NtCreateSection

file.go

@@ -906,6 +906,12 @@ const (
 	FILE_PIPE_CLIENT_END = 0x00000000
 	FILE_PIPE_SERVER_END = 0x00000001
 
+
+	FILE_SHARE_READ        = 0x00000001
+	FILE_SHARE_WRITE       = 0x00000002
+	FILE_SHARE_DELETE      = 0x00000004
+	FILE_SHARE_VALID_FLAGS = 0x00000007
+
 	FILE_LIST_DIRECTORY       = 0x00000001
 	FILE_READ_DATA            = 0x00000001
 	FILE_ADD_FILE             = 0x00000002
@@ -927,4 +933,5 @@ const (
 	FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE
 	FILE_GENERIC_READ    = STANDARD_RIGHTS_READ | FILE_READ_DATA | FILE_READ_ATTRIBUTES | FILE_READ_EA | SYNCHRONIZE
 	FILE_GENERIC_WRITE   = STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | SYNCHRONIZE
+
 )

object.go

@@ -90,6 +90,19 @@ NTSTATUS NtDuplicateObject (
 );
 */
 
+/*
+func:
+NTSTATUS NtCreateSection (
+  _Out_ PHANDLE SectionHandle,
+  _In_ ACCESS_MASK DesiredAccess,
+  _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
+  _In_opt_ PLARGE_INTEGER MaximumSize,
+  _In_ ULONG SectionPageProtection,
+  _In_ ULONG AllocationAttributes,
+  _In_opt_ HANDLE FileHandle
+);
+*/
+
 /*
 type:
 typedef struct _OBJECT_ATTRIBUTES {
@@ -287,4 +300,32 @@ const (
 	KEY_WRITE      = ((STANDARD_RIGHTS_WRITE | KEY_SET_VALUE | KEY_CREATE_SUB_KEY) &^ SYNCHRONIZE)
 	KEY_EXECUTE    = ((KEY_READ) &^ SYNCHRONIZE)
 	KEY_ALL_ACCESS = ((STANDARD_RIGHTS_ALL | KEY_QUERY_VALUE | KEY_SET_VALUE | KEY_CREATE_SUB_KEY | KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY | KEY_CREATE_LINK) &^ SYNCHRONIZE)
+
+	SECTION_QUERY       = 0x000001
+	SECTION_MAP_WRITE   = 0x000002
+	SECTION_MAP_READ    = 0x000004
+	SECTION_MAP_EXECUTE = 0x000008
+	SECTION_EXTEND_SIZE = 0x000010
+	SECTION_ALL_ACCESS  = 0x0F001F
+
+	PAGE_NOACCESS          = 0x0001
+	PAGE_READONLY          = 0x0002
+	PAGE_READWRITE         = 0x0004
+	PAGE_WRITECOPY         = 0x0008
+	PAGE_EXECUTE           = 0x0010
+	PAGE_EXECUTE_READ      = 0x0020
+	PAGE_EXECUTE_READWRITE = 0x0040
+	PAGE_EXECUTE_WRITECOPY = 0x0080
+	PAGE_GUARD             = 0x0100
+	PAGE_NOCACHE           = 0x0200
+
+	SEC_BASED     = 0x00200000
+	SEC_NO_CHANGE = 0x00400000
+	SEC_FILE      = 0x00800000
+	SEC_IMAGE     = 0x01000000
+	SEC_VLM       = 0x02000000
+	SEC_RESERVE   = 0x04000000
+	SEC_COMMIT    = 0x08000000
+	SEC_NOCACHE   = 0x10000000
+	MEM_IMAGE     = SEC_IMAGE
 )

object_generated.go

@@ -25,6 +25,7 @@ var (
 	procNtCreateDirectoryObject    = modntdll.NewProc("NtCreateDirectoryObject")
 	procNtQueryObject              = modntdll.NewProc("NtQueryObject")
 	procNtDuplicateObject          = modntdll.NewProc("NtDuplicateObject")
+	procNtCreateSection            = modntdll.NewProc("NtCreateSection")
 )
 
 // ObjectAttributes has been derived from the OBJECT_ATTRIBUTES struct definition.
@@ -233,3 +234,24 @@ func NtDuplicateObject(
 		uintptr(Options))
 	return NtStatus(r0)
 }
+
+// OUT-parameter: SectionHandle.
+// *OPT-parameter: ObjectAttributes, MaximumSize, FileHandle.
+func NtCreateSection(
+	SectionHandle *Handle,
+	DesiredAccess AccessMask,
+	ObjectAttributes *ObjectAttributes,
+	MaximumSize *int64,
+	SectionPageProtection uint32,
+	AllocationAttributes uint32,
+	FileHandle Handle,
+) NtStatus {
+	r0, _, _ := procNtCreateSection.Call(uintptr(unsafe.Pointer(SectionHandle)),
+		uintptr(DesiredAccess),
+		uintptr(unsafe.Pointer(ObjectAttributes)),
+		uintptr(unsafe.Pointer(MaximumSize)),
+		uintptr(SectionPageProtection),
+		uintptr(AllocationAttributes),
+		uintptr(FileHandle))
+	return NtStatus(r0)
+}