mmfuncs.h File Reference

#include <umtypes.h>
#include <mmtypes.h>

Include dependency graph for mmfuncs.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions
NTSTATUS NTAPI	MmCreateSection (_Out_ PVOID *SectionObject, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PLARGE_INTEGER MaximumSize, _In_ ULONG SectionPageProtection, _In_ ULONG AllocationAttributes, _In_opt_ HANDLE FileHandle, _In_opt_ PFILE_OBJECT File)
NTSTATUS NTAPI	MmMapViewOfSection (_In_ PVOID SectionObject, _In_ PEPROCESS Process, _Inout_ PVOID *BaseAddress, _In_ ULONG_PTR ZeroBits, _In_ SIZE_T CommitSize, _Inout_opt_ PLARGE_INTEGER SectionOffset, _Inout_ PSIZE_T ViewSize, _In_ SECTION_INHERIT InheritDisposition, _In_ ULONG AllocationType, _In_ ULONG Protect)
NTSTATUS NTAPI	MmUnmapViewOfSection (_In_ struct _EPROCESS *Process, _In_ PVOID BaseAddress)
NTSYSCALLAPI NTSTATUS NTAPI	NtAreMappedFilesTheSame (_In_ PVOID File1MappedAsAnImage, _In_ PVOID File2MappedAsFile)
NTSTATUS NTAPI	NtAllocateUserPhysicalPages (_In_ HANDLE ProcessHandle, _Inout_ PULONG_PTR NumberOfPages, _Inout_ PULONG_PTR UserPfnArray)
_Must_inspect_result_ _At_ *	BaseAddress (Mem)) __kernel_entryNTSYSCALLAPINTSTATUSNTAPINtAllocateVirtualMemory(_In_ HANDLE ProcessHandle, _Inout_ _Outptr_result_buffer_(*RegionSize) PVOID *BaseAddress, _In_ ULONG_PTR ZeroBits, _Inout_ PSIZE_T RegionSize, _In_ ULONG AllocationType, _In_ ULONG Protect
NTSYSCALLAPI NTSTATUS NTAPI	NtCreatePagingFile (_In_ PUNICODE_STRING FileName, _In_ PLARGE_INTEGER MinimumSize, _In_ PLARGE_INTEGER MaximumSize, _In_ ULONG Reserved)
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtCreateSection (_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PLARGE_INTEGER MaximumSize, _In_ ULONG SectionPageProtection, _In_ ULONG AllocationAttributes, _In_opt_ HANDLE FileHandle)
NTSYSCALLAPI NTSTATUS NTAPI	NtExtendSection (_In_ HANDLE SectionHandle, _In_ PLARGE_INTEGER NewMaximumSize)
NTSYSCALLAPI NTSTATUS NTAPI	NtFlushInstructionCache (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ SIZE_T NumberOfBytesToFlush)
NTSYSCALLAPI NTSTATUS NTAPI	NtFlushVirtualMemory (_In_ HANDLE ProcessHandle, _Inout_ PVOID *BaseAddress, _Inout_ PSIZE_T RegionSize, _Out_ PIO_STATUS_BLOCK IoStatus)
NTSTATUS NTAPI	NtFreeUserPhysicalPages (_In_ HANDLE ProcessHandle, _Inout_ PULONG_PTR NumberOfPages, _Inout_ PULONG_PTR UserPfnArray)
__kernel_entry	_IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSCALLAPI NTSTATUS NTAPI NtFreeVirtualMemory(_In_ HANDLE ProcessHandle
	Queries information details about a security descriptor.
__kernel_entry _Inout_	__drv_freesMem (Mem) PVOID *BaseAddress
NTSTATUS NTAPI	NtGetWriteWatch (_In_ HANDLE ProcessHandle, _In_ ULONG Flags, _In_ PVOID BaseAddress, _In_ SIZE_T RegionSize, _In_ PVOID *UserAddressArray, _Out_ PULONG_PTR EntriesInUserAddressArray, _Out_ PULONG Granularity)
NTSYSCALLAPI NTSTATUS NTAPI	NtLockVirtualMemory (_In_ HANDLE ProcessHandle, _Inout_ PVOID *BaseAddress, _Inout_ PSIZE_T NumberOfBytesToLock, _In_ ULONG MapType)
NTSTATUS NTAPI	NtMapUserPhysicalPages (_In_ PVOID VirtualAddresses, _In_ ULONG_PTR NumberOfPages, _Inout_ PULONG_PTR UserPfnArray)
NTSTATUS NTAPI	NtMapUserPhysicalPagesScatter (_In_ PVOID *VirtualAddresses, _In_ ULONG_PTR NumberOfPages, _Inout_ PULONG_PTR UserPfnArray)
NTSYSCALLAPI NTSTATUS NTAPI	NtMapViewOfSection (_In_ HANDLE SectionHandle, _In_ HANDLE ProcessHandle, _Inout_ PVOID *BaseAddress, _In_ ULONG_PTR ZeroBits, _In_ SIZE_T CommitSize, _Inout_opt_ PLARGE_INTEGER SectionOffset, _Inout_ PSIZE_T ViewSize, _In_ SECTION_INHERIT InheritDisposition, _In_ ULONG AllocationType, _In_ ULONG AccessProtection)
NTSYSCALLAPI NTSTATUS NTAPI	NtOpenSection (_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
NTSYSCALLAPI NTSTATUS NTAPI	NtProtectVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID *BaseAddress, _In_ SIZE_T *NumberOfBytesToProtect, _In_ ULONG NewAccessProtection, _Out_ PULONG OldAccessProtection)
NTSYSCALLAPI NTSTATUS NTAPI	NtQuerySection (_In_ HANDLE SectionHandle, _In_ SECTION_INFORMATION_CLASS SectionInformationClass, _Out_ PVOID SectionInformation, _In_ SIZE_T Length, _Out_ PSIZE_T ResultLength)
NTSYSCALLAPI NTSTATUS NTAPI	NtQueryVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID Address, _In_ MEMORY_INFORMATION_CLASS VirtualMemoryInformationClass, _Out_ PVOID VirtualMemoryInformation, _In_ SIZE_T Length, _Out_opt_ PSIZE_T ResultLength)
NTSYSCALLAPI NTSTATUS NTAPI	NtReadVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _Out_ PVOID Buffer, _In_ SIZE_T NumberOfBytesToRead, _Out_opt_ PSIZE_T NumberOfBytesRead)
NTSTATUS NTAPI	NtResetWriteWatch (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ SIZE_T RegionSize)
NTSYSCALLAPI NTSTATUS NTAPI	NtUnlockVirtualMemory (_In_ HANDLE ProcessHandle, _Inout_ PVOID *BaseAddress, _Inout_ PSIZE_T NumberOfBytesToUnlock, _In_ ULONG MapType)
NTSYSCALLAPI NTSTATUS NTAPI	NtUnmapViewOfSection (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress)
NTSYSCALLAPI NTSTATUS NTAPI	NtWriteVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ PVOID Buffer, _In_ SIZE_T NumberOfBytesToWrite, _Out_opt_ PSIZE_T NumberOfBytesWritten)
NTSYSAPI NTSTATUS NTAPI	ZwAreMappedFilesTheSame (_In_ PVOID File1MappedAsAnImage, _In_ PVOID File2MappedAsFile)
NTSYSAPI NTSTATUS NTAPI	ZwCreatePagingFile (_In_ PUNICODE_STRING FileName, _In_ PLARGE_INTEGER MinimumSize, _In_ PLARGE_INTEGER MaximumSize, _In_ ULONG Reserved)
	_IRQL_requires_max_ (APC_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwCreateSection(_Out_ PHANDLE SectionHandle
	Probes and locks virtual pages in memory for the specified process.
NTSYSAPI NTSTATUS NTAPI	ZwExtendSection (_In_ HANDLE SectionHandle, _In_ PLARGE_INTEGER NewMaximumSize)
NTSYSAPI NTSTATUS NTAPI	ZwLockVirtualMemory (_In_ HANDLE ProcessHandle, _Inout_ PVOID *BaseAddress, _Inout_ PSIZE_T NumberOfBytesToLock, _In_ ULONG MapType)
NTSYSAPI NTSTATUS NTAPI	ZwOpenSection (_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
NTSYSAPI NTSTATUS NTAPI	ZwProtectVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID *BaseAddress, _In_ SIZE_T *NumberOfBytesToProtect, _In_ ULONG NewAccessProtection, _Out_ PULONG OldAccessProtection)
NTSYSAPI NTSTATUS NTAPI	ZwQuerySection (_In_ HANDLE SectionHandle, _In_ SECTION_INFORMATION_CLASS SectionInformationClass, _Out_ PVOID SectionInformation, _In_ SIZE_T Length, _Out_opt_ PSIZE_T ResultLength)
NTSYSAPI NTSTATUS NTAPI	ZwQueryVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID Address, _In_ MEMORY_INFORMATION_CLASS VirtualMemoryInformationClass, _Out_ PVOID VirtualMemoryInformation, _In_ SIZE_T Length, _Out_opt_ PSIZE_T ResultLength)
NTSYSAPI NTSTATUS NTAPI	ZwReadVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _Out_ PVOID Buffer, _In_ SIZE_T NumberOfBytesToRead, _Out_opt_ PSIZE_T NumberOfBytesRead)
NTSYSAPI NTSTATUS NTAPI	ZwUnlockVirtualMemory (_In_ HANDLE ProcessHandle, _Inout_ PVOID *BaseAddress, _Inout_ PSIZE_T NumberOfBytesToUnlock, _In_ ULONG MapType)
NTSYSAPI NTSTATUS NTAPI	ZwWriteVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ PVOID Buffer, _In_ SIZE_T NumberOfBytesToWrite, _Out_opt_ PSIZE_T NumberOfBytesWritten)

