AuroraRuntime/Source/AuProcAddresses.NT.hpp

1471 lines
50 KiB
C++
Raw Normal View History

/***
Copyright (C) 2023 J Reece Wilson (a/k/a "Reece"). All rights reserved.
File: AuProcAddresses.NT.hpp
Date: 2023-2-16
Author: Reece
***/
#pragma once
struct _PROCESS_MEMORY_COUNTERS;
struct _tagSTACKFRAME64;
struct _MINIDUMP_EXCEPTION_INFORMATION;
struct _MINIDUMP_USER_STREAM_INFORMATION;
struct _IMAGEHLP_LINE64;
struct _tagADDRESS64;
struct _MINIDUMP_CALLBACK_INFORMATION;
struct _MIB_IPADDRTABLE;
struct _IP_ADAPTER_INFO;
struct _CREATEFILE2_EXTENDED_PARAMETERS;
struct _EXPLICIT_ACCESS_A;
struct _ACL;
struct _SP_DEVINFO_DATA;
struct _SP_DEVICE_INTERFACE_DATA;
struct _SP_DEVICE_INTERFACE_DETAIL_DATA_W;
struct _NETRESOURCEW;
struct _CONSOLE_SCREEN_BUFFER_INFO;
struct _SMALL_RECT;
struct _CHAR_INFO;
2024-04-21 10:37:00 +00:00
struct tagMODULEENTRY32W;
2023-12-28 21:00:07 +00:00
enum _TOKEN_INFORMATION_CLASS;
enum _SE_OBJECT_TYPE;
enum _MINIDUMP_TYPE;
2023-12-22 05:01:04 +00:00
enum _OBJECT_WAIT_TYPE;
2023-12-28 21:00:07 +00:00
enum _SE_OBJECT_TYPE;
enum _PROCESS_INFORMATION_CLASS;
2024-04-21 10:37:00 +00:00
enum _SYSTEM_INFORMATION_CLASS;
2023-12-19 03:43:11 +00:00
//#if defined(AURORA_COMPILER_MSVC)
struct _IP_ADAPTER_ADDRESSES_LH;
struct _IP_ADAPTER_ADDRESSES_XP;
#if (NTDDI_VERSION >= NTDDI_VISTA)
typedef _IP_ADAPTER_ADDRESSES_LH IP_ADAPTER_ADDRESSES;
typedef _IP_ADAPTER_ADDRESSES_LH *PIP_ADAPTER_ADDRESSES;
#elif (NTDDI_VERSION >= NTDDI_WINXP)
typedef _IP_ADAPTER_ADDRESSES_XP IP_ADAPTER_ADDRESSES;
typedef _IP_ADAPTER_ADDRESSES_XP *PIP_ADAPTER_ADDRESSES;
#else
typedef _IP_ADAPTER_ADDRESSES_XP IP_ADAPTER_ADDRESSES;
typedef _IP_ADAPTER_ADDRESSES_XP *PIP_ADAPTER_ADDRESSES;
#endif
2023-12-19 03:43:11 +00:00
//#endif
2023-12-28 21:00:07 +00:00
typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
typedef STRING LSA_STRING, *PLSA_STRING;
typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
typedef PVOID LSA_HANDLE, *PLSA_HANDLE;
struct CREDUI_INFOW
{
DWORD cbSize;
HWND hwndParent;
PCWSTR pszMessageText;
PCWSTR pszCaptionText;
HBITMAP hbmBanner;
};
namespace Aurora
{
void InitNTAddresses();
void InitNTAddressesForClock();
static const wchar_t *kSyncDllName { L"API-MS-Win-Core-Synch-l1-2-0.dll" };
static const wchar_t *kNtDllName { L"NTDLL.dll" };
static const wchar_t *kKernel32DllName { L"Kernel32.dll" };
static const wchar_t *kKernelBaseDllName { L"KernelBase.dll" };
static const wchar_t *kWS2DllName { L"Ws2_32.dll" };
static const wchar_t *kAdvancedApiDllName { L"Advapi32.dll" };
static const wchar_t *kBCryptDllName { L"bcrypt.dll" };
static const wchar_t *kThemeDllName { L"UxTheme.dll" };
static const wchar_t *kShellDllName { L"Shell32.dll" };
static const wchar_t *kPSAPILegacyDllName { L"psapi.dll" };
static const wchar_t *kDbgHelperDllName { L"dbghelp.dll" };
static const wchar_t *kWinTrustDllName { L"WINTRUST.dll" };
static const wchar_t *kIPHelperDllName { L"IPHLPAPI.dll" };
static const wchar_t *kCOMDllName { L"ole32.dll" };
static const wchar_t *kUser32DllName { L"User32.dll" };
static const wchar_t *kSetupAPIDllName { L"SETUPAPI.dll" };
static const wchar_t *kRouterDllName { L"MPR.dll" };
2023-12-28 21:00:07 +00:00
static const wchar_t *kCredUIDllName { L"credui.dll" };
struct WIN32_MEMORY_RANGE_ENTRY2
{
PVOID VirtualAddress;
SIZE_T NumberOfBytes;
};
enum class THREAD_INFORMATION_CLASS
{
ThreadMemoryPriority,
ThreadAbsoluteCpuPriority,
ThreadDynamicCodePolicy,
ThreadPowerThrottling,
ThreadInformationClassMax
};
inline BOOL(__stdcall *pWaitOnAddress)(
volatile VOID * Address,
PVOID CompareAddress,
SIZE_T AddressSize,
DWORD dwMilliseconds
);
inline void(__stdcall *pWakeByAddressSingle)(
PVOID Address
);
inline void(__stdcall *pWakeByAddressAll)(
PVOID Address
);
2023-12-22 05:01:04 +00:00
