include ntdll headers

saferwall · Jun 20, 2023 · f1265bc · f1265bc
1 parent 2394b34
commit f1265bc
Show file tree

Hide file tree

Showing 7 changed files with 51 additions and 2 deletions.
diff --git a/assets/header.h b/assets/header.h
@@ -0,0 +1,2 @@
+//typedef unsigned int  uintptr_t;
+#include<vadefs.h>
diff --git a/assets/ntdll.json b/assets/ntdll.json
@@ -0,0 +1,21 @@
+{
+  "ntdll.dll": {
+    "RtlZeroMemory": {
+      "callconv": "NTAPI",
+      "name": "RtlZeroMemory",
+      "retVal": "VOID",
+      "params": [
+        {
+          "anno": "_In_",
+          "type": "PVOID",
+          "name": "Destination"
+        },
+        {
+          "anno": "_In_",
+          "type": "SIZE_T",
+          "name": "Length"
+        }
+      ]
+    }
+  }
+}
diff --git a/cmd/parse.go b/cmd/parse.go
@@ -164,7 +164,7 @@ func run() {
 			prototype = utils.Standardize(prototype)
 			prototypes = append(prototypes, prototype)
 
-			if strings.Contains(v, "RtlZeroMemo") {
+			if strings.Contains(v, "lstrcatW") {
 				log.Print(v)
 			}
 
@@ -184,6 +184,9 @@ func run() {
 			} else if strings.HasPrefix(prototype, "LWSTDAPI_(PCWSTR)") {
 				prototype = strings.ReplaceAll(prototype, "LWSTDAPI_(PCWSTR)", "")
 				prototype = "PCWSTR LWSTDAPI" + prototype
+			} else if strings.Contains(prototype, "// deprecated: annotation is as good as it gets") {
+				prototype = strings.ReplaceAll(prototype, "// deprecated: annotation is as good as it gets", "")
+
 			}
 			mProto := utils.RegSubMatchToMapString(parser.RegProto, prototype)
 			if !utils.StringInSlice(mProto["ApiName"], wantedAPIs) && !utils.StringInSlice(mProto["ApiName"], customHookHHandlerAPIs) {

diff --git a/cmd/utils.go b/cmd/utils.go
@@ -0,0 +1,17 @@
+package cmd
+
+import (
+	"os"
+	"path/filepath"
+)
+
+func walkDir(root string) ([]string, error) {
+	var files []string
+	err := filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
+		if info.IsDir() {
+			files = append(files, path)
+		}
+		return nil
+	})
+	return files, err
+}
diff --git a/go.mod b/go.mod
@@ -5,6 +5,7 @@ go 1.19
 require (
 	github.com/dlclark/regexp2 v1.8.1
 	github.com/spf13/cobra v1.6.1
+	github.com/xlab/c-for-go v0.0.0-20230525154154-591bf68d0b1e
 	modernc.org/cc/v4 v4.1.2
 )
 

diff --git a/go.sum b/go.sum
@@ -1,4 +1,5 @@
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/dlclark/regexp2 v1.8.1 h1:6Lcdwya6GjPUNsBct8Lg/yRPwMhABj269AAzdGSiR+0=
 github.com/dlclark/regexp2 v1.8.1/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
@@ -13,7 +14,11 @@ github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
 github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/xlab/c-for-go v0.0.0-20230525154154-591bf68d0b1e h1:USeSE/9TTDNkwwDcNDvt8pULORcarVUODmavs0HgC9o=
+github.com/xlab/c-for-go v0.0.0-20230525154154-591bf68d0b1e/go.mod h1:NYjqfg762bzbQeElSH5apzukcCvK3Vxa8pA2jci6T4s=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 modernc.org/cc/v4 v4.1.2 h1:FPgO8v/K4sWxZ/aOq/VaSu5+uVHKK1/FQGgo4bKQ2K8=
 modernc.org/cc/v4 v4.1.2/go.mod h1:BJxJqpuBaEIVrXKg7VEA1bleuqXqQ3Z2RPSCh0KaXH8=

diff --git a/internal/parser/api.go b/internal/parser/api.go
@@ -15,7 +15,7 @@ import (
 
 const (
 	// RegAPIs is a regex that extract API prototypes.
-	RegAPIs = `(_Success_|HANDLE|INTERNETAPI|WINHTTPAPI|BOOLAPI|BOOL|STDAPI|SHSTDAPI|LWSTDAPI|WINUSERAPI|WINBASEAPI|WINADVAPI|NTSTATUS|NTAPI|_Must_inspect_result_|BOOLEAN|int|errno_t|wchar_t\*)[\w\s\)\(,\[\]\!*+=&<>/|]+;`
+	RegAPIs = `(_Success_|HANDLE|INTERNETAPI|WINHTTPAPI|BOOLAPI|BOOL|STDAPI|SHSTDAPI|LWSTDAPI|WINUSERAPI|WINBASEAPI|WINADVAPI|NTSTATUS|NTAPI|_Must_inspect_result_|BOOLEAN|int|errno_t|wchar_t\*)[\w\s\)\(,\[\]\!*+=&<>/|:]+;`
 
 	// RegProto extracts API information.
 	RegProto = `(?P<Attr>WINBASEAPI|WINADVAPI|WSAAPI)?( )?(?P<RetValType>[A-Za-z]+) (?P<CallConv>WINAPI|APIENTRY|WSAAPI|SHSTDAPI|LWSTDAPI|NTAPI) (?P<ApiName>[a-zA-Z0-9]+)( )?\((?P<Params>.*)\);`
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		//typedef unsigned int uintptr_t;
		#include<vadefs.h>