Mirrors
/
vxug-VXAPI
mirror of https://github.com/vxunderground/VX-API
6
0
Fork 0
Code Issues Projects Releases Wiki Activity

Function renaming + annotations

This commit is contained in:
vxunderground 2022-09-13 07:20:57 -05:00
parent f0b5d2bd5d
commit a623af12b7
41 changed files with 143 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VX-API/AdfIsCreateProcessDebugEventCodeSet.cpp
View File

@ -5,7 +5,7 @@ BOOL AdfIsCreateProcessDebugEventCodeSet(VOID)
WCHAR FilePath[MAX_PATH * sizeof(WCHAR)] = { 0 };
HANDLE hHandle = INVALID_HANDLE_VALUE;
if (GetProcessPathFromProcessParametersW((MAX_PATH * sizeof(WCHAR)), FilePath) == 0)
if (GetProcessPathFromUserProcessParametersW((MAX_PATH * sizeof(WCHAR)), FilePath) == 0)
return FALSE;
hHandle = CreateFileW(FilePath, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, 0);

4
VX-API/CreateFileFromDsCopyFromSharedFile.cpp
View File

@ -65,7 +65,7 @@ EXIT_ROUTINE:
dwError = GetLastErrorFromTeb();
if (SidString)
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, SidString);
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, SidString);
if (hToken)
CloseHandle(hToken);
@ -147,7 +147,7 @@ EXIT_ROUTINE:
dwError = GetLastErrorFromTeb();
if (SidString)
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, SidString);
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, SidString);
if (hToken)
CloseHandle(hToken);

4
VX-API/CreateLocalAppDataObjectPath.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
BOOL CreateLocalAppDataObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL bDoesObjectExist)
BOOL CreateLocalAppDataObjectPathW(_Inout_ PWCHAR pBuffer, _In_ PWCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist)
{
if (pBuffer == NULL)
return FALSE;
@ -20,7 +20,7 @@ BOOL CreateLocalAppDataObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL
return TRUE;
}
BOOL CreateLocalAppDataObjectPathA(PCHAR pBuffer, PCHAR Path, DWORD Size, BOOL bDoesObjectExist)
BOOL CreateLocalAppDataObjectPathA(_Inout_ PCHAR pBuffer, _In_ PCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist)
{
if (pBuffer == NULL)
return FALSE;

4
VX-API/CreateProcessFromIHxHelpPaneServer.cpp
View File

@ -70,7 +70,7 @@ HRESULT CreateProcessFromIHxHelpPaneServerA(PCHAR UriFile)
if (dwLength == 0)
goto EXIT_ROUTINE;
wUriFile = (PWCHAR)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwLength);
wUriFile = (PWCHAR)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwLength);
if (wUriFile == NULL)
goto EXIT_ROUTINE;
@ -85,7 +85,7 @@ EXIT_ROUTINE:
Help->Release();
if (wUriFile)
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, wUriFile);
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, wUriFile);
CoUninitialize();

4
VX-API/CreateProcessFromIHxInteractiveUser.cpp
View File

@ -66,7 +66,7 @@ HRESULT CreateProcessFromIHxInteractiveUserA(PCHAR UriFile)
if (dwLength == 0)
goto EXIT_ROUTINE;
wUriFile = (PWCHAR)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwLength);
wUriFile = (PWCHAR)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwLength);
if(wUriFile == NULL)
goto EXIT_ROUTINE;
@ -81,7 +81,7 @@ EXIT_ROUTINE:
User->Release();
if (wUriFile)
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, wUriFile);
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, wUriFile);
CoUninitialize();

4
VX-API/CreateProcessViaNtCreateUserProcess.cpp
View File

@ -199,7 +199,7 @@ DWORD CreateProcessViaNtCreateUserProcessA(PCHAR BinaryPath)
if (RtlCreateProcessParametersEx(&ProcessParameters, &NtImagePath, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, RTL_USER_PROCESS_PARAMETERS_NORMALIZED) != ERROR_SUCCESS)
return GetLastErrorFromTeb();
AttributeList = (PPS_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, sizeof(PS_ATTRIBUTE));
AttributeList = (PPS_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, sizeof(PS_ATTRIBUTE));
if (AttributeList)
{
AttributeList->TotalLength = sizeof(PS_ATTRIBUTE_LIST) - sizeof(PS_ATTRIBUTE);
@ -292,7 +292,7 @@ DWORD CreateProcessViaNtCreateUserProcessW(PWCHAR BinaryPath)
if (RtlCreateProcessParametersEx(&ProcessParameters, &NtImagePath, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, RTL_USER_PROCESS_PARAMETERS_NORMALIZED) != ERROR_SUCCESS)
return GetLastErrorFromTeb();
AttributeList = (PPS_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, sizeof(PS_ATTRIBUTE));
AttributeList = (PPS_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, sizeof(PS_ATTRIBUTE));
if (AttributeList)
{
AttributeList->TotalLength = sizeof(PS_ATTRIBUTE_LIST) - sizeof(PS_ATTRIBUTE);

