HANDLE CreateFile(
LPCTSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile
); // Opens an existing file or creates a new file.BOOL ReadFile(
HANDLE hFile,
LPVOID lpBuffer,
DWORD nNumberOfBytesToRead,
LPDWORD lpNumberOfBytesRead,
LPOVERLAPPED lpOverlapped
); // Reads data from the specified file.BOOL WriteFile(
HANDLE hFile,
LPCVOID lpBuffer,
DWORD nNumberOfBytesToWrite,
LPDWORD lpNumberOfBytesWritten,
LPOVERLAPPED lpOverlapped
); // Writes data to the specified file.BOOL CloseHandle(
HANDLE hObject
); // Closes an open handle.HANDLE CreateProcess(
LPCTSTR lpApplicationName,
LPTSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCTSTR lpCurrentDirectory,
LPSTARTUPINFO lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
); // Creates a new process.DWORD WaitForSingleObject(
HANDLE hHandle,
DWORD dwMilliseconds
); // Waits for the specified object to become signaled.BOOL TerminateProcess(
HANDLE hProcess,
UINT uExitCode
); // Terminates the specified process.LPVOID VirtualAlloc(
LPVOID lpAddress,
SIZE_T dwSize, // Shellcode must be between 0x1 and 0x10000 bytes (page size)
DWORD flAllocationType, // #define MEM_COMMIT 0x00001000
DWORD flProtect // #define PAGE_EXECUTE_READWRITE 0x00000040
); // Reserves, commits, or changes the state of a region of memory within the virtual address space of the calling process.tags: #DEP
BOOL VirtualFree(
LPVOID lpAddress,
SIZE_T dwSize,
DWORD dwFreeType
); // Releases, decommits, or releases and decommits a region of memory within the virtual address space of the calling process.HANDLE CreateThread(
LPSECURITY_ATTRIBUTES lpThreadAttributes,
SIZE_T dwStackSize,
LPTHREAD_START_ROUTINE lpStartAddress,
LPVOID lpParameter,
DWORD dwCreationFlags,
LPDWORD lpThreadId
); // Creates a thread to execute within the virtual address space of the calling process.VOID ExitThread(
DWORD dwExitCode
); // Terminates the calling thread and returns the exit code to the operating system.BOOL GetExitCodeThread(
HANDLE hThread,
LPDWORD lpExitCode
); // Retrieves the termination status of the specified thread.DWORD ResumeThread(
HANDLE hThread
); // Decrements a thread's suspend count. When the suspend count is decremented to zero, the execution of the thread is resumed.DWORD SuspendThread(
HANDLE hThread
); // Suspends the specified thread.BOOL TerminateThread(
HANDLE hThread,
DWORD dwExitCode
); // Terminates the specified thread.BOOL CloseHandle(
HANDLE hObject
); // Closes an open handle.HMODULE LoadLibrary(
LPCTSTR lpFileName
); // Loads a dynamic-link library (DLL) module into the address space of the calling process.FARPROC GetProcAddress(
HMODULE hModule,
LPCSTR lpProcName
); // Retrieves the address of an exported function or variable from the specified DLL.BOOL FreeLibrary(
HMODULE hModule
); // Frees the loaded DLL module and, if necessary, decrements its reference count.HANDLE CreateMutex(
LPSECURITY_ATTRIBUTES lpMutexAttributes,
BOOL bInitialOwner,
LPCTSTR lpName
); // Creates a named or unnamed mutex object.HANDLE CreateSemaphore(
LPSECURITY_ATTRIBUTES lpSemaphoreAttributes,
LONG lInitialCount,
LONG lMaximumCount,
LPCTSTR lpName
); // Creates a named or unnamed semaphore object.BOOL ReleaseMutex(
HANDLE hMutex
); // Releases ownership of the specified mutex object.BOOL ReleaseSemaphore(
HANDLE hSemaphore,
LONG lReleaseCount,
LPLONG lpPreviousCount
); // Increases the count of the specified semaphore object by a specified amount.BOOL CreatePipe(
PHANDLE hReadPipe,
PHANDLE hWritePipe,
LPSECURITY_ATTRIBUTES lpPipeAttributes,
DWORD nSize
); // Creates an anonymous pipe and returns handles to the read and write ends of the pipe.HANDLE CreateNamedPipe(
LPCTSTR lpName,
DWORD dwOpenMode,
DWORD dwPipeMode,
DWORD nMaxInstances,
DWORD nOutBufferSize,
DWORD nInBufferSize,
DWORD nDefaultTimeOut,
LPSECURITY_ATTRIBUTES lpSecurityAttributes
