librex 0.0.42 → 0.0.43

Sign up to get free protection for your applications and to get access to all the features.
Files changed (34) hide show
  1. data/README.markdown +1 -1
  2. data/lib/rex/compat.rb +10 -0
  3. data/lib/rex/post/meterpreter/channels/pools/file.rb +1 -1
  4. data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +20 -18
  5. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +11 -22
  6. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +2 -1
  7. data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +4 -0
  8. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +27 -0
  9. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +7 -0
  10. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +498 -242
  11. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +18 -18
  12. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +695 -694
  13. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +6 -5
  14. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +24 -24
  15. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +5 -4
  16. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +551 -551
  17. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +93 -93
  18. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +56 -42
  19. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +4 -4
  20. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +5 -5
  21. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +26 -0
  22. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +63 -0
  23. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +4 -4
  24. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +151 -96
  25. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +80 -5
  26. data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +3 -3
  27. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +11 -11
  28. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +3 -3
  29. data/lib/rex/post/meterpreter/packet.rb +12 -11
  30. data/lib/rex/proto/dhcp/server.rb +36 -42
  31. data/lib/rex/socket/range_walker.rb +1 -1
  32. data/lib/rex/text.rb +18 -1
  33. data/lib/rex/ui/text/table.rb +1 -1
  34. metadata +5 -3
@@ -3,7 +3,7 @@
3
3
  A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
4
4
 
5
5
  Currently based on:
6
- SVN Revision: 13159
6
+ SVN Revision: 13247
7
7
 
8
8
  # Credits
9
9
  The Metasploit development team <http://www.metasploit.com>
@@ -220,6 +220,16 @@ def self.win32_winexec(cmd)
220
220
  exe.call(cmd, 0)
221
221
  end
222
222
 
223
+ #
224
+ # Verify the Console2 environment
225
+ #
226
+ def self.win32_console2_verify
227
+ buf = "\x00" * 512
228
+ out = Win32API.new("kernel32", "GetStdHandle", ["L"], "L").call(STD_OUTPUT_HANDLE)
229
+ res = Win32API.new("kernel32","GetConsoleTitle", ["PL"], "L").call(buf, buf.length-1) rescue 0
230
+ ( res > 0 and buf.index("Console2 command").nil? ) ? false : true
231
+ end
232
+
223
233
  #
224
234
  # Platform independent socket pair
225
235
  #
@@ -36,7 +36,7 @@ class File < Rex::Post::Meterpreter::Channels::Pool
36
36
  [
37
37
  {
38
38
  'type' => Rex::Post::Meterpreter::Extensions::Stdapi::TLV_TYPE_FILE_PATH,
39
- 'value' => name
39
+ 'value' => Rex::Text.unicode_filter_decode( name )
40
40
  },
41
41
  {
42
42
  'type' => Rex::Post::Meterpreter::Extensions::Stdapi::TLV_TYPE_FILE_MODE,
@@ -56,14 +56,14 @@ class Dir < Rex::Post::Dir
56
56
  request = Packet.create_request('stdapi_fs_ls')
57
57
  files = []
58
58
 
59
- request.add_tlv(TLV_TYPE_DIRECTORY_PATH, name)
59
+ request.add_tlv(TLV_TYPE_DIRECTORY_PATH, Rex::Text.unicode_filter_decode(name))
60
60
 
61
61
  response = client.send_request(request)
62
62
 
63
63
  response.each(TLV_TYPE_FILE_NAME) { |file_name|
64
- files << file_name.value
64
+ files << Rex::Text.unicode_filter_encode( file_name.value )
65
65
  }
66
-
66
+
67
67
  return files
68
68
  end
69
69
 
@@ -74,7 +74,7 @@ class Dir < Rex::Post::Dir
74
74
  request = Packet.create_request('stdapi_fs_ls')
75
75
  files = []
76
76
 
77
- request.add_tlv(TLV_TYPE_DIRECTORY_PATH, name)
77
+ request.add_tlv(TLV_TYPE_DIRECTORY_PATH, Rex::Text.unicode_filter_decode(name))
78
78
 
79
79
  response = client.send_request(request)
80
80
 
@@ -88,7 +88,7 @@ class Dir < Rex::Post::Dir
88
88
 
89
89
  fname.each_with_index { |file_name, idx|
90
90
  st = nil
91
-
91
+
92
92
  if (sbuf[idx])
93
93
  st = ::Rex::Post::FileStat.new
94
94
  st.update(sbuf[idx].value)
@@ -96,12 +96,12 @@ class Dir < Rex::Post::Dir
96
96
 
97
97
  files <<
98
98
  {
99
- 'FileName' => file_name.value,
100
- 'FilePath' => fpath[idx].value,
99
+ 'FileName' => Rex::Text.unicode_filter_encode( file_name.value ),
100
+ 'FilePath' => Rex::Text.unicode_filter_encode( fpath[idx].value ),
101
101
  'StatBuf' => st,
102
102
  }
103
103
  }
104
-
104
+
105
105
  return files
106
106
  end
107
107
 
@@ -117,20 +117,20 @@ class Dir < Rex::Post::Dir
117
117
  def Dir.chdir(path)
118
118
  request = Packet.create_request('stdapi_fs_chdir')
119
119
 
120
- request.add_tlv(TLV_TYPE_DIRECTORY_PATH, path)
120
+ request.add_tlv(TLV_TYPE_DIRECTORY_PATH, Rex::Text.unicode_filter_decode( path ))
121
121
 
122
122
  response = client.send_request(request)
123
123
 
124
124
  return 0
125
125
  end
126
-
126
+
127
127
  #
128
128
  # Creates a directory.
129
129
  #
130
130
  def Dir.mkdir(path)
131
131
  request = Packet.create_request('stdapi_fs_mkdir')
132
132
 
133
- request.add_tlv(TLV_TYPE_DIRECTORY_PATH, path)
133
+ request.add_tlv(TLV_TYPE_DIRECTORY_PATH, Rex::Text.unicode_filter_decode( path ))
134
134
 
135
135
  response = client.send_request(request)
136
136
 
@@ -145,7 +145,7 @@ class Dir < Rex::Post::Dir
145
145
 
146
146
  response = client.send_request(request)
147
147
 
148
- return response.get_tlv(TLV_TYPE_DIRECTORY_PATH).value
148
+ return Rex::Text.unicode_filter_encode( response.get_tlv(TLV_TYPE_DIRECTORY_PATH).value )
149
149
  end
150
150
 
151
151
  #
@@ -161,7 +161,7 @@ class Dir < Rex::Post::Dir
161
161
  def Dir.delete(path)
162
162
  request = Packet.create_request('stdapi_fs_delete_dir')
163
163
 
164
- request.add_tlv(TLV_TYPE_DIRECTORY_PATH, path)
164
+ request.add_tlv(TLV_TYPE_DIRECTORY_PATH, Rex::Text.unicode_filter_decode( path ))
165
165
 
166
166
  response = client.send_request(request)
167
167
 
@@ -193,9 +193,10 @@ class Dir < Rex::Post::Dir
193
193
  # local directory, optionally in a recursive fashion.
194
194
  #
195
195
  def Dir.download(dst, src, recursive = false, force = true, &stat)
196
+
196
197
  self.entries(src).each { |src_sub|
197
- dst_item = dst + ::File::SEPARATOR + src_sub
198
- src_item = src + File::SEPARATOR + src_sub
198
+ dst_item = dst + ::File::SEPARATOR + Rex::Text.unicode_filter_encode( src_sub )
199
+ src_item = src + File::SEPARATOR + Rex::Text.unicode_filter_encode( src_sub )
199
200
 
200
201
  if (src_sub == '.' or src_sub == '..')
201
202
  next
@@ -215,7 +216,7 @@ class Dir < Rex::Post::Dir
215
216
  raise e
216
217
  end
217
218
  end
218
-
219
+
219
220
  elsif (src_stat.directory?)
220
221
  if (recursive == false)
221
222
  next
@@ -239,8 +240,8 @@ class Dir < Rex::Post::Dir
239
240
  #
240
241
  def Dir.upload(dst, src, recursive = false, &stat)
241
242
  ::Dir.entries(src).each { |src_sub|
242
- dst_item = dst + File::SEPARATOR + src_sub
243
- src_item = src + ::File::SEPARATOR + src_sub
243
+ dst_item = dst + File::SEPARATOR + Rex::Text.unicode_filter_encode( src_sub )
244
+ src_item = src + ::File::SEPARATOR + Rex::Text.unicode_filter_encode( src_sub )
244
245
 
245
246
  if (src_sub == '.' or src_sub == '..')
246
247
  next
@@ -280,3 +281,4 @@ protected
280
281
  end
281
282
 
282
283
  end; end; end; end; end; end
284
+
@@ -44,6 +44,7 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
44
44
 
45
45
  request = Packet.create_request( 'stdapi_fs_search' )
46
46
 
47
+ root = Rex::Text.unicode_filter_decode(root) if root
47
48
  root = root.chomp( '\\' ) if root
48
49
 
49
50
  request.add_tlv( TLV_TYPE_SEARCH_ROOT, root )
@@ -56,8 +57,8 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
56
57
  if( response.result == 0 )
57
58
  response.each( TLV_TYPE_SEARCH_RESULTS ) do | results |
58
59
  files << {
59
- 'path' => results.get_tlv_value( TLV_TYPE_FILE_PATH ).chomp( '\\' ),
60
- 'name' => results.get_tlv_value( TLV_TYPE_FILE_NAME ),
60
+ 'path' => Rex::Text.unicode_filter_encode( results.get_tlv_value( TLV_TYPE_FILE_PATH ).chomp( '\\' ) ),
61
+ 'name' => Rex::Text.unicode_filter_encode( results.get_tlv_value( TLV_TYPE_FILE_NAME ) ),
61
62
  'size' => results.get_tlv_value( TLV_TYPE_FILE_SIZE )
62
63
  }
63
64
  end
@@ -87,11 +88,11 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
87
88
  def File.expand_path(path)
88
89
  request = Packet.create_request('stdapi_fs_file_expand_path')
89
90
 
90
- request.add_tlv(TLV_TYPE_FILE_PATH, path)
91
+ request.add_tlv(TLV_TYPE_FILE_PATH, Rex::Text.unicode_filter_decode( path ))
91
92
 
92
93
  response = client.send_request(request)
93
94
 
94
- return response.get_tlv_value(TLV_TYPE_FILE_PATH)
95
+ return Rex::Text.unicode_filter_encode( response.get_tlv_value(TLV_TYPE_FILE_PATH) )
95
96
  end
96
97
 
97
98
 
@@ -101,10 +102,11 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
101
102
  def File.md5(path)
102
103
  request = Packet.create_request('stdapi_fs_md5')
103
104
 
104
- request.add_tlv(TLV_TYPE_FILE_PATH, path)
105
+ request.add_tlv(TLV_TYPE_FILE_PATH, Rex::Text.unicode_filter_decode( path ))
105
106
 
106
107
  response = client.send_request(request)
107
108
 
109
+ # This is not really a file name, but a raw hash in bytes
108
110
  return response.get_tlv_value(TLV_TYPE_FILE_NAME)
109
111
  end
110
112
 
@@ -114,32 +116,19 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
114
116
  def File.sha1(path)
115
117
  request = Packet.create_request('stdapi_fs_sha1')
116
118
 
117
- request.add_tlv(TLV_TYPE_FILE_PATH, path)
119
+ request.add_tlv(TLV_TYPE_FILE_PATH, Rex::Text.unicode_filter_decode( path ))
118
120
 
119
121
  response = client.send_request(request)
120
122
 
123
+ # This is not really a file name, but a raw hash in bytes
121
124
  return response.get_tlv_value(TLV_TYPE_FILE_NAME)
122
125
  end
123
126
 
124
- #
125
- # Expands a file path, substituting all environment variables, such as
126
- # %TEMP%.
127
- #
128
- def File.expand_path(path)
129
- request = Packet.create_request('stdapi_fs_file_expand_path')
130
-
131
- request.add_tlv(TLV_TYPE_FILE_PATH, path)
132
-
133
- response = client.send_request(request)
134
-
135
- return response.get_tlv_value(TLV_TYPE_FILE_PATH)
136
- end
137
-
138
127
  #
139
128
  # Performs a stat on a file and returns a FileStat instance.
140
129
  #
141
130
  def File.stat(name)
142
- return client.fs.filestat.new(name)
131
+ return client.fs.filestat.new( name )
143
132
  end
144
133
 
145
134
  #
@@ -156,7 +145,7 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
156
145
  def File.rm(name)
157
146
  request = Packet.create_request('stdapi_fs_delete_file')
158
147
 
159
- request.add_tlv(TLV_TYPE_FILE_PATH,name)
148
+ request.add_tlv(TLV_TYPE_FILE_PATH, Rex::Text.unicode_filter_decode( name ))
160
149
 
161
150
  response = client.send_request(request)
162
151
 
@@ -88,7 +88,7 @@ protected
88
88
  def stat(file)
89
89
  request = Packet.create_request('stdapi_fs_stat')
90
90
 
91
- request.add_tlv(TLV_TYPE_FILE_PATH, file)
91
+ request.add_tlv(TLV_TYPE_FILE_PATH, Rex::Text.unicode_filter_decode( file ))
92
92
 
93
93
  response = self.class.client.send_request(request)
94
94
  stat_buf = response.get_tlv(TLV_TYPE_STAT_BUF).value
@@ -101,3 +101,4 @@ protected
101
101
  end
102
102
 
103
103
  end; end; end; end; end; end
104
+
@@ -9,3 +9,7 @@ require 'railgun/buffer_item.rb.ut'
9
9
  require 'railgun/dll_function.rb.ut'
10
10
  require 'railgun/dll_helper.rb.ut'
11
11
  require 'railgun/win_const_manager.rb.ut'
12
+ require 'railgun/dll.rb.ut.rb'
13
+ require 'railgun/dll_wrapper.rb.ut.rb'
14
+ require 'railgun/railgun.rb.ut.rb'
15
+ require 'railgun/win_const_manager.rb.ut.rb'
@@ -1,3 +1,5 @@
1
+ require 'rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager'
2
+ require 'thread'
1
3
 
2
4
  module Rex
3
5
  module Post
@@ -8,6 +10,31 @@ module Railgun
8
10
 
9
11
  class ApiConstants
10
12
 
13
+ # This will be lazily loaded in self.manager
14
+ @@manager = nil
15
+ @@manager_semaphore = Mutex.new
16
+
17
+ # provides a frozen constant manager for the constants defined in self.add_constants
18
+ def self.manager
19
+
20
+ # The first check for nil is to potentially skip the need to synchronize
21
+ if @@manager.nil?
22
+ # Looks like we MAY need to load manager
23
+ @@manager_semaphore.synchronize do
24
+ # We check once more. Now our options are synchronized
25
+ if @@manager.nil?
26
+ @@manager = WinConstManager.new
27
+
28
+ self.add_constants(@@manager)
29
+
30
+ @@manager.freeze
31
+ end
32
+ end
33
+ end
34
+
35
+ return @@manager
36
+ end
37
+
11
38
  def self.add_constants(win_const_mgr)
12
39
  win_const_mgr.add_const('MCI_DGV_SETVIDEO_TINT',0x00004003)
13
40
  win_const_mgr.add_const('EVENT_TRACE_FLAG_PROCESS',0x00000001)
@@ -14,6 +14,13 @@ module Extensions
14
14
  module Stdapi
15
15
  module Railgun
16
16
  class ApiConstants::UnitTest < Test::Unit::TestCase
17
+ def test_manager
18
+ const_manager = ApiConstants.manager
19
+
20
+ assert_equal(0, const_manager.parse('SUCCESS'),
21
+ "ApiConstants.manager should return a functional constant manager for WinAPI constants")
22
+ end
23
+
17
24
  def test_add_constants
18
25
  const_manager = WinConstManager.new
19
26
 
