SYMBOL INDEX (320 symbols across 34 files) FILE: chapter4-demo1/demo1/Header.h function XOR_KEY (line 3) | const int XOR_KEY{ 8 } FILE: chapter4-demo1/demo1/base64.cpp function pos_of_char (line 55) | static unsigned int pos_of_char(const unsigned char chr) { function insert_linebreaks (line 73) | static std::string insert_linebreaks(std::string str, size_t distance) { function encode_with_line_breaks (line 92) | static std::string encode_with_line_breaks(String s) { function encode_pem (line 97) | static std::string encode_pem(String s) { function encode_mime (line 102) | static std::string encode_mime(String s) { function encode (line 107) | static std::string encode(String s, bool url) { function base64_encode (line 111) | std::string base64_encode(unsigned char const* bytes_to_encode, size_t i... function decode (line 163) | static std::string decode(String encoded_string, bool remove_linebreaks) { function base64_decode (line 243) | std::string base64_decode(std::string const& s, bool remove_linebreaks) { function base64_encode (line 247) | std::string base64_encode(std::string const& s, bool url) { function base64_encode_pem (line 251) | std::string base64_encode_pem(std::string const& s) { function base64_encode_mime (line 255) | std::string base64_encode_mime(std::string const& s) { function base64_encode (line 266) | std::string base64_encode(std::string_view s, bool url) { function base64_encode_pem (line 270) | std::string base64_encode_pem(std::string_view s) { function base64_encode_mime (line 274) | std::string base64_encode_mime(std::string_view s) { function base64_decode (line 278) | std::string base64_decode(std::string_view s, bool remove_linebreaks) { FILE: chapter4-demo1/demo1/demo1.cpp function main (line 45) | int main() FILE: chapter4-demo2/demo1/Header.h function XOR_KEY (line 3) | const int XOR_KEY{ 8 } function std (line 6) | const std::vector VC_PREF_BASES{ (void*)0x00000000DDDD0000, FILE: chapter4-demo2/demo1/base64.cpp function pos_of_char (line 55) | static unsigned int pos_of_char(const unsigned char chr) { function insert_linebreaks (line 73) | static std::string insert_linebreaks(std::string str, size_t distance) { function encode_with_line_breaks (line 92) | static std::string encode_with_line_breaks(String s) { function encode_pem (line 97) | static std::string encode_pem(String s) { function encode_mime (line 102) | static std::string encode_mime(String s) { function encode (line 107) | static std::string encode(String s, bool url) { function base64_encode (line 111) | std::string base64_encode(unsigned char const* bytes_to_encode, size_t i... function decode (line 163) | static std::string decode(String encoded_string, bool remove_linebreaks) { function base64_decode (line 243) | std::string base64_decode(std::string const& s, bool remove_linebreaks) { function base64_encode (line 247) | std::string base64_encode(std::string const& s, bool url) { function base64_encode_pem (line 251) | std::string base64_encode_pem(std::string const& s) { function base64_encode_mime (line 255) | std::string base64_encode_mime(std::string const& s) { function base64_encode (line 266) | std::string base64_encode(std::string_view s, bool url) { function base64_encode_pem (line 270) | std::string