#include <umtypes.h>
#include <mmtypes.h>

Include dependency graph for mmfuncs.h:

This graph shows which files directly or indirectly include this file:

Functions
NTSTATUS NTAPI	MmCreateSection (_Out_ PVOID *SectionObject, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PLARGE_INTEGER MaximumSize, _In_ ULONG SectionPageProtection, _In_ ULONG AllocationAttributes, _In_opt_ HANDLE FileHandle, _In_opt_ PFILE_OBJECT File)

NTSTATUS NTAPI	MmMapViewOfSection (_In_ PVOID SectionObject, _In_ PEPROCESS Process, _Inout_ PVOID *BaseAddress, _In_ ULONG_PTR ZeroBits, _In_ SIZE_T CommitSize, _Inout_opt_ PLARGE_INTEGER SectionOffset, _Inout_ PSIZE_T ViewSize, _In_ SECTION_INHERIT InheritDisposition, _In_ ULONG AllocationType, _In_ ULONG Protect)

NTSTATUS NTAPI	MmUnmapViewOfSection (_In_ struct _EPROCESS *Process, _In_ PVOID BaseAddress)

NTSYSCALLAPI NTSTATUS NTAPI	NtAreMappedFilesTheSame (_In_ PVOID File1MappedAsAnImage, _In_ PVOID File2MappedAsFile)

NTSTATUS NTAPI	NtAllocateUserPhysicalPages (_In_ HANDLE ProcessHandle, _Inout_ PULONG_PTR NumberOfPages, _Inout_ PULONG_PTR UserPfnArray)

_Must_inspect_result_ _At_ *	BaseAddress (Mem)) __kernel_entryNTSYSCALLAPINTSTATUSNTAPINtAllocateVirtualMemory(_In_ HANDLE ProcessHandle, _Inout_ _Outptr_result_buffer_(RegionSize) PVOID BaseAddress, _In_ ULONG_PTR ZeroBits, _Inout_ PSIZE_T RegionSize, _In_ ULONG AllocationType, _In_ ULONG Protect

NTSYSCALLAPI NTSTATUS NTAPI	NtCreatePagingFile (_In_ PUNICODE_STRING FileName, _In_ PLARGE_INTEGER InitialSize, _In_ PLARGE_INTEGER MaxiumSize, _In_ ULONG Reserved)

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtCreateSection (_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PLARGE_INTEGER MaximumSize, _In_ ULONG SectionPageProtection, _In_ ULONG AllocationAttributes, _In_opt_ HANDLE FileHandle)

NTSYSCALLAPI NTSTATUS NTAPI	NtExtendSection (_In_ HANDLE SectionHandle, _In_ PLARGE_INTEGER NewMaximumSize)

NTSYSCALLAPI NTSTATUS NTAPI	NtFlushInstructionCache (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ SIZE_T NumberOfBytesToFlush)

NTSYSCALLAPI NTSTATUS NTAPI	NtFlushVirtualMemory (_In_ HANDLE ProcessHandle, _Inout_ PVOID *BaseAddress, _Inout_ PSIZE_T RegionSize, _Out_ PIO_STATUS_BLOCK IoStatus)

NTSTATUS NTAPI	NtFreeUserPhysicalPages (_In_ HANDLE ProcessHandle, _Inout_ PULONG_PTR NumberOfPages, _Inout_ PULONG_PTR UserPfnArray)

__kernel_entry	_IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSCALLAPI NTSTATUS NTAPI NtFreeVirtualMemory(_In_ HANDLE ProcessHandle

__kernel_entry _Inout_	__drv_freesMem (Mem) PVOID *BaseAddress

NTSTATUS NTAPI	NtGetWriteWatch (_In_ HANDLE ProcessHandle, _In_ ULONG Flags, _In_ PVOID BaseAddress, _In_ SIZE_T RegionSize, _In_ PVOID *UserAddressArray, _Out_ PULONG_PTR EntriesInUserAddressArray, _Out_ PULONG Granularity)

NTSYSCALLAPI NTSTATUS NTAPI	NtLockVirtualMemory (_In_ HANDLE ProcessHandle, _Inout_ PVOID *BaseAddress, _Inout_ PSIZE_T NumberOfBytesToLock, _In_ ULONG MapType)

