mirror of https://github.com/vxunderground/VX-API
Function renames, code base refactor
Some function names renamed to avoid confusion, some function annotations added.
This commit is contained in:
vxunderground
parent
9b1bf61fb5
commit
f0b5d2bd5d
|
|
@ -62,7 +62,7 @@ BOOL CreateFileFromDsCopyFromSharedFileW(PWCHAR NewFileName, PWCHAR FileToClone)
|
|||
EXIT_ROUTINE:
|
||||
|
||||
if (!bFlag)
|
||||
dwError = GetLastErrorEx();
|
||||
dwError = GetLastErrorFromTeb();
|
||||
|
||||
if (SidString)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, SidString);
|
||||
|
|
@ -144,7 +144,7 @@ BOOL CreateFileFromDsCopyFromSharedFileA(PCHAR NewFileName, PCHAR FileToClone)
|
|||
EXIT_ROUTINE:
|
||||
|
||||
if (!bFlag)
|
||||
dwError = GetLastErrorEx();
|
||||
dwError = GetLastErrorFromTeb();
|
||||
|
||||
if (SidString)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, SidString);
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ DWORD CreateProcessFromIShellDispatchInvokeW(_In_ PWCHAR BinaryPath)
|
|||
|
||||
hModule = LoadLibraryW(L"Shell32.dll");
|
||||
if (hModule == NULL)
|
||||
return GetLastErrorEx();
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
DllGetClassObject = (DLLGETCLASSOBJECT)GetProcAddressA((DWORD64)hModule, "DllGetClassObject");
|
||||
if (DllGetClassObject == NULL)
|
||||
|
|
@ -91,7 +91,7 @@ DWORD CreateProcessFromIShellDispatchInvokeA(_In_ PCHAR BinaryPath)
|
|||
|
||||
hModule = LoadLibraryW(L"Shell32.dll");
|
||||
if (hModule == NULL)
|
||||
return GetLastErrorEx();
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
DllGetClassObject = (DLLGETCLASSOBJECT)GetProcAddressA((DWORD64)hModule, "DllGetClassObject");
|
||||
if (DllGetClassObject == NULL)
|
||||
|
|
|
|||
|
|
@ -176,19 +176,19 @@ DWORD CreateProcessViaNtCreateUserProcessA(PCHAR BinaryPath)
|
|||
|
||||
hModule = GetModuleHandleEx2W(L"ntdll.dll");
|
||||
if (hModule == NULL)
|
||||
return GetLastErrorEx();
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
NtCreateUserProcess = (NTCREATEUSERPROCESS)GetProcAddressA((DWORD64)hModule, "NtCreateUserProcess");
|
||||
if (NtCreateUserProcess == NULL)
|
||||
return GetLastErrorEx();
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
RtlCreateProcessParametersEx = (RTLCREATEPROCESSPARAMETERSEX)GetProcAddressA((DWORD64)hModule, "RtlCreateProcessParametersEx");
|
||||
if (RtlCreateProcessParametersEx == NULL)
|
||||
return GetLastErrorEx();
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
RtlDestroyProcessParameters = (RTLDESTROYPROCESSPARAMETERS)GetProcAddressA((DWORD64)hModule, "RtlDestroyProcessParameters");
|
||||
if (RtlDestroyProcessParameters == NULL)
|
||||
return GetLastErrorEx();
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
CharStringToWCharString(wBinaryPath, BinaryPath, StringLengthA(BinaryPath));
|
||||
StringCopyW(MsDosFullPath, (PWCHAR)L"\\??\\");
|
||||
|
|
@ -197,7 +197,7 @@ DWORD CreateProcessViaNtCreateUserProcessA(PCHAR BinaryPath)
|
|||
RtlInitUnicodeString(&NtImagePath, MsDosFullPath);
|
||||
|
||||
if (RtlCreateProcessParametersEx(&ProcessParameters, &NtImagePath, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, RTL_USER_PROCESS_PARAMETERS_NORMALIZED) != ERROR_SUCCESS)
|
||||
return GetLastErrorEx();
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
AttributeList = (PPS_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, sizeof(PS_ATTRIBUTE));
|
||||
if (AttributeList)
|
||||
|
|
@ -208,7 +208,7 @@ DWORD CreateProcessViaNtCreateUserProcessA(PCHAR BinaryPath)
|
|||
AttributeList->Attributes[0].Value = (ULONG_PTR)NtImagePath.Buffer;
|
||||
|
||||
if (NtCreateUserProcess(&hHandle, &hThread, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS, NULL, NULL, NULL, NULL, ProcessParameters, &CreateInfo, AttributeList) != ERROR_SUCCESS)
|
||||
dwError = GetLastErrorEx(); //?
