github.com/iDigitalFlame/xmt@v0.5.4/device/winapi/xy_procs_no_crypt.go (about) 1 //go:build windows && !crypt && !altload 2 // +build windows,!crypt,!altload 3 4 // Copyright (C) 2020 - 2023 iDigitalFlame 5 // 6 // This program is free software: you can redistribute it and/or modify 7 // it under the terms of the GNU General Public License as published by 8 // the Free Software Foundation, either version 3 of the License, or 9 // any later version. 10 // 11 // This program is distributed in the hope that it will be useful, 12 // but WITHOUT ANY WARRANTY; without even the implied warranty of 13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 // GNU General Public License for more details. 15 // 16 // You should have received a copy of the GNU General Public License 17 // along with this program. If not, see <https://www.gnu.org/licenses/>. 18 // 19 20 package winapi 21 22 var ( 23 funcLoadLibraryEx = dllKernelBase.proc("LoadLibraryExW") 24 funcFormatMessage = dllKernelBase.proc("FormatMessageW") 25 26 funcNtClose = dllNtdll.sysProc("NtClose") 27 funcNtSetEvent = dllNtdll.sysProc("NtSetEvent") 28 funcRtlFreeHeap = dllNtdll.proc("RtlFreeHeap") 29 funcNtTraceEvent = dllNtdll.sysProc("NtTraceEvent") 30 funcNtOpenThread = dllNtdll.sysProc("NtOpenThread") 31 funcRtlCreateHeap = dllNtdll.proc("RtlCreateHeap") 32 funcEtwEventWrite = dllNtdll.proc("EtwEventWrite") // >= WinVista 33 funcDbgBreakPoint = dllNtdll.proc("DbgBreakPoint") 34 funcNtOpenProcess = dllNtdll.sysProc("NtOpenProcess") 35 funcRtlDestroyHeap = dllNtdll.proc("RtlDestroyHeap") 36 funcNtResumeThread = dllNtdll.sysProc("NtResumeThread") 37 funcNtCreateSection = dllNtdll.sysProc("NtCreateSection") 38 funcNtSuspendThread = dllNtdll.sysProc("NtSuspendThread") 39 funcNtResumeProcess = dllNtdll.sysProc("NtResumeProcess") 40 funcRtlAllocateHeap = dllNtdll.proc("RtlAllocateHeap") 41 funcNtDuplicateToken = dllNtdll.sysProc("NtDuplicateToken") 42 funcEtwEventRegister = dllNtdll.proc("EtwEventRegister") // >= WinVista 43 funcNtSuspendProcess = dllNtdll.sysProc("NtSuspendProcess") 44 funcNtCreateThreadEx = dllNtdll.sysProc("NtCreateThreadEx") // >= WinVista (Xp sub = RtlCreateUserThread) 45 funcNtCancelIoFileEx = dllNtdll.sysProc("NtCancelIoFileEx") // >= WinVista (Xp sub = NtCancelIoFile) 46 funcNtDuplicateObject = dllNtdll.sysProc("NtDuplicateObject") 47 funcNtTerminateThread = dllNtdll.sysProc("NtTerminateThread") 48 funcNtOpenThreadToken = dllNtdll.sysProc("NtOpenThreadToken") 49 funcEtwEventWriteFull = dllNtdll.proc("EtwEventWriteFull") // >= WinVista 50 funcRtlReAllocateHeap = dllNtdll.proc("RtlReAllocateHeap") 51 funcNtMapViewOfSection = dllNtdll.sysProc("NtMapViewOfSection") 52 funcNtTerminateProcess = dllNtdll.sysProc("NtTerminateProcess") 53 funcNtOpenProcessToken = dllNtdll.sysProc("NtOpenProcessToken") 54 funcRtlCopyMappedMemory = dllNtdll.proc("RtlCopyMappedMemory") // >= WinS2003 (Not in XP sub = RtlMoveMemory) 55 funcNtFreeVirtualMemory = dllNtdll.sysProc("NtFreeVirtualMemory") 56 funcNtImpersonateThread = dllNtdll.sysProc("NtImpersonateThread") 57 funcNtUnmapViewOfSection = dllNtdll.sysProc("NtUnmapViewOfSection") 58 funcNtWriteVirtualMemory = dllNtdll.sysProc("NtWriteVirtualMemory") 59 funcNtDeviceIoControlFile = dllNtdll.sysProc("NtDeviceIoControlFile") 60 funcNtWaitForSingleObject = dllNtdll.sysProc("NtWaitForSingleObject") 61 funcNtSetInformationToken = dllNtdll.sysProc("NtSetInformationToken") 62 funcNtProtectVirtualMemory = dllNtdll.sysProc("NtProtectVirtualMemory") 63 funcNtSetInformationThread = dllNtdll.sysProc("NtSetInformationThread") 64 funcRtlGetNtVersionNumbers = dllNtdll.proc("RtlGetNtVersionNumbers") 65 funcEtwNotificationRegister = dllNtdll.proc("EtwNotificationRegister") // >= WinVista 66 funcNtAllocateVirtualMemory = dllNtdll.sysProc("NtAllocateVirtualMemory") 67 funcRtlSetProcessIsCritical = dllNtdll.proc("RtlSetProcessIsCritical") 68 funcNtFlushInstructionCache = dllNtdll.sysProc("NtFlushInstructionCache") 69 funcNtAdjustTokenPrivileges = dllNtdll.sysProc("NtAdjustPrivilegesToken") 70 funcNtQueryInformationToken = dllNtdll.sysProc("NtQueryInformationToken") 71 funcNtQueryInformationThread = dllNtdll.sysProc("NtQueryInformationThread") 72 funcNtQuerySystemInformation = dllNtdll.sysProc("NtQuerySystemInformation") 73 funcNtWaitForMultipleObjects = dllNtdll.sysProc("NtWaitForMultipleObjects") 74 funcNtQueryInformationProcess = dllNtdll.sysProc("NtQueryInformationProcess") 75 funcRtlWow64GetProcessMachines = dllNtdll.proc("RtlWow64GetProcessMachines") // == 64bit/ARM64 76 funcRtlLengthSecurityDescriptor = dllNtdll.proc("RtlLengthSecurityDescriptor") 77 78 funcReadFile = dllKernelBase.proc("ReadFile") 79 funcWriteFile = dllKernelBase.proc("WriteFile") 80 funcOpenMutex = dllKernelBase.proc("OpenMutexW") 81 funcLocalFree = dllKernelBase.proc("LocalFree") 82 funcOpenEvent = dllKernelBase.proc("OpenEventW") 83 funcCreateFile = dllKernelBase.proc("CreateFileW") 84 funcDebugBreak = dllKernelBase.proc("DebugBreak") 85 funcCreateMutex = dllKernelBase.proc("CreateMutexW") 86 funcCreateEvent = dllKernelBase.proc("CreateEventW") 87 funcWaitNamedPipe = dllKernelBase.proc("WaitNamedPipeW") 88 funcOpenSemaphore = dllKernelBase.proc("OpenSemaphoreW") 89 funcCreateNamedPipe = dllKernelBase.proc("CreateNamedPipeW") 90 funcConnectNamedPipe = dllKernelBase.proc("ConnectNamedPipe") 91 funcGetModuleHandleEx = dllKernelBase.proc("GetModuleHandleExW") 92 funcOutputDebugString = dllKernelBase.proc("OutputDebugStringA") 93 funcGetCurrentThreadID = dllKernelBase.proc("GetCurrentThreadId") 94 funcGetOverlappedResult = dllKernelBase.proc("GetOverlappedResult") 95 funcDisconnectNamedPipe = dllKernelBase.proc("DisconnectNamedPipe") 96 funcGetCurrentProcessID = dllKernelBase.proc("GetCurrentProcessId") 97 funcUpdateProcThreadAttribute = dllKernelBase.proc("UpdateProcThreadAttribute") // >= WinVista 98 99 funcIsWellKnownSID = dllKernelOrAdvapi.proc("IsWellKnownSid") // >= Win7 