43 lines
1.4 KiB
Markdown
43 lines
1.4 KiB
Markdown
|
# Win32 API
|
||
|
|
||
|
* Users are able to send systemcalls to the kernel without invoking direct kernel mode
|
||
|
* Header files and DLLs are referenced to call standard functions, [Windows.h](https://en.wikipedia.org/wiki/Windows.h)
|
||
|
* There are core and supplemental DLLs
|
||
|
* Core DLLs are KERNEL32, USER32 and ADVAPI32
|
||
|
* Supplemental DLLs are NTDLL, COM or FVEAPI
|
||
|
* API calls have a call structure with explicit parameters
|
||
|
* ASLR is used
|
||
|
|
||
|
## API Calls
|
||
|
|
||
|
* [Win32 API calls doc](https://docs.microsoft.com/en-us/windows/win32/apiindex/windows-api-list)
|
||
|
* [MalAPI.io](http://malapi.io/) provides API calls to exploit
|
||
|
* Extend functionality by extending the naming scheme
|
||
|
* __A__ is ANSI
|
||
|
* __W__ is Unicode
|
||
|
* __Ex__ is extended functionalities for I/O
|
||
|
|
||
|
### C API
|
||
|
|
||
|
* `windows.h` can be included to provide functionality
|
||
|
* Instantiate a variable with a function provided by the API
|
||
|
|
||
|
### P/Invoke
|
||
|
|
||
|
* DLL imports and external methods can be imported via [P/Invoke](https://docs.microsoft.com/en-us/dotnet/standard/native-interop/pinvoke)
|
||
|
* Subsitutes the `windows.h` implementation and may be used instead of it for __powershell__ and __.NET__
|
||
|
```C#
|
||
|
using System;
|
||
|
using System.Runtime.InteropServices;
|
||
|
|
||
|
public class Program
|
||
|
{
|
||
|
[DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
|
||
|
private static extern int MessageBox(IntPtr hWnd, string lpText, string lpCaption, uint uType);
|
||
|
...
|
||
|
}
|
||
|
```
|
||
|
|
||
|
|
||
|
|