8
VX-API/CreateProcessWithCfGuard.cpp
View File

@ -82,7 +82,7 @@ BOOL CreateProcessWithCfGuardW(PPROCESS_INFORMATION Pi, PWCHAR Path)
if (dwAttributeSize == 0)
goto EXIT_ROUTINE;
ThreadAttributes = (PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwAttributeSize);
ThreadAttributes = (PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwAttributeSize);
if (ThreadAttributes == NULL)
goto EXIT_ROUTINE;
@ -103,7 +103,7 @@ BOOL CreateProcessWithCfGuardW(PPROCESS_INFORMATION Pi, PWCHAR Path)
EXIT_ROUTINE:
if (ThreadAttributes)
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, (PPROC_THREAD_ATTRIBUTE_LIST)ThreadAttributes);
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, (PPROC_THREAD_ATTRIBUTE_LIST)ThreadAttributes);
return bFlag;
}
@ -123,7 +123,7 @@ BOOL CreateProcessWithCfGuardA(PPROCESS_INFORMATION Pi, PCHAR Path)
if (dwAttributeSize == 0)
goto EXIT_ROUTINE;
ThreadAttributes = (PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwAttributeSize);
ThreadAttributes = (PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwAttributeSize);
if (ThreadAttributes == NULL)
goto EXIT_ROUTINE;
@ -144,7 +144,7 @@ BOOL CreateProcessWithCfGuardA(PPROCESS_INFORMATION Pi, PCHAR Path)
EXIT_ROUTINE:
if (ThreadAttributes)
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, (PPROC_THREAD_ATTRIBUTE_LIST)ThreadAttributes);
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, (PPROC_THREAD_ATTRIBUTE_LIST)ThreadAttributes);
return bFlag;
}

4
VX-API/CreatePseudoRandomString.cpp
View File

@ -5,7 +5,7 @@ PWCHAR CreatePseudoRandomStringW(_In_ SIZE_T dwLength, _In_ ULONG Seed)
WCHAR DataSet[] = L"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
PWCHAR String = NULL;
String = (PWCHAR)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, (sizeof(WCHAR) * (dwLength + 1)));
String = (PWCHAR)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, (sizeof(WCHAR) * (dwLength + 1)));
if (String == NULL)
return NULL;
@ -31,7 +31,7 @@ PCHAR CreatePseudoRandomStringA(_In_ SIZE_T dwLength, _In_ ULONG Seed)
CHAR DataSet[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
PCHAR String = NULL;
String = (PCHAR)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, (sizeof(CHAR) * (dwLength + 1)));
String = (PCHAR)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, (sizeof(CHAR) * (dwLength + 1)));
if (String == NULL)
return NULL;

4
VX-API/CreateWindowsObjectPath.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
BOOL CreateWindowsObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL bDoesObjectExist)
BOOL CreateWindowsObjectPathW(_Inout_ PWCHAR pBuffer, _In_ PWCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist)
{
if (pBuffer == NULL)
return FALSE;
@ -20,7 +20,7 @@ BOOL CreateWindowsObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL bDoe
return TRUE;
}
BOOL CreateWindowsObjectPathA(PCHAR pBuffer, PCHAR Path, DWORD Size, BOOL bDoesObjectExist)
BOOL CreateWindowsObjectPathA(_Inout_ PCHAR pBuffer, _In_ PCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist)
{
if (pBuffer == NULL)
return FALSE;

4
VX-API/DeleteFileEx.cpp → VX-API/DeleteFileWithCreateFileFlag.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
BOOL DeleteFileExA(PCHAR Path)
BOOL DeleteFileWithCreateFileFlagA(_In_ PCHAR Path)
{
HANDLE hHandle = INVALID_HANDLE_VALUE;
@ -19,7 +19,7 @@ BOOL DeleteFileExA(PCHAR Path)
return TRUE;
}
BOOL DeleteFileExW(PWCHAR Path)
BOOL DeleteFileWithCreateFileFlagW(_In_ PWCHAR Path)
{
HANDLE hHandle = INVALID_HANDLE_VALUE;

4
VX-API/GetCurrentDirectoryEx.cpp → VX-API/GetCurrentDirectoryFromUserProcessParameters.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD GetCurrentDirectoryExA(DWORD nBufferLength, PCHAR lpBuffer)
DWORD GetCurrentDirectoryFromUserProcessParametersA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer)
{
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
@ -10,7 +10,7 @@ DWORD GetCurrentDirectoryExA(DWORD nBufferLength, PCHAR lpBuffer)
return (DWORD)WCharStringToCharString(lpBuffer, ProcessParameters->CurrentDirectory.DosPath.Buffer, ProcessParameters->CurrentDirectory.DosPath.MaximumLength);
}
DWORD GetCurrentDirectoryExW(DWORD nBufferLength, PWCHAR lpBuffer)
DWORD GetCurrentDirectoryFromUserProcessParametersW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer)
{
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;

6
VX-API/GetCurrentProcessEx.cpp
View File

@ -1,6 +0,0 @@
#include "Win32Helper.h"
HANDLE GetCurrentProcessEx(VOID)
{
return (HANDLE)((HANDLE)-1);
}

2
VX-API/GetCurrentProcessIdEx.cpp → VX-API/GetCurrentProcessIdFromTeb.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD GetCurrentProcessIdEx(VOID)
DWORD GetCurrentProcessIdFromTeb(VOID)
{
return HandleToUlong(GetTeb()->ClientId.UniqueProcess);
}

6
VX-API/GetCurrentThreadEx.cpp
View File

@ -1,6 +0,0 @@
#include "Win32Helper.h"
HANDLE GetCurrentThreadEx(VOID)
{
return ((HANDLE)(LONG_PTR)-2);
}