base64_encode_pem(std::string_view s) { function base64_encode_mime (line 274) | std::string base64_encode_mime(std::string_view s) { function base64_decode (line 278) | std::string base64_decode(std::string_view s, bool remove_linebreaks) { FILE: chapter4-demo2/demo1/demo1.cpp function replace (line 47) | std::string replace(const std::string& inStr, const char* pSrc, const ch... function LPVOID (line 74) | LPVOID GetSuitableBaseAddress(HANDLE hProc, DWORD szPage, DWORD szAllocG... function main (line 108) | int main() FILE: chapter4-demo3/demo1/Header.h function XOR_KEY (line 3) | const int XOR_KEY{ 8 } function std (line 6) | const std::vector VC_PREF_BASES{ (void*)0x00000000DDDD0000, FILE: chapter4-demo3/demo1/base64.cpp function pos_of_char (line 55) | static unsigned int pos_of_char(const unsigned char chr) { function insert_linebreaks (line 73) | static std::string insert_linebreaks(std::string str, size_t distance) { function encode_with_line_breaks (line 92) | static std::string encode_with_line_breaks(String s) { function encode_pem (line 97) | static std::string encode_pem(String s) { function encode_mime (line 102) | static std::string encode_mime(String s) { function encode (line 107) | static std::string encode(String s, bool url) { function base64_encode (line 111) | std::string base64_encode(unsigned char const* bytes_to_encode, size_t i... function decode (line 163) | static std::string decode(String encoded_string, bool remove_linebreaks) { function base64_decode (line 243) | std::string base64_decode(std::string const& s, bool remove_linebreaks) { function base64_encode (line 247) | std::string base64_encode(std::string const& s, bool url) { function base64_encode_pem (line 251) | std::string base64_encode_pem(std::string const& s) { function base64_encode_mime (line 255) | std::string base64_encode_mime(std::string const& s) { function base64_encode (line 266) | std::string base64_encode(std::string_view s, bool url) { function base64_encode_pem (line 270) | std::string base64_encode_pem(std::string_view s) { function base64_encode_mime (line 274) | std::string base64_encode_mime(std::string_view s) { function base64_decode (line 278) | std::string base64_decode(std::string_view s, bool remove_linebreaks) { FILE: chapter4-demo3/demo1/demo1.cpp function replace (line 47) | std::string replace(const std::string& inStr, const char* pSrc, const ch... function LPVOID (line 74) | LPVOID GetSuitableBaseAddress(HANDLE hProc, DWORD szPage, DWORD szAllocG... function EXTERN_C (line 110) | EXTERN_C PVOID internal_cleancall_wow64_gate(VOID) { function BOOL (line 114) | __declspec(naked) BOOL local_is_wow64(void) function DWORD (line 142) | DWORD SW3_HashSyscall(PCSTR FunctionName) function PVOID (line 157) | PVOID SC_Address(PVOID NtApiAddress) function PVOID (line 162) | PVOID SC_Address(PVOID NtApiAddress) function BOOL (line 242) | BOOL SW3_PopulateSyscallList() function EXTERN_C (line 334) | EXTERN_C DWORD SW3_GetSyscallNumber(DWORD FunctionHash) function EXTERN_C (line 350) | EXTERN_C PVOID SW3_GetSyscallAddress(DWORD FunctionHash) function EXTERN_C (line 366) | EXTERN_C PVOID SW3_GetRandomSyscallAddress(DWORD FunctionHash) function main (line 382) | int main() FILE: chapter4-demo3/demo1/nt.h type SW3_SYSCALL_ENTRY (line 