Advertisement
waliedassar

Sample common.arg

Aug 22nd, 2012
484
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.73 KB | None | 0 0
  1. //http://waleedassar.blogspot.com - (@waleedassar)
  2. //This file should be placed in the same directory as ollydbg.exe
  3.  
  4. TYPE SYSTEM_INFORMATION_CLASS
  5. IF 0 "SystemBasicInformation"
  6. IF 1 "SystemProcessorInformation"
  7. IF 2 "SystemPerformanceInformation"
  8. IF 3 "SystemTimeOfDayInformation"
  9. IF 4 "SystemPathInformation"
  10. IF 5 "SystemProcessInformation"
  11. IF 6 "SystemCallCountInformation"
  12. IF 7 "SystemDeviceInformation"
  13. IF 8 "SystemProcessorPerformanceInformation"
  14. IF 9 "SystemFlagsInformation"
  15. IF A "SystemCallTimeInformation"
  16. IF B "SystemModuleInformation"
  17. IF C "SystemLocksInformation"
  18. IF D "SystemStackTraceInformation"
  19. IF E "SystemPagedPoolInformation"
  20. IF F "SystemNonPagedPoolInformation"
  21. IF 10 "SystemHandleInformation"
  22. IF 11 "SystemObjectInformation"
  23. IF 12 "SystemPageFileInformation"
  24. IF 13 "SystemVdmInstemulInformation"
  25. IF 14 "SystemVdmBopInformation"
  26. IF 15 "SystemFileCacheInformation"
  27. IF 16 "SystemPoolTagInformation"
  28. IF 17 "SystemInterruptInformation"
  29. IF 18 "SystemDpcBehaviorInformation"
  30. IF 19 "SystemFullMemoryInformation"
  31. IF 1A "SystemLoadGdiDriverInformation"
  32. IF 1B "SystemUnloadGdiDriverInformation"
  33. IF 1C "SystemTimeAdjustmentInformation"
  34. IF 1D "SystemSummaryMemoryInformation"
  35. IF 1E "SystemNextEventIdInformation"
  36. IF 1F "SystemEventIdsInformation"
  37. IF 20 "SystemCrashDumpInformation"
  38. IF 21 "SystemExceptionInformation"
  39. IF 22 "SystemCrashDumpStateInformation"
  40. IF 23 "SystemKernelDebuggerInformation"
  41. IF 24 "SystemContextSwitchInformation"
  42. IF 25 "SystemRegistryQuotaInformation"
  43. IF 26 "SystemExtendServiceTableInformation"
  44. IF 27 "SystemPrioritySeperation"
  45. IF 28 "SystemPlugPlayBusInformation"
  46. IF 29 "SystemDockInformation"
  47. IF 2A "SystemPowerInformation"
  48. IF 2B "SystemProcessorSpeedInformation"
  49. IF 2C "SystemCurrentTimeZoneInformation"
  50. IF 2D "SystemLookasideInformation"
  51. IF 2E "SystemTimeSlipNotification"
  52. IF 2F "SystemSessionCreate"
  53. IF 30 "SystemSessionDetach"
  54. IF 31 "SystemSessionInformation"
  55. IF 32 "SystemRangeStartInformation"
  56. IF 33 "SystemVerifierInformation"
  57. IF 34 "SystemVerifierThunkExtend"
  58. IF 35 "SystemSessionProcessInformation"
  59. IF 36 "SystemLoadGdiDriverInSystemSpace"
  60. IF 37 "SystemNumaProcessorMap"
  61. IF 38 "SystemPrefetcherInformation"
  62. IF 39 "SystemExtendedProcessInformation"
  63. IF 3A "SystemRecommendedSharedDataAlignment"
  64. IF 3B "SystemComPlusPackage"
  65. IF 3C "SystemNumaAvailableMemory"
  66. END
  67.  
