SYMBOL INDEX (405 symbols across 16 files) FILE: DLL_encrypt.py function aesenc (line 7) | def aesenc(plain, key, iv): FILE: RIPPL/Indexes.h function namespace (line 26) | namespace andrivet { namespace ADVobfuscator { FILE: RIPPL/Log.h function namespace (line 26) | namespace andrivet { namespace ADVobfuscator { FILE: RIPPL/MetaFSM.h function namespace (line 45) | namespace andrivet { namespace ADVobfuscator { function R (line 88) | R ObfuscatedCallRet(F f, Args&&... args) function ObfuscatedCall (line 104) | void ObfuscatedCall(F f, Args&&... args) FILE: RIPPL/MetaRandom.h function namespace (line 30) | namespace andrivet { namespace ADVobfuscator { FILE: RIPPL/MetaString.h function namespace (line 28) | namespace andrivet { namespace ADVobfuscator { function wchar_t (line 76) | inline const wchar_t* decrypt() function wchar_t (line 88) | constexpr wchar_t ALWAYS_INLINE encrypt(wchar_t c, int k) const { return... function wchar_t (line 89) | constexpr wchar_t decrypt(wchar_t c) const { return encrypt(c, key()); } function encrypt (line 118) | constexpr char ALWAYS_INLINE encrypt(char c, size_t position) const { re... function decrypt (line 119) | constexpr char decrypt(char c, size_t position) const { return encrypt(c... function wchar_t (line 133) | inline const wchar_t* decrypt() function wchar_t (line 145) | constexpr wchar_t ALWAYS_INLINE encrypt(wchar_t c, size_t position) cons... function wchar_t (line 146) | constexpr wchar_t decrypt(wchar_t c, size_t position) const { return enc... function encrypt (line 175) | constexpr char ALWAYS_INLINE encrypt(char c) const { return c + key(K); } function decrypt (line 176) | constexpr char decrypt(char c) const { return c - key(K); } function wchar_t (line 190) | inline const wchar_t* decrypt() function wchar_t (line 202) | constexpr wchar_t ALWAYS_INLINE encrypt(wchar_t c) const { return c + ke... function wchar_t (line 203) | constexpr wchar_t decrypt(wchar_t c) const { return c - key(K); } FILE: RIPPL/RIPPL.cpp function wmain (line 11) | int wmain(int argc, wchar_t* argv[]) FILE: RIPPL/Unroller.h function namespace (line 25) | namespace andrivet { namespace ADVobfuscator { FILE: RIPPL/exploit.cpp function BOOL (line 4) | BOOL RunExploit(_In_ DWORD dwProcessId) function BOOL (line 431) | BOOL CheckRequirements() function BOOL (line 562) | BOOL IsCurrentUserSystem(_Out_ PBOOL pbResult) function BOOL (line 590) | BOOL GetHijackableDllName(_Out_ LPWSTR* ppwszDllName) function BOOL (line 619) | BOOL GetPayloadDll(_Out_ LPVOID * ppBuffer, _Out_ PDWORD pdwSize) function BOOL (line 659) | BOOL FindFileForTransaction(_In_ DWORD dwMinSize, _Out_ LPWSTR* ppwszFil... function BOOL (line 719) | BOOL WritePayloadDllTransacted(_Out_ PHANDLE pdhFile) function BOOL (line 832) | BOOL FindProcessTokenAndDuplicate(_In_ LPCWSTR pwszTargetSid, _Out_ PHAN... function BOOL (line 946) | BOOL Impersonate(_In_ HANDLE hToken) function BOOL (line 960) | BOOL ImpersonateUser(_In_ LPCWSTR pwszSid, _Out_ PHANDLE phToken, _In_op... function BOOL (line 997) | BOOL ImpersonateSystem(_Out_ PHANDLE phSystemToken) function BOOL (line 1007) | BOOL ImpersonateLocalService(_Out_ PHANDLE phLocalServiceToken) function BOOL (line 1013) | BOOL CheckKnownDllSymbolicLink(_In_ LPCWSTR pwszDllName, _In_ LPWSTR pws... function BOOL (line 1073) | BOOL MapDll(_In_ LPWSTR pwszSectionName, _Out_ PHANDLE phSection) function BOOL (line 1115) | BOOL UnmapDll(_In_ HANDLE hSection) function BOOL (line 1131) | BOOL PrepareCommandLine(_In_ DWORD dwProcessId, _In_ LPWSTR pwszFilePath... function BOOL (line 1164) | BOOL CreateProtectedProcessAsUser(_In_ HANDLE hToken, _In_ LPWSTR pwszCo... FILE: RIPPL/lazy_importer.hpp type li (line 49) | namespace li { type detail (line 50) | namespace detail { type win (line 52) | namespace win { type LIST_ENTRY_T (line 54) | struct LIST_ENTRY_T { type UNICODE_STRING_T (line 59) | struct UNICODE_STRING_T { type PEB_LDR_DATA_T (line 65) | struct PEB_LDR_DATA_T { type PEB_T (line 72) | struct PEB_T { type LDR_DATA_TABLE_ENTRY_T (line 80) | struct LDR_DATA_TABLE_ENTRY_T { method LAZY_IMPORTER_FORCEINLINE (line 93) | LAZY_IMPORTER_FORCEINLINE const LDR_DATA_TABLE_ENTRY_T* type IMAGE_DOS_HEADER (line 101) | struct IMAGE_DOS_HEADER { // DOS .EXE header type IMAGE_FILE_HEADER (line 123) | struct IMAGE_FILE_HEADER { type