|
||||
dwError = GetLastErrorFromTeb(); //?
|
||||
}
|
||||
|
||||
if (AttributeList)
|
||||
|
|
@ -270,19 +270,19 @@ DWORD CreateProcessViaNtCreateUserProcessW(PWCHAR BinaryPath)
|
|||
|
||||
hModule = GetModuleHandleEx2W(L"ntdll.dll");
|
||||
if (hModule == NULL)
|
||||
return GetLastErrorEx();
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
NtCreateUserProcess = (NTCREATEUSERPROCESS)GetProcAddressA((DWORD64)hModule, "NtCreateUserProcess");
|
||||
if (NtCreateUserProcess == NULL)
|
||||
return GetLastErrorEx();
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
RtlCreateProcessParametersEx = (RTLCREATEPROCESSPARAMETERSEX)GetProcAddressA((DWORD64)hModule, "RtlCreateProcessParametersEx");
|
||||
if (RtlCreateProcessParametersEx == NULL)
|
||||
return GetLastErrorEx();
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
RtlDestroyProcessParameters = (RTLDESTROYPROCESSPARAMETERS)GetProcAddressA((DWORD64)hModule, "RtlDestroyProcessParameters");
|
||||
if (RtlDestroyProcessParameters == NULL)
|
||||
return GetLastErrorEx();
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
StringCopyW(MsDosFullPath, (PWCHAR)L"\\??\\");
|
||||
StringConcatW(MsDosFullPath, BinaryPath);
|
||||
|
|
@ -290,7 +290,7 @@ DWORD CreateProcessViaNtCreateUserProcessW(PWCHAR BinaryPath)
|
|||
RtlInitUnicodeString(&NtImagePath, MsDosFullPath);
|
||||
|
||||
if (RtlCreateProcessParametersEx(&ProcessParameters, &NtImagePath, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, RTL_USER_PROCESS_PARAMETERS_NORMALIZED) != ERROR_SUCCESS)
|
||||
return GetLastErrorEx();
|
||||
return GetLastErrorFromTeb();
|
||||
|
||||
AttributeList = (PPS_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, sizeof(PS_ATTRIBUTE));
|
||||
if (AttributeList)
|
||||
|
|
@ -301,7 +301,7 @@ DWORD CreateProcessViaNtCreateUserProcessW(PWCHAR BinaryPath)
|
|||
AttributeList->Attributes[0].Value = (ULONG_PTR)NtImagePath.Buffer;
|
||||
|
||||
if (NtCreateUserProcess(&hHandle, &hThread, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS, NULL, NULL, NULL, NULL, ProcessParameters, &CreateInfo, AttributeList) != ERROR_SUCCESS)
|
||||
dwError = GetLastErrorEx(); //?
|
||||
dwError = GetLastErrorFromTeb(); //?
