# winapi 리스트
VirtualAlloc - Allocate memory on current process
[**MSDN**](https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualalloc)
[**PInvoke.net**](https://pinvoke.net/default.aspx/kernel32/VirtualAlloc.html)
**시그니쳐**
```
LPVOID VirtualAlloc(
LPVOID lpAddress,
SIZE_T dwSize,
DWORD flAllocationType,
DWORD flProtect
);
```
**파라미터**
* `lpAddress` - Address of the memory to be allocated
* 0 = API chooses the location automatically
* `dwSize` - Size of the allocation
* `flAllocationType` - Memory allocation type
* Usually `MEM_COMMIT | MEM_RESERVE` = `0x3000`
* flProtect = Memory Protection constants - [link](https://docs.microsoft.com/en-us/windows/win32/memory/memory-protection-constants#constants)
* 0x20 = RX
* 0x40 = RWX
* 0x04 = RW
VirtualAllocEx - Allocate memory on a remote process
[**MSDN**](https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualallocex)
[**PInvoke.net**](https://pinvoke.net/default.aspx/kernel32/VirtualAllocEx.html)
**시그니쳐**
```
LPVOID VirtualAllocEx(
HANDLE hProcess,
LPVOID lpAddress,
SIZE_T dwSize,
DWORD flAllocationType,
DWORD flProtect
);
```
**파라미터**
* `hProcess` - Target process's handle
* `lpAddress` - Start address to allocate the memory
* 0 = VirtualAllocEx automatically chooses the starting address for us (checkout DripLoader)
* `dwSize` - Length/Amount of memory to allocate
* `flAllocationType` - Typo of memory allocation. Usually `MEM_COMMIT | MEM_RESERVE = 0x3000`
* `flProtect` = Memory Protection constants - [link](https://docs.microsoft.com/en-us/windows/win32/memory/memory-protection-constants#constants)
* 0x20 = RX
* 0x40 = RWX
* 0x04 = RW
OpenProcess - Retrieve a handle to a remote process based on PID
[**MSDN**](https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess)
[**PInvoke.net**](https://pinvoke.net/default.aspx/kernel32/OpenProcess.html)
**시그니쳐**
```
HANDLE OpenProcess(
DWORD dwDesiredAccess,
BOOL bInheritHandle,
DWORD dwProcessId
);
```
**파라미터**
* `dwDesiredAccess` - Access right to obtain in target process. Usually `PROCESS_ALL_ACCESS (0x001F0FF)`
* `bInheritHandle` - True/False on whether the handle can be inherited to child process or not. Usually `False`, because we just don't care.
* `dwProcessId` - Target process's PID
VirtualProtect - Change memory protection
[**MSDN**](https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualprotect)
[**PInvoke.net**](https://pinvoke.net/default.aspx/kernel32/VirtualProtect.html)
**시그니쳐**
```
BOOL VirtualProtect(
LPVOID lpAddress,
SIZE_T dwSize,
DWORD flNewProtect,
PDWORD lpflOldProtect
);
```
**파라미터**
* `lpAddress` - Pointer to the start of the memory address
* `dwSize` - Size of the memory to change the protection, in bytes.
* Usually lpAddress + dwSize, or the shellcode's length
* `flNewProtect` - Memory protection constant
* `lpflOldProtect` - Pointer to a variable with current memory protection. Usually just `0`.
VirtualProtectEx - Change memory protection of a remote process
###
### **VirtualAlloc**
#### **MSDN**
#### **PInvoke.net**
#### **시그니쳐**
```
```
#### 파라미터
* a
* b
\---
### **VirtualAlloc**
#### **MSDN**
#### **PInvoke.net**
#### **시그니쳐**
```
```
#### 파라미터
* a
* b
\---
### **VirtualAlloc**
#### **MSDN**
#### **PInvoke.net**
#### **시그니쳐**
```
```
#### 파라미터
* a
* b
\---
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://www.xn--hy1b43d247a.com/misc/winapi-list.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.