Simplified NtDll API importing
This commit is contained in:
PatrickvL
parent
a0e9bc9724
commit
51fdab2139
|
|
@ -49,53 +49,57 @@ namespace NtDll
|
||||||
// ******************************************************************
|
// ******************************************************************
|
||||||
static HMODULE hNtDll = GetModuleHandle("ntdll");
|
static HMODULE hNtDll = GetModuleHandle("ntdll");
|
||||||
|
|
||||||
NtDll::FPTR_RtlInitAnsiString NtDll::RtlInitAnsiString = (NtDll::FPTR_RtlInitAnsiString)GetProcAddress(hNtDll, "RtlInitAnsiString");
|
#define IMPORT(API) \
|
||||||
NtDll::FPTR_RtlInitUnicodeString NtDll::RtlInitUnicodeString = (NtDll::FPTR_RtlInitUnicodeString)GetProcAddress(hNtDll, "RtlInitUnicodeString");
|
NtDll::FPTR_##API NtDll::API = (NtDll::FPTR_##API)GetProcAddress(hNtDll, #API)
|
||||||
NtDll::FPTR_RtlAnsiStringToUnicodeString NtDll::RtlAnsiStringToUnicodeString = (NtDll::FPTR_RtlAnsiStringToUnicodeString)GetProcAddress(hNtDll, "RtlAnsiStringToUnicodeString");
|
|
||||||
NtDll::FPTR_RtlAppendStringToString NtDll::RtlAppendStringToString = (NtDll::FPTR_RtlAppendStringToString)GetProcAddress(hNtDll, "RtlAppendStringToString");
|
IMPORT(RtlInitAnsiString);
|
||||||
NtDll::FPTR_RtlUnicodeStringToAnsiString NtDll::RtlUnicodeStringToAnsiString = (NtDll::FPTR_RtlUnicodeStringToAnsiString)GetProcAddress(hNtDll, "RtlUnicodeStringToAnsiString");
|
IMPORT(RtlInitUnicodeString);
|
||||||
NtDll::FPTR_RtlFreeAnsiString NtDll::RtlFreeAnsiString = (NtDll::FPTR_RtlFreeAnsiString)GetProcAddress(hNtDll, "RtlFreeAnsiString");
|
IMPORT(RtlAnsiStringToUnicodeString);
|
||||||
NtDll::FPTR_RtlNtStatusToDosError NtDll::RtlNtStatusToDosError = (NtDll::FPTR_RtlNtStatusToDosError)GetProcAddress(hNtDll, "RtlNtStatusToDosError");
|
IMPORT(RtlAppendStringToString);
|
||||||
NtDll::FPTR_RtlTimeFieldsToTime NtDll::RtlTimeFieldsToTime = (NtDll::FPTR_RtlTimeFieldsToTime)GetProcAddress(hNtDll, "RtlTimeFieldsToTime");
|
IMPORT(RtlAppendUnicodeStringToString);
|
||||||
NtDll::FPTR_RtlTimeToTimeFields NtDll::RtlTimeToTimeFields = (NtDll::FPTR_RtlTimeToTimeFields)GetProcAddress(hNtDll, "RtlTimeToTimeFields");
|
IMPORT(RtlUnicodeStringToAnsiString);
|
||||||
NtDll::FPTR_RtlTryEnterCriticalSection NtDll::RtlTryEnterCriticalSection = (NtDll::FPTR_RtlTryEnterCriticalSection)GetProcAddress(hNtDll, "RtlTryEnterCriticalSection");
|
IMPORT(RtlFreeAnsiString);
|
||||||
NtDll::FPTR_RtlInitializeCriticalSection NtDll::RtlInitializeCriticalSection = (NtDll::FPTR_RtlInitializeCriticalSection)GetProcAddress(hNtDll, "RtlInitializeCriticalSection");
|
IMPORT(RtlNtStatusToDosError);
