mirror of https://github.com/vxunderground/VX-API
Function renaming + annotations
This commit is contained in:
parent
f0b5d2bd5d
commit
a623af12b7
|
@ -5,7 +5,7 @@ BOOL AdfIsCreateProcessDebugEventCodeSet(VOID)
|
|||
WCHAR FilePath[MAX_PATH * sizeof(WCHAR)] = { 0 };
|
||||
HANDLE hHandle = INVALID_HANDLE_VALUE;
|
||||
|
||||
if (GetProcessPathFromProcessParametersW((MAX_PATH * sizeof(WCHAR)), FilePath) == 0)
|
||||
if (GetProcessPathFromUserProcessParametersW((MAX_PATH * sizeof(WCHAR)), FilePath) == 0)
|
||||
return FALSE;
|
||||
|
||||
hHandle = CreateFileW(FilePath, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, 0);
|
||||
|
|
|
@ -65,7 +65,7 @@ EXIT_ROUTINE:
|
|||
dwError = GetLastErrorFromTeb();
|
||||
|
||||
if (SidString)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, SidString);
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, SidString);
|
||||
|
||||
if (hToken)
|
||||
CloseHandle(hToken);
|
||||
|
@ -147,7 +147,7 @@ EXIT_ROUTINE:
|
|||
dwError = GetLastErrorFromTeb();
|
||||
|
||||
if (SidString)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, SidString);
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, SidString);
|
||||
|
||||
if (hToken)
|
||||
CloseHandle(hToken);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
BOOL CreateLocalAppDataObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL bDoesObjectExist)
|
||||
BOOL CreateLocalAppDataObjectPathW(_Inout_ PWCHAR pBuffer, _In_ PWCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist)
|
||||
{
|
||||
if (pBuffer == NULL)
|
||||
return FALSE;
|
||||
|
@ -20,7 +20,7 @@ BOOL CreateLocalAppDataObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
BOOL CreateLocalAppDataObjectPathA(PCHAR pBuffer, PCHAR Path, DWORD Size, BOOL bDoesObjectExist)
|
||||
BOOL CreateLocalAppDataObjectPathA(_Inout_ PCHAR pBuffer, _In_ PCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist)
|
||||
{
|
||||
if (pBuffer == NULL)
|
||||
return FALSE;
|
||||
|
|
|
@ -70,7 +70,7 @@ HRESULT CreateProcessFromIHxHelpPaneServerA(PCHAR UriFile)
|
|||
if (dwLength == 0)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
wUriFile = (PWCHAR)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwLength);
|
||||
wUriFile = (PWCHAR)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwLength);
|
||||
if (wUriFile == NULL)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
|
@ -85,7 +85,7 @@ EXIT_ROUTINE:
|
|||
Help->Release();
|
||||
|
||||
if (wUriFile)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, wUriFile);
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, wUriFile);
|
||||
|
||||
CoUninitialize();
|
||||
|
||||
|
|
|
@ -66,7 +66,7 @@ HRESULT CreateProcessFromIHxInteractiveUserA(PCHAR UriFile)
|
|||
if (dwLength == 0)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
wUriFile = (PWCHAR)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwLength);
|
||||
wUriFile = (PWCHAR)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwLength);
|
||||
if(wUriFile == NULL)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
|
@ -81,7 +81,7 @@ EXIT_ROUTINE:
|
|||
User->Release();
|
||||
|
||||
if (wUriFile)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, wUriFile);
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, wUriFile);
|
||||
|
||||
CoUninitialize();
|
||||
|
||||
|
|
|
@ -199,7 +199,7 @@ DWORD CreateProcessViaNtCreateUserProcessA(PCHAR BinaryPath)
|
|||
if (RtlCreateProcessParametersEx(&ProcessParameters, &NtImagePath, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, RTL_USER_PROCESS_PARAMETERS_NORMALIZED) != ERROR_SUCCESS)
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
AttributeList = (PPS_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, sizeof(PS_ATTRIBUTE));
|
||||
AttributeList = (PPS_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, sizeof(PS_ATTRIBUTE));
|
||||
if (AttributeList)
|
||||
{
|
||||
AttributeList->TotalLength = sizeof(PS_ATTRIBUTE_LIST) - sizeof(PS_ATTRIBUTE);
|
||||
|
@ -292,7 +292,7 @@ DWORD CreateProcessViaNtCreateUserProcessW(PWCHAR BinaryPath)
|
|||
if (RtlCreateProcessParametersEx(&ProcessParameters, &NtImagePath, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, RTL_USER_PROCESS_PARAMETERS_NORMALIZED) != ERROR_SUCCESS)
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
AttributeList = (PPS_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, sizeof(PS_ATTRIBUTE));
|
||||
AttributeList = (PPS_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, sizeof(PS_ATTRIBUTE));
|
||||
if (AttributeList)
|
||||
{
|
||||
AttributeList->TotalLength = sizeof(PS_ATTRIBUTE_LIST) - sizeof(PS_ATTRIBUTE);
|
||||
|
|
|
@ -82,7 +82,7 @@ BOOL CreateProcessWithCfGuardW(PPROCESS_INFORMATION Pi, PWCHAR Path)
|
|||
if (dwAttributeSize == 0)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