NTSTATUS NTAPI	NtMapUserPhysicalPages (_In_ PVOID VirtualAddresses, _In_ ULONG_PTR NumberOfPages, _Inout_ PULONG_PTR UserPfnArray)

NTSTATUS NTAPI	NtMapUserPhysicalPagesScatter (_In_ PVOID *VirtualAddresses, _In_ ULONG_PTR NumberOfPages, _Inout_ PULONG_PTR UserPfnArray)

NTSYSCALLAPI NTSTATUS NTAPI	NtMapViewOfSection (_In_ HANDLE SectionHandle, _In_ HANDLE ProcessHandle, _Inout_ PVOID *BaseAddress, _In_ ULONG_PTR ZeroBits, _In_ SIZE_T CommitSize, _Inout_opt_ PLARGE_INTEGER SectionOffset, _Inout_ PSIZE_T ViewSize, _In_ SECTION_INHERIT InheritDisposition, _In_ ULONG AllocationType, _In_ ULONG AccessProtection)

NTSYSCALLAPI NTSTATUS NTAPI	NtOpenSection (_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)

NTSYSCALLAPI NTSTATUS NTAPI	NtProtectVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ SIZE_T NumberOfBytesToProtect, _In_ ULONG NewAccessProtection, _Out_ PULONG OldAccessProtection)

NTSYSCALLAPI NTSTATUS NTAPI	NtQuerySection (_In_ HANDLE SectionHandle, _In_ SECTION_INFORMATION_CLASS SectionInformationClass, _Out_ PVOID SectionInformation, _In_ SIZE_T Length, _Out_ PSIZE_T ResultLength)

NTSYSCALLAPI NTSTATUS NTAPI	NtQueryVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID Address, _In_ MEMORY_INFORMATION_CLASS VirtualMemoryInformationClass, _Out_ PVOID VirtualMemoryInformation, _In_ SIZE_T Length, _Out_opt_ PSIZE_T ResultLength)

NTSYSCALLAPI NTSTATUS NTAPI	NtReadVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _Out_ PVOID Buffer, _In_ SIZE_T NumberOfBytesToRead, _Out_opt_ PSIZE_T NumberOfBytesRead)

NTSTATUS NTAPI	NtResetWriteWatch (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ SIZE_T RegionSize)

NTSYSCALLAPI NTSTATUS NTAPI	NtUnlockVirtualMemory (_In_ HANDLE ProcessHandle, _Inout_ PVOID *BaseAddress, _Inout_ PSIZE_T NumberOfBytesToUnlock, _In_ ULONG MapType)

NTSYSCALLAPI NTSTATUS NTAPI	NtUnmapViewOfSection (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress)

NTSYSCALLAPI NTSTATUS NTAPI	NtWriteVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ PVOID Buffer, _In_ SIZE_T NumberOfBytesToWrite, _Out_opt_ PSIZE_T NumberOfBytesWritten)

NTSYSAPI NTSTATUS NTAPI	ZwAreMappedFilesTheSame (_In_ PVOID File1MappedAsAnImage, _In_ PVOID File2MappedAsFile)

NTSYSAPI NTSTATUS NTAPI	ZwCreatePagingFile (_In_ PUNICODE_STRING FileName, _In_ PLARGE_INTEGER InitialSize, _In_ PLARGE_INTEGER MaxiumSize, _In_ ULONG Reserved)

	_IRQL_requires_max_ (APC_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwCreateSection(_Out_ PHANDLE SectionHandle

NTSYSAPI NTSTATUS NTAPI	ZwExtendSection (_In_ HANDLE SectionHandle, _In_ PLARGE_INTEGER NewMaximumSize)

NTSYSAPI NTSTATUS NTAPI	ZwLockVirtualMemory (_In_ HANDLE ProcessHandle, _Inout_ PVOID *BaseAddress, _Inout_ PSIZE_T NumberOfBytesToLock, _In_ ULONG MapType)

NTSYSAPI NTSTATUS NTAPI	ZwOpenSection (_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)