Variables
__kernel_entry _Inout_ _Inout_ PSIZE_T	RegionSize
__kernel_entry _Inout_ _Inout_ PSIZE_T _In_ ULONG	FreeType
_In_ ACCESS_MASK	DesiredAccess
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER	MaximumSize
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG	SectionPageProtection
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG	AllocationAttributes
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_opt_ HANDLE	FileHandle
_In_ HANDLE	ProcessHandle
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID *	BaseAddress
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR	ZeroBits
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T	CommitSize
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER	SectionOffset
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T	ViewSize
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT	InheritDisposition
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT _In_ ULONG	AllocationType
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT _In_ ULONG _In_ ULONG	Win32Protect

Function Documentation

__drv_freesMem()

_IRQL_requires_same_ _In_ __drv_freesMem

(

Mem

)

_IRQL_requires_max_() [1/2]

_IRQL_requires_max_

(

APC_LEVEL

)

Probes and locks virtual pages in memory for the specified process.

Parameters

[in,out]	MemoryDescriptorList	Memory Descriptor List (MDL) containing the buffer to be probed and locked.
[in]	Process	The process for which the buffer should be probed and locked.
[in]	AccessMode	Access mode for probing the pages. Can be KernelMode or UserMode.
[in]	LockOperation	The type of the probing and locking operation. Can be IoReadAccess, IoWriteAccess or IoModifyAccess.

Returns

Nothing.

See also

MmProbeAndLockPages

Remarks

Must be called at IRQL <= APC_LEVEL

Probes and locks virtual pages in memory for the specified process.

Frees previously reserved amount of memory in system virtual address space.

Parameters

[in]	NumberOfBytes	Size, in bytes, of memory to reserve.
[in]	PoolTag	Pool Tag identifying the buffer. Usually consists from 4 characters in reversed order.

Returns

A pointer to the 1st memory block of the reserved buffer in case of success, NULL otherwise.

Remarks

Must be called at IRQL <= APC_LEVEL

Parameters

[in]	BaseAddress	A pointer to the 1st memory block of the reserved buffer.
[in]	PoolTag	Pool Tag identifying the buffer. Usually consists from 4 characters in reversed order.

Returns

Nothing.

See also

MmAllocateMappingAddress

Remarks

Must be called at IRQL <= APC_LEVEL

Definition at line 37 of file cddata.c.

{
    THREAD_CONTEXT ThreadContext = {0};
    PIRP_CONTEXT IrpContext = NULL;
    BOOLEAN Wait;
 
#ifdef CD_SANITY
    PVOID PreviousTopLevel;
#endif
 
    NTSTATUS Status;
 
#if DBG
 
    KIRQL SaveIrql = KeGetCurrentIrql();
 
#endif
 
    ASSERT_OPTIONAL_IRP( Irp );
 
    UNREFERENCED_PARAMETER( DeviceObject );
 
    FsRtlEnterFileSystem();
 
#ifdef CD_SANITY
    PreviousTopLevel = IoGetTopLevelIrp();
#endif
 
    //
    //  Loop until this request has been completed or posted.
    //
 
    do {
 
        //
        //  Use a try-except to handle the exception cases.
        //
 
        _SEH2_TRY {
 
            //
            //  If the IrpContext is NULL then this is the first pass through
            //  this loop.
            //
 
            if (IrpContext == NULL) {
 
                //
                //  Decide if this request is waitable an allocate the IrpContext.
                //  If the file object in the stack location is NULL then this
                //  is a mount which is always waitable.  Otherwise we look at
                //  the file object flags.
                //
 
                if (IoGetCurrentIrpStackLocation( Irp )->FileObject == NULL) {
 
                    Wait = TRUE;
 
                } else {
 
                    Wait = CanFsdWait( Irp );
                }
 
                IrpContext = CdCreateIrpContext( Irp, Wait );
 
                //
                //  Update the thread context information.
                //
 
                CdSetThreadContext( IrpContext, &ThreadContext );
 
#ifdef CD_SANITY
                NT_ASSERT( !CdTestTopLevel ||
                        SafeNodeType( IrpContext->TopLevel ) == CDFS_NTC_IRP_CONTEXT );
#endif
 
            //
            //  Otherwise cleanup the IrpContext for the retry.
            //
 
            } else {
 
                //
                //  Set the MORE_PROCESSING flag to make sure the IrpContext
                //  isn't inadvertently deleted here.  Then cleanup the
                //  IrpContext to perform the retry.
                //
 
                SetFlag( IrpContext->Flags, IRP_CONTEXT_FLAG_MORE_PROCESSING );
                CdCleanupIrpContext( IrpContext, FALSE );
            }
 
            //
            //  Case on the major irp code.
            //
 
            switch (IrpContext->MajorFunction) {
 
            case IRP_MJ_CREATE :
 
                Status = CdCommonCreate( IrpContext, Irp );
                break;
 
            case IRP_MJ_CLOSE :
 
                Status = CdCommonClose( IrpContext, Irp );
                break;
 
            case IRP_MJ_READ :
 
                //
                //  If this is an Mdl complete request, don't go through
                //  common read.
                //
 
                if (FlagOn( IrpContext->MinorFunction, IRP_MN_COMPLETE )) {
 
                    Status = CdCompleteMdl( IrpContext, Irp );
 
                } else {
 
                    Status = CdCommonRead( IrpContext, Irp );
                }
 
                break;
 
            case IRP_MJ_WRITE :
 
                Status = CdCommonWrite( IrpContext, Irp );
                break;
 
            case IRP_MJ_QUERY_INFORMATION :
 
                Status = CdCommonQueryInfo( IrpContext, Irp );
                break;
 
            case IRP_MJ_SET_INFORMATION :
 
                Status = CdCommonSetInfo( IrpContext, Irp );
                break;
 
            case IRP_MJ_QUERY_VOLUME_INFORMATION :
 
                Status = CdCommonQueryVolInfo( IrpContext, Irp );
                break;
 
            case IRP_MJ_DIRECTORY_CONTROL :
 
                Status = CdCommonDirControl( IrpContext, Irp );
                break;
 
            case IRP_MJ_FILE_SYSTEM_CONTROL :
 
                Status = CdCommonFsControl( IrpContext, Irp );
                break;
 
            case IRP_MJ_DEVICE_CONTROL :
 
                Status = CdCommonDevControl( IrpContext, Irp );
                break;
 
            case IRP_MJ_LOCK_CONTROL :
 
                Status = CdCommonLockControl( IrpContext, Irp );
                break;
 
            case IRP_MJ_CLEANUP :
 
                Status = CdCommonCleanup( IrpContext, Irp );
                break;
 
            case IRP_MJ_PNP :
 
                Status = CdCommonPnp( IrpContext, Irp );
                break;
 
            case IRP_MJ_SHUTDOWN :
 
                Status = CdCommonShutdown( IrpContext, Irp );
                break;
 
            default :
 
                Status = STATUS_INVALID_DEVICE_REQUEST;
                CdCompleteRequest( IrpContext, Irp, Status );
            }
 
        } _SEH2_EXCEPT( CdExceptionFilter( IrpContext, _SEH2_GetExceptionInformation() )) {
 
            Status = CdProcessException( IrpContext, Irp, _SEH2_GetExceptionCode() );
        } _SEH2_END;
 
    } while (Status == STATUS_CANT_WAIT);
 
#ifdef CD_SANITY
    NT_ASSERT( !CdTestTopLevel ||
            (PreviousTopLevel == IoGetTopLevelIrp()) );
#endif
 
    FsRtlExitFileSystem();
 
    NT_ASSERT( SaveIrql == KeGetCurrentIrql( ));
 
    return Status;
}

_IRQL_requires_max_() [2/2]

__kernel_entry _IRQL_requires_max_

(

PASSIVE_LEVEL

)

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters

[in]	SecurityInformation	Security information details to be queried from a security descriptor.
[out]	SecurityDescriptor	The returned security descriptor with security information data.
[in,out]	Length	The returned length of a security descriptor.
[in,out]	ObjectsSecurityDescriptor	The returned object security descriptor.