IMAGE_EXPORT_DIRECTORY (line 133) | struct IMAGE_EXPORT_DIRECTORY { type IMAGE_DATA_DIRECTORY (line 147) | struct IMAGE_DATA_DIRECTORY { type IMAGE_OPTIONAL_HEADER64 (line 152) | struct IMAGE_OPTIONAL_HEADER64 { type IMAGE_OPTIONAL_HEADER32 (line 185) | struct IMAGE_OPTIONAL_HEADER32 { type IMAGE_NT_HEADERS (line 219) | struct IMAGE_NT_HEADERS { type forwarded_hashes (line 231) | struct forwarded_hashes { function LAZY_IMPORTER_FORCEINLINE (line 240) | LAZY_IMPORTER_FORCEINLINE constexpr unsigned get_hash(offset_hash_pa... function LAZY_IMPORTER_FORCEINLINE (line 242) | LAZY_IMPORTER_FORCEINLINE constexpr unsigned get_offset(offset_hash_... function LAZY_IMPORTER_FORCEINLINE (line 245) | LAZY_IMPORTER_FORCEINLINE constexpr unsigned hash_single(unsigned va... function LAZY_IMPORTER_FORCEINLINE (line 252) | LAZY_IMPORTER_FORCEINLINE constexpr unsigned function LAZY_IMPORTER_FORCEINLINE (line 258) | LAZY_IMPORTER_FORCEINLINE constexpr offset_hash_pair khash( function hash (line 265) | LAZY_IMPORTER_FORCEINLINE unsigned hash(const CharT* str, unsigned o... function hash (line 277) | LAZY_IMPORTER_FORCEINLINE unsigned hash( function LAZY_IMPORTER_FORCEINLINE (line 289) | LAZY_IMPORTER_FORCEINLINE forwarded_hashes hash_forwarded( function LAZY_IMPORTER_FORCEINLINE (line 306) | LAZY_IMPORTER_FORCEINLINE const win::PEB_T* peb() noexcept function LAZY_IMPORTER_FORCEINLINE (line 323) | LAZY_IMPORTER_FORCEINLINE const win::PEB_LDR_DATA_T* ldr() function LAZY_IMPORTER_FORCEINLINE (line 328) | LAZY_IMPORTER_FORCEINLINE const win::IMAGE_NT_HEADERS* nt_headers( function LAZY_IMPORTER_FORCEINLINE (line 335) | LAZY_IMPORTER_FORCEINLINE const win::IMAGE_EXPORT_DIRECTORY* image_e... function LAZY_IMPORTER_FORCEINLINE (line 342) | LAZY_IMPORTER_FORCEINLINE const win::LDR_DATA_TABLE_ENTRY_T* ldr_dat... type exports_directory (line 348) | struct exports_directory { method LAZY_IMPORTER_FORCEINLINE (line 356) | LAZY_IMPORTER_FORCEINLINE method LAZY_IMPORTER_FORCEINLINE (line 370) | LAZY_IMPORTER_FORCEINLINE size_type size() const noexcept method LAZY_IMPORTER_FORCEINLINE (line 375) | LAZY_IMPORTER_FORCEINLINE const char* base() const noexcept { retu... method noexcept (line 376) | const noexcept method LAZY_IMPORTER_FORCEINLINE (line 381) | LAZY_IMPORTER_FORCEINLINE const char* name(size_type index) const ... method LAZY_IMPORTER_FORCEINLINE (line 388) | LAZY_IMPORTER_FORCEINLINE const char* address(size_type index) con... method LAZY_IMPORTER_FORCEINLINE (line 399) | LAZY_IMPORTER_FORCEINLINE bool is_forwarded( type safe_module_enumerator (line 407) | struct safe_module_enumerator { method LAZY_IMPORTER_FORCEINLINE (line 412) | LAZY_IMPORTER_FORCEINLINE safe_module_enumerator() noexcept method LAZY_IMPORTER_FORCEINLINE (line 421) | LAZY_IMPORTER_FORCEINLINE void reset() noexcept method LAZY_IMPORTER_FORCEINLINE (line 426) | LAZY_IMPORTER_FORCEINLINE bool next() noexcept type unsafe_module_enumerator (line 434) | struct unsafe_module_enumerator { method LAZY_IMPORTER_FORCEINLINE (line 438) | LAZY_IMPORTER_FORCEINLINE unsafe_module_enumerator() noexcept method LAZY_IMPORTER_FORCEINLINE (line 442) | LAZY_IMPORTER_FORCEINLINE void reset() noexcept { value = ldr_data... method LAZY_IMPORTER_FORCEINLINE (line 444) | LAZY_IMPORTER_FORCEINLINE bool next() noexcept class lazy_base (line 453) | class lazy_base { method LAZY_IMPORTER_FORCEINLINE (line 457) | LAZY_IMPORTER_FORCEINLINE static void*& _cache() noexcept method LAZY_IMPORTER_FORCEINLINE (line 465) | LAZY_IMPORTER_FORCEINLINE static T safe() noexcept method LAZY_IMPORTER_FORCEINLINE (line 471) | LAZY_IMPORTER_FORCEINLINE static T cached() noexcept method LAZY_IMPORTER_FORCEINLINE (line 481) | LAZY_IMPORTER_FORCEINLINE static T safe_cached() noexcept type lazy_module (line 488) | struct lazy_module : lazy_base> { method LAZY_IMPORTER_FORCEINLINE (line 490) | LAZY_IMPORTER_FORCEINLINE static T get() noexcept method LAZY_IMPORTER_FORCEINLINE (line 501) | LAZY_IMPORTER_FORCEINLINE static T in(Ldr ldr) noexcept method LAZY_IMPORTER_FORCEINLINE (line 512) | LAZY_IMPORTER_FORCEINLINE static T in_cached(Ldr ldr) noexcept type lazy_function (line 523) | struct lazy_function : lazy_base, T> { method LAZY_IMPORTER_FORCEINLINE (line 537) | LAZY_IMPORTER_FORCEINLINE static F get() noexcept method LAZY_IMPORTER_FORCEINLINE (line 