process_reflection.cpp File Reference

#include "process_reflection.h"
#include <iostream>

Go to the source code of this file.

Classes
struct	pesieve::util::PSS_VA_CLONE_INFORMATION
struct	pesieve::util::T_CLIENT_ID
struct	pesieve::util::T_RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION
struct	pesieve::util::t_refl_args

Namespaces
namespace	pesieve
namespace	pesieve::util

Macros
#define	RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED   0x00000001
#define	RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES   0x00000002
#define	RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE   0x00000004
#define	HPSS   HANDLE

Enumerations
enum	pesieve::util::PSS_CAPTURE_FLAGS {   pesieve::util::PSS_CAPTURE_NONE = 0x00000000 , pesieve::util::PSS_CAPTURE_VA_CLONE = 0x00000001 , pesieve::util::PSS_CAPTURE_RESERVED_00000002 = 0x00000002 , pesieve::util::PSS_CAPTURE_HANDLES = 0x00000004 ,   pesieve::util::PSS_CAPTURE_HANDLE_NAME_INFORMATION = 0x00000008 , pesieve::util::PSS_CAPTURE_HANDLE_BASIC_INFORMATION = 0x00000010 , pesieve::util::PSS_CAPTURE_HANDLE_TYPE_SPECIFIC_INFORMATION = 0x00000020 , pesieve::util::PSS_CAPTURE_HANDLE_TRACE = 0x00000040 ,   pesieve::util::PSS_CAPTURE_THREADS = 0x00000080 , pesieve::util::PSS_CAPTURE_THREAD_CONTEXT = 0x00000100 , pesieve::util::PSS_CAPTURE_THREAD_CONTEXT_EXTENDED = 0x00000200 , pesieve::util::PSS_CAPTURE_RESERVED_00000400 = 0x00000400 ,   pesieve::util::PSS_CAPTURE_VA_SPACE = 0x00000800 , pesieve::util::PSS_CAPTURE_VA_SPACE_SECTION_INFORMATION = 0x00001000 , pesieve::util::PSS_CAPTURE_IPT_TRACE = 0x00002000 , pesieve::util::PSS_CREATE_BREAKAWAY_OPTIONAL = 0x04000000 ,   pesieve::util::PSS_CREATE_BREAKAWAY = 0x08000000 , pesieve::util::PSS_CREATE_FORCE_BREAKAWAY = 0x10000000 , pesieve::util::PSS_CREATE_USE_VM_ALLOCATIONS = 0x20000000 , pesieve::util::PSS_CREATE_MEASURE_PERFORMANCE = 0x40000000 ,   pesieve::util::PSS_CREATE_RELEASE_SECTION = 0x80000000 }
enum	pesieve::util::PSS_QUERY_INFORMATION_CLASS {   pesieve::util::PSS_QUERY_PROCESS_INFORMATION = 0 , pesieve::util::PSS_QUERY_VA_CLONE_INFORMATION = 1 , pesieve::util::PSS_QUERY_AUXILIARY_PAGES_INFORMATION = 2 , pesieve::util::PSS_QUERY_VA_SPACE_INFORMATION = 3 ,   pesieve::util::PSS_QUERY_HANDLE_INFORMATION = 4 , pesieve::util::PSS_QUERY_THREAD_INFORMATION = 5 , pesieve::util::PSS_QUERY_HANDLE_TRACE_INFORMATION = 6 , pesieve::util::PSS_QUERY_PERFORMANCE_COUNTERS = 7 }

Functions
	pesieve::util::NTSTATUS (NTAPI *_RtlCreateProcessReflection)(HANDLE ProcessHandle
	pesieve::util::DWORD (__stdcall *_PssCaptureSnapshot)(HANDLE ProcessHandle
bool	pesieve::util::load_PssCaptureFreeSnapshot ()
bool	pesieve::util::load_RtlCreateProcessReflection ()
DWORD WINAPI	pesieve::util::refl_creator (LPVOID lpParam)
HANDLE	pesieve::util::make_process_reflection1 (HANDLE orig_hndl)
HPSS	pesieve::util::make_process_snapshot (HANDLE orig_hndl)
bool	pesieve::util::release_process_snapshot (HANDLE procHndl, HPSS snapshot)
HANDLE	pesieve::util::make_process_reflection2 (HPSS snapshot)

Variables
ULONG	pesieve::util::Flags
ULONG PVOID	pesieve::util::StartRoutine
ULONG PVOID PVOID	pesieve::util::StartContext
ULONG PVOID PVOID HANDLE	pesieve::util::EventHandle
ULONG PVOID PVOID HANDLE T_RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION *	pesieve::util::ReflectionInformation = NULL
PSS_CAPTURE_FLAGS	pesieve::util::CaptureFlags
PSS_CAPTURE_FLAGS DWORD	pesieve::util::ThreadContextFlags
PSS_CAPTURE_FLAGS DWORD HPSS *	pesieve::util::SnapshotHandle = NULL
PSS_QUERY_INFORMATION_CLASS	pesieve::util::InformationClass
PSS_QUERY_INFORMATION_CLASS void *	pesieve::util::Buffer
PSS_QUERY_INFORMATION_CLASS void DWORD	pesieve::util::BufferLength = NULL

Macro Definition Documentation

HPSS

#define HPSS   HANDLE

Definition at line 17 of file process_reflection.cpp.

RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED

#define RTL_CLONE_PROCESS_FLAGS_CREATE_SUSPENDED   0x00000001

Definition at line 5 of file process_reflection.cpp.

RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES

#define RTL_CLONE_PROCESS_FLAGS_INHERIT_HANDLES   0x00000002

Definition at line 9 of file process_reflection.cpp.

RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE

#define RTL_CLONE_PROCESS_FLAGS_NO_SYNCHRONIZE   0x00000004

Definition at line 13 of file process_reflection.cpp.