24
VX-API/GetCurrentUserSid.cpp
View File

@ -10,7 +10,7 @@ DWORD GetTokenInformationBufferSize(HANDLE hToken)
return dwReturn;
}
LPWSTR GetCurrentUserSidW(HANDLE hToken, BOOL DisposeProcessHandle)
LPWSTR GetCurrentUserSidW(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle)
{
typedef BOOL(WINAPI* CONVERTSIDTOSTRINGSIDW)(PSID, LPWSTR*);
CONVERTSIDTOSTRINGSIDW ConvertSidToStringSidW;
@ -29,14 +29,14 @@ LPWSTR GetCurrentUserSidW(HANDLE hToken, BOOL DisposeProcessHandle)
if (!ConvertSidToStringSidW)
goto EXIT_ROUTINE;
if (!OpenProcessToken(GetCurrentProcessEx(), TOKEN_ALL_ACCESS, &hToken))
if (!OpenProcessToken(InlineGetCurrentProcess, TOKEN_ALL_ACCESS, &hToken))
return NULL;
dwError = GetTokenInformationBufferSize(hToken);
if (dwError == 0)
goto EXIT_ROUTINE;
TokenGroup = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwError);
TokenGroup = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwError);
if (TokenGroup == NULL)
goto EXIT_ROUTINE;
@ -52,7 +52,7 @@ LPWSTR GetCurrentUserSidW(HANDLE hToken, BOOL DisposeProcessHandle)
dwError = GetLengthSid(TokenGroup->Groups[dwIndex].Sid);
Sid = (PSID)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwError);
Sid = (PSID)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwError);
if (Sid == NULL)
goto EXIT_ROUTINE;
@ -74,10 +74,10 @@ EXIT_ROUTINE:
dwError = GetLastErrorFromTeb();
if (TokenGroup)
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, TokenGroup);
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, TokenGroup);
if (Sid)
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, Sid);
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, Sid);
if (hAdvapi)
FreeLibrary(hAdvapi);
@ -91,7 +91,7 @@ EXIT_ROUTINE:
return (bFlag ? pSid : NULL);
}
LPSTR GetCurrentUserSidA(HANDLE hToken, BOOL DisposeProcessHandle)
LPSTR GetCurrentUserSidA(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle)
{
typedef BOOL(WINAPI* CONVERTSIDTOSTRINGSIDA)(PSID, LPSTR*);
CONVERTSIDTOSTRINGSIDA ConvertSidToStringSidA;
@ -110,14 +110,14 @@ LPSTR GetCurrentUserSidA(HANDLE hToken, BOOL DisposeProcessHandle)
if (!ConvertSidToStringSidA)
goto EXIT_ROUTINE;
if (!OpenProcessToken(GetCurrentProcessEx(), TOKEN_ALL_ACCESS, &hToken))
if (!OpenProcessToken(InlineGetCurrentProcess, TOKEN_ALL_ACCESS, &hToken))
return NULL;
dwError = GetTokenInformationBufferSize(hToken);
if (dwError == 0)
goto EXIT_ROUTINE;
TokenGroup = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwError);
TokenGroup = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwError);
if (TokenGroup == NULL)
goto EXIT_ROUTINE;
@ -133,7 +133,7 @@ LPSTR GetCurrentUserSidA(HANDLE hToken, BOOL DisposeProcessHandle)
dwError = GetLengthSid(TokenGroup->Groups[dwIndex].Sid);
Sid = (PSID)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwError);
Sid = (PSID)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, dwError);
if (Sid == NULL)
goto EXIT_ROUTINE;
@ -155,10 +155,10 @@ EXIT_ROUTINE:
dwError = GetLastErrorFromTeb();
if (TokenGroup)
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, TokenGroup);
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, TokenGroup);
if (Sid)
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, Sid);
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, Sid);
if (hAdvapi)
FreeLibrary(hAdvapi);

4
VX-API/GetCurrentWindowText.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD GetCurrentWindowTextA(DWORD nBufferLength, PCHAR lpBuffer)
DWORD GetCurrentWindowTextFromUserProcessParametersA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer)
{
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
@ -10,7 +10,7 @@ DWORD GetCurrentWindowTextA(DWORD nBufferLength, PCHAR lpBuffer)
return (DWORD)WCharStringToCharString(lpBuffer, ProcessParameters->WindowTitle.Buffer, ProcessParameters->WindowTitle.MaximumLength);
}
DWORD GetCurrentWindowTextW(DWORD nBufferLength, PWCHAR lpBuffer)
DWORD GetCurrentWindowTextFromUserProcessParametersW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer)
{
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;

4
VX-API/GetFileSizeFromPath.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
LONGLONG GetFileSizeFromPathW(PWCHAR Path, DWORD dwFlagsAndAttributes)
LONGLONG GetFileSizeFromPathW(_In_ PWCHAR Path, _In_ DWORD dwFlagsAndAttributes)
{
LARGE_INTEGER LargeInteger;
HANDLE hHandle = INVALID_HANDLE_VALUE;
@ -20,7 +20,7 @@ LONGLONG GetFileSizeFromPathW(PWCHAR Path, DWORD dwFlagsAndAttributes)
return INVALID_FILE_SIZE;
}
LONGLONG GetFileSizeFromPathA(PCHAR Path, DWORD dwFlagsAndAttributes)
LONGLONG GetFileSizeFromPathA(_In_ PCHAR Path, _In_ DWORD dwFlagsAndAttributes)
{
LARGE_INTEGER LargeInteger;
HANDLE hHandle = INVALID_HANDLE_VALUE;

4
VX-API/GetModuleHandleEx.cpp → VX-API/GetModuleHandleEx2.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
HMODULE GetModuleHandleEx2A(LPCSTR lpModuleName)
HMODULE GetModuleHandleEx2A(_In_ LPCSTR lpModuleName)
{
PPEB Peb = GetPeb();
PLDR_MODULE Module = NULL;
@ -24,7 +24,7 @@ HMODULE GetModuleHandleEx2A(LPCSTR lpModuleName)
return NULL;
}
HMODULE GetModuleHandleEx2W(LPCWSTR lpModuleName)
HMODULE GetModuleHandleEx2W(_In_ LPCWSTR lpModuleName)
{
PPEB Peb = GetPeb();
PLDR_MODULE Module = NULL;

