From 2acec63b2ed75bf4b71ad257db573c4b8f9639e7 Mon Sep 17 00:00:00 2001
From: tumagonx
Date: Tue, 8 Aug 2017 10:54:53 +0700
Subject: initial commit

---
 section.h | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 112 insertions(+)
 create mode 100644 section.h

(limited to 'section.h')

diff --git a/section.h b/section.h
new file mode 100644
index 0000000..7e41076
--- /dev/null
+++ b/section.h
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *		section.h
+ *
+ * Abstract:
+ *
+ *		This module defines various types used by section hooking related routines.
+ *
+ * Author:
+ *
+ *		Eugene Tsyrklevich 29-Feb-2004
+ *
+ * Revision History:
+ *
+ *		None.
+ */
+
+#ifndef __MEMORY_H__
+#define __MEMORY_H__
+
+
+
+/*
+ * "Section objects are objects that can be mapped into the virtual address space of a process.
+ * The Win32 API refers to section objects as file-mapping objects.
+ *
+ * ZwOpenSection opens a section object." [NAR]
+ */
+
+typedef NTSTATUS (*fpZwOpenSection) (
+    OUT PHANDLE  SectionHandle,
+    IN ACCESS_MASK  DesiredAccess,
+    IN POBJECT_ATTRIBUTES  ObjectAttributes
+    );
+
+
+NTSTATUS
+NTAPI
+HookedNtOpenSection(
+    OUT PHANDLE  SectionHandle,
+    IN ACCESS_MASK  DesiredAccess,
+    IN POBJECT_ATTRIBUTES  ObjectAttributes
+	);
+
+
+/*
+ * ZwCreateSection creates a section object. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwCreateSection) (
+	OUT PHANDLE SectionHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes,
+	IN PLARGE_INTEGER SectionSize OPTIONAL,
+	IN ULONG Protect,
+	IN ULONG Attributes,
+	IN HANDLE FileHandle
+	);
+
+NTSTATUS
+NTAPI
+HookedNtCreateSection(
+	OUT PHANDLE SectionHandle,
+	IN ACCESS_MASK DesiredAccess,
+	IN POBJECT_ATTRIBUTES ObjectAttributes,
+	IN PLARGE_INTEGER SectionSize OPTIONAL,
+	IN ULONG Protect,
+	IN ULONG Attributes,
+	IN HANDLE FileHandle
+	);
+
+
+/*
+ * ZwMapViewOfSection maps a view of a section to a range of virtual addresses. [NAR]
+ */
+
+typedef NTSTATUS (*fpZwMapViewOfSection) (
+	IN HANDLE SectionHandle,
+	IN HANDLE ProcessHandle,
+	IN OUT PVOID *BaseAddress,
+	IN ULONG ZeroBits,
+	IN ULONG CommitSize,
+	IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
+	IN OUT PULONG ViewSize,
+	IN SECTION_INHERIT InheritDisposition,
+	IN ULONG AllocationType,
+	IN ULONG Protect
+	);
+
+NTSTATUS
+NTAPI
+HookedNtMapViewOfSection(
+	IN HANDLE SectionHandle,
+	IN HANDLE ProcessHandle,
+	IN OUT PVOID *BaseAddress,
+	IN ULONG ZeroBits,
+	IN ULONG CommitSize,
+	IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
+	IN OUT PULONG ViewSize,
+	IN SECTION_INHERIT InheritDisposition,
+	IN ULONG AllocationType,
+	IN ULONG Protect
+	);
+
+
+BOOLEAN InitSectionHooks();
+
+
+#endif	/* __MEMORY_H__ */
-- 
cgit v1.3