|
||||
}
|
||||
|
||||
if (AttributeList)
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ BOOL UnusedSubroutineInitializeProcThreadAttributeList(LPPROC_THREAD_ATTRIBUTE_L
|
|||
|
||||
if (dwFlags || (dwAttributeCount > 0x1B))
|
||||
{
|
||||
SetLastErrorEx(ERROR_INVALID_PARAMETER);
|
||||
SetLastErrorInTeb(ERROR_INVALID_PARAMETER);
|
||||
return bFlag;
|
||||
}
|
||||
|
||||
|
|
@ -37,7 +37,7 @@ BOOL UnusedSubroutineInitializeProcThreadAttributeList(LPPROC_THREAD_ATTRIBUTE_L
|
|||
bFlag = TRUE;
|
||||
}
|
||||
else
|
||||
SetLastErrorEx(ERROR_INSUFFICIENT_BUFFER);
|
||||
SetLastErrorInTeb(ERROR_INSUFFICIENT_BUFFER);
|
||||
|
||||
*lpSize = dwSize;
|
||||
return bFlag;
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ INT PseudoRandomIntegerSubroutine(PULONG Context)
|
|||
return ((*Context = *Context * 1103515245 + 12345) % ((ULONG)RAND_MAX + 1));
|
||||
}
|
||||
|
||||
INT CreatePseudoRandomInteger(ULONG Seed)
|
||||
INT CreatePseudoRandomInteger(_In_ ULONG Seed)
|
||||
{
|
||||
return (PseudoRandomIntegerSubroutine(&Seed));
|
||||
}
|
||||
|
|
@ -1,11 +1,11 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
PWCHAR CreatePseudoRandomStringW(SIZE_T dwLength, ULONG Seed)
|
||||
PWCHAR CreatePseudoRandomStringW(_In_ SIZE_T dwLength, _In_ ULONG Seed)
|
||||
{
|
||||
WCHAR DataSet[] = L"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
||||
PWCHAR String = NULL;
|
||||
|
||||
String = (PWCHAR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (sizeof(WCHAR) * (dwLength + 1)));
|
||||
String = (PWCHAR)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, (sizeof(WCHAR) * (dwLength + 1)));
|
||||
if (String == NULL)
|
||||
return NULL;
|
||||
|
||||
|
|
@ -26,12 +26,12 @@ PWCHAR CreatePseudoRandomStringW(SIZE_T dwLength, ULONG Seed)
|
|||
return String;
|
||||
}
|
||||
|
||||
PCHAR CreatePseudoRandomStringA(SIZE_T dwLength, ULONG Seed)
|
||||
PCHAR CreatePseudoRandomStringA(_In_ SIZE_T dwLength, _In_ ULONG Seed)
|
||||
{
|
||||
CHAR DataSet[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
||||
PCHAR String = NULL;
|
||||
|
||||
String = (PCHAR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (sizeof(CHAR) * (dwLength + 1)));
|
||||
String = (PCHAR)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, (sizeof(CHAR) * (dwLength + 1)));
|
||||
if (String == NULL)
|
||||
return NULL;
|
||||
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ BOOL DelayedExecutionExecuteOnDisplayOff(VOID)
|
|||
|
||||
FAILURE:
|
||||
|
||||
dwError = GetLastError();
|
||||
dwError = GetLastErrorFromTeb();
|
||||
|
||||
if (hNotificationRegister)
|
||||
_PowerSettingUnregisterNotification(hNotificationRegister);
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ LPWSTR GetCurrentUserSidW(HANDLE hToken, BOOL DisposeProcessHandle)
|
|||
EXIT_ROUTINE:
|
||||
|
||||
if (!bFlag)
|
||||
dwError = GetLastErrorEx();
|
||||
dwError = GetLastErrorFromTeb();
|
||||
|
||||
if (TokenGroup)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, TokenGroup);
|
||||
|
|
@ -152,7 +152,7 @@ LPSTR GetCurrentUserSidA(HANDLE hToken, BOOL DisposeProcessHandle)
|
|||
EXIT_ROUTINE:
|
||||
|
||||
if (!bFlag)
|
||||
dwError = GetLastErrorEx();
|
||||
dwError = GetLastErrorFromTeb();