24
VX-API/GetProcAddress.cpp
View File

@ -1,12 +1,12 @@
#include "Win32Helper.h"
DWORD64 __stdcall GetProcAddressA(DWORD64 ModuleBase, LPCSTR lpProcName)
DWORD64 __stdcall GetProcAddressA(_In_ DWORD64 ModuleBase, _In_ LPCSTR lpProcName)
{
PBYTE pFunctionName;
PIMAGE_DOS_HEADER Dos;
PIMAGE_NT_HEADERS Nt;
PIMAGE_FILE_HEADER File;
PIMAGE_OPTIONAL_HEADER Optional;
PBYTE pFunctionName = NULL;
PIMAGE_DOS_HEADER Dos = NULL;
PIMAGE_NT_HEADERS Nt = NULL;
PIMAGE_FILE_HEADER File = NULL;
PIMAGE_OPTIONAL_HEADER Optional = NULL;
RtlLoadPeHeaders(&Dos, &Nt, &File, &Optional, (PBYTE*)&ModuleBase);
@ -25,13 +25,13 @@ DWORD64 __stdcall GetProcAddressA(DWORD64 ModuleBase, LPCSTR lpProcName)
return 0;
}
DWORD64 __stdcall GetProcAddressW(DWORD64 ModuleBase, LPCWSTR lpProcName)
DWORD64 __stdcall GetProcAddressW(_In_ DWORD64 ModuleBase, _In_ LPCWSTR lpProcName)
{
PBYTE pFunctionName;
PIMAGE_DOS_HEADER Dos;
PIMAGE_NT_HEADERS Nt;
PIMAGE_FILE_HEADER File;
PIMAGE_OPTIONAL_HEADER Optional;
PBYTE pFunctionName = NULL;
PIMAGE_DOS_HEADER Dos = NULL;
PIMAGE_NT_HEADERS Nt = NULL;
PIMAGE_FILE_HEADER File = NULL;
PIMAGE_OPTIONAL_HEADER Optional = NULL;
RtlLoadPeHeaders(&Dos, &Nt, &File, &Optional, (PBYTE*)&ModuleBase);

2
VX-API/GetProcAddressDjb2.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD64 __stdcall GetProcAddressDjb2(DWORD64 ModuleBase, DWORD64 Hash)
DWORD64 __stdcall GetProcAddressDjb2(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
{
PBYTE pFunctionName;
PIMAGE_DOS_HEADER Dos;

2
VX-API/GetProcAddressFowlerNollVoVariant1a.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD64 __stdcall GetProcAddressFowlerNollVoVariant1a(DWORD64 ModuleBase, DWORD64 Hash)
DWORD64 __stdcall GetProcAddressFowlerNollVoVariant1a(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
{
PBYTE pFunctionName;
PIMAGE_DOS_HEADER Dos;

2
VX-API/GetProcAddressJenkinsOneAtATime32Bit.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD64 __stdcall GetProcAddressJenkinsOneAtATime32Bit(DWORD64 ModuleBase, DWORD64 Hash)
DWORD64 __stdcall GetProcAddressJenkinsOneAtATime32Bit(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
{
PBYTE pFunctionName;
PIMAGE_DOS_HEADER Dos;

2
VX-API/GetProcAddressLoseLose.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD64 __stdcall GetProcAddressLoseLose(DWORD64 ModuleBase, DWORD64 Hash)
DWORD64 __stdcall GetProcAddressLoseLose(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
{
PBYTE pFunctionName;
PIMAGE_DOS_HEADER Dos;

2
VX-API/GetProcAddressRotr32.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD64 __stdcall GetProcAddressRotr32(DWORD64 ModuleBase, DWORD64 Hash)
DWORD64 __stdcall GetProcAddressRotr32(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
{
PBYTE pFunctionName;
PIMAGE_DOS_HEADER Dos;

2
VX-API/GetProcAddressSdbm.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD64 __stdcall GetProcAddressSdbm(DWORD64 ModuleBase, DWORD64 Hash)
DWORD64 __stdcall GetProcAddressSdbm(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
{
PBYTE pFunctionName;
PIMAGE_DOS_HEADER Dos;

2
VX-API/GetProcAddressSuperFastHash.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD64 __stdcall GetProcAddressSuperFastHash(DWORD64 ModuleBase, DWORD64 Hash)
DWORD64 __stdcall GetProcAddressSuperFastHash(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
{
PBYTE pFunctionName;
PIMAGE_DOS_HEADER Dos;

2
VX-API/GetProcAddressUnknownGenericHash1.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD64 __stdcall GetProcAddressUnknownGenericHash1(DWORD64 ModuleBase, DWORD64 Hash)
DWORD64 __stdcall GetProcAddressUnknownGenericHash1(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash)
{
PBYTE pFunctionName;
PIMAGE_DOS_HEADER Dos;

2
VX-API/GetProcessHeapEx.cpp → VX-API/GetProcessHeapFromTeb.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
HANDLE GetProcessHeapEx(VOID)
HANDLE GetProcessHeapFromTeb(VOID)
{
return GetPeb()->ProcessHeap;
}

4
VX-API/GetProcessPathFromLoaderLoadModule.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD GetProcessPathFromLoaderLoadModuleA(DWORD nBufferLength, PCHAR lpBuffer)
DWORD GetProcessPathFromLoaderLoadModuleA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer)
{
PPEB Peb = GetPeb();
PLDR_MODULE Module = NULL;
@ -12,7 +12,7 @@ DWORD GetProcessPathFromLoaderLoadModuleA(DWORD nBufferLength, PCHAR lpBuffer)
return (DWORD)WCharStringToCharString(lpBuffer, Module->FullDllName.Buffer, Module->FullDllName.MaximumLength);
}
DWORD GetProcessPathFromLoaderLoadModuleW(DWORD nBufferLength, PWCHAR lpBuffer)
DWORD GetProcessPathFromLoaderLoadModuleW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer)
{
PPEB Peb = GetPeb();
PLDR_MODULE Module = NULL;

