SYMBOL INDEX (183 symbols across 21 files) FILE: CodeExecution/Invoke-ReflectivePEInjection_Resources/DemoDLL/DemoDLL/DemoDLL.cpp function VoidFunc (line 33) | __declspec( dllexport ) void VoidFunc() function wchar_t (line 39) | __declspec( dllexport ) wchar_t* WStringFunc() FILE: CodeExecution/Invoke-ReflectivePEInjection_Resources/DemoDLL/DemoDLL/dllmain.cpp function BOOL (line 4) | BOOL APIENTRY DllMain( HMODULE hModule, FILE: CodeExecution/Invoke-ReflectivePEInjection_Resources/DemoDLL_RemoteProcess/DemoDLL_RemoteProcess/DemoDLL_RemoteProcess.cpp function VoidFunc (line 11) | __declspec( dllexport ) void VoidFunc() FILE: CodeExecution/Invoke-ReflectivePEInjection_Resources/DemoDLL_RemoteProcess/DemoDLL_RemoteProcess/dllmain.cpp function BOOL (line 6) | BOOL APIENTRY DllMain( HMODULE hModule, FILE: CodeExecution/Invoke-ReflectivePEInjection_Resources/DemoExe/DemoExe_MD/DemoExe_MD.cpp function _tmain (line 9) | int _tmain(int argc, _TCHAR* argv[]) FILE: CodeExecution/Invoke-ReflectivePEInjection_Resources/DemoExe/DemoExe_MDd/DemoExe_MDd.cpp function _tmain (line 9) | int _tmain(int argc, _TCHAR* argv[]) FILE: CodeExecution/Invoke-ReflectivePEInjection_Resources/ExeToInjectInTo/ExeToInjectInTo/ExeToInjectInTo.cpp function _tmain (line 9) | int _tmain(int argc, _TCHAR* argv[]) FILE: Exfiltration/LogonUser/LogonUser/LogonUser/LogonUser.cpp function _tmain (line 13) | int _tmain(int argc, _TCHAR* argv[]) function PVOID (line 111) | PVOID CreateNtlmLogonStructure(wstring domain, wstring username, wstring... function WriteUnicodeString (line 128) | size_t WriteUnicodeString(wstring str, UNICODE_STRING* uniStr, PVOID bas... FILE: Exfiltration/LogonUser/LogonUser/logon/dllmain.cpp function BOOL (line 4) | BOOL APIENTRY DllMain( HMODULE hModule, FILE: Exfiltration/LogonUser/LogonUser/logon/logon.cpp function VoidFunc (line 19) | __declspec( dllexport ) void VoidFunc() function PVOID (line 211) | PVOID CreateKerbLogonStructure(const wchar_t* domain, const wchar_t* use... function PVOID (line 229) | PVOID CreateNtlmLogonStructure(const wchar_t* domain, const wchar_t* use... function WriteUnicodeString (line 247) | size_t WriteUnicodeString(const wchar_t* str, UNICODE_STRING* uniStr, PV... function WriteErrorToPipe (line 257) | void WriteErrorToPipe(string errorMsg, HANDLE pipe) FILE: Exfiltration/NTFSParser/NTFSParser/NTFSParser.cpp function _tmain (line 29) | int _tmain(int argc, _TCHAR* argv[]) FILE: Exfiltration/NTFSParser/NTFSParser/NTFS_Attribute.h type DataRun_Entry (line 24) | typedef struct tagDataRun_Entry type class (line 31) | typedef class CSList CDataRunList; type class (line 37) | typedef class CSList CIndexEntryList; function class (line 43) | class CAttrBase function class (line 184) | class CAttrResident : public CAttrBase function ULONGLONG (line 220) | __inline ULONGLONG CAttrResident::GetDataSize(ULONGLONG *allocSize) const function BOOL (line 230) | BOOL CAttrResident::ReadData(const ULONGLONG &offset, void *bufv, DWORD ... function class (line 256) | class CAttrNonResident : public CAttrBase function BOOL (line 300) | BOOL CAttrNonResident::PickData(const BYTE **dataRun, LONGLONG *length, ... function