├── Bin
    ├── DeviareLiteCOM64.dll
    ├── DeviareLiteInterop.dll
    ├── Microsoft.PowerShell.Commands.Utility.dll
    ├── Newtonsoft.Json.dll
    ├── PSDeObfuscator.dll
    ├── System.Management.Automation.dll
    ├── install_psdeobfuscator.bat
    └── uninstall_psdeobfuscator.bat
├── DeviareLiteCOM
    ├── DeviareLiteCOM_2019.vcxproj
    ├── DeviareLiteCOM_2019.vcxproj.filters
    ├── DeviareLiteCOM_2019.vcxproj.user
    └── src
    │   ├── CustomRegistryMap.h
    │   ├── DeviareLiteCOM.def
    │   ├── DeviareLiteCOM.idl
    │   ├── DeviareLiteCOM.rc
    │   ├── DeviareLiteCOM.rgs
    │   ├── DeviareLiteCOM64.def
    │   ├── DeviareLiteCOM64.rgs
    │   ├── DllExports.cpp
    │   ├── DotNetCoreHooks.cpp
    │   ├── DotNetCoreHooks.h
    │   ├── HookInfo.cpp
    │   ├── HookInfo.h
    │   ├── HookLib.cpp
    │   ├── HookLib.h
    │   ├── HookProcessInfo.cpp
    │   ├── HookProcessInfo.h
    │   ├── InterfaceRegistrar.rgs
    │   ├── RegFreeCOM_Manifest_Files
    │       ├── DeviareLiteCOM.X.manifest
    │       └── DeviareLiteCOM64.X.manifest
    │   ├── StdAfx.cpp
    │   ├── StdAfx.h
    │   ├── TargetVer.h
    │   ├── disp_ids.h
    │   ├── dlldatax.c
    │   ├── dlldatax.h
    │   ├── dllmain.cpp
    │   ├── dllmain.h
    │   ├── idl_size_t.h
    │   └── resource.h
├── DeviareLiteInterop
    ├── DeviareLiteInterop_2019.csproj
    └── src
    │   ├── DeviareLite.cs
    │   └── Properties
    │       └── AssemblyInfo.cs
├── Examples
    ├── Base64Decode.ps1
    └── IEX.ps1
├── Include
    └── NktHookLib.h
├── LICENSE
├── LICENSE.GPL
├── NktHookLib
    ├── NktHookLib_2019.vcxproj
    ├── NktHookLib_2019.vcxproj.filters
    ├── NktHookLib_2019.vcxproj.user
    └── Src
    │   ├── Asm
    │       ├── Helpers_x64.asm
    │       ├── Helpers_x86.asm
    │       ├── RelocatableCode_x64.asm
    │       └── RelocatableCode_x86.asm
    │   ├── AutoPtr.h
    │   ├── DynamicApiFinder.cpp
    │   ├── DynamicNtApi.cpp
    │   ├── DynamicNtApi.h
    │   ├── HookEntry.cpp
    │   ├── HookEntry.h
    │   ├── LinkedList.h
    │   ├── NktHookLib.cpp
    │   ├── NktHookLibHelpers.cpp
    │   ├── NtApiDeclarations.h
    │   ├── NtHeapBaseObj.h
    │   ├── NtSysCallGen.cpp
    │   ├── ProcessEntry.cpp
    │   ├── ProcessEntry.h
    │   ├── ProcessInjection.cpp
    │   ├── RelocatableCode.cpp
    │   ├── RelocatableCode.h
    │   ├── ThreadSuspend.cpp
    │   ├── ThreadSuspend.h
    │   ├── WaitableObjects.cpp
    │   ├── WaitableObjects.h
    │   ├── Wow64.cpp
    │   ├── Wow64.h
    │   └── libudis86
    │       ├── GetInstructionLength.cpp
    │       ├── amalgamation.c
    │       ├── amalgamation_defines.h
    │       ├── generate_tables.bat
    │       ├── source
    │           ├── .gitignore
    │           ├── BUILD-WINDOWS
    │           ├── BuildVS2010
    │           │   ├── README.txt
    │           │   ├── build.proj
    │           │   ├── buildVS2010.bat
    │           │   ├── libudis86.vcxproj
    │           │   ├── libudis86.vcxproj.filters
    │           │   ├── udcli.vcxproj
    │           │   ├── udcli.vcxproj.filters
    │           │   └── udis86.sln
    │           ├── CHANGES
    │           ├── INSTALL
    │           ├── LICENSE
    │           ├── Makefile.am
    │           ├── README
    │           ├── autogen.sh
    │           ├── configure.ac
    │           ├── docs
    │           │   ├── Makefile.am
    │           │   ├── manual
    │           │   │   ├── Makefile.am
    │           │   │   ├── conf.py
    │           │   │   ├── getstarted.rst
    │           │   │   ├── index.rst
    │           │   │   ├── libudis86.rst
    │           │   │   └── static
    │           │   │   │   └── udis86.css
    │           │   └── x86
    │           │   │   ├── Makefile.am
    │           │   │   ├── README
    │           │   │   ├── avx.xml
    │           │   │   ├── optable.xml
    │           │   │   └── optable.xsl
    │           ├── libudis86
    │           │   ├── Makefile.am
    │           │   ├── decode.c
    │           │   ├── decode.h
    │           │   ├── extern.h
    │           │   ├── syn-att.c
    │           │   ├── syn-intel.c
    │           │   ├── syn.c
    │           │   ├── syn.h
    │           │   ├── types.h
    │           │   ├── udint.h
    │           │   └── udis86.c
    │           ├── m4
    │           │   ├── ax_compare_version.m4
    │           │   ├── ax_prog_sphinx_version.m4
    │           │   ├── ax_prog_yasm_version.m4
    │           │   ├── ax_with_prog.m4
    │           │   └── ax_with_python.m4
    │           ├── scripts
    │           │   ├── Makefile.am
    │           │   ├── asmtest.sh
    │           │   ├── ud_itab.py
    │           │   └── ud_opcode.py
    │           ├── tests
    │           │   ├── Makefile.am
    │           │   ├── asm
    │           │   │   ├── 16
    │           │   │   │   ├── disp.asm
    │           │   │   │   └── test16.asm
    │           │   │   ├── 32
    │           │   │   │   ├── att.asm
    │           │   │   │   ├── att.asm.Sref
    │           │   │   │   ├── att.asm.ref
    │           │   │   │   ├── avx.asm
    │           │   │   │   ├── avx.asm.Sref
    │           │   │   │   ├── avx.asm.ref
    │           │   │   │   ├── corner.asm
    │           │   │   │   ├── corner.asm.ref
    │           │   │   │   ├── disp.asm
    │           │   │   │   ├── disp.asm.Sref
    │           │   │   │   ├── invalid_seg.asm
    │           │   │   │   ├── invalid_seg.asm.ref
    │           │   │   │   ├── obscure.asm
    │           │   │   │   ├── obscure.asm.ref
    │           │   │   │   ├── reljmp.asm
    │           │   │   │   ├── reljmp.asm.ref
    │           │   │   │   ├── sext.asm
    │           │   │   │   ├── sext.asm.ref
    │           │   │   │   └── test32.asm
    │           │   │   └── 64
    │           │   │   │   ├── amd
    │           │   │   │       ├── invalid.asm
    │           │   │   │       └── invalid.asm.ref
    │           │   │   │   ├── avx.asm
    │           │   │   │   ├── avx.asm.ref
    │           │   │   │   ├── branch.asm
    │           │   │   │   ├── branch.asm.ref
    │           │   │   │   ├── disp.asm
    │           │   │   │   ├── disp.asm.Sref
    │           │   │   │   ├── disp.asm.ref
    │           │   │   │   ├── intel
    │           │   │   │       ├── invalid.asm
    │           │   │   │       └── invalid.asm.ref
    │           │   │   │   ├── reljmp.asm
    │           │   │   │   ├── reljmp.asm.ref
    │           │   │   │   ├── sext.asm
    │           │   │   │   ├── sext.asm.ref
    │           │   │   │   └── test64.asm
    │           │   ├── difftest.sh.in
    │           │   ├── installcheck.c
    │           │   ├── libcheck.c
    │           │   ├── oprgen.py
    │           │   ├── symresolve.c
    │           │   └── symresolve.ref
    │           ├── udcli
    │           │   ├── Makefile.am
    │           │   └── udcli.c
    │           └── udis86.h
    │       ├── stdint.h
    │       └── tables
    │           ├── decode.h
    │           ├── itab.c
    │           └── itab.h
├── Obj2Inc
    ├── Obj2Inc.cpp
    ├── Obj2Inc_2019.vcxproj
    └── Obj2Inc_2019.vcxproj.user
├── PSDeObfuscator.sln
├── PSDeObfuscator
    ├── HookedFunctions.cs
    ├── Hooks.cs
    ├── Logger.cs
    ├── PSDeObfuscator.csproj
    ├── Properties
    │   └── AssemblyInfo.cs
    └── packages.config
├── README.CN.md
├── README.md
└── packages
    ├── Microsoft.PowerShell.Commands.Utility.dll
    ├── Newtonsoft.Json.13.0.3
        ├── .signature.p7s
        ├── LICENSE.md
        ├── Newtonsoft.Json.13.0.3.nupkg
        ├── README.md
        ├── lib
        │   ├── net20
        │   │   ├── Newtonsoft.Json.dll
        │   │   └── Newtonsoft.Json.xml
        │   ├── net35
        │   │   ├── Newtonsoft.Json.dll
        │   │   └── Newtonsoft.Json.xml
        │   ├── net40
        │   │   ├── Newtonsoft.Json.dll
        │   │   └── Newtonsoft.Json.xml
        │   ├── net45
        │   │   ├── Newtonsoft.Json.dll
        │   │   └── Newtonsoft.Json.xml
        │   ├── net6.0
        │   │   ├── Newtonsoft.Json.dll
        │   │   └── Newtonsoft.Json.xml
        │   ├── netstandard1.0
        │   │   ├── Newtonsoft.Json.dll
        │   │   └── Newtonsoft.Json.xml
        │   ├── netstandard1.3
        │   │   ├── Newtonsoft.Json.dll
        │   │   └── Newtonsoft.Json.xml
        │   └── netstandard2.0
        │   │   ├── Newtonsoft.Json.dll
        │   │   └── Newtonsoft.Json.xml
        └── packageIcon.png
    └── System.Management.Automation.dll


/Bin/DeviareLiteCOM64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/Bin/DeviareLiteCOM64.dll


--------------------------------------------------------------------------------
/Bin/DeviareLiteInterop.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/Bin/DeviareLiteInterop.dll


--------------------------------------------------------------------------------
/Bin/Microsoft.PowerShell.Commands.Utility.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/Bin/Microsoft.PowerShell.Commands.Utility.dll


--------------------------------------------------------------------------------
/Bin/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/Bin/Newtonsoft.Json.dll


--------------------------------------------------------------------------------
/Bin/PSDeObfuscator.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/Bin/PSDeObfuscator.dll


--------------------------------------------------------------------------------
/Bin/System.Management.Automation.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/Bin/System.Management.Automation.dll


--------------------------------------------------------------------------------
/Bin/install_psdeobfuscator.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | cd %~dp0
 4 | powershell Set-ExecutionPolicy RemoteSigned
 5 | regsvr32 /s DeviareLiteCOM64.dll
 6 | REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v "__PSLockdownPolicy" /t REG_DWORD /d 8 /f
 7 | 
 8 | set "profilePath=%USERPROFILE%\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1"
 9 | if not exist "%profilePath%" (
10 |     mkdir "%USERPROFILE%\Documents\WindowsPowerShell"
11 |     echo "" > "%profilePath%"
12 | )
13 | 
14 | set "current_path=%~dp0"
15 | set "replacement_path=%current_path%"
16 | set "command=Add-Type -Path "%replacement_path%PSDeObfuscator.dll";[PSDeObfuscator.PowershellApiHookHelper]::EnableAllhook()"
17 | echo %command% > "%profilePath%"
18 | 
19 | echo "PSDeObfuscator install success"


--------------------------------------------------------------------------------
/Bin/uninstall_psdeobfuscator.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | cd %~dp0
 4 | set "profilePath=%USERPROFILE%\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1"
 5 | if not exist "%profilePath%" (
 6 |     mkdir "%USERPROFILE%\Documents\WindowsPowerShell"
 7 |     echo "" > "%profilePath%"
 8 | )
 9 | 
10 | echo "" > "%profilePath%"
11 | 
12 | cd %~dp0
13 | regsvr32 /u /s DeviareLiteCOM64.dll
14 | REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v "__PSLockdownPolicy" /t REG_DWORD /d 0 /f
15 | 
16 | echo "PSDeObfuscator uninstall success"
17 | pause