|
||||||
NtDll::FPTR_RtlEnterCriticalSection NtDll::RtlEnterCriticalSection = (NtDll::FPTR_RtlEnterCriticalSection)GetProcAddress(hNtDll, "RtlEnterCriticalSection");
|
IMPORT(RtlTimeFieldsToTime);
|
||||||
NtDll::FPTR_RtlLeaveCriticalSection NtDll::RtlLeaveCriticalSection = (NtDll::FPTR_RtlLeaveCriticalSection)GetProcAddress(hNtDll, "RtlLeaveCriticalSection");
|
IMPORT(RtlTimeToTimeFields);
|
||||||
NtDll::FPTR_RtlCreateHeap NtDll::RtlCreateHeap = (NtDll::FPTR_RtlCreateHeap)GetProcAddress(hNtDll, "RtlCreateHeap");
|
IMPORT(RtlTryEnterCriticalSection);
|
||||||
NtDll::FPTR_RtlAllocateHeap NtDll::RtlAllocateHeap = (NtDll::FPTR_RtlAllocateHeap)GetProcAddress(hNtDll, "RtlAllocateHeap");
|
IMPORT(RtlInitializeCriticalSection);
|
||||||
NtDll::FPTR_RtlFreeHeap NtDll::RtlFreeHeap = (NtDll::FPTR_RtlFreeHeap)GetProcAddress(hNtDll, "RtlFreeHeap");
|
IMPORT(RtlEnterCriticalSection);
|
||||||
NtDll::FPTR_RtlReAllocateHeap NtDll::RtlReAllocateHeap = (NtDll::FPTR_RtlReAllocateHeap)GetProcAddress(hNtDll, "RtlReAllocateHeap");
|
IMPORT(RtlLeaveCriticalSection);
|
||||||
NtDll::FPTR_RtlSizeHeap NtDll::RtlSizeHeap = (NtDll::FPTR_RtlSizeHeap)GetProcAddress(hNtDll, "RtlSizeHeap");
|
IMPORT(RtlCreateHeap);
|
||||||
NtDll::FPTR_RtlDestroyHeap NtDll::RtlDestroyHeap = (NtDll::FPTR_RtlDestroyHeap)GetProcAddress(hNtDll, "RtlDestroyHeap");
|
IMPORT(RtlAllocateHeap);
|
||||||
NtDll::FPTR_RtlEqualString NtDll::RtlEqualString = (NtDll::FPTR_RtlEqualString)GetProcAddress(hNtDll, "RtlEqualString");
|
IMPORT(RtlFreeHeap);
|
||||||
NtDll::FPTR_NtWaitForSingleObject NtDll::NtWaitForSingleObject = (NtDll::FPTR_NtWaitForSingleObject)GetProcAddress(hNtDll, "NtWaitForSingleObject");
|
IMPORT(RtlReAllocateHeap);
|
||||||
NtDll::FPTR_NtWaitForMultipleObjects NtDll::NtWaitForMultipleObjects = (NtDll::FPTR_NtWaitForMultipleObjects)GetProcAddress(hNtDll, "NtWaitForMultipleObjects");
|
IMPORT(RtlSizeHeap);
|
||||||
NtDll::FPTR_NtAllocateVirtualMemory NtDll::NtAllocateVirtualMemory = (NtDll::FPTR_NtAllocateVirtualMemory)GetProcAddress(hNtDll, "NtAllocateVirtualMemory");
|
IMPORT(RtlDestroyHeap);
|
||||||
NtDll::FPTR_NtFreeVirtualMemory NtDll::NtFreeVirtualMemory = (NtDll::FPTR_NtFreeVirtualMemory)GetProcAddress(hNtDll, "NtFreeVirtualMemory");
|
IMPORT(RtlEqualString);
|
||||||
NtDll::FPTR_NtQueryVirtualMemory NtDll::NtQueryVirtualMemory = (NtDll::FPTR_NtQueryVirtualMemory)GetProcAddress(hNtDll, "NtQueryVirtualMemory");
|
IMPORT(NtWaitForSingleObject);
|
||||||
NtDll::FPTR_NtClearEvent NtDll::NtClearEvent = (NtDll::FPTR_NtClearEvent)GetProcAddress(hNtDll, "NtClearEvent");
|
