-
-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathsection.go
152 lines (134 loc) · 3.01 KB
/
section.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
package ntdll
//go:generate -command mkcode go run mkcode.go --
//go:generate mkcode $GOFILE
/*
func:
NTSTATUS NtCreateSection (
_Out_ PHANDLE SectionHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_opt_ PLARGE_INTEGER MaximumSize,
_In_ ULONG SectionPageProtection,
_In_ ULONG AllocationAttributes,
_In_opt_ HANDLE FileHandle
);
*/
/*
func:
NTSTATUS NtExtendSection (
_In_ HANDLE SectionHandle,
_Inout_ PLARGE_INTEGER NewSectionSize
);
*/
/*
func:
NTSTATUS NtMapViewOfSection(
_In_ HANDLE SectionHandle,
_In_ HANDLE ProcessHandle,
_Inout_ PVOID *BaseAddress,
_In_ ULONG_PTR ZeroBits,
_In_ SIZE_T CommitSize,
_Inout_opt_ PLARGE_INTEGER SectionOffset,
_Inout_ PSIZE_T ViewSize,
_In_ SECTION_INHERIT InheritDisposition,
_In_ ULONG AllocationType,
_In_ ULONG Win32Protect
);
*/
/*
func:
NTSTATUS NtOpenSection(
_Out_ PHANDLE SectionHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes
);
*/
/*
func:
NTSTATUS NtQuerySection(
_In_ HANDLE SectionHandle,
_In_ SECTION_INFORMATION_CLASS SectionInformationClass,
_Out_ PVOID SectionInformation,
_In_ SIZE_T SectionInformationLength,
_Out_opt_ PSIZE_T ReturnLength
);
*/
/*
enum:
typedef enum _SECTION_INFORMATION_CLASS {
SectionBasicInformation,
SectionImageInformation,
SectionRelocationInformation,
SectionOriginalBaseInformation,
SectionInternalImageInformation,
} SECTION_INFORMATION_CLASS;
*/
/*
type:
typedef struct _SECTION_BASIC_INFORMATION {
PVOID BaseAddress;
ULONG AllocationAttributes;
LARGE_INTEGER MaximumSize;
} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
*/
/*
type:
typedef struct _SECTION_IMAGE_INFORMATION
{
PVOID TransferAddress;
ULONG ZeroBits;
SIZE_T MaximumStackSize;
SIZE_T CommittedStackSize;
ULONG SubSystemType;
ULONG SubSystemVersion;
ULONG OperatingSystemVersion;
USHORT ImageCharacteristics;
USHORT DllCharacteristics;
USHORT Machine;
BOOLEAN ImageContainsCode;
UCHAR ImageFlags;
ULONG LoaderFlags;
ULONG ImageFileSize;
ULONG CheckSum;
} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
*/
func (i SectionImageInformationT) ComPlusNativeReady() bool {
return i.ImageFlags&1 != 0
}
func (i SectionImageInformationT) ComPlusILOnly() bool {
return i.ImageFlags&2 != 0
}
func (i SectionImageInformationT) ImageDynamicallyRelocated() bool {
return i.ImageFlags&4 != 0
}
func (i SectionImageInformationT) ImageMappedFlat() bool {
return i.ImageFlags&8 != 0
}
func (i SectionImageInformationT) BaseBelow4gb() bool {
return i.ImageFlags&16 != 0
}
func (i SectionImageInformationT) ComPlusPrefer32bit() bool {
return i.ImageFlags&32 != 0
}
/*
func:
NTSTATUS NtUnmapViewOfSection (
_In_ HANDLE ProcessHandle,
_In_opt_ PVOID BaseAddress
);
*/
/*
func:
NTSTATUS NtUnmapViewOfSectionEx (
_In_ HANDLE ProcessHandle,
_In_opt_ PVOID BaseAddress,
_In_ ULONG Flags
);
*/
/*
enum:
typedef enum _SECTION_INHERIT {
ViewShare = 1,
ViewUnmap = 2
} SECTION_INHERIT;
*/