From caf07116db145e7fc1562dbd71cf3b8f407889c2 Mon Sep 17 00:00:00 2001 From: Wei Chen Date: Thu, 10 May 2018 00:33:01 -0500 Subject: [PATCH 1/9] Add compiler support capable of including headers. This is basically a wrapper for metasm, but supports built-in headers so that as an user, I don't have manually do this every time I compile something with metasm. --- data/headers/win32/Windows.h | 533 ++++++++++++++++++ data/headers/win32/stddef.h | 119 ++++ .../framework/compiler/headers/base.rb | 44 ++ .../framework/compiler/headers/win32.rb | 28 + lib/metasploit/framework/compiler/utils.rb | 26 + lib/metasploit/framework/compiler/win32.rb | 49 ++ 6 files changed, 799 insertions(+) create mode 100644 data/headers/win32/Windows.h create mode 100644 data/headers/win32/stddef.h create mode 100644 lib/metasploit/framework/compiler/headers/base.rb create mode 100644 lib/metasploit/framework/compiler/headers/win32.rb create mode 100644 lib/metasploit/framework/compiler/utils.rb create mode 100644 lib/metasploit/framework/compiler/win32.rb diff --git a/data/headers/win32/Windows.h b/data/headers/win32/Windows.h new file mode 100644 index 0000000000..9bf930c6d7 --- /dev/null +++ b/data/headers/win32/Windows.h @@ -0,0 +1,533 @@ +#define MAX_PATH 260 +#define MEM_COMMIT 0x00001000 +#define MEM_RESERVE 0x00002000 +#define MEM_RESET 0x00080000 +#define MEM_RESET_UNDO 0x1000000 +#define MEM_LARGE_PAGES 0x20000000 +#define MEM_PHYSICAL 0x00400000 +#define MEM_TOP_DOWN 0x00100000 +#define MEM_WRITE_WATCH 0x00200000 +#define PAGE_EXECUTE_READWRITE 0x00000040 +#define HEAP_GENERATE_EXCEPTIONS 0x00000004 +#define HEAP_NO_SERIALIZE 0x00000001 +#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 +#define HEAP_ZERO_MEMORY 0x00000008 +#define STARTF_FORCEONFEEDBACK 0x00000040 +#define STARTF_FORCEOFFFEEDBACK 0x00000080 +#define STARTF_PREVENTPINNING 0x00002000 +#define STARTF_RUNFULLSCREEN 0x00000020 +#define STARTF_TITLEISAPPID 0x00001000 +#define STARTF_TITLEISLINKNAME 0x00000800 +#define STARTF_USECOUNTCHARS 0x00000008 +#define STARTF_USEFILLATTRIBUTE 0x00000010 +#define STARTF_USEHOTKEY 0x00000200 +#define STARTF_USEPOSITION 0x00000004 +#define STARTF_USESHOWWINDOW 0x00000001 +#define STARTF_USESIZE 0x00000002 +#define STARTF_USESTDHANDLES 0x00000100 +#define GW_CHILD 5 +#define GW_ENABLEDPOPUP 6 +#define GW_HWNDFIRST 0 +#define GW_HWNDLAST 1 +#define GW_HWNDNEXT 2 +#define GW_OWNER 4 +#define MB_ABORTRETRYIGNORE 0x00000002L +#define MB_CANCELTRYCONTINUE 0x00000006L +#define MB_HELP 0x00004000L +#define MB_OK 0x00000000L +#define MB_OKCANCEL 0x00000001L +#define MB_RETRYCANCEL 0x00000005L +#define MB_YESNO 0x00000004L +#define MB_YESNOCANCEL 0x00000003L +#define MB_ICONEXCLAMATION 0x00000030L +#define MB_ICONWARNING 0x00000030L +#define MB_ICONINFORMATION 0x00000040L +#define MB_ICONASTERISK 0x00000040L +#define MB_ICONQUESTION 0x00000020L +#define MB_ICONSTOP 0x00000010L +#define MB_ICONERROR 0x00000010L +#define MB_ICONHAND 0x00000010L +#define MB_DEFBUTTON1 0x00000000L +#define MB_DEFBUTTON2 0x00000100L +#define MB_DEFBUTTON3 0x00000200L +#define MB_DEFBUTTON4 0x00000300L +#define MB_APPLMODAL 0x00000000L +#define MB_SYSTEMMODAL 0x00001000L +#define MB_TASKMODAL 0x00002000L +#define MB_DEFAULT_DESKTOP_ONLY 0x00020000L +#define MB_RIGHT 0x00080000L +#define MB_RTLREADING 0x00100000L +#define MB_SETFOREGROUND 0x00010000L +#define MB_TOPMOST 0x00040000L +#define MB_SERVICE_NOTIFICATION 0x00200000L +#define IDABORT 3 +#define IDCANCEL 2 +#define IDCONTINUE 11 +#define IDIGNORE 5 +#define IDNO 7 +#define IDOK 1 +#define IDRETRY 4 +#define IDTRYAGAIN 10 +#define IDYES 6 +#define HEAP_CREATE_ENABLE_EXECUTE 0x00040000 +#define SC_MANAGER_ALL_ACCESS 0xf003f +#define SC_MANAGER_CONNECT 1 +#define SC_MANAGER_CREATE_SERVICE 2 +#define SC_MANAGER_ENUMERATE_SERVICE 4 +#define SC_MANAGER_LOCK 8 +#define SC_MANAGER_QUERY_LOCK_STATUS 16 +#define SC_MANAGER_MODIFY_BOOT_CONFIG 32 +#define SERVICE_NO_CHANGE (-1) +#define SERVICE_STOPPED 1 +#define SERVICE_START_PENDING 2 +#define SERVICE_STOP_PENDING 3 +#define SERVICE_RUNNING 4 +#define SERVICE_CONTINUE_PENDING 5 +#define SERVICE_PAUSE_PENDING 6 +#define SERVICE_PAUSED 7 +#define SERVICE_ACCEPT_STOP 1 +#define SERVICE_ACCEPT_PAUSE_CONTINUE 2 +#define SERVICE_ACCEPT_SHUTDOWN 4 +#define SERVICE_CONTROL_STOP 1 +#define SERVICE_CONTROL_PAUSE 2 +#define SERVICE_CONTROL_CONTINUE 3 +#define SERVICE_CONTROL_INTERROGATE 4 +#define SERVICE_CONTROL_SHUTDOWN 5 +#define SERVICE_ACTIVE 1 +#define SERVICE_INACTIVE 2 +#define SERVICE_STATE_ALL 3 +#define SERVICE_QUERY_CONFIG 1 +#define SERVICE_CHANGE_CONFIG 2 +#define SERVICE_QUERY_STATUS 4 +#define SERVICE_ENUMERATE_DEPENDENTS 8 +#define SERVICE_START 16 +#define SERVICE_STOP 32 +#define SERVICE_PAUSE_CONTINUE 64 +#define SERVICE_INTERROGATE 128 +#define SERVICE_USER_DEFINED_CONTROL 256 +#define SERVICE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SERVICE_QUERY_CONFIG|SERVICE_CHANGE_CONFIG|SERVICE_QUERY_STATUS|SERVICE_ENUMERATE_DEPENDENTS|SERVICE_START|SERVICE_STOP|SERVICE_PAUSE_CONTINUE|SERVICE_INTERROGATE|SERVICE_USER_DEFINED_CONTROL) +#define GHND 0x0042 +#define GMEM_FIXED 0x0000 +#define GMEM_MOVEABLE 0x0002 +#define GMEM_ZEROINIT 0x0040 +#define GPTR 0x0040 +#define WH_CALLWNDPROC 4 +#define WH_CALLWNDPROCRET 12 +#define WH_CBT 5 +#define WH_DEBUG 9 +#define WH_FOREGROUNDIDLE 11 +#define WH_GETMESSAGE 3 +#define WH_JOURNALPLAYBACK 1 +#define WH_JOURNALRECORD 0 +#define WH_KEYBOARD 2 +#define WH_KEYBOARD_LL 13 +#define WH_MOUSE 7 +#define WH_MOUSE_LL 14 +#define WH_MSGFILTER -1 +#define WH_SHELL 10 +#define WH_SYSMSGFILTER 6 +#define GENERIC_READ 0x80000000 +#define GENERIC_WRITE 0x40000000 +#define GENERIC_EXECUTE 0x20000000 +#define GENERIC_ALL 0x10000000 +#define FILE_SHARE_READ 0x00000001 +#define FILE_SHARE_WRITE 0x00000002 +#define FILE_SHARE_DELETE 0x00000004 +#define CREATE_NEW 1 +#define CREATE_ALWAYS 2 +#define OPEN_EXISTING 3 +#define OPEN_ALWAYS 4 +#define TRUNCATE_EXISTING 5 +#define FILE_ATTRIBUTE_READONLY 0x00000001 +#define FILE_ATTRIBUTE_NORMAL 0x00000080 +#define FILE_ATTRIBUTE_TEMPORARY 0x00000100 +#define FILE_FLAG_WRITE_THROUGH 0x80000000 +#define FILE_FLAG_NO_BUFFERING 0x20000000 +#define FILE_FLAG_RANDOM_ACCESS 0x10000000 +#define FILE_FLAG_SEQUENTIAL_SCAN 0x08000000 +#define FILE_FLAG_DELETE_ON_CLOSE 0x04000000 +#define FILE_FLAG_OVERLAPPED 0x40000000 +#define FILE_ATTRIBUTE_HIDDEN 0x00000002 +#define FILE_ATTRIBUTE_SYSTEM 0x00000004 +#define FILE_ATTRIBUTE_DIRECTORY 0x00000010 +#define FILE_ATTRIBUTE_ARCHIVE 0x00000020 +#define FILE_ATTRIBUTE_DEVICE 0x00000040 +#define ERROR_FILE_NOT_FOUND 2L +#define ERROR_NO_MORE_FILES 18L +#define INVALID_HANDLE_VALUE ((HANDLE) -1) +#define INVALID_FILE_SIZE ((DWORD)0xFFFFFFFF) +#define FILE_NAME_NORMALIZED 0x0 +#define FILE_NAME_OPENED 0x8 +#define VOLUME_NAME_DOS 0x0 +#define VOLUME_NAME_GUID 0x1 +#define VOLUME_NAME_NONE 0x4 +#define VOLUME_NAME_NT 0x2 +#define SERVICE_FILE_SYSTEM_DRIVER 0x00000002 +#define SERVICE_KERNEL_DRIVER 0x00000001 +#define SERVICE_WIN32_OWN_PROCESS 0x00000010 +#define SERVICE_WIN32_SHARE_PROCESS 0x00000020 +#define SERVICE_USER_OWN_PROCESS 0x00000050 +#define SERVICE_USER_SHARE_PROCESS 0x00000060 +#define SERVICE_INTERACTIVE_PROCESS 0x00000100 +#define SERVICE_CONTINUE_PENDING 0x00000005 +#define SERVICE_PAUSE_PENDING 0x00000006 +#define SERVICE_PAUSED 0x00000007 +#define SERVICE_RUNNING 0x00000004 +#define SERVICE_START_PENDING 0x00000002 +#define SERVICE_STOP_PENDING 0x00000003 +#define SERVICE_STOPPED 0x00000001 +#define SERVICE_AUTO_START 0x00000002 +#define SERVICE_BOOT_START 0x00000000 +#define SERVICE_DEMAND_START 0x00000003 +#define SERVICE_DISABLED 0x00000004 +#define SERVICE_SYSTEM_START 0x00000001 +#define SERVICE_ERROR_CRITICAL 0x00000003 +#define SERVICE_ERROR_IGNORE 0x00000000 +#define SERVICE_ERROR_NORMAL 0x00000001 +#define SERVICE_ERROR_SEVERE 0x00000002 +#define SERVICE_DRIVER 0x0000000B +#define SERVICE_FILE_SYSTEM_DRIVER 0x00000002 +#define SERVICE_KERNEL_DRIVER 0x00000001 +#define SERVICE_WIN32 0x00000030 +#define SERVICE_WIN32_OWN_PROCESS 0x00000010 +#define SERVICE_WIN32_SHARE_PROCESS 0x00000020 + +typedef struct _SECURITY_ATTRIBUTES { + DWORD nLength; + LPVOID lpSecurityDescriptor; + BOOL bInheritHandle; +} SECURITY_ATTRIBUTES , *LPSECURITY_ATTRIBUTES; + +typedef struct _LPTHREAD_START_ROUTINE { + LPVOID lpThreadParameter; +} LPTHREAD_START_ROUTINE, *LPTHREAD_START_ROUTINE; + +typedef struct _STARTUPINFO { + DWORD cb; + LPTSTR lpReserved; + LPTSTR lpDesktop; + LPTSTR lpTitle; + DWORD dwX; + DWORD dwY; + DWORD dwXSize; + DWORD dwYSize; + DWORD dwXCountChars; + DWORD dwYCountChars; + DWORD dwFillAttribute; + DWORD dwFlags; + WORD wShowWindow; + WORD cbReserved2; + LPBYTE lpReserved2; + HANDLE hStdInput; + HANDLE hStdOutput; + HANDLE hStdError; +} STARTUPINFO, *LPSTARTUPINFO; + +typedef struct _PROCESS_INFORMATION { + HANDLE hProcess; + HANDLE hThread; + DWORD dwProcessId; + DWORD dwThreadId; +} PROCESS_INFORMATION, *LPPROCESS_INFORMATION; + +typedef struct _OVERLAPPED { + ULONG_PTR Internal; + ULONG_PTR InternalHigh; + union { + struct { + DWORD Offset; + DWORD OffsetHigh; + }; + PVOID Pointer; + }; + HANDLE hEvent; +} OVERLAPPED, *LPOVERLAPPED; + +typedef DWORD SERVICE_STATUS_HANDLE; + +typedef enum _SC_ENUM_TYPE { + SC_ENUM_PROCESS_INFO = 0 +} SC_ENUM_TYPE; + +typedef enum _HEAP_INFORMATION_CLASS { + HeapCompatibilityInformation = 0, + HeapEnableTerminationOnCorruption = 1 +} HEAP_INFORMATION_CLASS; + +typedef struct _FILETIME { + DWORD dwLowDateTime; + DWORD dwHighDateTime; +} FILETIME, *PFILETIME; + +typedef struct _WIN32_FIND_DATA { + DWORD dwFileAttributes; + FILETIME ftCreationTime; + FILETIME ftLastAccessTime; + FILETIME ftLastWriteTime; + DWORD nFileSizeHigh; + DWORD nFileSizeLow; + DWORD dwReserved0; + DWORD dwReserved1; + TCHAR cFileName[MAX_PATH]; + TCHAR cAlternateFileName[14]; +} WIN32_FIND_DATA, *PWIN32_FIND_DATA, *LPWIN32_FIND_DATA; + +typedef struct tagPOINT { + LONG x; + LONG y; +} POINT, *PPOINT; + +typedef struct tagMSG { + HWND hwnd; + UINT message; + WPARAM wParam; + LPARAM lParam; + DWORD time; + POINT pt; +} MSG, *PMSG, *LPMSG; + +typedef struct _BY_HANDLE_FILE_INFORMATION { + DWORD dwFileAttributes; + FILETIME ftCreationTime; + FILETIME ftLastAccessTime; + FILETIME ftLastWriteTime; + DWORD dwVolumeSerialNumber; + DWORD nFileSizeHigh; + DWORD nFileSizeLow; + DWORD nNumberOfLinks; + DWORD nFileIndexHigh; + DWORD nFileIndexLow; +} BY_HANDLE_FILE_INFORMATION, *PBY_HANDLE_FILE_INFORMATION, *LPBY_HANDLE_FILE_INFORMATION; + +typedef struct _SERVICE_STATUS { + DWORD dwServiceType; + DWORD dwCurrentState; + DWORD dwControlsAccepted; + DWORD dwWin32ExitCode; + DWORD dwServiceSpecificExitCode; + DWORD dwCheckPoint; + DWORD dwWaitHint; +} SERVICE_STATUS, *LPSERVICE_STATUS; + +typedef struct _ENUM_SERVICE_STATUS { + LPTSTR lpServiceName; + LPTSTR lpDisplayName; + SERVICE_STATUS ServiceStatus; +} ENUM_SERVICE_STATUS, *LPENUM_SERVICE_STATUS; + +typedef VOID (CALLBACK *LPOVERLAPPED_COMPLETION_ROUTINE)(DWORD,DWORD,LPOVERLAPPED); + +typedef enum _PROCESSINFOCLASS { + ProcessBasicInformation = 0, + ProcessQuotaLimits = 1, + ProcessIoCounters = 2, + ProcessVmCounters = 3, + ProcessTimes = 4, + ProcessBasePriority = 5, + ProcessRaisePriority = 6, + ProcessDebugPort = 7, + ProcessExceptionPort = 8, + ProcessAccessToken = 9, + ProcessLdtInformation = 10, + ProcessLdtSize = 11, + ProcessDefaultHardErrorMode = 12, + ProcessIoPortHandlers = 13, + ProcessPooledUsageAndLimits = 14, + ProcessWorkingSetWatch = 15, + ProcessUserModeIOPL = 16, + ProcessEnableAlignmentFaultFixup = 17, + ProcessPriorityClass = 18, + ProcessWx86Information = 19, + ProcessHandleCount = 20, + ProcessAffinityMask = 21, + ProcessPriorityBoost = 22, + ProcessDeviceMap = 23, + ProcessSessionInformation = 24, + ProcessForegroundInformation = 25, + ProcessWow64Information = 26, + ProcessImageFileName = 27, + ProcessLUIDDeviceMapsEnabled = 28, + ProcessBreakOnTermination = 29, + ProcessDebugObjectHandle = 30, + ProcessDebugFlags = 31, + ProcessHandleTracing = 32, + ProcessIoPriority = 33, + ProcessExecuteFlags = 34, + ProcessTlsInformation = 35, + ProcessCookie = 36, + ProcessImageInformation = 37, + ProcessCycleTime = 38, + ProcessPagePriority = 39, + ProcessInstrumentationCallback = 40, + ProcessThreadStackAllocation = 41, + ProcessWorkingSetWatchEx = 42, + ProcessImageFileNameWin32 = 43, + ProcessImageFileMapping = 44, + ProcessAffinityUpdateMode = 45, + ProcessMemoryAllocationMode = 46, + ProcessGroupInformation = 