AuroraRuntime/Source/AuProcAddresses.NT.hpp

542 lines
18 KiB
C++

/***
Copyright (C) 2023 J Reece Wilson (a/k/a "Reece"). All rights reserved.
File: AuProcAddresses.NT.hpp
Date: 2023-2-16
Author: Reece
***/
#pragma once
struct _PROCESS_MEMORY_COUNTERS;
struct _tagSTACKFRAME64;
struct _MINIDUMP_EXCEPTION_INFORMATION;
struct _MINIDUMP_USER_STREAM_INFORMATION;
struct _IMAGEHLP_LINE64;
struct _tagADDRESS64;
struct _MINIDUMP_CALLBACK_INFORMATION;
struct _MIB_IPADDRTABLE;
struct _IP_ADAPTER_INFO;
struct _CREATEFILE2_EXTENDED_PARAMETERS;
enum _MINIDUMP_TYPE;
#if defined(AURORA_COMPILER_MSVC)
struct _IP_ADAPTER_ADDRESSES_LH;
struct _IP_ADAPTER_ADDRESSES_XP;
#if (NTDDI_VERSION >= NTDDI_VISTA)
typedef _IP_ADAPTER_ADDRESSES_LH IP_ADAPTER_ADDRESSES;
typedef _IP_ADAPTER_ADDRESSES_LH *PIP_ADAPTER_ADDRESSES;
#elif (NTDDI_VERSION >= NTDDI_WINXP)
typedef _IP_ADAPTER_ADDRESSES_XP IP_ADAPTER_ADDRESSES;
typedef _IP_ADAPTER_ADDRESSES_XP *PIP_ADAPTER_ADDRESSES;
#else
typedef _IP_ADAPTER_ADDRESSES_XP IP_ADAPTER_ADDRESSES;
typedef _IP_ADAPTER_ADDRESSES_XP *PIP_ADAPTER_ADDRESSES;
#endif
#endif
namespace Aurora
{
void InitNTAddresses();
static const wchar_t *kSyncDllName { L"API-MS-Win-Core-Synch-l1-2-0.dll" };
static const wchar_t *kNtDllName { L"NTDLL.dll" };
static const wchar_t *kKernel32DllName { L"Kernel32.dll" };
static const wchar_t *kKernelBaseDllName { L"KernelBase.dll" };
static const wchar_t *kWS2DllName { L"Ws2_32.dll" };
static const wchar_t *kAdvancedApiDllName { L"Advapi32.dll" };
static const wchar_t *kBCryptDllName { L"bcrypt.dll" };
static const wchar_t *kThemeDllName { L"UxTheme.dll" };
static const wchar_t *kShellDllName { L"Shell32.dll" };
static const wchar_t *kPSAPILegacyDllName { L"psapi.dll" };
static const wchar_t *kDbgHelperDllName { L"dbghelp.dll" };
static const wchar_t *kWinTrustDllName { L"WINTRUST.dll" };
static const wchar_t *kIPHelperDllName { L"IPHLPAPI.dll" };
struct WIN32_MEMORY_RANGE_ENTRY2
{
PVOID VirtualAddress;
SIZE_T NumberOfBytes;
};
enum class THREAD_INFORMATION_CLASS
{
ThreadMemoryPriority,
ThreadAbsoluteCpuPriority,
ThreadDynamicCodePolicy,
ThreadPowerThrottling,
ThreadInformationClassMax
};
inline BOOL(__stdcall *pWaitOnAddress)(
volatile VOID * Address,
PVOID CompareAddress,
SIZE_T AddressSize,
DWORD dwMilliseconds
);
inline void(__stdcall *pWakeByAddressSingle)(
PVOID Address
);
inline void(__stdcall *pWakeByAddressAll)(
PVOID Address
);
inline DWORD(__stdcall *pNtDelayExecution)(
BOOLEAN Alertable,
PLARGE_INTEGER DelayInterval
);
inline PVOID(__stdcall *pVirtualAlloc2)(
HANDLE Process,
PVOID BaseAddress,
SIZE_T Size,
ULONG AllocationType,
ULONG PageProtection,
MEM_EXTENDED_PARAMETER * ExtendedParameters,
ULONG ParameterCount
);
inline PVOID(__stdcall *pMapViewOfFile3)(
HANDLE FileMapping,
HANDLE Process,
PVOID BaseAddress,
ULONG64 Offset,