|
||||
|
||||
if (TokenGroup)
|
||||
HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, TokenGroup);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD GetLastErrorEx(VOID)
|
||||
DWORD GetLastErrorFromTeb(VOID)
|
||||
{
|
||||
return GetTeb()->LastErrorValue;
|
||||
}
|
||||
|
|
@ -9,7 +9,7 @@ PPEB GetPeb(VOID)
|
|||
#endif
|
||||
}
|
||||
|
||||
PPEB GetPebEx(VOID)
|
||||
PPEB GetPebFromTeb(VOID)
|
||||
{
|
||||
PTEB Teb;
|
||||
#if defined(_WIN64)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
//NOTE: PULONG must be pointed to an array of ULONG integers e.g. ULONG FileHash[4] = { 0 };
|
||||
BOOL HashFileByMsiFileHashTableW(PWCHAR Path, PULONG FileHash)
|
||||
BOOL HashFileByMsiFileHashTableW(_In_ PWCHAR Path, _Inout_ PULONG FileHash)
|
||||
{
|
||||
typedef struct _MSIFILEHASHINFO {
|
||||
ULONG dwFileHashInfoSize;
|
||||
|
|
@ -44,7 +44,7 @@ EXIT_ROUTINE:
|
|||
return bFlag;
|
||||
}
|
||||
|
||||
BOOL HashFileByMsiFileHashTableA(PCHAR Path, PULONG FileHash)
|
||||
BOOL HashFileByMsiFileHashTableA(_In_ PCHAR Path, _Inout_ PULONG FileHash)
|
||||
{
|
||||
typedef struct _MSIFILEHASHINFO {
|
||||
ULONG dwFileHashInfoSize;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD HashStringDjb2A(PCHAR String)
|
||||
DWORD HashStringDjb2A(_In_ PCHAR String)
|
||||
{
|
||||
ULONG Hash = 5381;
|
||||
INT c;
|
||||
|
|
@ -11,7 +11,7 @@ DWORD HashStringDjb2A(PCHAR String)
|
|||
return Hash;
|
||||
}
|
||||
|
||||
DWORD HashStringDjb2W(PWCHAR String)
|
||||
DWORD HashStringDjb2W(_In_ PWCHAR String)
|
||||
{
|
||||
ULONG Hash = 5381;
|
||||
INT c;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
ULONG HashStringFowlerNollVoVariant1aA(PCHAR String)
|
||||
ULONG HashStringFowlerNollVoVariant1aA(_In_ PCHAR String)
|
||||
{
|
||||
ULONG Hash = 0x811c9dc5;
|
||||
|
||||
|
|
@ -13,7 +13,7 @@ ULONG HashStringFowlerNollVoVariant1aA(PCHAR String)
|
|||
return Hash;
|
||||
}
|
||||
|
||||
ULONG HashStringFowlerNollVoVariant1aW(PWCHAR String)
|
||||
ULONG HashStringFowlerNollVoVariant1aW(_In_ PWCHAR String)
|
||||
{
|
||||
ULONG Hash = 0x811c9dc5;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
UINT32 HashStringJenkinsOneAtATime32BitA(PCHAR String)
|
||||
UINT32 HashStringJenkinsOneAtATime32BitA(_In_ PCHAR String)
|
||||
{
|
||||
SIZE_T Index = 0;
|
||||
UINT32 Hash = 0;
|
||||
|
|
@ -20,7 +20,7 @@ UINT32 HashStringJenkinsOneAtATime32BitA(PCHAR String)
|
|||
return Hash;
|
||||
}
|
||||
|
||||
UINT32 HashStringJenkinsOneAtATime32BitW(PWCHAR String)
|
||||
UINT32 HashStringJenkinsOneAtATime32BitW(_In_ PWCHAR String)
|
||||
{
|
||||
SIZE_T Index = 0;
|
||||
UINT32 Hash = 0;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD HashStringLoseLoseA(PCHAR String)
|
||||
DWORD HashStringLoseLoseA(_In_ PCHAR String)
|
||||
{
|
||||
ULONG Hash = 0;
|
||||
INT c;
|
||||
|
|
@ -11,7 +11,7 @@ DWORD HashStringLoseLoseA(PCHAR String)
|
|||
return Hash;
|
||||
}
|
||||
|
||||
DWORD HashStringLoseLoseW(PWCHAR String)
|
||||
DWORD HashStringLoseLoseW(_In_ PWCHAR String)
|
||||
{
|
||||
ULONG Hash = 0;
|
||||
INT c;
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ UINT32 HashStringRotr32SubA(UINT32 Value, UINT Count)
|
|||
#pragma warning( pop )
|
||||
}
|
||||
