Página inicial Explorar Ajuda
Entrar
zhensolid
/
OperatorsKit
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: b6c61186d6
Branches Tags
OperatorsKit
/
KIT
/
BlindEventlog
/
blindeventlog.h

blindeventlog.h 4.2 KB
Histórico Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. #include <windows.h>  
    2. 

  2. 

  3. #define ENABLE 1
    4. 

  4. #define DISABLE 0
    5. 

  5. 

  6. typedef enum _SC_SERVICE_TAG_QUERY_TYPE {
    7. 

  7. 	ServiceNameFromTagInformation = 1,
    8. 

  8. 	ServiceNameReferencingModuleInformation,
    9. 

  9. 	ServiceNameTagMappingInformation,
    10. 

  10. } SC_SERVICE_TAG_QUERY_TYPE, *PSC_SERVICE_TAG_QUERY_TYPE;
    11. 

  11. 

  12. typedef struct _SC_SERVICE_TAG_QUERY {
    13. 

  13. 	ULONG   processId;
    14. 

  14. 	ULONG   serviceTag;
    15. 

  15. 	ULONG   reserved;
    16. 

  16. 	PVOID   pBuffer;
    17. 

  17. } SC_SERVICE_TAG_QUERY, *PSC_SERVICE_TAG_QUERY;
    18. 

  18. 

  19. typedef struct _CLIENT_ID {
    20. 

  20. 	DWORD       uniqueProcess;
    21. 

  21. 	DWORD       uniqueThread;
    22. 

  22. 

  23. } CLIENT_ID, *PCLIENT_ID;
    24. 

  24. 

  25. typedef struct _THREAD_BASIC_INFORMATION {
    26. 

  26. 	NTSTATUS    exitStatus;
    27. 

  27. 	PVOID       pTebBaseAddress;
    28. 

  28. 	CLIENT_ID   clientId;
    29. 

  29. 	KAFFINITY   AffinityMask;
    30. 

  30. 	int			Priority;
    31. 

  31. 	int			BasePriority;
    32. 

  32. 	int			v;
    33. 

  33. 

  34. } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
    35. 

  35. 

  36. 

  37. //SetPrivilege
    38. 

  38. DECLSPEC_IMPORT BOOL WINAPI Advapi32$OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle);
    39. 

  39. DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$GetCurrentProcess();
    40. 

  40. DECLSPEC_IMPORT BOOL WINAPI Advapi32$LookupPrivilegeValueA(LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid);
    41. 

  41. DECLSPEC_IMPORT BOOL WINAPI Advapi32$AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength);
    42. 

  42. DECLSPEC_IMPORT DWORD WINAPI KERNEL32$GetLastError(void);
    43. 

  43. 

  44. 

  45. //Eventlog
    46. 

  46. typedef ULONG (WINAPI * I_QueryTagInformation_t)(PVOID, SC_SERVICE_TAG_QUERY_TYPE, PSC_SERVICE_TAG_QUERY);
    47. 

  47. typedef NTSTATUS (WINAPI * NtQueryInformationThread_t)(HANDLE, THREAD_INFORMATION_CLASS, PVOID, ULONG, PULONG);
    48. 

  48. DECLSPEC_IMPORT SC_HANDLE WINAPI Advapi32$OpenSCManagerA(LPCSTR lpMachineName, LPCSTR lpDatabaseName, DWORD dwDesiredAccess);
    49. 

  49. DECLSPEC_IMPORT SC_HANDLE WINAPI Advapi32$OpenServiceA(SC_HANDLE hSCManager, LPCSTR lpServiceName, DWORD dwDesiredAccess);
    50. 

  50. DECLSPEC_IMPORT BOOL WINAPI Advapi32$QueryServiceStatusEx(SC_HANDLE hService, SC_STATUS_TYPE dwInfoLevel, LPBYTE lpBuffer, DWORD cbBufSize, LPDWORD pcbBytesNeeded);
    51. 

  51. DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId);
    52. 

  52. DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$CreateToolhelp32Snapshot(DWORD, DWORD th32ProcessID);
    53. 

  53. DECLSPEC_IMPORT BOOL WINAPI KERNEL32$Thread32First(HANDLE hSnapshot, LPTHREADENTRY32 lpte);
    54. 

  54. DECLSPEC_IMPORT BOOL WINAPI KERNEL32$CloseHandle (HANDLE hObject);
    55. 

  55. DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$Thread32Next(HANDLE, LPTHREADENTRY32);
    56. 

  56. DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$OpenThread(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwThreadId);
    57. 

  57. DECLSPEC_IMPORT BOOL WINAPI KERNEL32$ReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
    58. 

  58. DECLSPEC_IMPORT BOOL WINAPI KERNEL32$IsWow64Process(HANDLE hProcess, PBOOL Wow64Process);
    59. 

  59. DECLSPEC_IMPORT DWORD WINAPI KERNEL32$SuspendThread(HANDLE hThread);
    60. 

  60. DECLSPEC_IMPORT DWORD WINAPI KERNEL32$ResumeThread(HANDLE hThread);
    61. 

  61. WINBASEAPI int __cdecl MSVCRT$_wcsicmp(const wchar_t *str1, const wchar_t *str2);
    62. 

  62. WINBASEAPI int __cdecl MSVCRT$strcmp(const char *str1, const char *str2);
    63. 

  63. WINBASEAPI int __cdecl MSVCRT$printf(const char * _Format,...);
    64. 

  64. 

  65. 

  66. //BeaconPrintToStreamW + BeaconOutputStreamW
    67. 

  67. #define MAX_STRING 8192
    68. 

  68. INT g_iGarbage = 1;
    69. 

  69. LPSTREAM g_lpStream = (LPSTREAM)1;
    70. 

  70. LPWSTR g_lpwPrintBuffer = (LPWSTR)1;
    71. 

  71. DECLSPEC_IMPORT HRESULT WINAPI OLE32$CreateStreamOnHGlobal(HGLOBAL hGlobal, BOOL fDeleteOnRelease, LPSTREAM *ppstm);
    72. 

  72. WINBASEAPI void *__cdecl MSVCRT$calloc(size_t number, size_t size);
    73. 

  73. WINBASEAPI int __cdecl MSVCRT$_vsnwprintf_s(wchar_t *buffer, size_t sizeOfBuffer, size_t count, const wchar_t *format, va_list argptr);
    74. 

  74. WINBASEAPI size_t __cdecl MSVCRT$wcslen(const wchar_t *_Str);
    75. 

  75. WINBASEAPI void __cdecl MSVCRT$memset(void *dest, int c, size_t count);
    76. 

  76. WINBASEAPI HANDLE WINAPI KERNEL32$GetProcessHeap();
    77. 

  77. WINBASEAPI LPVOID WINAPI KERNEL32$HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes);
    78. 

  78. WINBASEAPI void __cdecl MSVCRT$free(void *memblock);
    79. 

  79. WINBASEAPI BOOL WINAPI KERNEL32$HeapFree(HANDLE, DWORD, PVOID);
    80. 

  80. DECLSPEC_IMPORT int WINAPI KERNEL32$MultiByteToWideChar(UINT CodePage, DWORD dwFlags, _In_NLS_string_(cbMultiByte)LPCCH lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar);
    81. 

  81. 

  82. 

  83.