2023-02-16 16:01:21 +00:00
|
|
|
/***
|
|
|
|
Copyright (C) 2023 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
|
|
|
|
|
|
|
File: AuProcAddresses.NT.hpp
|
|
|
|
Date: 2023-2-16
|
|
|
|
Author: Reece
|
|
|
|
***/
|
|
|
|
#pragma once
|
|
|
|
|
2023-07-24 11:48:42 +00:00
|
|
|
struct _PROCESS_MEMORY_COUNTERS;
|
2023-08-27 16:43:29 +00:00
|
|
|
struct _tagSTACKFRAME64;
|
|
|
|
struct _MINIDUMP_EXCEPTION_INFORMATION;
|
|
|
|
struct _MINIDUMP_USER_STREAM_INFORMATION;
|
|
|
|
struct _IMAGEHLP_LINE64;
|
|
|
|
struct _tagADDRESS64;
|
|
|
|
struct _MINIDUMP_CALLBACK_INFORMATION;
|
|
|
|
struct _MIB_IPADDRTABLE;
|
|
|
|
struct _IP_ADAPTER_INFO;
|
2023-09-13 01:27:18 +00:00
|
|
|
struct _CREATEFILE2_EXTENDED_PARAMETERS;
|
2023-10-11 01:13:49 +00:00
|
|
|
struct _EXPLICIT_ACCESS_A;
|
|
|
|
struct _ACL;
|
2023-12-05 18:44:38 +00:00
|
|
|
struct _SP_DEVINFO_DATA;
|
|
|
|
struct _SP_DEVICE_INTERFACE_DATA;
|
|
|
|
struct _SP_DEVICE_INTERFACE_DETAIL_DATA_W;
|
|
|
|
struct _NETRESOURCEW;
|
2023-12-28 21:00:07 +00:00
|
|
|
enum _TOKEN_INFORMATION_CLASS;
|
2023-10-11 01:13:49 +00:00
|
|
|
enum _SE_OBJECT_TYPE;
|
2023-08-27 16:43:29 +00:00
|
|
|
enum _MINIDUMP_TYPE;
|
2023-12-22 05:01:04 +00:00
|
|
|
enum _OBJECT_WAIT_TYPE;
|
2023-12-28 21:00:07 +00:00
|
|
|
enum _SE_OBJECT_TYPE;
|
2024-03-12 22:50:22 +00:00
|
|
|
enum _PROCESS_INFORMATION_CLASS;
|
2023-08-27 16:43:29 +00:00
|
|
|
|
2023-12-19 03:43:11 +00:00
|
|
|
//#if defined(AURORA_COMPILER_MSVC)
|
2023-08-27 16:43:29 +00:00
|
|
|
struct _IP_ADAPTER_ADDRESSES_LH;
|
|
|
|
struct _IP_ADAPTER_ADDRESSES_XP;
|
|
|
|
#if (NTDDI_VERSION >= NTDDI_VISTA)
|
|
|
|
typedef _IP_ADAPTER_ADDRESSES_LH IP_ADAPTER_ADDRESSES;
|
|
|
|
typedef _IP_ADAPTER_ADDRESSES_LH *PIP_ADAPTER_ADDRESSES;
|
|
|
|
#elif (NTDDI_VERSION >= NTDDI_WINXP)
|
|
|
|
typedef _IP_ADAPTER_ADDRESSES_XP IP_ADAPTER_ADDRESSES;
|
|
|
|
typedef _IP_ADAPTER_ADDRESSES_XP *PIP_ADAPTER_ADDRESSES;
|
|
|
|
#else
|
|
|
|
typedef _IP_ADAPTER_ADDRESSES_XP IP_ADAPTER_ADDRESSES;
|
|
|
|
typedef _IP_ADAPTER_ADDRESSES_XP *PIP_ADAPTER_ADDRESSES;
|
|
|
|
#endif
|
2023-12-19 03:43:11 +00:00
|
|
|
//#endif
|
2023-07-24 11:48:42 +00:00
|
|
|
|
2023-12-28 21:00:07 +00:00
|
|
|
|
|
|
|
typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
|
|
|
|
typedef STRING LSA_STRING, *PLSA_STRING;
|
|
|
|
typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
|
|
|
|
typedef PVOID LSA_HANDLE, *PLSA_HANDLE;
|
|
|
|
|
|
|
|
struct CREDUI_INFOW
|
|
|
|
{
|
|
|
|
DWORD cbSize;
|
|
|
|
HWND hwndParent;
|
|
|
|
PCWSTR pszMessageText;
|
|
|
|
PCWSTR pszCaptionText;
|
|
|
|
HBITMAP hbmBanner;
|
|
|
|
};
|
|
|
|
|
2023-02-16 16:01:21 +00:00
|
|
|
namespace Aurora
|
|
|
|
{
|
|
|
|
void InitNTAddresses();
|
2023-12-07 19:00:14 +00:00
|
|
|
void InitNTAddressesForClock();
|
2023-02-16 16:01:21 +00:00
|
|
|
|
2023-07-09 10:26:17 +00:00
|
|
|
static const wchar_t *kSyncDllName { L"API-MS-Win-Core-Synch-l1-2-0.dll" };
|
|
|
|
static const wchar_t *kNtDllName { L"NTDLL.dll" };
|
|
|
|
static const wchar_t *kKernel32DllName { L"Kernel32.dll" };
|
|
|
|
static const wchar_t *kKernelBaseDllName { L"KernelBase.dll" };
|
|
|
|
static const wchar_t *kWS2DllName { L"Ws2_32.dll" };
|
|
|
|
static const wchar_t *kAdvancedApiDllName { L"Advapi32.dll" };
|
|
|
|
static const wchar_t *kBCryptDllName { L"bcrypt.dll" };
|
2023-07-24 06:17:08 +00:00
|
|
|
static const wchar_t *kThemeDllName { L"UxTheme.dll" };
|
|
|
|
static const wchar_t *kShellDllName { L"Shell32.dll" };
|
2023-07-24 11:48:42 +00:00
|
|
|
static const wchar_t *kPSAPILegacyDllName { L"psapi.dll" };
|
2023-08-27 16:43:29 +00:00
|
|
|
static const wchar_t *kDbgHelperDllName { L"dbghelp.dll" };
|
|
|
|
static const wchar_t *kWinTrustDllName { L"WINTRUST.dll" };
|
|
|
|
static const wchar_t *kIPHelperDllName { L"IPHLPAPI.dll" };
|
2023-09-17 20:33:14 +00:00
|
|
|
static const wchar_t *kCOMDllName { L"ole32.dll" };
|
2023-10-12 23:10:44 +00:00
|
|
|
static const wchar_t *kUser32DllName { L"User32.dll" };
|
2023-12-05 18:44:38 +00:00
|
|
|
static const wchar_t *kSetupAPIDllName { L"SETUPAPI.dll" };
|
|
|
|
static const wchar_t *kRouterDllName { L"MPR.dll" };
|
2023-12-28 21:00:07 +00:00
|
|
|
static const wchar_t *kCredUIDllName { L"credui.dll" };
|
2023-08-27 16:43:29 +00:00
|
|
|
|
2023-07-09 09:03:29 +00:00
|
|
|
struct WIN32_MEMORY_RANGE_ENTRY2
|
|
|
|
{
|
|
|
|
PVOID VirtualAddress;
|
|
|
|
SIZE_T NumberOfBytes;
|
|
|
|
};
|
|
|
|
|
|
|
|
enum class THREAD_INFORMATION_CLASS
|
|
|
|
{
|
|
|
|
ThreadMemoryPriority,
|
|
|
|
ThreadAbsoluteCpuPriority,
|
|
|
|
ThreadDynamicCodePolicy,
|
|
|
|
ThreadPowerThrottling,
|
|
|
|
ThreadInformationClassMax
|
|
|
|
};
|
2023-02-16 16:01:21 +00:00
|
|
|
|
2023-07-13 19:00:28 +00:00
|
|
|
inline BOOL(__stdcall *pWaitOnAddress)(
|
2023-07-09 09:03:29 +00:00
|
|
|
volatile VOID * Address,
|
|
|
|
PVOID CompareAddress,
|
|
|
|
SIZE_T AddressSize,
|
|
|
|
DWORD dwMilliseconds
|
2023-02-16 16:01:21 +00:00
|
|
|
);
|
|
|
|
|
2023-07-13 19:00:28 +00:00
|
|
|
inline void(__stdcall *pWakeByAddressSingle)(
|
2023-07-09 09:03:29 +00:00
|
|
|
PVOID Address
|
2023-02-16 16:01:21 +00:00
|
|
|
);
|
|
|
|
|
2023-07-13 19:00:28 +00:00
|
|
|
inline void(__stdcall *pWakeByAddressAll)(
|
2023-07-09 09:03:29 +00:00
|
|
|
PVOID Address
|
2023-02-16 16:01:21 +00:00
|
|
|
);
|
|
|
|
|
2023-12-22 05:01:04 +00:00
|
|
|
