370 lines
11 KiB
C
370 lines
11 KiB
C
|
|
|||
|
|
|||
|
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ר<EFBFBD>ŵ<EFBFBD><C5B5><EFBFBD>Advapi32.dll<6C>е<EFBFBD>ϵͳAPI
|
|||
|
class Advapi32 :BaseInclude
|
|||
|
{
|
|||
|
#define Advapi32_EXTEND_H win.advapi32
|
|||
|
#define Advapi32_DEF(x) if (!Advapi32Base)GetAdvapi32();if (!g_##x##)Init_##x##();
|
|||
|
public:
|
|||
|
HMODULE Advapi32Base = 0;//Shell32.dll<6C><6C>ģ<EFBFBD><C4A3><EFBFBD><EFBFBD>ַ
|
|||
|
|
|||
|
public:
|
|||
|
typedef LSTATUS(WINAPI* fnRegCreateKeyExA)(
|
|||
|
_In_ HKEY hKey,
|
|||
|
_In_ LPCSTR lpSubKey,
|
|||
|
_Reserved_ DWORD Reserved,
|
|||
|
_In_opt_ LPSTR lpClass,
|
|||
|
_In_ DWORD dwOptions,
|
|||
|
_In_ REGSAM samDesired,
|
|||
|
_In_opt_ CONST LPSECURITY_ATTRIBUTES lpSecurityAttributes,
|
|||
|
_Out_ PHKEY phkResult,
|
|||
|
_Out_opt_ LPDWORD lpdwDisposition
|
|||
|
);
|
|||
|
fnRegCreateKeyExA g_RegCreateKeyExA = 0;
|
|||
|
|
|||
|
|
|||
|
typedef LSTATUS(WINAPI* fnRegSetValueExA)(
|
|||
|
_In_ HKEY hKey,
|
|||
|
_In_opt_ LPCSTR lpValueName,
|
|||
|
_Reserved_ DWORD Reserved,
|
|||
|
_In_ DWORD dwType,
|
|||
|
_In_reads_bytes_opt_(cbData) CONST BYTE * lpData,
|
|||
|
_In_ DWORD cbData
|
|||
|
);
|
|||
|
fnRegSetValueExA g_RegSetValueExA = 0;
|
|||
|
|
|||
|
typedef LSTATUS(WINAPI* fnRegCloseKey)(
|
|||
|
_In_ HKEY hKey
|
|||
|
);
|
|||
|
fnRegCloseKey g_RegCloseKey = 0;
|
|||
|
|
|||
|
|
|||
|
typedef LSTATUS(WINAPI* fnRegOpenKeyExA)(
|
|||
|
_In_ HKEY hKey,
|
|||
|
_In_opt_ LPCSTR lpSubKey,
|
|||
|
_In_opt_ DWORD ulOptions,
|
|||
|
_In_ REGSAM samDesired,
|
|||
|
_Out_ PHKEY phkResult
|
|||
|
);
|
|||
|
fnRegOpenKeyExA g_RegOpenKeyExA = 0;
|
|||
|
|
|||
|
|
|||
|
typedef LSTATUS(WINAPI* fnRegEnumKeyExA)(
|
|||
|
_In_ HKEY hKey,
|
|||
|
_In_ DWORD dwIndex,
|
|||
|
_Out_writes_to_opt_(*lpcchName, *lpcchName + 1) LPSTR lpName,
|
|||
|
_Inout_ LPDWORD lpcchName,
|
|||
|
_Reserved_ LPDWORD lpReserved,
|
|||
|
_Out_writes_to_opt_(*lpcchClass, *lpcchClass + 1) LPSTR lpClass,
|
|||
|
_Inout_opt_ LPDWORD lpcchClass,
|
|||
|
_Out_opt_ PFILETIME lpftLastWriteTime
|
|||
|
);
|
|||
|
fnRegEnumKeyExA g_RegEnumKeyExA = 0;
|
|||
|
|
|||
|
typedef BOOL(WINAPI* fnLookupAccountNameA)(
|
|||
|
_In_opt_ LPCTSTR lpSystemName,
|
|||
|