--------------------------------------------------------------------------------
/DeviareLiteCOM/DeviareLiteCOM_2019.vcxproj.filters:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup>
  4 |     <Filter Include="Source Files">
  5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
  6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
  7 |     </Filter>
  8 |     <Filter Include="Header Files">
  9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
 10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
 11 |     </Filter>
 12 |     <Filter Include="Resource Files">
 13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
 14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>
 15 |     </Filter>
 16 |     <Filter Include="RegFree COM">
 17 |       <UniqueIdentifier>{5d16b73c-179f-4fd9-b59c-ba0e5ebf3460}</UniqueIdentifier>
 18 |     </Filter>
 19 |   </ItemGroup>
 20 |   <ItemGroup>
 21 |     <ClCompile Include="src\dlldatax.c">
 22 |       <Filter>Source Files</Filter>
 23 |     </ClCompile>
 24 |     <ClCompile Include="src\DllExports.cpp">
 25 |       <Filter>Source Files</Filter>
 26 |     </ClCompile>
 27 |     <ClCompile Include="src\dllmain.cpp">
 28 |       <Filter>Source Files</Filter>
 29 |     </ClCompile>
 30 |     <ClCompile Include="src\HookInfo.cpp">
 31 |       <Filter>Source Files</Filter>
 32 |     </ClCompile>
 33 |     <ClCompile Include="src\HookLib.cpp">
 34 |       <Filter>Source Files</Filter>
 35 |     </ClCompile>
 36 |     <ClCompile Include="src\StdAfx.cpp">
 37 |       <Filter>Source Files</Filter>
 38 |     </ClCompile>
 39 |     <ClCompile Include="src\HookProcessInfo.cpp">
 40 |       <Filter>Source Files</Filter>
 41 |     </ClCompile>
 42 |     <ClCompile Include="src\DotNetCoreHooks.cpp">
 43 |       <Filter>Source Files</Filter>
 44 |     </ClCompile>
 45 |   </ItemGroup>
 46 |   <ItemGroup>
 47 |     <None Include="src\DeviareLiteCOM.def">
 48 |       <Filter>Source Files</Filter>
 49 |     </None>
 50 |     <None Include="src\DeviareLiteCOM64.def">
 51 |       <Filter>Source Files</Filter>
 52 |     </None>
 53 |     <None Include="src\DeviareLiteCOM.rgs">
 54 |       <Filter>Resource Files</Filter>
 55 |     </None>
 56 |     <None Include="src\DeviareLiteCOM64.rgs">
 57 |       <Filter>Resource Files</Filter>
 58 |     </None>
 59 |     <None Include="src\InterfaceRegistrar.rgs">
 60 |       <Filter>Resource Files</Filter>
 61 |     </None>
 62 |   </ItemGroup>
 63 |   <ItemGroup>
 64 |     <Midl Include="src\DeviareLiteCOM.idl">
 65 |       <Filter>Source Files</Filter>
 66 |     </Midl>
 67 |   </ItemGroup>
 68 |   <ItemGroup>
 69 |     <ClInclude Include="src\CustomRegistryMap.h">
 70 |       <Filter>Header Files</Filter>
 71 |     </ClInclude>
 72 |     <ClInclude Include="src\disp_ids.h">
 73 |       <Filter>Header Files</Filter>
 74 |     </ClInclude>
 75 |     <ClInclude Include="src\dlldatax.h">
 76 |       <Filter>Header Files</Filter>
 77 |     </ClInclude>
 78 |     <ClInclude Include="src\dllmain.h">
 79 |       <Filter>Header Files</Filter>
 80 |     </ClInclude>
 81 |     <ClInclude Include="src\HookInfo.h">
 82 |       <Filter>Header Files</Filter>
 83 |     </ClInclude>
 84 |     <ClInclude Include="src\HookLib.h">
 85 |       <Filter>Header Files</Filter>
 86 |     </ClInclude>
 87 |     <ClInclude Include="src\idl_size_t.h">
 88 |       <Filter>Header Files</Filter>
 89 |     </ClInclude>
 90 |     <ClInclude Include="src\StdAfx.h">
 91 |       <Filter>Header Files</Filter>
 92 |     </ClInclude>
 93 |     <ClInclude Include="src\TargetVer.h">
 94 |       <Filter>Header Files</Filter>
 95 |     </ClInclude>
 96 |     <ClInclude Include="src\Resource.h">
 97 |       <Filter>Resource Files</Filter>
 98 |     </ClInclude>
 99 |     <ClInclude Include="src\HookProcessInfo.h">
100 |       <Filter>Header Files</Filter>
101 |     </ClInclude>
102 |     <ClInclude Include="src\DotNetCoreHooks.h">
103 |       <Filter>Header Files</Filter>
104 |     </ClInclude>
105 |   </ItemGroup>
106 |   <ItemGroup>
107 |     <ResourceCompile Include="src\DeviareLiteCOM.rc">
108 |       <Filter>Resource Files</Filter>
109 |     </ResourceCompile>
110 |   </ItemGroup>
111 |   <ItemGroup>
112 |     <CustomBuild Include="src\RegFreeCOM_Manifest_Files\DeviareLiteCOM.X.manifest">
113 |       <Filter>RegFree COM</Filter>
114 |     </CustomBuild>
115 |     <CustomBuild Include="src\RegFreeCOM_Manifest_Files\DeviareLiteCOM64.X.manifest">
116 |       <Filter>RegFree COM</Filter>
117 |     </CustomBuild>
118 |   </ItemGroup>
119 | </Project>