inline NTSTATUS(__stdcall *pNtWaitForMultipleObjects)(
|
|
|
|
ULONG ObjectCount,
|
|
|
|
PHANDLE ObjectsArray,
|
|
|
|
_OBJECT_WAIT_TYPE WaitType,
|
|
|
|
BOOLEAN Alertable,
|
|
|
|
AuUInt64 * pTimeOut
|
|
|
|
);
|
|
|
|
|
2023-12-05 18:44:38 +00:00
|
|
|
inline NTSTATUS(__stdcall *pNtQuerySymbolicLinkObject)(
|
|
|
|
HANDLE LinkHandle,
|
|
|
|
PUNICODE_STRING LinkTarget,
|
|
|
|
PULONG ReturnedLength
|
|
|
|
);
|
|
|
|
|
|
|
|
inline NTSTATUS(__stdcall *pNtOpenSymbolicLinkObject)(
|
|
|
|
PHANDLE LinkHandle,
|
|
|
|
ACCESS_MASK DesiredAccess,
|
|
|
|
POBJECT_ATTRIBUTES ObjectAttributes
|
|
|
|
);
|
|
|
|
|
2023-07-13 19:00:28 +00:00
|
|
|
inline DWORD(__stdcall *pNtDelayExecution)(
|
2023-07-09 09:03:29 +00:00
|
|
|
BOOLEAN Alertable,
|
|
|
|
PLARGE_INTEGER DelayInterval
|
2023-02-16 16:01:21 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline PVOID(__stdcall *pVirtualAlloc2)(
|
2023-07-09 09:03:29 +00:00
|
|
|
HANDLE Process,
|
|
|
|
PVOID BaseAddress,
|
|
|
|
SIZE_T Size,
|
|
|
|
ULONG AllocationType,
|
|
|
|
ULONG PageProtection,
|
|
|
|
MEM_EXTENDED_PARAMETER * ExtendedParameters,
|
|
|
|
ULONG ParameterCount
|
2023-02-16 16:01:21 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline PVOID(__stdcall *pMapViewOfFile3)(
|
2023-07-09 09:03:29 +00:00
|
|
|
HANDLE FileMapping,
|
|
|
|
HANDLE Process,
|
|
|
|
PVOID BaseAddress,
|
|
|
|
ULONG64 Offset,
|
|
|
|
SIZE_T ViewSize,
|
|
|
|
ULONG AllocationType,
|
|
|
|
ULONG PageProtection,
|
|
|
|
MEM_EXTENDED_PARAMETER * ExtendedParameters,
|
|
|
|
ULONG ParameterCount
|
2023-02-16 16:01:21 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline PVOID(__stdcall *pUnmapViewOfFile2)(
|
2023-07-09 09:03:29 +00:00
|
|
|
HANDLE Process,
|
|
|
|
PVOID BaseAddress,
|
|
|
|
ULONG UnmapFlags
|
2023-02-16 16:01:21 +00:00
|
|
|
);
|
|
|
|
|
2023-03-15 00:35:29 +00:00
|
|
|
inline NTSTATUS(__stdcall *pNtWaitForKeyedEvent)(
|
2023-07-09 09:03:29 +00:00
|
|
|
HANDLE Handle,
|
|
|
|
PVOID Key,
|
|
|
|
BOOLEAN Alertable,
|
|
|
|
PLARGE_INTEGER NTTimeout
|
2023-03-15 00:35:29 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline NTSTATUS(__stdcall *pNtReleaseKeyedEvent)(
|
2023-07-09 09:03:29 +00:00
|
|
|
HANDLE Handle,
|
|
|
|
PVOID Key,
|
|
|
|
BOOLEAN Alertable,
|
|
|
|
PLARGE_INTEGER NTTimeout
|
2023-03-15 00:35:29 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline NTSTATUS(__stdcall *pNtCreateKeyedEvent)(
|
2023-07-09 09:03:29 +00:00
|
|
|
HANDLE Handle,
|
|
|
|
ACCESS_MASK Access,
|
|
|
|
POBJECT_ATTRIBUTES Attr,
|
|
|
|
ULONG Flags
|
2023-03-15 00:35:29 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline NTSTATUS(__stdcall *pNtOpenKeyedEvent)(
|
2023-07-09 09:03:29 +00:00
|
|
|
HANDLE Handle,
|
|
|
|
ACCESS_MASK Access,
|
|
|
|
POBJECT_ATTRIBUTES Attr,
|
|
|
|
ULONG Flags
|
2023-03-15 00:35:29 +00:00
|
|
|
);
|
2023-06-15 19:44:27 +00:00
|
|
|
|
|
|
|
inline NTSTATUS(__stdcall *pRtlWaitOnAddress)(
|
2023-07-09 09:03:29 +00:00
|
|
|
const void * addr,
|
|
|
|
const void * cmp,
|
|
|
|
SIZE_T size,
|
2023-09-09 14:29:12 +00:00
|
|
|
const LARGE_INTEGER * timeout
|
|
|
|
);
|
|
|
|
|
|
|
|
inline void(__stdcall *pRtlWakeByAddressAll)(
|
|
|
|
const void * addr
|
|
|
|
);
|
|
|
|
|
|
|
|
inline void(__stdcall *pRtlWakeAddressSingle)(
|
|
|
|
const void * addr
|
|
|
|
);
|
2023-03-15 00:35:29 +00:00
|
|
|
|
2023-02-16 16:01:21 +00:00
|
|
|
#if defined(AURORA_PLATFORM_WIN32)
|
2023-07-09 09:02:21 +00:00
|
|
|
inline NTSTATUS(__stdcall *pRtlGetVersion)(
|
2023-07-09 09:03:29 +00:00
|
|
|
PRTL_OSVERSIONINFOW lpVersionInformation
|
2023-02-16 16:01:21 +00:00
|
|
|
);
|
|
|
|
#endif
|
2023-06-15 19:44:27 +00:00
|
|
|
|
2023-09-13 13:17:45 +00:00
|
|
|
inline HANDLE(__stdcall *pCreateFile2W)(
|
2023-09-13 01:27:18 +00:00
|
|
|
LPCWSTR lpFileName,
|
|
|
|
DWORD dwDesiredAccess,
|
|
|
|
DWORD dwShareMode,
|
|
|
|
DWORD dwCreationDisposition,
|
|
|
|
_CREATEFILE2_EXTENDED_PARAMETERS *pCreateExParams
|
|
|
|
);
|
|
|
|
|
|
|
|
inline HANDLE(__stdcall *pCreateFileW)(
|
2023-12-21 14:27:35 +00:00
|
|
|
LPCWSTR lpFileName,
|
|
|
|
DWORD dwDesiredAccess,
|
|
|
|
DWORD dwShareMode,
|
|
|
|
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
|
|
|
|
DWORD dwCreationDisposition,
|
|
|
|
DWORD dwFlagsAndAttributes,
|
|
|
|
HANDLE hTemplateFile
|
2023-09-13 01:27:18 +00:00
|
|
|
);
|
|
|
|
|
2024-04-09 22:39:00 +00:00
|
|
|
inline HANDLE(__stdcall *pCreateFileMappingA)(
|
|
|
|
HANDLE hFile,
|
|
|
|
LPSECURITY_ATTRIBUTES lpFileMappingAttributes,
|
|
|
|
DWORD flProtect,
|
|
|
|
DWORD dwMaximumSizeHigh,
|
|
|
|
DWORD dwMaximumSizeLow,
|
|
|
|
LPCSTR lpName
|
|
|
|
);
|
|
|
|
|
|
|
|
inline HANDLE(__stdcall *pCreateFileMappingFromApp)(
|
|
|
|
HANDLE hFile,
|
|
|
|
PSECURITY_ATTRIBUTES SecurityAttributes,
|
|
|
|
ULONG PageProtection,
|
|
|
|
ULONG64 MaximumSize,
|
|
|
|
PCWSTR Name
|
|
|
|
);
|
|
|
|
|
|
|
|
inline HANDLE(__stdcall *pOpenFileMappingA)(
|
|
|
|
ULONG DesiredAccess,
|
|
|
|
BOOL InheritHandle,
|
|
|
|
LPCSTR Name
|
|
|
|
);
|
|
|
|
|
|
|
|
inline HANDLE(__stdcall *pOpenFileMappingFromApp)(
|
|
|
|
ULONG DesiredAccess,
|
|
|
|
BOOL InheritHandle,
|
|
|
|
PCWSTR Name
|
|
|
|
);
|
|
|
|
|
|
|
|
inline LPVOID(__stdcall *pMapViewOfFile)(
|
|
|
|
HANDLE hFileMappingObject,
|
|
|
|
DWORD dwDesiredAccess,
|
|
|
|
DWORD dwFileOffsetHigh,
|
|
|
|
DWORD dwFileOffsetLow,
|
|
|
|