47, + ProcessTokenVirtualizationEnabled = 48, + ProcessOwnerInformation = 49, + ProcessWindowInformation = 50, + ProcessHandleInformation = 51, + ProcessMitigationPolicy = 52, + ProcessDynamicFunctionTableInformation = 53, + ProcessHandleCheckingMode = 54, + ProcessKeepAliveCount = 55, + ProcessRevokeFileHandles = 56, + ProcessWorkingSetControl = 57, + ProcessHandleTable = 58, + ProcessCheckStackExtentsMode = 59, + ProcessCommandLineInformation = 60, + ProcessProtectionInformation = 61, + ProcessMemoryExhaustion = 62, + ProcessFaultInformation = 63, + ProcessTelemetryIdInformation = 64, + ProcessCommitReleaseInformation = 65, + ProcessReserved1Information = 66, + ProcessReserved2Information = 67, + ProcessSubsystemProcess = 68, + ProcessInPrivate = 70, + ProcessRaiseUMExceptionOnInvalidHandleClose = 71, + MaxProcessInfoClass +} PROCESSINFOCLASS; + +typedef enum _FINDEX_INFO_LEVELS { + FindExInfoStandard, + FindExInfoBasic, + FindExInfoMaxInfoLevel +} FINDEX_INFO_LEVELS; + +typedef enum _FINDEX_SEARCH_OPS { + FindExSearchNameMatch, + FindExSearchLimitToDirectories, + FindExSearchLimitToDevices +} FINDEX_SEARCH_OPS; + +WORD MAKEWORD( + BYTE bLow, + BYTE bHigh +); + +WINAPI void OutputDebugString __attribute__((dllimport))(LPCTSTR); +WINAPI HGLOBAL GlobalAlloc __attribute__((dllimport))(UINT, size_t); +WINAPI LPVOID GlobalLock __attribute__((dllimport))(HGLOBAL); +WINAPI BOOL GlobalUnlock __attribute__((dllimport))(HGLOBAL); +WINAPI HGLOBAL GlobalReAlloc __attribute__((dllimport))(HGLOBAL, size_t, UINT); +WINAPI HGLOBAL GlobalFree __attribute__((dllimport))(HGLOBAL); +WINAPI DWORD GetLastError __attribute__((dllimport))(void); +WINAPI LPVOID VirtualAlloc __attribute__((dllimport))(LPVOID, size_t, DWORD, DWORD); +WINAPI LPVOID VirtualAllocEx __attribute__((dllimport))(HANDLE, LPVOID, size_t, DWORD, DWORD); +WINAPI BOOL VirtualProtect __attribute__((dllimport))(LPVOID, size_t, DWORD, PDWORD); +WINAPI BOOL VirtualProtectEx __attribute__((dllimport))(HANDLE, LPVOID, size_t, DWORD, PDWORD); +WINAPI HANDLE GetProcessHeap __attribute__((dllimport))(void); +WINAPI DWORD GetProcessHeaps __attribute__((dllimport))(DWORD, PHANDLE); +WINAPI HANDLE HeapCreate __attribute__((dllimport))(DWORD, size_t, size_t); +WINAPI LPVOID HeapAlloc __attribute__((dllimport))(HANDLE, DWORD, size_t); +WINAPI size_t HeapSize __attribute__((dllimport))(HANDLE, DWORD, LPCVOID); +WINAPI LPVOID HeapreAlloc __attribute__((dllimport))(HANDLE, DWORD, LPVOID, size_t); +WINAPI BOOL HeapFree __attribute__((dllimport))(HANDLE, DWORD, LPVOID); +WINAPI BOOL HeapQueryInformation __attribute__((dllimport))(HANDLE, HEAP_INFORMATION_CLASS, PVOID, size_t, PSIZE_T); +WINAPI BOOL HeapSetInformation __attribute__((dllimport))(HANDLE, HEAP_INFORMATION_CLASS, PVOID, size_t); +WINAPI BOOL VirtualFreeEx __attribute__((dllimport))(HANDLE, LPVOID, size_t, DWORD); +WINAPI void MoveMemory __attribute__((dllimport))(PVOID, void*, size_t); +WINAPI BOOL WriteProcessMemory __attribute__((dllimport))(HANDLE, LPVOID, LPCVOID, size_t, size_t*); +WINAPI BOOL ReadProcessMemory __attribute__((dllimport))(HANDLE, LPCVOID, LPVOID, size_t, size_t*); +WINAPI HANDLE CreateThread __attribute__((dllimport))(LPSECURITY_ATTRIBUTES, size_t, LPTHREAD_START_ROUTINE, LPVOID, DWORD, LPDWORD ); +WINAPI HANDLE CreateRemoteThread __attribute__((dllimport))(HANDLE, LPSECURITY_ATTRIBUTES, size_t, LPTHREAD_START_ROUTINE, LPVOID, DWORD, LPDWORD ); +WINAPI void ZeroMemory __attribute__((dllimport))(PVOID, size_t); +WINAPI DWORD GetProcessId __attribute__((dllimport))(HANDLE); +WINAPI BOOL CreateProcess __attribute__((dllimport))(LPCTSTR, LPTSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCTSTR, LPSTARTUPINFO, LPPROCESS_INFORMATION); +WINAPI BOOL CreateProcessAsUser __attribute__((dllimport))(HANDLE, LPCTSTR, LPTSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCTSTR, LPSTARTUPINFO, LPPROCESS_INFORMATION); +WINAPI HANDLE OpenProcess __attribute__((dllimport))(DWORD, BOOL, DWORD); +WINAPI void ExitProcess __attribute__((dllimport))(UINT); +WINAPI BOOL TerminateProcess __attribute__((dllimport))(UINT); +WINAPI DWORD GetTickCount __attribute__((dllimport))(void); +WINAPI void Sleep __attribute__((dllimport))(DWORD); +WINAPI UINT WinExec __attribute__((dllimport))(LPCSTR, UINT); +WINAPI DWORD WaitForSingleObject __attribute__((dllimport))(HANDLE, DWORD); +WINAPI FARPROC GetProcAddress __attribute__((dllimport))(HMODULE, LPCSTR); +WINAPI HMODULE LoadLibrary __attribute__((dllimport))(LPCTSTR); +WINAPI HMODULE GetModuleHandle __attribute__((dllimport))(LPCTSTR); +WINAPI HANDLE CreateFile __attribute__((dllimport))(LPCTSTR, DWORD, DWORD, LPSECURITY_ATTRIBUTES, DWORD, DWORD, HANDLE); +WINAPI BOOL GetFileInformationByHandle __attribute__((dllimport))(HANDLE, LPBY_HANDLE_FILE_INFORMATION); +WINAPI DWORD GetFullPathName __attribute__((dllimport))(LPCTSTR, DWORD, LPTSTR, LPTSTR*); +WINAPI DWORD GetFileType __attribute__((dllimport))(HANDLE); +WINAPI BOOL MoveFile __attribute__((dllimport))(LPCTSTR, LPCTSTR); +WINAPI BOOL DeleteFile __attribute__((dllimport))(LPCTSTR); +WINAPI BOOL CopyFile __attribute__((dllimport))(LPCTSTR, LPCTSTR, BOOL); +WINAPI BOOL WriteFile __attribute__((dllimport))(HANDLE, LPCVOID, DWORD, LPDWORD, LPOVERLAPPED); +WINAPI BOOL ReadFile __attribute__((dllimport))(HANDLE, LPVOID, DWORD, LPDWORD, LPOVERLAPPED); +WINAPI BOOL ReadFileEx __attribute__((dllimport))(HANDLE, LPVOID, LPOVERLAPPED, LPOVERLAPPED_COMPLETION_ROUTINE); +WINAPI DWORD GetFileSize __attribute__((dllimport))(HANDLE, LPDWORD); +WINAPI DWORD GetTempPath __attribute__((dllimport))(DWORD, LPTSTR); +WINAPI UINT GetTempFileName __attribute__((dllimport))(LPCTSTR, LPCTSTR, UINT, LPTSTR); +WINAPI DWORD GetShortPathName __attribute__((dllimport))(LPCTSTR, LPTSTR, DWORD); +WINAPI DWORD GetLongPathName __attribute__((dllimport))(LPCTSTR, LPTSTR, DWORD); +WINAPI INT GetExpandedName __attribute__((dllimport))(LPTSTR, LPTSTR); +WINAPI DWORD GetFinalPathNameByHandle __attribute__((dllimport))(HANDLE, LPTSTR, DWORD, DWORD); +WINAPI BOOL LockFile __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, DWORD); +WINAPI BOOL UnlockFile __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, DWORD); +WINAPI BOOL UnlockFileEx __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, LPOVERLAPPED); +WINAPI BOOL FreeLibrary __attribute__((dllimport))(HMODULE); +WINAPI DWORD GetModuleFileName __attribute__((dllimport))(HMODULE, LPTSTR, DWORD); +WINAPI BOOL CloseHandle __attribute__((dllimport))(HANDLE); +WINAPI void DebugBreak __attribute__((dllimport))(void); +WINAPI HWND FindWindow __attribute__((dllimport))(LPCTSTR, LPCTSTR); +WINAPI HWND FindWindowEx __attribute__((dllimport))(HWND, HWND, LPCTSTR, LPCTSTR); +WINAPI HWND GetWindow __attribute__((dllimport))(HWND, UINT); +WINAPI HWND GetForegroundWindow __attribute__((dllimport))(void); +WINAPI BOOL SetForegroundWindow __attribute__((dllimport))(HWND); +WINAPI HWND GetDesktopWindow __attribute__((dllimport))(void); +WINAPI HWND SetActiveWindow __attribute__((dllimport))(HWND); +WINAPI BOOL IsWindowEnabled __attribute__((dllimport))(HWND); +WINAPI HWND SetFocus __attribute__((dllimport))(HWND); +WINAPI BOOL MoveWindow __attribute__((dllimport))(HWND, int, int, int, int, BOOL); +WINAPI int MessageBox __attribute__((dllimport))(HWND, LPCTSTR, LPCTSTR, UINT); +WINAPI BOOL Beep __attribute__((dllimport))(DWORD, DWORD); +WINAPI BOOL CreateDirectory __attribute__((dllimport))(LPCTSTR, LPSECURITY_ATTRIBUTES); +WINAPI HANDLE CreateFileMapping __attribute__((dllimport))(HANDLE, LPSECURITY_ATTRIBUTES, DWORD, DWORD, DWORD, LPCTSTR); +WINAPI LPVOID MapViewOfFile __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, size_t); +WINAPI LPVOID MapViewOfFileEx __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, size_t, LPVOID); +WINAPI BOOL FindClose __attribute__((dllimport))(HANDLE); +WINAPI HANDLE FindFirstFile __attribute__((dllimport))(LPCTSTR, LPWIN32_FIND_DATA); +WINAPI HANDLE FindFirstFileEx __attribute__((dllimport))(LPCTSTR, FINDEX_INFO_LEVELS, LPVOID, FINDEX_SEARCH_OPS, LPVOID, DWORD); +WINAPI BOOL FindNextFile __attribute__((dllimport))(HANDLE, LPWIN32_FIND_DATA); +WINAPI HANDLE GetCurrentProcess __attribute__((dllimport))(void); +WINAPI HANDLE GetCurrentThread __attribute__((dllimport))(void); +WINAPI LRESULT CallNextHookEx __attribute__((dllimport))(HHOOK, int, WPARAM, LPARAM); +WINAPI BOOL GetMessage __attribute__((dllimport))(LPMSG, HWND, UINT, UINT); +WINAPI BOOL PostMessage __attribute__((dllimport))(HWND, UINT, WPARAM, LPARAM); +WINAPI LRESULT SendMessage __attribute__((dllimport))(HWND, UINT, WPARAM, LPARAM); +WINAPI SC_HANDLE OpenSCManager __attribute__((dllimport))(LPCTSTR, LPCTSTR, DWORD); +WINAPI BOOL StartService __attribute__((dllimport))(SC_HANDLE, DWORD, LPCTSTR*); +WINAPI BOOL SetServiceStatus __attribute__((dllimport))(SERVICE_STATUS_HANDLE, LPSERVICE_STATUS); +WINAPI SC_HANDLE CreateService __attribute__((dllimport))(SC_HANDLE, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD, DWORD, LPCTSTR, LPCTSTR, LPDWORD, LPCTSTR, LPCTSTR, LPCTSTR); +WINAPI SC_HANDLE OpenService __attribute__((dllimport))(SC_HANDLE, LPCTSTR, DWORD); +WINAPI BOOL ChangeServiceConfig __attribute__((dllimport))(SC_HANDLE, DWORD, DWORD, DWORD, LPCTSTR, LPCTSTR, LPDWORD, LPCTSTR, LPCTSTR, LPCTSTR, LPCTSTR); +WINAPI BOOL DeleteService __attribute__((dllimport))(SC_HANDLE); +WINAPI BOOL EnumServicesStatus __attribute__((dllimport))(SC_HANDLE, DWORD, DWORD, LPENUM_SERVICE_STATUS, DWORD, LPDWORD, LPDWORD, LPDWORD); +WINAPI BOOL EnumServicesStatusEx __attribute__((dllimport))(SC_HANDLE, SC_ENUM_TYPE, DWORD, DWORD, LPBYTE, DWORD, LPDWORD, LPDWORD, LPDWORD, LPCTSTR); +WINAPI BOOL CloseServiceHandle __attribute__((dllimport))(SC_HANDLE); +WINAPI BOOL ControlService __attribute__((dllimport))(SC_HANDLE, DWORD, LPSERVICE_STATUS); +WINAPI BOOL GetServiceDisplayName __attribute__((dllimport))(SC_HANDLE, LPCTSTR, LPTSTR, LPDWORD); +WINAPI BOOL GetServiceKeyName __attribute__((dllimport))(SC_HANDLE, LPCTSTR, LPTSTR, LPDWORD); +WINAPI BOOL QueryServiceStatus __attribute__((dllimport))(SC_HANDLE, LPSERVICE_STATUS); +WINAPI BOOL OpenClipboard __attribute__((dllimport))(HWND); +WINAPI HANDLE SetClipboardData __attribute__((dllimport))(UINT, HANDLE); +WINAPI HANDLE GetClipboardData __attribute__((dllimport))(UINT); +WINAPI BOOL EmptyClipboard __attribute__((dllimport))(void); +WINAPI BOOL CloseClipboard __attribute__((dllimport))(void); +WINAPI LONG RegSetValueEx __attribute__((dllimport))(HKEY, LPCTSTR, DWORD, DWORD, const BYTE*, DWORD); +WINAPI LONG RegOpenCurrentUser __attribute__((dllimport))(REGSAM, PHKEY); +WINAPI LONG RegDeleteValue __attribute__((dllimport))(HKEY, LPCTSTR); +WINAPI LONG RegOpenKey __attribute__((dllimport))(HKEY, LPCTSTR, PHKEY); +WINAPI LONG RegQueryValueEx __attribute__((dllimport))(HKEY, LPCTSTR, LPDWORD, LPDWORD, LPBYTE, LPDWORD); +WINAPI LONG RegCloseKey __attribute__((dllimport))(HKEY); +WINAPI LONG RegCreateKeyEx __attribute__((dllimport))(HKEY, LPCTSTR, DWORD, LPTSTR, DWORD, REGSAM, LPSECURITY_ATTRIBUTES, PHKEY, LPDWORD); +WINAPI HHOOK SetWindowHookEx __attribute__((dllimport))(int, HOOKPROC, HINSTANCE, DWORD); +WINAPI BOOL UnhookWindowsHookEx __attribute__((dllimport))(HHOOK); +WINAPI BOOL IsDebuggerPresent __attribute__((dllimport))(void); +WINAPI BOOL CheckRemoteDebuggerPresent __attribute__((dllimport))(HANDLE, PBOOL); +WINAPI NTSTATUS NtQueryInformationProcess __attribute__((dllimport))(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG); +WINAPI void SetLastError __attribute__((dllimport))(DWORD); \ No newline at end of file diff --git a/data/headers/win32/stddef.h b/data/headers/win32/stddef.h new file mode 100644 index 0000000000..0ac9447e9b --- /dev/null +++ b/data/headers/win32/stddef.h @@ -0,0 +1,119 @@ +#define NULL ((void *)0) +#define TRUE 1 +#define FALSE 0 +#define VOID void +#define _tWinMain WinMain +#define CALLBACK __stdcall +#define WINAPI __stdcall +#define APIENTRY WINAPI +#define BUFSIZ 512 +#define _INTERNAL_BUFSIZ 4096 +#define _SMALL_BUFSIZ 512 +#define _NSTREAM_ 512 +#define _IOB_ENTRIES 20 +#define RAND_MAX 0x7fff +#define EOF (-1) +#define SEEK_CUR 1 +#define SEEK_END 2 +#define SEEK_SET 0 +#define FILENAME_MAX 260 +#define FOPEN_MAX 20 +#define _SYS_OPEN 20 +#define _TMP_MAX_S 2147483647 +#define stdin (&__iob_func()[0]) +#define stdout (&__iob_func()[1]) +#define stderr (&__iob_func()[2]) +#define _IOREAD 0x0001 +#define _IOWRT 0x0002 +#define _IOFBF 0x0000 +#define _IOLBF 0x0040 +#define _IONBF 0x0004 +#define _IOMYBUF 