static void Main(string[] args)
{
FunctionCodeGenerator CreateFileW = new FunctionCodeGenerator("Kernel32.dll", "CreateFileW", new HandleParameter());
CreateFileW.AddParameter(new WstringParameter()
{
ParameterName = "lpFileName", Direction = ParameterDirection.in_param
});
CreateFileW.AddParameter(new UintParameter()
{
ParameterName = "dwDesiredAccess"
});
CreateFileW.AddParameter(new UintParameter()
{
ParameterName = "dwShareMode"
});
CreateFileW.AddParameter(new NullParameter()
{
ParameterName = "lpSecurityAttributes"
});
CreateFileW.AddParameter(new UintParameter()
{
ParameterName = "dwCreationDisposition"
});
CreateFileW.AddParameter(new UintParameter()
{
ParameterName = "dwFlagsAndAttributes"
});
CreateFileW.AddParameter(new HandleParameter()
{
ParameterName = "hTemplateFile"
});
FunctionCodeGenerator OutputDebugStringW = new FunctionCodeGenerator("Kernel32.dll", "OutputDebugStringW", null);
OutputDebugStringW.AddParameter(new WstringParameter()
{
ParameterName = "lpOutputString", Direction = ParameterDirection.in_param
});
FunctionCodeGenerator OutputDebugStringA = new FunctionCodeGenerator("Kernel32.dll", "OutputDebugStringA", null);
OutputDebugStringA.AddParameter(new StringParameter()
{
ParameterName = "lpOutputString", Direction = ParameterDirection.in_param
});
var NtQuerySystemInformation_buffer_param = new UserBufferParameter()
{
ParameterName = "SystemInformation", BufferSizeName = "SystemInformationLength", Direction = ParameterDirection.out_param
};
NtQuerySystemInformation_buffer_param.RelocationCodeGenerator = RelocateNtQuerySystemInformation;
FunctionCodeGenerator NtQuerySystemInformation = new FunctionCodeGenerator("ntdll.dll", "NtQuerySystemInformation", new UintParameter());
NtQuerySystemInformation.AddParameter(new UintParameter()
{
ParameterName = "SystemInformationClass"
});
NtQuerySystemInformation.AddParameter(NtQuerySystemInformation_buffer_param);
NtQuerySystemInformation.AddParameter(new UintPtrParameter()
{
ParameterName = "ReturnLength", Direction = ParameterDirection.out_param
});
FunctionCodeGenerator GetProcessId = new FunctionCodeGenerator("Kernel32.dll", "GetProcessId", new UintParameter());
GetProcessId.AddParameter(new HandleParameter()
{
ParameterName = "Process"
});
FunctionCodeGenerator OpenProcess = new FunctionCodeGenerator("Kernel32.dll", "OpenProcess", new HandleParameter());
OpenProcess.AddParameter(new UintParameter()
{
ParameterName = "dwDesiredAccess"
});
OpenProcess.AddParameter(new BoolParameter()
{
ParameterName = "bInheritHandle"
});
OpenProcess.AddParameter(new UintParameter()
{
ParameterName = "dwProcessId"
});
FunctionCodeGenerator OpenProcessToken = new FunctionCodeGenerator("Advapi32.dll", "OpenProcessToken", new BoolParameter());
OpenProcessToken.AddParameter(new HandleParameter()
{
ParameterName = "ProcessHandle"
});
OpenProcessToken.AddParameter(new UintParameter()
{
ParameterName = "DesiredAccess"
});
OpenProcessToken.AddParameter(new HandlePtrParameter()
{
ParameterName = "TokenHandle", Direction = ParameterDirection.out_param
});
FunctionCodeGenerator NtQueryInformationProcess = new FunctionCodeGenerator("ntdll.dll", "NtQueryInformationProcess", new UintParameter());
NtQueryInformationProcess.AddParameter(new HandleParameter()
{
ParameterName = "ProcessHandle"
});
NtQueryInformationProcess.AddParameter(new UintParameter()
{
ParameterName = "PROCESSINFOCLASS"
});
NtQueryInformationProcess.AddParameter(new UserBufferParameter()
{
ParameterName = "ProcessInformation", BufferSizeName = "ProcessInformationLength", Direction = ParameterDirection.out_param
});
NtQueryInformationProcess.AddParameter(new UintPtrParameter()
{
ParameterName = "ReturnLength", Direction = ParameterDirection.out_param
});
FunctionCodeGenerator ReadProcessMemory = new FunctionCodeGenerator("Kernel32.dll", "ReadProcessMemory", new UintParameter());
ReadProcessMemory.AddParameter(new HandleParameter()
{
ParameterName = "hProcess"
});
ReadProcessMemory.AddParameter(new VoidPtrParameter()
{
ParameterName = "lpBaseAddress"
});
ReadProcessMemory.AddParameter(new UserBufferParameter()
{
ParameterName = "lpBuffer", BufferSizeName = "nSize", Direction = ParameterDirection.out_param
});
ReadProcessMemory.AddParameter(new SizeTPtrParameter()
{
ParameterName = "lpNumberOfBytesRead", Direction = ParameterDirection.out_param
});
FunctionCodeGenerator FileTimeToLocalFileTime = new FunctionCodeGenerator("Kernel32.dll", "FileTimeToLocalFileTime", new BoolParameter());
FileTimeToLocalFileTime.AddParameter(new FileTimePtrParameter()
{
ParameterName = "lpFileTime", Direction = ParameterDirection.in_param
});
FileTimeToLocalFileTime.AddParameter(new FileTimePtrParameter()
{
ParameterName = "lpLocalFileTime", Direction = ParameterDirection.out_param
});
