-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
61 changed files
with
1,643 additions
and
829 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,63 +1,151 @@ | ||
| #ifndef HERMIT_CORE_PROCS_HPP | ||
| #define HERMIT_CORE_PROCS_HPP | ||
|
|
||
| #include "core/stdout.hpp" | ||
| #include "core/syscalls.hpp" | ||
| #include "core/utils.hpp" | ||
|
|
||
| #include <winternl.h> | ||
| #include <windows.h> | ||
| #include <winhttp.h> | ||
| #include <string> | ||
| #include <strsafe.h> | ||
|
|
||
| namespace Procs | ||
| { | ||
| // NT Functions | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTOPENPROCESS)(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PCLIENT_ID ClientId); | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTALLOCATEVIRTUALMEMORY)(HANDLE ProcessHandle, PVOID* BaseAddress, ULONG ZeroBits, PSIZE_T RegionSize, ULONG AllocationType, ULONG Protect); | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTWRITEVIRTUALMEMORY)(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, SIZE_T NumberOfBytesToWrite, PSIZE_T NumberOfBytesWritten); | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTCREATETHREADEX)(PHANDLE ThreadHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, HANDLE ProcessHandle, PVOID StartRoutine, PVOID Argument, ULONG CreateFlags, SIZE_T ZeroBits, SIZE_T StackSize, SIZE_T MaximumStackSize, PVOID lpBytesBuffer); | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTWAITFORSINGLEOBJECT)(HANDLE Handle, BOOLEAN Alertable, PLARGE_INTEGER Timeout); | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTCLOSE)(HANDLE Handle); | ||
| // Runtime Library Functions | ||
| typedef PVOID (NTAPI* LPPROC_RTLALLOCATEHEAP)(PVOID HeapHandle, ULONG Flags, SIZE_T Size); | ||
| // WinHTTP Functions | ||
| typedef HINTERNET (WINAPI* LPPROC_WINHTTPOPEN)(LPCWSTR pszAgentW, DWORD dwAccessType, LPCWSTR pszProxyW, LPCWSTR pszProxyBypassW, DWORD dwFlags); | ||
| typedef HINTERNET (WINAPI* LPPROC_WINHTTPCONNECT)(HINTERNET hSession, LPCWSTR pswzServerName, INTERNET_PORT nServerPort, DWORD dwReserved); | ||
| typedef HINTERNET (WINAPI* LPPROC_WINHTTPOPENREQUEST)(HINTERNET hConnect, LPCWSTR pwszVerb, LPCWSTR pwszObjectName, LPCWSTR pwszVersion, LPCWSTR pwszReferrer, LPCWSTR *ppwszAcceptTypes, DWORD dwFlags); | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPSETOPTION)(HINTERNET hInternet, DWORD dwOption, LPVOID lpBuffer, DWORD dwBufferLength); | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPSENDREQUEST)(HINTERNET hRequest, LPCWSTR lpszHeaders, DWORD dwHeadersLength, LPVOID lpOptional, DWORD dwOptionalLength, DWORD dwTotalLength, DWORD_PTR dwContext); | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPWRITEDATA)(HINTERNET hRequest, LPCVOID lpBuffer, DWORD dwNumberOfBytesToWrite, LPDWORD lpdwNumberOfBytesWritten); | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPRECEIVERESPONSE)(HINTERNET hRequest, LPVOID lpReserved); | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPQUERYHEADERS)(HINTERNET hRequest, DWORD dwInfoLevel, LPCWSTR pwszName, LPVOID lpBuffer, LPDWORD lpdwBufferLength, LPDWORD lpdwIndex); | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPQUERYDATAAVAILABLE)(HINTERNET hRequest, LPDWORD lpdwNumberOfBytesAvailable); | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPREADDATA)(HINTERNET hRequest, LPVOID lpBuffer, DWORD dwNumberOfBytesLength, LPDWORD lpdwNumberOfBytesRead); | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPCLOSEHANDLE)(HINTERNET hInternet); | ||
| // **NATIVE APIs** | ||
|
|
||
