-
-
Notifications
You must be signed in to change notification settings - Fork 12
/
section_generated.go
170 lines (154 loc) · 4.95 KB
/
section_generated.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
// This file was autogenerated using go run mkcode.go -- section.go
// DO NOT EDIT.
package ntdll
import "unsafe"
// The SectionInformationClass constants have been derived from the SECTION_INFORMATION_CLASS enum definition.
type SectionInformationClass uint32
const (
SectionBasicInformation SectionInformationClass = 0
SectionImageInformation = 1
SectionRelocationInformation = 2
SectionOriginalBaseInformation = 3
SectionInternalImageInformation = 4
)
// The SectionInherit constants have been derived from the SECTION_INHERIT enum definition.
type SectionInherit uint32
const (
ViewShare SectionInherit = 1
ViewUnmap = 2
)
var (
procNtCreateSection = modntdll.NewProc("NtCreateSection")
procNtExtendSection = modntdll.NewProc("NtExtendSection")
procNtMapViewOfSection = modntdll.NewProc("NtMapViewOfSection")
procNtOpenSection = modntdll.NewProc("NtOpenSection")
procNtQuerySection = modntdll.NewProc("NtQuerySection")
procNtUnmapViewOfSection = modntdll.NewProc("NtUnmapViewOfSection")
procNtUnmapViewOfSectionEx = modntdll.NewProc("NtUnmapViewOfSectionEx")
)
// SectionBasicInformationT has been derived from the SECTION_BASIC_INFORMATION struct definition.
type SectionBasicInformationT struct {
BaseAddress *byte
AllocationAttributes uint32
MaximumSize int64
}
// SectionImageInformationT has been derived from the SECTION_IMAGE_INFORMATION struct definition.
type SectionImageInformationT struct {
TransferAddress *byte
ZeroBits uint32
MaximumStackSize uintptr
CommittedStackSize uintptr
SubSystemType uint32
SubSystemVersion uint32
OperatingSystemVersion uint32
ImageCharacteristics uint16
DllCharacteristics uint16
Machine uint16
ImageContainsCode bool
ImageFlags byte
LoaderFlags uint32
ImageFileSize uint32
CheckSum uint32
}
// OUT-parameter: SectionHandle.
// *OPT-parameter: ObjectAttributes, MaximumSize, FileHandle.
func NtCreateSection(
SectionHandle *Handle,
DesiredAccess AccessMask,
ObjectAttributes *ObjectAttributes,
MaximumSize *int64,
SectionPageProtection uint32,
AllocationAttributes uint32,
FileHandle Handle,
) NtStatus {
r0, _, _ := procNtCreateSection.Call(uintptr(unsafe.Pointer(SectionHandle)),
uintptr(DesiredAccess),
uintptr(unsafe.Pointer(ObjectAttributes)),
uintptr(unsafe.Pointer(MaximumSize)),
uintptr(SectionPageProtection),
uintptr(AllocationAttributes),
uintptr(FileHandle))
return NtStatus(r0)
}
// INOUT-parameter: NewSectionSize.
func NtExtendSection(
SectionHandle Handle,
NewSectionSize *int64,
) NtStatus {
r0, _, _ := procNtExtendSection.Call(uintptr(SectionHandle),
uintptr(unsafe.Pointer(NewSectionSize)))
return NtStatus(r0)
}
// INOUT-parameter: BaseAddress, SectionOffset, ViewSize.
// *OPT-parameter: SectionOffset.
func NtMapViewOfSection(
SectionHandle Handle,
ProcessHandle Handle,
BaseAddress *byte,
ZeroBits *uint32,
CommitSize uintptr,
SectionOffset *int64,
ViewSize *uintptr,
InheritDisposition SectionInherit,
AllocationType uint32,
Win32Protect uint32,
) NtStatus {
r0, _, _ := procNtMapViewOfSection.Call(uintptr(SectionHandle),
uintptr(ProcessHandle),
uintptr(unsafe.Pointer(BaseAddress)),
uintptr(unsafe.Pointer(ZeroBits)),
uintptr(CommitSize),
uintptr(unsafe.Pointer(SectionOffset)),
uintptr(unsafe.Pointer(ViewSize)),
uintptr(InheritDisposition),
uintptr(AllocationType),
uintptr(Win32Protect))
return NtStatus(r0)
}
// OUT-parameter: SectionHandle.
func NtOpenSection(
SectionHandle *Handle,
DesiredAccess AccessMask,
ObjectAttributes *ObjectAttributes,
) NtStatus {
r0, _, _ := procNtOpenSection.Call(uintptr(unsafe.Pointer(SectionHandle)),
uintptr(DesiredAccess),
uintptr(unsafe.Pointer(ObjectAttributes)))
return NtStatus(r0)
}
// OUT-parameter: SectionInformation, ReturnLength.
// *OPT-parameter: ReturnLength.
func NtQuerySection(
SectionHandle Handle,
SectionInformationClass SectionInformationClass,
SectionInformation *byte,
SectionInformationLength uintptr,
ReturnLength *uintptr,
) NtStatus {
r0, _, _ := procNtQuerySection.Call(uintptr(SectionHandle),
uintptr(SectionInformationClass),
uintptr(unsafe.Pointer(SectionInformation)),
uintptr(SectionInformationLength),
uintptr(unsafe.Pointer(ReturnLength)))
return NtStatus(r0)
}
// *OPT-parameter: BaseAddress.
func NtUnmapViewOfSection(
ProcessHandle Handle,
BaseAddress *byte,
) NtStatus {
r0, _, _ := procNtUnmapViewOfSection.Call(uintptr(ProcessHandle),
uintptr(unsafe.Pointer(BaseAddress)))
return NtStatus(r0)
}
// *OPT-parameter: BaseAddress.
func NtUnmapViewOfSectionEx(
ProcessHandle Handle,
BaseAddress *byte,
Flags uint32,
) NtStatus {
r0, _, _ := procNtUnmapViewOfSectionEx.Call(uintptr(ProcessHandle),
uintptr(unsafe.Pointer(BaseAddress)),
uintptr(Flags))
return NtStatus(r0)
}