_In_ LPCTSTR lpAccountName,
|
|||
|
_Out_opt_ PSID Sid,
|
|||
|
_Inout_ LPDWORD cbSid,
|
|||
|
_Out_opt_ LPTSTR ReferencedDomainName,
|
|||
|
_Inout_ LPDWORD cchReferencedDomainName,
|
|||
|
_Out_ PSID_NAME_USE peUse
|
|||
|
);
|
|||
|
fnLookupAccountNameA g_LookupAccountNameA = 0;
|
|||
|
|
|||
|
typedef BOOL(WINAPI* fnGetFileSecurityA)(
|
|||
|
_In_ LPCSTR lpFileName,
|
|||
|
_In_ SECURITY_INFORMATION RequestedInformation,
|
|||
|
_Out_writes_bytes_to_opt_(nLength, *lpnLengthNeeded) PSECURITY_DESCRIPTOR pSecurityDescriptor,
|
|||
|
_In_ DWORD nLength,
|
|||
|
_Out_ LPDWORD lpnLengthNeeded
|
|||
|
);
|
|||
|
fnGetFileSecurityA g_GetFileSecurityA = 0;
|
|||
|
|
|||
|
typedef BOOL(WINAPI* fnGetSecurityDescriptorDacl)(
|
|||
|
_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor,
|
|||
|
_Out_ LPBOOL lpbDaclPresent,
|
|||
|
_Outptr_ PACL * pDacl,
|
|||
|
_Out_ LPBOOL lpbDaclDefaulted
|
|||
|
);
|
|||
|
fnGetSecurityDescriptorDacl g_GetSecurityDescriptorDacl = 0;
|
|||
|
|
|||
|
typedef BOOL(WINAPI* fnGetAclInformation)(
|
|||
|
_In_ PACL pAcl,
|
|||
|
_Out_writes_bytes_(nAclInformationLength) LPVOID pAclInformation,
|
|||
|
_In_ DWORD nAclInformationLength,
|
|||
|
_In_ ACL_INFORMATION_CLASS dwAclInformationClass
|
|||
|
);
|
|||
|
fnGetAclInformation g_GetAclInformation = 0;
|
|||
|
|
|||
|
typedef BOOL(WINAPI* fnGetAce)(
|
|||
|
_In_ PACL pAcl,
|
|||
|
_In_ DWORD dwAceIndex,
|
|||
|
_Outptr_ LPVOID * pAce
|
|||
|
);
|
|||
|
fnGetAce g_GetAce = 0;
|
|||
|
|
|||
|
typedef BOOL(WINAPI* fnEqualSid)(
|
|||
|
_In_ PSID pSid1,
|
|||
|
_In_ PSID pSid2
|
|||
|
);
|
|||
|
fnEqualSid g_EqualSid = 0;
|
|||
|
|
|||
|
typedef BOOL(WINAPI* fnGetUserNameA)(
|
|||
|
_Out_writes_to_opt_(*pcbBuffer, *pcbBuffer) LPSTR lpBuffer,
|
|||
|
_Inout_ LPDWORD pcbBuffer
|
|||
|
);
|
|||
|
fnGetUserNameA g_GetUserNameA = 0;
|
|||
|
|
|||
|
|
|||
|
public:
|
|||
|
Advapi32()
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
void GetAdvapi32()//<2F><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ԥ<EFBFBD><D4A4><EFBFBD>õĺ<C3B5><C4BA><EFBFBD><EFBFBD><EFBFBD>ƫ<EFBFBD>ƣ<EFBFBD><C6A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ShellExecuteA<65><41><EFBFBD><EFBFBD>
|
|||
|
{
|
|||
|
char Advapi32[] = { 'A', 'd', 'v', 'a', 'p', 'i', '3', '2', '.', 'd', 'l', 'l', '\0' };
