github.com/iDigitalFlame/xmt@v0.5.4/device/winapi/m_no_funcmap.go (about) 1 //go:build windows && !funcmap 2 // +build windows,!funcmap 3 4 // Copyright (C) 2020 - 2023 iDigitalFlame 5 // 6 // This program is free software: you can redistribute it and/or modify 7 // it under the terms of the GNU General Public License as published by 8 // the Free Software Foundation, either version 3 of the License, or 9 // any later version. 10 // 11 // This program is distributed in the hope that it will be useful, 12 // but WITHOUT ANY WARRANTY; without even the implied warranty of 13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 // GNU General Public License for more details. 15 // 16 // You should have received a copy of the GNU General Public License 17 // along with this program. If not, see <https://www.gnu.org/licenses/>. 18 // 19 20 package winapi 21 22 import ( 23 "syscall" 24 25 "github.com/iDigitalFlame/xmt/data" 26 ) 27 28 // FuncEntry is a simple struct that is used to describe the current status of 29 // function mappings. This struct is returned by a call to 'FuncRemaps' in a 30 // slice of current remaps. 31 type FuncEntry struct{} 32 33 // FuncUnmapAll attempts to call 'FuncUnmap' on all currently mapped functions. 34 // If any error occurs during unmapping, this function will stop and return an 35 // error. Errors will stop any pending unmap calls from occuring. 36 func FuncUnmapAll() error { 37 return nil 38 } 39 40 // FuncUnmap will attempt to unmap the ntdll.dll function by name. If successful 41 // all calls to the affected function will work normally and the allocated memory 42 // region will be freed. 43 // 44 // This function returns ErrNotExist if the function name is not a recognized 45 // ntdll.dll function that does a direct syscall. 46 // 47 // This function returns nil even if the function was not previously remapped. 48 // 49 // If this function returns any errors do not assume the call site was fixed 50 // to behave normally. 51 func FuncUnmap(_ string) error { 52 return nil 53 } 54 55 // FuncRemapList returns a list of all current remapped functions. This includes 56 // the old and new addresses and the function name hash. 57 // 58 // If no functions are remapped, this function returns nil. 59 func FuncRemapList() []FuncEntry { 60 return nil 61 } 62 63 // FuncUnmapHash will attempt to unmap the ntdll.dll by its function hash. If 64 // successful all calls to the affected function will work normally and the 65 // allocated memory region will be freed. 66 // 67 // This function returns ErrNotExist if the function name is not a recognized 68 // ntdll.dll function that does a direct syscall. 69 // 70 // This function returns nil even if the function was not previously remapped. 71 // 72 // If this function returns any errors do not assume the call site was fixed 73 // to behave normally. 74 func FuncUnmapHash(_ uint32) error { 75 return nil 76 } 77 78 // FuncRemap attempts to remap the raw ntdll.dll function name with the supplied 79 // machine-code bytes. If successful, this will point all function calls in the 80 // runtime to that allocated byte array in memory, bypassing any hooked calls 81 // without overriting any existing memory. 82 // 83 // This function returns EINVAL if the byte slice is empty or ErrNotExist if the 84 // function name is not a recognized ntdll.dll function that does a direct syscall. 85 // 86 // It is recommended to call 'FuncUnmap(name)' or 'FuncUnmapAll' once complete 87 // to release the memory space. 88 // 89 // The 'Func*' functions only work of the build tag "funcmap" is used during 90 // buildtime, otherwise these functions return EINVAL. 91 func FuncRemap(_ string, _ []byte) error { 92 return syscall.EINVAL 93 } 94 95 // FuncRemapHash attempts to remap the raw ntdll.dll function hash with the supplied 96 // machine-code bytes. If successful, this will point all function calls in the 97 // runtime to that allocated byte array in memory, bypassing any hooked calls 98 // without overriting any existing memory. 99 // 100 // This function returns EINVAL if the byte slice is empty or ErrNotExist if the 101 // function hash is not a recognized ntdll.dll function that does a direct syscall. 102 // 103 // It is recommended to call 'FuncUnmap(name)' or 'FuncUnmapAll' once complete 104 // to release the memory space. 105 // 106 // The 'Func*' functions only work of the build tag "funcmap" is used during 107 // buildtime, otherwise these functions return EINVAL. 108 func FuncRemapHash(_ uint32, _ []byte) error { 109 return syscall.EINVAL 110 } 111 112 // MarshalStream transforms this struct into a binary format and writes to the 113 // supplied data.Writer. 114 func (FuncEntry) MarshalStream(_ data.Writer) error { 115 return nil 116 } 117 func registerSyscall(_ *lazyProc, _ string, _ uint32) {}