norsefire/kernelmode/ntapi.hpp

#pragma once

#include "ntstructs.hpp"

extern "C"
NTKERNELAPI
PVOID
NTAPI
PsGetProcessWow64Process(
	_In_ PEPROCESS Process
);

extern "C"
NTKERNELAPI
NTSTATUS
NTAPI
MmCopyVirtualMemory(
	_In_ PEPROCESS FromProcess,
	_In_ PVOID FromAddress,
	_In_ PEPROCESS ToProcess,
	_Out_ PVOID ToAddress,
	_In_ SIZE_T BufferSize,
	_In_ KPROCESSOR_MODE PreviousMode,
	_Out_ PSIZE_T NumberOfBytesCopied
);

extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ObReferenceObjectByName(
	_In_ PUNICODE_STRING ObjectName,
	_In_ ULONG Attributes,
	_In_opt_ PACCESS_STATE AccessState,
	_In_opt_ ACCESS_MASK DesiredAccess,
	_In_ POBJECT_TYPE ObjectType,
	_In_ KPROCESSOR_MODE AccessMode,
	_Inout_opt_ PVOID ParseContext,
	_Out_ PVOID* Object
);
1st 2020-09-01 14:54:17 +00:00			`#pragma once`

			`#include "ntstructs.hpp"`

			`extern "C"`
			`NTKERNELAPI`
			`PVOID`
			`NTAPI`
			`PsGetProcessWow64Process(`
			`_In_ PEPROCESS Process`
			`);`

			`extern "C"`
			`NTKERNELAPI`
			`NTSTATUS`
			`NTAPI`
			`MmCopyVirtualMemory(`
			`_In_ PEPROCESS FromProcess,`
			`_In_ PVOID FromAddress,`
			`_In_ PEPROCESS ToProcess,`
			`_Out_ PVOID ToAddress,`
			`_In_ SIZE_T BufferSize,`
			`_In_ KPROCESSOR_MODE PreviousMode,`
			`_Out_ PSIZE_T NumberOfBytesCopied`
			`);`

			`extern "C"`
			`NTSYSAPI`
			`NTSTATUS`
			`NTAPI`
			`ObReferenceObjectByName(`
			`_In_ PUNICODE_STRING ObjectName,`
			`_In_ ULONG Attributes,`
			`_In_opt_ PACCESS_STATE AccessState,`
			`_In_opt_ ACCESS_MASK DesiredAccess,`
			`_In_ POBJECT_TYPE ObjectType,`
			`_In_ KPROCESSOR_MODE AccessMode,`
			`_Inout_opt_ PVOID ParseContext,`
			`_Out_ PVOID* Object`
			`);`