42) | typedef struct _SW3_SYSCALL_ENTRY type SW3_SYSCALL_LIST (line 49) | typedef struct _SW3_SYSCALL_LIST type SW3_PEB_LDR_DATA (line 55) | typedef struct _SW3_PEB_LDR_DATA { type SW3_LDR_DATA_TABLE_ENTRY (line 61) | typedef struct _SW3_LDR_DATA_TABLE_ENTRY { type SW3_PEB (line 68) | typedef struct _SW3_PEB { type UNICODE_STRING (line 81) | typedef struct _UNICODE_STRING type SYSTEM_HANDLE (line 88) | typedef struct _SYSTEM_HANDLE type TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE (line 98) | typedef struct _TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE type TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE (line 104) | typedef struct _TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE type WNF_TYPE_ID (line 110) | typedef struct _WNF_TYPE_ID type PS_CREATE_STATE (line 115) | typedef enum _PS_CREATE_STATE type KCONTINUE_TYPE (line 127) | typedef enum _KCONTINUE_TYPE type IO_STATUS_BLOCK (line 136) | typedef struct _IO_STATUS_BLOCK type SYSTEM_HANDLE_INFORMATION (line 146) | typedef struct _SYSTEM_HANDLE_INFORMATION type CLIENT_ID (line 152) | typedef struct _CLIENT_ID type PLUGPLAY_EVENT_CATEGORY (line 158) | typedef enum _PLUGPLAY_EVENT_CATEGORY type PNP_VETO_TYPE (line 173) | typedef enum _PNP_VETO_TYPE type TOKEN_SECURITY_ATTRIBUTE_V1 (line 190) | typedef struct _TOKEN_SECURITY_ATTRIBUTE_V1 type VOID (line 207) | typedef VOID(KNORMAL_ROUTINE) ( type PS_ATTRIBUTE (line 212) | typedef struct _PS_ATTRIBUTE type WNF_STATE_NAME (line 224) | typedef struct _WNF_STATE_NAME type KEY_VALUE_ENTRY (line 240) | typedef struct _KEY_VALUE_ENTRY type KEY_SET_INFORMATION_CLASS (line 248) | typedef enum _KEY_SET_INFORMATION_CLASS type SYSTEM_INFORMATION_CLASS (line 259) | typedef enum _SYSTEM_INFORMATION_CLASS type PROCESSINFOCLASS (line 275) | typedef enum _PROCESSINFOCLASS type MEMORY_RANGE_ENTRY (line 284) | typedef struct _MEMORY_RANGE_ENTRY type T2_SET_PARAMETERS (line 290) | typedef struct _T2_SET_PARAMETERS_V0 type FILE_PATH (line 297) | typedef struct _FILE_PATH type FILE_USER_QUOTA_INFORMATION (line 305) | typedef struct _FILE_USER_QUOTA_INFORMATION type FILE_QUOTA_LIST_INFORMATION (line 316) | typedef struct _FILE_QUOTA_LIST_INFORMATION type FILE_NETWORK_OPEN_INFORMATION (line 323) | typedef struct _FILE_NETWORK_OPEN_INFORMATION type FILTER_BOOT_OPTION_OPERATION (line 335) | typedef enum _FILTER_BOOT_OPTION_OPERATION type EVENT_TYPE (line 343) | typedef enum _EVENT_TYPE type FILE_FULL_EA_INFORMATION (line 349) | typedef struct _FILE_FULL_EA_INFORMATION type FILE_GET_EA_INFORMATION (line 358) | typedef struct _FILE_GET_EA_INFORMATION type BOOT_OPTIONS (line 365) | typedef struct _BOOT_OPTIONS type ULONG (line 375) | typedef ULONG WNF_CHANGE_STAMP, * PWNF_CHANGE_STAMP; type WNF_DATA_SCOPE (line 377) | typedef enum _WNF_DATA_SCOPE type WNF_STATE_NAME_LIFETIME (line 386) | typedef enum _WNF_STATE_NAME_LIFETIME type VIRTUAL_MEMORY_INFORMATION_CLASS (line 394) | typedef enum _VIRTUAL_MEMORY_INFORMATION_CLASS type IO_SESSION_EVENT (line 401) | typedef enum _IO_SESSION_EVENT type PORT_INFORMATION_CLASS (line 413) | typedef enum _PORT_INFORMATION_CLASS type PLUGPLAY_CONTROL_CLASS (line 421) | typedef enum _PLUGPLAY_CONTROL_CLASS type IO_COMPLETION_INFORMATION_CLASS (line 449) | typedef enum _IO_COMPLETION_INFORMATION_CLASS