lywsvip/MemProcFS
1
0
Fork 0
mirror of https://github.com/ufrisk/MemProcFS.git synced 2026-05-07 22:06:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
MemProcFS/vmmjava/vmm/IVmmProcess.java
Ulf Frisk d9bd9f8482 Version 5.8.4
2023-09-21 23:19:19 +02:00

276 lines
6.5 KiB
Java
Raw Permalink Blame History

package vmm;
import java.util.List;
import vmm.entry.*;
/**
* Interface representing a process.
* @see https://github.com/ufrisk/MemProcFS
* @author Ulf Frisk - pcileech@frizk.net
*/
public interface IVmmProcess
{
//-----------------------------------------------------------------------------
// PROCESS CORE FUNCTIONALITY BELOW:
//-----------------------------------------------------------------------------
/**
* Retrieve the PID of this process object.
* @return
*/
public int getPID();
/**
* Retrieve the parent process id (PPID).
* @return
*/
public int getPPID();
/**
* Retrieve the virtual address of the EPROCESS struct.
* @return
*/
public long getEPROCESS();
/**
* Get the kernel directory table base (default).
* @return
*/
public long getDTB();
/**
* Get the user mode directory table base (if exists).
* @return
*/
public long getDTBUser();
/**
* Get the process state.
* @return
*/
public int getState();
/**
* Get the virtual address of the PEB.
* @return
*/
public long getPEB();
/**
* Get the virtual address of the 32-bit PEB in WoW64 processes.
* @return
*/
public int getPEB32();
/**
* Check whether the process is a Wow64 process.
* @return
*/
public boolean isWow64();
/**
* Check whether the process is a user-mode or kernel-mode process.
* @return
*/
public boolean isUserMode();
/**
* Get the short process name.
* @return
*/
public String getName();
/**
* Get the full process name.
* @return
*/
public String getNameFull();
/**
* Get the process command line.
* @return
*/
public String getCmdLine();
/**
* Get the user mode process path.
* @return
*/
public String getPathUser();
/**
* Get the kernel mode process path.
* @return
*/
public String getPathKernel();
/**
* Get the memory model.
* @return
*/
public int getTpMemoryModel();
/**
* Get the system type.
* @return
*/
public int getTpSystem();
/**
* Get the LUID from the process token.
* @return
*/
public long GetLUID();
/**
* Get the SesssionID from the process token.
* @return
*/
public int GetSessionID();
/**
* Get the SID from the process token.
* @return
*/
public String getSID();
//-----------------------------------------------------------------------------
// PROCESS VIRTUAL MEMORY FUNCTIONALITY BELOW:
//-----------------------------------------------------------------------------
/**
* Read a single chunk of memory.
* @param va virtual address to read.
* @param size number of bytes to read.
* @return
*/
public byte[] memRead(long va, int size);
/**
* Read a single chunk of memory with the given flags
* @param va virtual address to read.
* @param size number of bytes to read.
* @param flags flags as specified by IVmm.FLAG_*
* @return
*/
public byte[] memRead(long va, int size, int flags);
/**
* Write data to the memory. NB! writing may fail silently.
* If important it's recommended to verify a write with a subsequent read.
* @param va virtual address to read.
* @param data data to write.
*/
public void memWrite(long va, byte[] data);
/**
* Prefetch a number of addresses into the internal memory cache.
* This is used to achieve faster subsequent reading speeds.
* @param vas array of virtual addresses to prefetch.
*/
public void memPrefetchPages(long[] vas);
/**
* Create a new IVmmMemScatter object used for efficient reading and writing.
* Upon completion it's recommended to call Close() to free native resources.
* @param flags flags as specified by IVmm.FLAG_*
* @return IVmmMemScatter object used for scatter reading.
*/
public IVmmMemScatterMemory memScatterInitialize(int flags);
/**
* Try translating a virtual memory address to a physical memory address.
* @param va
* @return
*/
public long memVirtualToPhysical(long va);
//-----------------------------------------------------------------------------
// PROCESS MODULE FUNCTIONALITY BELOW:
//-----------------------------------------------------------------------------
/**
* Retrieve a module by its virtual address.
* @param va
* @return
*/
public IVmmModule moduleGet(long va, boolean isExtendedInfo);
/**
* Retrieve a module by its name.
* @param name
* @return
*/
public IVmmModule moduleGet(String name, boolean isExtendedInfo);
/**
* Retrieve all modules loaded into the process.
* @return
*/
public List<IVmmModule> moduleGetAll(boolean isExtendedInfo);
//-----------------------------------------------------------------------------
// PROCESS MAP FUNCTIONALITY BELOW:
//-----------------------------------------------------------------------------
/**
* Retrieve handles.
* @return
*/
public List<VmmMap_HandleEntry> mapHandle();
/**
* Retrieve heap allocations given a heap address or heap number.
* @param qwHeapNumOrAddress
* @return
*/
public List<VmmMap_HeapAllocEntry> mapHeapAlloc(long qwHeapNumOrAddress);
/**
* Retrieve the process heaps.
* @return
*/
public VmmMap_HeapMap mapHeap();
/**
* Retrieve the process PTEs.
* @return
*/
public List<VmmMap_PteEntry> mapPte();
/**
* Retrieve the process threads.
* @return
*/
public List<VmmMap_ThreadEntry> mapThread();
/**
* Retrieve the process unloaded modules.
* @return
*/
public List<VmmMap_UnloadedModuleEntry> mapUnloadedModule();
/**
* Retrieve the process VADs.
* @return
*/
public List<VmmMap_VadEntry> mapVad();
/**
* Retrieve extended VAD information given a starting page offset (oPage) and number of pages (cPage).
* @param oPage
* @param cPage
* @return
*/
public List<VmmMap_VadExEntry> mapVadEx(int oPage, int cPage);
}
Reference in New Issue View Git Blame Copy Permalink