ThreadAttributes = (PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwAttributeSize);
|
||||
ThreadAttributes = (PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwAttributeSize);
|
||||
if (ThreadAttributes == NULL)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
|
@ -103,7 +103,7 @@ BOOL CreateProcessWithCfGuardW(PPROCESS_INFORMATION Pi, PWCHAR Path)
|
|||
EXIT_ROUTINE:
|
||||
|
||||
if (ThreadAttributes)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, (PPROC_THREAD_ATTRIBUTE_LIST)ThreadAttributes);
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, (PPROC_THREAD_ATTRIBUTE_LIST)ThreadAttributes);
|
||||
|
||||
return bFlag;
|
||||
}
|
||||
|
@ -123,7 +123,7 @@ BOOL CreateProcessWithCfGuardA(PPROCESS_INFORMATION Pi, PCHAR Path)
|
|||
if (dwAttributeSize == 0)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
ThreadAttributes = (PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwAttributeSize);
|
||||
ThreadAttributes = (PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwAttributeSize);
|
||||
if (ThreadAttributes == NULL)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
|
@ -144,7 +144,7 @@ BOOL CreateProcessWithCfGuardA(PPROCESS_INFORMATION Pi, PCHAR Path)
|
|||
EXIT_ROUTINE:
|
||||
|
||||
if (ThreadAttributes)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, (PPROC_THREAD_ATTRIBUTE_LIST)ThreadAttributes);
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, (PPROC_THREAD_ATTRIBUTE_LIST)ThreadAttributes);
|
||||
|
||||
return bFlag;
|
||||
}
|
|
@ -5,7 +5,7 @@ PWCHAR CreatePseudoRandomStringW(_In_ SIZE_T dwLength, _In_ ULONG Seed)
|
|||
WCHAR DataSet[] = L"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
||||
PWCHAR String = NULL;
|
||||
|
||||
String = (PWCHAR)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, (sizeof(WCHAR) * (dwLength + 1)));
|
||||
String = (PWCHAR)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, (sizeof(WCHAR) * (dwLength + 1)));
|
||||
if (String == NULL)
|
||||
return NULL;
|
||||
|
||||
|
@ -31,7 +31,7 @@ PCHAR CreatePseudoRandomStringA(_In_ SIZE_T dwLength, _In_ ULONG Seed)
|
|||
CHAR DataSet[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
||||
PCHAR String = NULL;
|
||||
|
||||
String = (PCHAR)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, (sizeof(CHAR) * (dwLength + 1)));
|
||||
String = (PCHAR)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, (sizeof(CHAR) * (dwLength + 1)));
|
||||
if (String == NULL)
|
||||
return NULL;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
BOOL CreateWindowsObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL bDoesObjectExist)
|
||||
BOOL CreateWindowsObjectPathW(_Inout_ PWCHAR pBuffer, _In_ PWCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist)
|
||||
{
|
||||
if (pBuffer == NULL)
|
||||
return FALSE;
|
||||
|
@ -20,7 +20,7 @@ BOOL CreateWindowsObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL bDoe
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
BOOL CreateWindowsObjectPathA(PCHAR pBuffer, PCHAR Path, DWORD Size, BOOL bDoesObjectExist)
|
||||
BOOL CreateWindowsObjectPathA(_Inout_ PCHAR pBuffer, _In_ PCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist)
|
||||
{
|
||||
if (pBuffer == NULL)
|
||||
return FALSE;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
BOOL DeleteFileExA(PCHAR Path)
|
||||
BOOL DeleteFileWithCreateFileFlagA(_In_ PCHAR Path)
|
||||
{
|
||||
HANDLE hHandle = INVALID_HANDLE_VALUE;
|
||||
|
||||
|
@ -19,7 +19,7 @@ BOOL DeleteFileExA(PCHAR Path)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
BOOL DeleteFileExW(PWCHAR Path)
|
||||
BOOL DeleteFileWithCreateFileFlagW(_In_ PWCHAR Path)
|
||||
{
|
||||
HANDLE hHandle = INVALID_HANDLE_VALUE;
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD GetCurrentDirectoryExA(DWORD nBufferLength, PCHAR lpBuffer)
|
||||
DWORD GetCurrentDirectoryFromUserProcessParametersA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer)
|
||||
{
|
||||
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
|
||||
|
||||
|
@ -10,7 +10,7 @@ DWORD GetCurrentDirectoryExA(DWORD nBufferLength, PCHAR lpBuffer)
|
|||
return (DWORD)WCharStringToCharString(lpBuffer, ProcessParameters->CurrentDirectory.DosPath.Buffer, ProcessParameters->CurrentDirectory.DosPath.MaximumLength);
|
||||
}
|
||||
|
||||
DWORD GetCurrentDirectoryExW(DWORD nBufferLength, PWCHAR lpBuffer)
|
||||
DWORD GetCurrentDirectoryFromUserProcessParametersW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer)
|
||||
{
|
||||
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
HANDLE GetCurrentProcessEx(VOID)
|
||||
{
|
||||
return (HANDLE)((HANDLE)-1);
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD GetCurrentProcessIdEx(VOID)
|
||||
DWORD GetCurrentProcessIdFromTeb(VOID)
|
||||
{
|
||||
return HandleToUlong(GetTeb()->ClientId.UniqueProcess);
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