Returns

Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.

Parameters

[in]	Object	If specified, the function will use this arbitrary object that points to an object security descriptor.
[in]	SecurityInformation	Security information details to be set.
[in]	SecurityDescriptor	A security descriptor where its info is to be changed.
[in,out]	ObjectsSecurityDescriptor	The returned pointer to security descriptor objects.
[in]	PoolType	Pool type for the new security descriptor to allocate.
[in]	GenericMapping	The generic mapping of access rights masks.

Returns

See SeSetSecurityDescriptorInfoEx.

Parameters

[in]	Object	If specified, the function will use this arbitrary object that points to an object security descriptor.
[in]	SecurityInformation	Security information details to be set.
[in]	SecurityDescriptor	A security descriptor where its info is to be changed.
[in,out]	ObjectsSecurityDescriptor	The returned pointer to security descriptor objects.
[in]	AutoInheritFlags	Flags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]	PoolType	Pool type for the new security descriptor to allocate.
[in]	GenericMapping	The generic mapping of access rights masks.

Returns

Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.

Parameters

[in]

SecurityDescriptor

A security descriptor to be freed from memory.

Returns

Returns STATUS_SUCCESS.

Parameters

[in]	_ParentDescriptor	A security descriptor of the parent object that is being created.
[in]	_ExplicitDescriptor	An explicit security descriptor that is applied to a new object.
[out]	NewDescriptor	The new allocated security descriptor.
[in]	ObjectType	The type of the new object.
[in]	IsDirectoryObject	Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]	AutoInheritFlags	Automatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]	SubjectContext	Security subject context of the new object.
[in]	GenericMapping	Generic mapping of access mask rights.
[in]	PoolType	This parameter is unused.

Returns

Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.

Parameters

[in]	ParentDescriptor	A security descriptor of the parent object that is being created.
[in]	ExplicitDescriptor	An explicit security descriptor that is applied to a new object.
[out]	NewDescriptor	The new allocated security descriptor.
[in]	IsDirectoryObject	Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]	SubjectContext	Security subject context of the new object.
[in]	GenericMapping	Generic mapping of access mask rights.
[in]	PoolType	This parameter is unused.

Returns

See SeAssignSecurityEx.

Parameters

[in]	SecurityDescriptor	A security descriptor.
[out]	QuotaInfoSize	The returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.

Returns

Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 923 of file Messaging.c.

{
    PFLT_SERVER_PORT_OBJECT PortObject;
    NTSTATUS Status;
 
    /* The caller must allow at least one connection */
    if (MaxConnections == 0)
    {
        return STATUS_INVALID_PARAMETER;
    }
 
    /* The request must be for a kernel handle */
    if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
    {
        return STATUS_INVALID_PARAMETER;
    }
 
    /*
     * Get rundown protection on the target to stop the owner
     * from unloading whilst this port object is open. It gets
     * removed in the FltpServerPortClose callback
     */
    Status = FltObjectReference(Filter);
    if (!NT_SUCCESS(Status))
    {
        return Status;
    }
 
    /* Create the server port object for this filter */
    Status = ObCreateObject(KernelMode,
                            ServerPortObjectType,
                            ObjectAttributes,
                            KernelMode,
                            NULL,
                            sizeof(FLT_SERVER_PORT_OBJECT),
                            0,
                            0,
                            (PVOID *)&PortObject);
    if (NT_SUCCESS(Status))
    {
        /* Zero out the struct */
        RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
 
        /* Increment the ref count on the target filter */
        FltpObjectPointerReference((PFLT_OBJECT)Filter);
 
        /* Setup the filter port object */
        PortObject->Filter = Filter;
        PortObject->ConnectNotify = ConnectNotifyCallback;
        PortObject->DisconnectNotify = DisconnectNotifyCallback;
        PortObject->MessageNotify = MessageNotifyCallback;
        PortObject->Cookie = ServerPortCookie;
        PortObject->MaxConnections = MaxConnections;
 
        /* Insert the object */
        Status = ObInsertObject(PortObject,
                                NULL,
                                STANDARD_RIGHTS_ALL | FILE_READ_DATA,
                                0,
                                NULL,
                                (PHANDLE)ServerPort);
        if (NT_SUCCESS(Status))
        {
            /* Lock the connection list */
            ExAcquireFastMutex(&Filter->ConnectionList.mLock);
 
            /* Add the new port object to the connection list and increment the count */
            InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
            Filter->ConnectionList.mCount++;
 
            /* Unlock the connection list*/
            ExReleaseFastMutex(&Filter->ConnectionList.mLock);
        }
    }
 
    if (!NT_SUCCESS(Status))
    {
        /* Allow the filter to be cleaned up */
        FltObjectDereference(Filter);
    }
 
    return Status;
}

BaseAddress()

_Must_inspect_result_ _At_ * BaseAddress

(

Mem

)

MmCreateSection()

NTSTATUS NTAPI MmCreateSection	(	_Out_ PVOID *	SectionObject,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ PLARGE_INTEGER	MaximumSize,
		_In_ ULONG	SectionPageProtection,
		_In_ ULONG	AllocationAttributes,
		_In_opt_ HANDLE	FileHandle,
		_In_opt_ PFILE_OBJECT	File
	)

MmMapViewOfSection()

NTSTATUS NTAPI MmMapViewOfSection	(	_In_ PVOID	SectionObject,
		_In_ PEPROCESS	Process,
		_Inout_ PVOID *	BaseAddress,
		_In_ ULONG_PTR	ZeroBits,
		_In_ SIZE_T	CommitSize,
		_Inout_opt_ PLARGE_INTEGER	SectionOffset,
		_Inout_ PSIZE_T	ViewSize,
		_In_ SECTION_INHERIT	InheritDisposition,
		_In_ ULONG	AllocationType,
		_In_ ULONG	Protect
	)

MmUnmapViewOfSection()

NTSTATUS NTAPI MmUnmapViewOfSection	(	_In_ struct _EPROCESS *	Process,
		_In_ PVOID	BaseAddress
	)

NtAllocateUserPhysicalPages()

NTSTATUS NTAPI NtAllocateUserPhysicalPages	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PULONG_PTR	NumberOfPages,
		_Inout_ PULONG_PTR	UserPfnArray
	)

NtAreMappedFilesTheSame()

NTSYSCALLAPI NTSTATUS NTAPI NtAreMappedFilesTheSame	(	_In_ PVOID	File1MappedAsAnImage,
		_In_ PVOID	File2MappedAsFile
	)

NtCreatePagingFile()

NTSYSCALLAPI NTSTATUS NTAPI NtCreatePagingFile	(	_In_ PUNICODE_STRING	FileName,
		_In_ PLARGE_INTEGER	MinimumSize,
		_In_ PLARGE_INTEGER	MaximumSize,
		_In_ ULONG	Reserved
	)

Definition at line 366 of file pagefile.c.