|
||||
INT HashStringRotr32A(PCHAR String)
|
||||
INT HashStringRotr32A(_In_ PCHAR String)
|
||||
{
|
||||
INT Value = 0;
|
||||
|
||||
|
|
@ -30,7 +30,7 @@ UINT32 HashStringRotr32SubW(UINT32 Value, UINT Count)
|
|||
#pragma warning( pop )
|
||||
}
|
||||
|
||||
INT HashStringRotr32W(PWCHAR String)
|
||||
INT HashStringRotr32W(_In_ PWCHAR String)
|
||||
{
|
||||
INT Value = 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD HashStringSdbmA(PCHAR String)
|
||||
DWORD HashStringSdbmA(_In_ PCHAR String)
|
||||
{
|
||||
ULONG Hash = 0;
|
||||
INT c;
|
||||
|
|
@ -11,7 +11,7 @@ DWORD HashStringSdbmA(PCHAR String)
|
|||
return Hash;
|
||||
}
|
||||
|
||||
DWORD HashStringSdbmW(PWCHAR String)
|
||||
DWORD HashStringSdbmW(_In_ PWCHAR String)
|
||||
{
|
||||
ULONG Hash = 0;
|
||||
INT c;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
UINT32 HashStringSuperFastHashA(PCHAR String)
|
||||
UINT32 HashStringSuperFastHashA(_In_ PCHAR String)
|
||||
{
|
||||
INT Length = (INT)StringLengthA(String);
|
||||
UINT32 Hash = Length;
|
||||
|
|
@ -56,7 +56,7 @@ UINT32 HashStringSuperFastHashA(PCHAR String)
|
|||
return Hash;
|
||||
}
|
||||
|
||||
UINT32 HashStringSuperFastHashW(PWCHAR String)
|
||||
UINT32 HashStringSuperFastHashW(_In_ PWCHAR String)
|
||||
{
|
||||
INT Length = (INT)StringLengthW(String);
|
||||
UINT32 Hash = Length;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
INT HashStringUnknownGenericHash1A(PCHAR String)
|
||||
INT HashStringUnknownGenericHash1A(_In_ PCHAR String)
|
||||
{
|
||||
PCHAR Pointer;
|
||||
INT Generic;
|
||||
|
|
@ -20,7 +20,7 @@ INT HashStringUnknownGenericHash1A(PCHAR String)
|
|||
return Hash;
|
||||
}
|
||||
|
||||
INT HashStringUnknownGenericHash1W(PWCHAR String)
|
||||
INT HashStringUnknownGenericHash1W(_In_ PWCHAR String)
|
||||
{
|
||||
PWCHAR Pointer;
|
||||
INT Generic;
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ BOOL IsProcessRunningAsAdmin(VOID)
|
|||
EXIT_ROUTINE:
|
||||
|
||||
if (!bFlag)
|
||||
SetLastErrorEx(ERROR_ACCESS_DENIED);
|
||||
SetLastErrorInTeb(ERROR_ACCESS_DENIED);
|
||||
|
||||
if (hToken)
|
||||
CloseHandle(hToken);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
BOOL MasqueradePebAsExplorerEx(VOID)
|
||||
BOOL MasqueradePebAsExplorer(VOID)
|
||||
{
|
||||
typedef NTSTATUS(NTAPI* RTLENTERCRITICALSECTION)(PRTL_CRITICAL_SECTION CriticalSection);
|
||||
typedef NTSTATUS(NTAPI* RTLLEAVECRITICALSECTION)(PRTL_CRITICAL_SECTION CriticalSection);
|
||||
|
|
@ -38,7 +38,7 @@ EXIT_ROUTINE:
|
|||
if (Result != S_OK)
|
||||
dwError = Win32FromHResult(Result);
|
||||
else
|
||||
dwError = GetLastErrorEx();
|
||||
dwError = GetLastErrorFromTeb();
|
||||
}
|
||||
|
||||
#pragma warning( push )
|
||||
|
|
@ -92,7 +92,7 @@ EXIT_ROUTINE:
|
|||
if (Result != S_OK)
|
||||
dwError = Win32FromHResult(Result);
|
||||
else
|
||||
dwError = GetLastErrorEx();
|
||||
dwError = GetLastErrorFromTeb();
|
||||
}
|
||||
|
||||
#pragma warning( push )
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
VOID SetLastErrorEx(DWORD ErrorCode)
|
||||
VOID SetLastErrorInTeb(_In_ DWORD ErrorCode)
|
||||
{
|
||||
GetTeb()->LastErrorValue = ErrorCode;
|
||||
}
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
