├── .gitattributes
├── .gitignore
├── README.md
├── core.cpp
├── dependencies
    └── vdm
    │   ├── util
    │       ├── nt.hpp
    │       └── util.hpp
    │   ├── vdm
    │       └── vdm.hpp
    │   └── vdm_ctx
    │       ├── vdm_ctx.cpp
    │       └── vdm_ctx.hpp
├── eac-mapper.vcxproj
└── eac-mapper.vcxproj.filters


/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Ignore Visual Studio temporary files, build results, and
  2 | ## files generated by popular Visual Studio add-ons.
  3 | ##
  4 | ## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore
  5 | 
  6 | # User-specific files
  7 | *.rsuser
  8 | *.suo
  9 | *.user
 10 | *.userosscache
 11 | *.sln.docstates
 12 | 
 13 | # User-specific files (MonoDevelop/Xamarin Studio)
 14 | *.userprefs
 15 | 
 16 | # Mono auto generated files
 17 | mono_crash.*
 18 | 
 19 | # Build results
 20 | [Dd]ebug/
 21 | [Dd]ebugPublic/
 22 | [Rr]elease/
 23 | [Rr]eleases/
 24 | x64/
 25 | x86/
 26 | [Ww][Ii][Nn]32/
 27 | [Aa][Rr][Mm]/
 28 | [Aa][Rr][Mm]64/
 29 | bld/
 30 | [Bb]in/
 31 | [Oo]bj/
 32 | [Ll]og/
 33 | [Ll]ogs/
 34 | 
 35 | # Visual Studio 2015/2017 cache/options directory
 36 | .vs/
 37 | # Uncomment if you have tasks that create the project's static files in wwwroot
 38 | #wwwroot/
 39 | 
 40 | # Visual Studio 2017 auto generated files
 41 | Generated\ Files/
 42 | 
 43 | # MSTest test Results
 44 | [Tt]est[Rr]esult*/
 45 | [Bb]uild[Ll]og.*
 46 | 
 47 | # NUnit
 48 | *.VisualState.xml
 49 | TestResult.xml
 50 | nunit-*.xml
 51 | 
 52 | # Build Results of an ATL Project
 53 | [Dd]ebugPS/
 54 | [Rr]eleasePS/
 55 | dlldata.c
 56 | 
 57 | # Benchmark Results
 58 | BenchmarkDotNet.Artifacts/
 59 | 
 60 | # .NET Core
 61 | project.lock.json
 62 | project.fragment.lock.json
 63 | artifacts/
 64 | 
 65 | # ASP.NET Scaffolding
 66 | ScaffoldingReadMe.txt
 67 | 
 68 | # StyleCop
 69 | StyleCopReport.xml
 70 | 
 71 | # Files built by Visual Studio
 72 | *_i.c
 73 | *_p.c
 74 | *_h.h
 75 | *.ilk
 76 | *.meta
 77 | *.obj
 78 | *.iobj
 79 | *.pch
 80 | *.pdb
 81 | *.ipdb
 82 | *.pgc
 83 | *.pgd
 84 | *.rsp
 85 | *.sbr
 86 | *.tlb
 87 | *.tli
 88 | *.tlh
 89 | *.tmp
 90 | *.tmp_proj
 91 | *_wpftmp.csproj
 92 | *.log
 93 | *.tlog
 94 | *.vspscc
 95 | *.vssscc
 96 | .builds
 97 | *.pidb
 98 | *.svclog
 99 | *.scc
100 | 
101 | # Chutzpah Test files
102 | _Chutzpah*
103 | 
104 | # Visual C++ cache files
105 | ipch/
106 | *.aps
107 | *.ncb
108 | *.opendb
109 | *.opensdf
110 | *.sdf
111 | *.cachefile
112 | *.VC.db
113 | *.VC.VC.opendb
114 | 
115 | # Visual Studio profiler
116 | *.psess
117 | *.vsp
118 | *.vspx
119 | *.sap
120 | 
121 | # Visual Studio Trace Files
122 | *.e2e
123 | 
124 | # TFS 2012 Local Workspace
125 | $tf/
126 | 
127 | # Guidance Automation Toolkit
128 | *.gpState
129 | 
130 | # ReSharper is a .NET coding add-in
131 | _ReSharper*/
132 | *.[Rr]e[Ss]harper
133 | *.DotSettings.user
134 | 
135 | # TeamCity is a build add-in
136 | _TeamCity*
137 | 
138 | # DotCover is a Code Coverage Tool
139 | *.dotCover
140 | 
141 | # AxoCover is a Code Coverage Tool
142 | .axoCover/*
143 | !.axoCover/settings.json
144 | 
145 | # Coverlet is a free, cross platform Code Coverage Tool
146 | coverage*.json
147 | coverage*.xml
148 | coverage*.info
149 | 
150 | # Visual Studio code coverage results
151 | *.coverage
152 | *.coveragexml
153 | 
154 | # NCrunch
155 | _NCrunch_*
156 | .*crunch*.local.xml
157 | nCrunchTemp_*
158 | 
159 | # MightyMoose
160 | *.mm.*
161 | AutoTest.Net/
162 | 
163 | # Web workbench (sass)
164 | .sass-cache/
165 | 
166 | # Installshield output folder
167 | [Ee]xpress/
168 | 
169 | # DocProject is a documentation generator add-in
170 | DocProject/buildhelp/
171 | DocProject/Help/*.HxT
172 | DocProject/Help/*.HxC
173 | DocProject/Help/*.hhc
174 | DocProject/Help/*.hhk
175 | DocProject/Help/*.hhp
176 | DocProject/Help/Html2
177 | DocProject/Help/html
178 | 
179 | # Click-Once directory
180 | publish/
181 | 
182 | # Publish Web Output
183 | *.[Pp]ublish.xml
184 | *.azurePubxml
185 | # Note: Comment the next line if you want to checkin your web deploy settings,
186 | # but database connection strings (with potential passwords) will be unencrypted
187 | *.pubxml
188 | *.publishproj
189 | 
190 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
191 | # checkin your Azure Web App publish settings, but sensitive information contained
192 | # in these scripts will be unencrypted
193 | PublishScripts/
194 | 
195 | # NuGet Packages
196 | *.nupkg
197 | # NuGet Symbol Packages
198 | *.snupkg
199 | # The packages folder can be ignored because of Package Restore
200 | **/[Pp]ackages/*
201 | # except build/, which is used as an MSBuild target.
