Process Hacker
vm.c File Reference
#include <kph.h>

Go to the source code of this file.

Macros

#define KPH_STACK_COPY_BYTES   0x200
 
#define KPH_POOL_COPY_BYTES   0x10000
 
#define KPH_MAPPED_COPY_PAGES   14
 
#define KPH_POOL_COPY_THRESHOLD   0x3ff
 

Functions

ULONG KphpGetCopyExceptionInfo (__in PEXCEPTION_POINTERS ExceptionInfo, __out PBOOLEAN HaveBadAddress, __out PULONG_PTR BadAddress)
 
NTSTATUS KphCopyVirtualMemory (__in PEPROCESS FromProcess, __in PVOID FromAddress, __in PEPROCESS ToProcess, __in PVOID ToAddress, __in SIZE_T BufferLength, __in KPROCESSOR_MODE AccessMode, __out PSIZE_T ReturnLength)
 Copies memory from one process to another.
 
NTSTATUS KpiReadVirtualMemory (__in HANDLE ProcessHandle, __in PVOID BaseAddress, __out_bcount(BufferSize) PVOID Buffer, __in SIZE_T BufferSize, __out_opt PSIZE_T NumberOfBytesRead, __in KPROCESSOR_MODE AccessMode)
 Copies memory from another process into the current process.
 
NTSTATUS KpiWriteVirtualMemory (__in HANDLE ProcessHandle, __in_opt PVOID BaseAddress, __in_bcount(BufferSize) PVOID Buffer, __in SIZE_T BufferSize, __out_opt PSIZE_T NumberOfBytesWritten, __in KPROCESSOR_MODE AccessMode)
 Copies memory from the current process into another process.
 
NTSTATUS KpiReadVirtualMemoryUnsafe (__in_opt HANDLE ProcessHandle, __in PVOID BaseAddress, __out_bcount(BufferSize) PVOID Buffer, __in SIZE_T BufferSize, __out_opt PSIZE_T NumberOfBytesRead, __in KPROCESSOR_MODE AccessMode)
 Copies process or kernel memory into the current process.
 

Macro Definition Documentation

#define KPH_MAPPED_COPY_PAGES   14

Definition at line 39 of file vm.c.

#define KPH_POOL_COPY_BYTES   0x10000

Definition at line 38 of file vm.c.

#define KPH_POOL_COPY_THRESHOLD   0x3ff

Definition at line 40 of file vm.c.

#define KPH_STACK_COPY_BYTES   0x200

Definition at line 37 of file vm.c.

Function Documentation

NTSTATUS KphCopyVirtualMemory ( __in PEPROCESS  FromProcess,
__in PVOID  FromAddress,
__in PEPROCESS  ToProcess,
__in PVOID  ToAddress,
__in SIZE_T  BufferLength,
__in KPROCESSOR_MODE  AccessMode,
__out PSIZE_T  ReturnLength 
)

Copies memory from one process to another.

Parameters
FromProcessThe source process.
FromAddressThe source address.
ToProcessThe target process.
ToAddressThe target address.
BufferLengthThe number of bytes to copy.
AccessModeThe mode in which to perform access checks.
ReturnLengthA variable which receives the number of bytes copied.

Definition at line 80 of file vm.c.

ULONG KphpGetCopyExceptionInfo ( __in PEXCEPTION_POINTERS  ExceptionInfo,
__out PBOOLEAN  HaveBadAddress,
__out PULONG_PTR  BadAddress 
)

Definition at line 42 of file vm.c.

NTSTATUS KpiReadVirtualMemory ( __in HANDLE  ProcessHandle,
__in PVOID  BaseAddress,
__out_bcount(BufferSize) PVOID  Buffer,
__in SIZE_T  BufferSize,
__out_opt PSIZE_T  NumberOfBytesRead,
__in KPROCESSOR_MODE  AccessMode 
)

Copies memory from another process into the current process.

Parameters
ProcessHandleA handle to a process. The handle must have PROCESS_VM_READ access.
BaseAddressThe address from which memory is to be copied.
BufferA buffer which receives the copied memory.
BufferSizeThe number of bytes to copy.
NumberOfBytesReadA variable which receives the number of bytes copied to the buffer.
AccessModeThe mode in which to perform access checks.

Definition at line 316 of file vm.c.

NTSTATUS KpiReadVirtualMemoryUnsafe ( __in_opt HANDLE  ProcessHandle,
__in PVOID  BaseAddress,
__out_bcount(BufferSize) PVOID  Buffer,
__in SIZE_T  BufferSize,
__out_opt PSIZE_T  NumberOfBytesRead,
__in KPROCESSOR_MODE  AccessMode 
)

Copies process or kernel memory into the current process.

Parameters
ProcessHandleA handle to a process. The handle must have PROCESS_VM_READ access. This parameter may be NULL if BaseAddress lies above the user-mode range.
BaseAddressThe address from which memory is to be copied.
BufferA buffer which receives the copied memory.
BufferSizeThe number of bytes to copy.
NumberOfBytesReadA variable which receives the number of bytes copied to the buffer.
AccessModeThe mode in which to perform access checks.

Definition at line 529 of file vm.c.

NTSTATUS KpiWriteVirtualMemory ( __in HANDLE  ProcessHandle,
__in_opt PVOID  BaseAddress,
__in_bcount(BufferSize) PVOID  Buffer,
__in SIZE_T  BufferSize,
__out_opt PSIZE_T  NumberOfBytesWritten,
__in KPROCESSOR_MODE  AccessMode 
)

Copies memory from the current process into another process.

Parameters
ProcessHandleA handle to a process. The handle must have PROCESS_VM_WRITE access.
BaseAddressThe address to which memory is to be copied.
BufferA buffer which contains the memory to copy.
BufferSizeThe number of bytes to copy.
NumberOfBytesWrittenA variable which receives the number of bytes copied from the buffer.
AccessModeThe mode in which to perform access checks.

Definition at line 422 of file vm.c.