SIZE_T dwNumberOfBytesToMap
|
|
|
|
);
|
|
|
|
|
|
|
|
inline LPVOID(__stdcall *pMapViewOfFileFromApp)(
|
|
|
|
HANDLE hFileMappingObject,
|
|
|
|
ULONG DesiredAccess,
|
|
|
|
ULONG64 FileOffset,
|
|
|
|
SIZE_T dwNumberOfBytesToMap
|
|
|
|
);
|
|
|
|
|
2023-07-28 13:09:23 +00:00
|
|
|
inline NTSTATUS(__stdcall *pNtNotifyChangeDirectoryFile)(
|
|
|
|
HANDLE FileHandle,
|
|
|
|
HANDLE Event,
|
|
|
|
PIO_APC_ROUTINE ApcRoutine,
|
|
|
|
PVOID ApcContext,
|
|
|
|
PIO_STATUS_BLOCK IoStatusBlock,
|
|
|
|
PVOID Buffer,
|
|
|
|
ULONG BufferSize,
|
|
|
|
ULONG CompletionFilter,
|
|
|
|
BOOLEAN WatchTree
|
|
|
|
);
|
|
|
|
|
2023-08-19 12:30:44 +00:00
|
|
|
inline NTSTATUS(__stdcall *pNtTerminateProcess)(
|
|
|
|
HANDLE ProcessHandle,
|
|
|
|
NTSTATUS ExitStatus
|
|
|
|
);
|
|
|
|
|
2023-07-09 09:02:21 +00:00
|
|
|
inline BOOL(__stdcall *pGetSystemCpuSetInformation)(
|
|
|
|
PSYSTEM_CPU_SET_INFORMATION Information,
|
2023-07-09 09:03:29 +00:00
|
|
|
ULONG BufferLength,
|
|
|
|
PULONG ReturnedLength,
|
|
|
|
HANDLE Process,
|
|
|
|
ULONG Flags
|
2023-07-09 09:02:21 +00:00
|
|
|
);
|
|
|
|
|
2023-07-09 09:03:29 +00:00
|
|
|
inline BOOL(__stdcall *pGetLogicalProcessorInformation)(
|
2023-07-09 09:02:21 +00:00
|
|
|
PSYSTEM_LOGICAL_PROCESSOR_INFORMATION Buffer,
|
2023-07-09 09:03:29 +00:00
|
|
|
PDWORD ReturnedLength
|
|
|
|
);
|
|
|
|
|
|
|
|
inline HRESULT(__stdcall *pSetThreadDescription)(
|
|
|
|
HANDLE hThread,
|
|
|
|
PCWSTR lpThreadDescription
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pSetThreadInformation)(
|
|
|
|
HANDLE hThread,
|
|
|
|
THREAD_INFORMATION_CLASS ThreadInformationClass,
|
|
|
|
LPVOID ThreadInformation,
|
|
|
|
DWORD ThreadInformationSize
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pSetThreadSelectedCpuSets)(
|
|
|
|
HANDLE Thread,
|
|
|
|
const ULONG * CpuSetIds,
|
|
|
|
ULONG CpuSetIdCount
|
|
|
|
);
|
2023-07-14 15:31:47 +00:00
|
|
|
|
|
|
|
#if defined(AURORA_PLATFORM_WIN32)
|
|
|
|
inline BOOL(__stdcall *pSetThreadGroupAffinity)(
|
|
|
|
HANDLE hThread,
|
|
|
|
GROUP_AFFINITY * GroupAffinity,
|
|
|
|
PGROUP_AFFINITY PreviousGroupAffinity
|
|
|
|
);
|
|
|
|
#endif
|
|
|
|
|
2023-10-10 23:21:32 +00:00
|
|
|
inline BOOL(__stdcall *pRemoveDllDirectory)(
|
|
|
|
PVOID Cookie
|
|
|
|
);
|
|
|
|
|
|
|
|
inline PVOID(__stdcall *pAddDllDirectory)(
|
|
|
|
PCWSTR NewDirectory
|
|
|
|
);
|
2024-03-10 15:00:13 +00:00
|
|
|
|
|
|
|
inline DWORD(__stdcall *pGetTempPathW)(
|
|
|
|
DWORD nBufferLength,
|
|
|
|
LPWSTR lpBuffer
|
|
|
|
);
|
|
|
|
|
2024-03-12 22:50:22 +00:00
|
|
|
inline BOOL(__stdcall *pSetProcessInformation)(
|
|
|
|
HANDLE hProcess,
|
|
|
|
_PROCESS_INFORMATION_CLASS ProcessInformationClass,
|
|
|
|
LPVOID ProcessInformation,
|
|
|
|
DWORD ProcessInformationSize
|
|
|
|
);
|
|
|
|
|
2023-07-09 09:03:29 +00:00
|
|
|
inline BOOL(__stdcall *pPrefetchVirtualMemory)(
|
|
|
|
HANDLE hProcess,
|
|
|
|
ULONG_PTR NumberOfEntries,
|
|
|
|
WIN32_MEMORY_RANGE_ENTRY2 * VirtualAddresses,
|
|
|
|
ULONG Flags
|
2023-07-09 09:02:21 +00:00
|
|
|
);
|
|
|
|
|
2023-07-09 10:26:17 +00:00
|
|
|
inline BOOL(__stdcall *pCryptGenRandom)(
|
|
|
|
ULONG_PTR hProv,
|
|
|
|
DWORD dwLen,
|
2023-12-21 14:27:35 +00:00
|
|
|
BYTE * pbBuffer
|
2023-07-09 10:26:17 +00:00
|
|
|
);
|
|
|
|
|
2023-07-09 11:34:14 +00:00
|
|
|
inline NTSTATUS(__stdcall *pZwSetTimerResolution)(
|
|
|
|
ULONG RequestedResolution,
|
|
|
|
BOOLEAN Set,
|
|
|
|
PULONG ActualResolution
|
|
|
|
);
|
|
|
|
|
2023-07-11 16:58:20 +00:00
|
|
|
inline BOOLEAN(__stdcall *pRtlGenRandom)(
|
|
|
|
PVOID RandomBuffer,
|
|
|
|
ULONG RandomBufferLength
|
|
|
|
);
|
|
|
|
|
2023-07-24 06:17:08 +00:00
|
|
|
#if defined(AURORA_PLATFORM_WIN32)
|
|
|
|
inline NTSTATUS(__stdcall *pNtQueryInformationProcess)(
|
|
|
|
HANDLE ProcessHandle,
|
|
|
|
PROCESSINFOCLASS ProcessInformationClass,
|
|
|
|
PVOID ProcessInformation,
|
|
|
|
ULONG ProcessInformationLength,
|
|
|
|
PULONG ReturnLength
|
|
|
|
);
|
|
|
|
#endif
|
|
|
|
|
2023-08-27 16:43:29 +00:00
|
|
|
inline ULONGLONG(__stdcall *pVerSetConditionMask)(
|
|
|
|
ULONGLONG ConditionMask,
|
|
|
|
DWORD TypeMask,
|
|
|
|
BYTE Condition
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pVerifyVersionInfoW)(
|
|
|
|
LPOSVERSIONINFOEXW dwTypeMask,
|
|
|
|
DWORD TypeMask,
|
|
|
|
DWORDLONG dwlConditionMask
|
|
|
|
);
|
|
|
|
|
2023-07-24 06:17:08 +00:00
|
|
|
inline HRESULT(__stdcall *pSetWindowTheme)(
|
|
|
|
HWND hwnd,
|
|
|
|
LPCWSTR pszSubAppName,
|
|
|
|
LPCWSTR pszSubIdList
|
|
|
|
);
|
|
|
|
|
|
|
|
inline HANDLE(__stdcall *pFindFirstStreamW)(
|
|
|
|
LPCWSTR lpFileName,
|
|
|
|
STREAM_INFO_LEVELS InfoLevel,
|
|
|
|
LPVOID lpFindStreamData,
|
|
|
|
DWORD dwFlags
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pFindNextStreamW)(
|
|
|
|
HANDLE hFindStream,
|
|
|
|
LPVOID lpFindStreamData
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pFindClose)(
|
|
|
|
HANDLE hFindFile
|
|
|
|
);
|
|
|
|
|
2023-07-24 11:48:42 +00:00
|
|
|
inline BOOL(__stdcall *pCancelIoEx)(
|
|
|
|
HANDLE hFile,
|
|
|
|
LPOVERLAPPED lpOverlapped
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pCancelSynchronousIo)(
|
|
|
|
HANDLE hThread
|
|
|
|
);
|
2023-10-07 15:57:20 +00:00
|
|
|
|
|
|
|
#if 0
|
|
|
|
inline BOOL(__stdcall *pQueryPerformanceCounter)(
|
|
|
|
LARGE_INTEGER * lpPerformanceCount
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pQueryPerformanceFrequency)(