NTSYSAPI NTSTATUS NTAPI	ZwProtectVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ SIZE_T NumberOfBytesToProtect, _In_ ULONG NewAccessProtection, _Out_ PULONG OldAccessProtection)

NTSYSAPI NTSTATUS NTAPI	ZwQuerySection (_In_ HANDLE SectionHandle, _In_ SECTION_INFORMATION_CLASS SectionInformationClass, _Out_ PVOID SectionInformation, _In_ SIZE_T Length, _Out_opt_ PSIZE_T ResultLength)

NTSYSAPI NTSTATUS NTAPI	ZwQueryVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID Address, _In_ MEMORY_INFORMATION_CLASS VirtualMemoryInformationClass, _Out_ PVOID VirtualMemoryInformation, _In_ SIZE_T Length, _Out_opt_ PSIZE_T ResultLength)

NTSYSAPI NTSTATUS NTAPI	ZwReadVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _Out_ PVOID Buffer, _In_ SIZE_T NumberOfBytesToRead, _Out_opt_ PSIZE_T NumberOfBytesRead)

NTSYSAPI NTSTATUS NTAPI	ZwUnlockVirtualMemory (_In_ HANDLE ProcessHandle, _Inout_ PVOID *BaseAddress, _Inout_ PSIZE_T NumberOfBytesToUnlock, _In_ ULONG MapType)

NTSYSAPI NTSTATUS NTAPI	ZwWriteVirtualMemory (_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ PVOID Buffer, _In_ SIZE_T NumberOfBytesToWrite, _Out_opt_ PSIZE_T NumberOfBytesWritten)

Variables
__kernel_entry _Inout_ _Inout_ PSIZE_T	RegionSize

__kernel_entry _Inout_ _Inout_ PSIZE_T _In_ ULONG	FreeType

_In_ ACCESS_MASK	DesiredAccess

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER	MaximumSize

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG	SectionPageProtection

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG	AllocationAttributes

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_opt_ HANDLE	FileHandle

_In_ HANDLE	ProcessHandle

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID *	BaseAddress

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR	ZeroBits

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T	CommitSize

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER	SectionOffset

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T	ViewSize

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT	InheritDisposition

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT _In_ ULONG	AllocationType

_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T _In_ SECTION_INHERIT _In_ ULONG _In_ ULONG	Win32Protect

Function Documentation

◆ __drv_freesMem()

_IRQL_requires_same_ _In_ __drv_freesMem ( Mem )

◆ _IRQL_requires_max_() [1/2]

__kernel_entry _IRQL_requires_max_ ( PASSIVE_LEVEL )

Definition at line 64 of file Messaging.c.

 {
     PFLT_SERVER_PORT_OBJECT PortObject;
     NTSTATUS Status;
 
     /* The caller must allow at least one connection */
     if (MaxConnections == 0)
     {
         return STATUS_INVALID_PARAMETER;
     }
 
     /* The request must be for a kernel handle */
     if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
     {
         return STATUS_INVALID_PARAMETER;
     }
 
     /*
      * Get rundown protection on the target to stop the owner
      * from unloading whilst this port object is open. It gets
      * removed in the FltpServerPortClose callback
      */
     Status = FltObjectReference(Filter);
     if (!NT_SUCCESS(Status))
     {
         return Status;
     }
 
     /* Create the server port object for this filter */
     Status = ObCreateObject(KernelMode,
                             ServerPortObjectType,
                             ObjectAttributes,
                             KernelMode,
                             NULL,
                             sizeof(FLT_SERVER_PORT_OBJECT),
                             0,
                             0,
                             (PVOID *)&PortObject);
     if (NT_SUCCESS(Status))
     {
         /* Zero out the struct */
         RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
 
         /* Increment the ref count on the target filter */
         FltpObjectPointerReference((PFLT_OBJECT)Filter);
 
         /* Setup the filter port object */
         PortObject->Filter = Filter;
         PortObject->ConnectNotify = ConnectNotifyCallback;
         PortObject->DisconnectNotify = DisconnectNotifyCallback;
         PortObject->MessageNotify = MessageNotifyCallback;
         PortObject->Cookie = ServerPortCookie;
         PortObject->MaxConnections = MaxConnections;
 