| // NtCreateProcess | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTCREATEPROCESS)(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, HANDLE ParentProcess, BOOLEAN InheritObjectTable, HANDLE SectionHandle, HANDLE DebugPort, HANDLE TokenHandle); | ||
| // NtOpenProcess | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTOPENPROCESS)(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PCLIENT_ID ClientId); | ||
| // NtTerminateProcess | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTTERMINATEPROCESS)(HANDLE ProcessHandle, NTSTATUS ExitStatus); | ||
| // NtSetInformationProcess | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTSETINFORMATIONPROCESS)(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength); | ||
| // NtCreateThreadEx | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTCREATETHREADEX)(PHANDLE ThreadHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, HANDLE ProcessHandle, PVOID StartRoutine, PVOID Argument, ULONG CreateFlags, SIZE_T ZeroBits, SIZE_T StackSize, SIZE_T MaximumStackSize, PVOID lpBytesBuffer); | ||
| // NtResumeThread | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTRESUMETHREAD)(HANDLE ThreadHandle, PULONG PreviousSuspendCount); | ||
| // NtAllocateVirtualMemory | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTALLOCATEVIRTUALMEMORY)(HANDLE ProcessHandle, PVOID* BaseAddress, ULONG ZeroBits, PSIZE_T RegionSize, ULONG AllocationType, ULONG Protect); | ||
| // NtWriteVirtualMemory | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTWRITEVIRTUALMEMORY)(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, SIZE_T NumberOfBytesToWrite, PSIZE_T NumberOfBytesWritten); | ||
| // NtFreeVirtualMemory | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTFREEVIRTUALMEMORY)(HANDLE ProcessHandle, PVOID* BaseAddress, PSIZE_T RegionSize, ULONG FreeType); | ||
| // NtDuplicateObject | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTDUPLICATEOBJECT)(HANDLE SourceProcessHandle, PHANDLE SourceHandle, HANDLE TargetProcessHandle, PHANDLE TargetHandle, ACCESS_MASK DesiredAccess, BOOLEAN InheritHandle, ULONG Options); | ||
| // NtWaitForSingleObject | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTWAITFORSINGLEOBJECT)(HANDLE Handle, BOOLEAN Alertable, PLARGE_INTEGER Timeout); | ||
| // NtClose | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTCLOSE)(HANDLE Handle); | ||
| // NtCreateFile | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTCREATEFILE)(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, PLARGE_INTEGER AllocationSize, ULONG FileAttributes, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, PVOID EaBuffer, ULONG EaLength); | ||
| // NtReadFile | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTREADFILE)(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG Length, PLARGE_INTEGER ByteOffset, PULONG Key); | ||
| // NtWriteFile | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTWRITEFILE)(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG Length, PLARGE_INTEGER ByteOffset, PULONG Key); | ||
| // NtCreateNamedPipeFile | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTCREATENAMEDPIPEFILE)(PHANDLE FileHandle, ULONG DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, ULONG NamedPipeType, ULONG ReadMode, ULONG CompletionMode, ULONG MaximumInstances, ULONG InboundQuota, ULONG OutboundQuota, PLARGE_INTEGER DefaultTimeout); | ||
| // NtQueryInformationFile | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTQUERYINFORMATIONFILE)(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass); | ||
| // NtSetInformationFile | ||
| typedef NTSTATUS (NTAPI* LPPROC_NTSETINFORMATIONFILE)(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass); | ||
|
|
||
|
|
||
| // **NATIVE APIs (RUNTIME LIBRARY)** | ||