inline NTSTATUS(__stdcall *pNtWaitForMultipleObjects)(
ULONG ObjectCount,
PHANDLE ObjectsArray,
_OBJECT_WAIT_TYPE WaitType,
BOOLEAN Alertable,
AuUInt64 * pTimeOut
);
inline NTSTATUS(__stdcall *pNtQuerySymbolicLinkObject)(
HANDLE LinkHandle,
PUNICODE_STRING LinkTarget,
PULONG ReturnedLength
);
inline NTSTATUS(__stdcall *pNtOpenSymbolicLinkObject)(
PHANDLE LinkHandle,
ACCESS_MASK DesiredAccess,
POBJECT_ATTRIBUTES ObjectAttributes
);
inline DWORD(__stdcall *pNtDelayExecution)(
BOOLEAN Alertable,
PLARGE_INTEGER DelayInterval
);
inline PVOID(__stdcall *pVirtualAlloc2)(
HANDLE Process,
PVOID BaseAddress,
SIZE_T Size,
ULONG AllocationType,
ULONG PageProtection,
MEM_EXTENDED_PARAMETER * ExtendedParameters,
ULONG ParameterCount
);
inline PVOID(__stdcall *pMapViewOfFile3)(
HANDLE FileMapping,
HANDLE Process,
PVOID BaseAddress,
ULONG64 Offset,
SIZE_T ViewSize,
ULONG AllocationType,
ULONG PageProtection,
MEM_EXTENDED_PARAMETER * ExtendedParameters,
ULONG ParameterCount
);
inline PVOID(__stdcall *pUnmapViewOfFile2)(
HANDLE Process,
PVOID BaseAddress,
ULONG UnmapFlags
);
inline NTSTATUS(__stdcall *pNtWaitForKeyedEvent)(
HANDLE Handle,
PVOID Key,
BOOLEAN Alertable,
PLARGE_INTEGER NTTimeout
);
inline NTSTATUS(__stdcall *pNtReleaseKeyedEvent)(
HANDLE Handle,
PVOID Key,
BOOLEAN Alertable,
PLARGE_INTEGER NTTimeout
);
inline NTSTATUS(__stdcall *pNtCreateKeyedEvent)(
HANDLE Handle,
ACCESS_MASK Access,
POBJECT_ATTRIBUTES Attr,
ULONG Flags
);
inline NTSTATUS(__stdcall *pNtOpenKeyedEvent)(
HANDLE Handle,
ACCESS_MASK Access,
POBJECT_ATTRIBUTES Attr,
ULONG Flags
);
inline NTSTATUS(__stdcall *pRtlWaitOnAddress)(
const void * addr,
const void * cmp,
SIZE_T size,
2023-09-09 14:29:12 +00:00
const LARGE_INTEGER * timeout
);
inline void(__stdcall *pRtlWakeByAddressAll)(
const void * addr
);
inline void(__stdcall *pRtlWakeAddressSingle)(
const void * addr
);
#if defined(AURORA_PLATFORM_WIN32)
inline NTSTATUS(__stdcall *pRtlGetVersion)(
PRTL_OSVERSIONINFOW lpVersionInformation
);
#endif
2023-09-13 13:17:45 +00:00
inline HANDLE(__stdcall *pCreateFile2W)(
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
DWORD dwCreationDisposition,
_CREATEFILE2_EXTENDED_PARAMETERS *pCreateExParams
);
inline HANDLE(__stdcall *pCreateFileW)(
2023-12-21 14:27:35 +00:00
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile
);
inline HANDLE(__stdcall *pCreateFileMappingA)(
HANDLE hFile,
LPSECURITY_ATTRIBUTES lpFileMappingAttributes,
DWORD flProtect,
DWORD dwMaximumSizeHigh,
DWORD dwMaximumSizeLow,
LPCSTR lpName
);
inline HANDLE(__stdcall *pCreateFileMappingFromApp)(
HANDLE hFile,
PSECURITY_ATTRIBUTES SecurityAttributes,
ULONG PageProtection,
ULONG64 MaximumSize,
PCWSTR Name
);
inline HANDLE(__stdcall *pOpenFileMappingA)(
ULONG DesiredAccess,
BOOL InheritHandle,
LPCSTR Name
);
inline HANDLE(__stdcall *pOpenFileMappingFromApp)(
ULONG DesiredAccess,
BOOL InheritHandle,
PCWSTR Name
);
inline LPVOID(__stdcall *pMapViewOfFile)(
HANDLE hFileMappingObject,
DWORD dwDesiredAccess,
DWORD dwFileOffsetHigh,
DWORD dwFileOffsetLow,
SIZE_T dwNumberOfBytesToMap
);
inline LPVOID(__stdcall *pMapViewOfFileFromApp)(
HANDLE hFileMappingObject,
ULONG DesiredAccess,
ULONG64 FileOffset,
SIZE_T dwNumberOfBytesToMap
);
inline NTSTATUS(__stdcall *pNtNotifyChangeDirectoryFile)(
HANDLE FileHandle,
HANDLE Event,
PIO_APC_ROUTINE ApcRoutine,
PVOID ApcContext,
PIO_STATUS_BLOCK IoStatusBlock,
PVOID Buffer,
ULONG BufferSize,
ULONG CompletionFilter,
BOOLEAN WatchTree
);
inline NTSTATUS(__stdcall *pNtTerminateProcess)(
HANDLE ProcessHandle,
NTSTATUS ExitStatus
);
inline BOOL(__stdcall *pGetSystemCpuSetInformation)(
PSYSTEM_CPU_SET_INFORMATION Information,
ULONG BufferLength,
PULONG ReturnedLength,
HANDLE Process,
ULONG Flags
);
inline BOOL(__stdcall *pGetLogicalProcessorInformation)(
