1 files changed, 112 insertions, 0 deletions
diff --git a/section.h b/section.h
new file mode 100644
index 0000000..7e41076
--- /dev/null
+++ b/section.h
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *              section.h
+ *
+ * Abstract:
+ *
+ *              This module defines various types used by section hooking related routines.
+ *
+ * Author:
+ *
+ *              Eugene Tsyrklevich 29-Feb-2004
+ *
+ * Revision History:
+ *
+ *              None.
+ */
+#ifndef __MEMORY_H__
+#define __MEMORY_H__
+/*
+ * "Section objects are objects that can be mapped into the virtual address space of a process.
+ * The Win32 API refers to section objects as file-mapping objects.
+ *
+ * ZwOpenSection opens a section object." [NAR]
+ */
+typedef NTSTATUS (*fpZwOpenSection) (
+    OUT PHANDLE  SectionHandle,
+    IN ACCESS_MASK  DesiredAccess,
+    IN POBJECT_ATTRIBUTES  ObjectAttributes
+    );
+NTSTATUS
+NTAPI
+HookedNtOpenSection(
+    OUT PHANDLE  SectionHandle,
+    IN ACCESS_MASK  DesiredAccess,
+    IN POBJECT_ATTRIBUTES  ObjectAttributes
+        );
+/*
+ * ZwCreateSection creates a section object. [NAR]
+ */
+typedef NTSTATUS (*fpZwCreateSection) (
+        OUT PHANDLE SectionHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes,
+        IN PLARGE_INTEGER SectionSize OPTIONAL,
+        IN ULONG Protect,
+        IN ULONG Attributes,
+        IN HANDLE FileHandle
+        );
+NTSTATUS
+NTAPI
+HookedNtCreateSection(
+        OUT PHANDLE SectionHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN POBJECT_ATTRIBUTES ObjectAttributes,
+        IN PLARGE_INTEGER SectionSize OPTIONAL,
+        IN ULONG Protect,
+        IN ULONG Attributes,
+        IN HANDLE FileHandle
+        );
+/*
+ * ZwMapViewOfSection maps a view of a section to a range of virtual addresses. [NAR]
+ */
+typedef NTSTATUS (*fpZwMapViewOfSection) (
+        IN HANDLE SectionHandle,
+        IN HANDLE ProcessHandle,
+        IN OUT PVOID *BaseAddress,
+        IN ULONG ZeroBits,
+        IN ULONG CommitSize,
+        IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
+        IN OUT PULONG ViewSize,
+        IN SECTION_INHERIT InheritDisposition,
+        IN ULONG AllocationType,
+        IN ULONG Protect
+        );
+NTSTATUS
+NTAPI
+HookedNtMapViewOfSection(
+        IN HANDLE SectionHandle,
+        IN HANDLE ProcessHandle,
+        IN OUT PVOID *BaseAddress,
+        IN ULONG ZeroBits,
+        IN ULONG CommitSize,
+        IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
+        IN OUT PULONG ViewSize,
+        IN SECTION_INHERIT InheritDisposition,
+        IN ULONG AllocationType,
+        IN ULONG Protect
+        );
+BOOLEAN InitSectionHooks();
+#endif  /* __MEMORY_H__ */

diff --git a/section.h b/section.h new file mode 100644 index 0000000..7e41076 --- /dev/null +++ b/section.h
@@ -0,0 +1,112 @@
	1	/*
	2	* Copyright (c) 2004 Security Architects Corporation. All rights reserved.
	3	*
	4	* Module Name:
	5	*
	6	* section.h
	7	*
	8	* Abstract:
	9	*
	10	* This module defines various types used by section hooking related routines.
	11	*
	12	* Author:
	13	*
	14	* Eugene Tsyrklevich 29-Feb-2004
	15	*
	16	* Revision History:
	17	*
	18	* None.
	19	*/
	20
	21	#ifndef __MEMORY_H__
	22	#define __MEMORY_H__
	23
	24
	25
	26	/*
	27	* "Section objects are objects that can be mapped into the virtual address space of a process.
	28	* The Win32 API refers to section objects as file-mapping objects.
	29	*
	30	* ZwOpenSection opens a section object." [NAR]
	31	*/
	32
	33	typedef NTSTATUS (*fpZwOpenSection) (
	34	OUT PHANDLE SectionHandle,
	35	IN ACCESS_MASK DesiredAccess,
	36	IN POBJECT_ATTRIBUTES ObjectAttributes
	37	);
	38
	39
	40	NTSTATUS
	41	NTAPI
	42	HookedNtOpenSection(
	43	OUT PHANDLE SectionHandle,
	44	IN ACCESS_MASK DesiredAccess,
	45	IN POBJECT_ATTRIBUTES ObjectAttributes
	46	);
	47
	48
	49	/*
	50	* ZwCreateSection creates a section object. [NAR]
	51	*/
	52
	53	typedef NTSTATUS (*fpZwCreateSection) (
	54	OUT PHANDLE SectionHandle,
	55	IN ACCESS_MASK DesiredAccess,
	56	IN POBJECT_ATTRIBUTES ObjectAttributes,
	57	IN PLARGE_INTEGER SectionSize OPTIONAL,
	58	IN ULONG Protect,
	59	IN ULONG Attributes,
	60	IN HANDLE FileHandle
	61	);
	62
	63	NTSTATUS
	64	NTAPI
	65	HookedNtCreateSection(
	66	OUT PHANDLE SectionHandle,
	67	IN ACCESS_MASK DesiredAccess,
	68	IN POBJECT_ATTRIBUTES ObjectAttributes,
	69	IN PLARGE_INTEGER SectionSize OPTIONAL,
	70	IN ULONG Protect,
	71	IN ULONG Attributes,
	72	IN HANDLE FileHandle
	73	);
	74
	75
	76	/*
	77	* ZwMapViewOfSection maps a view of a section to a range of virtual addresses. [NAR]
	78	*/
	79
	80	typedef NTSTATUS (*fpZwMapViewOfSection) (
	81	IN HANDLE SectionHandle,
	82	IN HANDLE ProcessHandle,
	83	IN OUT PVOID *BaseAddress,
	84	IN ULONG ZeroBits,
	85	IN ULONG CommitSize,
	86	IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
	87	IN OUT PULONG ViewSize,
	88	IN SECTION_INHERIT InheritDisposition,
	89	IN ULONG AllocationType,
	90	IN ULONG Protect
	91	);
	92
	93	NTSTATUS
	94	NTAPI
	95	HookedNtMapViewOfSection(
	96	IN HANDLE SectionHandle,
	97	IN HANDLE ProcessHandle,
	98	IN OUT PVOID *BaseAddress,
	99	IN ULONG ZeroBits,
	100	IN ULONG CommitSize,
	101	IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
	102	IN OUT PULONG ViewSize,
	103	IN SECTION_INHERIT InheritDisposition,
	104	IN ULONG AllocationType,
	105	IN ULONG Protect
	106	);
	107
	108
	109	BOOLEAN InitSectionHooks();
	110
	111
	112	#endif /* __MEMORY_H__ */