#pragma once
#include "NativeSubsystem.h"
namespace blackbone
{
class NativeWow64 : public Native
{
public:
BLACKBONE_API NativeWow64( HANDLE hProcess );
BLACKBONE_API ~NativeWow64();
///
/// Allocate virtual memory
///
/// Allocation address
/// Region size
/// Allocation type
/// Memory protection
/// Status code
virtual NTSTATUS VirtualAllocExT( ptr_t& lpAddress, size_t dwSize, DWORD flAllocationType, DWORD flProtect );
///
/// Free virtual memory
///
/// Memory address
/// Region size
/// Memory release type.
/// Status code
virtual NTSTATUS VirtualFreeExT( ptr_t lpAddress, size_t dwSize, DWORD dwFreeType );
///
/// Change memory protection
///
/// Memory address.
/// Region size
/// New protection.
/// Old protection
/// Status code
virtual NTSTATUS VirtualProtectExT( ptr_t lpAddress, DWORD64 dwSize, DWORD flProtect, DWORD* flOld );
///
/// Read virtual memory
///
/// Memory address
/// Output buffer
/// Number of bytes to read
/// Mumber of bytes read
/// Status code
virtual NTSTATUS ReadProcessMemoryT( ptr_t lpBaseAddress, LPVOID lpBuffer, size_t nSize, DWORD64 *lpBytes = nullptr );
///
/// Write virtual memory
///
/// Memory address
/// Buffer to write
/// Number of bytes to read
/// Mumber of bytes read
/// Status code
virtual NTSTATUS WriteProcessMemoryT( ptr_t lpBaseAddress, LPCVOID lpBuffer, size_t nSize, DWORD64 *lpBytes = nullptr );
///
/// Query virtual memory
///
/// Address to query
/// Retrieved memory info
/// Status code
virtual NTSTATUS VirtualQueryExT( ptr_t lpAddress, PMEMORY_BASIC_INFORMATION64 lpBuffer );
///
/// Query virtual memory
///
/// Address to query
/// Retrieved memory info
/// Status code
virtual NTSTATUS VirtualQueryExT( ptr_t lpAddress, MEMORY_INFORMATION_CLASS infoClass, LPVOID lpBuffer, size_t bufSize );
///
/// Call NtQueryInformationProcess for underlying process
///
/// Information class
/// Output buffer
/// Buffer size
/// Status code
virtual NTSTATUS QueryProcessInfoT( PROCESSINFOCLASS infoClass, LPVOID lpBuffer, uint32_t bufSize );
///
/// Call NtSetInformationProcess for underlying process
///
/// Information class
/// Input buffer
/// Buffer size
/// Status code
virtual NTSTATUS SetProcessInfoT( PROCESSINFOCLASS infoClass, LPVOID lpBuffer, uint32_t bufSize );
///
/// Creates new thread in the remote process
///
/// Created thread handle
/// Thread entry point
/// Thread argument
/// Creation flags
/// Status code
virtual NTSTATUS CreateRemoteThreadT( HANDLE& hThread, ptr_t entry, ptr_t arg, CreateThreadFlags flags, DWORD access = THREAD_ALL_ACCESS );
///
/// Get native thread context
///
/// Thread handle.
/// Thread context
/// Status code
virtual NTSTATUS GetThreadContextT( HANDLE hThread, _CONTEXT64& ctx );
///
/// Get WOW64 thread context
///
/// Thread handle.
/// Thread context
/// Status code
virtual NTSTATUS GetThreadContextT( HANDLE hThread, _CONTEXT32& ctx );
///
/// Set native thread context
///
/// Thread handle.
/// Thread context
/// Status code
virtual NTSTATUS SetThreadContextT( HANDLE hThread, _CONTEXT64& ctx );
///
/// Set WOW64 thread context
///
/// Thread handle.
/// Thread context
/// Status code
virtual NTSTATUS SetThreadContextT( HANDLE hThread, _CONTEXT32& ctx );
///
/// NtQueueApcThread
///
/// Thread handle.
/// APC function
/// APC argument
/// Status code
virtual NTSTATUS QueueApcT( HANDLE hThread, ptr_t func, ptr_t arg );
///
/// Get WOW64 PEB
///
/// Retrieved PEB
/// PEB pointer
virtual ptr_t getPEB( _PEB32* ppeb );
///
/// Get native PEB
///
/// Retrieved PEB
/// PEB pointer
virtual ptr_t getPEB( _PEB64* ppeb );
///
/// Get WOW64 TEB
///
/// Retrieved TEB
/// TEB pointer
virtual ptr_t getTEB( HANDLE hThread, _TEB32* pteb );
///
/// Get native TEB
///
/// Retrieved TEB
/// TEB pointer
virtual ptr_t getTEB( HANDLE hThread, _TEB64* pteb );
};
}