0x0008 +#define _IOEOF 0x0010 +#define _IOERR 0x0020 +#define _IOSTRG 0x0040 +#define _IORW 0x0080 +#define _TWO_DIGIT_EXPONENT 0x1 +#define DLL_PROCESS_ATTACH 1 +#define DLL_PROCESS_DETACH 0 +#define DLL_THREAD_ATTACH 2 +#define DLL_THREAD_DETACH 3 + +typedef char CHAR; +typedef CHAR* PCHAR; +typedef const char* LPCTSTR; +typedef const char* LPCSTR; +typedef const CHAR* PCSTR; +typedef char* LPSTR; +typedef char* LPTSTR; +typedef CHAR* PSTR; +typedef unsigned char BYTE; +typedef unsigned short WORD; +typedef unsigned long DWORD; +typedef unsigned int DWORD32; +typedef WORD* LPWORD; +typedef long HRESULT; +typedef long LONG; +typedef float FLOAT; +typedef DWORD COLORREF; +typedef WORD ATOM; +typedef BYTE BOOLEAN; +typedef void* HANDLE; +typedef HANDLE SC_HANDLE; +typedef HANDLE HINSTANCE; +typedef HINSTANCE HMODULE; +typedef HANDLE HHOOK; +typedef HANDLE HCONV; +typedef HANDLE HCONFLIST; +typedef HANDLE HFONT; +typedef HANDLE HGLOBAL; +typedef HANDLE HICON; +typedef HANDLE HKEY; +typedef HANDLE HGLOBAL; +typedef HKEY* PHKEY; +typedef HANDLE HKL; +typedef unsigned char UCHAR; +typedef char TCHAR; +typedef char CCHAR; +typedef int INT; +typedef unsigned int UINT; +typedef unsigned int UINT_PTR; +typedef unsigned long ULONG; +typedef unsigned long ULONG_PTR; +typedef long* LPLONG; +typedef long LONG_PTR; +typedef unsigned short USHORT; +typedef unsigned short WORD; +typedef unsigned int size_t; +typedef size_t* PSIZE_T; +typedef DWORD* LPDWORD; +typedef DWORD* PDWORD; +typedef HANDLE* LPHANDLE; +typedef HANDLE* PHANDLE; +typedef unsigned short u_short; +typedef BYTE* LPBYTE; +typedef BYTE* PBYTE; +typedef void* PVOID; +typedef void* LPVOID; +typedef void* LPCVOID; +typedef ULONG_PTR DWORD_PTR; +typedef void* HWND; +typedef int BOOL; +typedef BOOL* PBOOL; +typedef LONG_PTR LRESULT; +typedef UINT_PTR WPARAM; +typedef LONG_PTR LPARAM; +typedef long NTSTATUS; +typedef ULONG* PULONG; +typedef ULONG REGSAM; +typedef LRESULT (CALLBACK* HOOKPROC)(int, WPARAM, LPARAM); +typedef __stdcall int (*FARPROC)(); +typedef struct _iobuf FILE; +typedef long fpos_t; + +typedef struct { + unsigned int gp_offset; + unsigned int fp_offset; + void *overflow_arg_area; + void *reg_save_area; +} va_list[1]; \ No newline at end of file diff --git a/lib/metasploit/framework/compiler/headers/base.rb b/lib/metasploit/framework/compiler/headers/base.rb new file mode 100644 index 0000000000..fd30264d5d --- /dev/null +++ b/lib/metasploit/framework/compiler/headers/base.rb @@ -0,0 +1,44 @@ +module Metasploit + module Framework + module Compiler + module Headers + class Base + + attr_accessor :loaded_dep + + # Initializes the Base class for headers. + def initialize + # This is used to avoid loading the same dependency code twice + @loaded_dep = [] + end + + # Returns the header source code. + # + # @param lib_name [String] The file name of the header. + # @return [String] + def include(lib_name) + lib = lib_dep_map[lib_name] + unless lib + raise RuntimeError, "#{lib_name} not found" + end + + # Load the dependencies first, and only once + dep = '' + lib.each do |f| + unless loaded_dep.include?(f) + dep_path = File.join(headers_path, f) + dep << File.read(dep_path) << "\n" + loaded_dep << f + end + end + + # Load the headers + lib_path = File.join(headers_path, lib_name) + "#{dep}#{File.read(lib_path)}" + end + + end + end + end + end +end \ No newline at end of file diff --git a/lib/metasploit/framework/compiler/headers/win32.rb b/lib/metasploit/framework/compiler/headers/win32.rb new file mode 100644 index 0000000000..0261e2f50f --- /dev/null +++ b/lib/metasploit/framework/compiler/headers/win32.rb @@ -0,0 +1,28 @@ + +require 'metasploit/framework/compiler/headers/base' + +module Metasploit + module Framework + module Compiler + module Headers + class Win32 < Base + + attr_accessor :lib_dep_map + attr_accessor :headers_path + + # Initializes the Win32 headers. + def initialize + super + @headers_path = File.join(Msf::Config.install_root, 'data', 'headers', 'win32') + @lib_dep_map = { + 'stddef.h' => [], + 'Windows.h' => ['stddef.h'] + } + end + + end + end + end + end +end + diff --git a/lib/metasploit/framework/compiler/utils.rb b/lib/metasploit/framework/compiler/utils.rb new file mode 100644 index 0000000000..b339754ed0 --- /dev/null +++ b/lib/metasploit/framework/compiler/utils.rb @@ -0,0 +1,26 @@ +module Metasploit + module Framework + module Compiler + module Utils + + # Returns the normalized C code (with headers). + # + # @param code [String] The C source code. + # @param headers [Metasploit::Framework::Compiler::Headers::Win32] + # @return [String] The normalized code. + def self.normalize_code(code, headers) + code = code.lines.map { |line| + if line =~ /^#include <(.+)>$/ + %Q|<%= headers.include('#{$1}') %>\n| + else + line + end + }.join + + ERB.new(code).result(binding) + end + + end + end + end +end \ No newline at end of file diff --git a/lib/metasploit/framework/compiler/win32.rb b/lib/metasploit/framework/compiler/win32.rb new file mode 100644 index 0000000000..d7563d3572 --- /dev/null +++ b/lib/metasploit/framework/compiler/win32.rb @@ -0,0 +1,49 @@ +require 'metasm' +require 'erb' +require 'metasploit/framework/compiler/utils' +require 'metasploit/framework/compiler/headers/win32' + +module Metasploit + module Framework + module Compiler + + class Win32 + + # Returns the binary of a compiled source. + # + # @param c_template [String] The C source code to compile. + # @param type [Symbol] PE type, either :exe or :dll + # @raise [NotImplementedError] If the type is not supported. + # @return [String] The compiled code. + def self.compile(c_template, type=:exe) + headers = Compiler::Headers::Win32.new + source_code = Compiler::Utils.normalize_code(c_template, headers) + + cpu = Metasm::Ia32.new + pe = Metasm::PE.compile_c(cpu, source_code) + + case type + when :exe + pe.encode + when :dll + pe.encode('dll') + else + raise NotImplementedError + end + end + + # Saves the compiled code as a file. This is basically a wrapper of #self.compile. + # + # @param out_file [String] The file path to save the binary as. + # @param c_template [String] The C source code to compile. + # @param type [Symbol] PE type, either :exe or :dll + # @return [Integer] The number of bytes written. + def self.compile_as(out_file, c_template, type=:exe) + pe = self.compile(c_template, type) + File.write(out_file, pe) + end + end + + end + end +end \ No newline at end of file From d3f50f421df814f9f44ff71ad610b32e9fe5828e Mon Sep 17 00:00:00 2001 From: Wei Chen Date: Thu, 10 May 2018 22:39:49 -0500 Subject: [PATCH 2/9] Update regex --- lib/metasploit/framework/compiler/utils.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/metasploit/framework/compiler/utils.rb b/lib/metasploit/framework/compiler/utils.rb index b339754ed0..27c912b2dd 100644 --- a/lib/metasploit/framework/compiler/utils.rb +++ b/lib/metasploit/framework/compiler/utils.rb @@ -10,7 +10,7 @@ module Metasploit # @return [String] The normalized code. def self.normalize_code(code, headers) code = code.lines.map { |line| - if line =~ /^#include <(.+)>$/ + if line =~ /^#include <([[:print:]]+)>$/ %Q|<%= headers.include('#{$1}') %>\n| else line From 2a7d0ddfd136955478778444adeb1d18a88c995f Mon Sep 17 00:00:00 2001 From: Wei Chen Date: Thu, 10 May 2018 22:45:36 -0500 Subject: [PATCH 3/9] Add rspec --- .../framework/compiler/win32_spec.rb | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 spec/lib/metasploit/framework/compiler/win32_spec.rb diff --git a/spec/lib/metasploit/framework/compiler/win32_spec.rb b/spec/lib/metasploit/framework/compiler/win32_spec.rb new file mode 100644 index 0000000000..ae995d7307 --- /dev/null +++ b/spec/lib/metasploit/framework/compiler/win32_spec.rb @@ -0,0 +1,22 @@ +require 'spec_helper' +require 'metasploit/framework/compiler/win32' + +RSpec.describe Metasploit::Framework::Compiler::Win32 do + describe '#self.compile' do + let(:c_template) { + %Q|#include + + int main(void) { + MessageBox(NULL, "Hello World", "Test", MB_OK); + return 0; + } + | + } + + it 'returns an EXE binary' do + bin = Metasploit::Framework::Compiler::Win32.compile(c_template) + magic = bin[0, 2] + expect(magic).to eq('MZ') + end + end +end \ No newline at end of file From 82c8138de02ac239155c606c251b5a2735a0b344 Mon Sep 17 00:00:00 2001 From: Wei Chen Date: Fri, 11 May 2018 10:08:16 -0500 Subject: [PATCH 4/9] Update naming and license --- data/headers/win32/Windows.h | 5 +++++ data/headers/win32/stddef.h | 5 +++++ lib/metasploit/framework/compiler/win32.rb | 4 ++-- spec/lib/metasploit/framework/compiler/win32_spec.rb | 4 ++-- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/data/headers/win32/Windows.h b/data/headers/win32/Windows.h index 9bf930c6d7..44809520a7 100644 --- a/data/headers/win32/Windows.h +++ b/data/headers/win32/Windows.h @@ -1,3 +1,8 @@ +// +// License: +// https://github.com/rapid7/metasploit-framework/blob/master/LICENSE +// + #define MAX_PATH 260 #define MEM_COMMIT 0x00001000 #define MEM_RESERVE 0x00002000 diff --git a/data/headers/win32/stddef.h b/data/headers/win32/stddef.h index 0ac9447e9b..32c7ddd51c 100644 --- a/data/headers/win32/stddef.h +++ b/data/headers/win32/stddef.h @@ -1,3 +1,8 @@ +// +// License: +// https://github.com/rapid7/metasploit-framework/blob/master/LICENSE +// + #define NULL ((void *)0) #define TRUE 1 #define FALSE 0 diff --git a/lib/metasploit/framework/compiler/win32.rb b/lib/metasploit/framework/compiler/win32.rb index d7563d3572..521326acf6 100644 --- a/lib/metasploit/framework/compiler/win32.rb +++ b/lib/metasploit/framework/compiler/win32.rb @@ -15,7 +15,7 @@ module Metasploit # @param type [Symbol] PE type, either :exe or :dll # @raise [NotImplementedError] If the type is not supported. # @return [String] The compiled code. - def self.compile(c_template, type=:exe) + def self.compile_c(c_template, type=:exe) headers = Compiler::Headers::Win32.new source_code = Compiler::Utils.normalize_code(c_template, headers) @@ -38,7 +38,7 @@ module Metasploit # @param c_template [String] The C source code to compile. # @param type [Symbol] PE type, either :exe or :dll # @return [Integer] The number of bytes written. - def self.compile_as(out_file, c_template, type=:exe) + def self.compile_c_to_file(out_file, c_template, type=:exe) pe = self.compile(c_template, type) File.write(out_file, pe) end diff --git a/spec/lib/metasploit/framework/compiler/win32_spec.rb b/spec/lib/metasploit/framework/compiler/win32_spec.rb index ae995d7307..083a93fa04 100644 --- a/spec/lib/metasploit/framework/compiler/win32_spec.rb +++ b/spec/lib/metasploit/framework/compiler/win32_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' require 'metasploit/framework/compiler/win32' RSpec.describe Metasploit::Framework::Compiler::Win32 do - describe '#self.compile' do + describe '#self.compile_c' do let(:c_template) { %Q|#include @@ -14,7 +14,7 @@ RSpec.describe Metasploit::Framework::Compiler::Win32 do } it 'returns an EXE binary' do - bin = Metasploit::Framework::Compiler::Win32.compile(c_template) + bin = Metasploit::Framework::Compiler::Win32.compile_c(c_template) magic = bin[0, 2] expect(magic).to eq('MZ') end From 76865732c83eb973c1d1b693cf38634df8e827f3 Mon Sep 17 00:00:00 2001 From: Wei Chen Date: Fri, 11 May 2018 10:26:59 -0500 Subject: [PATCH 5/9] Namespace update --- data/headers/win32/Windows.h | 538 ------------------ data/headers/win32/stddef.h | 124 ---- .../framework/compiler/headers/win32.rb | 28 - lib/metasploit/framework/compiler/win32.rb | 49 -- .../framework/compiler/win32_spec.rb | 22 - 5 files changed, 761 deletions(-) delete mode 100644 data/headers/win32/Windows.h delete mode 100644 data/headers/win32/stddef.h delete mode 100644 lib/metasploit/framework/compiler/headers/win32.rb delete mode 100644 lib/metasploit/framework/compiler/win32.rb delete mode 100644 spec/lib/metasploit/framework/compiler/win32_spec.rb diff --git a/data/headers/win32/Windows.h b/data/headers/win32/Windows.h deleted file mode 100644 index 44809520a7..0000000000 --- a/data/headers/win32/Windows.h +++ /dev/null @@ -1,538 +0,0 @@ -// -// License: -// https://github.com/rapid7/metasploit-framework/blob/master/LICENSE -// - -#define MAX_PATH 260 -#define MEM_COMMIT 0x00001000 -#define MEM_RESERVE 0x00002000 -#define MEM_RESET 0x00080000 -#define MEM_RESET_UNDO 0x1000000 -#define MEM_LARGE_PAGES 0x20000000 -#define MEM_PHYSICAL 0x00400000 -#define MEM_TOP_DOWN 0x00100000 -#define MEM_WRITE_WATCH 0x00200000 -#define PAGE_EXECUTE_READWRITE 0x00000040 -#define HEAP_GENERATE_EXCEPTIONS 0x00000004 -#define HEAP_NO_SERIALIZE 0x00000001 -#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 -#define HEAP_ZERO_MEMORY 0x00000008 -#define STARTF_FORCEONFEEDBACK 0x00000040 -#define STARTF_FORCEOFFFEEDBACK 0x00000080 -#define STARTF_PREVENTPINNING 0x00002000 -#define STARTF_RUNFULLSCREEN 0x00000020 -#define STARTF_TITLEISAPPID 0x00001000 -#define STARTF_TITLEISLINKNAME 0x00000800 -#define STARTF_USECOUNTCHARS 0x00000008 -#define STARTF_USEFILLATTRIBUTE 0x00000010 -#define STARTF_USEHOTKEY 0x00000200 -#define STARTF_USEPOSITION 0x00000004 -#define STARTF_USESHOWWINDOW 0x00000001 -#define STARTF_USESIZE 0x00000002 -#define STARTF_USESTDHANDLES 0x00000100 -#define GW_CHILD 5 -#define GW_ENABLEDPOPUP 6 -#define GW_HWNDFIRST 0 -#define GW_HWNDLAST 1 -#define GW_HWNDNEXT 2 -#define GW_OWNER 4 -#define MB_ABORTRETRYIGNORE 0x00000002L -#define MB_CANCELTRYCONTINUE 0x00000006L -#define MB_HELP 0x00004000L -#define MB_OK 0x00000000L -#define MB_OKCANCEL 0x00000001L -#define MB_RETRYCANCEL 0x00000005L -#define MB_YESNO 0x00000004L -#define MB_YESNOCANCEL 0x00000003L -#define MB_ICONEXCLAMATION 0x00000030L -#define MB_ICONWARNING 0x00000030L -#define MB_ICONINFORMATION 0x00000040L -#define MB_ICONASTERISK 0x00000040L -#define MB_ICONQUESTION 0x00000020L -#define MB_ICONSTOP 0x00000010L -#define MB_ICONERROR 0x00000010L -#define MB_ICONHAND 0x00000010L -#define MB_DEFBUTTON1 0x00000000L -#define MB_DEFBUTTON2 0x00000100L -#define MB_DEFBUTTON3 0x00000200L -#define MB_DEFBUTTON4 0x00000300L -#define MB_APPLMODAL 0x00000000L -#define MB_SYSTEMMODAL 0x00001000L -#define MB_TASKMODAL 0x00002000L -#define MB_DEFAULT_DESKTOP_ONLY 0x00020000L -#define MB_RIGHT 0x00080000L -#define MB_RTLREADING 0x00100000L -#define MB_SETFOREGROUND 0x00010000L -#define MB_TOPMOST 0x00040000L -#define MB_SERVICE_NOTIFICATION 0x00200000L -#define IDABORT 3 -#define IDCANCEL 2 -#define IDCONTINUE 11 -#define IDIGNORE 5 -#define IDNO 7 -#define IDOK 1 -#define IDRETRY 4 -#define IDTRYAGAIN 10 -#define IDYES 6 -#define HEAP_CREATE_ENABLE_EXECUTE 0x00040000 -#define SC_MANAGER_ALL_ACCESS 0xf003f -#define SC_MANAGER_CONNECT 1 -#define SC_MANAGER_CREATE_SERVICE 2 -#define SC_MANAGER_ENUMERATE_SERVICE 4 -#define SC_MANAGER_LOCK 8 -#define SC_MANAGER_QUERY_LOCK_STATUS 16 -#define SC_MANAGER_MODIFY_BOOT_CONFIG 32 -#define SERVICE_NO_CHANGE (-1) -#define SERVICE_STOPPED 1 -#define SERVICE_START_PENDING 2 -#define SERVICE_STOP_PENDING 3 -#define SERVICE_RUNNING 4 -#define SERVICE_CONTINUE_PENDING 5 -#define SERVICE_PAUSE_PENDING 6 -#define SERVICE_PAUSED 7 -#define SERVICE_ACCEPT_STOP 1 -#define SERVICE_ACCEPT_PAUSE_CONTINUE 2 -#define SERVICE_ACCEPT_SHUTDOWN 4 -#define SERVICE_CONTROL_STOP 1 -#define SERVICE_CONTROL_PAUSE 2 -#define SERVICE_CONTROL_CONTINUE 3 -#define SERVICE_CONTROL_INTERROGATE 4 -#define SERVICE_CONTROL_SHUTDOWN 5 -#define SERVICE_ACTIVE 1 -#define SERVICE_INACTIVE 2 -#define SERVICE_STATE_ALL 3 -#define SERVICE_QUERY_CONFIG 1 -#define SERVICE_CHANGE_CONFIG 2 -#define SERVICE_QUERY_STATUS 4 -#define SERVICE_ENUMERATE_DEPENDENTS 8 -#define SERVICE_START 16 -#define SERVICE_STOP 32 -#define SERVICE_PAUSE_CONTINUE 64 -#define SERVICE_INTERROGATE 128 -#define SERVICE_USER_DEFINED_CONTROL 256 -#define SERVICE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SERVICE_QUERY_CONFIG|SERVICE_CHANGE_CONFIG|SERVICE_QUERY_STATUS|SERVICE_ENUMERATE_DEPENDENTS|SERVICE_START|SERVICE_STOP|SERVICE_PAUSE_CONTINUE|SERVICE_INTERROGATE|SERVICE_USER_DEFINED_CONTROL) -#define GHND 0x0042 -#define GMEM_FIXED 0x0000 -#define GMEM_MOVEABLE 0x0002 -#define GMEM_ZEROINIT 0x0040 -#define GPTR 0x0040 -#define WH_CALLWNDPROC 4 -#define WH_CALLWNDPROCRET 12 -#define WH_CBT 5 -#define WH_DEBUG 9 -#define WH_FOREGROUNDIDLE 11 -#define WH_GETMESSAGE 3 -#define WH_JOURNALPLAYBACK 1 -#define WH_JOURNALRECORD 0 -#define WH_KEYBOARD 2 -#define WH_KEYBOARD_LL 13 -#define WH_MOUSE 7 -#define WH_MOUSE_LL 14 -#define WH_MSGFILTER -1 -#define WH_SHELL 10 -#define WH_SYSMSGFILTER 6 -#define GENERIC_READ 0x80000000 -#define GENERIC_WRITE 0x40000000 -#define GENERIC_EXECUTE 0x20000000 -#define GENERIC_ALL 0x10000000 -#define FILE_SHARE_READ 0x00000001 -#define FILE_SHARE_WRITE 0x00000002 -#define FILE_SHARE_DELETE 0x00000004 -#define CREATE_NEW 1 -#define CREATE_ALWAYS 2 -#define OPEN_EXISTING 3 -#define OPEN_ALWAYS 4 -#define TRUNCATE_EXISTING 5 -#define FILE_ATTRIBUTE_READONLY 0x00000001 -#define FILE_ATTRIBUTE_NORMAL 0x00000080 -#define FILE_ATTRIBUTE_TEMPORARY 0x00000100 -#define FILE_FLAG_WRITE_THROUGH 0x80000000 -#define FILE_FLAG_NO_BUFFERING 0x20000000 -#define FILE_FLAG_RANDOM_ACCESS 0x10000000 -#define FILE_FLAG_SEQUENTIAL_SCAN 0x08000000 -#define FILE_FLAG_DELETE_ON_CLOSE 0x04000000 -#define FILE_FLAG_OVERLAPPED 0x40000000 -#define FILE_ATTRIBUTE_HIDDEN 0x00000002 -#define FILE_ATTRIBUTE_SYSTEM 0x00000004 -#define FILE_ATTRIBUTE_DIRECTORY 0x00000010 -#define FILE_ATTRIBUTE_ARCHIVE 0x00000020 -#define FILE_ATTRIBUTE_DEVICE 0x00000040 -#define ERROR_FILE_NOT_FOUND 2L -#define ERROR_NO_MORE_FILES 18L -#define INVALID_HANDLE_VALUE ((HANDLE) -1) -#define INVALID_FILE_SIZE ((DWORD)0xFFFFFFFF) -#define FILE_NAME_NORMALIZED 0x0 -#define FILE_NAME_OPENED 0x8 -#define VOLUME_NAME_DOS 0x0 -#define VOLUME_NAME_GUID 0x1 -#define VOLUME_NAME_NONE 0x4 -#define VOLUME_NAME_NT 0x2 -#define SERVICE_FILE_SYSTEM_DRIVER 0x00000002 -#define SERVICE_KERNEL_DRIVER 0x00000001 -#define SERVICE_WIN32_OWN_PROCESS 0x00000010 -#define SERVICE_WIN32_SHARE_PROCESS 0x00000020 -#define SERVICE_USER_OWN_PROCESS 0x00000050 -#define SERVICE_USER_SHARE_PROCESS 0x00000060 -#define SERVICE_INTERACTIVE_PROCESS 0x00000100 -#define SERVICE_CONTINUE_PENDING 0x00000005 -#define SERVICE_PAUSE_PENDING 0x00000006 -#define SERVICE_PAUSED 0x00000007 -#define SERVICE_RUNNING 0x00000004 -#define SERVICE_START_PENDING 0x00000002 -#define SERVICE_STOP_PENDING 0x00000003 -#define SERVICE_STOPPED 0x00000001 -#define SERVICE_AUTO_START 0x00000002 -#define SERVICE_BOOT_START 0x00000000 -#define SERVICE_DEMAND_START 0x00000003 -#define SERVICE_DISABLED 0x00000004 -#define SERVICE_SYSTEM_START 0x00000001 -#define SERVICE_ERROR_CRITICAL 0x00000003 -#define SERVICE_ERROR_IGNORE 0x00000000 -#define SERVICE_ERROR_NORMAL 0x00000001 -#define SERVICE_ERROR_SEVERE 0x00000002 -#define SERVICE_DRIVER 0x0000000B -#define SERVICE_FILE_SYSTEM_DRIVER 0x00000002 -#define SERVICE_KERNEL_DRIVER 0x00000001 -#define SERVICE_WIN32 0x00000030 -#define SERVICE_WIN32_OWN_PROCESS 0x00000010 -#define SERVICE_WIN32_SHARE_PROCESS 0x00000020 - -typedef struct _SECURITY_ATTRIBUTES { - DWORD nLength; - LPVOID lpSecurityDescriptor; - BOOL bInheritHandle; -} SECURITY_ATTRIBUTES , *LPSECURITY_ATTRIBUTES; - -typedef struct _LPTHREAD_START_ROUTINE { - LPVOID lpThreadParameter; -} LPTHREAD_START_ROUTINE, *LPTHREAD_START_ROUTINE; - -typedef struct _STARTUPINFO { - DWORD cb; - LPTSTR lpReserved; - LPTSTR lpDesktop; - LPTSTR lpTitle; - DWORD dwX; - DWORD dwY; - DWORD dwXSize; - DWORD dwYSize; - DWORD dwXCountChars; - DWORD dwYCountChars; - DWORD dwFillAttribute; - DWORD dwFlags; - WORD wShowWindow; - WORD cbReserved2; - LPBYTE lpReserved2; - HANDLE hStdInput; - HANDLE hStdOutput; - HANDLE hStdError; -} STARTUPINFO, *LPSTARTUPINFO; - -typedef struct _PROCESS_INFORMATION { - HANDLE hProcess; - HANDLE hThread; - DWORD dwProcessId; - DWORD dwThreadId; -} PROCESS_INFORMATION, *LPPROCESS_INFORMATION; - -typedef struct _OVERLAPPED { - ULONG_PTR Internal; - ULONG_PTR InternalHigh; - union { - struct { - DWORD Offset; - DWORD OffsetHigh; - }; - PVOID Pointer; - }; - HANDLE hEvent; -} OVERLAPPED, *LPOVERLAPPED; - -typedef DWORD SERVICE_STATUS_HANDLE; - -typedef enum _SC_ENUM_TYPE { - SC_ENUM_PROCESS_INFO = 0 -} SC_ENUM_TYPE; - -typedef enum _HEAP_INFORMATION_CLASS { - HeapCompatibilityInformation = 0, - HeapEnableTerminationOnCorruption = 1 -} HEAP_INFORMATION_CLASS; - -typedef struct _FILETIME { - DWORD dwLowDateTime; - DWORD dwHighDateTime; -} FILETIME, *PFILETIME; - -typedef struct _WIN32_FIND_DATA { - DWORD dwFileAttributes; - FILETIME ftCreationTime; - FILETIME ftLastAccessTime; - FILETIME ftLastWriteTime; - DWORD nFileSizeHigh; - DWORD nFileSizeLow; - DWORD dwReserved0; - DWORD dwReserved1; - TCHAR cFileName[MAX_PATH]; - TCHAR cAlternateFileName[14]; -} WIN32_FIND_DATA, *PWIN32_FIND_DATA, *LPWIN32_FIND_DATA; - -typedef struct tagPOINT { - LONG x; - LONG y; -} POINT, *PPOINT; - -typedef struct tagMSG { - HWND hwnd; - UINT message; - WPARAM wParam; - LPARAM lParam; - DWORD time; - POINT pt; -} MSG, *PMSG, *LPMSG; - -typedef struct _BY_HANDLE_FILE_INFORMATION { - DWORD dwFileAttributes; - FILETIME ftCreationTime; - FILETIME ftLastAccessTime; - FILETIME ftLastWriteTime; - DWORD dwVolumeSerialNumber; - DWORD nFileSizeHigh; - DWORD nFileSizeLow; - DWORD nNumberOfLinks; - DWORD nFileIndexHigh; - DWORD nFileIndexLow; -} BY_HANDLE_FILE_INFORMATION, *PBY_HANDLE_FILE_INFORMATION, *LPBY_HANDLE_FILE_INFORMATION; - -typedef struct _SERVICE_STATUS { - DWORD dwServiceType; - DWORD dwCurrentState; - DWORD dwControlsAccepted; - DWORD dwWin32ExitCode; - DWORD dwServiceSpecificExitCode; - DWORD dwCheckPoint; - DWORD dwWaitHint; -} SERVICE_STATUS, *LPSERVICE_STATUS; - -typedef struct _ENUM_SERVICE_STATUS { - LPTSTR lpServiceName; - LPTSTR lpDisplayName; - SERVICE_STATUS ServiceStatus; -} ENUM_SERVICE_STATUS, *LPENUM_SERVICE_STATUS; - -typedef VOID (CALLBACK *LPOVERLAPPED_COMPLETION_ROUTINE)(DWORD,DWORD,LPOVERLAPPED); - -typedef enum _PROCESSINFOCLASS { - ProcessBasicInformation = 0, - ProcessQuotaLimits = 1, - ProcessIoCounters = 2, - ProcessVmCounters = 3, - ProcessTimes = 4, - ProcessBasePriority = 5, - ProcessRaisePriority = 6, - ProcessDebugPort = 7, - ProcessExceptionPort = 8, - ProcessAccessToken = 9, - ProcessLdtInformation = 10, - ProcessLdtSize = 11, - ProcessDefaultHardErrorMode = 12, - ProcessIoPortHandlers = 13, - ProcessPooledUsageAndLimits = 14, - ProcessWorkingSetWatch = 15, - ProcessUserModeIOPL = 16, - ProcessEnableAlignmentFaultFixup = 17, - ProcessPriorityClass = 18, - ProcessWx86Information = 19, - ProcessHandleCount = 20, - ProcessAffinityMask = 21, - ProcessPriorityBoost = 22, - ProcessDeviceMap = 23, - ProcessSessionInformation = 24, - ProcessForegroundInformation = 25, - ProcessWow64Information = 26, - ProcessImageFileName = 27, - ProcessLUIDDeviceMapsEnabled = 28, - ProcessBreakOnTermination = 29, - ProcessDebugObjectHandle = 30, - ProcessDebugFlags = 31, - ProcessHandleTracing = 32, - ProcessIoPriority = 33, - ProcessExecuteFlags = 34, - ProcessTlsInformation = 35, - ProcessCookie = 36, - ProcessImageInformation = 37, - ProcessCycleTime = 38, - ProcessPagePriority = 39, - ProcessInstrumentationCallback = 40, - ProcessThreadStackAllocation = 41, - ProcessWorkingSetWatchEx = 42, - ProcessImageFileNameWin32 = 43, - ProcessImageFileMapping = 44, - ProcessAffinityUpdateMode = 45, - ProcessMemoryAllocationMode = 46, - ProcessGroupInformation = 47, - ProcessTokenVirtualizationEnabled = 48, - ProcessOwnerInformation = 49, - ProcessWindowInformation = 50, - ProcessHandleInformation = 51, - ProcessMitigationPolicy = 52, - ProcessDynamicFunctionTableInformation = 53, - ProcessHandleCheckingMode = 54, - ProcessKeepAliveCount = 55, - ProcessRevokeFileHandles = 56, - ProcessWorkingSetControl = 57, - ProcessHandleTable = 58, - ProcessCheckStackExtentsMode = 59, - ProcessCommandLineInformation = 60, - ProcessProtectionInformation = 61, - ProcessMemoryExhaustion = 62, - ProcessFaultInformation = 63, - ProcessTelemetryIdInformation = 64, - ProcessCommitReleaseInformation = 65, - ProcessReserved1Information = 66, - ProcessReserved2Information = 67, - ProcessSubsystemProcess = 68, - ProcessInPrivate = 70, - ProcessRaiseUMExceptionOnInvalidHandleClose = 71, - MaxProcessInfoClass -} PROCESSINFOCLASS; - -typedef enum _FINDEX_INFO_LEVELS { - FindExInfoStandard, - FindExInfoBasic, - FindExInfoMaxInfoLevel -} FINDEX_INFO_LEVELS; - -typedef enum _FINDEX_SEARCH_OPS { - FindExSearchNameMatch, - FindExSearchLimitToDirectories, - FindExSearchLimitToDevices -} FINDEX_SEARCH_OPS; - -WORD MAKEWORD( - BYTE bLow, - BYTE bHigh -); - -WINAPI void OutputDebugString __attribute__((dllimport))(LPCTSTR); -WINAPI HGLOBAL GlobalAlloc __attribute__((dllimport))(UINT, size_t); -WINAPI LPVOID GlobalLock __attribute__((dllimport))(HGLOBAL); -WINAPI BOOL GlobalUnlock __attribute__((dllimport))(HGLOBAL); -WINAPI HGLOBAL GlobalReAlloc __attribute__((dllimport))(HGLOBAL, size_t, UINT); -WINAPI HGLOBAL GlobalFree __attribute__((dllimport))(HGLOBAL); -WINAPI DWORD GetLastError __attribute__((dllimport))(void); -WINAPI LPVOID VirtualAlloc __attribute__((dllimport))(LPVOID, size_t, DWORD, DWORD); -WINAPI LPVOID VirtualAllocEx __attribute__((dllimport))(HANDLE, LPVOID, size_t, DWORD, DWORD); -WINAPI BOOL VirtualProtect __attribute__((dllimport))(LPVOID, size_t, DWORD, PDWORD); -WINAPI BOOL VirtualProtectEx __attribute__((dllimport))(HANDLE, LPVOID, size_t, DWORD, PDWORD); -WINAPI HANDLE GetProcessHeap __attribute__((dllimport))(void); -WINAPI DWORD GetProcessHeaps __attribute__((dllimport))(DWORD, PHANDLE); -WINAPI HANDLE HeapCreate __attribute__((dllimport))(DWORD, size_t, size_t); -WINAPI LPVOID HeapAlloc __attribute__((dllimport))(HANDLE, DWORD, size_t); -WINAPI size_t HeapSize __attribute__((dllimport))(HANDLE, DWORD, LPCVOID); -WINAPI LPVOID HeapreAlloc __attribute__((dllimport))(HANDLE, DWORD, LPVOID, size_t); -WINAPI BOOL HeapFree __attribute__((dllimport))(HANDLE, DWORD, LPVOID); -WINAPI BOOL HeapQueryInformation __attribute__((dllimport))(HANDLE, HEAP_INFORMATION_CLASS, PVOID, size_t, PSIZE_T); -WINAPI BOOL HeapSetInformation __attribute__((dllimport))(HANDLE, HEAP_INFORMATION_CLASS, PVOID, size_t); -WINAPI BOOL VirtualFreeEx __attribute__((dllimport))(HANDLE, LPVOID, size_t, DWORD); -WINAPI void MoveMemory __attribute__((dllimport))(PVOID, void*, size_t); -WINAPI BOOL WriteProcessMemory __attribute__((dllimport))(HANDLE, LPVOID, LPCVOID, size_t, size_t*); -WINAPI BOOL ReadProcessMemory __attribute__((dllimport))(HANDLE, LPCVOID, LPVOID, size_t, size_t*); -WINAPI HANDLE CreateThread __attribute__((dllimport))(LPSECURITY_ATTRIBUTES, size_t, LPTHREAD_START_ROUTINE, LPVOID, DWORD, LPDWORD ); -WINAPI HANDLE CreateRemoteThread __attribute__((dllimport))(HANDLE, LPSECURITY_ATTRIBUTES, size_t, LPTHREAD_START_ROUTINE, LPVOID, DWORD, LPDWORD ); -WINAPI void ZeroMemory __attribute__((dllimport))(PVOID, size_t); -WINAPI DWORD GetProcessId __attribute__((dllimport))(HANDLE); -WINAPI BOOL CreateProcess __attribute__((dllimport))(LPCTSTR, LPTSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCTSTR, LPSTARTUPINFO, LPPROCESS_INFORMATION); -WINAPI BOOL CreateProcessAsUser __attribute__((dllimport))(HANDLE, LPCTSTR, LPTSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCTSTR, LPSTARTUPINFO, LPPROCESS_INFORMATION); -WINAPI HANDLE OpenProcess __attribute__((dllimport))(DWORD, BOOL, DWORD); -WINAPI void ExitProcess __attribute__((dllimport))(UINT); -WINAPI BOOL TerminateProcess __attribute__((dllimport))(UINT); -WINAPI DWORD GetTickCount __attribute__((dllimport))(void); -WINAPI void Sleep __attribute__((dllimport))(DWORD); -WINAPI UINT WinExec __attribute__((dllimport))(LPCSTR, UINT); -WINAPI DWORD WaitForSingleObject __attribute__((dllimport))(HANDLE, DWORD); -WINAPI FARPROC GetProcAddress __attribute__((dllimport))(HMODULE, LPCSTR); -WINAPI HMODULE LoadLibrary __attribute__((dllimport))(LPCTSTR); -WINAPI HMODULE GetModuleHandle __attribute__((dllimport))(LPCTSTR); -WINAPI HANDLE CreateFile __attribute__((dllimport))(LPCTSTR, DWORD, DWORD, LPSECURITY_ATTRIBUTES, DWORD, DWORD, HANDLE); -WINAPI BOOL GetFileInformationByHandle __attribute__((dllimport))(HANDLE, LPBY_HANDLE_FILE_INFORMATION); -WINAPI DWORD GetFullPathName __attribute__((dllimport))(LPCTSTR, DWORD, LPTSTR, LPTSTR*); -WINAPI DWORD GetFileType __attribute__((dllimport))(HANDLE); -WINAPI BOOL MoveFile __attribute__((dllimport))(LPCTSTR, LPCTSTR); -WINAPI BOOL DeleteFile __attribute__((dllimport))(LPCTSTR); -WINAPI BOOL CopyFile __attribute__((dllimport))(LPCTSTR, LPCTSTR, BOOL); -WINAPI BOOL WriteFile __attribute__((dllimport))(HANDLE, LPCVOID, DWORD, LPDWORD, LPOVERLAPPED); -WINAPI BOOL ReadFile __attribute__((dllimport))(HANDLE, LPVOID, DWORD, LPDWORD, LPOVERLAPPED); -WINAPI BOOL ReadFileEx __attribute__((dllimport))(HANDLE, LPVOID, LPOVERLAPPED, LPOVERLAPPED_COMPLETION_ROUTINE); -WINAPI DWORD GetFileSize __attribute__((dllimport))(HANDLE, LPDWORD); -WINAPI DWORD GetTempPath __attribute__((dllimport))(DWORD, LPTSTR); -WINAPI UINT GetTempFileName __attribute__((dllimport))(LPCTSTR, LPCTSTR, UINT, LPTSTR); -WINAPI DWORD GetShortPathName __attribute__((dllimport))(LPCTSTR, LPTSTR, DWORD); -WINAPI DWORD GetLongPathName __attribute__((dllimport))(LPCTSTR, LPTSTR, DWORD); -WINAPI INT GetExpandedName __attribute__((dllimport))(LPTSTR, LPTSTR); -WINAPI DWORD GetFinalPathNameByHandle __attribute__((dllimport))(HANDLE, LPTSTR, DWORD, DWORD); -WINAPI BOOL LockFile __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, DWORD); -WINAPI BOOL UnlockFile __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, DWORD); -WINAPI BOOL UnlockFileEx __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, LPOVERLAPPED); -WINAPI BOOL FreeLibrary __attribute__((dllimport))(HMODULE); -WINAPI DWORD GetModuleFileName __attribute__((dllimport))(HMODULE, LPTSTR, DWORD); -WINAPI BOOL CloseHandle __attribute__((dllimport))(HANDLE); -WINAPI void DebugBreak __attribute__((dllimport))(void); -WINAPI HWND FindWindow __attribute__((dllimport))(LPCTSTR, LPCTSTR); -WINAPI HWND FindWindowEx __attribute__((dllimport))(HWND, HWND, LPCTSTR, LPCTSTR); -WINAPI HWND GetWindow __attribute__((dllimport))(HWND, UINT); -WINAPI HWND GetForegroundWindow __attribute__((dllimport))(void); -WINAPI BOOL SetForegroundWindow __attribute__((dllimport))(HWND); -WINAPI HWND GetDesktopWindow __attribute__((dllimport))(void); -WINAPI HWND SetActiveWindow __attribute__((dllimport))(HWND); -WINAPI BOOL IsWindowEnabled __attribute__((dllimport))(HWND); -WINAPI HWND SetFocus __attribute__((dllimport))(HWND); -WINAPI BOOL MoveWindow __attribute__((dllimport))(HWND, int, int, int, int, BOOL); -WINAPI int MessageBox __attribute__((dllimport))(HWND, LPCTSTR, LPCTSTR, UINT); -WINAPI BOOL Beep __attribute__((dllimport))(DWORD, DWORD); -WINAPI BOOL CreateDirectory __attribute__((dllimport))(LPCTSTR, LPSECURITY_ATTRIBUTES); -WINAPI HANDLE CreateFileMapping __attribute__((dllimport))(HANDLE, LPSECURITY_ATTRIBUTES, DWORD, DWORD, DWORD, LPCTSTR); -WINAPI LPVOID MapViewOfFile __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, size_t); -WINAPI LPVOID MapViewOfFileEx __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, size_t, LPVOID); -WINAPI BOOL FindClose __attribute__((dllimport))(HANDLE); -WINAPI HANDLE FindFirstFile __attribute__((dllimport))(LPCTSTR, LPWIN32_FIND_DATA); -WINAPI HANDLE FindFirstFileEx __attribute__((dllimport))(LPCTSTR, FINDEX_INFO_LEVELS, LPVOID, FINDEX_SEARCH_OPS, LPVOID, DWORD); -WINAPI BOOL FindNextFile __attribute__((dllimport))(HANDLE, LPWIN32_FIND_DATA); -WINAPI HANDLE GetCurrentProcess __attribute__((dllimport))(void); -WINAPI HANDLE GetCurrentThread __attribute__((dllimport))(void); -WINAPI LRESULT CallNextHookEx __attribute__((dllimport))(HHOOK, int, WPARAM, LPARAM); -WINAPI BOOL GetMessage __attribute__((dllimport))(LPMSG, HWND, UINT, UINT); -WINAPI BOOL PostMessage __attribute__((dllimport))(HWND, UINT, WPARAM, LPARAM); -WINAPI LRESULT SendMessage __attribute__((dllimport))(HWND, UINT, WPARAM, LPARAM); -WINAPI SC_HANDLE OpenSCManager __attribute__((dllimport))(LPCTSTR, LPCTSTR, DWORD); -WINAPI BOOL StartService __attribute__((dllimport))(SC_HANDLE, DWORD, LPCTSTR*); -WINAPI BOOL SetServiceStatus __attribute__((dllimport))(SERVICE_STATUS_HANDLE, LPSERVICE_STATUS); -WINAPI SC_HANDLE CreateService __attribute__((dllimport))(SC_HANDLE, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD, DWORD, LPCTSTR, LPCTSTR, LPDWORD, LPCTSTR, LPCTSTR, LPCTSTR); -WINAPI SC_HANDLE OpenService __attribute__((dllimport))(SC_HANDLE, LPCTSTR, DWORD); -WINAPI BOOL ChangeServiceConfig __attribute__((dllimport))(SC_HANDLE, DWORD, DWORD, DWORD, LPCTSTR, LPCTSTR, LPDWORD, LPCTSTR, LPCTSTR, LPCTSTR, LPCTSTR); -WINAPI BOOL DeleteService __attribute__((dllimport))(SC_HANDLE); -WINAPI BOOL EnumServicesStatus __attribute__((dllimport))(SC_HANDLE, DWORD, DWORD, LPENUM_SERVICE_STATUS, DWORD, LPDWORD, LPDWORD, LPDWORD); -WINAPI BOOL EnumServicesStatusEx __attribute__((dllimport))(SC_HANDLE, SC_ENUM_TYPE, DWORD, DWORD, LPBYTE, DWORD, LPDWORD, LPDWORD, LPDWORD, LPCTSTR); -WINAPI BOOL CloseServiceHandle __attribute__((dllimport))(SC_HANDLE); -WINAPI BOOL ControlService __attribute__((dllimport))(SC_HANDLE, DWORD, LPSERVICE_STATUS); -WINAPI BOOL GetServiceDisplayName __attribute__((dllimport))(SC_HANDLE, LPCTSTR, LPTSTR, LPDWORD); -WINAPI BOOL GetServiceKeyName __attribute__((dllimport))(SC_HANDLE, LPCTSTR, LPTSTR, LPDWORD); -WINAPI BOOL QueryServiceStatus __attribute__((dllimport))(SC_HANDLE, LPSERVICE_STATUS); -WINAPI BOOL OpenClipboard __attribute__((dllimport))(HWND); -WINAPI HANDLE SetClipboardData __attribute__((dllimport))(UINT, HANDLE); -WINAPI HANDLE GetClipboardData __attribute__((dllimport))(UINT); -WINAPI BOOL EmptyClipboard __attribute__((dllimport))(void); -WINAPI BOOL CloseClipboard __attribute__((dllimport))(void); -WINAPI LONG RegSetValueEx __attribute__((dllimport))(HKEY, LPCTSTR, DWORD, DWORD, const BYTE*, DWORD); -WINAPI LONG RegOpenCurrentUser __attribute__((dllimport))(REGSAM, PHKEY); -WINAPI LONG RegDeleteValue __attribute__((dllimport))(HKEY, LPCTSTR); -WINAPI LONG RegOpenKey __attribute__((dllimport))(HKEY, LPCTSTR, PHKEY); -WINAPI LONG RegQueryValueEx __attribute__((dllimport))(HKEY, LPCTSTR, LPDWORD, LPDWORD, LPBYTE, LPDWORD); -WINAPI LONG RegCloseKey __attribute__((dllimport))(HKEY); -WINAPI LONG RegCreateKeyEx __attribute__((dllimport))(HKEY, LPCTSTR, DWORD, LPTSTR, DWORD, REGSAM, LPSECURITY_ATTRIBUTES, PHKEY, LPDWORD); -WINAPI HHOOK SetWindowHookEx __attribute__((dllimport))(int, HOOKPROC, HINSTANCE, DWORD); -WINAPI BOOL UnhookWindowsHookEx __attribute__((dllimport))(HHOOK); -WINAPI BOOL IsDebuggerPresent __attribute__((dllimport))(void); -WINAPI BOOL CheckRemoteDebuggerPresent __attribute__((dllimport))(HANDLE, PBOOL); -WINAPI NTSTATUS NtQueryInformationProcess __attribute__((dllimport))(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG); -WINAPI void SetLastError __attribute__((dllimport))(DWORD); \ No newline at end of file diff --git a/data/headers/win32/stddef.h b/data/headers/win32/stddef.h deleted file mode 100644 index 32c7ddd51c..0000000000 --- a/data/headers/win32/stddef.h +++ /dev/null @@ -1,124 +0,0 @@ -// -// License: -// https://github.com/rapid7/metasploit-framework/blob/master/LICENSE -// - -#define NULL ((void *)0) -#define TRUE 1 -#define FALSE 0 -#define VOID void -#define _tWinMain WinMain -#define CALLBACK __stdcall -#define WINAPI __stdcall -#define APIENTRY WINAPI -#define BUFSIZ 512 -#define _INTERNAL_BUFSIZ 4096 -#define _SMALL_BUFSIZ 512 -#define _NSTREAM_ 512 -#define _IOB_ENTRIES 20 -#define RAND_MAX 0x7fff -#define EOF (-1) -#define SEEK_CUR 1 -#define SEEK_END 2 -#define SEEK_SET 0 -#define FILENAME_MAX 260 -#define FOPEN_MAX 20 -#define _SYS_OPEN 20 -#define _TMP_MAX_S 2147483647 -#define stdin (&__iob_func()[0]) -#define stdout (&__iob_func()[1]) -#define stderr (&__iob_func()[2]) -#define _IOREAD 0x0001 -#define _IOWRT 0x0002 -#define _IOFBF 0x0000 -#define _IOLBF 0x0040 -#define _IONBF 0x0004 -#define _IOMYBUF 0x0008 -#define _IOEOF 0x0010 -#define _IOERR 0x0020 -#define _IOSTRG 0x0040 -#define _IORW 0x0080 -#define _TWO_DIGIT_EXPONENT 0x1 -#define DLL_PROCESS_ATTACH 1 -#define DLL_PROCESS_DETACH 0 -#define DLL_THREAD_ATTACH 2 -#define DLL_THREAD_DETACH 3 - -typedef char CHAR; -typedef CHAR* PCHAR; -typedef const char* LPCTSTR; -typedef const char* LPCSTR; -typedef const CHAR* PCSTR; -typedef char* LPSTR; -typedef char* LPTSTR; -typedef CHAR* PSTR; -typedef unsigned char BYTE; -typedef unsigned short WORD; -typedef unsigned long DWORD; -typedef unsigned int DWORD32; -typedef WORD* LPWORD; -typedef long HRESULT; -typedef long LONG; -typedef float FLOAT; -typedef DWORD COLORREF; -typedef WORD ATOM; -typedef BYTE BOOLEAN; -typedef void* HANDLE; -typedef HANDLE SC_HANDLE; -typedef HANDLE HINSTANCE; -typedef HINSTANCE HMODULE; -typedef HANDLE HHOOK; -typedef HANDLE HCONV; -typedef HANDLE HCONFLIST; -typedef HANDLE HFONT; -typedef HANDLE HGLOBAL; -typedef HANDLE HICON; -typedef HANDLE HKEY; -typedef HANDLE HGLOBAL; -typedef HKEY* PHKEY; -typedef HANDLE HKL; -typedef unsigned char UCHAR; -typedef char TCHAR; -typedef char CCHAR; -typedef int INT; -typedef unsigned int UINT; -typedef unsigned int UINT_PTR; -typedef unsigned long ULONG; -typedef unsigned long ULONG_PTR; -typedef long* LPLONG; -typedef long LONG_PTR; -typedef unsigned short USHORT; -typedef unsigned short WORD; -typedef unsigned int size_t; -typedef size_t* PSIZE_T; -typedef DWORD* LPDWORD; -typedef