VOID SetLastNtStatusEx(NTSTATUS Status)
|
||||
VOID SetLastNtStatusInTeb(_In_ NTSTATUS Status)
|
||||
{
|
||||
GetTeb()->LastStatusValue = Status;
|
||||
}
|
||||
|
|
@ -40,7 +40,7 @@ BOOL UacBypassFodHelperMethodW(PWCHAR PathToBinaryToExecute, PPROCESS_INFORMATIO
|
|||
|
||||
if (!RegGetValueW(hkResult, NULL, L"DelegateExecute", RRF_RT_REG_SZ, NULL, pvData, &dwError))
|
||||
{
|
||||
if (GetLastErrorEx() == ERROR_FILE_NOT_FOUND)
|
||||
if (GetLastErrorFromTeb() == ERROR_FILE_NOT_FOUND)
|
||||
{
|
||||
if (!RegSetKeyValueW(hkResult, NULL, L"DelegateExecute", REG_SZ, NULL, 0))
|
||||
goto EXIT_ROUTINE;
|
||||
|
|
@ -64,7 +64,7 @@ BOOL UacBypassFodHelperMethodW(PWCHAR PathToBinaryToExecute, PPROCESS_INFORMATIO
|
|||
EXIT_ROUTINE:
|
||||
|
||||
if(!bFlag)
|
||||
dwError = GetLastErrorEx();
|
||||
dwError = GetLastErrorFromTeb();
|
||||
|
||||
if (hkResult)
|
||||
RegCloseKey(hkResult);
|
||||
|
|
@ -94,7 +94,7 @@ BOOL UacBypassFodHelperMethodA(PCHAR PathToBinaryToExecute, PPROCESS_INFORMATION
|
|||
|
||||
if (!RegGetValueA(hkResult, NULL, "DelegateExecute", RRF_RT_REG_SZ, NULL, pvData, &dwError))
|
||||
{
|
||||
if (GetLastErrorEx() == ERROR_FILE_NOT_FOUND)
|
||||
if (GetLastErrorFromTeb() == ERROR_FILE_NOT_FOUND)
|
||||
{
|
||||
if (!RegSetKeyValueA(hkResult, NULL, "DelegateExecute", REG_SZ, NULL, 0))
|
||||
goto EXIT_ROUTINE;
|
||||
|
|
@ -118,7 +118,7 @@ BOOL UacBypassFodHelperMethodA(PCHAR PathToBinaryToExecute, PPROCESS_INFORMATION
|
|||
EXIT_ROUTINE:
|
||||
|
||||
if (!bFlag)
|
||||
dwError = GetLastErrorEx();
|
||||
dwError = GetLastErrorFromTeb();
|
||||
|
||||
if (hkResult)
|
||||
RegCloseKey(hkResult);
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ EXIT_ROUTINE:
|
|||
if (Result != S_OK)
|
||||
dwError = Win32FromHResult(Result);
|
||||
else
|
||||
dwError = GetLastErrorEx();
|
||||
dwError = GetLastErrorFromTeb();
|
||||
}
|
||||
|
||||
if (Urlmon)
|
||||
|
|
@ -185,7 +185,7 @@ EXIT_ROUTINE:
|
|||
if (Result != S_OK)
|
||||
dwError = Win32FromHResult(Result);
|
||||
else
|
||||
dwError = GetLastErrorEx();
|
||||
dwError = GetLastErrorFromTeb();
|
||||
}
|
||||
|
||||
if (Urlmon)
|
||||
|
|
|
|||
|
|
@ -158,7 +158,7 @@
|
|||
<ClCompile Include="GetCurrentWindowText.cpp" />
|
||||
<ClCompile Include="GetFileSizeFromPath.cpp" />
|
||||
<ClCompile Include="GetKUserSharedData.cpp" />
|
||||
<ClCompile Include="GetLastErrorEx.cpp" />
|
||||
<ClCompile Include="GetLastErrorFromTeb.cpp" />
|
||||
<ClCompile Include="GetLastNtStatusEx.cpp" />
|
||||
<ClCompile Include="GetNumberOfLinkedDlls.cpp" />
|
||||
<ClCompile Include="GetModuleHandleEx.cpp" />
|
||||
|
|
@ -195,7 +195,7 @@
|
|||
<ClCompile Include="IsProcessRunning.cpp" />
|
||||
<ClCompile Include="IsProcessRunningAsAdmin.cpp" />
|
||||
<ClCompile Include="Main.cpp" />
|
||||
<ClCompile Include="MasqueradePebAsExplorerEx.cpp" />
|
||||
<ClCompile Include="MasqueradePebAsExplorer.cpp" />
|
||||
<ClCompile Include="MpfComModifyShortcutTarget.cpp" />
|
||||
<ClCompile Include="MpfComVssDeleteShadowVolumeBackups.cpp" />
|
||||
<ClCompile Include="OleGetClipboardData.cpp" />
|
||||
|
|
@ -205,8 +205,8 @@
|
|||
<ClCompile Include="RtlInitUnicodeString.cpp" />
|
||||
<ClCompile Include="RtlLoadPeHeaders.cpp" />