{
    NTSTATUS Status;
    OBJECT_ATTRIBUTES ObjectAttributes;
    HANDLE FileHandle;
    IO_STATUS_BLOCK IoStatus;
    PFILE_OBJECT FileObject;
    PMMPAGING_FILE PagingFile;
    SIZE_T AllocMapSize;
    ULONG Count;
    KPROCESSOR_MODE PreviousMode;
    UNICODE_STRING PageFileName;
    LARGE_INTEGER SafeMinimumSize, SafeMaximumSize, AllocationSize;
    FILE_FS_DEVICE_INFORMATION FsDeviceInfo;
    SECURITY_DESCRIPTOR SecurityDescriptor;
    PACL Dacl;
    PWSTR Buffer;
    DEVICE_TYPE DeviceType;
 
    PAGED_CODE();
 
    DPRINT("NtCreatePagingFile(FileName: '%wZ', MinimumSize: %I64d, MaximumSize: %I64d)\n",
           FileName, MinimumSize->QuadPart, MaximumSize->QuadPart);
 
    if (MmNumberOfPagingFiles >= MAX_PAGING_FILES)
    {
        return STATUS_TOO_MANY_PAGING_FILES;
    }
 
    PreviousMode = ExGetPreviousMode();
 
    if (PreviousMode != KernelMode)
    {
        if (SeSinglePrivilegeCheck(SeCreatePagefilePrivilege, PreviousMode) != TRUE)
        {
            return STATUS_PRIVILEGE_NOT_HELD;
        }
 
        _SEH2_TRY
        {
            SafeMinimumSize = ProbeForReadLargeInteger(MinimumSize);
            SafeMaximumSize = ProbeForReadLargeInteger(MaximumSize);
            PageFileName = ProbeForReadUnicodeString(FileName);
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Return the exception code */
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
        _SEH2_END;
    }
    else
    {
        SafeMinimumSize = *MinimumSize;
        SafeMaximumSize = *MaximumSize;
        PageFileName = *FileName;
    }
 
    /*
     * Pagefiles cannot be larger than the platform-specific memory addressable
     * limits, and of course the minimum should be smaller than the maximum.
     */
    if (SafeMinimumSize.QuadPart < MINIMUM_PAGEFILE_SIZE ||
        SafeMinimumSize.QuadPart > MAXIMUM_PAGEFILE_SIZE)
    {
        return STATUS_INVALID_PARAMETER_2;
    }
    if (SafeMaximumSize.QuadPart < SafeMinimumSize.QuadPart ||
        SafeMaximumSize.QuadPart > MAXIMUM_PAGEFILE_SIZE)
    {
        return STATUS_INVALID_PARAMETER_3;
    }
 
    /* Validate the name length */
    if ((PageFileName.Length == 0) ||
        (PageFileName.Length > MAXIMUM_FILENAME_LENGTH))
    {
        return STATUS_OBJECT_NAME_INVALID;
    }
 
    /* Allocate a buffer to keep the name copy. Note that it is kept only
     * for information purposes, so it gets allocated in the paged pool,
     * even if it will be stored in the PagingFile structure, that is
     * allocated from non-paged pool (see below). */
    PageFileName.MaximumLength = PageFileName.Length;
    Buffer = ExAllocatePoolWithTag(PagedPool, PageFileName.Length, TAG_MM);
    if (Buffer == NULL)
    {
        return STATUS_INSUFFICIENT_RESOURCES;
    }
 
    /* Copy the name */
    if (PreviousMode != KernelMode)
    {
        _SEH2_TRY
        {
            ProbeForRead(PageFileName.Buffer, PageFileName.Length, sizeof(WCHAR));
            RtlCopyMemory(Buffer, PageFileName.Buffer, PageFileName.Length);
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            ExFreePoolWithTag(Buffer, TAG_MM);
 
            /* Return the exception code */
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
        _SEH2_END;
    }
    else
    {
        RtlCopyMemory(Buffer, PageFileName.Buffer, PageFileName.Length);
    }
 
    /* Replace caller's buffer with ours */
    PageFileName.Buffer = Buffer;
 
    /* Create the security descriptor for the page file */
    Status = RtlCreateSecurityDescriptor(&SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
    if (!NT_SUCCESS(Status))
    {
        ExFreePoolWithTag(Buffer, TAG_MM);
        return Status;
    }
 
    /* Create the DACL: we will only allow two SIDs */
    Count = sizeof(ACL) + (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
                          (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
    Dacl = ExAllocatePoolWithTag(PagedPool, Count, TAG_DACL);
    if (Dacl == NULL)
    {
        ExFreePoolWithTag(Buffer, TAG_MM);
        return STATUS_INSUFFICIENT_RESOURCES;
    }
 
    /* Initialize the DACL */
    Status = RtlCreateAcl(Dacl, Count, ACL_REVISION);
    if (!NT_SUCCESS(Status))
        goto EarlyQuit;
 
    /* Grant full access to admins */
    Status = RtlAddAccessAllowedAce(Dacl, ACL_REVISION, FILE_ALL_ACCESS, SeAliasAdminsSid);
    if (!NT_SUCCESS(Status))
        goto EarlyQuit;
 
    /* Grant full access to SYSTEM */
    Status = RtlAddAccessAllowedAce(Dacl, ACL_REVISION, FILE_ALL_ACCESS, SeLocalSystemSid);
    if (!NT_SUCCESS(Status))
        goto EarlyQuit;
 
    /* Attach the DACL to the security descriptor */
    Status = RtlSetDaclSecurityDescriptor(&SecurityDescriptor, TRUE, Dacl, FALSE);
    if (!NT_SUCCESS(Status))
        goto EarlyQuit;
 
    InitializeObjectAttributes(&ObjectAttributes,
                               &PageFileName,
                               OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
                               NULL,
                               &SecurityDescriptor);
 
    /* Make sure we can at least store a complete page:
     * If we have 2048 BytesPerAllocationUnit (FAT16 < 128MB) there is
     * a problem if the paging file is fragmented. Suppose the first cluster
     * of the paging file is cluster 3042 but cluster 3043 is NOT part of the
     * paging file but of another file. We can't write a complete page (4096
     * bytes) to the physical location of cluster 3042 then. */
    AllocationSize.QuadPart = SafeMinimumSize.QuadPart + PAGE_SIZE;
 
    /* First, attempt to replace the page file, if existing */
    Status = IoCreateFile(&FileHandle,
                          SYNCHRONIZE | WRITE_DAC | FILE_READ_DATA | FILE_WRITE_DATA,
                          &ObjectAttributes,
                          &IoStatus,
                          &AllocationSize,
                          FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN,
                          FILE_SHARE_WRITE,
                          FILE_SUPERSEDE,
                          FILE_DELETE_ON_CLOSE | FILE_NO_COMPRESSION | FILE_NO_INTERMEDIATE_BUFFERING,
                          NULL,
                          0,
                          CreateFileTypeNone,
                          NULL,
                          IO_OPEN_PAGING_FILE | IO_NO_PARAMETER_CHECKING);
    /* If we failed, relax a bit constraints, someone may be already holding the
     * the file, so share write, don't attempt to replace and don't delete on close
     * (basically, don't do anything conflicting).
     * This can happen if the caller attempts to extend a page file.
     */
    if (!NT_SUCCESS(Status))
    {
        ULONG i;
 
        Status = IoCreateFile(&FileHandle,
                              SYNCHRONIZE | FILE_WRITE_DATA,
                              &ObjectAttributes,
                              &IoStatus,
                              &AllocationSize,
                              FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN,
                              FILE_SHARE_WRITE | FILE_SHARE_READ,
                              FILE_OPEN,
                              FILE_NO_COMPRESSION | FILE_NO_INTERMEDIATE_BUFFERING,
                              NULL,
                              0,
                              CreateFileTypeNone,
                              NULL,
                              IO_OPEN_PAGING_FILE | IO_NO_PARAMETER_CHECKING);
        if (!NT_SUCCESS(Status))
            goto EarlyQuit;
 
        /* We opened it! Check we are that "someone" ;-)
         * First, get the opened file object.
         */
        Status = ObReferenceObjectByHandle(FileHandle,
                                           FILE_READ_DATA | FILE_WRITE_DATA,
                                           IoFileObjectType,
                                           KernelMode,
                                           (PVOID*)&FileObject,
                                           NULL);
        if (!NT_SUCCESS(Status))
        {
            ZwClose(FileHandle);
            goto EarlyQuit;
        }
 
        /* Find if it matches a previous page file */
        PagingFile = NULL;
 
        KeAcquireGuardedMutex(&MmPageFileCreationLock);
 
        for (i = 0; i < MmNumberOfPagingFiles; ++i)
        {
            if (MmPagingFile[i]->FileObject->SectionObjectPointer == FileObject->SectionObjectPointer)
            {
                /* Same object pointer: this is the matching page file */
                PagingFile = MmPagingFile[i];
                break;
            }
        }
 
        /* If we didn't find the page file, fail */
        if (PagingFile == NULL)
        {
            KeReleaseGuardedMutex(&MmPageFileCreationLock);
            ObDereferenceObject(FileObject);
            ZwClose(FileHandle);
            Status = STATUS_NOT_FOUND;
            goto EarlyQuit;
        }
 
        /* Don't allow page file shrinking */
        if (PagingFile->MinimumSize > (SafeMinimumSize.QuadPart >> PAGE_SHIFT))
        {
            KeReleaseGuardedMutex(&MmPageFileCreationLock);
            ObDereferenceObject(FileObject);
            ZwClose(FileHandle);
            Status = STATUS_INVALID_PARAMETER_2;
            goto EarlyQuit;
        }
 
        if ((SafeMaximumSize.QuadPart >> PAGE_SHIFT) < PagingFile->MaximumSize)
        {
            KeReleaseGuardedMutex(&MmPageFileCreationLock);
            ObDereferenceObject(FileObject);
            ZwClose(FileHandle);
            Status = STATUS_INVALID_PARAMETER_3;
            goto EarlyQuit;
        }
 