  68. TYPE PRIVILEGGE
  69. IF 2 "SE_CREATE_TOKEN_PRIVILEGE"
  70. IF 3 "SE_ASSIGNPRIMARYTOKEN_PRIVILEGE"
  71. IF 4 "SE_LOCK_MEMORY_PRIVILEGE"
  72. IF 5 "SE_INCREASE_QUOTA_PRIVILEGE"
  73. IF 6 "SE_MACHINE_ACCOUNT_PRIVILEGE"
  74. IF 7 "SE_TCB_PRIVILEGE"
  75. IF 8 "SE_SECURITY_PRIVILEGE"
  76. IF 9 "SE_TAKE_OWNERSHIP_PRIVILEGE"
  77. IF A "SE_LOAD_DRIVER_PRIVILEGE"
  78. IF B "SE_SYSTEM_PROFILE_PRIVILEGE"
  79. IF C "SE_SYSTEMTIME_PRIVILEGE"
  80. IF D "SE_PROF_SINGLE_PROCESS_PRIVILEGE"
  81. IF E "SE_INC_BASE_PRIORITY_PRIVILEGE"
  82. IF F "SE_CREATE_PAGEFILE_PRIVILEGE"
  83. IF 10 "SE_CREATE_PERMANENT_PRIVILEGE"
  84. IF 11 "SE_BACKUP_PRIVILEGE"
  85. IF 12 "SE_RESTORE_PRIVILEGE"
  86. IF 13 "SE_SHUTDOWN_PRIVILEGE"
  87. IF 14 "SE_DEBUG_PRIVILEGE"
  88. IF 15 "SE_AUDIT_PRIVILEGE"
  89. IF 16 "SE_SYSTEM_ENVIRONMENT_PRIVILEGE"
  90. IF 17 "SE_CHANGE_NOTIFY_PRIVILEGE"
  91. IF 18 "SE_REMOTE_SHUTDOWN_PRIVILEGE"
  92. IF 19 "SE_UNDOCK_PRIVILEGE"
  93. IF 1A "SE_SYNC_AGENT_PRIVILEGE"
  94. IF 1B "SE_ENABLE_DELEGATION_PRIVILEGE"
  95. IF 1C "SE_MANAGE_VOLUME_PRIVILEGE"
  96. IF 1D "SE_IMPERSONATE_PRIVILEGE"
  97. IF 1E "SE_CREATE_GLOBAL_PRIVILEGE"
  98. IF 1F "SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE"
  99. IF 20 "SE_RELABEL_PRIVILEGE"
  100. IF 21 "SE_INC_WORKING_SET_PRIVILEGE"
  101. IF 22 "SE_TIME_ZONE_PRIVILEGE"
  102. IF 23 "SE_CREATE_SYMBOLIC_LINK_PRIVILEGE"
  103. END
  104.  
  105. TYPE THREAD_INFORMATION_CLASS
  106. IF 0 "ThreadBasicInformation"
  107. IF 1 "ThreadTimes"
  108. IF 2 "ThreadPriority"
  109. IF 3 "ThreadBasePriority"
  110. IF 4 "ThreadAffinityMask"
  111. IF 5 "ThreadImpersonationToken"
  112. IF 6 "ThreadDescriptorTableEntry"
  113. IF 7 "ThreadEnableAlignmentFaultFixup"
  114. IF 8 "ThreadEventPair_Reusable"
  115. IF 9 "ThreadQuerySetWin32StartAddress"
  116. IF 0A "ThreadZeroTlsCell"
  117. IF 0B "ThreadPerformanceCount"
  118. IF 0C "ThreadAmILastThread"
  119. IF 0D "ThreadIdealProcessor"
  120. IF 0E "ThreadPriorityBoost"
  121. IF 0F "ThreadSetTlsArrayAddress"
  122. IF 10 "ThreadIsIoPending"
  123. IF 11 "ThreadHideFromDebugger"
  124. IF 12 "ThreadBreakOnTermination"
  125. IF 13 "ThreadSwitchLegacyState"
  126. IF 14 "ThreadIsTerminated"
  127. IF 15 "ThreadLastSystemCall"
  128. IF 16 "ThreadIoPriority"
  129. IF 17 "ThreadCycleTime"
  130. IF 18 "ThreadPagePriority"
  131. IF 19 "ThreadActualBasePriority"
  132. IF 1A "ThreadTebInformation"
  133. IF 1B "ThreadCSwitchMon"
  134. IF 1C "ThreadCSwitchPmu"
  135. IF 1D "ThreadWow64Context"
  136. IF 1E "ThreadGroupInformation"
  137. IF 1F "ThreadUmsInformation"
  138. IF 20 "ThreadCounterProfiling"
  139. IF 21 "ThreadIdealProcessorEx"
  140. END
  141.  