type SECTION_INHERIT (line 454) | typedef enum _SECTION_INHERIT type DEBUGOBJECTINFOCLASS (line 460) | typedef enum _DEBUGOBJECTINFOCLASS type SEMAPHORE_INFORMATION_CLASS (line 466) | typedef enum _SEMAPHORE_INFORMATION_CLASS type PS_ATTRIBUTE_LIST (line 471) | typedef struct _PS_ATTRIBUTE_LIST type VDMSERVICECLASS (line 477) | typedef enum _VDMSERVICECLASS type PS_CREATE_INFO (line 496) | typedef struct _PS_CREATE_INFO type MEMORY_INFORMATION_CLASS (line 558) | typedef enum _MEMORY_INFORMATION_CLASS type MEMORY_RESERVE_TYPE (line 573) | typedef enum _MEMORY_RESERVE_TYPE type ALPC_PORT_INFORMATION_CLASS (line 580) | typedef enum _ALPC_PORT_INFORMATION_CLASS type ALPC_CONTEXT_ATTR (line 595) | typedef struct _ALPC_CONTEXT_ATTR type ALPC_DATA_VIEW_ATTR (line 604) | typedef struct _ALPC_DATA_VIEW_ATTR type ALPC_SECURITY_ATTR (line 612) | typedef struct _ALPC_SECURITY_ATTR type PVOID (line 621) | typedef PVOID* PPVOID; type KPROFILE_SOURCE (line 623) | typedef enum _KPROFILE_SOURCE type ALPC_MESSAGE_INFORMATION_CLASS (line 652) | typedef enum _ALPC_MESSAGE_INFORMATION_CLASS type WORKERFACTORYINFOCLASS (line 658) | typedef enum _WORKERFACTORYINFOCLASS type MEMORY_PARTITION_INFORMATION_CLASS (line 674) | typedef enum _MEMORY_PARTITION_INFORMATION_CLASS type MUTANT_INFORMATION_CLASS (line 685) | typedef enum _MUTANT_INFORMATION_CLASS type ATOM_INFORMATION_CLASS (line 691) | typedef enum _ATOM_INFORMATION_CLASS type SHUTDOWN_ACTION (line 697) | typedef enum _SHUTDOWN_ACTION { type KEY_VALUE_INFORMATION_CLASS (line 708) | typedef enum _KEY_VALUE_INFORMATION_CLASS { type LANGID (line 717) | typedef LANGID* PLANGID; type PLUGPLAY_EVENT_BLOCK (line 719) | typedef struct _PLUGPLAY_EVENT_BLOCK type KNORMAL_ROUTINE (line 778) | typedef KNORMAL_ROUTINE* PKNORMAL_ROUTINE; type DIRECTORY_NOTIFY_INFORMATION_CLASS (line 780) | typedef enum _DIRECTORY_NOTIFY_INFORMATION_CLASS type EVENT_INFORMATION_CLASS (line 786) | typedef enum _EVENT_INFORMATION_CLASS type ALPC_MESSAGE_ATTRIBUTES (line 791) | typedef struct _ALPC_MESSAGE_ATTRIBUTES type ALPC_PORT_ATTRIBUTES (line 797) | typedef struct _ALPC_PORT_ATTRIBUTES type IO_SESSION_STATE (line 813) | typedef enum _IO_SESSION_STATE type WNF_STATE_NAME (line 826) | typedef const WNF_STATE_NAME* PCWNF_STATE_NAME; type WNF_TYPE_ID (line 828) | typedef const WNF_TYPE_ID* PCWNF_TYPE_ID; type WNF_DELIVERY_DESCRIPTOR (line 830) | typedef struct _WNF_DELIVERY_DESCRIPTOR type DEBUG_CONTROL_CODE (line 841) | typedef enum _DEBUG_CONTROL_CODE type PORT_MESSAGE (line 877) | typedef struct _PORT_MESSAGE type FILE_BASIC_INFORMATION (line 920) | typedef struct FILE_BASIC_INFORMATION type PORT_SECTION_READ (line 929) | typedef struct _PORT_SECTION_READ type PORT_SECTION_WRITE (line 936) | typedef struct _PORT_SECTION_WRITE type TIMER_TYPE (line 946) | typedef enum _TIMER_TYPE type BOOT_ENTRY (line 952) | typedef struct _BOOT_ENTRY type EFI_DRIVER_ENTRY (line 964) | typedef struct _EFI_DRIVER_ENTRY type USHORT (line 974) | typedef USHORT RTL_ATOM, * PRTL_ATOM; type TIMER_SET_INFORMATION_CLASS (line 976) | typedef enum _TIMER_SET_INFORMATION_CLASS type FSINFOCLASS (line 982) | typedef enum _FSINFOCLASS type WAIT_TYPE (line 1001) | typedef enum _WAIT_TYPE type USER_STACK (line 1007) | typedef struct _USER_STACK type