--------------------------------------------------------------------------------
/DeviareLiteCOM/DeviareLiteCOM_2019.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/CustomRegistryMap.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #pragma once
31 | 
32 | #include <atlbase.h>
33 | 
34 | //-----------------------------------------------------------
35 | 
36 | #define DECLARE_REGISTRY_RESOURCEID_EX(x, szProgId, szVersion, szDescription, rClsId, \
37 |                                        rLibId, szThreadingModel)                      \
38 |   static HRESULT WINAPI UpdateRegistry(BOOL bRegister)                                \
39 |   {                                                                                   \
40 |     struct _ATL_REGMAP_ENTRY aMapEntries[7];                                          \
41 |     WCHAR szClsId[40], szLibId[40];                                                   \
42 |                                                                                       \
43 |     memset(&aMapEntries[6], 0, sizeof(aMapEntries[6]));                               \
44 |     aMapEntries[0].szKey = L"PROGID";                                                 \
45 |     aMapEntries[0].szData = szProgId;                                                 \
46 |     aMapEntries[1].szKey = L"VERSION";                                                \
47 |     aMapEntries[1].szData = szVersion;                                                \
48 |     aMapEntries[2].szKey = L"DESCRIPTION";                                            \
49 |     aMapEntries[2].szData = szDescription;                                            \
50 |     aMapEntries[3].szKey = L"CLSID";                                                  \
51 |     ::StringFromGUID2(rClsId, szClsId, 40);                                           \
52 |     aMapEntries[3].szData = szClsId;                                                  \
53 |     aMapEntries[4].szKey = L"LIBID";                                                  \
54 |     ::StringFromGUID2(rLibId, szLibId, 40);                                           \
55 |     aMapEntries[4].szData = szLibId;                                                  \
56 |     aMapEntries[5].szKey = L"THREADING";                                              \
57 |     aMapEntries[5].szData = szThreadingModel;                                         \
58 |     __if_exists(_Module)                                                              \
59 |       {                                                                               \
60 |       return _Module.UpdateRegistryFromResource(x, bRegister, aMapEntries);           \
61 |       }                                                                               \
62 |       __if_not_exists(_Module)                                                        \
63 |       {                                                                               \
64 |       return ATL::_pAtlModule->UpdateRegistryFromResource(x, bRegister, aMapEntries); \
65 |       }                                                                               \
66 |   };
67 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/DeviareLiteCOM.def:
--------------------------------------------------------------------------------
 1 |  ;
 2 |  ; Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  ; All rights reserved. Contact: http://www.nektra.com
 4 |  ;
 5 |  ;
 6 |  ; This file is part of Deviare In-Proc
 7 |  ;
 8 |  ;
 9 |  ; Commercial License Usage
10 |  ; ------------------------
11 |  ; Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  ; file in accordance with the commercial license agreement provided with the
13 |  ; Software or, alternatively, in accordance with the terms contained in
14 |  ; a written agreement between you and Nektra.  For licensing terms and
15 |  ; conditions see http://www.nektra.com/licensing/.  For further information
16 |  ; use the contact form at http://www.nektra.com/contact/.
17 |  ;
18 |  ;
19 |  ; GNU General Public License Usage
20 |  ; --------------------------------
21 |  ; Alternatively, this file may be used under the terms of the GNU
22 |  ; General Public License version 3.0 as published by the Free Software
23 |  ; Foundation and appearing in the file LICENSE.GPL included in the
24 |  ; packaging of this file.  Please review the following information to
25 |  ; ensure the GNU General Public License version 3.0 requirements will be
26 |  ; met: http://www.gnu.org/copyleft/gpl.html.
27 |  ;
28 |  ;
29 | 
30 | EXPORTS
31 |   DllCanUnloadNow     PRIVATE
32 |   DllGetClassObject   PRIVATE
33 |   DllRegisterServer   PRIVATE
34 |   DllUnregisterServer PRIVATE
35 |   DllInstall          PRIVATE
36 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/DeviareLiteCOM.rc:
--------------------------------------------------------------------------------
  1 | // Microsoft Visual C++ generated resource script.
  2 | //
  3 | #include "resource.h"
  4 | 
  5 | #define APSTUDIO_READONLY_SYMBOLS
  6 | /////////////////////////////////////////////////////////////////////////////
  7 | //
  8 | // Generated from the TEXTINCLUDE 2 resource.
  9 | //
 10 | #ifndef APSTUDIO_INVOKED
 11 | #include "targetver.h"
 12 | #endif
 13 | #include "winres.h"
 14 | 
 15 | /////////////////////////////////////////////////////////////////////////////
 16 | #undef APSTUDIO_READONLY_SYMBOLS
 17 | 
 18 | /////////////////////////////////////////////////////////////////////////////
 19 | // English (U.S.) resources
 20 | 
 21 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
 22 | #ifdef _WIN32
 23 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
 24 | #pragma code_page(1252)
 25 | #endif //_WIN32
 26 | 
 27 | #ifdef APSTUDIO_INVOKED
 28 | /////////////////////////////////////////////////////////////////////////////
 29 | //
 30 | // TEXTINCLUDE
 31 | //
 32 | 
 33 | 1 TEXTINCLUDE 
 34 | BEGIN
 35 |     "resource.h\0"
 36 | END
 37 | 
 38 | 2 TEXTINCLUDE 
 39 | BEGIN
 40 |     "#ifndef APSTUDIO_INVOKED\r\n"
 41 |     "#include ""targetver.h""\r\n"
 42 |     "#endif\r\n"
 43 |     "#include ""winres.h""\r\n"
 44 |     "\0"
 45 | END
 46 | 
 47 | 3 TEXTINCLUDE 
 48 | BEGIN
 49 |     "1 TYPELIB ""DeviareLiteCOM.tlb""\r\n"
 50 |     "\0"
 51 | END
 52 | 
 53 | #endif    // APSTUDIO_INVOKED
 54 | 
 55 | 
 56 | /////////////////////////////////////////////////////////////////////////////
 57 | //
 58 | // Version
 59 | //
 60 | 
 61 | VS_VERSION_INFO VERSIONINFO
 62 |  FILEVERSION 1,0,0,1
 63 |  PRODUCTVERSION 1,0,0,1
 64 |  FILEFLAGSMASK 0x3fL
 65 | #ifdef _DEBUG
 66 |  FILEFLAGS 0x1L
 67 | #else
 68 |  FILEFLAGS 0x0L
 69 | #endif
 70 |  FILEOS 0x4L
 71 |  FILETYPE 0x2L
 72 |  FILESUBTYPE 0x0L
 73 | BEGIN
 74 |     BLOCK "StringFileInfo"
 75 |     BEGIN
 76 |         BLOCK "040904e4"
 77 |         BEGIN
 78 |             VALUE "CompanyName", "Nektra S.A."
 79 |             VALUE "FileDescription", "Hook Library Dll"
 80 |             VALUE "FileVersion", "1.0.0.1"
 81 |             VALUE "InternalName", "DeviareLiteCOM.dll"
 82 |             VALUE "LegalCopyright", "(C) Nektra S.A., 2014.  All rights reserved."
 83 |             VALUE "OriginalFilename", "DeviareLiteCOM.dll"
 84 |             VALUE "ProductName", "Hook Library"
 85 |             VALUE "ProductVersion", "1.0.0.1"
 86 |         END
 87 |     END
 88 |     BLOCK "VarFileInfo"
 89 |     BEGIN
 90 |         VALUE "Translation", 0x409, 1252
 91 |     END
 92 | END
 93 | 
 94 | #endif    // English (U.S.) resources
 95 | /////////////////////////////////////////////////////////////////////////////
 96 | 
 97 | 
 98 | /////////////////////////////////////////////////////////////////////////////
 99 | // Spanish (Argentina) resources
100 | 
101 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ESS)
102 | #ifdef _WIN32
103 | LANGUAGE LANG_SPANISH, SUBLANG_SPANISH_ARGENTINA
104 | #pragma code_page(1252)
105 | #endif //_WIN32
106 | 
107 | /////////////////////////////////////////////////////////////////////////////
108 | //
109 | // REGISTRY
110 | //
111 | 
112 | IDR_INTERFACEREGISTRAR  REGISTRY                "InterfaceRegistrar.rgs"
113 | #if defined(APSTUDIO_INVOKED) || defined(ONLY32)
114 | #if defined(APSTUDIO_INVOKED)
115 | IDR_DEVIARELITECOM$(ONLY32) REGISTRY                "HookLib.rgs"
116 | #else
117 | IDR_DEVIARELITECOM     REGISTRY                "DeviareLiteCOM.rgs"
118 | #endif
119 | #endif
120 | #if defined(APSTUDIO_INVOKED) || defined(ONLY64)
121 | #if defined(APSTUDIO_INVOKED)
122 | IDR_DEVIARELITECOM64$(ONLY64) REGISTRY                "DeviareLiteCOM64.rgs"
123 | #else
124 | IDR_DEVIARELITECOM64   REGISTRY                "DeviareLiteCOM64.rgs"
125 | #endif
126 | #endif
127 | #endif    // Spanish (Argentina) resources
128 | /////////////////////////////////////////////////////////////////////////////
129 | 
130 | 
131 | 
132 | #ifndef APSTUDIO_INVOKED
133 | /////////////////////////////////////////////////////////////////////////////
134 | //
135 | // Generated from the TEXTINCLUDE 3 resource.
136 | //
137 | 1 TYPELIB "DeviareLiteCOM.tlb"
138 | 
139 | /////////////////////////////////////////////////////////////////////////////
140 | #endif    // not APSTUDIO_INVOKED
141 | 
142 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/DeviareLiteCOM.rgs:
--------------------------------------------------------------------------------
 1 | HKCR
 2 | {
 3 | 	NoRemove AppID
 4 | 	{
 5 | 		'%APPID%' = s 'DeviareLiteCOM'
 6 | 		'DeviareLiteCOM.DLL'
 7 | 		{
 8 | 			val AppID = s '%APPID%'
 9 | 		}
10 | 	}
11 | }
12 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/DeviareLiteCOM64.def:
--------------------------------------------------------------------------------
 1 |  ;
 2 |  ; Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  ; All rights reserved. Contact: http://www.nektra.com
 4 |  ;
 5 |  ;
 6 |  ; This file is part of Deviare In-Proc
 7 |  ;
 8 |  ;
 9 |  ; Commercial License Usage
10 |  ; ------------------------
11 |  ; Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  ; file in accordance with the commercial license agreement provided with the
13 |  ; Software or, alternatively, in accordance with the terms contained in
14 |  ; a written agreement between you and Nektra.  For licensing terms and
15 |  ; conditions see http://www.nektra.com/licensing/.  For further information
16 |  ; use the contact form at http://www.nektra.com/contact/.
17 |  ;
18 |  ;
19 |  ; GNU General Public License Usage
20 |  ; --------------------------------
21 |  ; Alternatively, this file may be used under the terms of the GNU
22 |  ; General Public License version 3.0 as published by the Free Software
23 |  ; Foundation and appearing in the file LICENSE.GPL included in the
24 |  ; packaging of this file.  Please review the following information to
25 |  ; ensure the GNU General Public License version 3.0 requirements will be
26 |  ; met: http://www.gnu.org/copyleft/gpl.html.
27 |  ;
28 |  ;
29 | 
30 | EXPORTS
31 |   DllCanUnloadNow     PRIVATE
32 |   DllGetClassObject   PRIVATE
33 |   DllRegisterServer   PRIVATE
34 |   DllUnregisterServer PRIVATE
35 |   DllInstall          PRIVATE
36 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/DeviareLiteCOM64.rgs:
--------------------------------------------------------------------------------
 1 | HKCR
 2 | {
 3 | 	NoRemove AppID
 4 | 	{
 5 | 		'%APPID%' = s 'DeviareLiteCOM'
 6 | 		'DeviareLiteCOM64.DLL'
 7 | 		{
 8 | 			val AppID = s '%APPID%'
 9 | 		}
10 | 	}
11 | }
12 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/DllExports.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
  3 |  * All rights reserved. Contact: http://www.nektra.com
  4 |  *
  5 |  *
  6 |  * This file is part of Deviare In-Proc
  7 |  *
  8 |  *
  9 |  * Commercial License Usage
 10 |  * ------------------------
 11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
 12 |  * file in accordance with the commercial license agreement provided with the
 13 |  * Software or, alternatively, in accordance with the terms contained in
 14 |  * a written agreement between you and Nektra.  For licensing terms and
 15 |  * conditions see http://www.nektra.com/licensing/.  For further information
 16 |  * use the contact form at http://www.nektra.com/contact/.
 17 |  *
 18 |  *
 19 |  * GNU General Public License Usage
 20 |  * --------------------------------
 21 |  * Alternatively, this file may be used under the terms of the GNU
 22 |  * General Public License version 3.0 as published by the Free Software
 23 |  * Foundation and appearing in the file LICENSE.GPL included in the