568) | LAZY_IMPORTER_FORCEINLINE static F forwarded() noexcept method LAZY_IMPORTER_FORCEINLINE (line 604) | LAZY_IMPORTER_FORCEINLINE static F forwarded_safe() noexcept method LAZY_IMPORTER_FORCEINLINE (line 610) | LAZY_IMPORTER_FORCEINLINE static F forwarded_cached() noexcept method LAZY_IMPORTER_FORCEINLINE (line 619) | LAZY_IMPORTER_FORCEINLINE static F forwarded_safe_cached() noexcept method LAZY_IMPORTER_FORCEINLINE (line 625) | LAZY_IMPORTER_FORCEINLINE static F in(Module m) noexcept method LAZY_IMPORTER_FORCEINLINE (line 645) | LAZY_IMPORTER_FORCEINLINE static F in_safe(Module m) noexcept method LAZY_IMPORTER_FORCEINLINE (line 651) | LAZY_IMPORTER_FORCEINLINE static F in_cached(Module m) noexcept method LAZY_IMPORTER_FORCEINLINE (line 660) | LAZY_IMPORTER_FORCEINLINE static F in_safe_cached(Module m) noexcept method LAZY_IMPORTER_FORCEINLINE (line 666) | LAZY_IMPORTER_FORCEINLINE static F nt() noexcept method LAZY_IMPORTER_FORCEINLINE (line 672) | LAZY_IMPORTER_FORCEINLINE static F nt_safe() noexcept method LAZY_IMPORTER_FORCEINLINE (line 678) | LAZY_IMPORTER_FORCEINLINE static F nt_cached() noexcept method LAZY_IMPORTER_FORCEINLINE (line 684) | LAZY_IMPORTER_FORCEINLINE static F nt_safe_cached() noexcept FILE: RIPPL/ntdll.h type NTSTATUS (line 41) | typedef _Return_type_success_(return >= 0) LONG NTSTATUS; type LONG (line 43) | typedef LONG NTSTATUS; type EVENT_TYPE (line 93) | typedef enum _EVENT_TYPE type STRING (line 104) | typedef struct _STRING type UNICODE_STRING (line 116) | typedef struct _UNICODE_STRING type RTL_BITMAP (line 127) | typedef struct _RTL_BITMAP type RTL_BUFFER (line 137) | typedef struct _RTL_BUFFER type RTL_UNICODE_STRING_BUFFER (line 151) | typedef struct _RTL_UNICODE_STRING_BUFFER type STRING (line 159) | typedef STRING ANSI_STRING; type PSTRING (line 160) | typedef PSTRING PANSI_STRING; type STRING (line 162) | typedef STRING OEM_STRING; type PSTRING (line 163) | typedef PSTRING POEM_STRING; type CONST (line 164) | typedef CONST STRING* PCOEM_STRING; type UNICODE_STRING (line 166) | typedef const UNICODE_STRING *PCUNICODE_STRING; type OBJECT_ATTRIBUTES (line 192) | typedef struct _OBJECT_ATTRIBUTES type IO_STATUS_BLOCK (line 206) | typedef struct _IO_STATUS_BLOCK type CLIENT_ID (line 222) | typedef struct _CLIENT_ID function BOOLEAN (line 257) | BOOLEAN function FORCEINLINE (line 266) | FORCEINLINE function FORCEINLINE (line 275) | FORCEINLINE function FORCEINLINE (line 291) | FORCEINLINE function FORCEINLINE (line 307) | FORCEINLINE type GENERATE_NAME_CONTEXT (line 693) | typedef struct _GENERATE_NAME_CONTEXT type POOL_TYPE (line 749) | typedef enum _POOL_TYPE { type OBJECT_INFORMATION_CLASS (line 773) | typedef enum _OBJECT_INFORMATION_CLASS type OBJECT_BASIC_INFORMATION (line 789) | typedef struct _OBJECT_BASIC_INFORMATION type OBJECT_NAME_INFORMATION (line 808) | typedef struct _OBJECT_NAME_INFORMATION type OBJECT_TYPE_INFORMATION (line 817) | typedef struct _OBJECT_TYPE_INFORMATION type OBJECT_TYPES_INFORMATION (line 842) | typedef struct _OBJECT_TYPES_INFORMATION type OBJECT_HANDLE_FLAG_INFORMATION (line 853) | typedef struct _OBJECT_HANDLE_FLAG_INFORMATION type OBJECT_DIRECTORY_INFORMATION (line 863) | typedef struct _OBJECT_DIRECTORY_INFORMATION type RTL_GENERIC_COMPARE_RESULTS (line 995) | typedef enum _RTL_GENERIC_COMPARE_RESULTS type RTL_SPLAY_LINKS (line 1003) | typedef struct _RTL_SPLAY_LINKS type _RTL_GENERIC_TABLE (line 1011) | struct _RTL_GENERIC_TABLE type RTL_GENERIC_TABLE (line 1036) | typedef struct _RTL_GENERIC_TABLE type RTL_HANDLE_TABLE_ENTRY (line 1050) | typedef struct _RTL_HANDLE_TABLE_ENTRY type RTL_HANDLE_TABLE (line 1057) | typedef struct _RTL_HANDLE_TABLE type KEY_INFORMATION_CLASS (line 1236) | typedef enum _KEY_INFORMATION_CLASS type KEY_VALUE_INFORMATION_CLASS (line 1247) | typedef enum _KEY_VALUE_INFORMATION_CLASS type KEY_SET_INFORMATION_CLASS (line 1256) | typedef enum _KEY_SET_INFORMATION_CLASS type KEY_BASIC_INFORMATION (line 1263) | typedef struct _KEY_BASIC_INFORMATION type KEY_NODE_INFORMATION (line 1271) | typedef struct _KEY_NODE_INFORMATION type KEY_FULL_INFORMATION (line 1281) | typedef struct _KEY_FULL_INFORMATION type KEY_NAME_INFORMATION (line 1296) | typedef struct _KEY_NAME_INFORMATION type KEY_CACHED_INFORMATION (line 1301) | typedef struct _KEY_CACHED_INFORMATION