SIZE_T ViewSize,
ULONG AllocationType,
ULONG PageProtection,
MEM_EXTENDED_PARAMETER * ExtendedParameters,
ULONG ParameterCount
);
inline PVOID(__stdcall *pUnmapViewOfFile2)(
HANDLE Process,
PVOID BaseAddress,
ULONG UnmapFlags
);
inline NTSTATUS(__stdcall *pNtWaitForKeyedEvent)(
HANDLE Handle,
PVOID Key,
BOOLEAN Alertable,
PLARGE_INTEGER NTTimeout
);
inline NTSTATUS(__stdcall *pNtReleaseKeyedEvent)(
HANDLE Handle,
PVOID Key,
BOOLEAN Alertable,
PLARGE_INTEGER NTTimeout
);
inline NTSTATUS(__stdcall *pNtCreateKeyedEvent)(
HANDLE Handle,
ACCESS_MASK Access,
POBJECT_ATTRIBUTES Attr,
ULONG Flags
);
inline NTSTATUS(__stdcall *pNtOpenKeyedEvent)(
HANDLE Handle,
ACCESS_MASK Access,
POBJECT_ATTRIBUTES Attr,
ULONG Flags
);
inline NTSTATUS(__stdcall *pRtlWaitOnAddress)(
const void * addr,
const void * cmp,
SIZE_T size,
const LARGE_INTEGER * timeout
);
inline void(__stdcall *pRtlWakeByAddressAll)(
const void * addr
);
inline void(__stdcall *pRtlWakeAddressSingle)(
const void * addr
);
#if defined(AURORA_PLATFORM_WIN32)
inline NTSTATUS(__stdcall *pRtlGetVersion)(
PRTL_OSVERSIONINFOW lpVersionInformation
);
#endif
inline HANDLE(__stdcall *pCreateFile2W)(
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
DWORD dwCreationDisposition,
_CREATEFILE2_EXTENDED_PARAMETERS *pCreateExParams
);
inline HANDLE(__stdcall *pCreateFileW)(
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile
);
inline NTSTATUS(__stdcall *pNtNotifyChangeDirectoryFile)(
HANDLE FileHandle,
HANDLE Event,
PIO_APC_ROUTINE ApcRoutine,
PVOID ApcContext,
PIO_STATUS_BLOCK IoStatusBlock,
PVOID Buffer,
ULONG BufferSize,
ULONG CompletionFilter,
BOOLEAN WatchTree
);
inline NTSTATUS(__stdcall *pNtTerminateProcess)(
HANDLE ProcessHandle,
NTSTATUS ExitStatus
);
inline BOOL(__stdcall *pGetSystemCpuSetInformation)(
PSYSTEM_CPU_SET_INFORMATION Information,
ULONG BufferLength,
PULONG ReturnedLength,
HANDLE Process,
ULONG Flags
);
inline BOOL(__stdcall *pGetLogicalProcessorInformation)(
PSYSTEM_LOGICAL_PROCESSOR_INFORMATION Buffer,
PDWORD ReturnedLength
);
inline HRESULT(__stdcall *pSetThreadDescription)(
HANDLE hThread,
PCWSTR lpThreadDescription
);
inline BOOL(__stdcall *pSetThreadInformation)(
HANDLE hThread,
THREAD_INFORMATION_CLASS ThreadInformationClass,
LPVOID ThreadInformation,
DWORD ThreadInformationSize
);
inline BOOL(__stdcall *pSetThreadSelectedCpuSets)(
HANDLE Thread,
const ULONG * CpuSetIds,
ULONG CpuSetIdCount
);
#if defined(AURORA_PLATFORM_WIN32)
inline BOOL(__stdcall *pSetThreadGroupAffinity)(
HANDLE hThread,
GROUP_AFFINITY * GroupAffinity,
PGROUP_AFFINITY PreviousGroupAffinity
);
#endif
inline INT(__stdcall *pGetAddrInfoExCancel)(
LPHANDLE lpHandle
);
using LPLOOKUPSERVICE_COMPLETION_ROUTINE = void(__stdcall *)(
DWORD dwError,
DWORD dwBytes,
LPWSAOVERLAPPED lpOverlapped
);
inline INT(__stdcall *pGetAddrInfoExW)(
