github.com/iDigitalFlame/xmt@v0.5.4/device/winapi/xy_procs_no_crypt.go (about)

     1  //go:build windows && !crypt && !altload
     2  // +build windows,!crypt,!altload
     3  
     4  // Copyright (C) 2020 - 2023 iDigitalFlame
     5  //
     6  // This program is free software: you can redistribute it and/or modify
     7  // it under the terms of the GNU General Public License as published by
     8  // the Free Software Foundation, either version 3 of the License, or
     9  // any later version.
    10  //
    11  // This program is distributed in the hope that it will be useful,
    12  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    13  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14  // GNU General Public License for more details.
    15  //
    16  // You should have received a copy of the GNU General Public License
    17  // along with this program.  If not, see <https://www.gnu.org/licenses/>.
    18  //
    19  
    20  package winapi
    21  
    22  var (
    23  	funcLoadLibraryEx = dllKernelBase.proc("LoadLibraryExW")
    24  	funcFormatMessage = dllKernelBase.proc("FormatMessageW")
    25  
    26  	funcNtClose                     = dllNtdll.sysProc("NtClose")
    27  	funcNtSetEvent                  = dllNtdll.sysProc("NtSetEvent")
    28  	funcRtlFreeHeap                 = dllNtdll.proc("RtlFreeHeap")
    29  	funcNtTraceEvent                = dllNtdll.sysProc("NtTraceEvent")
    30  	funcNtOpenThread                = dllNtdll.sysProc("NtOpenThread")
    31  	funcRtlCreateHeap               = dllNtdll.proc("RtlCreateHeap")
    32  	funcEtwEventWrite               = dllNtdll.proc("EtwEventWrite") // >= WinVista
    33  	funcDbgBreakPoint               = dllNtdll.proc("DbgBreakPoint")
    34  	funcNtOpenProcess               = dllNtdll.sysProc("NtOpenProcess")
    35  	funcRtlDestroyHeap              = dllNtdll.proc("RtlDestroyHeap")
    36  	funcNtResumeThread              = dllNtdll.sysProc("NtResumeThread")
    37  	funcNtCreateSection             = dllNtdll.sysProc("NtCreateSection")
    38  	funcNtSuspendThread             = dllNtdll.sysProc("NtSuspendThread")
    39  	funcNtResumeProcess             = dllNtdll.sysProc("NtResumeProcess")
    40  	funcRtlAllocateHeap             = dllNtdll.proc("RtlAllocateHeap")
    41  	funcNtDuplicateToken            = dllNtdll.sysProc("NtDuplicateToken")
    42  	funcEtwEventRegister            = dllNtdll.proc("EtwEventRegister") // >= WinVista
    43  	funcNtSuspendProcess            = dllNtdll.sysProc("NtSuspendProcess")
    44  	funcNtCreateThreadEx            = dllNtdll.sysProc("NtCreateThreadEx") // >= WinVista (Xp sub = RtlCreateUserThread)
    45  	funcNtCancelIoFileEx            = dllNtdll.sysProc("NtCancelIoFileEx") // >= WinVista (Xp sub = NtCancelIoFile)
    46  	funcNtDuplicateObject           = dllNtdll.sysProc("NtDuplicateObject")
    47  	funcNtTerminateThread           = dllNtdll.sysProc("NtTerminateThread")
    48  	funcNtOpenThreadToken           = dllNtdll.sysProc("NtOpenThreadToken")
    49  	funcEtwEventWriteFull           = dllNtdll.proc("EtwEventWriteFull") // >= WinVista
    50  	funcRtlReAllocateHeap           = dllNtdll.proc("RtlReAllocateHeap")
    51  	funcNtMapViewOfSection          = dllNtdll.sysProc("NtMapViewOfSection")
    52  	funcNtTerminateProcess          = dllNtdll.sysProc("NtTerminateProcess")
    53  	funcNtOpenProcessToken          = dllNtdll.sysProc("NtOpenProcessToken")
    54  	funcRtlCopyMappedMemory         = dllNtdll.proc("RtlCopyMappedMemory") // >= WinS2003 (Not in XP sub = RtlMoveMemory)
    55  	funcNtFreeVirtualMemory         = dllNtdll.sysProc("NtFreeVirtualMemory")
    56  	funcNtImpersonateThread         = dllNtdll.sysProc("NtImpersonateThread")