|
|||
|
Advapi32Base = fLoadLibraryA(Advapi32);
|
|||
|
}
|
|||
|
|
|||
|
//APIѰַ<D1B0><D6B7><EFBFBD><EFBFBD>
|
|||
|
public:
|
|||
|
|
|||
|
void __stdcall Init_RegCreateKeyExA()
|
|||
|
{
|
|||
|
char szRegCreateKeyExA[16] = { 'R', 'e', 'g', 'C', 'r', 'e', 'a', 't', 'e', 'K', 'e', 'y', 'E', 'x', 'A', 0 };
|
|||
|
g_RegCreateKeyExA = (fnRegCreateKeyExA)fGetProcAddress(Advapi32Base, szRegCreateKeyExA);
|
|||
|
}
|
|||
|
LSTATUS
|
|||
|
APIENTRY
|
|||
|
RegCreateKeyExA(
|
|||
|
_In_ HKEY hKey,
|
|||
|
_In_ LPCSTR lpSubKey,
|
|||
|
_Reserved_ DWORD Reserved,
|
|||
|
_In_opt_ LPSTR lpClass,
|
|||
|
_In_ DWORD dwOptions,
|
|||
|
_In_ REGSAM samDesired,
|
|||
|
_In_opt_ CONST LPSECURITY_ATTRIBUTES lpSecurityAttributes,
|
|||
|
_Out_ PHKEY phkResult,
|
|||
|
_Out_opt_ LPDWORD lpdwDisposition
|
|||
|
)
|
|||
|
{
|
|||
|
Advapi32_DEF(RegCreateKeyExA);
|
|||
|
return g_RegCreateKeyExA(hKey, lpSubKey, Reserved, lpClass, dwOptions, samDesired, lpSecurityAttributes, phkResult, lpdwDisposition);
|
|||
|
}
|
|||
|
|
|||
|
void __stdcall Init_RegSetValueExA()
|
|||
|
{
|
|||
|
char szRegSetValueExA[15] = { 'R', 'e', 'g', 'S', 'e', 't', 'V', 'a', 'l', 'u', 'e', 'E', 'x', 'A', 0 };
|
|||
|
g_RegSetValueExA = (fnRegSetValueExA)fGetProcAddress(Advapi32Base, szRegSetValueExA);
|
|||
|
}
|
|||
|
LSTATUS
|
|||
|
APIENTRY
|
|||
|
RegSetValueExA(
|
|||
|
_In_ HKEY hKey,
|
|||
|
_In_opt_ LPCSTR lpValueName,
|
|||
|
_Reserved_ DWORD Reserved,
|
|||
|
_In_ DWORD dwType,
|
|||
|
_In_reads_bytes_opt_(cbData) CONST BYTE * lpData,
|
|||
|
_In_ DWORD cbData
|
|||
|
)
|
|||
|
{
|
|||
|
Advapi32_DEF(RegSetValueExA);
|
|||
|
return g_RegSetValueExA(hKey, lpValueName, Reserved, dwType, lpData, cbData);
|
|||
|
}
|
|||
|
|
|||
|
void __stdcall Init_RegCloseKey()
|
|||
|
{
|
|||
|
char szRegCloseKey[12] = { 'R', 'e', 'g', 'C', 'l', 'o', 's', 'e', 'K', 'e', 'y', 0 };
|
|||
|
g_RegCloseKey = (fnRegCloseKey)fGetProcAddress(Advapi32Base, szRegCloseKey);
|
|||
|
}
|
|||
|
LSTATUS
|
|||
|
APIENTRY
|
|||
|
RegCloseKey(
|
|||
|
_In_ HKEY hKey
|
|||
|
)
|
|||
|
{
|
|||
|
Advapi32_DEF(RegCloseKey);
|
|||
|
return g_RegCloseKey(hKey);
|
|||
|
}
|
|||
|
|
|||
|
void __stdcall Init_RegOpenKeyExA()
|
|||
|
{
|
|||
|