4
VX-API/GetProcessPathFromProcessParameters.cpp → VX-API/GetProcessPathFromUserProcessParameters.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD GetProcessPathFromProcessParametersA(DWORD nBufferLength, PCHAR lpBuffer)
DWORD GetProcessPathFromUserProcessParametersA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer)
{
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
@ -10,7 +10,7 @@ DWORD GetProcessPathFromProcessParametersA(DWORD nBufferLength, PCHAR lpBuffer)
return (DWORD)WCharStringToCharString(lpBuffer, ProcessParameters->ImagePathName.Buffer, ProcessParameters->ImagePathName.MaximumLength);
}
DWORD GetProcessPathFromProcessParametersW(DWORD nBufferLength, PWCHAR lpBuffer)
DWORD GetProcessPathFromUserProcessParametersW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer)
{
PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;

2
VX-API/IsIntelHardwareBreakpointPresent.cpp
View File

@ -13,7 +13,7 @@ BOOL IsIntelHardwareBreakpointPresent(VOID)
Context->ContextFlags = CONTEXT_DEBUG_REGISTERS;
if (!GetThreadContext(GetCurrentThreadEx(), Context))
if (!GetThreadContext(InlineGetCurrentThread, Context))
goto EXIT_ROUTINE;
if (Context->Dr0 || Context->Dr1 || Context->Dr2 || Context->Dr3)

4
VX-API/IsPathValid.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
BOOL IsPathValidA(PCHAR FilePath)
BOOL IsPathValidA(_In_ PCHAR FilePath)
{
HANDLE hFile = INVALID_HANDLE_VALUE;
@ -14,7 +14,7 @@ BOOL IsPathValidA(PCHAR FilePath)
return TRUE;
}
BOOL IsPathValidW(PWCHAR FilePath)
BOOL IsPathValidW(_In_ PWCHAR FilePath)
{
HANDLE hFile = INVALID_HANDLE_VALUE;

2
VX-API/IsProcessRunningAsAdmin.cpp
View File

@ -7,7 +7,7 @@ BOOL IsProcessRunningAsAdmin(VOID)
DWORD dwSize = 0;
BOOL bFlag = FALSE;
if (!OpenProcessToken(GetCurrentProcessEx(), TOKEN_QUERY, &hToken))
if (!OpenProcessToken(InlineGetCurrentProcess, TOKEN_QUERY, &hToken))
goto EXIT_ROUTINE;
if (!GetTokenInformation(hToken, TokenElevation, &Elevation, sizeof(Elevation), &dwSize))

4
VX-API/MpfComVssDeleteShadowVolumeBackups.cpp
View File

@ -229,10 +229,10 @@ DWORD MpfComVssDeleteShadowVolumeBackups(BOOL CoUninitializeAfterCompletion)
EXIT_ROUTINE:
if (ShadowCopyId)
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, ShadowCopyId);
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, ShadowCopyId);
if (ShadowCopySetId)
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, ShadowCopySetId);
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, ShadowCopySetId);
if (EnumObject)
EnumObject->Release();

8
VX-API/RecursiveFindFile.cpp
View File

@ -10,7 +10,7 @@ BOOL UnusedSubroutineRecursiveFindFileMainA(LPCSTR Path, LPCSTR Pattern, PVOID p
typedef LPWSTR(WINAPI* PATHCOMBINEA)(LPCSTR, LPCSTR, LPCSTR);
PATHCOMBINEA PathCombineA = (PATHCOMBINEA)pfnPathCombineW;
HANDLE HeapHandle = GetProcessHeapEx();
HANDLE HeapHandle = GetProcessHeapFromTeb();
CHAR szFullPattern[MAX_PATH] = { 0 };
WIN32_FIND_DATAA FindData = { 0 };
HANDLE FindHandle = INVALID_HANDLE_VALUE;
@ -82,7 +82,7 @@ EXIT_ROUTINE:
return FALSE;
}
BOOL RecursiveFindFileA(LPCSTR Path, LPCSTR Pattern)
BOOL RecursiveFindFileA(_In_ LPCSTR Path, _In_ LPCSTR Pattern)
{
typedef LPWSTR(WINAPI* PATHCOMBINEA)(LPCSTR, LPCSTR, LPCSTR);
PATHCOMBINEA PathCombineA = NULL;
@ -123,7 +123,7 @@ BOOL UnusedSubroutineRecursiveFindFileMainW(LPCWSTR Path, LPCWSTR Pattern, PVOID
typedef LPWSTR(WINAPI* PATHCOMBINEW)(LPCWSTR, LPCWSTR, LPCWSTR);
PATHCOMBINEW PathCombineW = (PATHCOMBINEW)pfnPathCombineW;
HANDLE HeapHandle = GetProcessHeapEx();
HANDLE HeapHandle = GetProcessHeapFromTeb();
WCHAR szFullPattern[MAX_PATH] = { 0 };
WIN32_FIND_DATAW FindData = { 0 };
HANDLE FindHandle = INVALID_HANDLE_VALUE;
@ -194,7 +194,7 @@ EXIT_ROUTINE:
return FALSE;
}
BOOL RecursiveFindFileW(LPCWSTR Path, LPCWSTR Pattern)
BOOL RecursiveFindFileW(_In_ LPCWSTR Path, _In_ LPCWSTR Pattern)
{
typedef LPWSTR(WINAPI* PATHCOMBINEW)(LPCWSTR, LPCWSTR, LPCWSTR);
PATHCOMBINEW PathCombineW = NULL;

