├── kernel
├── kernel.vcxproj.user
├── library
│ ├── globals.h
│ ├── utils.h
│ ├── kecheck.h
│ ├── structs.h
│ └── stdint.h
├── entry.cpp
├── kernel.vcxproj.filters
├── kernel.inf
└── kernel.vcxproj
├── README.md
└── kernel.sln
/kernel/kernel.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Off
5 |
6 |
--------------------------------------------------------------------------------
/kernel/library/globals.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 | #include
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 | #include
10 | #include
11 | #include
12 | #include
13 |
14 | #include "stdint.h"
15 | #include "structs.h"
16 | #include "utils.h"
17 | #include "kecheck.h"
18 |
--------------------------------------------------------------------------------
/kernel/entry.cpp:
--------------------------------------------------------------------------------
1 | #include "library/globals.h"
2 |
3 | VOID NTAPI entry_thread(PVOID)
4 | {
5 | while (1)
6 | {
7 | ke_attach_detect();
8 | }
9 | }
10 |
11 | NTSTATUS entry_point(PVOID, PVOID)
12 | {
13 | HANDLE h_thread = 0;
14 | NTSTATUS status = PsCreateSystemThread(&h_thread, 0x10000000L, 0, 0, 0, entry_thread, 0);
15 |
16 | if (!NT_SUCCESS(status))
17 | return status;
18 |
19 | ZwClose(h_thread);
20 |
21 | return STATUS_SUCCESS;
22 | }
23 |
--------------------------------------------------------------------------------
/kernel/library/utils.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | UNICODE_STRING ansi_to_unicode(const char* str)
4 | {
5 | UNICODE_STRING unicode;
6 | ANSI_STRING ansi_str;
7 |
8 | RtlInitAnsiString(&ansi_str, str);
9 | RtlAnsiStringToUnicodeString(&unicode, &ansi_str, TRUE);
10 |
11 | return unicode;
12 | }
13 |
14 | PVOID get_kernel_proc_address(const char* system_routine_name)
15 | {
16 | UNICODE_STRING name;
17 | ANSI_STRING ansi_str;
18 |
19 | RtlInitAnsiString(&ansi_str, system_routine_name);
20 | RtlAnsiStringToUnicodeString(&name, &ansi_str, TRUE);
21 |
22 | return MmGetSystemRoutineAddress(&name);
23 | }
24 |
25 | PVOID get_module_base(const char* module_name, ULONG* size_module)
26 | {
27 | PLIST_ENTRY ps_loaded_module_list = PsLoadedModuleList;
28 | if (!ps_loaded_module_list)
29 | return (PVOID)NULL;
30 |
31 | UNICODE_STRING name = ansi_to_unicode(module_name);
32 | for (PLIST_ENTRY link = ps_loaded_module_list; link != ps_loaded_module_list->Blink; link = link->Flink)
33 | {
34 | PLDR_DATA_TABLE_ENTRY entry = CONTAINING_RECORD(link, LDR_DATA_TABLE_ENTRY, InLoadOrderModuleList);
35 |
36 | if (RtlEqualUnicodeString((PCUNICODE_STRING)&entry->BaseDllName, (PCUNICODE_STRING)&name, TRUE))
37 | {
38 | if (size_module != 0)
39 | *size_module = entry->SizeOfImage;
40 |
41 | return (PVOID)entry->DllBase;
42 | }
43 | }
44 |
45 | return (PVOID)NULL;
46 | }
47 |
48 | PVOID get_system_base_export(const char* module_name, LPCSTR routine_name)
49 | {
50 | PVOID image_base = get_module_base(module_name, 0);
51 | if (!image_base)
52 | return 0;
53 |
54 | return RtlFindExportedRoutineByName(image_base, routine_name);
55 | }
56 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Detect-KeAttachProcess
2 | Detect-KeAttachProcess - by iterating through all processes as well as checking the context of the thread.
3 |
4 | Recently I started studying the KeAttachProcess system.
5 | And to be more specific, how exactly can you find out that your process is attached.
6 | And so, as soon as we start looking at the function,
7 | we see that it first gets the current context of the thread from which Keattachprocess was called.