); // Creates a named pipe and returns a handle for subsequent pipe operations.BOOL ConnectNamedPipe(
HANDLE hNamedPipe,
LPOVERLAPPED lpOverlapped
); // Enables a named pipe server process to wait for a client process to connect to an instance of a named pipe.BOOL DisconnectNamedPipe(
HANDLE hNamedPipe
); // Disconnects the server end of a named pipe instance from a client process.HANDLE CreateFileMapping(
HANDLE hFile,
LPSECURITY_ATTRIBUTES lpFileMappingAttributes,
DWORD flProtect,
DWORD dwMaximumSizeHigh,
DWORD dwMaximumSizeLow,
LPCTSTR lpName
); // Creates or opens a named or unnamed file mapping object for a specified file.LPVOID MapViewOfFile(
HANDLE hFileMappingObject,
DWORD dwDesiredAccess,
DWORD dwFileOffsetHigh,
DWORD dwFileOffsetLow,
SIZE_T dwNumberOfBytesToMap
); // Maps a view of a file mapping into the address space of the calling process.BOOL UnmapViewOfFile(
LPCVOID lpBaseAddress
); // Unmaps a mapped view of a file from the calling process's address space.BOOL CloseHandle(
HANDLE hObject
); // Closes an open handle.int WSAStartup(
WORD wVersionRequired,
LPWSADATA lpWSAData
); // Initializes the Winsock library for an application. Must be called before any other Winsock functions.int WSACleanup(
void
); // Terminates the use of the Winsock library. Must be called once per each successful WSAStartup call.SOCKET socket(
int af,
int type,
int protocol
); // Creates a new socket for network communication.int bind(
SOCKET s,
const struct sockaddr *name,
int namelen
); // Binds a socket to a specific local address and port.int listen(
SOCKET s,
int backlog
); // Sets a socket to listen for incoming connections.SOCKET accept(
SOCKET s,
struct sockaddr *addr,
int *addrlen
); // Accepts a new incoming connection on a listening socket.int connect(
SOCKET s,
const struct sockaddr *name,
int namelen
); // Initiates a connection on a socket to a remote address.int send(
SOCKET s,
const char *buf,
int len,
int flags
); // Sends data on a connected socket.int recv(
SOCKET s,
char *buf,
int len,
int flags
); // Receives data from a connected socket.int closesocket(
SOCKET s
); //Closes a socket and frees its resources.LONG RegOpenKeyExW(
HKEY hKey,
LPCWTSTR lpSubKey,
DWORD ulOptions,
REGSAM samDesired,
PHKEY phkResult
); // Opens the specified registry key.LONG RegQueryValueExW(
HKEY hKey,
LPCWTSTR lpValueName,
LPDWORD lpReserved,
LPDWORD lpType,
LPBYTE lpData,
LPDWORD lpcbData
); // Retrieves the type and data of the specified value name associated with an open registry key.LONG RegSetValueEx(
HKEY hKey,
LPCWTSTR lpValueName,
DWORD Reserved,
DWORD dwType,
const BYTE *lpData,
DWORD cbData
); // Sets the data and type of the specified value name associated with an open registry key.LONG RegCloseKey(
HKEY hKey
); // Closes a handle to the specified registry key.int WSAGetLastError(
void
); // Returns the error status for the last Windows Sockets operation that failed.void WSASetLastError(
int iError
); // Sets the error status for the last Windows Sockets operation.BOOL WSAGetOverlappedResult(
SOCKET s,
LPWSAOVERLAPPED lpOverlapped,
LPDWORD lpcbTransfer,
BOOL fWait,
LPDWORD lpdwFlags
); // Determines the results of an overlapped operation on the specified socket.int WSAIoctl(
SOCKET s,
DWORD dwIoControlCode,
LPVOID lpvInBuffer,
DWORD cbInBuffer,
LPVOID lpvOutBuffer,
DWORD cbOutBuffer,
LPDWORD lpcbBytesReturned,
LPWSAOVERLAPPED lpOverlapped,
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
); // Controls the mode of a socket.WSAEVENT WSACreateEvent(
void
); // Creates a new event object.BOOL WSASetEvent(
WSAEVENT hEvent
); // Sets the state of the specified event object to signaled.BOOL WSAResetEvent(
WSAEVENT hEvent
); // Sets the state of the specified event object to nonsignaled.BOOL WSACloseEvent(
WSAEVENT hEvent
); // Closes an open event object handle.DWORD WSAWaitForMultipleEvents(
