API tools faq
paste
Advertisement
Guest User

\Device\PhysicalMemory

a guest
Aug 25th, 2018
610
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 2.16 KB | None | 0 0
raw download clone embed print report
  1.     //
  2.     // Create the permanent section which maps physical memory.
  3.     //
  4.  
  5.     Segment = (PSEGMENT)ExAllocatePoolWithTag (PagedPool,
  6.                                              sizeof(SEGMENT),
  7.                                              'gSmM');
  8.     if (Segment == NULL) {
  9.         return FALSE;
  10.     }
  11.  
  12.     ControlArea = ExAllocatePoolWithTag (NonPagedPool,
  13.                                          (ULONG)sizeof(CONTROL_AREA),
  14.                                          MMCONTROL);
  15.     if (ControlArea == NULL) {
  16.         ExFreePool (Segment);
  17.         return FALSE;
  18.     }
  19.  
  20.     RtlZeroMemory (Segment, sizeof(SEGMENT));
  21.     RtlZeroMemory (ControlArea, sizeof(CONTROL_AREA));
  22.  
  23.     ControlArea->Segment = Segment;
  24.     ControlArea->NumberOfSectionReferences = 1;
  25.     ControlArea->u.Flags.PhysicalMemory = 1;
  26.  
  27.     Segment->ControlArea = ControlArea;
  28.     Segment->SegmentPteTemplate.u.Long = 0;
  29.  
  30.     //
  31.     // Now that the segment object is created, create a section object
  32.     // which refers to the segment object.
  33.     //
  34.  
  35. #define DEVICE_PHYSICAL_MEMORY L"\\Device\\PhysicalMemory"
  36. #if NTDDI_VERSION >= NTDDI_WS03
  37. #define DEVICE_PHYSICAL_MEMORY_ATTRIBUTES   (OBJ_PERMANENT | OBJ_KERNEL_EXCLUSIVE)
  38. #else
  39. // XP x86 version
  40. #define DEVICE_PHYSICAL_MEMORY_ATTRIBUTES   (OBJ_PERMANENT)
  41. #endif
  42.  
  43.     SectionName.Buffer = (const PUSHORT)DEVICE_PHYSICAL_MEMORY;
  44.     SectionName.Length = sizeof (DEVICE_PHYSICAL_MEMORY) - sizeof (WCHAR);
  45.     SectionName.MaximumLength = sizeof (DEVICE_PHYSICAL_MEMORY);
  46.  
  47.     InitializeObjectAttributes (&ObjectAttributes,
  48.                                 &SectionName,
  49.                                 DEVICE_PHYSICAL_MEMORY_ATTRIBUTES,
  50.                                 NULL,
  51.                                 NULL);
  52.  
  53.     Status = ObCreateObject (KernelMode,
  54.                              MmSectionObjectType,
  55.                              &ObjectAttributes,
  56.                              KernelMode,
  57.                              NULL,
  58.                              sizeof(SECTION),
  59.                              sizeof(SECTION),
  60.                              0,
  61.                              (PVOID *)&Section);
  62.  
  63.     if (!NT_SUCCESS(Status)) {
  64.         ExFreePool (ControlArea);
  65.         ExFreePool (Segment);
  66.         return FALSE;
  67.     }
  68.  
  69.     Section->Segment = Segment;
  70.     Section->SizeOfSection.QuadPart = ((LONGLONG)1 << PHYSICAL_ADDRESS_BITS) - 1;
  71.     Section->u.LongFlags = 0;
  72.     Section->InitialPageProtection = PAGE_EXECUTE_READWRITE;
  73.  
  74.     Status = ObInsertObject ((PVOID)Section,
  75.                              NULL,
  76.                              SECTION_MAP_READ,
  77.                              0,
  78.                              NULL,
  79.                              &Handle);
  80.  
  81.     if (!NT_SUCCESS (Status)) {
  82.         return FALSE;
  83.     }
  84.  
  85.     ZwClose(Handle);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!