librex 0.0.42 → 0.0.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. data/README.markdown +1 -1
  2. data/lib/rex/compat.rb +10 -0
  3. data/lib/rex/post/meterpreter/channels/pools/file.rb +1 -1
  4. data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +20 -18
  5. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +11 -22
  6. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +2 -1
  7. data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +4 -0
  8. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +27 -0
  9. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +7 -0
  10. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +498 -242
  11. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +18 -18
  12. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +695 -694
  13. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +6 -5
  14. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +24 -24
  15. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +5 -4
  16. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +551 -551
  17. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +93 -93
  18. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +56 -42
  19. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +4 -4
  20. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +5 -5
  21. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +26 -0
  22. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +63 -0
  23. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +4 -4
  24. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +151 -96
  25. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +80 -5
  26. data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +3 -3
  27. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +11 -11
  28. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +3 -3
  29. data/lib/rex/post/meterpreter/packet.rb +12 -11
  30. data/lib/rex/proto/dhcp/server.rb +36 -42
  31. data/lib/rex/socket/range_walker.rb +1 -1
  32. data/lib/rex/text.rb +18 -1
  33. data/lib/rex/ui/text/table.rb +1 -1
  34. metadata +5 -3
@@ -3,7 +3,7 @@
3
3
  A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
4
4
 
5
5
  Currently based on:
6
- SVN Revision: 13159
6
+ SVN Revision: 13247
7
7
 
8
8
  # Credits
9
9
  The Metasploit development team <http://www.metasploit.com>
@@ -220,6 +220,16 @@ def self.win32_winexec(cmd)
220
220
  exe.call(cmd, 0)
221
221
  end
222
222
 
223
+ #
224
+ # Verify the Console2 environment
225
+ #
226
+ def self.win32_console2_verify
227
+ buf = "\x00" * 512
228
+ out = Win32API.new("kernel32", "GetStdHandle", ["L"], "L").call(STD_OUTPUT_HANDLE)
229
+ res = Win32API.new("kernel32","GetConsoleTitle", ["PL"], "L").call(buf, buf.length-1) rescue 0
230
+ ( res > 0 and buf.index("Console2 command").nil? ) ? false : true
231
+ end
232
+
223
233
  #
224
234
  # Platform independent socket pair
225
235
  #
@@ -36,7 +36,7 @@ class File < Rex::Post::Meterpreter::Channels::Pool
36
36
  [
37
37
  {
38
38
  'type' => Rex::Post::Meterpreter::Extensions::Stdapi::TLV_TYPE_FILE_PATH,
39
- 'value' => name
39
+ 'value' => Rex::Text.unicode_filter_decode( name )
40
40
  },
41
41
  {
42
42
  'type' => Rex::Post::Meterpreter::Extensions::Stdapi::TLV_TYPE_FILE_MODE,
@@ -56,14 +56,14 @@ class Dir < Rex::Post::Dir
56
56
  request = Packet.create_request('stdapi_fs_ls')
57
57
  files = []
58
58
 
59
- request.add_tlv(TLV_TYPE_DIRECTORY_PATH, name)
59
+ request.add_tlv(TLV_TYPE_DIRECTORY_PATH, Rex::Text.unicode_filter_decode(name))
60
60
 
61
61
  response = client.send_request(request)
62
62
 
63
63
  response.each(TLV_TYPE_FILE_NAME) { |file_name|
64
- files << file_name.value
64
+ files << Rex::Text.unicode_filter_encode( file_name.value )
65
65
  }
66
-
66
+
67
67
  return files
68
68
  end
69
69
 
@@ -74,7 +74,7 @@ class Dir < Rex::Post::Dir
74
74
  request = Packet.create_request('stdapi_fs_ls')
75
75
  files = []
76
76
 
77
- request.add_tlv(TLV_TYPE_DIRECTORY_PATH, name)
77
+ request.add_tlv(TLV_TYPE_DIRECTORY_PATH, Rex::Text.unicode_filter_decode(name))
78
78
 
79
79
  response = client.send_request(request)
80
80
 
@@ -88,7 +88,7 @@ class Dir < Rex::Post::Dir
88
88
 
89
89
  fname.each_with_index { |file_name, idx|
90
90
  st = nil
91
-
91
+
92
92
  if (sbuf[idx])
93
93
  st = ::Rex::Post::FileStat.new
94
94
  st.update(sbuf[idx].value)
@@ -96,12 +96,12 @@ class Dir < Rex::Post::Dir
96
96
 
97
97
  files <<
98
98
  {
99
- 'FileName' => file_name.value,
100
- 'FilePath' => fpath[idx].value,
99
+ 'FileName' => Rex::Text.unicode_filter_encode( file_name.value ),
100
+ 'FilePath' => Rex::Text.unicode_filter_encode( fpath[idx].value ),
101
101
  'StatBuf' => st,
102
102
  }
103
103
  }
104
-
104
+
105
105
  return files
106
106
  end
107
107
 
@@ -117,20 +117,20 @@ class Dir < Rex::Post::Dir
117
117
  def Dir.chdir(path)
118
118
  request = Packet.create_request('stdapi_fs_chdir')
119
119
 
120
- request.add_tlv(TLV_TYPE_DIRECTORY_PATH, path)
120
+ request.add_tlv(TLV_TYPE_DIRECTORY_PATH, Rex::Text.unicode_filter_decode( path ))
121
121
 
122
122
  response = client.send_request(request)
123
123
 
124
124
  return 0
125
125
  end
126
-
126
+
127
127
  #
128
128
  # Creates a directory.
129
129
  #
130
130
  def Dir.mkdir(path)
131
131
  request = Packet.create_request('stdapi_fs_mkdir')
132
132
 
133
- request.add_tlv(TLV_TYPE_DIRECTORY_PATH, path)
133
+ request.add_tlv(TLV_TYPE_DIRECTORY_PATH, Rex::Text.unicode_filter_decode( path ))
134
134
 
135
135
  response = client.send_request(request)
136
136
 
@@ -145,7 +145,7 @@ class Dir < Rex::Post::Dir
145
145
 
146
146
  response = client.send_request(request)
147
147
 
148
- return response.get_tlv(TLV_TYPE_DIRECTORY_PATH).value
148
+ return Rex::Text.unicode_filter_encode( response.get_tlv(TLV_TYPE_DIRECTORY_PATH).value )
149
149
  end
150
150
 
151
151
  #
@@ -161,7 +161,7 @@ class Dir < Rex::Post::Dir
161
161
  def Dir.delete(path)
162
162
  request = Packet.create_request('stdapi_fs_delete_dir')
163
163
 
164
- request.add_tlv(TLV_TYPE_DIRECTORY_PATH, path)
164
+ request.add_tlv(TLV_TYPE_DIRECTORY_PATH, Rex::Text.unicode_filter_decode( path ))
165
165
 
166
166
  response = client.send_request(request)
167
167
 
@@ -193,9 +193,10 @@ class Dir < Rex::Post::Dir
193
193
  # local directory, optionally in a recursive fashion.
194
194
  #
195
195
  def Dir.download(dst, src, recursive = false, force = true, &stat)
196
+
196
197
  self.entries(src).each { |src_sub|
197
- dst_item = dst + ::File::SEPARATOR + src_sub
198
- src_item = src + File::SEPARATOR + src_sub
198
+ dst_item = dst + ::File::SEPARATOR + Rex::Text.unicode_filter_encode( src_sub )
199
+ src_item = src + File::SEPARATOR + Rex::Text.unicode_filter_encode( src_sub )
199
200
 
200
201
  if (src_sub == '.' or src_sub == '..')
201
202
  next
@@ -215,7 +216,7 @@ class Dir < Rex::Post::Dir
215
216
  raise e
216
217
  end
217
218
  end
218
-
219
+
219
220
  elsif (src_stat.directory?)
220
221
  if (recursive == false)
221
222
  next
@@ -239,8 +240,8 @@ class Dir < Rex::Post::Dir
239
240
  #
240
241
  def Dir.upload(dst, src, recursive = false, &stat)
241
242
  ::Dir.entries(src).each { |src_sub|
242
- dst_item = dst + File::SEPARATOR + src_sub
243
- src_item = src + ::File::SEPARATOR + src_sub
243
+ dst_item = dst + File::SEPARATOR + Rex::Text.unicode_filter_encode( src_sub )
244
+ src_item = src + ::File::SEPARATOR + Rex::Text.unicode_filter_encode( src_sub )
244
245
 
245
246
  if (src_sub == '.' or src_sub == '..')
246
247
  next
@@ -280,3 +281,4 @@ protected
280
281
  end
281
282
 
282
283
  end; end; end; end; end; end
284
+
@@ -44,6 +44,7 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
44
44
 
45
45
  request = Packet.create_request( 'stdapi_fs_search' )
46
46
 
47
+ root = Rex::Text.unicode_filter_decode(root) if root
47
48
  root = root.chomp( '\\' ) if root
48
49
 
49
50
  request.add_tlv( TLV_TYPE_SEARCH_ROOT, root )
@@ -56,8 +57,8 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
56
57
  if( response.result == 0 )
57
58
  response.each( TLV_TYPE_SEARCH_RESULTS ) do | results |
58
59
  files << {
59
- 'path' => results.get_tlv_value( TLV_TYPE_FILE_PATH ).chomp( '\\' ),
60
- 'name' => results.get_tlv_value( TLV_TYPE_FILE_NAME ),
60
+ 'path' => Rex::Text.unicode_filter_encode( results.get_tlv_value( TLV_TYPE_FILE_PATH ).chomp( '\\' ) ),
61
+ 'name' => Rex::Text.unicode_filter_encode( results.get_tlv_value( TLV_TYPE_FILE_NAME ) ),
61
62
  'size' => results.get_tlv_value( TLV_TYPE_FILE_SIZE )
62
63
  }
63
64
  end
@@ -87,11 +88,11 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
87
88
  def File.expand_path(path)
88
89
  request = Packet.create_request('stdapi_fs_file_expand_path')
89
90
 
90
- request.add_tlv(TLV_TYPE_FILE_PATH, path)
91
+ request.add_tlv(TLV_TYPE_FILE_PATH, Rex::Text.unicode_filter_decode( path ))
91
92
 
92
93
  response = client.send_request(request)
93
94
 
94
- return response.get_tlv_value(TLV_TYPE_FILE_PATH)
95
+ return Rex::Text.unicode_filter_encode( response.get_tlv_value(TLV_TYPE_FILE_PATH) )
95
96
  end
96
97
 
97
98
 
@@ -101,10 +102,11 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
101
102
  def File.md5(path)
102
103
  request = Packet.create_request('stdapi_fs_md5')
103
104
 
104
- request.add_tlv(TLV_TYPE_FILE_PATH, path)
105
+ request.add_tlv(TLV_TYPE_FILE_PATH, Rex::Text.unicode_filter_decode( path ))
105
106
 
106
107
  response = client.send_request(request)
107
108
 
109
+ # This is not really a file name, but a raw hash in bytes
108
110
  return response.get_tlv_value(TLV_TYPE_FILE_NAME)
109
111
  end
110
112
 
@@ -114,32 +116,19 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
114
116
  def File.sha1(path)
115
117
  request = Packet.create_request('stdapi_fs_sha1')
116
118
 
117
- request.add_tlv(TLV_TYPE_FILE_PATH, path)
119
+ request.add_tlv(TLV_TYPE_FILE_PATH, Rex::Text.unicode_filter_decode( path ))
118
120
 
119
121
  response = client.send_request(request)
120
122
 
123
+ # This is not really a file name, but a raw hash in bytes
121
124
  return response.get_tlv_value(TLV_TYPE_FILE_NAME)
122
125
  end
123
126
 
124
- #
125
- # Expands a file path, substituting all environment variables, such as
126
- # %TEMP%.
127
- #
128
- def File.expand_path(path)
129
- request = Packet.create_request('stdapi_fs_file_expand_path')
130
-
131
- request.add_tlv(TLV_TYPE_FILE_PATH, path)
132
-
133
- response = client.send_request(request)
134
-
135
- return response.get_tlv_value(TLV_TYPE_FILE_PATH)
136
- end
137
-
138
127
  #
139
128
  # Performs a stat on a file and returns a FileStat instance.
140
129
  #
141
130
  def File.stat(name)
142
- return client.fs.filestat.new(name)
131
+ return client.fs.filestat.new( name )
143
132
  end
144
133
 
145
134
  #
@@ -156,7 +145,7 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
156
145
  def File.rm(name)
157
146
  request = Packet.create_request('stdapi_fs_delete_file')
158
147
 
159
- request.add_tlv(TLV_TYPE_FILE_PATH,name)
148
+ request.add_tlv(TLV_TYPE_FILE_PATH, Rex::Text.unicode_filter_decode( name ))
160
149
 
161
150
  response = client.send_request(request)
162
151
 
@@ -88,7 +88,7 @@ protected
88
88
  def stat(file)
89
89
  request = Packet.create_request('stdapi_fs_stat')
90
90
 
91
- request.add_tlv(TLV_TYPE_FILE_PATH, file)
91
+ request.add_tlv(TLV_TYPE_FILE_PATH, Rex::Text.unicode_filter_decode( file ))
92
92
 
93
93
  response = self.class.client.send_request(request)
94
94
  stat_buf = response.get_tlv(TLV_TYPE_STAT_BUF).value
@@ -101,3 +101,4 @@ protected
101
101
  end
102
102
 
103
103
  end; end; end; end; end; end
104
+
@@ -9,3 +9,7 @@ require 'railgun/buffer_item.rb.ut'
9
9
  require 'railgun/dll_function.rb.ut'
10
10
  require 'railgun/dll_helper.rb.ut'
11
11
  require 'railgun/win_const_manager.rb.ut'
12
+ require 'railgun/dll.rb.ut.rb'
13
+ require 'railgun/dll_wrapper.rb.ut.rb'
14
+ require 'railgun/railgun.rb.ut.rb'
15
+ require 'railgun/win_const_manager.rb.ut.rb'
@@ -1,3 +1,5 @@
1
+ require 'rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager'
2
+ require 'thread'
1
3
 
2
4
  module Rex
3
5
  module Post
@@ -8,6 +10,31 @@ module Railgun
8
10
 
9
11
  class ApiConstants
10
12
 
13
+ # This will be lazily loaded in self.manager
14
+ @@manager = nil
15
+ @@manager_semaphore = Mutex.new
16
+
17
+ # provides a frozen constant manager for the constants defined in self.add_constants
18
+ def self.manager
19
+
20
+ # The first check for nil is to potentially skip the need to synchronize
21
+ if @@manager.nil?
22
+ # Looks like we MAY need to load manager
23
+ @@manager_semaphore.synchronize do
24
+ # We check once more. Now our options are synchronized
25
+ if @@manager.nil?
26
+ @@manager = WinConstManager.new
27
+
28
+ self.add_constants(@@manager)
29
+
30
+ @@manager.freeze
31
+ end
32
+ end
33
+ end
34
+
35
+ return @@manager
36
+ end
37
+
11
38
  def self.add_constants(win_const_mgr)
12
39
  win_const_mgr.add_const('MCI_DGV_SETVIDEO_TINT',0x00004003)
13
40
  win_const_mgr.add_const('EVENT_TRACE_FLAG_PROCESS',0x00000001)
@@ -14,6 +14,13 @@ module Extensions
14
14
  module Stdapi
15
15
  module Railgun
16
16
  class ApiConstants::UnitTest < Test::Unit::TestCase
17
+ def test_manager
18
+ const_manager = ApiConstants.manager
19
+
20
+ assert_equal(0, const_manager.parse('SUCCESS'),
21
+ "ApiConstants.manager should return a functional constant manager for WinAPI constants")
22
+ end
23
+
17
24
  def test_add_constants
18
25
  const_manager = WinConstManager.new
19
26
 