    57  	funcNtUnmapViewOfSection        = dllNtdll.sysProc("NtUnmapViewOfSection")
    58  	funcNtWriteVirtualMemory        = dllNtdll.sysProc("NtWriteVirtualMemory")
    59  	funcNtDeviceIoControlFile       = dllNtdll.sysProc("NtDeviceIoControlFile")
    60  	funcNtWaitForSingleObject       = dllNtdll.sysProc("NtWaitForSingleObject")
    61  	funcNtSetInformationToken       = dllNtdll.sysProc("NtSetInformationToken")
    62  	funcNtProtectVirtualMemory      = dllNtdll.sysProc("NtProtectVirtualMemory")
    63  	funcNtSetInformationThread      = dllNtdll.sysProc("NtSetInformationThread")
    64  	funcRtlGetNtVersionNumbers      = dllNtdll.proc("RtlGetNtVersionNumbers")
    65  	funcEtwNotificationRegister     = dllNtdll.proc("EtwNotificationRegister") // >= WinVista
    66  	funcNtAllocateVirtualMemory     = dllNtdll.sysProc("NtAllocateVirtualMemory")
    67  	funcRtlSetProcessIsCritical     = dllNtdll.proc("RtlSetProcessIsCritical")
    68  	funcNtFlushInstructionCache     = dllNtdll.sysProc("NtFlushInstructionCache")
    69  	funcNtAdjustTokenPrivileges     = dllNtdll.sysProc("NtAdjustPrivilegesToken")
    70  	funcNtQueryInformationToken     = dllNtdll.sysProc("NtQueryInformationToken")
    71  	funcNtQueryInformationThread    = dllNtdll.sysProc("NtQueryInformationThread")
    72  	funcNtQuerySystemInformation    = dllNtdll.sysProc("NtQuerySystemInformation")
    73  	funcNtWaitForMultipleObjects    = dllNtdll.sysProc("NtWaitForMultipleObjects")
    74  	funcNtQueryInformationProcess   = dllNtdll.sysProc("NtQueryInformationProcess")
    75  	funcRtlWow64GetProcessMachines  = dllNtdll.proc("RtlWow64GetProcessMachines") // == 64bit/ARM64
    76  	funcRtlLengthSecurityDescriptor = dllNtdll.proc("RtlLengthSecurityDescriptor")
    77  
    78  	funcReadFile                  = dllKernelBase.proc("ReadFile")
    79  	funcWriteFile                 = dllKernelBase.proc("WriteFile")
    80  	funcOpenMutex                 = dllKernelBase.proc("OpenMutexW")
    81  	funcLocalFree                 = dllKernelBase.proc("LocalFree")
    82  	funcOpenEvent                 = dllKernelBase.proc("OpenEventW")
    83  	funcCreateFile                = dllKernelBase.proc("CreateFileW")
    84  	funcDebugBreak                = dllKernelBase.proc("DebugBreak")
    85  	funcCreateMutex               = dllKernelBase.proc("CreateMutexW")
    86  	funcCreateEvent               = dllKernelBase.proc("CreateEventW")
    87  	funcWaitNamedPipe             = dllKernelBase.proc("WaitNamedPipeW")
    88  	funcOpenSemaphore             = dllKernelBase.proc("OpenSemaphoreW")
    89  	funcCreateNamedPipe           = dllKernelBase.proc("CreateNamedPipeW")
    90  	funcConnectNamedPipe          = dllKernelBase.proc("ConnectNamedPipe")
    91  	funcGetModuleHandleEx         = dllKernelBase.proc("GetModuleHandleExW")
    92  	funcOutputDebugString         = dllKernelBase.proc("OutputDebugStringA")
    93  	funcGetCurrentThreadID        = dllKernelBase.proc("GetCurrentThreadId")
    94  	funcGetOverlappedResult       = dllKernelBase.proc("GetOverlappedResult")
    95  	funcDisconnectNamedPipe       = dllKernelBase.proc("DisconnectNamedPipe")
    96  	funcGetCurrentProcessID       = dllKernelBase.proc("GetCurrentProcessId")
    97  	funcUpdateProcThreadAttribute = dllKernelBase.proc("UpdateProcThreadAttribute") // >= WinVista
    98  
    99  	funcIsWellKnownSID             = dllKernelOrAdvapi.proc("IsWellKnownSid")             // >= Win7 kernelbase.dll else advapi32.dll
   100  	funcCreateWellKnownSid         = dllKernelOrAdvapi.proc("CreateWellKnownSid")         // >= Win7 kernelbase.dll else advapi32.dll