 24 |  * packaging of this file.  Please review the following information to
 25 |  * ensure the GNU General Public License version 3.0 requirements will be
 26 |  * met: http://www.gnu.org/copyleft/gpl.html.
 27 |  *
 28 |  **/
 29 | 
 30 | #include "StdAfx.h"
 31 | #include "resource.h"
 32 | #include "dllmain.h"
 33 | #include "dlldatax.h"
 34 | 
 35 | //-----------------------------------------------------------
 36 | 
 37 | // Used to determine whether the DLL can be unloaded by OLE
 38 | STDAPI DllCanUnloadNow(void)
 39 | {
 40 | #ifdef _MERGE_PROXYSTUB
 41 |   HRESULT hRes = PrxDllCanUnloadNow();
 42 |   if (hRes != S_OK)
 43 |     return hRes;
 44 | #endif //_MERGE_PROXYSTUB
 45 |   return _AtlModule.DllCanUnloadNow();
 46 | }
 47 | 
 48 | // Returns a class factory to create an object of the requested type
 49 | STDAPI DllGetClassObject(REFCLSID rclsid, REFIID riid, LPVOID* ppv)
 50 | {
 51 | #ifdef _MERGE_PROXYSTUB
 52 |   if (PrxDllGetClassObject(rclsid, riid, ppv) == S_OK)
 53 |     return S_OK;
 54 | #endif //_MERGE_PROXYSTUB
 55 |   return _AtlModule.DllGetClassObject(rclsid, riid, ppv);
 56 | }
 57 | 
 58 | // DllRegisterServer - Adds entries to the system registry
 59 | STDAPI DllRegisterServer(void)
 60 | {
 61 |   // registers object, typelib and all interfaces in typelib
 62 |   HRESULT hRes = _AtlModule.DllRegisterServer();
 63 | #ifdef _MERGE_PROXYSTUB
 64 |   if (FAILED(hRes))
 65 |     return hRes;
 66 |   hRes = PrxDllRegisterServer();
 67 |   if (hRes == E_NOINTERFACE) //patch because all interfaces are local
 68 |     hRes = S_OK;
 69 | #endif //_MERGE_PROXYSTUB
 70 |   return hRes;
 71 | }
 72 | 
 73 | // DllUnregisterServer - Removes entries from the system registry
 74 | STDAPI DllUnregisterServer(void)
 75 | {
 76 |   HRESULT hRes = _AtlModule.DllUnregisterServer();
 77 | #ifdef _MERGE_PROXYSTUB
 78 |   if (FAILED(hRes))
 79 |     return hRes;
 80 |   hRes = PrxDllRegisterServer();
 81 |   if (SUCCEEDED(hRes))
 82 |     hRes = PrxDllUnregisterServer();
 83 |   else if (hRes == E_NOINTERFACE) //patch because all interfaces are local
 84 |     hRes = S_OK;
 85 | #endif //_MERGE_PROXYSTUB
 86 |   return hRes;
 87 | }
 88 | 
 89 | // DllInstall - Adds/Removes entries to the system registry per user per machine.
 90 | STDAPI DllInstall(BOOL bInstall, LPCWSTR pszCmdLine)
 91 | {
 92 |   HRESULT hRes = E_FAIL;
 93 |   static const wchar_t szUserSwitch[] = L"user";
 94 | 
 95 |   if (pszCmdLine != NULL)
 96 |   {
 97 |     if (_wcsnicmp(pszCmdLine, szUserSwitch, _countof(szUserSwitch)) == 0)
 98 |     {
 99 |       AtlSetPerUserRegistration(true);
100 |     }
101 |   }
102 |   if (bInstall)
103 |   {
104 |     hRes = DllRegisterServer();
105 |     if (FAILED(hRes))
106 |     {
107 |        DllUnregisterServer();
108 |     }
109 |   }
110 |   else
111 |   {
112 |     hRes = DllUnregisterServer();
113 |   }
114 |   return hRes;
115 | }
116 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/DotNetCoreHooks.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #pragma once
31 | 
32 | //-----------------------------------------------------------
33 | 
34 | namespace DotNetCoreHooks
35 | {
36 | 
37 | HRESULT Initialize();
38 | VOID Finalize();
39 | 
40 | }; //namespace DotNetCoreHooks
41 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/HookInfo.cpp:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #include "StdAfx.h"
31 | #include "HookLib.h"
32 | #include "HookInfo.h"
33 | 
34 | //-----------------------------------------------------------
35 | 
36 | STDMETHODIMP CNktHookInfoImpl::InterfaceSupportsErrorInfo(REFIID riid)
37 | {
38 |   static const IID* arr[] = { &IID_INktHookInfo, NULL };
39 |   SIZE_T i;
40 | 
41 |   for (i=0; arr[i]!=NULL; i++)
42 |   {
43 |     if (InlineIsEqualGUID(*arr[i], riid))
44 |       return S_OK;
45 |   }
46 |   return S_FALSE;
47 | }
48 | 
49 | STDMETHODIMP CNktHookInfoImpl::get_Id(__out LONG *hookId)
50 | {
51 |   if (hookId == NULL)
52 |     return E_POINTER;
53 |   *hookId = (LONG)(ULONG)(sInfo.nHookId);
54 |   return S_OK;
55 | }
56 | 
57 | STDMETHODIMP CNktHookInfoImpl::get_OrigProcAddr(__out my_ssize_t *procAddr)
58 | {
59 |   if (procAddr == NULL)
60 |     return E_POINTER;
61 |   *procAddr = (my_ssize_t)(sInfo.lpProcToHook);
62 |   return S_OK;
63 | }
64 | 
65 | STDMETHODIMP CNktHookInfoImpl::put_OrigProcAddr(__in my_ssize_t procAddr)
66 | {
67 |   sInfo.lpProcToHook = (LPVOID)(SIZE_T)procAddr;
68 |   return S_OK;
69 | }
70 | 
71 | STDMETHODIMP CNktHookInfoImpl::get_NewProcAddr(__out my_ssize_t *procAddr)
72 | {
73 |   if (procAddr == NULL)
74 |     return E_POINTER;
75 |   *procAddr = (my_ssize_t)(sInfo.lpNewProcAddr);
76 |   return S_OK;
77 | }
78 | 
79 | STDMETHODIMP CNktHookInfoImpl::put_NewProcAddr(__in my_ssize_t procAddr)
80 | {
81 |   sInfo.lpNewProcAddr = (LPVOID)(SIZE_T)procAddr;
82 |   return S_OK;
83 | }
84 | 
85 | STDMETHODIMP CNktHookInfoImpl::get_CallOriginalAddr(__out my_ssize_t *procAddr)
86 | {
87 |   if (procAddr == NULL)
88 |     return E_POINTER;
89 |   *procAddr = (my_ssize_t)(sInfo.lpCallOriginal);
90 |   return S_OK;
91 | }
92 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/HookInfo.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
  3 |  * All rights reserved. Contact: http://www.nektra.com
  4 |  *
  5 |  *
  6 |  * This file is part of Deviare In-Proc
  7 |  *
  8 |  *
  9 |  * Commercial License Usage
 10 |  * ------------------------
 11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
 12 |  * file in accordance with the commercial license agreement provided with the
 13 |  * Software or, alternatively, in accordance with the terms contained in
 14 |  * a written agreement between you and Nektra.  For licensing terms and
 15 |  * conditions see http://www.nektra.com/licensing/.  For further information
 16 |  * use the contact form at http://www.nektra.com/contact/.
 17 |  *
 18 |  *
 19 |  * GNU General Public License Usage
 20 |  * --------------------------------
 21 |  * Alternatively, this file may be used under the terms of the GNU
 22 |  * General Public License version 3.0 as published by the Free Software
 23 |  * Foundation and appearing in the file LICENSE.GPL included in the
 24 |  * packaging of this file.  Please review the following information to
 25 |  * ensure the GNU General Public License version 3.0 requirements will be
 26 |  * met: http://www.gnu.org/copyleft/gpl.html.
 27 |  *
 28 |  **/
 29 | 
 30 | #pragma once
 31 | 
 32 | #include "DllMain.h"
 33 | class CNktHookLibImpl;
 34 | class CNktHookInfoImpl;
 35 | 
 36 | //-----------------------------------------------------------
 37 | 
 38 | class ATL_NO_VTABLE CNktHookInfoImpl : public CComObjectRootEx<CComMultiThreadModel>,
 39 |                                        public CComCoClass<CNktHookInfoImpl, &CLSID_NktHookInfo>,
 40 |                                        public IObjectSafetyImpl<CNktHookInfoImpl, INTERFACESAFE_FOR_UNTRUSTED_CALLER>,
 41 |                                        public IDispatchImpl<INktHookInfo, &IID_INktHookInfo, &LIBID_DeviareLite, 1, 0>
 42 | {
 43 | public:
 44 |   CNktHookInfoImpl() : CComObjectRootEx<CComMultiThreadModel>(),
 45 |                        CComCoClass<CNktHookInfoImpl, &CLSID_NktHookInfo>(),
 46 |                        IObjectSafetyImpl<CNktHookInfoImpl, INTERFACESAFE_FOR_UNTRUSTED_CALLER>(),
 47 |                        IDispatchImpl<INktHookInfo, &IID_INktHookInfo, &LIBID_DeviareLite, 1, 0>()
 48 |     {
 49 |     memset(&sInfo, 0, sizeof(sInfo));
 50 |     return;
 51 |     };
 52 | 
 53 |   ~CNktHookInfoImpl()
 54 |     {
 55 |     return;
 56 |     };
 57 | 
 58 |   DECLARE_REGISTRY_RESOURCEID_EX(IDR_INTERFACEREGISTRAR, L"DeviareLite.NktHookInfo", L"1", L"NktHookInfo Class",
 59 |                                  CLSID_NktHookInfo, LIBID_DeviareLite, L"Neutral")
 60 | 
 61 |   BEGIN_COM_MAP(CNktHookInfoImpl)
 62 |     COM_INTERFACE_ENTRY(INktHookInfo)
 63 |     COM_INTERFACE_ENTRY(IDispatch)
 64 |     COM_INTERFACE_ENTRY(IObjectSafety)
 65 |     COM_INTERFACE_ENTRY_AGGREGATE(IID_IMarshal, cUnkMarshaler.p)
 66 |   END_COM_MAP()
 67 | 
 68 |   // ISupportsErrorInfo
 69 |   STDMETHOD(InterfaceSupportsErrorInfo)(REFIID riid);
 70 | 
 71 |   DECLARE_PROTECT_FINAL_CONSTRUCT()
 72 | 
 73 |   DECLARE_GET_CONTROLLING_UNKNOWN()
 74 | 
 75 |   HRESULT FinalConstruct()
 76 |     {
 77 |     HRESULT hRes = DotNetCoreHooks::Initialize();
 78 |     if (SUCCEEDED(hRes))
 79 |       hRes = ::CoCreateFreeThreadedMarshaler(GetControllingUnknown(), &(cUnkMarshaler.p));
 80 |     return hRes;
 81 |     };
 82 | 
 83 |   void FinalRelease()
 84 |     {
 85 |     cUnkMarshaler.Release();
 86 |     return;
 87 |     };
 88 | 
 89 | public:
 90 |   STDMETHOD(get_Id)(__out LONG *hookId);
 91 | 
 92 |   STDMETHOD(get_OrigProcAddr)(__out my_ssize_t *procAddr);
 93 |   STDMETHOD(put_OrigProcAddr)(__in my_ssize_t procAddr);
 94 | 
 95 |   STDMETHOD(get_NewProcAddr)(__out my_ssize_t *procAddr);
 96 |   STDMETHOD(put_NewProcAddr)(__in my_ssize_t procAddr);
 97 | 
 98 |   STDMETHOD(get_CallOriginalAddr)(__out my_ssize_t *procAddr);
 99 | 
100 | private:
101 |   friend class CNktHookLibImpl::CHookInfo;
102 | 
103 |   CNktHookLib::HOOK_INFO sInfo;
104 |   //----
105 |   CComPtr<IUnknown> cUnkMarshaler;
106 | };
107 | 
108 | //-----------------------------------------------------------
109 | 
110 | OBJECT_ENTRY_AUTO(__uuidof(NktHookInfo), CNktHookInfoImpl)
111 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/HookProcessInfo.cpp:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #include "StdAfx.h"
31 | #include "HookLib.h"
32 | #include "HookProcessInfo.h"
33 | 
34 | #pragma warning(disable: 4302 4311)
35 | 
36 | //-----------------------------------------------------------
37 | 
38 | STDMETHODIMP CNktHookProcessInfoImpl::InterfaceSupportsErrorInfo(REFIID riid)
39 | {
40 |   static const IID* arr[] = { &IID_INktHookProcessInfo, NULL };
41 |   SIZE_T i;
42 | 
43 |   for (i=0; arr[i]!=NULL; i++)
44 |   {
45 |     if (InlineIsEqualGUID(*arr[i], riid))
46 |       return S_OK;
47 |   }
48 |   return S_FALSE;
49 | }
50 | 
51 | STDMETHODIMP CNktHookProcessInfoImpl::get_ProcessHandle(__out my_ssize_t *procHandle)
52 | {
53 |   if (procHandle == NULL)
54 |     return E_POINTER;
55 |   *procHandle = (my_ssize_t)(sProcInfo.hProcess);
56 |   return S_OK;
57 | }
58 | 
59 | STDMETHODIMP CNktHookProcessInfoImpl::get_ThreadHandle(__out my_ssize_t *threadHandle)
60 | {
61 |   if (threadHandle == NULL)
62 |     return E_POINTER;
63 |   *threadHandle = (my_ssize_t)(sProcInfo.hThread);
64 |   return S_OK;
65 | }
66 | 
67 | STDMETHODIMP CNktHookProcessInfoImpl::get_ProcessId(__out LONG *pid)
68 | {
69 |   if (pid == NULL)
70 |     return E_POINTER;
71 |   *pid = (LONG)(sProcInfo.dwProcessId);
72 |   return S_OK;
73 | }
74 | 
75 | STDMETHODIMP CNktHookProcessInfoImpl::get_ThreadId(__out LONG *tid)
76 | {
77 |   if (tid == NULL)
78 |     return E_POINTER;
79 |   *tid = (LONG)(sProcInfo.dwThreadId);
80 |   return S_OK;
81 | }
82 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/HookProcessInfo.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
  3 |  * All rights reserved. Contact: http://www.nektra.com
  4 |  *
  5 |  *
  6 |  * This file is part of Deviare In-Proc
  7 |  *
  8 |  *
  9 |  * Commercial License Usage
 10 |  * ------------------------
 11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
 12 |  * file in accordance with the commercial license agreement provided with the
 13 |  * Software or, alternatively, in accordance with the terms contained in
 14 |  * a written agreement between you and Nektra.  For licensing terms and
 15 |  * conditions see http://www.nektra.com/licensing/.  For further information
 16 |  * use the contact form at http://www.nektra.com/contact/.
 17 |  *
 18 |  *
 19 |  * GNU General Public License Usage
 20 |  * --------------------------------
 21 |  * Alternatively, this file may be used under the terms of the GNU
 22 |  * General Public License version 3.0 as published by the Free Software
 23 |  * Foundation and appearing in the file LICENSE.GPL included in the
 24 |  * packaging of this file.  Please review the following information to
 25 |  * ensure the GNU General Public License version 3.0 requirements will be
 26 |  * met: http://www.gnu.org/copyleft/gpl.html.
 27 |  *
 28 |  **/
 29 | 
 30 | #pragma once
 31 | 
 32 | #include "DllMain.h"
 33 | 
 34 | //-----------------------------------------------------------
 35 | 
 36 | class ATL_NO_VTABLE CNktHookProcessInfoImpl : public CComObjectRootEx<CComMultiThreadModel>,
 37 |                                               public CComCoClass<CNktHookProcessInfoImpl, &CLSID_NktHookProcessInfo>,
