Skip to content

Commit

Permalink
fixed (maybe): redeclaration error in nt.hpp
Browse files Browse the repository at this point in the history
  • Loading branch information
@hideckies
hideckies committed May 27, 2024
1 parent 7af6706 commit fc8872e
Show file tree
Hide file tree
Showing 16 changed files with 3,134 additions and 3,100 deletions.
Empty file removed payload/win/implant/build/.gitkeep
View file
Empty file.
1 change: 1 addition & 0 deletions payload/win/implant/include/core/modules.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
#include "core/procs.hpp"

#include <windows.h>
#include <ntstatus.h>

namespace Modules
{
Expand Down
13 changes: 12 additions & 1 deletion payload/win/implant/include/core/nt.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
#define HERMIT_CORE_NTDLL_H

#include <windows.h>
#include <subauth.h>

// Forward Declaration -----------------------
typedef struct _ACTIVATION_CONTEXT ACTIVATION_CONTEXT;
Expand Down Expand Up @@ -653,6 +652,18 @@ typedef enum _LDR_DDAG_STATE
LdrModulesReadyToRun = 9
} LDR_DDAG_STATE;

typedef struct _STRING {
USHORT Length;
USHORT MaximumLength;
PCHAR Buffer;
} STRING;

typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;

typedef struct
{
WORD offset:12;
Expand Down
Empty file removed payload/win/loader/build/.gitkeep
View file
Empty file.
2,866 changes: 1,436 additions & 1,430 deletions payload/win/loader/include/core/nt.hpp
View file

Large diffs are not rendered by default.

40 changes: 20 additions & 20 deletions payload/win/loader/include/core/procs.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,55 +145,55 @@ namespace Procs
// **NTAPI**