@@ -8,19 +8,273 @@ module Def
8
8
 
9
9
  class Def_advapi32
10
10
 
11
- def self.add_imports(railgun)
11
+ def self.create_dll(dll_path = 'advapi32')
12
+ dll = DLL.new(dll_path, ApiConstants.manager)
13
+
14
+ #Functions for Windows CryptoAPI
15
+ dll.add_function( 'CryptAcquireContextW', 'BOOL',[
16
+ ['PDWORD', 'phProv', 'out'],
17
+ ['PWCHAR', 'pszContainer', 'in'],
18
+ ['PWCHAR', 'pszProvider', 'in'],
19
+ ['DWORD', 'dwProvType', 'in'],
20
+ ['DWORD', 'dwflags', 'in']])
21
+
22
+ dll.add_function( 'CryptAcquireContextA', 'BOOL',[
23
+ ['PDWORD', 'phProv', 'out'],
24
+ ['PWCHAR', 'pszContainer', 'in'],
25
+ ['PWCHAR', 'pszProvider', 'in'],
26
+ ['DWORD', 'dwProvType', 'in'],
27
+ ['DWORD', 'dwflags', 'in']])
28
+
29
+
30
+ dll.add_function( 'CryptContextAddRef', 'BOOL', [
31
+ ['LPVOID', 'hProv', 'in'],
32
+ ['DWORD', 'pdwReserved', 'in'],
33
+ ['DWORD', 'dwFlags', 'in']])
34
+
35
+ dll.add_function( 'CryptEnumProvidersW', 'BOOL', [
36
+ ['DWORD', 'dwIndex', 'in'],
37
+ ['DWORD', 'pdwReserved', 'in'],
38
+ ['DWORD', 'dwFlags', 'in'],
39
+ ['PDWORD', 'pdwProvType', 'out'],
40
+ ['PWCHAR', 'pszProvName', 'out'],
41
+ ['PDWORD', 'pcbProvName', 'inout']])
42
+
43
+ dll.add_function( 'CryptEnumProvidersA', 'BOOL', [
44
+ ['DWORD', 'dwIndex', 'in'],
45
+ ['DWORD', 'pdwReserved', 'in'],
46
+ ['DWORD', 'dwFlags', 'in'],
47
+ ['PDWORD', 'pdwProvType', 'out'],
48
+ ['PCHAR', 'pszProvName', 'out'],
49
+ ['PDWORD', 'pcbProvName', 'inout']])
50
+
51
+ dll.add_function( 'CryptEnumProviderTypesW', 'BOOL', [
52
+ ['DWORD', 'dwIndex', 'in'],
53
+ ['DWORD', 'pdwReserved', 'in'],
54
+ ['DWORD', 'dwFlags', 'in'],
55
+ ['PDWORD', 'pdwProvType', 'out'],
56
+ ['PWCHAR', 'pszTypeName', 'out'],
57
+ ['PDWORD', 'pcbTypeName', 'inout']])
58
+
59
+ dll.add_function( 'CryptEnumProviderTypesA', 'BOOL', [
60
+ ['DWORD', 'dwIndex', 'in'],
61
+ ['DWORD', 'pdwReserved', 'in'],
62
+ ['DWORD', 'dwFlags', 'in'],
63
+ ['PDWORD', 'pdwProvType', 'out'],
64
+ ['PCHAR', 'pszTypeName', 'out'],
65
+ ['PDWORD', 'pcbTypeName', 'inout']])
66
+
67
+ dll.add_function( 'CryptGetDefaultProviderW ', 'BOOL', [
68
+ ['DWORD', 'dwProvType', 'in'],
69
+ ['DWORD', 'pwdReserved', 'in'],
70
+ ['DWORD', 'dwFlags', 'in'],
71
+ ['PWCHAR', 'pszProvName', 'out'],
72
+ ['PDWORD', 'pcbProvName', 'inout']])
73
+
74
+ dll.add_function( 'CryptGetDefaultProviderA ', 'BOOL', [
75
+ ['DWORD', 'dwProvType', 'in'],
76
+ ['DWORD', 'pwdReserved', 'in'],
77
+ ['DWORD', 'dwFlags', 'in'],
78
+ ['PCHAR', 'pszProvName', 'out'],
79
+ ['PDWORD', 'pcbProvName', 'inout']])
80
+
81
+ dll.add_function( 'CryptGetProvParam', 'BOOL', [
82
+ ['LPVOID', 'hProv', 'in'],
83
+ ['DWORD', 'dwParam', 'in'],
84
+ ['PBLOB', 'pbData', 'out'],
85
+ ['PDWORD', 'pwdDataLen', 'inout'],
86
+ ['DWORD', 'dwFlags', 'in']])
87
+
88
+ dll.add_function( 'CryptSetProviderW', 'BOOL', [
89
+ ['PWCHAR', 'pszProvName', 'in'],
90
+ ['DWORD', 'dwProvType', 'in']])
91
+
92
+ dll.add_function( 'CryptSetProviderA', 'BOOL', [
93
+ ['PCHAR', 'pszProvName', 'in'],
94
+ ['DWORD', 'dwProvType', 'in']])
95
+
96
+ dll.add_function( 'CryptSetProviderExW', 'BOOL', [
97
+ ['PWCHAR', 'pszProvName', 'in'],
98
+ ['DWORD', 'dwProvType', 'in'],
99
+ ['DWORD', 'pdwReserved', 'in'],
100
+ ['DWORD', 'dwFlags', 'in']])
101
+
102
+ dll.add_function( 'CryptSetProviderExA', 'BOOL', [
103
+ ['PCHAR', 'pszProvName', 'in'],
104
+ ['DWORD', 'dwProvType', 'in'],
105
+ ['DWORD', 'pdwReserved', 'in'],
106
+ ['DWORD', 'dwFlags', 'in']])
107
+
108
+ dll.add_function( 'CryptSetProvParam', 'BOOL', [
109
+ ['LPVOID', 'hProv', 'in'],
110
+ ['DWORD', 'dwParam', 'in'],
111
+ ['PBLOB', 'pbData', 'in'],
112
+ ['DWORD', 'dwFlags','in']])
113
+
114
+ dll.add_function( 'CryptDuplicateKey', 'BOOL', [
115
+ ['LPVOID', 'hKey', 'in'],
116
+ ['DWORD', 'pdwReserved', 'in'],
117
+ ['DWORD', 'dwFlags', 'in'],
118
+ ['PDWORD', 'phKey', 'out']])
119
+
120
+ dll.add_function( 'CryptExportKey', 'BOOL', [
121
+ ['LPVOID', 'hKey', 'in'],
122
+ ['LPVOID', 'hExpKey', 'in'],
123
+ ['DWORD', 'dwBlobType', 'in'],
124
+ ['DWORD', 'dwFlags', 'in'],
125
+ ['PBLOB', 'pbData', 'out'],
126
+ ['PDWORD', 'pwdDataLen', 'inout']])
127
+
128
+ dll.add_function( 'CryptGenKey', 'BOOL', [
129
+ ['LPVOID', 'hProv', 'in'],
130
+ ['DWORD', 'Algid', 'in'],
131
+ ['DWORD', 'dwFlags', 'in'],
132
+ ['PDWORD', 'phKey', 'out']])
133
+
134
+ dll.add_function( 'CryptGenRandom', 'BOOL', [
135
+ ['LPVOID', 'hProv', 'in'],
136
+ ['DWORD', 'dwLen', 'in'],
137
+ ['PBLOB', 'pbBuffer', 'inout']])
138
+
139
+ dll.add_function( 'CryptGetKeyParam', 'BOOL', [
140
+ ['LPVOID', 'hKey', 'in'],
141
+ ['DWORD', 'dwParam', 'in'],
142
+ ['PBLOB', 'pbData', 'out'],
143
+ ['PDWORD', 'pdwDataLen', 'inout'],
144
+ ['DWORD', 'dwFlags', 'in']])
145
+
146
+ dll.add_function( 'CryptGetUserKey', 'BOOL', [
147
+ ['LPVOID', 'hProv', 'in'],
148
+ ['DWORD', 'dwKeySpec', 'in'],
149
+ ['PDWORD', 'phUserKey', 'out']])
12
150
 
13
- railgun.add_dll('advapi32')
151
+ dll.add_function( 'CryptImportKey', 'BOOL', [
152
+ ['LPVOID', 'hProv', 'in'],
153
+ ['PBLOB', 'pbData', 'in'],
154
+ ['DWORD', 'dwDataLen', 'in'],
155
+ ['LPVOID', 'hPubKey', 'in'],
156
+ ['DWORD', 'dwFlags', 'in'],
157
+ ['PDWORD', 'phKey', 'out']])
14
158
 
159
+ dll.add_function( 'CryptSetKeyParam', 'BOOL', [
160
+ ['LPVOID', 'hKey', 'in'],
161
+ ['DWORD', 'dwParam', 'in'],
162
+ ['PBLOB', 'pbData', 'in'],
163
+ ['DWORD', 'dwFlags', 'in']])
164
+
165
+ dll.add_function( 'CryptEncrypt', 'BOOL', [
166
+ ['LPVOID', 'hKey', 'in'],
167
+ ['LPVOID', 'hHash', 'in'],
168
+ ['BOOL', 'Final', 'in'],
169
+ ['DWORD', 'dwFlags', 'in'],
170
+ ['PBLOB', 'pbData', 'inout'],
171
+ ['PDWORD', 'pdwDataLen', 'inout'],
172
+ ['DWORD', 'dwBufLen', 'in']])
173
+
174
+ dll.add_function( 'CryptDuplicateHash', 'BOOL', [
175
+ ['LPVOID', 'hHash', 'in'],
176
+ ['DWORD', 'pdwReserved', 'in'],
177
+ ['DWORD', 'dwFlags', 'in'],
178
+ ['PDWORD', 'phHash', 'out']])
179
+
180
+ dll.add_function( 'CryptGetHashParam', 'BOOL', [
181
+ ['LPVOID', 'hHash', 'in'],
182
+ ['DWORD', 'dwParam', 'in'],
183
+ ['PBLOB', 'pbData', 'out'],
184
+ ['PDWORD', 'pdwDataLen', 'out'],
185
+ ['DWORD', 'dwFlags', 'in']])
186
+
187
+ dll.add_function( 'CryptHashSessionKey', 'BOOL', [
188
+ ['LPVOID', 'hHash', 'in'],
189
+ ['LPVOID', 'hKey', 'in'],
190
+ ['DWORD', 'dwFlags', 'in']])
191
+
192
+ dll.add_function( 'CryptSetHashParam', 'BOOL', [
193
+ ['LPVOID', 'hHash', 'in'],
194
+ ['DWORD', 'dwParam', 'in'],
195
+ ['PBLOB', 'pbData', 'in'],
196
+ ['DWORD', 'dwFlags', 'in']])
197
+
198
+ dll.add_function( 'CryptSignHashW', 'BOOL', [
199
+ ['LPVOID', 'hHash', 'in'],
200
+ ['DWORD', 'dwKeySpec', 'in'],
201
+ ['PWCHAR', 'sDescription', 'in'],
202
+ ['DWORD', 'dwFlags', 'in'],
203
+ ['PBLOB', 'pbSignature', 'out'],
204
+ ['PDWORD', 'pdwSigLen', 'inout']])
205
+
206
+ dll.add_function( 'CryptSignHashA', 'BOOL', [
207
+ ['LPVOID', 'hHash', 'in'],
208
+ ['DWORD', 'dwKeySpec', 'in'],
209
+ ['PCHAR', 'sDescription', 'in'],
210
+ ['DWORD', 'dwFlags', 'in'],
211
+ ['PBLOB', 'pbSignature', 'out'],
212
+ ['PDWORD', 'pdwSigLen', 'inout']])
213
+
214
+ dll.add_function( 'CryptVerifySignatureW', 'BOOL', [
215
+ ['LPVOID', 'hHash', 'in'],
216
+ ['PBLOB', 'pbSignature', 'in'],
217
+ ['DWORD', 'dwSigLen', 'in'],
218
+ ['LPVOID', 'hPubKey', 'in'],
219
+ ['PWCHAR', 'sDescription', 'in'],
220
+ ['DWORD', 'dwFlags', 'in']])
221
+
222
+ dll.add_function( 'CryptVerifySignatureA', 'BOOL', [
223
+ ['LPVOID', 'hHash', 'in'],
224
+ ['PBLOB', 'pbSignature', 'in'],
225
+ ['DWORD', 'dwSigLen', 'in'],
226
+ ['LPVOID', 'hPubKey', 'in'],
227
+ ['PCHAR', 'sDescription', 'in'],
228
+ ['DWORD', 'dwFlags', 'in']])
229
+
230
+ dll.add_function( 'CryptCreateHash', 'BOOL',[
231
+ ['LPVOID', 'hProv', 'in'],
232
+ ['DWORD', 'Algid', 'in'],
233
+ ['LPVOID', 'hKey', 'in'],
234
+ ['DWORD', 'dwFlags', 'in'],
235
+ ['PDWORD', 'phHash', 'out']])
236
+
237
+ dll.add_function( 'CryptHashData', 'BOOL',[
238
+ ['LPVOID', 'hHash', 'in'],
239
+ ['PWCHAR', 'pbData', 'in'],
240
+ ['DWORD', 'dwDataLen', 'in'],
241
+ ['DWORD', 'dwFlags', 'in']])
242
+
243
+ dll.add_function( 'CryptDeriveKey', 'BOOL',[
244
+ ['LPVOID', 'hProv', 'in'],
245
+ ['DWORD', 'Algid', 'in'],
246
+ ['LPVOID', 'hBaseData', 'in'],
247
+ ['DWORD', 'dwFlags', 'in'],
248
+ ['PDWORD', 'phKey', 'inout']])
249
+
250
+ dll.add_function( 'CryptDecrypt', 'BOOL',[
251
+ ['LPVOID', 'hKey', 'in'],
252
+ ['LPVOID', 'hHash', 'in'],
253
+ ['BOOL', 'Final', 'in'],
254
+ ['DWORD', 'dwFlags', 'in'],
255
+ ['PBLOB', 'pbData', 'inout'],
256
+ ['PDWORD', 'pdwDataLen', 'inout']])
257
+
258
+ dll.add_function( 'CryptDestroyHash', 'BOOL',[
259
+ ['LPVOID', 'hHash', 'in']])
260
+
261
+ dll.add_function( 'CryptDestroyKey', 'BOOL',[
262
+ ['LPVOID', 'hKey', 'in']])
263
+
264
+ dll.add_function( 'CryptReleaseContext', 'BOOL',[
265
+ ['LPVOID', 'hProv', 'in'],
266
+ ['DWORD', 'dwFlags', 'in']])
267
+
268
+
15
269
  # Function to open the Service Control Database
16
- railgun.add_function( 'advapi32', 'OpenSCManagerA','DWORD',[
270
+ dll.add_function('OpenSCManagerA','DWORD',[
17
271
  [ "PCHAR", "lpMachineName", "inout" ],
18
272
  [ "PCHAR", "lpDatabaseName", "inout" ],
19
273
  [ "DWORD", "dwDesiredAccess", "in" ]
20
274
  ])
21
275
 
22
276
  # Function for creating a Service
23
- railgun.add_function( 'advapi32', 'CreateServiceA','DWORD',[
277
+ dll.add_function('CreateServiceA','DWORD',[
24
278
  [ "DWORD", "hSCManager", "in" ],
25
279
  [ "PCHAR", "lpServiceName", "in" ],
26
280
  [ "PCHAR", "lpDisplayName", "in" ],
@@ -36,7 +290,7 @@ class Def_advapi32
36
290
  [ "PCHAR", "lpPassword", "in" ]
37
291
  ])
38
292
 
39
- railgun.add_function( 'advapi32', 'OpenServiceA','DWORD',[
293
+ dll.add_function('OpenServiceA','DWORD',[
40
294
  [ "DWORD", "hSCManager", "in" ],
41
295
  [ "PCHAR", "lpServiceName", "in" ],
42
296
  [ "DWORD", "dwDesiredAccess", "in" ]
@@ -45,13 +299,13 @@ class Def_advapi32
45
299
  #access rights: SERVICE_CHANGE_CONFIG (0x0002) SERVICE_START (0x0010)
46
300
  #SERVICE_STOP (0x0020)
47
301
 
48
- railgun.add_function( 'advapi32', 'StartServiceA','BOOL',[
302
+ dll.add_function('StartServiceA','BOOL',[
49
303
  [ "DWORD", "hService", "in" ],
50
304
  [ "DWORD", "dwNumServiceArgs", "in" ],
51
305
  [ "PCHAR", "lpServiceArgVectors", "in" ]
52
306
  ])
53
307
 
54
- railgun.add_function( 'advapi32', 'ControlService','BOOL',[
308
+ dll.add_function('ControlService','BOOL',[
55
309
  [ "DWORD", "hService", "in" ],
56
310
  [ "DWORD", "dwControl", "in" ],
57
311
  [ "PBLOB", "lpServiceStatus", "out" ]
@@ -63,7 +317,7 @@ class Def_advapi32
63
317
  #dwCurrentState; dwControlsAccepted; dwWin32ExitCode;
64
318
  #dwServiceSpecificExitCode; dwCheckPoint; dwWaitHint;
65
319
 
