Guest User

Untitled

a guest
Feb 19th, 2015
44
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. NTSTATUS x64Func::x64NtMapViewOfSection (
  2.     IN HANDLE SectionHandle,
  3.     IN HANDLE ProcessHandle,
  4.     IN OUT DWORD64* BaseAddress,
  5.     IN ULONG ZeroBits,
  6.     IN ULONG CommitSize,
  7.     IN OUT LARGE_INTEGER* SectionOffset OPTIONAL,
  8.     IN OUT DWORD64* ViewSize,
  9.     IN SECTION_INHERIT InheritDisposition,
  10.     IN ULONG AllocationType,
  11.     IN ULONG Protect
  12.     )
  13. {
  14.     static DWORD64 _NtMapViewOfSection = 0;
  15.     if(!_NtMapViewOfSection)
  16.     {
  17.         _NtMapViewOfSection  = GetProcAddress64(getNTDLL64(),"NtMapViewOfSection");
  18.         if(!_NtMapViewOfSection){
  19.             return 0;
  20.         }
  21.     }
  22.  
  23.     return (NTSTATUS)x64Func::X64Call(_NtMapViewOfSection, 10,
  24.     (DWORD64)SectionHandle, (DWORD64)ProcessHandle, (DWORD64)BaseAddress, (DWORD64)ZeroBits, (DWORD64)CommitSize,
  25.     (DWORD64)SectionOffset, (DWORD64)ViewSize, (DWORD64)InheritDisposition, (DWORD64)AllocationType, (DWORD64)Protect);
  26. }
  27.  
  28. //use
  29. {
  30.     HANDLE hSec = NULL;
  31.     LARGE_INTEGER a;
  32.     DWORD64 s = NULL;
  33.     DWORD64 BaseAddress = NULL;
  34.     s = dwImageSize;
  35.     a.HighPart = 0;
  36.     a.LowPart = s;
  37.  
  38.  
  39. res = x64Func::x64NtMapViewOfSection(hSec, hProcess, &BaseAddress, NULL, NULL, NULL, &s, ViewUnmap, NULL, PAGE_EXECUTE_READWRITE);
  40. }
RAW Paste Data