// LdrLoadDll
typedef NTSTATUS (NTAPI* LPPROC_LDRLOADDLL)( PWSTR DllPath, PULONG DllCharacteristics, PUNICODE_STRING DllName, PVOID *DllHandle);
typedef NTSTATUS (NTAPI* LPPROC_LDRLOADDLL)(PWSTR DllPath, PULONG DllCharacteristics, Nt::PUNICODE_STRING DllName, PVOID *DllHandle);
// NtAllocateVirtualMemory
typedef NTSTATUS (NTAPI* LPPROC_NTALLOCATEVIRTUALMEMORY)(HANDLE ProcessHandle, PVOID* BaseAddress, ULONG ZeroBits, PSIZE_T RegionSize, ULONG AllocationType, ULONG Protect);
// NtClose
typedef NTSTATUS (NTAPI* LPPROC_NTCLOSE)(HANDLE Handle);
// NtCreateFile
typedef NTSTATUS (NTAPI* LPPROC_NTCREATEFILE)(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, PLARGE_INTEGER AllocationSize, ULONG FileAttributes, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, PVOID EaBuffer, ULONG EaLength);
typedef NTSTATUS (NTAPI* LPPROC_NTCREATEFILE)(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, Nt::POBJECT_ATTRIBUTES ObjectAttributes, Nt::PIO_STATUS_BLOCK IoStatusBlock, PLARGE_INTEGER AllocationSize, ULONG FileAttributes, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, PVOID EaBuffer, ULONG EaLength);
// NtCreateNamedPipeFile
typedef NTSTATUS (NTAPI* LPPROC_NTCREATENAMEDPIPEFILE)(PHANDLE FileHandle, ULONG DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, ULONG NamedPipeType, ULONG ReadMode, ULONG CompletionMode, ULONG MaximumInstances, ULONG InboundQuota, ULONG OutboundQuota, PLARGE_INTEGER DefaultTimeout);
typedef NTSTATUS (NTAPI* LPPROC_NTCREATENAMEDPIPEFILE)(PHANDLE FileHandle, ULONG DesiredAccess, Nt::POBJECT_ATTRIBUTES ObjectAttributes, Nt::PIO_STATUS_BLOCK IoStatusBlock, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, ULONG NamedPipeType, ULONG ReadMode, ULONG CompletionMode, ULONG MaximumInstances, ULONG InboundQuota, ULONG OutboundQuota, PLARGE_INTEGER DefaultTimeout);
// NtCreateProcessEx
typedef NTSTATUS (NTAPI* LPPROC_NTCREATEPROCESSEX)(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, HANDLE ParentProcess, ULONG Flags, HANDLE SectionHandle, HANDLE DebugPort, HANDLE TokenHandle, ULONG Reserved);
typedef NTSTATUS (NTAPI* LPPROC_NTCREATEPROCESSEX)(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, Nt::POBJECT_ATTRIBUTES ObjectAttributes, HANDLE ParentProcess, ULONG Flags, HANDLE SectionHandle, HANDLE DebugPort, HANDLE TokenHandle, ULONG Reserved);
// NtCreateSection
typedef NTSTATUS (NTAPI* LPPROC_NTCREATESECTION)(PHANDLE SectionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PLARGE_INTEGER MaximumSize, ULONG SectionPageProtection, ULONG AllocationAttributes, HANDLE FileHandle);
typedef NTSTATUS (NTAPI* LPPROC_NTCREATESECTION)(PHANDLE SectionHandle, ACCESS_MASK DesiredAccess, Nt::POBJECT_ATTRIBUTES ObjectAttributes, PLARGE_INTEGER MaximumSize, ULONG SectionPageProtection, ULONG AllocationAttributes, HANDLE FileHandle);
// NtCreateThreadEx
typedef NTSTATUS (NTAPI* LPPROC_NTCREATETHREADEX)(PHANDLE ThreadHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, HANDLE ProcessHandle, LPTHREAD_START_ROUTINE StartRoutine, PVOID Argument, ULONG CreateFlags, SIZE_T ZeroBits, SIZE_T StackSize, SIZE_T MaximumStackSize, PPS_ATTRIBUTE_LIST AttributeList);
typedef NTSTATUS (NTAPI* LPPROC_NTCREATETHREADEX)(PHANDLE ThreadHandle, ACCESS_MASK DesiredAccess, Nt::POBJECT_ATTRIBUTES ObjectAttributes, HANDLE ProcessHandle, LPTHREAD_START_ROUTINE StartRoutine, PVOID Argument, ULONG CreateFlags, SIZE_T ZeroBits, SIZE_T StackSize, SIZE_T MaximumStackSize, Nt::PPS_ATTRIBUTE_LIST AttributeList);
// NtDuplicateObject
typedef NTSTATUS (NTAPI* LPPROC_NTDUPLICATEOBJECT)(HANDLE SourceProcessHandle, PHANDLE SourceHandle, HANDLE TargetProcessHandle, PHANDLE TargetHandle, ACCESS_MASK DesiredAccess, BOOLEAN InheritHandle, ULONG Options);
// NtFreeVirtualMemory
typedef NTSTATUS (NTAPI* LPPROC_NTFREEVIRTUALMEMORY)(HANDLE ProcessHandle, PVOID* BaseAddress, PSIZE_T RegionSize, ULONG FreeType);
// NtGetContextThread
typedef NTSTATUS (NTAPI* LPPROC_NTGETCONTEXTTHREAD)(HANDLE ThreadHandle, PCONTEXT ThreadContext);
// NtMapViewOfSection
typedef NTSTATUS (NTAPI* LPPROC_NTMAPVIEWOFSECTION)(HANDLE SectionHandle, HANDLE ProcessHandle, PVOID *BaseAddress, ULONG_PTR ZeroBits, SIZE_T CommitSize, PLARGE_INTEGER SectionOffset, PSIZE_T ViewSize, SECTION_INHERIT InheritDisposition, ULONG AllocationType, ULONG Win32Protect);