SECTION_INFORMATION_CLASS (line 1016) | typedef enum _SECTION_INFORMATION_CLASS type APPHELPCACHESERVICECLASS (line 1022) | typedef enum _APPHELPCACHESERVICECLASS type TOKEN_SECURITY_ATTRIBUTES_INFORMATION (line 1033) | typedef struct _TOKEN_SECURITY_ATTRIBUTES_INFORMATION type FILE_IO_COMPLETION_INFORMATION (line 1044) | typedef struct _FILE_IO_COMPLETION_INFORMATION type PVOID (line 1051) | typedef PVOID PT2_CANCEL_PARAMETERS; type THREADINFOCLASS (line 1053) | typedef enum _THREADINFOCLASS type OBJECT_INFORMATION_CLASS (line 1077) | typedef enum _OBJECT_INFORMATION_CLASS type FILE_INFORMATION_CLASS (line 1086) | typedef enum _FILE_INFORMATION_CLASS type KEY_INFORMATION_CLASS (line 1157) | typedef enum _KEY_INFORMATION_CLASS type OBJECT_ATTRIBUTES (line 1170) | typedef struct _OBJECT_ATTRIBUTES type TIMER_INFORMATION_CLASS (line 1180) | typedef enum _TIMER_INFORMATION_CLASS type KCONTINUE_ARGUMENT (line 1185) | typedef struct _KCONTINUE_ARGUMENT FILE: chapter4-demo4/ShellcodeFluctuation/base64.cpp function pos_of_char (line 55) | static unsigned int pos_of_char(const unsigned char chr) { function insert_linebreaks (line 73) | static std::string insert_linebreaks(std::string str, size_t distance) { function encode_with_line_breaks (line 92) | static std::string encode_with_line_breaks(String s) { function encode_pem (line 97) | static std::string encode_pem(String s) { function encode_mime (line 102) | static std::string encode_mime(String s) { function encode (line 107) | static std::string encode(String s, bool url) { function base64_encode (line 111) | std::string base64_encode(unsigned char const* bytes_to_encode, size_t i... function decode (line 163) | static std::string decode(String encoded_string, bool remove_linebreaks) { function base64_decode (line 243) | std::string base64_decode(std::string const& s, bool remove_linebreaks) { function base64_encode (line 247) | std::string base64_encode(std::string const& s, bool url) { function base64_encode_pem (line 251) | std::string base64_encode_pem(std::string const& s) { function base64_encode_mime (line 255) | std::string base64_encode_mime(std::string const& s) { function base64_encode (line 266) | std::string base64_encode(std::string_view s, bool url) { function base64_encode_pem (line 270) | std::string base64_encode_pem(std::string_view s) { function base64_encode_mime (line 274) | std::string base64_encode_mime(std::string_view s) { function base64_decode (line 278) | std::string base64_decode(std::string_view s, bool remove_linebreaks) { FILE: chapter4-demo4/ShellcodeFluctuation/base64.h function XOR_KEY (line 6) | const int XOR_KEY{ 8 } FILE: chapter4-demo4/ShellcodeFluctuation/header.h type std (line 19) | typedef std::unique_ptr::type, decltype(&::C... type TypeOfFluctuation (line 21) | enum TypeOfFluctuation type FluctuationMetadata (line 28) | struct FluctuationMetadata type HookedSleep (line 37) | struct HookedSleep type HookTrampolineBuffers (line 43) | struct HookTrampolineBuffers FILE: chapter4-demo4/ShellcodeFluctuation/main.cpp function MySleep (line 12) | void WINAPI MySleep(DWORD dwMilliseconds) function collectMemoryMap (line 68) | std::vector collectMemoryMap(HANDLE hProcess, ... function initializeShellcodeFluctuation (line 95) | void