new issue View Git Blame Copy Permalink