norsefire/kernelmode/ntapi.hpp

40 lines
706 B
C++

#pragma once
#include "ntstructs.hpp"
extern "C"
NTKERNELAPI
PVOID
NTAPI
PsGetProcessWow64Process(
_In_ PEPROCESS Process
);
extern "C"
NTKERNELAPI
NTSTATUS
NTAPI
MmCopyVirtualMemory(
_In_ PEPROCESS FromProcess,
_In_ PVOID FromAddress,
_In_ PEPROCESS ToProcess,
_Out_ PVOID ToAddress,
_In_ SIZE_T BufferSize,
_In_ KPROCESSOR_MODE PreviousMode,
_Out_ PSIZE_T NumberOfBytesCopied
);
extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ObReferenceObjectByName(
_In_ PUNICODE_STRING ObjectName,
_In_ ULONG Attributes,
_In_opt_ PACCESS_STATE AccessState,
_In_opt_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_TYPE ObjectType,
_In_ KPROCESSOR_MODE AccessMode,
_Inout_opt_ PVOID ParseContext,
_Out_ PVOID* Object
);