8 |
9 | 
10 |
11 | Also note that the PROCESS is passed to the "v2" variable from the argument,
12 | respectively, this is the target process to which the function is attached in the future.
13 |
14 | The current thread of the process from which the function is called,
15 | as well as the PROCESS from the argument, are passed to the "KiAttachProcess" function.
16 |
17 | 
18 |
19 | We switch to this function, and after studying it a little,
20 | we see that the target process (v2) is written to offset "0xB8" the current thread context.
21 |
22 | 
23 |
24 | The further plan is as follows:
25 |
26 | 1) Go through all the processes
27 | 2) Go through all the threads of each process in the system
28 | 3) Look in the context of each thread, what is the offset "0xB8".
29 |
30 | If the current process is not attached to anything,
31 | usually the current "PEPROCESS" of the process itself is stored in the offset "0xB8",
32 | and if the current process was attached to any process,
33 | then the "PEPROCESS" target process will be written to the offset "0xB8".
34 |
35 | I have implemented a check for this for every process in the system, and here is my result:
36 |
37 | 
38 |
--------------------------------------------------------------------------------
/kernel/library/kecheck.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | /*
4 |
5 | The offsets are given below, and the "ETHREAD_META" structure works from win 10 19041 to win 11.
6 |
7 | */
8 |
9 | #define ImageFileName 0x5A8 // EPROCESS::ImageFileName
10 | #define ActiveThreads 0x5F0 // EPROCESS::ActiveThreads
11 | #define ThreadListHead 0x5E0 // EPROCESS::ThreadListHead
12 | #define ActiveProcessLinks 0x448 // EPROCESS::ActiveProcessLinks
13 |
14 | void ke_attach_detect()
15 | {
16 | PEPROCESS sys_process = PsInitialSystemProcess;
17 | PEPROCESS cur_entry = sys_process;
18 |
19 | do
20 | {
21 | CHAR image_name[32];
22 | DWORD active_threads;
23 |
24 | RtlCopyMemory((PVOID)&image_name, (PVOID)((uintptr_t)cur_entry + ImageFileName), sizeof(image_name));
25 | RtlCopyMemory((PVOID)&active_threads, (PVOID)((uintptr_t)cur_entry + ActiveThreads), sizeof(active_threads));
26 |
27 | if (active_threads && cur_entry != sys_process)
28 | {
29 | LIST_ENTRY* thread_list_head = (LIST_ENTRY*)make_ptr(cur_entry, ThreadListHead);
30 | PLIST_ENTRY list = thread_list_head;
31 |
32 | while ((list = list->Flink) != thread_list_head)
33 | {
34 | PETHREAD_META entry = CONTAINING_RECORD(list, ETHREAD_META, ThreadListEntry);
35 | PEPROCESS attached_pe_proc = *(PEPROCESS*)((uintptr_t)entry + 0xB8);
36 |
37 | if (attached_pe_proc != cur_entry)
38 | {
39 | CHAR target_image_name[512];
40 | RtlCopyMemory((PVOID)(&target_image_name), (PVOID)((uintptr_t)attached_pe_proc + ImageFileName), sizeof(image_name));
41 |
42 | DbgPrintEx(0, 0, "%s attached -> %s\n", image_name, target_image_name);
43 | }
44 | }
45 | }
46 |
47 | PLIST_ENTRY list = (PLIST_ENTRY)((uintptr_t)(cur_entry) + ActiveProcessLinks);
48 | cur_entry = (PEPROCESS)((uintptr_t)list->Flink - ActiveProcessLinks);
49 |
50 | } while (cur_entry != sys_process);
51 | }
--------------------------------------------------------------------------------
/kernel/kernel.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {8E41214B-6785-4CFE-B992-037D68949A14}
14 | inf;inv;inx;mof;mc;
15 |
16 |
17 | {ae794118-a9c9-4bd9-9045-d8e44de9f315}
18 |
19 |
20 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