   101  	funcImpersonateNamedPipeClient = dllKernelOrAdvapi.proc("ImpersonateNamedPipeClient") // >= Win7 kernelbase.dll else advapi32.dll
   102  
   103  	funcCreateProcess              = dllKernel32.proc("CreateProcessW")
   104  	funcCreateMailslot             = dllKernel32.proc("CreateMailslotW")
   105  	funcCreateSemaphore            = dllKernel32.proc("CreateSemaphoreW")
   106  	funcK32EnumDeviceDrivers       = dllKernel32.proc("K32EnumDeviceDrivers")        // >= Win7 (Xp sub = psapi.EnumDeviceDrivers)
   107  	funcK32GetModuleInformation    = dllKernel32.proc("K32GetModuleInformation")     // >= Win7 (Xp sub = psapi.GetModuleInformation)
   108  	funcSetProcessWorkingSetSizeEx = dllKernel32.proc("SetProcessWorkingSetSizeEx")  // >= WinS2003 (Not in XP sub = SetProcessWorkingSetSize)
   109  	funcK32GetDeviceDriverFileName = dllKernel32.proc("K32GetDeviceDriverFileNameW") // >= Win7 (Xp sub = psapi.GetDeviceDriverFileNameW)
   110  
   111  	funcLsaClose                                            = dllAdvapi32.proc("LsaClose")
   112  	funcLogonUser                                           = dllAdvapi32.proc("LogonUserW")
   113  	funcRegFlushKey                                         = dllAdvapi32.proc("RegFlushKey")
   114  	funcRegEnumValue                                        = dllAdvapi32.proc("RegEnumValueW")
   115  	funcRegSetValueEx                                       = dllAdvapi32.proc("RegSetValueExW")
   116  	funcLsaOpenPolicy                                       = dllAdvapi32.proc("LsaOpenPolicy")
   117  	funcRegDeleteTree                                       = dllAdvapi32.proc("RegDeleteTreeW")  // >= WinVista
   118  	funcRegDeleteKeyEx                                      = dllAdvapi32.proc("RegDeleteKeyExW") // >= WinVista (Xp sub = RegDeleteKey)
   119  	funcRegDeleteValue                                      = dllAdvapi32.proc("RegDeleteValueW")
   120  	funcRegCreateKeyEx                                      = dllAdvapi32.proc("RegCreateKeyExW")
   121  	funcSetServiceStatus                                    = dllAdvapi32.proc("SetServiceStatus")
   122  	funcLookupAccountSid                                    = dllAdvapi32.proc("LookupAccountSidW")
   123  	funcLookupPrivilegeValue                                = dllAdvapi32.proc("LookupPrivilegeValueW")
   124  	funcConvertSIDToStringSID                               = dllAdvapi32.proc("ConvertSidToStringSidW")
   125  	funcCreateProcessWithToken                              = dllAdvapi32.proc("CreateProcessWithTokenW") // >= WinS2003 (Not in XP)
   126  	funcCreateProcessWithLogon                              = dllAdvapi32.proc("CreateProcessWithLogonW")
   127  	funcInitiateSystemShutdownEx                            = dllAdvapi32.proc("InitiateSystemShutdownExW")
   128  	funcLsaQueryInformationPolicy                           = dllAdvapi32.proc("LsaQueryInformationPolicy")
   129  	funcStartServiceCtrlDispatcher                          = dllAdvapi32.proc("StartServiceCtrlDispatcherW")
   130  	funcRegisterServiceCtrlHandlerEx                        = dllAdvapi32.proc("RegisterServiceCtrlHandlerExW")
   131  	funcQueryServiceDynamicInformation                      = dllAdvapi32.proc("QueryServiceDynamicInformation") // >= Win8
   132  	funcConvertStringSecurityDescriptorToSecurityDescriptor = dllAdvapi32.proc("ConvertStringSecurityDescriptorToSecurityDescriptorW")
   133  
   134  	funcGetDC                      = dllUser32.proc("GetDC")
   135  	funcSetFocus                   = dllUser32.proc("SetFocus")
   136  	funcReleaseDC                  = dllUser32.proc("ReleaseDC")
   137  	funcSendInput                  = dllUser32.proc("SendInput")
   138  	funcBlockInput                 = dllUser32.proc("BlockInput")