DWORD* PDWORD; -typedef HANDLE* LPHANDLE; -typedef HANDLE* PHANDLE; -typedef unsigned short u_short; -typedef BYTE* LPBYTE; -typedef BYTE* PBYTE; -typedef void* PVOID; -typedef void* LPVOID; -typedef void* LPCVOID; -typedef ULONG_PTR DWORD_PTR; -typedef void* HWND; -typedef int BOOL; -typedef BOOL* PBOOL; -typedef LONG_PTR LRESULT; -typedef UINT_PTR WPARAM; -typedef LONG_PTR LPARAM; -typedef long NTSTATUS; -typedef ULONG* PULONG; -typedef ULONG REGSAM; -typedef LRESULT (CALLBACK* HOOKPROC)(int, WPARAM, LPARAM); -typedef __stdcall int (*FARPROC)(); -typedef struct _iobuf FILE; -typedef long fpos_t; - -typedef struct { - unsigned int gp_offset; - unsigned int fp_offset; - void *overflow_arg_area; - void *reg_save_area; -} va_list[1]; \ No newline at end of file diff --git a/lib/metasploit/framework/compiler/headers/win32.rb b/lib/metasploit/framework/compiler/headers/win32.rb deleted file mode 100644 index 0261e2f50f..0000000000 --- a/lib/metasploit/framework/compiler/headers/win32.rb +++ /dev/null @@ -1,28 +0,0 @@ - -require 'metasploit/framework/compiler/headers/base' - -module Metasploit - module Framework - module Compiler - module Headers - class Win32 < Base - - attr_accessor :lib_dep_map - attr_accessor :headers_path - - # Initializes the Win32 headers. - def initialize - super - @headers_path = File.join(Msf::Config.install_root, 'data', 'headers', 'win32') - @lib_dep_map = { - 'stddef.h' => [], - 'Windows.h' => ['stddef.h'] - } - end - - end - end - end - end -end - diff --git a/lib/metasploit/framework/compiler/win32.rb b/lib/metasploit/framework/compiler/win32.rb deleted file mode 100644 index 521326acf6..0000000000 --- a/lib/metasploit/framework/compiler/win32.rb +++ /dev/null @@ -1,49 +0,0 @@ -require 'metasm' -require 'erb' -require 'metasploit/framework/compiler/utils' -require 'metasploit/framework/compiler/headers/win32' - -module Metasploit - module Framework - module Compiler - - class Win32 - - # Returns the binary of a compiled source. - # - # @param c_template [String] The C source code to compile. - # @param type [Symbol] PE type, either :exe or :dll - # @raise [NotImplementedError] If the type is not supported. - # @return [String] The compiled code. - def self.compile_c(c_template, type=:exe) - headers = Compiler::Headers::Win32.new - source_code = Compiler::Utils.normalize_code(c_template, headers) - - cpu = Metasm::Ia32.new - pe = Metasm::PE.compile_c(cpu, source_code) - - case type - when :exe - pe.encode - when :dll - pe.encode('dll') - else - raise NotImplementedError - end - end - - # Saves the compiled code as a file. This is basically a wrapper of #self.compile. - # - # @param out_file [String] The file path to save the binary as. - # @param c_template [String] The C source code to compile. - # @param type [Symbol] PE type, either :exe or :dll - # @return [Integer] The number of bytes written. - def self.compile_c_to_file(out_file, c_template, type=:exe) - pe = self.compile(c_template, type) - File.write(out_file, pe) - end - end - - end - end -end \ No newline at end of file diff --git a/spec/lib/metasploit/framework/compiler/win32_spec.rb b/spec/lib/metasploit/framework/compiler/win32_spec.rb deleted file mode 100644 index 083a93fa04..0000000000 --- a/spec/lib/metasploit/framework/compiler/win32_spec.rb +++ /dev/null @@ -1,22 +0,0 @@ -require 'spec_helper' -require 'metasploit/framework/compiler/win32' - -RSpec.describe Metasploit::Framework::Compiler::Win32 do - describe '#self.compile_c' do - let(:c_template) { - %Q|#include - - int main(void) { - MessageBox(NULL, "Hello World", "Test", MB_OK); - return 0; - } - | - } - - it 'returns an EXE binary' do - bin = Metasploit::Framework::Compiler::Win32.compile_c(c_template) - magic = bin[0, 2] - expect(magic).to eq('MZ') - end - end -end \ No newline at end of file From 6cd59faa694b46e50daa5db503a6ca8632003894 Mon Sep 17 00:00:00 2001 From: Wei Chen Date: Fri, 11 May 2018 10:27:54 -0500 Subject: [PATCH 6/9] Namespace update --- data/headers/windows/Windows.h | 538 ++++++++++++++++++ data/headers/windows/stddef.h | 124 ++++ .../framework/compiler/headers/windows.rb | 28 + lib/metasploit/framework/compiler/windows.rb | 47 ++ .../framework/compiler/windows_spec.rb | 22 + 5 files changed, 759 insertions(+) create mode 100644 data/headers/windows/Windows.h create mode 100644 data/headers/windows/stddef.h create mode 100644 lib/metasploit/framework/compiler/headers/windows.rb create mode 100644 lib/metasploit/framework/compiler/windows.rb create mode 100644 spec/lib/metasploit/framework/compiler/windows_spec.rb diff --git a/data/headers/windows/Windows.h b/data/headers/windows/Windows.h new file mode 100644 index 0000000000..44809520a7 --- /dev/null +++ b/data/headers/windows/Windows.h @@ -0,0 +1,538 @@ +// +// License: +// https://github.com/rapid7/metasploit-framework/blob/master/LICENSE +// + +#define MAX_PATH 260 +#define MEM_COMMIT 0x00001000 +#define MEM_RESERVE 0x00002000 +#define MEM_RESET 0x00080000 +#define MEM_RESET_UNDO 0x1000000 +#define MEM_LARGE_PAGES 0x20000000 +#define MEM_PHYSICAL 0x00400000 +#define MEM_TOP_DOWN 0x00100000 +#define MEM_WRITE_WATCH 0x00200000 +#define PAGE_EXECUTE_READWRITE 0x00000040 +#define HEAP_GENERATE_EXCEPTIONS 0x00000004 +#define HEAP_NO_SERIALIZE 0x00000001 +#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 +#define HEAP_ZERO_MEMORY 0x00000008 +#define STARTF_FORCEONFEEDBACK 0x00000040 +#define STARTF_FORCEOFFFEEDBACK 0x00000080 +#define STARTF_PREVENTPINNING 0x00002000 +#define STARTF_RUNFULLSCREEN 0x00000020 +#define STARTF_TITLEISAPPID 0x00001000 +#define STARTF_TITLEISLINKNAME 0x00000800 +#define STARTF_USECOUNTCHARS 0x00000008 +#define STARTF_USEFILLATTRIBUTE 0x00000010 +#define STARTF_USEHOTKEY 0x00000200 +#define STARTF_USEPOSITION 0x00000004 +#define STARTF_USESHOWWINDOW 0x00000001 +#define STARTF_USESIZE 0x00000002 +#define STARTF_USESTDHANDLES 0x00000100 +#define GW_CHILD 5 +#define GW_ENABLEDPOPUP 6 +#define GW_HWNDFIRST 0 +#define GW_HWNDLAST 1 +#define GW_HWNDNEXT 2 +#define GW_OWNER 4 +#define MB_ABORTRETRYIGNORE 0x00000002L +#define MB_CANCELTRYCONTINUE 0x00000006L +#define MB_HELP 0x00004000L +#define MB_OK 0x00000000L +#define MB_OKCANCEL 0x00000001L +#define MB_RETRYCANCEL 0x00000005L +#define MB_YESNO 0x00000004L +#define MB_YESNOCANCEL 0x00000003L +#define MB_ICONEXCLAMATION 0x00000030L +#define MB_ICONWARNING 0x00000030L +#define MB_ICONINFORMATION 0x00000040L +#define MB_ICONASTERISK 0x00000040L +#define MB_ICONQUESTION 0x00000020L +#define MB_ICONSTOP 0x00000010L +#define MB_ICONERROR 0x00000010L +#define MB_ICONHAND 0x00000010L +#define MB_DEFBUTTON1 0x00000000L +#define MB_DEFBUTTON2 0x00000100L +#define MB_DEFBUTTON3 0x00000200L +#define MB_DEFBUTTON4 0x00000300L +#define MB_APPLMODAL 0x00000000L +#define MB_SYSTEMMODAL 0x00001000L +#define MB_TASKMODAL 0x00002000L +#define MB_DEFAULT_DESKTOP_ONLY 0x00020000L +#define MB_RIGHT 0x00080000L +#define MB_RTLREADING 0x00100000L +#define MB_SETFOREGROUND 0x00010000L +#define MB_TOPMOST 0x00040000L +#define MB_SERVICE_NOTIFICATION 0x00200000L +#define IDABORT 3 +#define IDCANCEL 2 +#define IDCONTINUE 11 +#define IDIGNORE 5 +#define IDNO 7 +#define IDOK 1 +#define IDRETRY 4 +#define IDTRYAGAIN 10 +#define IDYES 6 +#define HEAP_CREATE_ENABLE_EXECUTE 0x00040000 +#define SC_MANAGER_ALL_ACCESS 0xf003f +#define SC_MANAGER_CONNECT 1 +#define SC_MANAGER_CREATE_SERVICE 2 +#define SC_MANAGER_ENUMERATE_SERVICE 4 +#define SC_MANAGER_LOCK 8 +#define SC_MANAGER_QUERY_LOCK_STATUS 16 +#define SC_MANAGER_MODIFY_BOOT_CONFIG 32 +#define SERVICE_NO_CHANGE (-1) +#define SERVICE_STOPPED 1 +#define SERVICE_START_PENDING 2 +#define SERVICE_STOP_PENDING 3 +#define SERVICE_RUNNING 4 +#define SERVICE_CONTINUE_PENDING 5 +#define SERVICE_PAUSE_PENDING 6 +#define SERVICE_PAUSED 7 +#define SERVICE_ACCEPT_STOP 1 +#define SERVICE_ACCEPT_PAUSE_CONTINUE 2 +#define SERVICE_ACCEPT_SHUTDOWN 4 +#define SERVICE_CONTROL_STOP 1 +#define SERVICE_CONTROL_PAUSE 2 +#define SERVICE_CONTROL_CONTINUE 3 +#define SERVICE_CONTROL_INTERROGATE 4 +#define SERVICE_CONTROL_SHUTDOWN 5 +#define SERVICE_ACTIVE 1 +#define SERVICE_INACTIVE 2 +#define SERVICE_STATE_ALL 3 +#define SERVICE_QUERY_CONFIG 1 +#define SERVICE_CHANGE_CONFIG 2 +#define SERVICE_QUERY_STATUS 4 +#define SERVICE_ENUMERATE_DEPENDENTS 8 +#define SERVICE_START 16 +#define SERVICE_STOP 32 +#define SERVICE_PAUSE_CONTINUE 64 +#define SERVICE_INTERROGATE 128 +#define SERVICE_USER_DEFINED_CONTROL 256 +#define SERVICE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SERVICE_QUERY_CONFIG|SERVICE_CHANGE_CONFIG|SERVICE_QUERY_STATUS|SERVICE_ENUMERATE_DEPENDENTS|SERVICE_START|SERVICE_STOP|SERVICE_PAUSE_CONTINUE|SERVICE_INTERROGATE|SERVICE_USER_DEFINED_CONTROL) +#define GHND 0x0042 +#define GMEM_FIXED 0x0000 +#define GMEM_MOVEABLE 0x0002 +#define GMEM_ZEROINIT 0x0040 +#define GPTR 0x0040 +#define WH_CALLWNDPROC 4 +#define WH_CALLWNDPROCRET 12 +#define WH_CBT 5 +#define WH_DEBUG 9 +#define WH_FOREGROUNDIDLE 11 +#define WH_GETMESSAGE 3 +#define WH_JOURNALPLAYBACK 1 +#define WH_JOURNALRECORD 0 +#define WH_KEYBOARD 2 +#define WH_KEYBOARD_LL 13 +#define WH_MOUSE 7 +#define WH_MOUSE_LL 14 +#define WH_MSGFILTER -1 +#define WH_SHELL 10 +#define WH_SYSMSGFILTER 6 +#define GENERIC_READ 0x80000000 +#define GENERIC_WRITE 0x40000000 +#define GENERIC_EXECUTE 0x20000000 +#define GENERIC_ALL 0x10000000 +#define FILE_SHARE_READ 0x00000001 +#define FILE_SHARE_WRITE 0x00000002 +#define FILE_SHARE_DELETE 0x00000004 +#define CREATE_NEW 1 +#define CREATE_ALWAYS 2 +#define OPEN_EXISTING 3 +#define OPEN_ALWAYS 4 +#define TRUNCATE_EXISTING 5 +#define FILE_ATTRIBUTE_READONLY 0x00000001 +#define FILE_ATTRIBUTE_NORMAL 0x00000080 +#define FILE_ATTRIBUTE_TEMPORARY 0x00000100 +#define FILE_FLAG_WRITE_THROUGH 0x80000000 +#define FILE_FLAG_NO_BUFFERING 0x20000000 +#define FILE_FLAG_RANDOM_ACCESS 0x10000000 +#define FILE_FLAG_SEQUENTIAL_SCAN 0x08000000 +#define FILE_FLAG_DELETE_ON_CLOSE 0x04000000 +#define FILE_FLAG_OVERLAPPED 0x40000000 +#define FILE_ATTRIBUTE_HIDDEN 0x00000002 +#define FILE_ATTRIBUTE_SYSTEM 0x00000004 +#define FILE_ATTRIBUTE_DIRECTORY 0x00000010 +#define FILE_ATTRIBUTE_ARCHIVE 0x00000020 +#define FILE_ATTRIBUTE_DEVICE 0x00000040 +#define ERROR_FILE_NOT_FOUND 2L +#define ERROR_NO_MORE_FILES 18L +#define INVALID_HANDLE_VALUE ((HANDLE) -1) +#define INVALID_FILE_SIZE ((DWORD)0xFFFFFFFF) +#define FILE_NAME_NORMALIZED 0x0 +#define FILE_NAME_OPENED 0x8 +#define VOLUME_NAME_DOS 0x0 +#define VOLUME_NAME_GUID 0x1 +#define VOLUME_NAME_NONE 0x4 +#define VOLUME_NAME_NT 0x2 +#define SERVICE_FILE_SYSTEM_DRIVER 0x00000002 +#define SERVICE_KERNEL_DRIVER 0x00000001 +#define SERVICE_WIN32_OWN_PROCESS 0x00000010 +#define SERVICE_WIN32_SHARE_PROCESS 0x00000020 +#define SERVICE_USER_OWN_PROCESS 0x00000050 +#define SERVICE_USER_SHARE_PROCESS 0x00000060 +#define SERVICE_INTERACTIVE_PROCESS 0x00000100 +#define SERVICE_CONTINUE_PENDING 0x00000005 +#define SERVICE_PAUSE_PENDING 0x00000006 +#define SERVICE_PAUSED 0x00000007 +#define SERVICE_RUNNING 0x00000004 +#define SERVICE_START_PENDING 0x00000002 +#define SERVICE_STOP_PENDING 0x00000003 +#define SERVICE_STOPPED 0x00000001 +#define SERVICE_AUTO_START 0x00000002 +#define SERVICE_BOOT_START 0x00000000 +#define SERVICE_DEMAND_START 0x00000003 +#define SERVICE_DISABLED 0x00000004 +#define SERVICE_SYSTEM_START 0x00000001 +#define SERVICE_ERROR_CRITICAL 0x00000003 +#define SERVICE_ERROR_IGNORE 0x00000000 +#define SERVICE_ERROR_NORMAL 0x00000001 +#define SERVICE_ERROR_SEVERE 0x00000002 +#define SERVICE_DRIVER 0x0000000B +#define SERVICE_FILE_SYSTEM_DRIVER 0x00000002 +#define SERVICE_KERNEL_DRIVER 0x00000001 +#define SERVICE_WIN32 0x00000030 +#define SERVICE_WIN32_OWN_PROCESS 0x00000010 +#define SERVICE_WIN32_SHARE_PROCESS 0x00000020 + +typedef struct _SECURITY_ATTRIBUTES { + DWORD nLength; + LPVOID lpSecurityDescriptor; + BOOL bInheritHandle; +} SECURITY_ATTRIBUTES , *LPSECURITY_ATTRIBUTES; + +typedef struct _LPTHREAD_START_ROUTINE { + LPVOID lpThreadParameter; +} LPTHREAD_START_ROUTINE, *LPTHREAD_START_ROUTINE; + +typedef struct _STARTUPINFO { + DWORD cb; + LPTSTR lpReserved; + LPTSTR lpDesktop; + LPTSTR lpTitle; + DWORD dwX; + DWORD dwY; + DWORD dwXSize; + DWORD dwYSize; + DWORD dwXCountChars; + DWORD dwYCountChars; + DWORD dwFillAttribute; + DWORD dwFlags; + WORD wShowWindow; + WORD cbReserved2; + LPBYTE lpReserved2; + HANDLE hStdInput; + HANDLE hStdOutput; + HANDLE hStdError; +} STARTUPINFO, *LPSTARTUPINFO; + +typedef struct _PROCESS_INFORMATION { + HANDLE hProcess; + HANDLE hThread; + DWORD dwProcessId; + DWORD dwThreadId; +} PROCESS_INFORMATION, *LPPROCESS_INFORMATION; + +typedef struct _OVERLAPPED { + ULONG_PTR Internal; + ULONG_PTR InternalHigh; + union { + struct { + DWORD Offset; + DWORD OffsetHigh; + }; + PVOID Pointer; + }; + HANDLE hEvent; +} OVERLAPPED, *LPOVERLAPPED; + +typedef DWORD SERVICE_STATUS_HANDLE; + +typedef enum _SC_ENUM_TYPE { + SC_ENUM_PROCESS_INFO = 0 +} SC_ENUM_TYPE; + +typedef enum _HEAP_INFORMATION_CLASS { + HeapCompatibilityInformation = 0, + HeapEnableTerminationOnCorruption = 1 +} HEAP_INFORMATION_CLASS; + +typedef struct _FILETIME { + DWORD dwLowDateTime; + DWORD dwHighDateTime; +} FILETIME, *PFILETIME; + +typedef struct _WIN32_FIND_DATA { + DWORD dwFileAttributes; + FILETIME ftCreationTime; + FILETIME ftLastAccessTime; + FILETIME ftLastWriteTime; + DWORD nFileSizeHigh; + DWORD nFileSizeLow; + DWORD dwReserved0; + DWORD dwReserved1; + TCHAR cFileName[MAX_PATH]; + TCHAR cAlternateFileName[14]; +} WIN32_FIND_DATA, *PWIN32_FIND_DATA, *LPWIN32_FIND_DATA; + +typedef struct tagPOINT { + LONG x; + LONG y; +} POINT, *PPOINT; + +typedef struct tagMSG { + HWND hwnd; + UINT message; + WPARAM wParam; + LPARAM lParam; + DWORD time; + POINT pt; +} MSG, *PMSG, *LPMSG; + +typedef struct _BY_HANDLE_FILE_INFORMATION { + DWORD dwFileAttributes; + FILETIME ftCreationTime; + FILETIME ftLastAccessTime; + FILETIME ftLastWriteTime; + DWORD dwVolumeSerialNumber; + DWORD nFileSizeHigh; + DWORD nFileSizeLow; + DWORD nNumberOfLinks; + DWORD nFileIndexHigh; + DWORD nFileIndexLow; +} BY_HANDLE_FILE_INFORMATION, *PBY_HANDLE_FILE_INFORMATION, *LPBY_HANDLE_FILE_INFORMATION; + +typedef struct _SERVICE_STATUS { + DWORD dwServiceType; + DWORD dwCurrentState; + DWORD dwControlsAccepted; + DWORD dwWin32ExitCode; + DWORD dwServiceSpecificExitCode; + DWORD dwCheckPoint; + DWORD dwWaitHint; +} SERVICE_STATUS, *LPSERVICE_STATUS; + +typedef struct _ENUM_SERVICE_STATUS { + LPTSTR lpServiceName; + LPTSTR lpDisplayName; + SERVICE_STATUS ServiceStatus; +} ENUM_SERVICE_STATUS, *LPENUM_SERVICE_STATUS; + +typedef VOID (CALLBACK *LPOVERLAPPED_COMPLETION_ROUTINE)(DWORD,DWORD,LPOVERLAPPED); + +typedef enum _PROCESSINFOCLASS { + ProcessBasicInformation = 0, + ProcessQuotaLimits = 1, + ProcessIoCounters = 2, + ProcessVmCounters = 3, + ProcessTimes = 4, + ProcessBasePriority = 5, + ProcessRaisePriority = 6, + ProcessDebugPort = 7, + ProcessExceptionPort = 8, + ProcessAccessToken = 9, + ProcessLdtInformation = 10, + ProcessLdtSize = 11, + ProcessDefaultHardErrorMode = 12, + ProcessIoPortHandlers = 13, + ProcessPooledUsageAndLimits = 14, + ProcessWorkingSetWatch = 15, + ProcessUserModeIOPL = 16, + ProcessEnableAlignmentFaultFixup = 17, + ProcessPriorityClass = 18, + ProcessWx86Information = 19, + ProcessHandleCount = 20, + ProcessAffinityMask = 21, + ProcessPriorityBoost = 22, + ProcessDeviceMap = 23, + ProcessSessionInformation = 24, + ProcessForegroundInformation = 25, + ProcessWow64Information = 26, + ProcessImageFileName = 27, + ProcessLUIDDeviceMapsEnabled = 28, + ProcessBreakOnTermination = 29, + ProcessDebugObjectHandle = 30, + ProcessDebugFlags = 31, + ProcessHandleTracing = 32, + ProcessIoPriority = 33, + ProcessExecuteFlags = 34, + ProcessTlsInformation = 35, + ProcessCookie = 36, + ProcessImageInformation = 37, + ProcessCycleTime = 38, + ProcessPagePriority = 39, + ProcessInstrumentationCallback = 40, + ProcessThreadStackAllocation = 41, + ProcessWorkingSetWatchEx = 42, + ProcessImageFileNameWin32 = 43, + ProcessImageFileMapping = 44, + ProcessAffinityUpdateMode = 45, + ProcessMemoryAllocationMode = 46, + ProcessGroupInformation = 47, + ProcessTokenVirtualizationEnabled = 48, + ProcessOwnerInformation = 49, + ProcessWindowInformation = 50, + ProcessHandleInformation = 51, + ProcessMitigationPolicy = 52, + ProcessDynamicFunctionTableInformation = 53, + ProcessHandleCheckingMode = 54, + ProcessKeepAliveCount = 55, + ProcessRevokeFileHandles = 56, + ProcessWorkingSetControl = 57, + ProcessHandleTable = 58, + ProcessCheckStackExtentsMode = 59, + ProcessCommandLineInformation = 60, + ProcessProtectionInformation = 61, + ProcessMemoryExhaustion = 62, + ProcessFaultInformation = 63, + ProcessTelemetryIdInformation = 64, + ProcessCommitReleaseInformation = 65, + ProcessReserved1Information = 66, + ProcessReserved2Information = 67, + ProcessSubsystemProcess = 68, + ProcessInPrivate = 70, + ProcessRaiseUMExceptionOnInvalidHandleClose = 71, + MaxProcessInfoClass +} PROCESSINFOCLASS; + +typedef enum _FINDEX_INFO_LEVELS { + FindExInfoStandard, + FindExInfoBasic, + FindExInfoMaxInfoLevel +} FINDEX_INFO_LEVELS; + +typedef enum _FINDEX_SEARCH_OPS { + FindExSearchNameMatch, + FindExSearchLimitToDirectories, + FindExSearchLimitToDevices +} FINDEX_SEARCH_OPS; + +WORD MAKEWORD( + BYTE bLow, + BYTE bHigh +); + +WINAPI void OutputDebugString __attribute__((dllimport))(LPCTSTR); +WINAPI HGLOBAL GlobalAlloc __attribute__((dllimport))(UINT, size_t); +WINAPI LPVOID GlobalLock __attribute__((dllimport))(HGLOBAL); +WINAPI BOOL GlobalUnlock __attribute__((dllimport))(HGLOBAL); +WINAPI HGLOBAL GlobalReAlloc __attribute__((dllimport))(HGLOBAL, size_t, UINT); +WINAPI HGLOBAL GlobalFree __attribute__((dllimport))(HGLOBAL); +WINAPI DWORD GetLastError __attribute__((dllimport))(void); +WINAPI LPVOID VirtualAlloc __attribute__((dllimport))(LPVOID, size_t, DWORD, DWORD); +WINAPI LPVOID VirtualAllocEx __attribute__((dllimport))(HANDLE, LPVOID, size_t, DWORD, DWORD); +WINAPI BOOL VirtualProtect __attribute__((dllimport))(LPVOID, size_t, DWORD, PDWORD); +WINAPI BOOL VirtualProtectEx __attribute__((dllimport))(HANDLE, LPVOID, size_t, DWORD, PDWORD); +WINAPI HANDLE GetProcessHeap __attribute__((dllimport))(void); +WINAPI DWORD GetProcessHeaps __attribute__((dllimport))(DWORD, PHANDLE); +WINAPI HANDLE HeapCreate __attribute__((dllimport))(DWORD, size_t, size_t); +WINAPI LPVOID HeapAlloc __attribute__((dllimport))(HANDLE, DWORD, size_t); +WINAPI size_t HeapSize __attribute__((dllimport))(HANDLE, DWORD, LPCVOID); +WINAPI LPVOID HeapreAlloc __attribute__((dllimport))(HANDLE, DWORD, LPVOID, size_t); +WINAPI BOOL HeapFree __attribute__((dllimport))(HANDLE, DWORD, LPVOID); +WINAPI BOOL HeapQueryInformation __attribute__((dllimport))(HANDLE, HEAP_INFORMATION_CLASS, PVOID, size_t, PSIZE_T); +WINAPI BOOL HeapSetInformation __attribute__((dllimport))(HANDLE, HEAP_INFORMATION_CLASS, PVOID, size_t); +WINAPI BOOL VirtualFreeEx __attribute__((dllimport))(HANDLE, LPVOID, size_t, DWORD); +WINAPI void MoveMemory __attribute__((dllimport))(PVOID, void*, size_t); +WINAPI BOOL WriteProcessMemory __attribute__((dllimport))(HANDLE, LPVOID, LPCVOID, size_t, size_t*); +WINAPI BOOL ReadProcessMemory __attribute__((dllimport))(HANDLE, LPCVOID, LPVOID, size_t, size_t*); +WINAPI HANDLE CreateThread __attribute__((dllimport))(LPSECURITY_ATTRIBUTES, size_t, LPTHREAD_START_ROUTINE, LPVOID, DWORD, LPDWORD ); +WINAPI HANDLE CreateRemoteThread __attribute__((dllimport))(HANDLE, LPSECURITY_ATTRIBUTES, size_t, LPTHREAD_START_ROUTINE, LPVOID, DWORD, LPDWORD ); +WINAPI void ZeroMemory __attribute__((dllimport))(PVOID, size_t); +WINAPI DWORD GetProcessId __attribute__((dllimport))(HANDLE); +WINAPI BOOL CreateProcess __attribute__((dllimport))(LPCTSTR, LPTSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCTSTR, LPSTARTUPINFO, LPPROCESS_INFORMATION); +WINAPI BOOL CreateProcessAsUser __attribute__((dllimport))(HANDLE, LPCTSTR, LPTSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCTSTR, LPSTARTUPINFO, LPPROCESS_INFORMATION); +WINAPI HANDLE OpenProcess __attribute__((dllimport))(DWORD, BOOL, DWORD); +WINAPI void ExitProcess __attribute__((dllimport))(UINT); +WINAPI BOOL TerminateProcess __attribute__((dllimport))(UINT); +WINAPI DWORD GetTickCount __attribute__((dllimport))(void); +WINAPI void Sleep __attribute__((dllimport))(DWORD); +WINAPI UINT WinExec __attribute__((dllimport))(LPCSTR, UINT); +WINAPI DWORD WaitForSingleObject __attribute__((dllimport))(HANDLE, DWORD); +WINAPI FARPROC GetProcAddress __attribute__((dllimport))(HMODULE, LPCSTR); +WINAPI HMODULE LoadLibrary __attribute__((dllimport))(LPCTSTR); +WINAPI HMODULE GetModuleHandle __attribute__((dllimport))(LPCTSTR); +WINAPI HANDLE CreateFile __attribute__((dllimport))(LPCTSTR, DWORD, DWORD, LPSECURITY_ATTRIBUTES, DWORD, DWORD, HANDLE); +WINAPI BOOL GetFileInformationByHandle __attribute__((dllimport))(HANDLE, LPBY_HANDLE_FILE_INFORMATION); +WINAPI DWORD GetFullPathName __attribute__((dllimport))(LPCTSTR, DWORD, LPTSTR, LPTSTR*); +WINAPI DWORD GetFileType __attribute__((dllimport))(HANDLE); +WINAPI BOOL MoveFile __attribute__((dllimport))(LPCTSTR, LPCTSTR); +WINAPI BOOL DeleteFile __attribute__((dllimport))(LPCTSTR); +WINAPI BOOL CopyFile __attribute__((dllimport))(LPCTSTR, LPCTSTR, BOOL); +WINAPI BOOL WriteFile __attribute__((dllimport))(HANDLE, LPCVOID, DWORD, LPDWORD, LPOVERLAPPED); +WINAPI BOOL ReadFile __attribute__((dllimport))(HANDLE, LPVOID, DWORD, LPDWORD, LPOVERLAPPED); +WINAPI BOOL ReadFileEx __attribute__((dllimport))(HANDLE, LPVOID, LPOVERLAPPED, LPOVERLAPPED_COMPLETION_ROUTINE); +WINAPI DWORD GetFileSize __attribute__((dllimport))(HANDLE, LPDWORD); +WINAPI DWORD GetTempPath __attribute__((dllimport))(DWORD, LPTSTR); +WINAPI UINT GetTempFileName __attribute__((dllimport))(LPCTSTR, LPCTSTR, UINT, LPTSTR); +WINAPI DWORD GetShortPathName __attribute__((dllimport))(LPCTSTR, LPTSTR, DWORD); +WINAPI DWORD GetLongPathName __attribute__((dllimport))(LPCTSTR, LPTSTR, DWORD); +WINAPI INT GetExpandedName __attribute__((dllimport))(LPTSTR, LPTSTR); +WINAPI DWORD GetFinalPathNameByHandle __attribute__((dllimport))(HANDLE, LPTSTR, DWORD, DWORD); +WINAPI BOOL LockFile __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, DWORD); +WINAPI BOOL UnlockFile __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, DWORD); +WINAPI BOOL UnlockFileEx __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, LPOVERLAPPED); +WINAPI BOOL FreeLibrary __attribute__((dllimport))(HMODULE); +WINAPI DWORD GetModuleFileName __attribute__((dllimport))(HMODULE, LPTSTR, DWORD); +WINAPI BOOL CloseHandle __attribute__((dllimport))(HANDLE); +WINAPI void DebugBreak __attribute__((dllimport))(void); +WINAPI HWND FindWindow __attribute__((dllimport))(LPCTSTR, LPCTSTR); +WINAPI HWND FindWindowEx __attribute__((dllimport))(HWND, HWND, LPCTSTR, LPCTSTR); +WINAPI HWND GetWindow __attribute__((dllimport))(HWND, UINT); +WINAPI HWND GetForegroundWindow __attribute__((dllimport))(void); +WINAPI BOOL SetForegroundWindow __attribute__((dllimport))(HWND); +WINAPI HWND GetDesktopWindow __attribute__((dllimport))(void); +WINAPI HWND SetActiveWindow __attribute__((dllimport))(HWND); +WINAPI BOOL IsWindowEnabled __attribute__((dllimport))(HWND); +WINAPI HWND SetFocus __attribute__((dllimport))(HWND); +WINAPI BOOL MoveWindow __attribute__((dllimport))(HWND, int, int, int, int, BOOL); +WINAPI int MessageBox __attribute__((dllimport))(HWND, LPCTSTR, LPCTSTR, UINT); +WINAPI BOOL Beep __attribute__((dllimport))(DWORD, DWORD); +WINAPI BOOL CreateDirectory __attribute__((dllimport))(LPCTSTR, LPSECURITY_ATTRIBUTES); +WINAPI HANDLE CreateFileMapping __attribute__((dllimport))(HANDLE, LPSECURITY_ATTRIBUTES, DWORD, DWORD, DWORD, LPCTSTR); +WINAPI LPVOID MapViewOfFile __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, size_t); +WINAPI LPVOID MapViewOfFileEx __attribute__((dllimport))(HANDLE, DWORD, DWORD, DWORD, size_t, LPVOID); +WINAPI BOOL FindClose __attribute__((dllimport))(HANDLE); +WINAPI HANDLE FindFirstFile __attribute__((dllimport))(LPCTSTR, LPWIN32_FIND_DATA); +WINAPI HANDLE FindFirstFileEx __attribute__((dllimport))(LPCTSTR, FINDEX_INFO_LEVELS, LPVOID, FINDEX_SEARCH_OPS, LPVOID, DWORD); +WINAPI BOOL FindNextFile __attribute__((dllimport))(HANDLE, LPWIN32_FIND_DATA); +WINAPI HANDLE GetCurrentProcess __attribute__((dllimport))(void); +WINAPI HANDLE GetCurrentThread __attribute__((dllimport))(void); +WINAPI LRESULT CallNextHookEx __attribute__((dllimport))(HHOOK, int, WPARAM, LPARAM); +WINAPI BOOL GetMessage __attribute__((dllimport))(LPMSG, HWND, UINT, UINT); +WINAPI BOOL PostMessage __attribute__((dllimport))(HWND, UINT, WPARAM, LPARAM); +WINAPI LRESULT SendMessage __attribute__((dllimport))(HWND, UINT, WPARAM, LPARAM); +WINAPI SC_HANDLE OpenSCManager __attribute__((dllimport))(LPCTSTR, LPCTSTR, DWORD); +WINAPI BOOL StartService __attribute__((dllimport))(SC_HANDLE, DWORD, LPCTSTR*); +WINAPI BOOL SetServiceStatus __attribute__((dllimport))(SERVICE_STATUS_HANDLE, LPSERVICE_STATUS); +WINAPI SC_HANDLE