|
|
|
|
LARGE_INTEGER * lpPerformanceCount
|
|
|
|
);
|
|
|
|
#else // no one will notice
|
|
|
|
inline BOOL(__stdcall *pQueryPerformanceCounter)(
|
|
|
|
long long * lpPerformanceCount
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pQueryPerformanceFrequency)(
|
|
|
|
long long * lpPerformanceCount
|
|
|
|
);
|
|
|
|
#endif
|
2023-07-24 11:48:42 +00:00
|
|
|
|
|
|
|
inline BOOL(__stdcall *pGetProcessMemoryInfo)(
|
|
|
|
HANDLE Process,
|
|
|
|
::_PROCESS_MEMORY_COUNTERS *ppsmemCounters,
|
|
|
|
DWORD cb
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pSetFileInformationByHandle)(
|
|
|
|
HANDLE hFile,
|
|
|
|
FILE_INFO_BY_HANDLE_CLASS FileInformationClass,
|
|
|
|
LPVOID lpFileInformation,
|
|
|
|
DWORD dwBufferSize
|
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pGetLocaleInfoEx)(
|
|
|
|
LPCWSTR lpLocaleName,
|
|
|
|
LCTYPE LCType,
|
|
|
|
LPWSTR lpLCData,
|
|
|
|
int cchData
|
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pLCIDToLocaleName)(
|
|
|
|
LCID Locale,
|
|
|
|
LPWSTR lpName,
|
|
|
|
int cchName,
|
|
|
|
DWORD dwFlags
|
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pGetLocaleInfoW)(
|
|
|
|
LCID Locale,
|
|
|
|
LCTYPE LCType,
|
|
|
|
LPWSTR lpLCData,
|
|
|
|
int cchData
|
|
|
|
);
|
|
|
|
|
|
|
|
inline DWORD(__stdcall *pGetThreadId)(
|
|
|
|
HANDLE hThread
|
|
|
|
);
|
|
|
|
|
2023-10-11 01:13:49 +00:00
|
|
|
inline NTSTATUS(__stdcall *pBCryptGenRandom)(
|
|
|
|
PVOID hAlgorithm,
|
|
|
|
PUCHAR pbBuffer,
|
|
|
|
ULONG cbBuffer,
|
|
|
|
ULONG dwFlags
|
|
|
|
);
|
|
|
|
|
2023-08-27 16:43:29 +00:00
|
|
|
// dbghelp
|
|
|
|
|
|
|
|
inline DWORD(__stdcall *pUnDecorateSymbolName)(
|
|
|
|
PCSTR name,
|
|
|
|
PSTR outputString,
|
|
|
|
DWORD maxStringLength,
|
|
|
|
DWORD flags
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pMiniDumpWriteDump)(
|
|
|
|
HANDLE hProcess,
|
|
|
|
DWORD ProcessId,
|
|
|
|
HANDLE hFile,
|
|
|
|
enum _MINIDUMP_TYPE DumpType,
|
|
|
|
_MINIDUMP_EXCEPTION_INFORMATION * ExceptionParam,
|
|
|
|
_MINIDUMP_USER_STREAM_INFORMATION * UserStreamParam,
|
|
|
|
_MINIDUMP_CALLBACK_INFORMATION * CallbackParam
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pSymInitialize)(
|
|
|
|
HANDLE hProcess,
|
|
|
|
PCSTR UserSearchPath,
|
|
|
|
BOOL fInvadeProcess
|
|
|
|
);
|
|
|
|
|
|
|
|
inline DWORD64(__stdcall *pSymGetModuleBase64)(
|
|
|
|
HANDLE hProcess,
|
|
|
|
DWORD64 qwAddr
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pSymGetLineFromAddr64)(
|
|
|
|
HANDLE hProcess,
|
|
|
|
DWORD64 qwAddr,
|
|
|
|
PDWORD pdwDisplacement,
|
|
|
|
_IMAGEHLP_LINE64 * Line64
|
|
|
|
);
|
|
|
|
|
|
|
|
inline PVOID(__stdcall *pSymFunctionTableAccess64)(
|
|
|
|
HANDLE hProcess,
|
|
|
|
DWORD64 AddrBase
|
|
|
|
);
|
|
|
|
|
|
|
|
typedef BOOL(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)(
|
|
|
|
HANDLE hProcess,
|
|
|
|
DWORD64 qwBaseAddress,
|
|
|
|
PVOID lpBuffer,
|
|
|
|
DWORD nSize,
|
|
|
|
LPDWORD lpNumberOfBytesRead
|
|
|
|
);
|
|
|
|
|
|
|
|
typedef PVOID (__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)(
|
|
|
|
HANDLE hProcess,
|
|
|
|
DWORD64 AddrBase
|
|
|
|
);
|
|
|
|
|
|
|
|
typedef DWORD64(__stdcall *PGET_MODULE_BASE_ROUTINE64)(
|
|
|
|
HANDLE hProcess,
|
|
|
|
DWORD64 Address
|
|
|
|
);
|
|
|
|
|
|
|
|
typedef DWORD64 (__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)(
|
|
|
|
HANDLE hProcess,
|
|
|
|
HANDLE hThread,
|
|
|
|
_tagADDRESS64 * lpaddr
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pStackWalk64)(
|
|
|
|
DWORD MachineType,
|
|
|
|
HANDLE hProcess,
|
|
|
|
HANDLE hThread,
|
|
|
|
_tagSTACKFRAME64 * StackFrame,
|
|
|
|
PVOID ContextRecord,
|
|
|
|
PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine,
|
|
|
|
PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine,
|
|
|
|
PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine,
|
|
|
|
PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress
|
|
|
|
);
|
|
|
|
|
|
|
|
// WINTRUST
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pWinVerifyTrust)(
|
|
|
|
HWND hwnd,
|
|
|
|
GUID * pgActionID,
|
|
|
|
LPVOID pWVTData
|
|
|
|
);
|
|
|
|
|
|
|
|
// IP Helper
|
|
|
|
|
|
|
|
inline ULONG(__stdcall *pGetAdaptersAddresses)(
|
2023-09-17 20:33:14 +00:00
|
|
|
ULONG Family,
|
|
|
|
ULONG Flags,
|
|
|
|
PVOID Reserved,
|
|
|
|
IP_ADAPTER_ADDRESSES * AdapterAddresses,
|
|
|
|
PULONG SizePointer
|
2023-08-27 16:43:29 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline ULONG(__stdcall *pGetAdaptersInfo)(
|
2023-09-17 20:33:14 +00:00
|
|
|
_IP_ADAPTER_INFO * AdapterInfo,
|
|
|
|
PULONG SizePointer
|
2023-08-27 16:43:29 +00:00
|
|
|
);
|
2023-09-17 20:33:14 +00:00
|
|
|
|
|
|
|
// COM
|
|
|
|
|
|
|
|
inline HRESULT(__stdcall *pCoInitializeEx)(
|
|
|
|
LPVOID pvReserved,
|
|
|
|
DWORD dwCoInit
|
|
|
|
);
|
|
|
|
|
|
|
|
inline void(__stdcall *pCoTaskMemFree)(
|
|
|
|
LPVOID pv
|
|
|
|
);
|
|
|
|
|
|
|
|
inline void(__stdcall *pCoUninitialize)();
|
|
|
|
|
|
|
|
// Shell
|
|
|
|
|
|
|
|
inline HRESULT(__stdcall *pSHGetKnownFolderPath)(
|
2023-12-21 14:27:35 +00:00
|
|
|
const GUID & rfid,
|
2023-09-17 20:33:14 +00:00
|
|
|
DWORD dwFlags,
|
|
|
|
HANDLE hToken,
|
2023-12-21 14:27:35 +00:00
|
|
|
PWSTR * ppszPath
|
2023-09-17 20:33:14 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline HINSTANCE(__stdcall *pShellExecuteW)(
|
|
|
|
HWND hwnd,