| // RtlAllocateHeap | ||
| typedef PVOID (NTAPI* LPPROC_RTLALLOCATEHEAP)(PVOID HeapHandle, ULONG Flags, SIZE_T Size); | ||
| // RtlZeroMemory | ||
| typedef VOID (NTAPI* LPPROC_RTLZEROMEMORY)(PVOID Destination, SIZE_T Length); | ||
| // RtlInitUnicodeString | ||
| typedef NTSTATUS (NTAPI* LPPROC_RTLINITUNICODESTRING)(PUNICODE_STRING DestinationString, PCWSTR SourceString); | ||
| // RtlStringCatW | ||
| typedef NTSTATUS (NTAPI* LPPROC_RTLSTRINGCCHCATW)(LPWSTR pszDest, SIZE_T cchDest, LPCWSTR pszSrc); | ||
| // RtlStringCchCopyW | ||
| typedef NTSTATUS (NTAPI* LPPROC_RTLSTRINGCCHCOPYW)(LPWSTR pszDest, SIZE_T cchDest, LPCWSTR pszSrc); | ||
| // RtlStringCchLengthW | ||
| typedef NTSTATUS (NTAPI* LPPROC_RTLSTRINGCCHLENGTHW)(PCWSTR psz, SIZE_T cchMax, SIZE_T *pcchLength); | ||
| // RtlQuerySystemInformation | ||
| typedef NTSTATUS (NTAPI* LPPROC_RTLQUERYSYSTEMINFORMATION)(SYSTEM_INFORMATION_CLASS SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength); | ||
| // RtlExpandEnvironmentStrings | ||
| typedef NTSTATUS (NTAPI* LPPROC_RTLEXPANDENVIRONMENTSTRINGS)(PVOID Environment, PCWSTR Source, SIZE_T SourceLength, PWSTR Destination, SIZE_T DestinationLength, PSIZE_T ReturnLength); | ||
| // RtlNtStatusToDosError | ||
| typedef DWORD (NTAPI* LPPROC_RTLNTSTATUSTODOSERROR)(NTSTATUS Status); | ||
|
|
||
| // **WINAPIs** | ||
| // WinHttpOpen | ||
| typedef HINTERNET (WINAPI* LPPROC_WINHTTPOPEN)(LPCWSTR pszAgentW, DWORD dwAccessType, LPCWSTR pszProxyW, LPCWSTR pszProxyBypassW, DWORD dwFlags); | ||
| // WinHttpConnect | ||
| typedef HINTERNET (WINAPI* LPPROC_WINHTTPCONNECT)(HINTERNET hSession, LPCWSTR pswzServerName, INTERNET_PORT nServerPort, DWORD dwReserved); | ||
| // WinHttpOpenRequest | ||
| typedef HINTERNET (WINAPI* LPPROC_WINHTTPOPENREQUEST)(HINTERNET hConnect, LPCWSTR pwszVerb, LPCWSTR pwszObjectName, LPCWSTR pwszVersion, LPCWSTR pwszReferrer, LPCWSTR *ppwszAcceptTypes, DWORD dwFlags); | ||
| // WinHttpSetOption | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPSETOPTION)(HINTERNET hInternet, DWORD dwOption, LPVOID lpBuffer, DWORD dwBufferLength); | ||
| // WinHttpSendRequest | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPSENDREQUEST)(HINTERNET hRequest, LPCWSTR lpszHeaders, DWORD dwHeadersLength, LPVOID lpOptional, DWORD dwOptionalLength, DWORD dwTotalLength, DWORD_PTR dwContext); | ||
| // WinHttpWriteData | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPWRITEDATA)(HINTERNET hRequest, LPCVOID lpBuffer, DWORD dwNumberOfBytesToWrite, LPDWORD lpdwNumberOfBytesWritten); | ||
| // WinHttpReceiveResponse | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPRECEIVERESPONSE)(HINTERNET hRequest, LPVOID lpReserved); | ||
| // winHttpQueryHeaders | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPQUERYHEADERS)(HINTERNET hRequest, DWORD dwInfoLevel, LPCWSTR pwszName, LPVOID lpBuffer, LPDWORD lpdwBufferLength, LPDWORD lpdwIndex); | ||
| // WinHttpQueryDataAvailable | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPQUERYDATAAVAILABLE)(HINTERNET hRequest, LPDWORD lpdwNumberOfBytesAvailable); | ||
| // WinHttpReadData | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPREADDATA)(HINTERNET hRequest, LPVOID lpBuffer, DWORD dwNumberOfBytesLength, LPDWORD lpdwNumberOfBytesRead); | ||
| // WinHttpCloseHandle | ||
| typedef BOOL (WINAPI* LPPROC_WINHTTPCLOSEHANDLE)(HINTERNET hInternet); | ||
|
|
||
| struct PROCS | ||
| { | ||
| // NT Functions | ||
| LPPROC_NTOPENPROCESS lpNtOpenProcess; | ||
| LPPROC_NTALLOCATEVIRTUALMEMORY lpNtAllocateVirtualMemory; | ||
| LPPROC_NTWRITEVIRTUALMEMORY lpNtWriteVirtualMemory; | ||
| LPPROC_NTCREATETHREADEX lpNtCreateThreadEx; | ||
