#pragma once #include "Private.h" ///

/// Change VAD protection flags ///

/// Target process object /// target address /// New protection flags /// Status code NTSTATUS BBProtectVAD( IN PEPROCESS pProcess, IN ULONG_PTR address, IN ULONG prot ); ///

/// Hide memory from NtQueryVirtualMemory ///

/// Target process object /// Target address /// Status code NTSTATUS BBUnlinkVAD( IN PEPROCESS pProcess, IN ULONG_PTR address ); ///

/// Get region VAD type ///

/// Target process object /// Target address /// Resulting VAD type /// Status code NTSTATUS BBGetVadType( IN PEPROCESS pProcess, IN ULONG_PTR address, OUT PMI_VAD_TYPE pType ); ///

/// Find VAD that describes target address ///

/// Target process object /// Address to find /// Found VAD. NULL if not found /// Status code NTSTATUS BBFindVAD( IN PEPROCESS pProcess, IN ULONG_PTR address, OUT PMMVAD_SHORT* pResult ); ///

/// Convert protection flags ///

/// Protection flags. /// If TRUE - convert to PTE protection, if FALSE - convert to Win32 protection /// Resulting protection flags ULONG BBConvertProtection( IN ULONG prot, IN BOOLEAN fromPTE );