char szRegOpenKeyExA[14] = { 'R', 'e', 'g', 'O', 'p', 'e', 'n', 'K', 'e', 'y', 'E', 'x', 'A', 0 };
|
|||
|
g_RegOpenKeyExA = (fnRegOpenKeyExA)fGetProcAddress(Advapi32Base, szRegOpenKeyExA);
|
|||
|
}
|
|||
|
LSTATUS
|
|||
|
APIENTRY
|
|||
|
RegOpenKeyExA(
|
|||
|
_In_ HKEY hKey,
|
|||
|
_In_opt_ LPCSTR lpSubKey,
|
|||
|
_In_opt_ DWORD ulOptions,
|
|||
|
_In_ REGSAM samDesired,
|
|||
|
_Out_ PHKEY phkResult
|
|||
|
)
|
|||
|
{
|
|||
|
Advapi32_DEF(RegOpenKeyExA);
|
|||
|
return g_RegOpenKeyExA(hKey, lpSubKey, ulOptions, samDesired, phkResult);
|
|||
|
}
|
|||
|
|
|||
|
void __stdcall Init_RegEnumKeyExA()
|
|||
|
{
|
|||
|
char szRegEnumKeyExA[14] = { 'R', 'e', 'g', 'E', 'n', 'u', 'm', 'K', 'e', 'y', 'E', 'x', 'A', 0 };
|
|||
|
g_RegEnumKeyExA = (fnRegEnumKeyExA)fGetProcAddress(Advapi32Base, szRegEnumKeyExA);
|
|||
|
}
|
|||
|
LSTATUS
|
|||
|
APIENTRY
|
|||
|
RegEnumKeyExA(
|
|||
|
_In_ HKEY hKey,
|
|||
|
_In_ DWORD dwIndex,
|
|||
|
_Out_writes_to_opt_(*lpcchName, *lpcchName + 1) LPSTR lpName,
|
|||
|
_Inout_ LPDWORD lpcchName,
|
|||
|
_Reserved_ LPDWORD lpReserved,
|
|||
|
_Out_writes_to_opt_(*lpcchClass, *lpcchClass + 1) LPSTR lpClass,
|
|||
|
_Inout_opt_ LPDWORD lpcchClass,
|
|||
|
_Out_opt_ PFILETIME lpftLastWriteTime
|
|||
|
)
|
|||
|
{
|
|||
|
Advapi32_DEF(RegEnumKeyExA);
|
|||
|
return g_RegEnumKeyExA(hKey, dwIndex, lpName, lpcchName, lpReserved, lpClass, lpcchClass, lpftLastWriteTime);
|
|||
|
}
|
|||
|
|
|||
|
void __stdcall Init_LookupAccountNameA()
|
|||
|
{
|
|||
|
char szLookupAccountNameA[19] = { 'L', 'o', 'o', 'k', 'u', 'p', 'A', 'c', 'c', 'o', 'u', 'n', 't', 'N', 'a', 'm', 'e','A', 0 };
|
|||
|
g_LookupAccountNameA = (fnLookupAccountNameA)fGetProcAddress(Advapi32Base, szLookupAccountNameA);
|
|||
|
}
|
|||
|
BOOL
|
|||
|
WINAPI
|
|||
|
LookupAccountNameA(
|
|||
|
_In_opt_ LPCTSTR lpSystemName,
|
|||
|
_In_ LPCTSTR lpAccountName,
|
|||
|
_Out_opt_ PSID Sid,
|
|||
|
_Inout_ LPDWORD cbSid,
|
|||
|
_Out_opt_ LPTSTR ReferencedDomainName,
|
|||
|
_Inout_ LPDWORD cchReferencedDomainName,
|
|||
|
_Out_ PSID_NAME_USE peUse
|
|||
|
)
|
|||
|
{
|
|||
|
Advapi32_DEF(LookupAccountNameA);
|
|||
|
return g_LookupAccountNameA(lpSystemName, lpAccountName, Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse);
|
|||
|