   139  	funcShowWindow                 = dllUser32.proc("ShowWindow")
   140  	funcMessageBox                 = dllUser32.proc("MessageBoxW")
   141  	funcEnumWindows                = dllUser32.proc("EnumWindows")
   142  	funcEnableWindow               = dllUser32.proc("EnableWindow")
   143  	funcSetWindowPos               = dllUser32.proc("SetWindowPos")
   144  	funcGetWindowText              = dllUser32.proc("GetWindowTextW")
   145  	funcGetWindowInfo              = dllUser32.proc("GetWindowInfo")
   146  	funcGetMonitorInfo             = dllUser32.proc("GetMonitorInfoW")
   147  	funcGetWindowLongW             = dllUser32.proc("GetWindowLongW")
   148  	funcSetWindowLongW             = dllUser32.proc("SetWindowLongW")
   149  	funcGetDesktopWindow           = dllUser32.proc("GetDesktopWindow")
   150  	funcSendNotifyMessage          = dllUser32.proc("SendNotifyMessageW")
   151  	funcEnumDisplayMonitors        = dllUser32.proc("EnumDisplayMonitors")
   152  	funcEnumDisplaySettings        = dllUser32.proc("EnumDisplaySettingsW")
   153  	funcGetWindowTextLength        = dllUser32.proc("GetWindowTextLengthW")
   154  	funcSetForegroundWindow        = dllUser32.proc("SetForegroundWindow")
   155  	funcSystemParametersInfo       = dllUser32.proc("SystemParametersInfoW")
   156  	funcSetLayeredWindowAttributes = dllUser32.proc("SetLayeredWindowAttributes")
   157  
   158  	funcCryptMsgClose              = dllCrypt32.proc("CryptMsgClose")
   159  	funcCertCloseStore             = dllCrypt32.proc("CertCloseStore")
   160  	funcCryptQueryObject           = dllCrypt32.proc("CryptQueryObject")
   161  	funcCryptMsgGetParam           = dllCrypt32.proc("CryptMsgGetParam")
   162  	funcCertGetNameString          = dllCrypt32.proc("CertGetNameStringW")
   163  	funcCertFindCertificateInStore = dllCrypt32.proc("CertFindCertificateInStore")
   164  	funcCertFreeCertificateContext = dllCrypt32.proc("CertFreeCertificateContext")
   165  
   166  	funcBitBlt                 = dllGdi32.proc("BitBlt")
   167  	funcDeleteDC               = dllGdi32.proc("DeleteDC")
   168  	funcGetDIBits              = dllGdi32.proc("GetDIBits")
   169  	funcSelectObject           = dllGdi32.proc("SelectObject")
   170  	funcDeleteObject           = dllGdi32.proc("DeleteObject")
   171  	funcCreateCompatibleDC     = dllGdi32.proc("CreateCompatibleDC")
   172  	funcCreateCompatibleBitmap = dllGdi32.proc("CreateCompatibleBitmap")
   173  
   174  	funcWTSOpenServer              = dllWtsapi32.proc("WTSOpenServerW")
   175  	funcWTSCloseServer             = dllWtsapi32.proc("WTSCloseServer")
   176  	funcWTSSendMessage             = dllWtsapi32.proc("WTSSendMessageW")
   177  	funcWTSLogoffSession           = dllWtsapi32.proc("WTSLogoffSession")
   178  	funcWTSEnumerateSessions       = dllWtsapi32.proc("WTSEnumerateSessionsW")
   179  	funcWTSDisconnectSession       = dllWtsapi32.proc("WTSDisconnectSession")
   180  	funcWTSEnumerateProcesses      = dllWtsapi32.proc("WTSEnumerateProcessesW")
   181  	funcWTSQuerySessionInformation = dllWtsapi32.proc("WTSQuerySessionInformationW")
   182  
   183  	funcMiniDumpWriteDump = dllDbgHelp.proc("MiniDumpWriteDump")
   184  
   185  	funcWinHTTPGetDefaultProxyConfiguration = dllWinhttp.proc("WinHttpGetDefaultProxyConfiguration") // >= WinXP_SP3
   186  
   187  	funcAmsiScanBuffer = dllAmsi.proc("AmsiScanBuffer")
   188  	funcAmsiInitialize = dllAmsi.proc("AmsiInitialize")
   189  	funcAmsiScanString = dllAmsi.proc("AmsiScanString")
   190  )
   191  
   192  func doSearchSystem32() bool {
   193  	searchSystem32.Do(func() {
   194  		searchSystem32.v = funcAddDllDirectory > 0 // >= Win8 / ~Win7
   195  	})
   196  	return searchSystem32.v
   197  }