|
||||
<ClCompile Include="SecureStringCopy.cpp" />
|
||||
<ClCompile Include="SetLastErrorEx.cpp" />
|
||||
<ClCompile Include="SetLastNtStatusEx.cpp" />
|
||||
<ClCompile Include="SetLastErrorInTeb.cpp" />
|
||||
<ClCompile Include="SetLastNtStatusInTeb.cpp" />
|
||||
<ClCompile Include="SetProcessPrivilegeToken.cpp" />
|
||||
<ClCompile Include="StringCompare.cpp" />
|
||||
<ClCompile Include="StringConcat.cpp" />
|
||||
|
|
|
|||
|
|
@ -111,16 +111,16 @@
|
|||
<ClCompile Include="WCharStringToCharString.cpp">
|
||||
<Filter>Source Files\String Manipulation\String Conversion</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="GetLastErrorEx.cpp">
|
||||
<ClCompile Include="GetLastErrorFromTeb.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Error Handling</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="GetLastNtStatusEx.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Error Handling</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="SetLastErrorEx.cpp">
|
||||
<ClCompile Include="SetLastErrorInTeb.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Error Handling</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="SetLastNtStatusEx.cpp">
|
||||
<ClCompile Include="SetLastNtStatusInTeb.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Error Handling</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="Win32FromHResult.cpp">
|
||||
|
|
@ -294,7 +294,7 @@
|
|||
<ClCompile Include="HashFileByMsiFileHashTable.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Cryptography Related</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="MasqueradePebAsExplorerEx.cpp">
|
||||
<ClCompile Include="MasqueradePebAsExplorer.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Evasion</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="AdfCloseHandleOnInvalidAddress.cpp">
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
DWORD Win32FromHResult(HRESULT Result)
|
||||
DWORD Win32FromHResult(_In_ HRESULT Result)
|
||||
{
|
||||
if ((Result & 0xFFFF0000) == MAKE_HRESULT(SEVERITY_ERROR, FACILITY_WIN32, 0))
|
||||
return HRESULT_CODE(Result);
|
||||
|
|
|
|||
|
|
@ -10,41 +10,42 @@
|
|||
#define Get16Bits(d) ((((UINT32)(((CONST UINT8*)(d))[1])) << 8) +(UINT32)(((CONST UINT8*)(d))[0]))
|
||||
|
||||
//error handling
|
||||
DWORD GetLastErrorEx(VOID);
|
||||
DWORD GetLastErrorFromTeb(VOID);
|
||||
NTSTATUS GetLastNtStatusEx(VOID);
|
||||
VOID SetLastErrorEx(DWORD ErrorCode);
|
||||
VOID SetLastNtStatusEx(NTSTATUS Status);
|
||||
DWORD Win32FromHResult(HRESULT Result);
|
||||
VOID SetLastErrorInTeb(_In_ DWORD ErrorCode);
|
||||
VOID SetLastNtStatusInTeb(_In_ NTSTATUS Status);
|
||||
DWORD Win32FromHResult(_In_ HRESULT Result);
|
||||
|
||||
//cryptography related
|
||||
DWORD HashStringDjb2A(PCHAR String);
|
||||
DWORD HashStringDjb2W(PWCHAR String);
|
||||
ULONG HashStringFowlerNollVoVariant1aA(PCHAR String);
|
||||
ULONG HashStringFowlerNollVoVariant1aW(PWCHAR String);
|
||||
UINT32 HashStringJenkinsOneAtATime32BitA(PCHAR String);
|
||||
UINT32 HashStringJenkinsOneAtATime32BitW(PWCHAR String);
|
||||
DWORD HashStringLoseLoseA(PCHAR String);
|
||||
DWORD HashStringLoseLoseW(PWCHAR String);
|
||||
INT HashStringRotr32A(PCHAR String);