2
VX-API/RtlLoadPeHeaders.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
BOOL RtlLoadPeHeaders(PIMAGE_DOS_HEADER* Dos, PIMAGE_NT_HEADERS* Nt, PIMAGE_FILE_HEADER* File, PIMAGE_OPTIONAL_HEADER* Optional, PBYTE* ImageBase)
BOOL RtlLoadPeHeaders(_Inout_ PIMAGE_DOS_HEADER* Dos, _Inout_ PIMAGE_NT_HEADERS* Nt, _Inout_ PIMAGE_FILE_HEADER* File, _Inout_ PIMAGE_OPTIONAL_HEADER* Optional, _Inout_ PBYTE* ImageBase)
{
*Dos = (PIMAGE_DOS_HEADER)*ImageBase;
if ((*Dos)->e_magic != IMAGE_DOS_SIGNATURE)

4
VX-API/SetProcessPrivilegeToken.cpp
View File

@ -1,8 +1,8 @@
#include "Win32Helper.h"
BOOL SetProcessPrivilegeToken(DWORD PrivilegeEnum)
BOOL SetProcessPrivilegeToken(_In_ DWORD PrivilegeEnum)
{
HANDLE Process = GetCurrentProcessEx();
HANDLE Process = InlineGetCurrentProcess;
HANDLE Token = INVALID_HANDLE_VALUE;
TOKEN_PRIVILEGES Privileges = { 0 };
DWORD TokenLength = 0;

4
VX-API/UrlDownloadToFileSynchronous.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD UrlDownloadToFileSynchronousW(PWCHAR Url, PWCHAR SavePath)
DWORD UrlDownloadToFileSynchronousW(_In_ PWCHAR Url, _In_ PWCHAR SavePath)
{
typedef HRESULT(WINAPI* URLDOWNLOADFILE)(LPUNKNOWN, LPCTSTR, LPCTSTR, DWORD, LPBINDSTATUSCALLBACK);
class DownloadProgressRoutine : public IBindStatusCallback {
@ -97,7 +97,7 @@ EXIT_ROUTINE:
return dwError;
}
DWORD UrlDownloadToFileSynchronousA(PCHAR Url, PCHAR SavePath)
DWORD UrlDownloadToFileSynchronousA(_In_ PCHAR Url, _In_ PCHAR SavePath)
{
typedef HRESULT(WINAPI* URLDOWNLOADFILE)(LPUNKNOWN, LPCSTR, LPCSTR, DWORD, LPBINDSTATUSCALLBACK);
class DownloadProgressRoutine : public IBindStatusCallback {

14
VX-API/VX-API.vcxproj
View File

@ -149,11 +149,9 @@
<ClCompile Include="CreatePseudoRandomString.cpp" />
<ClCompile Include="CreateWindowsObjectPath.cpp" />
<ClCompile Include="DelayedExecutionExecuteOnDisplayOff.cpp" />
<ClCompile Include="DeleteFileEx.cpp" />
<ClCompile Include="GetCurrentDirectoryEx.cpp" />
<ClCompile Include="GetCurrentProcessEx.cpp" />
<ClCompile Include="GetCurrentProcessIdEx.cpp" />
<ClCompile Include="GetCurrentThreadEx.cpp" />
<ClCompile Include="DeleteFileWithCreateFileFlag.cpp" />
<ClCompile Include="GetCurrentDirectoryFromUserProcessParameters.cpp" />
<ClCompile Include="GetCurrentProcessIdFromTeb.cpp" />
<ClCompile Include="GetCurrentUserSid.cpp" />
<ClCompile Include="GetCurrentWindowText.cpp" />
<ClCompile Include="GetFileSizeFromPath.cpp" />
@ -161,7 +159,7 @@
<ClCompile Include="GetLastErrorFromTeb.cpp" />
<ClCompile Include="GetLastNtStatusEx.cpp" />
<ClCompile Include="GetNumberOfLinkedDlls.cpp" />
<ClCompile Include="GetModuleHandleEx.cpp" />
<ClCompile Include="GetModuleHandleEx2.cpp" />
<ClCompile Include="GetOSIdentificationData.cpp" />
<ClCompile Include="GetPeb.cpp" />
<ClCompile Include="GetProcAddress.cpp" />
@ -173,9 +171,9 @@
<ClCompile Include="GetProcAddressSdbm.cpp" />
<ClCompile Include="GetProcAddressSuperFastHash.cpp" />
<ClCompile Include="GetProcAddressUnknownGenericHash1.cpp" />
<ClCompile Include="GetProcessHeapEx.cpp" />
<ClCompile Include="GetProcessHeapFromTeb.cpp" />
<ClCompile Include="GetProcessPathFromLoaderLoadModule.cpp" />
<ClCompile Include="GetProcessPathFromProcessParameters.cpp" />
<ClCompile Include="GetProcessPathFromUserProcessParameters.cpp" />
<ClCompile Include="GetRtlUserProcessParameters.cpp" />
<ClCompile Include="GetSystemWindowsDirectory.cpp" />
<ClCompile Include="GetTeb.cpp" />