BOOL (line 336) | BOOL CAttrNonResident::ParseDataRun() function BOOL (line 393) | BOOL CAttrNonResident::ReadClusters(void *buf, DWORD clusters, LONGLONG ... function BOOL (line 437) | BOOL CAttrNonResident::ReadVirtualClusters(ULONGLONG vcn, DWORD clusters, function ULONGLONG (line 503) | __inline ULONGLONG CAttrNonResident::GetDataSize(ULONGLONG *allocSize) c... function BOOL (line 513) | BOOL CAttrNonResident::ReadData(const ULONGLONG &offset, void *bufv, DWO... function class (line 595) | class CAttr_StdInfo : public CAttrResident function GetFileTime (line 630) | void CAttr_StdInfo::GetFileTime(FILETIME *writeTm, FILETIME *createTm, F... function UTC2Local (line 677) | void CAttr_StdInfo::UTC2Local(const ULONGLONG &ultm, FILETIME *lftm) function class (line 695) | class CFileName function GetFileTime (line 964) | void CFileName::GetFileTime(FILETIME *writeTm, FILETIME *createTm, FILET... function virtual (line 989) | virtual ~CAttr_FileName() function DWORD (line 999) | __inline DWORD GetFilePermission(){} function virtual (line 1022) | virtual ~CAttr_VolInfo() function class (line 1042) | class CAttr_VolName : public CAttrResident function virtual (line 1061) | virtual ~CAttr_VolName() function GetName (line 1086) | __inline int GetName(char *buf, DWORD len) const function virtual (line 1109) | virtual ~CAttr_Data() function class (line 1119) | class CIndexEntry : public CFileName function class (line 1232) | class CIndexBlock : public CIndexEntryList function ParseIndexEntries (line 1309) | void CAttr_IndexRoot::ParseIndexEntries() function class (line 1342) | class CAttr_IndexAlloc : public CAttrNonResident function BOOL (line 1389) | BOOL CAttr_IndexAlloc::PatchUS(WORD *sector, int sectors, WORD usn, WORD... function ULONGLONG (line 1404) | __inline ULONGLONG CAttr_IndexAlloc::GetIndexBlockCount() function BOOL (line 1412) | BOOL CAttr_IndexAlloc::ParseIndexBlock(const ULONGLONG &vcn, CIndexBlock... type CSList (line 1584) | typedef CSList CFileRecordList; FILE: Exfiltration/NTFSParser/NTFSParser/NTFS_Common.h function virtual (line 93) | virtual ~CEntrySmartPtr() function ENTRY_TYPE (line 114) | __inline const ENTRY_TYPE* operator->() const function virtual (line 140) | virtual ~CSList() function BOOL (line 159) | BOOL InsertEntry(ENTRY_TYPE *entry) function RemoveAll (line 180) | void RemoveAll() function ENTRY_TYPE (line 197) | __inline ENTRY_TYPE *FindFirstEntry() const function ENTRY_TYPE (line 208) | __inline ENTRY_TYPE *FindNextEntry() const function ThrowAll (line 221) | __inline void ThrowAll() function virtual (line 243) | virtual ~CStack() function BOOL (line 261) | BOOL Push(ENTRY_TYPE *entry) function ENTRY_TYPE (line 280) | ENTRY_TYPE* Pop() function RemoveAll (line 299) | void RemoveAll() FILE: Exfiltration/NTFSParser/NTFSParser/NTFS_DataType.h type NTFS_BPB (line 25) | typedef struct tagNTFS_BPB type FILE_RECORD_HEADER (line 104) | typedef struct tagFILE_RECORD_HEADER type ATTR_HEADER_COMMON (line 154) | typedef struct tagATTR_HEADER_COMMON type ATTR_HEADER_RESIDENT (line 165) | typedef struct tagATTR_HEADER_RESIDENT type ATTR_HEADER_NON_RESIDENT (line 174) | typedef struct