Add more MEMORY_*_INFORMATION structs, implement union accessors

memory.go

@@ -169,7 +169,60 @@ typedef struct _MEMORY_WORKING_SET_BLOCK
 
 type MemoryWorkingSetBlock uintptr
 
-// TODO: Add MemoryWorkingSetBlock accessors
+func (b MemoryWorkingSetBlock) Protection() uintptr {
+	return uintptr(b) & 31
+}
+
+func (b MemoryWorkingSetBlock) ShareCount() uintptr {
+	return (uintptr(b) >> 5) & 7
+}
+
+func (b MemoryWorkingSetBlock) Shared() bool {
+	return (b>>8)&1 != 0
+}
+
+func (b MemoryWorkingSetBlock) Node() uintptr {
+	return (uintptr(b) >> 9) & 7
+}
+
+func (b MemoryWorkingSetBlock) VirtualPage() uintptr {
+	return uintptr(b) >> 12
+}
+
+/*
+NOTE: type contains unions -- define below.
+
+typedef struct _MEMORY_REGION_INFORMATION
+{
+    PVOID AllocationBase;
+    ULONG AllocationProtect;
+    union
+    {
+        ULONG RegionType;
+        struct
+        {
+            ULONG Private : 1;
+            ULONG MappedDataFile : 1;
+            ULONG MappedImage : 1;
+            ULONG MappedPageFile : 1;
+            ULONG MappedPhysical : 1;
+            ULONG DirectMapped : 1;
+            ULONG SoftwareEnclave : 1; // REDSTONE3
+            ULONG PageSize64K : 1;
+            ULONG PlaceholderReservation : 1; // REDSTONE4
+            ULONG MappedAwe : 1; // 21H1
+            ULONG MappedWriteWatch : 1;
+            ULONG PageSizeLarge : 1;
+            ULONG PageSizeHuge : 1;
+            ULONG Reserved : 19;
+        };
+    };
+    SIZE_T RegionSize;
+    SIZE_T CommitSize;
+    ULONG_PTR PartitionId; // 19H1
+    ULONG_PTR NodePreference; // 20H1
+} MEMORY_REGION_INFORMATION, *PMEMORY_REGION_INFORMATION;
+*/
 
 /*
 type:
@@ -179,9 +232,64 @@ typedef struct _MEMORY_REGION_INFORMATION
     ULONG AllocationProtect;
     ULONG RegionType;
     SIZE_T RegionSize;
+    SIZE_T CommitSize;
+    ULONG_PTR PartitionId;
+    ULONG_PTR NodePreference;
 } MEMORY_REGION_INFORMATION, *PMEMORY_REGION_INFORMATION;
 */
 
+func (i *MemoryRegionInformationT) Private() bool {
+	return i.RegionType&1 != 0
+}
+
+func (i *MemoryRegionInformationT) MappedDataFile() bool {
+	return (i.RegionType>>1)&1 != 0
+}
+
+func (i *MemoryRegionInformationT) MappedImage() bool {
+	return (i.RegionType>>2)&1 != 0
+}
+
+func (i *MemoryRegionInformationT) MappedPageFile() bool {
+	return (i.RegionType>>3)&1 != 0
+}
+
+func (i *MemoryRegionInformationT) MappedPhysical() bool {
+	return (i.RegionType>>4)&1 != 0
+}
+
+func (i *MemoryRegionInformationT) DirectMapped() bool {
+	return (i.RegionType>>5)&1 != 0
+}
+
+func (i *MemoryRegionInformationT) SoftwareEnclave() bool {
+	return (i.RegionType>>6)&1 != 0
+}
+
+func (i *MemoryRegionInformationT) PageSize64K() bool {
+	return (i.RegionType>>7)&1 != 0
+}
+
+func (i *MemoryRegionInformationT) PlaceholderReservation() bool {
+	return (i.RegionType>>8)&1 != 0
+}
+
+func (i *MemoryRegionInformationT) MappedAwe() bool {
+	return (i.RegionType>>9)&1 != 0
+}
+
+func (i *MemoryRegionInformationT) MappedWriteWatch() bool {
+	return (i.RegionType>>10)&1 != 0
+}
+
+func (i *MemoryRegionInformationT) PageSizeLarge() bool {
+	return (i.RegionType>>11)&1 != 0
+}
+
+func (i *MemoryRegionInformationT) PageSizeHuge() bool {
+	return (i.RegionType>>12)&1 != 0
+}
+
 /*
 type:
 typedef struct _MEMORY_WORKING_SET_EX_INFORMATION
@@ -238,7 +346,45 @@ typedef struct _MEMORY_WORKING_SET_EX_BLOCK
 
