API tools faq
paste
Guest User

Untitled

a guest
Oct 1st, 2023
158
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 7.81 KB | None | 0 0
raw download clone embed print report
  1. #pragma once
  2. #pragma once
  3. #include <ntdef.h>
  4. #include <ntifs.h>
  5. #include <ntddk.h>
  6. #include <windef.h>
  7.  
  8. typedef struct PiDDBCacheEntry
  9. {
  10.     LIST_ENTRY      List;
  11.     UNICODE_STRING  DriverName;
  12.     ULONG           TimeDateStamp;
  13.     NTSTATUS        LoadStatus;
  14.     char            _0x0028[16];
  15. }PIDCacheobj;
  16.  
  17. #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES        16
  18.  
  19. typedef struct _IMAGE_DATA_DIRECTORY
  20. {
  21.     ULONG VirtualAddress;
  22.     ULONG Size;
  23. } IMAGE_DATA_DIRECTORY, * PIMAGE_DATA_DIRECTORY;
  24.  
  25. typedef struct _IMAGE_OPTIONAL_HEADER64
  26. {
  27.     USHORT Magic;
  28.     UCHAR MajorLinkerVersion;
  29.     UCHAR MinorLinkerVersion;
  30.     ULONG SizeOfCode;
  31.     ULONG SizeOfInitializedData;
  32.     ULONG SizeOfUninitializedData;
  33.     ULONG AddressOfEntryPoint;
  34.     ULONG BaseOfCode;
  35.     ULONGLONG ImageBase;
  36.     ULONG SectionAlignment;
  37.     ULONG FileAlignment;
  38.     USHORT MajorOperatingSystemVersion;
  39.     USHORT MinorOperatingSystemVersion;
  40.     USHORT MajorImageVersion;
  41.     USHORT MinorImageVersion;
  42.     USHORT MajorSubsystemVersion;
  43.     USHORT MinorSubsystemVersion;
  44.     ULONG Win32VersionValue;
  45.     ULONG SizeOfImage;
  46.     ULONG SizeOfHeaders;
  47.     ULONG CheckSum;
  48.     USHORT Subsystem;
  49.     USHORT DllCharacteristics;
  50.     ULONGLONG SizeOfStackReserve;
  51.     ULONGLONG SizeOfStackCommit;
  52.     ULONGLONG SizeOfHeapReserve;
  53.     ULONGLONG SizeOfHeapCommit;
  54.     ULONG LoaderFlags;
  55.     ULONG NumberOfRvaAndSizes;
  56.     struct _IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
  57. } IMAGE_OPTIONAL_HEADER64, * PIMAGE_OPTIONAL_HEADER64;
  58.  
  59. typedef struct _IMAGE_FILE_HEADER
  60. {
  61.     USHORT Machine;
  62.     USHORT NumberOfSections;
  63.     ULONG TimeDateStamp;
  64.     ULONG PointerToSymbolTable;
  65.     ULONG NumberOfSymbols;
  66.     USHORT SizeOfOptionalHeader;
  67.     USHORT Characteristics;
  68. } IMAGE_FILE_HEADER, * PIMAGE_FILE_HEADER;
  69.  
  70. typedef struct _IMAGE_NT_HEADERS64
  71. {
  72.     ULONG Signature;
  73.     struct _IMAGE_FILE_HEADER FileHeader;
  74.     struct _IMAGE_OPTIONAL_HEADER64 OptionalHeader;
  75. } IMAGE_NT_HEADERS64, * PIMAGE_NT_HEADERS64;
  76.  
  77. typedef struct _IMAGE_SECTION_HEADER
  78. {
  79.     UCHAR  Name[8];
  80.     union
  81.     {
  82.         ULONG PhysicalAddress;
  83.         ULONG VirtualSize;
  84.     } Misc;
  85.     ULONG VirtualAddress;
  86.     ULONG SizeOfRawData;
  87.     ULONG PointerToRawData;
  88.     ULONG PointerToRelocations;
  89.     ULONG PointerToLinenumbers;
  90.     USHORT  NumberOfRelocations;
  91.     USHORT  NumberOfLinenumbers;
  92.     ULONG Characteristics;
  93. } IMAGE_SECTION_HEADER, * PIMAGE_SECTION_HEADER;
  94.  
  95. extern "C" NTSYSAPI
  96. PIMAGE_NT_HEADERS
  97. NTAPI
  98. RtlImageNtHeader(PVOID Base);
  99.  
  100.  
  101. typedef enum _SYSTEM_INFORMATION_CLASS
  102. {
  103.     SystemBasicInformation,
  104.     SystemProcessorInformation,
  105.     SystemPerformanceInformation,
  106.     SystemTimeOfDayInformation,
  107.     SystemPathInformation,
  108.     SystemProcessInformation,
  109.     SystemCallCountInformation,
  110.     SystemDeviceInformation,
  111.     SystemProcessorPerformanceInformation,
  112.     SystemFlagsInformation,
  113.     SystemCallTimeInformation,
  114.     SystemModuleInformation = 0x0B
  115. } SYSTEM_INFORMATION_CLASS,
  116. * PSYSTEM_INFORMATION_CLASS;
  117.  
