-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathqbot4_iat.h
211 lines (202 loc) · 18.4 KB
/
qbot4_iat.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
struct iat_kernel32 {
HMODULE (__stdcall *LoadLibraryA)( LPCSTR lpLibFileName );
HMODULE (__stdcall *LoadLibraryW)( LPCWSTR lpLibFileName );
BOOL (__stdcall *FreeLibrary)( HMODULE hLibModule );
FARPROC (__stdcall *GetProcAddress)( HMODULE hModule, LPCSTR lpProcName );
HMODULE (__stdcall *GetModuleHandleA)( LPCSTR lpModuleName );
HANDLE (__stdcall *CreateToolhelp32Snapshot)( DWORD dwFlags, DWORD th32ProcessID );
BOOL (__stdcall *Module32First)( HANDLE hSnapshot, LPMODULEENTRY32 lpme );
BOOL (__stdcall *Module32Next)( HANDLE hSnapshot, LPMODULEENTRY32 lpme );
BOOL (__stdcall *WriteProcessMemory)( HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesWritten );
HANDLE (__stdcall *OpenProcess)( DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId );
BOOL (__stdcall *VirtualFreeEx)( HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType );
DWORD (__stdcall *WaitForSingleObject)( HANDLE hHandle, DWORD dwMilliseconds );
BOOL (__stdcall *CloseHandle)( HANDLE hObject );
HLOCAL (__stdcall *LocalFree)( HLOCAL hMem );
BOOL (__stdcall *CreateProcessW)( LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation );
BOOL (__stdcall *ReadProcessMemory)( HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead );
BOOL (__stdcall *Process32First)( HANDLE hSnapshot, LPPROCESSENTRY32 lppe );
BOOL (__stdcall *Process32Next)( HANDLE hSnapshot, LPPROCESSENTRY32 lppe );
BOOL (__stdcall *Process32FirstW)( HANDLE hSnapshot, LPPROCESSENTRY32W lppe );
BOOL (__stdcall *Process32NextW)( HANDLE hSnapshot, LPPROCESSENTRY32W lppe );
BOOL (__stdcall *CreateProcessAsUserW)( HANDLE hToken, LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation );
LPVOID (__stdcall *VirtualAllocEx)( HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect );
LPVOID (__stdcall *VirtualAlloc)( LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect );
BOOL (__stdcall *VirtualFree)( LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType );
HANDLE (__stdcall *OpenThread)( DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwThreadId );
BOOL (__stdcall *Wow64DisableWow64FsRedirection)( PVOID *OldValue );
void *Wow64EnableWow64FsRedirection;
BOOL (__stdcall *GetVolumeInformationW)( LPCWSTR lpRootPathName, LPWSTR lpVolumeNameBuffer, DWORD nVolumeNameSize, LPDWORD lpVolumeSerialNumber, LPDWORD lpMaximumComponentLength, LPDWORD lpFileSystemFlags, LPWSTR lpFileSystemNameBuffer, DWORD nFileSystemNameSize );
BOOL (__stdcall *IsWow64Process)( HANDLE hProcess, PBOOL Wow64Process );
HANDLE (__stdcall *CreateThread)( LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId );
HANDLE (__stdcall *CreateFileW)( LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile );
HANDLE (__stdcall *CreateFileA)( LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile );
BOOL (__stdcall *FindClose)( HANDLE hFindFile );
DWORD (__stdcall *GetFileAttributesW)( LPCWSTR lpFileName );
DWORD (__stdcall *SetFilePointer)( HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod );
BOOL (__stdcall *WriteFile)( HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped );
BOOL (__stdcall *ReadFile)( HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped );
HANDLE (__stdcall *CreateMutexA)( LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName );
BOOL (__stdcall *ReleaseMutex)( HANDLE hMutex );
HRSRC (__stdcall *FindResourceA)( HMODULE hModule, LPCSTR lpName, LPCSTR lpType );
HRSRC (__stdcall *FindResourceW)( HMODULE hModule, LPCWSTR lpName, LPCWSTR lpType );
DWORD (__stdcall *SizeofResource)( HMODULE hModule, HRSRC hResInfo );
HGLOBAL (__stdcall *LoadResource)( HMODULE hModule, HRSRC hResInfo );
ULONGLONG (__stdcall *GetTickCount64)();
DWORD (__stdcall *ExpandEnvironmentStringsW)( LPCWSTR lpSrc, LPWSTR lpDst, DWORD nSize );
BOOL (__stdcall *GetThreadContext)( HANDLE hThread, LPCONTEXT lpContext );
void (__stdcall *SetLastError)( DWORD dwErrCode );
BOOL (__stdcall *GetComputerNameW)( LPWSTR lpBuffer, LPDWORD nSize );
void (__stdcall *Sleep)( DWORD dwMilliseconds );
DWORD (__stdcall *SleepEx)( DWORD dwMilliseconds, BOOL bAlertable );
HANDLE (__stdcall *OpenEventA)( DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName );
BOOL (__stdcall *SetEvent)( HANDLE hEvent );
HANDLE (__stdcall *CreateEventA)( LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCSTR lpName );
BOOL (__stdcall *TerminateThread)( HANDLE hThread, DWORD dwExitCode );
BOOL (__stdcall *QueryFullProcessImageNameW)( HANDLE hProcess, DWORD dwFlags, LPWSTR lpExeName, PDWORD lpdwSize );
HANDLE (__stdcall *CreateNamedPipeA)( LPCSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD nMaxInstances, DWORD nOutBufferSize, DWORD nInBufferSize, DWORD nDefaultTimeOut, LPSECURITY_ATTRIBUTES lpSecurityAttributes );
BOOL (__stdcall *ConnectNamedPipe)( HANDLE hNamedPipe, LPOVERLAPPED lpOverlapped );
void (__stdcall *GetLocalTime)( LPSYSTEMTIME lpSystemTime );
void (__stdcall *ExitProcess)( UINT uExitCode );
DWORD (__stdcall *GetEnvironmentVariableW)( LPCWSTR lpName, LPWSTR lpBuffer, DWORD nSize );
BOOL (__stdcall *GetExitCodeThread)( HANDLE hThread, LPDWORD lpExitCode );
DWORD (__stdcall *GetFileSize)( HANDLE hFile, LPDWORD lpFileSizeHigh );
BOOL (__stdcall *VirtualProtect)( LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect );
BOOL (__stdcall *VirtualProtectEx)( HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect );
LONG (__stdcall *InterlockedCompareExchange)( LONG volatile *Destination, LONG ExChange, LONG Comperand );
HANDLE (__stdcall *CreateRemoteThread)( HANDLE hProcess, LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId );
BOOL (__stdcall *SetEnvironmentVariableW)( LPCWSTR lpName, LPCWSTR lpValue );
DWORD (__stdcall *ResumeThread)( HANDLE hThread );
BOOL (__stdcall *TerminateProcess)( HANDLE hProcess, UINT uExitCode );
PVOID (__stdcall *AddVectoredExceptionHandler)( ULONG First, PVECTORED_EXCEPTION_HANDLER Handler );
BOOL (__stdcall *DeleteFileW)( LPCWSTR lpFileName );
BOOL (__stdcall *CopyFileW)( LPCWSTR lpExistingFileName, LPCWSTR lpNewFileName, BOOL bFailIfExists );
BOOL (__stdcall *AllocConsole)(void);
BOOL (__stdcall *SetConsoleCtrlHandler)( PHANDLER_ROUTINE HandlerRoutine, BOOL Add );
DWORD (__stdcall *GetModuleFileNameW)( HMODULE hModule, LPWSTR lpFilename, DWORD nSize );
HANDLE (__stdcall *GetCurrentProcess)();
BOOL (__stdcall *CreatePipe)( PHANDLE hReadPipe, PHANDLE hWritePipe, LPSECURITY_ATTRIBUTES lpPipeAttributes, DWORD nSize );
BOOL (__stdcall *GetExitCodeProcess)( HANDLE hProcess, LPDWORD lpExitCode );
};
struct iat_ntdll {
