Classes
class	c_winobjs

class	find_data_mngr

class	handle_generator

class	hobj

class	mdl

class	systeminfo

class	whandle

class	win32_find_data

Functions
def	whoami

def	kernel32_HeapAlloc

def	kernel32_HeapFree

def	kernel32_GlobalAlloc

def	kernel32_LocalFree

def	kernel32_LocalAlloc

def	kernel32_GlobalFree

def	kernel32_IsDebuggerPresent

def	kernel32_CreateToolhelp32Snapshot

def	kernel32_GetCurrentProcess

def	kernel32_GetCurrentProcessId

def	kernel32_Process32First

def	kernel32_Process32Next

def	kernel32_GetTickCount

def	kernel32_GetVersion

def	kernel32_GetVersionEx

def	kernel32_GetPriorityClass

def	kernel32_SetPriorityClass

def	kernel32_CloseHandle

def	user32_GetForegroundWindow

def	user32_FindWindowA

def	user32_GetTopWindow

def	user32_BlockInput

def	advapi32_CryptAcquireContext

def	advapi32_CryptAcquireContextA

def	advapi32_CryptAcquireContextW

def	advapi32_CryptCreateHash

def	advapi32_CryptHashData

def	advapi32_CryptGetHashParam

def	advapi32_CryptReleaseContext

def	advapi32_CryptDeriveKey

def	advapi32_CryptDestroyHash

def	advapi32_CryptDecrypt

def	kernel32_CreateFile

def	kernel32_CreateFileA

def	kernel32_CreateFileW

def	kernel32_ReadFile

def	kernel32_GetFileSize

def	kernel32_GetFileSizeEx

def	kernel32_FlushInstructionCache

def	kernel32_VirtualProtect

def	kernel32_VirtualAlloc

def	kernel32_VirtualFree

def	user32_GetWindowLongA

def	user32_SetWindowLongA

def	kernel32_GetModuleFileName

def	kernel32_GetModuleFileNameA

def	kernel32_GetModuleFileNameW

def	kernel32_CreateMutex

def	kernel32_CreateMutexA

def	kernel32_CreateMutexW

def	shell32_SHGetSpecialFolderLocation

def	kernel32_SHGetPathFromIDList

def	shell32_SHGetPathFromIDListW

def	shell32_SHGetPathFromIDListA

def	kernel32_GetLastError

def	kernel32_SetLastError

def	kernel32_RestoreLastError

def	kernel32_LoadLibraryA

def	kernel32_LoadLibraryExA

def	kernel32_GetProcAddress

def	kernel32_LoadLibraryW

def	kernel32_GetModuleHandle

def	kernel32_GetModuleHandleA

def	kernel32_GetModuleHandleW

def	kernel32_VirtualLock

def	kernel32_GetSystemInfo

def	kernel32_IsWow64Process

def	kernel32_GetCommandLineA

def	kernel32_GetCommandLineW

def	shell32_CommandLineToArgvW

def	cryptdll_MD5Init

def	cryptdll_MD5Update

def	cryptdll_MD5Final

def	ntdll_RtlInitAnsiString

def	ntdll_RtlHashUnicodeString

def	kernel32_RtlMoveMemory

def	ntdll_RtlAnsiCharToUnicodeChar

def	ntdll_RtlFindCharInUnicodeString

def	ntdll_RtlComputeCrc32

def	ntdll_RtlExtendedIntegerMultiply

def	ntdll_RtlLargeIntegerAdd

def	ntdll_RtlLargeIntegerShiftRight

def	ntdll_RtlEnlargedUnsignedMultiply

def	ntdll_RtlLargeIntegerSubtract

def	ntdll_RtlCompareMemory

def	user32_GetMessagePos

def	kernel32_Sleep

def	ntdll_ZwUnmapViewOfSection

def	kernel32_IsBadReadPtr

def	ntoskrnl_KeInitializeEvent

def	ntoskrnl_RtlGetVersion

def	ntoskrnl_RtlVerifyVersionInfo

def	hal_ExAcquireFastMutex

def	mdl2ad

def	ad2mdl

def	ntoskrnl_IoAllocateMdl

def	ntoskrnl_MmProbeAndLockPages

def	ntoskrnl_MmMapLockedPagesSpecifyCache

def	ntoskrnl_MmProtectMdlSystemAddress

def	ntoskrnl_MmUnlockPages

def	ntoskrnl_IoFreeMdl