66
- railgun.add_function( 'advapi32', 'ChangeServiceConfigA','BOOL',[
320
+ dll.add_function('ChangeServiceConfigA','BOOL',[
67
321
  [ "DWORD", "hService", "in" ],
68
322
  [ "DWORD", "dwServiceType", "in" ],
69
323
  [ "DWORD", "dwStartType", "in" ],
@@ -77,19 +331,19 @@ class Def_advapi32
77
331
  [ "PCHAR", "lpDisplayName", "in" ]
78
332
  ])
79
333
 
80
- railgun.add_function( 'advapi32', 'CloseServiceHandle','BOOL',[
334
+ dll.add_function('CloseServiceHandle','BOOL',[
81
335
  [ "DWORD", "hSCObject", "in" ]
82
336
  ])
83
337
 
84
- railgun.add_function( 'advapi32', 'AbortSystemShutdownA', 'BOOL',[
338
+ dll.add_function('AbortSystemShutdownA', 'BOOL',[
85
339
  ["PCHAR","lpMachineName","in"],
86
340
  ])
87
341
 
88
- railgun.add_function( 'advapi32', 'AbortSystemShutdownW', 'BOOL',[
342
+ dll.add_function('AbortSystemShutdownW', 'BOOL',[
89
343
  ["PWCHAR","lpMachineName","in"],
90
344
  ])
91
345
 
92
- railgun.add_function( 'advapi32', 'InitiateSystemShutdownA', 'BOOL',[
346
+ dll.add_function('InitiateSystemShutdownA', 'BOOL',[
93
347
  ["PCHAR","lpMachineName","in"],
94
348
  ["PCHAR","lpMessage","in"],
95
349
  ["DWORD","dwTimeout","in"],
@@ -97,7 +351,7 @@ class Def_advapi32
97
351
  ["BOOL","bRebootAfterShutdown","in"],
98
352
  ])
99
353
 
100
- railgun.add_function( 'advapi32', 'InitiateSystemShutdownExA', 'BOOL',[
354
+ dll.add_function('InitiateSystemShutdownExA', 'BOOL',[
101
355
  ["PCHAR","lpMachineName","in"],
102
356
  ["PCHAR","lpMessage","in"],
103
357
  ["DWORD","dwTimeout","in"],
@@ -106,7 +360,7 @@ class Def_advapi32
106
360
  ["DWORD","dwReason","in"],
107
361
  ])
108
362
 
109
- railgun.add_function( 'advapi32', 'InitiateSystemShutdownExW', 'BOOL',[
363
+ dll.add_function('InitiateSystemShutdownExW', 'BOOL',[
110
364
  ["PWCHAR","lpMachineName","in"],
111
365
  ["PWCHAR","lpMessage","in"],
112
366
  ["DWORD","dwTimeout","in"],
@@ -115,7 +369,7 @@ class Def_advapi32
115
369
  ["DWORD","dwReason","in"],
116
370
  ])
117
371
 
118
- railgun.add_function( 'advapi32', 'InitiateSystemShutdownW', 'BOOL',[
372
+ dll.add_function('InitiateSystemShutdownW', 'BOOL',[
119
373
  ["PWCHAR","lpMachineName","in"],
120
374
  ["PWCHAR","lpMessage","in"],
121
375
  ["DWORD","dwTimeout","in"],
@@ -123,43 +377,43 @@ class Def_advapi32
123
377
  ["BOOL","bRebootAfterShutdown","in"],
124
378
  ])
125
379
 
126
- railgun.add_function( 'advapi32', 'RegCloseKey', 'DWORD',[
380
+ dll.add_function('RegCloseKey', 'DWORD',[
127
381
  ["DWORD","hKey","in"],
128
382
  ])
129
383
 
130
- railgun.add_function( 'advapi32', 'RegConnectRegistryA', 'DWORD',[
384
+ dll.add_function('RegConnectRegistryA', 'DWORD',[
131
385
  ["PCHAR","lpMachineName","in"],
132
386
  ["DWORD","hKey","in"],
133
387
  ["PDWORD","phkResult","out"],
134
388
  ])
135
389
 
136
- railgun.add_function( 'advapi32', 'RegConnectRegistryExA', 'DWORD',[
390
+ dll.add_function('RegConnectRegistryExA', 'DWORD',[
137
391
  ["PCHAR","lpMachineName","in"],
138
392
  ["DWORD","hKey","in"],
139
393
  ["DWORD","Flags","in"],
140
394
  ["PDWORD","phkResult","out"],
141
395
  ])
142
396
 
143
- railgun.add_function( 'advapi32', 'RegConnectRegistryExW', 'DWORD',[
397
+ dll.add_function('RegConnectRegistryExW', 'DWORD',[
144
398
  ["PWCHAR","lpMachineName","in"],
145
399
  ["DWORD","hKey","in"],
146
400
  ["DWORD","Flags","in"],
147
401
  ["PDWORD","phkResult","out"],
148
402
  ])
149
403
 
150
- railgun.add_function( 'advapi32', 'RegConnectRegistryW', 'DWORD',[
404
+ dll.add_function('RegConnectRegistryW', 'DWORD',[
151
405
  ["PWCHAR","lpMachineName","in"],
152
406
  ["DWORD","hKey","in"],
153
407
  ["PDWORD","phkResult","out"],
154
408
  ])
155
409
 
156
- railgun.add_function( 'advapi32', 'RegCreateKeyA', 'DWORD',[
410
+ dll.add_function('RegCreateKeyA', 'DWORD',[
157
411
  ["DWORD","hKey","in"],
158
412
  ["PCHAR","lpSubKey","in"],
159
413
  ["PDWORD","phkResult","out"],
160
414
  ])
161
415
 
162
- railgun.add_function( 'advapi32', 'RegCreateKeyExA', 'DWORD',[
416
+ dll.add_function('RegCreateKeyExA', 'DWORD',[
163
417
  ["DWORD","hKey","in"],
164
418
  ["PCHAR","lpSubKey","in"],
165
419
  ["DWORD","Reserved","inout"],
@@ -171,7 +425,7 @@ class Def_advapi32
171
425
  ["PDWORD","lpdwDisposition","out"],
172
426
  ])
173
427
 
174
- railgun.add_function( 'advapi32', 'RegCreateKeyExW', 'DWORD',[
428
+ dll.add_function('RegCreateKeyExW', 'DWORD',[
175
429
  ["DWORD","hKey","in"],
176
430
  ["PWCHAR","lpSubKey","in"],
177
431
  ["DWORD","Reserved","inout"],
@@ -183,65 +437,65 @@ class Def_advapi32
183
437
  ["PDWORD","lpdwDisposition","out"],
184
438
  ])
185
439
 
186
- railgun.add_function( 'advapi32', 'RegCreateKeyW', 'DWORD',[
440
+ dll.add_function('RegCreateKeyW', 'DWORD',[
187
441
  ["DWORD","hKey","in"],
188
442
  ["PWCHAR","lpSubKey","in"],
189
443
  ["PDWORD","phkResult","out"],
190
444
  ])
191
445
 
192
- railgun.add_function( 'advapi32', 'RegDeleteKeyA', 'DWORD',[
446
+ dll.add_function('RegDeleteKeyA', 'DWORD',[
193
447
  ["DWORD","hKey","in"],
194
448
  ["PCHAR","lpSubKey","in"],
195
449
  ])
196
450
 
197
- railgun.add_function( 'advapi32', 'RegDeleteKeyExA', 'DWORD',[
451
+ dll.add_function('RegDeleteKeyExA', 'DWORD',[
198
452
  ["DWORD","hKey","in"],
199
453
  ["PCHAR","lpSubKey","in"],
200
454
  ["DWORD","samDesired","in"],
201
455
  ["DWORD","Reserved","inout"],
202
456
  ])
203
457
 
204
- railgun.add_function( 'advapi32', 'RegDeleteKeyExW', 'DWORD',[
458
+ dll.add_function('RegDeleteKeyExW', 'DWORD',[
205
459
  ["DWORD","hKey","in"],
206
460
  ["PWCHAR","lpSubKey","in"],
207
461
  ["DWORD","samDesired","in"],
208
462
  ["DWORD","Reserved","inout"],
209
463
  ])
210
464
 
211
- railgun.add_function( 'advapi32', 'RegDeleteKeyW', 'DWORD',[
465
+ dll.add_function('RegDeleteKeyW', 'DWORD',[
212
466
  ["DWORD","hKey","in"],
213
467
  ["PWCHAR","lpSubKey","in"],
214
468
  ])
215
469
 
216
- railgun.add_function( 'advapi32', 'RegDeleteValueA', 'DWORD',[
470
+ dll.add_function('RegDeleteValueA', 'DWORD',[
217
471
  ["DWORD","hKey","in"],
218
472
  ["PCHAR","lpValueName","in"],
219
473
  ])
220
474
 
221
- railgun.add_function( 'advapi32', 'RegDeleteValueW', 'DWORD',[
475
+ dll.add_function('RegDeleteValueW', 'DWORD',[
222
476
  ["DWORD","hKey","in"],
223
477
  ["PWCHAR","lpValueName","in"],
224
478
  ])
225
479
 
226
- railgun.add_function( 'advapi32', 'RegDisablePredefinedCache', 'DWORD',[
480
+ dll.add_function('RegDisablePredefinedCache', 'DWORD',[
227
481
  ])
228
482
 
229
- railgun.add_function( 'advapi32', 'RegDisableReflectionKey', 'DWORD',[
483
+ dll.add_function('RegDisableReflectionKey', 'DWORD',[
230
484
  ["DWORD","hBase","in"],
231
485
  ])
232
486
 
233
- railgun.add_function( 'advapi32', 'RegEnableReflectionKey', 'DWORD',[
487
+ dll.add_function('RegEnableReflectionKey', 'DWORD',[
234
488
  ["DWORD","hBase","in"],
235
489
  ])
236
490
 
237
- railgun.add_function( 'advapi32', 'RegEnumKeyA', 'DWORD',[
491
+ dll.add_function('RegEnumKeyA', 'DWORD',[
238
492
  ["DWORD","hKey","in"],
239
493
  ["DWORD","dwIndex","in"],
240
494
  ["PCHAR","lpName","out"],
241
495
  ["DWORD","cchName","in"],
242
496
  ])
243
497
 
244
- railgun.add_function( 'advapi32', 'RegEnumKeyExA', 'DWORD',[
498
+ dll.add_function('RegEnumKeyExA', 'DWORD',[
245
499
  ["DWORD","hKey","in"],
246
500
  ["DWORD","dwIndex","in"],
247
501
  ["PCHAR","lpName","out"],
@@ -252,7 +506,7 @@ class Def_advapi32
252
506
  ["PBLOB","lpftLastWriteTime","out"],
253
507
  ])
254
508
 
255
- railgun.add_function( 'advapi32', 'RegEnumKeyExW', 'DWORD',[
509
+ dll.add_function('RegEnumKeyExW', 'DWORD',[
256
510
  ["DWORD","hKey","in"],
257
511
  ["DWORD","dwIndex","in"],
258
512
  ["PWCHAR","lpName","out"],
@@ -263,14 +517,14 @@ class Def_advapi32
263
517
  ["PBLOB","lpftLastWriteTime","out"],
264
518
  ])
265
519
 
266
- railgun.add_function( 'advapi32', 'RegEnumKeyW', 'DWORD',[
520
+ dll.add_function('RegEnumKeyW', 'DWORD',[
267
521
  ["DWORD","hKey","in"],
268
522
  ["DWORD","dwIndex","in"],
269
523
  ["PWCHAR","lpName","out"],
270
524
  ["DWORD","cchName","in"],
271
525
  ])
272
526
 
273
- railgun.add_function( 'advapi32', 'RegEnumValueA', 'DWORD',[
527
+ dll.add_function('RegEnumValueA', 'DWORD',[
274
528
  ["DWORD","hKey","in"],
275
529
  ["DWORD","dwIndex","in"],
276
530
  ["PCHAR","lpValueName","out"],
@@ -281,7 +535,7 @@ class Def_advapi32
281
535
  ["PDWORD","lpcbData","inout"],
282
536
  ])
283
537
 
284
- railgun.add_function( 'advapi32', 'RegEnumValueW', 'DWORD',[
538
+ dll.add_function('RegEnumValueW', 'DWORD',[
285
539
  ["DWORD","hKey","in"],
286
540
  ["DWORD","dwIndex","in"],
287
541
  ["PWCHAR","lpValueName","out"],
@@ -292,18 +546,18 @@ class Def_advapi32
292
546
  ["PDWORD","lpcbData","inout"],
293
547
  ])
294
548
 
295
- railgun.add_function( 'advapi32', 'RegFlushKey', 'DWORD',[
549
+ dll.add_function('RegFlushKey', 'DWORD',[
296
550
  ["DWORD","hKey","in"],
297
551
  ])
298
552
 
299
- railgun.add_function( 'advapi32', 'RegGetKeySecurity', 'DWORD',[
553
+ dll.add_function('RegGetKeySecurity', 'DWORD',[
300
554
  ["DWORD","hKey","in"],
301
555
  ["PBLOB","SecurityInformation","in"],
302
556
  ["PBLOB","pSecurityDescriptor","out"],
303
557
  ["PDWORD","lpcbSecurityDescriptor","inout"],
304
558
  ])
305
559
 
306
- railgun.add_function( 'advapi32', 'RegGetValueA', 'DWORD',[
560
+ dll.add_function('RegGetValueA', 'DWORD',[
307
561
  ["DWORD","hkey","in"],
308
562
  ["PCHAR","lpSubKey","in"],
309
563
  ["PCHAR","lpValue","in"],
@@ -313,7 +567,7 @@ class Def_advapi32
313
567
  ["PDWORD","pcbData","inout"],
314
568
  ])
315
569
 
316
- railgun.add_function( 'advapi32', 'RegGetValueW', 'DWORD',[
570
+ dll.add_function('RegGetValueW', 'DWORD',[
317
571
  ["DWORD","hkey","in"],
318
572
  ["PWCHAR","lpSubKey","in"],
319
573
  ["PWCHAR","lpValue","in"],
@@ -323,19 +577,19 @@ class Def_advapi32
323
577
  ["PDWORD","pcbData","inout"],
324
578
  ])
325
579
 
326
- railgun.add_function( 'advapi32', 'RegLoadKeyA', 'DWORD',[
580
+ dll.add_function('RegLoadKeyA', 'DWORD',[
327
581
  ["DWORD","hKey","in"],
328
582
  ["PCHAR","lpSubKey","in"],
329
583
  ["PCHAR","lpFile","in"],
330
584
  ])
331
585
 
332
- railgun.add_function( 'advapi32', 'RegLoadKeyW', 'DWORD',[
586
+ dll.add_function('RegLoadKeyW', 'DWORD',[
333
587
  ["DWORD","hKey","in"],
334
588
  ["PWCHAR","lpSubKey","in"],
335
589
  ["PWCHAR","lpFile","in"],
336
590
  ])
337
591
 
338
- railgun.add_function( 'advapi32', 'RegNotifyChangeKeyValue', 'DWORD',[
592
+ dll.add_function('RegNotifyChangeKeyValue', 'DWORD',[
339
593
  ["DWORD","hKey","in"],
340
594
  ["BOOL","bWatchSubtree","in"],
341
595
  ["DWORD","dwNotifyFilter","in"],
@@ -343,18 +597,18 @@ class Def_advapi32
343
597
  ["BOOL","fAsynchronous","in"],
344
598
  ])
345
599
 
346
- railgun.add_function( 'advapi32', 'RegOpenCurrentUser', 'DWORD',[
600
+ dll.add_function('RegOpenCurrentUser', 'DWORD',[
347
601
  ["DWORD","samDesired","in"],
348
602
  ["PDWORD","phkResult","out"],
349
603
  ])
350
604
 
351
- railgun.add_function( 'advapi32', 'RegOpenKeyA', 'DWORD',[
605
+ dll.add_function('RegOpenKeyA', 'DWORD',[
352
606
  ["DWORD","hKey","in"],
353
607
  ["PCHAR","lpSubKey","in"],
354
608
  ["PDWORD","phkResult","out"],
355
609
  ])
356
610
 
357
- railgun.add_function( 'advapi32', 'RegOpenKeyExA', 'DWORD',[
611
+ dll.add_function('RegOpenKeyExA', 'DWORD',[
358
612
  ["DWORD","hKey","in"],
359
613
  ["PCHAR","lpSubKey","in"],
360
614
  ["DWORD","ulOptions","inout"],
@@ -362,7 +616,7 @@ class Def_advapi32
362
616
  ["PDWORD","phkResult","out"],
363
617
  ])
364
618
 