kernelbase.dll else advapi32.dll 100 funcCreateWellKnownSid = dllKernelOrAdvapi.proc("CreateWellKnownSid") // >= Win7 kernelbase.dll else advapi32.dll 101 funcImpersonateNamedPipeClient = dllKernelOrAdvapi.proc("ImpersonateNamedPipeClient") // >= Win7 kernelbase.dll else advapi32.dll 102 103 funcCreateProcess = dllKernel32.proc("CreateProcessW") 104 funcCreateMailslot = dllKernel32.proc("CreateMailslotW") 105 funcCreateSemaphore = dllKernel32.proc("CreateSemaphoreW") 106 funcK32EnumDeviceDrivers = dllKernel32.proc("K32EnumDeviceDrivers") // >= Win7 (Xp sub = psapi.EnumDeviceDrivers) 107 funcK32GetModuleInformation = dllKernel32.proc("K32GetModuleInformation") // >= Win7 (Xp sub = psapi.GetModuleInformation) 108 funcSetProcessWorkingSetSizeEx = dllKernel32.proc("SetProcessWorkingSetSizeEx") // >= WinS2003 (Not in XP sub = SetProcessWorkingSetSize) 109 funcK32GetDeviceDriverFileName = dllKernel32.proc("K32GetDeviceDriverFileNameW") // >= Win7 (Xp sub = psapi.GetDeviceDriverFileNameW) 110 111 funcLsaClose = dllAdvapi32.proc("LsaClose") 112 funcLogonUser = dllAdvapi32.proc("LogonUserW") 113 funcRegFlushKey = dllAdvapi32.proc("RegFlushKey") 114 funcRegEnumValue = dllAdvapi32.proc("RegEnumValueW") 115 funcRegSetValueEx = dllAdvapi32.proc("RegSetValueExW") 116 funcLsaOpenPolicy = dllAdvapi32.proc("LsaOpenPolicy") 117 funcRegDeleteTree = dllAdvapi32.proc("RegDeleteTreeW") // >= WinVista 118 funcRegDeleteKeyEx = dllAdvapi32.proc("RegDeleteKeyExW") // >= WinVista (Xp sub = RegDeleteKey) 119 funcRegDeleteValue = dllAdvapi32.proc("RegDeleteValueW") 120 funcRegCreateKeyEx = dllAdvapi32.proc("RegCreateKeyExW") 121 funcSetServiceStatus = dllAdvapi32.proc("SetServiceStatus") 122 funcLookupAccountSid = dllAdvapi32.proc("LookupAccountSidW") 123 funcLookupPrivilegeValue = dllAdvapi32.proc("LookupPrivilegeValueW") 124 funcConvertSIDToStringSID = dllAdvapi32.proc("ConvertSidToStringSidW") 125 funcCreateProcessWithToken = dllAdvapi32.proc("CreateProcessWithTokenW") // >= WinS2003 (Not in XP) 126 funcCreateProcessWithLogon = dllAdvapi32.proc("CreateProcessWithLogonW") 127 funcInitiateSystemShutdownEx = dllAdvapi32.proc("InitiateSystemShutdownExW") 128 funcLsaQueryInformationPolicy = dllAdvapi32.proc("LsaQueryInformationPolicy") 129 funcStartServiceCtrlDispatcher = dllAdvapi32.proc("StartServiceCtrlDispatcherW") 130 funcRegisterServiceCtrlHandlerEx = dllAdvapi32.proc("RegisterServiceCtrlHandlerExW") 131 funcQueryServiceDynamicInformation = dllAdvapi32.proc("QueryServiceDynamicInformation") // >= Win8 132 funcConvertStringSecurityDescriptorToSecurityDescriptor = dllAdvapi32.proc("ConvertStringSecurityDescriptorToSecurityDescriptorW") 133 134 funcGetDC = dllUser32.proc("GetDC") 135 funcSetFocus = dllUser32.proc("SetFocus") 136 funcReleaseDC = dllUser32.proc("ReleaseDC") 137 funcSendInput = dllUser32.proc("SendInput") 138 funcBlockInput = dllUser32.proc("BlockInput") 139 funcShowWindow = dllUser32.proc("ShowWindow") 140 funcMessageBox = dllUser32.proc("MessageBoxW") 