API tools faq
paste
Advertisement
Broihon

Untitled

Broihon
Sep 11th, 2016
216
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ (WinAPI) 6.49 KB | None | 0 0
raw download clone embed print report
  1. #pragma once
  2.  
  3. #ifndef NT_FUNCS_H
  4. #define NT_FUNCS_H
  5.  
  6. #include <Windows.h>
  7.  
  8. enum _THREADINFOCLASS
  9. {
  10.     ThreadBasicInformation,
  11.     ThreadTimes,
  12.     ThreadPriority,
  13.     ThreadBasePriority,
  14.     ThreadAffinityMask,
  15.     ThreadImpersonationToken,
  16.     ThreadDescriptorTableEntry,
  17.     ThreadEnableAlignmentFaultFixup,
  18.     ThreadEventPair,
  19.     ThreadQuerySetWin32StartAddress,
  20.     ThreadZeroTlsCell,
  21.     ThreadPerformanceCount,
  22.     ThreadAmILastThread,
  23.     ThreadIdealProcessor,
  24.     ThreadPriorityBoost,
  25.     ThreadSetTlsArrayAddress,
  26.     ThreadIsIoPending,
  27.     ThreadHideFromDebugger,
  28.     ThreadBreakOnTermination,
  29.     ThreadSwitchLegacyState,
  30.     ThreadIsTerminated,
  31.     ThreadLastSystemCall,
  32.     ThreadIoPriority,
  33.     ThreadPagePriority,
  34.     ThreadActualBasePriority,
  35.     ThreadTebInformation,
  36.     ThreadCSwitchMon,
  37.     ThreadCSwitchPmu,
  38.     ThreadWow64Context,
  39.     ThreadGroupInformation,
  40.     ThreadUmsInformation,
  41.     ThreadCounterProfiling,
  42.     ThreadIdealProcessorEx,
  43.     ThreadCpuAccountingInformation,
  44.     ThreadSuspendCount,
  45.     ThreadHeterogeneousCpuPolicy,
  46.     ThreadContainerId,
  47.     ThreadNameInformation,
  48.     ThreadProperty,
  49.     ThreadSelectedCpuSets,
  50.     ThreadSystemThreadInformation,
  51.     MaxThreadInfoClass
  52. };
  53. typedef _THREADINFOCLASS THREADINFOCLASS;
  54. //  NtQueryInformationThread
  55. //  NtSetInformationThread
  56.  
  57. enum _MEMORY_INFORMATION_CLASS
  58. {
  59.     MemoryBasicInformation,
  60.     MemoryWorkingSetInformation,
  61.     MemoryMappedFilenameInformation,
  62.     MemoryRegionInformation,
  63.     MemoryWorkingSetExInformation,
  64.     MemorySharedCommitInformation
  65. };
  66. typedef _MEMORY_INFORMATION_CLASS MEMORY_INFORMATION_CLASS;
  67. typedef _MEMORY_INFORMATION_CLASS MEMORYINFOCLASS;
  68. //  NtQueryVirtualMemory
  69.  
  70.  
