Add Nt*VirtualMemory APIs

memory.go

@@ -0,0 +1,100 @@
+package ntdll
+
+//go:generate -command mkcode go run mkcode.go --
+//go:generate mkcode $GOFILE
+
+/*
+func:
+NTSTATUS NtAllocateVirtualMemory(
+    _In_ HANDLE ProcessHandle,
+    _Inout_ PVOID *BaseAddress,
+    _In_ ULONG_PTR ZeroBits,
+    _Inout_ PSIZE_T RegionSize,
+    _In_ ULONG AllocationType,
+    _In_ ULONG Protect
+);
+*/
+
+/*
+func:
+NTSTATUS NtFreeVirtualMemory(
+    _In_ HANDLE ProcessHandle,
+    _Inout_ PVOID *BaseAddress,
+    _Inout_ PSIZE_T RegionSize,
+    _In_ ULONG FreeType
+);
+*/
+
+/*
+func:
+NTSTATUS NtReadVirtualMemory(
+    _In_ HANDLE ProcessHandle,
+    _In_opt_ PVOID BaseAddress,
+    _Out_ PVOID Buffer,
+    _In_ SIZE_T BufferSize,
+    _Out_opt_ PSIZE_T NumberOfBytesRead
+    );
+*/
+
+/*
+func:
+NTSTATUS NtWriteVirtualMemory(
+    _In_ HANDLE ProcessHandle,
+    _In_opt_ PVOID BaseAddress,
+    _In_ PVOID Buffer,
+    _In_ SIZE_T BufferSize,
+    _Out_opt_ PSIZE_T NumberOfBytesWritten
+    );
+*/
+
+/*
+func:
+NTSTATUS NtProtectVirtualMemory(
+    _In_ HANDLE ProcessHandle,
+    _Inout_ PVOID *BaseAddress,
+    _Inout_ PSIZE_T RegionSize,
+    _In_ ULONG NewProtect,
+    _Out_ PULONG OldProtect
+);
+*/
+
+/*
+func:
+NTSTATUS NtQueryVirtualMemory(
+    _In_ HANDLE ProcessHandle,
+    _In_opt_ PVOID BaseAddress,
+    _In_ MEMORY_INFORMATION_CLASS MemoryInformationClass,
+    _Out_ PVOID MemoryInformation,
+    _In_ SIZE_T MemoryInformationLength,
+    _Out_opt_ PSIZE_T ReturnLength
+);
+*/
+
+/*
+func:
+NTSTATUS NtFlushVirtualMemory(
+    _In_ HANDLE ProcessHandle,
+    _Inout_ PVOID *BaseAddress,
+    _Inout_ PSIZE_T RegionSize,
+    _Out_ PIO_STATUS_BLOCK IoStatus
+);
+*/
+
+/*
+enum:
+typedef enum _MEMORY_INFORMATION_CLASS
+{
+    MemoryBasicInformation,
+    MemoryWorkingSetInformation,
+    MemoryMappedFilenameInformation,
+    MemoryRegionInformation,
+    MemoryWorkingSetExInformation,
+    MemorySharedCommitInformation,
+    MemoryImageInformation,
+    MemoryRegionInformationEx,
+    MemoryPrivilegedBasicInformation,
+    MemoryEnclaveImageInformation,
+    MemoryBasicInformationCapped,
+    MemoryPhysicalContiguityInformation,
+} MEMORY_INFORMATION_CLASS;
+*/