tagATTR_HEADER_NON_RESIDENT type ATTR_STANDARD_INFORMATION (line 204) | typedef struct tagATTR_STANDARD_INFORMATION type ATTR_ATTRIBUTE_LIST (line 223) | typedef struct tagATTR_ATTRIBUTE_LIST type ATTR_FILE_NAME (line 256) | typedef struct tagATTR_FILE_NAME type ATTR_VOLUME_INFORMATION (line 283) | typedef struct tagATTR_VOLUME_INFORMATION type ATTR_INDEX_ROOT (line 312) | typedef struct tagATTR_INDEX_ROOT type INDEX_ENTRY (line 334) | typedef struct tagINDEX_ENTRY type INDEX_BLOCK (line 364) | typedef struct tagINDEX_BLOCK FILE: Exfiltration/NTFSParser/NTFSParser/NTFS_FileRecord.h function class (line 24) | class CNTFSVolume function BOOL (line 348) | BOOL CFileRecord::ParseFileRecord(ULONGLONG fileRef) function BOOL (line 399) | BOOL CFileRecord::VisitIndexBlock(const ULONGLONG &vcn, const _TCHAR *fi... function TraverseSubNode (line 450) | void CFileRecord::TraverseSubNode(const ULONGLONG &vcn, SUBENTRY_CALLBAC... function BOOL (line 475) | BOOL CFileRecord::ParseAttrs() function BOOL (line 510) | BOOL CFileRecord::InstallAttrRawCB(DWORD attrType, ATTR_RAW_CALLBACK cb) function ClearAttrRawCB (line 523) | __inline void CFileRecord::ClearAttrRawCB() function SetAttrMask (line 530) | __inline void CFileRecord::SetAttrMask(DWORD mask) function TraverseAttrs (line 537) | void CFileRecord::TraverseAttrs(ATTRS_CALLBACK attrCallBack, void *context) function CAttrBase (line 561) | __inline const CAttrBase* CFileRecord::FindFirstAttr(DWORD attrType) const function CAttrBase (line 568) | const CAttrBase* CFileRecord::FindNextAttr(DWORD attrType) const function GetFileName (line 576) | int CFileRecord::GetFileName(_TCHAR *buf, DWORD bufLen) const function ULONGLONG (line 597) | __inline ULONGLONG CFileRecord::GetFileSize() const function TraverseSubEntries (line 629) | void CFileRecord::TraverseSubEntries(SUBENTRY_CALLBACK seCallBack) const function BOOL (line 655) | __inline const BOOL CFileRecord::FindSubEntry(const _TCHAR *fileName, CI... function CAttrBase (line 703) | const CAttrBase* CFileRecord::FindStream(_TCHAR *name) function BOOL (line 738) | __inline BOOL CFileRecord::IsReadOnly() const function BOOL (line 751) | __inline BOOL CFileRecord::IsSystem() const function BOOL (line 763) | __inline BOOL CFileRecord::IsEncrypted() const function BOOL (line 846) | BOOL CNTFSVolume::OpenVolume(_TCHAR volume) function BOOL (line 970) | BOOL CNTFSVolume::InstallAttrRawCB(DWORD attrType, ATTR_RAW_CALLBACK cb) function ClearAttrRawCB (line 983) | __inline void CNTFSVolume::ClearAttrRawCB() FILE: Exfiltration/NTFSParser/NTFSParserDLL/NTFSParserDLL.cpp type FileInfo_t (line 24) | struct FileInfo_t function HANDLE (line 32) | HANDLE __declspec(dllexport) StealthOpenFile(char* filePathCStr) function DWORD (line 124) | DWORD __declspec(dllexport) StealthReadFile(FileInfo_t* fileInfo, BYTE* ... function StealthCloseFile (line 155) | void __declspec(dllexport) StealthCloseFile(FileInfo_t* fileInfo) FILE: Exfiltration/NTFSParser/NTFSParserDLL/NTFS_Attribute.h type DataRun_Entry (line 24) | typedef struct tagDataRun_Entry type class (line 31) | typedef class CSList CDataRunList; type class (line 37) | typedef class CSList