  118. typedef struct _SYSTEM_PROCESS_INFO
  119. {
  120.     ULONG NextEntryOffset;
  121.     ULONG NumberOfThreads;
  122.     LARGE_INTEGER WorkingSetPrivateSize;
  123.     ULONG HardFaultCount;
  124.     ULONG NumberOfThreadsHighWatermark;
  125.     ULONGLONG CycleTime;
  126.     LARGE_INTEGER CreateTime;
  127.     LARGE_INTEGER UserTime;
  128.     LARGE_INTEGER KernelTime;
  129.     UNICODE_STRING ImageName;
  130.     KPRIORITY BasePriority;
  131.     HANDLE UniqueProcessId;
  132.     HANDLE InheritedFromUniqueProcessId;
  133.     ULONG HandleCount;
  134.     ULONG SessionId;
  135.     ULONG_PTR UniqueProcessKey;
  136.     SIZE_T PeakVirtualSize;
  137.     SIZE_T VirtualSize;
  138.     ULONG PageFaultCount;
  139.     SIZE_T PeakWorkingSetSize;
  140.     SIZE_T WorkingSetSize;
  141.     SIZE_T QuotaPeakPagedPoolUsage;
  142.     SIZE_T QuotaPagedPoolUsage;
  143.     SIZE_T QuotaPeakNonPagedPoolUsage;
  144.     SIZE_T QuotaNonPagedPoolUsage;
  145.     SIZE_T PagefileUsage;
  146.     SIZE_T PeakPagefileUsage;
  147.     SIZE_T PrivatePageCount;
  148.     LARGE_INTEGER ReadOperationCount;
  149.     LARGE_INTEGER WriteOperationCount;
  150.     LARGE_INTEGER OtherOperationCount;
  151.     LARGE_INTEGER ReadTransferCount;
  152.     LARGE_INTEGER WriteTransferCount;
  153.     LARGE_INTEGER OtherTransferCount;
  154. }SYSTEM_PROCESS_INFO, * PSYSTEM_PROCESS_INFO;
  155.  
  156. typedef struct _RTL_PROCESS_MODULE_INFORMATION
  157. {
  158.     HANDLE Section;
  159.     PVOID MappedBase;
  160.     PVOID ImageBase;
  161.     ULONG ImageSize;
  162.     ULONG Flags;
  163.     USHORT LoadOrderIndex;
  164.     USHORT InitOrderIndex;
  165.     USHORT LoadCount;
  166.     USHORT OffsetToFileName;
  167.     UCHAR  FullPathName[256];
  168. } RTL_PROCESS_MODULE_INFORMATION, * PRTL_PROCESS_MODULE_INFORMATION;
  169.  
  170. typedef struct _RTL_PROCESS_MODULES
  171. {
  172.     ULONG NumberOfModules;
  173.     RTL_PROCESS_MODULE_INFORMATION Modules[1];
  174. } RTL_PROCESS_MODULES, * PRTL_PROCESS_MODULES;
  175.  
  176. typedef struct _PEB_LDR_DATA
  177. {
  178.     ULONG Length;
  179.     UCHAR Initialized;
  180.     PVOID SsHandle;
  181.     LIST_ENTRY InLoadOrderModuleList;
  182.     LIST_ENTRY InMemoryOrderModuleList;
  183.     LIST_ENTRY InInitializationOrderModuleList;
  184. } PEB_LDR_DATA, * PPEB_LDR_DATA;
  185.  
  186. typedef struct _RTL_USER_PROCESS_PARAMETERS {
  187.     BYTE Reserved1[16];
  188.     PVOID Reserved2[10];
  189.     UNICODE_STRING ImagePathName;
  190.     UNICODE_STRING CommandLine;
  191. } RTL_USER_PROCESS_PARAMETERS, * PRTL_USER_PROCESS_PARAMETERS;
  192.  
  193. typedef void(__stdcall* PPS_POST_PROCESS_INIT_ROUTINE)(void); // not exported
  194.  
  195. typedef struct _PEB
  196. {
  197.     UCHAR InheritedAddressSpace;
  198.     UCHAR ReadImageFileExecOptions;
  199.     UCHAR BeingDebugged;
  200.     UCHAR BitField;
  201.     PVOID Mutant;
  202.     PVOID ImageBaseAddress;
  203.     PPEB_LDR_DATA Ldr;
  204.     PVOID ProcessParameters;
  205.     PVOID SubSystemData;
  206.     PVOID ProcessHeap;
  207.     PVOID FastPebLock;
  208.     PVOID AtlThunkSListPtr;
  209.     PVOID IFEOKey;
  210.     PVOID CrossProcessFlags;
  211.     PVOID KernelCallbackTable;
  212.     ULONG SystemReserved;
  213.     ULONG AtlThunkSListPtr32;
  214.     PVOID ApiSetMap;
  215. } PEB, * PPEB;
  216.  
