MalwareSourceCode/Win32/Proof of Concepts/Process-Hollowing/sourcecode/ProcessHollowing/internals.h

27 lines
661 B
C
Raw Normal View History

2022-04-12 01:00:13 +00:00
struct PROCESS_BASIC_INFORMATION {
PVOID Reserved1;
DWORD PebBaseAddress;
PVOID Reserved2[2];
DWORD UniqueProcessId;
PVOID Reserved3;
};
typedef NTSTATUS (WINAPI* _NtUnmapViewOfSection)(
HANDLE ProcessHandle,
PVOID BaseAddress
);
typedef NTSTATUS (WINAPI* _NtQueryInformationProcess)(
HANDLE ProcessHandle,
DWORD ProcessInformationClass,
PVOID ProcessInformation,
DWORD ProcessInformationLength,
PDWORD ReturnLength
);
typedef NTSTATUS (WINAPI* _NtQuerySystemInformation)(
DWORD SystemInformationClass,
PVOID SystemInformation,
ULONG SystemInformationLength,
PULONG ReturnLength
);