 type MemoryWorkingSetExBlock uintptr
 
-// TODO: Add MemoryWorkingSetExBlock accessors
+func (b MemoryWorkingSetExBlock) Valid() bool {
+	return b&1 != 0
+}
+
+func (b MemoryWorkingSetExBlock) ShareCount() uintptr {
+	return (uintptr(b) >> 1) & ((1 << 3) - 1)
+}
+
+func (b MemoryWorkingSetExBlock) Win32Protection() uintptr {
+	return (uintptr(b) >> 4) & ((1 << 11) - 1)
+}
+
+func (b MemoryWorkingSetExBlock) Shared() bool {
+	return b&(1<<15) != 0
+}
+
+func (b MemoryWorkingSetExBlock) Node() uintptr {
+	return (uintptr(b) >> 16) & ((1 << 6) - 1)
+}
+
+func (b MemoryWorkingSetExBlock) Locked() bool {
+	return b&(1<<15) != 0
+}
+
+func (b MemoryWorkingSetExBlock) LargePage() bool {
+	return b&(1<<16) != 0
+}
+
+func (b MemoryWorkingSetExBlock) Priority() uintptr {
+	return (uintptr(b) >> 24) & ((1 << 3) - 1)
+}
+
+func (b MemoryWorkingSetExBlock) SharedOriginal() bool {
+	return b&(1<<30) != 0
+}
+
+func (b MemoryWorkingSetExBlock) Bad() bool {
+	return b&(1<<31) != 0
+}
 
 /*
 type:
@@ -247,3 +393,46 @@ typedef struct _MEMORY_SHARED_COMMIT_INFORMATION
     SIZE_T CommitSize;
 } MEMORY_SHARED_COMMIT_INFORMATION, *PMEMORY_SHARED_COMMIT_INFORMATION;
 */
+
+/*
+NOTE: type contains unions -- define below.
+
+typedef struct _MEMORY_IMAGE_INFORMATION
+{
+    PVOID ImageBase;
+    SIZE_T SizeOfImage;
+    union
+    {
+        ULONG ImageFlags;
+        struct
+        {
+            ULONG ImagePartialMap : 1;
+            ULONG ImageNotExecutable : 1;
+            ULONG ImageSigningLevel : 4; // REDSTONE3
+            ULONG Reserved : 26;
+        };
+    };
+} MEMORY_IMAGE_INFORMATION, *PMEMORY_IMAGE_INFORMATION;
+*/
+
+/*
+type:
+typedef struct _MEMORY_IMAGE_INFORMATION
+{
+    PVOID ImageBase;
+    SIZE_T SizeOfImage;
+    ULONG ImageFlags;
+} MEMORY_IMAGE_INFORMATION, *PMEMORY_IMAGE_INFORMATION;
+*/
+
+func (i MemoryImageInformationT) PartialMap() bool {
+	return i.ImageFlags&1 != 0
+}
+
+func (i MemoryImageInformationT) NotExecutable() bool {
+	return (i.ImageFlags>>1)&1 != 0
+}
+
+func (i MemoryImageInformationT) SigningLevel() uintptr {
+	return (uintptr(i.ImageFlags) >> 2) & 15
+}

memory_generated.go

@@ -81,6 +81,9 @@ type MemoryRegionInformationT struct {
 	AllocationProtect uint32
 	RegionType        uint32
 	RegionSize        uintptr
+	CommitSize        uintptr
+	PartitionId       *uint32
+	NodePreference    *uint32
 }
 
 // MemoryWorkingSetExInformationT has been derived from the MEMORY_WORKING_SET_EX_INFORMATION struct definition.
@@ -94,6 +97,13 @@ type MemorySharedCommitInformationT struct {
 	CommitSize uintptr
 }
 
+// MemoryImageInformationT has been derived from the MEMORY_IMAGE_INFORMATION struct definition.
+type MemoryImageInformationT struct {
+	ImageBase   *byte
+	SizeOfImage uintptr
+	ImageFlags  uint32
+}
+
 // INOUT-parameter: BaseAddress, RegionSize.
 func NtAllocateVirtualMemory(
 	ProcessHandle Handle,