141 funcEnumWindows = dllUser32.proc("EnumWindows") 142 funcEnableWindow = dllUser32.proc("EnableWindow") 143 funcSetWindowPos = dllUser32.proc("SetWindowPos") 144 funcGetWindowText = dllUser32.proc("GetWindowTextW") 145 funcGetWindowInfo = dllUser32.proc("GetWindowInfo") 146 funcGetMonitorInfo = dllUser32.proc("GetMonitorInfoW") 147 funcGetWindowLongW = dllUser32.proc("GetWindowLongW") 148 funcSetWindowLongW = dllUser32.proc("SetWindowLongW") 149 funcGetDesktopWindow = dllUser32.proc("GetDesktopWindow") 150 funcSendNotifyMessage = dllUser32.proc("SendNotifyMessageW") 151 funcEnumDisplayMonitors = dllUser32.proc("EnumDisplayMonitors") 152 funcEnumDisplaySettings = dllUser32.proc("EnumDisplaySettingsW") 153 funcGetWindowTextLength = dllUser32.proc("GetWindowTextLengthW") 154 funcSetForegroundWindow = dllUser32.proc("SetForegroundWindow") 155 funcSystemParametersInfo = dllUser32.proc("SystemParametersInfoW") 156 funcSetLayeredWindowAttributes = dllUser32.proc("SetLayeredWindowAttributes") 157 158 funcCryptMsgClose = dllCrypt32.proc("CryptMsgClose") 159 funcCertCloseStore = dllCrypt32.proc("CertCloseStore") 160 funcCryptQueryObject = dllCrypt32.proc("CryptQueryObject") 161 funcCryptMsgGetParam = dllCrypt32.proc("CryptMsgGetParam") 162 funcCertGetNameString = dllCrypt32.proc("CertGetNameStringW") 163 funcCertFindCertificateInStore = dllCrypt32.proc("CertFindCertificateInStore") 164 funcCertFreeCertificateContext = dllCrypt32.proc("CertFreeCertificateContext") 165 166 funcBitBlt = dllGdi32.proc("BitBlt") 167 funcDeleteDC = dllGdi32.proc("DeleteDC") 168 funcGetDIBits = dllGdi32.proc("GetDIBits") 169 funcSelectObject = dllGdi32.proc("SelectObject") 170 funcDeleteObject = dllGdi32.proc("DeleteObject") 171 funcCreateCompatibleDC = dllGdi32.proc("CreateCompatibleDC") 172 funcCreateCompatibleBitmap = dllGdi32.proc("CreateCompatibleBitmap") 173 174 funcWTSOpenServer = dllWtsapi32.proc("WTSOpenServerW") 175 funcWTSCloseServer = dllWtsapi32.proc("WTSCloseServer") 176 funcWTSSendMessage = dllWtsapi32.proc("WTSSendMessageW") 177 funcWTSLogoffSession = dllWtsapi32.proc("WTSLogoffSession") 178 funcWTSEnumerateSessions = dllWtsapi32.proc("WTSEnumerateSessionsW") 179 funcWTSDisconnectSession = dllWtsapi32.proc("WTSDisconnectSession") 180 funcWTSEnumerateProcesses = dllWtsapi32.proc("WTSEnumerateProcessesW") 181 funcWTSQuerySessionInformation = dllWtsapi32.proc("WTSQuerySessionInformationW") 182 183 funcMiniDumpWriteDump = dllDbgHelp.proc("MiniDumpWriteDump") 184 185 funcWinHTTPGetDefaultProxyConfiguration = dllWinhttp.proc("WinHttpGetDefaultProxyConfiguration") // >= WinXP_SP3 186 187 funcAmsiScanBuffer = dllAmsi.proc("AmsiScanBuffer") 188 funcAmsiInitialize = dllAmsi.proc("AmsiInitialize") 189 funcAmsiScanString = dllAmsi.proc("AmsiScanString") 190 ) 191 192 func doSearchSystem32() bool { 193 searchSystem32.Do(func() { 194 searchSystem32.v = funcAddDllDirectory > 0 // >= Win8 / ~Win7 195 }) 196 return searchSystem32.v 197 }