-
Notifications
You must be signed in to change notification settings - Fork 4
/
Documentation.txt
284 lines (209 loc) · 11.2 KB
/
Documentation.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
/*-----------------------------------------------------------------------------------------------------------------
/ Name : RING WIN APIs \Or/ WIN APIs FOR RING
/ Purpose : Brings the power of WIN APIs into Ring Programming Language
/
/ Authors :
/ 1- Majdi Sobain <[email protected]>
/ 2-
/
/
/ Copyright (c) 2016-2017
/------------------------------------------------------------------------------------------------------------------*/
/* Note:
This extension library contains the extension file (ring_winapi.dll) , the extension-related ring functions (winapi.ring) , and
the header of extension-related ring functions (winapi.rh)
*/
/* =========================================================
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Function Name : rwaIsRunAsAdmin
Func. Purpose : Check whether this process (ring.exe) is running as administrator or not
Func. Params : () Nothing
Func. Return : True or False
Func. Auther : Majdi Sobain <[email protected]>
- - - - - - - - - - - - - - - - - - EXAMPLE - - - - - - - - - - - - - - - */
Load "WINAPI.ring"
If rwaIsRunAsAdmin() = True
See "Ring is running as administrator"
Ok
/*=========================================================*/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Function Name : rwaElevate
Func. Purpose : Elevate to ask administrator rights for the process
Func. Params : Either (String exepath) for running a particular app as administrator
/Or/ (String exepath, String params) to run a particular app with some parameters
Func. Return : Nothing
Func. Auther : Majdi Sobain <[email protected]>
- - - - - - - - - - - - - - - - - - EXAMPLE - - - - - - - - - - - - - - - */
Load "WINAPI.ring"
If rwaIsRunAsAdmin() = False
rwaElevate(exefilename(), filename()) #This will elevate ring and open the currently running app as Admin
Ok
/* - - - - - - - - - - - - - - Another EXAMPLE - - - - - - - - - - - - */
Load "WINAPI.ring"
rwaElevate("C:\Windows\explorer.exe") #The path of the executable file should be correct
/*=========================================================*/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Function Name : rShellExecute
Func. Type :
Func. Purpose : Execute\Open an application or file with specific action
Func. Params : (HWND hwnd, String lpOperation, String lpFile, String lpParameters, String lpDirectory, INT nShowCmd)
Func. Return : the value that returned by ShellExecute() function
Func. Auther : Majdi Sobain <[email protected]>
- - - - - - - - - - - - - - - - - - EXAMPLE - - - - - - - - - - - - - - - */
Load "WINAPI.ring"
# This function will open "rnote.ring" file in the "notpad.exe"
rShellExecute(NULL, "Open", "C:\Windows\notepad.exe", CurrentDir() + "\rnote.ring", NULL, SW_SHOWNORMAL)
# for more information on how to use it search net about using ShellExecute() function
/*=========================================================*/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Function Name : rShellExecuteResult
Func. Type : This is local ring function created in "winapi.ring"
Func. Purpose : it is a good function to reveal the code returned by rShellExecute()
Func. Params : ( RetID ) is the code that has been returned by rShellExecute() function
Func. Return : a string containing the interpretaion of the code returned by rShellExecute()
Func. Auther : Majdi Sobain <[email protected]>
- - - - - - - - - - - - - - - - - - EXAMPLE - - - - - - - - - - - - - - - */
Load "WINAPI.ring"
res = rShellExecute(NULL, "Open", "C:\Windows\notepad.exe", CurrentDir() + "\rnote.ring", NULL, SW_SHOWNORMAL)
See rShellExecuteResult(res)
/*=========================================================*/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Function Name : rwaIsWow64Process
Func. Purpose : Check whether this process (ring.exe) is a Wow64 process or not
Func. Params : () Nothing
Func. Return : (1) if True or (0) if False or (-1) if function failed
Func. Auther : Majdi Sobain <[email protected]>
- - - - - - - - - - - - - - - - - - EXAMPLE - - - - - - - - - - - - - - - */
Load "WINAPI.ring"
Switch rwaIsWow64Process()
On -1
See "The function couldn't check ring correctly"
On 0
See "Ring is not running as a Wow64Process"
On 1
See "Ring is running as a Wow64Process"
Off
/*=========================================================*/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Function Name : rwaUserSID
Func. Purpose : Return User SID
Func. Params : Either (HANDLE handle) of a process /Or/ () Nothing for the current process
Func. Return : User SID in a string format
Func. Auther : Majdi Sobain <[email protected]>
- - - - - - - - - - - - - - - - - - EXAMPLE - - - - - - - - - - - - - - - */
Load "WINAPI.ring"
See rwaUserSID()
/*=========================================================*/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Function Name : rwaUserName
Func. Purpose : Return user name according to the passed process
Note: if no parameter passed it will retrieve current user name
Func. Params : Either (HANDLE handle) of a process /Or/ () Nothing for the current process
Func. Return : User name in a string format
Func. Auther : Majdi Sobain <[email protected]>
Func. Source : https://msdn.microsoft.com/en-us/library/windows/desktop/aa379166(v=vs.85).aspx
