Started security.

author: auth12 <[email protected]> 2020-08-01 11:15:55 -0700
committer: auth12 <[email protected]> 2020-08-01 11:15:55 -0700
commit: 5bbda279685f52693d4f5d9cb1500e295e06fc1e (patch)
tree: 87cc4aa993afe879f8b5dffbbe7013dcf8e5dc44 /client/src/util/native.h
parent: Added server support for both x64 and x32 images with automatic selection. (diff)
download: loader-5bbda279685f52693d4f5d9cb1500e295e06fc1e.tar.xz
loader-5bbda279685f52693d4f5d9cb1500e295e06fc1e.zip
1 files changed, 15 insertions, 143 deletions
diff --git a/client/src/util/native.h b/client/src/util/native.h
index 9c8cef7..31348ee 100644
--- a/client/src/util/native.h
+++ b/client/src/util/native.h
@@ -60,12 +60,11 @@ namespace native {
 		UNICODE_STRING			BaseDllName;
 	};
 
-	template<bool x64, typename base_type = typename std::conditional<x64, IMAGE_NT_HEADERS64, IMAGE_NT_HEADERS32>::type>
-	struct nt_headers_t : base_type {};
-
 	template<class P>
 	struct peb_t {
-		std::uint8_t _ignored[4];
+		uint8_t _ignored[2];
+		uint8_t being_debugged;
+		uint8_t bitfield;
 		P            _ignored2[2];
 		P            Ldr;
 	};
@@ -86,8 +85,8 @@ namespace native {
 
 	template<class P>
 	struct unicode_string_t {
-		std::uint16_t Length;
-		std::uint16_t MaximumLength;
+		uint16_t Length;
+		uint16_t MaximumLength;
 		P             Buffer;
 	};
 
@@ -105,141 +104,6 @@ namespace native {
 		unicode_string_t<P> FullDllName;
 	};
 
-
-#pragma pack(push, 4)
-	struct reloc_entry_t {
-		uint16_t                    offset  : 12;
-		uint16_t                    type    : 4;
-	};
-
-	struct reloc_block_t {
-		uint32_t                    base_rva;
-		uint32_t                    size_block;
-		reloc_entry_t               entries[ 1 ];   // Variable length array
-
-
-		inline reloc_block_t* get_next() { return ( reloc_block_t* ) ( ( char* ) this + this->size_block ); }
-		inline uint32_t num_entries() { return ( reloc_entry_t* ) get_next() - &entries[ 0 ]; }
-	};
-
-	struct image_named_import_t
-	{
-		uint16_t            hint;
-		char                name[ 1 ];
-	};
-
-#pragma pack(push, 8)
-	struct image_thunk_data_x64_t
-	{
-		union
-		{
-			uint64_t        forwarder_string;
-			uint64_t        function;
-			uint64_t        address;                   // -> image_named_import_t
-			struct
-			{
-				uint64_t    ordinal     : 16;
-				uint64_t    _reserved0  : 47;
-				uint64_t    is_ordinal  : 1;
-			};
-		};
-	};
-#pragma pack(pop)
-
-	struct image_thunk_data_x86_t
-	{
-		union
-		{
-			uint32_t        forwarder_string;
-			uint32_t        function;
-			uint32_t        address;                   // -> image_named_import_t
-			struct
-			{
-				uint32_t    ordinal     : 16;
-				uint32_t    _reserved0  : 15;
-				uint32_t    is_ordinal  : 1;
-			};
-		};
-	};
-#pragma pack(pop)
-
-	template<bool x64,
-		typename base_type = typename std::conditional<x64, image_thunk_data_x64_t, image_thunk_data_x86_t>::type>
-		struct image_thunk_data_t : base_type {};
-
-	typedef struct _PROCESS_EXTENDED_BASIC_INFORMATION
-	{
-		SIZE_T Size; // set to sizeof structure on input
-		PROCESS_BASIC_INFORMATION BasicInfo;
-		union
-		{
-			ULONG Flags;
-			struct
-			{
-				ULONG IsProtectedProcess : 1;
-				ULONG IsWow64Process : 1;
-				ULONG IsProcessDeleting : 1;
-				ULONG IsCrossSessionCreate : 1;
-				ULONG IsFrozen : 1;
-				ULONG IsBackground : 1;
-				ULONG IsStronglyNamed : 1;
-				ULONG IsSecureProcess : 1;
-				ULONG IsSubsystemProcess : 1;
-				ULONG SpareBits : 23;
-			};
-		};
-	} PROCESS_EXTENDED_BASIC_INFORMATION, *PPROCESS_EXTENDED_BASIC_INFORMATION;
-
-
-	typedef enum _SYSTEM_INFORMATION_CLASS {
-		SystemBasicInformation,
-		SystemProcessorInformation,
-		SystemPerformanceInformation,
-		SystemTimeOfDayInformation,
-		SystemPathInformation,
-		SystemProcessInformation,
-		SystemCallCountInformation,
-		SystemDeviceInformation,
-		SystemProcessorPerformanceInformation,
-		SystemFlagsInformation,
-		SystemCallTimeInformation,
-		SystemModuleInformation,
-		SystemLocksInformation,
-		SystemStackTraceInformation,
-		SystemPagedPoolInformation,
-		SystemNonPagedPoolInformation,
-		SystemHandleInformation,
-		SystemObjectInformation,
-		SystemPageFileInformation,
-		SystemVdmInstemulInformation,
-		SystemVdmBopInformation,
-		SystemFileCacheInformation,
-		SystemPoolTagInformation,
-		SystemInterruptInformation,
-		SystemDpcBehaviorInformation,
-		SystemFullMemoryInformation,
-		SystemLoadGdiDriverInformation,
-		SystemUnloadGdiDriverInformation,
-		SystemTimeAdjustmentInformation,
-		SystemSummaryMemoryInformation,
-		SystemNextEventIdInformation,
-		SystemEventIdsInformation,
-		SystemCrashDumpInformation,
-		SystemExceptionInformation,
-		SystemCrashDumpStateInformation,
-		SystemKernelDebuggerInformation,
-		SystemContextSwitchInformation,
-		SystemRegistryQuotaInformation,
-		SystemExtendServiceTableInformation,
-		SystemPrioritySeperation,
-		SystemPlugPlayBusInformation,
-		SystemDockInformation,
-		SystemPowerInformation,
-		SystemProcessorSpeedInformation,
-		SystemCurrentTimeZoneInformation,
-		SystemLookasideInformation
-	} SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;
-
 	typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO {
 		USHORT UniqueProcessId;
 		USHORT CreatorBackTraceIndex;
@@ -287,15 +151,23 @@ namespace native {
 		ULONG Unk[2];
 	};
 
