BOOL CProcessesHandles::CEntry::CMemBlock::Initialize(__in ULONGLONG nMin, __in ULONGLONG nMax)
{
MEMORY_BASIC_INFORMATION sMbi;
SIZE_T nSize, nResultLength;
NTSTATUS nNtStatus;
if (lpFreeEntries == NULL)
return FALSE;
if (nMin < 65536)
nMin = 65536;
while (nMin < nMax)
{
NktHookLibHelpers::MemSet(&sMbi, 0, sizeof(sMbi));
nNtStatus = NktNtQueryVirtualMemory(hProc, (PVOID)nMin, MyMemoryBasicInformation, &sMbi, sizeof(sMbi),
&nResultLength);
if (NT_SUCCESS(nNtStatus) && sMbi.State == MEM_FREE)
{
lpBaseAddress = (LPBYTE)nMin;
nSize = 65536;
nNtStatus = NktNtAllocateVirtualMemory(hProc, (PVOID*)&lpBaseAddress, 0, &nSize, MEM_RESERVE|MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
if (NT_SUCCESS(nNtStatus))
return TRUE;
}
nMin += 65536;
}
lpBaseAddress = NULL;
return FALSE;
}
NTSTATUS NtAllocateVirtualMemory64(__in HANDLE ProcessHandle, __inout ULONGLONG *BaseAddress, __in ULONGLONG ZeroBits,
__inout PSIZE_T RegionSize, __in ULONG AllocationType, __in ULONG Protect)
{
#if defined(_M_IX86)
ULONGLONG nRegionSize;
NTSTATUS nNtStatus;
Initialize();
//----
if (NktHookLib_fnNtAllocateVirtualMemory64 == 0ui64)
{
if (BaseAddress != NULL)
*BaseAddress = 0;
if (RegionSize != NULL)
*RegionSize = 0;
return STATUS_NOT_IMPLEMENTED;
}
nRegionSize = (ULONGLONG)(*RegionSize);
nNtStatus = NktHookLib_CallWow64(NktHookLib_fnNtAllocateVirtualMemory64, Handle2Ull(ProcessHandle),
Ptr2Ull(BaseAddress), ZeroBits, Ptr2Ull(&nRegionSize), Ul2Ull(AllocationType),
Ul2Ull(Protect), 0ui64, 0ui64, 0ui64, 0ui64, 0ui64);
*RegionSize = (SIZE_T)nRegionSize;
return nNtStatus;
#elif defined(_M_X64)
return NktNtAllocateVirtualMemory(ProcessHandle, (PVOID*)BaseAddress, ZeroBits, RegionSize, AllocationType, Protect);
#endif
}
BOOL CProcessesHandles::CEntry::CMemBlock::Initialize()
{
SIZE_T nSize;
NTSTATUS nNtStatus;
if (lpFreeEntries == NULL)
return FALSE;
lpBaseAddress = NULL;
nSize = 65536;
nNtStatus = NktNtAllocateVirtualMemory(hProc, (PVOID*)&lpBaseAddress, 0, &nSize, MEM_RESERVE|MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
if (!NT_SUCCESS(nNtStatus))
lpBaseAddress = NULL;
return (lpBaseAddress != NULL) ? TRUE : FALSE;
}
