JustasMasiulis

typedef struct _PSP_SYSTEM_DLL {
    EX_FAST_REF DllSection;
    EX_PUSH_LOCK DllLock;
} PSP_SYSTEM_DLL;

typedef struct _PS_SYSTEM_DLL_INFO
{
  union
  {

JustasMasiulis

struct RTL_PROTECTED_ACCESS {
  DWORD DominateMask;
  DWORD DeniedProcessAccess;
  DWORD DeniedThreadAccess;
};

bool RtlTestProtectedAccess(_PS_PROTECTION Requester, _PS_PROTECTION Target)
{
  if ( Target.Type == 0 )
    return true;

JustasMasiulis

struct MI_PAGE_COLOR_BASE { // I thought this one up. No idea if anything like it exists in symbols
    PULONG Color;
    WORD ColorMask;
    WORD NodeShiftedColor;
};

void __fastcall MiInitializePageColorBase(_MMSUPPORT_INSTANCE *instance, int node, MI_PAGE_COLOR_BASE *colorBase) {
  _KPRCB* prcb;
  if(node) {
    prcb = KeGetCurrentPrcb();

JustasMasiulis

#define MI_PFN_ELEMENT_TO_INDEX(_Pfn) ((PFN_NUMBER)(((ULONG_PTR)(_Pfn) - (ULONG_PTR)MmPfnDatabase) / sizeof (MMPFN)))

void MiChangePageAttribute(_MMPFN *pfn, MI_PFN_CACHE_ATTRIBUTE cacheAtrribute, bool pfnLocked) {
  KIRQL irql;
  if(pfnLocked || someThreadPointer == KeGetCurrentThread()) // no idea what it is
    irql = 17;
  else
    irql = MiLockPageInline(pfn);
  
  currCacheAttribute = pfn->u3.e1.CacheAttribute;

JustasMasiulis

uint64_t MiLockPageInline(_MMPFN *pfn)
{
  auto oldIrql = KeRaiseIrqlToDpcLevel();
  uint32_t spinCount = 0;
  while(_interlockedbittestandset64(&pfn->u2.Lock, 63ui64)) // set pfn->u2.LockBit
  {
    do
      KeYieldProcessorEx(&spinCount);
    while(pfn->u2.LockBit);
  }

JustasMasiulis

int64_t MiSetPfnTbFlushStamp(_MMPFN *pfn, char flushStamp, BOOL pfnLocked)
{
  if(pfnLocked)
    pfn->u2.TbFlushStamp = flushStamp;
  else // CAS loop
    while(true) {
      auto old = pfn->u2;
      auto new = old;
      new.TbFlushStamp = flushStamp;
      if(_InterlockedCompareExchange(&pfn->u2.Lock, new.EntireField, old.EntireField) == old.EntireField)

JustasMasiulis

void MiFinalizePageAttribute(_MMPFN *pfn, MI_PFN_CACHE_ATTRIBUTE cacheAttribute, unsigned int pfnLocked)
{
  if(pfn->u3.e1.CacheAttribute != cacheAttribute)
    MiChangePageAttribute(pfn, cacheAttribute, pfnLocked);
  MiSetPfnTbFlushStamp(pfn, 0i64, pfnLocked);
}

JustasMasiulis

MI_PFN_CACHE_ATTRIBUTE MiProtectionToCacheAttribute(uint32_t protection) {
  if(protection != 0x1F) // all flags combined
  {
    if(protection >> 3 == 3) // MM_WRITECOMBINE
    {
      if(protection & 7) // check if it has any actual access
        return MiWriteCombined;
    }
    else if (protection >> 3 == 1) // MM_NOCACHE
      return MiNonCached;

JustasMasiulis

#ifndef JM_STACK_STRING_HPP
#define JM_STACK_STRING_HPP

#include <cstdint>
#include <cstddef>
#include <type_traits>

#define STACK_STRING(name, str)                                              \
    alignas(8) std::decay_t<decltype(*str)>                                  \
        name[sizeof(str) / sizeof(std::decay_t<decltype(*str)>)];            \

JustasMasiulis

/*
* Copyright 2017 Justas Masiulis
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software