@@ -8,19 +8,273 @@ module Def
8
8
 
9
9
  class Def_advapi32
10
10
 
11
- def self.add_imports(railgun)
11
+ def self.create_dll(dll_path = 'advapi32')
12
+ dll = DLL.new(dll_path, ApiConstants.manager)
13
+
14
+ #Functions for Windows CryptoAPI
15
+ dll.add_function( 'CryptAcquireContextW', 'BOOL',[
16
+ ['PDWORD', 'phProv', 'out'],
17
+ ['PWCHAR', 'pszContainer', 'in'],
18
+ ['PWCHAR', 'pszProvider', 'in'],
19
+ ['DWORD', 'dwProvType', 'in'],
20
+ ['DWORD', 'dwflags', 'in']])
21
+
22
+ dll.add_function( 'CryptAcquireContextA', 'BOOL',[
23
+ ['PDWORD', 'phProv', 'out'],
24
+ ['PWCHAR', 'pszContainer', 'in'],
25
+ ['PWCHAR', 'pszProvider', 'in'],
26
+ ['DWORD', 'dwProvType', 'in'],
27
+ ['DWORD', 'dwflags', 'in']])
28
+
29
+
30
+ dll.add_function( 'CryptContextAddRef', 'BOOL', [
31
+ ['LPVOID', 'hProv', 'in'],
32
+ ['DWORD', 'pdwReserved', 'in'],
33
+ ['DWORD', 'dwFlags', 'in']])
34
+
35
+ dll.add_function( 'CryptEnumProvidersW', 'BOOL', [
36
+ ['DWORD', 'dwIndex', 'in'],
37
+ ['DWORD', 'pdwReserved', 'in'],
38
+ ['DWORD', 'dwFlags', 'in'],
39
+ ['PDWORD', 'pdwProvType', 'out'],
40
+ ['PWCHAR', 'pszProvName', 'out'],
41
+ ['PDWORD', 'pcbProvName', 'inout']])
42
+
43
+ dll.add_function( 'CryptEnumProvidersA', 'BOOL', [
44
+ ['DWORD', 'dwIndex', 'in'],
45
+ ['DWORD', 'pdwReserved', 'in'],
46
+ ['DWORD', 'dwFlags', 'in'],
47
+ ['PDWORD', 'pdwProvType', 'out'],
48
+ ['PCHAR', 'pszProvName', 'out'],
49
+ ['PDWORD', 'pcbProvName', 'inout']])
50
+
51
+ dll.add_function( 'CryptEnumProviderTypesW', 'BOOL', [
52
+ ['DWORD', 'dwIndex', 'in'],
53
+ ['DWORD', 'pdwReserved', 'in'],
54
+ ['DWORD', 'dwFlags', 'in'],
55
+ ['PDWORD', 'pdwProvType', 'out'],
56
+ ['PWCHAR', 'pszTypeName', 'out'],
57
+ ['PDWORD', 'pcbTypeName', 'inout']])
58
+
59
+ dll.add_function( 'CryptEnumProviderTypesA', 'BOOL', [
60
+ ['DWORD', 'dwIndex', 'in'],
61
+ ['DWORD', 'pdwReserved', 'in'],
62
+ ['DWORD', 'dwFlags', 'in'],
63
+ ['PDWORD', 'pdwProvType', 'out'],
64
+ ['PCHAR', 'pszTypeName', 'out'],
65
+ ['PDWORD', 'pcbTypeName', 'inout']])
66
+
67
+ dll.add_function( 'CryptGetDefaultProviderW ', 'BOOL', [
68
+ ['DWORD', 'dwProvType', 'in'],
69
+ ['DWORD', 'pwdReserved', 'in'],
70
+ ['DWORD', 'dwFlags', 'in'],
71
+ ['PWCHAR', 'pszProvName', 'out'],
72
+ ['PDWORD', 'pcbProvName', 'inout']])
73
+
74
+ dll.add_function( 'CryptGetDefaultProviderA ', 'BOOL', [
75
+ ['DWORD', 'dwProvType', 'in'],
76
+ ['DWORD', 'pwdReserved', 'in'],
77
+ ['DWORD', 'dwFlags', 'in'],
78
+ ['PCHAR', 'pszProvName', 'out'],
79
+ ['PDWORD', 'pcbProvName', 'inout']])
80
+
81
+ dll.add_function( 'CryptGetProvParam', 'BOOL', [
82
+ ['LPVOID', 'hProv', 'in'],
83
+ ['DWORD', 'dwParam', 'in'],
84
+ ['PBLOB', 'pbData', 'out'],
85
+ ['PDWORD', 'pwdDataLen', 'inout'],
86
+ ['DWORD', 'dwFlags', 'in']])
87
+
88
+ dll.add_function( 'CryptSetProviderW', 'BOOL', [
89
+ ['PWCHAR', 'pszProvName', 'in'],
90
+ ['DWORD', 'dwProvType', 'in']])
91
+
92
+ dll.add_function( 'CryptSetProviderA', 'BOOL', [
93
+ ['PCHAR', 'pszProvName', 'in'],
94
+ ['DWORD', 'dwProvType', 'in']])
95
+
96
+ dll.add_function( 'CryptSetProviderExW', 'BOOL', [
97
+ ['PWCHAR', 'pszProvName', 'in'],
98
+ ['DWORD', 'dwProvType', 'in'],
99
+ ['DWORD', 'pdwReserved', 'in'],
100
+ ['DWORD', 'dwFlags', 'in']])
101
+
102
+ dll.add_function( 'CryptSetProviderExA', 'BOOL', [
103
+ ['PCHAR', 'pszProvName', 'in'],
104
+ ['DWORD', 'dwProvType', 'in'],
105
+ ['DWORD', 'pdwReserved', 'in'],
106
+ ['DWORD', 'dwFlags', 'in']])
107
+
108
+ dll.add_function( 'CryptSetProvParam', 'BOOL', [
109
+ ['LPVOID', 'hProv', 'in'],
110
+ ['DWORD', 'dwParam', 'in'],
111
+ ['PBLOB', 'pbData', 'in'],
112
+ ['DWORD', 'dwFlags','in']])
113
+
114
+ dll.add_function( 'CryptDuplicateKey', 'BOOL', [
115
+ ['LPVOID', 'hKey', 'in'],
116
+ ['DWORD', 'pdwReserved', 'in'],
117
+ ['DWORD', 'dwFlags', 'in'],
118
+ ['PDWORD', 'phKey', 'out']])
119
+
120
+ dll.add_function( 'CryptExportKey', 'BOOL', [
121
+ ['LPVOID', 'hKey', 'in'],
122
+ ['LPVOID', 'hExpKey', 'in'],
123
+ ['DWORD', 'dwBlobType', 'in'],
124
+ ['DWORD', 'dwFlags', 'in'],
125
+ ['PBLOB', 'pbData', 'out'],
126
+ ['PDWORD', 'pwdDataLen', 'inout']])
127
+
128
+ dll.add_function( 'CryptGenKey', 'BOOL', [
129
+ ['LPVOID', 'hProv', 'in'],
130
+ ['DWORD', 'Algid', 'in'],
131
+ ['DWORD', 'dwFlags', 'in'],
132
+ ['PDWORD', 'phKey', 'out']])
133
+
134
+ dll.add_function( 'CryptGenRandom', 'BOOL', [
135
+ ['LPVOID', 'hProv', 'in'],
136
+ ['DWORD', 'dwLen', 'in'],
137
+ ['PBLOB', 'pbBuffer', 'inout']])
138
+
139
+ dll.add_function( 'CryptGetKeyParam', 'BOOL', [
140
+ ['LPVOID', 'hKey', 'in'],
141
+ ['DWORD', 'dwParam', 'in'],
142
+ ['PBLOB', 'pbData', 'out'],
143
+ ['PDWORD', 'pdwDataLen', 'inout'],
144
+ ['DWORD', 'dwFlags', 'in']])
145
+
146
+ dll.add_function( 'CryptGetUserKey', 'BOOL', [
147
+ ['LPVOID', 'hProv', 'in'],
148
+ ['DWORD', 'dwKeySpec', 'in'],
149
+ ['PDWORD', 'phUserKey', 'out']])
12
150
 
13
- railgun.add_dll('advapi32')
151
+ dll.add_function( 'CryptImportKey', 'BOOL', [
152
+ ['LPVOID', 'hProv', 'in'],
153
+ ['PBLOB', 'pbData', 'in'],
154
+ ['DWORD', 'dwDataLen', 'in'],
155
+ ['LPVOID', 'hPubKey', 'in'],
156
+ ['DWORD', 'dwFlags', 'in'],
157
+ ['PDWORD', 'phKey', 'out']])
14
158
 
159
+ dll.add_function( 'CryptSetKeyParam', 'BOOL', [
160
+ ['LPVOID', 'hKey', 'in'],
161
+ ['DWORD', 'dwParam', 'in'],
162
+ ['PBLOB', 'pbData', 'in'],
163
+ ['DWORD', 'dwFlags', 'in']])
164
+
165
+ dll.add_function( 'CryptEncrypt', 'BOOL', [
166
+ ['LPVOID', 'hKey', 'in'],
167
+ ['LPVOID', 'hHash', 'in'],
168
+ ['BOOL', 'Final', 'in'],
169
+ ['DWORD', 'dwFlags', 'in'],
170
+ ['PBLOB', 'pbData', 'inout'],
171
+ ['PDWORD', 'pdwDataLen', 'inout'],
172
+ ['DWORD', 'dwBufLen', 'in']])
173
+
174
+ dll.add_function( 'CryptDuplicateHash', 'BOOL', [
175
+ ['LPVOID', 'hHash', 'in'],
176
+ ['DWORD', 'pdwReserved', 'in'],
177
+ ['DWORD', 'dwFlags', 'in'],
178
+ ['PDWORD', 'phHash', 'out']])
179
+
180
+ dll.add_function( 'CryptGetHashParam', 'BOOL', [
181
+ ['LPVOID', 'hHash', 'in'],
182
+ ['DWORD', 'dwParam', 'in'],
183
+ ['PBLOB', 'pbData', 'out'],
184
+ ['PDWORD', 'pdwDataLen', 'out'],
185
+ ['DWORD', 'dwFlags', 'in']])
186
+
187
+ dll.add_function( 'CryptHashSessionKey', 'BOOL', [
188
+ ['LPVOID', 'hHash', 'in'],
189
+ ['LPVOID', 'hKey', 'in'],
190
+ ['DWORD', 'dwFlags', 'in']])
191
+
192
+ dll.add_function( 'CryptSetHashParam', 'BOOL', [
193
+ ['LPVOID', 'hHash', 'in'],
194
+ ['DWORD', 'dwParam', 'in'],
195
+ ['PBLOB', 'pbData', 'in'],
196
+ ['DWORD', 'dwFlags', 'in']])
197
+
198
+ dll.add_function( 'CryptSignHashW', 'BOOL', [
199
+ ['LPVOID', 'hHash', 'in'],
200
+ ['DWORD', 'dwKeySpec', 'in'],
201
+ ['PWCHAR', 'sDescription', 'in'],
202
+ ['DWORD', 'dwFlags', 'in'],
203
+ ['PBLOB', 'pbSignature', 'out'],
204
+ ['PDWORD', 'pdwSigLen', 'inout']])
205
+
206
+ dll.add_function( 'CryptSignHashA', 'BOOL', [
207
+ ['LPVOID', 'hHash', 'in'],
208
+ ['DWORD', 'dwKeySpec', 'in'],
209
+ ['PCHAR', 'sDescription', 'in'],
210
+ ['DWORD', 'dwFlags', 'in'],
211
+ ['PBLOB', 'pbSignature', 'out'],
212
+ ['PDWORD', 'pdwSigLen', 'inout']])
213
+
214
+ dll.add_function( 'CryptVerifySignatureW', 'BOOL', [
215
+ ['LPVOID', 'hHash', 'in'],
216
+ ['PBLOB', 'pbSignature', 'in'],
217
+ ['DWORD', 'dwSigLen', 'in'],
218
+ ['LPVOID', 'hPubKey', 'in'],
219
+ ['PWCHAR', 'sDescription', 'in'],
220
+ ['DWORD', 'dwFlags', 'in']])
221
+
222
+ dll.add_function( 'CryptVerifySignatureA', 'BOOL', [
223
+ ['LPVOID', 'hHash', 'in'],
224
+ ['PBLOB', 'pbSignature', 'in'],
225
+ ['DWORD', 'dwSigLen', 'in'],
226
+ ['LPVOID', 'hPubKey', 'in'],
227
+ ['PCHAR', 'sDescription', 'in'],
228
+ ['DWORD', 'dwFlags', 'in']])
229
+
230
+ dll.add_function( 'CryptCreateHash', 'BOOL',[
231
+ ['LPVOID', 'hProv', 'in'],
232
+ ['DWORD', 'Algid', 'in'],
233
+ ['LPVOID', 'hKey', 'in'],
234
+ ['DWORD', 'dwFlags', 'in'],
235
+ ['PDWORD', 'phHash', 'out']])
236
+
237
+ dll.add_function( 'CryptHashData', 'BOOL',[
238
+ ['LPVOID', 'hHash', 'in'],
239
+ ['PWCHAR', 'pbData', 'in'],
240
+ ['DWORD', 'dwDataLen', 'in'],
241
+ ['DWORD', 'dwFlags', 'in']])
242
+
243
+ dll.add_function( 'CryptDeriveKey', 'BOOL',[
244
+ ['LPVOID', 'hProv', 'in'],
245
+ ['DWORD', 'Algid', 'in'],
246
+ ['LPVOID', 'hBaseData', 'in'],
247
+ ['DWORD', 'dwFlags', 'in'],
248
+ ['PDWORD', 'phKey', 'inout']])
249
+
250
+ dll.add_function( 'CryptDecrypt', 'BOOL',[
251
+ ['LPVOID', 'hKey', 'in'],
252
+ ['LPVOID', 'hHash', 'in'],
253
+ ['BOOL', 'Final', 'in'],
254
+ ['DWORD', 'dwFlags', 'in'],
255
+ ['PBLOB', 'pbData', 'inout'],
256
+ ['PDWORD', 'pdwDataLen', 'inout']])
257
+
258
+ dll.add_function( 'CryptDestroyHash', 'BOOL',[
259
+ ['LPVOID', 'hHash', 'in']])
260
+
261
+ dll.add_function( 'CryptDestroyKey', 'BOOL',[
262
+ ['LPVOID', 'hKey', 'in']])
263
+
264
+ dll.add_function( 'CryptReleaseContext', 'BOOL',[
265
+ ['LPVOID', 'hProv', 'in'],
266
+ ['DWORD', 'dwFlags', 'in']])
267
+
268
+
15
269
  # Function to open the Service Control Database
16
- railgun.add_function( 'advapi32', 'OpenSCManagerA','DWORD',[
270
+ dll.add_function('OpenSCManagerA','DWORD',[
17
271
  [ "PCHAR", "lpMachineName", "inout" ],
18
272
  [ "PCHAR", "lpDatabaseName", "inout" ],
19
273
  [ "DWORD", "dwDesiredAccess", "in" ]
20
274
  ])
21
275
 
22
276
  # Function for creating a Service
23
- railgun.add_function( 'advapi32', 'CreateServiceA','DWORD',[
277
+ dll.add_function('CreateServiceA','DWORD',[
24
278
  [ "DWORD", "hSCManager", "in" ],
25
279
  [ "PCHAR", "lpServiceName", "in" ],
26
280
  [ "PCHAR", "lpDisplayName", "in" ],
@@ -36,7 +290,7 @@ class Def_advapi32
36
290
  [ "PCHAR", "lpPassword", "in" ]
37
291
  ])
38
292
 
39
- railgun.add_function( 'advapi32', 'OpenServiceA','DWORD',[
293
+ dll.add_function('OpenServiceA','DWORD',[
40
294
  [ "DWORD", "hSCManager", "in" ],
41
295
  [ "PCHAR", "lpServiceName", "in" ],
42
296
  [ "DWORD", "dwDesiredAccess", "in" ]
@@ -45,13 +299,13 @@ class Def_advapi32
45
299
  #access rights: SERVICE_CHANGE_CONFIG (0x0002) SERVICE_START (0x0010)
46
300
  #SERVICE_STOP (0x0020)
47
301
 
48
- railgun.add_function( 'advapi32', 'StartServiceA','BOOL',[
302
+ dll.add_function('StartServiceA','BOOL',[
49
303
  [ "DWORD", "hService", "in" ],
50
304
  [ "DWORD", "dwNumServiceArgs", "in" ],
51
305
  [ "PCHAR", "lpServiceArgVectors", "in" ]
52
306
  ])
53
307
 
54
- railgun.add_function( 'advapi32', 'ControlService','BOOL',[
308
+ dll.add_function('ControlService','BOOL',[
55
309
  [ "DWORD", "hService", "in" ],
56
310
  [ "DWORD", "dwControl", "in" ],
57
311
  [ "PBLOB", "lpServiceStatus", "out" ]
@@ -63,7 +317,7 @@ class Def_advapi32
63
317
  #dwCurrentState; dwControlsAccepted; dwWin32ExitCode;
64
318
  #dwServiceSpecificExitCode; dwCheckPoint; dwWaitHint;
65
319
 