 38 |                                               public IObjectSafetyImpl<CNktHookProcessInfoImpl,
 39 |                                                                        INTERFACESAFE_FOR_UNTRUSTED_CALLER>,
 40 |                                               public IDispatchImpl<INktHookProcessInfo, &IID_INktHookProcessInfo,
 41 |                                                                    &LIBID_DeviareLite, 1, 0>
 42 | {
 43 | public:
 44 |   CNktHookProcessInfoImpl() : CComObjectRootEx<CComMultiThreadModel>(),
 45 |                        CComCoClass<CNktHookProcessInfoImpl, &CLSID_NktHookProcessInfo>(),
 46 |                        IObjectSafetyImpl<CNktHookProcessInfoImpl, INTERFACESAFE_FOR_UNTRUSTED_CALLER>(),
 47 |                        IDispatchImpl<INktHookProcessInfo, &IID_INktHookProcessInfo, &LIBID_DeviareLite, 1, 0>()
 48 |     {
 49 |     memset(&sProcInfo, 0, sizeof(sProcInfo));
 50 |     return;
 51 |     };
 52 | 
 53 |   ~CNktHookProcessInfoImpl()
 54 |     {
 55 |     if (sProcInfo.hThread != NULL)
 56 |       ::CloseHandle(sProcInfo.hThread);
 57 |     if (sProcInfo.hProcess != NULL)
 58 |       ::CloseHandle(sProcInfo.hProcess);
 59 |     return;
 60 |     };
 61 | 
 62 |   DECLARE_REGISTRY_RESOURCEID_EX(IDR_INTERFACEREGISTRAR, L"DeviareLite.NktHookProcessInfo", L"1",
 63 |                                  L"NktHookProcessInfo Class", CLSID_NktHookProcessInfo, LIBID_DeviareLite, L"Neutral")
 64 | 
 65 |   BEGIN_COM_MAP(CNktHookProcessInfoImpl)
 66 |     COM_INTERFACE_ENTRY(INktHookProcessInfo)
 67 |     COM_INTERFACE_ENTRY(IDispatch)
 68 |     COM_INTERFACE_ENTRY(IObjectSafety)
 69 |     COM_INTERFACE_ENTRY_AGGREGATE(IID_IMarshal, cUnkMarshaler.p)
 70 |   END_COM_MAP()
 71 | 
 72 |   // ISupportsErrorInfo
 73 |   STDMETHOD(InterfaceSupportsErrorInfo)(REFIID riid);
 74 | 
 75 |   DECLARE_PROTECT_FINAL_CONSTRUCT()
 76 | 
 77 |   DECLARE_GET_CONTROLLING_UNKNOWN()
 78 | 
 79 |   HRESULT FinalConstruct()
 80 |     {
 81 |     HRESULT hRes = DotNetCoreHooks::Initialize();
 82 |     if (SUCCEEDED(hRes))
 83 |       hRes = ::CoCreateFreeThreadedMarshaler(GetControllingUnknown(), &(cUnkMarshaler.p));
 84 |     return hRes;
 85 |     };
 86 | 
 87 |   void FinalRelease()
 88 |     {
 89 |     cUnkMarshaler.Release();
 90 |     return;
 91 |     };
 92 | 
 93 | public:
 94 |   STDMETHOD(get_ProcessHandle)(__out my_ssize_t *procHandle);
 95 |   STDMETHOD(get_ThreadHandle)(__out my_ssize_t *threadHandle);
 96 |   STDMETHOD(get_ProcessId)(__out LONG *pid);
 97 |   STDMETHOD(get_ThreadId)(__out LONG *tid);
 98 | 
 99 | private:
100 |   friend class CNktHookLibImpl;
101 | 
102 |   PROCESS_INFORMATION sProcInfo;
103 |   //----
104 |   CComPtr<IUnknown> cUnkMarshaler;
105 | };
106 | 
107 | //-----------------------------------------------------------
108 | 
109 | OBJECT_ENTRY_NON_CREATEABLE_EX_AUTO(__uuidof(NktHookProcessInfo), CNktHookProcessInfoImpl)
110 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/InterfaceRegistrar.rgs:
--------------------------------------------------------------------------------
 1 | HKCR
 2 | {
 3 | 	%PROGID%.%VERSION% = s '%DESCRIPTION%'
 4 | 	{
 5 | 		CLSID = s '%CLSID%'
 6 | 	}
 7 | 	%PROGID% = s '%DESCRIPTION%'
 8 | 	{
 9 | 		CLSID = s '%CLSID%'
10 | 		CurVer = s '%PROGID%.%VERSION%'
11 | 	}
12 | 	NoRemove CLSID
13 | 	{
14 | 		ForceRemove %CLSID% = s '%DESCRIPTION%'
15 | 		{
16 | 			ProgID = s '%PROGID%.%VERSION%'
17 | 			VersionIndependentProgID = s '%PROGID%'
18 | 			ForceRemove 'Programmable'
19 | 			InprocServer32 = s '%MODULE%'
20 | 			{
21 | 				val ThreadingModel = s '%THREADING%'
22 | 			}
23 | 			'TypeLib' = s '%LIBID%'
24 | 		}
25 | 	}
26 | }
27 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/RegFreeCOM_Manifest_Files/DeviareLiteCOM.X.manifest:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 2 | <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 3 | 	<assemblyIdentity type="win32" name="DeviareLiteCOM" version="1.0.0.0" processorArchitecture="x86" />
 4 | 	<file name="DeviareLiteCOM.dll" hashalg="SHA1">
 5 | 		<comClass clsid="{CC78D151-6AA0-42d9-B9F1-C434CFAE695E}" tlbid="{F478CE40-7BCB-4304-8B01-2303E597312B}" description="NktHookLib Class" threadingModel="Neutral"/>
 6 | 		<comClass clsid="{74A66D3C-D6D5-4991-90FC-59F312BCD624}" tlbid="{F478CE40-7BCB-4304-8B01-2303E597312B}" description="NktHookInfo Class" threadingModel="Neutral"/>
 7 | 		<typelib tlbid="{F478CE40-7BCB-4304-8B01-2303E597312B}" resourceid="1" version="1.0" helpdir="" flags="HASDISKIMAGE"></typelib>
 8 | 	</file>
 9 | 	<comInterfaceExternalProxyStub name="INktHookLib" iid="{64D7AC93-3941-49d7-BCD9-8D697E3D277F}" tlbid="{F478CE40-7BCB-4304-8B01-2303E597312B}" baseInterface="{00000000-0000-0000-C000-000000000046}" proxyStubClsid32="{00020424-0000-0000-C000-000000000046}"/>
10 | 	<comInterfaceExternalProxyStub name="INktHookInfo" iid="{54A166F1-1D5C-45ac-8411-8E1932F21D8B}" tlbid="{F478CE40-7BCB-4304-8B01-2303E597312B}" baseInterface="{00000000-0000-0000-C000-000000000046}" proxyStubClsid32="{00020424-0000-0000-C000-000000000046}"/>
11 | </assembly>
12 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/RegFreeCOM_Manifest_Files/DeviareLiteCOM64.X.manifest:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 2 | <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 3 | 	<assemblyIdentity type="win32" name="DeviareLiteCOM64" version="1.0.0.0" processorArchitecture="amd64" />
 4 | 	<file name="DeviareLiteCOM64.dll" hashalg="SHA1">
 5 | 		<comClass clsid="{CC78D151-6AA0-42d9-B9F1-C434CFAE695E}" tlbid="{F478CE40-7BCB-4304-8B01-2303E597312B}" description="NktHookLib Class" threadingModel="Neutral"/>
 6 | 		<comClass clsid="{74A66D3C-D6D5-4991-90FC-59F312BCD624}" tlbid="{F478CE40-7BCB-4304-8B01-2303E597312B}" description="NktHookInfo Class" threadingModel="Neutral"/>
 7 | 		<typelib tlbid="{F478CE40-7BCB-4304-8B01-2303E597312B}" resourceid="1" version="1.0" helpdir="" flags="HASDISKIMAGE"></typelib>
 8 | 	</file>
 9 | 	<comInterfaceExternalProxyStub name="INktHookLib" iid="{64D7AC93-3941-49d7-BCD9-8D697E3D277F}" tlbid="{F478CE40-7BCB-4304-8B01-2303E597312B}" baseInterface="{00000000-0000-0000-C000-000000000046}" proxyStubClsid32="{00020424-0000-0000-C000-000000000046}"/>
10 | 	<comInterfaceExternalProxyStub name="INktHookInfo" iid="{54A166F1-1D5C-45ac-8411-8E1932F21D8B}" tlbid="{F478CE40-7BCB-4304-8B01-2303E597312B}" baseInterface="{00000000-0000-0000-C000-000000000046}" proxyStubClsid32="{00020424-0000-0000-C000-000000000046}"/>
11 | </assembly>
12 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/StdAfx.cpp:
--------------------------------------------------------------------------------
1 | #include "StdAfx.h"
2 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/StdAfx.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #pragma once
31 | 
32 | #define STRICT
33 | #include "TargetVer.h"
34 | #define WIN32_LEAN_AND_MEAN
35 | 
36 | #define _ATL_APARTMENT_THREADED
37 | #define _ATL_NO_AUTOMATIC_NAMESPACE
38 | #define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS	// some CString constructors will be explicit
39 | 
40 | #include "resource.h"
41 | #include <atlbase.h>
42 | #include <atlcom.h>
43 | #include <atlctl.h>
44 | #include <atlconv.h>
45 | 
46 | //-----------------------------------------------------------
47 | 
48 | using namespace ATL;
49 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/TargetVer.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #pragma once
31 | 
32 | #define WINVER 0x0501
33 | #define _WIN32_WINNT 0x0501
34 | #define _WIN32_WINDOWS 0x0410
35 | #define _WIN32_IE 0x0700
36 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/disp_ids.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | typedef [v1_enum] enum eNktDispIds {
31 |   dispidNktHookLibHook = 1,
32 |   dispidNktHookLibRemoteHook,
33 |   dispidNktHookLibUnhook,
34 |   dispidNktHookLibUnhookProcess,
35 |   dispidNktHookLibUnhookAll,
36 |   dispidNktHookLibEnableHook,
37 |   dispidNktHookLibSuspendThreadsWhileHooking,
38 |   dispidNktHookLibShowDebugOutput,
39 |   dispidNktHookLibRemoveHook,
40 |   dispidNktHookLibGetModuleBaseAddress,
41 |   dispidNktHookLibGetRemoteModuleBaseAddress,
42 |   dispidNktHookLibGetProcedureAddress,
43 |   dispidNktHookLibGetRemoteProcedureAddress,
44 |   dispidNktHookLibCreateProcessWithDll,
45 |   dispidNktHookLibCreateProcessWithLogonAndDll,
46 |   dispidNktHookLibCreateProcessWithTokenAndDll,
47 |   dispidNktHookLibInjectDll,
48 |   dispidNktHookLibInjectDllH,
49 |   //----
50 |   dispidNktHookInfoId = 1,
51 |   dispidNktHookInfoOrigProcAddr,
52 |   dispidNktHookInfoNewProcAddr,
53 |   dispidNktHookInfoCallOriginal,
54 |   //----
55 |   dispidNktHookProcessInfoProcess = 1,
56 |   dispidNktHookProcessInfoThread,
57 |   dispidNktHookProcessInfoProcessId,
58 |   dispidNktHookProcessInfoThreadId
59 | } eNktDispIds;
60 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/dlldatax.c:
--------------------------------------------------------------------------------
 1 | // wrapper for dlldata.c
 2 | 
 3 | #ifdef _MERGE_PROXYSTUB // merge proxy stub DLL
 4 | 
 5 | #define REGISTER_PROXY_DLL //DllRegisterServer, etc.
 6 | 
 7 | #include "TargetVer.h"
 8 | //#define USE_STUBLESS_PROXY	//defined only with MIDL switch /Oicf
 9 | 
10 | #pragma comment(lib, "rpcns4.lib")
11 | #pragma comment(lib, "rpcrt4.lib")
12 | 
13 | #define ENTRY_PREFIX	Prx
14 | 
15 | #include "dlldata.c"
16 | #include "DeviareLiteCOM_p.c"
17 | 
18 | #endif //_MERGE_PROXYSTUB
19 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/dlldatax.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #pragma once
31 | 
32 | #ifdef _MERGE_PROXYSTUB
33 | 
34 | extern "C" 
35 | {
36 | BOOL WINAPI PrxDllMain(HINSTANCE hInstance, DWORD dwReason, 
37 | 	LPVOID lpReserved);
38 | STDAPI PrxDllCanUnloadNow(void);
39 | STDAPI PrxDllGetClassObject(REFCLSID rclsid, REFIID riid, LPVOID* ppv);
40 | STDAPI PrxDllRegisterServer(void);
41 | STDAPI PrxDllUnregisterServer(void);
42 | }
43 | 
44 | #endif
45 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/dllmain.cpp:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #include "StdAfx.h"
31 | #include "resource.h"
32 | #include "dllmain.h"
33 | #include "dlldatax.h"
34 | #include "DeviareLiteCOM_i.c"
35 | 
36 | //-----------------------------------------------------------
37 | 
38 | CDeviareLiteCOMModule _AtlModule;
39 | HINSTANCE hDllInst;
40 | 
41 | //-----------------------------------------------------------
42 | 
43 | static LONG __stdcall ICorJitCompiler_compileMethod(__in LPVOID lpThis, __in LPVOID comp, __in LPVOID info,
44 |                                                     __in unsigned flags, __out BYTE **nativeEntry,
45 |                                                     __out ULONG *nativeSizeOfCode);
46 | 
47 | //-----------------------------------------------------------
48 | 
49 | // DLL Entry Point
50 | extern "C" BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
51 | {
52 |   if (dwReason == DLL_PROCESS_ATTACH)
53 |     hDllInst = hInstance;
54 | #ifdef _MERGE_PROXYSTUB
55 |   if (!PrxDllMain(hInstance, dwReason, lpReserved))
56 |     return FALSE;
57 | #endif
58 |   return _AtlModule.DllMain(dwReason, lpReserved);
59 | }
60 | 
61 | //-----------------------------------------------------------
62 | 
63 | CDeviareLiteCOMModule::CDeviareLiteCOMModule() : CAtlDllModuleT<CDeviareLiteCOMModule>()
64 | {
65 |   return;
66 | }
67 | 
68 | CDeviareLiteCOMModule::~CDeviareLiteCOMModule()
69 | {
70 |   DotNetCoreHooks::Finalize();
71 |   return;
72 | }
73 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/dllmain.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #pragma once
31 | 
32 | #include "resource.h"       // main symbols
33 | #include "CustomRegistryMap.h"
34 | #include "DeviareLiteCOM_h.h"
35 | #include "DotNetCoreHooks.h"
36 | #include <NktHookLib.h>
37 | 
38 | //-----------------------------------------------------------
39 | 
40 | class CDeviareLiteCOMModule : public CAtlDllModuleT<CDeviareLiteCOMModule>
41 | {
42 | public:
43 |   CDeviareLiteCOMModule();
44 |   ~CDeviareLiteCOMModule();
45 | 
46 |   DECLARE_LIBID(LIBID_DeviareLite)
47 | #ifdef _WIN64
48 |   DECLARE_REGISTRY_APPID_RESOURCEID(IDR_DEVIARELITECOM64, "{7F65AF61-32C2-4f4e-9B91-7C32910503FD}")
49 | #else //_WIN64
50 |   DECLARE_REGISTRY_APPID_RESOURCEID(IDR_DEVIARELITECOM, "{7F65AF62-32C2-4f4e-9B91-7C32910503FD}")
51 | #endif //_WIN64
52 | };
53 | 
54 | //-----------------------------------------------------------
55 | 
56 | extern class CDeviareLiteCOMModule _AtlModule;
57 | extern HINSTANCE hDllInst;
58 | 