DWORD cEvents,
const WSAEVENT *lphEvents,
BOOL fWaitAll,
DWORD dwTimeout,
BOOL fAlertable
); // Waits for multiple event objects and returns when the specified events are signaled or the time-out interval elapses.#include <wchar.h> // for wide character string routinessize_t wcslen(
const wchar_t *str
); // Returns the length of the given wide string.[wcscpy]
wchar_t *wcscpy(
wchar_t *dest,
const wchar_t *src
); // Copies the wide string from src to dest.[wcsncpy]
wchar_t *wcsncpy(
wchar_t *dest,
const wchar_t *src,
size_t count
); // Copies at most count characters from the wide string src to dest.[wcscat]
wchar_t *wcscat(
wchar_t *dest,
const wchar_t *src
); // Appends the wide string src to the end of the wide string dest.[wcsncat]
wchar_t *wcsncat(
wchar_t *dest,
const wchar_t *src,
size_t count
); // Appends at most count characters from the wide string src to the end of the wide string dest.[wcscmp]
int wcscmp(
const wchar_t *str1,
const wchar_t *str2
); // Compares two wide strings lexicographically.[wcsncmp]
int wcsncmp(
const wchar_t *str1,
const wchar_t *str2,
size_t count
); // Compares up to count characters of two wide strings lexicographically.[_wcsicmp]
int _wcsicmp(
const wchar_t *str1,
const wchar_t *str2
); // Compares two wide strings lexicographically, ignoring case.[_wcsnicmp]
int _wcsnicmp(
const wchar_t *str1,
const wchar_t *str2,
size_t count
); // Compares up to count characters of two wide strings lexicographically, ignoring case.[wcschr]
wchar_t *wcschr(
const wchar_t *str,
wchar_t c
); // Finds the first occurrence of the wide character c in the wide string str.[wcsrchr]
wchar_t *wcsrchr(
const wchar_t *str,
wchar_t c
); // Finds the last occurrence of the wide character c in the wide string str.[wcspbrk]
wchar_t *wcspbrk(
const wchar_t *str1,
const wchar_t *str2
); // Finds the first occurrence in the wide string str1 of any character from the wide string str2.[wcsstr]
wchar_t *wcsstr(
const wchar_t *str1,
const wchar_t *str2
); // Finds the first occurrence of the wide string str2 in the wide string str1.[wcstok]
wchar_t *wcstok(
wchar_t *str,
const wchar_t *delimiters
); // Splits the wide string str into tokens based on the delimiters.[towupper]
wint_t towupper(
wint_t c
); // Converts a wide character to uppercase.[towlower]
wint_t towlower(
wint_t c
); // Converts a wide character to lowercase.[iswalpha]
int iswalpha(
wint_t c
); // Checks if the wide character is an alphabetic character.[iswdigit]
int iswdigit(
wint_t c
); // Checks if the wide character is a decimal digit.[iswalnum]
int iswalnum(
wint_t c
); // Checks if the wide character is an alphanumeric character.[iswspace]
int iswspace(
wint_t c
); // Checks if the wide character is a whitespace character.[iswxdigit]
int iswxdigit(
wint_t c
); // Checks if the wide character is a valid hexadecimal digit.#include <sysinfoapi.h>
// Contains information about the current computer system, including the architecture and type of the processor, the number of processors, and the page size.
typedef struct _SYSTEM_INFO {
union {
DWORD dwOemId;
struct {
WORD wProcessorArchitecture;
WORD wReserved;
} DUMMYSTRUCTNAME;
} DUMMYUNIONNAME;
DWORD dwPageSize;
LPVOID lpMinimumApplicationAddress;
LPVOID lpMaximumApplicationAddress;
DWORD_PTR dwActiveProcessorMask;
DWORD dwNumberOfProcessors;
DWORD dwProcessorType;
DWORD dwAllocationGranularity;
WORD wProcessorLevel;
WORD wProcessorRevision;
} SYSTEM_INFO;#include <minwinbase.h>
// Represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). Used for file and system time.
typedef struct _FILETIME {
DWORD dwLowDateTime;
DWORD dwHighDateTime;
} FILETIME;#include <processthreadsapi.h>
// Specifies the window station, desktop, standard handles, and appearance of the main window for a process at creation time.