type KEY_FLAGS_INFORMATION (line 1314) | typedef struct _KEY_FLAGS_INFORMATION type KEY_VALUE_BASIC_INFORMATION (line 1319) | typedef struct _KEY_VALUE_BASIC_INFORMATION type KEY_VALUE_FULL_INFORMATION (line 1327) | typedef struct _KEY_VALUE_FULL_INFORMATION type KEY_VALUE_PARTIAL_INFORMATION (line 1337) | typedef struct _KEY_VALUE_PARTIAL_INFORMATION type RTL_QUERY_REGISTRY_TABLE (line 1581) | typedef struct _RTL_QUERY_REGISTRY_TABLE type SYSTEM_INFORMATION_CLASS (line 1607) | typedef enum _SYSTEM_INFORMATION_CLASS type LONG (line 1714) | typedef LONG KPRIORITY; type SYSTEM_BASIC_INFORMATION (line 1719) | typedef struct _SYSTEM_BASIC_INFORMATION type SYSTEM_PROCESSOR_INFORMATION (line 1735) | typedef struct _SYSTEM_PROCESSOR_INFORMATION type SYSTEM_PERFORMANCE_INFORMATION (line 1745) | typedef struct _SYSTEM_PERFORMANCE_INFORMATION type SYSTEM_TIMEOFDAY_INFORMATION (line 1824) | typedef struct _SYSTEM_TIMEOFDAY_INFORMATION type SYSTEM_THREAD_INFORMATION (line 1839) | typedef struct _SYSTEM_THREAD_INFORMATION type SYSTEM_PROCESS_INFORMATION (line 1854) | typedef struct _SYSTEM_PROCESS_INFORMATION type SYSTEM_CALL_COUNT_INFORMATION (line 1903) | typedef struct _SYSTEM_CALL_COUNT_INFORMATION type SYSTEM_DEVICE_INFORMATION (line 1910) | typedef struct _SYSTEM_DEVICE_INFORMATION type SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION (line 1921) | typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION type SYSTEM_FLAGS_INFORMATION (line 1932) | typedef struct _SYSTEM_FLAGS_INFORMATION type SYSTEM_CALL_TIME_INFORMATION (line 1938) | typedef struct _SYSTEM_CALL_TIME_INFORMATION type RTL_PROCESS_MODULE_INFORMATION (line 1946) | typedef struct _RTL_PROCESS_MODULE_INFORMATION type RTL_PROCESS_MODULES (line 1960) | typedef struct _RTL_PROCESS_MODULES type RTL_PROCESS_LOCK_INFORMATION (line 1967) | typedef struct _RTL_PROCESS_LOCK_INFORMATION type RTL_PROCESS_LOCKS (line 1981) | typedef struct _RTL_PROCESS_LOCKS type RTL_PROCESS_BACKTRACE_INFORMATION (line 1988) | typedef struct _RTL_PROCESS_BACKTRACE_INFORMATION type RTL_PROCESS_BACKTRACES (line 1997) | typedef struct _RTL_PROCESS_BACKTRACES type SYSTEM_POOL_ENTRY (line 2007) | typedef struct _SYSTEM_POOL_ENTRY type SYSTEM_POOL_INFORMATION (line 2021) | typedef struct _SYSTEM_POOL_INFORMATION type SYSTEM_HANDLE_TABLE_ENTRY_INFO (line 2033) | typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO type SYSTEM_HANDLE_INFORMATION (line 2044) | typedef struct _SYSTEM_HANDLE_INFORMATION type SYSTEM_OBJECTTYPE_INFORMATION (line 2051) | typedef struct _SYSTEM_OBJECTTYPE_INFORMATION type SYSTEM_OBJECT_INFORMATION (line 2066) | typedef struct _SYSTEM_OBJECT_INFORMATION type SYSTEM_PAGEFILE_INFORMATION (line 2083) | typedef struct _SYSTEM_PAGEFILE_INFORMATION type SYSTEM_VDM_INSTEMUL_INFO (line 2093) | typedef struct _SYSTEM_VDM_INSTEMUL_INFO type SYSTEM_FILECACHE_INFORMATION (line 2134) | typedef struct _SYSTEM_FILECACHE_INFORMATION type SYSTEM_POOLTAG (line 2148) | typedef struct _SYSTEM_POOLTAG type SYSTEM_POOLTAG_INFORMATION (line 2162) | typedef struct _SYSTEM_POOLTAG_INFORMATION type SYSTEM_INTERRUPT_INFORMATION (line 2169) | typedef struct _SYSTEM_INTERRUPT_INFORMATION type SYSTEM_DPC_BEHAVIOR_INFORMATION (line 2180) | typedef struct _SYSTEM_DPC_BEHAVIOR_INFORMATION type SYSTEM_MEMORY_INFO (line 2190) | typedef struct _SYSTEM_MEMORY_INFO type SYSTEM_MEMORY_INFORMATION (line 2199) | typedef struct _SYSTEM_MEMORY_INFORMATION type SYSTEM_GDI_DRIVER_INFORMATION (line 2207) | typedef struct _SYSTEM_GDI_DRIVER_INFORMATION type SYSTEM_QUERY_TIME_ADJUST_INFORMATION (line 2221) | typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION type SYSTEM_SET_TIME_ADJUST_INFORMATION (line 2228) | typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION type SYSTEM_REF_TRACE_INFORMATION (line 2239) | typedef struct _SYSTEM_REF_TRACE_INFORMATION type SYSTEM_EXCEPTION_INFORMATION (line 2250) | typedef struct _SYSTEM_EXCEPTION_INFORMATION type SYSTEM_CRASH_STATE_INFORMATION (line 2259) | typedef struct _SYSTEM_CRASH_STATE_INFORMATION type SYSTEM_KERNEL_DEBUGGER_INFORMATION (line 2265) | typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION type SYSTEM_CONTEXT_SWITCH_INFORMATION (line 2272) | typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION type SYSTEM_REGISTRY_QUOTA_INFORMATION (line 2289) | typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION type SYSTEM_PLUGPLAY_BUS_INFORMATION (line 2303) | typedef struct _SYSTEM_PLUGPLAY_BUS_INFORMATION type SYSTEM_DOCK_STATE (line 2310) | typedef enum _SYSTEM_DOCK_STATE type INTERFACE_TYPE (line 2317) | typedef enum _INTERFACE_TYPE type SYSTEM_DOCK_INFORMATION (line 2339) | typedef struct _SYSTEM_DOCK_INFORMATION type SYSTEM_POWER_INFORMATION_NATIVE (line 2348) | typedef struct _SYSTEM_POWER_INFORMATION_NATIVE type SYSTEM_LEGACY_DRIVER_INFORMATION (line 2363) | typedef struct _SYSTEM_LEGACY_DRIVER_INFORMATION type SYSTEM_LOOKASIDE_INFORMATION (line 2374) | typedef struct _SYSTEM_LOOKASIDE_INFORMATION type SYSTEM_VERIFIER_INFORMATION (line 2402) | typedef struct _SYSTEM_VERIFIER_INFORMATION type SYSTEM_SESSION_PROCESS_INFORMATION (line 2434) | typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION type SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX (line 2454) | typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX type SYSTEM_HANDLE_INFORMATION_EX (line 2467) | typedef struct _SYSTEM_HANDLE_INFORMATION_EX type SYSTEM_HOTPATCH_CODE_INFORMATION (line 2476) | typedef struct _SYSTEM_HOTPATCH_CODE_INFORMATION type _SYSTEM_FIRMWARE_TABLE_INFORMATION (line 2532) | struct _SYSTEM_FIRMWARE_TABLE_INFORMATION type NTSTATUS (line 2533) | typedef NTSTATUS (__cdecl *PFNFTH)( type SYSTEM_FIRMWARE_TABLE_ACTION (line 2537) | typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION type SYSTEM_FIRMWARE_TABLE_HANDLER (line 2543) | typedef struct _SYSTEM_FIRMWARE_TABLE_HANDLER type SYSTEM_FIRMWARE_TABLE_INFORMATION (line 2554) | typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION type SYSTEM_MEMORY_LIST_INFORMATION (line 2566) | typedef struct _SYSTEM_MEMORY_LIST_INFORMATION type SYSTEM_PROCESS_ID_INFORMATION (line 2580) | typedef struct _SYSTEM_PROCESS_ID_INFORMATION type SYSTEM_BOOT_ENVIRONMENT_INFORMATION (line 2589) | typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION type SHUTDOWN_ACTION (line 2669) | typedef enum _SHUTDOWN_ACTION type FILE_INFORMATION_CLASS (line 2769) | typedef enum _FILE_INFORMATION_CLASS type FILE_DIRECTORY_INFORMATION (line 2865) | typedef struct _FILE_DIRECTORY_INFORMATION { type FILE_FULL_DIR_INFORMATION (line 2880) | typedef struct _FILE_FULL_DIR_INFORMATION { type FILE_BOTH_DIR_INFORMATION (line 2896) | typedef struct _FILE_BOTH_DIR_INFORMATION { type FILE_BASIC_INFORMATION (line 2914) | typedef struct _FILE_BASIC_INFORMATION { type FILE_STANDARD_INFORMATION (line 2923) | typedef struct _FILE_STANDARD_INFORMATION { type FILE_STANDARD_INFORMATION_EX (line 2932) | typedef struct _FILE_STANDARD_INFORMATION_EX { type FILE_INTERNAL_INFORMATION (line 2942) | typedef struct _FILE_INTERNAL_INFORMATION { type FILE_EA_INFORMATION (line 2947) | typedef struct _FILE_EA_INFORMATION { type FILE_ACCESS_INFORMATION (line 2952) | typedef struct _FILE_ACCESS_INFORMATION { type FILE_NAME_INFORMATION (line 2957) | typedef struct _FILE_NAME_INFORMATION { type FILE_RENAME_INFORMATION (line 2963) | typedef struct _FILE_RENAME_INFORMATION { type FILE_RENAME_INFORMATION_EX (line 2974) | typedef struct _FILE_RENAME_INFORMATION_EX { type FILE_NAMES_INFORMATION (line 2981) | typedef struct _FILE_NAMES_INFORMATION { type FILE_DISPOSITION_INFORMATION (line 2989) | typedef struct _FILE_DISPOSITION_INFORMATION { type FILE_POSITION_INFORMATION (line 2994) | typedef struct _FILE_POSITION_INFORMATION { type FILE_FULL_EA_INFORMATION (line 2999) | typedef struct _FILE_FULL_EA_INFORMATION { type FILE_MODE_INFORMATION (line 3008) | typedef struct _FILE_MODE_INFORMATION { type FILE_ALIGNMENT_INFORMATION (line 3013) | typedef struct _FILE_ALIGNMENT_INFORMATION { type FILE_ALL_INFORMATION (line 3018) | typedef struct _FILE_ALL_INFORMATION { type FILE_ALLOCATION_INFORMATION (line 3031) | typedef struct _FILE_ALLOCATION_INFORMATION { type FILE_END_OF_FILE_INFORMATION (line 3036) | typedef struct _FILE_END_OF_FILE_INFORMATION { type FILE_STREAM_INFORMATION (line 3041) | typedef struct _FILE_STREAM_INFORMATION { type FILE_PIPE_INFORMATION (line 3049) | typedef struct _FILE_PIPE_INFORMATION { type FILE_PIPE_LOCAL_INFORMATION (line 3055) | typedef struct _FILE_PIPE_LOCAL_INFORMATION { type FILE_PIPE_REMOTE_INFORMATION (line 3069) | typedef struct _FILE_PIPE_REMOTE_INFORMATION { type FILE_MAILSLOT_QUERY_INFORMATION (line 3075) | typedef struct _FILE_MAILSLOT_QUERY_INFORMATION { type FILE_MAILSLOT_SET_INFORMATION (line 3084) | typedef struct _FILE_MAILSLOT_SET_INFORMATION { type FILE_COMPRESSION_INFORMATION (line 3089) | typedef struct _FILE_COMPRESSION_INFORMATION { type FILE_LINK_INFORMATION (line 3099) | typedef struct _FILE_LINK_INFORMATION { type FILE_LINK_INFORMATION_EX (line 3115) | typedef struct _FILE_LINK_INFORMATION_EX { type FILE_OBJECTID_INFORMATION (line 3123) | typedef struct _FILE_OBJECTID_INFORMATION type FILE_COMPLETION_INFORMATION (line 3138) | typedef struct _FILE_COMPLETION_INFORMATION { type FILE_MOVE_CLUSTER_INFORMATION (line 3144) | typedef struct _FILE_MOVE_CLUSTER_INFORMATION { type FILE_NETWORK_OPEN_INFORMATION (line 3152) | typedef struct _FILE_NETWORK_OPEN_INFORMATION { type FILE_ATTRIBUTE_TAG_INFORMATION (line 3163) | typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION { type FILE_TRACKING_INFORMATION (line 3169) | typedef struct _FILE_TRACKING_INFORMATION { type FILE_REPARSE_POINT_INFORMATION (line 3176) | typedef struct _FILE_REPARSE_POINT_INFORMATION { type FILE_QUOTA_INFORMATION (line 3182) | typedef struct _FILE_QUOTA_INFORMATION { type FILE_ID_BOTH_DIR_INFORMATION (line 3193) | typedef struct _FILE_ID_BOTH_DIR_INFORMATION { type FILE_ID_FULL_DIR_INFORMATION (line 3212) | typedef struct _FILE_ID_FULL_DIR_INFORMATION { type FILE_VALID_DATA_LENGTH_INFORMATION (line 3229) | typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION { type FILE_IO_COMPLETION_NOTIFICATION_INFORMATION (line 3249) | typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION { type FILE_PROCESS_IDS_USING_FILE_INFORMATION (line 3254) | typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION { type FILE_IOSTATUSBLOCK_RANGE_INFORMATION (line 3260) | typedef struct _FILE_IOSTATUSBLOCK_RANGE_INFORMATION { type IO_PRIORITY_HINT (line 3266) | typedef enum _IO_PRIORITY_HINT { type FILE_IO_PRIORITY_HINT_INFORMATION (line 3276) | typedef struct _FILE_IO_PRIORITY_HINT_INFORMATION { type FILE_SFIO_RESERVE_INFORMATION (line 3285) | typedef struct _FILE_SFIO_RESERVE_INFORMATION { type FILE_SFIO_VOLUME_INFORMATION (line 3298) | typedef struct _FILE_SFIO_VOLUME_INFORMATION { type FILE_LINK_ENTRY_INFORMATION (line 3305) | typedef struct _FILE_LINK_ENTRY_INFORMATION { type FILE_LINKS_INFORMATION (line 3313) | typedef struct _FILE_LINKS_INFORMATION type FILE_ID_128 (line 3321) | typedef struct _FILE_ID_128 type FILE_LINK_ENTRY_FULL_ID_INFORMATION (line 3327) | typedef struct _FILE_LINK_ENTRY_FULL_ID_INFORMATION type FILE_ID_GLOBAL_TX_DIR_INFORMATION (line 3335) | typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION type FILE_IS_REMOTE_DEVICE_INFORMATION (line 3354) | typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION type FILE_NUMA_NODE_INFORMATION (line 3359) | typedef struct _FILE_NUMA_NODE_INFORMATION { type FILE_STANDARD_LINK_INFORMATION (line 3363) | typedef struct _FILE_STANDARD_LINK_INFORMATION type FILE_VOLUME_NAME_INFORMATION (line 3371) | typedef struct _FILE_VOLUME_NAME_INFORMATION type FILE_ID_INFORMATION (line 3377) | typedef struct _FILE_ID_INFORMATION type FILE_ID_EXTD_DIR_INFORMATION (line 3383) | typedef struct _FILE_ID_EXTD_DIR_INFORMATION type FILE_ID_EXTD_BOTH_DIR_INFORMATION (line 3401) | typedef struct _FILE_ID_EXTD_BOTH_DIR_INFORMATION type FILE_DISPOSITION_INFORMATION_EX (line 3427) | typedef struct _FILE_DISPOSITION_INFORMATION_EX type FILE_STORAGE_TIER_CLASS (line 3433) | typedef enum _FILE_STORAGE_TIER_CLASS { type FILE_DESIRED_STORAGE_CLASS_INFORMATION (line 3442) | typedef struct _FILE_DESIRED_STORAGE_CLASS_INFORMATION type FILE_STAT_INFORMATION (line 3450) | typedef struct _FILE_STAT_INFORMATION type FILE_MEMORY_PARTITION_INFORMATION (line 3465) | typedef struct _FILE_MEMORY_PARTITION_INFORMATION type FILE_STAT_LX_INFORMATION (line 3478) | typedef struct _FILE_STAT_LX_INFORMATION { type FILE_CASE_SENSITIVE_INFORMATION (line 3500) | typedef struct _FILE_CASE_SENSITIVE_INFORMATION type FS_INFORMATION_CLASS (line 3505) | typedef enum _FSINFOCLASS { type FILE_FS_VOLUME_INFORMATION (line 3522) | typedef struct _FILE_FS_VOLUME_INFORMATION { type FILE_FS_LABEL_INFORMATION (line 3531) | typedef struct _FILE_FS_LABEL_INFORMATION { type FILE_FS_SIZE_INFORMATION (line 