| LPPROC_NTWAITFORSINGLEOBJECT lpNtWaitForSingleObject; | ||
| LPPROC_NTCLOSE lpNtClose; | ||
| // Runtime Library Functions | ||
| LPPROC_RTLALLOCATEHEAP lpRtlAllocateHeap; | ||
| // WinHTTP Functions | ||
| LPPROC_WINHTTPOPEN lpWinHttpOpen; | ||
| LPPROC_WINHTTPCONNECT lpWinHttpConnect; | ||
| LPPROC_WINHTTPOPENREQUEST lpWinHttpOpenRequest; | ||
| LPPROC_WINHTTPSETOPTION lpWinHttpSetOption; | ||
| LPPROC_WINHTTPSENDREQUEST lpWinHttpSendRequest; | ||
| LPPROC_WINHTTPWRITEDATA lpWinHttpWriteData; | ||
| LPPROC_WINHTTPRECEIVERESPONSE lpWinHttpReceiveResponse; | ||
| LPPROC_WINHTTPQUERYHEADERS lpWinHttpQueryHeaders; | ||
| LPPROC_WINHTTPQUERYDATAAVAILABLE lpWinHttpQueryDataAvailable; | ||
| LPPROC_WINHTTPREADDATA lpWinHttpReadData; | ||
| LPPROC_WINHTTPCLOSEHANDLE lpWinHttpCloseHandle; | ||
| }; | ||
| // **NATIVE APIs** | ||
| LPPROC_NTCREATEPROCESS lpNtCreateProcess = nullptr; | ||
| LPPROC_NTOPENPROCESS lpNtOpenProcess = nullptr; | ||
| LPPROC_NTTERMINATEPROCESS lpNtTerminateProcess = nullptr; | ||
| LPPROC_NTSETINFORMATIONPROCESS lpNtSetInformationProcess = nullptr; | ||
| LPPROC_NTCREATETHREADEX lpNtCreateThreadEx = nullptr; | ||
| LPPROC_NTRESUMETHREAD lpNtResumeThread = nullptr; | ||
| LPPROC_NTALLOCATEVIRTUALMEMORY lpNtAllocateVirtualMemory = nullptr; | ||
| LPPROC_NTWRITEVIRTUALMEMORY lpNtWriteVirtualMemory = nullptr; | ||
| LPPROC_NTFREEVIRTUALMEMORY lpNtFreeVirtualMemory = nullptr; | ||
| LPPROC_NTDUPLICATEOBJECT lpNtDuplicateObject = nullptr; | ||
| LPPROC_NTWAITFORSINGLEOBJECT lpNtWaitForSingleObject = nullptr; | ||
| LPPROC_NTCLOSE lpNtClose = nullptr; | ||
| LPPROC_NTCREATEFILE lpNtCreateFile = nullptr; | ||
| LPPROC_NTREADFILE lpNtReadFile = nullptr; | ||
| LPPROC_NTWRITEFILE lpNtWriteFile = nullptr; | ||
| LPPROC_NTCREATENAMEDPIPEFILE lpNtCreateNamedPipeFile = nullptr; | ||
| LPPROC_NTQUERYINFORMATIONFILE lpNtQueryInformationFile = nullptr; | ||
| LPPROC_NTSETINFORMATIONFILE lpNtSetInformationFile = nullptr; | ||
|
|
||
| // **RUNTIME LIBRARY APIs** | ||
| LPPROC_RTLALLOCATEHEAP lpRtlAllocateHeap = nullptr; | ||
| LPPROC_RTLZEROMEMORY lpRtlZeroMemory = nullptr; | ||
| LPPROC_RTLINITUNICODESTRING lpRtlInitUnicodeString = nullptr; | ||
| LPPROC_RTLSTRINGCCHCATW lpRtlStringCchCatW = nullptr; | ||
| LPPROC_RTLSTRINGCCHCOPYW lpRtlStringCchCopyW = nullptr; | ||
| LPPROC_RTLSTRINGCCHLENGTHW lpRtlStringCchLengthW = nullptr; | ||
| LPPROC_RTLQUERYSYSTEMINFORMATION lpRtlQuerySystemInformation = nullptr; | ||
| LPPROC_RTLEXPANDENVIRONMENTSTRINGS lpRtlExpandEnvironmentStrings = nullptr; | ||
| LPPROC_RTLNTSTATUSTODOSERROR lpRtlNtStatusToDosError = nullptr; | ||
|
|
||
| // **WINAPIs** | ||
| LPPROC_WINHTTPOPEN lpWinHttpOpen = nullptr; | ||
| LPPROC_WINHTTPCONNECT lpWinHttpConnect = nullptr; | ||
| LPPROC_WINHTTPOPENREQUEST lpWinHttpOpenRequest = nullptr; | ||
| LPPROC_WINHTTPSETOPTION lpWinHttpSetOption = nullptr; | ||
| LPPROC_WINHTTPSENDREQUEST lpWinHttpSendRequest = nullptr; | ||
| LPPROC_WINHTTPWRITEDATA lpWinHttpWriteData = nullptr; | ||
| LPPROC_WINHTTPRECEIVERESPONSE lpWinHttpReceiveResponse = nullptr; | ||
| LPPROC_WINHTTPQUERYHEADERS lpWinHttpQueryHeaders = nullptr; | ||
| LPPROC_WINHTTPQUERYDATAAVAILABLE lpWinHttpQueryDataAvailable = nullptr; | ||
| LPPROC_WINHTTPREADDATA lpWinHttpReadData = nullptr; | ||
| LPPROC_WINHTTPCLOSEHANDLE lpWinHttpCloseHandle = nullptr; | ||
| }; | ||
| typedef PROCS* PPROCS; | ||
|
|
||
| PPROCS FindProcs(HMODULE hNTDLL, HMODULE hWinHTTPDLL); | ||
| PPROCS FindProcs(HMODULE hNTDLL, HMODULE hWinHTTPDLL, BOOL bIndirectSyscalls); | ||
| } | ||
|
|
||
| #endif // HERMIT_CORE_PROCS_HPP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.