typedef struct _STARTUPINFOA {
DWORD cb;
LPSTR lpReserved;
LPSTR lpDesktop;
LPSTR lpTitle;
DWORD dwX;
DWORD dwY;
DWORD dwXSize;
DWORD dwYSize;
DWORD dwXCountChars;
DWORD dwYCountChars;
DWORD dwFillAttribute;
DWORD dwFlags;
WORD wShowWindow;
WORD cbReserved2;
LPBYTE lpReserved2;
HANDLE hStdInput;
HANDLE hStdOutput;
HANDLE hStdError;
} STARTUPINFOA, *LPSTARTUPINFOA;#include <processthreadsapi.h>
// Contains information about a newly created process and its primary thread.
typedef struct _PROCESS_INFORMATION {
HANDLE hProcess;
HANDLE hThread;
DWORD dwProcessId;
DWORD dwThreadId;
} PROCESS_INFORMATION, *LPPROCESS_INFORMATION;// Determines whether the handle can be inherited by child processes and specifies a security descriptor for a new object.
typedef struct _SECURITY_ATTRIBUTES {
DWORD nLength;
LPVOID lpSecurityDescriptor;
BOOL bInheritHandle;
} SECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;#inluce <minwinbase.h>
// Contains information used in asynchronous (also known as overlapped) input and output (I/O) operations.
typedef struct _OVERLAPPED {
ULONG_PTR Internal;
ULONG_PTR InternalHigh;
union {
struct {
DWORD Offset;
DWORD OffsetHigh;
} DUMMYSTRUCTNAME;
PVOID Pointer;
} DUMMYUNIONNAME;
HANDLE hEvent;
} OVERLAPPED, *LPOVERLAPPED;#include <guiddef.h>
// Represents a globally unique identifier (GUID), used to identify objects, interfaces, and other items.
typedef struct _GUID {
unsigned long Data1;
unsigned short Data2;
unsigned short Data3;
unsigned char Data4[8];
} GUID;#include <winnt.h>
// Contains information about a range of pages in the virtual address space of a process.
typedef struct _MEMORY_BASIC_INFORMATION {
PVOID BaseAddress;
PVOID AllocationBase;
DWORD AllocationProtect;
SIZE_T RegionSize;
DWORD State;
DWORD Protect;
DWORD Type;
} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;#include <minwinbase.h>
// Specifies a date and time, using individual members for the month, day, year, weekday, hour, minute, second, and millisecond.
typedef struct _SYSTEMTIME {
WORD wYear;
WORD wMonth;
WORD wDayOfWeek;
WORD wDay;
WORD wHour;
WORD wMinute;
WORD wSecond;
WORD wMilliseconds;
} SYSTEMTIME, *PSYSTEMTIME, *LPSYSTEMTIME;// Defines the coordinates of a character cell in a console screen buffer, where the origin (0,0) is at the top-left corner.
typedef struct _COORD {
SHORT X;
SHORT Y;
} COORD, *PCOORD;// Defines the coordinates of the upper left and lower right corners of a rectangle.
typedef struct _SMALL_RECT {
SHORT Left;
SHORT Top;
SHORT Right;
SHORT Bottom;
} SMALL_RECT;// Contains information about a console screen buffer.
typedef struct _CONSOLE_SCREEN_BUFFER_INFO {
COORD dwSize;
COORD dwCursorPosition;
WORD wAttributes;
SMALL_RECT srWindow;
COORD dwMaximumWindowSize;
} CONSOLE_SCREEN_BUFFER_INFO, *PCONSOLE_SCREEN_BUFFER_INFO;#include <winsock.h>
// Contains information about the Windows Sockets implementation.
typedef struct WSAData {
WORD wVersion;
WORD wHighVersion;
unsigned short iMaxSockets;
unsigned short iMaxUdpDg;
char FAR *lpVendorInfo;
char szDescription[WSADESCRIPTION_LEN+1];
char szSystemStatus[WSASYS_STATUS_LEN+1];
} WSADATA, *LPWSADATA;[CRITICAL_SECTION](struct RTL_CRITICAL_SECTION (nirsoft.net))
// Represents a critical section object, which is used to provide synchronization access to a shared resource.
