NtAllocateVirtualMemoryEx definition

Question

I am implementing a memory management tool by hooking into memory APIs, when i come to NtAllocateVirtualMemoryEx, i tried to find its definition on google but found nothing, however NtAllocateVirtualMemory is clearly defined at https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-ntallocatevirtualmemory, is there anyone knowing its details?

Answer 1

ZwAllocateVirtualMemoryEx defined in ntifs.h

#if (NTDDI_VERSION >= NTDDI_WIN10_RS5)
_Must_inspect_result_
_IRQL_requires_max_(PASSIVE_LEVEL)
_When_(return==0, __drv_allocatesMem(Region))
NTSYSAPI
NTSTATUS
NTAPI
ZwAllocateVirtualMemoryEx(
    _In_ HANDLE ProcessHandle,
    _Inout_ _At_ (*BaseAddress, _Readable_bytes_ (*RegionSize) _Writable_bytes_ (*RegionSize) _Post_readable_byte_size_ (*RegionSize)) PVOID* BaseAddress,
    _Inout_ PSIZE_T RegionSize,
    _In_ ULONG AllocationType,
    _In_ ULONG PageProtection,
    _Inout_updates_opt_(ExtendedParameterCount) PMEM_EXTENDED_PARAMETER ExtendedParameters,
    _In_ ULONG ExtendedParameterCount
    );
#endif

MEM_EXTENDED_PARAMETER and all api by fact have the same usage as VirtualAlloc2. the VirtualAlloc2 is only thin shell over ZwAllocateVirtualMemoryEx

interesting that VirtualAlloc2 defined in memoryapi.h under condition

#if (NTDDI_VERSION >= NTDDI_WIN10_RS4)

but ZwAllocateVirtualMemoryEx declared with condition

#if (NTDDI_VERSION >= NTDDI_WIN10_RS5)

however howminimum one of this condition is mistake - because VirtualAlloc2 call ZwAllocateVirtualMemoryEx - if VirtualAlloc2 available - ZwAllocateVirtualMemoryEx available too.

also was mistake in msdn:

• Library Kernel32.lib
• DLL Kernel32.dll

really VirtualAlloc2 not exported by kernel32.dll and not defined in kernel32.lib

need use mincore.lib or mmos.lib which import this api from api-ms-win-core-memory-l1-1-6.dll (resolved to kernelbase.dll now)