  142.  
  143. TYPE PROCESS_INFORMATION_CLASS
  144. IF 0 "ProcessBasicInformation"
  145. IF 1 "ProcessQuotaLimits"
  146. IF 2 "ProcessIoCounters"
  147. IF 3 "ProcessVmCounters"
  148. IF 4 "ProcessTimes"
  149. IF 5 "ProcessBasePriority"
  150. IF 6 "ProcessRaisePriority"
  151. IF 7 "ProcessDebugPort"
  152. IF 8 "ProcessExceptionPort"
  153. IF 9 "ProcessAccessToken"
  154. IF 0A "ProcessLdtInformation"
  155. IF 0B "ProcessLdtSize"
  156. IF 0C "ProcessDefaultHardErrorMode"
  157. IF 0D "ProcessIoPortHandlers"
  158. IF 0E "ProcessPooledUsageAndLimits"
  159. IF 0F "ProcessWorkingSetWatch"
  160. IF 10 "ProcessUserModeIOPL"
  161. IF 11 "ProcessEnableAlignmentFaultFixup"
  162. IF 12 "ProcessPriorityClass"
  163. IF 13 "ProcessWx86Information"
  164. IF 14 "ProcessHandleCount"
  165. IF 15 "ProcessAffinityMask"
  166. IF 16 "ProcessPriorityBoost"
  167. IF 17 "ProcessDeviceMap"
  168. IF 18 "ProcessSessionId"
  169. IF 19 "ProcessForegroundInformation"
  170. IF 1A "ProcessWow64PEB"
  171. IF 1B "ProcessImageName"
  172. IF 1C "ProcessLUIDDeviceMapsEnabled"
  173. IF 1D "ProcessBreakOnTermination"
  174. IF 1E "ProcessDebugObjectHandle"
  175. IF 1F "ProcessDebugFlags"
  176. IF 20 "ProcessHandleTracing"
  177. IF 21 "ProcessIoPriority"
  178. IF 22 "ProcessExecuteFlags"
  179. IF 23 "ProcessTlsInformation"
  180. IF 24 "ProcessCookie"
  181. IF 25 "ProcessImageInformation"
  182. IF 26 "ProcessCycleTime"
  183. IF 27 "ProcessPagePriority"
  184. IF 28 "ProcessInstrumentationCallback"
  185. IF 29 "ProcessThreadStackAllocation"
  186. IF 2A "ProcessWorkingSetWatchEx"
  187. IF 2B "ProcessImageFileNameWin32"
  188. IF 2C "ProcessImageFileMapping"
  189. IF 2D "ProcessAffinityUpdateMode"
  190. IF 2E "ProcessMemoryAllocationMode"
  191. IF 2F "ProcessActiveGroupMask"
  192. IF 30 "ProcessTokenVirtualizationEnabled"
  193. IF 31 "ProcessConsoleHostProcess"
  194. IF 32 "ProcessWindowInformation"
  195. END
  196.  
  197. TYPE GETWRITEWATCHFLAGS
  198. IF 1 "WRITE_WATCH_FLAG_RESET"
  199. END
  200.  
  201. TYPE SymOptions
  202. IF 1 "WRITE_WATCH_FLAG_RESET"
  203. END
  204.  
  205.  