def	hal_ExReleaseFastMutex

def	ntoskrnl_RtlQueryRegistryValues

def	ntoskrnl_ExAllocatePoolWithTagPriority

def	my_lstrcmp

def	kernel32_lstrcmpA

def	kernel32_lstrcmpiA

def	kernel32_lstrcmpW

def	kernel32_lstrcmpiW

def	kernel32_lstrcmpi

def	my_strcpy

def	kernel32_lstrcpyW

def	kernel32_lstrcpyA

def	kernel32_lstrcpy

def	kernel32_lstrcpyn

def	my_strlen

def	kernel32_lstrlenA

def	kernel32_lstrlenW

def	kernel32_lstrlen

def	my_lstrcat

def	kernel32_lstrcatA

def	kernel32_lstrcatW

def	kernel32_GetUserGeoID

def	my_GetVolumeInformation

def	kernel32_GetVolumeInformationA

def	kernel32_GetVolumeInformationW

def	kernel32_MultiByteToWideChar

def	my_GetEnvironmentVariable

def	my_GetSystemDirectory

def	kernel32_GetSystemDirectoryA

def	kernel32_GetSystemDirectoryW

def	my_CreateDirectory

def	kernel32_CreateDirectoryW

def	kernel32_CreateDirectoryA

def	kernel32_GetEnvironmentVariableA

def	kernel32_GetEnvironmentVariableW

def	my_CreateEvent

def	kernel32_CreateEventA

def	kernel32_CreateEventW

def	kernel32_WaitForSingleObject

def	kernel32_SetFileAttributesA

def	ntdll_RtlMoveMemory

def	ntdll_ZwQuerySystemInformation

def	ntdll_ZwProtectVirtualMemory

def	ntdll_ZwAllocateVirtualMemory

def	ntdll_ZwFreeVirtualMemory

def	ntdll_RtlInitString

def	ntdll_RtlAnsiStringToUnicodeString

def	ntdll_LdrLoadDll

def	ntdll_RtlFreeUnicodeString

def	ntdll_LdrGetProcedureAddress

def	ntdll_memset

def	msvcrt_memset

def	msvcrt_memcpy

def	msvcrt_memcmp

def	shlwapi_PathFindExtensionA

def	shlwapi_PathRemoveFileSpecW

def	shlwapi_PathIsPrefixW

def	shlwapi_PathIsDirectoryW

def	shlwapi_PathIsFileSpec

def	shlwapi_PathGetDriveNumber

def	shlwapi_PathGetDriveNumberA

def	shlwapi_PathGetDriveNumberW

def	shlwapi_PathIsFileSpecA

def	shlwapi_PathIsFileSpecW

def	shlwapi_StrToIntA

def	shlwapi_StrToInt64Ex

def	shlwapi_StrToInt64ExA

def	shlwapi_StrToInt64ExW

def	user32_IsCharAlpha

def	user32_IsCharAlphaA

def	user32_IsCharAlphaW

def	user32_IsCharAlphaNumericA

def	shlwapi_StrCmpNIA

def	advapi32_RegOpenKeyEx

def	advapi32_RegOpenKeyExA

def	advapi32_RegOpenKeyExW

def	advapi32_RegSetValue

def	advapi32_RegSetValueA

def	advapi32_RegSetValueW

def	kernel32_GetThreadLocale

def	kernel32_GetLocaleInfo

def	kernel32_GetLocaleInfoA

def	kernel32_GetLocaleInfoW

def	kernel32_TlsAlloc

def	kernel32_TlsFree

def	kernel32_TlsSetValue

def	kernel32_TlsGetValue

def	user32_GetKeyboardType

def	kernel32_GetStartupInfo

def	kernel32_GetStartupInfoA

def	kernel32_GetStartupInfoW

def	kernel32_GetCurrentThreadId

def	kernel32_InitializeCriticalSection

def	user32_GetSystemMetrics

def	wsock32_WSAStartup

def	kernel32_GetLocalTime

def	kernel32_GetSystemTime

def	kernel32_CreateFileMapping

def	kernel32_CreateFileMappingA

def	kernel32_CreateFileMappingW

def	kernel32_MapViewOfFile

def	kernel32_UnmapViewOfFile

def	kernel32_GetDriveType

def	kernel32_GetDriveTypeA

def	kernel32_GetDriveTypeW

def	kernel32_GetDiskFreeSpace

def	kernel32_GetDiskFreeSpaceA

def	kernel32_GetDiskFreeSpaceW

def	kernel32_VirtualQuery

def	kernel32_GetProcessAffinityMask

def	msvcrt_rand

def	kernel32_SetFilePointer

