github.com/saferwall/pe@v1.5.2/ordlookup.go (about) 1 // Copyright 2021 Saferwall. All rights reserved. 2 // Use of this source code is governed by Apache v2 license 3 // license that can be found in the LICENSE file. 4 5 package pe 6 7 import ( 8 "fmt" 9 "strings" 10 ) 11 12 // WS232OrdNames maps ordinals to name. 13 var WS232OrdNames = map[uint64]string{ 14 1: "accept", 15 2: "bind", 16 3: "closesocket", 17 4: "connect", 18 5: "getpeername", 19 6: "getsockname", 20 7: "getsockopt", 21 8: "htonl", 22 9: "htons", 23 10: "ioctlsocket", 24 11: "inet_addr", 25 12: "inet_ntoa", 26 13: "listen", 27 14: "ntohl", 28 15: "ntohs", 29 16: "recv", 30 17: "recvfrom", 31 18: "select", 32 19: "send", 33 20: "sendto", 34 21: "setsockopt", 35 22: "shutdown", 36 23: "socket", 37 24: "GetAddrInfoW", 38 25: "GetNameInfoW", 39 26: "WSApSetPostRoutine", 40 27: "FreeAddrInfoW", 41 28: "WPUCompleteOverlappedRequest", 42 29: "WSAAccept", 43 30: "WSAAddressToStringA", 44 31: "WSAAddressToStringW", 45 32: "WSACloseEvent", 46 33: "WSAConnect", 47 34: "WSACreateEvent", 48 35: "WSADuplicateSocketA", 49 36: "WSADuplicateSocketW", 50 37: "WSAEnumNameSpaceProvidersA", 51 38: "WSAEnumNameSpaceProvidersW", 52 39: "WSAEnumNetworkEvents", 53 40: "WSAEnumProtocolsA", 54 41: "WSAEnumProtocolsW", 55 42: "WSAEventSelect", 56 43: "WSAGetOverlappedResult", 57 44: "WSAGetQOSByName", 58 45: "WSAGetServiceClassInfoA", 59 46: "WSAGetServiceClassInfoW", 60 47: "WSAGetServiceClassNameByClassIdA", 61 48: "WSAGetServiceClassNameByClassIdW", 62 49: "WSAHtonl", 63 50: "WSAHtons", 64 51: "gethostbyaddr", 65 52: "gethostbyname", 66 53: "getprotobyname", 67 54: "getprotobynumber", 68 55: "getservbyname", 69 56: "getservbyport", 70 57: "gethostname", 71 58: "WSAInstallServiceClassA", 72 59: "WSAInstallServiceClassW", 73 60: "WSAIoctl", 74 61: "WSAJoinLeaf", 75 62: "WSALookupServiceBeginA", 76 63: "WSALookupServiceBeginW", 77 64: "WSALookupServiceEnd", 78 65: "WSALookupServiceNextA", 79 66: "WSALookupServiceNextW", 80 67: "WSANSPIoctl", 81 68: "WSANtohl", 82 69: "WSANtohs", 83 70: "WSAProviderConfigChange", 84 71: "WSARecv", 85 72: "WSARecvDisconnect", 86 73: "WSARecvFrom", 87 74: "WSARemoveServiceClass", 88 75: "WSAResetEvent", 89 76: "WSASend", 90 77: "WSASendDisconnect", 91 78: "WSASendTo", 92 79: "WSASetEvent", 93 80: "WSASetServiceA", 94 81: "WSASetServiceW", 95 82: "WSASocketA", 96 83: "WSASocketW", 97 84: "WSAStringToAddressA", 98 85: "WSAStringToAddressW", 99 86: "WSAWaitForMultipleEvents", 100 87: "WSCDeinstallProvider", 101 88: "WSCEnableNSProvider", 102 89: "WSCEnumProtocols", 103 90: "WSCGetProviderPath", 104 91: "WSCInstallNameSpace", 105 92: "WSCInstallProvider", 106 93: "WSCUnInstallNameSpace", 107 94: "WSCUpdateProvider", 108 95: "WSCWriteNameSpaceOrder", 109 96: "WSCWriteProviderOrder", 110 97: "freeaddrinfo", 111 98: "getaddrinfo", 112 99: "getnameinfo", 113 101: "WSAAsyncSelect", 114 102: "WSAAsyncGetHostByAddr", 115 103: "WSAAsyncGetHostByName", 116 104: "WSAAsyncGetProtoByNumber", 117 105: "WSAAsyncGetProtoByName", 118 106: "WSAAsyncGetServByPort", 119 107: "WSAAsyncGetServByName", 120 108: "WSACancelAsyncRequest", 121 109: "WSASetBlockingHook", 122 110: "WSAUnhookBlockingHook", 123 111: "WSAGetLastError", 124 112: "WSASetLastError", 125 113: "WSACancelBlockingCall", 126 114: "WSAIsBlocking", 127 115: "WSAStartup", 128 116: "WSACleanup", 129 151: "__WSAFDIsSet", 130 500: "WEP", 131 } 132 133 // OleAut32OrdNames maps ordinals to names. 134 var OleAut32OrdNames = map[uint64]string{ 135 2: "SysAllocString", 136 3: "SysReAllocString", 137 4: "SysAllocStringLen", 138 5: "SysReAllocStringLen", 139 6: "SysFreeString", 140 7: "SysStringLen", 141 8: "VariantInit", 142 9: "VariantClear", 143 10: "VariantCopy", 144 11: "VariantCopyInd", 145 12: "VariantChangeType", 146 13: "VariantTimeToDosDateTime", 147 14: "DosDateTimeToVariantTime", 148 15: "SafeArrayCreate", 149 16: "SafeArrayDestroy", 150 17: "SafeArrayGetDim", 151 18: "SafeArrayGetElemsize", 152 19: "SafeArrayGetUBound", 153 20: "SafeArrayGetLBound", 154 21: "SafeArrayLock", 155 22: "SafeArrayUnlock", 156 23: "SafeArrayAccessData", 157 24: "SafeArrayUnaccessData", 158 25: "SafeArrayGetElement", 159 26: "SafeArrayPutElement", 160 27: "SafeArrayCopy", 161 28: "DispGetParam", 162 29: "DispGetIDsOfNames", 163 30: "DispInvoke", 164 31: "CreateDispTypeInfo", 165 32: "CreateStdDispatch", 166 33: "RegisterActiveObject", 167 34: "RevokeActiveObject", 168 35: "GetActiveObject", 169 36: "SafeArrayAllocDescriptor", 170 37: "SafeArrayAllocData", 171 38: "SafeArrayDestroyDescriptor", 172 39: "SafeArrayDestroyData", 173 40: "SafeArrayRedim", 174 41: "SafeArrayAllocDescriptorEx", 175 42: "SafeArrayCreateEx", 176 43: "SafeArrayCreateVectorEx", 177 44: "SafeArraySetRecordInfo", 178 45: "SafeArrayGetRecordInfo", 179 46: "VarParseNumFromStr", 180 47: "VarNumFromParseNum", 181 48: "VarI2FromUI1", 182 49: "VarI2FromI4", 183 50: "VarI2FromR4", 184 51: "VarI2FromR8", 185 52: "VarI2FromCy", 186 53: "VarI2FromDate", 187 54: "VarI2FromStr", 188 55: "VarI2FromDisp", 189 56: "VarI2FromBool", 190 57: "SafeArraySetIID", 191 58: "VarI4FromUI1", 192 59: "VarI4FromI2", 193 60: "VarI4FromR4", 194 61: "VarI4FromR8", 195 62: "VarI4FromCy", 196 63: "VarI4FromDate", 197 64: "VarI4FromStr", 198 65: "VarI4FromDisp", 199 66: "VarI4FromBool", 200 67: "SafeArrayGetIID", 201 68: "VarR4FromUI1", 202 69: "VarR4FromI2", 203 70: "VarR4FromI4", 204 71: "VarR4FromR8", 205 72: "VarR4FromCy", 206 73: "VarR4FromDate", 207 74: "VarR4FromStr", 208 75: "VarR4FromDisp", 209 76: "VarR4FromBool", 210 77: "SafeArrayGetVartype", 211 78: "VarR8FromUI1", 212 79: "VarR8FromI2", 213 80: "VarR8FromI4", 214 81: "VarR8FromR4", 215 82: "VarR8FromCy", 216 83: "VarR8FromDate", 217 84: "VarR8FromStr", 218 85: "VarR8FromDisp", 219 86: "VarR8FromBool", 220 87: "VarFormat", 221 88: "VarDateFromUI1", 222 89: "VarDateFromI2", 223 90: "VarDateFromI4", 224 91: "VarDateFromR4", 225 92: "VarDateFromR8", 226 93: "VarDateFromCy", 227 94: "VarDateFromStr", 228 95: "VarDateFromDisp", 229 96: "VarDateFromBool", 230 97: "VarFormatDateTime", 231 98: "VarCyFromUI1", 232 99: "VarCyFromI2", 233 100: "VarCyFromI4", 234 101: "VarCyFromR4", 235 102: "VarCyFromR8", 236 103: "VarCyFromDate", 237 104: "VarCyFromStr", 238 105: "VarCyFromDisp", 239 106: "VarCyFromBool", 240 107: "VarFormatNumber", 241 108: "VarBstrFromUI1", 242 109: "VarBstrFromI2", 243 110: "VarBstrFromI4", 244 111: "VarBstrFromR4", 245 112: "VarBstrFromR8", 246 113: "VarBstrFromCy", 247 114: "VarBstrFromDate", 248 115: "VarBstrFromDisp", 249 116: "VarBstrFromBool", 250 117: "VarFormatPercent", 251 118: "VarBoolFromUI1", 252 119: "VarBoolFromI2", 253 120: "VarBoolFromI4", 254 121: "VarBoolFromR4", 255 122: "VarBoolFromR8", 256 123: "VarBoolFromDate", 257 124: "VarBoolFromCy", 258 125: "VarBoolFromStr", 259 126: "VarBoolFromDisp", 260 127: "VarFormatCurrency", 261 128: "VarWeekdayName", 262 129: "VarMonthName", 263 130: "VarUI1FromI2", 264 131: "VarUI1FromI4", 265 132: "VarUI1FromR4", 266 133: "VarUI1FromR8", 267 134: "VarUI1FromCy", 268 135: "VarUI1FromDate", 269 136: "VarUI1FromStr", 270 137: "VarUI1FromDisp", 271 138: "VarUI1FromBool", 272 139: "VarFormatFromTokens", 273 140: "VarTokenizeFormatString", 274 141: "VarAdd", 275 142: "VarAnd", 276 143: "VarDiv", 277 144: "DllCanUnloadNow", 278 145: "DllGetClassObject", 279 146: "DispCallFunc", 280 147: "VariantChangeTypeEx", 281 148: "SafeArrayPtrOfIndex", 282 149: "SysStringByteLen", 283 150: "SysAllocStringByteLen", 284 151: "DllRegisterServer", 285 152: "VarEqv", 286 153: "VarIdiv", 287 154: "VarImp", 288 155: "VarMod", 289 156: "VarMul", 290 157: "VarOr", 291 158: "VarPow", 292 159: "VarSub", 293 160: "CreateTypeLib", 294 161: "LoadTypeLib", 295 162: "LoadRegTypeLib", 296 163: "RegisterTypeLib", 297 164: "QueryPathOfRegTypeLib", 298 165: "LHashValOfNameSys", 299 166: "LHashValOfNameSysA", 300 167: "VarXor", 301 168: "VarAbs", 302 169: "VarFix", 303 170: "OaBuildVersion", 304 171: "ClearCustData", 305 172: "VarInt", 306 173: "VarNeg", 307 174: "VarNot", 308 175: "VarRound", 309 176: "VarCmp", 310 177: "VarDecAdd", 311 178: "VarDecDiv", 312 179: "VarDecMul", 313 180: "CreateTypeLib2", 314 181: "VarDecSub", 315 182: "VarDecAbs", 316 183: "LoadTypeLibEx", 317 184: "SystemTimeToVariantTime", 318 185: "VariantTimeToSystemTime", 319 186: "UnRegisterTypeLib", 320 187: "VarDecFix", 321 188: "VarDecInt", 322 189: "VarDecNeg", 323 190: "VarDecFromUI1", 324 191: "VarDecFromI2", 325 192: "VarDecFromI4", 326 193: "VarDecFromR4", 327 194: "VarDecFromR8", 328 195: "VarDecFromDate", 329 196: "VarDecFromCy", 330 197: "VarDecFromStr", 331 198: "VarDecFromDisp", 332 199: "VarDecFromBool", 333 200: "GetErrorInfo", 334 201: "SetErrorInfo", 