66
- railgun.add_function( 'advapi32', 'ChangeServiceConfigA','BOOL',[
320
+ dll.add_function('ChangeServiceConfigA','BOOL',[
67
321
  [ "DWORD", "hService", "in" ],
68
322
  [ "DWORD", "dwServiceType", "in" ],
69
323
  [ "DWORD", "dwStartType", "in" ],
@@ -77,19 +331,19 @@ class Def_advapi32
77
331
  [ "PCHAR", "lpDisplayName", "in" ]
78
332
  ])
79
333
 
80
- railgun.add_function( 'advapi32', 'CloseServiceHandle','BOOL',[
334
+ dll.add_function('CloseServiceHandle','BOOL',[
81
335
  [ "DWORD", "hSCObject", "in" ]
82
336
  ])
83
337
 
84
- railgun.add_function( 'advapi32', 'AbortSystemShutdownA', 'BOOL',[
338
+ dll.add_function('AbortSystemShutdownA', 'BOOL',[
85
339
  ["PCHAR","lpMachineName","in"],
86
340
  ])
87
341
 
88
- railgun.add_function( 'advapi32', 'AbortSystemShutdownW', 'BOOL',[
342
+ dll.add_function('AbortSystemShutdownW', 'BOOL',[
89
343
  ["PWCHAR","lpMachineName","in"],
90
344
  ])
91
345
 
92
- railgun.add_function( 'advapi32', 'InitiateSystemShutdownA', 'BOOL',[
346
+ dll.add_function('InitiateSystemShutdownA', 'BOOL',[
93
347
  ["PCHAR","lpMachineName","in"],
94
348
  ["PCHAR","lpMessage","in"],
95
349
  ["DWORD","dwTimeout","in"],
@@ -97,7 +351,7 @@ class Def_advapi32
97
351
  ["BOOL","bRebootAfterShutdown","in"],
98
352
  ])
99
353
 
100
- railgun.add_function( 'advapi32', 'InitiateSystemShutdownExA', 'BOOL',[
354
+ dll.add_function('InitiateSystemShutdownExA', 'BOOL',[
101
355
  ["PCHAR","lpMachineName","in"],
102
356
  ["PCHAR","lpMessage","in"],
103
357
  ["DWORD","dwTimeout","in"],
@@ -106,7 +360,7 @@ class Def_advapi32
106
360
  ["DWORD","dwReason","in"],
107
361
  ])
108
362
 
109
- railgun.add_function( 'advapi32', 'InitiateSystemShutdownExW', 'BOOL',[
363
+ dll.add_function('InitiateSystemShutdownExW', 'BOOL',[
110
364
  ["PWCHAR","lpMachineName","in"],
111
365
  ["PWCHAR","lpMessage","in"],
112
366
  ["DWORD","dwTimeout","in"],
@@ -115,7 +369,7 @@ class Def_advapi32
115
369
  ["DWORD","dwReason","in"],
116
370
  ])
117
371
 
118
- railgun.add_function( 'advapi32', 'InitiateSystemShutdownW', 'BOOL',[
372
+ dll.add_function('InitiateSystemShutdownW', 'BOOL',[
119
373
  ["PWCHAR","lpMachineName","in"],
120
374
  ["PWCHAR","lpMessage","in"],
121
375
  ["DWORD","dwTimeout","in"],
@@ -123,43 +377,43 @@ class Def_advapi32
123
377
  ["BOOL","bRebootAfterShutdown","in"],
124
378
  ])
125
379
 
126
- railgun.add_function( 'advapi32', 'RegCloseKey', 'DWORD',[
380
+ dll.add_function('RegCloseKey', 'DWORD',[
127
381
  ["DWORD","hKey","in"],
128
382
  ])
129
383
 
130
- railgun.add_function( 'advapi32', 'RegConnectRegistryA', 'DWORD',[
384
+ dll.add_function('RegConnectRegistryA', 'DWORD',[
131
385
  ["PCHAR","lpMachineName","in"],
132
386
  ["DWORD","hKey","in"],
133
387
  ["PDWORD","phkResult","out"],
134
388
  ])
135
389
 
136
- railgun.add_function( 'advapi32', 'RegConnectRegistryExA', 'DWORD',[
390
+ dll.add_function('RegConnectRegistryExA', 'DWORD',[
137
391
  ["PCHAR","lpMachineName","in"],
138
392
  ["DWORD","hKey","in"],
139
393
  ["DWORD","Flags","in"],
140
394
  ["PDWORD","phkResult","out"],
141
395
  ])
142
396
 
143
- railgun.add_function( 'advapi32', 'RegConnectRegistryExW', 'DWORD',[
397
+ dll.add_function('RegConnectRegistryExW', 'DWORD',[
144
398
  ["PWCHAR","lpMachineName","in"],
145
399
  ["DWORD","hKey","in"],
146
400
  ["DWORD","Flags","in"],
147
401
  ["PDWORD","phkResult","out"],
148
402
  ])
149
403
 
150
- railgun.add_function( 'advapi32', 'RegConnectRegistryW', 'DWORD',[
404
+ dll.add_function('RegConnectRegistryW', 'DWORD',[
151
405
  ["PWCHAR","lpMachineName","in"],
152
406
  ["DWORD","hKey","in"],
153
407
  ["PDWORD","phkResult","out"],
154
408
  ])
155
409
 
156
- railgun.add_function( 'advapi32', 'RegCreateKeyA', 'DWORD',[
410
+ dll.add_function('RegCreateKeyA', 'DWORD',[
157
411
  ["DWORD","hKey","in"],
158
412
  ["PCHAR","lpSubKey","in"],
159
413
  ["PDWORD","phkResult","out"],
160
414
  ])
161
415
 
162
- railgun.add_function( 'advapi32', 'RegCreateKeyExA', 'DWORD',[
416
+ dll.add_function('RegCreateKeyExA', 'DWORD',[
163
417
  ["DWORD","hKey","in"],
164
418
  ["PCHAR","lpSubKey","in"],
165
419
  ["DWORD","Reserved","inout"],
@@ -171,7 +425,7 @@ class Def_advapi32
171
425
  ["PDWORD","lpdwDisposition","out"],
172
426
  ])
173
427
 
174
- railgun.add_function( 'advapi32', 'RegCreateKeyExW', 'DWORD',[
428
+ dll.add_function('RegCreateKeyExW', 'DWORD',[
175
429
  ["DWORD","hKey","in"],
176
430
  ["PWCHAR","lpSubKey","in"],
177
431
  ["DWORD","Reserved","inout"],
@@ -183,65 +437,65 @@ class Def_advapi32
183
437
  ["PDWORD","lpdwDisposition","out"],
184
438
  ])
185
439
 
186
- railgun.add_function( 'advapi32', 'RegCreateKeyW', 'DWORD',[
440
+ dll.add_function('RegCreateKeyW', 'DWORD',[
187
441
  ["DWORD","hKey","in"],
188
442
  ["PWCHAR","lpSubKey","in"],
189
443
  ["PDWORD","phkResult","out"],
190
444
  ])
191
445
 
192
- railgun.add_function( 'advapi32', 'RegDeleteKeyA', 'DWORD',[
446
+ dll.add_function('RegDeleteKeyA', 'DWORD',[
193
447
  ["DWORD","hKey","in"],
194
448
  ["PCHAR","lpSubKey","in"],
195
449
  ])
196
450
 
197
- railgun.add_function( 'advapi32', 'RegDeleteKeyExA', 'DWORD',[
451
+ dll.add_function('RegDeleteKeyExA', 'DWORD',[
198
452
  ["DWORD","hKey","in"],
199
453
  ["PCHAR","lpSubKey","in"],
200
454
  ["DWORD","samDesired","in"],
201
455
  ["DWORD","Reserved","inout"],
202
456
  ])
203
457
 
204
- railgun.add_function( 'advapi32', 'RegDeleteKeyExW', 'DWORD',[
458
+ dll.add_function('RegDeleteKeyExW', 'DWORD',[
205
459
  ["DWORD","hKey","in"],
206
460
  ["PWCHAR","lpSubKey","in"],
207
461
  ["DWORD","samDesired","in"],
208
462
  ["DWORD","Reserved","inout"],
209
463
  ])
210
464
 
211
- railgun.add_function( 'advapi32', 'RegDeleteKeyW', 'DWORD',[
465
+ dll.add_function('RegDeleteKeyW', 'DWORD',[
212
466
  ["DWORD","hKey","in"],
213
467
  ["PWCHAR","lpSubKey","in"],
214
468
  ])
215
469
 
216
- railgun.add_function( 'advapi32', 'RegDeleteValueA', 'DWORD',[
470
+ dll.add_function('RegDeleteValueA', 'DWORD',[
217
471
  ["DWORD","hKey","in"],
218
472
  ["PCHAR","lpValueName","in"],
219
473
  ])
220
474
 
221
- railgun.add_function( 'advapi32', 'RegDeleteValueW', 'DWORD',[
475
+ dll.add_function('RegDeleteValueW', 'DWORD',[
222
476
  ["DWORD","hKey","in"],
223
477
  ["PWCHAR","lpValueName","in"],
224
478
  ])
225
479
 
226
- railgun.add_function( 'advapi32', 'RegDisablePredefinedCache', 'DWORD',[
480
+ dll.add_function('RegDisablePredefinedCache', 'DWORD',[
227
481
  ])
228
482
 
229
- railgun.add_function( 'advapi32', 'RegDisableReflectionKey', 'DWORD',[
483
+ dll.add_function('RegDisableReflectionKey', 'DWORD',[
230
484
  ["DWORD","hBase","in"],
231
485
  ])
232
486
 
233
- railgun.add_function( 'advapi32', 'RegEnableReflectionKey', 'DWORD',[
487
+ dll.add_function('RegEnableReflectionKey', 'DWORD',[
234
488
  ["DWORD","hBase","in"],
235
489
  ])
236
490
 
237
- railgun.add_function( 'advapi32', 'RegEnumKeyA', 'DWORD',[
491
+ dll.add_function('RegEnumKeyA', 'DWORD',[
238
492
  ["DWORD","hKey","in"],
239
493
  ["DWORD","dwIndex","in"],
240
494
  ["PCHAR","lpName","out"],
241
495
  ["DWORD","cchName","in"],
242
496
  ])
243
497
 
244
- railgun.add_function( 'advapi32', 'RegEnumKeyExA', 'DWORD',[
498
+ dll.add_function('RegEnumKeyExA', 'DWORD',[
245
499
  ["DWORD","hKey","in"],
246
500
  ["DWORD","dwIndex","in"],
247
501
  ["PCHAR","lpName","out"],
@@ -252,7 +506,7 @@ class Def_advapi32
252
506
  ["PBLOB","lpftLastWriteTime","out"],
253
507
  ])
254
508
 
255
- railgun.add_function( 'advapi32', 'RegEnumKeyExW', 'DWORD',[
509
+ dll.add_function('RegEnumKeyExW', 'DWORD',[
256
510
  ["DWORD","hKey","in"],
257
511
  ["DWORD","dwIndex","in"],
258
512
  ["PWCHAR","lpName","out"],
@@ -263,14 +517,14 @@ class Def_advapi32
263
517
  ["PBLOB","lpftLastWriteTime","out"],
264
518
  ])
265
519
 
266
- railgun.add_function( 'advapi32', 'RegEnumKeyW', 'DWORD',[
520
+ dll.add_function('RegEnumKeyW', 'DWORD',[
267
521
  ["DWORD","hKey","in"],
268
522
  ["DWORD","dwIndex","in"],
269
523
  ["PWCHAR","lpName","out"],
270
524
  ["DWORD","cchName","in"],
271
525
  ])
272
526
 
273
- railgun.add_function( 'advapi32', 'RegEnumValueA', 'DWORD',[
527
+ dll.add_function('RegEnumValueA', 'DWORD',[
274
528
  ["DWORD","hKey","in"],
275
529
  ["DWORD","dwIndex","in"],
276
530
  ["PCHAR","lpValueName","out"],
@@ -281,7 +535,7 @@ class Def_advapi32
281
535
  ["PDWORD","lpcbData","inout"],
282
536
  ])
283
537
 
284
- railgun.add_function( 'advapi32', 'RegEnumValueW', 'DWORD',[
538
+ dll.add_function('RegEnumValueW', 'DWORD',[
285
539
  ["DWORD","hKey","in"],
286
540
  ["DWORD","dwIndex","in"],
287
541
  ["PWCHAR","lpValueName","out"],
@@ -292,18 +546,18 @@ class Def_advapi32
292
546
  ["PDWORD","lpcbData","inout"],
293
547
  ])
294
548
 
295
- railgun.add_function( 'advapi32', 'RegFlushKey', 'DWORD',[
549
+ dll.add_function('RegFlushKey', 'DWORD',[
296
550
  ["DWORD","hKey","in"],
297
551
  ])
298
552
 
299
- railgun.add_function( 'advapi32', 'RegGetKeySecurity', 'DWORD',[
553
+ dll.add_function('RegGetKeySecurity', 'DWORD',[
300
554
  ["DWORD","hKey","in"],
301
555
  ["PBLOB","SecurityInformation","in"],
302
556
  ["PBLOB","pSecurityDescriptor","out"],
303
557
  ["PDWORD","lpcbSecurityDescriptor","inout"],
304
558
  ])
305
559
 
306
- railgun.add_function( 'advapi32', 'RegGetValueA', 'DWORD',[
560
+ dll.add_function('RegGetValueA', 'DWORD',[
307
561
  ["DWORD","hkey","in"],
308
562
  ["PCHAR","lpSubKey","in"],
309
563
  ["PCHAR","lpValue","in"],
@@ -313,7 +567,7 @@ class Def_advapi32
313
567
  ["PDWORD","pcbData","inout"],
314
568
  ])
315
569
 
316
- railgun.add_function( 'advapi32', 'RegGetValueW', 'DWORD',[
570
+ dll.add_function('RegGetValueW', 'DWORD',[
317
571
  ["DWORD","hkey","in"],
318
572
  ["PWCHAR","lpSubKey","in"],
319
573
  ["PWCHAR","lpValue","in"],
@@ -323,19 +577,19 @@ class Def_advapi32
323
577
  ["PDWORD","pcbData","inout"],
324
578
  ])
325
579
 
326
- railgun.add_function( 'advapi32', 'RegLoadKeyA', 'DWORD',[
580
+ dll.add_function('RegLoadKeyA', 'DWORD',[
327
581
  ["DWORD","hKey","in"],
328
582
  ["PCHAR","lpSubKey","in"],
329
583
  ["PCHAR","lpFile","in"],
330
584
  ])
331
585
 
332
- railgun.add_function( 'advapi32', 'RegLoadKeyW', 'DWORD',[
586
+ dll.add_function('RegLoadKeyW', 'DWORD',[
333
587
  ["DWORD","hKey","in"],
334
588
  ["PWCHAR","lpSubKey","in"],
335
589
  ["PWCHAR","lpFile","in"],
336
590
  ])
337
591
 
338
- railgun.add_function( 'advapi32', 'RegNotifyChangeKeyValue', 'DWORD',[
592
+ dll.add_function('RegNotifyChangeKeyValue', 'DWORD',[
339
593
  ["DWORD","hKey","in"],
340
594
  ["BOOL","bWatchSubtree","in"],
341
595
  ["DWORD","dwNotifyFilter","in"],
@@ -343,18 +597,18 @@ class Def_advapi32
343
597
  ["BOOL","fAsynchronous","in"],
344
598
  ])
345
599
 
346
- railgun.add_function( 'advapi32', 'RegOpenCurrentUser', 'DWORD',[
600
+ dll.add_function('RegOpenCurrentUser', 'DWORD',[
347
601
  ["DWORD","samDesired","in"],
348
602
  ["PDWORD","phkResult","out"],
349
603
  ])
350
604
 
351
- railgun.add_function( 'advapi32', 'RegOpenKeyA', 'DWORD',[
605
+ dll.add_function('RegOpenKeyA', 'DWORD',[
352
606
  ["DWORD","hKey","in"],
353
607
  ["PCHAR","lpSubKey","in"],
354
608
  ["PDWORD","phkResult","out"],
355
609
  ])
356
610
 
357
- railgun.add_function( 'advapi32', 'RegOpenKeyExA', 'DWORD',[
611
+ dll.add_function('RegOpenKeyExA', 'DWORD',[
358
612
  ["DWORD","hKey","in"],
359
613
  ["PCHAR","lpSubKey","in"],
360
614
  ["DWORD","ulOptions","inout"],
@@ -362,7 +616,7 @@ class Def_advapi32
362
616
  ["PDWORD","phkResult","out"],
363
617
  ])
364
618
 
