-
Notifications
You must be signed in to change notification settings - Fork 1
/
domain.go
120 lines (110 loc) · 2.43 KB
/
domain.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package vmmgo
type vMMDLL_MAP_MODULE struct { // total size is 40 (0x28)
DwVersion uint32
_Reserved1 [5]uint32
PbMultiText uintptr
CbMultiText uint32
CMap uint32
PMap [1024]VMMDLL_MAP_MODULEENTRY
}
type VMMDLL_MAP_MODULE struct { // total size is 40 (0x28)
DwVersion uint32
_Reserved1 [5]uint32
PbMultiText uintptr
CbMultiText uint32
CMap uint32
PMap []VMMDLL_MAP_MODULEENTRY
}
type VMMDLL_MAP_MODULEENTRY struct {
VaBase uint64
VaEntry uint64
CbImageSize uint32
FWoW64 uint32
WszText *string
_Reserved3 uint32
_Reserved4 uint32
WszFullName *string
Tp uint32
CbFileSizeRaw uint32
CSection uint32
CEAT uint32
CIAT uint32
_Reserved2 uint32
_Reserved1 [3]uint64
pExDebugInfo uintptr
pExVersionInfo uintptr
}
type VMMDLL_MAP_VAD struct {
DwVersion uint32
_Reserved1 [4]uint32
CPage uint32
PbMultiText uintptr
CbMultiText uint32
CMap uint32
PMap []VMMDLL_MAP_VADENTRY
}
type vMMDLL_MAP_VAD struct {
DwVersion uint32
_Reserved1 [4]uint32
CPage uint32
PbMultiText uintptr
CbMultiText uint32
CMap uint32
PMap [1024]VMMDLL_MAP_VADENTRY
}
type VMMDLL_MAP_VADENTRY struct {
VaStart uintptr
VaEnd uintptr
VaVad uintptr
Dw0 uint32
Dw1 uint32
Dwu2 uint32
CbPrototypePte uint32
VaPrototypePte uintptr
VaSubsection uintptr
UszText *string
_FutureUse1 uint32
_Reserved1 uint32
VaFileObject uintptr
CVadExPages uint32
CVadExPagesBase uint32
_Reserved2 uintptr
}
type VMMDLL_MAP_POOL struct {
DwVersion uint32
_Reserved1 [6]uint32
CbTotal uint32
PiTag2Map *uint32
PTag *VMMDLL_MAP_POOLENTRYTAG
CTag uint32
CMap uint32
PMap []VMMDLL_MAP_POOLENTRY
}
type VMMDLL_MAP_POOL_oneelement struct {
DwVersion uint32
_Reserved1 [6]uint32
CbTotal uint32
PiTag2Map *uint32
PTag *VMMDLL_MAP_POOLENTRYTAG
CTag uint32
CMap uint32
PMap [1024]VMMDLL_MAP_POOLENTRY
}
type VMMDLL_MAP_POOLENTRYTAG struct {
// size: 16
DwTag uint32
_Filler uint32
CEntry uint32
ITag2Map uint32
}
type VMMDLL_MAP_POOLENTRY struct {
// total size: 24
VA uintptr
DwTag uint32
_ReservedZero byte
FAlloc byte
TpPool byte
TpSS byte
Cb uint32
_Filler uint32
}