Add a bunch of endpoints

syscallex/advapi32_windows.go

@@ -57,6 +57,9 @@ var (
 	procSetFileSecurityW          = modadvapi32.NewProc("SetFileSecurityW")
 	procAccessCheck               = modadvapi32.NewProc("AccessCheck")
 	procMapGenericMask            = modadvapi32.NewProc("MapGenericMask")
+
+	procLookupPrivilegeValueW = modadvapi32.NewProc("LookupPrivilegeValueW")
+	procAdjustTokenPrivileges        = modadvapi32.NewProc("AdjustTokenPrivileges")
 )
 
 func CreateProcessWithLogon(
@@ -667,3 +670,65 @@ func MapGenericMask(
 		0,
 	)
 }
+
+func LookupPrivilegeValue(systemname *uint16, name *uint16, luid *LUID) (err error) {
+	r1, _, e1 := syscall.Syscall(
+		procLookupPrivilegeValueW.Addr(),
+		3,
+		uintptr(unsafe.Pointer(systemname)),
+		uintptr(unsafe.Pointer(name)),
+		uintptr(unsafe.Pointer(luid)),
+	)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = e1
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func AdjustTokenPrivileges(token syscall.Token, disableAllPrivileges bool, newstate *TOKEN_PRIVILEGES, buflen uint32, prevstate *TOKEN_PRIVILEGES, returnlen *uint32) (ret uint32, err error) {
+	var _p0 uint32
+	if disableAllPrivileges {
+		_p0 = 1
+	} else {
+		_p0 = 0
+	}
+	r0, _, e1 := syscall.Syscall6(procAdjustTokenPrivileges.Addr(), 6, uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(newstate)), uintptr(buflen), uintptr(unsafe.Pointer(prevstate)), uintptr(unsafe.Pointer(returnlen)))
+	ret = uint32(r0)
+	if true {
+		if e1 != 0 {
+			err = e1
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+
+type LUID struct {
+	LowPart  uint32
+	HighPart int32
+}
+
+type LUID_AND_ATTRIBUTES struct {
+	Luid       LUID
+	Attributes uint32
+}
+
+type TOKEN_PRIVILEGES struct {
+	PrivilegeCount uint32
+	Privileges     [1]LUID_AND_ATTRIBUTES
+}
+
+const (
+	TOKEN_ADJUST_PRIVILEGES = 0x0020
+	SE_PRIVILEGE_ENABLED    = 0x00000002
+)
+
+var (
+	SE_DEBUG_NAME = syscall.StringToUTF16Ptr("SeAuditPrivilege")
+)

syscallex/kernel32_windows.go

 package syscallex
 
 import (
+	"runtime"
 	"syscall"
 	"unsafe"
 
 	"golang.org/x/sys/windows"
 )
 
+var (
+	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
+
+	procCreateJobObject           = modkernel32.NewProc("CreateJobObjectW")
+	procSetInformationJobObject   = modkernel32.NewProc("SetInformationJobObject")
+	procQueryInformationJobObject = modkernel32.NewProc("QueryInformationJobObject")
+	procAssignProcessToJobObject  = modkernel32.NewProc("AssignProcessToJobObject")
+
+	procGetCurrentThread    = modkernel32.NewProc("GetCurrentThread")
+	procOpenThreadToken     = modkernel32.NewProc("OpenThreadToken")
+	procGetDiskFreeSpaceExW = modkernel32.NewProc("GetDiskFreeSpaceExW")
+
+	procOpenThread    = modkernel32.NewProc("OpenThread")
+	procSuspendThread = modkernel32.NewProc("SuspendThread")
+	procResumeThread  = modkernel32.NewProc("ResumeThread")
+	procThread32First = modkernel32.NewProc("Thread32First")
+	procThread32Next  = modkernel32.NewProc("Thread32Next")
+
+	procCreateToolhelp32Snapshot = modkernel32.NewProc("CreateToolhelp32Snapshot")
+	procProcess32FirstW          = modkernel32.NewProc("Process32FirstW")
+	procProcess32NextW           = modkernel32.NewProc("Process32NextW")
+
+	procQueryFullProcessImageNameW = modkernel32.NewProc("QueryFullProcessImageNameW")
+
+	procVirtualAllocEx     = modkernel32.NewProc("VirtualAllocEx")
+	procWriteProcessMemory = modkernel32.NewProc("WriteProcessMemory")
+	procCreateRemoteThread = modkernel32.NewProc("CreateRemoteThread")
+	procVirtualFreeEx      = modkernel32.NewProc("VirtualFreeEx")
+	procGetExitCodeThread  = modkernel32.NewProc("GetExitCodeThread")
+)
+
 // JobObjectInfoClass
 // cf. https://msdn.microsoft.com/en-us/library/windows/desktop/ms686216%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
 const (
@@ -71,30 +103,6 @@ type ProcessEntry32 struct {
 	ExeFile           [MAX_PATH]uint16
 }
 