365
- railgun.add_function( 'advapi32', 'RegOpenKeyExW', 'DWORD',[
619
+ dll.add_function('RegOpenKeyExW', 'DWORD',[
366
620
  ["DWORD","hKey","in"],
367
621
  ["PWCHAR","lpSubKey","in"],
368
622
  ["DWORD","ulOptions","inout"],
@@ -370,25 +624,25 @@ class Def_advapi32
370
624
  ["PDWORD","phkResult","out"],
371
625
  ])
372
626
 
373
- railgun.add_function( 'advapi32', 'RegOpenKeyW', 'DWORD',[
627
+ dll.add_function('RegOpenKeyW', 'DWORD',[
374
628
  ["DWORD","hKey","in"],
375
629
  ["PWCHAR","lpSubKey","in"],
376
630
  ["PDWORD","phkResult","out"],
377
631
  ])
378
632
 
379
- railgun.add_function( 'advapi32', 'RegOpenUserClassesRoot', 'DWORD',[
633
+ dll.add_function('RegOpenUserClassesRoot', 'DWORD',[
380
634
  ["DWORD","hToken","in"],
381
635
  ["DWORD","dwOptions","inout"],
382
636
  ["DWORD","samDesired","in"],
383
637
  ["PDWORD","phkResult","out"],
384
638
  ])
385
639
 
386
- railgun.add_function( 'advapi32', 'RegOverridePredefKey', 'DWORD',[
640
+ dll.add_function('RegOverridePredefKey', 'DWORD',[
387
641
  ["DWORD","hKey","in"],
388
642
  ["DWORD","hNewHKey","in"],
389
643
  ])
390
644
 
391
- railgun.add_function( 'advapi32', 'RegQueryInfoKeyA', 'DWORD',[
645
+ dll.add_function('RegQueryInfoKeyA', 'DWORD',[
392
646
  ["DWORD","hKey","in"],
393
647
  ["PCHAR","lpClass","out"],
394
648
  ["PDWORD","lpcchClass","inout"],
@@ -403,7 +657,7 @@ class Def_advapi32
403
657
  ["PBLOB","lpftLastWriteTime","out"],
404
658
  ])
405
659
 
406
- railgun.add_function( 'advapi32', 'RegQueryInfoKeyW', 'DWORD',[
660
+ dll.add_function('RegQueryInfoKeyW', 'DWORD',[
407
661
  ["DWORD","hKey","in"],
408
662
  ["PWCHAR","lpClass","out"],
409
663
  ["PDWORD","lpcchClass","inout"],
@@ -418,7 +672,7 @@ class Def_advapi32
418
672
  ["PBLOB","lpftLastWriteTime","out"],
419
673
  ])
420
674
 
421
- railgun.add_function( 'advapi32', 'RegQueryMultipleValuesA', 'DWORD',[
675
+ dll.add_function('RegQueryMultipleValuesA', 'DWORD',[
422
676
  ["DWORD","hKey","in"],
423
677
  ["PBLOB","val_list","out"],
424
678
  ["DWORD","num_vals","in"],
@@ -426,7 +680,7 @@ class Def_advapi32
426
680
  ["PDWORD","ldwTotsize","inout"],
427
681
  ])
428
682
 
429
- railgun.add_function( 'advapi32', 'RegQueryMultipleValuesW', 'DWORD',[
683
+ dll.add_function('RegQueryMultipleValuesW', 'DWORD',[
430
684
  ["DWORD","hKey","in"],
431
685
  ["PBLOB","val_list","out"],
432
686
  ["DWORD","num_vals","in"],
@@ -434,19 +688,19 @@ class Def_advapi32
434
688
  ["PDWORD","ldwTotsize","inout"],
435
689
  ])
436
690
 
437
- railgun.add_function( 'advapi32', 'RegQueryReflectionKey', 'DWORD',[
691
+ dll.add_function('RegQueryReflectionKey', 'DWORD',[
438
692
  ["DWORD","hBase","in"],
439
693
  ["PBLOB","bIsReflectionDisabled","out"],
440
694
  ])
441
695
 
442
- railgun.add_function( 'advapi32', 'RegQueryValueA', 'DWORD',[
696
+ dll.add_function('RegQueryValueA', 'DWORD',[
443
697
  ["DWORD","hKey","in"],
444
698
  ["PCHAR","lpSubKey","in"],
445
699
  ["PCHAR","lpData","out"],
446
700
  ["PDWORD","lpcbData","inout"],
447
701
  ])
448
702
 
449
- railgun.add_function( 'advapi32', 'RegQueryValueExA', 'DWORD',[
703
+ dll.add_function('RegQueryValueExA', 'DWORD',[
450
704
  ["DWORD","hKey","in"],
451
705
  ["PCHAR","lpValueName","in"],
452
706
  ["PDWORD","lpReserved","inout"],
@@ -455,7 +709,7 @@ class Def_advapi32
455
709
  ["PDWORD","lpcbData","inout"],
456
710
  ])
457
711
 
458
- railgun.add_function( 'advapi32', 'RegQueryValueExW', 'DWORD',[
712
+ dll.add_function('RegQueryValueExW', 'DWORD',[
459
713
  ["DWORD","hKey","in"],
460
714
  ["PWCHAR","lpValueName","in"],
461
715
  ["PDWORD","lpReserved","inout"],
@@ -464,72 +718,72 @@ class Def_advapi32
464
718
  ["PDWORD","lpcbData","inout"],
465
719
  ])
466
720
 
467
- railgun.add_function( 'advapi32', 'RegQueryValueW', 'DWORD',[
721
+ dll.add_function('RegQueryValueW', 'DWORD',[
468
722
  ["DWORD","hKey","in"],
469
723
  ["PWCHAR","lpSubKey","in"],
470
724
  ["PWCHAR","lpData","out"],
471
725
  ["PDWORD","lpcbData","inout"],
472
726
  ])
473
727
 
474
- railgun.add_function( 'advapi32', 'RegReplaceKeyA', 'DWORD',[
728
+ dll.add_function('RegReplaceKeyA', 'DWORD',[
475
729
  ["DWORD","hKey","in"],
476
730
  ["PCHAR","lpSubKey","in"],
477
731
  ["PCHAR","lpNewFile","in"],
478
732
  ["PCHAR","lpOldFile","in"],
479
733
  ])
480
734
 
481
- railgun.add_function( 'advapi32', 'RegReplaceKeyW', 'DWORD',[
735
+ dll.add_function('RegReplaceKeyW', 'DWORD',[
482
736
  ["DWORD","hKey","in"],
483
737
  ["PWCHAR","lpSubKey","in"],
484
738
  ["PWCHAR","lpNewFile","in"],
485
739
  ["PWCHAR","lpOldFile","in"],
486
740
  ])
487
741
 
488
- railgun.add_function( 'advapi32', 'RegRestoreKeyA', 'DWORD',[
742
+ dll.add_function('RegRestoreKeyA', 'DWORD',[
489
743
  ["DWORD","hKey","in"],
490
744
  ["PCHAR","lpFile","in"],
491
745
  ["DWORD","dwFlags","in"],
492
746
  ])
493
747
 
494
- railgun.add_function( 'advapi32', 'RegRestoreKeyW', 'DWORD',[
748
+ dll.add_function('RegRestoreKeyW', 'DWORD',[
495
749
  ["DWORD","hKey","in"],
496
750
  ["PWCHAR","lpFile","in"],
497
751
  ["DWORD","dwFlags","in"],
498
752
  ])
499
753
 
500
- railgun.add_function( 'advapi32', 'RegSaveKeyA', 'DWORD',[
754
+ dll.add_function('RegSaveKeyA', 'DWORD',[
501
755
  ["DWORD","hKey","in"],
502
756
  ["PCHAR","lpFile","in"],
503
757
  ["PBLOB","lpSecurityAttributes","in"],
504
758
  ])
505
759
 
506
- railgun.add_function( 'advapi32', 'RegSaveKeyExA', 'DWORD',[
760
+ dll.add_function('RegSaveKeyExA', 'DWORD',[
507
761
  ["DWORD","hKey","in"],
508
762
  ["PCHAR","lpFile","in"],
509
763
  ["PBLOB","lpSecurityAttributes","in"],
510
764
  ["DWORD","Flags","in"],
511
765
  ])
512
766
 
513
- railgun.add_function( 'advapi32', 'RegSaveKeyExW', 'DWORD',[
767
+ dll.add_function('RegSaveKeyExW', 'DWORD',[
514
768
  ["DWORD","hKey","in"],
515
769
  ["PWCHAR","lpFile","in"],
516
770
  ["PBLOB","lpSecurityAttributes","in"],
517
771
  ["DWORD","Flags","in"],
518
772
  ])
519
773
 
520
- railgun.add_function( 'advapi32', 'RegSaveKeyW', 'DWORD',[
774
+ dll.add_function('RegSaveKeyW', 'DWORD',[
521
775
  ["DWORD","hKey","in"],
522
776
  ["PWCHAR","lpFile","in"],
523
777
  ["PBLOB","lpSecurityAttributes","in"],
524
778
  ])
525
779
 
526
- railgun.add_function( 'advapi32', 'RegSetKeySecurity', 'DWORD',[
780
+ dll.add_function('RegSetKeySecurity', 'DWORD',[
527
781
  ["DWORD","hKey","in"],
528
782
  ["PBLOB","SecurityInformation","in"],
529
783
  ["PBLOB","pSecurityDescriptor","in"],
530
784
  ])
531
785
 
532
- railgun.add_function( 'advapi32', 'RegSetValueA', 'DWORD',[
786
+ dll.add_function('RegSetValueA', 'DWORD',[
533
787
  ["DWORD","hKey","in"],
534
788
  ["PCHAR","lpSubKey","in"],
535
789
  ["DWORD","dwType","in"],
@@ -537,7 +791,7 @@ class Def_advapi32
537
791
  ["DWORD","cbData","in"],
538
792
  ])
539
793
 
540
- railgun.add_function( 'advapi32', 'RegSetValueExA', 'DWORD',[
794
+ dll.add_function('RegSetValueExA', 'DWORD',[
541
795
  ["DWORD","hKey","in"],
542
796
  ["PCHAR","lpValueName","in"],
543
797
  ["DWORD","Reserved","inout"],
@@ -546,7 +800,7 @@ class Def_advapi32
546
800
  ["DWORD","cbData","in"],
547
801
  ])
548
802
 
549
- railgun.add_function( 'advapi32', 'RegSetValueExW', 'DWORD',[
803
+ dll.add_function('RegSetValueExW', 'DWORD',[
550
804
  ["DWORD","hKey","in"],
551
805
  ["PWCHAR","lpValueName","in"],
552
806
  ["DWORD","Reserved","inout"],
@@ -555,7 +809,7 @@ class Def_advapi32
555
809
  ["DWORD","cbData","in"],
556
810
  ])
557
811
 
558
- railgun.add_function( 'advapi32', 'RegSetValueW', 'DWORD',[
812
+ dll.add_function('RegSetValueW', 'DWORD',[
559
813
  ["DWORD","hKey","in"],
560
814
  ["PWCHAR","lpSubKey","in"],
561
815
  ["DWORD","dwType","in"],
@@ -563,23 +817,23 @@ class Def_advapi32
563
817
  ["DWORD","cbData","in"],
564
818
  ])
565
819
 
566
- railgun.add_function( 'advapi32', 'RegUnLoadKeyA', 'DWORD',[
820
+ dll.add_function('RegUnLoadKeyA', 'DWORD',[
567
821
  ["DWORD","hKey","in"],
568
822
  ["PCHAR","lpSubKey","in"],
569
823
  ])
570
824
 
571
- railgun.add_function( 'advapi32', 'RegUnLoadKeyW', 'DWORD',[
825
+ dll.add_function('RegUnLoadKeyW', 'DWORD',[
572
826
  ["DWORD","hKey","in"],
573
827
  ["PWCHAR","lpSubKey","in"],
574
828
  ])
575
829
 
576
- railgun.add_function( 'advapi32', 'Wow64Win32ApiEntry', 'DWORD',[
830
+ dll.add_function('Wow64Win32ApiEntry', 'DWORD',[
577
831
  ["DWORD","dwFuncNumber","in"],
578
832
  ["DWORD","dwFlag","in"],
579
833
  ["DWORD","dwRes","in"],
580
834
  ])
581
835
 
582
- railgun.add_function( 'advapi32', 'AccessCheck', 'BOOL',[
836
+ dll.add_function('AccessCheck', 'BOOL',[
583
837
  ["PBLOB","pSecurityDescriptor","in"],
584
838
  ["DWORD","ClientToken","in"],
585
839
  ["DWORD","DesiredAccess","in"],
@@ -590,7 +844,7 @@ class Def_advapi32
590
844
  ["PBLOB","AccessStatus","out"],
591
845
  ])
592
846
 
593
- railgun.add_function( 'advapi32', 'AccessCheckAndAuditAlarmA', 'BOOL',[
847
+ dll.add_function('AccessCheckAndAuditAlarmA', 'BOOL',[
594
848
  ["PCHAR","SubsystemName","in"],
595
849
  ["PBLOB","HandleId","in"],
596
850
  ["PCHAR","ObjectTypeName","in"],
@@ -604,7 +858,7 @@ class Def_advapi32
604
858
  ["PBLOB","pfGenerateOnClose","out"],
605
859
  ])
606
860
 
607
- railgun.add_function( 'advapi32', 'AccessCheckAndAuditAlarmW', 'BOOL',[
861
+ dll.add_function('AccessCheckAndAuditAlarmW', 'BOOL',[
608
862
  ["PWCHAR","SubsystemName","in"],
609
863
  ["PBLOB","HandleId","in"],
610
864
  ["PWCHAR","ObjectTypeName","in"],
@@ -618,7 +872,7 @@ class Def_advapi32
618
872
  ["PBLOB","pfGenerateOnClose","out"],
619
873
  ])
620
874
 
621
- railgun.add_function( 'advapi32', 'AccessCheckByType', 'BOOL',[
875
+ dll.add_function('AccessCheckByType', 'BOOL',[
622
876
  ["PBLOB","pSecurityDescriptor","in"],
623
877
  ["LPVOID","PrincipalSelfSid","in"],
624
878
  ["DWORD","ClientToken","in"],
@@ -632,7 +886,7 @@ class Def_advapi32
632
886
  ["PBLOB","AccessStatus","out"],
633
887
  ])
634
888
 
635
- railgun.add_function( 'advapi32', 'AccessCheckByTypeAndAuditAlarmA', 'BOOL',[
889
+ dll.add_function('AccessCheckByTypeAndAuditAlarmA', 'BOOL',[
636
890
  ["PCHAR","SubsystemName","in"],
637
891
  ["PBLOB","HandleId","in"],
638
892
  ["PCHAR","ObjectTypeName","in"],
@@ -651,7 +905,7 @@ class Def_advapi32
651
905
  ["PBLOB","pfGenerateOnClose","out"],
652
906
  ])
653
907
 
654
- railgun.add_function( 'advapi32', 'AccessCheckByTypeAndAuditAlarmW', 'BOOL',[
908
+ dll.add_function('AccessCheckByTypeAndAuditAlarmW', 'BOOL',[
655
909
  ["PWCHAR","SubsystemName","in"],
656
910
  ["PBLOB","HandleId","in"],
657
911
  ["PWCHAR","ObjectTypeName","in"],
@@ -670,7 +924,7 @@ class Def_advapi32
670
924
  ["PBLOB","pfGenerateOnClose","out"],
671
925
  ])
672
926
 
673
- railgun.add_function( 'advapi32', 'AccessCheckByTypeResultList', 'BOOL',[
927
+ dll.add_function('AccessCheckByTypeResultList', 'BOOL',[
674
928
  ["PBLOB","pSecurityDescriptor","in"],
675
929
  ["LPVOID","PrincipalSelfSid","in"],
676
930
  ["DWORD","ClientToken","in"],
@@ -684,7 +938,7 @@ class Def_advapi32
684
938
  ["PDWORD","AccessStatusList","out"],
685
939
  ])
686
940
 
687
- railgun.add_function( 'advapi32', 'AccessCheckByTypeResultListAndAuditAlarmA', 'BOOL',[
941
+ dll.add_function('AccessCheckByTypeResultListAndAuditAlarmA', 'BOOL',[
688
942
  ["PCHAR","SubsystemName","in"],
689
943
  ["PBLOB","HandleId","in"],
690
944
  ["PCHAR","ObjectTypeName","in"],
@@ -703,7 +957,7 @@ class Def_advapi32
703
957
  ["PBLOB","pfGenerateOnClose","out"],
704
958
  ])
705
959
 
