forked from mbinns/WMI-PoC
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathKernelbaseWrapper.hpp
More file actions
executable file
·72 lines (62 loc) · 2.15 KB
/
KernelbaseWrapper.hpp
File metadata and controls
executable file
·72 lines (62 loc) · 2.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#include "ExportInterface.hpp"
class KernelbaseWrapper {
public:
BOOL IReady = FALSE;
KernelbaseWrapper() :
lpOpenProcessToken(IFind.LoadAndFindSingleExport("kseaerb.nldlel", "OepcsneosenrTkPo")),
lpGetTokenInformation(IFind.LoadAndFindSingleExport("kseaerb.nldlel", "GIienntotefanTkomor"))
{
if (lpOpenProcessToken != nullptr && lpGetTokenInformation != nullptr)
IReady = TRUE;
}
BOOL WINAPI OpenProcessToken(
_In_ HANDLE ProcessHandle,
_In_ DWORD DesiredAccess,
_Outptr_ PHANDLE TokenHandle
)
{
return _SafeOpenProcessToken(ProcessHandle, DesiredAccess, TokenHandle);
}
BOOL WINAPI GetTokenInformation(
_In_ HANDLE TokenHandle,
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) LPVOID TokenInformation,
_In_ DWORD TokenInformationLength,
_Out_ PDWORD ReturnLength
)
{
return _SafeGetTokenInformation(TokenHandle, TokenInformationClass, TokenInformation, TokenInformationLength, ReturnLength);
}
private:
IExport IFind;
LPVOID lpOpenProcessToken = nullptr;
LPVOID lpGetTokenInformation = nullptr;
LPVOID slpOpenProcessToken = (LPVOID)((uintptr_t)lpOpenProcessToken + 0x0);
LPVOID slpGetTokenInformation = (LPVOID)((uintptr_t)lpGetTokenInformation + 0x0);
BOOL(WINAPI* _SafeOpenProcessToken)(
_In_ HANDLE ProcessHandle,
_In_ DWORD DesiredAccess,
_Outptr_ PHANDLE TokenHandle
)
=
(BOOL(WINAPI*)(
_In_ HANDLE ProcessHandle,
_In_ DWORD DesiredAccess,
_Outptr_ PHANDLE TokenHandle
))slpOpenProcessToken;
BOOL(WINAPI* _SafeGetTokenInformation)(
_In_ HANDLE TokenHandle,
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) LPVOID TokenInformation,
_In_ DWORD TokenInformationLength,
_Out_ PDWORD ReturnLength
)
=
(BOOL(WINAPI*)(
_In_ HANDLE TokenHandle,
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) LPVOID TokenInformation,
_In_ DWORD TokenInformationLength,
_Out_ PDWORD ReturnLength
))slpGetTokenInformation;
};