initializeShellcodeFluctuation(const LPVOID caller) function xor32 (line 141) | void xor32(uint8_t* buf, size_t bufSize, uint32_t xorKey) function isShellcodeThread (line 157) | bool isShellcodeThread(LPVOID address) function fastTrampoline (line 179) | bool fastTrampoline(bool installHook, BYTE* addressToHook, LPVOID jumpAd... function hookSleep (line 265) | bool hookSleep() function shellcodeEncryptDecrypt (line 279) | void shellcodeEncryptDecrypt(LPVOID callerAddress) function LONG (line 345) | LONG NTAPI VEHHandler(PEXCEPTION_POINTERS pExceptInfo) function readShellcode (line 386) | bool readShellcode(const char* path, std::vector& shellcode) function runShellcode (line 410) | void runShellcode(LPVOID param) function injectShellcode (line 422) | bool injectShellcode(std::vector& shellcode, HandlePtr &thread) function replace (line 484) | std::string replace(const std::string& inStr, const char* pSrc, const ch... function main (line 511) | int main(int argc, char** argv) FILE: demo1/shellcode_execute/shellcode_execute/shellcode_execute/shellcode_execute.cpp function disableETW (line 11) | void disableETW(void) { function main (line 46) | int main() FILE: demo2/shellcode_execut3/shellcode_execut3/Program.cs class Program (line 17) | static class Program method SubArray (line 19) | private static T[] SubArray(this T[] data, int index, int length) method xor (line 26) | private static byte[] xor(byte[] cipher, byte[] key) method Main (line 39) | static void Main() method VirtualAlloc (line 95) | [DllImport("kernel32")] method CreateThread (line 103) | [DllImport("kernel32")] method WaitForSingleObject (line 113) | [DllImport("kernel32")] FILE: demo3/SharpInjector-master/ScEncryptor/Program.cs class Program (line 12) | class Program method Main (line 14) | static void Main(string[] args) method Enc (line 31) | public static string Enc(string data) method WriteShellcodeToFile (line 70) | public static void WriteShellcodeToFile(string EncryptedShellcode) FILE: demo3/SharpInjector-master/SharpInjector/CreateFiber.cs class CreateFiber (line 14) | class CreateFiber method ExecuteCreateFiber (line 16) | public static void ExecuteCreateFiber(byte[] Shellcode) FILE: demo3/SharpInjector-master/SharpInjector/CreateRemoteThread.cs class CreateRemoteThread (line 12) | class CreateRemoteThread method ExecuteCreateRemoteThread (line 14) | public static void ExecuteCreateRemoteThread(string ParentName, string... FILE: demo3/SharpInjector-master/SharpInjector/CreateRemoteThreadEx.cs class CreateRemoteThreadEx (line 12) | class CreateRemoteThreadEx method ExecuteCreateRemoteThreadEx (line 14) | public static void ExecuteCreateRemoteThreadEx(string ParentName, stri... FILE: demo3/SharpInjector-master/SharpInjector/CreateThread.cs class CreateThread (line 10) | class CreateThread method ExecuteCreateThread (line 12) | public static void ExecuteCreateThread(byte[] Shellcode) FILE: demo3/SharpInjector-master/SharpInjector/EtwpCreateEtwThread.cs class EtwpCreateEtwThread (line 14) | class EtwpCreateEtwThread method ExecuteEtwpCreateEtwThread (line 18) | public static void ExecuteEtwpCreateEtwThread(byte[] Shellcode) FILE: demo3/SharpInjector-master/SharpInjector/Program.cs class Program (line 17) | class Program method xor (line 19) | private static