706
- railgun.add_function( 'advapi32', 'AccessCheckByTypeResultListAndAuditAlarmByHandleA', 'BOOL',[
960
+ dll.add_function('AccessCheckByTypeResultListAndAuditAlarmByHandleA', 'BOOL',[
707
961
  ["PCHAR","SubsystemName","in"],
708
962
  ["PBLOB","HandleId","in"],
709
963
  ["DWORD","ClientToken","in"],
@@ -723,7 +977,7 @@ class Def_advapi32
723
977
  ["PBLOB","pfGenerateOnClose","out"],
724
978
  ])
725
979
 
726
- railgun.add_function( 'advapi32', 'AccessCheckByTypeResultListAndAuditAlarmByHandleW', 'BOOL',[
980
+ dll.add_function('AccessCheckByTypeResultListAndAuditAlarmByHandleW', 'BOOL',[
727
981
  ["PWCHAR","SubsystemName","in"],
728
982
  ["PBLOB","HandleId","in"],
729
983
  ["DWORD","ClientToken","in"],
@@ -743,7 +997,7 @@ class Def_advapi32
743
997
  ["PBLOB","pfGenerateOnClose","out"],
744
998
  ])
745
999
 
746
- railgun.add_function( 'advapi32', 'AccessCheckByTypeResultListAndAuditAlarmW', 'BOOL',[
1000
+ dll.add_function('AccessCheckByTypeResultListAndAuditAlarmW', 'BOOL',[
747
1001
  ["PWCHAR","SubsystemName","in"],
748
1002
  ["PBLOB","HandleId","in"],
749
1003
  ["PWCHAR","ObjectTypeName","in"],
@@ -762,14 +1016,14 @@ class Def_advapi32
762
1016
  ["PBLOB","pfGenerateOnClose","out"],
763
1017
  ])
764
1018
 
765
- railgun.add_function( 'advapi32', 'AddAccessAllowedAce', 'BOOL',[
1019
+ dll.add_function('AddAccessAllowedAce', 'BOOL',[
766
1020
  ["PBLOB","pAcl","inout"],
767
1021
  ["DWORD","dwAceRevision","in"],
768
1022
  ["DWORD","AccessMask","in"],
769
1023
  ["LPVOID","pSid","in"],
770
1024
  ])
771
1025
 
772
- railgun.add_function( 'advapi32', 'AddAccessAllowedAceEx', 'BOOL',[
1026
+ dll.add_function('AddAccessAllowedAceEx', 'BOOL',[
773
1027
  ["PBLOB","pAcl","inout"],
774
1028
  ["DWORD","dwAceRevision","in"],
775
1029
  ["DWORD","AceFlags","in"],
@@ -777,7 +1031,7 @@ class Def_advapi32
777
1031
  ["LPVOID","pSid","in"],
778
1032
  ])
779
1033
 
780
- railgun.add_function( 'advapi32', 'AddAccessAllowedObjectAce', 'BOOL',[
1034
+ dll.add_function('AddAccessAllowedObjectAce', 'BOOL',[
781
1035
  ["PBLOB","pAcl","inout"],
782
1036
  ["DWORD","dwAceRevision","in"],
783
1037
  ["DWORD","AceFlags","in"],
@@ -787,14 +1041,14 @@ class Def_advapi32
787
1041
  ["LPVOID","pSid","in"],
788
1042
  ])
789
1043
 
790
- railgun.add_function( 'advapi32', 'AddAccessDeniedAce', 'BOOL',[
1044
+ dll.add_function('AddAccessDeniedAce', 'BOOL',[
791
1045
  ["PBLOB","pAcl","inout"],
792
1046
  ["DWORD","dwAceRevision","in"],
793
1047
  ["DWORD","AccessMask","in"],
794
1048
  ["LPVOID","pSid","in"],
795
1049
  ])
796
1050
 
797
- railgun.add_function( 'advapi32', 'AddAccessDeniedAceEx', 'BOOL',[
1051
+ dll.add_function('AddAccessDeniedAceEx', 'BOOL',[
798
1052
  ["PBLOB","pAcl","inout"],
799
1053
  ["DWORD","dwAceRevision","in"],
800
1054
  ["DWORD","AceFlags","in"],
@@ -802,7 +1056,7 @@ class Def_advapi32
802
1056
  ["LPVOID","pSid","in"],
803
1057
  ])
804
1058
 
805
- railgun.add_function( 'advapi32', 'AddAccessDeniedObjectAce', 'BOOL',[
1059
+ dll.add_function('AddAccessDeniedObjectAce', 'BOOL',[
806
1060
  ["PBLOB","pAcl","inout"],
807
1061
  ["DWORD","dwAceRevision","in"],
808
1062
  ["DWORD","AceFlags","in"],
@@ -812,7 +1066,7 @@ class Def_advapi32
812
1066
  ["LPVOID","pSid","in"],
813
1067
  ])
814
1068
 
815
- railgun.add_function( 'advapi32', 'AddAce', 'BOOL',[
1069
+ dll.add_function('AddAce', 'BOOL',[
816
1070
  ["PBLOB","pAcl","inout"],
817
1071
  ["DWORD","dwAceRevision","in"],
818
1072
  ["DWORD","dwStartingAceIndex","in"],
@@ -820,7 +1074,7 @@ class Def_advapi32
820
1074
  ["DWORD","nAceListLength","in"],
821
1075
  ])
822
1076
 
823
- railgun.add_function( 'advapi32', 'AddAuditAccessAce', 'BOOL',[
1077
+ dll.add_function('AddAuditAccessAce', 'BOOL',[
824
1078
  ["PBLOB","pAcl","inout"],
825
1079
  ["DWORD","dwAceRevision","in"],
826
1080
  ["DWORD","dwAccessMask","in"],
@@ -829,7 +1083,7 @@ class Def_advapi32
829
1083
  ["BOOL","bAuditFailure","in"],
830
1084
  ])
831
1085
 
832
- railgun.add_function( 'advapi32', 'AddAuditAccessAceEx', 'BOOL',[
1086
+ dll.add_function('AddAuditAccessAceEx', 'BOOL',[
833
1087
  ["PBLOB","pAcl","inout"],
834
1088
  ["DWORD","dwAceRevision","in"],
835
1089
  ["DWORD","AceFlags","in"],
@@ -839,7 +1093,7 @@ class Def_advapi32
839
1093
  ["BOOL","bAuditFailure","in"],
840
1094
  ])
841
1095
 
842
- railgun.add_function( 'advapi32', 'AddAuditAccessObjectAce', 'BOOL',[
1096
+ dll.add_function('AddAuditAccessObjectAce', 'BOOL',[
843
1097
  ["PBLOB","pAcl","inout"],
844
1098
  ["DWORD","dwAceRevision","in"],
845
1099
  ["DWORD","AceFlags","in"],
@@ -851,7 +1105,7 @@ class Def_advapi32
851
1105
  ["BOOL","bAuditFailure","in"],
852
1106
  ])
853
1107
 
854
- railgun.add_function( 'advapi32', 'AdjustTokenGroups', 'BOOL',[
1108
+ dll.add_function('AdjustTokenGroups', 'BOOL',[
855
1109
  ["DWORD","TokenHandle","in"],
856
1110
  ["BOOL","ResetToDefault","in"],
857
1111
  ["PBLOB","NewState","in"],
@@ -860,7 +1114,7 @@ class Def_advapi32
860
1114
  ["PDWORD","ReturnLength","out"],
861
1115
  ])
862
1116
 
863
- railgun.add_function( 'advapi32', 'AdjustTokenPrivileges', 'BOOL',[
1117
+ dll.add_function('AdjustTokenPrivileges', 'BOOL',[
864
1118
  ["DWORD","TokenHandle","in"],
865
1119
  ["BOOL","DisableAllPrivileges","in"],
866
1120
  ["PBLOB","NewState","in"],
@@ -869,7 +1123,7 @@ class Def_advapi32
869
1123
  ["PDWORD","ReturnLength","out"],
870
1124
  ])
871
1125
 
872
- railgun.add_function( 'advapi32', 'AllocateAndInitializeSid', 'BOOL',[
1126
+ dll.add_function('AllocateAndInitializeSid', 'BOOL',[
873
1127
  ["PBLOB","pIdentifierAuthority","in"],
874
1128
  ["BYTE","nSubAuthorityCount","in"],
875
1129
  ["DWORD","nSubAuthority0","in"],
@@ -883,55 +1137,55 @@ class Def_advapi32
883
1137
  ["PDWORD","pSid","out"],
884
1138
  ])
885
1139
 
886
- railgun.add_function( 'advapi32', 'AllocateLocallyUniqueId', 'BOOL',[
1140
+ dll.add_function('AllocateLocallyUniqueId', 'BOOL',[
887
1141
  ["PBLOB","Luid","out"],
888
1142
  ])
889
1143
 
890
- railgun.add_function( 'advapi32', 'AreAllAccessesGranted', 'BOOL',[
1144
+ dll.add_function('AreAllAccessesGranted', 'BOOL',[
891
1145
  ["DWORD","GrantedAccess","in"],
892
1146
  ["DWORD","DesiredAccess","in"],
893
1147
  ])
894
1148
 
895
- railgun.add_function( 'advapi32', 'AreAnyAccessesGranted', 'BOOL',[
1149
+ dll.add_function('AreAnyAccessesGranted', 'BOOL',[
896
1150
  ["DWORD","GrantedAccess","in"],
897
1151
  ["DWORD","DesiredAccess","in"],
898
1152
  ])
899
1153
 
900
- railgun.add_function( 'advapi32', 'BackupEventLogA', 'BOOL',[
1154
+ dll.add_function('BackupEventLogA', 'BOOL',[
901
1155
  ["DWORD","hEventLog","in"],
902
1156
  ["PCHAR","lpBackupFileName","in"],
903
1157
  ])
904
1158
 
905
- railgun.add_function( 'advapi32', 'BackupEventLogW', 'BOOL',[
1159
+ dll.add_function('BackupEventLogW', 'BOOL',[
906
1160
  ["DWORD","hEventLog","in"],
907
1161
  ["PWCHAR","lpBackupFileName","in"],
908
1162
  ])
909
1163
 
910
- railgun.add_function( 'advapi32', 'CheckTokenMembership', 'BOOL',[
1164
+ dll.add_function('CheckTokenMembership', 'BOOL',[
911
1165
  ["DWORD","TokenHandle","in"],
912
1166
  ["PBLOB","SidToCheck","in"],
913
1167
  ["PBLOB","IsMember","out"],
914
1168
  ])
915
1169
 
916
- railgun.add_function( 'advapi32', 'ClearEventLogA', 'BOOL',[
1170
+ dll.add_function('ClearEventLogA', 'BOOL',[
917
1171
  ["DWORD","hEventLog","in"],
918
1172
  ["PCHAR","lpBackupFileName","in"],
919
1173
  ])
920
1174
 
921
- railgun.add_function( 'advapi32', 'ClearEventLogW', 'BOOL',[
1175
+ dll.add_function('ClearEventLogW', 'BOOL',[
922
1176
  ["DWORD","hEventLog","in"],
923
1177
  ["PWCHAR","lpBackupFileName","in"],
924
1178
  ])
925
1179
 
926
- railgun.add_function( 'advapi32', 'CloseEncryptedFileRaw', 'VOID',[
1180
+ dll.add_function('CloseEncryptedFileRaw', 'VOID',[
927
1181
  ["PBLOB","pvContext","in"],
928
1182
  ])
929
1183
 
930
- railgun.add_function( 'advapi32', 'CloseEventLog', 'BOOL',[
1184
+ dll.add_function('CloseEventLog', 'BOOL',[
931
1185
  ["DWORD","hEventLog","in"],
932
1186
  ])
933
1187
 
934
- railgun.add_function( 'advapi32', 'ConvertToAutoInheritPrivateObjectSecurity', 'BOOL',[
1188
+ dll.add_function('ConvertToAutoInheritPrivateObjectSecurity', 'BOOL',[
935
1189
  ["PBLOB","ParentDescriptor","in"],
936
1190
  ["PBLOB","CurrentSecurityDescriptor","in"],
937
1191
  ["PBLOB","NewSecurityDescriptor","out"],
@@ -940,23 +1194,23 @@ class Def_advapi32
940
1194
  ["PBLOB","GenericMapping","in"],
941
1195
  ])
942
1196
 
943
- railgun.add_function( 'advapi32', 'ConvertStringSidToSidA', 'BOOL',[
1197
+ dll.add_function('ConvertStringSidToSidA', 'BOOL',[
944
1198
  ["PCHAR","StringSid","in"],
945
1199
  ["PDWORD","pSid","out"],
946
1200
  ])
947
1201
 
948
- railgun.add_function( 'advapi32', 'ConvertStringSidToSidW', 'BOOL',[
1202
+ dll.add_function('ConvertStringSidToSidW', 'BOOL',[
949
1203
  ["PWCHAR","StringSid","in"],
950
1204
  ["PDWORD","pSid","out"],
951
1205
  ])
952
1206
 
953
- railgun.add_function( 'advapi32', 'CopySid', 'BOOL',[
1207
+ dll.add_function('CopySid', 'BOOL',[
954
1208
  ["DWORD","nDestinationSidLength","in"],
955
1209
  ["PBLOB","pDestinationSid","out"],
956
1210
  ["LPVOID","pSourceSid","in"],
957
1211
  ])
958
1212
 
959
- railgun.add_function( 'advapi32', 'CreatePrivateObjectSecurity', 'BOOL',[
1213
+ dll.add_function('CreatePrivateObjectSecurity', 'BOOL',[
960
1214
  ["PBLOB","ParentDescriptor","in"],
961
1215
  ["PBLOB","CreatorDescriptor","in"],
962
1216
  ["PBLOB","NewDescriptor","out"],
@@ -965,7 +1219,7 @@ class Def_advapi32
965
1219
  ["PBLOB","GenericMapping","in"],
966
1220
  ])
967
1221
 
968
- railgun.add_function( 'advapi32', 'CreatePrivateObjectSecurityEx', 'BOOL',[
1222
+ dll.add_function('CreatePrivateObjectSecurityEx', 'BOOL',[
969
1223
  ["PBLOB","ParentDescriptor","in"],
970
1224
  ["PBLOB","CreatorDescriptor","in"],
971
1225
  ["PBLOB","NewDescriptor","out"],
@@ -976,7 +1230,7 @@ class Def_advapi32
976
1230
  ["PBLOB","GenericMapping","in"],
977
1231
  ])
978
1232
 
979
- railgun.add_function( 'advapi32', 'CreatePrivateObjectSecurityWithMultipleInheritance', 'BOOL',[
1233
+ dll.add_function('CreatePrivateObjectSecurityWithMultipleInheritance', 'BOOL',[
980
1234
  ["PBLOB","ParentDescriptor","in"],
981
1235
  ["PBLOB","CreatorDescriptor","in"],
982
1236
  ["PBLOB","NewDescriptor","out"],
@@ -988,7 +1242,7 @@ class Def_advapi32
988
1242
  ["PBLOB","GenericMapping","in"],
989
1243
  ])
990
1244
 
991
- railgun.add_function( 'advapi32', 'CreateProcessAsUserA', 'BOOL',[
1245
+ dll.add_function('CreateProcessAsUserA', 'BOOL',[
992
1246
  ["DWORD","hToken","in"],
993
1247
  ["PCHAR","lpApplicationName","in"],
994
1248
  ["PCHAR","lpCommandLine","inout"],
@@ -1002,7 +1256,7 @@ class Def_advapi32
1002
1256
  ["PBLOB","lpProcessInformation","out"],
1003
1257
  ])
1004
1258
 
1005
- railgun.add_function( 'advapi32', 'CreateProcessAsUserW', 'BOOL',[
1259
+ dll.add_function('CreateProcessAsUserW', 'BOOL',[
1006
1260
  ["DWORD","hToken","in"],
1007
1261
  ["PWCHAR","lpApplicationName","in"],
1008
1262
  ["PWCHAR","lpCommandLine","inout"],
@@ -1016,7 +1270,7 @@ class Def_advapi32
1016
1270
  ["PBLOB","lpProcessInformation","out"],
1017
1271
  ])
1018
1272
 
1019
- railgun.add_function( 'advapi32', 'CreateProcessWithLogonW', 'BOOL',[
1273
+ dll.add_function('CreateProcessWithLogonW', 'BOOL',[
1020
1274
  ["PWCHAR","lpUsername","in"],
1021
1275
  ["PWCHAR","lpDomain","in"],
1022
1276
  ["PWCHAR","lpPassword","in"],
@@ -1030,7 +1284,7 @@ class Def_advapi32
1030
1284
  ["PBLOB","lpProcessInformation","out"],
1031
1285
  ])
1032
1286
 