  206. TYPE CSIDL
  207. if 0x0 "DESKTOP"
  208. if 0x1 "INTERNET"
  209. if 0x2 "PROGRAMS"
  210. if 0x3 "CONTROLS"
  211. if 0x4 "PRINTERS"
  212. if 0x5 "PERSONAL"
  213. if 0x6 "FAVORITES"
  214. if 0x7 "STARTUP"
  215. if 0x8 "RECENT"
  216. if 0x9 "SENDTO"
  217. if 0xA "BITBUCKET"
  218. if 0xB "STARTMENU"
  219. if 0xC "MYDOCUMENTS"
  220. if 0xD "MYMUSIC"
  221. if 0xE "MYVIDEO"
  222. if 0x10 "DESKTOPDIRECTORY"
  223. if 0x11 "DRIVES"
  224. if 0x12 "NETWORK"
  225. if 0x13 "NETHOOD"
  226. if 0x14 "FONTS"
  227. if 0x15 "TEMPLATES"
  228. if 0x16 "COMMON_STARTMENU"
  229. if 0x17 "COMMON_PROGRAMS"
  230. if 0x18 "COMMON_STARTUP"
  231. if 0x19 "COMMON_DESKTOPDIRECTORY"
  232. if 0x1A "APPDATA"
  233. if 0x1B "PRINTHOOD"
  234. if 0x1C "LOCAL_APPDATA"
  235. if 0x1D "ALTSTARTUP"
  236. if 0x1E "COMMON_ALTSTARTUP"
  237. if 0x1F "COMMON_FAVORITES"
  238. if 0x20 "INTERNET_CACHE"
  239. if 0x21 "COOKIES"
  240. if 0x22 "HISTORY"
  241. if 0x23 "COMMON_APPDATA"
  242. if 0x24 "WINDOWS"
  243. if 0x25 "SYSTEM"
  244. if 0x26 "PROGRAM_FILES"
  245. if 0x27 "MYPICTURES"
  246. if 0x28 "PROFILE"
  247. if 0x29 "SYSTEMX86"
  248. if 0x2A "PROGRAM_FILESX86"
  249. if 0x2B "PROGRAM_FILES_COMMON"
  250. if 0x2C "PROGRAM_FILES_COMMONX86"
  251. if 0x2D "COMMON_TEMPLATES"
  252. if 0x2E "COMMON_DOCUMENTS"
  253. if 0x2F "COMMON_ADMINTOOLS"
  254. if 0x30 "ADMINTOOLS"
  255. if 0x31 "CONNECTIONS"
  256. if 0x35 "COMMON_MUSIC"
  257. if 0x36 "COMMON_PICTURES"
  258. if 0x37 "COMMON_VIDEO"
  259. if 0x38 "RESOURCES"
  260. if 0x39 "RESOURCES_LOCALIZED"
  261. if 0x3A "COMMON_OEM_LINKS"
  262. if 0x3B "CDBURN_AREA"
  263. if 0x3D "COMPUTERSNEARME"
  264. END
  265.  
  266. TYPE VMINF_CLASS
  267. if 0x0 "MemoryBasicInformation"
  268. if 0x1 "MemoryWorkingSetList"
  269. if 0x2 "MemorySectionName"
  270. if 0x3 "MemoryBasicVlmInformation"
  271. END
  272.  
  273. TYPE PROT__x
  274. if 0x10 "PAGE_EXECUTE"
  275. if 0x20 "PAGE_EXECUTE_READ"
  276. if 0x40 "PAGE_EXECUTE_READWRITE"
  277. if 0x80 "PAGE_EXECUTE_WRITECOPY"
  278. if 0x01 "PAGE_NOACCESS"
  279. if 0x02 "PAGE_READONLY"
  280. if 0x04 "PAGE_READWRITE"
  281. if 0x08 "PAGE_WRITECOPY"
  282. if 0x100 "PAGE_GUARD"
  283. if 0x200 "PAGE_NOCACHE"
  284. if 0x400 "PAGE_WRITECOMBINE"
  285. END
  286.  
  287.  
  288. TYPE ALLOC_ATT
  289. if 0x08000000 "SEC_COMMIT"
  290. if 0x01000000 "SEC_IMAGE"
  291. if 0x11000000 "SEC_IMAGE_NO_EXECUTE"
  292. if 0x80000000 "SEC_LARGE_PAGES"
  293. if 0x10000000 "SEC_NOCACHE"
  294. if 0x04000000 "SEC_RESERVE"
  295. if 0x40000000 "SEC_WRITECOMBINE"
  296. END
  297.  