3537) | typedef struct _FILE_FS_SIZE_INFORMATION { type FILE_FS_DEVICE_INFORMATION (line 3545) | typedef struct _FILE_FS_DEVICE_INFORMATION { type FILE_FS_ATTRIBUTE_INFORMATION (line 3551) | typedef struct _FILE_FS_ATTRIBUTE_INFORMATION { type FILE_FS_CONTROL_INFORMATION (line 3559) | typedef struct _FILE_FS_CONTROL_INFORMATION { type FILE_FS_FULL_SIZE_INFORMATION (line 3569) | typedef struct _FILE_FS_FULL_SIZE_INFORMATION { type FILE_FS_OBJECTID_INFORMATION (line 3578) | typedef struct _FILE_FS_OBJECTID_INFORMATION { type FILE_FS_DRIVER_PATH_INFORMATION (line 3584) | typedef struct _FILE_FS_DRIVER_PATH_INFORMATION { type FILE_FS_VOLUME_FLAGS_INFORMATION (line 3591) | typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION { type FILE_FS_SECTOR_SIZE_INFORMATION (line 3595) | typedef struct _FILE_FS_SECTOR_SIZE_INFORMATION { type RTL_PATH_TYPE (line 4098) | typedef enum _RTL_PATH_TYPE type CURDIR (line 4111) | typedef struct _CURDIR type PROCESSINFOCLASS (line 4230) | typedef enum _PROCESSINFOCLASS { type THREADINFOCLASS (line 4289) | typedef enum _THREADINFOCLASS { type RTL_DRIVE_LETTER_CURDIR (line 4312) | typedef struct _RTL_DRIVE_LETTER_CURDIR type SECTION_IMAGE_INFORMATION (line 4322) | typedef struct _SECTION_IMAGE_INFORMATION type RTL_USER_PROCESS_INFORMATION (line 4348) | typedef struct _RTL_USER_PROCESS_INFORMATION type RTL_USER_PROCESS_PARAMETERS (line 4359) | typedef struct _RTL_USER_PROCESS_PARAMETERS type PEB_FREE_BLOCK (line 4405) | typedef struct _PEB_FREE_BLOCK type PEB_LDR_DATA (line 4413) | typedef struct _PEB_LDR_DATA type LDR_DATA_TABLE_ENTRY (line 4458) | typedef struct _LDR_DATA_TABLE_ENTRY type PEB (line 4491) | typedef struct _PEB type TEB (line 4620) | typedef struct _TEB type PROCESS_BASIC_INFORMATION (line 4638) | typedef struct _PROCESS_BASIC_INFORMATION type BOOLEAN (line 4649) | typedef BOOLEAN (*PDLL_INIT_ROUTINE)( type VOID (line 4659) | typedef VOID (*PPS_APC_ROUTINE) ( type PORT_MESSAGE (line 4997) | typedef struct _PORT_MESSAGE type PORT_VIEW (line 5039) | typedef struct _PORT_VIEW { type REMOTE_PORT_VIEW (line 5058) | typedef struct _REMOTE_PORT_VIEW { type RTL_HEAP_PARAMETERS (line 5512) | typedef struct RTL_HEAP_PARAMETERS { type MEMORY_INFORMATION_CLASS (line 5649) | typedef enum _MEMORY_INFORMATION_CLASS type MEMORY_WORKING_SET_ENTRY (line 5658) | typedef struct _MEMORY_WORKING_SET_ENTRY type SECTION_INHERIT (line 5821) | typedef enum _SECTION_INHERIT type SECTION_INFORMATION_CLASS (line 5829) | typedef enum _SECTION_INFORMATION_CLASS type WAIT_TYPE (line 6036) | typedef enum _WAIT_TYPE { type EVENT_INFORMATION_CLASS (line 6085) | typedef enum _EVENT_INFORMATION_CLASS { type EVENT_BASIC_INFORMATION (line 6089) | typedef struct _EVENT_BASIC_INFORMATION { type TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE (line 6617) | typedef struct _TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE type TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE (line 6624) | typedef struct _TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE type TOKEN_SECURITY_ATTRIBUTE_V1 (line 6631) | typedef struct _TOKEN_SECURITY_ATTRIBUTE_V1 type TOKEN_SECURITY_ATTRIBUTES_INFORMATION (line 6650) | typedef struct _TOKEN_SECURITY_ATTRIBUTES_INFORMATION type HARDERROR_RESPONSE_OPTION (line 6873) | typedef enum _HARDERROR_RESPONSE_OPTION type HARDERROR_RESPONSE (line 6885) | typedef enum _HARDERROR_RESPONSE FILE: RIPPL/skCrypter.hpp type std (line 16) | namespace std type remove_reference (line 20) | struct remove_reference { type remove_reference<_Ty&> (line 25) | struct remove_reference<_Ty&> { type remove_reference<_Ty&&> (line 30) | struct remove_reference<_Ty&&> { type remove_const (line 39) | struct remove_const { // remove top-level const qualifier type remove_const (line 44) | struct remove_const { type skc (line 55) | namespace skc class skCrypter (line 61) | class skCrypter method skCrypter (line 64) | __forceinline constexpr skCrypter(T* data) method T (line 69) | __forceinline T* get() method size (line 74) | __forceinline int size() // (w)char count method key (line 79) | __forceinline char key() method T (line 84) | __forceinline T* encrypt() method T (line 92) | __forceinline T* decrypt() method isEncrypted (line 100) | __forceinline bool isEncrypted() method clear (line 105) | __forceinline void