365
- railgun.add_function( 'advapi32', 'RegOpenKeyExW', 'DWORD',[
619
+ dll.add_function('RegOpenKeyExW', 'DWORD',[
366
620
  ["DWORD","hKey","in"],
367
621
  ["PWCHAR","lpSubKey","in"],
368
622
  ["DWORD","ulOptions","inout"],
@@ -370,25 +624,25 @@ class Def_advapi32
370
624
  ["PDWORD","phkResult","out"],
371
625
  ])
372
626
 
373
- railgun.add_function( 'advapi32', 'RegOpenKeyW', 'DWORD',[
627
+ dll.add_function('RegOpenKeyW', 'DWORD',[
374
628
  ["DWORD","hKey","in"],
375
629
  ["PWCHAR","lpSubKey","in"],
376
630
  ["PDWORD","phkResult","out"],
377
631
  ])
378
632
 
379
- railgun.add_function( 'advapi32', 'RegOpenUserClassesRoot', 'DWORD',[
633
+ dll.add_function('RegOpenUserClassesRoot', 'DWORD',[
380
634
  ["DWORD","hToken","in"],
381
635
  ["DWORD","dwOptions","inout"],
382
636
  ["DWORD","samDesired","in"],
383
637
  ["PDWORD","phkResult","out"],
384
638
  ])
385
639
 
386
- railgun.add_function( 'advapi32', 'RegOverridePredefKey', 'DWORD',[
640
+ dll.add_function('RegOverridePredefKey', 'DWORD',[
387
641
  ["DWORD","hKey","in"],
388
642
  ["DWORD","hNewHKey","in"],
389
643
  ])
390
644
 
391
- railgun.add_function( 'advapi32', 'RegQueryInfoKeyA', 'DWORD',[
645
+ dll.add_function('RegQueryInfoKeyA', 'DWORD',[
392
646
  ["DWORD","hKey","in"],
393
647
  ["PCHAR","lpClass","out"],
394
648
  ["PDWORD","lpcchClass","inout"],
@@ -403,7 +657,7 @@ class Def_advapi32
403
657
  ["PBLOB","lpftLastWriteTime","out"],
404
658
  ])
405
659
 
406
- railgun.add_function( 'advapi32', 'RegQueryInfoKeyW', 'DWORD',[
660
+ dll.add_function('RegQueryInfoKeyW', 'DWORD',[
407
661
  ["DWORD","hKey","in"],
408
662
  ["PWCHAR","lpClass","out"],
409
663
  ["PDWORD","lpcchClass","inout"],
@@ -418,7 +672,7 @@ class Def_advapi32
418
672
  ["PBLOB","lpftLastWriteTime","out"],
419
673
  ])
420
674
 
421
- railgun.add_function( 'advapi32', 'RegQueryMultipleValuesA', 'DWORD',[
675
+ dll.add_function('RegQueryMultipleValuesA', 'DWORD',[
422
676
  ["DWORD","hKey","in"],
423
677
  ["PBLOB","val_list","out"],
424
678
  ["DWORD","num_vals","in"],
@@ -426,7 +680,7 @@ class Def_advapi32
426
680
  ["PDWORD","ldwTotsize","inout"],
427
681
  ])
428
682
 
429
- railgun.add_function( 'advapi32', 'RegQueryMultipleValuesW', 'DWORD',[
683
+ dll.add_function('RegQueryMultipleValuesW', 'DWORD',[
430
684
  ["DWORD","hKey","in"],
431
685
  ["PBLOB","val_list","out"],
432
686
  ["DWORD","num_vals","in"],
@@ -434,19 +688,19 @@ class Def_advapi32
434
688
  ["PDWORD","ldwTotsize","inout"],
435
689
  ])
436
690
 
437
- railgun.add_function( 'advapi32', 'RegQueryReflectionKey', 'DWORD',[
691
+ dll.add_function('RegQueryReflectionKey', 'DWORD',[
438
692
  ["DWORD","hBase","in"],
439
693
  ["PBLOB","bIsReflectionDisabled","out"],
440
694
  ])
441
695
 
442
- railgun.add_function( 'advapi32', 'RegQueryValueA', 'DWORD',[
696
+ dll.add_function('RegQueryValueA', 'DWORD',[
443
697
  ["DWORD","hKey","in"],
444
698
  ["PCHAR","lpSubKey","in"],
445
699
  ["PCHAR","lpData","out"],
446
700
  ["PDWORD","lpcbData","inout"],
447
701
  ])
448
702
 
449
- railgun.add_function( 'advapi32', 'RegQueryValueExA', 'DWORD',[
703
+ dll.add_function('RegQueryValueExA', 'DWORD',[
450
704
  ["DWORD","hKey","in"],
451
705
  ["PCHAR","lpValueName","in"],
452
706
  ["PDWORD","lpReserved","inout"],
@@ -455,7 +709,7 @@ class Def_advapi32
455
709
  ["PDWORD","lpcbData","inout"],
456
710
  ])
457
711
 
458
- railgun.add_function( 'advapi32', 'RegQueryValueExW', 'DWORD',[
712
+ dll.add_function('RegQueryValueExW', 'DWORD',[
459
713
  ["DWORD","hKey","in"],
460
714
  ["PWCHAR","lpValueName","in"],
461
715
  ["PDWORD","lpReserved","inout"],
@@ -464,72 +718,72 @@ class Def_advapi32
464
718
  ["PDWORD","lpcbData","inout"],
465
719
  ])
466
720
 
467
- railgun.add_function( 'advapi32', 'RegQueryValueW', 'DWORD',[
721
+ dll.add_function('RegQueryValueW', 'DWORD',[
468
722
  ["DWORD","hKey","in"],
469
723
  ["PWCHAR","lpSubKey","in"],
470
724
  ["PWCHAR","lpData","out"],
471
725
  ["PDWORD","lpcbData","inout"],
472
726
  ])
473
727
 
474
- railgun.add_function( 'advapi32', 'RegReplaceKeyA', 'DWORD',[
728
+ dll.add_function('RegReplaceKeyA', 'DWORD',[
475
729
  ["DWORD","hKey","in"],
476
730
  ["PCHAR","lpSubKey","in"],
477
731
  ["PCHAR","lpNewFile","in"],
478
732
  ["PCHAR","lpOldFile","in"],
479
733
  ])
480
734
 
481
- railgun.add_function( 'advapi32', 'RegReplaceKeyW', 'DWORD',[
735
+ dll.add_function('RegReplaceKeyW', 'DWORD',[
482
736
  ["DWORD","hKey","in"],
483
737
  ["PWCHAR","lpSubKey","in"],
484
738
  ["PWCHAR","lpNewFile","in"],
485
739
  ["PWCHAR","lpOldFile","in"],
486
740
  ])
487
741
 
488
- railgun.add_function( 'advapi32', 'RegRestoreKeyA', 'DWORD',[
742
+ dll.add_function('RegRestoreKeyA', 'DWORD',[
489
743
  ["DWORD","hKey","in"],
490
744
  ["PCHAR","lpFile","in"],
491
745
  ["DWORD","dwFlags","in"],
492
746
  ])
493
747
 
494
- railgun.add_function( 'advapi32', 'RegRestoreKeyW', 'DWORD',[
748
+ dll.add_function('RegRestoreKeyW', 'DWORD',[
495
749
  ["DWORD","hKey","in"],
496
750
  ["PWCHAR","lpFile","in"],
497
751
  ["DWORD","dwFlags","in"],
498
752
  ])
499
753
 
500
- railgun.add_function( 'advapi32', 'RegSaveKeyA', 'DWORD',[
754
+ dll.add_function('RegSaveKeyA', 'DWORD',[
501
755
  ["DWORD","hKey","in"],
502
756
  ["PCHAR","lpFile","in"],
503
757
  ["PBLOB","lpSecurityAttributes","in"],
504
758
  ])
505
759
 
506
- railgun.add_function( 'advapi32', 'RegSaveKeyExA', 'DWORD',[
760
+ dll.add_function('RegSaveKeyExA', 'DWORD',[
507
761
  ["DWORD","hKey","in"],
508
762
  ["PCHAR","lpFile","in"],
509
763
  ["PBLOB","lpSecurityAttributes","in"],
510
764
  ["DWORD","Flags","in"],
511
765
  ])
512
766
 
513
- railgun.add_function( 'advapi32', 'RegSaveKeyExW', 'DWORD',[
767
+ dll.add_function('RegSaveKeyExW', 'DWORD',[
514
768
  ["DWORD","hKey","in"],
515
769
  ["PWCHAR","lpFile","in"],
516
770
  ["PBLOB","lpSecurityAttributes","in"],
517
771
  ["DWORD","Flags","in"],
518
772
  ])
519
773
 
520
- railgun.add_function( 'advapi32', 'RegSaveKeyW', 'DWORD',[
774
+ dll.add_function('RegSaveKeyW', 'DWORD',[
521
775
  ["DWORD","hKey","in"],
522
776
  ["PWCHAR","lpFile","in"],
523
777
  ["PBLOB","lpSecurityAttributes","in"],
524
778
  ])
525
779
 
526
- railgun.add_function( 'advapi32', 'RegSetKeySecurity', 'DWORD',[
780
+ dll.add_function('RegSetKeySecurity', 'DWORD',[
527
781
  ["DWORD","hKey","in"],
528
782
  ["PBLOB","SecurityInformation","in"],
529
783
  ["PBLOB","pSecurityDescriptor","in"],
530
784
  ])
531
785
 
532
- railgun.add_function( 'advapi32', 'RegSetValueA', 'DWORD',[
786
+ dll.add_function('RegSetValueA', 'DWORD',[
533
787
  ["DWORD","hKey","in"],
534
788
  ["PCHAR","lpSubKey","in"],
535
789
  ["DWORD","dwType","in"],
@@ -537,7 +791,7 @@ class Def_advapi32
537
791
  ["DWORD","cbData","in"],
538
792
  ])
539
793
 
540
- railgun.add_function( 'advapi32', 'RegSetValueExA', 'DWORD',[
794
+ dll.add_function('RegSetValueExA', 'DWORD',[
541
795
  ["DWORD","hKey","in"],
542
796
  ["PCHAR","lpValueName","in"],
543
797
  ["DWORD","Reserved","inout"],
@@ -546,7 +800,7 @@ class Def_advapi32
546
800
  ["DWORD","cbData","in"],
547
801
  ])
548
802
 
549
- railgun.add_function( 'advapi32', 'RegSetValueExW', 'DWORD',[
803
+ dll.add_function('RegSetValueExW', 'DWORD',[
550
804
  ["DWORD","hKey","in"],
551
805
  ["PWCHAR","lpValueName","in"],
552
806
  ["DWORD","Reserved","inout"],
@@ -555,7 +809,7 @@ class Def_advapi32
555
809
  ["DWORD","cbData","in"],
556
810
  ])
557
811
 
558
- railgun.add_function( 'advapi32', 'RegSetValueW', 'DWORD',[
812
+ dll.add_function('RegSetValueW', 'DWORD',[
559
813
  ["DWORD","hKey","in"],
560
814
  ["PWCHAR","lpSubKey","in"],
561
815
  ["DWORD","dwType","in"],
@@ -563,23 +817,23 @@ class Def_advapi32
563
817
  ["DWORD","cbData","in"],
564
818
  ])
565
819
 
566
- railgun.add_function( 'advapi32', 'RegUnLoadKeyA', 'DWORD',[
820
+ dll.add_function('RegUnLoadKeyA', 'DWORD',[
567
821
  ["DWORD","hKey","in"],
568
822
  ["PCHAR","lpSubKey","in"],
569
823
  ])
570
824
 
571
- railgun.add_function( 'advapi32', 'RegUnLoadKeyW', 'DWORD',[
825
+ dll.add_function('RegUnLoadKeyW', 'DWORD',[
572
826
  ["DWORD","hKey","in"],
573
827
  ["PWCHAR","lpSubKey","in"],
574
828
  ])
575
829
 
576
- railgun.add_function( 'advapi32', 'Wow64Win32ApiEntry', 'DWORD',[
830
+ dll.add_function('Wow64Win32ApiEntry', 'DWORD',[
577
831
  ["DWORD","dwFuncNumber","in"],
578
832
  ["DWORD","dwFlag","in"],
579
833
  ["DWORD","dwRes","in"],
580
834
  ])
581
835
 
582
- railgun.add_function( 'advapi32', 'AccessCheck', 'BOOL',[
836
+ dll.add_function('AccessCheck', 'BOOL',[
583
837
  ["PBLOB","pSecurityDescriptor","in"],
584
838
  ["DWORD","ClientToken","in"],
585
839
  ["DWORD","DesiredAccess","in"],
@@ -590,7 +844,7 @@ class Def_advapi32
590
844
  ["PBLOB","AccessStatus","out"],
591
845
  ])
592
846
 
593
- railgun.add_function( 'advapi32', 'AccessCheckAndAuditAlarmA', 'BOOL',[
847
+ dll.add_function('AccessCheckAndAuditAlarmA', 'BOOL',[
594
848
  ["PCHAR","SubsystemName","in"],
595
849
  ["PBLOB","HandleId","in"],
596
850
  ["PCHAR","ObjectTypeName","in"],
@@ -604,7 +858,7 @@ class Def_advapi32
604
858
  ["PBLOB","pfGenerateOnClose","out"],
605
859
  ])
606
860
 
607
- railgun.add_function( 'advapi32', 'AccessCheckAndAuditAlarmW', 'BOOL',[
861
+ dll.add_function('AccessCheckAndAuditAlarmW', 'BOOL',[
608
862
  ["PWCHAR","SubsystemName","in"],
609
863
  ["PBLOB","HandleId","in"],
610
864
  ["PWCHAR","ObjectTypeName","in"],
@@ -618,7 +872,7 @@ class Def_advapi32
618
872
  ["PBLOB","pfGenerateOnClose","out"],
619
873
  ])
620
874
 
621
- railgun.add_function( 'advapi32', 'AccessCheckByType', 'BOOL',[
875
+ dll.add_function('AccessCheckByType', 'BOOL',[
622
876
  ["PBLOB","pSecurityDescriptor","in"],
623
877
  ["LPVOID","PrincipalSelfSid","in"],
624
878
  ["DWORD","ClientToken","in"],
@@ -632,7 +886,7 @@ class Def_advapi32
632
886
  ["PBLOB","AccessStatus","out"],
633
887
  ])
634
888
 
635
- railgun.add_function( 'advapi32', 'AccessCheckByTypeAndAuditAlarmA', 'BOOL',[
889
+ dll.add_function('AccessCheckByTypeAndAuditAlarmA', 'BOOL',[
636
890
  ["PCHAR","SubsystemName","in"],
637
891
  ["PBLOB","HandleId","in"],
638
892
  ["PCHAR","ObjectTypeName","in"],
@@ -651,7 +905,7 @@ class Def_advapi32
651
905
  ["PBLOB","pfGenerateOnClose","out"],
652
906
  ])
653
907
 
654
- railgun.add_function( 'advapi32', 'AccessCheckByTypeAndAuditAlarmW', 'BOOL',[
908
+ dll.add_function('AccessCheckByTypeAndAuditAlarmW', 'BOOL',[
655
909
  ["PWCHAR","SubsystemName","in"],
656
910
  ["PBLOB","HandleId","in"],
657
911
  ["PWCHAR","ObjectTypeName","in"],
@@ -670,7 +924,7 @@ class Def_advapi32
670
924
  ["PBLOB","pfGenerateOnClose","out"],
671
925
  ])
672
926
 
673
- railgun.add_function( 'advapi32', 'AccessCheckByTypeResultList', 'BOOL',[
927
+ dll.add_function('AccessCheckByTypeResultList', 'BOOL',[
674
928
  ["PBLOB","pSecurityDescriptor","in"],
675
929
  ["LPVOID","PrincipalSelfSid","in"],
676
930
  ["DWORD","ClientToken","in"],
@@ -684,7 +938,7 @@ class Def_advapi32
684
938
  ["PDWORD","AccessStatusList","out"],
685
939
  ])
686
940
 
687
- railgun.add_function( 'advapi32', 'AccessCheckByTypeResultListAndAuditAlarmA', 'BOOL',[
941
+ dll.add_function('AccessCheckByTypeResultListAndAuditAlarmA', 'BOOL',[
688
942
  ["PCHAR","SubsystemName","in"],
689
943
  ["PBLOB","HandleId","in"],
690
944
  ["PCHAR","ObjectTypeName","in"],
@@ -703,7 +957,7 @@ class Def_advapi32
703
957
  ["PBLOB","pfGenerateOnClose","out"],
704
958
  ])
705
959
 