         /* Insert the object */
         Status = ObInsertObject(PortObject,
                                 NULL,
                                 STANDARD_RIGHTS_ALL | FILE_READ_DATA,
                                 0,
                                 NULL,
                                 (PHANDLE)ServerPort);
         if (NT_SUCCESS(Status))
         {
             /* Lock the connection list */
             ExAcquireFastMutex(&Filter->ConnectionList.mLock);
 
             /* Add the new port object to the connection list and increment the count */
             InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
             Filter->ConnectionList.mCount++;
 
             /* Unlock the connection list*/
             ExReleaseFastMutex(&Filter->ConnectionList.mLock);
         }
     }
 
     if (!NT_SUCCESS(Status))
     {
         /* Allow the filter to be cleaned up */
         FltObjectDereference(Filter);
     }
 
     return Status;
 }

◆ _IRQL_requires_max_() [2/2]

_IRQL_requires_max_ ( APC_LEVEL )

◆ BaseAddress()

_Must_inspect_result_ _At_* BaseAddress ( Mem )

◆ MmCreateSection()

NTSTATUS NTAPI MmCreateSection	(	_Out_ PVOID *	SectionObject,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ PLARGE_INTEGER	MaximumSize,
		_In_ ULONG	SectionPageProtection,
		_In_ ULONG	AllocationAttributes,
		_In_opt_ HANDLE	FileHandle,
		_In_opt_ PFILE_OBJECT	File
	)

◆ MmMapViewOfSection()

NTSTATUS NTAPI MmMapViewOfSection	(	_In_ PVOID	SectionObject,
		_In_ PEPROCESS	Process,
		_Inout_ PVOID *	BaseAddress,
		_In_ ULONG_PTR	ZeroBits,
		_In_ SIZE_T	CommitSize,
		_Inout_opt_ PLARGE_INTEGER	SectionOffset,
		_Inout_ PSIZE_T	ViewSize,
		_In_ SECTION_INHERIT	InheritDisposition,
		_In_ ULONG	AllocationType,
		_In_ ULONG	Protect
	)

◆ MmUnmapViewOfSection()

NTSTATUS NTAPI MmUnmapViewOfSection	(	_In_ struct _EPROCESS *	Process,
		_In_ PVOID	BaseAddress
	)

◆ NtAllocateUserPhysicalPages()

NTSTATUS NTAPI NtAllocateUserPhysicalPages	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PULONG_PTR	NumberOfPages,
		_Inout_ PULONG_PTR	UserPfnArray
	)

◆ NtAreMappedFilesTheSame()

NTSYSCALLAPI NTSTATUS NTAPI NtAreMappedFilesTheSame	(	_In_ PVOID	File1MappedAsAnImage,
		_In_ PVOID	File2MappedAsFile
	)

◆ NtCreatePagingFile()

NTSYSCALLAPI NTSTATUS NTAPI NtCreatePagingFile	(	_In_ PUNICODE_STRING	FileName,
		_In_ PLARGE_INTEGER	InitialSize,
		_In_ PLARGE_INTEGER	MaxiumSize,
		_In_ ULONG	Reserved
	)

◆ NtCreateSection()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection	(	_Out_ PHANDLE	SectionHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_opt_ PLARGE_INTEGER	MaximumSize,
		_In_ ULONG	SectionPageProtection,
		_In_ ULONG	AllocationAttributes,
		_In_opt_ HANDLE	FileHandle
	)

◆ NtExtendSection()

NTSYSCALLAPI NTSTATUS NTAPI NtExtendSection	(	_In_ HANDLE	SectionHandle,
		_In_ PLARGE_INTEGER	NewMaximumSize
	)

◆ NtFlushInstructionCache()

NTSYSCALLAPI NTSTATUS NTAPI NtFlushInstructionCache	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress,
		_In_ SIZE_T	NumberOfBytesToFlush
	)

◆ NtFlushVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtFlushVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PVOID *	BaseAddress,
		_Inout_ PSIZE_T	RegionSize,
		_Out_ PIO_STATUS_BLOCK	IoStatus
	)