IMPORT(NtWaitForMultipleObjects);
|
||||||
NtDll::FPTR_NtClose NtDll::NtClose = (NtDll::FPTR_NtClose)GetProcAddress(hNtDll, "NtClose");
|
IMPORT(NtAllocateVirtualMemory);
|
||||||
NtDll::FPTR_NtDelayExecution NtDll::NtDelayExecution = (NtDll::FPTR_NtDelayExecution)GetProcAddress(hNtDll, "NtDelayExecution");
|
IMPORT(NtFreeVirtualMemory);
|
||||||
NtDll::FPTR_NtDuplicateObject NtDll::NtDuplicateObject = (NtDll::FPTR_NtDuplicateObject)GetProcAddress(hNtDll, "NtDuplicateObject");
|
IMPORT(NtQueryVirtualMemory);
|
||||||
NtDll::FPTR_NtFlushBuffersFile NtDll::NtFlushBuffersFile = (NtDll::FPTR_NtFlushBuffersFile)GetProcAddress(hNtDll, "NtFlushBuffersFile");
|
IMPORT(NtClearEvent);
|
||||||
NtDll::FPTR_NtQueryInformationFile NtDll::NtQueryInformationFile = (NtDll::FPTR_NtQueryInformationFile)GetProcAddress(hNtDll, "NtQueryInformationFile");
|
IMPORT(NtClose);
|
||||||
NtDll::FPTR_NtQueryDirectoryFile NtDll::NtQueryDirectoryFile = (NtDll::FPTR_NtQueryDirectoryFile)GetProcAddress(hNtDll, "NtQueryDirectoryFile");
|
IMPORT(NtDelayExecution);
|
||||||
NtDll::FPTR_NtQueryFullAttributesFile NtDll::NtQueryFullAttributesFile = (NtDll::FPTR_NtQueryFullAttributesFile)GetProcAddress(hNtDll, "NtQueryFullAttributesFile");
|
IMPORT(NtDuplicateObject);
|
||||||
NtDll::FPTR_NtQueryVolumeInformationFile NtDll::NtQueryVolumeInformationFile = (NtDll::FPTR_NtQueryVolumeInformationFile)GetProcAddress(hNtDll, "NtQueryVolumeInformationFile");
|
IMPORT(NtFlushBuffersFile);
|
||||||
NtDll::FPTR_NtCreateEvent NtDll::NtCreateEvent = (NtDll::FPTR_NtCreateEvent)GetProcAddress(hNtDll, "NtCreateEvent");
|
IMPORT(NtQueryInformationFile);
|
||||||
NtDll::FPTR_NtCreateMutant NtDll::NtCreateMutant = (NtDll::FPTR_NtCreateMutant)GetProcAddress(hNtDll, "NtCreateMutant");
|
IMPORT(NtQueryDirectoryFile);
|
||||||
NtDll::FPTR_NtReleaseMutant NtDll::NtReleaseMutant = (NtDll::FPTR_NtReleaseMutant)GetProcAddress(hNtDll, "NtReleaseMutant");
|
IMPORT(NtQueryFullAttributesFile);
|
||||||
NtDll::FPTR_NtCreateSemaphore NtDll::NtCreateSemaphore = (NtDll::FPTR_NtCreateSemaphore)GetProcAddress(hNtDll, "NtCreateSemaphore");
|
IMPORT(NtQueryVolumeInformationFile);
|
||||||
NtDll::FPTR_NtReleaseSemaphore NtDll::NtReleaseSemaphore = (NtDll::FPTR_NtReleaseSemaphore)GetProcAddress(hNtDll, "NtReleaseSemaphore");
|
IMPORT(NtCreateEvent);
|
||||||
NtDll::FPTR_NtCreateDirectoryObject NtDll::NtCreateDirectoryObject = (NtDll::FPTR_NtCreateDirectoryObject)GetProcAddress(hNtDll, "NtCreateDirectoryObject");
|
IMPORT(NtCreateMutant);
|
||||||
NtDll::FPTR_NtCreateFile NtDll::NtCreateFile = (NtDll::FPTR_NtCreateFile)GetProcAddress(hNtDll, "NtCreateFile");