706
- railgun.add_function( 'advapi32', 'AccessCheckByTypeResultListAndAuditAlarmByHandleA', 'BOOL',[
960
+ dll.add_function('AccessCheckByTypeResultListAndAuditAlarmByHandleA', 'BOOL',[
707
961
  ["PCHAR","SubsystemName","in"],
708
962
  ["PBLOB","HandleId","in"],
709
963
  ["DWORD","ClientToken","in"],
@@ -723,7 +977,7 @@ class Def_advapi32
723
977
  ["PBLOB","pfGenerateOnClose","out"],
724
978
  ])
725
979
 
726
- railgun.add_function( 'advapi32', 'AccessCheckByTypeResultListAndAuditAlarmByHandleW', 'BOOL',[
980
+ dll.add_function('AccessCheckByTypeResultListAndAuditAlarmByHandleW', 'BOOL',[
727
981
  ["PWCHAR","SubsystemName","in"],
728
982
  ["PBLOB","HandleId","in"],
729
983
  ["DWORD","ClientToken","in"],
@@ -743,7 +997,7 @@ class Def_advapi32
743
997
  ["PBLOB","pfGenerateOnClose","out"],
744
998
  ])
745
999
 
746
- railgun.add_function( 'advapi32', 'AccessCheckByTypeResultListAndAuditAlarmW', 'BOOL',[
1000
+ dll.add_function('AccessCheckByTypeResultListAndAuditAlarmW', 'BOOL',[
747
1001
  ["PWCHAR","SubsystemName","in"],
748
1002
  ["PBLOB","HandleId","in"],
749
1003
  ["PWCHAR","ObjectTypeName","in"],
@@ -762,14 +1016,14 @@ class Def_advapi32
762
1016
  ["PBLOB","pfGenerateOnClose","out"],
763
1017
  ])
764
1018
 
765
- railgun.add_function( 'advapi32', 'AddAccessAllowedAce', 'BOOL',[
1019
+ dll.add_function('AddAccessAllowedAce', 'BOOL',[
766
1020
  ["PBLOB","pAcl","inout"],
767
1021
  ["DWORD","dwAceRevision","in"],
768
1022
  ["DWORD","AccessMask","in"],
769
1023
  ["LPVOID","pSid","in"],
770
1024
  ])
771
1025
 
772
- railgun.add_function( 'advapi32', 'AddAccessAllowedAceEx', 'BOOL',[
1026
+ dll.add_function('AddAccessAllowedAceEx', 'BOOL',[
773
1027
  ["PBLOB","pAcl","inout"],
774
1028
  ["DWORD","dwAceRevision","in"],
775
1029
  ["DWORD","AceFlags","in"],
@@ -777,7 +1031,7 @@ class Def_advapi32
777
1031
  ["LPVOID","pSid","in"],
778
1032
  ])
779
1033
 
780
- railgun.add_function( 'advapi32', 'AddAccessAllowedObjectAce', 'BOOL',[
1034
+ dll.add_function('AddAccessAllowedObjectAce', 'BOOL',[
781
1035
  ["PBLOB","pAcl","inout"],
782
1036
  ["DWORD","dwAceRevision","in"],
783
1037
  ["DWORD","AceFlags","in"],
@@ -787,14 +1041,14 @@ class Def_advapi32
787
1041
  ["LPVOID","pSid","in"],
788
1042
  ])
789
1043
 
790
- railgun.add_function( 'advapi32', 'AddAccessDeniedAce', 'BOOL',[
1044
+ dll.add_function('AddAccessDeniedAce', 'BOOL',[
791
1045
  ["PBLOB","pAcl","inout"],
792
1046
  ["DWORD","dwAceRevision","in"],
793
1047
  ["DWORD","AccessMask","in"],
794
1048
  ["LPVOID","pSid","in"],
795
1049
  ])
796
1050
 
797
- railgun.add_function( 'advapi32', 'AddAccessDeniedAceEx', 'BOOL',[
1051
+ dll.add_function('AddAccessDeniedAceEx', 'BOOL',[
798
1052
  ["PBLOB","pAcl","inout"],
799
1053
  ["DWORD","dwAceRevision","in"],
800
1054
  ["DWORD","AceFlags","in"],
@@ -802,7 +1056,7 @@ class Def_advapi32
802
1056
  ["LPVOID","pSid","in"],
803
1057
  ])
804
1058
 
805
- railgun.add_function( 'advapi32', 'AddAccessDeniedObjectAce', 'BOOL',[
1059
+ dll.add_function('AddAccessDeniedObjectAce', 'BOOL',[
806
1060
  ["PBLOB","pAcl","inout"],
807
1061
  ["DWORD","dwAceRevision","in"],
808
1062
  ["DWORD","AceFlags","in"],
@@ -812,7 +1066,7 @@ class Def_advapi32
812
1066
  ["LPVOID","pSid","in"],
813
1067
  ])
814
1068
 
815
- railgun.add_function( 'advapi32', 'AddAce', 'BOOL',[
1069
+ dll.add_function('AddAce', 'BOOL',[
816
1070
  ["PBLOB","pAcl","inout"],
817
1071
  ["DWORD","dwAceRevision","in"],
818
1072
  ["DWORD","dwStartingAceIndex","in"],
@@ -820,7 +1074,7 @@ class Def_advapi32
820
1074
  ["DWORD","nAceListLength","in"],
821
1075
  ])
822
1076
 
823
- railgun.add_function( 'advapi32', 'AddAuditAccessAce', 'BOOL',[
1077
+ dll.add_function('AddAuditAccessAce', 'BOOL',[
824
1078
  ["PBLOB","pAcl","inout"],
825
1079
  ["DWORD","dwAceRevision","in"],
826
1080
  ["DWORD","dwAccessMask","in"],
@@ -829,7 +1083,7 @@ class Def_advapi32
829
1083
  ["BOOL","bAuditFailure","in"],
830
1084
  ])
831
1085
 
832
- railgun.add_function( 'advapi32', 'AddAuditAccessAceEx', 'BOOL',[
1086
+ dll.add_function('AddAuditAccessAceEx', 'BOOL',[
833
1087
  ["PBLOB","pAcl","inout"],
834
1088
  ["DWORD","dwAceRevision","in"],
835
1089
  ["DWORD","AceFlags","in"],
@@ -839,7 +1093,7 @@ class Def_advapi32
839
1093
  ["BOOL","bAuditFailure","in"],
840
1094
  ])
841
1095
 
842
- railgun.add_function( 'advapi32', 'AddAuditAccessObjectAce', 'BOOL',[
1096
+ dll.add_function('AddAuditAccessObjectAce', 'BOOL',[
843
1097
  ["PBLOB","pAcl","inout"],
844
1098
  ["DWORD","dwAceRevision","in"],
845
1099
  ["DWORD","AceFlags","in"],
@@ -851,7 +1105,7 @@ class Def_advapi32
851
1105
  ["BOOL","bAuditFailure","in"],
852
1106
  ])
853
1107
 
854
- railgun.add_function( 'advapi32', 'AdjustTokenGroups', 'BOOL',[
1108
+ dll.add_function('AdjustTokenGroups', 'BOOL',[
855
1109
  ["DWORD","TokenHandle","in"],
856
1110
  ["BOOL","ResetToDefault","in"],
857
1111
  ["PBLOB","NewState","in"],
@@ -860,7 +1114,7 @@ class Def_advapi32
860
1114
  ["PDWORD","ReturnLength","out"],
861
1115
  ])
862
1116
 
863
- railgun.add_function( 'advapi32', 'AdjustTokenPrivileges', 'BOOL',[
1117
+ dll.add_function('AdjustTokenPrivileges', 'BOOL',[
864
1118
  ["DWORD","TokenHandle","in"],
865
1119
  ["BOOL","DisableAllPrivileges","in"],
866
1120
  ["PBLOB","NewState","in"],
@@ -869,7 +1123,7 @@ class Def_advapi32
869
1123
  ["PDWORD","ReturnLength","out"],
870
1124
  ])
871
1125
 
872
- railgun.add_function( 'advapi32', 'AllocateAndInitializeSid', 'BOOL',[
1126
+ dll.add_function('AllocateAndInitializeSid', 'BOOL',[
873
1127
  ["PBLOB","pIdentifierAuthority","in"],
874
1128
  ["BYTE","nSubAuthorityCount","in"],
875
1129
  ["DWORD","nSubAuthority0","in"],
@@ -883,55 +1137,55 @@ class Def_advapi32
883
1137
  ["PDWORD","pSid","out"],
884
1138
  ])
885
1139
 
886
- railgun.add_function( 'advapi32', 'AllocateLocallyUniqueId', 'BOOL',[
1140
+ dll.add_function('AllocateLocallyUniqueId', 'BOOL',[
887
1141
  ["PBLOB","Luid","out"],
888
1142
  ])
889
1143
 
890
- railgun.add_function( 'advapi32', 'AreAllAccessesGranted', 'BOOL',[
1144
+ dll.add_function('AreAllAccessesGranted', 'BOOL',[
891
1145
  ["DWORD","GrantedAccess","in"],
892
1146
  ["DWORD","DesiredAccess","in"],
893
1147
  ])
894
1148
 
895
- railgun.add_function( 'advapi32', 'AreAnyAccessesGranted', 'BOOL',[
1149
+ dll.add_function('AreAnyAccessesGranted', 'BOOL',[
896
1150
  ["DWORD","GrantedAccess","in"],
897
1151
  ["DWORD","DesiredAccess","in"],
898
1152
  ])
899
1153
 
900
- railgun.add_function( 'advapi32', 'BackupEventLogA', 'BOOL',[
1154
+ dll.add_function('BackupEventLogA', 'BOOL',[
901
1155
  ["DWORD","hEventLog","in"],
902
1156
  ["PCHAR","lpBackupFileName","in"],
903
1157
  ])
904
1158
 
905
- railgun.add_function( 'advapi32', 'BackupEventLogW', 'BOOL',[
1159
+ dll.add_function('BackupEventLogW', 'BOOL',[
906
1160
  ["DWORD","hEventLog","in"],
907
1161
  ["PWCHAR","lpBackupFileName","in"],
908
1162
  ])
909
1163
 
910
- railgun.add_function( 'advapi32', 'CheckTokenMembership', 'BOOL',[
1164
+ dll.add_function('CheckTokenMembership', 'BOOL',[
911
1165
  ["DWORD","TokenHandle","in"],
912
1166
  ["PBLOB","SidToCheck","in"],
913
1167
  ["PBLOB","IsMember","out"],
914
1168
  ])
915
1169
 
916
- railgun.add_function( 'advapi32', 'ClearEventLogA', 'BOOL',[
1170
+ dll.add_function('ClearEventLogA', 'BOOL',[
917
1171
  ["DWORD","hEventLog","in"],
918
1172
  ["PCHAR","lpBackupFileName","in"],
919
1173
  ])
920
1174
 
921
- railgun.add_function( 'advapi32', 'ClearEventLogW', 'BOOL',[
1175
+ dll.add_function('ClearEventLogW', 'BOOL',[
922
1176
  ["DWORD","hEventLog","in"],
923
1177
  ["PWCHAR","lpBackupFileName","in"],
924
1178
  ])
925
1179
 
926
- railgun.add_function( 'advapi32', 'CloseEncryptedFileRaw', 'VOID',[
1180
+ dll.add_function('CloseEncryptedFileRaw', 'VOID',[
927
1181
  ["PBLOB","pvContext","in"],
928
1182
  ])
929
1183
 
930
- railgun.add_function( 'advapi32', 'CloseEventLog', 'BOOL',[
1184
+ dll.add_function('CloseEventLog', 'BOOL',[
931
1185
  ["DWORD","hEventLog","in"],
932
1186
  ])
933
1187
 
934
- railgun.add_function( 'advapi32', 'ConvertToAutoInheritPrivateObjectSecurity', 'BOOL',[
1188
+ dll.add_function('ConvertToAutoInheritPrivateObjectSecurity', 'BOOL',[
935
1189
  ["PBLOB","ParentDescriptor","in"],
936
1190
  ["PBLOB","CurrentSecurityDescriptor","in"],
937
1191
  ["PBLOB","NewSecurityDescriptor","out"],
@@ -940,23 +1194,23 @@ class Def_advapi32
940
1194
  ["PBLOB","GenericMapping","in"],
941
1195
  ])
942
1196
 
943
- railgun.add_function( 'advapi32', 'ConvertStringSidToSidA', 'BOOL',[
1197
+ dll.add_function('ConvertStringSidToSidA', 'BOOL',[
944
1198
  ["PCHAR","StringSid","in"],
945
1199
  ["PDWORD","pSid","out"],
946
1200
  ])
947
1201
 
948
- railgun.add_function( 'advapi32', 'ConvertStringSidToSidW', 'BOOL',[
1202
+ dll.add_function('ConvertStringSidToSidW', 'BOOL',[
949
1203
  ["PWCHAR","StringSid","in"],
950
1204
  ["PDWORD","pSid","out"],
951
1205
  ])
952
1206
 
953
- railgun.add_function( 'advapi32', 'CopySid', 'BOOL',[
1207
+ dll.add_function('CopySid', 'BOOL',[
954
1208
  ["DWORD","nDestinationSidLength","in"],
955
1209
  ["PBLOB","pDestinationSid","out"],
956
1210
  ["LPVOID","pSourceSid","in"],
957
1211
  ])
958
1212
 
959
- railgun.add_function( 'advapi32', 'CreatePrivateObjectSecurity', 'BOOL',[
1213
+ dll.add_function('CreatePrivateObjectSecurity', 'BOOL',[
960
1214
  ["PBLOB","ParentDescriptor","in"],
961
1215
  ["PBLOB","CreatorDescriptor","in"],
962
1216
  ["PBLOB","NewDescriptor","out"],
@@ -965,7 +1219,7 @@ class Def_advapi32
965
1219
  ["PBLOB","GenericMapping","in"],
966
1220
  ])
967
1221
 
968
- railgun.add_function( 'advapi32', 'CreatePrivateObjectSecurityEx', 'BOOL',[
1222
+ dll.add_function('CreatePrivateObjectSecurityEx', 'BOOL',[
969
1223
  ["PBLOB","ParentDescriptor","in"],
970
1224
  ["PBLOB","CreatorDescriptor","in"],
971
1225
  ["PBLOB","NewDescriptor","out"],
@@ -976,7 +1230,7 @@ class Def_advapi32
976
1230
  ["PBLOB","GenericMapping","in"],
977
1231
  ])
978
1232
 
979
- railgun.add_function( 'advapi32', 'CreatePrivateObjectSecurityWithMultipleInheritance', 'BOOL',[
1233
+ dll.add_function('CreatePrivateObjectSecurityWithMultipleInheritance', 'BOOL',[
980
1234
  ["PBLOB","ParentDescriptor","in"],
981
1235
  ["PBLOB","CreatorDescriptor","in"],
982
1236
  ["PBLOB","NewDescriptor","out"],
@@ -988,7 +1242,7 @@ class Def_advapi32
988
1242
  ["PBLOB","GenericMapping","in"],
989
1243
  ])
990
1244
 
991
- railgun.add_function( 'advapi32', 'CreateProcessAsUserA', 'BOOL',[
1245
+ dll.add_function('CreateProcessAsUserA', 'BOOL',[
992
1246
  ["DWORD","hToken","in"],
993
1247
  ["PCHAR","lpApplicationName","in"],
994
1248
  ["PCHAR","lpCommandLine","inout"],
@@ -1002,7 +1256,7 @@ class Def_advapi32
1002
1256
  ["PBLOB","lpProcessInformation","out"],
1003
1257
  ])
1004
1258
 
1005
- railgun.add_function( 'advapi32', 'CreateProcessAsUserW', 'BOOL',[
1259
+ dll.add_function('CreateProcessAsUserW', 'BOOL',[
1006
1260
  ["DWORD","hToken","in"],
1007
1261
  ["PWCHAR","lpApplicationName","in"],
1008
1262
  ["PWCHAR","lpCommandLine","inout"],
@@ -1016,7 +1270,7 @@ class Def_advapi32
1016
1270
  ["PBLOB","lpProcessInformation","out"],
1017
1271
  ])
1018
1272
 
1019
- railgun.add_function( 'advapi32', 'CreateProcessWithLogonW', 'BOOL',[
1273
+ dll.add_function('CreateProcessWithLogonW', 'BOOL',[
1020
1274
  ["PWCHAR","lpUsername","in"],
1021
1275
  ["PWCHAR","lpDomain","in"],
1022
1276
  ["PWCHAR","lpPassword","in"],
@@ -1030,7 +1284,7 @@ class Def_advapi32
1030
1284
  ["PBLOB","lpProcessInformation","out"],
1031
1285
  ])
1032
1286
 