PSYSTEM_LOGICAL_PROCESSOR_INFORMATION Buffer,
PDWORD ReturnedLength
);
inline HRESULT(__stdcall *pSetThreadDescription)(
HANDLE hThread,
PCWSTR lpThreadDescription
);
inline BOOL(__stdcall *pSetThreadInformation)(
HANDLE hThread,
THREAD_INFORMATION_CLASS ThreadInformationClass,
LPVOID ThreadInformation,
DWORD ThreadInformationSize
);
inline BOOL(__stdcall *pSetThreadSelectedCpuSets)(
HANDLE Thread,
const ULONG * CpuSetIds,
ULONG CpuSetIdCount
);
#if defined(AURORA_PLATFORM_WIN32)
inline BOOL(__stdcall *pSetThreadGroupAffinity)(
HANDLE hThread,
GROUP_AFFINITY * GroupAffinity,
PGROUP_AFFINITY PreviousGroupAffinity
);
#endif
inline BOOL(__stdcall *pRemoveDllDirectory)(
PVOID Cookie
);
inline PVOID(__stdcall *pAddDllDirectory)(
PCWSTR NewDirectory
);
inline DWORD(__stdcall *pGetTempPathW)(
DWORD nBufferLength,
LPWSTR lpBuffer
);
inline BOOL(__stdcall *pSetProcessInformation)(
HANDLE hProcess,
_PROCESS_INFORMATION_CLASS ProcessInformationClass,
LPVOID ProcessInformation,
DWORD ProcessInformationSize
);
inline BOOL(__stdcall *pGetConsoleScreenBufferInfo)(
HANDLE hConsoleOutput,
_CONSOLE_SCREEN_BUFFER_INFO*lpConsoleScreenBufferInfo
);
inline BOOL(__stdcall *pSetConsoleScreenBufferSize)(
HANDLE hConsoleOutput,
COORD dwSize
);
inline BOOL(__stdcall *pSetConsoleWindowInfo)(
HANDLE hConsoleOutput,
BOOL bAbsolute,
CONST _SMALL_RECT * lpConsoleWindow
);
inline HANDLE(__stdcall *pCreateConsoleScreenBuffer)(
DWORD dwDesiredAccess,
DWORD dwShareMode,
CONST _SECURITY_ATTRIBUTES *lpSecurityAttributes,
2024-04-21 10:37:00 +00:00
DWORD dwFlags,
LPVOID lpScreenBufferData
);
inline BOOL(__stdcall *pSetConsoleCursorPosition)(
HANDLE hConsoleOutput,
COORD dwCursorPosition
);
inline BOOL(__stdcall *pFillConsoleOutputCharacterW)(
HANDLE hConsoleOutput,
WCHAR cCharacter,
DWORD nLength,
COORD dwWriteCoord,
LPDWORD lpNumberOfCharsWritten
);
inline BOOL(__stdcall *pFillConsoleOutputAttribute)(
HANDLE hConsoleOutput,
WORD wAttribute,
DWORD nLength,
COORD dwWriteCoord,
LPDWORD lpNumberOfAttrsWritten
);
inline BOOL(__stdcall *pSetConsoleTextAttribute)(
HANDLE hConsoleOutput,
WORD wAttributes
);
inline BOOL(__stdcall *pSetConsoleActiveScreenBuffer)(
HANDLE hConsoleOutput
);
inline BOOL(__stdcall *pScrollConsoleScreenBufferW)(
HANDLE hConsoleOutput,
CONST _SMALL_RECT * lpScrollRectangle,
CONST _SMALL_RECT * lpClipRectangle,
COORD dwDestinationOrigin,
CONST _CHAR_INFO * lpFill
);
inline BOOL(__stdcall *pGetNumberOfConsoleInputEvents)(
HANDLE hConsoleInput,
LPDWORD lpNumberOfEvents
);
inline BOOL(__stdcall *pReadConsoleInputW)(
2024-04-21 10:37:00 +00:00
HANDLE hConsoleInput,
_INPUT_RECORD * lpBuffer,
DWORD nLength,
LPDWORD lpNumberOfEventsRead
);
inline BOOL(__stdcall *pWriteConsoleInputW)(
2024-04-21 10:37:00 +00:00
HANDLE hConsoleInput,
CONST _INPUT_RECORD * lpBuffer,
DWORD nLength,
LPDWORD lpNumberOfEventsWritten
);
inline BOOL(__stdcall *pWriteConsoleW)(
2024-04-21 10:37:00 +00:00
HANDLE hConsoleInput,
CONST wchar_t * lpBuffer,
DWORD nLength,
LPDWORD lpNumberOfEventsWritten,
void * pReserved
);
inline BOOL(__stdcall *pGetNamedPipeClientProcessId)(
HANDLE Pipe,
PULONG ClientProcessId
);
inline BOOL(__stdcall *pModule32FirstW)(
HANDLE Pipe,
tagMODULEENTRY32W * lpme
);
inline BOOL(__stdcall *pModule32NextW)(
HANDLE Pipe,
tagMODULEENTRY32W * lpme
);
inline HANDLE(__stdcall *pCreateJobObjectW)(
LPSECURITY_ATTRIBUTES lpJobAttributes,
LPCWSTR lpName
);
inline BOOL(__stdcall *pPrefetchVirtualMemory)(
HANDLE hProcess,
ULONG_PTR NumberOfEntries,
WIN32_MEMORY_RANGE_ENTRY2 * VirtualAddresses,
ULONG Flags
);
inline BOOL(__stdcall *pCryptGenRandom)(
ULONG_PTR hProv,
DWORD dwLen,
2023-12-21 14:27:35 +00:00
BYTE * pbBuffer
);
inline NTSTATUS(__stdcall *pZwSetTimerResolution)(
ULONG RequestedResolution,
BOOLEAN Set,
PULONG ActualResolution