202 | !**/[Pp]ackages/build/
203 | # Uncomment if necessary however generally it will be regenerated when needed
204 | #!**/[Pp]ackages/repositories.config
205 | # NuGet v3's project.json files produces more ignorable files
206 | *.nuget.props
207 | *.nuget.targets
208 | 
209 | # Microsoft Azure Build Output
210 | csx/
211 | *.build.csdef
212 | 
213 | # Microsoft Azure Emulator
214 | ecf/
215 | rcf/
216 | 
217 | # Windows Store app package directories and files
218 | AppPackages/
219 | BundleArtifacts/
220 | Package.StoreAssociation.xml
221 | _pkginfo.txt
222 | *.appx
223 | *.appxbundle
224 | *.appxupload
225 | 
226 | # Visual Studio cache files
227 | # files ending in .cache can be ignored
228 | *.[Cc]ache
229 | # but keep track of directories ending in .cache
230 | !?*.[Cc]ache/
231 | 
232 | # Others
233 | ClientBin/
234 | ~$*
235 | *~
236 | *.dbmdl
237 | *.dbproj.schemaview
238 | *.jfm
239 | *.pfx
240 | *.publishsettings
241 | orleans.codegen.cs
242 | 
243 | # Including strong name files can present a security risk
244 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
245 | #*.snk
246 | 
247 | # Since there are multiple workflows, uncomment next line to ignore bower_components
248 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
249 | #bower_components/
250 | 
251 | # RIA/Silverlight projects
252 | Generated_Code/
253 | 
254 | # Backup & report files from converting an old project file
255 | # to a newer Visual Studio version. Backup files are not needed,
256 | # because we have git ;-)
257 | _UpgradeReport_Files/
258 | Backup*/
259 | UpgradeLog*.XML
260 | UpgradeLog*.htm
261 | ServiceFabricBackup/
262 | *.rptproj.bak
263 | 
264 | # SQL Server files
265 | *.mdf
266 | *.ldf
267 | *.ndf
268 | 
269 | # Business Intelligence projects
270 | *.rdl.data
271 | *.bim.layout
272 | *.bim_*.settings
273 | *.rptproj.rsuser
274 | *- [Bb]ackup.rdl
275 | *- [Bb]ackup ([0-9]).rdl
276 | *- [Bb]ackup ([0-9][0-9]).rdl
277 | 
278 | # Microsoft Fakes
279 | FakesAssemblies/
280 | 
281 | # GhostDoc plugin setting file
282 | *.GhostDoc.xml
283 | 
284 | # Node.js Tools for Visual Studio
285 | .ntvs_analysis.dat
286 | node_modules/
287 | 
288 | # Visual Studio 6 build log
289 | *.plg
290 | 
291 | # Visual Studio 6 workspace options file
292 | *.opt
293 | 
294 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
295 | *.vbw
296 | 
297 | # Visual Studio 6 auto-generated project file (contains which files were open etc.)
298 | *.vbp
299 | 
300 | # Visual Studio 6 workspace and project file (working project files containing files to include in project)
301 | *.dsw
302 | *.dsp
303 | 
304 | # Visual Studio 6 technical files 
305 | *.ncb
306 | *.aps
307 | 
308 | # Visual Studio LightSwitch build output
309 | **/*.HTMLClient/GeneratedArtifacts
310 | **/*.DesktopClient/GeneratedArtifacts
311 | **/*.DesktopClient/ModelManifest.xml
312 | **/*.Server/GeneratedArtifacts
313 | **/*.Server/ModelManifest.xml
314 | _Pvt_Extensions
315 | 
316 | # Paket dependency manager
317 | .paket/paket.exe
318 | paket-files/
319 | 
320 | # FAKE - F# Make
321 | .fake/
322 | 
323 | # CodeRush personal settings
324 | .cr/personal
325 | 
326 | # Python Tools for Visual Studio (PTVS)
327 | __pycache__/
328 | *.pyc
329 | 
330 | # Cake - Uncomment if you are using it
331 | # tools/**
332 | # !tools/packages.config
333 | 
334 | # Tabs Studio
335 | *.tss
336 | 
337 | # Telerik's JustMock configuration file
338 | *.jmconfig
339 | 
340 | # BizTalk build output
341 | *.btp.cs
342 | *.btm.cs
343 | *.odx.cs
344 | *.xsd.cs
345 | 
346 | # OpenCover UI analysis results
347 | OpenCover/
348 | 
349 | # Azure Stream Analytics local run output
350 | ASALocalRun/
351 | 
352 | # MSBuild Binary and Structured Log
353 | *.binlog
354 | 
355 | # NVidia Nsight GPU debugger configuration file
356 | *.nvuser
357 | 
358 | # MFractors (Xamarin productivity tool) working folder
359 | .mfractor/
360 | 
361 | # Local History for Visual Studio
362 | .localhistory/
363 | 
364 | # Visual Studio History (VSHistory) files
365 | .vshistory/
366 | 
367 | # BeatPulse healthcheck temp database
368 | healthchecksdb
369 | 
370 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
371 | MigrationBackup/
372 | 
373 | # Ionide (cross platform F# VS Code tools) working folder
374 | .ionide/
375 | 
376 | # Fody - auto-generated XML schema
377 | FodyWeavers.xsd
378 | 
379 | # VS Code files for those working on multiple tools
380 | .vscode/*
381 | !.vscode/settings.json
382 | !.vscode/tasks.json
383 | !.vscode/launch.json
384 | !.vscode/extensions.json
385 | *.code-workspace
386 | 
387 | # Local History for Visual Studio Code
388 | .history/
389 | 
390 | # Windows Installer files from build outputs
391 | *.cab
392 | *.msi
393 | *.msix
394 | *.msm
395 | *.msp
396 | 
397 | # JetBrains Rider
398 | *.sln.iml
399 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # eac-mapper
 2 | 
 3 | ## How it works?
 4 | 
 5 | When the EasyAntiCheat driver is initialized, it walks through each loaded driver's read-only sections with MmCopyMemory to ensure that malicious patches have not taken place.  But, EasyAntiCheat has a slight oversight resulting in certain drivers, known as session drivers, to not be accounted for during these initial scans.  From my debugging, EasyAntiCheat entirely skips session drivers and does not make any attemps to ensure their integrity.