-var (
-	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
-
-	procCreateJobObject           = modkernel32.NewProc("CreateJobObjectW")
-	procSetInformationJobObject   = modkernel32.NewProc("SetInformationJobObject")
-	procQueryInformationJobObject = modkernel32.NewProc("QueryInformationJobObject")
-	procAssignProcessToJobObject  = modkernel32.NewProc("AssignProcessToJobObject")
-
-	procGetCurrentThread    = modkernel32.NewProc("GetCurrentThread")
-	procOpenThreadToken     = modkernel32.NewProc("OpenThreadToken")
-	procGetDiskFreeSpaceExW = modkernel32.NewProc("GetDiskFreeSpaceExW")
-
-	procOpenThread    = modkernel32.NewProc("OpenThread")
-	procResumeThread  = modkernel32.NewProc("ResumeThread")
-	procThread32First = modkernel32.NewProc("Thread32First")
-	procThread32Next  = modkernel32.NewProc("Thread32Next")
-
-	procCreateToolhelp32Snapshot = modkernel32.NewProc("CreateToolhelp32Snapshot")
-	procProcess32FirstW          = modkernel32.NewProc("Process32FirstW")
-	procProcess32NextW           = modkernel32.NewProc("Process32NextW")
-
-	procQueryFullProcessImageNameW = modkernel32.NewProc("QueryFullProcessImageNameW")
-)
-
 func CreateJobObject(
 	jobAttributes *syscall.SecurityAttributes,
 	name *uint16,
@@ -285,6 +293,30 @@ func OpenThread(
 	return
 }
 
+func SuspendThread(
+	thread syscall.Handle,
+) (retCount uint32, err error) {
+	r1, _, e1 := syscall.Syscall(
+		procSuspendThread.Addr(),
+		1,
+		uintptr(thread),
+		0,
+		0,
+	)
+
+	minusOne := int(-1)
+	if r1 == uintptr(minusOne) {
+		if e1 != 0 {
+			err = e1
+		} else {
+			err = syscall.EINVAL
+		}
+	} else {
+		retCount = uint32(r1)
+	}
+	return
+}
+
 func ResumeThread(
 	thread syscall.Handle,
 ) (retCount uint32, err error) {
@@ -444,3 +476,126 @@ func QueryFullProcessImageName(
 	}
 	return
 }
+
+const (
+	MEM_COMMIT     = 0x00001000
+	MEM_RESERVE    = 0x00002000
+	PAGE_READWRITE = 0x04
+)
+
+func VirtualAllocEx(
+	process syscall.Handle,
+	address uintptr,
+	size uintptr,
+	allocationType uint32,
+	protect uint32,
+) (res uintptr, err error) {
+	r1, _, e1 := syscall.Syscall6(
+		procVirtualAllocEx.Addr(),
+		5,
+		uintptr(process),
+		address,
+		uintptr(size),
+		uintptr(allocationType),
+		uintptr(protect),
+		0,
+	)
+	res = uintptr(r1)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = e1
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func WriteProcessMemory(process syscall.Handle, addr uintptr, buf unsafe.Pointer, size uint32) (nLength uint32, err error) {
+	r1, _, e1 := syscall.Syscall6(
+		procWriteProcessMemory.Addr(),
+		5,
+		uintptr(process),
+		addr,
+		uintptr(buf),
+		uintptr(size),
+		uintptr(unsafe.Pointer(&nLength)),
+		0,
+	)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = e1
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func CreateRemoteThread(process syscall.Handle, sa *syscall.SecurityAttributes, stackSize uint32, startAddress,
+	parameter uintptr, creationFlags uint32) (ret syscall.Handle, threadId uint32, err error) {
+	r1, _, e1 := syscall.Syscall9(
+		procCreateRemoteThread.Addr(),
+		7,
+		uintptr(process),
+		uintptr(unsafe.Pointer(sa)),
+		uintptr(stackSize),
+		startAddress,
+		parameter,
+		uintptr(creationFlags),
+		uintptr(unsafe.Pointer(&threadId)),
+		0, 0,
+	)
+	runtime.KeepAlive(sa)
+	ret = syscall.Handle(r1)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = e1
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+const (
+	MEM_RELEASE = 0x8000
+)
+
+func VirtualFreeEx(process syscall.Handle, addr uintptr, size, freeType uint32) (err error) {
+	r1, _, e1 := syscall.Syscall6(
+		procVirtualFreeEx.Addr(),
+		4,
+		uintptr(process),
+		addr,
+		uintptr(size),
+		uintptr(freeType),
+		0, 0,
+	)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = e1
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}
+
+func GetExitCodeThread(thread syscall.Handle) (exitCode uint32, err error) {
+	r1, _, e1 := syscall.Syscall(
+		procGetExitCodeThread.Addr(),
+		2,
+		uintptr(thread),
+		uintptr(unsafe.Pointer(&exitCode)),
+		0,
+	)
+	if r1 == 0 {
+		if e1 != 0 {
+			err = e1
+		} else {
+			err = syscall.EINVAL
+		}
+	}
+	return
+}