  71. enum _PROCESSINFOCLASS
  72. {
  73.     ProcessBasicInformation,
  74.     ProcessQuotaLimits,
  75.     ProcessIoCounters,
  76.     ProcessVmCounters,
  77.     ProcessTimes,
  78.     ProcessBasePriority,
  79.     ProcessRaisePriority,
  80.     ProcessDebugPort,
  81.     ProcessExceptionPort,
  82.     ProcessAccessToken,
  83.     ProcessLdtInformation,
  84.     ProcessLdtSize,
  85.     ProcessDefaultHardErrorMode,
  86.     ProcessIoPortHandlers,
  87.     ProcessPooledUsageAndLimits,
  88.     ProcessWorkingSetWatch,
  89.     ProcessUserModeIOPL,
  90.     ProcessEnableAlignmentFaultFixup,
  91.     ProcessPriorityClass,
  92.     ProcessWx86Information,
  93.     ProcessHandleCount,
  94.     ProcessAffinityMask,
  95.     ProcessPriorityBoost,
  96.     ProcessDeviceMap,
  97.     ProcessSessionInformation,
  98.     ProcessForegroundInformation,
  99.     ProcessWow64Information,
  100.     ProcessImageFileName,
  101.     ProcessLUIDDeviceMapsEnabled,
  102.     ProcessBreakOnTermination,
  103.     ProcessDebugObjectHandle,
  104.     ProcessDebugFlags,
  105.     ProcessHandleTracing,
  106.     ProcessIoPriority,
  107.     ProcessExecuteFlags,
  108.     ProcessResourceManagement,
  109.     ProcessCookie,
  110.     ProcessImageInformation,
  111.     ProcessCycleTime,
  112.     ProcessPagePriority,
  113.     ProcessInstrumentationCallback,
  114.     ProcessThreadStackAllocation,
  115.     ProcessWorkingSetWatchEx,
  116.     ProcessImageFileNameWin32,
  117.     ProcessImageFileMapping,
  118.     ProcessAffinityUpdateMode,
  119.     ProcessMemoryAllocationMode,
  120.     ProcessGroupInformation,
  121.     ProcessTokenVirtualizationEnabled,
  122.     ProcessConsoleHostProcess,
  123.     ProcessWindowInformation,
  124.     ProcessHandleInformation,
  125.     ProcessMitigationPolicy,
  126.     ProcessDynamicFunctionTableInformation,
  127.     ProcessHandleCheckingMode,
  128.     ProcessKeepAliveCount,
  129.     ProcessRevokeFileHandles,
  130.     ProcessWorkingSetControl,
  131.     ProcessHandleTable,
  132.     ProcessCheckStackExtentsMode,
  133.     ProcessCommandLineInformation,
  134.     ProcessProtectionInformation,
  135.     ProcessMemoryExhaustion,
  136.     ProcessFaultInformation,
  137.     ProcessTelemetryIdInformation,
  138.     ProcessCommitReleaseInformation,
  139.     ProcessDefaultCpuSetsInformation,
  140.     ProcessAllowedCpuSetsInformation,
  141.     ProcessReserved1Information,
  142.     ProcessReserved2Information,
  143.     ProcessSubsystemProcess,
  144.     ProcessJobMemoryInformation,
  145.     MaxProcessInfoClass
  146. };
  147. typedef _PROCESSINFOCLASS PROCESSINFOCLASS;
  148. //  NtQueryInformationProcess
  149. //  NtSetInformationProcess
  150.  
  151. struct SECTION_INFO
  152. {
  153.     WORD Len;
  154.     WORD MaxLen;
  155.     wchar_t * szData;
  156.     BYTE pData[MAX_PATH * 2];
  157. };
  158. // NtQueryVirtualMemory: MemoryMappedFilenameInformation
  159.  
  160. struct UNICODE_STRING
  161. {
  162.     WORD        Length;
  163.     WORD        MaxLength;
  164.     wchar_t *   szBuffer;
  165. };
  166.  
  167. struct LDR_DATA_TABLE_ENTRY
  168. {
  169.     LIST_ENTRY      InLoadOrder;
  170.     LIST_ENTRY      InMemoryOrder;
  171.     LIST_ENTRY      InInitOrder;
  172.     void *          DllBase;
  173.     void *          EntryPoint;
  174.     ULONG           SizeOfImage;
  175.     UNICODE_STRING  FullDllName;
  176.     UNICODE_STRING  BaseDllName;
  177. };
  178.  
  179. struct PEB_LDR_DATA
  180. {
  181.     BYTE        Res[12];
  182.     LIST_ENTRY  InLoadOrderModuleListHead;
  183.     LIST_ENTRY  InMemoryOrderModuleListHead;
  184.     LIST_ENTRY  InInitializationOrderModuleListHead;
  185. };
  186.  