PCWSTR pName,
PCWSTR pServiceName,
DWORD dwNameSpace,
LPGUID lpNspId,
const ADDRINFOEXW * hints,
PADDRINFOEXW * ppResult,
struct timeval * timeout,
LPOVERLAPPED lpOverlapped,
LPLOOKUPSERVICE_COMPLETION_ROUTINE lpCompletionRoutine,
LPHANDLE lpHandle
);
inline void(__stdcall *pFreeAddrInfoExW)(
PADDRINFOEXW pAddrInfoEx
);
inline INT(__stdcall *pgetaddrinfo)(
PCSTR pNodeName,
PCSTR pServiceName,
const ADDRINFOA * pHints,
PADDRINFOA * ppResult
);
inline void(__stdcall *pfreeaddrinfo)(
PADDRINFOA pAddrInfo
);
inline BOOL(__stdcall *pPrefetchVirtualMemory)(
HANDLE hProcess,
ULONG_PTR NumberOfEntries,
WIN32_MEMORY_RANGE_ENTRY2 * VirtualAddresses,
ULONG Flags
);
inline NTSTATUS(__stdcall *pBCryptGenRandom)(
PVOID hAlgorithm,
PUCHAR pbBuffer,
ULONG cbBuffer,
ULONG dwFlags
);
inline BOOL(__stdcall *pCryptGenRandom)(
ULONG_PTR hProv,
DWORD dwLen,
BYTE *pbBuffer
);
inline BOOL(__stdcall *pCryptAcquireContextW)(
ULONG_PTR * hProv,
LPCWSTR szContainer,
LPCWSTR szProvider,
DWORD dwProvType,
DWORD dwFlags
);
inline BOOL(__stdcall *pCryptReleaseContext)(
ULONG_PTR hProvz,
DWORD dwFlags
);
inline NTSTATUS(__stdcall *pZwSetTimerResolution)(
ULONG RequestedResolution,
BOOLEAN Set,
PULONG ActualResolution
);
inline BOOLEAN(__stdcall *pRtlGenRandom)(
PVOID RandomBuffer,
ULONG RandomBufferLength
);
#if defined(AURORA_PLATFORM_WIN32)
inline NTSTATUS(__stdcall *pNtQueryInformationProcess)(
HANDLE ProcessHandle,
PROCESSINFOCLASS ProcessInformationClass,
PVOID ProcessInformation,
ULONG ProcessInformationLength,
PULONG ReturnLength
);
#endif
inline ULONGLONG(__stdcall *pVerSetConditionMask)(
ULONGLONG ConditionMask,
DWORD TypeMask,
BYTE Condition
);
inline BOOL(__stdcall *pVerifyVersionInfoW)(
LPOSVERSIONINFOEXW dwTypeMask,
DWORD TypeMask,
DWORDLONG dwlConditionMask
);
inline HRESULT(__stdcall *pSetWindowTheme)(
HWND hwnd,
LPCWSTR pszSubAppName,
LPCWSTR pszSubIdList
);
inline HANDLE(__stdcall *pFindFirstStreamW)(
LPCWSTR lpFileName,
STREAM_INFO_LEVELS InfoLevel,
LPVOID lpFindStreamData,
DWORD dwFlags
);
inline BOOL(__stdcall *pFindNextStreamW)(
HANDLE hFindStream,
LPVOID lpFindStreamData
);
inline BOOL(__stdcall *pFindClose)(
HANDLE hFindFile
);
inline BOOL(__stdcall *pCancelIoEx)(
HANDLE hFile,
LPOVERLAPPED lpOverlapped
);
inline BOOL(__stdcall *pCancelSynchronousIo)(
HANDLE hThread
);
inline BOOL(__stdcall *pGetProcessMemoryInfo)(
HANDLE Process,
::_PROCESS_MEMORY_COUNTERS *ppsmemCounters,
DWORD cb
);
inline BOOL(__stdcall *pSetFileInformationByHandle)(
HANDLE hFile,
FILE_INFO_BY_HANDLE_CLASS FileInformationClass,
LPVOID lpFileInformation,
DWORD dwBufferSize
);
inline int(__stdcall *pGetLocaleInfoEx)(
LPCWSTR lpLocaleName,
LCTYPE LCType,
LPWSTR lpLCData,
int cchData
);
inline int(__stdcall *pLCIDToLocaleName)(
LCID Locale,
LPWSTR lpName,
int cchName,
DWORD dwFlags
);