|
IMPORT(NtReleaseMutant);
|
||||||
NtDll::FPTR_NtReadFile NtDll::NtReadFile = (NtDll::FPTR_NtReadFile)GetProcAddress(hNtDll, "NtReadFile");
|
IMPORT(NtCreateSemaphore);
|
||||||
NtDll::FPTR_NtWriteFile NtDll::NtWriteFile = (NtDll::FPTR_NtWriteFile)GetProcAddress(hNtDll, "NtWriteFile");
|
IMPORT(NtReleaseSemaphore);
|
||||||
NtDll::FPTR_NtYieldExecution NtDll::NtYieldExecution = (NtDll::FPTR_NtYieldExecution)GetProcAddress(hNtDll, "NtYieldExecution");
|
IMPORT(NtCreateDirectoryObject);
|
||||||
NtDll::FPTR_NtSetInformationFile NtDll::NtSetInformationFile = (NtDll::FPTR_NtSetInformationFile)GetProcAddress(hNtDll, "NtSetInformationFile");
|
IMPORT(NtCreateFile);
|
||||||
NtDll::FPTR_NtSetEvent NtDll::NtSetEvent = (NtDll::FPTR_NtSetEvent)GetProcAddress(hNtDll, "NtSetEvent");
|
IMPORT(NtReadFile);
|
||||||
NtDll::FPTR_NtSuspendThread NtDll::NtSuspendThread = (NtDll::FPTR_NtSuspendThread)GetProcAddress(hNtDll, "NtSuspendThread");
|
IMPORT(NtWriteFile);
|
||||||
NtDll::FPTR_NtResumeThread NtDll::NtResumeThread = (NtDll::FPTR_NtResumeThread)GetProcAddress(hNtDll, "NtResumeThread");
|
IMPORT(NtYieldExecution);
|
||||||
NtDll::FPTR_NtSetLdtEntries NtDll::NtSetLdtEntries = (NtDll::FPTR_NtSetLdtEntries)GetProcAddress(hNtDll, "NtSetLdtEntries");
|
IMPORT(NtSetInformationFile);
|
||||||
NtDll::FPTR_NtQueueApcThread NtDll::NtQueueApcThread = (NtDll::FPTR_NtQueueApcThread)GetProcAddress(hNtDll, "NtQueueApcThread");
|
IMPORT(NtSetEvent);
|
||||||
|
IMPORT(NtSuspendThread);
|
||||||
|
IMPORT(NtResumeThread);
|
||||||
|
IMPORT(NtSetLdtEntries);
|
||||||
|
IMPORT(NtQueueApcThread);
|
||||||
|
|
|
||||||
|
|
@ -704,6 +704,15 @@ typedef NTSTATUS(NTAPI *FPTR_RtlAppendStringToString)
|
||||||
IN PSTRING Source
|
IN PSTRING Source
|
||||||
);
|
);
|
||||||
|
|
||||||
|
// ******************************************************************
|
||||||
|
// * RtlAppendUnicodeStringToString
|
||||||
|
// ******************************************************************
|
||||||
|
typedef NTSTATUS(NTAPI *FPTR_RtlAppendUnicodeStringToString)
|
||||||
|
(
|
||||||
|
IN OUT PUNICODE_STRING Destination,
|
||||||
|
IN PUNICODE_STRING Source
|
||||||
|
);
|
||||||
|
|
||||||
// ******************************************************************
|
// ******************************************************************
|
||||||
// * RtlUnicodeStringToAnsiString
|
// * RtlUnicodeStringToAnsiString
|
||||||
// ******************************************************************
|
// ******************************************************************
|
