waliedassar

VmTopDown

Jan 19th, 2013
390
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com
  2. //http://www.twitter.com/waleedassar
  3.  
  4. #include "stdafx.h"
  5. #include "windows.h"
  6. #include "stdio.h"
  7.  
  8.  
  9.  
  10. #define ProcessMemoryAllocationMode 0x2E
  11.  
  12. extern "C"
  13. {
  14.     int __stdcall ZwAllocateVirtualMemory(HANDLE,unsigned long*,
  15.                                 unsigned long,unsigned long*,unsigned long,unsigned long);
  16.     int __stdcall ZwSetInformationProcess(HANDLE,unsigned long,void*,unsigned long);
  17. }
  18.  
  19.  
  20. int main(int argc, char* argv[])
  21. {
  22.     //The following function call sets the "VmTopDown" bit flag of the "_EPROCESS"
  23.         //structure to true.
  24.     //Hence all subsequent memory allocations are TopDown.
  25.     unsigned long VmTopDown=1;
  26.     int ret=ZwSetInformationProcess(GetCurrentProcess(),ProcessMemoryAllocationMode,&VmTopDown,0x4);
  27.     if(ret<0) printf("Error %x\r\n",ret);
  28.     else
  29.     {
  30.         unsigned long Size=0x1000;
  31.         unsigned long Base=0;
  32.         ret=ZwAllocateVirtualMemory(GetCurrentProcess(),&Base,0,&Size,MEM_RESERVE,PAGE_READWRITE);
  33.         if(ret<0) printf("Error %x\r\n",ret);
  34.         else printf("Memory reserved at %x\r\n",Base);
  35.     }
  36.     return 0;
  37. }
RAW Paste Data