  217. typedef struct _LDR_DATA_TABLE_ENTRY
  218. {
  219.     LIST_ENTRY InLoadOrderLinks;
  220.     LIST_ENTRY InMemoryOrderLinks;
  221.     LIST_ENTRY InInitializationOrderLinks;
  222.     PVOID DllBase;
  223.     PVOID EntryPoint;
  224.     ULONG SizeOfImage;
  225.     UNICODE_STRING FullDllName;
  226.     UNICODE_STRING BaseDllName;
  227.     ULONG Flags;
  228.     USHORT LoadCount;
  229.     USHORT TlsIndex;
  230.     LIST_ENTRY HashLinks;
  231.     ULONG TimeDateStamp;
  232. } LDR_DATA_TABLE_ENTRY, * PLDR_DATA_TABLE_ENTRY;
  233.  
  234. extern "C" __declspec(dllimport) NTSTATUS NTAPI ZwProtectVirtualMemory
  235. (
  236.     HANDLE ProcessHandle,
  237.     PVOID * BaseAddress,
  238.     PULONG ProtectSize,
  239.     ULONG NewProtect,
  240.     PULONG OldProtect
  241. );
  242.  
  243. extern "C" NTKERNELAPI PVOID NTAPI RtlFindExportedRoutineByName(_In_ PVOID ImageBase, _In_ PCCH RoutineName);
  244.  
  245. extern "C" NTSTATUS ZwQuerySystemInformation(ULONG InfoClass, PVOID Buffer, ULONG Length, PULONG ReturnLength);
  246.  
  247. extern "C" NTKERNELAPI PPEB PsGetProcessPeb(IN PEPROCESS Process);
  248.  
  249. extern "C" NTSYSAPI PIMAGE_NT_HEADERS NTAPI RtlImageNtHeader(PVOID Base);
  250.  
  251. extern "C" NTKERNELAPI PVOID PsGetProcessSectionBaseAddress(__in PEPROCESS Process);
  252.  
  253. extern "C"
  254. NTKERNELAPI
  255. PVOID
  256. NTAPI
  257. PsGetProcessWow64Process(_In_ PEPROCESS Process);
  258.  
  259.  
  260. extern "C" NTSTATUS NTAPI MmCopyVirtualMemory
  261. (
  262.     PEPROCESS SourceProcess,
  263.     PVOID SourceAddress,
  264.     PEPROCESS TargetProcess,
  265.     PVOID TargetAddress,
  266.     SIZE_T BufferSize,
  267.     KPROCESSOR_MODE PreviousMode,
  268.     PSIZE_T ReturnSize
  269. );
  270.  
  271. typedef struct _PEB_LDR_DATA32
  272. {
  273.     ULONG Length;
  274.     UCHAR Initialized;
  275.     ULONG SsHandle;
  276.     LIST_ENTRY32 InLoadOrderModuleList;
  277.     LIST_ENTRY32 InMemoryOrderModuleList;
  278.     LIST_ENTRY32 InInitializationOrderModuleList;
  279. } PEB_LDR_DATA32, * PPEB_LDR_DATA32;
  280.  
  281. typedef struct _LDR_DATA_TABLE_ENTRY32
  282. {
  283.     LIST_ENTRY32 InLoadOrderLinks;
  284.     LIST_ENTRY32 InMemoryOrderLinks;
  285.     LIST_ENTRY32 InInitializationOrderLinks;
  286.     ULONG DllBase;
  287.     ULONG EntryPoint;
  288.     ULONG SizeOfImage;
  289.     UNICODE_STRING32 FullDllName;
  290.     UNICODE_STRING32 BaseDllName;
  291.     ULONG Flags;
  292.     USHORT LoadCount;
  293.     USHORT TlsIndex;
  294.     LIST_ENTRY32 HashLinks;
  295.     ULONG TimeDateStamp;
  296. } LDR_DATA_TABLE_ENTRY32, * PLDR_DATA_TABLE_ENTRY32;
  297.  
  298. typedef struct _PEB32
  299. {
  300.     UCHAR InheritedAddressSpace;
  301.     UCHAR ReadImageFileExecOptions;
  302.     UCHAR BeingDebugged;
  303.     UCHAR BitField;
  304.     ULONG Mutant;
  305.     ULONG ImageBaseAddress;
  306.     ULONG Ldr;
  307.     ULONG ProcessParameters;
  308.     ULONG SubSystemData;
  309.     ULONG ProcessHeap;
  310.     ULONG FastPebLock;
  311.     ULONG AtlThunkSListPtr;
  312.     ULONG IFEOKey;
  313.     ULONG CrossProcessFlags;
  314.     ULONG UserSharedInfoPtr;
  315.     ULONG SystemReserved;
  316.     ULONG AtlThunkSListPtr32;
  317.     ULONG ApiSetMap;
  318. } PEB32, * PPEB32;
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!