-	using NtQuerySystemInformation = NTSTATUS(__stdcall*)(native::SYSTEM_INFORMATION_CLASS, PVOID, SIZE_T, PULONG);
+	struct PROCESS_EXTENDED_BASIC_INFORMATION {
+		SIZE_T Size; // set to sizeof structure on input
+		PROCESS_BASIC_INFORMATION BasicInfo;
+		uint8_t Flags;
+	};
+
+	using NtQuerySystemInformation = NTSTATUS(__stdcall*)(SYSTEM_INFORMATION_CLASS, PVOID, SIZE_T, PULONG);
 	using NtOpenProcess = NTSTATUS(__stdcall*)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, CLIENT_ID*);
+	using NtOpenThread = NTSTATUS(__stdcall*)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, CLIENT_ID*);
 	using NtReadVirtualMemory = NTSTATUS(__stdcall*)(HANDLE, PVOID, PVOID, SIZE_T, PULONG);
 	using NtAllocateVirtualMemory = NTSTATUS(__stdcall*)(HANDLE, PVOID*, ULONG_PTR, PSIZE_T, ULONG, ULONG);
-	using NtWiteVirtualMemory = NTSTATUS(__stdcall*)(HANDLE, PVOID, PVOID, ULONG, PULONG);
+	using NtWriteVirtualMemory = NTSTATUS(__stdcall*)(HANDLE, PVOID, PVOID, ULONG, PULONG);
 	using NtClose = NTSTATUS(__stdcall*)(HANDLE);
 	using NtFreeVirtualMemory = NTSTATUS(__stdcall*)(HANDLE, PVOID*, PSIZE_T, ULONG);
 	using NtQueryInformationProcess = NTSTATUS(__stdcall*)(HANDLE, PROCESSINFOCLASS, PVOID, SIZE_T, PULONG);
 	using NtWaitForSingleObject = NTSTATUS(__stdcall*)(HANDLE, BOOLEAN, PLARGE_INTEGER);
 	using NtCreateThreadEx = NTSTATUS(__stdcall*)(PHANDLE, ACCESS_MASK, PVOID, HANDLE, LPTHREAD_START_ROUTINE, PVOID, ULONG, ULONG_PTR, SIZE_T, SIZE_T, PVOID);
+	using NtGetContextThread = NTSTATUS(__stdcall*)(HANDLE, PCONTEXT);
 
 };  // namespace native
 \ No newline at end of file
author	auth12 <[email protected]>	2020-08-01 11:15:55 -0700
committer	auth12 <[email protected]>	2020-08-01 11:15:55 -0700
commit	5bbda279685f52693d4f5d9cb1500e295e06fc1e (patch)
tree	87cc4aa993afe879f8b5dffbbe7013dcf8e5dc44 /client/src/util/native.h
parent	Added server support for both x64 and x32 images with automatic selection. (diff)
download	loader-5bbda279685f52693d4f5d9cb1500e295e06fc1e.tar.xz loader-5bbda279685f52693d4f5d9cb1500e295e06fc1e.zip