// Copyright (C) 2006-2010, Rapid7 LLC // All rights reserved. // // Redistribution and use in source and binary forms, with or without modification, // are permitted provided that the following conditions are met: // // * Redistributions of source code must retain the above copyright notice, // this list of conditions and the following disclaimer. // // * Redistributions in binary form must reproduce the above copyright notice, // this list of conditions and the following disclaimer in the documentation // and/or other materials provided with the distribution. // // * Neither the name of Rapid7 LLC nor the names of its contributors // may be used to endorse or promote products derived from this software // without specific prior written permission. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED // WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE // DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR // ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; // LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON // ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. //===============================================================================================// #ifndef _VNCDLL_LOADER_INJECT_H #define _VNCDLL_LOADER_INJECT_H //===============================================================================================// #define COMMANDLINE_LENGTH 1024 //===============================================================================================// // Definition of ntdll!NtQueueApcThread typedef DWORD (NTAPI * NTQUEUEAPCTHREAD)( HANDLE hThreadHandle, LPVOID lpApcRoutine, LPVOID lpApcRoutineContext, LPVOID lpApcStatusBlock, LPVOID lpApcReserved ); // Definitions used for running native x64 code from a wow64 process (see executex64.asm) typedef BOOL (WINAPI * X64FUNCTION)( DWORD dwParameter ); typedef DWORD (WINAPI * EXECUTEX64)( X64FUNCTION pFunction, DWORD dwParameter ); //===============================================================================================// // The context used for injection via migrate_via_apcthread typedef struct _APCCONTEXT { union { LPVOID lpStartAddress; BYTE bPadding1[8]; } s; union { LPVOID lpParameter; BYTE bPadding2[8]; } p; BYTE bExecuted; } APCCONTEXT, * LPAPCCONTEXT; // The context used for injection via migrate_via_remotethread_wow64 typedef struct _WOW64CONTEXT { union { HANDLE hProcess; BYTE bPadding2[8]; } h; union { LPVOID lpStartAddress; BYTE bPadding1[8]; } s; union { LPVOID lpParameter; BYTE bPadding2[8]; } p; union { HANDLE hThread; BYTE bPadding2[8]; } t; } WOW64CONTEXT, * LPWOW64CONTEXT; //===============================================================================================// DWORD inject_via_apcthread( HANDLE hProcess, DWORD dwProcessID, DWORD dwDestinationArch, LPVOID lpStartAddress, LPVOID lpParameter ); DWORD inject_via_remotethread( HANDLE hProcess, DWORD dwDestinationArch, LPVOID lpStartAddress, LPVOID lpParameter ); DWORD inject_dll( DWORD dwPid, LPVOID lpDllBuffer, DWORD dwDllLenght ); //===============================================================================================// #endif //===============================================================================================//