|
|
|
|
LPCWSTR lpOperation,
|
|
|
|
LPCWSTR lpFile,
|
|
|
|
LPCWSTR lpParameters,
|
|
|
|
LPCWSTR lpDirectory,
|
|
|
|
INT nShowCmd
|
|
|
|
);
|
|
|
|
|
|
|
|
inline HRESULT(__stdcall *pSHGetFolderPathA)(
|
|
|
|
HWND hwnd,
|
|
|
|
int csidl,
|
|
|
|
HANDLE hToken,
|
|
|
|
DWORD dwFlags,
|
|
|
|
LPSTR pszPath
|
|
|
|
);
|
|
|
|
|
|
|
|
inline LPWSTR *(__stdcall *pCommandLineToArgvW)(
|
|
|
|
LPCWSTR lpCmdLine,
|
|
|
|
int * pNumArgs
|
|
|
|
);
|
|
|
|
|
2023-10-11 01:13:49 +00:00
|
|
|
// Advanced API
|
|
|
|
|
|
|
|
inline LSTATUS(__stdcall *pRegSetValueExW)(
|
|
|
|
HKEY hKey,
|
|
|
|
LPCWSTR lpValueName,
|
|
|
|
DWORD Reserved,
|
|
|
|
DWORD dwType,
|
|
|
|
CONST BYTE * lpData,
|
|
|
|
DWORD cbData
|
|
|
|
);
|
|
|
|
|
|
|
|
inline LSTATUS(__stdcall *pRegQueryValueExW)(
|
|
|
|
HKEY hKey,
|
|
|
|
LPCWSTR lpValueName,
|
|
|
|
LPDWORD lpReserved,
|
|
|
|
LPDWORD lpType,
|
|
|
|
LPBYTE lpData,
|
|
|
|
LPDWORD lpcbData
|
|
|
|
);
|
|
|
|
|
|
|
|
inline LSTATUS(__stdcall *pRegCloseKey)(
|
|
|
|
HKEY hKey
|
|
|
|
);
|
|
|
|
|
|
|
|
inline LSTATUS(__stdcall *pRegOpenKeyExW)(
|
|
|
|
HKEY hKey,
|
|
|
|
LPCWSTR lpSubKey,
|
|
|
|
DWORD ulOptions,
|
|
|
|
REGSAM samDesired,
|
|
|
|
PHKEY phkResult
|
|
|
|
);
|
|
|
|
|
|
|
|
inline HANDLE(__stdcall *pRegisterEventSourceW)(
|
|
|
|
LPCWSTR lpUNCServerName,
|
|
|
|
LPCWSTR lpSourceName
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pDeregisterEventSource)(
|
|
|
|
HANDLE hEventLog
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pReportEventW)(
|
|
|
|
HANDLE hEventLog,
|
|
|
|
WORD wType,
|
|
|
|
WORD wCategory,
|
|
|
|
DWORD dwEventID,
|
|
|
|
PSID lpUserSid,
|
|
|
|
WORD wNumStrings,
|
|
|
|
DWORD dwDataSize,
|
|
|
|
LPCWSTR * lpStrings,
|
|
|
|
LPVOID lpRawData
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pCryptAcquireContextW)(
|
|
|
|
ULONG_PTR * hProv,
|
|
|
|
LPCWSTR szContainer,
|
|
|
|
LPCWSTR szProvider,
|
|
|
|
DWORD dwProvType,
|
|
|
|
DWORD dwFlags
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pCryptReleaseContext)(
|
|
|
|
ULONG_PTR hProvz,
|
|
|
|
DWORD dwFlags
|
|
|
|
);
|
|
|
|
|
|
|
|
inline DWORD(__stdcall *pSetEntriesInAclA)(
|
|
|
|
ULONG cCountOfExplicitEntries,
|
|
|
|
_EXPLICIT_ACCESS_A * pListOfExplicitEntries,
|
|
|
|
_ACL * OldAcl,
|
|
|
|
_ACL ** NewAcl
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pAllocateAndInitializeSid)(
|
|
|
|
PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
|
|
|
|
BYTE nSubAuthorityCount,
|
|
|
|
DWORD nSubAuthority0,
|
|
|
|
DWORD nSubAuthority1,
|
|
|
|
DWORD nSubAuthority2,
|
|
|
|
DWORD nSubAuthority3,
|
|
|
|
DWORD nSubAuthority4,
|
|
|
|
DWORD nSubAuthority5,
|
|
|
|
DWORD nSubAuthority6,
|
|
|
|
DWORD nSubAuthority7,
|
|
|
|
VOID ** pSid
|
|
|
|
);
|
|
|
|
|
|
|
|
inline DWORD(__stdcall *pSetNamedSecurityInfoW)(
|
|
|
|
LPWSTR pObjectName,
|
|
|
|
_SE_OBJECT_TYPE ObjectType,
|
|
|
|
SECURITY_INFORMATION SecurityInfo,
|
|
|
|
VOID * psidOwner,
|
|
|
|
VOID * psidGroup,
|
|
|
|
_ACL * pDacl,
|
|
|
|
_ACL * pSacl
|
|
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
inline PVOID(__stdcall *pFreeSid)(
|
|
|
|
VOID * pSid
|
|
|
|
);
|
|
|
|
|
2023-12-28 21:00:07 +00:00
|
|
|
// Advanced API
|
|
|
|
// The proper dodgy APIs that'll probably get us hit by AV-engines
|
|
|
|
// The follow APIs are used for in-process privilege escalation
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pCreateProcessWithLogonW)(
|
|
|
|
LPCWSTR lpUsername,
|
|
|
|
LPCWSTR lpDomain,
|
|
|
|
LPCWSTR lpPassword,
|
|
|
|
DWORD dwLogonFlags,
|
|
|
|
LPCWSTR lpApplicationName,
|
|
|
|
LPWSTR lpCommandLine,
|
|
|
|
DWORD dwCreationFlags,
|
|
|
|
LPVOID lpEnvironment,
|
|
|
|
LPCWSTR lpCurrentDirectory,
|
|
|
|
LPSTARTUPINFOW lpStartupInfo,
|
|
|
|
LPPROCESS_INFORMATION lpProcessInformation
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pCreateProcessAsUserW)(
|
|
|
|
HANDLE hToken,
|
|
|
|
LPCWSTR lpApplicationName,
|
|
|
|
LPWSTR lpCommandLine,
|
|
|
|
LPSECURITY_ATTRIBUTES lpProcessAttributes,
|
|
|
|
LPSECURITY_ATTRIBUTES lpThreadAttributes,
|
|
|
|
BOOL bInheritHandles,
|
|
|
|
DWORD dwCreationFlags,
|
|
|
|
LPVOID lpEnvironment,
|
|
|
|
LPCWSTR lpCurrentDirectory,
|
|
|
|
LPSTARTUPINFOW lpStartupInfo,
|
|
|
|
LPPROCESS_INFORMATION lpProcessInformation
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pAdjustTokenPrivileges)(
|
|
|
|
HANDLE TokenHandle,
|
|
|
|
BOOL DisableAllPrivileges,
|
|
|
|
PTOKEN_PRIVILEGES NewState,
|
|
|
|
DWORD BufferLength,
|
|
|
|
PTOKEN_PRIVILEGES PreviousState,
|
|
|
|
PDWORD ReturnLength
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pRevertToSelf)();
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pSetTokenInformation)(
|
|
|
|
HANDLE TokenHandle,
|
|
|
|
_TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
|
|
LPVOID TokenInformation,
|
|
|
|
DWORD TokenInformationLength
|
|
|
|
);
|
|
|
|
|
|
|
|
inline PUCHAR(__stdcall *pGetSidSubAuthorityCount)(PSID pSid);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pLookupPrivilegeValueA)(
|
|
|
|
LPCSTR lpSystemName,
|
|
|
|
LPCSTR lpName,
|
|
|
|
PLUID lpLuid
|
|
|
|
);
|
|
|
|
|
|
|
|
inline PDWORD(__stdcall *pGetSidSubAuthority)(
|
|
|
|
PSID pSid,
|
|
|
|
DWORD nSubAuthority
|
|
|
|
);
|
|
|
|
|
|
|
|
inline PDWORD(__stdcall *pLogonUserW)(
|
|
|
|
LPCWSTR lpszUsername,
|
|
|
|
LPCWSTR lpszDomain,
|
|
|
|