);
inline BOOLEAN(__stdcall *pRtlGenRandom)(
PVOID RandomBuffer,
ULONG RandomBufferLength
);
#if defined(AURORA_PLATFORM_WIN32)
inline NTSTATUS(__stdcall *pNtQueryInformationProcess)(
HANDLE ProcessHandle,
PROCESSINFOCLASS ProcessInformationClass,
PVOID ProcessInformation,
ULONG ProcessInformationLength,
PULONG ReturnLength
);
#endif
2024-04-21 10:37:00 +00:00
inline NTSTATUS(__stdcall *pNtQuerySystemInformation)(
_SYSTEM_INFORMATION_CLASS SystemInformationClass,
PVOID SystemInformation,
ULONG SystemInformationLength,
PULONG ReturnLength
);
inline ULONGLONG(__stdcall *pVerSetConditionMask)(
ULONGLONG ConditionMask,
DWORD TypeMask,
BYTE Condition
);
inline BOOL(__stdcall *pVerifyVersionInfoW)(
LPOSVERSIONINFOEXW dwTypeMask,
DWORD TypeMask,
DWORDLONG dwlConditionMask
);
inline HRESULT(__stdcall *pSetWindowTheme)(
HWND hwnd,
LPCWSTR pszSubAppName,
LPCWSTR pszSubIdList
);
inline HANDLE(__stdcall *pFindFirstStreamW)(
LPCWSTR lpFileName,
STREAM_INFO_LEVELS InfoLevel,
LPVOID lpFindStreamData,
DWORD dwFlags
);
inline BOOL(__stdcall *pFindNextStreamW)(
HANDLE hFindStream,
LPVOID lpFindStreamData
);
inline BOOL(__stdcall *pFindClose)(
HANDLE hFindFile
);
inline BOOL(__stdcall *pCancelIoEx)(
HANDLE hFile,
LPOVERLAPPED lpOverlapped
);
inline BOOL(__stdcall *pCancelSynchronousIo)(
HANDLE hThread
);
#if 0
inline BOOL(__stdcall *pQueryPerformanceCounter)(
LARGE_INTEGER * lpPerformanceCount
);
inline BOOL(__stdcall *pQueryPerformanceFrequency)(
LARGE_INTEGER * lpPerformanceCount
);
#else // no one will notice
inline BOOL(__stdcall *pQueryPerformanceCounter)(
long long * lpPerformanceCount
);
inline BOOL(__stdcall *pQueryPerformanceFrequency)(
long long * lpPerformanceCount
);
#endif
inline BOOL(__stdcall *pGetProcessMemoryInfo)(
HANDLE Process,
::_PROCESS_MEMORY_COUNTERS *ppsmemCounters,
DWORD cb
);
inline BOOL(__stdcall *pSetFileInformationByHandle)(
HANDLE hFile,
FILE_INFO_BY_HANDLE_CLASS FileInformationClass,
LPVOID lpFileInformation,
DWORD dwBufferSize
);
inline int(__stdcall *pGetLocaleInfoEx)(
LPCWSTR lpLocaleName,
LCTYPE LCType,
LPWSTR lpLCData,
int cchData
);
inline int(__stdcall *pLCIDToLocaleName)(
LCID Locale,
LPWSTR lpName,
int cchName,
DWORD dwFlags
);
inline int(__stdcall *pGetLocaleInfoW)(
LCID Locale,
LCTYPE LCType,
LPWSTR lpLCData,
int cchData
);
inline DWORD(__stdcall *pGetThreadId)(
HANDLE hThread
);
inline NTSTATUS(__stdcall *pBCryptGenRandom)(
PVOID hAlgorithm,
PUCHAR pbBuffer,
ULONG cbBuffer,
ULONG dwFlags
);
// dbghelp
inline DWORD(__stdcall *pUnDecorateSymbolName)(
PCSTR name,
PSTR outputString,
DWORD maxStringLength,
DWORD flags
);
inline BOOL(__stdcall *pMiniDumpWriteDump)(
HANDLE hProcess,
DWORD ProcessId,
HANDLE hFile,
enum _MINIDUMP_TYPE DumpType,
_MINIDUMP_EXCEPTION_INFORMATION * ExceptionParam,
_MINIDUMP_USER_STREAM_INFORMATION * UserStreamParam,
_MINIDUMP_CALLBACK_INFORMATION * CallbackParam
);
inline BOOL(__stdcall *pSymInitialize)(
HANDLE hProcess,
PCSTR UserSearchPath,
BOOL fInvadeProcess
);
inline DWORD64(__stdcall *pSymGetModuleBase64)(
HANDLE hProcess,
DWORD64 qwAddr
);
inline BOOL(__stdcall *pSymGetLineFromAddr64)(
HANDLE hProcess,
DWORD64 qwAddr,
PDWORD pdwDisplacement,
_IMAGEHLP_LINE64 * Line64
);
inline PVOID(__stdcall *pSymFunctionTableAccess64)(
HANDLE hProcess,
DWORD64 AddrBase
);
typedef BOOL(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)(
HANDLE hProcess,
DWORD64 qwBaseAddress,
PVOID lpBuffer,
DWORD nSize,
LPDWORD lpNumberOfBytesRead
);
typedef PVOID (__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)(
HANDLE hProcess,
DWORD64 AddrBase
);
typedef DWORD64(__stdcall *PGET_MODULE_BASE_ROUTINE64)(
HANDLE hProcess,
DWORD64 Address
);
typedef DWORD64 (__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)(
HANDLE hProcess,
HANDLE hThread,