CreateService __attribute__((dllimport))(SC_HANDLE, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD, DWORD, LPCTSTR, LPCTSTR, LPDWORD, LPCTSTR, LPCTSTR, LPCTSTR); +WINAPI SC_HANDLE OpenService __attribute__((dllimport))(SC_HANDLE, LPCTSTR, DWORD); +WINAPI BOOL ChangeServiceConfig __attribute__((dllimport))(SC_HANDLE, DWORD, DWORD, DWORD, LPCTSTR, LPCTSTR, LPDWORD, LPCTSTR, LPCTSTR, LPCTSTR, LPCTSTR); +WINAPI BOOL DeleteService __attribute__((dllimport))(SC_HANDLE); +WINAPI BOOL EnumServicesStatus __attribute__((dllimport))(SC_HANDLE, DWORD, DWORD, LPENUM_SERVICE_STATUS, DWORD, LPDWORD, LPDWORD, LPDWORD); +WINAPI BOOL EnumServicesStatusEx __attribute__((dllimport))(SC_HANDLE, SC_ENUM_TYPE, DWORD, DWORD, LPBYTE, DWORD, LPDWORD, LPDWORD, LPDWORD, LPCTSTR); +WINAPI BOOL CloseServiceHandle __attribute__((dllimport))(SC_HANDLE); +WINAPI BOOL ControlService __attribute__((dllimport))(SC_HANDLE, DWORD, LPSERVICE_STATUS); +WINAPI BOOL GetServiceDisplayName __attribute__((dllimport))(SC_HANDLE, LPCTSTR, LPTSTR, LPDWORD); +WINAPI BOOL GetServiceKeyName __attribute__((dllimport))(SC_HANDLE, LPCTSTR, LPTSTR, LPDWORD); +WINAPI BOOL QueryServiceStatus __attribute__((dllimport))(SC_HANDLE, LPSERVICE_STATUS); +WINAPI BOOL OpenClipboard __attribute__((dllimport))(HWND); +WINAPI HANDLE SetClipboardData __attribute__((dllimport))(UINT, HANDLE); +WINAPI HANDLE GetClipboardData __attribute__((dllimport))(UINT); +WINAPI BOOL EmptyClipboard __attribute__((dllimport))(void); +WINAPI BOOL CloseClipboard __attribute__((dllimport))(void); +WINAPI LONG RegSetValueEx __attribute__((dllimport))(HKEY, LPCTSTR, DWORD, DWORD, const BYTE*, DWORD); +WINAPI LONG RegOpenCurrentUser __attribute__((dllimport))(REGSAM, PHKEY); +WINAPI LONG RegDeleteValue __attribute__((dllimport))(HKEY, LPCTSTR); +WINAPI LONG RegOpenKey __attribute__((dllimport))(HKEY, LPCTSTR, PHKEY); +WINAPI LONG RegQueryValueEx __attribute__((dllimport))(HKEY, LPCTSTR, LPDWORD, LPDWORD, LPBYTE, LPDWORD); +WINAPI LONG RegCloseKey __attribute__((dllimport))(HKEY); +WINAPI LONG RegCreateKeyEx __attribute__((dllimport))(HKEY, LPCTSTR, DWORD, LPTSTR, DWORD, REGSAM, LPSECURITY_ATTRIBUTES, PHKEY, LPDWORD); +WINAPI HHOOK SetWindowHookEx __attribute__((dllimport))(int, HOOKPROC, HINSTANCE, DWORD); +WINAPI BOOL UnhookWindowsHookEx __attribute__((dllimport))(HHOOK); +WINAPI BOOL IsDebuggerPresent __attribute__((dllimport))(void); +WINAPI BOOL CheckRemoteDebuggerPresent __attribute__((dllimport))(HANDLE, PBOOL); +WINAPI NTSTATUS NtQueryInformationProcess __attribute__((dllimport))(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG); +WINAPI void SetLastError __attribute__((dllimport))(DWORD); \ No newline at end of file diff --git a/data/headers/windows/stddef.h b/data/headers/windows/stddef.h new file mode 100644 index 0000000000..32c7ddd51c --- /dev/null +++ b/data/headers/windows/stddef.h @@ -0,0 +1,124 @@ +// +// License: +// https://github.com/rapid7/metasploit-framework/blob/master/LICENSE +// + +#define NULL ((void *)0) +#define TRUE 1 +#define FALSE 0 +#define VOID void +#define _tWinMain WinMain +#define CALLBACK __stdcall +#define WINAPI __stdcall +#define APIENTRY WINAPI +#define BUFSIZ 512 +#define _INTERNAL_BUFSIZ 4096 +#define _SMALL_BUFSIZ 512 +#define _NSTREAM_ 512 +#define _IOB_ENTRIES 20 +#define RAND_MAX 0x7fff +#define EOF (-1) +#define SEEK_CUR 1 +#define SEEK_END 2 +#define SEEK_SET 0 +#define FILENAME_MAX 260 +#define FOPEN_MAX 20 +#define _SYS_OPEN 20 +#define _TMP_MAX_S 2147483647 +#define stdin (&__iob_func()[0]) +#define stdout (&__iob_func()[1]) +#define stderr (&__iob_func()[2]) +#define _IOREAD 0x0001 +#define _IOWRT 0x0002 +#define _IOFBF 0x0000 +#define _IOLBF 0x0040 +#define _IONBF 0x0004 +#define _IOMYBUF 0x0008 +#define _IOEOF 0x0010 +#define _IOERR 0x0020 +#define _IOSTRG 0x0040 +#define _IORW 0x0080 +#define _TWO_DIGIT_EXPONENT 0x1 +#define DLL_PROCESS_ATTACH 1 +#define DLL_PROCESS_DETACH 0 +#define DLL_THREAD_ATTACH 2 +#define DLL_THREAD_DETACH 3 + +typedef char CHAR; +typedef CHAR* PCHAR; +typedef const char* LPCTSTR; +typedef const char* LPCSTR; +typedef const CHAR* PCSTR; +typedef char* LPSTR; +typedef char* LPTSTR; +typedef CHAR* PSTR; +typedef unsigned char BYTE; +typedef unsigned short WORD; +typedef unsigned long DWORD; +typedef unsigned int DWORD32; +typedef WORD* LPWORD; +typedef long HRESULT; +typedef long LONG; +typedef float FLOAT; +typedef DWORD COLORREF; +typedef WORD ATOM; +typedef BYTE BOOLEAN; +typedef void* HANDLE; +typedef HANDLE SC_HANDLE; +typedef HANDLE HINSTANCE; +typedef HINSTANCE HMODULE; +typedef HANDLE HHOOK; +typedef HANDLE HCONV; +typedef HANDLE HCONFLIST; +typedef HANDLE HFONT; +typedef HANDLE HGLOBAL; +typedef HANDLE HICON; +typedef HANDLE HKEY; +typedef HANDLE HGLOBAL; +typedef HKEY* PHKEY; +typedef HANDLE HKL; +typedef unsigned char UCHAR; +typedef char TCHAR; +typedef char CCHAR; +typedef int INT; +typedef unsigned int UINT; +typedef unsigned int UINT_PTR; +typedef unsigned long ULONG; +typedef unsigned long ULONG_PTR; +typedef long* LPLONG; +typedef long LONG_PTR; +typedef unsigned short USHORT; +typedef unsigned short WORD; +typedef unsigned int size_t; +typedef size_t* PSIZE_T; +typedef DWORD* LPDWORD; +typedef DWORD* PDWORD; +typedef HANDLE* LPHANDLE; +typedef HANDLE* PHANDLE; +typedef unsigned short u_short; +typedef BYTE* LPBYTE; +typedef BYTE* PBYTE; +typedef void* PVOID; +typedef void* LPVOID; +typedef void* LPCVOID; +typedef ULONG_PTR DWORD_PTR; +typedef void* HWND; +typedef int BOOL; +typedef BOOL* PBOOL; +typedef LONG_PTR LRESULT; +typedef UINT_PTR WPARAM; +typedef LONG_PTR LPARAM; +typedef long NTSTATUS; +typedef ULONG* PULONG; +typedef ULONG REGSAM; +typedef LRESULT (CALLBACK* HOOKPROC)(int, WPARAM, LPARAM); +typedef __stdcall int (*FARPROC)(); +typedef struct _iobuf FILE; +typedef long fpos_t; + +typedef struct { + unsigned int gp_offset; + unsigned int fp_offset; + void *overflow_arg_area; + void *reg_save_area; +} va_list[1]; \ No newline at end of file diff --git a/lib/metasploit/framework/compiler/headers/windows.rb b/lib/metasploit/framework/compiler/headers/windows.rb new file mode 100644 index 0000000000..6d95819a1d --- /dev/null +++ b/lib/metasploit/framework/compiler/headers/windows.rb @@ -0,0 +1,28 @@ + +require 'metasploit/framework/compiler/headers/base' + +module Metasploit + module Framework + module Compiler + module Headers + class Windows < Base + + attr_accessor :lib_dep_map + attr_accessor :headers_path + + # Initializes the Windows headers. + def initialize + super + @headers_path = File.join(Msf::Config.install_root, 'data', 'headers', 'windows') + @lib_dep_map = { + 'stddef.h' => [], + 'Windows.h' => ['stddef.h'] + } + end + + end + end + end + end +end + diff --git a/lib/metasploit/framework/compiler/windows.rb b/lib/metasploit/framework/compiler/windows.rb new file mode 100644 index 0000000000..32f4ae3c3c --- /dev/null +++ b/lib/metasploit/framework/compiler/windows.rb @@ -0,0 +1,47 @@ +require 'metasm' +require 'erb' +require 'metasploit/framework/compiler/utils' +require 'metasploit/framework/compiler/headers/windows' + +module Metasploit + module Framework + module Compiler + + class Windows + + # Returns the binary of a compiled source. + # + # @param c_template [String] The C source code to compile. + # @param type [Symbol] PE type, either :exe or :dll + # @raise [NotImplementedError] If the type is not supported. + # @return [String] The compiled code. + def self.compile_c(c_template, type=:exe, cpu=Metasm::Ia32.new) + headers = Compiler::Headers::Windows.new + source_code = Compiler::Utils.normalize_code(c_template, headers) + pe = Metasm::PE.compile_c(cpu, source_code) + + case type + when :exe + pe.encode + when :dll + pe.encode('dll') + else + raise NotImplementedError + end + end + + # Saves the compiled code as a file. This is basically a wrapper of #self.compile. + # + # @param out_file [String] The file path to save the binary as. + # @param c_template [String] The C source code to compile. + # @param type [Symbol] PE type, either :exe or :dll + # @return [Integer] The number of bytes written. + def self.compile_c_to_file(out_file, c_template, type=:exe) + pe = self.compile(c_template, type) + File.write(out_file, pe) + end + end + + end + end +end \ No newline at end of file diff --git a/spec/lib/metasploit/framework/compiler/windows_spec.rb b/spec/lib/metasploit/framework/compiler/windows_spec.rb new file mode 100644 index 0000000000..46b76f1b90 --- /dev/null +++ b/spec/lib/metasploit/framework/compiler/windows_spec.rb @@ -0,0 +1,22 @@ +require 'spec_helper' +require 'metasploit/framework/compiler/windows' + +RSpec.describe Metasploit::Framework::Compiler::Windows do + describe '#self.compile_c' do + let(:c_template) { + %Q|#include + + int main(void) { + MessageBox(NULL, "Hello World", "Test", MB_OK); + return 0; + } + | + } + + it 'returns an EXE binary' do + bin = Metasploit::Framework::Compiler::Windows.compile_c(c_template) + magic = bin[0, 2] + expect(magic).to eq('MZ') + end + end +end \ No newline at end of file From ad0ba4f4020932a1742b3f7b190e3c5d3d5f7af8 Mon Sep 17 00:00:00 2001 From: Wei Chen Date: Fri, 11 May 2018 10:29:24 -0500 Subject: [PATCH 7/9] Update to update compile_c_to_file argument --- lib/metasploit/framework/compiler/windows.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/metasploit/framework/compiler/windows.rb b/lib/metasploit/framework/compiler/windows.rb index 32f4ae3c3c..ac3cabcfbb 100644 --- a/lib/metasploit/framework/compiler/windows.rb +++ b/lib/metasploit/framework/compiler/windows.rb @@ -36,7 +36,7 @@ module Metasploit # @param c_template [String] The C source code to compile. # @param type [Symbol] PE type, either :exe or :dll # @return [Integer] The number of bytes written. - def self.compile_c_to_file(out_file, c_template, type=:exe) + def self.compile_c_to_file(out_file, c_template, type=:exe, cpu=Metasm::Ia32.new) pe = self.compile(c_template, type) File.write(out_file, pe) end From b1e767298ff5f1efe09df362b196cce3aabbbde5 Mon Sep 17 00:00:00 2001 From: Wei Chen Date: Fri, 11 May 2018 10:30:15 -0500 Subject: [PATCH 8/9] Update doc --- lib/metasploit/framework/compiler/windows.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/metasploit/framework/compiler/windows.rb b/lib/metasploit/framework/compiler/windows.rb index ac3cabcfbb..bf6f78c8fc 100644 --- a/lib/metasploit/framework/compiler/windows.rb +++ b/lib/metasploit/framework/compiler/windows.rb @@ -13,6 +13,7 @@ module Metasploit # # @param c_template [String] The C source code to compile. # @param type [Symbol] PE type, either :exe or :dll + # @param cpu [Object] A Metasm cpu object, for example: Metasm::Ia32.new # @raise [NotImplementedError] If the type is not supported. # @return [String] The compiled code. def self.compile_c(c_template, type=:exe, cpu=Metasm::Ia32.new) @@ -35,6 +36,7 @@ module Metasploit # @param out_file [String] The file path to save the binary as. # @param c_template [String] The C source code to compile. # @param type [Symbol] PE type, either :exe or :dll + # @param cpu [Object] A Metasm cpu object, for example: Metasm::Ia32.new # @return [Integer] The number of bytes written. def self.compile_c_to_file(out_file, c_template, type=:exe, cpu=Metasm::Ia32.new) pe = self.compile(c_template, type) From 53938422c9f501ddba3f8bd5ebd1ace4b4499cd7 Mon Sep 17 00:00:00 2001 From: Wei Chen Date: Fri, 11 May 2018 14:03:46 -0500 Subject: [PATCH 9/9] Add rspec for Metasploit::Framework::Compiler::Utils --- .../framework/compiler/utils_spec.rb | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 spec/lib/metasploit/framework/compiler/utils_spec.rb diff --git a/spec/lib/metasploit/framework/compiler/utils_spec.rb b/spec/lib/metasploit/framework/compiler/utils_spec.rb new file mode 100644 index 0000000000..8e597cfdcd --- /dev/null +++ b/spec/lib/metasploit/framework/compiler/utils_spec.rb @@ -0,0 +1,22 @@ +require 'spec_helper' +require 'metasm' +require 'metasploit/framework/compiler/windows' + +RSpec.describe Metasploit::Framework::Compiler::Utils do + describe '#self.normalize_code' do + let(:c_template) { + %Q|#include + int main(void) { + MessageBox(NULL, "Hello World", "Test", MB_OK); + return 0; + } + | + } + + it 'returns the raw source code' do + headers = Metasploit::Framework::Compiler::Headers::Windows.new + source_code = Metasploit::Framework::Compiler::Utils.normalize_code(c_template, headers) + expect(source_code).to include('#define APIENTRY WINAPI') + end + end +end \ No newline at end of file