LPCWSTR lpszPassword,
|
|
|
|
DWORD dwLogonType,
|
|
|
|
DWORD dwLogonProvider,
|
|
|
|
PHANDLE phToken
|
|
|
|
);
|
|
|
|
|
|
|
|
inline PDWORD(__stdcall *pOpenProcessToken)(
|
|
|
|
HANDLE ProcessHandle,
|
|
|
|
DWORD DesiredAccess,
|
|
|
|
PHANDLE TokenHandle
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pSetThreadToken)(
|
|
|
|
PHANDLE Thread,
|
|
|
|
HANDLE Token
|
|
|
|
);
|
|
|
|
|
|
|
|
inline DWORD(__stdcall *pSetSecurityInfo)(
|
|
|
|
HANDLE handle,
|
|
|
|
_SE_OBJECT_TYPE ObjectType,
|
|
|
|
SECURITY_INFORMATION SecurityInfo,
|
|
|
|
PSID psidOwner,
|
|
|
|
PSID psidGroup,
|
|
|
|
PACL pDacl,
|
|
|
|
PACL pSacl
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pGetUserNameW)(
|
|
|
|
LPWSTR lpBuffer,
|
|
|
|
LPDWORD pcbBuffer
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pDuplicateTokenEx)(
|
|
|
|
HANDLE hExistingToken,
|
|
|
|
DWORD dwDesiredAccess,
|
|
|
|
LPSECURITY_ATTRIBUTES lpTokenAttributes,
|
|
|
|
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
|
|
|
|
TOKEN_TYPE TokenType,
|
|
|
|
PHANDLE phNewToken
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pLookupAccountSidW)(
|
|
|
|
LPCWSTR lpSystemName,
|
|
|
|
PSID Sid,
|
|
|
|
LPWSTR Name,
|
|
|
|
LPDWORD cchName,
|
|
|
|
LPWSTR ReferencedDomainName,
|
|
|
|
LPDWORD cchReferencedDomainName,
|
|
|
|
PSID_NAME_USE peUse
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pGetTokenInformation)(
|
|
|
|
HANDLE TokenHandle,
|
|
|
|
TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
|
|
LPVOID TokenInformation,
|
|
|
|
DWORD TokenInformationLength,
|
|
|
|
PDWORD ReturnLength
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pSetSecurityDescriptorDacl)(
|
|
|
|
PSECURITY_DESCRIPTOR pSecurityDescriptor,
|
|
|
|
BOOL bDaclPresent,
|
|
|
|
PACL pDacl,
|
|
|
|
BOOL bDaclDefaulted
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pInitializeSecurityDescriptor)(
|
|
|
|
PSECURITY_DESCRIPTOR pSecurityDescriptor,
|
|
|
|
DWORD dwRevision
|
|
|
|
);
|
|
|
|
|
|
|
|
inline NTSTATUS(__stdcall *pLsaOpenPolicy)(
|
|
|
|
PLSA_UNICODE_STRING SystemName,
|
|
|
|
PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
ACCESS_MASK DesiredAccess,
|
|
|
|
PLSA_HANDLE PolicyHandle
|
|
|
|
);
|
|
|
|
|
|
|
|
inline NTSTATUS(__stdcall *pLsaClose)(
|
|
|
|
LSA_HANDLE ObjectHandle
|
|
|
|
);
|
|
|
|
|
|
|
|
inline NTSTATUS(__stdcall *pLsaAddAccountRights)(
|
|
|
|
LSA_HANDLE PolicyHandle,
|
|
|
|
PSID AccountSid,
|
|
|
|
PLSA_UNICODE_STRING UserRights,
|
|
|
|
ULONG CountOfRights
|
|
|
|
);
|
|
|
|
|
|
|
|
inline NTSTATUS(__stdcall *pLookupAccountNameW)(
|
|
|
|
LPCWSTR lpSystemName,
|
|
|
|
LPCWSTR lpAccountName,
|
|
|
|
PSID Sid,
|
|
|
|
LPDWORD cbSid,
|
|
|
|
LPWSTR ReferencedDomainName,
|
|
|
|
LPDWORD cchReferencedDomainName,
|
|
|
|
PSID_NAME_USE peUse
|
|
|
|
);
|
|
|
|
|
|
|
|
|
2023-10-12 23:10:44 +00:00
|
|
|
// USER32 - the shit microsoft will probably try to phase out and remove over time
|
|
|
|
// [then give up and write a win32 emulator in a memelang, probably]
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pOpenClipboard)(
|
|
|
|
HWND hWndNewOwner
|
|
|
|
);
|
|
|
|
|
|
|
|
inline HANDLE(__stdcall *pGetClipboardData)(
|
|
|
|
UINT uFormat
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pCloseClipboard)();
|
|
|
|
|
|
|
|
inline UINT(__stdcall *pMapVirtualKeyA)(
|
|
|
|
UINT uCode,
|
|
|
|
UINT uMapType
|
|
|
|
);
|
|
|
|
|
|
|
|
inline DWORD(__stdcall *pGetWindowThreadProcessId)(
|
|
|
|
HWND hWnd,
|
|
|
|
LPDWORD lpdwProcessId
|
|
|
|
);
|
|
|
|
|
|
|
|
inline LRESULT(__stdcall *pSendMessageA)(
|
|
|
|
HWND hWnd,
|
|
|
|
UINT Msg,
|
|
|
|
WPARAM wParam,
|
|
|
|
LPARAM lParam
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pEnumThreadWindows)(
|
|
|
|
DWORD dwThreadId,
|
|
|
|
WNDENUMPROC lpfn,
|
|
|
|
LPARAM lParam
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pTranslateMessage)(
|
|
|
|
MSG * lpMsg
|
|
|
|
);
|
|
|
|
|
|
|
|
inline LRESULT(__stdcall *pDispatchMessageW)(
|
|
|
|
MSG * lpMsg
|
|
|
|
);
|
|
|
|
|
|
|
|
inline DWORD(__stdcall *pMsgWaitForMultipleObjects)(
|
|
|
|
DWORD nCount,
|
|
|
|
CONST HANDLE * pHandles,
|
|
|
|
BOOL fWaitAll,
|
|
|
|
DWORD dwMilliseconds,
|
|
|
|
DWORD dwWakeMask
|
|
|
|
);
|
|
|
|
|
|
|
|
inline DWORD(__stdcall *pMsgWaitForMultipleObjectsEx)(
|
|
|
|
DWORD nCount,
|
|
|
|
CONST HANDLE * pHandles,
|
|
|
|
DWORD dwMilliseconds,
|
|
|
|
DWORD dwWakeMask,
|
|
|
|
DWORD dwFlags
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pPeekMessageW)(
|
|
|
|
LPMSG lpMsg,
|
|
|
|
HWND hWnd,
|
|
|
|
UINT wMsgFilterMin,
|
|
|
|
UINT wMsgFilterMax,
|
|
|
|
UINT wRemoveMsg
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pSetPropW)(
|
|
|
|
HWND hWnd,
|
|
|
|
LPCWSTR lpString,
|
|
|
|
HANDLE hData
|
|
|
|
);
|
|
|
|
|
2023-12-05 18:44:38 +00:00
|
|
|
// SETUPAPI.dll
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pSetupDiEnumDeviceInterfaces)(
|
|
|
|
PVOID DeviceInfoSet,
|
|
|
|
_SP_DEVINFO_DATA * DeviceInfoData,
|
|
|
|
const GUID * InterfaceClassGuid,
|
|
|
|
DWORD MemberIndex,
|
|
|
|
_SP_DEVICE_INTERFACE_DATA * DeviceInterfaceData
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pSetupDiDestroyDeviceInfoList)(
|
|
|
|
PVOID DeviceInfoSet
|
|
|
|
);
|
|
|
|
|
|
|
|
inline PVOID(__stdcall *pSetupDiGetClassDevsW)(
|
|
|
|
const GUID * ClassGuid,
|
|
|
|
PCWSTR Enumerator,
|
|
|
|
