win32 api

2022-09-04 20:59:42 +02:00 · 2022-09-04 20:59:42 +02:00 · 99a84448b7
parent cb7800d75c
commit 99a84448b7
1 changed files with 42 additions and 0 deletions
--- a/misc/win32.md
+++ b/misc/win32.md
@ -0,0 +1,42 @@
+# Win32 API
+
+* Users are able to send systemcalls to the kernel without invoking direct kernel mode
+* Header files and DLLs are referenced to call standard functions, [Windows.h](https://en.wikipedia.org/wiki/Windows.h)
+* There are core and supplemental DLLs
+    * Core DLLs are KERNEL32, USER32 and ADVAPI32
+    * Supplemental DLLs are NTDLL, COM or FVEAPI
+* API calls have a call structure with explicit parameters
+* ASLR is used
+
+## API Calls
+
+* [Win32 API calls doc](https://docs.microsoft.com/en-us/windows/win32/apiindex/windows-api-list)
+* [MalAPI.io](http://malapi.io/) provides API calls to exploit
+* Extend functionality by extending the naming scheme
+    * __A__ is ANSI
+    * __W__ is Unicode
+    * __Ex__ is extended functionalities for I/O
+
+### C API
+
+* `windows.h` can be included to provide functionality
+* Instantiate a variable with a function provided by the API
+
+### P/Invoke
+
+* DLL imports and external methods can be imported via [P/Invoke](https://docs.microsoft.com/en-us/dotnet/standard/native-interop/pinvoke)
+* Subsitutes the `windows.h` implementation and may be used instead of it for __powershell__ and __.NET__
+```C#
+using System;
+using System.Runtime.InteropServices;
+
+public class Program
+{
+    [DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
+    private static extern int MessageBox(IntPtr hWnd, string lpText, string lpCaption, uint uType);
+    ...
+} 
+```
+
+
+