CIndexEntryList; function class (line 43) | class CAttrBase function class (line 184) | class CAttrResident : public CAttrBase function ULONGLONG (line 220) | __inline ULONGLONG CAttrResident::GetDataSize(ULONGLONG *allocSize) const function BOOL (line 230) | BOOL CAttrResident::ReadData(const ULONGLONG &offset, void *bufv, DWORD ... function class (line 256) | class CAttrNonResident : public CAttrBase function BOOL (line 300) | BOOL CAttrNonResident::PickData(const BYTE **dataRun, LONGLONG *length, ... function BOOL (line 336) | BOOL CAttrNonResident::ParseDataRun() function BOOL (line 393) | BOOL CAttrNonResident::ReadClusters(void *buf, DWORD clusters, LONGLONG ... function BOOL (line 437) | BOOL CAttrNonResident::ReadVirtualClusters(ULONGLONG vcn, DWORD clusters, function ULONGLONG (line 503) | __inline ULONGLONG CAttrNonResident::GetDataSize(ULONGLONG *allocSize) c... function BOOL (line 513) | BOOL CAttrNonResident::ReadData(const ULONGLONG &offset, void *bufv, DWO... function class (line 595) | class CAttr_StdInfo : public CAttrResident function GetFileTime (line 630) | void CAttr_StdInfo::GetFileTime(FILETIME *writeTm, FILETIME *createTm, F... function UTC2Local (line 677) | void CAttr_StdInfo::UTC2Local(const ULONGLONG &ultm, FILETIME *lftm) function class (line 695) | class CFileName function GetFileTime (line 964) | void CFileName::GetFileTime(FILETIME *writeTm, FILETIME *createTm, FILET... function virtual (line 989) | virtual ~CAttr_FileName() function DWORD (line 999) | __inline DWORD GetFilePermission(){} function virtual (line 1022) | virtual ~CAttr_VolInfo() function class (line 1042) | class CAttr_VolName : public CAttrResident function virtual (line 1061) | virtual ~CAttr_VolName() function GetName (line 1086) | __inline int GetName(char *buf, DWORD len) const function virtual (line 1109) | virtual ~CAttr_Data() function class (line 1119) | class CIndexEntry : public CFileName function class (line 1232) | class CIndexBlock : public CIndexEntryList function ParseIndexEntries (line 1309) | void CAttr_IndexRoot::ParseIndexEntries() function class (line 1342) | class CAttr_IndexAlloc : public CAttrNonResident function BOOL (line 1389) | BOOL CAttr_IndexAlloc::PatchUS(WORD *sector, int sectors, WORD usn, WORD... function ULONGLONG (line 1404) | __inline ULONGLONG CAttr_IndexAlloc::GetIndexBlockCount() function BOOL (line 1412) | BOOL CAttr_IndexAlloc::ParseIndexBlock(const ULONGLONG &vcn, CIndexBlock... type CSList (line 1584) | typedef CSList CFileRecordList; FILE: Exfiltration/NTFSParser/NTFSParserDLL/NTFS_Common.h function virtual (line 93) | virtual ~CEntrySmartPtr() function ENTRY_TYPE (line 114) | __inline const ENTRY_TYPE* operator->() const function virtual (line 140) | virtual ~CSList() function BOOL (line 159) | BOOL InsertEntry(ENTRY_TYPE *entry) function RemoveAll (line 180) | void RemoveAll() function ENTRY_TYPE (line 197) | __inline ENTRY_TYPE *FindFirstEntry() const function ENTRY_TYPE (line 208) | __inline ENTRY_TYPE *FindNextEntry() const function ThrowAll (line 221) | __inline void ThrowAll() function virtual (line 243) | virtual ~CStack() function BOOL (line 261) | BOOL