513 lines
17 KiB
C++
513 lines
17 KiB
C++
/***
|
|
Copyright (C) 2023 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
|
|
|
File: AuProcAddresses.NT.hpp
|
|
Date: 2023-2-16
|
|
Author: Reece
|
|
***/
|
|
#pragma once
|
|
|
|
struct _PROCESS_MEMORY_COUNTERS;
|
|
struct _tagSTACKFRAME64;
|
|
struct _MINIDUMP_EXCEPTION_INFORMATION;
|
|
struct _MINIDUMP_USER_STREAM_INFORMATION;
|
|
struct _IMAGEHLP_LINE64;
|
|
struct _tagADDRESS64;
|
|
struct _MINIDUMP_CALLBACK_INFORMATION;
|
|
struct _MIB_IPADDRTABLE;
|
|
struct _IP_ADAPTER_INFO;
|
|
enum _MINIDUMP_TYPE;
|
|
|
|
#if defined(AURORA_COMPILER_MSVC)
|
|
struct _IP_ADAPTER_ADDRESSES_LH;
|
|
struct _IP_ADAPTER_ADDRESSES_XP;
|
|
#if (NTDDI_VERSION >= NTDDI_VISTA)
|
|
typedef _IP_ADAPTER_ADDRESSES_LH IP_ADAPTER_ADDRESSES;
|
|
typedef _IP_ADAPTER_ADDRESSES_LH *PIP_ADAPTER_ADDRESSES;
|
|
#elif (NTDDI_VERSION >= NTDDI_WINXP)
|
|
typedef _IP_ADAPTER_ADDRESSES_XP IP_ADAPTER_ADDRESSES;
|
|
typedef _IP_ADAPTER_ADDRESSES_XP *PIP_ADAPTER_ADDRESSES;
|
|
#else
|
|
typedef _IP_ADAPTER_ADDRESSES_XP IP_ADAPTER_ADDRESSES;
|
|
typedef _IP_ADAPTER_ADDRESSES_XP *PIP_ADAPTER_ADDRESSES;
|
|
#endif
|
|
#endif
|
|
|
|
namespace Aurora
|
|
{
|
|
void InitNTAddresses();
|
|
|
|
static const wchar_t *kSyncDllName { L"API-MS-Win-Core-Synch-l1-2-0.dll" };
|
|
static const wchar_t *kNtDllName { L"NTDLL.dll" };
|
|
static const wchar_t *kKernel32DllName { L"Kernel32.dll" };
|
|
static const wchar_t *kKernelBaseDllName { L"KernelBase.dll" };
|
|
static const wchar_t *kWS2DllName { L"Ws2_32.dll" };
|
|
static const wchar_t *kAdvancedApiDllName { L"Advapi32.dll" };
|
|
static const wchar_t *kBCryptDllName { L"bcrypt.dll" };
|
|
static const wchar_t *kThemeDllName { L"UxTheme.dll" };
|
|
static const wchar_t *kShellDllName { L"Shell32.dll" };
|
|
static const wchar_t *kPSAPILegacyDllName { L"psapi.dll" };
|
|
static const wchar_t *kDbgHelperDllName { L"dbghelp.dll" };
|
|
static const wchar_t *kWinTrustDllName { L"WINTRUST.dll" };
|
|
static const wchar_t *kIPHelperDllName { L"IPHLPAPI.dll" };
|
|
|
|
struct WIN32_MEMORY_RANGE_ENTRY2
|
|
{
|
|
PVOID VirtualAddress;
|
|
SIZE_T NumberOfBytes;
|
|
};
|
|
|
|
enum class THREAD_INFORMATION_CLASS
|
|
{
|
|
ThreadMemoryPriority,
|
|
ThreadAbsoluteCpuPriority,
|
|
ThreadDynamicCodePolicy,
|
|
ThreadPowerThrottling,
|
|
ThreadInformationClassMax
|
|
};
|
|
|
|
inline BOOL(__stdcall *pWaitOnAddress)(
|
|
volatile VOID * Address,
|
|
PVOID CompareAddress,
|
|
SIZE_T AddressSize,
|
|
DWORD dwMilliseconds
|
|
);
|
|
|
|
inline void(__stdcall *pWakeByAddressSingle)(
|
|
PVOID Address
|
|
);
|
|
|
|
inline void(__stdcall *pWakeByAddressAll)(
|
|
PVOID Address
|
|
);
|
|
|
|
inline DWORD(__stdcall *pNtDelayExecution)(
|
|
BOOLEAN Alertable,
|
|
PLARGE_INTEGER DelayInterval
|
|
);
|
|
|
|
inline PVOID(__stdcall *pVirtualAlloc2)(
|
|
HANDLE Process,
|
|
PVOID BaseAddress,
|
|
SIZE_T Size,
|
|
ULONG AllocationType,
|
|
ULONG PageProtection,
|
|
MEM_EXTENDED_PARAMETER * ExtendedParameters,
|
|
ULONG ParameterCount
|
|
);
|
|
|
|
inline PVOID(__stdcall *pMapViewOfFile3)(
|
|
HANDLE FileMapping,
|
|
HANDLE Process,
|
|
PVOID BaseAddress,
|
|
ULONG64 Offset,
|
|
SIZE_T ViewSize,
|
|
ULONG AllocationType,
|
|
ULONG PageProtection,
|
|
MEM_EXTENDED_PARAMETER * ExtendedParameters,
|
|
ULONG ParameterCount
|
|
);
|
|
|
|
inline PVOID(__stdcall *pUnmapViewOfFile2)(
|
|
HANDLE Process,
|
|
PVOID BaseAddress,
|
|
ULONG UnmapFlags
|
|
);
|
|
|
|
inline NTSTATUS(__stdcall *pNtWaitForKeyedEvent)(
|
|
HANDLE Handle,
|
|
PVOID Key,
|
|
BOOLEAN Alertable,
|
|
PLARGE_INTEGER NTTimeout
|
|
);
|
|
|
|
inline NTSTATUS(__stdcall *pNtReleaseKeyedEvent)(
|
|
HANDLE Handle,
|
|
PVOID Key,
|
|
BOOLEAN Alertable,
|
|
PLARGE_INTEGER NTTimeout
|
|
);
|
|
|
|
inline NTSTATUS(__stdcall *pNtCreateKeyedEvent)(
|
|
HANDLE Handle,
|
|
ACCESS_MASK Access,
|
|
POBJECT_ATTRIBUTES Attr,
|
|
ULONG Flags
|
|
);
|
|
|
|
inline NTSTATUS(__stdcall *pNtOpenKeyedEvent)(
|
|
HANDLE Handle,
|
|
ACCESS_MASK Access,
|
|
POBJECT_ATTRIBUTES Attr,
|
|
ULONG Flags
|
|
);
|
|
|
|
inline NTSTATUS(__stdcall *pRtlWaitOnAddress)(
|
|
const void * addr,
|
|
const void * cmp,
|
|
SIZE_T size,
|
|
const LARGE_INTEGER * timeout
|
|
);
|
|
|
|
inline void(__stdcall *pRtlWakeByAddressAll)(
|
|
const void * addr
|
|
);
|
|
|
|
inline void(__stdcall *pRtlWakeAddressSingle)(
|
|
const void * addr
|
|
);
|
|
|
|
#if defined(AURORA_PLATFORM_WIN32)
|
|
inline NTSTATUS(__stdcall *pRtlGetVersion)(
|
|
PRTL_OSVERSIONINFOW lpVersionInformation
|
|
);
|
|
#endif
|
|
|
|
inline NTSTATUS(__stdcall *pNtNotifyChangeDirectoryFile)(
|
|
HANDLE FileHandle,
|
|
HANDLE Event,
|
|
PIO_APC_ROUTINE ApcRoutine,
|
|
PVOID ApcContext,
|
|
PIO_STATUS_BLOCK IoStatusBlock,
|
|
PVOID Buffer,
|
|
ULONG BufferSize,
|
|
ULONG CompletionFilter,
|
|
BOOLEAN WatchTree
|
|
);
|
|
|
|
inline NTSTATUS(__stdcall *pNtTerminateProcess)(
|
|
HANDLE ProcessHandle,
|
|
NTSTATUS ExitStatus
|
|
);
|
|
|
|
inline BOOL(__stdcall *pGetSystemCpuSetInformation)(
|
|
PSYSTEM_CPU_SET_INFORMATION Information,
|
|
ULONG BufferLength,
|
|
PULONG ReturnedLength,
|
|
HANDLE Process,
|
|
ULONG Flags
|
|
);
|
|
|
|
inline BOOL(__stdcall *pGetLogicalProcessorInformation)(
|
|
PSYSTEM_LOGICAL_PROCESSOR_INFORMATION Buffer,
|
|
PDWORD ReturnedLength
|
|
);
|
|
|
|
inline HRESULT(__stdcall *pSetThreadDescription)(
|
|
HANDLE hThread,
|
|
PCWSTR lpThreadDescription
|
|
);
|
|
|
|
inline BOOL(__stdcall *pSetThreadInformation)(
|
|
HANDLE hThread,
|
|
THREAD_INFORMATION_CLASS ThreadInformationClass,
|
|
LPVOID ThreadInformation,
|
|
DWORD ThreadInformationSize
|
|
);
|
|
|
|
inline BOOL(__stdcall *pSetThreadSelectedCpuSets)(
|
|
HANDLE Thread,
|
|
const ULONG * CpuSetIds,
|
|
ULONG CpuSetIdCount
|
|
);
|
|
|
|
#if defined(AURORA_PLATFORM_WIN32)
|
|
inline BOOL(__stdcall *pSetThreadGroupAffinity)(
|
|
HANDLE hThread,
|
|
GROUP_AFFINITY * GroupAffinity,
|
|
PGROUP_AFFINITY PreviousGroupAffinity
|
|
);
|
|
#endif
|
|
|
|
inline INT(__stdcall *pGetAddrInfoExCancel)(
|
|
LPHANDLE lpHandle
|
|
);
|
|
|
|
using LPLOOKUPSERVICE_COMPLETION_ROUTINE = void(__stdcall *)(
|
|
DWORD dwError,
|
|
DWORD dwBytes,
|
|
LPWSAOVERLAPPED lpOverlapped
|
|
);
|
|
|
|
inline INT(__stdcall *pGetAddrInfoExW)(
|
|
PCWSTR pName,
|
|
PCWSTR pServiceName,
|
|
DWORD dwNameSpace,
|
|
LPGUID lpNspId,
|
|
const ADDRINFOEXW * hints,
|
|
PADDRINFOEXW * ppResult,
|
|
struct timeval * timeout,
|
|
LPOVERLAPPED lpOverlapped,
|
|
LPLOOKUPSERVICE_COMPLETION_ROUTINE lpCompletionRoutine,
|
|
LPHANDLE lpHandle
|
|
);
|
|
|
|
inline void(__stdcall *pFreeAddrInfoExW)(
|
|
PADDRINFOEXW pAddrInfoEx
|
|
);
|
|
|
|
inline INT(__stdcall *pgetaddrinfo)(
|
|
PCSTR pNodeName,
|
|
PCSTR pServiceName,
|
|
const ADDRINFOA * pHints,
|
|
PADDRINFOA * ppResult
|
|
);
|
|
|
|
inline void(__stdcall *pfreeaddrinfo)(
|
|
PADDRINFOA pAddrInfo
|
|
);
|
|
|
|
inline BOOL(__stdcall *pPrefetchVirtualMemory)(
|
|
HANDLE hProcess,
|
|
ULONG_PTR NumberOfEntries,
|
|
WIN32_MEMORY_RANGE_ENTRY2 * VirtualAddresses,
|
|
ULONG Flags
|
|
);
|
|
|
|
inline NTSTATUS(__stdcall *pBCryptGenRandom)(
|
|
PVOID hAlgorithm,
|
|
PUCHAR pbBuffer,
|
|
ULONG cbBuffer,
|
|
ULONG dwFlags
|
|
);
|
|
|
|
inline BOOL(__stdcall *pCryptGenRandom)(
|
|
ULONG_PTR hProv,
|
|
DWORD dwLen,
|
|
BYTE *pbBuffer
|
|
);
|
|
|
|
inline BOOL(__stdcall *pCryptAcquireContextW)(
|
|
ULONG_PTR * hProv,
|
|
LPCWSTR szContainer,
|
|
LPCWSTR szProvider,
|
|
DWORD dwProvType,
|
|
DWORD dwFlags
|
|
);
|
|
|
|
inline BOOL(__stdcall *pCryptReleaseContext)(
|
|
ULONG_PTR hProvz,
|
|
DWORD dwFlags
|
|
);
|
|
|
|
inline NTSTATUS(__stdcall *pZwSetTimerResolution)(
|
|
ULONG RequestedResolution,
|
|
BOOLEAN Set,
|
|
PULONG ActualResolution
|
|
);
|
|
|
|
inline BOOLEAN(__stdcall *pRtlGenRandom)(
|
|
PVOID RandomBuffer,
|
|
ULONG RandomBufferLength
|
|
);
|
|
|
|
#if defined(AURORA_PLATFORM_WIN32)
|
|
inline NTSTATUS(__stdcall *pNtQueryInformationProcess)(
|
|
HANDLE ProcessHandle,
|
|
PROCESSINFOCLASS ProcessInformationClass,
|
|
PVOID ProcessInformation,
|
|
ULONG ProcessInformationLength,
|
|
PULONG ReturnLength
|
|
);
|
|
#endif
|
|
|
|
inline ULONGLONG(__stdcall *pVerSetConditionMask)(
|
|
ULONGLONG ConditionMask,
|
|
DWORD TypeMask,
|
|
BYTE Condition
|
|
);
|
|
|
|
inline BOOL(__stdcall *pVerifyVersionInfoW)(
|
|
LPOSVERSIONINFOEXW dwTypeMask,
|
|
DWORD TypeMask,
|
|
DWORDLONG dwlConditionMask
|
|
);
|
|
|
|
inline HRESULT(__stdcall *pSetWindowTheme)(
|
|
HWND hwnd,
|
|
LPCWSTR pszSubAppName,
|
|
LPCWSTR pszSubIdList
|
|
);
|
|
|
|
inline HANDLE(__stdcall *pFindFirstStreamW)(
|
|
LPCWSTR lpFileName,
|
|
STREAM_INFO_LEVELS InfoLevel,
|
|
LPVOID lpFindStreamData,
|
|
DWORD dwFlags
|
|
);
|
|
|
|
inline BOOL(__stdcall *pFindNextStreamW)(
|
|
HANDLE hFindStream,
|
|
LPVOID lpFindStreamData
|
|
);
|
|
|
|
inline BOOL(__stdcall *pFindClose)(
|
|
HANDLE hFindFile
|
|
);
|
|
|
|
inline BOOL(__stdcall *pCancelIoEx)(
|
|
HANDLE hFile,
|
|
LPOVERLAPPED lpOverlapped
|
|
);
|
|
|
|
inline BOOL(__stdcall *pCancelSynchronousIo)(
|
|
HANDLE hThread
|
|
);
|
|
|
|
inline BOOL(__stdcall *pGetProcessMemoryInfo)(
|
|
HANDLE Process,
|
|
::_PROCESS_MEMORY_COUNTERS *ppsmemCounters,
|
|
DWORD cb
|
|
);
|
|
|
|
inline BOOL(__stdcall *pSetFileInformationByHandle)(
|
|
HANDLE hFile,
|
|
FILE_INFO_BY_HANDLE_CLASS FileInformationClass,
|
|
LPVOID lpFileInformation,
|
|
DWORD dwBufferSize
|
|
);
|
|
|
|
inline int(__stdcall *pGetLocaleInfoEx)(
|
|
LPCWSTR lpLocaleName,
|
|
LCTYPE LCType,
|
|
LPWSTR lpLCData,
|
|
int cchData
|
|
);
|
|
|
|
inline int(__stdcall *pLCIDToLocaleName)(
|
|
LCID Locale,
|
|
LPWSTR lpName,
|
|
int cchName,
|
|
DWORD dwFlags
|
|
);
|
|
|
|
inline int(__stdcall *pGetLocaleInfoW)(
|
|
LCID Locale,
|
|
LCTYPE LCType,
|
|
LPWSTR lpLCData,
|
|
int cchData
|
|
);
|
|
|
|
inline DWORD(__stdcall *pGetThreadId)(
|
|
HANDLE hThread
|
|
);
|
|
|
|
inline HRESULT(__stdcall *pSHGetKnownFolderPath)(
|
|
const GUID & rfid,
|
|
DWORD dwFlags,
|
|
HANDLE hToken,
|
|
PWSTR * ppszPath
|
|
);
|
|
|
|
// dbghelp
|
|
|
|
inline DWORD(__stdcall *pUnDecorateSymbolName)(
|
|
PCSTR name,
|
|
PSTR outputString,
|
|
DWORD maxStringLength,
|
|
DWORD flags
|
|
);
|
|
|
|
inline BOOL(__stdcall *pMiniDumpWriteDump)(
|
|
HANDLE hProcess,
|
|
DWORD ProcessId,
|
|
HANDLE hFile,
|
|
enum _MINIDUMP_TYPE DumpType,
|
|
_MINIDUMP_EXCEPTION_INFORMATION * ExceptionParam,
|
|
_MINIDUMP_USER_STREAM_INFORMATION * UserStreamParam,
|
|
_MINIDUMP_CALLBACK_INFORMATION * CallbackParam
|
|
);
|
|
|
|
inline BOOL(__stdcall *pSymInitialize)(
|
|
HANDLE hProcess,
|
|
PCSTR UserSearchPath,
|
|
BOOL fInvadeProcess
|
|
);
|
|
|
|
inline DWORD64(__stdcall *pSymGetModuleBase64)(
|
|
HANDLE hProcess,
|
|
DWORD64 qwAddr
|
|
);
|
|
|
|
inline BOOL(__stdcall *pSymGetLineFromAddr64)(
|
|
HANDLE hProcess,
|
|
DWORD64 qwAddr,
|
|
PDWORD pdwDisplacement,
|
|
_IMAGEHLP_LINE64 * Line64
|
|
);
|
|
|
|
inline PVOID(__stdcall *pSymFunctionTableAccess64)(
|
|
HANDLE hProcess,
|
|
DWORD64 AddrBase
|
|
);
|
|
|
|
typedef BOOL(__stdcall *PREAD_PROCESS_MEMORY_ROUTINE64)(
|
|
HANDLE hProcess,
|
|
DWORD64 qwBaseAddress,
|
|
PVOID lpBuffer,
|
|
DWORD nSize,
|
|
LPDWORD lpNumberOfBytesRead
|
|
);
|
|
|
|
typedef PVOID (__stdcall *PFUNCTION_TABLE_ACCESS_ROUTINE64)(
|
|
HANDLE hProcess,
|
|
DWORD64 AddrBase
|
|
);
|
|
|
|
typedef DWORD64(__stdcall *PGET_MODULE_BASE_ROUTINE64)(
|
|
HANDLE hProcess,
|
|
DWORD64 Address
|
|
);
|
|
|
|
typedef DWORD64 (__stdcall *PTRANSLATE_ADDRESS_ROUTINE64)(
|
|
HANDLE hProcess,
|
|
HANDLE hThread,
|
|
_tagADDRESS64 * lpaddr
|
|
);
|
|
|
|
inline BOOL(__stdcall *pStackWalk64)(
|
|
DWORD MachineType,
|
|
HANDLE hProcess,
|
|
HANDLE hThread,
|
|
_tagSTACKFRAME64 * StackFrame,
|
|
PVOID ContextRecord,
|
|
PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine,
|
|
PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine,
|
|
PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine,
|
|
PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress
|
|
);
|
|
|
|
// WINTRUST
|
|
|
|
inline BOOL(__stdcall *pWinVerifyTrust)(
|
|
HWND hwnd,
|
|
GUID * pgActionID,
|
|
LPVOID pWVTData
|
|
);
|
|
|
|
// IP Helper
|
|
|
|
inline ULONG(__stdcall *pGetAdaptersAddresses)(
|
|
ULONG Family,
|
|
ULONG Flags,
|
|
PVOID Reserved,
|
|
IP_ADAPTER_ADDRESSES *AdapterAddresses,
|
|
PULONG SizePointer
|
|
);
|
|
|
|
inline ULONG(__stdcall *pGetAdaptersInfo)(
|
|
_IP_ADAPTER_INFO * AdapterInfo,
|
|
PULONG SizePointer
|
|
);
|
|
|
|
inline bool gUseNativeWaitMutex {};
|
|
inline bool gUseNativeWaitCondvar {};
|
|
inline bool gUseNativeWaitSemapahore {};
|
|
|
|
inline bool gUseFastFail {};
|
|
|
|
void Win32DropInit();
|
|
void Win32DropSchedulerResolution();
|
|
|
|
void Win32Terminate();
|
|
} |