PHP: 1. // 2. // syscall c-style generator 3. // 4. 5. #include <windows.h> 6. #include <stdio.h> 7. 8. enum GENERATION_TYPE { G_DEFINES, G_NAME_ARRAY, G_BOTH }; 9. 10. #define DEFINE_PREFIX "Sdt_" 11. #define ORDINAL_TYPE "0x%03x" 12. #define GENERATE_NT 1 13. #define GENERATE_ZW 1 14. 15. #define ARRAY_NAME "SdtFunctions" 16. 17. //GENERATION_TYPE GenType = G_NAME_ARRAY; 18. GENERATION_TYPE GenType = G_BOTH; 19. 20. char *GetWinNameByVer (ULONG Major, ULONG Minor) 21. { 22. switch (Major) 23. { 24. case 4: 25. 26. return "NT 4"; 27. 28. case 5: 29. 30. switch (Minor) 31. { 32. case 0: return "2000"; 33. case 1: return "XP"; 34. case 2: return "2003 Server"; 35. } 36. 37. case 6: 38. 39. switch (Minor) 40. { 41. case 0: return "Vista"; 42. } 43. 44. } 45. 46. return "(unk)"; 47. } 48. 49. int _main(); 50. 51. int main() 52. { 53. OSVERSIONINFOEX ver = {sizeof(ver)}; 54. 55. if (!GetVersionEx ( (OSVERSIONINFO*)&ver )) 56. return printf("Cannot ger version\n"); 57. 58. printf("//\n// syscall info\n// generated for Windows %s (NT %d.%d) Build %d %s\n//\n\n", 59. GetWinNameByVer (ver.dwMajorVersion, ver.dwMinorVersion), 60. ver.dwMajorVersion, ver.dwMinorVersion, ver.dwBuildNumber, ver.szCSDVersion); 61. 62. 63. switch (GenType) 64. { 65. case G_DEFINES: 66. case G_NAME_ARRAY: 67. return _main(); 68. 69. case G_BOTH: 70. GenType = G_NAME_ARRAY; 71. _main(); 72. 73. GenType = G_DEFINES; 74. _main(); 75. } 76. 77. return 0; 78. } 79. 80. int _main() 81. { 82. HMODULE Base = GetModuleHandle ("ntdll.dll"); 83. if (!Base) 84. return printf("Cannot get handle of ntdll\n"); 85. 86. PIMAGE_DOS_HEADER mz; 87. PIMAGE_FILE_HEADER pfh; 88. PIMAGE_OPTIONAL_HEADER poh; 89. PIMAGE_EXPORT_DIRECTORY pexd; 90. PDWORD AddressOfFunctions; 91. PDWORD AddressOfNames; 92. PWORD AddressOfNameOrdinals; 93. int i; 94. 95. // Get headers 96. *(PBYTE*)&mz = (PBYTE)Base; 97. *(PBYTE*)&pfh = (PBYTE)Base + mz->e_lfanew + sizeof(IMAGE_NT_SIGNATURE); 98. *(PIMAGE_FILE_HEADER*)&poh = pfh + 1; 99. 100. // Get export 101. *(PBYTE*)&pexd = (PBYTE)Base + poh->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; 102. 103. *(PBYTE*)&AddressOfFunctions = (PBYTE)Base + pexd->AddressOfFunctions; 104. *(PBYTE*)&AddressOfNames = (PBYTE)Base + pexd->AddressOfNames; 105. *(PBYTE*)&AddressOfNameOrdinals = (PBYTE)Base + pexd->AddressOfNameOrdinals; 106. 107. PCHAR SdtFunctions [0x400] = {0}; 108. ULONG Number = 0; 109. 110. for( i=0; i<pexd->NumberOfNames; i++ ) 111. { 112. PCHAR Name = ((char*)Base + AddressOfNames[i]); 113. PVOID Addr = (PVOID*)((DWORD)Base + AddressOfFunctions[AddressOfNameOrdinals[i]]); 114. 115. if ( *(USHORT*)Name == 'tN' ) // Nt** 116. { 117. if ( *(UCHAR*)Addr == 0xB8 ) // MOV EAX, XXXXXXXX 118. { 119. Number = *(ULONG*)( (UCHAR*)Addr + 1 ); 120. 121. switch (GenType) 122. { 123. case G_DEFINES: 124. 125. #if GENERATE_NT 126. printf ("#define " DEFINE_PREFIX "%-52s" ORDINAL_TYPE "\n", Name, Number); 127. #endif 128. 129. #if GENERATE_ZW 130. printf ("#define " DEFINE_PREFIX "Zw%-50s" ORDINAL_TYPE "\n", Name+2, Number); 131. #endif 132. 133. break; 134. 135. case G_NAME_ARRAY: 136. 137. SdtFunctions [Number] = Name; 138. break; 139. } 140. } 141. } 142. } 143. 144. if (GenType == G_DEFINES) 145. return printf("\n"); 146. 147. printf("char* " ARRAY_NAME " [%d] = {\n", Number); 148. 149. // Name array 150. for (i=0; i<=Number; i++) 151. { 152. char end_char = (i == Number ? ' ' : ','); 153. 154. if (SdtFunctions[i] == NULL) 155. printf (" NULL%c\n", end_char); 156. else 157. printf(" \"%s\"%c\n", SdtFunctions[i], end_char); 158. } 159. 160. printf("};\n\n"); 161. 162. return 0; 163. } не моё