|
||||
INT HashStringRotr32W(PWCHAR String);
|
||||
DWORD HashStringSdbmA(PCHAR String);
|
||||
DWORD HashStringSdbmW(PWCHAR String);
|
||||
UINT32 HashStringSuperFastHashA(PCHAR String);
|
||||
UINT32 HashStringSuperFastHashW(PWCHAR String);
|
||||
INT HashStringUnknownGenericHash1A(PCHAR String);
|
||||
INT HashStringUnknownGenericHash1W(PWCHAR String);
|
||||
INT CreatePseudoRandomInteger(ULONG Seed);
|
||||
PWCHAR CreatePseudoRandomStringW(SIZE_T dwLength, ULONG Seed);
|
||||
PCHAR CreatePseudoRandomStringA(SIZE_T dwLength, ULONG Seed);
|
||||
BOOL HashFileByMsiFileHashTableW(PWCHAR Path, PULONG FileHash);
|
||||
BOOL HashFileByMsiFileHashTableA(PCHAR Path, PULONG FileHash);
|
||||
DWORD HashStringDjb2A(_In_ PCHAR String);
|
||||
DWORD HashStringDjb2W(_In_ PWCHAR String);
|
||||
ULONG HashStringFowlerNollVoVariant1aA(_In_ PCHAR String);
|
||||
ULONG HashStringFowlerNollVoVariant1aW(_In_ PWCHAR String);
|
||||
UINT32 HashStringJenkinsOneAtATime32BitA(_In_ PCHAR String);
|
||||
UINT32 HashStringJenkinsOneAtATime32BitW(_In_ PWCHAR String);
|
||||
DWORD HashStringLoseLoseA(_In_ PCHAR String);
|
||||
DWORD HashStringLoseLoseW(_In_ PWCHAR String);
|
||||
INT HashStringRotr32A(_In_ PCHAR String);
|
||||
INT HashStringRotr32W(_In_ PWCHAR String);
|
||||
DWORD HashStringSdbmA(_In_ PCHAR String);
|
||||
DWORD HashStringSdbmW(_In_ PWCHAR String);
|
||||
UINT32 HashStringSuperFastHashA(_In_ PCHAR String);
|
||||
UINT32 HashStringSuperFastHashW(_In_ PWCHAR String);
|
||||
INT HashStringUnknownGenericHash1A(_In_ PCHAR String);
|
||||
INT HashStringUnknownGenericHash1W(_In_ PWCHAR String);
|
||||
BOOL CreateMd5HashFromFilePathW(_In_ PWCHAR FilePath, _Inout_ PWCHAR Md5Hash);
|
||||
BOOL CreateMd5HashFromFilePathA(_In_ PCHAR FilePath, _Inout_ PCHAR Md5Hash);
|
||||
INT CreatePseudoRandomInteger(_In_ ULONG Seed);
|
||||
PWCHAR CreatePseudoRandomStringW(_In_ SIZE_T dwLength, _In_ ULONG Seed);
|
||||
PCHAR CreatePseudoRandomStringA(_In_ SIZE_T dwLength, _In_ ULONG Seed);
|
||||
BOOL HashFileByMsiFileHashTableW(_In_ PWCHAR Path, _Inout_ PULONG FileHash);
|
||||
BOOL HashFileByMsiFileHashTableA(_In_ PCHAR Path, _Inout_ PULONG FileHash);
|
||||
|
||||
|
||||
//library loading
|
||||
PTEB GetTeb(VOID);
|
||||
PPEB GetPeb(VOID);
|
||||
PPEB GetPebEx(VOID);
|
||||
PPEB GetPebFromTeb(VOID);
|
||||
PKUSER_SHARED_DATA GetKUserSharedData(VOID);
|
||||
PRTL_USER_PROCESS_PARAMETERS GetRtlUserProcessParameters(VOID);
|
||||
DWORD64 __stdcall GetProcAddressDjb2(DWORD64 ModuleBase, DWORD64 Hash);
|
||||
|
|
@ -117,7 +118,7 @@ HRESULT CreateProcessFromIHxInteractiveUserW(PWCHAR UriFile);
|
|||
HRESULT CreateProcessFromIHxInteractiveUserA(PCHAR UriFile);
|
||||
HRESULT CreateProcessFromIHxHelpPaneServerW(PWCHAR UriFile);
|
||||
HRESULT CreateProcessFromIHxHelpPaneServerA(PCHAR UriFile);
|
||||
BOOL MasqueradePebAsExplorerEx(VOID);
|
||||
BOOL MasqueradePebAsExplorer(VOID);
|
||||
BOOL CreateFileFromDsCopyFromSharedFileW(PWCHAR NewFileName, PWCHAR FileToClone);
|
||||
BOOL CreateFileFromDsCopyFromSharedFileA(PCHAR NewFileName, PCHAR FileToClone);
|
||||
BOOL UacBypassFodHelperMethodA(PCHAR PathToBinaryToExecute, PPROCESS_INFORMATION Pi);
|
||||
|
|
|
|||
Loading…
Reference in New Issue