From f1265bc7b7bd4e1d6ece01a5231d66bdd8f66528 Mon Sep 17 00:00:00 2001 From: LordNoteworthy Date: Tue, 20 Jun 2023 10:27:30 +1000 Subject: [PATCH] include ntdll headers --- assets/header.h | 2 ++ assets/ntdll.json | 21 +++++++++++++++++++++ cmd/parse.go | 5 ++++- cmd/utils.go | 17 +++++++++++++++++ go.mod | 1 + go.sum | 5 +++++ internal/parser/api.go | 2 +- 7 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 assets/header.h create mode 100644 assets/ntdll.json create mode 100644 cmd/utils.go diff --git a/assets/header.h b/assets/header.h new file mode 100644 index 0000000..b383722 --- /dev/null +++ b/assets/header.h @@ -0,0 +1,2 @@ +//typedef unsigned int uintptr_t; +#include \ No newline at end of file diff --git a/assets/ntdll.json b/assets/ntdll.json new file mode 100644 index 0000000..a262eb6 --- /dev/null +++ b/assets/ntdll.json @@ -0,0 +1,21 @@ +{ + "ntdll.dll": { + "RtlZeroMemory": { + "callconv": "NTAPI", + "name": "RtlZeroMemory", + "retVal": "VOID", + "params": [ + { + "anno": "_In_", + "type": "PVOID", + "name": "Destination" + }, + { + "anno": "_In_", + "type": "SIZE_T", + "name": "Length" + } + ] + } + } +} diff --git a/cmd/parse.go b/cmd/parse.go index 81399be..c9502e9 100644 --- a/cmd/parse.go +++ b/cmd/parse.go @@ -164,7 +164,7 @@ func run() { prototype = utils.Standardize(prototype) prototypes = append(prototypes, prototype) - if strings.Contains(v, "RtlZeroMemo") { + if strings.Contains(v, "lstrcatW") { log.Print(v) } @@ -184,6 +184,9 @@ func run() { } else if strings.HasPrefix(prototype, "LWSTDAPI_(PCWSTR)") { prototype = strings.ReplaceAll(prototype, "LWSTDAPI_(PCWSTR)", "") prototype = "PCWSTR LWSTDAPI" + prototype + } else if strings.Contains(prototype, "// deprecated: annotation is as good as it gets") { + prototype = strings.ReplaceAll(prototype, "// deprecated: annotation is as good as it gets", "") + } mProto := utils.RegSubMatchToMapString(parser.RegProto, prototype) if !utils.StringInSlice(mProto["ApiName"], wantedAPIs) && !utils.StringInSlice(mProto["ApiName"], customHookHHandlerAPIs) { diff --git a/cmd/utils.go b/cmd/utils.go new file mode 100644 index 0000000..0dbbdac --- /dev/null +++ b/cmd/utils.go @@ -0,0 +1,17 @@ +package cmd + +import ( + "os" + "path/filepath" +) + +func walkDir(root string) ([]string, error) { + var files []string + err := filepath.Walk(root, func(path string, info os.FileInfo, err error) error { + if info.IsDir() { + files = append(files, path) + } + return nil + }) + return files, err +} diff --git a/go.mod b/go.mod index 664f72b..2edbea4 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,7 @@ go 1.19 require ( github.com/dlclark/regexp2 v1.8.1 github.com/spf13/cobra v1.6.1 + github.com/xlab/c-for-go v0.0.0-20230525154154-591bf68d0b1e modernc.org/cc/v4 v4.1.2 ) diff --git a/go.sum b/go.sum index dd0300f..6fb966d 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,5 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/dlclark/regexp2 v1.8.1 h1:6Lcdwya6GjPUNsBct8Lg/yRPwMhABj269AAzdGSiR+0= github.com/dlclark/regexp2 v1.8.1/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= @@ -13,7 +14,11 @@ github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= +github.com/xlab/c-for-go v0.0.0-20230525154154-591bf68d0b1e h1:USeSE/9TTDNkwwDcNDvt8pULORcarVUODmavs0HgC9o= +github.com/xlab/c-for-go v0.0.0-20230525154154-591bf68d0b1e/go.mod h1:NYjqfg762bzbQeElSH5apzukcCvK3Vxa8pA2jci6T4s= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= modernc.org/cc/v4 v4.1.2 h1:FPgO8v/K4sWxZ/aOq/VaSu5+uVHKK1/FQGgo4bKQ2K8= modernc.org/cc/v4 v4.1.2/go.mod h1:BJxJqpuBaEIVrXKg7VEA1bleuqXqQ3Z2RPSCh0KaXH8= diff --git a/internal/parser/api.go b/internal/parser/api.go index 5d5d2bd..659ce72 100644 --- a/internal/parser/api.go +++ b/internal/parser/api.go @@ -15,7 +15,7 @@ import ( const ( // RegAPIs is a regex that extract API prototypes. - RegAPIs = `(_Success_|HANDLE|INTERNETAPI|WINHTTPAPI|BOOLAPI|BOOL|STDAPI|SHSTDAPI|LWSTDAPI|WINUSERAPI|WINBASEAPI|WINADVAPI|NTSTATUS|NTAPI|_Must_inspect_result_|BOOLEAN|int|errno_t|wchar_t\*)[\w\s\)\(,\[\]\!*+=&<>/|]+;` + RegAPIs = `(_Success_|HANDLE|INTERNETAPI|WINHTTPAPI|BOOLAPI|BOOL|STDAPI|SHSTDAPI|LWSTDAPI|WINUSERAPI|WINBASEAPI|WINADVAPI|NTSTATUS|NTAPI|_Must_inspect_result_|BOOLEAN|int|errno_t|wchar_t\*)[\w\s\)\(,\[\]\!*+=&<>/|:]+;` // RegProto extracts API information. RegProto = `(?PWINBASEAPI|WINADVAPI|WSAAPI)?( )?(?P[A-Za-z]+) (?PWINAPI|APIENTRY|WSAAPI|SHSTDAPI|LWSTDAPI|NTAPI) (?P[a-zA-Z0-9]+)( )?\((?P.*)\);`