 6 | 
 7 | ## What are session drivers?
 8 | In short, session drivers are drivers that are not globally mapped to every address space, such as the address space EasyAntiCheat's driver is executing under.  This allows us to freely patch such drivers without any consequences.
 9 | 
10 | ## How can it be fixed?
11 | EasyAntiCheat can easily patch this method by attaching to a process that has such drivers mapped into its address space, such as the explorer process.
12 | 
13 | ## Notes
14 | - This method will evade all EasyAntiCheat scans
15 | - We can easily inline hook a function for simple usermode to kernel communication
16 | - The function can easily be changed that is mapped within the driver, as well as the data structure
17 | - Unlike previous released mappers, this raises 0 flags to EasyAntiCheat and is proven upon testing, not assumption, to be undetected
18 | 


--------------------------------------------------------------------------------
/core.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 | 	author: CompiledCode
  3 | 	comments fixed by: https://beta.openai.com/playground
  4 | 
  5 | 	credits:
  6 | 	- xeroxz for vdm
  7 | */
  8 | 
  9 | // vdm by xeroxz
 10 | #include "dependencies/vdm/vdm_ctx/vdm_ctx.hpp"
 11 | 
 12 | // wrappers around getting exports
 13 | const auto get_ntk_export = std::bind( &util::get_kmodule_export, "ntoskrnl.exe", std::placeholders::_1, false );
 14 | const auto get_w32_export = std::bind( &util::get_kmodule_export, "win32kbase.sys", std::placeholders::_1, false );
 15 | 
 16 | // a structure holding data
 17 | struct data_t
 18 | {
 19 | 	// imports
 20 | 	using ps_lookup_process_by_process_id_t = NTSTATUS( * )( std::uint64_t, void*& );
 21 | 	const ps_lookup_process_by_process_id_t ps_lookup_process_by_process_id = static_cast< ps_lookup_process_by_process_id_t >( get_ntk_export( "PsLookupProcessByProcessId" ) );
 22 | 
 23 | 	using mm_copy_virtual_memory_t = NTSTATUS( * )( void*, void*, void*, void*, std::size_t, std::uint8_t, std::size_t& );
 24 | 	const mm_copy_virtual_memory_t mm_copy_virtual_memory = static_cast< mm_copy_virtual_memory_t >( get_ntk_export( "MmCopyVirtualMemory" ) );
 25 | 
 26 | 	using obf_dereference_object_t = void( * )( void* );
 27 | 	const obf_dereference_object_t obf_dereference_object = static_cast< obf_dereference_object_t >( get_ntk_export( "ObfDereferenceObject" ) );
 28 | 
 29 | 	// arguments
 30 | 	const std::uint64_t from_pid, to_pid;
 31 | 	
 32 | 	void *const from_address, *const to_address;
 33 | 
 34 | 	const std::size_t size;
 35 | };
 36 | 
 37 | // the function that will be mapped into the driver
 38 | NTSTATUS mapped( const data_t& data )
 39 | {
 40 | 	void* from_process = nullptr, *to_process = nullptr;
 41 | 	
 42 | 	// obtain the process objects
 43 | 	if ( !NT_SUCCESS( data.ps_lookup_process_by_process_id( data.from_pid, from_process ) ) || !NT_SUCCESS( data.ps_lookup_process_by_process_id( data.to_pid, to_process ) ) )
 44 | 		return STATUS_INVALID_PARAMETER;
 45 | 
 46 | 	// copy the memory
 47 | 	std::size_t size;
 48 | 	if ( !NT_SUCCESS( data.mm_copy_virtual_memory( from_process, data.from_address, to_process, data.to_address, data.size, 1, size ) ) )
 49 | 		return STATUS_INVALID_PARAMETER;
 50 | 
 51 | 	// dereference the objects
 52 | 	data.obf_dereference_object( from_process );
 53 | 	data.obf_dereference_object( to_process );
 54 | 
 55 | 	return STATUS_SUCCESS;
 56 | }
 57 | 
 58 | int main( )
 59 | {
 60 | 	{
 61 | 		// establish a handle to the vulnerable driver, and wrap it using unique_ptr to close the handle when the scope dies
 62 | 		std::unique_ptr< std::remove_pointer_t< HANDLE >, decltype( &vdm::unload_drv ) > driver{ vdm::load_drv( ), &vdm::unload_drv };
 63 | 
 64 | 		// the actual vdm instance
 65 | 		vdm::vdm_ctx vdm{};
 66 | 
 67 | 		// the function that will be overwritten
 68 | 		const auto function = get_w32_export( "NtMapVisualRelativePoints" );
 69 | 
 70 | 		// obtain the physical address of the function
 71 | 		using mm_get_physical_address_t = PHYSICAL_ADDRESS( * )( void* );
 72 | 		const auto physical_address = vdm.syscall< mm_get_physical_address_t >( get_ntk_export( "MmGetPhysicalAddress" ), function );
 73 | 
 74 | 		// map the function
 75 | 		vdm::write_phys( reinterpret_cast< void* >( physical_address.QuadPart ), &mapped, 0x1D1 );
 76 | 	}
 77 | 
 78 | 	// load user32
 79 | 	std::unique_ptr< std::remove_pointer_t< HMODULE >, decltype( &FreeLibrary ) > user32{ LoadLibraryA( "user32.dll" ), &FreeLibrary };
 80 | 
 81 | 	// load win32u