1033
- railgun.add_function( 'advapi32', 'CreateProcessWithTokenW', 'BOOL',[
1287
+ dll.add_function('CreateProcessWithTokenW', 'BOOL',[
1034
1288
  ["DWORD","hToken","in"],
1035
1289
  ["DWORD","dwLogonFlags","in"],
1036
1290
  ["PWCHAR","lpApplicationName","in"],
@@ -1042,7 +1296,7 @@ class Def_advapi32
1042
1296
  ["PBLOB","lpProcessInformation","out"],
1043
1297
  ])
1044
1298
 
1045
- railgun.add_function( 'advapi32', 'CreateRestrictedToken', 'BOOL',[
1299
+ dll.add_function('CreateRestrictedToken', 'BOOL',[
1046
1300
  ["DWORD","ExistingTokenHandle","in"],
1047
1301
  ["DWORD","Flags","in"],
1048
1302
  ["DWORD","DisableSidCount","in"],
@@ -1054,43 +1308,43 @@ class Def_advapi32
1054
1308
  ["PDWORD","NewTokenHandle","out"],
1055
1309
  ])
1056
1310
 
1057
- railgun.add_function( 'advapi32', 'CreateWellKnownSid', 'BOOL',[
1311
+ dll.add_function('CreateWellKnownSid', 'BOOL',[
1058
1312
  ["DWORD","WellKnownSidType","in"],
1059
1313
  ["PBLOB","DomainSid","in"],
1060
1314
  ["PBLOB","pSid","out"],
1061
1315
  ["PDWORD","cbSid","inout"],
1062
1316
  ])
1063
1317
 
1064
- railgun.add_function( 'advapi32', 'DecryptFileA', 'BOOL',[
1318
+ dll.add_function('DecryptFileA', 'BOOL',[
1065
1319
  ["PCHAR","lpFileName","in"],
1066
1320
  ["DWORD","dwReserved","inout"],
1067
1321
  ])
1068
1322
 
1069
- railgun.add_function( 'advapi32', 'DecryptFileW', 'BOOL',[
1323
+ dll.add_function('DecryptFileW', 'BOOL',[
1070
1324
  ["PWCHAR","lpFileName","in"],
1071
1325
  ["DWORD","dwReserved","inout"],
1072
1326
  ])
1073
1327
 
1074
- railgun.add_function( 'advapi32', 'DeleteAce', 'BOOL',[
1328
+ dll.add_function('DeleteAce', 'BOOL',[
1075
1329
  ["PBLOB","pAcl","inout"],
1076
1330
  ["DWORD","dwAceIndex","in"],
1077
1331
  ])
1078
1332
 
1079
- railgun.add_function( 'advapi32', 'DeregisterEventSource', 'BOOL',[
1333
+ dll.add_function('DeregisterEventSource', 'BOOL',[
1080
1334
  ["DWORD","hEventLog","in"],
1081
1335
  ])
1082
1336
 
1083
- railgun.add_function( 'advapi32', 'DestroyPrivateObjectSecurity', 'BOOL',[
1337
+ dll.add_function('DestroyPrivateObjectSecurity', 'BOOL',[
1084
1338
  ["PBLOB","ObjectDescriptor","in"],
1085
1339
  ])
1086
1340
 
1087
- railgun.add_function( 'advapi32', 'DuplicateToken', 'BOOL',[
1341
+ dll.add_function('DuplicateToken', 'BOOL',[
1088
1342
  ["DWORD","ExistingTokenHandle","in"],
1089
1343
  ["DWORD","ImpersonationLevel","in"],
1090
1344
  ["PDWORD","DuplicateTokenHandle","out"],
1091
1345
  ])
1092
1346
 
1093
- railgun.add_function( 'advapi32', 'DuplicateTokenEx', 'BOOL',[
1347
+ dll.add_function('DuplicateTokenEx', 'BOOL',[
1094
1348
  ["DWORD","hExistingToken","in"],
1095
1349
  ["DWORD","dwDesiredAccess","in"],
1096
1350
  ["PBLOB","lpTokenAttributes","in"],
@@ -1099,71 +1353,71 @@ class Def_advapi32
1099
1353
  ["PDWORD","phNewToken","out"],
1100
1354
  ])
1101
1355
 
1102
- railgun.add_function( 'advapi32', 'EncryptFileA', 'BOOL',[
1356
+ dll.add_function('EncryptFileA', 'BOOL',[
1103
1357
  ["PCHAR","lpFileName","in"],
1104
1358
  ])
1105
1359
 
1106
- railgun.add_function( 'advapi32', 'EncryptFileW', 'BOOL',[
1360
+ dll.add_function('EncryptFileW', 'BOOL',[
1107
1361
  ["PWCHAR","lpFileName","in"],
1108
1362
  ])
1109
1363
 
1110
- railgun.add_function( 'advapi32', 'EqualDomainSid', 'BOOL',[
1364
+ dll.add_function('EqualDomainSid', 'BOOL',[
1111
1365
  ["LPVOID","pSid1","in"],
1112
1366
  ["LPVOID","pSid2","in"],
1113
1367
  ["PBLOB","pfEqual","out"],
1114
1368
  ])
1115
1369
 
1116
- railgun.add_function( 'advapi32', 'EqualPrefixSid', 'BOOL',[
1370
+ dll.add_function('EqualPrefixSid', 'BOOL',[
1117
1371
  ["LPVOID","pSid1","in"],
1118
1372
  ["LPVOID","pSid2","in"],
1119
1373
  ])
1120
1374
 
1121
- railgun.add_function( 'advapi32', 'EqualSid', 'BOOL',[
1375
+ dll.add_function('EqualSid', 'BOOL',[
1122
1376
  ["LPVOID","pSid1","in"],
1123
1377
  ["LPVOID","pSid2","in"],
1124
1378
  ])
1125
1379
 
1126
- railgun.add_function( 'advapi32', 'FileEncryptionStatusA', 'BOOL',[
1380
+ dll.add_function('FileEncryptionStatusA', 'BOOL',[
1127
1381
  ["PCHAR","lpFileName","in"],
1128
1382
  ["PDWORD","lpStatus","out"],
1129
1383
  ])
1130
1384
 
1131
- railgun.add_function( 'advapi32', 'FileEncryptionStatusW', 'BOOL',[
1385
+ dll.add_function('FileEncryptionStatusW', 'BOOL',[
1132
1386
  ["PWCHAR","lpFileName","in"],
1133
1387
  ["PDWORD","lpStatus","out"],
1134
1388
  ])
1135
1389
 
1136
- railgun.add_function( 'advapi32', 'FindFirstFreeAce', 'BOOL',[
1390
+ dll.add_function('FindFirstFreeAce', 'BOOL',[
1137
1391
  ["PBLOB","pAcl","in"],
1138
1392
  ["PBLOB","pAce","out"],
1139
1393
  ])
1140
1394
 
1141
- railgun.add_function( 'advapi32', 'FreeSid', 'LPVOID',[
1395
+ dll.add_function('FreeSid', 'LPVOID',[
1142
1396
  ["LPVOID","pSid","in"],
1143
1397
  ])
1144
1398
 
1145
- railgun.add_function( 'advapi32', 'GetAce', 'BOOL',[
1399
+ dll.add_function('GetAce', 'BOOL',[
1146
1400
  ["PBLOB","pAcl","in"],
1147
1401
  ["DWORD","dwAceIndex","in"],
1148
1402
  ["PBLOB","pAce","out"],
1149
1403
  ])
1150
1404
 
1151
- railgun.add_function( 'advapi32', 'GetAclInformation', 'BOOL',[
1405
+ dll.add_function('GetAclInformation', 'BOOL',[
1152
1406
  ["PBLOB","pAcl","in"],
1153
1407
  ["PBLOB","pAclInformation","out"],
1154
1408
  ["DWORD","nAclInformationLength","in"],
1155
1409
  ["DWORD","dwAclInformationClass","in"],
1156
1410
  ])
1157
1411
 
1158
- railgun.add_function( 'advapi32', 'GetCurrentHwProfileA', 'BOOL',[
1412
+ dll.add_function('GetCurrentHwProfileA', 'BOOL',[
1159
1413
  ["PBLOB","lpHwProfileInfo","out"],
1160
1414
  ])
1161
1415
 
1162
- railgun.add_function( 'advapi32', 'GetCurrentHwProfileW', 'BOOL',[
1416
+ dll.add_function('GetCurrentHwProfileW', 'BOOL',[
1163
1417
  ["PBLOB","lpHwProfileInfo","out"],
1164
1418
  ])
1165
1419
 
1166
- railgun.add_function( 'advapi32', 'GetEventLogInformation', 'BOOL',[
1420
+ dll.add_function('GetEventLogInformation', 'BOOL',[
1167
1421
  ["DWORD","hEventLog","in"],
1168
1422
  ["DWORD","dwInfoLevel","in"],
1169
1423
  ["PBLOB","lpBuffer","out"],
@@ -1171,23 +1425,23 @@ class Def_advapi32
1171
1425
  ["PDWORD","pcbBytesNeeded","out"],
1172
1426
  ])
1173
1427
 
1174
- railgun.add_function( 'advapi32', 'GetFileSecurityA', 'BOOL',[
1428
+ dll.add_function('GetFileSecurityA', 'BOOL',[
1175
1429
  ["PCHAR","lpFileName","in"],
1176
- ["PBLOB","RequestedInformation","in"],
1430
+ ["DWORD","RequestedInformation","in"],
1177
1431
  ["PBLOB","pSecurityDescriptor","out"],
1178
1432
  ["DWORD","nLength","in"],
1179
1433
  ["PDWORD","lpnLengthNeeded","out"],
1180
1434
  ])
1181
1435
 
1182
- railgun.add_function( 'advapi32', 'GetFileSecurityW', 'BOOL',[
1436
+ dll.add_function('GetFileSecurityW', 'BOOL',[
1183
1437
  ["PWCHAR","lpFileName","in"],
1184
- ["PBLOB","RequestedInformation","in"],
1438
+ ["DWORD","RequestedInformation","in"],
1185
1439
  ["PBLOB","pSecurityDescriptor","out"],
1186
1440
  ["DWORD","nLength","in"],
1187
1441
  ["PDWORD","lpnLengthNeeded","out"],
1188
1442
  ])
1189
1443
 
1190
- railgun.add_function( 'advapi32', 'GetKernelObjectSecurity', 'BOOL',[
1444
+ dll.add_function('GetKernelObjectSecurity', 'BOOL',[
1191
1445
  ["DWORD","Handle","in"],
1192
1446
  ["PBLOB","RequestedInformation","in"],
1193
1447
  ["PBLOB","pSecurityDescriptor","out"],
@@ -1195,21 +1449,21 @@ class Def_advapi32
1195
1449
  ["PDWORD","lpnLengthNeeded","out"],
1196
1450
  ])
1197
1451
 
1198
- railgun.add_function( 'advapi32', 'GetLengthSid', 'DWORD',[
1452
+ dll.add_function('GetLengthSid', 'DWORD',[
1199
1453
  ["LPVOID","pSid","in"],
1200
1454
  ])
1201
1455
 
1202
- railgun.add_function( 'advapi32', 'GetNumberOfEventLogRecords', 'BOOL',[
1456
+ dll.add_function('GetNumberOfEventLogRecords', 'BOOL',[
1203
1457
  ["DWORD","hEventLog","in"],
1204
1458
  ["PDWORD","NumberOfRecords","out"],
1205
1459
  ])
1206
1460
 
1207
- railgun.add_function( 'advapi32', 'GetOldestEventLogRecord', 'BOOL',[
1461
+ dll.add_function('GetOldestEventLogRecord', 'BOOL',[
1208
1462
  ["DWORD","hEventLog","in"],
1209
1463
  ["PDWORD","OldestRecord","out"],
1210
1464
  ])
1211
1465
 
1212
- railgun.add_function( 'advapi32', 'GetPrivateObjectSecurity', 'BOOL',[
1466
+ dll.add_function('GetPrivateObjectSecurity', 'BOOL',[
1213
1467
  ["PBLOB","ObjectDescriptor","in"],
1214
1468
  ["PBLOB","SecurityInformation","in"],
1215
1469
  ["PBLOB","ResultantDescriptor","out"],
@@ -1217,52 +1471,52 @@ class Def_advapi32
1217
1471
  ["PDWORD","ReturnLength","out"],
1218
1472
  ])
1219
1473
 
1220
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorControl', 'BOOL',[
1474
+ dll.add_function('GetSecurityDescriptorControl', 'BOOL',[
1221
1475
  ["PBLOB","pSecurityDescriptor","in"],
1222
1476
  ["PBLOB","pControl","out"],
1223
1477
  ["PDWORD","lpdwRevision","out"],
1224
1478
  ])
1225
1479
 
1226
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorDacl', 'BOOL',[
1480
+ dll.add_function('GetSecurityDescriptorDacl', 'BOOL',[
1227
1481
  ["PBLOB","pSecurityDescriptor","in"],
1228
1482
  ["PBLOB","lpbDaclPresent","out"],
1229
1483
  ["PBLOB","pDacl","out"],
1230
1484
  ["PBLOB","lpbDaclDefaulted","out"],
1231
1485
  ])
1232
1486
 
1233
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorGroup', 'BOOL',[
1487
+ dll.add_function('GetSecurityDescriptorGroup', 'BOOL',[
1234
1488
  ["PBLOB","pSecurityDescriptor","in"],
1235
1489
  ["PBLOB","pGroup","out"],
1236
1490
  ["PBLOB","lpbGroupDefaulted","out"],
1237
1491
  ])
1238
1492
 
1239
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorLength', 'DWORD',[
1493
+ dll.add_function('GetSecurityDescriptorLength', 'DWORD',[
1240
1494
  ["PBLOB","pSecurityDescriptor","in"],
1241
1495
  ])
1242
1496
 
1243
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorOwner', 'BOOL',[
1497
+ dll.add_function('GetSecurityDescriptorOwner', 'BOOL',[
1244
1498
  ["PBLOB","pSecurityDescriptor","in"],
1245
1499
  ["PBLOB","pOwner","out"],
1246
1500
  ["PBLOB","lpbOwnerDefaulted","out"],
1247
1501
  ])
1248
1502
 
1249
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorRMControl', 'DWORD',[
1503
+ dll.add_function('GetSecurityDescriptorRMControl', 'DWORD',[
1250
1504
  ["PBLOB","SecurityDescriptor","in"],
1251
1505
  ["PBLOB","RMControl","out"],
1252
1506
  ])
1253
1507
 
1254
- railgun.add_function( 'advapi32', 'GetSecurityDescriptorSacl', 'BOOL',[
1508
+ dll.add_function('GetSecurityDescriptorSacl', 'BOOL',[
1255
1509
  ["PBLOB","pSecurityDescriptor","in"],
1256
1510
  ["PBLOB","lpbSaclPresent","out"],
1257
1511
  ["PBLOB","pSacl","out"],
1258
1512
  ["PBLOB","lpbSaclDefaulted","out"],
1259
1513
  ])
1260
1514
 
1261
- railgun.add_function( 'advapi32', 'GetSidLengthRequired', 'DWORD',[
1515
+ dll.add_function('GetSidLengthRequired', 'DWORD',[
1262
1516
  ["BYTE","nSubAuthorityCount","in"],
1263
1517
  ])
1264
1518
 
1265
- railgun.add_function( 'advapi32', 'GetTokenInformation', 'BOOL',[
1519
+ dll.add_function('GetTokenInformation', 'BOOL',[
1266
1520
  ["DWORD","TokenHandle","in"],
1267
1521
  ["DWORD","TokenInformationClass","in"],
1268
1522
  ["PBLOB","TokenInformation","out"],
@@ -1270,86 +1524,86 @@ class Def_advapi32
1270
1524
  ["PDWORD","ReturnLength","out"],
1271
1525
  ])
1272
1526
 
1273
- railgun.add_function( 'advapi32', 'GetUserNameA', 'BOOL',[
1527
+ dll.add_function('GetUserNameA', 'BOOL',[
1274
1528
  ["PCHAR","lpBuffer","out"],
1275
1529
  ["PDWORD","pcbBuffer","inout"],
1276
1530
  ])
1277
1531
 
1278
- railgun.add_function( 'advapi32', 'GetUserNameW', 'BOOL',[
1532
+ dll.add_function('GetUserNameW', 'BOOL',[
1279
1533
  ["PWCHAR","lpBuffer","out"],
1280
1534
  ["PDWORD","pcbBuffer","inout"],
1281
1535
  ])
1282
1536
 