1033
- railgun.add_function( 'advapi32', 'CreateProcessWithTokenW', 'BOOL',[
1287
+ dll.add_function('CreateProcessWithTokenW', 'BOOL',[
1034
1288
  ["DWORD","hToken","in"],
1035
1289
  ["DWORD","dwLogonFlags","in"],
1036
1290
  ["PWCHAR","lpApplicationName","in"],
@@ -1042,7 +1296,7 @@ class Def_advapi32
1042
1296
  ["PBLOB","lpProcessInformation","out"],
1043
1297
  ])
1044
1298
 
1045
- railgun.add_function( 'advapi32', 'CreateRestrictedToken', 'BOOL',[
1299
+ dll.add_function('CreateRestrictedToken', 'BOOL',[
1046
1300
  ["DWORD","ExistingTokenHandle","in"],
1047
1301
  ["DWORD","Flags","in"],
1048
1302
  ["DWORD","DisableSidCount","in"],
@@ -1054,43 +1308,43 @@ class Def_advapi32
1054
1308
  ["PDWORD","NewTokenHandle","out"],
1055
1309
  ])
1056
1310
 
1057
- railgun.add_function( 'advapi32', 'CreateWellKnownSid', 'BOOL',[
1311
+ dll.add_function('CreateWellKnownSid', 'BOOL',[
1058
1312
  ["DWORD","WellKnownSidType","in"],
1059
1313
  ["PBLOB","DomainSid","in"],
1060
1314
  ["PBLOB","pSid","out"],
1061
1315
  ["PDWORD","cbSid","inout"],
1062
1316
  ])
1063
1317
 
1064
- railgun.add_function( 'advapi32', 'DecryptFileA', 'BOOL',[
1318
+ dll.add_function('DecryptFileA', 'BOOL',[
1065
1319
  ["PCHAR","lpFileName","in"],
1066
1320
  ["DWORD","dwReserved","inout"],
1067
1321
  ])
1068
1322
 
1069
- railgun.add_function( 'advapi32', 'DecryptFileW', 'BOOL',[
1323
+ dll.add_function('DecryptFileW', 'BOOL',[
1070
1324
  ["PWCHAR","lpFileName","in"],
1071
1325
  ["DWORD","dwReserved","inout"],
1072
1326
  ])
1073
1327
 
1074
- railgun.add_function( 'advapi32', 'DeleteAce', 'BOOL',[
1328
+ dll.add_function('DeleteAce', 'BOOL',[
1075
1329
  ["PBLOB","pAcl","inout"],
1076
1330
  ["DWORD","dwAceIndex","in"],
1077
1331
  ])
1078
1332
 
1079
- railgun.add_function( 'advapi32', 'DeregisterEventSource', 'BOOL',[
1333
+ dll.add_function('DeregisterEventSource', 'BOOL',[
1080
1334
  ["DWORD","hEventLog","in"],
1081
1335
  ])
1082
1336
 
1083
- railgun.add_function( 'advapi32', 'DestroyPrivateObjectSecurity', 'BOOL',[
1337
+ dll.add_function('DestroyPrivateObjectSecurity', 'BOOL',[
1084
1338
  ["PBLOB","ObjectDescriptor","in"],
1085
1339
  ])
1086
1340
 
1087
- railgun.add_function( 'advapi32', 'DuplicateToken', 'BOOL',[
1341
+ dll.add_function('DuplicateToken', 'BOOL',[
1088
1342
  ["DWORD","ExistingTokenHandle","in"],
1089
1343
  ["DWORD","ImpersonationLevel","in"],
1090
1344
  ["PDWORD","DuplicateTokenHandle","out"],
1091
1345
  ])
1092
1346
 
1093
- railgun.add_function( 'advapi32', 'DuplicateTokenEx', 'BOOL',[
1347
+ dll.add_function('DuplicateTokenEx', 'BOOL',[
1094
1348
  ["DWORD","hExistingToken","in"],
1095
1349
  ["DWORD","dwDesiredAccess","in"],
1096
1350
  ["PBLOB","lpTokenAttributes","in"],
@@ -1099,71 +1353,71 @@ class Def_advapi32
1099
1353
  ["PDWORD","phNewToken","out"],
1100
1354
  ])
1101
1355
 
1102
- railgun.add_function( 'advapi32', 'EncryptFileA', 'BOOL',[
1356
+ dll.add_function('EncryptFileA', 'BOOL',[
1103
1357
  ["PCHAR","lpFileName","in"],
1104
1358
  ])
1105
1359
 
1106
- railgun.add_function( 'advapi32', 'EncryptFileW', 'BOOL',[
1360
+ dll.add_function('EncryptFileW', 'BOOL',[
1107
1361
  ["PWCHAR","lpFileName","in"],
1108
1362
  ])
1109
1363
 
1110
- railgun.add_function( 'advapi32', 'EqualDomainSid', 'BOOL',[
1364
+ dll.add_function('EqualDomainSid', 'BOOL',[
1111
1365
  ["LPVOID","pSid1","in"],
1112
1366
  ["LPVOID","pSid2","in"],
1113
1367
  ["PBLOB","pfEqual","out"],
1114
1368
  ])
1115
1369
 
1116
- railgun.add_function( 'advapi32', 'EqualPrefixSid', 'BOOL',[
1370
+ dll.add_function('EqualPrefixSid', 'BOOL',[
1117
1371
  ["LPVOID","pSid1","in"],
1118
1372
  ["LPVOID","pSid2","in"],
1119
1373
  ])
1120
1374
 
1121
- railgun.add_function( 'advapi32', 'EqualSid', 'BOOL',[
1375
+ dll.add_function('EqualSid', 'BOOL',[
1122
1376
  ["LPVOID","pSid1","in"],
1123
1377
  ["LPVOID","pSid2","in"],
1124
1378
  ])
1125
1379
 
1126
- railgun.add_function( 'advapi32', 'FileEncryptionStatusA', 'BOOL',[
1380
+ dll.add_function('FileEncryptionStatusA', 'BOOL',[
1127
1381
  ["PCHAR","lpFileName","in"],
1128
1382
  ["PDWORD","lpStatus","out"],
1129
1383
  ])
1130
1384
 
1131
- railgun.add_function( 'advapi32', 'FileEncryptionStatusW', 'BOOL',[
1385
+ dll.add_function('FileEncryptionStatusW', 'BOOL',[
1132
1386
  ["PWCHAR","lpFileName","in"],
1133
1387
  ["PDWORD","lpStatus","out"],
1134
1388
  ])
1135
1389
 
1136
- railgun.add_function( 'advapi32', 'FindFirstFreeAce', 'BOOL',[
1390
+ dll.add_function('FindFirstFreeAce', 'BOOL',[
1137
1391
  ["PBLOB","pAcl","in"],
1138
1392
  ["PBLOB","pAce","out"],
1139
1393
  ])
1140
1394
 
1141
- railgun.add_function( 'advapi32', 'FreeSid', 'LPVOID',[
1395
+ dll.add_function('FreeSid', 'LPVOID',[
1142
1396
  ["LPVOID","pSid","in"],
1143
1397
  ])
1144
1398
 
1145
- railgun.add_function( 'advapi32', 'GetAce', 'BOOL',[
1399
+ dll.add_function('GetAce', 'BOOL',[
1146
1400
  ["PBLOB","pAcl","in"],
1147
1401
  ["DWORD","dwAceIndex","in"],
1148
1402
  ["PBLOB","pAce","out"],
1149
1403
  ])
1150
1404
 
1151
- railgun.add_function( 'advapi32', 'GetAclInformation', 'BOOL',[
1405
+ dll.add_function('GetAclInformation', 'BOOL',[
1152
1406
  ["PBLOB","pAcl","in"],
1153
1407
  ["PBLOB","pAclInformation","out"],
1154
1408
  ["DWORD","nAclInformationLength","in"],
1155
1409
  ["DWORD","dwAclInformationClass","in"],
1156
1410
  ])
1157
1411
 
1158
- railgun.add_function( 'advapi32', 'GetCurrentHwProfileA', 'BOOL',[
1412
+ dll.add_function('GetCurrentHwProfileA', 'BOOL',[
1159
1413
  ["PBLOB","lpHwProfileInfo","out"],
1160
1414
  ])
1161
1415
 
1162
- railgun.add_function( 'advapi32', 'GetCurrentHwProfileW', 'BOOL',[
1416
+ dll.add_function('GetCurrentHwProfileW', 'BOOL',[
1163
1417
  ["PBLOB","lpHwProfileInfo","out"],
1164
1418
  ])
1165
1419
 
1166
- railgun.add_function( 'advapi32', 'GetEventLogInformation', 'BOOL',[
1420
+ dll.add_function('GetEventLogInformation', 'BOOL',[
1167
1421
  ["DWORD","hEventLog","in"],
1168
1422
  ["DWORD","dwInfoLevel","in"],
1169
1423
  ["PBLOB","lpBuffer","out"],
@@ -1171,23 +1425,23 @@ class Def_advapi32
1171
1425
  ["PDWORD","pcbBytesNeeded","out"],
1172
1426
  ])
1173
1427
 
1174
- railgun.add_function( 'advapi32', 'GetFileSecurityA', 'BOOL',[
1428
+ dll.add_function('GetFileSecurityA', 'BOOL',[
1175
1429
  ["PCHAR","lpFileName","in"],
1176
- ["PBLOB","RequestedInformation","in"],
1430
+ ["DWORD","RequestedInformation","in"],
1177
1431
  ["PBLOB","pSecurityDescriptor","out"],
1178
1432
  ["DWORD","nLength","in"],
1179
1433
  ["PDWORD","lpnLengthNeeded","out"],
1180
1434
  ])
1181
1435
 
1182
- railgun.add_function( 'advapi32', 'GetFileSecurityW', 'BOOL',[
1436
+ dll.add_function('GetFileSecurityW', 'BOOL',[
1183
1437
  ["PWCHAR","lpFileName","in"],
1184
- ["PBLOB","RequestedInformation","in"],
1438
+ ["DWORD","RequestedInformation","in"],
1185
1439
  ["PBLOB","pSecurityDescriptor","out"],
1186
1440
  ["DWORD","nLength","in"],
1187
1441
  ["PDWORD","lpnLengthNeeded","out"],
1188
1442
  ])
1189
1443
 
1190
- railgun.add_function( 'advapi32', 'GetKernelObjectSecurity', 'BOOL',[
1444
+ dll.add_function('GetKernelObjectSecurity', 'BOOL',[
1191
1445
  ["DWORD","Handle","in"],
1192
1446
  ["PBLOB","RequestedInformation","in"],
1193
1447
  ["PBLOB","pSecurityDescriptor","out"],
@@ -1195,21 +1449,21 @@ class Def_advapi32
1195
1449
  ["PDWORD","lpnLengthNeeded","out"],
1196
1450
  ])
1197
1451
 
1198
- railgun.add_function( 'advapi32', 'GetLengthSid', 'DWORD',[
1452
+ dll.add_function('GetLengthSid', 'DWORD',[
1199
1453
  ["LPVOID","pSid","in"],
1200
1454
  ])
1201
1455
 
1202
- railgun.add_function( 'advapi32', 'GetNumberOfEventLogRecords', 'BOOL',[
1456
+ dll.add_function('GetNumberOfEventLogRecords', 'BOOL',[
1203
1457
  ["DWORD","hEventLog","in"],
1204
1458
  ["PDWORD","NumberOfRecords","out"],
1205
1459
  ])
1206
1460
 
1207
- railgun.add_function( 'advapi32', 'GetOldestEventLogRecord', 'BOOL',[
1461
+ dll.add_function('GetOldestEventLogRecord', 'BOOL',[
1208
1462
  ["DWORD","hEventLog","in"],
1209
1463
  ["PDWORD","OldestRecord","out"],
1210
1464
  ])
1211
1465
 
1212
- railgun.add_function( 'advapi32', 'GetPrivateObjectSecurity', 'BOOL',[
1466
+ dll.add_function('GetPrivateObjectSecurity', 'BOOL',[
1213
1467
  ["PBLOB","ObjectDescriptor","in"],
1214
1468
  ["PBLOB","SecurityInformation","in"],
1215
1469
  ["PBLOB","ResultantDescriptor","out"],
@@ -1217,52 +1471,52 @@ class Def_advapi32
1217
1471
  ["PDWORD","ReturnLength","out"],
1218
1472
  ])
1219
1473
 
1220
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorControl', 'BOOL',[
1474
+ dll.add_function('GetSecurityDescriptorControl', 'BOOL',[
1221
1475
  ["PBLOB","pSecurityDescriptor","in"],
1222
1476
  ["PBLOB","pControl","out"],
1223
1477
  ["PDWORD","lpdwRevision","out"],
1224
1478
  ])
1225
1479
 
1226
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorDacl', 'BOOL',[
1480
+ dll.add_function('GetSecurityDescriptorDacl', 'BOOL',[
1227
1481
  ["PBLOB","pSecurityDescriptor","in"],
1228
1482
  ["PBLOB","lpbDaclPresent","out"],
1229
1483
  ["PBLOB","pDacl","out"],
1230
1484
  ["PBLOB","lpbDaclDefaulted","out"],
1231
1485
  ])
1232
1486
 
1233
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorGroup', 'BOOL',[
1487
+ dll.add_function('GetSecurityDescriptorGroup', 'BOOL',[
1234
1488
  ["PBLOB","pSecurityDescriptor","in"],
1235
1489
  ["PBLOB","pGroup","out"],
1236
1490
  ["PBLOB","lpbGroupDefaulted","out"],
1237
1491
  ])
1238
1492
 
1239
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorLength', 'DWORD',[
1493
+ dll.add_function('GetSecurityDescriptorLength', 'DWORD',[
1240
1494
  ["PBLOB","pSecurityDescriptor","in"],
1241
1495
  ])
1242
1496
 
1243
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorOwner', 'BOOL',[
1497
+ dll.add_function('GetSecurityDescriptorOwner', 'BOOL',[
1244
1498
  ["PBLOB","pSecurityDescriptor","in"],
1245
1499
  ["PBLOB","pOwner","out"],
1246
1500
  ["PBLOB","lpbOwnerDefaulted","out"],
1247
1501
  ])
1248
1502
 
1249
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorRMControl', 'DWORD',[
1503
+ dll.add_function('GetSecurityDescriptorRMControl', 'DWORD',[
1250
1504
  ["PBLOB","SecurityDescriptor","in"],
1251
1505
  ["PBLOB","RMControl","out"],
1252
1506
  ])
1253
1507
 
1254
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorSacl', 'BOOL',[
1508
+ dll.add_function('GetSecurityDescriptorSacl', 'BOOL',[
1255
1509
  ["PBLOB","pSecurityDescriptor","in"],
1256
1510
  ["PBLOB","lpbSaclPresent","out"],
1257
1511
  ["PBLOB","pSacl","out"],
1258
1512
  ["PBLOB","lpbSaclDefaulted","out"],
1259
1513
  ])
1260
1514
 
1261
- railgun.add_function( 'advapi32', 'GetSidLengthRequired', 'DWORD',[
1515
+ dll.add_function('GetSidLengthRequired', 'DWORD',[
1262
1516
  ["BYTE","nSubAuthorityCount","in"],
1263
1517
  ])
1264
1518
 
1265
- railgun.add_function( 'advapi32', 'GetTokenInformation', 'BOOL',[
1519
+ dll.add_function('GetTokenInformation', 'BOOL',[
1266
1520
  ["DWORD","TokenHandle","in"],
1267
1521
  ["DWORD","TokenInformationClass","in"],
1268
1522
  ["PBLOB","TokenInformation","out"],
@@ -1270,86 +1524,86 @@ class Def_advapi32
1270
1524
  ["PDWORD","ReturnLength","out"],
1271
1525
  ])
1272
1526
 
1273
- railgun.add_function( 'advapi32', 'GetUserNameA', 'BOOL',[
1527
+ dll.add_function('GetUserNameA', 'BOOL',[
1274
1528
  ["PCHAR","lpBuffer","out"],
1275
1529
  ["PDWORD","pcbBuffer","inout"],
1276
1530
  ])
1277
1531
 
1278
- railgun.add_function( 'advapi32', 'GetUserNameW', 'BOOL',[
1532
+ dll.add_function('GetUserNameW', 'BOOL',[
1279
1533
  ["PWCHAR","lpBuffer","out"],
1280
1534
  ["PDWORD","pcbBuffer","inout"],
1281
1535
  ])
1282
1536
 