typedef NTSTATUS (NTAPI* LPPROC_NTMAPVIEWOFSECTION)(HANDLE SectionHandle, HANDLE ProcessHandle, PVOID *BaseAddress, ULONG_PTR ZeroBits, SIZE_T CommitSize, PLARGE_INTEGER SectionOffset, PSIZE_T ViewSize, Nt::SECTION_INHERIT InheritDisposition, ULONG AllocationType, ULONG Win32Protect);
// NtOpenProcess
typedef NTSTATUS (NTAPI* LPPROC_NTOPENPROCESS)(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PCLIENT_ID ClientId);
typedef NTSTATUS (NTAPI* LPPROC_NTOPENPROCESS)(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, Nt::POBJECT_ATTRIBUTES ObjectAttributes, Nt::PCLIENT_ID ClientId);
// NtOpenProcessToken
typedef NTSTATUS (NTAPI* LPPROC_NTOPENPROCESSTOKEN)( HANDLE ProcessHandle, ACCESS_MASK DesiredAccess, PHANDLE TokenHandle);
// NtOpenThread
typedef NTSTATUS (NTAPI* LPPROC_NTOPENTHREAD)(PHANDLE ThreadHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PCLIENT_ID ClientId);
typedef NTSTATUS (NTAPI* LPPROC_NTOPENTHREAD)(PHANDLE ThreadHandle, ACCESS_MASK DesiredAccess, Nt::POBJECT_ATTRIBUTES ObjectAttributes, Nt::PCLIENT_ID ClientId);
// NtProtectVirtualMemory
typedef NTSTATUS (NTAPI* LPPROC_NTPROTECTVIRTUALMEMORY)(HANDLE ProcessHandle, PVOID* BaseAddress, PSIZE_T RegionSize, ULONG NewProtect, PULONG OldProtect);
// NtReadFile
typedef NTSTATUS (NTAPI* LPPROC_NTREADFILE)(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG Length, PLARGE_INTEGER ByteOffset, PULONG Key);
typedef NTSTATUS (NTAPI* LPPROC_NTREADFILE)(HANDLE FileHandle, HANDLE Event, Nt::PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, Nt::PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG Length, PLARGE_INTEGER ByteOffset, PULONG Key);
// NtReadVirtualMemory
typedef NTSTATUS (NTAPI* LPPROC_NTREADVIRTUALMEMORY)(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, SIZE_T BufferSize, PSIZE_T NumberOfBytesRead);
// NtQueryInformationFile
typedef NTSTATUS (NTAPI* LPPROC_NTQUERYINFORMATIONFILE)(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass);
typedef NTSTATUS (NTAPI* LPPROC_NTQUERYINFORMATIONFILE)(HANDLE FileHandle, Nt::PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, Nt::FILE_INFORMATION_CLASS FileInformationClass);
// NtQueryInformationProcess
typedef NTSTATUS (NTAPI* LPPROC_NTQUERYINFORMATIONPROCESS)(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength);
typedef NTSTATUS (NTAPI* LPPROC_NTQUERYINFORMATIONPROCESS)(HANDLE ProcessHandle, Nt::PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength);
// NtQueryVirtualMemory
typedef NTSTATUS (NTAPI* LPPROC_NTQUERYVIRTUALMEMORY)(HANDLE ProcessHandle, PVOID BaseAddress, MEMORY_INFORMATION_CLASS MemoryInformationClass, PVOID MemoryInformation, SIZE_T MemoryInformationLength, PSIZE_T ReturnLength);
typedef NTSTATUS (NTAPI* LPPROC_NTQUERYVIRTUALMEMORY)(HANDLE ProcessHandle, PVOID BaseAddress, Nt::MEMORY_INFORMATION_CLASS MemoryInformationClass, PVOID MemoryInformation, SIZE_T MemoryInformationLength, PSIZE_T ReturnLength);
// NtResumeThread
typedef NTSTATUS (NTAPI* LPPROC_NTRESUMETHREAD)(HANDLE ThreadHandle, PULONG PreviousSuspendCount);
// NtSetContextThread
typedef NTSTATUS (NTAPI* LPPROC_NTSETCONTEXTTHREAD)(HANDLE ThreadHandle, PCONTEXT ThreadContext);
// NtSetInformationFile
typedef NTSTATUS (NTAPI* LPPROC_NTSETINFORMATIONFILE)(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass);
typedef NTSTATUS (NTAPI* LPPROC_NTSETINFORMATIONFILE)(HANDLE FileHandle, Nt::PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, Nt::FILE_INFORMATION_CLASS FileInformationClass);
// NtSetInformationProcess
typedef NTSTATUS (NTAPI* LPPROC_NTSETINFORMATIONPROCESS)(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength);
typedef NTSTATUS (NTAPI* LPPROC_NTSETINFORMATIONPROCESS)(HANDLE ProcessHandle, Nt::PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength);
// NtTerminateProcess
typedef NTSTATUS (NTAPI* LPPROC_NTTERMINATEPROCESS)(HANDLE ProcessHandle, NTSTATUS ExitStatus);
// NtUnmapViewOfSection
Expand All @@ -203,24 +203,24 @@ namespace Procs
// NtWaitForSingleObject
typedef NTSTATUS (NTAPI* LPPROC_NTWAITFORSINGLEOBJECT)(HANDLE Handle, BOOLEAN Alertable, PLARGE_INTEGER Timeout);
// NtWriteFile
typedef NTSTATUS (NTAPI* LPPROC_NTWRITEFILE)(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG Length, PLARGE_INTEGER ByteOffset, PULONG Key);
typedef NTSTATUS (NTAPI* LPPROC_NTWRITEFILE)(HANDLE FileHandle, HANDLE Event, Nt::PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, Nt::PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG Length, PLARGE_INTEGER ByteOffset, PULONG Key);