PVOID (__stdcall *RtlAllocateHeap)( PVOID HeapHandle, ULONG Flags, SIZE_T Size );
LOGICAL (__stdcall *RtlFreeHeap)( PVOID HeapHandle, ULONG Flags, PVOID BaseAddress );
NTSTATUS (__stdcall *RtlGetVersion)( PRTL_OSVERSIONINFOW lpVersionInformation );
NTSTATUS (__stdcall *NtCreateSection)( PHANDLE SectionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PLARGE_INTEGER MaximumSize, ULONG SectionPageProtection, ULONG AllocationAttributes, HANDLE FileHandle );
void *NtUnmapViewOfSection;
void *NtMapViewOfSection;
void *NtWriteVirtualMemory;
void *NtProtectVirtualMemory;
NTSTATUS (__stdcall *NtClose)( HANDLE Handle );
NTSTATUS (__stdcall *ZwQueryInformationThread) ( HANDLE ThreadHandle, THREADINFOCLASS ThreadInformationClass, PVOID ThreadInformation, ULONG ThreadInformationLength, PULONG ReturnLength );
};
struct iat_user32 {
int (__stdcall *MessageBoxA)( HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType );
BOOL (__stdcall *EnumWindows)( WNDENUMPROC lpEnumFunc, LPARAM lParam );
ATOM (__stdcall *RegisterClassExA)( const WNDCLASSEXA *unnamedParam1 );
HWND (__stdcall *CreateWindowExA)( DWORD dwExStyle, LPCSTR lpClassName, LPCSTR lpWindowName, DWORD dwStyle, int X, int Y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam );
BOOL (__stdcall *ChangeWindowMessageFilter)( UINT message, DWORD dwFlag );
BOOL (__stdcall *ShowWindow)( HWND hWnd, int nCmdShow );
BOOL (__stdcall *UpdateWindow)( HWND hWnd );
BOOL (__stdcall *GetMessageA)( LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax );
BOOL (__stdcall *TranslateMessage)( const MSG *lpMsg );
LRESULT (__stdcall *DispatchMessageA)( const MSG *lpMsg );
BOOL (__stdcall *DestroyWindow)( HWND hWnd );
BOOL (__stdcall *UnregisterClassA)( LPCSTR lpClassName, HINSTANCE hInstance );
void (__stdcall *PostQuitMessage)( int nExitCode );
LRESULT (__stdcall *DefWindowProcA)( HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam );
int (__stdcall *GetKeyboardLayoutList)( int nBuff, HKL *lpList );
int (__stdcall *GetSystemMetrics)( int nIndex );
HWINSTA (__stdcall *GetProcessWindowStation)();
BOOL (__stdcall *GetUserObjectInformationW)( HANDLE hObj, int nIndex, PVOID pvInfo, DWORD nLength, LPDWORD lpnLengthNeeded );
DWORD (__stdcall *CharUpperBuffW)( LPWSTR lpsz, DWORD cchLength );
DWORD (__stdcall *CharUpperBuffA)( LPSTR lpsz, DWORD cchLength );
int (__stdcall *GetClassNameA)( HWND hWnd, LPSTR lpClassName, int nMaxCount );
};
struct iat_netapi32 {
DWORD (__stdcall *NetShareEnum)( WCHAR* servername, DWORD level, LPBYTE *bufptr, DWORD prefmaxlen, LPDWORD entriesread, LPDWORD totalentries, LPDWORD resume_handle );
DWORD (__stdcall *NetUserEnum)( LPCWSTR servername, DWORD level, DWORD filter, LPBYTE *bufptr, DWORD prefmaxlen, LPDWORD entriesread, LPDWORD totalentries, PDWORD resume_handle );
DWORD (__stdcall *NetWkstaGetInfo)( WCHAR* servername, DWORD level, LPBYTE *bufptr );
DWORD (__stdcall *NetApiBufferFree)( LPVOID Buffer );
DWORD (__stdcall *NetGetDCName)( LPCWSTR ServerName, LPCWSTR DomainName, LPBYTE *Buffer );
DWORD (__stdcall *NetGetJoinInformation)( LPCWSTR lpServer, LPWSTR *lpNameBuffer, PNETSETUP_JOIN_STATUS BufferType );
};
struct iat_advapi32 {
BOOL (__stdcall *SetFileSecurityW)( LPCWSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor );
BOOL (__stdcall *AdjustTokenPrivileges)( HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength );
DWORD (__stdcall *SetEntriesInAclA)( ULONG cCountOfExplicitEntries, PEXPLICIT_ACCESS_A pListOfExplicitEntries, PACL OldAcl, PACL *NewAcl );
BOOL (__stdcall *AllocateAndInitializeSid)( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid );
PVOID (__stdcall *FreeSid)( PSID pSid );
LSTATUS (__stdcall *RegOpenKeyExA)( HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult );
LSTATUS (__stdcall *RegQueryValueExA)( HKEY hKey, LPCSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData );
LSTATUS (__stdcall *RegCloseKey)( HKEY hKey );
BOOL (__stdcall *ConvertSidToStringSidA)( PSID Sid, LPSTR *StringSid );
BOOL (__stdcall *ConvertSidToStringSidW)( PSID Sid, LPWSTR *StringSid );
LSTATUS (__stdcall *RegCreateKeyA)( HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult );
LSTATUS (__stdcall *RegSetValueExA)( HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE *lpData, DWORD cbData );
LSTATUS (__stdcall *RegLoadKeyW)( HKEY hKey, LPCWSTR lpSubKey, LPCWSTR lpFile );
LSTATUS (__stdcall *RegUnLoadKeyW)( HKEY hKey, LPCWSTR lpSubKey );
SC_HANDLE (__stdcall *OpenSCManagerW)( LPCWSTR lpMachineName, LPCWSTR lpDatabaseName, DWORD dwDesiredAccess );
SC_HANDLE (__stdcall *CreateServiceW)( SC_HANDLE hSCManager, LPCWSTR lpServiceName, LPCWSTR lpDisplayName, DWORD dwDesiredAccess, DWORD dwServiceType, DWORD dwStartType, DWORD dwErrorControl, LPCWSTR lpBinaryPathName, LPCWSTR lpLoadOrderGroup, LPDWORD lpdwTagId, LPCWSTR lpDependencies, LPCWSTR lpServiceStartName, LPCWSTR lpPassword );
BOOL (__stdcall *StartServiceW)( SC_HANDLE hService, DWORD dwNumServiceArgs, LPCWSTR *lpServiceArgVectors );
BOOL (__stdcall *DeleteService)( SC_HANDLE hService );
BOOL (__stdcall *CloseServiceHandle)( SC_HANDLE hSCObject );
BOOL (__stdcall *CryptAcquireContextA)( HCRYPTPROV *phProv, LPCSTR szContainer, LPCSTR szProvider, DWORD dwProvType, DWORD dwFlags );
BOOL (__stdcall *CryptCreateHash)( HCRYPTPROV hProv, ALG_ID Algid, HCRYPTKEY hKey, DWORD dwFlags, HCRYPTHASH *phHash );
BOOL (__stdcall *CryptHashData)( HCRYPTHASH hHash, const BYTE *pbData, DWORD dwDataLen, DWORD dwFlags );
BOOL (__stdcall *CryptVerifySignatureA)( HCRYPTHASH hHash, const BYTE *pbSignature, DWORD dwSigLen, HCRYPTKEY hPubKey, LPCSTR szDescription, DWORD dwFlags );
BOOL (__stdcall *CryptReleaseContext)( HCRYPTPROV hProv, DWORD dwFlags );
BOOL (__stdcall *CryptDestroyKey)( HCRYPTKEY hKey );
BOOL (__stdcall *CryptDestroyHash)( HCRYPTHASH hHash );
BOOL (__stdcall *EqualSid)( PSID pSid1, PSID pSid2 );
BOOL (__stdcall *LookupAccountSidW)( LPCWSTR lpSystemName, PSID Sid, LPWSTR Name, LPDWORD cchName, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse );
BOOL (__stdcall *OpenProcessToken)( HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle );
BOOL (__stdcall *GetTokenInformation)( HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength );
BOOL (__stdcall *OpenThreadToken)( HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, PHANDLE TokenHandle );
PUCHAR (__stdcall *GetSidSubAuthorityCount)( PSID pSid );
PDWORD (__stdcall *GetSidSubAuthority)( PSID pSid, DWORD nSubAuthority );
BOOL (__stdcall *ConvertStringSecurityDescriptorToSecurityDescriptorW)( LPCWSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize );
BOOL (__stdcall *GetSecurityDescriptorSacl)( PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted );
DWORD (__stdcall *SetSecurityInfo)( HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl );
BOOL (__stdcall *InitializeSecurityDescriptor)( PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision );
BOOL (__stdcall *SetSecurityDescriptorDacl)( PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pDacl, BOOL bDaclDefaulted );
BOOL (__stdcall *LookupPrivilegeValueA)( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid );
BOOL (__stdcall *StartServiceCtrlDispatcherA)( const SERVICE_TABLE_ENTRYA *lpServiceStartTable );
BOOL (__stdcall *SetServiceStatus)( SERVICE_STATUS_HANDLE hServiceStatus, LPSERVICE_STATUS lpServiceStatus );
SERVICE_STATUS_HANDLE (__stdcall *RegisterServiceCtrlHandlerA)( LPCSTR lpServiceName, LPHANDLER_FUNCTION lpHandlerProc );
LSTATUS (__stdcall *RegDeleteValueW)( HKEY hKey, LPCWSTR lpValueName );
LSTATUS (__stdcall *RegOpenKeyExW)( HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult );
LSTATUS (__stdcall *RegQueryInfoKeyW)( HKEY hKey, LPWSTR lpClass, LPDWORD lpcchClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcbMaxSubKeyLen, LPDWORD lpcbMaxClassLen, LPDWORD lpcValues, LPDWORD lpcbMaxValueNameLen, LPDWORD lpcbMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime );
LSTATUS (__stdcall *RegDeleteValueA)( HKEY hKey, LPCSTR lpValueName );
BOOL (__stdcall *IsTextUnicode)( const void *lpv, int iSize, LPINT lpiResult );
LSTATUS (__stdcall *RegQueryValueExW)( HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData );
LSTATUS (__stdcall *RegSetValueExW)( HKEY hKey, LPCWSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE *lpData, DWORD cbData );
BOOL (__stdcall *LookupAccountNameW)( LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid, LPDWORD cbSid, LPWSTR ReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse );
LSTATUS (__stdcall *RegEnumValueW)( HKEY hKey, DWORD dwIndex, LPWSTR lpValueName, LPDWORD lpcchValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData );
};
struct iat_shlwapi {
PCSTR (__stdcall *StrStrIA)( PCSTR pszFirst, PCSTR pszSrch );
PCWSTR (__stdcall *StrStrIW)( PCWSTR pszFirst, PCWSTR pszSrch );
int (__stdcall *StrCmpIW)( PCWSTR psz1, PCWSTR psz2 );
LPSTR (__stdcall *PathCombineA)( LPSTR pszDest, LPCSTR pszDir, LPCSTR pszFile );
LPWSTR (__stdcall *PathCombineW)( LPWSTR pszDest, LPCWSTR pszDir, LPCWSTR pszFile );
BOOL (__stdcall *PathMatchSpecA)( LPCSTR pszFile, LPCSTR pszSpec );
BOOL (__stdcall *PathMatchSpecW)( LPCWSTR pszFile, LPCWSTR pszSpec );
BOOL (__stdcall *PathUnquoteSpacesW)( LPWSTR lpsz );
BOOL (__stdcall *StrTrimW)( PWSTR psz, PCWSTR pszTrimChars );
int (__stdcall *StrCmpNIA)( PCSTR psz1, PCSTR psz2, int nChar );
PCWSTR (__stdcall *StrStrW)( PCWSTR pszFirst, PCWSTR pszSrch );
};
struct iat_shell32 {
HINSTANCE (__stdcall *ShellExecuteW)( HWND hwnd, LPCWSTR lpOperation, LPCWSTR lpFile, LPCWSTR lpParameters, LPCWSTR lpDirectory, INT nShowCmd );
DWORD (__stdcall *SHGetFolderPathW)( HWND hwnd, int csidl, HANDLE hToken, DWORD dwFlags, LPWSTR pszPath );
};
struct iat_userenv {
BOOL (__stdcall *GetUserProfileDirectoryW)( HANDLE hToken, LPWSTR lpProfileDir, LPDWORD lpcchSize );
};
struct iat_ws2_32 {
int (__stdcall *WSAGetLastError)();
void (__stdcall *WSASetLastError)( int iError );
char * (__stdcall *inet_ntoa)( in_addr in );
unsigned long (__stdcall *inet_addr)( const char *cp );
};