HANDLE GetCurrentThreadEx(VOID)
|
||||
{
|
||||
return ((HANDLE)(LONG_PTR)-2);
|
||||
}
|
|
@ -10,7 +10,7 @@ DWORD GetTokenInformationBufferSize(HANDLE hToken)
|
|||
return dwReturn;
|
||||
}
|
||||
|
||||
LPWSTR GetCurrentUserSidW(HANDLE hToken, BOOL DisposeProcessHandle)
|
||||
LPWSTR GetCurrentUserSidW(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle)
|
||||
{
|
||||
typedef BOOL(WINAPI* CONVERTSIDTOSTRINGSIDW)(PSID, LPWSTR*);
|
||||
CONVERTSIDTOSTRINGSIDW ConvertSidToStringSidW;
|
||||
|
@ -29,14 +29,14 @@ LPWSTR GetCurrentUserSidW(HANDLE hToken, BOOL DisposeProcessHandle)
|
|||
if (!ConvertSidToStringSidW)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
if (!OpenProcessToken(GetCurrentProcessEx(), TOKEN_ALL_ACCESS, &hToken))
|
||||
if (!OpenProcessToken(InlineGetCurrentProcess, TOKEN_ALL_ACCESS, &hToken))
|
||||
return NULL;
|
||||
|
||||
dwError = GetTokenInformationBufferSize(hToken);
|
||||
if (dwError == 0)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
TokenGroup = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwError);
|
||||
TokenGroup = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwError);
|
||||
if (TokenGroup == NULL)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
|
@ -52,7 +52,7 @@ LPWSTR GetCurrentUserSidW(HANDLE hToken, BOOL DisposeProcessHandle)
|
|||
|
||||
dwError = GetLengthSid(TokenGroup->Groups[dwIndex].Sid);
|
||||
|
||||
Sid = (PSID)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwError);
|
||||
Sid = (PSID)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwError);
|
||||
if (Sid == NULL)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
|
@ -74,10 +74,10 @@ EXIT_ROUTINE:
|
|||
dwError = GetLastErrorFromTeb();
|
||||
|
||||
if (TokenGroup)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, TokenGroup);
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, TokenGroup);
|
||||
|
||||
if (Sid)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, Sid);
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, Sid);
|
||||
|
||||
if (hAdvapi)
|
||||
FreeLibrary(hAdvapi);
|
||||
|
@ -91,7 +91,7 @@ EXIT_ROUTINE:
|
|||
return (bFlag ? pSid : NULL);
|
||||
}
|
||||
|
||||
LPSTR GetCurrentUserSidA(HANDLE hToken, BOOL DisposeProcessHandle)
|
||||
LPSTR GetCurrentUserSidA(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle)
|
||||
{
|
||||
typedef BOOL(WINAPI* CONVERTSIDTOSTRINGSIDA)(PSID, LPSTR*);
|
||||
CONVERTSIDTOSTRINGSIDA ConvertSidToStringSidA;
|
||||
|
@ -110,14 +110,14 @@ LPSTR GetCurrentUserSidA(HANDLE hToken, BOOL DisposeProcessHandle)
|
|||
if (!ConvertSidToStringSidA)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
if (!OpenProcessToken(GetCurrentProcessEx(), TOKEN_ALL_ACCESS, &hToken))
|
||||
if (!OpenProcessToken(InlineGetCurrentProcess, TOKEN_ALL_ACCESS, &hToken))
|
||||
return NULL;
|
||||
|
||||
dwError = GetTokenInformationBufferSize(hToken);
|
||||
if (dwError == 0)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
TokenGroup = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwError);
|
||||
TokenGroup = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwError);
|
||||
if (TokenGroup == NULL)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
|
@ -133,7 +133,7 @@ LPSTR GetCurrentUserSidA(HANDLE hToken, BOOL DisposeProcessHandle)
|
|||
|
||||
dwError = GetLengthSid(TokenGroup->Groups[dwIndex].Sid);
|
||||
|
||||
Sid = (PSID)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwError);
|
||||
Sid = (PSID)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwError);
|
||||
if (Sid == NULL)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
|
@ -155,10 +155,10 @@ EXIT_ROUTINE:
|
|||
dwError = GetLastErrorFromTeb();
|
||||
|
||||
if (TokenGroup)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, TokenGroup);
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, TokenGroup);
|
||||
|
||||
if (Sid)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, Sid);
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, Sid);
|
||||
|
||||
if (hAdvapi)
|
||||
FreeLibrary(hAdvapi);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD GetCurrentWindowTextA(DWORD nBufferLength, PCHAR lpBuffer)
|
||||
DWORD GetCurrentWindowTextFromUserProcessParametersA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer)
|
||||
{
|
||||
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
|
||||
|
||||
|
@ -10,7 +10,7 @@ DWORD GetCurrentWindowTextA(DWORD nBufferLength, PCHAR lpBuffer)
|
|||
return (DWORD)WCharStringToCharString(lpBuffer, ProcessParameters->WindowTitle.Buffer, ProcessParameters->WindowTitle.MaximumLength);
|
||||
}
|
||||
|
||||
DWORD GetCurrentWindowTextW(DWORD nBufferLength, PWCHAR lpBuffer)
|
||||
DWORD GetCurrentWindowTextFromUserProcessParametersW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer)
|
||||
{
|
||||
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