 82 | 	std::unique_ptr< std::remove_pointer_t< HMODULE >, decltype( &FreeLibrary ) > win32u{ LoadLibraryA( "win32u.dll" ), &FreeLibrary };
 83 | 
 84 | 	const auto function = GetProcAddress( win32u.get( ), "NtMapVisualRelativePoints" );
 85 | 
 86 | 	// test variables
 87 | 	auto test_variable_one = 0xDEAD;
 88 | 	auto test_variable_two = 0xBEEF;
 89 | 
 90 | 	// initialize the data structure
 91 | 	data_t data
 92 | 	{
 93 | 		.from_pid = GetCurrentProcessId( ),
 94 | 		.to_pid = GetCurrentProcessId( ),
 95 | 
 96 | 		.from_address = &test_variable_one,
 97 | 		.to_address = &test_variable_two,
 98 | 		
 99 | 		.size = sizeof( int )
100 | 	};
101 | 	
102 | 	// test the function
103 | 	std::printf( "[+] before: %0X\n", test_variable_two );
104 | 	std::printf( "[+] result: %i\n", reinterpret_cast< decltype( &mapped ) >( function )( data ) );
105 | 	std::printf( "[+] after: %0X\n", test_variable_two );
106 | 
107 | 	return std::getchar( );
108 | }
109 | 


--------------------------------------------------------------------------------
/dependencies/vdm/util/nt.hpp:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <Windows.h>
 3 | #include <winternl.h>
 4 | 
 5 | #pragma comment(lib, "ntdll.lib")
 6 | #define PAGE_4KB 0x1000
 7 | 
 8 | constexpr auto SystemModuleInformation = 11;
 9 | typedef struct _RTL_PROCESS_MODULE_INFORMATION
10 | {
11 | 	HANDLE Section;
12 | 	PVOID MappedBase;
13 | 	PVOID ImageBase;
14 | 	ULONG ImageSize;
15 | 	ULONG Flags;
16 | 	USHORT LoadOrderIndex;
17 | 	USHORT InitOrderIndex;
18 | 	USHORT LoadCount;
19 | 	USHORT OffsetToFileName;
20 | 	UCHAR FullPathName[256];
21 | } RTL_PROCESS_MODULE_INFORMATION, * PRTL_PROCESS_MODULE_INFORMATION;
22 | 
23 | typedef struct _RTL_PROCESS_MODULES
24 | {
25 | 	ULONG NumberOfModules;
26 | 	RTL_PROCESS_MODULE_INFORMATION Modules[1];
27 | } RTL_PROCESS_MODULES, * PRTL_PROCESS_MODULES;
28 | 
29 | typedef enum _POOL_TYPE {
30 |     NonPagedPool,
31 |     NonPagedPoolExecute = NonPagedPool,
32 |     PagedPool,
33 |     NonPagedPoolMustSucceed = NonPagedPool + 2,
34 |     DontUseThisType,
35 |     NonPagedPoolCacheAligned = NonPagedPool + 4,
36 |     PagedPoolCacheAligned,
37 |     NonPagedPoolCacheAlignedMustS = NonPagedPool + 6,
38 |     MaxPoolType,
39 |     NonPagedPoolBase = 0,
40 |     NonPagedPoolBaseMustSucceed = NonPagedPoolBase + 2,
41 |     NonPagedPoolBaseCacheAligned = NonPagedPoolBase + 4,
42 |     NonPagedPoolBaseCacheAlignedMustS = NonPagedPoolBase + 6,
43 |     NonPagedPoolSession = 32,
44 |     PagedPoolSession = NonPagedPoolSession + 1,
45 |     NonPagedPoolMustSucceedSession = PagedPoolSession + 1,
46 |     DontUseThisTypeSession = NonPagedPoolMustSucceedSession + 1,
47 |     NonPagedPoolCacheAlignedSession = DontUseThisTypeSession + 1,
48 |     PagedPoolCacheAlignedSession = NonPagedPoolCacheAlignedSession + 1,
49 |     NonPagedPoolCacheAlignedMustSSession = PagedPoolCacheAlignedSession + 1,
50 |     NonPagedPoolNx = 512,
51 |     NonPagedPoolNxCacheAligned = NonPagedPoolNx + 4,
52 |     NonPagedPoolSessionNx = NonPagedPoolNx + 32,
53 | 
54 | } POOL_TYPE;
55 | 
56 | typedef LARGE_INTEGER PHYSICAL_ADDRESS, * PPHYSICAL_ADDRESS;
57 | 
58 | using PEPROCESS = PVOID;
59 | using PsLookupProcessByProcessId = NTSTATUS(__fastcall*)(
60 | 	HANDLE     ProcessId,
61 | 	PEPROCESS* Process
62 | );


--------------------------------------------------------------------------------
/dependencies/vdm/util/util.hpp:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #include <Windows.h>
  3 | #include <ntstatus.h>
  4 | 
  5 | #include <cstdint>
  6 | #include <string_view>
  7 | #include <algorithm>
  8 | #include <string_view>
  9 | #include <map>
 10 | #include "nt.hpp"
 11 | 
 12 | namespace util
 13 | {
 14 | 	inline std::map<std::uintptr_t, std::size_t> pmem_ranges{};
 15 | 	__forceinline auto is_valid(std::uintptr_t addr) -> bool
 16 | 	{
 17 | 		for (auto range : pmem_ranges)
 18 | 			if (addr >= range.first && addr <= range.first + range.second)
 19 | 				return true;
 20 | 
 21 | 		return false;
 22 | 	}
 23 | 
 24 | #pragma pack (push, 1)
 25 | 	struct PhysicalMemoryPage//CM_PARTIAL_RESOURCE_DESCRIPTOR
 26 | 	{
 27 | 		uint8_t type;
 28 | 		uint8_t shareDisposition;
 29 | 		uint16_t flags;
 30 | 		uint64_t pBegin;
 31 | 		uint32_t sizeButNotExactly;
 32 | 		uint32_t pad;
 33 | 
 34 | 		static constexpr uint16_t cm_resource_memory_large_40{ 0x200 };
 35 | 		static constexpr uint16_t cm_resource_memory_large_48{ 0x400 };
 36 | 		static constexpr uint16_t cm_resource_memory_large_64{ 0x800 };
 37 | 