  298. TYPE ALLOC_TYPE
  299. if 0x00001000 "MEM_COMMIT"
  300. if 0x00002000 "MEM_RESERVE"
  301. if 0x00080000 "MEM_RESET"
  302. if 0x01000000 "MEM_RESET_UNDO"
  303. if 0x20000000 "MEM_LARGE_PAGES"
  304. if 0x00400000 "MEM_PHYSICAL"
  305. if 0x00100000 "MEM_TOP_DOWN"
  306. if 0x00200000 "MEM_WRITE_WATCH"
  307. END
  308.  
  309. TYPE VIEW__x
  310. if 0x1 "VIEW_SHARE"
  311. if 0x2 "VIEW_UNMAP"
  312. END
  313.  
  314.  
  315. STDFUNC ThunRTMain
  316. "Bulky" ADDR
  317. END
  318.  
  319. STDFUNC RtlSetProcessIsCritical
  320. "Critical" BOOL
  321. "pOld" ADDR
  322. "NeedBreaks" BOOL
  323. END
  324.  
  325. STDFUNC VirtualAllocEx
  326. "hProcess" INT
  327. "lpAddress" INT
  328. "dwSize" INT
  329. "flAllocationType" INT
  330. "flProtect" INT
  331. End
  332.  
  333.  
  334. STDFUNC SetProcessDEPPolicy
  335. "dwFlags" BOOL
  336. End
  337.  
  338. STDFUNC GetLongPathNameW
  339. "lpszShortPath" UNICODE
  340. "lpszLongPath" UNICODE
  341. "cchBuffer" INT
  342. END
  343.  
  344. STDFUNC GetLongPathNameA
  345. "lpszShortPath" ASCII
  346. "lpszLongPath" ASCII
  347. "cchBuffer" INT
  348. END
  349.  
  350. STDFUNC StgOpenStorage
  351. "pwcsName" UNICODE
  352. "pstgPriority" ADDR
  353. "grfMode" INT
  354. "snbExclude" INT
  355. "reserved" INT
  356. "IStorage" ADDR
  357. END
  358.  
  359. STDFUNC HeapSetInformation
  360. "HeapHandle" INT
  361. "HeapInformationClass" INT
  362. "HeapInformation" ADDR
  363. "HeapInformationLength" INT
  364. END
  365.  
  366. STDFUNC InterlockedCompareExchange
  367. "Destination" ADDR
  368. "Exchange" INT
  369. "Comparand" INT
  370. END
  371.  
  372.  
  373. STDFUNC UnDecorateSymbolName
  374. "DecoratedName" ASCII
  375. "UnDecoratedName" ASCII
  376. "UndecoratedLength" INT
  377. "Flags" INT
  378. END
  379.  
  380. STDFunc SysAllocStringLen
  381. "strIn" UNICODE
  382. "ui" INT
  383. END
  384.  
  385. STDFUNC SysFreeString
  386. "bstrString" ADDR
  387. END
  388.  
  389. STDFUNC SysReAllocStringLen
  390. "pbstr" ADDR
  391. "pch" UNICODE
  392. "cch" INT
  393. END
  394.  
  395.  
  396. STDFUNC ZwQueryInformationThread
  397. "HANDLE" INT
  398. "ThreadInformationClass" THREAD_INFORMATION_CLASS
  399. "ThreadInformation" ADDR
  400. "ThreadInformationLength" INT
  401. "ResultLength" ADDR
  402. END
  403.  
  404. STDFUNC NtQueryInformationThread
  405. "HANDLE" INT
  406. "ThreadInformationClass" THREAD_INFORMATION_CLASS
  407. "ThreadInformation" ADDR
  408. "ThreadInformationLength" INT
  409. "ResultLength" ADDR
  410. END
  411.  
  412.  
  413. STDFUNC ZwSetInformationThread
  414. "HANDLE" INT
  415. "ThreadInformationClass" THREAD_INFORMATION_CLASS
  416. "ThreadInformation" ADDR
  417. "ThreadInformationLength" ADDR
  418. END
  419.  