LONGLONG GetFileSizeFromPathW(PWCHAR Path, DWORD dwFlagsAndAttributes)
|
||||
LONGLONG GetFileSizeFromPathW(_In_ PWCHAR Path, _In_ DWORD dwFlagsAndAttributes)
|
||||
{
|
||||
LARGE_INTEGER LargeInteger;
|
||||
HANDLE hHandle = INVALID_HANDLE_VALUE;
|
||||
|
@ -20,7 +20,7 @@ LONGLONG GetFileSizeFromPathW(PWCHAR Path, DWORD dwFlagsAndAttributes)
|
|||
return INVALID_FILE_SIZE;
|
||||
}
|
||||
|
||||
LONGLONG GetFileSizeFromPathA(PCHAR Path, DWORD dwFlagsAndAttributes)
|
||||
LONGLONG GetFileSizeFromPathA(_In_ PCHAR Path, _In_ DWORD dwFlagsAndAttributes)
|
||||
{
|
||||
LARGE_INTEGER LargeInteger;
|
||||
HANDLE hHandle = INVALID_HANDLE_VALUE;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
HMODULE GetModuleHandleEx2A(LPCSTR lpModuleName)
|
||||
HMODULE GetModuleHandleEx2A(_In_ LPCSTR lpModuleName)
|
||||
{
|
||||
PPEB Peb = GetPeb();
|
||||
PLDR_MODULE Module = NULL;
|
||||
|
@ -24,7 +24,7 @@ HMODULE GetModuleHandleEx2A(LPCSTR lpModuleName)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
HMODULE GetModuleHandleEx2W(LPCWSTR lpModuleName)
|
||||
HMODULE GetModuleHandleEx2W(_In_ LPCWSTR lpModuleName)
|
||||
{
|
||||
PPEB Peb = GetPeb();
|
||||
PLDR_MODULE Module = NULL;
|
|
@ -1,12 +1,12 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD64 __stdcall GetProcAddressA(DWORD64 ModuleBase, LPCSTR lpProcName)
|
||||
DWORD64 __stdcall GetProcAddressA(_In_ DWORD64 ModuleBase, _In_ LPCSTR lpProcName)
|
||||
{
|
||||
PBYTE pFunctionName;
|
||||
PIMAGE_DOS_HEADER Dos;
|
||||
PIMAGE_NT_HEADERS Nt;
|
||||
PIMAGE_FILE_HEADER File;
|
||||
PIMAGE_OPTIONAL_HEADER Optional;
|
||||
PBYTE pFunctionName = NULL;
|
||||
PIMAGE_DOS_HEADER Dos = NULL;
|
||||
PIMAGE_NT_HEADERS Nt = NULL;
|
||||
PIMAGE_FILE_HEADER File = NULL;
|
||||
PIMAGE_OPTIONAL_HEADER Optional = NULL;
|
||||
|
||||
RtlLoadPeHeaders(&Dos, &Nt, &File, &Optional, (PBYTE*)&ModuleBase);
|
||||
|
||||
|
@ -25,13 +25,13 @@ DWORD64 __stdcall GetProcAddressA(DWORD64 ModuleBase, LPCSTR lpProcName)
|
|||
return 0;
|
||||
}
|
||||
|
||||
DWORD64 __stdcall GetProcAddressW(DWORD64 ModuleBase, LPCWSTR lpProcName)
|
||||
DWORD64 __stdcall GetProcAddressW(_In_ DWORD64 ModuleBase, _In_ LPCWSTR lpProcName)
|
||||
{
|
||||
PBYTE pFunctionName;
|
||||
PIMAGE_DOS_HEADER Dos;
|
||||
PIMAGE_NT_HEADERS Nt;
|
||||
PIMAGE_FILE_HEADER File;
|
||||
PIMAGE_OPTIONAL_HEADER Optional;
|
||||
PBYTE pFunctionName = NULL;
|
||||
PIMAGE_DOS_HEADER Dos = NULL;
|
||||
PIMAGE_NT_HEADERS Nt = NULL;
|
||||
PIMAGE_FILE_HEADER File = NULL;
|
||||
PIMAGE_OPTIONAL_HEADER Optional = NULL;
|
||||
|
||||
RtlLoadPeHeaders(&Dos, &Nt, &File, &Optional, (PBYTE*)&ModuleBase);
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD64 __stdcall GetProcAddressDjb2(DWORD64 ModuleBase, DWORD64 Hash)
|
||||
DWORD64 __stdcall GetProcAddressDjb2(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
|
||||
{
|
||||
PBYTE pFunctionName;
|
||||
PIMAGE_DOS_HEADER Dos;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD64 __stdcall GetProcAddressFowlerNollVoVariant1a(DWORD64 ModuleBase, DWORD64 Hash)
|
||||
DWORD64 __stdcall GetProcAddressFowlerNollVoVariant1a(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
|
||||
{
|
||||
PBYTE pFunctionName;
|
||||
PIMAGE_DOS_HEADER Dos;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD64 __stdcall GetProcAddressJenkinsOneAtATime32Bit(DWORD64 ModuleBase, DWORD64 Hash)
|
||||
DWORD64 __stdcall GetProcAddressJenkinsOneAtATime32Bit(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
|
||||
{
|
||||
PBYTE pFunctionName;
|
||||
PIMAGE_DOS_HEADER Dos;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD64 __stdcall GetProcAddressLoseLose(DWORD64 ModuleBase, DWORD64 Hash)
|
||||
DWORD64 __stdcall GetProcAddressLoseLose(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
|
||||
{
|
||||
PBYTE pFunctionName;
|
||||
PIMAGE_DOS_HEADER Dos;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD64 __stdcall GetProcAddressRotr32(DWORD64 ModuleBase, DWORD64 Hash)
|
||||
DWORD64 __stdcall GetProcAddressRotr32(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
|
||||
{
|
||||
PBYTE pFunctionName;
|
||||
PIMAGE_DOS_HEADER Dos;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD64 __stdcall GetProcAddressSdbm(DWORD64 ModuleBase, DWORD64 Hash)
|
||||
DWORD64 __stdcall GetProcAddressSdbm(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
|
||||
{
|
||||
PBYTE pFunctionName;
|
||||
PIMAGE_DOS_HEADER Dos;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD64 __stdcall GetProcAddressSuperFastHash(DWORD64 ModuleBase, DWORD64 Hash)
|
||||
DWORD64 __stdcall GetProcAddressSuperFastHash(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
|
||||
{
|
||||
PBYTE pFunctionName;
|
||||
PIMAGE_DOS_HEADER Dos;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD64 __stdcall GetProcAddressUnknownGenericHash1(DWORD64 ModuleBase, DWORD64 Hash)
