static void Main(string[] args) { FunctionCodeGenerator CreateFileW = new FunctionCodeGenerator("Kernel32.dll", "CreateFileW", new HandleParameter()); CreateFileW.AddParameter(new WstringParameter() { ParameterName = "lpFileName", Direction = ParameterDirection.in_param }); CreateFileW.AddParameter(new UintParameter() { ParameterName = "dwDesiredAccess" }); CreateFileW.AddParameter(new UintParameter() { ParameterName = "dwShareMode" }); CreateFileW.AddParameter(new NullParameter() { ParameterName = "lpSecurityAttributes" }); CreateFileW.AddParameter(new UintParameter() { ParameterName = "dwCreationDisposition" }); CreateFileW.AddParameter(new UintParameter() { ParameterName = "dwFlagsAndAttributes" }); CreateFileW.AddParameter(new HandleParameter() { ParameterName = "hTemplateFile" }); FunctionCodeGenerator OutputDebugStringW = new FunctionCodeGenerator("Kernel32.dll", "OutputDebugStringW", null); OutputDebugStringW.AddParameter(new WstringParameter() { ParameterName = "lpOutputString", Direction = ParameterDirection.in_param }); FunctionCodeGenerator OutputDebugStringA = new FunctionCodeGenerator("Kernel32.dll", "OutputDebugStringA", null); OutputDebugStringA.AddParameter(new StringParameter() { ParameterName = "lpOutputString", Direction = ParameterDirection.in_param }); var NtQuerySystemInformation_buffer_param = new UserBufferParameter() { ParameterName = "SystemInformation", BufferSizeName = "SystemInformationLength", Direction = ParameterDirection.out_param }; NtQuerySystemInformation_buffer_param.RelocationCodeGenerator = RelocateNtQuerySystemInformation; FunctionCodeGenerator NtQuerySystemInformation = new FunctionCodeGenerator("ntdll.dll", "NtQuerySystemInformation", new UintParameter()); NtQuerySystemInformation.AddParameter(new UintParameter() { ParameterName = "SystemInformationClass" }); NtQuerySystemInformation.AddParameter(NtQuerySystemInformation_buffer_param); NtQuerySystemInformation.AddParameter(new UintPtrParameter() { ParameterName = "ReturnLength", Direction = ParameterDirection.out_param }); FunctionCodeGenerator GetProcessId = new FunctionCodeGenerator("Kernel32.dll", "GetProcessId", new UintParameter()); GetProcessId.AddParameter(new HandleParameter() { ParameterName = "Process" }); FunctionCodeGenerator OpenProcess = new FunctionCodeGenerator("Kernel32.dll", "OpenProcess", new HandleParameter()); OpenProcess.AddParameter(new UintParameter() { ParameterName = "dwDesiredAccess" }); OpenProcess.AddParameter(new BoolParameter() { ParameterName = "bInheritHandle" }); OpenProcess.AddParameter(new UintParameter() { ParameterName = "dwProcessId" }); FunctionCodeGenerator OpenProcessToken = new FunctionCodeGenerator("Advapi32.dll", "OpenProcessToken", new BoolParameter()); OpenProcessToken.AddParameter(new HandleParameter() { ParameterName = "ProcessHandle" }); OpenProcessToken.AddParameter(new UintParameter() { ParameterName = "DesiredAccess" }); OpenProcessToken.AddParameter(new HandlePtrParameter() { ParameterName = "TokenHandle", Direction = ParameterDirection.out_param }); FunctionCodeGenerator NtQueryInformationProcess = new FunctionCodeGenerator("ntdll.dll", "NtQueryInformationProcess", new UintParameter()); NtQueryInformationProcess.AddParameter(new HandleParameter() { ParameterName = "ProcessHandle" }); NtQueryInformationProcess.AddParameter(new UintParameter() { ParameterName = "PROCESSINFOCLASS" }); NtQueryInformationProcess.AddParameter(new UserBufferParameter() { ParameterName = "ProcessInformation", BufferSizeName = "ProcessInformationLength", Direction = ParameterDirection.out_param }); NtQueryInformationProcess.AddParameter(new UintPtrParameter() { ParameterName = "ReturnLength", Direction = ParameterDirection.out_param }); FunctionCodeGenerator ReadProcessMemory = new FunctionCodeGenerator("Kernel32.dll", "ReadProcessMemory", new UintParameter()); ReadProcessMemory.AddParameter(new HandleParameter() { ParameterName = "hProcess" }); ReadProcessMemory.AddParameter(new VoidPtrParameter() { ParameterName = "lpBaseAddress" }); ReadProcessMemory.AddParameter(new UserBufferParameter() { ParameterName = "lpBuffer", BufferSizeName = "nSize", Direction = ParameterDirection.out_param }); ReadProcessMemory.AddParameter(new SizeTPtrParameter() { ParameterName = "lpNumberOfBytesRead", Direction = ParameterDirection.out_param }); FunctionCodeGenerator FileTimeToLocalFileTime = new FunctionCodeGenerator("Kernel32.dll", "FileTimeToLocalFileTime", new BoolParameter()); FileTimeToLocalFileTime.AddParameter(new FileTimePtrParameter() { ParameterName = "lpFileTime", Direction = ParameterDirection.in_param }); FileTimeToLocalFileTime.AddParameter(new FileTimePtrParameter() { ParameterName = "lpLocalFileTime", Direction = ParameterDirection.out_param }); FunctionCodeGenerator FileTimeToSystemTime = new FunctionCodeGenerator("Kernel32.dll", "FileTimeToSystemTime", new BoolParameter()); FileTimeToSystemTime.AddParameter(new FileTimePtrParameter() { ParameterName = "lpFileTime", Direction = ParameterDirection.in_param }); FileTimeToSystemTime.AddParameter(new FileTimePtrParameter() { ParameterName = "lpSystemTime", Direction = ParameterDirection.out_param }); FunctionCodeGenerator RtlAdjustPrivilege = new FunctionCodeGenerator("ntdll.dll", "RtlAdjustPrivilege", new UintParameter()); RtlAdjustPrivilege.AddParameter(new UintParameter() { ParameterName = "Privilege" }); RtlAdjustPrivilege.AddParameter(new BoolParameter() { ParameterName = "Enable" }); RtlAdjustPrivilege.AddParameter(new BoolParameter() { ParameterName = "CurrentThread" }); RtlAdjustPrivilege.AddParameter(new BoolPtrParameter() { ParameterName = "Enabled", Direction = ParameterDirection.out_param }); //FunctionCodeGenerator RtlEqualUnicodeString = new FunctionCodeGenerator("ntdll.dll", "RtlEqualUnicodeString", new BoolParameter()); //RtlEqualUnicodeString.AddParameter(new PUNICODE_STRING() {ParameterName = "String1", Direction = ParameterDirection.in_param }); //RtlEqualUnicodeString.AddParameter(new PUNICODE_STRING() {ParameterName = "String2", Direction = ParameterDirection.in_param }); //RtlEqualUnicodeString.AddParameter(new BoolParameter() {ParameterName = "CaseInSensitive" }); FunctionCodeGenerator GetLastError = new FunctionCodeGenerator("Kernel32.dll", "GetLastError", new UintParameter()); CodeGenerator code = new CodeGenerator(); string target = (args.Length > 0) ? args[0] : string.Empty; var functions = new[] { CreateFileW, OutputDebugStringW, OutputDebugStringA, GetLastError, NtQuerySystemInformation, OpenProcess, GetProcessId, OpenProcessToken, NtQueryInformationProcess, ReadProcessMemory, RtlAdjustPrivilege }; code.GenerateHomeCode(System.IO.Path.Combine(target, "MalproxyClient", "autogenerated.home.cpp"), functions); code.GenerateFieldCode(System.IO.Path.Combine(target, "MalproxyServer", "autogenerated.field.cpp"), functions); }
static void Main(string[] args) { FunctionCodeGenerator CreateFileW = new FunctionCodeGenerator("Kernel32.dll", "CreateFileW", new HandleParameter()); CreateFileW.AddParameter(new WstringParameter() { ParameterName = "lpFileName", Direction = ParameterDirection.in_param }); CreateFileW.AddParameter(new UintParameter() { ParameterName = "dwDesiredAccess" }); CreateFileW.AddParameter(new UintParameter() { ParameterName = "dwShareMode" }); CreateFileW.AddParameter(new NullParameter() { ParameterName = "lpSecurityAttributes" }); CreateFileW.AddParameter(new UintParameter() { ParameterName = "dwCreationDisposition" }); CreateFileW.AddParameter(new UintParameter() { ParameterName = "dwFlagsAndAttributes" }); CreateFileW.AddParameter(new HandleParameter() { ParameterName = "hTemplateFile" }); FunctionCodeGenerator OutputDebugStringW = new FunctionCodeGenerator("Kernel32.dll", "OutputDebugStringW", null); OutputDebugStringW.AddParameter(new WstringParameter() { ParameterName = "lpOutputString", Direction = ParameterDirection.in_param }); FunctionCodeGenerator OutputDebugStringA = new FunctionCodeGenerator("Kernel32.dll", "OutputDebugStringA", null); OutputDebugStringA.AddParameter(new StringParameter() { ParameterName = "lpOutputString", Direction = ParameterDirection.in_param }); FunctionCodeGenerator NtQuerySystemInformation = new FunctionCodeGenerator("ntdll.dll", "NtQuerySystemInformation", new UintParameter()); NtQuerySystemInformation.AddParameter(new UintParameter() { ParameterName = "SystemInformationClass" }); NtQuerySystemInformation.AddParameter(new UserBufferParameter() { ParameterName = "SystemInformation", BufferSizeName = "SystemInformationLength", Direction = ParameterDirection.out_param }); NtQuerySystemInformation.AddParameter(new UintPtrParameter() { ParameterName = "ReturnLength", Direction = ParameterDirection.out_param }); FunctionCodeGenerator OpenProcess = new FunctionCodeGenerator("Kernel32.dll", "OpenProcess", new HandleParameter()); OpenProcess.AddParameter(new UintParameter() { ParameterName = "dwDesiredAccess" }); OpenProcess.AddParameter(new BoolParameter() { ParameterName = "bInheritHandle" }); OpenProcess.AddParameter(new UintParameter() { ParameterName = "dwProcessId" }); CodeGenerator code = new CodeGenerator(); string target = (args.Length > 0) ? args[0] : string.Empty; var functions = new[] { CreateFileW, OutputDebugStringW, OutputDebugStringA, NtQuerySystemInformation, OpenProcess }; code.GenerateHomeCode(System.IO.Path.Combine(target, "MalproxyClient", "autogenerated.home.cpp"), functions); code.GenerateFieldCode(System.IO.Path.Combine(target, "MalproxyServer", "autogenerated.field.cpp"), functions); }