NtMapViewOfSection - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTMMAPI_H
// Sections
#if (PHNT_MODE != PHNT_MODE_KERNEL)

NTSYSCALLAPI
NTSTATUS
NTAPI
NtMapViewOfSection(
    _In_ HANDLE SectionHandle,
    _In_ HANDLE ProcessHandle,
    _Inout_ _At_(*BaseAddress, _Readable_bytes_(*ViewSize) _Writable_bytes_(*ViewSize) _Post_readable_byte_size_(*ViewSize)) PVOID *BaseAddress,
    _In_ ULONG_PTR ZeroBits,
    _In_ SIZE_T CommitSize,
    _Inout_opt_ PLARGE_INTEGER SectionOffset,
    _Inout_ PSIZE_T ViewSize,
    _In_ SECTION_INHERIT InheritDisposition,
    _In_ ULONG AllocationType,
    _In_ ULONG Win32Protect
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwMapViewOfSection(
    _In_ HANDLE SectionHandle,
    _In_ HANDLE ProcessHandle,
    _Inout_ _At_(*BaseAddress, _Readable_bytes_(*ViewSize) _Writable_bytes_(*ViewSize) _Post_readable_byte_size_(*ViewSize)) PVOID *BaseAddress,
    _In_ ULONG_PTR ZeroBits,
    _In_ SIZE_T CommitSize,
    _Inout_opt_ PLARGE_INTEGER SectionOffset,
    _Inout_ PSIZE_T ViewSize,
    _In_ SECTION_INHERIT InheritDisposition,
    _In_ ULONG AllocationType,
    _In_ ULONG Win32Protect
    );

#endif

View code on GitHub

This function is documented in Windows Driver Kit.

Function NtMapViewOfSection maps specified part of Section Object into process memory.

SectionHandle

HANDLE to Section Object opened with one or more from SECTION_MAP_EXECUTE, SECTION_MAP_READ, SECTION_MAP_WRITE attributes.

ProcessHandle

HANDLE to Process Object opened with PROCESS_VM_OPERATION access.

*BaseAddress

Pointer to variable receiving virtual address of mapped memory. If this value is not NULL, system tries to allocate memory from specified value.

ZeroBits

Indicates how many high bits must not be set in BaseAddress.

CommitSize

Size of initially committed memory, in bytes.

SectionOffset

Pointer to begin of mapped block in section. This value must be rounded up to X64K block size (0x10000 on X86).

ViewSize

Pointer to size of mapped block, in bytes. This value is rounded up to page size (0x1000 on x86).

InheritDisposition

How do child processes inherit mapped section. See description of enumeration type SECTION_INHERIT.

AllocationType

Can be one of:

Protect

Page protection. Can be one of:

Documented by

See also

Edit description on GitHub