        /* FIXME: implement parameters checking and page file extension */
        UNIMPLEMENTED;
 
        KeReleaseGuardedMutex(&MmPageFileCreationLock);
        ObDereferenceObject(FileObject);
        ZwClose(FileHandle);
        Status = STATUS_NOT_IMPLEMENTED;
        goto EarlyQuit;
    }
 
    if (!NT_SUCCESS(Status))
    {
EarlyQuit:
        DPRINT1("Failed creating page file: %lx\n", Status);
        ExFreePoolWithTag(Dacl, TAG_DACL);
        ExFreePoolWithTag(Buffer, TAG_MM);
        return Status;
    }
 
    /* Set the security descriptor */
    if (NT_SUCCESS(IoStatus.Status))
    {
        Status = ZwSetSecurityObject(FileHandle, DACL_SECURITY_INFORMATION, &SecurityDescriptor);
        if (!NT_SUCCESS(Status))
        {
            ZwClose(FileHandle);
            ExFreePoolWithTag(Dacl, TAG_DACL);
            ExFreePoolWithTag(Buffer, TAG_MM);
            return Status;
        }
    }
 
    /* DACL is no longer needed, free it */
    ExFreePoolWithTag(Dacl, TAG_DACL);
 
    /* FIXME: To enable once page file management is moved to ARM3 */
#if 0
    /* Check we won't overflow commit limit with the page file */
    if (MmTotalCommitLimitMaximum + (SafeMaximumSize.QuadPart >> PAGE_SHIFT) <= MmTotalCommitLimitMaximum)
    {
        ZwClose(FileHandle);
        ExFreePoolWithTag(Buffer, TAG_MM);
        return STATUS_INVALID_PARAMETER_3;
    }
#endif
 
    /* Set its end of file to minimal size */
    Status = ZwSetInformationFile(FileHandle,
                                  &IoStatus,
                                  &SafeMinimumSize,
                                  sizeof(LARGE_INTEGER),
                                  FileEndOfFileInformation);
    if (!NT_SUCCESS(Status) || !NT_SUCCESS(IoStatus.Status))
    {
        ZwClose(FileHandle);
        ExFreePoolWithTag(Buffer, TAG_MM);
        return Status;
    }
 
    Status = ObReferenceObjectByHandle(FileHandle,
                                       FILE_READ_DATA | FILE_WRITE_DATA,
                                       IoFileObjectType,
                                       KernelMode,
                                       (PVOID*)&FileObject,
                                       NULL);
    if (!NT_SUCCESS(Status))
    {
        ZwClose(FileHandle);
        ExFreePoolWithTag(Buffer, TAG_MM);
        return Status;
    }
 
    /* Only allow page file on a few device types */
    DeviceType = IoGetRelatedDeviceObject(FileObject)->DeviceType;
    if (DeviceType != FILE_DEVICE_DISK_FILE_SYSTEM &&
        DeviceType != FILE_DEVICE_NETWORK_FILE_SYSTEM &&
        DeviceType != FILE_DEVICE_DFS_VOLUME &&
        DeviceType != FILE_DEVICE_DFS_FILE_SYSTEM)
    {
        ObDereferenceObject(FileObject);
        ZwClose(FileHandle);
        ExFreePoolWithTag(Buffer, TAG_MM);
        return Status;
    }
 
    /* Deny page file creation on a floppy disk */
    FsDeviceInfo.Characteristics = 0;
    IoQueryVolumeInformation(FileObject, FileFsDeviceInformation,
                             sizeof(FsDeviceInfo), &FsDeviceInfo, &Count);
    if (BooleanFlagOn(FsDeviceInfo.Characteristics, FILE_FLOPPY_DISKETTE))
    {
        ObDereferenceObject(FileObject);
        ZwClose(FileHandle);
        ExFreePoolWithTag(Buffer, TAG_MM);
        return STATUS_FLOPPY_VOLUME;
    }
 
    /*
     * Missing validation steps TODO:
     * (see https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/mm/modwrite/create.htm )
     *
     * - Verify that no file system driver or any filter driver has done file
     *   I/O while opening the file.
     *   Verify that nothing of the paging file is yet in memory. Specifically,
     *   the file object must either have no SectionObjectPointer or the latter
     *   must have neither a DataSectionObject nor an ImageSectionObject.
     *   Otherwise, we should fail, returning STATUS_INCOMPATIBLE_FILE_MAP.
     *
     * - Inform all the applicable drivers to prepare for the possibility of
     *   paging I/O. Much of the point to paging I/O is to resolve page faults.
     *   Especially important is that drivers that handle paging I/O do not
     *   cause more page faults. All the code and data that each driver might
     *   ever use for access to the paging file must be locked into physical
     *   memory. This can’t be left until paging I/O actually occurs.
     *   It must be done in advance.
     */
 
    PagingFile = ExAllocatePoolZero(NonPagedPool, sizeof(*PagingFile), TAG_MM);
    if (PagingFile == NULL)
    {
        ObDereferenceObject(FileObject);
        ZwClose(FileHandle);
        ExFreePoolWithTag(Buffer, TAG_MM);
        return STATUS_INSUFFICIENT_RESOURCES;
    }
 
    PagingFile->FileHandle = FileHandle;
    PagingFile->FileObject = FileObject;
    PagingFile->Size = (SafeMinimumSize.QuadPart >> PAGE_SHIFT);
    PagingFile->MinimumSize = PagingFile->Size;
    PagingFile->MaximumSize = (SafeMaximumSize.QuadPart >> PAGE_SHIFT);
    /* First page is never used: it's the header
     * TODO: write it
     */
    PagingFile->FreeSpace = PagingFile->Size - 1;
    PagingFile->CurrentUsage = 0;
    PagingFile->PageFileName = PageFileName;
    ASSERT(PagingFile->Size == PagingFile->FreeSpace + PagingFile->CurrentUsage + 1);
 
    AllocMapSize = sizeof(RTL_BITMAP) + (((PagingFile->MaximumSize + 31) / 32) * sizeof(ULONG));
    PagingFile->Bitmap = ExAllocatePoolWithTag(NonPagedPool,
                                               AllocMapSize,
                                               TAG_MM);
    if (PagingFile->Bitmap == NULL)
    {
        ExFreePoolWithTag(PagingFile, TAG_MM);
        ObDereferenceObject(FileObject);
        ZwClose(FileHandle);
        ExFreePoolWithTag(Buffer, TAG_MM);
        return STATUS_INSUFFICIENT_RESOURCES;
    }
 
    RtlInitializeBitMap(PagingFile->Bitmap,
                        (PULONG)(PagingFile->Bitmap + 1),
                        (ULONG)(PagingFile->MaximumSize));
    RtlClearAllBits(PagingFile->Bitmap);
 
    /* Insert the new paging file information into the list */
    KeAcquireGuardedMutex(&MmPageFileCreationLock);
    /* Ensure the corresponding slot is empty yet */
    ASSERT(MmPagingFile[MmNumberOfPagingFiles] == NULL);
    MmPagingFile[MmNumberOfPagingFiles] = PagingFile;
    MmNumberOfPagingFiles++;
    MiFreeSwapPages = MiFreeSwapPages + PagingFile->FreeSpace;
    KeReleaseGuardedMutex(&MmPageFileCreationLock);
 
    MmSwapSpaceMessage = FALSE;
 
    if (!MmSystemPageFileLocated && BooleanFlagOn(FileObject->DeviceObject->Flags, DO_SYSTEM_BOOT_PARTITION))
    {
        MmSystemPageFileLocated = IoInitializeCrashDump(FileHandle);
    }
 
    return STATUS_SUCCESS;
}

Referenced by SmpCreatePagingFile().

