I am implementing a memory management tool by hooking into memory APIs, when i come to NtAllocateVirtualMemoryEx, i tried to find its definition on google but found nothing, however NtAllocateVirtualMemory is clearly defined at https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-ntallocatevirtualmemory, is there anyone knowing its details?
ZwAllocateVirtualMemoryEx defined in ntifs.h
#if (NTDDI_VERSION >= NTDDI_WIN10_RS5)
_Must_inspect_result_
_IRQL_requires_max_(PASSIVE_LEVEL)
_When_(return==0, __drv_allocatesMem(Region))
NTSYSAPI
NTSTATUS
NTAPI
ZwAllocateVirtualMemoryEx(
_In_ HANDLE ProcessHandle,
_Inout_ _At_ (*BaseAddress, _Readable_bytes_ (*RegionSize) _Writable_bytes_ (*RegionSize) _Post_readable_byte_size_ (*RegionSize)) PVOID* BaseAddress,
_Inout_ PSIZE_T RegionSize,
_In_ ULONG AllocationType,
_In_ ULONG PageProtection,
_Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters,
_In_ ULONG ExtendedParameterCount
);
#endif
MEM_EXTENDED_PARAMETER and all api by fact have the same usage as VirtualAlloc2. the VirtualAlloc2 is only thin shell over ZwAllocateVirtualMemoryEx
interesting that VirtualAlloc2 defined in memoryapi.h under condition
#if (NTDDI_VERSION >= NTDDI_WIN10_RS4)
but ZwAllocateVirtualMemoryEx declared with condition
#if (NTDDI_VERSION >= NTDDI_WIN10_RS5)
however howminimum one of this condition is mistake - because VirtualAlloc2 call ZwAllocateVirtualMemoryEx - if VirtualAlloc2 available - ZwAllocateVirtualMemoryEx available too.
also was mistake in msdn:
- Library Kernel32.lib
- DLL Kernel32.dll
really VirtualAlloc2 not exported by kernel32.dll and not defined in kernel32.lib
need use mincore.lib or mmos.lib which import this api from api-ms-win-core-memory-l1-1-6.dll (resolved to kernelbase.dll now)