  420. STDFUNC NtSetInformationThread
  421. "HANDLE" INT
  422. "ThreadInformationClass" THREAD_INFORMATION_CLASS
  423. "ThreadInformation" ADDR
  424. "ThreadInformationLength" ADDR
  425. END
  426.  
  427. STDFUNC ZwQueryInformationProcess
  428. "HANDLE" INT
  429. "ProcessInformationClass" PROCESS_INFORMATION_CLASS
  430. "ProcessInformation" ADDR
  431. "ProcessInformationLength" INT
  432. "ResultLength" ADDR
  433. END
  434.  
  435. STDFUNC NtQueryInformationProcess
  436. "HANDLE" INT
  437. "ProcessInformationClass" PROCESS_INFORMATION_CLASS
  438. "ProcessInformation" ADDR
  439. "ProcessInformationLength" INT
  440. "ResultLength" ADDR
  441. END
  442.  
  443. STDFUNC ZwSetInformationProcess
  444. "HANDLE" INT
  445. "ProcessInformationClass" PROCESS_INFORMATION_CLASS
  446. "ProcessInformation" ADDR
  447. "ProcessInformationLength" ADDR
  448. END
  449.  
  450. STDFUNC NtSetInformationProcess
  451. "HANDLE" INT
  452. "ProcessInformationClass" PROCESS_INFORMATION_CLASS
  453. "ProcessInformation" ADDR
  454. "ProcessInformationLength" ADDR
  455. END
  456.  
  457. STDFUNC RtlAdjustPrivilege
  458. "Privilege" PRIVILEGGE
  459. "Enable" BOOL
  460. "CurrentThread" INT
  461. "Enabled" ADDR
  462. END
  463.  
  464.  
  465. STDFUNC RtlDecompressBuffer
  466. "CompressionFormat" INT
  467. "UncompressedBuffer" ADDR
  468. "UncompressedBufferSize" INT
  469. "CompressedBuffer" ADDR
  470. "CompressedBufferSize" INT
  471. "FinalUncompressedSize" ADDR
  472. END
  473.  
  474.  
  475. STDFUNC SHGetSpecialFolderLocation
  476. "hwndOwner" INT
  477. "nFolder" INT
  478. "ppidl" ADDR
  479. END
  480.  
  481. STDFUNC CreateProcessInternalW
  482. "UNK1" INT
  483. "ModuleFileName" UNICODE
  484. "CmdLine" UNICODE
  485. "pProcessSecurity" ADDR
  486. "pThreadSecurity" ADDR
  487. "InheritHandles" BOOL
  488. "CreationFlags" INT
  489. "pEnvironment" ADDR
  490. "CurrentDirectory" UNICODE
  491. "pStartupInfo" ADDR
  492. "pProcessInfo" ADDR
  493. "UNK2" INT
  494. END
  495.  
  496.  
  497. STDFUNC GetWriteWatch
  498. "dwFlags" GETWRITEWATCHFLAGS
  499. "lpBaseAddress" ADDR
  500. "dwRegionSize" INT
  501. "lpAddresses" ADDR
  502. "lpdwCount" ADDR
  503. "lpdwGranularity" ADDR
  504. END
  505.  
  506.  
  507. STDFUNC _Disasm
  508. "src" ASCII
  509. "srcsize" INT
  510. "srcip" INT
  511. "srcdec" ASCII
  512. "disasm" ADDR
  513. "dismode" INT
  514. "threadid" INT
  515. END
  516.  
  517.  
  518. STDFUNC CoInitialize
  519. "pvReserved" ADDR
  520. END
  521.  
  522. STDFUNC SYMOPTIONS
  523. "src" ASCII
  524. "srcsize" INT
  525. "srcip" INT
  526. "srcdec" ASCII
  527. "disasm" ADDR
  528. "dismode" INT
  529. "threadid" INT
  530. END
  531.  
  532.  
  533. STDFUNC SymSetOptions
  534. "SymOptions" SymOptions
  535. END
  536.  