21 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
22 |
23 |
24 |
25 |
26 | Driver Files
27 |
28 |
29 |
30 |
31 | Source Files
32 |
33 |
34 |
35 |
36 | library
37 |
38 |
39 | library
40 |
41 |
42 | library
43 |
44 |
45 | library
46 |
47 |
48 | library
49 |
50 |
51 |
--------------------------------------------------------------------------------
/kernel/kernel.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; kernel.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=Sample ; TODO: edit Class
8 | ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
9 | Provider=%ManufacturerName%
10 | CatalogFile=kernel.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 | PnpLockDown=1
13 |
14 | [DestinationDirs]
15 | DefaultDestDir = 12
16 | kernel_Device_CoInstaller_CopyFiles = 11
17 |
18 | ; ================= Class section =====================
19 |
20 | [ClassInstall32]
21 | Addreg=SampleClassReg
22 |
23 | [SampleClassReg]
24 | HKR,,,0,%ClassName%
25 | HKR,,Icon,,-5
26 |
27 | [SourceDisksNames]
28 | 1 = %DiskName%,,,""
29 |
30 | [SourceDisksFiles]
31 | kernel.sys = 1,,
32 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
33 |
34 | ;*****************************************
35 | ; Install Section
36 | ;*****************************************
37 |
38 | [Manufacturer]
39 | %ManufacturerName%=Standard,NT$ARCH$
40 |
41 | [Standard.NT$ARCH$]
42 | %kernel.DeviceDesc%=kernel_Device, Root\kernel ; TODO: edit hw-id
43 |
44 | [kernel_Device.NT]
45 | CopyFiles=Drivers_Dir
46 |
47 | [Drivers_Dir]
48 | kernel.sys
49 |
50 | ;-------------- Service installation
51 | [kernel_Device.NT.Services]
52 | AddService = kernel,%SPSVCINST_ASSOCSERVICE%, kernel_Service_Inst
53 |
54 | ; -------------- kernel driver install sections
55 | [kernel_Service_Inst]
56 | DisplayName = %kernel.SVCDESC%
57 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER
58 | StartType = 3 ; SERVICE_DEMAND_START
59 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL
60 | ServiceBinary = %12%\kernel.sys
61 |
62 | ;
63 | ;--- kernel_Device Coinstaller installation ------
64 | ;
65 |
66 | [kernel_Device.NT.CoInstallers]
67 | AddReg=kernel_Device_CoInstaller_AddReg
68 | CopyFiles=kernel_Device_CoInstaller_CopyFiles
69 |
70 | [kernel_Device_CoInstaller_AddReg]
71 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
72 |
73 | [kernel_Device_CoInstaller_CopyFiles]
74 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
75 |
76 | [kernel_Device.NT.Wdf]
77 | KmdfService = kernel, kernel_wdfsect
78 | [kernel_wdfsect]
79 | KmdfLibraryVersion = $KMDFVERSION$
80 |
81 | [Strings]
82 | SPSVCINST_ASSOCSERVICE= 0x00000002
83 | ManufacturerName="" ;TODO: Replace with your manufacturer name
84 | ClassName="Samples" ; TODO: edit ClassName
85 | DiskName = "kernel Installation Disk"
86 | kernel.DeviceDesc = "kernel Device"
87 | kernel.SVCDESC = "kernel Service"
88 |
--------------------------------------------------------------------------------
/kernel.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.31911.196
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "kernel", "kernel\kernel.vcxproj", "{2211136A-E9DC-44ED-ACB0-F342DC08C4DC}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Debug|ARM.Build.0 = Debug|ARM
22 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Debug|x64.ActiveCfg = Debug|x64
27 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Debug|x64.Build.0 = Debug|x64
28 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Debug|x64.Deploy.0 = Debug|x64
29 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Debug|x86.ActiveCfg = Debug|Win32
30 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Debug|x86.Build.0 = Debug|Win32
31 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Debug|x86.Deploy.0 = Debug|Win32
32 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Release|ARM.ActiveCfg = Release|ARM
33 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Release|ARM.Build.0 = Release|ARM
34 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Release|ARM.Deploy.0 = Release|ARM
35 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Release|ARM64.Build.0 = Release|ARM64
37 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Release|x64.ActiveCfg = Release|x64
39 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Release|x64.Build.0 = Release|x64
40 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Release|x64.Deploy.0 = Release|x64
41 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Release|x86.ActiveCfg = Release|Win32
42 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Release|x86.Build.0 = Release|Win32
43 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | GlobalSection(ExtensibilityGlobals) = postSolution
49 | SolutionGuid = {CF052229-3368-4356-AE4A-77406BD2CB75}
50 | EndGlobalSection
51 | EndGlobal
52 |
--------------------------------------------------------------------------------
/kernel/library/structs.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | typedef struct _LDR_DATA_TABLE_ENTRY
4 | {
5 | LIST_ENTRY InLoadOrderModuleList;
6 | LIST_ENTRY InMemoryOrderModuleList;
7 | LIST_ENTRY InInitializationOrderModuleList;
8 | PVOID DllBase;
9 | PVOID EntryPoint;
10 | ULONG SizeOfImage;
11 | UNICODE_STRING FullDllName;
12 | UNICODE_STRING BaseDllName;
13 | ULONG Flags;
14 | USHORT LoadCount;
15 | USHORT TlsIndex;
16 | LIST_ENTRY HashLinks;
17 | PVOID SectionPointer;
18 | ULONG CheckSum;
19 | ULONG TimeDateStamp;
20 | } LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
21 |
22 | typedef struct _KLDR_DATA_TABLE_ENTRY
23 | {
24 | /* 0x0000 */ struct _LIST_ENTRY InLoadOrderLinks;
25 | /* 0x0010 */ void* ExceptionTable;
26 | /* 0x0018 */ unsigned long ExceptionTableSize;
27 | /* 0x001c */ long Padding_687;
28 | /* 0x0020 */ void* GpValue;
29 | /* 0x0028 */ struct _NON_PAGED_DEBUG_INFO* NonPagedDebugInfo;
30 | /* 0x0030 */ void* DllBase;
31 | /* 0x0038 */ void* EntryPoint;
32 | /* 0x0040 */ unsigned long SizeOfImage;
33 | /* 0x0044 */ long Padding_688;
34 | /* 0x0048 */ struct _UNICODE_STRING FullDllName;
35 | /* 0x0058 */ struct _UNICODE_STRING BaseDllName;
36 | /* 0x0068 */ unsigned long Flags;
37 | /* 0x006c */ unsigned short LoadCount;
38 | union
39 | {
40 | union
41 | {
42 | struct /* bitfield */
43 | {
44 | /* 0x006e */ unsigned short SignatureLevel : 4; /* bit position: 0 */
45 | /* 0x006e */ unsigned short SignatureType : 3; /* bit position: 4 */
46 | /* 0x006e */ unsigned short Unused : 9; /* bit position: 7 */
47 | }; /* bitfield */
48 | /* 0x006e */ unsigned short EntireField;
49 | }; /* size: 0x0002 */
50 | } /* size: 0x0002 */ u1;
51 | /* 0x0070 */ void* SectionPointer;
52 | /* 0x0078 */ unsigned long CheckSum;
53 | /* 0x007c */ unsigned long CoverageSectionSize;
54 | /* 0x0080 */ void* CoverageSection;
55 | /* 0x0088 */ void* LoadedImports;
56 | /* 0x0090 */ void* Spare;
57 | /* 0x0098 */ unsigned long SizeOfImageNotRounded;