 38 | 		uint64_t size()const noexcept
 39 | 		{
 40 | 			if (flags & cm_resource_memory_large_40)
 41 | 				return uint64_t{ sizeButNotExactly } << 8;
 42 | 			else if (flags & cm_resource_memory_large_48)
 43 | 				return uint64_t{ sizeButNotExactly } << 16;
 44 | 			else if (flags & cm_resource_memory_large_64)
 45 | 				return uint64_t{ sizeButNotExactly } << 32;
 46 | 			else
 47 | 				return uint64_t{ sizeButNotExactly };
 48 | 		}
 49 | 	};
 50 | 	static_assert(sizeof(PhysicalMemoryPage) == 20);
 51 | #pragma pack (pop)
 52 | 
 53 | 	inline const auto init_ranges = ([&]() -> bool
 54 | 	{
 55 | 			HKEY h_key;
 56 | 			DWORD type, size;
 57 | 			LPBYTE data;
 58 | 			RegOpenKeyEx(HKEY_LOCAL_MACHINE, "HARDWARE\\RESOURCEMAP\\System Resources\\Physical Memory", 0, KEY_READ, &h_key);
 59 | 			RegQueryValueEx(h_key, ".Translated", NULL, &type, NULL, &size); //get size
 60 | 			data = new BYTE[size];
 61 | 			RegQueryValueEx(h_key, ".Translated", NULL, &type, data, &size);
 62 | 			DWORD count = *(DWORD*)(data + 16);
 63 | 			auto pmi = data + 24;
 64 | 			for (int dwIndex = 0; dwIndex < count; dwIndex++)
 65 | 			{
 66 | #if 0
 67 | 				pmem_ranges.emplace(*(uint64_t*)(pmi + 0), *(uint64_t*)(pmi + 8));
 68 | #else
 69 | 				const PhysicalMemoryPage& page{ *(PhysicalMemoryPage*)(pmi - 4) };
 70 | 				pmem_ranges.emplace(page.pBegin, page.size());
 71 | #endif
 72 | 				pmi += 20;
 73 | 			}
 74 | 			delete[] data;
 75 | 			RegCloseKey(h_key);
 76 | 			return true;
 77 | 	})();
 78 | 
 79 | 	__forceinline auto get_file_header(void* base_addr) -> PIMAGE_FILE_HEADER
 80 | 	{
 81 | 		PIMAGE_DOS_HEADER dos_headers =
 82 | 			reinterpret_cast<PIMAGE_DOS_HEADER>(base_addr);
 83 | 
 84 | 		PIMAGE_NT_HEADERS nt_headers =
 85 | 			reinterpret_cast<PIMAGE_NT_HEADERS>(
 86 | 				reinterpret_cast<DWORD_PTR>(base_addr) + dos_headers->e_lfanew);
 87 | 
 88 | 		return &nt_headers->FileHeader;
 89 | 	}
 90 | 
 91 | 	__forceinline auto get_kmodule_base(const char* module_name) -> std::uintptr_t
 92 | 	{
 93 | 		void* buffer = nullptr;
 94 | 		DWORD buffer_size = NULL;
 95 | 
 96 | 		auto status = NtQuerySystemInformation(
 97 | 			static_cast<SYSTEM_INFORMATION_CLASS>(SystemModuleInformation),
 98 | 				buffer, buffer_size, &buffer_size);
 99 | 
100 | 		while (status == STATUS_INFO_LENGTH_MISMATCH)
101 | 		{
102 | 			VirtualFree(buffer, NULL, MEM_RELEASE);
103 | 			buffer = VirtualAlloc(nullptr, buffer_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
104 | 			status = NtQuerySystemInformation(
105 | 				static_cast<SYSTEM_INFORMATION_CLASS>(SystemModuleInformation), 
106 | 					buffer, buffer_size, &buffer_size);
107 | 		}
108 | 
109 | 		if (!NT_SUCCESS(status))
110 | 		{
111 | 			VirtualFree(buffer, NULL, MEM_RELEASE);
112 | 			return NULL;
113 | 		}
114 | 
115 | 		const auto modules = static_cast<PRTL_PROCESS_MODULES>(buffer);
116 | 		for (auto idx = 0u; idx < modules->NumberOfModules; ++idx)
117 | 		{
118 | 			const std::string current_module_name = std::string(reinterpret_cast<char*>(modules->Modules[idx].FullPathName) + modules->Modules[idx].OffsetToFileName);
119 | 			if (!_stricmp(current_module_name.c_str(), module_name))
120 | 			{
121 | 				const uint64_t result = reinterpret_cast<uint64_t>(modules->Modules[idx].ImageBase);
122 | 				VirtualFree(buffer, NULL, MEM_RELEASE);
123 | 				return result;
124 | 			}
125 | 		}
126 | 
127 | 		VirtualFree(buffer, NULL, MEM_RELEASE);
128 | 		return NULL;
129 | 	}
130 | 
131 | 	__forceinline auto get_kmodule_export(const char* module_name, const char* export_name, bool rva = false) -> void*
132 | 	{
133 | 		void* buffer = nullptr;
134 | 		DWORD buffer_size = NULL;
135 | 
136 | 		NTSTATUS status = NtQuerySystemInformation(
137 | 			static_cast<SYSTEM_INFORMATION_CLASS>(SystemModuleInformation),
138 | 			buffer,
139 | 			buffer_size,
140 | 			&buffer_size
141 | 		);
142 | 
143 | 		while (status == STATUS_INFO_LENGTH_MISMATCH)
144 | 		{
145 | 			VirtualFree(buffer, 0, MEM_RELEASE);
146 | 			buffer = VirtualAlloc(nullptr, buffer_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
147 | 			status = NtQuerySystemInformation(
148 | 				static_cast<SYSTEM_INFORMATION_CLASS>(SystemModuleInformation), 
149 | 				buffer, 
150 | 				buffer_size, 
151 | 				&buffer_size
152 | 			);
153 | 		}
154 | 
155 | 		if (!NT_SUCCESS(status))
156 | 		{
157 | 			VirtualFree(buffer, 0, MEM_RELEASE);
158 | 			return nullptr;
159 | 		}
160 | 
161 | 		const auto modules = static_cast<PRTL_PROCESS_MODULES>(buffer);
162 | 		for (auto idx = 0u; idx < modules->NumberOfModules; ++idx)
163 | 		{
164 | 			// find module and then load library it
165 | 			const std::string current_module_name = 
166 | 				std::string(reinterpret_cast<char*>(
167 | 					modules->Modules[idx].FullPathName) +
168 | 					modules->Modules[idx].OffsetToFileName
169 | 				);
170 | 
171 | 			if (!_stricmp(current_module_name.c_str(), module_name))
172 | 			{
173 | 				std::string full_path = reinterpret_cast<char*>(modules->Modules[idx].FullPathName);
174 | 				full_path.replace(full_path.find("\\SystemRoot\\"), 
175 | 					sizeof("\\SystemRoot\\") - 1, std::string(getenv("SYSTEMROOT")).append("\\"));
176 | 
177 | 				const auto module_base = 
178 | 					LoadLibraryEx(
179 | 						full_path.c_str(),
180 | 						NULL, 
181 | 						DONT_RESOLVE_DLL_REFERENCES
182 | 					);
183 | 
184 | 				PIMAGE_DOS_HEADER p_idh;
185 | 				PIMAGE_NT_HEADERS p_inh;
186 | 				PIMAGE_EXPORT_DIRECTORY p_ied;
187 | 
188 | 				PDWORD addr, name;
189 | 				PWORD ordinal;
190 | 
191 | 				p_idh = (PIMAGE_DOS_HEADER)module_base;
192 | 				if (p_idh->e_magic != IMAGE_DOS_SIGNATURE)
193 | 					return NULL;
194 | 
195 | 				p_inh = (PIMAGE_NT_HEADERS)((LPBYTE)module_base + p_idh->e_lfanew);
196 | 				if (p_inh->Signature != IMAGE_NT_SIGNATURE)
197 | 					return NULL;
198 | 
199 | 				if (p_inh->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress == 0)
200 | 					return NULL;
201 | 
202 | 				p_ied = (PIMAGE_EXPORT_DIRECTORY)((LPBYTE)module_base +
203 | 					p_inh->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
204 | 
205 | 				addr = (PDWORD)((LPBYTE)module_base + p_ied->AddressOfFunctions);
206 | 				name = (PDWORD)((LPBYTE)module_base + p_ied->AddressOfNames);
207 | 				ordinal = (PWORD)((LPBYTE)module_base + p_ied->AddressOfNameOrdinals);
208 | 
209 | 				// find exported function
210 | 				for (auto i = 0; i < p_ied->AddressOfFunctions; i++)
211 | 				{
212 | 					if (!strcmp(export_name, (char*)module_base + name[i]))
213 | 					{
214 | 						if (!rva)
215 | 						{
216 | 							auto result = (void*)((std::uintptr_t)modules->Modules[idx].ImageBase + addr[ordinal[i]]);
217 | 							VirtualFree(buffer, NULL, MEM_RELEASE);
218 | 							return result;
219 | 						}
220 | 						else
221 | 						{
222 | 							auto result = (void*)addr[ordinal[i]];
223 | 							VirtualFree(buffer, NULL, MEM_RELEASE);
224 | 							return result;
225 | 						}
226 | 					}
227 | 				}
228 | 			}
229 | 		}
230 | 
231 | 		VirtualFree(buffer, NULL, MEM_RELEASE);
232 | 		return nullptr;
233 | 	}
234 | }


--------------------------------------------------------------------------------
/dependencies/vdm/vdm/vdm.hpp:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <windows.h>
 3 | #include <cstdint>
 4 | 
 5 | #include "../util/util.hpp"
 6 | 
 7 | namespace vdm
 8 | {
 9 | 	inline HANDLE drv_handle;
10 | 	__forceinline auto load_drv() -> HANDLE
11 | 	{
12 | 		vdm::drv_handle = CreateFile(
13 | 			"\\\\.\\RwDrv",
14 | 			GENERIC_READ | GENERIC_WRITE,
15 | 			NULL,
16 | 			NULL,
17 | 			OPEN_EXISTING,
18 | 			FILE_ATTRIBUTE_NORMAL,
19 | 			NULL
20 | 		);
21 | 
22 | 		return vdm::drv_handle;
23 | 	}
24 | 
25 | 	__forceinline auto unload_drv(HANDLE drv_handle) -> NTSTATUS
26 | 	{
27 | 		if (!CloseHandle(drv_handle))
28 | 			return STATUS_FAIL_CHECK;
29 | 	}
30 | 
31 | 	struct data_packet_t
32 | 	{
33 | 		void* in;
34 | 		std::uint32_t size, unk = 0;
35 | 		void* out;
36 | 	};
37 | 
38 | 	__forceinline bool read_phys(void* addr, void* buffer, std::uint32_t size)
39 | 	{
40 | 		if (!util::is_valid(reinterpret_cast<std::uintptr_t>(addr)))
41 | 			return false;
42 | 
43 | 		auto packet = data_packet_t{ .in = addr, .size = size, .out = buffer };
44 | 		DeviceIoControl( vdm::drv_handle, 0x222808, &packet, sizeof( packet ), &packet, sizeof( packet ), nullptr, nullptr );
45 | 	}
46 | 
47 | 	__forceinline bool write_phys(void* addr, void* buffer, std::uint32_t size)
48 | 	{
49 | 		if (!util::is_valid(reinterpret_cast<std::uintptr_t>(addr)))
50 | 			return false;
51 | 
52 | 		auto packet = data_packet_t{ .in = addr, .size = size, .out = buffer };
53 | 		DeviceIoControl( vdm::drv_handle, 0x22280C, &packet, sizeof( packet ), &packet, sizeof( packet ), nullptr, nullptr );
54 | 	}
55 | }


--------------------------------------------------------------------------------
/dependencies/vdm/vdm_ctx/vdm_ctx.cpp:
--------------------------------------------------------------------------------
  1 | #include "vdm_ctx.hpp"
  2 | 
  3 | namespace vdm
  4 | {
  5 | 	vdm_ctx::vdm_ctx()
  6 | 	{
  7 | 		// already found the syscall's physical page...
  8 | 		if (vdm::syscall_address.load())
  9 | 			return;
 10 | 
 11 | 		vdm::ntoskrnl = reinterpret_cast<std::uint8_t*>(
 12 | 			LoadLibraryExA("ntoskrnl.exe", NULL,
 13 | 				DONT_RESOLVE_DLL_REFERENCES));
 14 | 
 15 | 		nt_rva = reinterpret_cast<std::uint32_t>(
 16 | 			util::get_kmodule_export(
 17 | 				"ntoskrnl.exe",
 18 | 				syscall_hook.first,
 19 | 				true
 20 | 			));
 21 | 
 22 | 		vdm::nt_page_offset = nt_rva % PAGE_4KB;
 23 | 		// for each physical memory range, make a thread to search it
 24 | 		std::vector<std::thread> search_threads;
 25 | 		for (auto ranges : util::pmem_ranges)
 26 | 			search_threads.emplace_back(std::thread(
 27 | 				&vdm_ctx::locate_syscall,
 28 | 				this,
 29 | 				ranges.first,
 30 | 				ranges.second
 31 | 			));
 32 | 
 33 | 		for (std::thread& search_thread : search_threads)
 34 | 			search_thread.join();
 35 | 	}
 36 | 
 37 | 	void vdm_ctx::set_read(read_phys_t& read_func)
 38 | 	{
 39 | 		this->read_phys = read_func;
 40 | 	}
 41 | 
 42 | 	void vdm_ctx::set_write(write_phys_t& write_func)
 43 | 	{
 44 | 		this->write_phys = write_func;
 45 | 	}
 46 | 
 47 | 	void vdm_ctx::rkm(void* dst, void* src, std::size_t size)
 48 | 	{
 49 | 		static const auto ntoskrnl_memcpy =
 50 | 			util::get_kmodule_export("ntoskrnl.exe", "memcpy");
 51 | 
 52 | 		this->syscall<decltype(&memcpy)>(
 53 | 			ntoskrnl_memcpy, dst, src, size);
 54 | 	}
 55 | 
 56 | 	void* vdm_ctx::wkm(void* dst, void* src, std::size_t size)
 57 | 	{
 58 | 		static const auto ntoskrnl_memcpy =
 59 | 			util::get_kmodule_export("ntoskrnl.exe", "memcpy");
 60 | 
 61 | 		return this->syscall<decltype(&memcpy)>(
 62 | 			ntoskrnl_memcpy, dst, src, size);
 63 | 	}
 64 | 
 65 | 	void vdm_ctx::locate_syscall(std::uintptr_t address, std::uintptr_t length) const
 66 | 	{
 67 | 		const auto page_data =
 68 | 			reinterpret_cast<std::uint8_t*>(
 69 | 				VirtualAlloc(
 70 | 					nullptr,
 71 | 					PAGE_4KB, MEM_COMMIT | MEM_RESERVE,
 72 | 					PAGE_READWRITE
 73 | 				));
 74 | 
 75 | 		for (auto page = 0u; page < length; page += PAGE_4KB)
 76 | 		{
 77 | 			if (vdm::syscall_address.load())
 78 | 				break;
 79 | 
 80 | 			if (!read_phys(reinterpret_cast<void*>(address + page), page_data, PAGE_4KB))
 81 | 				continue;
 82 | 
 83 | 			// check the first 32 bytes of the syscall, if its the same, test that its the correct
 84 | 			// occurrence of these bytes (since dxgkrnl is loaded into physical memory at least 2 times now)...
 85 | 			if (!memcmp(page_data + nt_page_offset, ntoskrnl + nt_rva, 32))
 86 | 				if (valid_syscall(reinterpret_cast<void*>(address + page + nt_page_offset)))
 87 | 					syscall_address.store(
 88 | 						reinterpret_cast<void*>(
 89 | 							address + page + nt_page_offset));
 90 | 		}
 91 | 		VirtualFree(page_data, PAGE_4KB, MEM_DECOMMIT);
 92 | 	}
 93 | 
 94 | 	bool vdm_ctx::valid_syscall(void* syscall_addr) const
 95 | 	{
 96 | 		static std::mutex syscall_mutex;
 97 | 		syscall_mutex.lock();
 98 | 
 99 | 		static const auto proc =
100 | 			GetProcAddress(
101 | 				LoadLibraryA(syscall_hook.second),
102 | 				syscall_hook.first
103 | 			);
104 | 
105 | 		// 0:  48 31 c0    xor rax, rax
106 | 		// 3 : c3          ret
107 | 		std::uint8_t shellcode[] = { 0x48, 0x31, 0xC0, 0xC3 };
108 | 		std::uint8_t orig_bytes[sizeof shellcode];
109 | 
110 | 		// save original bytes and install shellcode...
111 | 		read_phys(syscall_addr, orig_bytes, sizeof orig_bytes);
112 | 		write_phys(syscall_addr, shellcode, sizeof shellcode);
113 | 
114 | 		auto result = reinterpret_cast<NTSTATUS(__fastcall*)(void)>(proc)();
115 | 		write_phys(syscall_addr, orig_bytes, sizeof orig_bytes);
116 | 		syscall_mutex.unlock();
117 | 		return result == STATUS_SUCCESS;
118 | 	}
119 | }


--------------------------------------------------------------------------------
/dependencies/vdm/vdm_ctx/vdm_ctx.hpp:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #include <windows.h>
  3 | #include <string_view>
  4 | #include <vector>
  5 | #include <thread>
  6 | #include <atomic>
  7 | #include <mutex>
  8 | #include <functional>
  9 | #include "../vdm/vdm.hpp"
 10 | 
 11 | namespace vdm
 12 | {
 13 | 	// change this to whatever you want :^)
 14 | 	constexpr std::pair<const char*, const char*> syscall_hook = { "NtDeleteAtom", "ntdll.dll" };
 15 | 	inline std::atomic<bool> is_page_found = false;
 16 | 	inline std::atomic<void*> syscall_address = nullptr;
 17 | 	inline std::uint16_t nt_page_offset;
 18 | 	inline std::uint32_t nt_rva;
 19 | 	inline std::uint8_t* ntoskrnl;
 20 | 
 21 | 	using read_phys_t = std::function<decltype(vdm::read_phys)>;
 22 | 	using write_phys_t = std::function<decltype(vdm::write_phys)>;
 23 | 
 24 | 	class vdm_ctx
 25 | 	{
 26 | 	public:
 27 | 		explicit vdm_ctx();
 28 | 		void set_read(read_phys_t& read_func);
 29 | 		void set_write(write_phys_t& write_func);
 30 | 		void rkm(void* dst, void* src, std::size_t size);
 31 | 		void* wkm(void* dst, void* src, std::size_t size);
 32 | 
 33 | 		template <class T, class ... Ts>
 34 | 		__forceinline std::invoke_result_t<T, Ts...> syscall(void* addr, Ts... args) const
 35 | 		{
 36 | 			static const auto proc =
 37 | 				GetProcAddress(
 38 | 					LoadLibraryA(syscall_hook.second),
 39 | 					syscall_hook.first
 40 | 				);
 41 | 
 42 | 			static std::mutex syscall_mutex;
 43 | 			syscall_mutex.lock();
 44 | 
 45 | 			// jmp [rip+0x0]
 46 | 			std::uint8_t jmp_code[] =
 47 | 			{
 48 | 				0xff, 0x25, 0x00, 0x00,
 49 | 				0x00, 0x00, 0x00, 0x00,
 50 | 				0x00, 0x00, 0x00, 0x00,
 51 | 				0x00, 0x00
 52 | 			};
 53 | 
 54 | 			std::uint8_t orig_bytes[sizeof jmp_code];
 55 | 			*reinterpret_cast<void**>(jmp_code + 6) = addr;
 56 | 			read_phys(vdm::syscall_address.load(), orig_bytes, sizeof orig_bytes);
 57 | 
 58 | 			// execute hook...
 59 | 			write_phys(vdm::syscall_address.load(), jmp_code, sizeof jmp_code);
 60 | 			auto result = reinterpret_cast<T>(proc)(args...);
 61 | 			write_phys(vdm::syscall_address.load(), orig_bytes, sizeof orig_bytes);
 62 | 
 63 | 			syscall_mutex.unlock();
 64 | 			return result;
 65 | 		}
 66 | 
 67 | 		template <class T>
 68 | 		__forceinline auto rkm(std::uintptr_t addr) -> T
 69 | 		{
 70 | 			T buffer;
 71 | 			rkm((void*)&buffer, (void*)addr, sizeof T);
 72 | 			return buffer;
 73 | 		}
 74 | 
 75 | 		template <class T>
 76 | 		__forceinline void* wkm(std::uintptr_t addr, const T& value)
 77 | 		{
 78 | 			return wkm((void*)addr, (void*)&value, sizeof T);
 79 | 		}
 80 | 
 81 | 		__forceinline auto get_peprocess(std::uint32_t pid) -> PEPROCESS
 82 | 		{
 83 | 			static const auto ps_lookup_peproc =
 84 | 				util::get_kmodule_export(
 85 | 					"ntoskrnl.exe",
 86 | 					"PsLookupProcessByProcessId");
 87 | 
 88 | 			PEPROCESS peproc = nullptr;
 89 | 			this->syscall<PsLookupProcessByProcessId>(
 90 | 				ps_lookup_peproc,
 91 | 				(HANDLE)pid,
 92 | 				&peproc
 93 | 			);
 94 | 			return peproc;
 95 | 		}
 96 | 	private:
 97 | 		void locate_syscall(std::uintptr_t begin, std::uintptr_t end) const;
 98 | 		bool valid_syscall(void* syscall_addr) const;
 99 | 
100 | 		read_phys_t read_phys = vdm::read_phys;
101 | 		write_phys_t write_phys = vdm::write_phys;
102 | 	};
103 | }


--------------------------------------------------------------------------------
/eac-mapper.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>16.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{498c48ef-bf7a-4478-8eb3-e6cc4e02990e}</ProjectGuid>
 25 |     <RootNamespace>eacmapper</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v143</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v143</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>MultiByte</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 77 |     <LinkIncremental>false</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 80 |     <LinkIncremental>true</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <SDLCheck>true</SDLCheck>
 89 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 90 |       <ConformanceMode>true</ConformanceMode>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 95 |     </Link>
 96 |   </ItemDefinitionGroup>
 97 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 98 |     <ClCompile>
 99 |       <WarningLevel>Level3</WarningLevel>
100 |       <FunctionLevelLinking>true</FunctionLevelLinking>
101 |       <IntrinsicFunctions>true</IntrinsicFunctions>
102 |       <SDLCheck>true</SDLCheck>
103 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
104 |       <ConformanceMode>true</ConformanceMode>
105 |     </ClCompile>
106 |     <Link>
107 |       <SubSystem>Console</SubSystem>
108 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
109 |       <OptimizeReferences>true</OptimizeReferences>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <SDLCheck>true</SDLCheck>
117 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
118 |       <ConformanceMode>true</ConformanceMode>
119 |     </ClCompile>
120 |     <Link>
121 |       <SubSystem>Console</SubSystem>
122 |       <GenerateDebugInformation>true</GenerateDebugInformation>
123 |     </Link>
124 |   </ItemDefinitionGroup>
125 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
126 |     <ClCompile>
127 |       <WarningLevel>Level3</WarningLevel>
128 |       <FunctionLevelLinking>true</FunctionLevelLinking>
129 |       <IntrinsicFunctions>true</IntrinsicFunctions>
130 |       <SDLCheck>true</SDLCheck>
131 |       <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
132 |       <ConformanceMode>true</ConformanceMode>
133 |       <LanguageStandard>stdcpplatest</LanguageStandard>
134 |       <Optimization>Disabled</Optimization>
135 |       <BufferSecurityCheck>false</BufferSecurityCheck>
136 |       <ControlFlowGuard>false</ControlFlowGuard>
137 |     </ClCompile>
138 |     <Link>
139 |       <SubSystem>Console</SubSystem>
140 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
141 |       <OptimizeReferences>true</OptimizeReferences>
142 |       <GenerateDebugInformation>true</GenerateDebugInformation>
143 |     </Link>
144 |   </ItemDefinitionGroup>
145 |   <ItemGroup>
146 |     <ClCompile Include="core.cpp" />
147 |     <ClCompile Include="dependencies\vdm\vdm_ctx\vdm_ctx.cpp" />
148 |   </ItemGroup>
149 |   <ItemGroup>
150 |     <ClInclude Include="dependencies\vdm\util\nt.hpp" />
151 |     <ClInclude Include="dependencies\vdm\util\util.hpp" />
152 |     <ClInclude Include="dependencies\vdm\vdm\vdm.hpp" />
153 |     <ClInclude Include="dependencies\vdm\vdm_ctx\vdm_ctx.hpp" />
154 |   </ItemGroup>
155 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
156 |   <ImportGroup Label="ExtensionTargets">
157 |   </ImportGroup>
158 | </Project>


--------------------------------------------------------------------------------
/eac-mapper.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="core.cpp">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |     <ClCompile Include="dependencies\vdm\vdm_ctx\vdm_ctx.cpp">
22 |       <Filter>Source Files</Filter>
23 |     </ClCompile>
24 |   </ItemGroup>
25 |   <ItemGroup>
26 |     <ClInclude Include="dependencies\vdm\vdm_ctx\vdm_ctx.hpp">
27 |       <Filter>Header Files</Filter>
28 |     </ClInclude>
29 |     <ClInclude Include="dependencies\vdm\vdm\vdm.hpp">
30 |       <Filter>Header Files</Filter>
31 |     </ClInclude>
32 |     <ClInclude Include="dependencies\vdm\util\nt.hpp">
33 |       <Filter>Header Files</Filter>
34 |     </ClInclude>
35 |     <ClInclude Include="dependencies\vdm\util\util.hpp">
36 |       <Filter>Header Files</Filter>
37 |     </ClInclude>
38 |   </ItemGroup>
39 | </Project>


--------------------------------------------------------------------------------