inline int(__stdcall *pGetLocaleInfoW)(
LCID Locale,
LCTYPE LCType,
LPWSTR lpLCData,
int cchData
);
inline DWORD(__stdcall *pGetThreadId)(
HANDLE hThread
);
inline HRESULT(__stdcall *pSHGetKnownFolderPath)(
const GUID & rfid,
DWORD dwFlags,
HANDLE hToken,
PWSTR * ppszPath
);
// dbghelp
inline DWORD(__stdcall *pUnDecorateSymbolName)(
PCSTR name,
PSTR outputString,
DWORD maxStringLength,
DWORD flags
);
inline BOOL(__stdcall *pMiniDumpWriteDump)(
HANDLE hProcess,
DWORD ProcessId,
HANDLE hFile,
enum _MINIDUMP_TYPE DumpType,
_MINIDUMP_EXCEPTION_INFORMATION * ExceptionParam,
_MINIDUMP_USER_STREAM_INFORMATION * UserStreamParam,
_MINIDUMP_CALLBACK_INFORMATION * CallbackParam
);
inline BOOL(__stdcall *pSymInitialize)(
HANDLE hProcess,
PCSTR UserSearchPath,
BOOL fInvadeProcess
);
inline DWORD64(__stdcall *pSymGetModuleBase64)(
HANDLE hProcess,
DWORD64 qwAddr
);
inline BOOL(__stdcall *pSymGetLineFromAddr64)(
HANDLE hProcess,
DWORD64 qwAddr,
PDWORD pdwDisplacement,
_IMAGEHLP_LINE64 * Line64
);
inline PVOID(__stdcall *pSymFunctionTableAccess64)(
HANDLE hProcess,
DWORD64 AddrBase
);
typedef BOOL(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)(
HANDLE hProcess,
DWORD64 qwBaseAddress,
PVOID lpBuffer,
DWORD nSize,
LPDWORD lpNumberOfBytesRead
);
typedef PVOID (__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)(
HANDLE hProcess,
DWORD64 AddrBase
);
typedef DWORD64(__stdcall *PGET_MODULE_BASE_ROUTINE64)(
HANDLE hProcess,
DWORD64 Address
);
typedef DWORD64 (__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)(
HANDLE hProcess,
HANDLE hThread,
_tagADDRESS64 * lpaddr
);
inline BOOL(__stdcall *pStackWalk64)(
DWORD MachineType,
HANDLE hProcess,
HANDLE hThread,
_tagSTACKFRAME64 * StackFrame,
PVOID ContextRecord,
PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine,
PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine,
PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine,
PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress
);
// WINTRUST
inline BOOL(__stdcall *pWinVerifyTrust)(
HWND hwnd,
GUID * pgActionID,
LPVOID pWVTData
);
// IP Helper
inline ULONG(__stdcall *pGetAdaptersAddresses)(
ULONG Family,
ULONG Flags,
PVOID Reserved,
IP_ADAPTER_ADDRESSES *AdapterAddresses,
PULONG SizePointer
);
inline ULONG(__stdcall *pGetAdaptersInfo)(
_IP_ADAPTER_INFO * AdapterInfo,
PULONG SizePointer
);
inline bool gUseNativeWaitMutex {};
inline bool gUseNativeWaitCondvar {};
inline bool gUseNativeWaitSemapahore {};
inline bool gUseFastFail {};
void Win32DropInit();
void Win32DropSchedulerResolution();
void Win32Terminate();
AUKN_SYM /* I'm going to be kind */
HANDLE Win32Open(LPCWSTR lpFileName,
DWORD dwDesiredAccess = GENERIC_READ | GENERIC_WRITE,
DWORD dwShareMode = FILE_SHARE_READ,
bool bInherit = false,
DWORD dwCreationDisposition = 0,
DWORD dwFlags = 0,
DWORD dwAttributes = 0
);
}