  537. STDFUNC ZwQuerySystemInformationEx
  538. "InformationClass" INT
  539. "QueryInformation" ADDR
  540. "QueryInformationLength" ADDR
  541. "SystemInfotmation" ADDR
  542. "SystemInformationLength" INT
  543. "ReturnLength" ADDR
  544. END
  545.  
  546.  
  547. STDFUNC GetActiveProcessorCount
  548. "GroupNumber" INT
  549. END
  550.  
  551. STDFUNC GetMaximumProcessorCount
  552. "GroupNumber" INT
  553. END
  554.  
  555. STDFUNC ZwCreateDebugObject
  556. "pTEBDebugObject" ADDR
  557. "DesiredAccess" INT
  558. "pObjAttributes" ADDR
  559. "Flags" BOOL
  560. END
  561.  
  562. STDFUNC SHGetFolderPathA
  563. "hwndOwner" INT
  564. "nFolder" CSIDL
  565. "hToken" INT
  566. "dwFlags" INT
  567. "pszPath" ASCII
  568. END
  569.  
  570. STDFUNC SHGetFolderPathW
  571. "hwndOwner" INT
  572. "nFolder" CSIDL
  573. "hToken" INT
  574. "dwFlags" INT
  575. "pszPath" UNICODE
  576. END
  577.  
  578. STDFUNC ZwProtectVirtualMemory
  579. "hProcess" HANDLE
  580. "pBase" ADDR
  581. "pSize" ADDR
  582. "Prot" PROT__x
  583. "pOut" ADDR
  584. END
  585. STDFUNC ZWQueryVirtualMemory
  586. "hProcess" HANDLE
  587. "Address" ADDR
  588. "VirtualMemoryInformationClass" VMINF_CLASS
  589. "VirtualMemoryInformation" ADDR
  590. "VirtualMemoryInformationLength" INT
  591. "pResult" ADDR
  592. END
  593. STDFUNC RtlCreateUserThread
  594. "ProcessHandle" INT
  595. "PSECURITY_DESCRIPTOR" ADDR
  596. "CreateSuspended" BOOL
  597. "StackZeroBits" INT
  598. "StackReserve" INT
  599. "StackCommit" INT
  600. "StartAddress" ADDR
  601. "Parameter" ADDR
  602. "pThreadHandle" ADDR
  603. "pCLIENT_ID" ADDR
  604. END
  605.  
  606. STDFUNC ZwSetInformationDebugObject
  607. "hDbg" HANDLE
  608. "InformationClass" INT
  609. "pInformation" ADDR
  610. "InformationLength" INT
  611. "pResultLength" ADDR
  612. END
  613.  
  614. STDFUNC ZwDebugContinue
  615. "hDbg" HANDLE
  616. "pClientID" ADDR
  617. "ContinueStatus" INT
  618. END
  619.  
  620. STDFUNC AddVectoredExceptionHandler
  621. "IsFirst" BOOL
  622. "pHandler" ADDR
  623. END
  624.  
  625.  
  626.  
  627. STDFUNC ZwCreateSection
  628. "pSectionHandle" ADDR
  629. "DesiredAccess" INT
  630. "pObjectAttributes" ADDR
  631. "pMaximumSize" ADDR
  632. "SectionPageProtection" PROT__x
  633. "AllocationAttributes" ALLOC_ATT
  634. "FileHandle" INT
  635. END
  636.  
  637. STDFUNC ZwMapViewOfSection
  638. SectionHandle INT
  639. ProcessHandle INT
  640. pBaseAddress ADDR
  641. ZeroBits INT
  642. CommitSize INT
  643. pSectionOffset ADDR
  644. pViewSize ADDR
  645. InheritDisposition VIEW__x
  646. AllocationType ALLOC_TYPE
  647. Win32Protect PROT__x
  648. END
  649.  
  650. STDFUNC ZwSetSystemInformation
  651. SystemInformationClass SYSTEM_INFORMATION_CLASS
  652. SystemInformation ADDR
  653. SystemInformationLength INT
  654. END
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement