Fix for apisetschema forwarder

Hope this will fix it for ever :P

Author: Coldzer0

Build/Apiset.json

@@ -77,6 +77,7 @@
 {name:"api-ms-win-core-debug-minidump-l1-1-0", count:1, red: ["dbgcore.dll"]},
 {name:"api-ms-win-core-delayload-l1-1-0", count:1, red: ["kernelbase.dll"]},
 {name:"api-ms-win-core-delayload-l1-1-1", count:1, red: ["kernelbase.dll"]},
+{name:"api-ms-win-core-enclave-l1-1-0", count:1, red: ["kernelbase.dll"]},
 {name:"api-ms-win-core-enclave-l1-1-1", count:1, red: ["kernelbase.dll"]},
 {name:"api-ms-win-core-errorhandling-l1-1-0", count:1, red: ["kernel32.dll"]},
 {name:"api-ms-win-core-errorhandling-l1-1-3", count:1, red: ["kernelbase.dll"]},
@@ -128,11 +129,14 @@
 {name:"api-ms-win-core-localregistry-l1-1-0", count:1, red: ["kernel32.dll"]},
 {name:"api-ms-win-core-marshal-l1-1-0", count:1, red: ["combase.dll"]},
 {name:"api-ms-win-core-memory-l1-1-0", count:1, red: ["kernelbase.dll"]},
+{name:"api-ms-win-core-memory-l1-1-1", count:1, red: ["kernelbase.dll"]},
+{name:"api-ms-win-core-memory-l1-1-2", count:1, red: ["kernelbase.dll"]},
 {name:"api-ms-win-core-memory-l1-1-6", count:1, red: ["kernelbase.dll"]},
 {name:"api-ms-win-core-misc-l1-1-0", count:1, red: ["kernelbase.dll"]},
 {name:"api-ms-win-core-multipleproviderrouter-l1-1-0", count:1, red: ["mpr.dll"]},
 {name:"api-ms-win-core-namedpipe-ansi-l1-1-1", count:1, red: ["kernel32.dll"]},
 {name:"api-ms-win-core-namedpipe-l1-1-0", count:1, red: ["kernelbase.dll"]},
+{name:"api-ms-win-core-namedpipe-l1-2-1", count:1, red: ["kernelbase.dll"]},
 {name:"api-ms-win-core-namedpipe-l1-2-2", count:1, red: ["kernelbase.dll"]},
 {name:"api-ms-win-core-namespace-ansi-l1-1-0", count:1, red: ["kernel32.dll"]},
 {name:"api-ms-win-core-namespace-l1-1-0", count:1, red: ["kernelbase.dll"]},
@@ -150,6 +154,7 @@
 {name:"api-ms-win-core-processsecurity-l1-1-0", count:2, red: ["kernel32.dll", "kernelbase.dll"],"alias":"kernel32.dll"},
 {name:"api-ms-win-core-processsnapshot-l1-1-0", count:1, red: ["kernelbase.dll"]},
 {name:"api-ms-win-core-processthreads-l1-1-0", count:2, red: ["kernel32.dll", "kernelbase.dll"],"alias":"kernel32.dll"},
+{name:"api-ms-win-core-processthreads-l1-1-2", count:2, red: ["kernel32.dll", "kernelbase.dll"],"alias":"kernel32.dll"},
 {name:"api-ms-win-core-processthreads-l1-1-1", count:2, red: ["kernel32.dll", "kernelbase.dll"],"alias":"kernel32.dll"},
 {name:"api-ms-win-core-processthreads-l1-1-3", count:2, red: ["kernel32.dll", "kernelbase.dll"],"alias":"kernel32.dll"},
 {name:"api-ms-win-core-processtopology-l1-1-0", count:1, red: ["kernelbase.dll"]},
@@ -201,6 +206,8 @@
 {name:"api-ms-win-core-synch-l1-2-1", count:1, red: ["kernelbase.dll"]},
 {name:"api-ms-win-core-sysinfo-l1-1-0", count:1, red: ["kernelbase.dll"]},
 {name:"api-ms-win-core-sysinfo-l1-1-1", count:1, red: ["kernelbase.dll"]},
+{name:"api-ms-win-core-sysinfo-l1-2-1", count:1, red: ["kernelbase.dll"]},
+{name:"api-ms-win-core-sysinfo-l1-2-2", count:1, red: ["kernelbase.dll"]},
 {name:"api-ms-win-core-sysinfo-l1-2-4", count:1, red: ["kernelbase.dll"]},
 {name:"api-ms-win-core-sysinfo-l2-1-0", count:1, red: ["advapi32.dll"]},
 {name:"api-ms-win-core-systemtopology-l1-1-1", count:1, red: ["kernelbase.dll"]},
@@ -548,6 +555,7 @@
 {name:"ext-ms-win-gdi-path-l1-1-0", count:1, red: ["gdi32full.dll"]},
 {name:"ext-ms-win-gdi-print-l1-1-0", count:1, red: ["gdi32full.dll"]},
 {name:"ext-ms-win-gdi-private-l1-1-0", count:1, red: ["gdi32full.dll"]},
+{name:"ext-ms-win-gdi-desktop-l1-1-0", count:1, red: ["gdi32.dll"]},
 {name:"ext-ms-win-gdi-render-l1-1-0", count:1, red: ["gdi32.dll"]},
 {name:"ext-ms-win-gdi-rgn-l1-1-0", count:1, red: ["gdi32full.dll"]},
 {name:"ext-ms-win-gdi-wcs-l1-1-0", count:1, red: ["gdi32full.dll"]},

