SYMBOL INDEX (200 symbols across 23 files) FILE: Beacon/Beacon.c type curl_slist (line 22) | struct curl_slist type curl_slist (line 23) | struct curl_slist function LONG (line 216) | LONG WINAPI VectoredExceptionHandler(PEXCEPTION_POINTERS ExceptionInfo) function main (line 233) | int main() { FILE: Beacon/Bof.c function BeaconInjectProcess (line 6) | void __cdecl BeaconInjectProcess(HANDLE hProc, int pid, char* payload, i... function BeaconInjectTemporaryProcess (line 11) | void __cdecl BeaconInjectTemporaryProcess(PROCESS_INFORMATION* pi, char*... function BeaconGetSpawnTo (line 17) | void __cdecl BeaconGetSpawnTo(BOOL x86, char* buffer, int length) function BOOL (line 33) | BOOL __cdecl SetBeaconToken(HANDLE hToken, char* buffer) function BOOL (line 47) | BOOL __cdecl BeaconUseToken(HANDLE hToken) function BeaconOutput (line 57) | void __cdecl BeaconOutput(int type, char* data, int len) function BeaconPrintf (line 61) | void __cdecl BeaconPrintf(int type, char* fmt, ...) function InitInternalFunctions (line 77) | void InitInternalFunctions(BeaconInternalFunctions* InternalFunctions) function FixRelocation (line 113) | int FixRelocation(BeaconBofRelocation* pBofRelocation, char* pcode_data,... function BeaconBof (line 166) | void __cdecl BeaconBof(unsigned char* Taskdata, size_t* Tasksize, size_... FILE: Beacon/Bof.h type HMODULE (line 5) | typedef HMODULE(__stdcall* fpLoadLibraryA)(LPCSTR lpLibFileName); type BOOL (line 6) | typedef BOOL(__stdcall* fpFreeLibrary)(HMODULE hLibModule); type FARPROC (line 7) | typedef FARPROC(__stdcall* fpGetProcAddress)(HMODULE hModule, LPCSTR lp... type HMODULE (line 8) | typedef HMODULE(__stdcall* fpGetModuleHandleA)(LPCSTR lpModuleName); type BOOL (line 27) | typedef BOOL(__cdecl* fpBeaconUseToken)(HANDLE token); type BOOL (line 28) | typedef BOOL(__cdecl* fpBeaconIsAdmin)(); type BOOL (line 33) | typedef BOOL(__cdecl* fpBeaconSpawnTemporaryProcess)(BOOL x86, BOOL igno... type BOOL (line 35) | typedef BOOL(__cdecl* fptoWideChar)(char* src, wchar_t* dst, unsigned in... type BeaconInternalFunctions (line 37) | typedef struct { type BeaconBofRelocation (line 73) | typedef struct FILE: Beacon/CmdExecuteAssembly.c function ExecuteAssmblyInjection (line 35) | void ExecuteAssmblyInjection(int timeout, int p_offset, char* payload, s... function datap (line 160) | datap* BeaconDataInit(int size) function BeaconDataCopyToBuffer1 (line 179) | int BeaconDataCopyToBuffer1(datap* parser, char* buffer, int buffer_size) function ParseAssember (line 203) | void ParseAssember(unsigned char* buf, size_t* commandBuflen) { FILE: Beacon/Command.c type Buffer (line 11) | struct Buffer { function buffer_init (line 17) | void buffer_init(struct Buffer* buf) { function buffer_append (line 28) | void buffer_append(struct Buffer* buf, unsigned char* str, size_t* bufle... function buffer_free (line 58) | void buffer_free(struct Buffer* buf) { function SleepTimes (line 65) | void SleepTimes(unsigned char* Buf) { type Buffer (line 77) | struct Buffer type curl_slist (line 208) | struct curl_slist function DataProcess (line 248) | void DataProcess(unsigned char* buf, size_t lenn, int callback) { function BeaconFormatAlloc (line 267) | void BeaconFormatAlloc(formatp* format, int maxsz) { function