_tagADDRESS64 * lpaddr
);
inline BOOL(__stdcall *pStackWalk64)(
DWORD MachineType,
HANDLE hProcess,
HANDLE hThread,
_tagSTACKFRAME64 * StackFrame,
PVOID ContextRecord,
PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine,
PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine,
PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine,
PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress
);
// WINTRUST
inline BOOL(__stdcall *pWinVerifyTrust)(
HWND hwnd,
GUID * pgActionID,
LPVOID pWVTData
);
// IP Helper
inline ULONG(__stdcall *pGetAdaptersAddresses)(
ULONG Family,
ULONG Flags,
PVOID Reserved,
IP_ADAPTER_ADDRESSES * AdapterAddresses,
PULONG SizePointer
);
inline ULONG(__stdcall *pGetAdaptersInfo)(
_IP_ADAPTER_INFO * AdapterInfo,
PULONG SizePointer
);
// COM
inline HRESULT(__stdcall *pCoInitializeEx)(
LPVOID pvReserved,
DWORD dwCoInit
);
inline void(__stdcall *pCoTaskMemFree)(
LPVOID pv
);
inline void(__stdcall *pCoUninitialize)();
// Shell
inline HRESULT(__stdcall *pSHGetKnownFolderPath)(
2023-12-21 14:27:35 +00:00
const GUID & rfid,
DWORD dwFlags,
HANDLE hToken,
2023-12-21 14:27:35 +00:00
PWSTR * ppszPath
);
inline HINSTANCE(__stdcall *pShellExecuteW)(
HWND hwnd,
LPCWSTR lpOperation,
LPCWSTR lpFile,
LPCWSTR lpParameters,
LPCWSTR lpDirectory,
INT nShowCmd
);
inline HRESULT(__stdcall *pSHGetFolderPathA)(
HWND hwnd,
int csidl,
HANDLE hToken,
DWORD dwFlags,
LPSTR pszPath
);
inline LPWSTR *(__stdcall *pCommandLineToArgvW)(
LPCWSTR lpCmdLine,
int * pNumArgs
);
// Advanced API
inline LSTATUS(__stdcall *pRegSetValueExW)(
HKEY hKey,
LPCWSTR lpValueName,
DWORD Reserved,
DWORD dwType,
CONST BYTE * lpData,
DWORD cbData
);
inline LSTATUS(__stdcall *pRegQueryValueExW)(
HKEY hKey,
LPCWSTR lpValueName,
LPDWORD lpReserved,
LPDWORD lpType,
LPBYTE lpData,
LPDWORD lpcbData
);
inline LSTATUS(__stdcall *pRegCloseKey)(
HKEY hKey
);
inline LSTATUS(__stdcall *pRegOpenKeyExW)(
HKEY hKey,
LPCWSTR lpSubKey,
DWORD ulOptions,
REGSAM samDesired,
PHKEY phkResult
);
inline HANDLE(__stdcall *pRegisterEventSourceW)(
LPCWSTR lpUNCServerName,
LPCWSTR lpSourceName
);
inline BOOL(__stdcall *pDeregisterEventSource)(
HANDLE hEventLog
);
inline BOOL(__stdcall *pReportEventW)(
HANDLE hEventLog,
WORD wType,
WORD wCategory,
DWORD dwEventID,
PSID lpUserSid,
WORD wNumStrings,
DWORD dwDataSize,
LPCWSTR * lpStrings,
LPVOID lpRawData
);
inline BOOL(__stdcall *pCryptAcquireContextW)(
ULONG_PTR * hProv,
LPCWSTR szContainer,
LPCWSTR szProvider,
DWORD dwProvType,
DWORD dwFlags
);
inline BOOL(__stdcall *pCryptReleaseContext)(
ULONG_PTR hProvz,
DWORD dwFlags
);
inline DWORD(__stdcall *pSetEntriesInAclA)(
ULONG cCountOfExplicitEntries,
_EXPLICIT_ACCESS_A * pListOfExplicitEntries,
_ACL * OldAcl,
_ACL ** NewAcl
);
inline BOOL(__stdcall *pAllocateAndInitializeSid)(
PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
BYTE nSubAuthorityCount,
DWORD nSubAuthority0,
DWORD nSubAuthority1,
DWORD nSubAuthority2,
DWORD nSubAuthority3,
DWORD nSubAuthority4,
DWORD nSubAuthority5,
DWORD nSubAuthority6,
DWORD nSubAuthority7,
VOID ** pSid
);
inline DWORD(__stdcall *pSetNamedSecurityInfoW)(
LPWSTR pObjectName,
_SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
VOID * psidOwner,
VOID * psidGroup,
_ACL * pDacl,
_ACL * pSacl
);
inline PVOID(__stdcall *pFreeSid)(
VOID * pSid
);
2023-12-28 21:00:07 +00:00
// Advanced API
// The proper dodgy APIs that'll probably get us hit by AV-engines
// The follow APIs are used for in-process privilege escalation
inline BOOL(__stdcall *pCreateProcessWithLogonW)(
LPCWSTR lpUsername,
LPCWSTR lpDomain,
LPCWSTR lpPassword,
DWORD dwLogonFlags,
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);
inline BOOL(__stdcall *pCreateProcessAsUserW)(
HANDLE hToken,
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);