58 | /* 0x009c */ unsigned long TimeDateStamp;
59 | } KLDR_DATA_TABLE_ENTRY, *PKLDR_DATA_TABLE_ENTRY; /* size: 0x00a0 */
60 |
61 | typedef struct _ETHREAD_META
62 | {
63 | char pad_0x0008[0x448]; //0x0008
64 | PVOID StartAddress; //0x0450
65 | char pad_0x0458[0x20]; //0x0458
66 | _CLIENT_ID Cid; //0x0478
67 | char pad_0x0480[0x50]; //0x0480
68 | PVOID Win32StartAddress; //0x04D0
69 | char pad_0x04D8[0x10]; //0x04D8
70 | struct _LIST_ENTRY ThreadListEntry; //0x04E8
71 | } ETHREAD_META, *PETHREAD_META;
72 |
73 | #define make_ptr(ptr, offset) ((uintptr_t)(ptr) + (uintptr_t)(offset))
74 |
75 | extern "C"
76 | {
77 | PLIST_ENTRY NTKERNELAPI PsLoadedModuleList;
78 | NTKERNELAPI PVOID NTAPI RtlFindExportedRoutineByName(_In_ PVOID ImageBase, _In_ PCCH RoutineName);
79 | NTKERNELAPI NTSTATUS ObReferenceObjectByName(IN PUNICODE_STRING ObjectName, IN ULONG Attributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext, OUT PVOID* Object);
80 | }
81 |
--------------------------------------------------------------------------------
/kernel/library/stdint.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #define _STDINT
3 |
4 | #ifndef RC_INVOKED
5 | typedef signed char int8_t;
6 | typedef short int16_t;
7 | typedef int int32_t;
8 | typedef long long int64_t;
9 | typedef unsigned char uint8_t;
10 | typedef unsigned short uint16_t;
11 | typedef unsigned int uint32_t;
12 | typedef unsigned long long uint64_t;
13 |
14 | typedef signed char int_least8_t;
15 | typedef short int_least16_t;
16 | typedef int int_least32_t;
17 | typedef long long int_least64_t;
18 | typedef unsigned char uint_least8_t;
19 | typedef unsigned short uint_least16_t;
20 | typedef unsigned int uint_least32_t;
21 | typedef unsigned long long uint_least64_t;
22 |
23 | typedef signed char int_fast8_t;
24 | typedef int int_fast16_t;
25 | typedef int int_fast32_t;
26 | typedef long long int_fast64_t;
27 | typedef unsigned char uint_fast8_t;
28 | typedef unsigned int uint_fast16_t;
29 | typedef unsigned int uint_fast32_t;
30 | typedef unsigned long long uint_fast64_t;
31 |
32 | typedef long long intmax_t;
33 | typedef unsigned long long uintmax_t;
34 |
35 | // These macros must exactly match those in the Windows SDK's intsafe.h.
36 | #define INT8_MIN (-127i8 - 1)
37 | #define INT16_MIN (-32767i16 - 1)
38 | #define INT32_MIN (-2147483647i32 - 1)
39 | #define INT64_MIN (-9223372036854775807i64 - 1)
40 | #define INT8_MAX 127i8
41 | #define INT16_MAX 32767i16
42 | #define INT32_MAX 2147483647i32
43 | #define INT64_MAX 9223372036854775807i64
44 | #define UINT8_MAX 0xffui8
45 | #define UINT16_MAX 0xffffui16
46 | #define UINT32_MAX 0xffffffffui32
47 | #define UINT64_MAX 0xffffffffffffffffui64
48 |
49 | #define INT_LEAST8_MIN INT8_MIN
50 | #define INT_LEAST16_MIN INT16_MIN
51 | #define INT_LEAST32_MIN INT32_MIN
52 | #define INT_LEAST64_MIN INT64_MIN
53 | #define INT_LEAST8_MAX INT8_MAX
54 | #define INT_LEAST16_MAX INT16_MAX
55 | #define INT_LEAST32_MAX INT32_MAX
56 | #define INT_LEAST64_MAX INT64_MAX
57 | #define UINT_LEAST8_MAX UINT8_MAX
58 | #define UINT_LEAST16_MAX UINT16_MAX
59 | #define UINT_LEAST32_MAX UINT32_MAX
60 | #define UINT_LEAST64_MAX UINT64_MAX
61 |
62 | #define INT_FAST8_MIN INT8_MIN
63 | #define INT_FAST16_MIN INT32_MIN
64 | #define INT_FAST32_MIN INT32_MIN
65 | #define INT_FAST64_MIN INT64_MIN
66 | #define INT_FAST8_MAX INT8_MAX
67 | #define INT_FAST16_MAX INT32_MAX
68 | #define INT_FAST32_MAX INT32_MAX