BeaconFormatInit (line 272) | void BeaconFormatInit(formatp* format, char* buff, int buffsize) { function BeaconFormatPrintf (line 283) | void BeaconFormatPrintf(formatp* format, char* fmt, ...) { function BeaconFormatlength (line 297) | int BeaconFormatlength(formatp* format) { function BeaconFormatFree (line 302) | void BeaconFormatFree(formatp* format) function BeaconDataParse (line 330) | void BeaconDataParse(datap* parser, char* buffer, int size) function BeaconDataInt (line 351) | int BeaconDataInt(datap* parser) function BeaconDataShort (line 364) | short BeaconDataShort(datap* parser) function BeaconDataLength (line 378) | int BeaconDataLength(datap* parser) function BeaconFormatReset (line 392) | void BeaconFormatReset(formatp* format) function BeaconFormatAppend (line 397) | void BeaconFormatAppend(formatp* format, char* text, int len) function BeaconFormatInt (line 424) | void BeaconFormatInt(formatp* format, int value) function BeaconErrorD (line 431) | void BeaconErrorD() { function BeaconRevertToken (line 434) | void BeaconRevertToken() function BeaconErrorDD (line 438) | void BeaconErrorDD() function BeaconErrorNA (line 442) | void BeaconErrorNA() function BOOL (line 446) | BOOL is_admin() function Is_Wow64 (line 472) | int Is_Wow64(HANDLE hProcess) function resolve_spawntopath (line 486) | void resolve_spawntopath(LPSTR lpDst, BOOL x86) function getspawntopath (line 511) | void getspawntopath(char* path_buffer, BOOL x86) type STARTUPINFOA (line 533) | struct STARTUPINFOA { type BeaconStartProcess (line 553) | typedef struct function CreateProcessCore (line 563) | int CreateProcessCore (BeaconStartProcess* pBeaconStartProcess) { function BeaconCreateProcess (line 586) | int BeaconCreateProcess(char* path, int path_size, STARTUPINFOA* sInfo, ... function BeaconcloseAllHandle (line 606) | void BeaconcloseAllHandle(PROCESS_INFORMATION* pi) function BOOL (line 621) | BOOL __cdecl toWideChar(char* lpMultiByteStr, wchar_t* lpWideCharStr, un... function CheckMemoryRWX (line 633) | int CheckMemoryRWX(LPVOID lpAddress, SIZE_T dwSize) FILE: Beacon/Command.h type BeaconJob (line 18) | typedef struct { FILE: Beacon/DunpHash.c function BOOL (line 16) | BOOL MinidumpCallbackRoutine(PVOID CallbackParam, PMINIDUMP_CALLBACK_INP... function EnableDebugPrivilege (line 58) | void EnableDebugPrivilege(BOOL enforceCheck) { function BOOL (line 69) | BOOL SetPrivilege(HANDLE hToken, wchar_t* lpszPrivilege, BOOL bEnablePri... function DWORD (line 105) | DWORD GetPidUsingFilePath(wchar_t* processBinaryPath) { function SpoofPidTeb (line 136) | void SpoofPidTeb(DWORD spoofedPid, PDWORD originalPid, PDWORD originalTi... function FindTokenHandlesInProcess (line 146) | void FindTokenHandlesInProcess(DWORD targetPid, HANDLE* tokenHandles, PD... function BOOL (line 170) | BOOL EnableImpersonatePrivilege() { function MalSeclogonPPIDSpoofing (line 177) | void MalSeclogonPPIDSpoofing(int pid, wchar_t* cmdline) function DWORD (line 231) | DWORD WINAPI ThreadSeclogonLock(LPVOID lpParam) { function CreateFileLock (line 239) | void CreateFileLock(HANDLE hFile, LPOVERLAPPED overlapped) { function LeakLsassHandleInSeclogonWithRaceCondition (line 256) | void LeakLsassHandleInSeclogonWithRaceCondition(DWORD lsassPid) { function