HWND hwndParent,
|
|
|
|
DWORD Flags
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pSetupDiGetDeviceRegistryPropertyA)(
|
|
|
|
PVOID DeviceInfoSet,
|
|
|
|
_SP_DEVINFO_DATA * DeviceInfoData,
|
|
|
|
DWORD Property,
|
|
|
|
PDWORD PropertyRegDataType,
|
|
|
|
PBYTE PropertyBuffer,
|
|
|
|
DWORD PropertyBufferSize,
|
|
|
|
PDWORD RequiredSize
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pSetupDiGetDeviceInterfaceDetailW)(
|
|
|
|
PVOID DeviceInfoSet,
|
|
|
|
_SP_DEVICE_INTERFACE_DATA * DeviceInterfaceData,
|
|
|
|
_SP_DEVICE_INTERFACE_DETAIL_DATA_W * DeviceInterfaceDetailData,
|
|
|
|
DWORD DeviceInterfaceDetailDataSize,
|
|
|
|
PDWORD RequiredSize,
|
|
|
|
_SP_DEVINFO_DATA * DeviceInfoData
|
|
|
|
);
|
|
|
|
|
|
|
|
// MPR.dll
|
2023-12-07 11:13:32 +00:00
|
|
|
|
2023-12-05 18:44:38 +00:00
|
|
|
inline DWORD(__stdcall *pWNetCloseEnum)(
|
|
|
|
HANDLE hEnum
|
|
|
|
);
|
|
|
|
|
|
|
|
inline DWORD(__stdcall *pWNetEnumResourceW)(
|
|
|
|
HANDLE hEnum,
|
|
|
|
LPDWORD lpcCount,
|
|
|
|
LPVOID lpBuffer,
|
|
|
|
LPDWORD lpBufferSize
|
|
|
|
);
|
|
|
|
|
|
|
|
inline DWORD(__stdcall *pWNetOpenEnumW)(
|
|
|
|
DWORD dwScope,
|
|
|
|
DWORD dwType,
|
|
|
|
DWORD dwUsage,
|
|
|
|
_NETRESOURCEW * lpNetResource,
|
|
|
|
LPHANDLE lphEnum
|
|
|
|
);
|
|
|
|
|
|
|
|
inline DWORD(__stdcall *pWNetGetUniversalNameW)(
|
|
|
|
LPCWSTR lpLocalPath,
|
|
|
|
DWORD dwInfoLevel,
|
|
|
|
LPVOID lpBuffer,
|
|
|
|
LPDWORD lpBufferSize
|
|
|
|
);
|
|
|
|
|
2023-12-07 11:13:32 +00:00
|
|
|
// Winsock2
|
|
|
|
|
|
|
|
inline INT(__stdcall *pGetAddrInfoExCancel)(
|
|
|
|
LPHANDLE lpHandle
|
|
|
|
);
|
|
|
|
|
|
|
|
using LPLOOKUPSERVICE_COMPLETION_ROUTINE = void(__stdcall *)(
|
|
|
|
DWORD dwError,
|
|
|
|
DWORD dwBytes,
|
|
|
|
LPWSAOVERLAPPED lpOverlapped
|
|
|
|
);
|
|
|
|
|
|
|
|
inline INT(__stdcall *pGetAddrInfoExW)(
|
|
|
|
PCWSTR pName,
|
|
|
|
PCWSTR pServiceName,
|
|
|
|
DWORD dwNameSpace,
|
|
|
|
LPGUID lpNspId,
|
|
|
|
const ADDRINFOEXW * hints,
|
|
|
|
PADDRINFOEXW * ppResult,
|
|
|
|
struct timeval * timeout,
|
|
|
|
LPOVERLAPPED lpOverlapped,
|
|
|
|
LPLOOKUPSERVICE_COMPLETION_ROUTINE lpCompletionRoutine,
|
|
|
|
LPHANDLE lpHandle
|
|
|
|
);
|
|
|
|
|
|
|
|
inline void(__stdcall *pFreeAddrInfoExW)(
|
|
|
|
PADDRINFOEXW pAddrInfoEx
|
|
|
|
);
|
|
|
|
|
|
|
|
inline INT(__stdcall *pgetaddrinfo)(
|
|
|
|
PCSTR pNodeName,
|
|
|
|
PCSTR pServiceName,
|
|
|
|
const ADDRINFOA * pHints,
|
|
|
|
PADDRINFOA * ppResult
|
|
|
|
);
|
|
|
|
|
|
|
|
inline void(__stdcall *pfreeaddrinfo)(
|
|
|
|
PADDRINFOA pAddrInfo
|
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *plisten)(
|
2023-12-21 14:27:35 +00:00
|
|
|
SOCKET s,
|
|
|
|
int backlog
|
2023-12-07 11:13:32 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pbind)(
|
2023-12-21 14:27:35 +00:00
|
|
|
SOCKET s,
|
|
|
|
const sockaddr * name,
|
|
|
|
int namelen
|
2023-12-07 11:13:32 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pclosesocket)(
|
2023-12-21 14:27:35 +00:00
|
|
|
SOCKET s
|
2023-12-07 11:13:32 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pWSAStartup)(
|
2023-12-21 14:27:35 +00:00
|
|
|
WORD wVersionRequested,
|
|
|
|
LPWSADATA lpWSAData
|
2023-12-07 11:13:32 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pshutdown)(
|
2023-12-21 14:27:35 +00:00
|
|
|
SOCKET s,
|
|
|
|
int flags
|
2023-12-07 11:13:32 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pgetpeername)(
|
2023-12-21 14:27:35 +00:00
|
|
|
SOCKET s,
|
|
|
|
sockaddr * name,
|
|
|
|
int * namelen
|
2023-12-07 11:13:32 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pgetsockname)(
|
2023-12-21 14:27:35 +00:00
|
|
|
SOCKET s,
|
|
|
|
sockaddr * name,
|
|
|
|
int * namelen
|
2023-12-07 11:13:32 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pWSAIoctl)(
|
|
|
|
SOCKET s,
|
|
|
|
DWORD dwIoControlCode,
|
|
|
|
LPVOID lpvInBuffer,
|
|
|
|
DWORD cbInBuffer,
|
|
|
|
LPVOID lpvOutBuffer,
|
|
|
|
DWORD cbOutBuffer,
|
|
|
|
LPDWORD lpcbBytesReturned,
|
|
|
|
LPWSAOVERLAPPED lpOverlapped,
|
|
|
|
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
|
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pioctlsocket)(
|
2023-12-21 14:27:35 +00:00
|
|
|
SOCKET s,
|
|
|
|
long cmd,
|
2023-12-07 11:13:32 +00:00
|
|
|
u_long *argp
|
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *psetsockopt)(
|
2023-12-21 14:27:35 +00:00
|
|
|
SOCKET s,
|
|
|
|
int level,
|
|
|
|
int optname,
|
|
|
|
const char * optval,
|
|
|
|
int optlen
|
|
|
|
);
|
2023-12-07 11:13:32 +00:00
|
|
|
|
|
|
|
inline int(__stdcall *pWSAGetLastError)();
|
|
|
|
|
|
|
|
inline SOCKET(__stdcall *pWSASocketW)(
|
2023-12-21 14:27:35 +00:00
|
|
|
int af,
|
|
|
|
int type,
|
|
|
|
int protocol,
|
|
|
|
LPWSAPROTOCOL_INFOW lpProtocolInfo,
|
|
|
|
GROUP g,
|
|
|
|
DWORD dwFlags
|
2023-12-07 11:13:32 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pWSARecvFrom)(
|
|
|
|
SOCKET s,
|
|
|
|
LPWSABUF lpBuffers,
|
|
|
|
DWORD dwBufferCount,
|
|
|
|
LPDWORD lpNumberOfBytesRecvd,
|
|
|
|
LPDWORD lpFlags,
|
|
|
|
sockaddr * lpFrom,
|
|
|
|
LPINT lpFromlen,
|
|
|
|
LPWSAOVERLAPPED lpOverlapped,
|
|
|
|
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
|
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pWSARecv)(
|
|
|
|
SOCKET s,
|
|
|
|
LPWSABUF lpBuffers,
|
|
|
|
DWORD dwBufferCount,
|
|
|
|
LPDWORD lpNumberOfBytesRecvd,
|
|
|
|