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/idl_size_t.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #ifdef _WIN64
31 |   typedef hyper int my_ssize_t;
32 |   typedef unsigned hyper int my_size_t;
33 | #else //_WIN64
34 |   typedef long my_ssize_t;
35 |   typedef unsigned long my_size_t;
36 | #endif //_WIN64


--------------------------------------------------------------------------------
/DeviareLiteCOM/src/resource.h:
--------------------------------------------------------------------------------
 1 | //{{NO_DEPENDENCIES}}
 2 | // Microsoft Visual C++ generated include file.
 3 | // Used by DeviareLiteCOM.rc
 4 | //
 5 | #define IDR_INTERFACEREGISTRAR       201
 6 | #define IDR_DEVIARELITECOM           202
 7 | #define IDR_DEVIARELITECOM64         203
 8 | 
 9 | // Next default values for new objects
10 | // 
11 | #ifdef APSTUDIO_INVOKED
12 | #ifndef APSTUDIO_READONLY_SYMBOLS
13 | #define _APS_NEXT_RESOURCE_VALUE        204
14 | #define _APS_NEXT_COMMAND_VALUE         32768
15 | #define _APS_NEXT_CONTROL_VALUE         201
16 | #define _APS_NEXT_SYMED_VALUE           104
17 | #endif
18 | #endif
19 | 


--------------------------------------------------------------------------------
/DeviareLiteInterop/DeviareLiteInterop_2019.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="15.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{AD8D0F36-E576-4249-8523-EA84FE5A4E47}</ProjectGuid>
 8 |     <OutputType>Library</OutputType>
 9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
10 |     <RootNamespace>DeviareLiteInterop</RootNamespace>
11 |     <AssemblyName>DeviareLiteInterop</AssemblyName>
12 |     <TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>
13 |     <FileAlignment>512</FileAlignment>
14 |     <TargetFrameworkProfile />
15 |     <BaseIntermediateOutputPath>..\obj\2019\Interop\$(Configuration)\$(Platform)</BaseIntermediateOutputPath>
16 |     <IntermediateOutputPath>$(BaseIntermediateOutputPath)\</IntermediateOutputPath>
17 |   </PropertyGroup>
18 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
19 |     <DebugSymbols>true</DebugSymbols>
20 |     <DebugType>full</DebugType>
21 |     <Optimize>false</Optimize>
22 |     <OutputPath>..\bin64\2019\</OutputPath>
23 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
24 |     <ErrorReport>prompt</ErrorReport>
25 |     <WarningLevel>4</WarningLevel>
26 |     <UseVSHostingProcess>false</UseVSHostingProcess>
27 |     <BaseIntermediateOutputPath>..\obj\2019\Interop\$(Configuration)\$(Platform)</BaseIntermediateOutputPath>
28 |     <IntermediateOutputPath>$(BaseIntermediateOutputPath)\</IntermediateOutputPath>
29 |     <Prefer32Bit>false</Prefer32Bit>
30 |   </PropertyGroup>
31 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
32 |     <DebugType>pdbonly</DebugType>
33 |     <Optimize>true</Optimize>
34 |     <OutputPath>..\bin64\2019\</OutputPath>
35 |     <DefineConstants>TRACE</DefineConstants>
36 |     <ErrorReport>prompt</ErrorReport>
37 |     <WarningLevel>4</WarningLevel>
38 |     <UseVSHostingProcess>false</UseVSHostingProcess>
39 |     <BaseIntermediateOutputPath>..\obj\2019\Interop\$(Configuration)\$(Platform)</BaseIntermediateOutputPath>
40 |     <IntermediateOutputPath>$(BaseIntermediateOutputPath)\</IntermediateOutputPath>
41 |     <Prefer32Bit>false</Prefer32Bit>
42 |   </PropertyGroup>
43 |   <ItemGroup>
44 |     <Reference Include="System" />
45 |   </ItemGroup>
46 |   <ItemGroup>
47 |     <Compile Include="src\DeviareLite.cs" />
48 |     <Compile Include="src\Properties\AssemblyInfo.cs" />
49 |   </ItemGroup>
50 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
51 |   <PropertyGroup>
52 |     <PostBuildEvent>
53 |     </PostBuildEvent>
54 |   </PropertyGroup>
55 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
56 |        Other similar extension points exist, see Microsoft.Common.targets.
57 |   <Target Name="BeforeBuild">
58 |   </Target>
59 |   <Target Name="AfterBuild">
60 |   </Target>
61 |   -->
62 | </Project>