NtCreateSection()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection	(	_Out_ PHANDLE	SectionHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_opt_ PLARGE_INTEGER	MaximumSize,
		_In_ ULONG	SectionPageProtection,
		_In_ ULONG	AllocationAttributes,
		_In_opt_ HANDLE	FileHandle
	)

NtExtendSection()

NTSYSCALLAPI NTSTATUS NTAPI NtExtendSection	(	_In_ HANDLE	SectionHandle,
		_In_ PLARGE_INTEGER	NewMaximumSize
	)

NtFlushInstructionCache()

NTSYSCALLAPI NTSTATUS NTAPI NtFlushInstructionCache	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress,
		_In_ SIZE_T	NumberOfBytesToFlush
	)

NtFlushVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtFlushVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PVOID *	BaseAddress,
		_Inout_ PSIZE_T	RegionSize,
		_Out_ PIO_STATUS_BLOCK	IoStatus
	)

NtFreeUserPhysicalPages()

NTSTATUS NTAPI NtFreeUserPhysicalPages	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PULONG_PTR	NumberOfPages,
		_Inout_ PULONG_PTR	UserPfnArray
	)

NtGetWriteWatch()

NTSTATUS NTAPI NtGetWriteWatch	(	_In_ HANDLE	ProcessHandle,
		_In_ ULONG	Flags,
		_In_ PVOID	BaseAddress,
		_In_ SIZE_T	RegionSize,
		_In_ PVOID *	UserAddressArray,
		_Out_ PULONG_PTR	EntriesInUserAddressArray,
		_Out_ PULONG	Granularity
	)

NtLockVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtLockVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PVOID *	BaseAddress,
		_Inout_ PSIZE_T	NumberOfBytesToLock,
		_In_ ULONG	MapType
	)

NtMapUserPhysicalPages()

NTSTATUS NTAPI NtMapUserPhysicalPages	(	_In_ PVOID	VirtualAddresses,
		_In_ ULONG_PTR	NumberOfPages,
		_Inout_ PULONG_PTR	UserPfnArray
	)

NtMapUserPhysicalPagesScatter()

NTSTATUS NTAPI NtMapUserPhysicalPagesScatter	(	_In_ PVOID *	VirtualAddresses,
		_In_ ULONG_PTR	NumberOfPages,
		_Inout_ PULONG_PTR	UserPfnArray
	)

NtMapViewOfSection()

NTSYSCALLAPI NTSTATUS NTAPI NtMapViewOfSection	(	_In_ HANDLE	SectionHandle,
		_In_ HANDLE	ProcessHandle,
		_Inout_ PVOID *	BaseAddress,
		_In_ ULONG_PTR	ZeroBits,
		_In_ SIZE_T	CommitSize,
		_Inout_opt_ PLARGE_INTEGER	SectionOffset,
		_Inout_ PSIZE_T	ViewSize,
		_In_ SECTION_INHERIT	InheritDisposition,
		_In_ ULONG	AllocationType,
		_In_ ULONG	AccessProtection
	)

NtOpenSection()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenSection	(	_Out_ PHANDLE	SectionHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes
	)

NtProtectVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtProtectVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID *	BaseAddress,
		_In_ SIZE_T *	NumberOfBytesToProtect,
		_In_ ULONG	NewAccessProtection,
		_Out_ PULONG	OldAccessProtection
	)

NtQuerySection()

NTSYSCALLAPI NTSTATUS NTAPI NtQuerySection	(	_In_ HANDLE	SectionHandle,
		_In_ SECTION_INFORMATION_CLASS	SectionInformationClass,
		_Out_ PVOID	SectionInformation,
		_In_ SIZE_T	Length,
		_Out_ PSIZE_T	ResultLength
	)

NtQueryVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtQueryVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	Address,
		_In_ MEMORY_INFORMATION_CLASS	VirtualMemoryInformationClass,
		_Out_ PVOID	VirtualMemoryInformation,
		_In_ SIZE_T	Length,
		_Out_opt_ PSIZE_T	ResultLength
	)

NtReadVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtReadVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress,
		_Out_ PVOID	Buffer,
		_In_ SIZE_T	NumberOfBytesToRead,
		_Out_opt_ PSIZE_T	NumberOfBytesRead
	)

NtResetWriteWatch()

NTSTATUS NTAPI NtResetWriteWatch	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress,
		_In_ SIZE_T	RegionSize
	)

NtUnlockVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtUnlockVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PVOID *	BaseAddress,
		_Inout_ PSIZE_T	NumberOfBytesToUnlock,
		_In_ ULONG	MapType
	)

NtUnmapViewOfSection()

NTSYSCALLAPI NTSTATUS NTAPI NtUnmapViewOfSection	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress
	)

NtWriteVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtWriteVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress,
		_In_ PVOID	Buffer,
		_In_ SIZE_T	NumberOfBytesToWrite,
		_Out_opt_ PSIZE_T	NumberOfBytesWritten
	)

ZwAreMappedFilesTheSame()

NTSYSAPI NTSTATUS NTAPI ZwAreMappedFilesTheSame	(	_In_ PVOID	File1MappedAsAnImage,
		_In_ PVOID	File2MappedAsFile
	)

Referenced by LdrpCheckForLoadedDll().

ZwCreatePagingFile()

NTSYSAPI NTSTATUS NTAPI ZwCreatePagingFile	(	_In_ PUNICODE_STRING	FileName,
		_In_ PLARGE_INTEGER	MinimumSize,
		_In_ PLARGE_INTEGER	MaximumSize,
		_In_ ULONG	Reserved
	)

ZwExtendSection()

NTSYSAPI NTSTATUS NTAPI ZwExtendSection	(	_In_ HANDLE	SectionHandle,
		_In_ PLARGE_INTEGER	NewMaximumSize
	)

ZwLockVirtualMemory()

NTSYSAPI NTSTATUS NTAPI ZwLockVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PVOID *	BaseAddress,
		_Inout_ PSIZE_T	NumberOfBytesToLock,
		_In_ ULONG	MapType
	)

ZwOpenSection()

NTSYSAPI NTSTATUS NTAPI ZwOpenSection	(	_Out_ PHANDLE	SectionHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes
	)

Referenced by CmpInitializeMachineDependentConfiguration(), IntVideoPortMapPhysicalMemory(), SystemProcessWorker(), TestPhysicalMemorySection(), and VdmpInitialize().

ZwProtectVirtualMemory()

NTSYSAPI NTSTATUS NTAPI ZwProtectVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID *	BaseAddress,
		_In_ SIZE_T *	NumberOfBytesToProtect,
		_In_ ULONG	NewAccessProtection,
		_Out_ PULONG	OldAccessProtection
	)

Referenced by LdrpSetProtection(), RtlpCreateUserStack(), and RtlpDphProtectVm().

ZwQuerySection()

NTSYSAPI NTSTATUS NTAPI ZwQuerySection	(	_In_ HANDLE	SectionHandle,
		_In_ SECTION_INFORMATION_CLASS	SectionInformationClass,
		_Out_ PVOID	SectionInformation,
		_In_ SIZE_T	Length,
		_Out_opt_ PSIZE_T	ResultLength
	)

Referenced by CheckSection_(), LdrpCreateDllSection(), and RtlCreateUserProcess().

ZwQueryVirtualMemory()

NTSYSAPI NTSTATUS NTAPI ZwQueryVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	Address,
		_In_ MEMORY_INFORMATION_CLASS	VirtualMemoryInformationClass,
		_Out_ PVOID	VirtualMemoryInformation,
		_In_ SIZE_T	Length,
		_Out_opt_ PSIZE_T	ResultLength
	)

Referenced by RtlCreateHeap(), RtlDebugCreateHeap(), and RtlpDphCoalesceNodeIntoAvailable().

ZwReadVirtualMemory()

NTSYSAPI NTSTATUS NTAPI ZwReadVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress,
		_Out_ PVOID	Buffer,
		_In_ SIZE_T	NumberOfBytesToRead,
		_Out_opt_ PSIZE_T	NumberOfBytesRead
	)

ZwUnlockVirtualMemory()

NTSYSAPI NTSTATUS NTAPI ZwUnlockVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PVOID *	BaseAddress,
		_Inout_ PSIZE_T	NumberOfBytesToUnlock,
		_In_ ULONG	MapType
	)

ZwWriteVirtualMemory()

NTSYSAPI NTSTATUS NTAPI ZwWriteVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress,
		_In_ PVOID	Buffer,
		_In_ SIZE_T	NumberOfBytesToWrite,
		_Out_opt_ PSIZE_T	NumberOfBytesWritten
	)

Referenced by RtlInitializeContext(), and RtlpInitEnvironment().

Variable Documentation

AllocationAttributes

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG AllocationAttributes

Definition at line 364 of file mmfuncs.h.

Referenced by MiCreatePagingFileMap(), MmCreateArm3Section(), MmCreateDataFileSection(), MmCreateImageSection(), MmCreateSection(), MmSelectMappingAddress(), and NtCreateSection().

AllocationType

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT _In_ ULONG AllocationType

Definition at line 410 of file mmfuncs.h.

Referenced by KmtInitTestContext(), MiInsertVadEx(), MiMapViewOfDataSection(), MmMapViewOfArm3Section(), MmMapViewOfSection(), MmMapViewOfSegment(), NtAllocateVirtualMemory(), NtMapViewOfSection(), and StressTesting().

