├── Demo.png
├── README.md
├── wowJit.sln
└── wowJit
    ├── wowJit.cpp
    ├── wowJit.vcxproj
    ├── wowJit.vcxproj.filters
    └── wowJit.vcxproj.user


/Demo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aaaddress1/wow64Jit/5c879be8c401f5b4c811b01c07674540abd8c08f/Demo.png


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # wowJit
2 | ### Call 32bit NtDLL API directly from WoW64 Layer (C++)
3 | 
4 | basicly inspired by [ReWolf: Mixing x86 with x64 code](http://blog.rewolf.pl/blog/?p=102)
5 | 
6 | ![](Demo.png)
7 | 


--------------------------------------------------------------------------------
/wowJit.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.30611.23
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wowJit", "wowJit\wowJit.vcxproj", "{23930329-C132-475A-B5D9-450565AA8230}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{23930329-C132-475A-B5D9-450565AA8230}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{23930329-C132-475A-B5D9-450565AA8230}.Debug|x64.Build.0 = Debug|x64
18 | 		{23930329-C132-475A-B5D9-450565AA8230}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{23930329-C132-475A-B5D9-450565AA8230}.Debug|x86.Build.0 = Debug|Win32
20 | 		{23930329-C132-475A-B5D9-450565AA8230}.Release|x64.ActiveCfg = Release|x64
21 | 		{23930329-C132-475A-B5D9-450565AA8230}.Release|x64.Build.0 = Release|x64
22 | 		{23930329-C132-475A-B5D9-450565AA8230}.Release|x86.ActiveCfg = Release|Win32
23 | 		{23930329-C132-475A-B5D9-450565AA8230}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {96A95E8B-E9BC-47BE-9037-8F5EB59733E4}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/wowJit/wowJit.cpp:
--------------------------------------------------------------------------------
 1 | /* wowJit - Call 32bit NtDLL API directly from WoW64 Layer
 2 |  * author: aaaddress1@chroot.org
 3 |  *
 4 |  * inspired by ReWolf's blog: Mixing x86 with x64 code
 5 |  * > http://blog.rewolf.pl/blog/?p=102
 6 |  */ 
 7 | #include <iostream>
 8 | #include <Windows.h>
 9 | using namespace std;
10 | #pragma warning(disable:4996)
11 | #define errorExit(msg) { OutputDebugStringA(msg), exit(-1); }
12 | 
13 | size_t getBytecodeOfNtAPI(const char* ntAPItoLookup) {
14 |     static BYTE* dumpImage = 0;
15 |     if (dumpImage == nullptr) {
16 |         // read whole PE static binary.
17 |         FILE* fileptr; BYTE* buffer; LONGLONG filelen;
18 |         fileptr = fopen("C:/Windows/SysWoW64/ntdll.dll", "rb");
19 |         fseek(fileptr, 0, SEEK_END); 
20 |         filelen = ftell(fileptr);
21 |         rewind(fileptr);
22 |         buffer = (BYTE*)malloc((filelen + 1) * sizeof(char));
23 |         fread(buffer, filelen, 1, fileptr);
24 | 
25 |         // dump static PE binary into image.
26 |         PIMAGE_NT_HEADERS ntHdr = (IMAGE_NT_HEADERS*)(buffer + ((IMAGE_DOS_HEADER*)buffer)->e_lfanew);
27 |         dumpImage = (BYTE*)malloc(ntHdr->OptionalHeader.SizeOfImage);
28 |         memcpy(dumpImage, buffer, ntHdr->OptionalHeader.SizeOfHeaders);
29 |         for (size_t i = 0; i < ntHdr->FileHeader.NumberOfSections; i++) {
30 |             auto curr = PIMAGE_SECTION_HEADER(size_t(ntHdr) + sizeof(IMAGE_NT_HEADERS))[i];
31 |             memcpy(dumpImage + curr.VirtualAddress, buffer + curr.PointerToRawData, curr.SizeOfRawData);
32 |         }
33 |         free(buffer);
34 |         fclose(fileptr);
35 |     }
36 |     // EAT parse.
37 |     PIMAGE_NT_HEADERS ntHdr = (IMAGE_NT_HEADERS*)(dumpImage + ((IMAGE_DOS_HEADER*)dumpImage)->e_lfanew);
38 |     auto a = ntHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
39 |     PIMAGE_EXPORT_DIRECTORY ied = (PIMAGE_EXPORT_DIRECTORY)((LPBYTE)dumpImage + a.VirtualAddress);
40 |     uint32_t* addrOfNames = (uint32_t*)((size_t)dumpImage + ied->AddressOfNames);
41 |     uint16_t* addrOfNameOrds = (uint16_t*)((size_t)dumpImage + ied->AddressOfNameOrdinals);
42 |     uint32_t* AddrOfFuncAddrs = (uint32_t*)((size_t)dumpImage + ied->AddressOfFunctions);
43 |     if (ied->NumberOfNames == 0) return (size_t)0;
44 |     for (DWORD i = 0; i < ied->NumberOfNames; i++)
45 |         if (!stricmp((char*)((size_t)dumpImage + addrOfNames[i]), ntAPItoLookup))
46 |             return ((size_t)dumpImage + AddrOfFuncAddrs[addrOfNameOrds[i]]);
47 |     return 0;
48 | }
49 | 
50 | template <typename... Args> NTSTATUS NtAPI(const char* szNtApiToCall, Args... a) {
51 |     uint8_t stub_template[] = {
52 |         /* +00 - mov eax, 00000000 */ 0xB8, 0x00, 0x00, 0x00, 0x00,
53 |         /* +05 - call fs: [0xC0]   */ 0x64, 0xFF, 0x15, 0xC0, 0x00, 0x00, 0x00,
54 |         /* +0C - ret               */ 0xC3
55 |     };
56 |     PCHAR apiAddr = PCHAR(getBytecodeOfNtAPI(szNtApiToCall));
57 |     if (*apiAddr - '\xB8') errorExit("this NtAPI not supported.");
58 |     PCHAR jit_stub = (PCHAR)VirtualAlloc(0, sizeof(stub_template), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
59 |     memcpy(jit_stub, stub_template, sizeof(stub_template));
60 |     *(uint32_t *)&jit_stub[0x01] = *(uint32_t *)&apiAddr[1];
61 |     auto ret = ((NTSTATUS(__cdecl*)(...))jit_stub)(forward<Args>(a)...);
62 |     VirtualFree(jit_stub, sizeof(stub_template), MEM_FREE);
63 |     return ret;
64 | }
65 | 
66 | int main() {
67 |     DWORD PID;
68 |     if (!GetWindowThreadProcessId(FindWindowA("notepad", NULL), &PID))
69 |         errorExit("notepad not exist?");
70 |    
71 |     if (HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID)) {
72 |         NtAPI("ZwTerminateProcess", hProcess, 1);
73 |         errorExit("done.");
74 |     }
75 |     else errorExit("fetch hProcess fail.");
76 | }
77 | 