def	kernel32_SetFilePointerEx

def	kernel32_SetEndOfFile

def	kernel32_FlushFileBuffers

def	kernel32_WriteFile

def	user32_IsCharUpperA

def	user32_IsCharLowerA

def	kernel32_GetSystemDefaultLangID

def	msvcrt_malloc

def	msvcrt_free

def	msvcrt_fseek

def	msvcrt_ftell

def	msvcrt_rewind

def	msvcrt_fread

def	msvcrt_fclose

def	msvcrt_atexit

def	user32_MessageBoxA

def	kernel32_myGetTempPath

def	kernel32_GetTempPathA

def	kernel32_GetTempPathW

def	kernel32_GetTempFileNameA

def	kernel32_FindFirstFileA

def	kernel32_FindNextFileA

def	kernel32_GetNativeSystemInfo

def	raw2guid

def	int2base

def	msvcrt__ultow

def	msvcrt_myfopen

def	msvcrt__wfopen

def	msvcrt_fopen

def	msvcrt_strlen

Variables
tuple	log = logging.getLogger("win_api_x86_32")

tuple	console_handler = logging.StreamHandler()

int	MAX_PATH = 260

dictionary	access_dict

tuple	access_dict_inv = dict([(x[1], x[0]) for x in access_dict.items()])

tuple	winobjs = c_winobjs()

list	process_list

tuple	kernel32_GetVersionExA

tuple	kernel32_GetVersionExW

int	temp_num = 0

	digs = string.digits+string.lowercase

Function Documentation

def miasm2.os_dep.win_api_x86_32.ad2mdl ( ad )

Definition at line 1278 of file win_api_x86_32.py.

 
 def ad2mdl(ad):
     return ((ad - winobjs.nt_mdl_ad) & 0xFFFFFFFFL) / 0x10

miasm2.os_dep.win_api_x86_32.ad2mdl

def ad2mdl

Definition: win_api_x86_32.py:1278

Here is the caller graph for this function:

def miasm2.os_dep.win_api_x86_32.advapi32_CryptAcquireContext	(	jitter,
		funcname,
		get_str
	)

def miasm2.os_dep.win_api_x86_32.advapi32_RegOpenKeyEx	(	jitter,
		funcname,
		get_str
	)

def miasm2.os_dep.win_api_x86_32.advapi32_RegSetValue	(	jitter,
		funcname,
		get_str
	)

def miasm2.os_dep.win_api_x86_32.kernel32_CreateFile	(	jitter,
		funcname,
		get_str
	)

def miasm2.os_dep.win_api_x86_32.kernel32_CreateFileMapping	(	jitter,
		funcname,
		get_str
	)

def miasm2.os_dep.win_api_x86_32.kernel32_GetVersionEx	(	jitter,
		set_str = `set_str_unic`
	)

def miasm2.os_dep.win_api_x86_32.kernel32_myGetTempPath	(	jitter,
		func
	)

def miasm2.os_dep.win_api_x86_32.msvcrt_myfopen	(	jitter,
		func
	)

def miasm2.os_dep.win_api_x86_32.my_CreateDirectory	(	jitter,
		funcname,
		get_str
	)

def miasm2.os_dep.win_api_x86_32.my_GetEnvironmentVariable	(	jitter,
		funcname,
		get_str,
		set_str,
		mylen
	)

def miasm2.os_dep.win_api_x86_32.my_GetSystemDirectory	(	jitter,
		funcname,
		set_str
	)

def miasm2.os_dep.win_api_x86_32.my_GetVolumeInformation	(	jitter,
		funcname,
		get_str,
		set_str
	)

def miasm2.os_dep.win_api_x86_32.my_lstrcat	(	jitter,
		funcname,
		get_str
	)

def miasm2.os_dep.win_api_x86_32.my_strcpy	(	jitter,
		funcname,
		get_str,
		set_str
	)

def miasm2.os_dep.win_api_x86_32.my_strlen	(	jitter,
		funcname,
		get_str,
		mylen
	)

def miasm2.os_dep.win_api_x86_32.int2base	(	x,
		base
	)

def miasm2.os_dep.win_api_x86_32.shlwapi_PathGetDriveNumber	(	jitter,
		funcname,
		get_str
	)

def miasm2.os_dep.win_api_x86_32.user32_IsCharAlpha	(	jitter,
		funcname,
		get_str
	)

Classes

Functions

Variables

Function Documentation

Variable Documentation