--------------------------------------------------------------------------------
/DeviareLiteInterop/src/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | using System.Reflection;
31 | using System.Runtime.CompilerServices;
32 | using System.Runtime.InteropServices;
33 | 
34 | // General Information about an assembly is controlled through the following 
35 | // set of attributes. Change these attribute values to modify the information
36 | // associated with an assembly.
37 | [assembly: AssemblyTitle("DeviareLiteInterop")]
38 | [assembly: AssemblyDescription("")]
39 | [assembly: AssemblyConfiguration("")]
40 | [assembly: AssemblyCompany("")]
41 | [assembly: AssemblyProduct("DeviareLiteInterop")]
42 | [assembly: AssemblyCopyright("Copyright ©  2015")]
43 | [assembly: AssemblyTrademark("")]
44 | [assembly: AssemblyCulture("")]
45 | 
46 | // Setting ComVisible to false makes the types in this assembly not visible 
47 | // to COM components.  If you need to access a type in this assembly from 
48 | // COM, set the ComVisible attribute to true on that type.
49 | [assembly: ComVisible(false)]
50 | 
51 | // The following GUID is for the ID of the typelib if this project is exposed to COM
52 | [assembly: Guid("7d20cddc-ca9f-4da9-bcbd-99a1e72566fa")]
53 | 
54 | // Version information for an assembly consists of the following four values:
55 | //
56 | //      Major Version
57 | //      Minor Version 
58 | //      Build Number
59 | //      Revision
60 | //
61 | // You can specify all the values or you can default the Build and Revision Numbers 
62 | // by using the '*' as shown below:
63 | // [assembly: AssemblyVersion("1.0.*")]
64 | [assembly: AssemblyVersion("1.0.0.0")]
65 | [assembly: AssemblyFileVersion("1.0.0.0")]
66 | 


--------------------------------------------------------------------------------
/Examples/Base64Decode.ps1:
--------------------------------------------------------------------------------
1 | $base64String = "SGVsbG8gV29ybGQh"
2 | 
3 | $bytes = [System.Convert]::FromBase64String($base64String)
4 | 
5 | $decodedString = [System.Text.Encoding]::UTF8.GetString($bytes)
6 | 
7 | 


--------------------------------------------------------------------------------
/Examples/IEX.ps1:
--------------------------------------------------------------------------------
1 | $base64Command = 'V3JpdGUtSG9zdCBIZWxsb1dvcmxk'
2 | 
3 | $decodedBytes = [System.Convert]::FromBase64String($base64Command)
4 | 
5 | $decodedCommand = [System.Text.Encoding]::UTF8.GetString($decodedBytes)
6 | 
7 | iex $decodedCommand
8 | 


--------------------------------------------------------------------------------
/NktHookLib/NktHookLib_2019.vcxproj.filters:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup>
  4 |     <ClCompile Include="src\HookEntry.cpp">
  5 |       <Filter>Source Files</Filter>
  6 |     </ClCompile>
  7 |     <ClCompile Include="src\NktHookLib.cpp">
  8 |       <Filter>Source Files</Filter>
  9 |     </ClCompile>
 10 |     <ClCompile Include="src\ProcessEntry.cpp">
 11 |       <Filter>Source Files</Filter>
 12 |     </ClCompile>
 13 |     <ClCompile Include="src\ThreadSuspend.cpp">
 14 |       <Filter>Source Files</Filter>
 15 |     </ClCompile>
 16 |     <ClCompile Include="src\WaitableObjects.cpp">
 17 |       <Filter>Source Files</Filter>
 18 |     </ClCompile>
 19 |     <ClCompile Include="src\libudis86\amalgamation.c">
 20 |       <Filter>Source Files\LibUDIS</Filter>
 21 |     </ClCompile>
 22 |     <ClCompile Include="src\libudis86\GetInstructionLength.cpp">
 23 |       <Filter>Source Files\LibUDIS</Filter>
 24 |     </ClCompile>
 25 |     <ClCompile Include="src\NktHookLibHelpers.cpp">
 26 |       <Filter>Source Files</Filter>
 27 |     </ClCompile>
 28 |     <ClCompile Include="src\NtSysCallGen.cpp">
 29 |       <Filter>Source Files</Filter>
 30 |     </ClCompile>
 31 |     <ClCompile Include="src\DynamicApiFinder.cpp">
 32 |       <Filter>Source Files</Filter>
 33 |     </ClCompile>
 34 |     <ClCompile Include="src\DynamicNtApi.cpp">
 35 |       <Filter>Source Files</Filter>
 36 |     </ClCompile>
 37 |     <ClCompile Include="src\ProcessInjection.cpp">
 38 |       <Filter>Source Files</Filter>
 39 |     </ClCompile>
 40 |     <ClCompile Include="src\RelocatableCode.cpp">
 41 |       <Filter>Source Files</Filter>
 42 |     </ClCompile>
 43 |     <ClCompile Include="src\Wow64.cpp">
 44 |       <Filter>Source Files</Filter>
 45 |     </ClCompile>
 46 |   </ItemGroup>
 47 |   <ItemGroup>
 48 |     <ClInclude Include="..\Include\NktHookLib.h">
 49 |       <Filter>Header Files</Filter>
 50 |     </ClInclude>
 51 |     <ClInclude Include="src\HookEntry.h">
 52 |       <Filter>Header Files</Filter>
 53 |     </ClInclude>
 54 |     <ClInclude Include="src\LinkedList.h">
 55 |       <Filter>Header Files</Filter>
 56 |     </ClInclude>
 57 |     <ClInclude Include="src\ProcessEntry.h">
 58 |       <Filter>Header Files</Filter>
 59 |     </ClInclude>
 60 |     <ClInclude Include="src\ThreadSuspend.h">
 61 |       <Filter>Header Files</Filter>
 62 |     </ClInclude>
 63 |     <ClInclude Include="src\WaitableObjects.h">
 64 |       <Filter>Header Files</Filter>
 65 |     </ClInclude>
 66 |     <ClInclude Include="src\libudis86\amalgamation_defines.h">
 67 |       <Filter>Header Files\LibUDIS</Filter>
 68 |     </ClInclude>
 69 |     <ClInclude Include="src\NtHeapBaseObj.h">
 70 |       <Filter>Header Files</Filter>
 71 |     </ClInclude>
 72 |     <ClInclude Include="src\DynamicNtApi.h">
 73 |       <Filter>Header Files</Filter>
 74 |     </ClInclude>
 75 |     <ClInclude Include="src\NtApiDeclarations.h">
 76 |       <Filter>Header Files</Filter>
 77 |     </ClInclude>
 78 |     <ClInclude Include="src\RelocatableCode.h">
 79 |       <Filter>Header Files</Filter>
 80 |     </ClInclude>
 81 |     <ClInclude Include="src\AutoPtr.h">
 82 |       <Filter>Header Files</Filter>
 83 |     </ClInclude>
 84 |     <ClInclude Include="src\Wow64.h">
 85 |       <Filter>Header Files</Filter>
 86 |     </ClInclude>
 87 |   </ItemGroup>
 88 |   <ItemGroup>
 89 |     <None Include="..\LICENSE.GPL" />
 90 |   </ItemGroup>
 91 |   <ItemGroup>
 92 |     <Filter Include="Header Files">
 93 |       <UniqueIdentifier>{5913e564-350e-4d53-84c4-71d2b5fe078a}</UniqueIdentifier>
 94 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
 95 |     </Filter>
 96 |     <Filter Include="Header Files\LibUDIS">
 97 |       <UniqueIdentifier>{74420bda-6c73-4631-9bb6-232994472827}</UniqueIdentifier>
 98 |     </Filter>
 99 |     <Filter Include="Source Files">
100 |       <UniqueIdentifier>{4821e18f-d78e-4641-9363-6466c86f9846}</UniqueIdentifier>
101 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
102 |     </Filter>
103 |     <Filter Include="Source Files\LibUDIS">
104 |       <UniqueIdentifier>{0a9f1e1d-d59b-469d-97f3-f2f833030445}</UniqueIdentifier>
105 |     </Filter>
106 |     <Filter Include="Source Files\Asm">
107 |       <UniqueIdentifier>{70214cbd-444b-4907-9c56-a3de97bf5804}</UniqueIdentifier>
108 |     </Filter>
109 |   </ItemGroup>
110 |   <ItemGroup>
111 |     <CustomBuild Include="src\Asm\Helpers_x86.asm">
112 |       <Filter>Source Files\Asm</Filter>
113 |     </CustomBuild>
114 |     <CustomBuild Include="src\Asm\Helpers_x64.asm">
115 |       <Filter>Source Files\Asm</Filter>
116 |     </CustomBuild>
117 |     <CustomBuild Include="src\Asm\RelocatableCode_x64.asm">
118 |       <Filter>Source Files\Asm</Filter>
119 |     </CustomBuild>
120 |     <CustomBuild Include="src\Asm\RelocatableCode_x86.asm">
121 |       <Filter>Source Files\Asm</Filter>
122 |     </CustomBuild>
123 |   </ItemGroup>
124 | </Project>