FunctionCodeGenerator FileTimeToSystemTime = new FunctionCodeGenerator("Kernel32.dll", "FileTimeToSystemTime", new BoolParameter());
FileTimeToSystemTime.AddParameter(new FileTimePtrParameter()
{
ParameterName = "lpFileTime", Direction = ParameterDirection.in_param
});
FileTimeToSystemTime.AddParameter(new FileTimePtrParameter()
{
ParameterName = "lpSystemTime", Direction = ParameterDirection.out_param
});
FunctionCodeGenerator RtlAdjustPrivilege = new FunctionCodeGenerator("ntdll.dll", "RtlAdjustPrivilege", new UintParameter());
RtlAdjustPrivilege.AddParameter(new UintParameter()
{
ParameterName = "Privilege"
});
RtlAdjustPrivilege.AddParameter(new BoolParameter()
{
ParameterName = "Enable"
});
RtlAdjustPrivilege.AddParameter(new BoolParameter()
{
ParameterName = "CurrentThread"
});
RtlAdjustPrivilege.AddParameter(new BoolPtrParameter()
{
ParameterName = "Enabled", Direction = ParameterDirection.out_param
});
//FunctionCodeGenerator RtlEqualUnicodeString = new FunctionCodeGenerator("ntdll.dll", "RtlEqualUnicodeString", new BoolParameter());
//RtlEqualUnicodeString.AddParameter(new PUNICODE_STRING() {ParameterName = "String1", Direction = ParameterDirection.in_param });
//RtlEqualUnicodeString.AddParameter(new PUNICODE_STRING() {ParameterName = "String2", Direction = ParameterDirection.in_param });
//RtlEqualUnicodeString.AddParameter(new BoolParameter() {ParameterName = "CaseInSensitive" });
FunctionCodeGenerator GetLastError = new FunctionCodeGenerator("Kernel32.dll", "GetLastError", new UintParameter());
CodeGenerator code = new CodeGenerator();
string target = (args.Length > 0) ? args[0] : string.Empty;
var functions = new[]
{
CreateFileW, OutputDebugStringW, OutputDebugStringA, GetLastError,
NtQuerySystemInformation, OpenProcess, GetProcessId, OpenProcessToken, NtQueryInformationProcess, ReadProcessMemory, RtlAdjustPrivilege
};
code.GenerateHomeCode(System.IO.Path.Combine(target, "MalproxyClient", "autogenerated.home.cpp"), functions);
code.GenerateFieldCode(System.IO.Path.Combine(target, "MalproxyServer", "autogenerated.field.cpp"), functions);
}
static void Main(string[] args)
{
FunctionCodeGenerator CreateFileW = new FunctionCodeGenerator("Kernel32.dll", "CreateFileW", new HandleParameter());
CreateFileW.AddParameter(new WstringParameter()
{
ParameterName = "lpFileName", Direction = ParameterDirection.in_param
});
CreateFileW.AddParameter(new UintParameter()
{
ParameterName = "dwDesiredAccess"
});
CreateFileW.AddParameter(new UintParameter()
{
ParameterName = "dwShareMode"
});
CreateFileW.AddParameter(new NullParameter()
{
ParameterName = "lpSecurityAttributes"
});
CreateFileW.AddParameter(new UintParameter()
{
ParameterName = "dwCreationDisposition"
});
CreateFileW.AddParameter(new UintParameter()
{
ParameterName = "dwFlagsAndAttributes"
});
CreateFileW.AddParameter(new HandleParameter()
{
ParameterName = "hTemplateFile"
});
FunctionCodeGenerator OutputDebugStringW = new FunctionCodeGenerator("Kernel32.dll", "OutputDebugStringW", null);
OutputDebugStringW.AddParameter(new WstringParameter()
{
ParameterName = "lpOutputString", Direction = ParameterDirection.in_param
});
FunctionCodeGenerator OutputDebugStringA = new FunctionCodeGenerator("Kernel32.dll", "OutputDebugStringA", null);
OutputDebugStringA.AddParameter(new StringParameter()
{
ParameterName = "lpOutputString", Direction = ParameterDirection.in_param
});
FunctionCodeGenerator NtQuerySystemInformation = new FunctionCodeGenerator("ntdll.dll", "NtQuerySystemInformation", new UintParameter());
NtQuerySystemInformation.AddParameter(new UintParameter()
{
ParameterName = "SystemInformationClass"
});
NtQuerySystemInformation.AddParameter(new UserBufferParameter()
{
ParameterName = "SystemInformation", BufferSizeName = "SystemInformationLength", Direction = ParameterDirection.out_param
});
NtQuerySystemInformation.AddParameter(new UintPtrParameter()
{
ParameterName = "ReturnLength", Direction = ParameterDirection.out_param
});
FunctionCodeGenerator OpenProcess = new FunctionCodeGenerator("Kernel32.dll", "OpenProcess", new HandleParameter());
OpenProcess.AddParameter(new UintParameter()
{
ParameterName = "dwDesiredAccess"
});
OpenProcess.AddParameter(new BoolParameter()
{
ParameterName = "bInheritHandle"
});
OpenProcess.AddParameter(new UintParameter()
{
ParameterName = "dwProcessId"
});
CodeGenerator code = new CodeGenerator();
string target = (args.Length > 0) ? args[0] : string.Empty;
var functions = new[]
{
CreateFileW, OutputDebugStringW, OutputDebugStringA,
NtQuerySystemInformation, OpenProcess
};
code.GenerateHomeCode(System.IO.Path.Combine(target, "MalproxyClient", "autogenerated.home.cpp"), functions);
code.GenerateFieldCode(System.IO.Path.Combine(target, "MalproxyServer", "autogenerated.field.cpp"), functions);
}
