Class: TurboRex::Windows::ALPC::APIProxy

Inherits:
Metasm::WinAPI
  • Object
show all
Defined in:
lib/turborex/windows/alpc.rb

Class Method Summary collapse

Class Method Details

.alloc_c_type(typename, init_value = 0) ⇒ Object 



113
114
115
 
# File 'lib/turborex/windows/alpc.rb', line 113

def self.alloc_c_type(typename, init_value = 0)
  alloc_c_ary(typename, [init_value])
end

.init(cpu = Metasm::Ia32) ⇒ Object 



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/turborex/windows/alpc.rb', line 37

def self.init(cpu = Metasm::Ia32)
  if @initialized
    return true
  end

  opts = {}
  opts[:cpu] = cpu
  opts[:include_path] = [TurboRex.root + "/resources/headers/alpc"]
  opts[:visual_studio] = true
  opts[:data_model] = 'llp64' if cpu == Metasm::X86_64
  opts[:predefined] = true

  @np = TurboRex::CStruct::NativeParser.new(nil, opts)
  @cp = @np.parser
  @cp.parse("#define NT_VERSION #{TurboRex::Windows.version.join}")
  @cp.parse_file TurboRex.root + '/resources/headers/alpc/ntlpcapi.h'
  new_api_c('ntdll.dll')

  @initialized = true
end

.initialized?Boolean

Returns:

  • (Boolean) 


63
64
65
 
# File 'lib/turborex/windows/alpc.rb', line 63

def self.initialized?
  @initialized
end

.new_api_c(fromlib = nil) ⇒ Object 



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
# File 'lib/turborex/windows/alpc.rb', line 67

def self.new_api_c(fromlib = nil)
  cp.toplevel.symbol.dup.each_value { |v|
    next if not v.kind_of? Metasm::C::Variable # enums
    cp.toplevel.symbol.delete v.name
    lib = fromlib || lib_from_sym(v.name)
    addr = sym_addr(lib, v.name)
    if addr == 0 or addr == -1 or addr == 0xffff_ffff or addr == 0xffffffff_ffffffff
      api_not_found(lib, v)
      next
    end

    rbname = c_func_name_to_rb(v.name)
    if not v.type.kind_of? Metasm::C::Function
      class << self;
        self;
      end.send(:define_method, rbname) { addr }
      next
    end

    next if v.initializer

    
    new_caller_for(v, rbname, addr)
  }


  cexist = constants.inject({}) { |h, c| h.update c.to_s => true }
  cp.toplevel.symbol.each { |k, v|
    if v.kind_of? ::Integer
      n = c_const_name_to_rb(k)
      const_set(n, v) if v.kind_of? Integer and not cexist[n]
    end
  }

  cp.lexer.definition.each_key { |k|
    n = c_const_name_to_rb(k)
    if not cexist[n] and Object.const_defined?(n) and v = @cp.macro_numeric(n)
      const_set(n, v)
    end
  }
end

.npObject 



109
110
111
 
# File 'lib/turborex/windows/alpc.rb', line 109

def self.np
  @np
end

.reload(cpu = Metasm::Ia32) ⇒ Object 



58
59
60
61
 
# File 'lib/turborex/windows/alpc.rb', line 58

def self.reload(cpu = Metasm::Ia32)
  @initialized = false
  init(cpu)
end