// RtlAllocateHeap
typedef PVOID (NTAPI* LPPROC_RTLALLOCATEHEAP)(PVOID HeapHandle, ULONG Flags, SIZE_T Size);
// RtlCreateProcessReflection
typedef NTSTATUS (NTAPI* LPPROC_RTLCREATEPROCESSREFLECTION)(HANDLE ProcessHandle, ULONG Flags, PVOID StartRoutine, PVOID StartContext, HANDLE EventHandle, PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION ReflectionInformation);
typedef NTSTATUS (NTAPI* LPPROC_RTLCREATEPROCESSREFLECTION)(HANDLE ProcessHandle, ULONG Flags, PVOID StartRoutine, PVOID StartContext, HANDLE EventHandle, Nt::PRTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION ReflectionInformation);
// RtlCreateUserThread
typedef NTSTATUS (NTAPI* LPPROC_RTLCREATEUSERTHREAD)(HANDLE ProcessHandle, PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, BOOLEAN CreateSuspended, ULONG ZeroBits, SIZE_T MaximumStackSize, SIZE_T CommittedStackSize, PUSER_THREAD_START_ROUTINE StartAddress, PVOID Parameter, PHANDLE ThreadHandle, PCLIENT_ID ClientId);
typedef NTSTATUS (NTAPI* LPPROC_RTLCREATEUSERTHREAD)(HANDLE ProcessHandle, PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, BOOLEAN CreateSuspended, ULONG ZeroBits, SIZE_T MaximumStackSize, SIZE_T CommittedStackSize, Nt::PUSER_THREAD_START_ROUTINE StartAddress, PVOID Parameter, PHANDLE ThreadHandle, Nt::PCLIENT_ID ClientId);
// RtlExpandEnvironmentStrings
typedef NTSTATUS (NTAPI* LPPROC_RTLEXPANDENVIRONMENTSTRINGS)(PVOID Environment, PCWSTR Source, SIZE_T SourceLength, PWSTR Destination, SIZE_T DestinationLength, PSIZE_T ReturnLength);
// RtlGetFullPathName_U
typedef NTSTATUS (NTAPI* LPPROC_RTLGETFULLPATHNAME_U)(PCWSTR FileName, ULONG BufferLength, PWSTR Buffer, PWSTR *FilePart);
// RtlInitUnicodeString
typedef NTSTATUS (NTAPI* LPPROC_RTLINITUNICODESTRING)(PUNICODE_STRING DestinationString, PCWSTR SourceString);
typedef NTSTATUS (NTAPI* LPPROC_RTLINITUNICODESTRING)(Nt::PUNICODE_STRING DestinationString, PCWSTR SourceString);
// RtlNtStatusToDosError
typedef DWORD (NTAPI* LPPROC_RTLNTSTATUSTODOSERROR)(NTSTATUS Status);
// RtlQuerySystemInformation
typedef NTSTATUS (NTAPI* LPPROC_RTLQUERYSYSTEMINFORMATION)(SYSTEM_INFORMATION_CLASS SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength);
typedef NTSTATUS (NTAPI* LPPROC_RTLQUERYSYSTEMINFORMATION)(Nt::SYSTEM_INFORMATION_CLASS SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength);
// RtlStringCchCatW
typedef NTSTATUS (NTAPI* LPPROC_RTLSTRINGCCHCATW)(LPWSTR pszDest, SIZE_T cchDest, LPCWSTR pszSrc);
// RtlStringCchCopyW
Expand Down
2 changes: 1 addition & 1 deletion payload/win/loader/include/core/state.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ namespace State
struct STATE
{
// TEB
PTEB pTeb;
Nt::PTEB pTeb;