byte[] xor(byte[] cipher, byte[] key) method Main (line 30) | static void Main(string[] args) method VirtualAlloc (line 81) | [DllImport("kernel32")] method CreateThread (line 89) | [DllImport("kernel32")] method WaitForSingleObject (line 99) | [DllImport("kernel32")] method Dec (line 106) | public static string Dec(string ciphertext) type ExecutionMethod (line 134) | public enum ExecutionMethod FILE: demo3/SharpInjector-master/SharpInjector/Properties/Resource1.Designer.cs class Resource1 (line 22) | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resource... method Resource1 (line 31) | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Mic... FILE: demo3/SharpInjector-master/SharpInjector/QueueUserAPC.cs class QueueUserAPC (line 12) | class QueueUserAPC method ExecuteQueueUserAPC (line 14) | public static void ExecuteQueueUserAPC(string ParentName, string Progr... FILE: demo3/SharpInjector-master/SharpInjector/RtlCreateUserThread.cs class RtlCreateUserThread (line 13) | class RtlCreateUserThread method ExecuteRtlCreateUserThread (line 15) | public static void ExecuteRtlCreateUserThread(string ParentName, strin... FILE: demo3/SharpInjector-master/SharpInjector/Shellycode.cs class EncryptedShellcode (line 3) | class EncryptedShellcode FILE: demo3/SharpInjector-master/SharpInjector/WinAPI.cs class WinAPI (line 10) | class WinAPI type PROCESS_INFORMATION (line 19) | public struct PROCESS_INFORMATION type SECURITY_ATTRIBUTES (line 27) | public struct SECURITY_ATTRIBUTES type STARTUPINFO (line 35) | public struct STARTUPINFO type STARTUPINFOEX (line 57) | public struct STARTUPINFOEX type StartupInfoFlags (line 63) | public enum StartupInfoFlags : uint type ProcessCreationFlags (line 69) | public enum ProcessCreationFlags : uint type ProcessAccessFlags (line 76) | public enum ProcessAccessFlags : uint type FreeType (line 82) | public enum FreeType : uint type ThreadAccess (line 88) | public enum ThreadAccess : int method CloseHandle (line 93) | [DllImport("kernel32.dll")] method ConvertThreadToFiber (line 98) | [DllImport("kernel32.dll")] method CreateFiber (line 102) | [DllImport("kernel32.dll")] method CreateProcess (line 108) | [DllImport("kernel32.dll")] method CreateThread (line 121) | [DllImport("kernel32.dll")] method CreateRemoteThread (line 130) | [DllImport("kernel32.dll")] method CreateRemoteThreadEx (line 140) | [DllImport("kernel32.dll")] method EtwpCreateEtwThread (line 151) | [DllImport("ntdll.dll")] method InitializeProcThreadAttributeList (line 156) | [DllImport("kernel32.dll")] method OpenProcess (line 163) | [DllImport("kernel32.dll")] method OpenThread (line 169) | [DllImport("kernel32.dll")] method QueueUserAPC (line 175) | [DllImport("kernel32.dll")] method ResumeThread (line 182) | [DllImport("kernel32.dll")] method RtlCopyMemory (line 186) | [DllImport("kernel32.dll", EntryPoint = "RtlMoveMemory")] method RtlCreateUserThread (line 192) | [DllImport("ntdll.dll")] method SwitchToFiber (line 206) | [DllImport("kernel32.dll")] method TerminateProcess (line 210) | [DllImport("kernel32.dll")] method UpdateProcThreadAttribute (line 215) | [DllImport("kernel32.dll")] method VirtualAlloc (line 225) | [DllImport("kernel32.dll")] method VirtualAllocEx (line 232) | [DllImport("kernel32.dll")] method VirtualFree (line 