--------------------------------------------------------------------------------
/wowJit/wowJit.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>16.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{23930329-c132-475a-b5d9-450565aa8230}</ProjectGuid>
 25 |     <RootNamespace>wowJit</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v142</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v142</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v142</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v142</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <LinkIncremental>true</LinkIncremental>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 77 |     <LinkIncremental>false</LinkIncremental>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 80 |     <LinkIncremental>true</LinkIncremental>
 81 |   </PropertyGroup>
 82 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <LinkIncremental>false</LinkIncremental>
 84 |   </PropertyGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <SDLCheck>true</SDLCheck>
 89 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 90 |       <ConformanceMode>true</ConformanceMode>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 95 |     </Link>
 96 |   </ItemDefinitionGroup>
 97 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 98 |     <ClCompile>
 99 |       <WarningLevel>Level3</WarningLevel>
100 |       <FunctionLevelLinking>true</FunctionLevelLinking>
101 |       <IntrinsicFunctions>true</IntrinsicFunctions>
102 |       <SDLCheck>true</SDLCheck>
103 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
104 |       <ConformanceMode>true</ConformanceMode>
105 |       <Optimization>Disabled</Optimization>
106 |     </ClCompile>
107 |     <Link>
108 |       <SubSystem>Console</SubSystem>
109 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
110 |       <OptimizeReferences>true</OptimizeReferences>
111 |       <GenerateDebugInformation>true</GenerateDebugInformation>
112 |     </Link>
113 |   </ItemDefinitionGroup>
114 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
115 |     <ClCompile>
116 |       <WarningLevel>Level3</WarningLevel>
117 |       <SDLCheck>true</SDLCheck>
118 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
119 |       <ConformanceMode>true</ConformanceMode>
120 |     </ClCompile>
121 |     <Link>
122 |       <SubSystem>Console</SubSystem>
123 |       <GenerateDebugInformation>true</GenerateDebugInformation>
124 |     </Link>
125 |   </ItemDefinitionGroup>
126 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
127 |     <ClCompile>
128 |       <WarningLevel>Level3</WarningLevel>
129 |       <FunctionLevelLinking>true</FunctionLevelLinking>
130 |       <IntrinsicFunctions>true</IntrinsicFunctions>
131 |       <SDLCheck>true</SDLCheck>
132 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
133 |       <ConformanceMode>true</ConformanceMode>
134 |     </ClCompile>
135 |     <Link>
136 |       <SubSystem>Console</SubSystem>
137 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
138 |       <OptimizeReferences>true</OptimizeReferences>
139 |       <GenerateDebugInformation>true</GenerateDebugInformation>
140 |     </Link>
141 |   </ItemDefinitionGroup>
142 |   <ItemGroup>
143 |     <ClCompile Include="wowJit.cpp" />
144 |   </ItemGroup>
145 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
146 |   <ImportGroup Label="ExtensionTargets">
147 |   </ImportGroup>
148 | </Project>


--------------------------------------------------------------------------------
/wowJit/wowJit.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="來源檔案">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="標頭檔">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="資源檔">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="wowJit.cpp">
19 |       <Filter>來源檔案</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 | </Project>


--------------------------------------------------------------------------------
/wowJit/wowJit.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------