x64遍历VAD

最新推荐文章于 2023-04-18 10:42:54 发布

My classmates

最新推荐文章于 2023-04-18 10:42:54 发布

阅读量1.7k

点赞数 1

分类专栏： win64

本文链接：https://blog.csdn.net/weixin_42052102/article/details/85082190

版权

#include <ntifs.h>
typedef struct _MMADDRESS_NODE
{
   
	ULONG64 u1;
	struct _MMADDRESS_NODE* LeftChild;
	struct _MMADDRESS_NODE* RightChild;
	ULONG64 StartingVpn;
	ULONG64 EndingVpn;
}MMADDRESS_NODE, *PMMADDRESS_NODE;
typedef struct _EX_FAST_REF
{
   
	union
	{
   
		PVOID Object;
		ULONG_PTR RefCnt : 3;
		ULONG_PTR Value;
	};
} EX_FAST_REF, *PEX_FAST_REF;
struct _SEGMENT
{
   
	struct _CONTROL_AREA* ControlArea; 
	ULONG TotalNumberOfPtes;
	ULONG SegmentFlags;
	ULONG64 NumberOfCommittedPages;
	ULONG64 SizeOfSegment; 
	union
	{
   
		struct _MMEXTEND_INFO* ExtendInfo;  
		void* BasedAddress; 
	};
	ULONG64 SegmentLock; 
	ULONG64 u1; 
	ULONG64 u2; 
	struct _MMPTE* PrototypePte; 
	ULONGLONG ThePtes[0x1]; 
};
//控制区
struct _CONTROL_AREA
{
   
	struct _SEGMENT* Segment;
	struct _LIST_ENTRY DereferenceList;
	unsigned __int64 NumberOfSectionReferences;
	unsigned __int64 NumberOfPfnReferences;
	unsigned __int64 NumberOfMappedViews;
	unsigned __int64 NumberOfUserReferences;
	ULONG  u; 
	ULONG FlushInProgressCount; 
	struct _EX_FAST_REF FilePointer; 
	
	/*ULONG ControlAreaLock;
	ULONG ModifiedWriteCount;
	ULONG StartingFrame;
	ULONG64 WaitingForD

最低0.47元/天解锁文章

确定要放弃本次机会？

福利倒计时

: :

立减 ¥

普通VIP年卡可用

立即使用

My classmates

关注关注

1
点赞
踩
3

收藏

觉得还不错? 一键收藏
3
评论
x64遍历VAD

#include &lt;ntifs.h&gt;typedef struct _MMADDRESS_NODE{ ULONG64 u1; struct _MMADDRESS_NODE* LeftChild; struct _MMADDRESS_NODE* RightChild; ULONG64 StartingVpn; ULONG64 EndingVpn;}MMADDRESS_NOD...
复制链接

扫一扫