inline BOOL(__stdcall *pAdjustTokenPrivileges)(
HANDLE TokenHandle,
BOOL DisableAllPrivileges,
PTOKEN_PRIVILEGES NewState,
DWORD BufferLength,
PTOKEN_PRIVILEGES PreviousState,
PDWORD ReturnLength
);
inline BOOL(__stdcall *pRevertToSelf)();
inline BOOL(__stdcall *pSetTokenInformation)(
HANDLE TokenHandle,
_TOKEN_INFORMATION_CLASS TokenInformationClass,
LPVOID TokenInformation,
DWORD TokenInformationLength
);
inline PUCHAR(__stdcall *pGetSidSubAuthorityCount)(PSID pSid);
inline BOOL(__stdcall *pLookupPrivilegeValueA)(
LPCSTR lpSystemName,
LPCSTR lpName,
PLUID lpLuid
);
inline PDWORD(__stdcall *pGetSidSubAuthority)(
PSID pSid,
DWORD nSubAuthority
);
inline PDWORD(__stdcall *pLogonUserW)(
LPCWSTR lpszUsername,
LPCWSTR lpszDomain,
LPCWSTR lpszPassword,
DWORD dwLogonType,
DWORD dwLogonProvider,
PHANDLE phToken
);
inline PDWORD(__stdcall *pOpenProcessToken)(
HANDLE ProcessHandle,
DWORD DesiredAccess,
PHANDLE TokenHandle
);
inline BOOL(__stdcall *pSetThreadToken)(
PHANDLE Thread,
HANDLE Token
);
inline DWORD(__stdcall *pSetSecurityInfo)(
HANDLE handle,
_SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID psidOwner,
PSID psidGroup,
PACL pDacl,
PACL pSacl
);
inline BOOL(__stdcall *pGetUserNameW)(
LPWSTR lpBuffer,
LPDWORD pcbBuffer
);
inline BOOL(__stdcall *pDuplicateTokenEx)(
HANDLE hExistingToken,
DWORD dwDesiredAccess,
LPSECURITY_ATTRIBUTES lpTokenAttributes,
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
TOKEN_TYPE TokenType,
PHANDLE phNewToken
);
inline BOOL(__stdcall *pLookupAccountSidW)(
LPCWSTR lpSystemName,
PSID Sid,
LPWSTR Name,
LPDWORD cchName,
LPWSTR ReferencedDomainName,
LPDWORD cchReferencedDomainName,
PSID_NAME_USE peUse
);
inline BOOL(__stdcall *pGetTokenInformation)(
HANDLE TokenHandle,
TOKEN_INFORMATION_CLASS TokenInformationClass,
LPVOID TokenInformation,
DWORD TokenInformationLength,
PDWORD ReturnLength
);
inline BOOL(__stdcall *pSetSecurityDescriptorDacl)(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
BOOL bDaclPresent,
PACL pDacl,
BOOL bDaclDefaulted
);
inline BOOL(__stdcall *pInitializeSecurityDescriptor)(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
DWORD dwRevision
);
inline NTSTATUS(__stdcall *pLsaOpenPolicy)(
PLSA_UNICODE_STRING SystemName,
PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
ACCESS_MASK DesiredAccess,
PLSA_HANDLE PolicyHandle
);
inline NTSTATUS(__stdcall *pLsaClose)(
LSA_HANDLE ObjectHandle
);
inline NTSTATUS(__stdcall *pLsaAddAccountRights)(
LSA_HANDLE PolicyHandle,
PSID AccountSid,
PLSA_UNICODE_STRING UserRights,
ULONG CountOfRights
);
inline NTSTATUS(__stdcall *pLookupAccountNameW)(
LPCWSTR lpSystemName,
LPCWSTR lpAccountName,
PSID Sid,
LPDWORD cbSid,
LPWSTR ReferencedDomainName,
LPDWORD cchReferencedDomainName,
PSID_NAME_USE peUse
);
// USER32 - the shit microsoft will probably try to phase out and remove over time
// [then give up and write a win32 emulator in a memelang, probably]
inline BOOL(__stdcall *pOpenClipboard)(
HWND hWndNewOwner
);
inline HANDLE(__stdcall *pGetClipboardData)(
UINT uFormat
);
inline BOOL(__stdcall *pCloseClipboard)();
inline UINT(__stdcall *pMapVirtualKeyA)(
UINT uCode,
UINT uMapType
);
inline DWORD(__stdcall *pGetWindowThreadProcessId)(
HWND hWnd,
LPDWORD lpdwProcessId
);
inline LRESULT(__stdcall *pSendMessageA)(
HWND hWnd,
UINT Msg,
WPARAM wParam,
LPARAM lParam
);
inline BOOL(__stdcall *pEnumThreadWindows)(
DWORD dwThreadId,
WNDENUMPROC lpfn,
LPARAM lParam
);
inline BOOL(__stdcall *pTranslateMessage)(
MSG * lpMsg
);
inline LRESULT(__stdcall *pDispatchMessageW)(
MSG * lpMsg
);
inline DWORD(__stdcall *pMsgWaitForMultipleObjects)(
DWORD nCount,
CONST HANDLE * pHandles,
BOOL fWaitAll,
DWORD dwMilliseconds,
DWORD dwWakeMask
);
inline DWORD(__stdcall *pMsgWaitForMultipleObjectsEx)(
DWORD nCount,