1283
- railgun.add_function( 'advapi32', 'GetWindowsAccountDomainSid', 'BOOL',[
1537
+ dll.add_function('GetWindowsAccountDomainSid', 'BOOL',[
1284
1538
  ["LPVOID","pSid","in"],
1285
1539
  ["PBLOB","pDomainSid","out"],
1286
1540
  ["PDWORD","cbDomainSid","inout"],
1287
1541
  ])
1288
1542
 
1289
- railgun.add_function( 'advapi32', 'ImpersonateAnonymousToken', 'BOOL',[
1543
+ dll.add_function('ImpersonateAnonymousToken', 'BOOL',[
1290
1544
  ["DWORD","ThreadHandle","in"],
1291
1545
  ])
1292
1546
 
1293
- railgun.add_function( 'advapi32', 'ImpersonateLoggedOnUser', 'BOOL',[
1547
+ dll.add_function('ImpersonateLoggedOnUser', 'BOOL',[
1294
1548
  ["DWORD","hToken","in"],
1295
1549
  ])
1296
1550
 
1297
- railgun.add_function( 'advapi32', 'ImpersonateNamedPipeClient', 'BOOL',[
1551
+ dll.add_function('ImpersonateNamedPipeClient', 'BOOL',[
1298
1552
  ["DWORD","hNamedPipe","in"],
1299
1553
  ])
1300
1554
 
1301
- railgun.add_function( 'advapi32', 'ImpersonateSelf', 'BOOL',[
1555
+ dll.add_function('ImpersonateSelf', 'BOOL',[
1302
1556
  ["DWORD","ImpersonationLevel","in"],
1303
1557
  ])
1304
1558
 
1305
- railgun.add_function( 'advapi32', 'InitializeAcl', 'BOOL',[
1559
+ dll.add_function('InitializeAcl', 'BOOL',[
1306
1560
  ["PBLOB","pAcl","out"],
1307
1561
  ["DWORD","nAclLength","in"],
1308
1562
  ["DWORD","dwAclRevision","in"],
1309
1563
  ])
1310
1564
 
1311
- railgun.add_function( 'advapi32', 'InitializeSecurityDescriptor', 'BOOL',[
1565
+ dll.add_function('InitializeSecurityDescriptor', 'BOOL',[
1312
1566
  ["PBLOB","pSecurityDescriptor","out"],
1313
1567
  ["DWORD","dwRevision","in"],
1314
1568
  ])
1315
1569
 
1316
- railgun.add_function( 'advapi32', 'InitializeSid', 'BOOL',[
1570
+ dll.add_function('InitializeSid', 'BOOL',[
1317
1571
  ["PBLOB","Sid","out"],
1318
1572
  ["PBLOB","pIdentifierAuthority","in"],
1319
1573
  ["BYTE","nSubAuthorityCount","in"],
1320
1574
  ])
1321
1575
 
1322
- railgun.add_function( 'advapi32', 'IsTextUnicode', 'BOOL',[
1576
+ dll.add_function('IsTextUnicode', 'BOOL',[
1323
1577
  ["DWORD","iSize","in"],
1324
1578
  ["PDWORD","lpiResult","inout"],
1325
1579
  ])
1326
1580
 
1327
- railgun.add_function( 'advapi32', 'IsTokenRestricted', 'BOOL',[
1581
+ dll.add_function('IsTokenRestricted', 'BOOL',[
1328
1582
  ["DWORD","TokenHandle","in"],
1329
1583
  ])
1330
1584
 
1331
- railgun.add_function( 'advapi32', 'IsTokenUntrusted', 'BOOL',[
1585
+ dll.add_function('IsTokenUntrusted', 'BOOL',[
1332
1586
  ["DWORD","TokenHandle","in"],
1333
1587
  ])
1334
1588
 
1335
- railgun.add_function( 'advapi32', 'IsValidAcl', 'BOOL',[
1589
+ dll.add_function('IsValidAcl', 'BOOL',[
1336
1590
  ["PBLOB","pAcl","in"],
1337
1591
  ])
1338
1592
 
1339
- railgun.add_function( 'advapi32', 'IsValidSecurityDescriptor', 'BOOL',[
1593
+ dll.add_function('IsValidSecurityDescriptor', 'BOOL',[
1340
1594
  ["PBLOB","pSecurityDescriptor","in"],
1341
1595
  ])
1342
1596
 
1343
- railgun.add_function( 'advapi32', 'IsValidSid', 'BOOL',[
1597
+ dll.add_function('IsValidSid', 'BOOL',[
1344
1598
  ["LPVOID","pSid","in"],
1345
1599
  ])
1346
1600
 
1347
- railgun.add_function( 'advapi32', 'IsWellKnownSid', 'BOOL',[
1601
+ dll.add_function('IsWellKnownSid', 'BOOL',[
1348
1602
  ["LPVOID","pSid","in"],
1349
1603
  ["DWORD","WellKnownSidType","in"],
1350
1604
  ])
1351
1605
 
1352
- railgun.add_function( 'advapi32', 'LogonUserA', 'BOOL',[
1606
+ dll.add_function('LogonUserA', 'BOOL',[
1353
1607
  ["PCHAR","lpszUsername","in"],
1354
1608
  ["PCHAR","lpszDomain","in"],
1355
1609
  ["PCHAR","lpszPassword","in"],
@@ -1358,7 +1612,7 @@ class Def_advapi32
1358
1612
  ["PDWORD","phToken","out"],
1359
1613
  ])
1360
1614
 
1361
- railgun.add_function( 'advapi32', 'LogonUserExA', 'BOOL',[
1615
+ dll.add_function('LogonUserExA', 'BOOL',[
1362
1616
  ["PCHAR","lpszUsername","in"],
1363
1617
  ["PCHAR","lpszDomain","in"],
1364
1618
  ["PCHAR","lpszPassword","in"],
@@ -1371,7 +1625,7 @@ class Def_advapi32
1371
1625
  ["PBLOB","pQuotaLimits","out"],
1372
1626
  ])
1373
1627
 
1374
- railgun.add_function( 'advapi32', 'LogonUserExW', 'BOOL',[
1628
+ dll.add_function('LogonUserExW', 'BOOL',[
1375
1629
  ["PWCHAR","lpszUsername","in"],
1376
1630
  ["PWCHAR","lpszDomain","in"],
1377
1631
  ["PWCHAR","lpszPassword","in"],
@@ -1384,7 +1638,7 @@ class Def_advapi32
1384
1638
  ["PBLOB","pQuotaLimits","out"],
1385
1639
  ])
1386
1640
 
1387
- railgun.add_function( 'advapi32', 'LogonUserW', 'BOOL',[
1641
+ dll.add_function('LogonUserW', 'BOOL',[
1388
1642
  ["PWCHAR","lpszUsername","in"],
1389
1643
  ["PWCHAR","lpszDomain","in"],
1390
1644
  ["PWCHAR","lpszPassword","in"],
@@ -1393,7 +1647,7 @@ class Def_advapi32
1393
1647
  ["PDWORD","phToken","out"],
1394
1648
  ])
1395
1649
 
1396
- railgun.add_function( 'advapi32', 'LookupAccountNameA', 'BOOL',[
1650
+ dll.add_function('LookupAccountNameA', 'BOOL',[
1397
1651
  ["PCHAR","lpSystemName","in"],
1398
1652
  ["PCHAR","lpAccountName","in"],
1399
1653
  ["PBLOB","Sid","out"],
@@ -1403,7 +1657,7 @@ class Def_advapi32
1403
1657
  ["PBLOB","peUse","out"],
1404
1658
  ])
1405
1659
 
1406
- railgun.add_function( 'advapi32', 'LookupAccountNameW', 'BOOL',[
1660
+ dll.add_function('LookupAccountNameW', 'BOOL',[
1407
1661
  ["PWCHAR","lpSystemName","in"],
1408
1662
  ["PWCHAR","lpAccountName","in"],
1409
1663
  ["PBLOB","Sid","out"],
@@ -1413,7 +1667,7 @@ class Def_advapi32
1413
1667
  ["PBLOB","peUse","out"],
1414
1668
  ])
1415
1669
 
1416
- railgun.add_function( 'advapi32', 'LookupAccountSidA', 'BOOL',[
1670
+ dll.add_function('LookupAccountSidA', 'BOOL',[
1417
1671
  ["PCHAR","lpSystemName","in"],
1418
1672
  ["LPVOID","Sid","in"],
1419
1673
  ["PCHAR","Name","out"],
@@ -1423,7 +1677,7 @@ class Def_advapi32
1423
1677
  ["PBLOB","peUse","out"],
1424
1678
  ])
1425
1679
 
1426
- railgun.add_function( 'advapi32', 'LookupAccountSidW', 'BOOL',[
1680
+ dll.add_function('LookupAccountSidW', 'BOOL',[
1427
1681
  ["PWCHAR","lpSystemName","in"],
1428
1682
  ["LPVOID","Sid","in"],
1429
1683
  ["PWCHAR","Name","out"],
@@ -1433,7 +1687,7 @@ class Def_advapi32
1433
1687
  ["PBLOB","peUse","out"],
1434
1688
  ])
1435
1689
 
1436
- railgun.add_function( 'advapi32', 'LookupPrivilegeDisplayNameA', 'BOOL',[
1690
+ dll.add_function('LookupPrivilegeDisplayNameA', 'BOOL',[
1437
1691
  ["PCHAR","lpSystemName","in"],
1438
1692
  ["PCHAR","lpName","in"],
1439
1693
  ["PCHAR","lpDisplayName","out"],
@@ -1441,7 +1695,7 @@ class Def_advapi32
1441
1695
  ["PDWORD","lpLanguageId","out"],
1442
1696
  ])
1443
1697
 
1444
- railgun.add_function( 'advapi32', 'LookupPrivilegeDisplayNameW', 'BOOL',[
1698
+ dll.add_function('LookupPrivilegeDisplayNameW', 'BOOL',[
1445
1699
  ["PWCHAR","lpSystemName","in"],
1446
1700
  ["PWCHAR","lpName","in"],
1447
1701
  ["PWCHAR","lpDisplayName","out"],
@@ -1449,33 +1703,33 @@ class Def_advapi32
1449
1703
  ["PDWORD","lpLanguageId","out"],
1450
1704
  ])
1451
1705
 
1452
- railgun.add_function( 'advapi32', 'LookupPrivilegeNameA', 'BOOL',[
1706
+ dll.add_function('LookupPrivilegeNameA', 'BOOL',[
1453
1707
  ["PCHAR","lpSystemName","in"],
1454
1708
  ["PBLOB","lpLuid","in"],
1455
1709
  ["PCHAR","lpName","out"],
1456
1710
  ["PDWORD","cchName","inout"],
1457
1711
  ])
1458
1712
 
1459
- railgun.add_function( 'advapi32', 'LookupPrivilegeNameW', 'BOOL',[
1713
+ dll.add_function('LookupPrivilegeNameW', 'BOOL',[
1460
1714
  ["PWCHAR","lpSystemName","in"],
1461
1715
  ["PBLOB","lpLuid","in"],
1462
1716
  ["PWCHAR","lpName","out"],
1463
1717
  ["PDWORD","cchName","inout"],
1464
1718
  ])
1465
1719
 
1466
- railgun.add_function( 'advapi32', 'LookupPrivilegeValueA', 'BOOL',[
1720
+ dll.add_function('LookupPrivilegeValueA', 'BOOL',[
1467
1721
  ["PCHAR","lpSystemName","in"],
1468
1722
  ["PCHAR","lpName","in"],
1469
1723
  ["PBLOB","lpLuid","out"],
1470
1724
  ])
1471
1725
 
1472
- railgun.add_function( 'advapi32', 'LookupPrivilegeValueW', 'BOOL',[
1726
+ dll.add_function('LookupPrivilegeValueW', 'BOOL',[
1473
1727
  ["PWCHAR","lpSystemName","in"],
1474
1728
  ["PWCHAR","lpName","in"],
1475
1729
  ["PBLOB","lpLuid","out"],
1476
1730
  ])
1477
1731
 
1478
- railgun.add_function( 'advapi32', 'MakeAbsoluteSD', 'BOOL',[
1732
+ dll.add_function('MakeAbsoluteSD', 'BOOL',[
1479
1733
  ["PBLOB","pSelfRelativeSecurityDescriptor","in"],
1480
1734
  ["PBLOB","pAbsoluteSecurityDescriptor","out"],
1481
1735
  ["PDWORD","lpdwAbsoluteSecurityDescriptorSize","inout"],
@@ -1489,52 +1743,52 @@ class Def_advapi32
1489
1743
  ["PDWORD","lpdwPrimaryGroupSize","inout"],
1490
1744
  ])
1491
1745
 
1492
- railgun.add_function( 'advapi32', 'MakeAbsoluteSD2', 'BOOL',[
1746
+ dll.add_function('MakeAbsoluteSD2', 'BOOL',[
1493
1747
  ["PBLOB","pSelfRelativeSecurityDescriptor","inout"],
1494
1748
  ["PDWORD","lpdwBufferSize","inout"],
1495
1749
  ])
1496
1750
 
1497
- railgun.add_function( 'advapi32', 'MakeSelfRelativeSD', 'BOOL',[
1751
+ dll.add_function('MakeSelfRelativeSD', 'BOOL',[
1498
1752
  ["PBLOB","pAbsoluteSecurityDescriptor","in"],
1499
1753
  ["PBLOB","pSelfRelativeSecurityDescriptor","out"],
1500
1754
  ["PDWORD","lpdwBufferLength","inout"],
1501
1755
  ])
1502
1756
 
1503
- railgun.add_function( 'advapi32', 'MapGenericMask', 'VOID',[
1757
+ dll.add_function('MapGenericMask', 'VOID',[
1504
1758
  ["PDWORD","AccessMask","inout"],
1505
1759
  ["PBLOB","GenericMapping","in"],
1506
1760
  ])
1507
1761
 
1508
- railgun.add_function( 'advapi32', 'NotifyChangeEventLog', 'BOOL',[
1762
+ dll.add_function('NotifyChangeEventLog', 'BOOL',[
1509
1763
  ["DWORD","hEventLog","in"],
1510
1764
  ["DWORD","hEvent","in"],
1511
1765
  ])
1512
1766
 
1513
- railgun.add_function( 'advapi32', 'ObjectCloseAuditAlarmA', 'BOOL',[
1767
+ dll.add_function('ObjectCloseAuditAlarmA', 'BOOL',[
1514
1768
  ["PCHAR","SubsystemName","in"],
1515
1769
  ["PBLOB","HandleId","in"],
1516
1770
  ["BOOL","GenerateOnClose","in"],
1517
1771
  ])
1518
1772
 
1519
- railgun.add_function( 'advapi32', 'ObjectCloseAuditAlarmW', 'BOOL',[
1773
+ dll.add_function('ObjectCloseAuditAlarmW', 'BOOL',[
1520
1774
  ["PWCHAR","SubsystemName","in"],
1521
1775
  ["PBLOB","HandleId","in"],
1522
1776
  ["BOOL","GenerateOnClose","in"],
1523
1777
  ])
1524
1778
 
1525
- railgun.add_function( 'advapi32', 'ObjectDeleteAuditAlarmA', 'BOOL',[
1779
+ dll.add_function('ObjectDeleteAuditAlarmA', 'BOOL',[
1526
1780
  ["PCHAR","SubsystemName","in"],
1527
1781
  ["PBLOB","HandleId","in"],
1528
1782
  ["BOOL","GenerateOnClose","in"],
1529
1783
  ])
1530
1784
 
1531
- railgun.add_function( 'advapi32', 'ObjectDeleteAuditAlarmW', 'BOOL',[
1785
+ dll.add_function('ObjectDeleteAuditAlarmW', 'BOOL',[
1532
1786
  ["PWCHAR","SubsystemName","in"],
1533
1787
  ["PBLOB","HandleId","in"],
1534
1788
  ["BOOL","GenerateOnClose","in"],
1535
1789
  ])
1536
1790
 
1537
- railgun.add_function( 'advapi32', 'ObjectOpenAuditAlarmA', 'BOOL',[
1791
+ dll.add_function('ObjectOpenAuditAlarmA', 'BOOL',[
1538
1792
  ["PCHAR","SubsystemName","in"],
1539
1793
  ["PBLOB","HandleId","in"],
1540
1794
  ["PCHAR","ObjectTypeName","in"],
@@ -1549,7 +1803,7 @@ class Def_advapi32
1549
1803
  ["PBLOB","GenerateOnClose","out"],
1550
1804
  ])
1551
1805
 