RestoreOriginalPidTeb (line 278) | void RestoreOriginalPidTeb(DWORD originalPid, DWORD originalTid) { function BOOL (line 287) | BOOL FileExists(LPCTSTR szPath) function NTSTATUS (line 293) | NTSTATUS QueryObjectTypesInfo(__out POBJECT_TYPES_INFORMATION* TypesInfo) { function NTSTATUS (line 313) | NTSTATUS GetTypeIndexByName(__in PCUNICODE_STRING TypeName, __out PULONG... function FindProcessHandlesInTargetProcess (line 339) | void FindProcessHandlesInTargetProcess(DWORD targetPid, HANDLE* handlesT... function ReplaceNtOpenProcess (line 364) | void ReplaceNtOpenProcess(HANDLE leakedHandle, char* oldCode, int* oldCo... function RestoreNtOpenProcess (line 382) | void RestoreNtOpenProcess(char* oldCode, int oldCodeSize) { function EncryptAndWriteDumpToDisk (line 390) | void EncryptAndWriteDumpToDisk(wchar_t* dumpPath, int xorKey) { function MalSeclogonDumpLsassWithSeclogonRaceCondition (line 422) | void MalSeclogonDumpLsassWithSeclogonRaceCondition(int lsassPid, wchar_t... function DWORD (line 499) | DWORD WINAPI DumphashThread(LPVOID lpParam) { function DumpHASH (line 505) | int DumpHASH() { FILE: Beacon/File.c type tm (line 16) | struct tm function wchar_t (line 21) | wchar_t* convertToWideChar(const unsigned char* input) { type _wfinddata_t (line 60) | struct _wfinddata_t type tm (line 88) | struct tm type tm (line 98) | struct tm function Upload (line 251) | int Upload(const unsigned char* filePath, const unsigned char* fileConte... type stat (line 324) | struct stat type ThreadArgs (line 342) | struct ThreadArgs { function DWORD (line 347) | DWORD WINAPI myThreadFunction(LPVOID lpParam) { type ThreadArgs (line 451) | struct ThreadArgs type ThreadArgs (line 451) | struct ThreadArgs type ThreadArgs (line 451) | struct ThreadArgs FILE: Beacon/GuangMing.c function DWORD (line 26) | DWORD GetSyscallNumber(char* Page, int SyscallLen) { FILE: Beacon/GuangMing.h type _UNICODE_STRING (line 51) | struct _UNICODE_STRING type PS_ATTRIBUTE (line 58) | typedef struct _PS_ATTRIBUTE type RTL_DRIVE_LETTER_CURDIR (line 72) | typedef struct _RTL_DRIVE_LETTER_CURDIR { type CURDIR (line 79) | typedef struct _CURDIR type RTL_USER_PROCESS_PARAMETERS (line 86) | typedef struct _RTL_USER_PROCESS_PARAMETERS type PS_CREATE_STATE (line 129) | typedef enum _PS_CREATE_STATE type OBJECT_ATTRIBUTES (line 141) | typedef struct _OBJECT_ATTRIBUTES type PS_CREATE_INFO (line 151) | typedef struct _PS_CREATE_INFO type PS_ATTRIBUTE_LIST (line 213) | typedef struct _PS_ATTRIBUTE_LIST type KWAIT_REASON (line 220) | typedef enum _KWAIT_REASON type LONG (line 262) | typedef LONG KPRIORITY; type CLIENT_ID (line 264) | typedef struct _CLIENT_ID type SYSTEM_THREAD_INFORMATION (line 270) | typedef struct _SYSTEM_THREAD_INFORMATION type SYSTEM_PROCESS_INFORMATION (line 286) | typedef struct _SYSTEM_PROCESS_INFORMATION type SYSTEM_INFORMATION_CLASS (line 327) | typedef enum _SYSTEM_INFORMATION_CLASS FILE: Beacon/Http.c function write_callback (line 13) | size_t write_callback(void* ptr, size_t size, size_t nmemb, void* userda... function perform_requestresult (line 30) | perform_requestresult perform_post_request(unsigned char* url, struct cu... function perform_requestresult (line 86) | perform_requestresult perform_get_request(unsigned