335 202: "CreateErrorInfo", 336 203: "VarDecRound", 337 204: "VarDecCmp", 338 205: "VarI2FromI1", 339 206: "VarI2FromUI2", 340 207: "VarI2FromUI4", 341 208: "VarI2FromDec", 342 209: "VarI4FromI1", 343 210: "VarI4FromUI2", 344 211: "VarI4FromUI4", 345 212: "VarI4FromDec", 346 213: "VarR4FromI1", 347 214: "VarR4FromUI2", 348 215: "VarR4FromUI4", 349 216: "VarR4FromDec", 350 217: "VarR8FromI1", 351 218: "VarR8FromUI2", 352 219: "VarR8FromUI4", 353 220: "VarR8FromDec", 354 221: "VarDateFromI1", 355 222: "VarDateFromUI2", 356 223: "VarDateFromUI4", 357 224: "VarDateFromDec", 358 225: "VarCyFromI1", 359 226: "VarCyFromUI2", 360 227: "VarCyFromUI4", 361 228: "VarCyFromDec", 362 229: "VarBstrFromI1", 363 230: "VarBstrFromUI2", 364 231: "VarBstrFromUI4", 365 232: "VarBstrFromDec", 366 233: "VarBoolFromI1", 367 234: "VarBoolFromUI2", 368 235: "VarBoolFromUI4", 369 236: "VarBoolFromDec", 370 237: "VarUI1FromI1", 371 238: "VarUI1FromUI2", 372 239: "VarUI1FromUI4", 373 240: "VarUI1FromDec", 374 241: "VarDecFromI1", 375 242: "VarDecFromUI2", 376 243: "VarDecFromUI4", 377 244: "VarI1FromUI1", 378 245: "VarI1FromI2", 379 246: "VarI1FromI4", 380 247: "VarI1FromR4", 381 248: "VarI1FromR8", 382 249: "VarI1FromDate", 383 250: "VarI1FromCy", 384 251: "VarI1FromStr", 385 252: "VarI1FromDisp", 386 253: "VarI1FromBool", 387 254: "VarI1FromUI2", 388 255: "VarI1FromUI4", 389 256: "VarI1FromDec", 390 257: "VarUI2FromUI1", 391 258: "VarUI2FromI2", 392 259: "VarUI2FromI4", 393 260: "VarUI2FromR4", 394 261: "VarUI2FromR8", 395 262: "VarUI2FromDate", 396 263: "VarUI2FromCy", 397 264: "VarUI2FromStr", 398 265: "VarUI2FromDisp", 399 266: "VarUI2FromBool", 400 267: "VarUI2FromI1", 401 268: "VarUI2FromUI4", 402 269: "VarUI2FromDec", 403 270: "VarUI4FromUI1", 404 271: "VarUI4FromI2", 405 272: "VarUI4FromI4", 406 273: "VarUI4FromR4", 407 274: "VarUI4FromR8", 408 275: "VarUI4FromDate", 409 276: "VarUI4FromCy", 410 277: "VarUI4FromStr", 411 278: "VarUI4FromDisp", 412 279: "VarUI4FromBool", 413 280: "VarUI4FromI1", 414 281: "VarUI4FromUI2", 415 282: "VarUI4FromDec", 416 283: "BSTR_UserSize", 417 284: "BSTR_UserMarshal", 418 285: "BSTR_UserUnmarshal", 419 286: "BSTR_UserFree", 420 287: "VARIANT_UserSize", 421 288: "VARIANT_UserMarshal", 422 289: "VARIANT_UserUnmarshal", 423 290: "VARIANT_UserFree", 424 291: "LPSAFEARRAY_UserSize", 425 292: "LPSAFEARRAY_UserMarshal", 426 293: "LPSAFEARRAY_UserUnmarshal", 427 294: "LPSAFEARRAY_UserFree", 428 295: "LPSAFEARRAY_Size", 429 296: "LPSAFEARRAY_Marshal", 430 297: "LPSAFEARRAY_Unmarshal", 431 298: "VarDecCmpR8", 432 299: "VarCyAdd", 433 300: "DllUnregisterServer", 434 301: "OACreateTypeLib2", 435 303: "VarCyMul", 436 304: "VarCyMulI4", 437 305: "VarCySub", 438 306: "VarCyAbs", 439 307: "VarCyFix", 440 308: "VarCyInt", 441 309: "VarCyNeg", 442 310: "VarCyRound", 443 311: "VarCyCmp", 444 312: "VarCyCmpR8", 445 313: "VarBstrCat", 446 314: "VarBstrCmp", 447 