// Crypto
Crypt::PCRYPT pCrypt;
Expand Down
12 changes: 6 additions & 6 deletions payload/win/loader/src/core/modules.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,13 +39,13 @@ namespace Modules

PVOID GetModuleByHash(DWORD dwHash)
{
PTEB pTeb = NtCurrentTeb();
Nt::PTEB pTeb = (Nt::PTEB)NtCurrentTeb();
// PPEB pPeb = (PPEB)PPEB_PTR;
PPEB pPeb = pTeb->ProcessEnvironmentBlock;
PPEB_LDR_DATA pLdr = (PPEB_LDR_DATA)pPeb->Ldr;
Nt::PPEB pPeb = pTeb->ProcessEnvironmentBlock;
Nt::PPEB_LDR_DATA pLdr = (Nt::PPEB_LDR_DATA)pPeb->Ldr;

// Get the first entry
PLDR_DATA_TABLE_ENTRY pDte = (PLDR_DATA_TABLE_ENTRY)pLdr->InLoadOrderModuleList.Flink;
Nt::PLDR_DATA_TABLE_ENTRY pDte = (Nt::PLDR_DATA_TABLE_ENTRY)pLdr->InLoadOrderModuleList.Flink;

while (pDte)
{
Expand All @@ -55,7 +55,7 @@ namespace Modules
}

// Get the next entry
pDte = *(PLDR_DATA_TABLE_ENTRY*)(pDte);
pDte = *(Nt::PLDR_DATA_TABLE_ENTRY*)(pDte);
}

return nullptr;
Expand All @@ -72,7 +72,7 @@ namespace Modules
for (wStr2 = lpcDllName; *wStr2; ++wStr2);
USHORT uDllNameLen = (wStr2 - lpcDllName) * sizeof(WCHAR);

UNICODE_STRING usDllName = {0};
Nt::UNICODE_STRING usDllName = {0};
usDllName.Buffer = lpDllName;
usDllName.Length = uDllNameLen;
usDllName.MaximumLength = uDllNameLen + sizeof(WCHAR);
Expand Down
34 changes: 17 additions & 17 deletions payload/win/loader/src/core/system/fs.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,9 @@ namespace System::Fs
HANDLE hFile;

// Open file
IO_STATUS_BLOCK ioStatusBlock;
OBJECT_ATTRIBUTES objAttr;
UNICODE_STRING uniFilePath;
Nt::IO_STATUS_BLOCK ioStatusBlock;
Nt::OBJECT_ATTRIBUTES objAttr;
Nt::UNICODE_STRING uniFilePath;

std::wstring wFileAbsPath = System::Fs::AbsolutePathGet(pProcs, wFilePath, TRUE);
CallSysInvoke(
Expand All @@ -52,7 +52,7 @@ namespace System::Fs
&uniFilePath,
wFileAbsPath.c_str()
);
InitializeObjectAttributes(&objAttr, &uniFilePath, OBJ_CASE_INSENSITIVE, nullptr, nullptr);
MyInitializeObjectAttributes(&objAttr, &uniFilePath, OBJ_CASE_INSENSITIVE, nullptr, nullptr);

status = pProcs->lpNtCreateFile(
&hFile,
Expand Down Expand Up @@ -83,9 +83,9 @@ namespace System::Fs
HANDLE hFile;

// Open file
IO_STATUS_BLOCK ioStatusBlock;
OBJECT_ATTRIBUTES objAttr;
UNICODE_STRING uniFilePath;
Nt::IO_STATUS_BLOCK ioStatusBlock;
Nt::OBJECT_ATTRIBUTES objAttr;
Nt::UNICODE_STRING uniFilePath;

std::wstring wFileAbsPath = System::Fs::AbsolutePathGet(pProcs, wFilePath, TRUE);
CallSysInvoke(
Expand All @@ -94,7 +94,7 @@ namespace System::Fs
&uniFilePath,
wFileAbsPath.c_str()
);
InitializeObjectAttributes(&objAttr, &uniFilePath, OBJ_CASE_INSENSITIVE, nullptr, nullptr);
MyInitializeObjectAttributes(&objAttr, &uniFilePath, OBJ_CASE_INSENSITIVE, nullptr, nullptr);

status = CallSysInvoke(
&pProcs->sysNtCreateFile,
Expand All @@ -117,15 +117,15 @@ namespace System::Fs
}