||||||
|
|
@ -1143,56 +1152,60 @@ typedef PVOID (NTAPI *FPTR_RtlDestroyHeap)
|
||||||
// ******************************************************************
|
// ******************************************************************
|
||||||
// * Exported API
|
// * Exported API
|
||||||
// ******************************************************************
|
// ******************************************************************
|
||||||
extern FPTR_RtlInitAnsiString RtlInitAnsiString;
|
#define EXTERN(API) \
|
||||||
extern FPTR_RtlInitUnicodeString RtlInitUnicodeString;
|
extern FPTR_##API API
|
||||||
extern FPTR_RtlAnsiStringToUnicodeString RtlAnsiStringToUnicodeString;
|
|
||||||
extern FPTR_RtlAppendStringToString RtlAppendStringToString;
|
EXTERN(RtlInitAnsiString);
|
||||||
extern FPTR_RtlUnicodeStringToAnsiString RtlUnicodeStringToAnsiString;
|
EXTERN(RtlInitUnicodeString);
|
||||||
extern FPTR_RtlFreeAnsiString RtlFreeAnsiString;
|
EXTERN(RtlAnsiStringToUnicodeString);
|
||||||
extern FPTR_RtlNtStatusToDosError RtlNtStatusToDosError;
|
EXTERN(RtlAppendStringToString);
|
||||||
extern FPTR_RtlTimeFieldsToTime RtlTimeFieldsToTime;
|
EXTERN(RtlAppendUnicodeStringToString);
|
||||||
extern FPTR_RtlTimeToTimeFields RtlTimeToTimeFields;
|
EXTERN(RtlUnicodeStringToAnsiString);
|
||||||
extern FPTR_RtlTryEnterCriticalSection RtlTryEnterCriticalSection;
|
EXTERN(RtlFreeAnsiString);
|
||||||
extern FPTR_RtlInitializeCriticalSection RtlInitializeCriticalSection;
|
EXTERN(RtlNtStatusToDosError);
|
||||||
extern FPTR_RtlEnterCriticalSection RtlEnterCriticalSection;
|
EXTERN(RtlTimeFieldsToTime);
|
||||||
extern FPTR_RtlLeaveCriticalSection RtlLeaveCriticalSection;
|
EXTERN(RtlTimeToTimeFields);
|
||||||
extern FPTR_NtWaitForSingleObject NtWaitForSingleObject;
|
EXTERN(RtlTryEnterCriticalSection);
|
||||||
extern FPTR_NtWaitForMultipleObjects NtWaitForMultipleObjects;
|
EXTERN(RtlInitializeCriticalSection);
|
||||||
extern FPTR_RtlCreateHeap RtlCreateHeap;
|
EXTERN(RtlEnterCriticalSection);
|
||||||
extern FPTR_RtlAllocateHeap RtlAllocateHeap;
|
EXTERN(RtlLeaveCriticalSection);
|
||||||
extern FPTR_RtlFreeHeap RtlFreeHeap;
|
EXTERN(NtWaitForSingleObject);
|
||||||
extern FPTR_RtlReAllocateHeap RtlReAllocateHeap;
|
EXTERN(NtWaitForMultipleObjects);
|
||||||
extern FPTR_RtlSizeHeap RtlSizeHeap;
|
EXTERN(RtlCreateHeap);
|
||||||
extern FPTR_RtlDestroyHeap RtlDestroyHeap;
|
EXTERN(RtlAllocateHeap);
|
||||||
extern FPTR_RtlEqualString RtlEqualString;
|
EXTERN(RtlFreeHeap);
|
||||||
extern FPTR_NtAllocateVirtualMemory NtAllocateVirtualMemory;
|
EXTERN(RtlReAllocateHeap);