|
||||
DWORD64 __stdcall GetProcAddressUnknownGenericHash1(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
|
||||
{
|
||||
PBYTE pFunctionName;
|
||||
PIMAGE_DOS_HEADER Dos;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
HANDLE GetProcessHeapEx(VOID)
|
||||
HANDLE GetProcessHeapFromTeb(VOID)
|
||||
{
|
||||
return GetPeb()->ProcessHeap;
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD GetProcessPathFromLoaderLoadModuleA(DWORD nBufferLength, PCHAR lpBuffer)
|
||||
DWORD GetProcessPathFromLoaderLoadModuleA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer)
|
||||
{
|
||||
PPEB Peb = GetPeb();
|
||||
PLDR_MODULE Module = NULL;
|
||||
|
@ -12,7 +12,7 @@ DWORD GetProcessPathFromLoaderLoadModuleA(DWORD nBufferLength, PCHAR lpBuffer)
|
|||
return (DWORD)WCharStringToCharString(lpBuffer, Module->FullDllName.Buffer, Module->FullDllName.MaximumLength);
|
||||
}
|
||||
|
||||
DWORD GetProcessPathFromLoaderLoadModuleW(DWORD nBufferLength, PWCHAR lpBuffer)
|
||||
DWORD GetProcessPathFromLoaderLoadModuleW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer)
|
||||
{
|
||||
PPEB Peb = GetPeb();
|
||||
PLDR_MODULE Module = NULL;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD GetProcessPathFromProcessParametersA(DWORD nBufferLength, PCHAR lpBuffer)
|
||||
DWORD GetProcessPathFromUserProcessParametersA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer)
|
||||
{
|
||||
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
|
||||
|
||||
|
@ -10,7 +10,7 @@ DWORD GetProcessPathFromProcessParametersA(DWORD nBufferLength, PCHAR lpBuffer)
|
|||
return (DWORD)WCharStringToCharString(lpBuffer, ProcessParameters->ImagePathName.Buffer, ProcessParameters->ImagePathName.MaximumLength);
|
||||
}
|
||||
|
||||
DWORD GetProcessPathFromProcessParametersW(DWORD nBufferLength, PWCHAR lpBuffer)
|
||||
DWORD GetProcessPathFromUserProcessParametersW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer)
|
||||
{
|
||||
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
|
||||
|
|
@ -13,7 +13,7 @@ BOOL IsIntelHardwareBreakpointPresent(VOID)
|
|||
|
||||
Context->ContextFlags = CONTEXT_DEBUG_REGISTERS;
|
||||
|
||||
if (!GetThreadContext(GetCurrentThreadEx(), Context))
|
||||
if (!GetThreadContext(InlineGetCurrentThread, Context))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
if (Context->Dr0 || Context->Dr1 || Context->Dr2 || Context->Dr3)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
BOOL IsPathValidA(PCHAR FilePath)
|
||||
BOOL IsPathValidA(_In_ PCHAR FilePath)
|
||||
{
|
||||
HANDLE hFile = INVALID_HANDLE_VALUE;
|
||||
|
||||
|
@ -14,7 +14,7 @@ BOOL IsPathValidA(PCHAR FilePath)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
BOOL IsPathValidW(PWCHAR FilePath)
|
||||
BOOL IsPathValidW(_In_ PWCHAR FilePath)
|
||||
{
|
||||
HANDLE hFile = INVALID_HANDLE_VALUE;
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ BOOL IsProcessRunningAsAdmin(VOID)
|
|||
DWORD dwSize = 0;
|
||||
BOOL bFlag = FALSE;
|
||||
|
||||
if (!OpenProcessToken(GetCurrentProcessEx(), TOKEN_QUERY, &hToken))
|
||||
if (!OpenProcessToken(InlineGetCurrentProcess, TOKEN_QUERY, &hToken))
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
if (!GetTokenInformation(hToken, TokenElevation, &Elevation, sizeof(Elevation), &dwSize))
|
||||
|
|
|
@ -229,10 +229,10 @@ DWORD MpfComVssDeleteShadowVolumeBackups(BOOL CoUninitializeAfterCompletion)
|
|||
EXIT_ROUTINE:
|
||||
|
||||
if (ShadowCopyId)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, ShadowCopyId);
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, ShadowCopyId);
|
||||
|
||||
if (ShadowCopySetId)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, ShadowCopySetId);
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, ShadowCopySetId);
|
||||
|
||||
if (EnumObject)
|
||||
EnumObject->Release();
|
||||
|
|
|
@ -10,7 +10,7 @@ BOOL UnusedSubroutineRecursiveFindFileMainA(LPCSTR Path, LPCSTR Pattern, PVOID p
|
|||
typedef LPWSTR(WINAPI* PATHCOMBINEA)(LPCSTR, LPCSTR, LPCSTR);
|
||||
PATHCOMBINEA PathCombineA = (PATHCOMBINEA)pfnPathCombineW;
|
||||
|
||||
HANDLE HeapHandle = GetProcessHeapEx();
|
||||
HANDLE HeapHandle = GetProcessHeapFromTeb();
|
||||
CHAR szFullPattern[MAX_PATH] = { 0 };
|
||||
WIN32_FIND_DATAA FindData = { 0 };
|
||||
HANDLE FindHandle = INVALID_HANDLE_VALUE;
|
||||
|
@ -82,7 +82,7 @@ EXIT_ROUTINE:
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
BOOL RecursiveFindFileA(LPCSTR Path, LPCSTR Pattern)
|
||||
BOOL RecursiveFindFileA(_In_ LPCSTR Path, _In_ LPCSTR Pattern)
|
||||
{
|
||||
typedef LPWSTR(WINAPI* PATHCOMBINEA)(LPCSTR, LPCSTR, LPCSTR);
|
||||
PATHCOMBINEA PathCombineA = NULL;
|
||||
|
@ -123,7 +123,7 @@ BOOL UnusedSubroutineRecursiveFindFileMainW(LPCWSTR Path, LPCWSTR Pattern, PVOID
|
|||
typedef LPWSTR(WINAPI* PATHCOMBINEW)(LPCWSTR, LPCWSTR, LPCWSTR);
|