LPDWORD lpFlags,
|
|
|
|
LPWSAOVERLAPPED lpOverlapped,
|
|
|
|
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
|
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pWSASendTo)(
|
|
|
|
SOCKET s,
|
|
|
|
LPWSABUF lpBuffers,
|
|
|
|
DWORD dwBufferCount,
|
|
|
|
LPDWORD lpNumberOfBytesSent,
|
|
|
|
DWORD dwFlags,
|
|
|
|
const sockaddr * lpTo,
|
|
|
|
int iTolen,
|
|
|
|
LPWSAOVERLAPPED lpOverlapped,
|
|
|
|
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
|
|
|
|
);
|
|
|
|
|
|
|
|
inline int(__stdcall *pWSASend)(
|
|
|
|
SOCKET s,
|
|
|
|
LPWSABUF lpBuffers,
|
|
|
|
DWORD dwBufferCount,
|
|
|
|
LPDWORD lpNumberOfBytesSent,
|
|
|
|
DWORD dwFlags,
|
|
|
|
LPWSAOVERLAPPED lpOverlapped,
|
|
|
|
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
|
|
|
|
);
|
|
|
|
|
|
|
|
inline INT(__stdcall *pWSAStringToAddressA)(
|
|
|
|
LPSTR AddressString,
|
|
|
|
INT AddressFamily,
|
|
|
|
LPWSAPROTOCOL_INFOA lpProtocolInfo,
|
|
|
|
LPSOCKADDR lpAddress,
|
|
|
|
LPINT lpAddressLength
|
|
|
|
);
|
|
|
|
|
2023-12-28 21:00:07 +00:00
|
|
|
// credui
|
|
|
|
|
|
|
|
inline INT(__stdcall *pCredUIPromptForWindowsCredentialsW)(
|
|
|
|
void * pUiInfo,
|
|
|
|
DWORD dwAuthError,
|
|
|
|
ULONG * pulAuthPackage,
|
|
|
|
LPCVOID pvInAuthBuffer,
|
|
|
|
ULONG ulInAuthBufferSize,
|
|
|
|
LPVOID * ppvOutAuthBuffer,
|
|
|
|
ULONG * pulOutAuthBufferSize,
|
|
|
|
BOOL * pfSave,
|
|
|
|
DWORD dwFlags
|
|
|
|
);
|
|
|
|
|
|
|
|
inline BOOL(__stdcall *pCredUnPackAuthenticationBufferW)(
|
|
|
|
DWORD dwFlags,
|
|
|
|
PVOID pAuthBuffer,
|
|
|
|
DWORD cbAuthBuffer,
|
|
|
|
LPWSTR pszUserName,
|
|
|
|
DWORD * pcchMaxUserName,
|
|
|
|
LPWSTR pszDomainName,
|
|
|
|
DWORD * pcchMaxDomainName,
|
|
|
|
LPWSTR pszPassword,
|
|
|
|
DWORD * pcchMaxPassword
|
|
|
|
);
|
|
|
|
|
|
|
|
|
2023-06-15 19:44:27 +00:00
|
|
|
inline bool gUseNativeWaitMutex {};
|
|
|
|
inline bool gUseNativeWaitCondvar {};
|
2023-06-15 23:05:46 +00:00
|
|
|
inline bool gUseNativeWaitSemapahore {};
|
2023-07-09 11:34:14 +00:00
|
|
|
|
2023-07-11 14:21:55 +00:00
|
|
|
inline bool gUseFastFail {};
|
|
|
|
|
2023-07-09 12:51:05 +00:00
|
|
|
void Win32DropInit();
|
2023-07-09 11:34:14 +00:00
|
|
|
void Win32DropSchedulerResolution();
|
2023-07-11 14:21:55 +00:00
|
|
|
|
|
|
|
void Win32Terminate();
|
2024-04-09 22:39:00 +00:00
|
|
|
|
2023-09-13 14:14:22 +00:00
|
|
|
AUKN_SYM /* I'm going to be kind */
|
2023-09-13 01:27:18 +00:00
|
|
|
HANDLE Win32Open(LPCWSTR lpFileName,
|
2023-09-13 14:09:53 +00:00
|
|
|
DWORD dwDesiredAccess = GENERIC_READ | GENERIC_WRITE,
|
|
|
|
DWORD dwShareMode = FILE_SHARE_READ,
|
|
|
|
bool bInherit = false,
|
|
|
|
DWORD dwCreationDisposition = 0,
|
|
|
|
DWORD dwFlags = 0,
|
|
|
|
DWORD dwAttributes = 0
|
2023-09-13 01:27:18 +00:00
|
|
|
);
|
2023-09-17 21:06:48 +00:00
|
|
|
|
2024-04-09 22:39:00 +00:00
|
|
|
AUKN_SYM /* I'm going to be kind */
|
|
|
|
HANDLE Win32Open2(LPCWSTR lpFileName,
|
|
|
|
DWORD dwDesiredAccess = GENERIC_READ | GENERIC_WRITE,
|
|
|
|
DWORD dwShareMode = FILE_SHARE_READ,
|
|
|
|
LPSECURITY_ATTRIBUTES lpSecurityAttributes = NULL,
|
|
|
|
DWORD dwCreationDisposition = 0,
|
|
|
|
DWORD dwFlags = 0,
|
|
|
|
DWORD dwAttributes = 0
|
|
|
|
);
|
|
|
|
|
2023-10-17 02:08:29 +00:00
|
|
|
inline HMODULE(__stdcall *pLoadLibraryW)(
|
2023-09-17 21:06:48 +00:00
|
|
|
LPCWSTR lpLibFileName
|
|
|
|
);
|
|
|
|
|
2023-10-17 02:08:29 +00:00
|
|
|
inline FARPROC(__stdcall*pGetProcAddress)(
|
2023-09-17 21:06:48 +00:00
|
|
|
HMODULE hModule,
|
|
|
|
LPCSTR lpProcName
|
|
|
|
);
|
2024-03-12 22:50:22 +00:00
|
|
|
|
2024-03-27 03:12:49 +00:00
|
|
|
void NTWriteEoS(HANDLE hHandle);
|
|
|
|
|
2024-03-12 22:50:22 +00:00
|
|
|
static auline bool SysWaitOnAddressNoTimed(const void *pTargetAddress,
|
|
|
|
const void *pCompareAddress,
|
|
|
|
AuUInt8 uWordSize)
|
|
|
|
{
|
|
|
|
if (pRtlWaitOnAddress)
|
|
|
|
{
|
|
|
|
return pRtlWaitOnAddress((void *)pTargetAddress, (void *)pCompareAddress, uWordSize, nullptr);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
return pWaitOnAddress((void *)pTargetAddress, (void *)pCompareAddress, uWordSize, INFINITE);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static auline void SysWakeNOnAddress(const void *pAddress,
|
|
|
|
AuUInt32 dwCount)
|
|
|
|
{
|
|
|
|
if (pRtlWakeAddressSingle)
|
|
|
|
{
|
|
|
|
if (dwCount < 6)
|
|
|
|
{
|
|
|
|
for (AuUInt i = 0; i < dwCount; i++)
|
|
|
|
{
|
|
|
|
pRtlWakeAddressSingle((void *)pAddress);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
pRtlWakeByAddressAll((void *)pAddress);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
for (AuUInt i = 0; i < dwCount; i++)
|
|
|
|
{
|
|
|
|
pWakeByAddressSingle((void *)pAddress);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static auline void SysWakeAllOnAddress(const void *pAddress)
|
|
|
|
{
|
|
|
|
if (pRtlWakeByAddressAll)
|
|
|
|
{
|
|
|
|
pRtlWakeByAddressAll((void *)pAddress);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
pWakeByAddressAll((void *)pAddress);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static auline void SysWakeOneOnAddress(const void *pAddress)
|
|
|
|
{
|
|
|
|
if (pRtlWakeAddressSingle)
|
|
|
|
{
|
|
|
|
pRtlWakeAddressSingle((void *)pAddress);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
pWakeByAddressSingle((void *)pAddress);
|
|
|
|
}
|
|
|
|
}
|
2023-02-16 16:01:21 +00:00
|
|
|
}
|