18
VX-API/VX-API.vcxproj.filters
View File

@ -162,7 +162,7 @@
<ClCompile Include="GetProcAddress.cpp">
<Filter>Source Files\Windows API Helper Functions\Library Loading</Filter>
</ClCompile>
<ClCompile Include="GetModuleHandleEx.cpp">
<ClCompile Include="GetModuleHandleEx2.cpp">
<Filter>Source Files\Windows API Helper Functions\Library Loading</Filter>
</ClCompile>
<ClCompile Include="GetTeb.cpp">
@ -210,19 +210,13 @@
<ClCompile Include="CreateWindowsObjectPath.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
<ClCompile Include="DeleteFileEx.cpp">
<ClCompile Include="DeleteFileWithCreateFileFlag.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
<ClCompile Include="GetCurrentDirectoryEx.cpp">
<ClCompile Include="GetCurrentDirectoryFromUserProcessParameters.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
<ClCompile Include="GetCurrentProcessEx.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
<ClCompile Include="GetCurrentProcessIdEx.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
<ClCompile Include="GetCurrentThreadEx.cpp">
<ClCompile Include="GetCurrentProcessIdFromTeb.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
<ClCompile Include="GetCurrentUserSid.cpp">
@ -234,13 +228,13 @@
<ClCompile Include="GetFileSizeFromPath.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
<ClCompile Include="GetProcessHeapEx.cpp">
<ClCompile Include="GetProcessHeapFromTeb.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
<ClCompile Include="GetProcessPathFromLoaderLoadModule.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
<ClCompile Include="GetProcessPathFromProcessParameters.cpp">
<ClCompile Include="GetProcessPathFromUserProcessParameters.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
<ClCompile Include="GetSystemWindowsDirectory.cpp">