||||
PATHCOMBINEW PathCombineW = (PATHCOMBINEW)pfnPathCombineW;
|
||||
|
||||
HANDLE HeapHandle = GetProcessHeapEx();
|
||||
HANDLE HeapHandle = GetProcessHeapFromTeb();
|
||||
WCHAR szFullPattern[MAX_PATH] = { 0 };
|
||||
WIN32_FIND_DATAW FindData = { 0 };
|
||||
HANDLE FindHandle = INVALID_HANDLE_VALUE;
|
||||
|
@ -194,7 +194,7 @@ EXIT_ROUTINE:
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
BOOL RecursiveFindFileW(LPCWSTR Path, LPCWSTR Pattern)
|
||||
BOOL RecursiveFindFileW(_In_ LPCWSTR Path, _In_ LPCWSTR Pattern)
|
||||
{
|
||||
typedef LPWSTR(WINAPI* PATHCOMBINEW)(LPCWSTR, LPCWSTR, LPCWSTR);
|
||||
PATHCOMBINEW PathCombineW = NULL;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
BOOL RtlLoadPeHeaders(PIMAGE_DOS_HEADER* Dos, PIMAGE_NT_HEADERS* Nt, PIMAGE_FILE_HEADER* File, PIMAGE_OPTIONAL_HEADER* Optional, PBYTE* ImageBase)
|
||||
BOOL RtlLoadPeHeaders(_Inout_ PIMAGE_DOS_HEADER* Dos, _Inout_ PIMAGE_NT_HEADERS* Nt, _Inout_ PIMAGE_FILE_HEADER* File, _Inout_ PIMAGE_OPTIONAL_HEADER* Optional, _Inout_ PBYTE* ImageBase)
|
||||
{
|
||||
*Dos = (PIMAGE_DOS_HEADER)*ImageBase;
|
||||
if ((*Dos)->e_magic != IMAGE_DOS_SIGNATURE)
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
BOOL SetProcessPrivilegeToken(DWORD PrivilegeEnum)
|
||||
BOOL SetProcessPrivilegeToken(_In_ DWORD PrivilegeEnum)
|
||||
{
|
||||
HANDLE Process = GetCurrentProcessEx();
|
||||
HANDLE Process = InlineGetCurrentProcess;
|
||||
HANDLE Token = INVALID_HANDLE_VALUE;
|
||||
TOKEN_PRIVILEGES Privileges = { 0 };
|
||||
DWORD TokenLength = 0;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD UrlDownloadToFileSynchronousW(PWCHAR Url, PWCHAR SavePath)
|
||||
DWORD UrlDownloadToFileSynchronousW(_In_ PWCHAR Url, _In_ PWCHAR SavePath)
|
||||
{
|
||||
typedef HRESULT(WINAPI* URLDOWNLOADFILE)(LPUNKNOWN, LPCTSTR, LPCTSTR, DWORD, LPBINDSTATUSCALLBACK);
|
||||
class DownloadProgressRoutine : public IBindStatusCallback {
|
||||
|
@ -97,7 +97,7 @@ EXIT_ROUTINE:
|
|||
return dwError;
|
||||
}
|
||||
|
||||
DWORD UrlDownloadToFileSynchronousA(PCHAR Url, PCHAR SavePath)
|
||||
DWORD UrlDownloadToFileSynchronousA(_In_ PCHAR Url, _In_ PCHAR SavePath)
|
||||
{
|
||||
typedef HRESULT(WINAPI* URLDOWNLOADFILE)(LPUNKNOWN, LPCSTR, LPCSTR, DWORD, LPBINDSTATUSCALLBACK);
|
||||
class DownloadProgressRoutine : public IBindStatusCallback {
|
||||
|
|
|
@ -149,11 +149,9 @@
|
|||
<ClCompile Include="CreatePseudoRandomString.cpp" />
|
||||
<ClCompile Include="CreateWindowsObjectPath.cpp" />
|
||||
<ClCompile Include="DelayedExecutionExecuteOnDisplayOff.cpp" />
|
||||
<ClCompile Include="DeleteFileEx.cpp" />
|
||||
<ClCompile Include="GetCurrentDirectoryEx.cpp" />
|
||||
<ClCompile Include="GetCurrentProcessEx.cpp" />
|
||||
<ClCompile Include="GetCurrentProcessIdEx.cpp" />
|
||||
<ClCompile Include="GetCurrentThreadEx.cpp" />
|
||||
<ClCompile Include="DeleteFileWithCreateFileFlag.cpp" />
|
||||
<ClCompile Include="GetCurrentDirectoryFromUserProcessParameters.cpp" />
|
||||
<ClCompile Include="GetCurrentProcessIdFromTeb.cpp" />
|
||||
<ClCompile Include="GetCurrentUserSid.cpp" />
|
||||
<ClCompile Include="GetCurrentWindowText.cpp" />
|
||||
<ClCompile Include="GetFileSizeFromPath.cpp" />
|
||||
|
@ -161,7 +159,7 @@
|
|||
<ClCompile Include="GetLastErrorFromTeb.cpp" />
|
||||
<ClCompile Include="GetLastNtStatusEx.cpp" />
|
||||
<ClCompile Include="GetNumberOfLinkedDlls.cpp" />
|
||||
<ClCompile Include="GetModuleHandleEx.cpp" />
|
||||
<ClCompile Include="GetModuleHandleEx2.cpp" />
|
||||
<ClCompile Include="GetOSIdentificationData.cpp" />
|
||||
<ClCompile Include="GetPeb.cpp" />
|
||||
<ClCompile Include="GetProcAddress.cpp" />
|
||||
|
@ -173,9 +171,9 @@
|
|||
<ClCompile Include="GetProcAddressSdbm.cpp" />
|
||||
<ClCompile Include="GetProcAddressSuperFastHash.cpp" />
|
||||
<ClCompile Include="GetProcAddressUnknownGenericHash1.cpp" />
|
||||
<ClCompile Include="GetProcessHeapEx.cpp" />
|
||||
<ClCompile Include="GetProcessHeapFromTeb.cpp" />
|
||||
<ClCompile Include="GetProcessPathFromLoaderLoadModule.cpp" />
|
||||
<ClCompile Include="GetProcessPathFromProcessParameters.cpp" />
|
||||
<ClCompile Include="GetProcessPathFromUserProcessParameters.cpp" />
|
||||
<ClCompile Include="GetRtlUserProcessParameters.cpp" />
|
||||
<ClCompile Include="GetSystemWindowsDirectory.cpp" />
|
||||
<ClCompile Include="GetTeb.cpp" />
|
||||
|
|
|
@ -162,7 +162,7 @@
|
|||
<ClCompile Include="GetProcAddress.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Library Loading</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="GetModuleHandleEx.cpp">
|
||||
<ClCompile Include="GetModuleHandleEx2.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Library Loading</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="GetTeb.cpp">
|
||||
|
@ -210,19 +210,13 @@
|
|||
