Layout.h File Reference

Header files for working with memory layouts. More...

Go to the source code of this file.

Functions
CR3_TYPE	LayoutGetCr3ByProcessId (_In_ UINT32 ProcessId)
UINT64	LayoutGetSystemDirectoryTableBase ()
	Find cr3 of system process.

Detailed Description

Header files for working with memory layouts.

Author

Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)

Version

0.2

Date

2023-04-27

Copyright

This project is released under the GNU Public License v3.

Function Documentation

LayoutGetCr3ByProcessId()

CR3_TYPE LayoutGetCr3ByProcessId

(

_In_ UINT32

ProcessId

)

LayoutGetSystemDirectoryTableBase()

UINT64 LayoutGetSystemDirectoryTableBase

(

)

Find cr3 of system process.

Returns

UINT64 Returns cr3 of System process (pid=4)

{
    //
    // Return CR3 of the system process.
    //
    NT_KPROCESS * SystemProcess = (NT_KPROCESS *)(PsInitialSystemProcess);
    return SystemProcess->DirectoryTableBase;
}