240) | [DllImport("kernel32.dll")] method VirtualFreeEx (line 246) | [DllImport("kernel32.dll")] method VirtualProtect (line 253) | [DllImport("kernel32.dll")] method VirtualProtectEx (line 260) | [DllImport("kernel32.dll")] method WaitForSingleObject (line 268) | [DllImport("kernel32.dll")] method WriteProcessMemory (line 273) | [DllImport("kernel32.dll")] method Clean (line 281) | public static void Clean(IntPtr hprocess, IntPtr address, int length) FILE: demo4/syscall/syscall/syscall_call.cpp function main (line 18) | int main() FILE: demo5/syscall3/syscall3/1.cpp function EXTERN_C (line 10) | EXTERN_C PVOID internal_cleancall_wow64_gate(VOID) { function BOOL (line 14) | __declspec(naked) BOOL local_is_wow64(void) function DWORD (line 42) | DWORD SW3_HashSyscall(PCSTR FunctionName) function PVOID (line 57) | PVOID SC_Address(PVOID NtApiAddress) function PVOID (line 62) | PVOID SC_Address(PVOID NtApiAddress) function BOOL (line 142) | BOOL SW3_PopulateSyscallList() function EXTERN_C (line 234) | EXTERN_C DWORD SW3_GetSyscallNumber(DWORD FunctionHash) function EXTERN_C (line 250) | EXTERN_C PVOID SW3_GetSyscallAddress(DWORD FunctionHash) function EXTERN_C (line 266) | EXTERN_C PVOID SW3_GetRandomSyscallAddress(DWORD FunctionHash) FILE: demo5/syscall3/syscall3/1.h type SW3_SYSCALL_ENTRY (line 20) | typedef struct _SW3_SYSCALL_ENTRY type SW3_SYSCALL_LIST (line 27) | typedef struct _SW3_SYSCALL_LIST type SW3_PEB_LDR_DATA (line 33) | typedef struct _SW3_PEB_LDR_DATA { type SW3_LDR_DATA_TABLE_ENTRY (line 39) | typedef struct _SW3_LDR_DATA_TABLE_ENTRY { type SW3_PEB (line 46) | typedef struct _SW3_PEB { type SYSTEM_HANDLE (line 59) | typedef struct _SYSTEM_HANDLE type IO_STATUS_BLOCK (line 69) | typedef struct _IO_STATUS_BLOCK type SYSTEM_HANDLE_INFORMATION (line 79) | typedef struct _SYSTEM_HANDLE_INFORMATION type VOID (line 85) | typedef VOID(KNORMAL_ROUTINE) ( type PS_ATTRIBUTE (line 90) | typedef struct _PS_ATTRIBUTE type UNICODE_STRING (line 102) | typedef struct _UNICODE_STRING type OBJECT_ATTRIBUTES (line 120) | typedef struct _OBJECT_ATTRIBUTES type CLIENT_ID (line 130) | typedef struct _CLIENT_ID type SYSTEM_INFORMATION_CLASS (line 136) | typedef enum _SYSTEM_INFORMATION_CLASS type PROCESSINFOCLASS (line 152) | typedef enum _PROCESSINFOCLASS type WAIT_TYPE (line 161) | typedef enum _WAIT_TYPE type KNORMAL_ROUTINE (line 172) | typedef KNORMAL_ROUTINE* PKNORMAL_ROUTINE; type THREADINFOCLASS (line 174) | typedef enum _THREADINFOCLASS type SECTION_INHERIT (line 198) | typedef enum _SECTION_INHERIT type FILE_INFORMATION_CLASS (line 204) | typedef enum _FILE_INFORMATION_CLASS type PS_ATTRIBUTE_LIST (line 275) | typedef struct _PS_ATTRIBUTE_LIST FILE: demo5/syscall3/syscall3/syscall3.cpp function main (line 4) | int main() FILE: demo6/unhook_demo/Header.h type std (line 18) | typedef std::unique_ptr::type, decltype(&::C... type HookedSleep (line 20) | struct HookedSleep type HookTrampolineBuffers (line 26) | struct HookTrampolineBuffers FILE: demo6/unhook_demo/unhook_demo.cpp function MySleep (line 12) | void WINAPI MySleep(DWORD dwMilliseconds) function fastTrampoline (line 23) | bool fastTrampoline(bool installHook, BYTE* addressToHook, LPVOID jumpAd... function hookSleep (line 111) | bool hookSleep() function main (line 125) | int main()