BaseAddress

_Inout_ PVOID * BaseAddress

Definition at line 404 of file mmfuncs.h.

Referenced by $endif(), __RtlImageDirectoryEntryToData(), __RtlImageRvaToVa(), _IRQL_requires_max_(), AdvancedErrorChecks(), AVrfpIsVerifierProviderDll(), AVrfpLdrGetProcedureAddress(), BehaviorChecks(), BiosDiskService(), BiosMiscService(), BiosMouseEnable(), BlImgLoadImageWithProgress2(), CalcCheckSum(), CcPreparePinWrite(), CcpUnpinData(), CheckAdjacentVADs(), CheckAlignment(), CheckSize(), CheckSomeDefaultAddresses(), CheckSumMappedFile(), ClasspGetMaxUsableBufferLengthFromOffset(), CmpInitializeMachineDependentConfiguration(), CpuExceptionFilter(), CreateProcessInternalW(), DbgkMapViewOfSection(), DbgkUnMapViewOfSection(), DECLARE_INTERFACE_(), DiskBios32Post(), DosBIOSInitialize(), DosClonePsp(), DosCreatePsp(), DosInt21h(), DosLoadExecutableInternal(), DosMouseCleanup(), DosMouseDisable(), DosMouseEnable(), DosMouseInitialize(), DosTerminateProcess(), ExLockUserBuffer(), ExpComputePartialHashForAddress(), FAT12CountAvailableClusters(), FAT12FindAndMarkAvailableCluster(), FAT12GetNextCluster(), FAT12WriteCluster(), FAT16CountAvailableClusters(), FAT16FindAndMarkAvailableCluster(), FAT16GetNextCluster(), FAT16WriteCluster(), FAT32CountAvailableClusters(), FAT32FindAndMarkAvailableCluster(), FAT32GetNextCluster(), FAT32WriteCluster(), FileSectionViewPermissionCheck(), find_entry(), FlushViewOfFile(), GetEbdaLocation(), GetProcessVersion(), HalpMapPhysicalMemory64Vista(), IMAGEHLP_RecalculateChecksum(), InitializeBiosInt32(), InitializeModeTable(), IntAgpCommitVirtual(), IntAgpFreeVirtual(), IntVideoPortImageDirectoryEntryToData(), IopLoadDriver(), is_data_file_module(), KdpSysReadControlSpace(), KdpSysWriteControlSpace(), Ke386SetGdtEntryBase(), KeSweepICache(), LdrAccessResource(), LdrAddRefDll(), LdrDisableThreadCalloutsForDll(), LdrFindResource_U(), LdrFindResourceDirectory_U(), LdrGetProcedureAddress(), LdrInitShimEngineDynamic(), LdrLoadDll(), LdrpAccessResource(), LdrpAllocateDataTableEntry(), LdrpCallInitRoutine(), LdrpFetchAddressOfSecurityCookie(), LdrpGetProcedureAddress(), LdrpLoadDll(), LdrRelocateImage(), LdrRelocateImageWithBias(), LdrUnloadDll(), LdrVerifyMappedImageMatchesChecksum(), LlbAllocateMemoryEntry(), LoadModule(), LoadOle32Export(), main(), MapFile(), MapFileAndCheckSumA(), MapFileAndCheckSumW(), MemCleanup(), MemInitialize(), MiAddHalIoMappings(), MiAllocateContiguousMemory(), MiBuildPfnDatabaseFromPages(), MiCacheImageSymbols(), MiCheckForContiguousMemory(), MiCheckVadsForLockOperation(), MiCreateArm3StaticMemoryArea(), MiCreatePebOrTeb(), MiFindContiguousMemory(), MiFreeContiguousMemory(), MiInsertVadEx(), MiLockVirtualMemory(), MiMapLockedPagesInUserSpace(), MiMapViewOfDataSection(), MiProtectVirtualMemory(), MiQueryMemoryBasicInformation(), MiQueryMemorySectionName(), MiRemoveMappedPtes(), MiRosCleanupMemoryArea(), MiRosUnmapViewOfSection(), MiUnlockVirtualMemory(), MiUnmapLockedPagesInUserSpace(), MiUnmapViewOfSection(), MmAllocateNonCachedMemory(), MmAlterRegion(), MmAlterViewAttributes(), MmCreateKernelStack(), MmCreateMemoryArea(), MmFindRegion(), MmFreeContiguousMemory(), MmFreeContiguousMemorySpecifyCache(), MmFreeNonCachedMemory(), MmMapIoSpace(), MmMapLockedPagesSpecifyCache(), MmMapViewOfArm3Section(), MmMapViewOfSection(), MmMapViewOfSegment(), MmPapAllocatePagesInRange(), MmPapAllocatePhysicalPagesInRange(), MmProtectSectionView(), MmUnloadSystemImage(), MmUnmapIoSpace(), MmUnmapLockedPages(), MmUnmapReservedMapping(), MmUnmapVideoDisplay(), MmUnmapViewOfSection(), MmUnmapViewOfSegment(), NtFlushInstructionCache(), NtFlushVirtualMemory(), NtGetVersionResource(), NtGetWriteWatch(), NtLockVirtualMemory(), NtMapViewOfSection(), NtProtectVirtualMemory(), NtQueryVirtualMemory(), NtReadVirtualMemory(), NtResetWriteWatch(), NtUnlockVirtualMemory(), NtUnmapViewOfSection(), NtWriteVirtualMemory(), OpenAndMapFile(), PageFileBehaviorChecks(), PcMemGetBiosMemoryMap(), PeLdrpFetchAddressOfSecurityCookie(), PropertyLengthAsVariant(), ProtectLowV86Mem(), RamdiskCreateDiskDevice(), RamdiskGetPartitionInfo(), RamdiskReadWriteReal(), RamdiskSetPartitionInfo(), RamdiskUnmapPages(), ReserveMemory(), RtlAddFunctionTable(), RtlConvertPropertyToVariant(), RtlConvertVariantToProperty(), RtlDebugGetUserInfoHeap(), RtlDebugSetUserFlagsHeap(), RtlDebugSetUserValueHeap(), RtlDestroyHeap(), RtlFindMessage(), RtlGetExpWinVer(), RtlGetUserInfoHeap(), RtlImageDirectoryEntryToData(), RtlImageRvaToVa(), RtlInstallFunctionTableCallback(), RtlpDebugPageHeapValidate(), RtlpDestroyHeapSegment(), RtlpDphNormalHeapValidate(), RtlpInitEnvironment(), RtlpPageHeapGetUserInfo(), RtlpPageHeapSetUserFlags(), RtlpPageHeapSetUserValue(), RtlpPageHeapSize(), RtlSetUserFlagsHeap(), RtlSetUserValueHeap(), ScrResetScreen(), ScrSetFont(), SE_IsShimDll(), SeiCheckComPlusImage(), SeiCreateShimModuleInfo(), SeiFindHookModuleInfo(), SeiGetShimModuleInfo(), SeiInit(), SerialDetectUartType(), SetMemory(), SimpleErrorChecks(), START_TEST(), supports_pdb(), supports_rsym(), SystemProcessWorker(), Test_ImageSection2(), test_pack_MEMORY_BASIC_INFORMATION(), Test_PageFileSection(), Test_RawSize(), Test_SectionContents(), test_SymEnumSymbols(), test_SymFromAddr(), test_SymFromName(), test_SymRegCallback(), Test_Truncate(), TestMap(), UefiSetMemory(), UnMapFile(), UnprotectLowV86Mem(), VbeGetVideoMemoryBaseAddress(), VbeSetMode(), VdmpInitialize(), VidBiosDrawGlyph(), VidBiosPost(), VidBiosSetVideoMode(), VidBiosVideoService(), VideoPortLockBuffer(), VidInitialize(), VirtualLock(), VirtualUnlock(), and Write().

CommitSize

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T CommitSize

Definition at line 406 of file mmfuncs.h.

Referenced by _Function_class_(), AVrfpDebugPageHeapCreate(), MiMapViewOfDataSection(), MmMapViewOfArm3Section(), MmMapViewOfSection(), NtMapViewOfSection(), RtlCreateHeap(), RtlCreateQueryDebugBuffer(), RtlDebugCreateHeap(), RtlpCreateUnCommittedRange(), RtlpDebugBufferCommit(), RtlpExtendHeap(), and RtlpPageHeapCreate().

DesiredAccess

_In_ ACCESS_MASK DesiredAccess

Definition at line 360 of file mmfuncs.h.

FileHandle

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_opt_ HANDLE FileHandle

Definition at line 365 of file mmfuncs.h.