char* url, struct cur... FILE: Beacon/Http.h type perform_requestresult (line 8) | typedef struct { type curl_slist (line 14) | struct curl_slist type curl_slist (line 17) | struct curl_slist FILE: Beacon/InjectProcess.c type BeaconProcessInject (line 5) | typedef struct function BOOL (line 23) | BOOL sub_100054CC(char* payload, int p_len) function sub_10004B81 (line 34) | void sub_10004B81(HANDLE hProcess, PROCESS_INFORMATION* pi, int pid, Bea... function BOOL (line 183) | BOOL BeaconCreateRemoteThread(HANDLE hProcess, LPTHREAD_START_ROUTINE lp... function BeaconReflectiveDLLInject (line 188) | void BeaconReflectiveDLLInject(char* commandBuf, int lenn) { function BeaconSpawn (line 227) | void BeaconSpawn(char* payload, int payloadsize) { function BeaconSpawnTemporaryProcess (line 254) | int BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFOA... function Inject (line 274) | int Inject(BeaconProcessInject* pBeaconProcessInject, int prepended_data... function InjectComply (line 340) | void InjectComply(size_t payload_size, BeaconProcessInject* pBeaconProce... function ProcessInject (line 365) | void ProcessInject(int pid, PROCESS_INFORMATION* pi, HANDLE hProcess, ch... FILE: Beacon/Job.c function Add_Beacon_Job (line 7) | void Add_Beacon_Job(BeaconJob* pBeaconJob) function Add_BeaconInternal_Job (line 29) | void Add_BeaconInternal_Job(HANDLE hNamedPipe, int job_process_pid, int ... function BOOL (line 44) | BOOL ConnectPipe(int dwFlagsAndAttributes, HANDLE* hNamedPipe, LPCSTR lp... function BeaconDataCopyToBuf (line 78) | int BeaconDataCopyToBuf(unsigned char* parser, char* buffer, int buffer_... function BOOL (line 100) | BOOL ConnectJobPipe(HANDLE* hNamedPipe, int dwFlagsAndAttributes, CHAR* ... function KEYLOGGEJob (line 109) | void KEYLOGGEJob(int FlagsAndAttributes, char* commandBuf, int lenn, int... function CreatePipeJob (line 148) | CreatePipeJob createjob() { function BeaconJob (line 179) | BeaconJob* Add_Beacon_0Job(HANDLE hProcess, HANDLE hThread, int dwProces... function del_beacon_job (line 203) | void del_beacon_job() function beacon_JobKill (line 261) | void beacon_JobKill(char* Taskdata, int Task_size) function beacon_jobs (line 277) | void beacon_jobs() { type ThreadArgs (line 344) | struct ThreadArgs { function CheckTimeout (line 352) | void CheckTimeout(HANDLE hNamedPipe, int timeout) function DWORD (line 361) | DWORD WINAPI PipeJobHandla(LPVOID lpParam) { function PipeJob (line 438) | void PipeJob(unsigned char* buf, size_t* commandBuflen, size_t* Bufflen) { FILE: Beacon/Job.h type CreatePipeJob (line 3) | typedef struct { FILE: Beacon/MetaData.c function MakeMetaInfoResult (line 18) | MakeMetaInfoResult MakeMetaInfo() { function EncryMetadataResult (line 334) | EncryMetadataResult EncryMetadata() { function IsOSX64 (line 447) | bool IsOSX64() { function GetMetaDataFlag (line 508) | int GetMetaDataFlag() { function IsProcessX64 (line 532) | bool IsProcessX64() { function GetLocalIPInt (line 542) | uint32_t GetLocalIPInt() { FILE: Beacon/MetaData.h type MakeMetaInfoResult (line 20) | typedef struct { type EncryMetadataResult (line 25) | typedef struct { FILE: Beacon/Patch.c function DWORD64 (line 30) | DWORD64 GetAddr(LPVOID addr) { function patchitETW (line 38) | void patchitETW(HANDLE hproc) { function AMS1patch1 (line 100) | void AMS1patch1(HANDLE hproc) { function BOOL (line 151) | BOOL Self_Delete() { function Duan (line 228) | int Duan(DWORD process) { FILE: Beacon/Shell.c function TCHAR (line 21) | TCHAR* ConvertTo_TCHAR(const unsigned char* input) { type ParseCommandShellparse (line 37) | typedef struct { type ThreadArgs (line 43) | struct ThreadArgs { function ParseCommandShellparse (line 48) | ParseCommandShellparse ParseCommandShell(unsigned char* buf) { function DWORD (line 74) | DWORD WINAPI myThreadCmdRun(LPVOID lpParam) { function DWORD (line 197) | DWORD WINAPI myThreadCmdshell(LPVOID lpParam) { type ThreadArgs (line 321) | struct ThreadArgs type ThreadArgs (line 321) | struct ThreadArgs type ThreadArgs (line 321) | struct ThreadArgs function get_user_sid (line 373) | int get_user_sid(size_t BufferSize, HANDLE TokenHandle, char* Buffer) function BOOL (line 423) | BOOL GetProcessUserInfo(HANDLE ProcessHandle, char* usersid) function BOOL (line 436) | BOOL IsProcessX64s(DWORD pid) { function beacon_ps (line 446) | void beacon_ps(char* Taskdata, int Task_size) FILE: Beacon/Util.h type formatp (line 7) | typedef struct { type datap (line 14) | typedef struct { FILE: Beacon/ntdef.h type GDI_TEB_BATCH (line 50) | typedef struct _GDI_TEB_BATCH type TEB (line 63) | typedef struct _TEB type SYSTEM_HANDLE_TABLE_ENTRY_INFO (line 189) | typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO type SYSTEM_HANDLE_INFORMATION (line 200) | typedef struct _SYSTEM_HANDLE_INFORMATION type OBJECT_TYPES_INFORMATION (line 206) | typedef struct _OBJECT_TYPES_INFORMATION { type OBJECT_INFORMATION_CLASS (line 210) | typedef enum _OBJECT_INFORMATION_CLASS { type OBJECT_TYPE_INFORMATION (line 221) | typedef struct _OBJECT_TYPE_INFORMATION { type OBJECT_TYPE_INFORMATION_V2 (line 245) | typedef struct _OBJECT_TYPE_INFORMATION_V2 { type FILE_INFORMATION_CLASS (line 280) | typedef enum _FILE_INFORMATION_CLASS { type IO_STATUS_BLOCK (line 375) | typedef struct _IO_STATUS_BLOCK { type UNICODE_STRING (line 383) | typedef const UNICODE_STRING* PCUNICODE_STRING; type FILE_PROCESS_IDS_USING_FILE_INFORMATION (line 385) | typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION type THREAD_PARAMETERS (line 391) | typedef struct _THREAD_PARAMETERS FILE: Beacon/util.c function Readshort (line 6) | uint16_t Readshort(uint8_t* b) { function IsHighPriv (line 11) | bool IsHighPriv() { function bigEndianUint32 (line 34) | uint32_t bigEndianUint32(uint8_t b[4]) { function PutUint32BigEndian (line 39) | void PutUint32BigEndian(uint8_t* b, uint32_t v) { function PutUint16BigEndian (line 50) | void PutUint16BigEndian(uint8_t* bytes, uint16_t value) { function wchar_t (line 72) | wchar_t getRandomWideLetter() { function GenerateEvenRandomInt (line 77) | int GenerateEvenRandomInt(int min, int max) { function XOR (line 181) | void XOR(unsigned char* data, unsigned char* key, size_t length) { function DWORD_PTR (line 470) | DWORD_PTR FindRWXOffset(HMODULE hModule) { function DWORD_PTR (line 490) | DWORD_PTR FindRWXSize(HMODULE hModule) { function LPVOID (line 506) | LPVOID RWXaddress() { FILE: ceshi/ce.c function vPrintf (line 9) | void vPrintf(char* fmt) { function main (line 13) | int main()