1552
- railgun.add_function( 'advapi32', 'ObjectOpenAuditAlarmW', 'BOOL',[
1806
+ dll.add_function('ObjectOpenAuditAlarmW', 'BOOL',[
1553
1807
  ["PWCHAR","SubsystemName","in"],
1554
1808
  ["PBLOB","HandleId","in"],
1555
1809
  ["PWCHAR","ObjectTypeName","in"],
@@ -1564,7 +1818,7 @@ class Def_advapi32
1564
1818
  ["PBLOB","GenerateOnClose","out"],
1565
1819
  ])
1566
1820
 
1567
- railgun.add_function( 'advapi32', 'ObjectPrivilegeAuditAlarmA', 'BOOL',[
1821
+ dll.add_function('ObjectPrivilegeAuditAlarmA', 'BOOL',[
1568
1822
  ["PCHAR","SubsystemName","in"],
1569
1823
  ["PBLOB","HandleId","in"],
1570
1824
  ["DWORD","ClientToken","in"],
@@ -1573,7 +1827,7 @@ class Def_advapi32
1573
1827
  ["BOOL","AccessGranted","in"],
1574
1828
  ])
1575
1829
 
1576
- railgun.add_function( 'advapi32', 'ObjectPrivilegeAuditAlarmW', 'BOOL',[
1830
+ dll.add_function('ObjectPrivilegeAuditAlarmW', 'BOOL',[
1577
1831
  ["PWCHAR","SubsystemName","in"],
1578
1832
  ["PBLOB","HandleId","in"],
1579
1833
  ["DWORD","ClientToken","in"],
@@ -1582,58 +1836,58 @@ class Def_advapi32
1582
1836
  ["BOOL","AccessGranted","in"],
1583
1837
  ])
1584
1838
 
1585
- railgun.add_function( 'advapi32', 'OpenBackupEventLogA', 'DWORD',[
1839
+ dll.add_function('OpenBackupEventLogA', 'DWORD',[
1586
1840
  ["PCHAR","lpUNCServerName","in"],
1587
1841
  ["PCHAR","lpFileName","in"],
1588
1842
  ])
1589
1843
 
1590
- railgun.add_function( 'advapi32', 'OpenBackupEventLogW', 'DWORD',[
1844
+ dll.add_function('OpenBackupEventLogW', 'DWORD',[
1591
1845
  ["PWCHAR","lpUNCServerName","in"],
1592
1846
  ["PWCHAR","lpFileName","in"],
1593
1847
  ])
1594
1848
 
1595
- railgun.add_function( 'advapi32', 'OpenEncryptedFileRawA', 'DWORD',[
1849
+ dll.add_function('OpenEncryptedFileRawA', 'DWORD',[
1596
1850
  ["PCHAR","lpFileName","in"],
1597
1851
  ["DWORD","ulFlags","in"],
1598
1852
  ["PBLOB","pvContext","out"],
1599
1853
  ])
1600
1854
 
1601
- railgun.add_function( 'advapi32', 'OpenEncryptedFileRawW', 'DWORD',[
1855
+ dll.add_function('OpenEncryptedFileRawW', 'DWORD',[
1602
1856
  ["PWCHAR","lpFileName","in"],
1603
1857
  ["DWORD","ulFlags","in"],
1604
1858
  ["PBLOB","pvContext","out"],
1605
1859
  ])
1606
1860
 
1607
- railgun.add_function( 'advapi32', 'OpenEventLogA', 'DWORD',[
1861
+ dll.add_function('OpenEventLogA', 'DWORD',[
1608
1862
  ["PCHAR","lpUNCServerName","in"],
1609
1863
  ["PCHAR","lpSourceName","in"],
1610
1864
  ])
1611
1865
 
1612
- railgun.add_function( 'advapi32', 'OpenEventLogW', 'DWORD',[
1866
+ dll.add_function('OpenEventLogW', 'DWORD',[
1613
1867
  ["PWCHAR","lpUNCServerName","in"],
1614
1868
  ["PWCHAR","lpSourceName","in"],
1615
1869
  ])
1616
1870
 
1617
- railgun.add_function( 'advapi32', 'OpenProcessToken', 'BOOL',[
1871
+ dll.add_function('OpenProcessToken', 'BOOL',[
1618
1872
  ["DWORD","ProcessHandle","in"],
1619
1873
  ["DWORD","DesiredAccess","in"],
1620
1874
  ["PDWORD","TokenHandle","out"],
1621
1875
  ])
1622
1876
 
1623
- railgun.add_function( 'advapi32', 'OpenThreadToken', 'BOOL',[
1877
+ dll.add_function('OpenThreadToken', 'BOOL',[
1624
1878
  ["DWORD","ThreadHandle","in"],
1625
1879
  ["DWORD","DesiredAccess","in"],
1626
1880
  ["BOOL","OpenAsSelf","in"],
1627
1881
  ["PDWORD","TokenHandle","out"],
1628
1882
  ])
1629
1883
 
1630
- railgun.add_function( 'advapi32', 'PrivilegeCheck', 'BOOL',[
1884
+ dll.add_function('PrivilegeCheck', 'BOOL',[
1631
1885
  ["DWORD","ClientToken","in"],
1632
1886
  ["PBLOB","RequiredPrivileges","inout"],
1633
1887
  ["PBLOB","pfResult","out"],
1634
1888
  ])
1635
1889
 
1636
- railgun.add_function( 'advapi32', 'PrivilegedServiceAuditAlarmA', 'BOOL',[
1890
+ dll.add_function('PrivilegedServiceAuditAlarmA', 'BOOL',[
1637
1891
  ["PCHAR","SubsystemName","in"],
1638
1892
  ["PCHAR","ServiceName","in"],
1639
1893
  ["DWORD","ClientToken","in"],
@@ -1641,7 +1895,7 @@ class Def_advapi32
1641
1895
  ["BOOL","AccessGranted","in"],
1642
1896
  ])
1643
1897
 
1644
- railgun.add_function( 'advapi32', 'PrivilegedServiceAuditAlarmW', 'BOOL',[
1898
+ dll.add_function('PrivilegedServiceAuditAlarmW', 'BOOL',[
1645
1899
  ["PWCHAR","SubsystemName","in"],
1646
1900
  ["PWCHAR","ServiceName","in"],
1647
1901
  ["DWORD","ClientToken","in"],
@@ -1649,13 +1903,13 @@ class Def_advapi32
1649
1903
  ["BOOL","AccessGranted","in"],
1650
1904
  ])
1651
1905
 
1652
- railgun.add_function( 'advapi32', 'ReadEncryptedFileRaw', 'DWORD',[
1906
+ dll.add_function('ReadEncryptedFileRaw', 'DWORD',[
1653
1907
  ["PBLOB","pfExportCallback","in"],
1654
1908
  ["PBLOB","pvCallbackContext","in"],
1655
1909
  ["PBLOB","pvContext","in"],
1656
1910
  ])
1657
1911
 
1658
- railgun.add_function( 'advapi32', 'ReadEventLogA', 'BOOL',[
1912
+ dll.add_function('ReadEventLogA', 'BOOL',[
1659
1913
  ["DWORD","hEventLog","in"],
1660
1914
  ["DWORD","dwReadFlags","in"],
1661
1915
  ["DWORD","dwRecordOffset","in"],
@@ -1665,7 +1919,7 @@ class Def_advapi32
1665
1919
  ["PDWORD","pnMinNumberOfBytesNeeded","out"],
1666
1920
  ])
1667
1921
 
1668
- railgun.add_function( 'advapi32', 'ReadEventLogW', 'BOOL',[
1922
+ dll.add_function('ReadEventLogW', 'BOOL',[
1669
1923
  ["DWORD","hEventLog","in"],
1670
1924
  ["DWORD","dwReadFlags","in"],
1671
1925
  ["DWORD","dwRecordOffset","in"],
@@ -1675,17 +1929,17 @@ class Def_advapi32
1675
1929
  ["PDWORD","pnMinNumberOfBytesNeeded","out"],
1676
1930
  ])
1677
1931
 
1678
- railgun.add_function( 'advapi32', 'RegisterEventSourceA', 'DWORD',[
1932
+ dll.add_function('RegisterEventSourceA', 'DWORD',[
1679
1933
  ["PCHAR","lpUNCServerName","in"],
1680
1934
  ["PCHAR","lpSourceName","in"],
1681
1935
  ])
1682
1936
 
1683
- railgun.add_function( 'advapi32', 'RegisterEventSourceW', 'DWORD',[
1937
+ dll.add_function('RegisterEventSourceW', 'DWORD',[
1684
1938
  ["PWCHAR","lpUNCServerName","in"],
1685
1939
  ["PWCHAR","lpSourceName","in"],
1686
1940
  ])
1687
1941
 
1688
- railgun.add_function( 'advapi32', 'ReportEventA', 'BOOL',[
1942
+ dll.add_function('ReportEventA', 'BOOL',[
1689
1943
  ["DWORD","hEventLog","in"],
1690
1944
  ["WORD","wType","in"],
1691
1945
  ["WORD","wCategory","in"],
@@ -1697,7 +1951,7 @@ class Def_advapi32
1697
1951
  ["PBLOB","lpRawData","in"],
1698
1952
  ])
1699
1953
 
1700
- railgun.add_function( 'advapi32', 'ReportEventW', 'BOOL',[
1954
+ dll.add_function('ReportEventW', 'BOOL',[
1701
1955
  ["DWORD","hEventLog","in"],
1702
1956
  ["WORD","wType","in"],
1703
1957
  ["WORD","wCategory","in"],
@@ -1709,35 +1963,35 @@ class Def_advapi32
1709
1963
  ["PBLOB","lpRawData","in"],
1710
1964
  ])
1711
1965
 
1712
- railgun.add_function( 'advapi32', 'RevertToSelf', 'BOOL',[
1966
+ dll.add_function('RevertToSelf', 'BOOL',[
1713
1967
  ])
1714
1968
 
1715
- railgun.add_function( 'advapi32', 'SetAclInformation', 'BOOL',[
1969
+ dll.add_function('SetAclInformation', 'BOOL',[
1716
1970
  ["PBLOB","pAcl","inout"],
1717
1971
  ["PBLOB","pAclInformation","in"],
1718
1972
  ["DWORD","nAclInformationLength","in"],
1719
1973
  ["DWORD","dwAclInformationClass","in"],
1720
1974
  ])
1721
1975
 
1722
- railgun.add_function( 'advapi32', 'SetFileSecurityA', 'BOOL',[
1976
+ dll.add_function('SetFileSecurityA', 'BOOL',[
1723
1977
  ["PCHAR","lpFileName","in"],
1724
1978
  ["PBLOB","SecurityInformation","in"],
1725
1979
  ["PBLOB","pSecurityDescriptor","in"],
1726
1980
  ])
1727
1981
 
1728
- railgun.add_function( 'advapi32', 'SetFileSecurityW', 'BOOL',[
1982
+ dll.add_function('SetFileSecurityW', 'BOOL',[
1729
1983
  ["PWCHAR","lpFileName","in"],
1730
1984
  ["PBLOB","SecurityInformation","in"],
1731
1985
  ["PBLOB","pSecurityDescriptor","in"],
1732
1986
  ])
1733
1987
 
1734
- railgun.add_function( 'advapi32', 'SetKernelObjectSecurity', 'BOOL',[
1988
+ dll.add_function('SetKernelObjectSecurity', 'BOOL',[
1735
1989
  ["DWORD","Handle","in"],
1736
1990
  ["PBLOB","SecurityInformation","in"],
1737
1991
  ["PBLOB","SecurityDescriptor","in"],
1738
1992
  ])
1739
1993
 
1740
- railgun.add_function( 'advapi32', 'SetPrivateObjectSecurity', 'BOOL',[
1994
+ dll.add_function('SetPrivateObjectSecurity', 'BOOL',[
1741
1995
  ["PBLOB","SecurityInformation","in"],
1742
1996
  ["PBLOB","ModificationDescriptor","in"],
1743
1997
  ["PBLOB","ObjectsSecurityDescriptor","inout"],
@@ -1745,7 +1999,7 @@ class Def_advapi32
1745
1999
  ["DWORD","Token","in"],
1746
2000
  ])
1747
2001
 
1748
- railgun.add_function( 'advapi32', 'SetPrivateObjectSecurityEx', 'BOOL',[
2002
+ dll.add_function('SetPrivateObjectSecurityEx', 'BOOL',[
1749
2003
  ["PBLOB","SecurityInformation","in"],
1750
2004
  ["PBLOB","ModificationDescriptor","in"],
1751
2005
  ["PBLOB","ObjectsSecurityDescriptor","inout"],
@@ -1754,61 +2008,63 @@ class Def_advapi32
1754
2008
  ["DWORD","Token","in"],
1755
2009
  ])
1756
2010
 
1757
- railgun.add_function( 'advapi32', 'SetSecurityDescriptorControl', 'BOOL',[
2011
+ dll.add_function('SetSecurityDescriptorControl', 'BOOL',[
1758
2012
  ["PBLOB","pSecurityDescriptor","in"],
1759
2013
  ["WORD","ControlBitsOfInterest","in"],
1760
2014
  ["WORD","ControlBitsToSet","in"],
1761
2015
  ])
1762
2016
 
1763
- railgun.add_function( 'advapi32', 'SetSecurityDescriptorDacl', 'BOOL',[
2017
+ dll.add_function('SetSecurityDescriptorDacl', 'BOOL',[
1764
2018
  ["PBLOB","pSecurityDescriptor","inout"],
1765
2019
  ["BOOL","bDaclPresent","in"],
1766
2020
  ["PBLOB","pDacl","in"],
1767
2021
  ["BOOL","bDaclDefaulted","in"],
1768
2022
  ])
1769
2023
 
1770
- railgun.add_function( 'advapi32', 'SetSecurityDescriptorGroup', 'BOOL',[
2024
+ dll.add_function('SetSecurityDescriptorGroup', 'BOOL',[
1771
2025
  ["PBLOB","pSecurityDescriptor","inout"],
1772
2026
  ["PBLOB","pGroup","in"],
1773
2027
  ["BOOL","bGroupDefaulted","in"],
1774
2028
  ])
1775
2029
 
1776
- railgun.add_function( 'advapi32', 'SetSecurityDescriptorOwner', 'BOOL',[
2030
+ dll.add_function('SetSecurityDescriptorOwner', 'BOOL',[
1777
2031
  ["PBLOB","pSecurityDescriptor","inout"],
1778
2032
  ["PBLOB","pOwner","in"],
1779
2033
  ["BOOL","bOwnerDefaulted","in"],
1780
2034
  ])
1781
2035
 
1782
- railgun.add_function( 'advapi32', 'SetSecurityDescriptorRMControl', 'DWORD',[
2036
+ dll.add_function('SetSecurityDescriptorRMControl', 'DWORD',[
1783
2037
  ["PBLOB","SecurityDescriptor","inout"],
1784
2038
  ["PBLOB","RMControl","in"],
1785
2039
  ])
1786
2040
 
1787
- railgun.add_function( 'advapi32', 'SetSecurityDescriptorSacl', 'BOOL',[
2041
+ dll.add_function('SetSecurityDescriptorSacl', 'BOOL',[
1788
2042
  ["PBLOB","pSecurityDescriptor","inout"],
1789
2043
  ["BOOL","bSaclPresent","in"],
1790
2044
  ["PBLOB","pSacl","in"],
1791
2045
  ["BOOL","bSaclDefaulted","in"],
1792
2046
  ])
1793
2047
 
1794
- railgun.add_function( 'advapi32', 'SetThreadToken', 'BOOL',[
2048
+ dll.add_function('SetThreadToken', 'BOOL',[
1795
2049
  ["PDWORD","Thread","in"],
1796
2050
  ["DWORD","Token","in"],
1797
2051
  ])
1798
2052
 
1799
- railgun.add_function( 'advapi32', 'SetTokenInformation', 'BOOL',[
2053
+ dll.add_function('SetTokenInformation', 'BOOL',[
1800
2054
  ["DWORD","TokenHandle","in"],
1801
2055
  ["DWORD","TokenInformationClass","in"],
1802
2056
  ["PBLOB","TokenInformation","in"],
1803
2057
  ["DWORD","TokenInformationLength","in"],
1804
2058
  ])
1805
2059
 
1806
- railgun.add_function( 'advapi32', 'WriteEncryptedFileRaw', 'DWORD',[
2060
+ dll.add_function('WriteEncryptedFileRaw', 'DWORD',[
1807
2061
  ["PBLOB","pfImportCallback","in"],
1808
2062
  ["PBLOB","pvCallbackContext","in"],
1809
2063
  ["PBLOB","pvContext","in"],
1810
2064
  ])
1811
2065
 
2066
+
2067
+ return dll
1812
2068
  end
1813
2069
 
1814
2070
  end