-
Notifications
You must be signed in to change notification settings - Fork 57
Expand file tree
/
Copy pathrun.h
More file actions
50 lines (41 loc) · 1.41 KB
/
run.h
File metadata and controls
50 lines (41 loc) · 1.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#include <windows.h>
#include "function-resolution.h"
// Parameter struct for passing to the run function.
typedef struct Params
{
LPVOID pBaseAddress;
LPVOID pMessageBox;
DWORD dwSleepTime;
} PARAMS;
// Message box function pointer.
typedef int (*fpMessageBoxA)(
HWND hWnd,
LPCSTR lpText,
LPCSTR lpCaption,
UINT uType
);
// VirtualProtect function pointer.
typedef BOOL (*fpVirtualProtect)(
LPVOID lpAddress,
SIZE_T dwSize,
DWORD flNewProtect,
PDWORD lpflOldProtect
);
// Sleep function pointer.
typedef void (*fpSleep)(
DWORD dwMilliseconds
);
// djb2 hashes for dynamic function resolution.
#define VirtualProtect_HASH 0xc25aaa07
#define KERNEL32DLL_HASH1 0xa709e74f /// Hash of KERNEL32.DLL
#define KERNEL32DLL_HASH2 0xa96f406f /// Hash of kernel32.dll
#define KERNEL32DLL_HASH3 0x8b03944f /// Hash of Kernel32.dll
#define Sleep_HASH 0xa8d9dd38
// XOR a buffer with a single byte key.
VOID XORSingle( CHAR szInput[], SIZE_T nLength, BYTE cKey );
// Round a value to the nearest multiple. For rounding to the nearest 4k page.
ULONGLONG RoundUp( ULONGLONG numToRound, ULONGLONG multiple);
// XOR encrypt a section.
BOOL EncryptSection( LPVOID pSectionAddress, DWORD dwSectionLen, DWORD dwProtection, fpVirtualProtect _VirtualProtect );
// XOR decrypt a section.
BOOL DecryptSection( LPVOID pSectionAddress, DWORD dwSectionLen, DWORD dwProtection, fpVirtualProtect _VirtualProtect );