// Get file size
FILE_STANDARD_INFORMATION fileInfo;
Nt::FILE_STANDARD_INFORMATION fileInfo;
status = CallSysInvoke(
&pProcs->sysNtQueryInformationFile,
pProcs->lpNtQueryInformationFile,
hFile,
&ioStatusBlock,
&fileInfo,
sizeof(fileInfo),
FileStandardInformation
Nt::FileStandardInformation
);
if (status != STATUS_SUCCESS)
{
Expand Down Expand Up @@ -189,9 +189,9 @@ namespace System::Fs
HANDLE hFile;

// Open file
IO_STATUS_BLOCK ioStatusBlock;
OBJECT_ATTRIBUTES objAttr;
UNICODE_STRING uniFilePath;
Nt::IO_STATUS_BLOCK ioStatusBlock;
Nt::OBJECT_ATTRIBUTES objAttr;
Nt::UNICODE_STRING uniFilePath;

std::wstring wFileAbsPath = System::Fs::AbsolutePathGet(pProcs, wFilePath, TRUE);
status = CallSysInvoke(
Expand All @@ -200,7 +200,7 @@ namespace System::Fs
&uniFilePath,
wFileAbsPath.c_str()
);
InitializeObjectAttributes(&objAttr, &uniFilePath, OBJ_CASE_INSENSITIVE, nullptr, nullptr);
MyInitializeObjectAttributes(&objAttr, &uniFilePath, OBJ_CASE_INSENSITIVE, nullptr, nullptr);

status = CallSysInvoke(
&pProcs->sysNtCreateFile,
Expand Down Expand Up @@ -272,8 +272,8 @@ namespace System::Fs
DWORD dwFileSize;

NTSTATUS status;
IO_STATUS_BLOCK ioStatusBlock;
FILE_STANDARD_INFORMATION fileInfo;
Nt::IO_STATUS_BLOCK ioStatusBlock;
Nt::FILE_STANDARD_INFORMATION fileInfo;

status = CallSysInvoke(
&pProcs->sysNtQueryInformationFile,
Expand All @@ -282,7 +282,7 @@ namespace System::Fs
&ioStatusBlock,
&fileInfo,
sizeof(fileInfo),
FileStandardInformation
Nt::FileStandardInformation
);
if (status != STATUS_SUCCESS)
{
Expand Down
10 changes: 5 additions & 5 deletions payload/win/loader/src/core/system/process.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ namespace System::Process
HANDLE hParentProcess,
HANDLE hToken
) {
OBJECT_ATTRIBUTES objAttr;
UNICODE_STRING uniAppName;
Nt::OBJECT_ATTRIBUTES objAttr;
Nt::UNICODE_STRING uniAppName;

CallSysInvoke(
&pProcs->sysRtlInitUnicodeString,
Expand All @@ -25,7 +25,7 @@ namespace System::Process
{
uAttributes = OBJ_CASE_INSENSITIVE | OBJ_INHERIT;
}
InitializeObjectAttributes(&objAttr, &uniAppName, uAttributes, nullptr, nullptr);
MyInitializeObjectAttributes(&objAttr, &uniAppName, uAttributes, nullptr, nullptr);

HANDLE hProcess;

Expand Down Expand Up @@ -150,10 +150,10 @@ namespace System::Process
DWORD dwDesiredAccess
) {
HANDLE hProcess;
CLIENT_ID clientId;
Nt::CLIENT_ID clientId;
clientId.UniqueProcess = reinterpret_cast<HANDLE>(dwProcessID);
clientId.UniqueThread = nullptr;
static OBJECT_ATTRIBUTES oa = { sizeof(oa) };
static Nt::OBJECT_ATTRIBUTES oa = { sizeof(oa) };

NTSTATUS status = CallSysInvoke(
&pProcs->sysNtOpenProcess,
Expand Down
Loading

0 comments on commit fc8872e

Please sign in to comment.