waliedassar

VmTopDown

Jan 19th, 2013
376
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com
  2. //http://www.twitter.com/waleedassar
  3.  
  4. #include "stdafx.h"
  5. #include "windows.h"
  6. #include "stdio.h"
  7.  
  8.  
  9.  
  10. #define ProcessMemoryAllocationMode 0x2E
  11.  
  12. extern "C"
  13. {
  14.     int __stdcall ZwAllocateVirtualMemory(HANDLE,unsigned long*,
  15.                                 unsigned long,unsigned long*,unsigned long,unsigned long);
  16.     int __stdcall ZwSetInformationProcess(HANDLE,unsigned long,void*,unsigned long);
  17. }
  18.  
  19.  
  20. int main(int argc, char* argv[])
  21. {
  22.     //The following function call sets the "VmTopDown" bit flag of the "_EPROCESS"
  23.         //structure to true.
  24.     //Hence all subsequent memory allocations are TopDown.
  25.     unsigned long VmTopDown=1;
  26.     int ret=ZwSetInformationProcess(GetCurrentProcess(),ProcessMemoryAllocationMode,&VmTopDown,0x4);
  27.     if(ret<0) printf("Error %x\r\n",ret);
  28.     else
  29.     {
  30.         unsigned long Size=0x1000;
  31.         unsigned long Base=0;
  32.         ret=ZwAllocateVirtualMemory(GetCurrentProcess(),&Base,0,&Size,MEM_RESERVE,PAGE_READWRITE);
  33.         if(ret<0) printf("Error %x\r\n",ret);
  34.         else printf("Memory reserved at %x\r\n",Base);
  35.     }
  36.     return 0;
  37. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×