◆ NtFreeUserPhysicalPages()

NTSTATUS NTAPI NtFreeUserPhysicalPages	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PULONG_PTR	NumberOfPages,
		_Inout_ PULONG_PTR	UserPfnArray
	)

◆ NtGetWriteWatch()

NTSTATUS NTAPI NtGetWriteWatch	(	_In_ HANDLE	ProcessHandle,
		_In_ ULONG	Flags,
		_In_ PVOID	BaseAddress,
		_In_ SIZE_T	RegionSize,
		_In_ PVOID *	UserAddressArray,
		_Out_ PULONG_PTR	EntriesInUserAddressArray,
		_Out_ PULONG	Granularity
	)

◆ NtLockVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtLockVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PVOID *	BaseAddress,
		_Inout_ PSIZE_T	NumberOfBytesToLock,
		_In_ ULONG	MapType
	)

◆ NtMapUserPhysicalPages()

NTSTATUS NTAPI NtMapUserPhysicalPages	(	_In_ PVOID	VirtualAddresses,
		_In_ ULONG_PTR	NumberOfPages,
		_Inout_ PULONG_PTR	UserPfnArray
	)

◆ NtMapUserPhysicalPagesScatter()

NTSTATUS NTAPI NtMapUserPhysicalPagesScatter	(	_In_ PVOID *	VirtualAddresses,
		_In_ ULONG_PTR	NumberOfPages,
		_Inout_ PULONG_PTR	UserPfnArray
	)

◆ NtMapViewOfSection()

NTSYSCALLAPI NTSTATUS NTAPI NtMapViewOfSection	(	_In_ HANDLE	SectionHandle,
		_In_ HANDLE	ProcessHandle,
		_Inout_ PVOID *	BaseAddress,
		_In_ ULONG_PTR	ZeroBits,
		_In_ SIZE_T	CommitSize,
		_Inout_opt_ PLARGE_INTEGER	SectionOffset,
		_Inout_ PSIZE_T	ViewSize,
		_In_ SECTION_INHERIT	InheritDisposition,
		_In_ ULONG	AllocationType,
		_In_ ULONG	AccessProtection
	)

◆ NtOpenSection()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenSection	(	_Out_ PHANDLE	SectionHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes
	)

◆ NtProtectVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtProtectVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID *	BaseAddress,
		_In_ SIZE_T *	NumberOfBytesToProtect,
		_In_ ULONG	NewAccessProtection,
		_Out_ PULONG	OldAccessProtection
	)

◆ NtQuerySection()

NTSYSCALLAPI NTSTATUS NTAPI NtQuerySection	(	_In_ HANDLE	SectionHandle,
		_In_ SECTION_INFORMATION_CLASS	SectionInformationClass,
		_Out_ PVOID	SectionInformation,
		_In_ SIZE_T	Length,
		_Out_ PSIZE_T	ResultLength
	)

◆ NtQueryVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtQueryVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	Address,
		_In_ MEMORY_INFORMATION_CLASS	VirtualMemoryInformationClass,
		_Out_ PVOID	VirtualMemoryInformation,
		_In_ SIZE_T	Length,
		_Out_opt_ PSIZE_T	ResultLength
	)

◆ NtReadVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtReadVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress,
		_Out_ PVOID	Buffer,
		_In_ SIZE_T	NumberOfBytesToRead,
		_Out_opt_ PSIZE_T	NumberOfBytesRead
	)

◆ NtResetWriteWatch()

NTSTATUS NTAPI NtResetWriteWatch	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress,
		_In_ SIZE_T	RegionSize
	)

◆ NtUnlockVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtUnlockVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PVOID *	BaseAddress,
		_Inout_ PSIZE_T	NumberOfBytesToUnlock,
		_In_ ULONG	MapType
	)

◆ NtUnmapViewOfSection()

NTSYSCALLAPI NTSTATUS NTAPI NtUnmapViewOfSection	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress
	)

◆ NtWriteVirtualMemory()

NTSYSCALLAPI NTSTATUS NTAPI NtWriteVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress,
		_In_ PVOID	Buffer,
		_In_ SIZE_T	NumberOfBytesToWrite,
		_Out_opt_ PSIZE_T	NumberOfBytesWritten
	)

◆ ZwAreMappedFilesTheSame()

NTSYSAPI NTSTATUS NTAPI ZwAreMappedFilesTheSame	(	_In_ PVOID	File1MappedAsAnImage,
		_In_ PVOID	File2MappedAsFile
	)

Referenced by LdrpCheckForLoadedDll().