}
|
|||
|
|
|||
|
void __stdcall Init_GetFileSecurityA()
|
|||
|
{
|
|||
|
char szGetFileSecurityA[18] = { 'G', 'e', 't', 'F', 'i', 'l', 'e', 'S', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'A', 0 };
|
|||
|
g_GetFileSecurityA = (fnGetFileSecurityA)fGetProcAddress(Advapi32Base, szGetFileSecurityA);
|
|||
|
}
|
|||
|
BOOL
|
|||
|
WINAPI
|
|||
|
GetFileSecurityA(
|
|||
|
_In_ LPCSTR lpFileName,
|
|||
|
_In_ SECURITY_INFORMATION RequestedInformation,
|
|||
|
_Out_writes_bytes_to_opt_(nLength, *lpnLengthNeeded) PSECURITY_DESCRIPTOR pSecurityDescriptor,
|
|||
|
_In_ DWORD nLength,
|
|||
|
_Out_ LPDWORD lpnLengthNeeded
|
|||
|
)
|
|||
|
{
|
|||
|
Advapi32_DEF(GetFileSecurityA);
|
|||
|
return g_GetFileSecurityA(lpFileName, RequestedInformation, pSecurityDescriptor, nLength, lpnLengthNeeded);
|
|||
|
}
|
|||
|
|
|||
|
void __stdcall Init_GetSecurityDescriptorDacl()
|
|||
|
{
|
|||
|
char szGetSecurityDescriptorDacl[26] = { 'G', 'e', 't', 'S', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'D', 'a', 'c', 'l', 0 };
|
|||
|
g_GetSecurityDescriptorDacl = (fnGetSecurityDescriptorDacl)fGetProcAddress(Advapi32Base, szGetSecurityDescriptorDacl);
|
|||
|
}
|
|||
|
BOOL
|
|||
|
WINAPI
|
|||
|
GetSecurityDescriptorDacl(
|
|||
|
_In_ PSECURITY_DESCRIPTOR pSecurityDescriptor,
|
|||
|
_Out_ LPBOOL lpbDaclPresent,
|
|||
|
_Outptr_ PACL * pDacl,
|
|||
|
_Out_ LPBOOL lpbDaclDefaulted
|
|||
|
)
|
|||
|
{
|
|||
|
Advapi32_DEF(GetSecurityDescriptorDacl);
|
|||
|
return g_GetSecurityDescriptorDacl(pSecurityDescriptor, lpbDaclPresent, pDacl, lpbDaclDefaulted);
|
|||
|
}
|
|||
|
|
|||
|
void __stdcall Init_GetAclInformation()
|
|||
|
{
|
|||
|
char szGetAclInformation[18] = { 'G', 'e', 't', 'A', 'c', 'l', 'I', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', 0 };
|
|||
|
g_GetAclInformation = (fnGetAclInformation)fGetProcAddress(Advapi32Base, szGetAclInformation);
|
|||
|
}
|
|||
|
BOOL
|
|||
|
WINAPI
|
|||
|
GetAclInformation(
|
|||
|
_In_ PACL pAcl,
|
|||
|
_Out_writes_bytes_(nAclInformationLength) LPVOID pAclInformation,
|
|||
|
_In_ DWORD nAclInformationLength,
|
|||
|
_In_ ACL_INFORMATION_CLASS dwAclInformationClass
|
|||
|
)
|
|||
|
{
|
|||
|
Advapi32_DEF(GetAclInformation);
|
|||
|