|
||||||
extern FPTR_NtFreeVirtualMemory NtFreeVirtualMemory;
|
EXTERN(RtlSizeHeap);
|
||||||
extern FPTR_NtQueryVirtualMemory NtQueryVirtualMemory;
|
EXTERN(RtlDestroyHeap);
|
||||||
extern FPTR_NtClearEvent NtClearEvent;
|
EXTERN(RtlEqualString);
|
||||||
extern FPTR_NtClose NtClose;
|
EXTERN(NtAllocateVirtualMemory);
|
||||||
extern FPTR_NtDelayExecution NtDelayExecution;
|
EXTERN(NtFreeVirtualMemory);
|
||||||
extern FPTR_NtDuplicateObject NtDuplicateObject;
|
EXTERN(NtQueryVirtualMemory);
|
||||||
extern FPTR_NtFlushBuffersFile NtFlushBuffersFile;
|
EXTERN(NtClearEvent);
|
||||||
extern FPTR_NtQueryInformationFile NtQueryInformationFile;
|
EXTERN(NtClose);
|
||||||
extern FPTR_NtQueryDirectoryFile NtQueryDirectoryFile;
|
EXTERN(NtDelayExecution);
|
||||||
extern FPTR_NtQueryFullAttributesFile NtQueryFullAttributesFile;
|
EXTERN(NtDuplicateObject);
|
||||||
extern FPTR_NtQueryVolumeInformationFile NtQueryVolumeInformationFile;
|
EXTERN(NtFlushBuffersFile);
|
||||||
extern FPTR_NtCreateEvent NtCreateEvent;
|
EXTERN(NtQueryInformationFile);
|
||||||
extern FPTR_NtCreateMutant NtCreateMutant;
|
EXTERN(NtQueryDirectoryFile);
|
||||||
extern FPTR_NtReleaseMutant NtReleaseMutant;
|
EXTERN(NtQueryFullAttributesFile);
|
||||||
extern FPTR_NtCreateSemaphore NtCreateSemaphore;
|
EXTERN(NtQueryVolumeInformationFile);
|
||||||
extern FPTR_NtReleaseSemaphore NtReleaseSemaphore;
|
EXTERN(NtCreateEvent);
|
||||||
extern FPTR_NtCreateDirectoryObject NtCreateDirectoryObject;
|
EXTERN(NtCreateMutant);
|
||||||
extern FPTR_NtCreateFile NtCreateFile;
|
EXTERN(NtReleaseMutant);
|
||||||
extern FPTR_NtReadFile NtReadFile;
|
EXTERN(NtCreateSemaphore);
|
||||||
extern FPTR_NtWriteFile NtWriteFile;
|
EXTERN(NtReleaseSemaphore);
|
||||||
extern FPTR_NtYieldExecution NtYieldExecution;
|
EXTERN(NtCreateDirectoryObject);
|
||||||
extern FPTR_NtSetInformationFile NtSetInformationFile;
|
EXTERN(NtCreateFile);
|
||||||
extern FPTR_NtSetEvent NtSetEvent;
|
EXTERN(NtReadFile);
|
||||||
extern FPTR_NtSuspendThread NtSuspendThread;
|
EXTERN(NtWriteFile);
|
||||||
extern FPTR_NtResumeThread NtResumeThread;
|
EXTERN(NtYieldExecution);
|
||||||
extern FPTR_NtSetLdtEntries NtSetLdtEntries;
|
EXTERN(NtSetInformationFile);
|
||||||
extern FPTR_NtQueueApcThread NtQueueApcThread;
|
EXTERN(NtSetEvent);
|
||||||
|
EXTERN(NtSuspendThread);
|
||||||
|
EXTERN(NtResumeThread);
|
||||||
|
EXTERN(NtSetLdtEntries);
|
||||||
|
EXTERN(NtQueueApcThread);
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
#if defined(__cplusplus)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue