HyperDbg Debugger
Loading...
Searching...
No Matches
Common.h
Go to the documentation of this file.
1
13#pragma once
14
16// External Functions //
18
19UCHAR *
20PsGetProcessImageFileName(IN PEPROCESS Process);
21
22PVOID
23PsGetProcessSectionBaseAddress(PEPROCESS Process); // Used to get the base address of process's executable image
24
25NTKERNELAPI NTSTATUS NTAPI
26SeCreateAccessState(
27 PACCESS_STATE AccessState,
28 PVOID AuxData,
29 ACCESS_MASK DesiredAccess,
30 PGENERIC_MAPPING Mapping);
31
32NTKERNELAPI VOID NTAPI
33SeDeleteAccessState(
34 PACCESS_STATE AccessState);
35
36NTSTATUS
37MmUnmapViewOfSection(PEPROCESS Process, PVOID BaseAddress); // Used to unmap process's executable image
38
40// Windows-specific structures //
42
47typedef struct _NT_KPROCESS
48{
49 DISPATCHER_HEADER Header;
50 LIST_ENTRY ProfileListHead;
51 ULONG_PTR DirectoryTableBase;
52 UCHAR Data[1];
53} NT_KPROCESS, *PNT_KPROCESS;
54
56// Enums //
58
70
72// Constants //
74
75/*
76 * @brief Segment register and corresponding GDT meaning in Windows
77 */
78#define KGDT64_NULL (0 * 16) // NULL descriptor
79#define KGDT64_R0_CODE (1 * 16) // kernel mode 64-bit code
80#define KGDT64_R0_DATA (1 * 16) + 8 // kernel mode 64-bit data (stack)
81#define KGDT64_R3_CMCODE (2 * 16) // user mode 32-bit code
82#define KGDT64_R3_DATA (2 * 16) + 8 // user mode 32-bit data
83#define KGDT64_R3_CODE (3 * 16) // user mode 64-bit code
84#define KGDT64_SYS_TSS (4 * 16) // kernel mode system task state
85#define KGDT64_R3_CMTEB (5 * 16) // user mode 32-bit TEB
86#define KGDT64_R0_CMCODE (6 * 16) // kernel mode 32-bit code
87#define KGDT64_LAST (7 * 16) // last entry
88
90// Loader Functions //
92
93BOOLEAN
94CommonIsProcessExist(UINT32 ProcId);
95
96PCHAR
97CommonGetProcessNameFromProcessControlBlock(PEPROCESS Eprocess);
98
99BOOLEAN
100CommonKillProcess(UINT32 ProcessId, PROCESS_KILL_METHODS KillingMethod);
101
102BOOLEAN
103CommonValidateCoreNumber(UINT32 CoreNumber);
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
UCHAR
unsigned char UCHAR
Definition BasicTypes.h:35
VOID
#define VOID
Definition BasicTypes.h:33
UINT32
unsigned int UINT32
Definition BasicTypes.h:48
DesiredAccess
PHANDLE ACCESS_MASK DesiredAccess
Definition Hooks.h:130
PNT_KPROCESS
struct _NT_KPROCESS * PNT_KPROCESS
CommonGetProcessNameFromProcessControlBlock
PCHAR CommonGetProcessNameFromProcessControlBlock(PEPROCESS eprocess)
Get process name by eprocess.
Definition Common.c:48
NT_KPROCESS
struct _NT_KPROCESS NT_KPROCESS
KPROCESS Brief structure.
PsGetProcessImageFileName
UCHAR * PsGetProcessImageFileName(IN PEPROCESS Process)
MmUnmapViewOfSection
NTSTATUS MmUnmapViewOfSection(PEPROCESS Process, PVOID BaseAddress)
CommonValidateCoreNumber
BOOLEAN CommonValidateCoreNumber(UINT32 CoreNumber)
Validate core number.
Definition Common.c:256
CommonKillProcess
BOOLEAN CommonKillProcess(UINT32 ProcessId, PROCESS_KILL_METHODS KillingMethod)
Kill a user-mode process with different methods.
Definition Common.c:159
_PROCESS_KILL_METHODS
_PROCESS_KILL_METHODS
Different methods of killing a process.
Definition Common.h:64
PROCESS_KILL_METHOD_2
@ PROCESS_KILL_METHOD_2
Definition Common.h:66
PROCESS_KILL_METHOD_1
@ PROCESS_KILL_METHOD_1
Definition Common.h:65
PROCESS_KILL_METHOD_3
@ PROCESS_KILL_METHOD_3
Definition Common.h:67
SeDeleteAccessState
NTKERNELAPI VOID NTAPI SeDeleteAccessState(PACCESS_STATE AccessState)
PROCESS_KILL_METHODS
enum _PROCESS_KILL_METHODS PROCESS_KILL_METHODS
Different methods of killing a process.
CommonIsProcessExist
BOOLEAN CommonIsProcessExist(UINT32 ProcId)
Checks whether the process with ProcId exists or not.
Definition Common.c:24
PsGetProcessSectionBaseAddress
PVOID PsGetProcessSectionBaseAddress(PEPROCESS Process)
SeCreateAccessState
NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState(PACCESS_STATE AccessState, PVOID AuxData, ACCESS_MASK DesiredAccess, PGENERIC_MAPPING Mapping)
_NT_KPROCESS
KPROCESS Brief structure.
Definition Common.h:265
_NT_KPROCESS::DirectoryTableBase
ULONG_PTR DirectoryTableBase
Definition Common.h:268
_NT_KPROCESS::Data
UCHAR Data[1]
Definition Common.h:269
_NT_KPROCESS::Header
DISPATCHER_HEADER Header
Definition Common.h:266
_NT_KPROCESS::ProfileListHead
LIST_ENTRY ProfileListHead
Definition Common.h:267