return g_GetAclInformation(pAcl, pAclInformation, nAclInformationLength, dwAclInformationClass);
|
|||
|
}
|
|||
|
|
|||
|
void __stdcall Init_GetAce()
|
|||
|
{
|
|||
|
char szGetAce[7] = { 'G', 'e', 't', 'A', 'c', 'e', 0 };
|
|||
|
g_GetAce = (fnGetAce)fGetProcAddress(Advapi32Base, szGetAce);
|
|||
|
}
|
|||
|
BOOL
|
|||
|
WINAPI
|
|||
|
GetAce(
|
|||
|
_In_ PACL pAcl,
|
|||
|
_In_ DWORD dwAceIndex,
|
|||
|
_Outptr_ LPVOID * pAce
|
|||
|
)
|
|||
|
{
|
|||
|
Advapi32_DEF(GetAce);
|
|||
|
return g_GetAce(pAcl, dwAceIndex, pAce);
|
|||
|
}
|
|||
|
|
|||
|
void __stdcall Init_EqualSid()
|
|||
|
{
|
|||
|
char szEqualSid[9] = { 'E', 'q', 'u', 'a', 'l', 'S', 'i', 'd', 0 };
|
|||
|
g_EqualSid = (fnEqualSid)fGetProcAddress(Advapi32Base, szEqualSid);
|
|||
|
}
|
|||
|
BOOL
|
|||
|
WINAPI
|
|||
|
EqualSid(
|
|||
|
_In_ PSID pSid1,
|
|||
|
_In_ PSID pSid2
|
|||
|
)
|
|||
|
{
|
|||
|
Advapi32_DEF(EqualSid);
|
|||
|
return g_EqualSid(pSid1, pSid2);
|
|||
|
}
|
|||
|
|
|||
|
void __stdcall Init_GetUserNameA()
|
|||
|
{
|
|||
|
char szGetUserNameA[14] = { 'G', 'e', 't', 'U', 's', 'e', 'r', 'N', 'a', 'm', 'e', 'A', 0 };
|
|||
|
g_GetUserNameA = (fnGetUserNameA)fGetProcAddress(Advapi32Base, szGetUserNameA);
|
|||
|
}
|
|||
|
BOOL
|
|||
|
WINAPI
|
|||
|
GetUserNameA(
|
|||
|
_Out_writes_to_opt_(*pcbBuffer, *pcbBuffer) LPSTR lpBuffer,
|
|||
|
_Inout_ LPDWORD pcbBuffer
|
|||
|
)
|
|||
|
{
|
|||
|
Advapi32_DEF(GetUserNameA);
|
|||
|
return g_GetUserNameA(lpBuffer, pcbBuffer);
|
|||
|
}
|
|||
|
|
|||
|
#define GetUserNameA Advapi32_EXTEND_H.GetUserNameA
|
|||
|
#define EqualSid Advapi32_EXTEND_H.EqualSid
|
|||
|
#define GetAce Advapi32_EXTEND_H.GetAce
|
|||
|
#define GetAclInformation Advapi32_EXTEND_H.GetAclInformation
|
|||
|
#define GetSecurityDescriptorDacl Advapi32_EXTEND_H.GetSecurityDescriptorDacl
|
|||
|
#define GetFileSecurityA Advapi32_EXTEND_H.GetFileSecurityA
|
|||
|
#define LookupAccountNameA Advapi32_EXTEND_H.LookupAccountNameA
|
|||
|
#define RegEnumKeyExA Advapi32_EXTEND_H.RegEnumKeyExA
|
|||
|
#define RegOpenKeyExA Advapi32_EXTEND_H.RegOpenKeyExA
|
|||
|
#define RegCloseKey Advapi32_EXTEND_H.RegCloseKey
|
|||
|
#define RegSetValueExA Advapi32_EXTEND_H.RegSetValueExA
|
|||
|
#define RegCreateKeyExA Advapi32_EXTEND_H.RegCreateKeyExA
|
|||
|
};
|