FreeType

_Inout_ _Inout_ PSIZE_T _In_ ULONG FreeType

Definition at line 173 of file mmfuncs.h.

Referenced by DnsFree(), NtFreeVirtualMemory(), and Test_NtFreeVirtualMemory_Parameters().

InheritDisposition

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT InheritDisposition

Definition at line 409 of file mmfuncs.h.

Referenced by MiMapViewOfDataSection(), MmMapViewOfArm3Section(), MmMapViewOfSection(), and NtMapViewOfSection().

MaximumSize

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER MaximumSize

Definition at line 362 of file mmfuncs.h.

Referenced by AdvancedErrorChecks(), BehaviorChecks(), CreateSection(), CsrAllocateCaptureBuffer(), FileSectionViewPermissionCheck(), FrLdrHeapCreate(), IoEnumerateRegisteredFiltersList(), MiCreatePagingFileMap(), MmCreateDataFileSection(), MmCreateSection(), NtCreatePagingFile(), NtCreateSection(), SimpleErrorChecks(), SmpMakeSystemManagedPagingFileDescriptor(), START_TEST(), StorPortLogSystemEvent(), Test_BasedSection(), Test_ImageSection2(), Test_PageFileSection(), and TestCreateSection().

ObjectAttributes

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes

Definition at line 361 of file mmfuncs.h.

ProcessHandle

_In_ HANDLE ProcessHandle

Definition at line 403 of file mmfuncs.h.

Referenced by BaseCheckForVDM(), BasepReplaceProcessThreadTokens(), BasePushProcessParameters(), CON_API(), ConDrvCreateScreenBuffer(), CreateProcessInternalW(), CSR_API(), GetProcessVersion(), GRAPHICS_BUFFER_Initialize(), InsertProcessSecurityCommon(), InsertTokenToProcessCommon(), IntAgpReserveVirtual(), IntVideoPortMapMemory(), IsProcessInJob(), LsapCheckLogonProcess(), LsapEnumLogonSessions(), LsapGetLogonSessionData(), LsapIsTrustedClient(), MiQueryMemoryBasicInformation(), MiQueryMemorySectionName(), NtAllocateVirtualMemory(), NtAssignProcessToJobObject(), NtCreateProcess(), NtCreateProcessEx(), NtCreateThread(), NtDebugActiveProcess(), NtFlushInstructionCache(), NtFlushVirtualMemory(), NtFreeVirtualMemory(), NtGetWriteWatch(), NtIsProcessInJob(), NtLockVirtualMemory(), NtMapViewOfSection(), NtOpenProcess(), NtOpenProcessToken(), NtOpenProcessTokenEx(), NtProtectVirtualMemory(), NtQueryInformationProcess(), NtQueryVirtualMemory(), NtReadVirtualMemory(), NtRemoveProcessDebug(), NtResetWriteWatch(), NtResumeProcess(), NtSetInformationProcess(), NtSuspendProcess(), NtTerminateProcess(), NtUnlockVirtualMemory(), NtUnmapViewOfSection(), NtUserProcessConnect(), NtUserResolveDesktop(), NtWriteVirtualMemory(), OpenProcess(), OpenProcessToken(), ProcessIdToSessionId(), PsaEnumerateProcessModules(), PsCreateSystemProcess(), PsCreateSystemThread(), PsOpenTokenOfProcess(), PspCreateProcess(), PspCreateThread(), RtlCreateUserThread(), RtlFreeUserThreadStack(), RtlInitializeContext(), RtlpCreateUserStack(), RtlpFreeUserStack(), RtlpInitEnvironment(), RtlpQueryRemoteProcessModules(), SmpExecPgm(), SmpGetProcessMuSessionId(), SmpHandleConnectionRequest(), SmpInit(), SmpSetProcessMuSessionId(), StuffStdHandle(), TEXTMODE_BUFFER_Initialize(), WahOpenCurrentThread(), and wait_process_handle().

RegionSize

_Inout_ PVOID _Inout_ PSIZE_T RegionSize

Definition at line 172 of file mmfuncs.h.

Referenced by _resetstkoflw(), BaseCreateVDMEnvironment(), CopyLoop(), CreateProcessInternalW(), CustomBaseAllocation(), KmtInitTestContext(), MiCheckVadsForLockOperation(), MiLockVirtualMemory(), MiUnlockVirtualMemory(), MiUnmapViewOfSection(), MmAlterViewAttributes(), MmMdRemoveRegionFromMdlEx(), NtGetWriteWatch(), NtResetWriteWatch(), RtlCreateEnvironment(), SetupCopyFile(), SimpleAllocation(), SimpleErrorChecks(), StressTesting(), test_pack_MEMORY_BASIC_INFORMATION(), VirtualLock(), VirtualUnlock(), Write(), and WriteProcessMemory().

SectionOffset

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER SectionOffset

Definition at line 407 of file mmfuncs.h.

Referenced by AdvancedErrorChecks(), BehaviorChecks(), DIB_CreateDIBSection(), ExpInitNls(), MapViewOfFileEx(), MiAddMappedPtes(), MiLoadImageSection(), MiMapViewInSystemSpace(), MiMapViewOfDataSection(), MmCreatePeb(), MmMapViewInSessionSpace(), MmMapViewInSystemSpace(), MmMapViewInSystemSpaceEx(), MmMapViewOfArm3Section(), MmMapViewOfSection(), NtAcceptConnectPort(), NtMapViewOfSection(), NtSecureConnectPort(), PageFileBehaviorChecks(), SimpleErrorChecks(), SystemProcessWorker(), Test_BasedSection(), Test_ImageSection2(), Test_PageFileSection(), Test_RawSize(), and Test_SectionContents().

SectionPageProtection

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG SectionPageProtection

Definition at line 363 of file mmfuncs.h.

Referenced by FsRtlAcquireToCreateMappedSection(), MapFile(), MiIsProtectionCompatible(), MmCreateArm3Section(), MmCreateDataFileSection(), MmCreateImageSection(), MmCreateSection(), and NtCreateSection().

ViewSize

_Must_inspect_result_ _Outptr_result_bytebuffer_ ViewSize PVOID _Inout_ PSIZE_T ViewSize

Definition at line 408 of file mmfuncs.h.

Referenced by _Function_class_(), AdvancedErrorChecks(), BasepLoadLibraryAsDatafile(), BehaviorChecks(), CcpMapData(), CcRosCreateVacb(), CmpInitializeMachineDependentConfiguration(), CON_API(), ConDrvGetConsoleScreenBufferInfo(), CsrSrvAttachSharedSection(), CsrSrvCreateSharedSection(), ExpInitNls(), FileSectionViewPermissionCheck(), GRAPHICS_BUFFER_Initialize(), GuiApplyUserSettings(), GuiConsoleShowConsoleProperties(), Heap32ListFirst(), Heap32ListNext(), IntGdiAddFontResourceSingle(), IntMapDesktopView(), IntUserHeapCreate(), LdrpCheckForLoadedDll(), LdrpMapDll(), LdrVerifyImageMatchesChecksum(), MapFile(), MapGlobalUserHeap(), MapViewOfFileEx(), MiInsertVadEx(), MiLoadImageSection(), MiMapViewInSystemSpace(), MiMapViewOfDataSection(), MiRosUnmapViewOfSection(), MmCheckSystemImage(), MmCommitSessionMappedView(), MmCreatePeb(), MmInitializeProcessAddressSpace(), MmMapViewInSessionSpace(), MmMapViewInSystemSpace(), MmMapViewInSystemSpaceEx(), MmMapViewOfArm3Section(), MmMapViewOfSection(), MmMapViewOfSegment(), Module32FirstW(), Module32NextW(), NtMapViewOfSection(), PageFileBehaviorChecks(), Process32FirstW(), Process32NextW(), ProtectLowV86Mem(), PspMapSystemDll(), RtlDestroyQueryDebugBuffer(), SimpleErrorChecks(), SystemProcessWorker(), Test_BasedSection(), Test_ImageSection(), Test_ImageSection2(), Test_PageFileSection(), Test_RawSize(), Test_SectionContents(), Test_Truncate(), TestPhysicalMemorySection(), TH32CreateSnapshotSectionInitialize(), Thread32First(), Thread32Next(), UnprotectLowV86Mem(), and VdmpInitialize().

Win32Protect

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT _In_ ULONG _In_ ULONG Win32Protect

Definition at line 411 of file mmfuncs.h.

ZeroBits

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR ZeroBits

Definition at line 405 of file mmfuncs.h.

Referenced by MiMapViewOfDataSection(), MmMapViewOfArm3Section(), MmMapViewOfSection(), NtAllocateVirtualMemory(), NtMapViewOfSection(), and Test_PageFileSection().