Push(ENTRY_TYPE *entry) function ENTRY_TYPE (line 280) | ENTRY_TYPE* Pop() function RemoveAll (line 299) | void RemoveAll() FILE: Exfiltration/NTFSParser/NTFSParserDLL/NTFS_DataType.h type NTFS_BPB (line 25) | typedef struct tagNTFS_BPB type FILE_RECORD_HEADER (line 104) | typedef struct tagFILE_RECORD_HEADER type ATTR_HEADER_COMMON (line 154) | typedef struct tagATTR_HEADER_COMMON type ATTR_HEADER_RESIDENT (line 165) | typedef struct tagATTR_HEADER_RESIDENT type ATTR_HEADER_NON_RESIDENT (line 174) | typedef struct tagATTR_HEADER_NON_RESIDENT type ATTR_STANDARD_INFORMATION (line 204) | typedef struct tagATTR_STANDARD_INFORMATION type ATTR_ATTRIBUTE_LIST (line 223) | typedef struct tagATTR_ATTRIBUTE_LIST type ATTR_FILE_NAME (line 256) | typedef struct tagATTR_FILE_NAME type ATTR_VOLUME_INFORMATION (line 283) | typedef struct tagATTR_VOLUME_INFORMATION type ATTR_INDEX_ROOT (line 312) | typedef struct tagATTR_INDEX_ROOT type INDEX_ENTRY (line 334) | typedef struct tagINDEX_ENTRY type INDEX_BLOCK (line 364) | typedef struct tagINDEX_BLOCK FILE: Exfiltration/NTFSParser/NTFSParserDLL/NTFS_FileRecord.h function class (line 24) | class CNTFSVolume function BOOL (line 348) | BOOL CFileRecord::ParseFileRecord(ULONGLONG fileRef) function BOOL (line 399) | BOOL CFileRecord::VisitIndexBlock(const ULONGLONG &vcn, const _TCHAR *fi... function TraverseSubNode (line 450) | void CFileRecord::TraverseSubNode(const ULONGLONG &vcn, SUBENTRY_CALLBAC... function BOOL (line 475) | BOOL CFileRecord::ParseAttrs() function BOOL (line 510) | BOOL CFileRecord::InstallAttrRawCB(DWORD attrType, ATTR_RAW_CALLBACK cb) function ClearAttrRawCB (line 523) | __inline void CFileRecord::ClearAttrRawCB() function SetAttrMask (line 530) | __inline void CFileRecord::SetAttrMask(DWORD mask) function TraverseAttrs (line 537) | void CFileRecord::TraverseAttrs(ATTRS_CALLBACK attrCallBack, void *context) function CAttrBase (line 561) | __inline const CAttrBase* CFileRecord::FindFirstAttr(DWORD attrType) const function CAttrBase (line 568) | const CAttrBase* CFileRecord::FindNextAttr(DWORD attrType) const function GetFileName (line 576) | int CFileRecord::GetFileName(_TCHAR *buf, DWORD bufLen) const function ULONGLONG (line 597) | __inline ULONGLONG CFileRecord::GetFileSize() const function TraverseSubEntries (line 629) | void CFileRecord::TraverseSubEntries(SUBENTRY_CALLBACK seCallBack) const function BOOL (line 655) | __inline const BOOL CFileRecord::FindSubEntry(const _TCHAR *fileName, CI... function CAttrBase (line 703) | const CAttrBase* CFileRecord::FindStream(_TCHAR *name) function BOOL (line 738) | __inline BOOL CFileRecord::IsReadOnly() const function BOOL (line 751) | __inline BOOL CFileRecord::IsSystem() const function BOOL (line 763) | __inline BOOL CFileRecord::IsEncrypted() const function BOOL (line 846) | BOOL CNTFSVolume::OpenVolume(_TCHAR volume) function BOOL (line 970) | BOOL CNTFSVolume::InstallAttrRawCB(DWORD attrType, ATTR_RAW_CALLBACK cb) function ClearAttrRawCB (line 983) | __inline void CNTFSVolume::ClearAttrRawCB() FILE: Exfiltration/NTFSParser/NTFSParserDLL/dllmain.cpp function BOOL (line 21) | BOOL APIENTRY DllMain( HMODULE hModule,