Minimum supported Win client\server : XP(Desktop_apps)\Server2003(Desktop_apps)
- - - - - - - - - - - - - - - - - - EXAMPLE - - - - - - - - - - - - - - - */
Load "WINAPI.ring"
See rwaUserName()
/*=========================================================*/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Function Name : rwaSysErrorMsg
Func. Purpose : Return the string error message from the passed error code
Func. Params : Either (Number ID) to return a message in English
/Or/ (Number ID, BOOL allowlocale) to return a message in the user locale
Func. Return : Error message
Func. Auther : Majdi Sobain <[email protected]>
- - - - - - - - - - - - - - - - - - EXAMPLE - - - - - - - - - - - - - - - */
Load "WINAPI.ring"
rwaSysErrorMsg(5) # 5 is the error code that may be returned by other functions
/*=========================================================*/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Function Name : rGetLastError
Func. Purpose : Return the last error code
Func. Params : ---
Func. Return : Error code
Func. Auther : Majdi Sobain <[email protected]>
Func. Source : https://msdn.microsoft.com/en-us/library/ms679360.aspx
Minimum supported Win client\server\phone : XP\Server2003\Phone8
- - - - - - - - - - - - - - - - - - EXAMPLE - - - - - - - - - - - - - - - */
Load "WINAPI.ring"
errorCode = rGetLastError()
See rwaSysErrorMsg(errorCode) # This function will return the string message of the error codes
/*=========================================================*/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Function Name : rWow64EnableWow64FsRedirection
Func. Purpose : Enable or Disable file system redirection under Wow64 environment
Func. Params : True for enabling and False for disabling
Func. Return : True if succeed or False if not
Func. Auther : Majdi Sobain <[email protected]>
Func. Source : https://msdn.microsoft.com/en-us/library/aa365744.aspx
Minimum supported Win client\server : Vista(Desktop_apps)\Server2003(Desktop_apps)
- - - - - - - - - - - - - - - - - - EXAMPLE - - - - - - - - - - - - - - - */
Load "WINAPI.ring"
# Disable file system redirection
if rwaIsWow64Process() = 1
if rWow64EnableWow64FsRedirection(False)
see "File system redirection disabled successfully" + NL
else
see "Error: File system redirection can not be disabled" + NL
ok
# Enable file system redirection
if rwaIsWow64Process() = 1
if rWow64EnableWow64FsRedirection(True)
see "File system redirection enabled successfully" + NL
else
see "Error: File system redirection can not be enabled" + NL
ok
/*=========================================================*/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Function Name : rwaDisableWow64FsRedirection
Func. Purpose : Disable file system redirection under Wow64 environment (More reliable)
Func. Params : ---
Func. Return : Pointer to data that should be passed to rwaRevertWow64FsRedirection() function
if you want to re-enable redirection
Note: This function must not be used with rWow64EnableWow64FsRedirection() function
at the same time
Func. Auther : Majdi Sobain <[email protected]>
Func. Source : https://msdn.microsoft.com/en-us/library/aa365743.aspx
Minimum supported Win client\server : XP_Pro_x64(Desktop_apps)\Server2003SP1(Desktop_apps)
- - - - - - - - - - - - - - - - - - EXAMPLE - - - - - - - - - - - - - - - */
Load "WINAPI.ring"
# Disable file system redirection
if rwaIsWow64Process() = 1
DataHp = rwaDisableWow64FsRedirection() # To revert file system redirection DataHp is necessary
ok
/*=========================================================*/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Function Name : rwaRevertWow64FsRedirection
Func. Purpose : Re-enable file system redirection that was disabled by rwaDisableWow64FsRedirection()
Func. Params : Pointer to data that has been created by rwaDisableWow64FsRedirection()
Func. Return : True if revert file system redirection succeed or False if not
Note: This function must not be used with rWow64EnableWow64FsRedirection() function
at the same time
Func. Auther : Majdi Sobain <[email protected]>
Func. Source : https://msdn.microsoft.com/en-us/library/aa365743.aspx
Minimum supported Win client\server : XP_Pro_x64(Desktop_apps)\Server2003SP1(Desktop_apps)
- - - - - - - - - - - - - - - - - - EXAMPLE - - - - - - - - - - - - - - - */
Load "WINAPI.ring"
# Revert file system redirection from disabled state
if rwaIsWow64Process() = 1
if rwaRevertWow64FsRedirection(DataHp) # DataHp is a pointer to a returned data
# from rwaDisableWow64FsRedirection() function
See "The file system redirection has been reverted successfully"
else
See "Error: The file system redirection can not be reverted"
ok
ok
/*=========================================================*/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Function Name : rwaEnvirVarString
Func. Purpose : Return the string value of system environment variables
Func. Params : string contains a system environment variables
Func. Return : String value of system environment variables
Func. Auther : Majdi Sobain <[email protected]>
Func. Source : https://msdn.microsoft.com/en-us/library/windows/desktop/ms724265(v=vs.85).aspx
Minimum supported Win client\server : Win2000Pro(Desktop_apps)\Server2000(Desktop_apps)
- - - - - - - - - - - - - - - - - - EXAMPLE - - - - - - - - - - - - - - - */
Load "WINAPI.ring"
See rwaEnvirVarString("%SystemRoot%")