315: "VarR8Pow", 448 316: "VarR4CmpR8", 449 317: "VarR8Round", 450 318: "VarCat", 451 319: "VarDateFromUdateEx", 452 322: "GetRecordInfoFromGuids", 453 323: "GetRecordInfoFromTypeInfo", 454 325: "SetVarConversionLocaleSetting", 455 326: "GetVarConversionLocaleSetting", 456 327: "SetOaNoCache", 457 329: "VarCyMulI8", 458 330: "VarDateFromUdate", 459 331: "VarUdateFromDate", 460 332: "GetAltMonthNames", 461 333: "VarI8FromUI1", 462 334: "VarI8FromI2", 463 335: "VarI8FromR4", 464 336: "VarI8FromR8", 465 337: "VarI8FromCy", 466 338: "VarI8FromDate", 467 339: "VarI8FromStr", 468 340: "VarI8FromDisp", 469 341: "VarI8FromBool", 470 342: "VarI8FromI1", 471 343: "VarI8FromUI2", 472 344: "VarI8FromUI4", 473 345: "VarI8FromDec", 474 346: "VarI2FromI8", 475 347: "VarI2FromUI8", 476 348: "VarI4FromI8", 477 349: "VarI4FromUI8", 478 360: "VarR4FromI8", 479 361: "VarR4FromUI8", 480 362: "VarR8FromI8", 481 363: "VarR8FromUI8", 482 364: "VarDateFromI8", 483 365: "VarDateFromUI8", 484 366: "VarCyFromI8", 485 367: "VarCyFromUI8", 486 368: "VarBstrFromI8", 487 369: "VarBstrFromUI8", 488 370: "VarBoolFromI8", 489 371: "VarBoolFromUI8", 490 372: "VarUI1FromI8", 491 373: "VarUI1FromUI8", 492 374: "VarDecFromI8", 493 375: "VarDecFromUI8", 494 376: "VarI1FromI8", 495 377: "VarI1FromUI8", 496 378: "VarUI2FromI8", 497 379: "VarUI2FromUI8", 498 401: "OleLoadPictureEx", 499 402: "OleLoadPictureFileEx", 500 411: "SafeArrayCreateVector", 501 412: "SafeArrayCopyData", 502 413: "VectorFromBstr", 503 414: "BstrFromVector", 504 415: "OleIconToCursor", 505 416: "OleCreatePropertyFrameIndirect", 506 417: "OleCreatePropertyFrame", 507 418: "OleLoadPicture", 508 419: "OleCreatePictureIndirect", 509 420: "OleCreateFontIndirect", 510 421: "OleTranslateColor", 511 422: "OleLoadPictureFile", 512 423: "OleSavePictureFile", 513 424: "OleLoadPicturePath", 514 425: "VarUI4FromI8", 515 426: "VarUI4FromUI8", 516 427: "VarI8FromUI8", 517 428: "VarUI8FromI8", 518 429: "VarUI8FromUI1", 519 430: "VarUI8FromI2", 520 431: "VarUI8FromR4", 521 432: "VarUI8FromR8", 522 433: "VarUI8FromCy", 523 434: "VarUI8FromDate", 524 435: "VarUI8FromStr", 525 436: "VarUI8FromDisp", 526 437: "VarUI8FromBool", 527 438: "VarUI8FromI1", 528 439: "VarUI8FromUI2", 529 440: "VarUI8FromUI4", 530 441: "VarUI8FromDec", 531 442: "RegisterTypeLibForUser", 532 443: "UnRegisterTypeLibForUser", 533 } 534 535 // OrdNames maps the dll names to ordinal names. 536 var OrdNames = map[string]map[uint64]string{ 537 "ws2_32.dll": WS232OrdNames, 538 "wsock32.dll": WS232OrdNames, 539 "oleaut32.dll": OleAut32OrdNames, 540 } 541 542 // OrdLookup returns API name given an ordinal. 543 func OrdLookup(libname string, ord uint64, makeName bool) string { 544 names, ok := OrdNames[strings.ToLower(libname)] 545 if ok { 546 if name, ok := names[ord]; ok { 547 return name 548 } 549 } 550 if makeName { 551 return fmt.Sprintf("ord%d", ord) 552 } 553 return "" 554 }