Build/hooks/address.js

@@ -1,61 +1,11 @@
-// var _parse_cmdline = new ApiHook();
-// _parse_cmdline.OnCallBack = function () {
+var addr_hook_example = new ApiHook();
+addr_hook_example.OnCallBack = function () {
 
-// 	var PC = Emu.ReadDword(Emu.ReadReg(REG_ESP));
+	info('EDI = ',Emu.ReadReg(REG_EDI).toString(16))
+	info('ESI = ',Emu.ReadReg(REG_ESI).toString(16))
+	info('Module : ',Emu.ReadStringA(Emu.ReadReg(REG_EAX)))
 
-// 	info('PC : 0x',PC.toString(16));
-
-// 	info(Emu.SetReg(REG_EIP, PC));
-//     return true;
-// };
-// _parse_cmdline.install(0x00403383);
-
-// _wcmdln fix
-
-// var Path = '"C:\\pla\\' + Emu.Filename + '"'; // :D 
-// var _wcmdln_ptr = Emu.GetProcAddr(Emu.GetModuleHandle('msvcr90.dll'), '_wcmdln');
-// var po = 
-// Emu.WriteStringW(_wcmdln_ptr,Path) : Emu.WriteStringA(_wcmdln_ptr,Path);
-
-
-
-
-// var tmpx = new ApiHook();
-// tmpx.OnCallBack = function () {
-
-
-// 	info('EDI = ',Emu.ReadReg(REG_EDI).toString(16))
-// 	info('ESI = ',Emu.ReadReg(REG_ESI).toString(16))
-// 	info('Module : ',Emu.ReadStringA(Emu.ReadReg(REG_EAX)))
-
-//     return true;
-// };
-
-// tmpx.install(0x401369);
-
-// var tmpx = new ApiHook();
-// tmpx.OnCallBack = function () {
-
-// 	info('esi = ',Emu.ReadReg(REG_ESI).toString(16))
-// 	info('ecx = ',Emu.ReadReg(REG_ECX).toString(16))
-
-// 	info('Module : ',Emu.ReadStringW(Emu.ReadReg(REG_ESI)))
-
-//     return true;
-// };
-
-// tmpx.install(0x401037);
-
-
-// var tmpz = new ApiHook();
-// tmpz.OnCallBack = function () {
-
-// 	info('esi = ',Emu.ReadReg(REG_ESI).toString(16))
-
-// 	info('API : ',Emu.ReadStringA(Emu.ReadReg(REG_ESI)))
-
-//     return true;
-// };
-
-// tmpz.install(0x401068);
+    return true;
+};
 
+addr_hook_example.install(0x401369);