◆ ZwCreatePagingFile()

NTSYSAPI NTSTATUS NTAPI ZwCreatePagingFile	(	_In_ PUNICODE_STRING	FileName,
		_In_ PLARGE_INTEGER	InitialSize,
		_In_ PLARGE_INTEGER	MaxiumSize,
		_In_ ULONG	Reserved
	)

◆ ZwExtendSection()

NTSYSAPI NTSTATUS NTAPI ZwExtendSection	(	_In_ HANDLE	SectionHandle,
		_In_ PLARGE_INTEGER	NewMaximumSize
	)

◆ ZwLockVirtualMemory()

NTSYSAPI NTSTATUS NTAPI ZwLockVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PVOID *	BaseAddress,
		_Inout_ PSIZE_T	NumberOfBytesToLock,
		_In_ ULONG	MapType
	)

◆ ZwOpenSection()

NTSYSAPI NTSTATUS NTAPI ZwOpenSection	(	_Out_ PHANDLE	SectionHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes
	)

Referenced by CmpInitializeMachineDependentConfiguration(), IntVideoPortMapPhysicalMemory(), SystemProcessWorker(), TestPhysicalMemorySection(), and VdmpInitialize().

◆ ZwProtectVirtualMemory()

NTSYSAPI NTSTATUS NTAPI ZwProtectVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID *	BaseAddress,
		_In_ SIZE_T *	NumberOfBytesToProtect,
		_In_ ULONG	NewAccessProtection,
		_Out_ PULONG	OldAccessProtection
	)

Referenced by LdrpSetProtection(), RtlpCreateUserStack(), and RtlpDphProtectVm().

◆ ZwQuerySection()

NTSYSAPI NTSTATUS NTAPI ZwQuerySection	(	_In_ HANDLE	SectionHandle,
		_In_ SECTION_INFORMATION_CLASS	SectionInformationClass,
		_Out_ PVOID	SectionInformation,
		_In_ SIZE_T	Length,
		_Out_opt_ PSIZE_T	ResultLength
	)

Referenced by LdrpCreateDllSection(), and RtlCreateUserProcess().

◆ ZwQueryVirtualMemory()

NTSYSAPI NTSTATUS NTAPI ZwQueryVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	Address,
		_In_ MEMORY_INFORMATION_CLASS	VirtualMemoryInformationClass,
		_Out_ PVOID	VirtualMemoryInformation,
		_In_ SIZE_T	Length,
		_Out_opt_ PSIZE_T	ResultLength
	)

Referenced by RtlCreateHeap(), RtlDebugCreateHeap(), and RtlpDphCoalesceNodeIntoAvailable().

◆ ZwReadVirtualMemory()

NTSYSAPI NTSTATUS NTAPI ZwReadVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress,
		_Out_ PVOID	Buffer,
		_In_ SIZE_T	NumberOfBytesToRead,
		_Out_opt_ PSIZE_T	NumberOfBytesRead
	)

◆ ZwUnlockVirtualMemory()

NTSYSAPI NTSTATUS NTAPI ZwUnlockVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_Inout_ PVOID *	BaseAddress,
		_Inout_ PSIZE_T	NumberOfBytesToUnlock,
		_In_ ULONG	MapType
	)

◆ ZwWriteVirtualMemory()

NTSYSAPI NTSTATUS NTAPI ZwWriteVirtualMemory	(	_In_ HANDLE	ProcessHandle,
		_In_ PVOID	BaseAddress,
		_In_ PVOID	Buffer,
		_In_ SIZE_T	NumberOfBytesToWrite,
		_Out_opt_ PSIZE_T	NumberOfBytesWritten
	)