95
VX-API/Win32Helper.h
View File

@ -9,6 +9,9 @@
#define Get16Bits(d) ((((UINT32)(((CONST UINT8*)(d))[1])) << 8) +(UINT32)(((CONST UINT8*)(d))[0]))
#define InlineGetCurrentThread ((HANDLE)(LONG_PTR)-2)
#define InlineGetCurrentProcess (HANDLE)((HANDLE)-1)
//error handling
DWORD GetLastErrorFromTeb(VOID);
NTSTATUS GetLastNtStatusEx(VOID);
@ -48,37 +51,54 @@ PPEB GetPeb(VOID);
PPEB GetPebFromTeb(VOID);
PKUSER_SHARED_DATA GetKUserSharedData(VOID);
PRTL_USER_PROCESS_PARAMETERS GetRtlUserProcessParameters(VOID);
DWORD64 __stdcall GetProcAddressDjb2(DWORD64 ModuleBase, DWORD64 Hash);
DWORD64 __stdcall GetProcAddressFowlerNollVoVariant1a(DWORD64 ModuleBase, DWORD64 Hash);
DWORD64 __stdcall GetProcAddressJenkinsOneAtATime32Bit(DWORD64 ModuleBase, DWORD64 Hash);
DWORD64 __stdcall GetProcAddressLoseLose(DWORD64 ModuleBase, DWORD64 Hash);
DWORD64 __stdcall GetProcAddressRotr32(DWORD64 ModuleBase, DWORD64 Hash);
DWORD64 __stdcall GetProcAddressSdbm(DWORD64 ModuleBase, DWORD64 Hash);
DWORD64 __stdcall GetProcAddressSuperFastHash(DWORD64 ModuleBase, DWORD64 Hash);
DWORD64 __stdcall GetProcAddressUnknownGenericHash1(DWORD64 ModuleBase, DWORD64 Hash);
DWORD64 __stdcall GetProcAddressA(DWORD64 ModuleBase, LPCSTR lpProcName);
DWORD64 __stdcall GetProcAddressW(DWORD64 ModuleBase, LPCWSTR lpProcName);
BOOL RtlLoadPeHeaders(PIMAGE_DOS_HEADER* Dos, PIMAGE_NT_HEADERS* Nt, PIMAGE_FILE_HEADER* File, PIMAGE_OPTIONAL_HEADER* Optional, PBYTE* ImageBase);
HMODULE GetModuleHandleEx2A(LPCSTR lpModuleName);
HMODULE GetModuleHandleEx2W(LPCWSTR lpModuleName);
DWORD64 __stdcall GetProcAddressDjb2(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
DWORD64 __stdcall GetProcAddressFowlerNollVoVariant1a(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
DWORD64 __stdcall GetProcAddressJenkinsOneAtATime32Bit(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
DWORD64 __stdcall GetProcAddressLoseLose(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
DWORD64 __stdcall GetProcAddressRotr32(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
DWORD64 __stdcall GetProcAddressSdbm(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
DWORD64 __stdcall GetProcAddressSuperFastHash(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
DWORD64 __stdcall GetProcAddressUnknownGenericHash1(_In_ DWORD64 ModuleBase, _In_ DWORD64 Hash);
DWORD64 __stdcall GetProcAddressA(_In_ DWORD64 ModuleBase, _In_ LPCSTR lpProcName);
DWORD64 __stdcall GetProcAddressW(_In_ DWORD64 ModuleBase, _In_ LPCWSTR lpProcName);
BOOL RtlLoadPeHeaders(_Inout_ PIMAGE_DOS_HEADER* Dos, _Inout_ PIMAGE_NT_HEADERS* Nt, _Inout_ PIMAGE_FILE_HEADER* File, _Inout_ PIMAGE_OPTIONAL_HEADER* Optional, _Inout_ PBYTE* ImageBase);
HMODULE GetModuleHandleEx2A(_In_ LPCSTR lpModuleName);
HMODULE GetModuleHandleEx2W(_In_ LPCWSTR lpModuleName);
//helper functions
BOOL IsPathValidA(PCHAR FilePath);
BOOL IsPathValidW(PWCHAR FilePath);
BOOL CreateLocalAppDataObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL bDoesObjectExist);
BOOL CreateLocalAppDataObjectPathA(PCHAR pBuffer, PCHAR Path, DWORD Size, BOOL bDoesObjectExist);
BOOL GetSystemWindowsDirectoryA(DWORD nBufferLength, PCHAR lpBuffer);
BOOL GetSystemWindowsDirectoryW(DWORD nBufferLength, PWCHAR lpBuffer);
BOOL CreateWindowsObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL bDoesObjectExist);
BOOL CreateWindowsObjectPathA(PCHAR pBuffer, PCHAR Path, DWORD Size, BOOL bDoesObjectExist);
HANDLE GetProcessHeapEx(VOID);
HANDLE GetCurrentProcessEx(VOID);
LPWSTR GetCurrentUserSidW(HANDLE hToken, BOOL DisposeProcessHandle);
LPSTR GetCurrentUserSidA(HANDLE hToken, BOOL DisposeProcessHandle);
DWORD GetProcessPathFromLoaderLoadModuleA(DWORD nBufferLength, PCHAR lpBuffer);
DWORD GetProcessPathFromLoaderLoadModuleW(DWORD nBufferLength, PWCHAR lpBuffer);
DWORD GetProcessPathFromProcessParametersA(DWORD nBufferLength, PCHAR lpBuffer);
DWORD GetProcessPathFromProcessParametersW(DWORD nBufferLength, PWCHAR lpBuffer);
BOOL IsPathValidA(_In_ PCHAR FilePath);
BOOL IsPathValidW(_In_ PWCHAR FilePath);
BOOL CreateLocalAppDataObjectPathW(_Inout_ PWCHAR pBuffer, _In_ PWCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist);
BOOL CreateLocalAppDataObjectPathA(_Inout_ PCHAR pBuffer, _In_ PCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist);
BOOL GetSystemWindowsDirectoryA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer);
BOOL GetSystemWindowsDirectoryW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer);
BOOL CreateWindowsObjectPathW(_Inout_ PWCHAR pBuffer, _In_ PWCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist);
BOOL CreateWindowsObjectPathA(_Inout_ PCHAR pBuffer, _In_ PCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist);
HANDLE GetProcessHeapFromTeb(VOID);
LPWSTR GetCurrentUserSidW(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle);
LPSTR GetCurrentUserSidA(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle);
DWORD GetProcessPathFromLoaderLoadModuleA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer);
DWORD GetProcessPathFromLoaderLoadModuleW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer);
DWORD GetProcessPathFromUserProcessParametersA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer);
DWORD GetProcessPathFromUserProcessParametersW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer);
BOOL RecursiveFindFileA(_In_ LPCSTR Path, _In_ LPCSTR Pattern);
BOOL RecursiveFindFileW(_In_ LPCWSTR Path, _In_ LPCWSTR Pattern);
BOOL DeleteFileWithCreateFileFlagA(_In_ PCHAR Path);
BOOL DeleteFileWithCreateFileFlagW(_In_ PWCHAR Path);
DWORD GetCurrentDirectoryFromUserProcessParametersA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer);
DWORD GetCurrentDirectoryFromUserProcessParametersW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer);
DWORD GetCurrentProcessIdFromTeb(VOID);
DWORD GetCurrentWindowTextFromUserProcessParametersA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer);
DWORD GetCurrentWindowTextFromUserProcessParametersW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer);
LONGLONG GetFileSizeFromPathW(_In_ PWCHAR Path, _In_ DWORD dwFlagsAndAttributes);
LONGLONG GetFileSizeFromPathA(_In_ PCHAR Path, _In_ DWORD dwFlagsAndAttributes);
BOOL RemoveDllFromPebA(_In_ LPCSTR lpModuleName);
BOOL RemoveDllFromPebW(_In_ LPCWSTR lpModuleName);
DWORD UrlDownloadToFileSynchronousW(_In_ PWCHAR Url, _In_ PWCHAR SavePath);
DWORD UrlDownloadToFileSynchronousA(_In_ PCHAR Url, _In_ PCHAR SavePath);
BOOL SetProcessPrivilegeToken(_In_ DWORD PrivilegeEnum);
//fingerprinting
DWORD GetNumberOfLinkedDlls(VOID);
DWORD GetOSIdentificationData(DWORD Id);
BOOL IsNvidiaGraphicsCardPresentA(VOID);
@ -86,23 +106,6 @@ BOOL IsNvidiaGraphicsCardPresentW(VOID);
BOOL IsProcessRunningA(PCHAR ProcessNameWithExtension, BOOL IsCaseSensitive);
BOOL IsProcessRunningW(PWCHAR ProcessNameWithExtension, BOOL IsCaseSensitive);
BOOL IsProcessRunningAsAdmin(VOID);
BOOL RecursiveFindFileA(LPCSTR Path, LPCSTR Pattern);
BOOL RecursiveFindFileW(LPCWSTR Path, LPCWSTR Pattern);
BOOL DeleteFileExA(PCHAR Path);
BOOL DeleteFileExW(PWCHAR Path);
DWORD GetCurrentDirectoryExA(DWORD nBufferLength, PCHAR lpBuffer);
DWORD GetCurrentDirectoryExW(DWORD nBufferLength, PWCHAR lpBuffer);
DWORD GetCurrentProcessIdEx(VOID);
HANDLE GetCurrentThreadEx(VOID);
DWORD GetCurrentWindowTextA(DWORD nBufferLength, PCHAR lpBuffer);
DWORD GetCurrentWindowTextW(DWORD nBufferLength, PWCHAR lpBuffer);
LONGLONG GetFileSizeFromPathW(PWCHAR Path, DWORD dwFlagsAndAttributes);
LONGLONG GetFileSizeFromPathA(PCHAR Path, DWORD dwFlagsAndAttributes);
BOOL RemoveDllFromPebA(LPCSTR lpModuleName);
BOOL RemoveDllFromPebW(LPCWSTR lpModuleName);
DWORD UrlDownloadToFileSynchronousW(PWCHAR Url, PWCHAR SavePath);
DWORD UrlDownloadToFileSynchronousA(PCHAR Url, PCHAR SavePath);
BOOL SetProcessPrivilegeToken(DWORD PrivilegeEnum);
//malicious capabilities
DWORD OleGetClipboardDataA(PCHAR Buffer);