memory_generated.go

@@ -0,0 +1,151 @@
+// This file was autogenerated using go run mkcode.go -- memory.go
+// DO NOT EDIT.
+
+package ntdll
+
+import "unsafe"
+
+// The MemoryInformationClass constants have been derived from the MEMORY_INFORMATION_CLASS enum definition.
+type MemoryInformationClass uint32
+
+const (
+	MemoryBasicInformation              MemoryInformationClass = 0
+	MemoryWorkingSetInformation                                = 1
+	MemoryMappedFilenameInformation                            = 2
+	MemoryRegionInformation                                    = 3
+	MemoryWorkingSetExInformation                              = 4
+	MemorySharedCommitInformation                              = 5
+	MemoryImageInformation                                     = 6
+	MemoryRegionInformationEx                                  = 7
+	MemoryPrivilegedBasicInformation                           = 8
+	MemoryEnclaveImageInformation                              = 9
+	MemoryBasicInformationCapped                               = 10
+	MemoryPhysicalContiguityInformation                        = 11
+)
+
+var (
+	procNtAllocateVirtualMemory = modntdll.NewProc("NtAllocateVirtualMemory")
+	procNtFreeVirtualMemory     = modntdll.NewProc("NtFreeVirtualMemory")
+	procNtReadVirtualMemory     = modntdll.NewProc("NtReadVirtualMemory")
+	procNtWriteVirtualMemory    = modntdll.NewProc("NtWriteVirtualMemory")
+	procNtProtectVirtualMemory  = modntdll.NewProc("NtProtectVirtualMemory")
+	procNtQueryVirtualMemory    = modntdll.NewProc("NtQueryVirtualMemory")
+	procNtFlushVirtualMemory    = modntdll.NewProc("NtFlushVirtualMemory")
+)
+
+// INOUT-parameter: BaseAddress, RegionSize.
+func NtAllocateVirtualMemory(
+	ProcessHandle Handle,
+	BaseAddress *byte,
+	ZeroBits *uint32,
+	RegionSize *uintptr,
+	AllocationType uint32,
+	Protect uint32,
+) NtStatus {
+	r0, _, _ := procNtAllocateVirtualMemory.Call(uintptr(ProcessHandle),
+		uintptr(unsafe.Pointer(BaseAddress)),
+		uintptr(unsafe.Pointer(ZeroBits)),
+		uintptr(unsafe.Pointer(RegionSize)),
+		uintptr(AllocationType),
+		uintptr(Protect))
+	return NtStatus(r0)
+}
+
+// INOUT-parameter: BaseAddress, RegionSize.
+func NtFreeVirtualMemory(
+	ProcessHandle Handle,
+	BaseAddress *byte,
+	RegionSize *uintptr,
+	FreeType uint32,
+) NtStatus {
+	r0, _, _ := procNtFreeVirtualMemory.Call(uintptr(ProcessHandle),
+		uintptr(unsafe.Pointer(BaseAddress)),
+		uintptr(unsafe.Pointer(RegionSize)),
+		uintptr(FreeType))
+	return NtStatus(r0)
+}
+
+// OUT-parameter: Buffer, NumberOfBytesRead.
+// *OPT-parameter: BaseAddress, NumberOfBytesRead.
+func NtReadVirtualMemory(
+	ProcessHandle Handle,
+	BaseAddress *byte,
+	Buffer *byte,
+	BufferSize uintptr,
+	NumberOfBytesRead *uintptr,
+) NtStatus {
+	r0, _, _ := procNtReadVirtualMemory.Call(uintptr(ProcessHandle),
+		uintptr(unsafe.Pointer(BaseAddress)),
+		uintptr(unsafe.Pointer(Buffer)),
+		uintptr(BufferSize),
+		uintptr(unsafe.Pointer(NumberOfBytesRead)))
+	return NtStatus(r0)
+}
+
+// OUT-parameter: NumberOfBytesWritten.
+// *OPT-parameter: BaseAddress, NumberOfBytesWritten.
+func NtWriteVirtualMemory(
+	ProcessHandle Handle,
+	BaseAddress *byte,
+	Buffer *byte,
+	BufferSize uintptr,
+	NumberOfBytesWritten *uintptr,
+) NtStatus {
+	r0, _, _ := procNtWriteVirtualMemory.Call(uintptr(ProcessHandle),
+		uintptr(unsafe.Pointer(BaseAddress)),
+		uintptr(unsafe.Pointer(Buffer)),
+		uintptr(BufferSize),
+		uintptr(unsafe.Pointer(NumberOfBytesWritten)))
+	return NtStatus(r0)
+}
+
+// OUT-parameter: OldProtect.
+// INOUT-parameter: BaseAddress, RegionSize.
+func NtProtectVirtualMemory(
+	ProcessHandle Handle,
+	BaseAddress *byte,
+	RegionSize *uintptr,
+	NewProtect uint32,
+	OldProtect *uint32,
+) NtStatus {
+	r0, _, _ := procNtProtectVirtualMemory.Call(uintptr(ProcessHandle),
+		uintptr(unsafe.Pointer(BaseAddress)),
+		uintptr(unsafe.Pointer(RegionSize)),
+		uintptr(NewProtect),
+		uintptr(unsafe.Pointer(OldProtect)))
+	return NtStatus(r0)
+}
+
+// OUT-parameter: MemoryInformation, ReturnLength.
+// *OPT-parameter: BaseAddress, ReturnLength.
+func NtQueryVirtualMemory(
+	ProcessHandle Handle,
+	BaseAddress *byte,
+	MemoryInformationClass MemoryInformationClass,
+	MemoryInformation *byte,
+	MemoryInformationLength uintptr,
+	ReturnLength *uintptr,
+) NtStatus {
+	r0, _, _ := procNtQueryVirtualMemory.Call(uintptr(ProcessHandle),
+		uintptr(unsafe.Pointer(BaseAddress)),
+		uintptr(MemoryInformationClass),
+		uintptr(unsafe.Pointer(MemoryInformation)),
+		uintptr(MemoryInformationLength),
+		uintptr(unsafe.Pointer(ReturnLength)))
+	return NtStatus(r0)
+}
+
+// OUT-parameter: IoStatus.
+// INOUT-parameter: BaseAddress, RegionSize.
+func NtFlushVirtualMemory(
+	ProcessHandle Handle,
+	BaseAddress *byte,
+	RegionSize *uintptr,
+	IoStatus *IoStatusBlock,
+) NtStatus {
+	r0, _, _ := procNtFlushVirtualMemory.Call(uintptr(ProcessHandle),
+		uintptr(unsafe.Pointer(BaseAddress)),
+		uintptr(unsafe.Pointer(RegionSize)),
+		uintptr(unsafe.Pointer(IoStatus)))
+	return NtStatus(r0)
+}