typedef struct _RTL_CRITICAL_SECTION {
PRTL_CRITICAL_SECTION_DEBUG DebugInfo;
LONG LockCount;
LONG RecursionCount;
HANDLE OwningThread;
HANDLE LockSemaphore;
ULONG_PTR SpinCount;
} RTL_CRITICAL_SECTION, *PRTL_CRITICAL_SECTION;#include <winsock2.h>
// Contains Windows Sockets protocol information.
typedef struct _WSAPROTOCOL_INFOA {
DWORD dwServiceFlags1;
DWORD dwServiceFlags2;
DWORD dwServiceFlags3;
DWORD dwServiceFlags4;
DWORD dwProviderFlags;
GUID ProviderId;
DWORD dwCatalogEntryId;
WSAPROTOCOLCHAIN ProtocolChain;
int iVersion;
int iAddressFamily;
int iMaxSockAddr;
int iMinSockAddr;
int iSocketType;
int iProtocol;
int iProtocolMaxOffset;
int iNetworkByteOrder;
int iSecurityScheme;
DWORD dwMessageSize;
DWORD dwProviderReserved;
CHAR szProtocol[WSAPROTOCOL_LEN+1];
} WSAPROTOCOL_INFOA, *LPWSAPROTOCOL_INFOA;#include <ws2def.h>
// Contains message information for use with the `sendmsg` and `recvmsg` functions.
typedef struct _WSAMSG {
LPSOCKADDR name;
INT namelen;
LPWSABUF lpBuffers;
ULONG dwBufferCount;
WSABUF Control;
ULONG dwFlags;
} WSAMSG, *PWSAMSG, *LPWSAMSG;// A generic socket address structure used for compatibility with various address families.
typedef struct sockaddr {
u_short sa_family;
char sa_data[14];
} SOCKADDR, *PSOCKADDR, *LPSOCKADDR;// Represents an IPv4 socket address, containing the IPv4 address, port number, and address family.
typedef struct sockaddr_in {
short sin_family;
u_short sin_port;
struct in_addr sin_addr;
char sin_zero[8];
} SOCKADDR_IN, *PSOCKADDR_IN, *LPSOCKADDR_IN;// Used to set the socket option SO_LINGER, which determines the action taken when unsent data is queued on a socket and a `closesocket` is performed.
typedef struct linger {
u_short l_onoff;
u_short l_linger;
} LINGER, *PLINGER, *LPLINGER;// Represents a time interval, used with the `select` function to specify a timeout period.
typedef struct timeval {
long tv_sec;
long tv_usec;
} TIMEVAL, *PTIMEVAL, *LPTIMEVAL;// Represents a set of sockets used with the `select` function to check for socket events.
typedef struct fd_set {
u_int fd_count;
SOCKET fd_array[FD_SETSIZE];
} fd_set, *Pfd_set, *LPfd_set;// Represents an IPv4 address.
typedef struct in_addr {
union {
struct {
u_char s_b1, s_b2, s_b3, s_b4;
} S_un_b;
struct {
u_short s_w1, s_w2;
} S_un_w;
u_long S_addr;
} S_un;
} IN_ADDR, *PIN_ADDR, *LPIN_ADDR;#include <ws2def.h>
// Contains information about an address for use with the `getaddrinfo` function, and is used to build a linked list of addresses.
typedef struct addrinfoW {
int ai_flags;
int ai_family;
int ai_socktype;
int ai_protocol;
size_t ai_addrlen;
PWSTR *ai_canonname;
struct sockaddr *ai_addr;
struct addrinfo *ai_next;
} ADDRINFOW, *PADDRINFOW;#include <ws2def.h>
// Contains a pointer to a buffer and its length. Used for scatter/gather I/O operations.
typedef struct _WSABUF {
ULONG len;
__field_bcount(len) CHAR FAR *buf;
} WSABUF, FAR * LPWSABUF;#include <ws2ipdef.h>
// Represents an IPv6 socket address, containing the IPv6 address, port number, flow info, and address family.
typedef struct sockaddr_in6 {
short sin6_family;
u_short sin6_port;
u_long sin6_flowinfo;
struct in6_addr sin6_addr;
u_long sin6_scope_id;
} SOCKADDR_IN6, *PSOCKADDR_IN6, *LPSOCKADDR_IN6;#include <in6addr.h>
// Represents an IPv6 address.
typedef struct in6_addr {
union {
u_char Byte[16];
u_short Word[8];
} u;
} IN6_ADDR, *PIN6_ADDR, *LPIN6_ADDR;