  187. struct PEB
  188. {
  189.     void * Reserved[3];
  190.     PEB_LDR_DATA * pLdrData;
  191. };
  192.  
  193. struct PROCESS_BASIC_INFORMATION
  194. {
  195.     void *      Res1;
  196.     PEB *       pPEB;
  197.     void *      Res2[2];
  198.     ULONG_PTR   Res3;
  199.     void *      Res4;
  200. }; //NtQueryInformationProcess: ProcessBasicInformation
  201.  
  202. typedef struct _PS_ATTRIBUTE
  203. {
  204.     ULONG       Attribute;
  205.     SIZE_T      Size;
  206.     union
  207.     {
  208.         ULONG   Value;
  209.         void *  ValuePtr;
  210.     };
  211.     SIZE_T *    ReturnLength;
  212. } PS_ATTRIBUTE, *PPS_ATTRIBUTE;
  213. // NtCreateThreadEx
  214.  
  215. typedef struct _PS_ATTRIBUTE_LIST
  216. {
  217.     SIZE_T Size;
  218.     PS_ATTRIBUTE Attributes[1];
  219. } PS_ATTRIBUTE_LIST, *PPS_ATTRIBUTE_LIST;
  220. // NtCreateThreadEx
  221.  
  222. typedef struct _OBJECT_ATTRIBUTES
  223. {
  224.     ULONG           Length;
  225.     HANDLE          hRootDirectory;
  226.     UNICODE_STRING *pObjectName;
  227.     ULONG           Attributes;
  228.     void *          SecurityDescriptor;
  229.     void *          SecurityQualityOfService;
  230. } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
  231. // NtCreateThreadEx
  232.  
  233.  
  234. typedef NTSTATUS(__stdcall * f_NtQueryInformationThread)(HANDLE hThread, THREADINFOCLASS TIC, void * pBuffer, ULONG BufferSize, ULONG * SizeOut);
  235. typedef NTSTATUS(__stdcall * f_NtSetInformationThread)(HANDLE hThread, THREADINFOCLASS TIC, void * pBuffer, ULONG BufferSize);
  236.  
  237. typedef NTSTATUS(__stdcall * f_NtQueryVirtualMemory)(HANDLE hProc, void * pBase, MEMORYINFOCLASS MIC, void * pBuffer, SIZE_T BufferSize, SIZE_T * SizeOut);
  238.  
  239. typedef NTSTATUS(__stdcall * f_NtQueryInformationProcess)(HANDLE hProc, PROCESSINFOCLASS PIC, void * pBuffer, ULONG BufferSize, ULONG * SizeOut);
  240. typedef NTSTATUS(__stdcall * f_NtSetInformationProcess)(HANDLE hProc, PROCESSINFOCLASS PIC, void * pBuffer, ULONG BufferSize);
  241.  
  242. typedef NTSTATUS(__stdcall * f_NtReadVirtualMemory)(HANDLE hProc, void * pAddress, void * pBuffer, ULONG BufferSize, ULONG * SizeOut);
  243. typedef NTSTATUS(__stdcall * f_NtWriteVirtualMemory)(HANDLE hProc, void * pAddress, void * pBuffer, ULONG BufferSize, ULONG * SizeOut);
  244.  
  245. typedef NTSTATUS(__stdcall * f_LdrLoadDll)(wchar_t * szOptPath, ULONG ulFlags, UNICODE_STRING * pModuleFileName, HANDLE * pOut);
  246.  
  247. typedef NTSTATUS(__stdcall * f_NtCreateThreadEx)(HANDLE * pHandle, ACCESS_MASK DesiredAccess, void * pAttr, HANDLE hProc, void * pFunc, void * pArg,
  248.     ULONG Flags, SIZE_T ZeroBits, SIZE_T StackSize, SIZE_T MaxStackSize, void * pAttrListOut);
  249. #endif
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!