<ClCompile Include="CreateWindowsObjectPath.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="DeleteFileEx.cpp">
|
||||
<ClCompile Include="DeleteFileWithCreateFileFlag.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="GetCurrentDirectoryEx.cpp">
|
||||
<ClCompile Include="GetCurrentDirectoryFromUserProcessParameters.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="GetCurrentProcessEx.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="GetCurrentProcessIdEx.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="GetCurrentThreadEx.cpp">
|
||||
<ClCompile Include="GetCurrentProcessIdFromTeb.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="GetCurrentUserSid.cpp">
|
||||
|
@ -234,13 +228,13 @@
|
|||
<ClCompile Include="GetFileSizeFromPath.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="GetProcessHeapEx.cpp">
|
||||
<ClCompile Include="GetProcessHeapFromTeb.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="GetProcessPathFromLoaderLoadModule.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="GetProcessPathFromProcessParameters.cpp">
|
||||
<ClCompile Include="GetProcessPathFromUserProcessParameters.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="GetSystemWindowsDirectory.cpp">
|
||||
|
|
|
@ -9,6 +9,9 @@
|
|||
|
||||
#define Get16Bits(d) ((((UINT32)(((CONST UINT8*)(d))[1])) << 8) +(UINT32)(((CONST UINT8*)(d))[0]))
|
||||
|
||||
#define InlineGetCurrentThread ((HANDLE)(LONG_PTR)-2)
|
||||
#define InlineGetCurrentProcess (HANDLE)((HANDLE)-1)
|
||||
|
||||
//error handling
|
||||
DWORD GetLastErrorFromTeb(VOID);
|
||||
NTSTATUS GetLastNtStatusEx(VOID);
|
||||
|
@ -48,37 +51,54 @@ PPEB GetPeb(VOID);
|
|||
PPEB GetPebFromTeb(VOID);
|
||||
PKUSER_SHARED_DATA GetKUserSharedData(VOID);
|
||||
PRTL_USER_PROCESS_PARAMETERS GetRtlUserProcessParameters(VOID);
|
||||
DWORD64 __stdcall GetProcAddressDjb2(DWORD64 ModuleBase, DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressFowlerNollVoVariant1a(DWORD64 ModuleBase, DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressJenkinsOneAtATime32Bit(DWORD64 ModuleBase, DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressLoseLose(DWORD64 ModuleBase, DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressRotr32(DWORD64 ModuleBase, DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressSdbm(DWORD64 ModuleBase, DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressSuperFastHash(DWORD64 ModuleBase, DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressUnknownGenericHash1(DWORD64 ModuleBase, DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressA(DWORD64 ModuleBase, LPCSTR lpProcName);
|
||||
DWORD64 __stdcall GetProcAddressW(DWORD64 ModuleBase, LPCWSTR lpProcName);
|
||||
BOOL RtlLoadPeHeaders(PIMAGE_DOS_HEADER* Dos, PIMAGE_NT_HEADERS* Nt, PIMAGE_FILE_HEADER* File, PIMAGE_OPTIONAL_HEADER* Optional, PBYTE* ImageBase);
|
||||
HMODULE GetModuleHandleEx2A(LPCSTR lpModuleName);
|
||||
HMODULE GetModuleHandleEx2W(LPCWSTR lpModuleName);
|
||||
DWORD64 __stdcall GetProcAddressDjb2(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressFowlerNollVoVariant1a(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressJenkinsOneAtATime32Bit(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressLoseLose(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressRotr32(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressSdbm(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressSuperFastHash(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressUnknownGenericHash1(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
|
||||
DWORD64 __stdcall GetProcAddressA(_In_ DWORD64 ModuleBase, _In_ LPCSTR lpProcName);
|
||||
DWORD64 __stdcall GetProcAddressW(_In_ DWORD64 ModuleBase, _In_ LPCWSTR lpProcName);
|
||||
BOOL RtlLoadPeHeaders(_Inout_ PIMAGE_DOS_HEADER* Dos, _Inout_ PIMAGE_NT_HEADERS* Nt, _Inout_ PIMAGE_FILE_HEADER* File, _Inout_ PIMAGE_OPTIONAL_HEADER* Optional, _Inout_ PBYTE* ImageBase);
|
||||
HMODULE GetModuleHandleEx2A(_In_ LPCSTR lpModuleName);
|
||||
HMODULE GetModuleHandleEx2W(_In_ LPCWSTR lpModuleName);
|
||||
|
||||
//helper functions
|
||||
BOOL IsPathValidA(PCHAR FilePath);
|
||||
BOOL IsPathValidW(PWCHAR FilePath);
|
||||
BOOL CreateLocalAppDataObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL bDoesObjectExist);
|
||||
BOOL CreateLocalAppDataObjectPathA(PCHAR pBuffer, PCHAR Path, DWORD Size, BOOL bDoesObjectExist);
|
||||
BOOL GetSystemWindowsDirectoryA(DWORD nBufferLength, PCHAR lpBuffer);
|
||||
BOOL GetSystemWindowsDirectoryW(DWORD nBufferLength, PWCHAR lpBuffer);
|
||||
BOOL CreateWindowsObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL bDoesObjectExist);
|
||||
BOOL CreateWindowsObjectPathA(PCHAR pBuffer, PCHAR Path, DWORD Size, BOOL bDoesObjectExist);
|
||||
HANDLE GetProcessHeapEx(VOID);
|
||||
HANDLE GetCurrentProcessEx(VOID);
|
||||
LPWSTR GetCurrentUserSidW(HANDLE hToken, BOOL DisposeProcessHandle);
|
||||
LPSTR GetCurrentUserSidA(HANDLE hToken, BOOL DisposeProcessHandle);
|
||||
DWORD GetProcessPathFromLoaderLoadModuleA(DWORD nBufferLength, PCHAR lpBuffer);
|
||||
DWORD GetProcessPathFromLoaderLoadModuleW(DWORD nBufferLength, PWCHAR lpBuffer);
|
||||
DWORD GetProcessPathFromProcessParametersA(DWORD nBufferLength, PCHAR lpBuffer);
|
||||
DWORD GetProcessPathFromProcessParametersW(DWORD nBufferLength, PWCHAR lpBuffer);
|
||||
BOOL IsPathValidA(_In_ PCHAR FilePath);
|
||||
BOOL IsPathValidW(_In_ PWCHAR FilePath);
|
||||
BOOL CreateLocalAppDataObjectPathW(_Inout_ PWCHAR pBuffer, _In_ PWCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist);
|
||||
BOOL CreateLocalAppDataObjectPathA(_Inout_ PCHAR pBuffer, _In_ PCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist);
|
||||
BOOL GetSystemWindowsDirectoryA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer);
|
||||
BOOL GetSystemWindowsDirectoryW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer);
|
||||
BOOL CreateWindowsObjectPathW(_Inout_ PWCHAR pBuffer, _In_ PWCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist);
|
||||
BOOL CreateWindowsObjectPathA(_Inout_ PCHAR pBuffer, _In_ PCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist);
|
||||
HANDLE GetProcessHeapFromTeb(VOID);
|
||||
LPWSTR GetCurrentUserSidW(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle);
|
||||
LPSTR GetCurrentUserSidA(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle);
|
||||
DWORD GetProcessPathFromLoaderLoadModuleA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer);
|
||||
DWORD GetProcessPathFromLoaderLoadModuleW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer);
|
||||
DWORD GetProcessPathFromUserProcessParametersA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer);
|
||||
DWORD GetProcessPathFromUserProcessParametersW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer);
|
||||
BOOL RecursiveFindFileA(_In_ LPCSTR Path, _In_ LPCSTR Pattern);
|
||||
BOOL RecursiveFindFileW(_In_ LPCWSTR Path, _In_ LPCWSTR Pattern);
|
||||
BOOL DeleteFileWithCreateFileFlagA(_In_ PCHAR Path);
|
||||
BOOL DeleteFileWithCreateFileFlagW(_In_ PWCHAR Path);
|
||||
DWORD GetCurrentDirectoryFromUserProcessParametersA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer);
|
||||
DWORD GetCurrentDirectoryFromUserProcessParametersW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer);
|
||||
DWORD GetCurrentProcessIdFromTeb(VOID);
|
||||
DWORD GetCurrentWindowTextFromUserProcessParametersA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer);
|
||||
DWORD GetCurrentWindowTextFromUserProcessParametersW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer);
|
||||
LONGLONG GetFileSizeFromPathW(_In_ PWCHAR Path, _In_ DWORD dwFlagsAndAttributes);
|
||||
LONGLONG GetFileSizeFromPathA(_In_ PCHAR Path, _In_ DWORD dwFlagsAndAttributes);
|
||||
BOOL RemoveDllFromPebA(_In_ LPCSTR lpModuleName);
|
||||
BOOL RemoveDllFromPebW(_In_ LPCWSTR lpModuleName);
|
||||
DWORD UrlDownloadToFileSynchronousW(_In_ PWCHAR Url, _In_ PWCHAR SavePath);
|
||||
DWORD UrlDownloadToFileSynchronousA(_In_ PCHAR Url, _In_ PCHAR SavePath);
|
||||
BOOL SetProcessPrivilegeToken(_In_ DWORD PrivilegeEnum);
|
||||
|
||||
//fingerprinting
|
||||
DWORD GetNumberOfLinkedDlls(VOID);
|
||||
DWORD GetOSIdentificationData(DWORD Id);
|
||||
BOOL IsNvidiaGraphicsCardPresentA(VOID);
|
||||
|
@ -86,23 +106,6 @@ BOOL IsNvidiaGraphicsCardPresentW(VOID);
|
|||
BOOL IsProcessRunningA(PCHAR ProcessNameWithExtension, BOOL IsCaseSensitive);
|
||||
BOOL IsProcessRunningW(PWCHAR ProcessNameWithExtension, BOOL IsCaseSensitive);
|
||||
BOOL IsProcessRunningAsAdmin(VOID);
|
||||
BOOL RecursiveFindFileA(LPCSTR Path, LPCSTR Pattern);
|
||||
BOOL RecursiveFindFileW(LPCWSTR Path, LPCWSTR Pattern);
|
||||
BOOL DeleteFileExA(PCHAR Path);
|
||||
BOOL DeleteFileExW(PWCHAR Path);
|
||||
DWORD GetCurrentDirectoryExA(DWORD nBufferLength, PCHAR lpBuffer);
|
||||
DWORD GetCurrentDirectoryExW(DWORD nBufferLength, PWCHAR lpBuffer);
|
||||
DWORD GetCurrentProcessIdEx(VOID);
|
||||
HANDLE GetCurrentThreadEx(VOID);
|
||||
DWORD GetCurrentWindowTextA(DWORD nBufferLength, PCHAR lpBuffer);
|
||||
DWORD GetCurrentWindowTextW(DWORD nBufferLength, PWCHAR lpBuffer);
|
||||
LONGLONG GetFileSizeFromPathW(PWCHAR Path, DWORD dwFlagsAndAttributes);
|
||||
LONGLONG GetFileSizeFromPathA(PCHAR Path, DWORD dwFlagsAndAttributes);
|
||||
BOOL RemoveDllFromPebA(LPCSTR lpModuleName);
|
||||
BOOL RemoveDllFromPebW(LPCWSTR lpModuleName);
|
||||
DWORD UrlDownloadToFileSynchronousW(PWCHAR Url, PWCHAR SavePath);
|
||||
DWORD UrlDownloadToFileSynchronousA(PCHAR Url, PCHAR SavePath);
|
||||
BOOL SetProcessPrivilegeToken(DWORD PrivilegeEnum);
|
||||
|
||||
//malicious capabilities
|
||||
DWORD OleGetClipboardDataA(PCHAR Buffer);
|
||||
|
|
Loading…
Reference in New Issue