/*------------------------------------------------------------------- FUNCTION: ConvertAddr PURPOSE: ConvertAddr does the same as MapPtrToProcess - maps an address in slot 0 to the address in the slot of the given process. Unlike MapPtrToProcess, which accepts process handle, ConvertAddr uses undocumented PROCESS structure. PARAMETERS: LPVOID p_pAddr - address to convert PPROCESS p_pProcess - internal kernel Process structure RETURNS: Address mapped to the slot of the given process -------------------------------------------------------------------*/ LPVOID ConvertAddr(LPVOID p_pAddr, PPROCESS p_pProcess) { if( ((DWORD)p_pAddr) < 0x2000000 && p_pProcess) {//Slot 0 and process is not the kernel LPVOID l_pOld = p_pAddr; BYTE l_byProcNum = *(((LPBYTE)p_pProcess) + PROCESS_NUM_OFFSET); p_pAddr = (LPVOID) (((DWORD)p_pAddr) + ProcessAddress(l_byProcNum)); } return p_pAddr; }
VOID SwizzleArg(ADDRINT * arg) { ASSERTX(SwizzleSpace(*arg)); *arg = ProcessAddress(*arg, 0); }