Add railgun definitions for local exploit relevant functions.
parent
2218063201
commit
a08c420862
|
@ -11,7 +11,7 @@ class Def_kernel32
|
||||||
|
|
||||||
def self.create_dll(dll_path = 'kernel32')
|
def self.create_dll(dll_path = 'kernel32')
|
||||||
dll = DLL.new(dll_path, ApiConstants.manager)
|
dll = DLL.new(dll_path, ApiConstants.manager)
|
||||||
|
|
||||||
dll.add_function( 'GetConsoleWindow', 'LPVOID',[])
|
dll.add_function( 'GetConsoleWindow', 'LPVOID',[])
|
||||||
|
|
||||||
dll.add_function( 'ActivateActCtx', 'BOOL',[
|
dll.add_function( 'ActivateActCtx', 'BOOL',[
|
||||||
|
@ -496,7 +496,7 @@ class Def_kernel32
|
||||||
["HANDLE","hProcess","in"],
|
["HANDLE","hProcess","in"],
|
||||||
["PBLOB","lpThreadAttributes","in"],
|
["PBLOB","lpThreadAttributes","in"],
|
||||||
["DWORD","dwStackSize","in"],
|
["DWORD","dwStackSize","in"],
|
||||||
["PBLOB","lpStartAddress","in"],
|
["LPVOID","lpStartAddress","in"],
|
||||||
["PBLOB","lpParameter","in"],
|
["PBLOB","lpParameter","in"],
|
||||||
["DWORD","dwCreationFlags","in"],
|
["DWORD","dwCreationFlags","in"],
|
||||||
["PDWORD","lpThreadId","out"],
|
["PDWORD","lpThreadId","out"],
|
||||||
|
|
|
@ -12,6 +12,15 @@ class Def_ntdll
|
||||||
def self.create_dll(dll_path = 'ntdll')
|
def self.create_dll(dll_path = 'ntdll')
|
||||||
dll = DLL.new(dll_path, ApiConstants.manager)
|
dll = DLL.new(dll_path, ApiConstants.manager)
|
||||||
|
|
||||||
|
dll.add_function('NtAllocateVirtualMemory', 'DWORD',[
|
||||||
|
["DWORD","ProcessHandle","in"],
|
||||||
|
["PBLOB","BaseAddress","inout"],
|
||||||
|
["PDWORD","ZeroBits","in"],
|
||||||
|
["PBLOB","RegionSize","inout"],
|
||||||
|
["DWORD","AllocationType","in"],
|
||||||
|
["DWORD","Protect","in"]
|
||||||
|
])
|
||||||
|
|
||||||
dll.add_function('NtClose', 'DWORD',[
|
dll.add_function('NtClose', 'DWORD',[
|
||||||
["DWORD","Handle","in"],
|
["DWORD","Handle","in"],
|
||||||
])
|
])
|
||||||
|
@ -33,13 +42,13 @@ class Def_ntdll
|
||||||
dll.add_function('NtDeviceIoControlFile', 'DWORD',[
|
dll.add_function('NtDeviceIoControlFile', 'DWORD',[
|
||||||
["DWORD","FileHandle","in"],
|
["DWORD","FileHandle","in"],
|
||||||
["DWORD","Event","in"],
|
["DWORD","Event","in"],
|
||||||
["PBLOB","ApcRoutine","in"],
|
["LPVOID","ApcRoutine","in"],
|
||||||
["PBLOB","ApcContext","in"],
|
["LPVOID","ApcContext","in"],
|
||||||
["PBLOB","IoStatusBlock","inout"],
|
["PDWORD","IoStatusBlock","out"],
|
||||||
["DWORD","IoControlCode","in"],
|
["DWORD","IoControlCode","in"],
|
||||||
["PBLOB","InputBuffer","in"],
|
["LPVOID","InputBuffer","in"],
|
||||||
["DWORD","InputBufferLength","in"],
|
["DWORD","InputBufferLength","in"],
|
||||||
["PBLOB","OutputBuffer","inout"],
|
["LPVOID","OutputBuffer","in"],
|
||||||
["DWORD","OutputBufferLength","in"],
|
["DWORD","OutputBufferLength","in"],
|
||||||
])
|
])
|
||||||
|
|
||||||
|
@ -68,6 +77,11 @@ class Def_ntdll
|
||||||
["PDWORD","ReturnLength","inout"],
|
["PDWORD","ReturnLength","inout"],
|
||||||
])
|
])
|
||||||
|
|
||||||
|
dll.add_function('NtQueryIntervalProfile', 'DWORD',[
|
||||||
|
["DWORD","ProfileSource","in"],
|
||||||
|
["PDWORD","Interval","out"],
|
||||||
|
])
|
||||||
|
|
||||||
dll.add_function('NtQuerySystemInformation', 'DWORD',[
|
dll.add_function('NtQuerySystemInformation', 'DWORD',[
|
||||||
["DWORD","SystemInformationClass","in"],
|
["DWORD","SystemInformationClass","in"],
|
||||||
["PBLOB","SystemInformation","inout"],
|
["PBLOB","SystemInformation","inout"],
|
||||||
|
|
Loading…
Reference in New Issue