clear() // set full storage to 0 method crypt (line 121) | __forceinline constexpr void crypt(T* data) FILE: RIPPL/utils.cpp function BOOL (line 3) | BOOL ParseArguments(int argc, wchar_t* argv[]) function VOID (line 142) | VOID PrintArguments() function VOID (line 147) | VOID PrintUsage() function VOID (line 210) | VOID PrintLastError(LPCWSTR pwszFunctionName) function VOID (line 216) | VOID PrintDebug(LPCWSTR pwszFormat, ...) function BOOL (line 252) | BOOL ProcessGetProtectionLevel(DWORD dwProcessId, PDWORD pdwProtectionLe... function BOOL (line 281) | BOOL ProcessGetProtectionLevelAsString(DWORD dwProcessId, LPWSTR* ppwszP... function BOOL (line 337) | BOOL ProcessGetIntegrityLevel(DWORD dwProcessId, PDWORD pdwIntegrityLevel) function BOOL (line 379) | BOOL ProcessGetPIDFromName(LPWSTR pwszProcessName, PDWORD pdwProcessId) function HANDLE (line 448) | HANDLE ObjectManagerCreateDirectory(LPCWSTR dirname) function HANDLE (line 469) | HANDLE ObjectManagerCreateSymlink(LPCWSTR linkname, LPCWSTR targetname) function BOOL (line 492) | BOOL TokenGetSid(HANDLE hToken, PSID* ppSid) function BOOL (line 536) | BOOL TokenGetSidAsString(HANDLE hToken, LPWSTR* ppwszStringSid) function BOOL (line 553) | BOOL TokenCompareSids(PSID pSidA, PSID pSidB) function BOOL (line 571) | BOOL TokenGetUsername(HANDLE hToken, LPWSTR* ppwszUsername) function BOOL (line 605) | BOOL TokenCheckPrivilege(HANDLE hToken, LPCWSTR pwszPrivilege, BOOL bEna... function BOOL (line 689) | BOOL TokenIsNotRestricted(HANDLE hToken, PBOOL pbIsNotRestricted) function BOOL (line 726) | BOOL MiscSystemArchIsAmd64() function BOOL (line 733) | BOOL MiscGenerateGuidString(LPWSTR* ppwszGuid) function AESDecrypt (line 760) | bool AESDecrypt(_Inout_ BYTE* payload, _In_ DWORD payload_len, _In_ BYTE... function UnhookDll (line 788) | bool UnhookDll(_In_ LPCWSTR lpszDllName) FILE: RIPPLDLL/RIPPLDLL.cpp function BOOL (line 42) | BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID ... function LogonUserExExW (line 89) | void APIENTRY LogonUserExExW() { } function BriCreateBrokeredEvent (line 94) | void APIENTRY BriCreateBrokeredEvent() { } function BriDeleteBrokeredEvent (line 95) | void APIENTRY BriDeleteBrokeredEvent() { } function EaCreateAggregatedEvent (line 96) | void APIENTRY EaCreateAggregatedEvent() { } function EACreateAggregateEvent (line 97) | void APIENTRY EACreateAggregateEvent() { } function EaQueryAggregatedEventParameters (line 98) | void APIENTRY EaQueryAggregatedEventParameters() { } function EAQueryAggregateEventData (line 99) | void APIENTRY EAQueryAggregateEventData() { } function EaFreeAggregatedEventParameters (line 100) | void APIENTRY EaFreeAggregatedEventParameters() { } function EaDeleteAggregatedEvent (line 101) | void APIENTRY EaDeleteAggregatedEvent() { } function EADeleteAggregateEvent (line 102) | void APIENTRY EADeleteAggregateEvent() { } FILE: RIPPLDLL/dllexploit.cpp function DoStuff (line 3) | void DoStuff() function LogToConsole (line 177) | void LogToConsole(LPCWSTR pwszFormat, ...) function LogLastError (line 230) | void LogLastError(LPCWSTR pwszFunctionName) function BOOL (line 237) | BOOL GetCurrentDllFileName(LPWSTR* ppwszDllName) function BOOL (line 257) | BOOL DeleteKnownDllEntry(LPCWSTR pwszDllName) function BOOL (line 392) | BOOL ParseCommandLine() function UnhookDll (line 423) | bool UnhookDll(_In_ LPCWSTR lpszDllName) function BOOL (line 502) | BOOL SetPrivilege(HANDLE token, std::wstring privilege, bool enabled) function BOOL (line 537) | BOOL SetIntegrity(HANDLE hToken, std::wstring integrityLevel) function BOOL (line 558) | BOOL SandboxToken(DWORD dwProcessId) function BOOL (line 608) | BOOL DumpProcessMemory(DWORD dwProcessId, LPWSTR pwszDumpFilePath) function BOOL (line 665) | BOOL KillProcess(DWORD dwProcessId) function BOOL (line 684) | BOOL SuspendProcess(DWORD dwProcessId) function BOOL (line 712) | BOOL ResumeProcess(DWORD dwProcessId) function BOOL (line 736) | BOOL JobKillProcess(DWORD dwProcessId) function BOOL (line 762) | BOOL JobSuppressProcess(DWORD dwProcessId) function BOOL (line 794) | BOOL SuicideProcess(DWORD dwProcessId) function BOOL (line 823) | BOOL DriverUnload(std::wstring driverName) FILE: carboncopy.py function CarbonCopy (line 18) | def CarbonCopy(host, port, signee, signed): function main (line 91) | def main():