CONST HANDLE * pHandles,
DWORD dwMilliseconds,
DWORD dwWakeMask,
DWORD dwFlags
);
inline BOOL(__stdcall *pPeekMessageW)(
LPMSG lpMsg,
HWND hWnd,
UINT wMsgFilterMin,
UINT wMsgFilterMax,
UINT wRemoveMsg
);
inline BOOL(__stdcall *pSetPropW)(
HWND hWnd,
LPCWSTR lpString,
HANDLE hData
);
// SETUPAPI.dll
inline BOOL(__stdcall *pSetupDiEnumDeviceInterfaces)(
PVOID DeviceInfoSet,
_SP_DEVINFO_DATA * DeviceInfoData,
const GUID * InterfaceClassGuid,
DWORD MemberIndex,
_SP_DEVICE_INTERFACE_DATA * DeviceInterfaceData
);
inline BOOL(__stdcall *pSetupDiDestroyDeviceInfoList)(
PVOID DeviceInfoSet
);
inline PVOID(__stdcall *pSetupDiGetClassDevsW)(
const GUID * ClassGuid,
PCWSTR Enumerator,
HWND hwndParent,
DWORD Flags
);
inline BOOL(__stdcall *pSetupDiGetDeviceRegistryPropertyA)(
PVOID DeviceInfoSet,
_SP_DEVINFO_DATA * DeviceInfoData,
DWORD Property,
PDWORD PropertyRegDataType,
PBYTE PropertyBuffer,
DWORD PropertyBufferSize,
PDWORD RequiredSize
);
inline BOOL(__stdcall *pSetupDiGetDeviceInterfaceDetailW)(
PVOID DeviceInfoSet,
_SP_DEVICE_INTERFACE_DATA * DeviceInterfaceData,
_SP_DEVICE_INTERFACE_DETAIL_DATA_W * DeviceInterfaceDetailData,
DWORD DeviceInterfaceDetailDataSize,
PDWORD RequiredSize,
_SP_DEVINFO_DATA * DeviceInfoData
);
// MPR.dll
inline DWORD(__stdcall *pWNetCloseEnum)(
HANDLE hEnum
);
inline DWORD(__stdcall *pWNetEnumResourceW)(
HANDLE hEnum,
LPDWORD lpcCount,
LPVOID lpBuffer,
LPDWORD lpBufferSize
);
inline DWORD(__stdcall *pWNetOpenEnumW)(
DWORD dwScope,
DWORD dwType,
DWORD dwUsage,
_NETRESOURCEW * lpNetResource,
LPHANDLE lphEnum
);
inline DWORD(__stdcall *pWNetGetUniversalNameW)(
LPCWSTR lpLocalPath,
DWORD dwInfoLevel,
LPVOID lpBuffer,
LPDWORD lpBufferSize
);
// Winsock2
inline INT(__stdcall *pGetAddrInfoExCancel)(
LPHANDLE lpHandle
);
using LPLOOKUPSERVICE_COMPLETION_ROUTINE = void(__stdcall *)(
DWORD dwError,
DWORD dwBytes,
LPWSAOVERLAPPED lpOverlapped
);
inline INT(__stdcall *pGetAddrInfoExW)(
PCWSTR pName,
PCWSTR pServiceName,
DWORD dwNameSpace,
LPGUID lpNspId,
const ADDRINFOEXW * hints,
PADDRINFOEXW * ppResult,
struct timeval * timeout,
LPOVERLAPPED lpOverlapped,
LPLOOKUPSERVICE_COMPLETION_ROUTINE lpCompletionRoutine,
LPHANDLE lpHandle
);
inline void(__stdcall *pFreeAddrInfoExW)(
PADDRINFOEXW pAddrInfoEx
);
inline INT(__stdcall *pgetaddrinfo)(
PCSTR pNodeName,
PCSTR pServiceName,
const ADDRINFOA * pHints,
PADDRINFOA * ppResult
);
inline void(__stdcall *pfreeaddrinfo)(
PADDRINFOA pAddrInfo
);
inline int(__stdcall *plisten)(
2023-12-21 14:27:35 +00:00
SOCKET s,
int backlog
);
inline int(__stdcall *pbind)(
2023-12-21 14:27:35 +00:00
SOCKET s,
const sockaddr * name,
int namelen
);
inline int(__stdcall *pclosesocket)(
2023-12-21 14:27:35 +00:00
SOCKET s
);
inline int(__stdcall *pWSAStartup)(
2023-12-21 14:27:35 +00:00
WORD wVersionRequested,
LPWSADATA lpWSAData
);
inline int(__stdcall *pshutdown)(
2023-12-21 14:27:35 +00:00
SOCKET s,
int flags
);
inline int(__stdcall *pgetpeername)(
2023-12-21 14:27:35 +00:00
SOCKET s,
sockaddr * name,
int * namelen
);
inline int(__stdcall *pgetsockname)(
2023-12-21 14:27:35 +00:00
SOCKET s,
sockaddr * name,
int * namelen
);
inline int(__stdcall *pWSAIoctl)(
SOCKET s,
DWORD dwIoControlCode,
LPVOID lpvInBuffer,
DWORD cbInBuffer,
LPVOID lpvOutBuffer,
DWORD cbOutBuffer,
LPDWORD lpcbBytesReturned,
LPWSAOVERLAPPED lpOverlapped,
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
);
inline int(__stdcall *pioctlsocket)(
2023-12-21 14:27:35 +00:00
SOCKET s,
long cmd,
u_long *argp
);
inline int(__stdcall *psetsockopt)(
2023-12-21 14:27:35 +00:00
SOCKET s,
int level,
int optname,
const char * optval,
int optlen
);
inline int(__stdcall *pWSAGetLastError)();
inline SOCKET(__stdcall *pWSASocketW)(
2023-12-21 14:27:35 +00:00
int af,
int type,
int protocol,
LPWSAPROTOCOL_INFOW lpProtocolInfo,