69 | #define INT_FAST64_MAX INT64_MAX
70 | #define UINT_FAST8_MAX UINT8_MAX
71 | #define UINT_FAST16_MAX UINT32_MAX
72 | #define UINT_FAST32_MAX UINT32_MAX
73 | #define UINT_FAST64_MAX UINT64_MAX
74 |
75 | #ifdef _WIN64
76 | #define INTPTR_MIN INT64_MIN
77 | #define INTPTR_MAX INT64_MAX
78 | #define UINTPTR_MAX UINT64_MAX
79 | #else
80 | #define INTPTR_MIN INT32_MIN
81 | #define INTPTR_MAX INT32_MAX
82 | #define UINTPTR_MAX UINT32_MAX
83 | #endif
84 |
85 | #define INTMAX_MIN INT64_MIN
86 | #define INTMAX_MAX INT64_MAX
87 | #define UINTMAX_MAX UINT64_MAX
88 |
89 | #define PTRDIFF_MIN INTPTR_MIN
90 | #define PTRDIFF_MAX INTPTR_MAX
91 |
92 | #ifndef SIZE_MAX
93 | #define SIZE_MAX UINTPTR_MAX
94 | #endif
95 |
96 | #define SIG_ATOMIC_MIN INT32_MIN
97 | #define SIG_ATOMIC_MAX INT32_MAX
98 |
99 | #define WCHAR_MIN 0x0000
100 | #define WCHAR_MAX 0xffff
101 |
102 | #define WINT_MIN 0x0000
103 | #define WINT_MAX 0xffff
104 |
105 | #define INT8_C(x) (x)
106 | #define INT16_C(x) (x)
107 | #define INT32_C(x) (x)
108 | #define INT64_C(x) (x ## LL)
109 |
110 | #define UINT8_C(x) (x)
111 | #define UINT16_C(x) (x)
112 | #define UINT32_C(x) (x ## U)
113 | #define UINT64_C(x) (x ## ULL)
114 |
115 | #define INTMAX_C(x) INT64_C(x)
116 | #define UINTMAX_C(x) UINT64_C(x)
117 |
118 | #endif // RC_INVOKED
119 |
120 | /*
121 | * Copyright (c) 1992-2012 by P.J. Plauger. ALL RIGHTS RESERVED.
122 | * Consult your license regarding permissions and restrictions.
123 | V6.00:0009 */
124 |
--------------------------------------------------------------------------------
/kernel/kernel.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {2211136A-E9DC-44ED-ACB0-F342DC08C4DC}
39 | {1bc93793-694f-48fe-9372-81e2b05556fd}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | kernel
45 | $(LatestTargetPlatformVersion)
46 |
47 |
48 |
49 | Windows10
50 | true
51 | WindowsKernelModeDriver10.0
52 | Driver
53 | KMDF
54 | Universal
55 |
56 |
57 | Windows10
58 | false
59 | WindowsKernelModeDriver10.0
60 | Driver
61 | KMDF
62 | Universal
63 |
64 |
65 | Windows10
66 | true
67 | WindowsKernelModeDriver10.0
68 | Driver
69 | KMDF
70 | Universal
71 |
72 |
73 | Windows10
74 | false
75 | WindowsKernelModeDriver10.0
76 | Driver
77 | KMDF
78 | Universal
79 | false
80 |
81 |
82 | Windows10
83 | true
84 | WindowsKernelModeDriver10.0
85 | Driver
86 | KMDF
87 | Universal
88 |
89 |
90 | Windows10
91 | false
92 | WindowsKernelModeDriver10.0
93 | Driver
94 | KMDF
95 | Universal
96 |
97 |
98 | Windows10
99 | true
100 | WindowsKernelModeDriver10.0
101 | Driver
102 | KMDF
103 | Universal
104 |
105 |
106 | Windows10
107 | false
108 | WindowsKernelModeDriver10.0
109 | Driver
110 | KMDF
111 | Universal
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 | DbgengKernelDebugger
123 |
124 |
125 | DbgengKernelDebugger
126 |
127 |
128 | DbgengKernelDebugger
129 |
130 |
131 | DbgengKernelDebugger
132 |
133 |
134 | DbgengKernelDebugger
135 |
136 |
137 | DbgengKernelDebugger
138 |
139 |
140 | DbgengKernelDebugger
141 |
142 |
143 | DbgengKernelDebugger
144 |
145 |
146 |
147 | stdcpp17
148 | TurnOffAllWarnings
149 | false
150 | MaxSpeed
151 | Speed
152 | false
153 | false
154 | true
155 |
156 |
157 | false
158 | false
159 |
160 | entry_point
161 |
162 |
163 |
164 |
165 |
166 |
167 |
168 |
169 |
170 |
171 |
172 |
173 |
174 |
175 |
176 |
177 |
178 |
179 |
180 |
181 |
182 |
--------------------------------------------------------------------------------