github.com/iDigitalFlame/xmt@v0.5.4/device/winapi/m_no_funcmap.go (about)

     1  //go:build windows && !funcmap
     2  // +build windows,!funcmap
     3  
     4  // Copyright (C) 2020 - 2023 iDigitalFlame
     5  //
     6  // This program is free software: you can redistribute it and/or modify
     7  // it under the terms of the GNU General Public License as published by
     8  // the Free Software Foundation, either version 3 of the License, or
     9  // any later version.
    10  //
    11  // This program is distributed in the hope that it will be useful,
    12  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    13  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14  // GNU General Public License for more details.
    15  //
    16  // You should have received a copy of the GNU General Public License
    17  // along with this program.  If not, see <https://www.gnu.org/licenses/>.
    18  //
    19  
    20  package winapi
    21  
    22  import (
    23  	"syscall"
    24  
    25  	"github.com/iDigitalFlame/xmt/data"
    26  )
    27  
    28  // FuncEntry is a simple struct that is used to describe the current status of
    29  // function mappings. This struct is returned by a call to 'FuncRemaps' in a
    30  // slice of current remaps.
    31  type FuncEntry struct{}
    32  
    33  // FuncUnmapAll attempts to call 'FuncUnmap' on all currently mapped functions.
    34  // If any error occurs during unmapping, this function will stop and return an
    35  // error. Errors will stop any pending unmap calls from occuring.
    36  func FuncUnmapAll() error {
    37  	return nil
    38  }
    39  
    40  // FuncUnmap will attempt to unmap the ntdll.dll function by name. If successful
    41  // all calls to the affected function will work normally and the allocated memory
    42  // region will be freed.
    43  //
    44  // This function returns ErrNotExist if the function name is not a recognized
    45  // ntdll.dll function that does a direct syscall.
    46  //
    47  // This function returns nil even if the function was not previously remapped.
    48  //
    49  // If this function returns any errors do not assume the call site was fixed
    50  // to behave normally.
    51  func FuncUnmap(_ string) error {
    52  	return nil
    53  }
    54  
    55  // FuncRemapList returns a list of all current remapped functions. This includes
    56  // the old and new addresses and the function name hash.
    57  //
    58  // If no functions are remapped, this function returns nil.
    59  func FuncRemapList() []FuncEntry {
    60  	return nil
    61  }
    62  
    63  // FuncUnmapHash will attempt to unmap the ntdll.dll by its function hash. If
    64  // successful all calls to the affected function will work normally and the
    65  // allocated memory region will be freed.
    66  //
    67  // This function returns ErrNotExist if the function name is not a recognized
    68  // ntdll.dll function that does a direct syscall.
    69  //
    70  // This function returns nil even if the function was not previously remapped.
    71  //
    72  // If this function returns any errors do not assume the call site was fixed
    73  // to behave normally.
    74  func FuncUnmapHash(_ uint32) error {
    75  	return nil
    76  }
    77  
    78  // FuncRemap attempts to remap the raw ntdll.dll function name with the supplied
    79  // machine-code bytes. If successful, this will point all function calls in the
    80  // runtime to that allocated byte array in memory, bypassing any hooked calls
    81  // without overriting any existing memory.
    82  //
    83  // This function returns EINVAL if the byte slice is empty or ErrNotExist if the
    84  // function name is not a recognized ntdll.dll function that does a direct syscall.
    85  //
    86  // It is recommended to call 'FuncUnmap(name)' or 'FuncUnmapAll' once complete
    87  // to release the memory space.
    88  //
    89  // The 'Func*' functions only work of the build tag "funcmap" is used during
    90  // buildtime, otherwise these functions return EINVAL.
    91  func FuncRemap(_ string, _ []byte) error {
    92  	return syscall.EINVAL
    93  }
    94  
    95  // FuncRemapHash attempts to remap the raw ntdll.dll function hash with the supplied
    96  // machine-code bytes. If successful, this will point all function calls in the
    97  // runtime to that allocated byte array in memory, bypassing any hooked calls
    98  // without overriting any existing memory.
    99  //
   100  // This function returns EINVAL if the byte slice is empty or ErrNotExist if the
   101  // function hash is not a recognized ntdll.dll function that does a direct syscall.
   102  //
   103  // It is recommended to call 'FuncUnmap(name)' or 'FuncUnmapAll' once complete
   104  // to release the memory space.
   105  //
   106  // The 'Func*' functions only work of the build tag "funcmap" is used during
   107  // buildtime, otherwise these functions return EINVAL.
   108  func FuncRemapHash(_ uint32, _ []byte) error {
   109  	return syscall.EINVAL
   110  }
   111  
   112  // MarshalStream transforms this struct into a binary format and writes to the
   113  // supplied data.Writer.
   114  func (FuncEntry) MarshalStream(_ data.Writer) error {
   115  	return nil
   116  }
   117  func registerSyscall(_ *lazyProc, _ string, _ uint32) {}