GROUP g,
DWORD dwFlags
);
inline int(__stdcall *pWSARecvFrom)(
SOCKET s,
LPWSABUF lpBuffers,
DWORD dwBufferCount,
LPDWORD lpNumberOfBytesRecvd,
LPDWORD lpFlags,
sockaddr * lpFrom,
LPINT lpFromlen,
LPWSAOVERLAPPED lpOverlapped,
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
);
inline int(__stdcall *pWSARecv)(
SOCKET s,
LPWSABUF lpBuffers,
DWORD dwBufferCount,
LPDWORD lpNumberOfBytesRecvd,
LPDWORD lpFlags,
LPWSAOVERLAPPED lpOverlapped,
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
);
inline int(__stdcall *pWSASendTo)(
SOCKET s,
LPWSABUF lpBuffers,
DWORD dwBufferCount,
LPDWORD lpNumberOfBytesSent,
DWORD dwFlags,
const sockaddr * lpTo,
int iTolen,
LPWSAOVERLAPPED lpOverlapped,
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
);
inline int(__stdcall *pWSASend)(
SOCKET s,
LPWSABUF lpBuffers,
DWORD dwBufferCount,
LPDWORD lpNumberOfBytesSent,
DWORD dwFlags,
LPWSAOVERLAPPED lpOverlapped,
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
);
inline INT(__stdcall *pWSAStringToAddressA)(
LPSTR AddressString,
INT AddressFamily,
LPWSAPROTOCOL_INFOA lpProtocolInfo,
LPSOCKADDR lpAddress,
LPINT lpAddressLength
);
2023-12-28 21:00:07 +00:00
// credui
inline INT(__stdcall *pCredUIPromptForWindowsCredentialsW)(
void * pUiInfo,
DWORD dwAuthError,
ULONG * pulAuthPackage,
LPCVOID pvInAuthBuffer,
ULONG ulInAuthBufferSize,
LPVOID * ppvOutAuthBuffer,
ULONG * pulOutAuthBufferSize,
BOOL * pfSave,
DWORD dwFlags
);
inline BOOL(__stdcall *pCredUnPackAuthenticationBufferW)(
DWORD dwFlags,
PVOID pAuthBuffer,
DWORD cbAuthBuffer,
LPWSTR pszUserName,
DWORD * pcchMaxUserName,
LPWSTR pszDomainName,
DWORD * pcchMaxDomainName,
LPWSTR pszPassword,
DWORD * pcchMaxPassword
);
inline bool gUseNativeWaitMutex {};
inline bool gUseNativeWaitCondvar {};
inline bool gUseNativeWaitSemapahore {};
inline bool gUseFastFail {};
void Win32DropInit();
void Win32DropSchedulerResolution();
void Win32Terminate();
AUKN_SYM /* I'm going to be kind */
HANDLE Win32Open(LPCWSTR lpFileName,
2023-09-13 14:09:53 +00:00
DWORD dwDesiredAccess = GENERIC_READ | GENERIC_WRITE,
DWORD dwShareMode = FILE_SHARE_READ,
bool bInherit = false,
DWORD dwCreationDisposition = 0,
DWORD dwFlags = 0,
DWORD dwAttributes = 0
);
AUKN_SYM /* I'm going to be kind */
HANDLE Win32Open2(LPCWSTR lpFileName,
DWORD dwDesiredAccess = GENERIC_READ | GENERIC_WRITE,
DWORD dwShareMode = FILE_SHARE_READ,
LPSECURITY_ATTRIBUTES lpSecurityAttributes = NULL,
DWORD dwCreationDisposition = 0,
DWORD dwFlags = 0,
DWORD dwAttributes = 0
);
inline HMODULE(__stdcall *pLoadLibraryW)(
LPCWSTR lpLibFileName
);
inline FARPROC(__stdcall*pGetProcAddress)(
HMODULE hModule,
LPCSTR lpProcName
);
void NTWriteEoS(HANDLE hHandle);
static auline bool SysWaitOnAddressNoTimed(const void *pTargetAddress,
const void *pCompareAddress,
AuUInt8 uWordSize)
{
if (pRtlWaitOnAddress)
{
return pRtlWaitOnAddress((void *)pTargetAddress, (void *)pCompareAddress, uWordSize, nullptr);
}
else
{
return pWaitOnAddress((void *)pTargetAddress, (void *)pCompareAddress, uWordSize, INFINITE);
}
}
static auline void SysWakeNOnAddress(const void *pAddress,
AuUInt32 dwCount)
{
if (pRtlWakeAddressSingle)
{
if (dwCount < 6)
{
for (AuUInt i = 0; i < dwCount; i++)
{
pRtlWakeAddressSingle((void *)pAddress);
}
}
else
{
pRtlWakeByAddressAll((void *)pAddress);
}
}
else
{
for (AuUInt i = 0; i < dwCount; i++)
{
pWakeByAddressSingle((void *)pAddress);
}
}
}
static auline void SysWakeAllOnAddress(const void *pAddress)
{
if (pRtlWakeByAddressAll)
{
pRtlWakeByAddressAll((void *)pAddress);
}
else
{
pWakeByAddressAll((void *)pAddress);
}
}
static auline void SysWakeOneOnAddress(const void *pAddress)
{
if (pRtlWakeAddressSingle)
{
pRtlWakeAddressSingle((void *)pAddress);
}
else
{
pWakeByAddressSingle((void *)pAddress);
}
}
}