1283
- railgun.add_function( 'advapi32', 'GetWindowsAccountDomainSid', 'BOOL',[
1537
+ dll.add_function('GetWindowsAccountDomainSid', 'BOOL',[
1284
1538
  ["LPVOID","pSid","in"],
1285
1539
  ["PBLOB","pDomainSid","out"],
1286
1540
  ["PDWORD","cbDomainSid","inout"],
1287
1541
  ])
1288
1542
 
1289
- railgun.add_function( 'advapi32', 'ImpersonateAnonymousToken', 'BOOL',[
1543
+ dll.add_function('ImpersonateAnonymousToken', 'BOOL',[
1290
1544
  ["DWORD","ThreadHandle","in"],
1291
1545
  ])
1292
1546
 
1293
- railgun.add_function( 'advapi32', 'ImpersonateLoggedOnUser', 'BOOL',[
1547
+ dll.add_function('ImpersonateLoggedOnUser', 'BOOL',[
1294
1548
  ["DWORD","hToken","in"],
1295
1549
  ])
1296
1550
 
1297
- railgun.add_function( 'advapi32', 'ImpersonateNamedPipeClient', 'BOOL',[
1551
+ dll.add_function('ImpersonateNamedPipeClient', 'BOOL',[
1298
1552
  ["DWORD","hNamedPipe","in"],
1299
1553
  ])
1300
1554
 
1301
- railgun.add_function( 'advapi32', 'ImpersonateSelf', 'BOOL',[
1555
+ dll.add_function('ImpersonateSelf', 'BOOL',[
1302
1556
  ["DWORD","ImpersonationLevel","in"],
1303
1557
  ])
1304
1558
 
1305
- railgun.add_function( 'advapi32', 'InitializeAcl', 'BOOL',[
1559
+ dll.add_function('InitializeAcl', 'BOOL',[
1306
1560
  ["PBLOB","pAcl","out"],
1307
1561
  ["DWORD","nAclLength","in"],
1308
1562
  ["DWORD","dwAclRevision","in"],
1309
1563
  ])
1310
1564
 
1311
- railgun.add_function( 'advapi32', 'InitializeSecurityDescriptor', 'BOOL',[
1565
+ dll.add_function('InitializeSecurityDescriptor', 'BOOL',[
1312
1566
  ["PBLOB","pSecurityDescriptor","out"],
1313
1567
  ["DWORD","dwRevision","in"],
1314
1568
  ])
1315
1569
 
1316
- railgun.add_function( 'advapi32', 'InitializeSid', 'BOOL',[
1570
+ dll.add_function('InitializeSid', 'BOOL',[
1317
1571
  ["PBLOB","Sid","out"],
1318
1572
  ["PBLOB","pIdentifierAuthority","in"],
1319
1573
  ["BYTE","nSubAuthorityCount","in"],
1320
1574
  ])
1321
1575
 
1322
- railgun.add_function( 'advapi32', 'IsTextUnicode', 'BOOL',[
1576
+ dll.add_function('IsTextUnicode', 'BOOL',[
1323
1577
  ["DWORD","iSize","in"],
1324
1578
  ["PDWORD","lpiResult","inout"],
1325
1579
  ])
1326
1580
 
1327
- railgun.add_function( 'advapi32', 'IsTokenRestricted', 'BOOL',[
1581
+ dll.add_function('IsTokenRestricted', 'BOOL',[
1328
1582
  ["DWORD","TokenHandle","in"],
1329
1583
  ])
1330
1584
 
1331
- railgun.add_function( 'advapi32', 'IsTokenUntrusted', 'BOOL',[
1585
+ dll.add_function('IsTokenUntrusted', 'BOOL',[
1332
1586
  ["DWORD","TokenHandle","in"],
1333
1587
  ])
1334
1588
 
1335
- railgun.add_function( 'advapi32', 'IsValidAcl', 'BOOL',[
1589
+ dll.add_function('IsValidAcl', 'BOOL',[
1336
1590
  ["PBLOB","pAcl","in"],
1337
1591
  ])
1338
1592
 
1339
- railgun.add_function( 'advapi32', 'IsValidSecurityDescriptor', 'BOOL',[
1593
+ dll.add_function('IsValidSecurityDescriptor', 'BOOL',[
1340
1594
  ["PBLOB","pSecurityDescriptor","in"],
1341
1595
  ])
1342
1596
 
1343
- railgun.add_function( 'advapi32', 'IsValidSid', 'BOOL',[
1597
+ dll.add_function('IsValidSid', 'BOOL',[
1344
1598
  ["LPVOID","pSid","in"],
1345
1599
  ])
1346
1600
 
1347
- railgun.add_function( 'advapi32', 'IsWellKnownSid', 'BOOL',[
1601
+ dll.add_function('IsWellKnownSid', 'BOOL',[
1348
1602
  ["LPVOID","pSid","in"],
1349
1603
  ["DWORD","WellKnownSidType","in"],
1350
1604
  ])
1351
1605
 
1352
- railgun.add_function( 'advapi32', 'LogonUserA', 'BOOL',[
1606
+ dll.add_function('LogonUserA', 'BOOL',[
1353
1607
  ["PCHAR","lpszUsername","in"],
1354
1608
  ["PCHAR","lpszDomain","in"],
1355
1609
  ["PCHAR","lpszPassword","in"],
@@ -1358,7 +1612,7 @@ class Def_advapi32
1358
1612
  ["PDWORD","phToken","out"],
1359
1613
  ])
1360
1614
 
1361
- railgun.add_function( 'advapi32', 'LogonUserExA', 'BOOL',[
1615
+ dll.add_function('LogonUserExA', 'BOOL',[
1362
1616
  ["PCHAR","lpszUsername","in"],
1363
1617
  ["PCHAR","lpszDomain","in"],
1364
1618
  ["PCHAR","lpszPassword","in"],
@@ -1371,7 +1625,7 @@ class Def_advapi32
1371
1625
  ["PBLOB","pQuotaLimits","out"],
1372
1626
  ])
1373
1627
 
1374
- railgun.add_function( 'advapi32', 'LogonUserExW', 'BOOL',[
1628
+ dll.add_function('LogonUserExW', 'BOOL',[
1375
1629
  ["PWCHAR","lpszUsername","in"],
1376
1630
  ["PWCHAR","lpszDomain","in"],
1377
1631
  ["PWCHAR","lpszPassword","in"],
@@ -1384,7 +1638,7 @@ class Def_advapi32
1384
1638
  ["PBLOB","pQuotaLimits","out"],
1385
1639
  ])
1386
1640
 
1387
- railgun.add_function( 'advapi32', 'LogonUserW', 'BOOL',[
1641
+ dll.add_function('LogonUserW', 'BOOL',[
1388
1642
  ["PWCHAR","lpszUsername","in"],
1389
1643
  ["PWCHAR","lpszDomain","in"],
1390
1644
  ["PWCHAR","lpszPassword","in"],
@@ -1393,7 +1647,7 @@ class Def_advapi32
1393
1647
  ["PDWORD","phToken","out"],
1394
1648
  ])
1395
1649
 
1396
- railgun.add_function( 'advapi32', 'LookupAccountNameA', 'BOOL',[
1650
+ dll.add_function('LookupAccountNameA', 'BOOL',[
1397
1651
  ["PCHAR","lpSystemName","in"],
1398
1652
  ["PCHAR","lpAccountName","in"],
1399
1653
  ["PBLOB","Sid","out"],
@@ -1403,7 +1657,7 @@ class Def_advapi32
1403
1657
  ["PBLOB","peUse","out"],
1404
1658
  ])
1405
1659
 
1406
- railgun.add_function( 'advapi32', 'LookupAccountNameW', 'BOOL',[
1660
+ dll.add_function('LookupAccountNameW', 'BOOL',[
1407
1661
  ["PWCHAR","lpSystemName","in"],
1408
1662
  ["PWCHAR","lpAccountName","in"],
1409
1663
  ["PBLOB","Sid","out"],
@@ -1413,7 +1667,7 @@ class Def_advapi32
1413
1667
  ["PBLOB","peUse","out"],
1414
1668
  ])
1415
1669
 
1416
- railgun.add_function( 'advapi32', 'LookupAccountSidA', 'BOOL',[
1670
+ dll.add_function('LookupAccountSidA', 'BOOL',[
1417
1671
  ["PCHAR","lpSystemName","in"],
1418
1672
  ["LPVOID","Sid","in"],
1419
1673
  ["PCHAR","Name","out"],
@@ -1423,7 +1677,7 @@ class Def_advapi32
1423
1677
  ["PBLOB","peUse","out"],
1424
1678
  ])
1425
1679
 
1426
- railgun.add_function( 'advapi32', 'LookupAccountSidW', 'BOOL',[
1680
+ dll.add_function('LookupAccountSidW', 'BOOL',[
1427
1681
  ["PWCHAR","lpSystemName","in"],
1428
1682
  ["LPVOID","Sid","in"],
1429
1683
  ["PWCHAR","Name","out"],
@@ -1433,7 +1687,7 @@ class Def_advapi32
1433
1687
  ["PBLOB","peUse","out"],
1434
1688
  ])
1435
1689
 
1436
- railgun.add_function( 'advapi32', 'LookupPrivilegeDisplayNameA', 'BOOL',[
1690
+ dll.add_function('LookupPrivilegeDisplayNameA', 'BOOL',[
1437
1691
  ["PCHAR","lpSystemName","in"],
1438
1692
  ["PCHAR","lpName","in"],
1439
1693
  ["PCHAR","lpDisplayName","out"],
@@ -1441,7 +1695,7 @@ class Def_advapi32
1441
1695
  ["PDWORD","lpLanguageId","out"],
1442
1696
  ])
1443
1697
 
1444
- railgun.add_function( 'advapi32', 'LookupPrivilegeDisplayNameW', 'BOOL',[
1698
+ dll.add_function('LookupPrivilegeDisplayNameW', 'BOOL',[
1445
1699
  ["PWCHAR","lpSystemName","in"],
1446
1700
  ["PWCHAR","lpName","in"],
1447
1701
  ["PWCHAR","lpDisplayName","out"],
@@ -1449,33 +1703,33 @@ class Def_advapi32
1449
1703
  ["PDWORD","lpLanguageId","out"],
1450
1704
  ])
1451
1705
 
1452
- railgun.add_function( 'advapi32', 'LookupPrivilegeNameA', 'BOOL',[
1706
+ dll.add_function('LookupPrivilegeNameA', 'BOOL',[
1453
1707
  ["PCHAR","lpSystemName","in"],
1454
1708
  ["PBLOB","lpLuid","in"],
1455
1709
  ["PCHAR","lpName","out"],
1456
1710
  ["PDWORD","cchName","inout"],
1457
1711
  ])
1458
1712
 
1459
- railgun.add_function( 'advapi32', 'LookupPrivilegeNameW', 'BOOL',[
1713
+ dll.add_function('LookupPrivilegeNameW', 'BOOL',[
1460
1714
  ["PWCHAR","lpSystemName","in"],
1461
1715
  ["PBLOB","lpLuid","in"],
1462
1716
  ["PWCHAR","lpName","out"],
1463
1717
  ["PDWORD","cchName","inout"],
1464
1718
  ])
1465
1719
 
1466
- railgun.add_function( 'advapi32', 'LookupPrivilegeValueA', 'BOOL',[
1720
+ dll.add_function('LookupPrivilegeValueA', 'BOOL',[
1467
1721
  ["PCHAR","lpSystemName","in"],
1468
1722
  ["PCHAR","lpName","in"],
1469
1723
  ["PBLOB","lpLuid","out"],
1470
1724
  ])
1471
1725
 
1472
- railgun.add_function( 'advapi32', 'LookupPrivilegeValueW', 'BOOL',[
1726
+ dll.add_function('LookupPrivilegeValueW', 'BOOL',[
1473
1727
  ["PWCHAR","lpSystemName","in"],
1474
1728
  ["PWCHAR","lpName","in"],
1475
1729
  ["PBLOB","lpLuid","out"],
1476
1730
  ])
1477
1731
 
1478
- railgun.add_function( 'advapi32', 'MakeAbsoluteSD', 'BOOL',[
1732
+ dll.add_function('MakeAbsoluteSD', 'BOOL',[
1479
1733
  ["PBLOB","pSelfRelativeSecurityDescriptor","in"],
1480
1734
  ["PBLOB","pAbsoluteSecurityDescriptor","out"],
1481
1735
  ["PDWORD","lpdwAbsoluteSecurityDescriptorSize","inout"],
@@ -1489,52 +1743,52 @@ class Def_advapi32
1489
1743
  ["PDWORD","lpdwPrimaryGroupSize","inout"],
1490
1744
  ])
1491
1745
 
1492
- railgun.add_function( 'advapi32', 'MakeAbsoluteSD2', 'BOOL',[
1746
+ dll.add_function('MakeAbsoluteSD2', 'BOOL',[
1493
1747
  ["PBLOB","pSelfRelativeSecurityDescriptor","inout"],
1494
1748
  ["PDWORD","lpdwBufferSize","inout"],
1495
1749
  ])
1496
1750
 
1497
- railgun.add_function( 'advapi32', 'MakeSelfRelativeSD', 'BOOL',[
1751
+ dll.add_function('MakeSelfRelativeSD', 'BOOL',[
1498
1752
  ["PBLOB","pAbsoluteSecurityDescriptor","in"],
1499
1753
  ["PBLOB","pSelfRelativeSecurityDescriptor","out"],
1500
1754
  ["PDWORD","lpdwBufferLength","inout"],
1501
1755
  ])
1502
1756
 
1503
- railgun.add_function( 'advapi32', 'MapGenericMask', 'VOID',[
1757
+ dll.add_function('MapGenericMask', 'VOID',[
1504
1758
  ["PDWORD","AccessMask","inout"],
1505
1759
  ["PBLOB","GenericMapping","in"],
1506
1760
  ])
1507
1761
 
1508
- railgun.add_function( 'advapi32', 'NotifyChangeEventLog', 'BOOL',[
1762
+ dll.add_function('NotifyChangeEventLog', 'BOOL',[
1509
1763
  ["DWORD","hEventLog","in"],
1510
1764
  ["DWORD","hEvent","in"],
1511
1765
  ])
1512
1766
 
1513
- railgun.add_function( 'advapi32', 'ObjectCloseAuditAlarmA', 'BOOL',[
1767
+ dll.add_function('ObjectCloseAuditAlarmA', 'BOOL',[
1514
1768
  ["PCHAR","SubsystemName","in"],
1515
1769
  ["PBLOB","HandleId","in"],
1516
1770
  ["BOOL","GenerateOnClose","in"],
1517
1771
  ])
1518
1772
 
1519
- railgun.add_function( 'advapi32', 'ObjectCloseAuditAlarmW', 'BOOL',[
1773
+ dll.add_function('ObjectCloseAuditAlarmW', 'BOOL',[
1520
1774
  ["PWCHAR","SubsystemName","in"],
1521
1775
  ["PBLOB","HandleId","in"],
1522
1776
  ["BOOL","GenerateOnClose","in"],
1523
1777
  ])
1524
1778
 
1525
- railgun.add_function( 'advapi32', 'ObjectDeleteAuditAlarmA', 'BOOL',[
1779
+ dll.add_function('ObjectDeleteAuditAlarmA', 'BOOL',[
1526
1780
  ["PCHAR","SubsystemName","in"],
1527
1781
  ["PBLOB","HandleId","in"],
1528
1782
  ["BOOL","GenerateOnClose","in"],
1529
1783
  ])
1530
1784
 
1531
- railgun.add_function( 'advapi32', 'ObjectDeleteAuditAlarmW', 'BOOL',[
1785
+ dll.add_function('ObjectDeleteAuditAlarmW', 'BOOL',[
1532
1786
  ["PWCHAR","SubsystemName","in"],
1533
1787
  ["PBLOB","HandleId","in"],
1534
1788
  ["BOOL","GenerateOnClose","in"],
1535
1789
  ])
1536
1790
 
1537
- railgun.add_function( 'advapi32', 'ObjectOpenAuditAlarmA', 'BOOL',[
1791
+ dll.add_function('ObjectOpenAuditAlarmA', 'BOOL',[
1538
1792
  ["PCHAR","SubsystemName","in"],
1539
1793
  ["PBLOB","HandleId","in"],
1540
1794
  ["PCHAR","ObjectTypeName","in"],
@@ -1549,7 +1803,7 @@ class Def_advapi32
1549
1803
  ["PBLOB","GenerateOnClose","out"],
1550
1804
  ])
1551
1805
 
1552
- railgun.add_function( 'advapi32', 'ObjectOpenAuditAlarmW', 'BOOL',[
1806
+ dll.add_function('ObjectOpenAuditAlarmW', 'BOOL',[
1553
1807
  ["PWCHAR","SubsystemName","in"],
1554
1808
  ["PBLOB","HandleId","in"],
1555
1809
  ["PWCHAR","ObjectTypeName","in"],
@@ -1564,7 +1818,7 @@ class Def_advapi32
1564
1818
  ["PBLOB","GenerateOnClose","out"],
1565
1819
  ])
1566
1820
 
1567
- railgun.add_function( 'advapi32', 'ObjectPrivilegeAuditAlarmA', 'BOOL',[
1821
+ dll.add_function('ObjectPrivilegeAuditAlarmA', 'BOOL',[
1568
1822
  ["PCHAR","SubsystemName","in"],
1569
1823
  ["PBLOB","HandleId","in"],
1570
1824
  ["DWORD","ClientToken","in"],
@@ -1573,7 +1827,7 @@ class Def_advapi32
1573
1827
  ["BOOL","AccessGranted","in"],
1574
1828
  ])
1575
1829
 
1576
- railgun.add_function( 'advapi32', 'ObjectPrivilegeAuditAlarmW', 'BOOL',[
1830
+ dll.add_function('ObjectPrivilegeAuditAlarmW', 'BOOL',[
1577
1831
  ["PWCHAR","SubsystemName","in"],
1578
1832
  ["PBLOB","HandleId","in"],
1579
1833
  ["DWORD","ClientToken","in"],
@@ -1582,58 +1836,58 @@ class Def_advapi32
1582
1836
  ["BOOL","AccessGranted","in"],
1583
1837
  ])
1584
1838
 
1585
- railgun.add_function( 'advapi32', 'OpenBackupEventLogA', 'DWORD',[
1839
+ dll.add_function('OpenBackupEventLogA', 'DWORD',[
1586
1840
  ["PCHAR","lpUNCServerName","in"],
1587
1841
  ["PCHAR","lpFileName","in"],
1588
1842
  ])
1589
1843
 
1590
- railgun.add_function( 'advapi32', 'OpenBackupEventLogW', 'DWORD',[
1844
+ dll.add_function('OpenBackupEventLogW', 'DWORD',[
1591
1845
  ["PWCHAR","lpUNCServerName","in"],
1592
1846
  ["PWCHAR","lpFileName","in"],
1593
1847
  ])
1594
1848
 
1595
- railgun.add_function( 'advapi32', 'OpenEncryptedFileRawA', 'DWORD',[
1849
+ dll.add_function('OpenEncryptedFileRawA', 'DWORD',[
1596
1850
  ["PCHAR","lpFileName","in"],
1597
1851
  ["DWORD","ulFlags","in"],
1598
1852
  ["PBLOB","pvContext","out"],
1599
1853
  ])
1600
1854
 
1601
- railgun.add_function( 'advapi32', 'OpenEncryptedFileRawW', 'DWORD',[
1855
+ dll.add_function('OpenEncryptedFileRawW', 'DWORD',[
1602
1856
  ["PWCHAR","lpFileName","in"],
1603
1857
  ["DWORD","ulFlags","in"],
1604
1858
  ["PBLOB","pvContext","out"],
1605
1859
  ])
1606
1860
 
1607
- railgun.add_function( 'advapi32', 'OpenEventLogA', 'DWORD',[
1861
+ dll.add_function('OpenEventLogA', 'DWORD',[
1608
1862
  ["PCHAR","lpUNCServerName","in"],
1609
1863
  ["PCHAR","lpSourceName","in"],
1610
1864
  ])
1611
1865
 
1612
- railgun.add_function( 'advapi32', 'OpenEventLogW', 'DWORD',[
1866
+ dll.add_function('OpenEventLogW', 'DWORD',[
1613
1867
  ["PWCHAR","lpUNCServerName","in"],
1614
1868
  ["PWCHAR","lpSourceName","in"],
1615
1869
  ])
1616
1870
 
1617
- railgun.add_function( 'advapi32', 'OpenProcessToken', 'BOOL',[
1871
+ dll.add_function('OpenProcessToken', 'BOOL',[
1618
1872
  ["DWORD","ProcessHandle","in"],
1619
1873
  ["DWORD","DesiredAccess","in"],
1620
1874
  ["PDWORD","TokenHandle","out"],
1621
1875
  ])
1622
1876
 
1623
- railgun.add_function( 'advapi32', 'OpenThreadToken', 'BOOL',[
1877
+ dll.add_function('OpenThreadToken', 'BOOL',[
1624
1878
  ["DWORD","ThreadHandle","in"],
1625
1879
  ["DWORD","DesiredAccess","in"],
1626
1880
  ["BOOL","OpenAsSelf","in"],
1627
1881
  ["PDWORD","TokenHandle","out"],
1628
1882
  ])
1629
1883
 
1630
- railgun.add_function( 'advapi32', 'PrivilegeCheck', 'BOOL',[
1884
+ dll.add_function('PrivilegeCheck', 'BOOL',[
1631
1885
  ["DWORD","ClientToken","in"],
1632
1886
  ["PBLOB","RequiredPrivileges","inout"],
1633
1887
  ["PBLOB","pfResult","out"],
1634
1888
  ])
1635
1889
 
1636
- railgun.add_function( 'advapi32', 'PrivilegedServiceAuditAlarmA', 'BOOL',[
1890
+ dll.add_function('PrivilegedServiceAuditAlarmA', 'BOOL',[
1637
1891
  ["PCHAR","SubsystemName","in"],
1638
1892
  ["PCHAR","ServiceName","in"],
1639
1893
  ["DWORD","ClientToken","in"],
@@ -1641,7 +1895,7 @@ class Def_advapi32
1641
1895
  ["BOOL","AccessGranted","in"],
1642
1896
  ])
1643
1897
 
1644
- railgun.add_function( 'advapi32', 'PrivilegedServiceAuditAlarmW', 'BOOL',[
1898
+ dll.add_function('PrivilegedServiceAuditAlarmW', 'BOOL',[
1645
1899
  ["PWCHAR","SubsystemName","in"],
1646
1900
  ["PWCHAR","ServiceName","in"],
1647
1901
  ["DWORD","ClientToken","in"],
@@ -1649,13 +1903,13 @@ class Def_advapi32
1649
1903
  ["BOOL","AccessGranted","in"],
1650
1904
  ])
1651
1905
 
1652
- railgun.add_function( 'advapi32', 'ReadEncryptedFileRaw', 'DWORD',[
1906
+ dll.add_function('ReadEncryptedFileRaw', 'DWORD',[
1653
1907
  ["PBLOB","pfExportCallback","in"],
1654
1908
  ["PBLOB","pvCallbackContext","in"],
1655
1909
  ["PBLOB","pvContext","in"],
1656
1910
  ])
1657
1911
 
1658
- railgun.add_function( 'advapi32', 'ReadEventLogA', 'BOOL',[
1912
+ dll.add_function('ReadEventLogA', 'BOOL',[
1659
1913
  ["DWORD","hEventLog","in"],
1660
1914
  ["DWORD","dwReadFlags","in"],
1661
1915
  ["DWORD","dwRecordOffset","in"],
@@ -1665,7 +1919,7 @@ class Def_advapi32
1665
1919
  ["PDWORD","pnMinNumberOfBytesNeeded","out"],
1666
1920
  ])
1667
1921
 
1668
- railgun.add_function( 'advapi32', 'ReadEventLogW', 'BOOL',[
1922
+ dll.add_function('ReadEventLogW', 'BOOL',[
1669
1923
  ["DWORD","hEventLog","in"],
1670
1924
  ["DWORD","dwReadFlags","in"],
1671
1925
  ["DWORD","dwRecordOffset","in"],
@@ -1675,17 +1929,17 @@ class Def_advapi32
1675
1929
  ["PDWORD","pnMinNumberOfBytesNeeded","out"],
1676
1930
  ])
1677
1931
 
1678
- railgun.add_function( 'advapi32', 'RegisterEventSourceA', 'DWORD',[
1932
+ dll.add_function('RegisterEventSourceA', 'DWORD',[
1679
1933
  ["PCHAR","lpUNCServerName","in"],
1680
1934
  ["PCHAR","lpSourceName","in"],
1681
1935
  ])
1682
1936
 
1683
- railgun.add_function( 'advapi32', 'RegisterEventSourceW', 'DWORD',[
1937
+ dll.add_function('RegisterEventSourceW', 'DWORD',[
1684
1938
  ["PWCHAR","lpUNCServerName","in"],
1685
1939
  ["PWCHAR","lpSourceName","in"],
1686
1940
  ])
1687
1941
 
1688
- railgun.add_function( 'advapi32', 'ReportEventA', 'BOOL',[
1942
+ dll.add_function('ReportEventA', 'BOOL',[
1689
1943
  ["DWORD","hEventLog","in"],
1690
1944
  ["WORD","wType","in"],
1691
1945
  ["WORD","wCategory","in"],
@@ -1697,7 +1951,7 @@ class Def_advapi32
1697
1951
  ["PBLOB","lpRawData","in"],
1698
1952
  ])
1699
1953
 
1700
- railgun.add_function( 'advapi32', 'ReportEventW', 'BOOL',[
1954
+ dll.add_function('ReportEventW', 'BOOL',[
1701
1955
  ["DWORD","hEventLog","in"],
1702
1956
  ["WORD","wType","in"],
1703
1957
  ["WORD","wCategory","in"],
@@ -1709,35 +1963,35 @@ class Def_advapi32
1709
1963
  ["PBLOB","lpRawData","in"],
1710
1964
  ])
1711
1965
 
1712
- railgun.add_function( 'advapi32', 'RevertToSelf', 'BOOL',[
1966
+ dll.add_function('RevertToSelf', 'BOOL',[
1713
1967
  ])
1714
1968
 
1715
- railgun.add_function( 'advapi32', 'SetAclInformation', 'BOOL',[
1969
+ dll.add_function('SetAclInformation', 'BOOL',[
1716
1970
  ["PBLOB","pAcl","inout"],
1717
1971
  ["PBLOB","pAclInformation","in"],
1718
1972
  ["DWORD","nAclInformationLength","in"],
1719
1973
  ["DWORD","dwAclInformationClass","in"],
1720
1974
  ])
1721
1975
 
1722
- railgun.add_function( 'advapi32', 'SetFileSecurityA', 'BOOL',[
1976
+ dll.add_function('SetFileSecurityA', 'BOOL',[
1723
1977
  ["PCHAR","lpFileName","in"],
1724
1978
  ["PBLOB","SecurityInformation","in"],
1725
1979
  ["PBLOB","pSecurityDescriptor","in"],
1726
1980
  ])
1727
1981
 
1728
- railgun.add_function( 'advapi32', 'SetFileSecurityW', 'BOOL',[
1982
+ dll.add_function('SetFileSecurityW', 'BOOL',[
1729
1983
  ["PWCHAR","lpFileName","in"],
1730
1984
  ["PBLOB","SecurityInformation","in"],
1731
1985
  ["PBLOB","pSecurityDescriptor","in"],
1732
1986
  ])
1733
1987
 
1734
- railgun.add_function( 'advapi32', 'SetKernelObjectSecurity', 'BOOL',[
1988
+ dll.add_function('SetKernelObjectSecurity', 'BOOL',[
1735
1989
  ["DWORD","Handle","in"],
1736
1990
  ["PBLOB","SecurityInformation","in"],
1737
1991
  ["PBLOB","SecurityDescriptor","in"],
1738
1992
  ])
1739
1993
 
1740
- railgun.add_function( 'advapi32', 'SetPrivateObjectSecurity', 'BOOL',[
1994
+ dll.add_function('SetPrivateObjectSecurity', 'BOOL',[
1741
1995
  ["PBLOB","SecurityInformation","in"],
1742
1996
  ["PBLOB","ModificationDescriptor","in"],
1743
1997
  ["PBLOB","ObjectsSecurityDescriptor","inout"],
@@ -1745,7 +1999,7 @@ class Def_advapi32
1745
1999
  ["DWORD","Token","in"],
1746
2000
  ])
1747
2001
 
1748
- railgun.add_function( 'advapi32', 'SetPrivateObjectSecurityEx', 'BOOL',[
2002
+ dll.add_function('SetPrivateObjectSecurityEx', 'BOOL',[
1749
2003
  ["PBLOB","SecurityInformation","in"],
1750
2004
  ["PBLOB","ModificationDescriptor","in"],
1751
2005
  ["PBLOB","ObjectsSecurityDescriptor","inout"],
@@ -1754,61 +2008,63 @@ class Def_advapi32
1754
2008
  ["DWORD","Token","in"],
1755
2009
  ])
1756
2010
 
1757
- railgun.add_function( 'advapi32', 'SetSecurityDescriptorControl', 'BOOL',[
2011
+ dll.add_function('SetSecurityDescriptorControl', 'BOOL',[
1758
2012
  ["PBLOB","pSecurityDescriptor","in"],
1759
2013
  ["WORD","ControlBitsOfInterest","in"],
1760
2014
  ["WORD","ControlBitsToSet","in"],
1761
2015
  ])
1762
2016
 
1763
- railgun.add_function( 'advapi32', 'SetSecurityDescriptorDacl', 'BOOL',[
2017
+ dll.add_function('SetSecurityDescriptorDacl', 'BOOL',[
1764
2018
  ["PBLOB","pSecurityDescriptor","inout"],
1765
2019
  ["BOOL","bDaclPresent","in"],
1766
2020
  ["PBLOB","pDacl","in"],
1767
2021
  ["BOOL","bDaclDefaulted","in"],
1768
2022
  ])
1769
2023
 
1770
- railgun.add_function( 'advapi32', 'SetSecurityDescriptorGroup', 'BOOL',[
2024
+ dll.add_function('SetSecurityDescriptorGroup', 'BOOL',[
1771
2025
  ["PBLOB","pSecurityDescriptor","inout"],
1772
2026
  ["PBLOB","pGroup","in"],
1773
2027
  ["BOOL","bGroupDefaulted","in"],
1774
2028
  ])
1775
2029
 
1776
- railgun.add_function( 'advapi32', 'SetSecurityDescriptorOwner', 'BOOL',[
2030
+ dll.add_function('SetSecurityDescriptorOwner', 'BOOL',[
1777
2031
  ["PBLOB","pSecurityDescriptor","inout"],
1778
2032
  ["PBLOB","pOwner","in"],
1779
2033
  ["BOOL","bOwnerDefaulted","in"],
1780
2034
  ])
1781
2035
 
1782
- railgun.add_function( 'advapi32', 'SetSecurityDescriptorRMControl', 'DWORD',[
2036
+ dll.add_function('SetSecurityDescriptorRMControl', 'DWORD',[
1783
2037
  ["PBLOB","SecurityDescriptor","inout"],
1784
2038
  ["PBLOB","RMControl","in"],
1785
2039
  ])
1786
2040
 
1787
- railgun.add_function( 'advapi32', 'SetSecurityDescriptorSacl', 'BOOL',[
2041
+ dll.add_function('SetSecurityDescriptorSacl', 'BOOL',[
1788
2042
  ["PBLOB","pSecurityDescriptor","inout"],
1789
2043
  ["BOOL","bSaclPresent","in"],
1790
2044
  ["PBLOB","pSacl","in"],
1791
2045
  ["BOOL","bSaclDefaulted","in"],
1792
2046
  ])
1793
2047
 
1794
- railgun.add_function( 'advapi32', 'SetThreadToken', 'BOOL',[
2048
+ dll.add_function('SetThreadToken', 'BOOL',[
1795
2049
  ["PDWORD","Thread","in"],
1796
2050
  ["DWORD","Token","in"],
1797
2051
  ])
1798
2052
 
1799
- railgun.add_function( 'advapi32', 'SetTokenInformation', 'BOOL',[
2053
+ dll.add_function('SetTokenInformation', 'BOOL',[
1800
2054
  ["DWORD","TokenHandle","in"],
1801
2055
  ["DWORD","TokenInformationClass","in"],
1802
2056
  ["PBLOB","TokenInformation","in"],
1803
2057
  ["DWORD","TokenInformationLength","in"],
1804
2058
  ])
1805
2059
 
1806
- railgun.add_function( 'advapi32', 'WriteEncryptedFileRaw', 'DWORD',[
2060
+ dll.add_function('WriteEncryptedFileRaw', 'DWORD',[
1807
2061
  ["PBLOB","pfImportCallback","in"],
1808
2062
  ["PBLOB","pvCallbackContext","in"],
1809
2063
  ["PBLOB","pvContext","in"],
1810
2064
  ])
1811
2065
 
2066
+
2067
+ return dll
1812
2068
  end
1813
2069
 
1814
2070
  end