--------------------------------------------------------------------------------
/NktHookLib/NktHookLib_2019.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/NktHookLib/Src/AutoPtr.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
  3 |  * All rights reserved. Contact: http://www.nektra.com
  4 |  *
  5 |  *
  6 |  * This file is part of Deviare In-Proc
  7 |  *
  8 |  *
  9 |  * Commercial License Usage
 10 |  * ------------------------
 11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
 12 |  * file in accordance with the commercial license agreement provided with the
 13 |  * Software or, alternatively, in accordance with the terms contained in
 14 |  * a written agreement between you and Nektra.  For licensing terms and
 15 |  * conditions see http://www.nektra.com/licensing/.  For further information
 16 |  * use the contact form at http://www.nektra.com/contact/.
 17 |  *
 18 |  *
 19 |  * GNU General Public License Usage
 20 |  * --------------------------------
 21 |  * Alternatively, this file may be used under the terms of the GNU
 22 |  * General Public License version 3.0 as published by the Free Software
 23 |  * Foundation and appearing in the file LICENSE.GPL included in the
 24 |  * packaging of this file.  Please review the following information to
 25 |  * ensure the GNU General Public License version 3.0 requirements will be
 26 |  * met: http://www.gnu.org/copyleft/gpl.html.
 27 |  *
 28 |  **/
 29 | 
 30 | #ifndef _NKT_HOOKLIB_AUTOPTR_H
 31 | #define _NKT_HOOKLIB_AUTOPTR_H
 32 | 
 33 | #include <windows.h>
 34 | #include "NtHeapBaseObj.h"
 35 | 
 36 | namespace NktHookLib {
 37 | namespace Internals {
 38 | 
 39 | //-----------------------------------------------------------
 40 | 
 41 | template <class T>
 42 | class TNktAutoPtrBase : public CNktNtHeapBaseObj
 43 | {
 44 | protected:
 45 |   TNktAutoPtrBase() : CNktNtHeapBaseObj()
 46 |     {
 47 |     lpPtr = NULL;
 48 |     return;
 49 |     };
 50 | 
 51 |   TNktAutoPtrBase(__in T* _lpPtr) : CNktNtHeapBaseObj()
 52 |     {
 53 |     lpPtr = _lpPtr;
 54 |     return;
 55 |     };
 56 | 
 57 | public:
 58 |   T* Get()
 59 |     {
 60 |     return lpPtr;
 61 |     };
 62 | 
 63 |   VOID Reset()
 64 |     {
 65 |     if (lpPtr != NULL)
 66 |     {
 67 |       Delete(lpPtr);
 68 |       lpPtr = NULL;
 69 |     }
 70 |     return;
 71 |     };
 72 | 
 73 |   operator T*() const
 74 |     {
 75 |     return lpPtr;
 76 |     };
 77 | 
 78 |   T& operator*() const
 79 |     {
 80 |     NKT_ASSERT(lpPtr != NULL);
 81 |     return *lpPtr;
 82 |     };
 83 | 
 84 |   //The assert on operator& usually indicates a bug.  If this is really
 85 |   //what is needed, however, take the address of the lpPtr member explicitly.
 86 |   T** operator&()
 87 |     {
 88 |     NKT_ASSERT(lpPtr == NULL);
 89 |     return &lpPtr;
 90 |     };
 91 | 
 92 |   T* operator->() const
 93 |     {
 94 |     NKT_ASSERT(lpPtr != NULL);
 95 |     return lpPtr;
 96 |     };
 97 | 
 98 |   T* operator=(__in T* _lpPtr)
 99 |     {
100 |     if (_lpPtr != lpPtr)
101 |       Attach(_lpPtr);
102 |     return _lpPtr;
103 |     };
104 | 
105 |   BOOL operator!() const
106 |     {
107 |     return (lpPtr == NULL) ? TRUE : FALSE;
108 |     };
109 | 
110 |   BOOL operator==(__in T* _lpPtr) const
111 |     {
112 |     return (lpPtr == _lpPtr) ? TRUE : FALSE;
113 |     };
114 | 
115 |   VOID Attach(__in T* _lpPtr)
116 |     {
117 |     if (lpPtr != NULL)
118 |       Delete(lpPtr);
119 |     lpPtr = _lpPtr;
120 |     return;
121 |   };
122 | 
123 |   T* Detach()
124 |     {
125 |     T* _lpPtr = lpPtr;
126 |     lpPtr = NULL;
127 |     return _lpPtr;
128 |     };
129 | 
130 | protected:
131 |   virtual VOID Delete(__inout T *lpObj)
132 |     { };
133 | 
134 | protected:
135 |   T *lpPtr;
136 | };
137 | 
138 | //-----------------------------------------------------------
139 | 
140 | template <class T>
141 | class TNktAutoFreePtr : public TNktAutoPtrBase<T>
142 | {
143 | public:
144 |   TNktAutoFreePtr() : TNktAutoPtrBase<T>()
145 |     {
146 |     return;
147 |     };
148 | 
149 |   ~TNktAutoFreePtr()
150 |     {
151 |     if (lpPtr != NULL)
152 |       Delete(lpPtr);
153 |     };
154 | 
155 | protected:
156 |   VOID Delete(__inout T *lpObj)
157 |     {
158 |     NktHookLibHelpers::MemFree(lpObj);
159 |     return;
160 |     };
161 | };
162 | 
163 | //-----------------------------------------------------------
164 | 
165 | template <class T>
166 | class TNktAutoDeletePtr : public TNktAutoPtrBase<T>
167 | {
168 | public:
169 |   TNktAutoDeletePtr() : TNktAutoPtrBase<T>()
170 |     {
171 |     return;
172 |     };
173 | 
174 |   ~TNktAutoDeletePtr()
175 |     {
176 |     if (lpPtr != NULL)
177 |       Delete(lpPtr);
178 |     return;
179 |     };
180 | 
181 | protected:
182 |   VOID Delete(__inout T *lpObj)
183 |     {
184 |     delete lpObj;
185 |     return;
186 |     };
187 | };
188 | 
189 | //-----------------------------------------------------------
190 | 
191 | template <class T>
192 | class TNktAutoDeleteArrayPtr : public TNktAutoPtrBase<T>
193 | {
194 | public:
195 |   TNktAutoDeleteArrayPtr() : TNktAutoPtrBase<T>()
196 |     {
197 |     return;
198 |     };
199 | 
200 |   ~TNktAutoDeleteArrayPtr()
201 |     {
202 |     if (lpPtr != NULL)
203 |       Delete(lpPtr);
204 |     return;
205 |     };
206 | 
207 | protected:
208 |   VOID Delete(__inout T *lpObj)
209 |     {
210 |     delete [] lpObj;
211 |     return;
212 |     }
213 | };
214 | 
215 | //-----------------------------------------------------------
216 | 
217 | } //Internals
218 | } //NktHookLib
219 | 
220 | #endif //_NKT_HOOKLIB_AUTOPTR_H
221 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/HookEntry.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #ifndef _NKT_HOOKLIB_HOOKENTRY_H
31 | #define _NKT_HOOKLIB_HOOKENTRY_H
32 | 
33 | #include <NktHookLib.h>
34 | #include "LinkedList.h"
35 | #include "ProcessEntry.h"
36 | #include "NtHeapBaseObj.h"
37 | 
38 | namespace NktHookLib {
39 | namespace Internals {
40 | 
41 | //-----------------------------------------------------------
42 | 
43 | #define HOOKENG_MAX_ORIGINAL_STUB_SIZE                    64
44 | #define HOOKENG_MAX_STUB_SIZE                             64
45 | 
46 | //-----------------------------------------------------------
47 | 
48 | class CHookEntry : public TNktLnkLstNode<CHookEntry>, public CNktNtHeapBaseObj
49 | {
50 | public:
51 |   CHookEntry(__in CProcessesHandles::CEntry *lpProcEntry, __in DWORD dwFlags);
52 |   ~CHookEntry();
53 | 
54 |   LPBYTE SkipJumpInstructions(__in LPBYTE lpPtr);
55 | 
56 |   DWORD CreateStub(__in BOOL bOutputDebug);
57 | 
58 |   SIZE_T GetJumpToHookBytes()
59 |     {
60 |     if ((dwFlags & NKTHOOKLIB_UseAbsoluteIndirectJumps) != 0)
61 |       return 6;
62 |     return 5;
63 |     };
64 | 
65 | private:
66 |   friend class CNktHookLib;
67 | 
68 |   VOID ZeroFields();
69 | 
70 |   SIZE_T nId;
71 |   LPBYTE lpOrigProc;
72 |   LPBYTE lpNewProc;
73 |   LPBYTE lpCall2Orig;
74 |   LPBYTE lpInjCode;
75 |   LPBYTE lpInjData;
76 |   SIZE_T nInjCodeAndDataSize;
77 |   BYTE aOriginalStub[HOOKENG_MAX_ORIGINAL_STUB_SIZE], aNewStub[HOOKENG_MAX_STUB_SIZE];
78 |   BYTE aJumpStub[8];
79 |   SIZE_T nOriginalStubSize, nNewStubSize;
80 |   SIZE_T nInstalledCode;
81 |   DWORD dwFlags;
82 |   CProcessesHandles::CEntryPtr cProcEntry;
83 | };
84 | 
85 | //-----------------------------------------------------------
86 | 
87 | } //Internals
88 | } //NktHookLib
89 | 
90 | #endif //_NKT_HOOKLIB_HOOKENTRY_H
91 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/NtHeapBaseObj.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #ifndef _NKT_HOOKLIB_NTHEAPBASEOBJ_H
31 | #define _NKT_HOOKLIB_NTHEAPBASEOBJ_H
32 | 
33 | #include <NktHookLib.h>
34 | 
35 | namespace NktHookLib {
36 | namespace Internals {
37 | 
38 | //-----------------------------------------------------------
39 | 
40 | #ifndef NKT_ASSERT
41 |   #ifdef _DEBUG
42 |     #define NKT_ASSERT(x) if (!(x)) __debugbreak();
43 |   #else
44 |     #define NKT_ASSERT(x)
45 |   #endif //_DEBUG
46 | #endif //!NKT_ASSERT
47 | 
48 | 
49 | class CNktNtHeapBaseObj
50 | {
51 | public:
52 |   void* __cdecl operator new(__in size_t nSize)
53 |     {
54 |     return NktHookLibHelpers::MemAlloc(nSize);
55 |     };
56 |   void* __cdecl operator new[](__in size_t nSize)
57 |     {
58 |     return NktHookLibHelpers::MemAlloc(nSize);
59 |     };
60 |   void* __cdecl operator new(__in size_t nSize, __inout void* lpInPlace)
61 |     {
62 |     return lpInPlace;
63 |     };
64 | 
65 |   void __cdecl operator delete(__inout void* p)
66 |     {
67 |     NktHookLibHelpers::MemFree(p);
68 |     return;
69 |     };
70 |   void __cdecl operator delete[](__inout void* p)
71 |     {
72 |     NktHookLibHelpers::MemFree(p);
73 |     return;
74 |     };
75 | #if _MSC_VER >= 1200
76 |   void __cdecl operator delete(__inout void* p, __inout void* lpPlace)
77 |     {
78 |     return;
79 |     };
80 | #endif //_MSC_VER >= 1200
81 | };
82 | 
83 | //-----------------------------------------------------------
84 | 
85 | } //Internals
86 | } //NktHookLib
87 | 
88 | #endif //_NKT_HOOKLIB_NTHEAPBASEOBJ_H
89 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/RelocatableCode.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #ifndef _NKT_HOOKLIB_RELOCATABLECODE_H
31 | #define _NKT_HOOKLIB_RELOCATABLECODE_H
32 | 
33 | #include <NktHookLib.h>
34 | 
35 | namespace NktHookLib {
36 | namespace Internals {
37 | namespace RelocatableCode {
38 | 
39 | //-----------------------------------------------------------
40 | 
41 | typedef struct {
42 |   SIZE_T nOffset_GetModuleBaseAddress;
43 |   SIZE_T nOffset_GetProcedureAddress;
44 | } GETMODULEANDPROCADDR_DATA;
45 | 
46 | //-----------------------------------------------------------
47 | 
48 | SIZE_T GetModuleAndProcAddr_GetSize(__in LONG nPlatform);
49 | LPBYTE GetModuleAndProcAddr_GetCode(__in LONG nPlatform, __out GETMODULEANDPROCADDR_DATA &sAddresses);
50 | 
51 | SIZE_T InjectDllInNewProcess_GetSize(__in LONG nPlatform);
52 | LPBYTE InjectDllInNewProcess_GetCode(__in LONG nPlatform);
53 | 
54 | SIZE_T InjectDllInRunningProcess_GetSize(__in LONG nPlatform);
55 | LPBYTE InjectDllInRunningProcess_GetCode(__in LONG nPlatform);
56 | 
57 | SIZE_T WaitForEventAtStartup_GetSize(__in LONG nPlatform);
58 | LPBYTE WaitForEventAtStartup_GetCode(__in LONG nPlatform);
59 | 
60 | //-----------------------------------------------------------
61 | 
62 | } //RelocatableCode
63 | } //Internals
64 | } //NktHookLib
65 | 
66 | #endif //_NKT_HOOKLIB_RELOCATABLECODE_H
67 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/ThreadSuspend.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
  3 |  * All rights reserved. Contact: http://www.nektra.com
  4 |  *
  5 |  *
  6 |  * This file is part of Deviare In-Proc
  7 |  *
  8 |  *
  9 |  * Commercial License Usage
 10 |  * ------------------------
 11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
 12 |  * file in accordance with the commercial license agreement provided with the
 13 |  * Software or, alternatively, in accordance with the terms contained in
 14 |  * a written agreement between you and Nektra.  For licensing terms and
 15 |  * conditions see http://www.nektra.com/licensing/.  For further information
 16 |  * use the contact form at http://www.nektra.com/contact/.
 17 |  *
 18 |  *
 19 |  * GNU General Public License Usage
 20 |  * --------------------------------
 21 |  * Alternatively, this file may be used under the terms of the GNU
 22 |  * General Public License version 3.0 as published by the Free Software
 23 |  * Foundation and appearing in the file LICENSE.GPL included in the
 24 |  * packaging of this file.  Please review the following information to
 25 |  * ensure the GNU General Public License version 3.0 requirements will be
 26 |  * met: http://www.gnu.org/copyleft/gpl.html.
 27 |  *
 28 |  **/
 29 | 
 30 | #ifndef _NKT_THREADSUSPEND_H
 31 | #define _NKT_THREADSUSPEND_H
 32 | 
 33 | #include <NktHookLib.h>
 34 | 
 35 | namespace NktHookLib {
 36 | namespace Internals {
 37 | 
 38 | //-----------------------------------------------------------
 39 | 
 40 | class CNktThreadSuspend
 41 | {
 42 | public:
 43 |   typedef struct {
 44 |     SIZE_T nStart, nEnd;
 45 |   } IP_RANGE;
 46 | 
 47 |   CNktThreadSuspend();
 48 |   ~CNktThreadSuspend();
 49 | 
 50 |   DWORD SuspendAll(__in DWORD dwPid, __in IP_RANGE *lpRanges, __in SIZE_T nRangesCount);
 51 |   VOID ResumeAll();
 52 | 
 53 |   BOOL CheckIfThreadIsInRange(__in SIZE_T nStart, __in SIZE_T nEnd);
 54 | 
 55 |   class CAutoResume
 56 |   {
 57 |   public:
 58 |     CAutoResume(__in CNktThreadSuspend *_lpThreadSuspend)
 59 |       {
 60 |       lpThreadSuspend = _lpThreadSuspend;
 61 |       return;
 62 |       };
 63 | 
 64 |     ~CAutoResume()
 65 |       {
 66 |       lpThreadSuspend->ResumeAll();
 67 |       return;
 68 |       };
 69 | 
 70 |   private:
 71 |     CNktThreadSuspend *lpThreadSuspend;
 72 |   };
 73 | 
 74 | private:
 75 |   typedef struct {
 76 |     DWORD dwTid;
 77 |     HANDLE hThread;
 78 |     SIZE_T nCurrIP;
 79 |   } THREAD_ITEM, *LPTHREAD_ITEM;
 80 | 
 81 |   DWORD EnumProcessThreads(__in DWORD dwPid, __in HANDLE hProcess, __out SIZE_T *lpnEnumMethod,
 82 |                            __out LPDWORD lpdwSessionId);
 83 |   BOOL GrowCheckProcessThreadsMem();
 84 |   DWORD CheckProcessThreads(__in DWORD dwPid, __in SIZE_T nEnumMethod, __in DWORD dwSessionId);
 85 |   BOOL GetProcessSessionId(__in HANDLE hProcess, __out LPDWORD lpdwSessionId);
 86 | 
 87 |   DWORD IsCurrentProcessLowIntegrity(__out BOOL *lpbProcessIsLow);
 88 | 
 89 | private:
 90 |   struct {
 91 |     LPTHREAD_ITEM lpList;
 92 |     SIZE_T nCount;
 93 |   } sSuspendedTids;
 94 |   //----
 95 |   struct {
 96 |     LPBYTE lpMem;
 97 |     SIZE_T nSize;
 98 |   } sCheckThreads;
 99 | };
100 | 
101 | //-----------------------------------------------------------
102 | 
103 | } //Internals
104 | } //NktHookLib
105 | 
106 | #endif //_NKT_THREADSUSPEND_H
107 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/GetInstructionLength.cpp:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #include <NktHookLib.h>
31 | 
32 | extern "C" {
33 |   #include "stdint.h"
34 |   #include "amalgamation_defines.h"
35 |   #include "source\libudis86\types.h"
36 |   #include "source\libudis86\extern.h"
37 |   #include "tables\itab.h"
38 | };
39 | 
40 | //-----------------------------------------------------------
41 | 
42 | namespace NktHookLibHelpers {
43 | 
44 | SIZE_T GetInstructionLength(__in LPVOID lpAddr, __in SIZE_T nSize, __in BYTE nPlatformBits,
45 |                             __out_opt BOOL *lpbIsMemOp, __out_z_opt LPSTR szBufA, __in SIZE_T nBufLen)
46 | {
47 |   SIZE_T nLen;
48 |   ud_t ud_obj;
49 |   ud_operand_t *lpUdOp;
50 | 
51 |   if (lpbIsMemOp != NULL)
52 |     *lpbIsMemOp = FALSE;
53 |   NktHookLib_ud_init(&ud_obj);
54 |   NktHookLib_ud_set_mode(&ud_obj, (uint8_t)nPlatformBits);
55 |   NktHookLib_ud_set_input_buffer(&ud_obj, (LPBYTE)lpAddr, nSize);
56 |   if (szBufA != NULL && nBufLen > 0)
57 |   {
58 |     NktHookLib_ud_set_syntax(&ud_obj, UD_SYN_INTEL);
59 |     NktHookLib_ud_set_asm_buffer(&ud_obj, szBufA, nBufLen);
60 |   }
61 |   else
62 |   {
63 |     NktHookLib_ud_set_syntax(&ud_obj, NULL);
64 |   }
65 |   nLen = (SIZE_T)NktHookLib_ud_disassemble(&ud_obj);
66 |   if (nLen > 0 && lpbIsMemOp != NULL)
67 |   {
68 |     lpUdOp = const_cast<ud_operand_t *>(NktHookLib_ud_insn_opr(&ud_obj, 0));
69 |     if (lpUdOp != NULL && lpUdOp->type == UD_OP_MEM)
70 |       *lpbIsMemOp = TRUE;
71 |     lpUdOp = const_cast<ud_operand_t *>(NktHookLib_ud_insn_opr(&ud_obj, 1));
72 |     if (lpUdOp != NULL && lpUdOp->type == UD_OP_MEM)
73 |       *lpbIsMemOp = TRUE;
74 |   }
75 |   return nLen;
76 | }
77 | 
78 | } //NktHookLibHelpers
79 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/amalgamation_defines.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (C) 2010-2015 Nektra S.A., Buenos Aires, Argentina.
 3 |  * All rights reserved. Contact: http://www.nektra.com
 4 |  *
 5 |  *
 6 |  * This file is part of Deviare In-Proc
 7 |  *
 8 |  *
 9 |  * Commercial License Usage
10 |  * ------------------------
11 |  * Licensees holding valid commercial Deviare In-Proc licenses may use this
12 |  * file in accordance with the commercial license agreement provided with the
13 |  * Software or, alternatively, in accordance with the terms contained in
14 |  * a written agreement between you and Nektra.  For licensing terms and
15 |  * conditions see http://www.nektra.com/licensing/.  For further information
16 |  * use the contact form at http://www.nektra.com/contact/.
17 |  *
18 |  *
19 |  * GNU General Public License Usage
20 |  * --------------------------------
21 |  * Alternatively, this file may be used under the terms of the GNU
22 |  * General Public License version 3.0 as published by the Free Software
23 |  * Foundation and appearing in the file LICENSE.GPL included in the
24 |  * packaging of this file.  Please review the following information to
25 |  * ensure the GNU General Public License version 3.0 requirements will be
26 |  * met: http://www.gnu.org/copyleft/gpl.html.
27 |  *
28 |  **/
29 | 
30 | #define __UD_STANDALONE__
31 | #undef UD_DEBUG
32 | 
33 | #define ud_itab                     NktHookLib_ud_itab
34 | #define ud_lookup_table_list        NktHookLib_ud_lookup_table_list
35 | #define ud_reg_tab                  NktHookLib_ud_reg_tab
36 | 
37 | #define ud_inp_init                 NktHookLib_ud_inp_init
38 | #define ud_syn_rel_target           NktHookLib_ud_syn_rel_target
39 | #define ud_asmprintf                NktHookLib_ud_asmprintf
40 | #define ud_syn_print_addr           NktHookLib_ud_syn_print_addr
41 | #define ud_syn_print_imm            NktHookLib_ud_syn_print_imm
42 | #define ud_syn_print_mem_disp       NktHookLib_ud_syn_print_mem_disp
43 | #define ud_init                     NktHookLib_ud_init
44 | #define ud_set_mode                 NktHookLib_ud_set_mode
45 | #define ud_set_pc                   NktHookLib_ud_set_pc
46 | #define ud_set_input_hook           NktHookLib_ud_set_input_hook
47 | #define ud_set_input_buffer         NktHookLib_ud_set_input_buffer
48 | #define ud_set_input_file           NktHookLib_ud_set_input_file
49 | #define ud_set_vendor               NktHookLib_ud_set_vendor
50 | #define ud_set_syntax               NktHookLib_ud_set_syntax
51 | #define ud_input_skip               NktHookLib_ud_input_skip
52 | #define ud_input_end                NktHookLib_ud_input_end
53 | #define ud_decode                   NktHookLib_ud_decode
54 | #define ud_disassemble              NktHookLib_ud_disassemble
55 | #define ud_translate_intel          NktHookLib_ud_translate_intel
56 | #define ud_translate_att            NktHookLib_ud_translate_att
57 | #define ud_insn_asm                 NktHookLib_ud_insn_asm
58 | #define ud_insn_ptr                 NktHookLib_ud_insn_ptr
59 | #define ud_insn_off                 NktHookLib_ud_insn_off
60 | #define ud_insn_hex                 NktHookLib_ud_insn_hex
61 | #define ud_insn_len                 NktHookLib_ud_insn_len
62 | #define ud_insn_opr                 NktHookLib_ud_insn_opr
63 | #define ud_opr_is_sreg              NktHookLib_ud_opr_is_sreg
64 | #define ud_opr_is_gpr               NktHookLib_ud_opr_is_gpr
65 | #define ud_mnemonic_code            NktHookLib_ud_mnemonic_code
66 | #define ud_mnemonics_str            NktHookLib_ud_mnemonics_str
67 | #define ud_insn_mnemonic            NktHookLib_ud_insn_mnemonic
68 | #define ud_lookup_mnemonic          NktHookLib_ud_lookup_mnemonic
69 | #define ud_set_user_opaque_data     NktHookLib_ud_set_user_opaque_data
70 | #define ud_get_user_opaque_data     NktHookLib_ud_get_user_opaque_data
71 | #define ud_insn_sext_imm            NktHookLib_ud_insn_sext_imm
72 | #define ud_set_asm_buffer           NktHookLib_ud_set_asm_buffer
73 | #define ud_set_sym_resolver         NktHookLib_ud_set_sym_resolver
74 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/generate_tables.bat:
--------------------------------------------------------------------------------
 1 | @ECHO OFF
 2 | SET __FOUND=
 3 | FOR %%X IN (python.exe) DO ( SET __FOUND=%%~$PATH:X )
 4 | IF "%__FOUND%" == "" (
 5 |     ECHO Error: Cannot locate Python 2.7
 6 |     EXIT /B 1
 7 | )
 8 | RD "%~dp0tables" /S /Q >NUL 2>NUL
 9 | MD "%~dp0tables" >NUL 2>NUL
10 | "%__FOUND%" "%~dp0source\scripts\ud_itab.py" "%~dp0source\docs\x86\optable.xml" "%~dp0/tables"
11 | IF ERRORLEVEL 1 (
12 |     ECHO Error: Cannot generate UDis86 tables
13 |     EXIT /B 1
14 | )
15 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/.gitignore:
--------------------------------------------------------------------------------
 1 | Makefile
 2 | Makefile.in
 3 | *.lo
 4 | *.o
 5 | .*.swp
 6 | .deps
 7 | .libs
 8 | config.*
 9 | *.pyc
10 | aclocal.m4
11 | autom4te.cache/
12 | build/
13 | configure
14 | docs/manual/html/
15 | docs/manual/texinfo/
16 | docs/manual/udis86.info
17 | libtool
18 | libudis86/itab.c
19 | libudis86/itab.h
20 | libudis86/libudis86.la
21 | m4/libtool.m4
22 | m4/ltoptions.m4
23 | m4/ltsugar.m4
24 | m4/ltversion.m4
25 | m4/lt~obsolete.m4
26 | stamp-h1
27 | tests/ovrrun
28 | tests/test_dis
29 | tests/sym_resolver
30 | tests/test_invalid_seg.asm
31 | tests/testjmp.out
32 | udcli/udcli
33 | tests/_results/
34 | tests/*.bin
35 | tests/*.out
36 | tests/libcheck
37 | tests/difftest.sh
38 | scripts/ud_*asmtest*
39 | 
40 | # Ignore distcheck outut
41 | udis86-1.*
42 | 
43 | # Ignore C++ Builder history folders
44 | libudis86/__history/
45 | 
46 | #ignore thumbnails created by windows
47 | Thumbs.db
48 | #Ignore files built by Visual Studio
49 | *.user
50 | *.aps
51 | *.pch
52 | *.vspscc
53 | *_i.c
54 | *_p.c
55 | *.ncb
56 | *.suo
57 | *.bak
58 | *.cache
59 | *.ilk
60 | *.log
61 | *.sdf
62 | [Ii]pch
63 | [Bb]uild
64 | [Bb]in
65 | [Dd]ebug*/
66 | *.sbr
67 | obj/
68 | Win32/
69 | x64/
70 | [Rr]elease*/
71 | _ReSharper*/
72 | *.tar.gz
73 | tests/bufoverrun
74 | tests/symresolve
75 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/BUILD-WINDOWS:
--------------------------------------------------------------------------------
 1 | Build Instructions for Visual Studio
 2 | ************************************
 3 | 
 4 | Note: it is important to perform the build at least once before 
 5 | attempting to open the solution in Visual Studio so that the build 
 6 | process can generate the itab.c/itab.h files from the itab.py Python 
 7 | script.
 8 | 
 9 | Prerequisites
10 | =============
11 | 
12 | The buildVS2010.bat and build.proj MSBuild project have the following 
13 | prerequisites:
14 | 
15 |   1. Visual Studio 2010 with VC++ (full edition is required to compile 
16 |      for x64). A later compiler can be used however the build batch file
17 |      will need to be changed to run the correct vcvarsall.bat.
18 |      
19 |   2. Python 2.7 - although a later version should work, the build script
20 |      has been configured to expect "python.exe" to be installed in
21 |      "c:\python27\".
22 | 
23 | How to Build
24 | ============
25 | 
26 | Ensure all prerequisites are in place and then run "buildVS2010.bat". 
27 | MSBuild will run the "Clean" target for the "udis86.sln" solution and 
28 | then build the following targets for "build.proj" MSBuild project:
29 | 
30 |   1. Clean            - (remove the "./Build" directory)
31 |   2. BuildRelease_x86 - build the release configuration for x86
32 |   3. BuildRelease_x64 - build the release configuration for x64
33 |   4. PostBuild        - copy license and headers to build directory
34 | 
35 | If a debug version is required, the batch file can be modified to also
36 | build the BuildDebug_x86 and BuildDebug_x64 targets.
37 | 
38 | If Visual Studio Express is being used you will need to comment out the
39 | x64 target(s).
40 | 
41 | Build Output
42 | ============
43 | 
44 | The Build directory has the following structure (if building all 
45 | Release and Debug targets):
46 | 
47 | .
48 | +-- Bin
49 | ¦   +-- Debug
50 | ¦   ¦   +-- x64
51 | ¦   ¦   ¦   +-- libudis86.dll
52 | ¦   ¦   ¦   +-- libudis86.ilk
53 | ¦   ¦   ¦   +-- libudis86.pdb
54 | ¦   ¦   ¦   +-- udcli.exe
55 | ¦   ¦   ¦   +-- udcli.ilk
56 | ¦   ¦   ¦   +-- udcli.pdb
57 | ¦   ¦   +-- x86
58 | ¦   ¦       +-- libudis86.dll
59 | ¦   ¦       +-- libudis86.ilk
60 | ¦   ¦       +-- libudis86.pdb
61 | ¦   ¦       +-- udcli.exe
62 | ¦   ¦       +-- udcli.ilk
63 | ¦   ¦       +-- udcli.pdb
64 | ¦   +-- x64
65 | ¦   ¦   +-- libudis86.dll
66 | ¦   ¦   +-- libudis86.pdb
67 | ¦   ¦   +-- udcli.exe
68 | ¦   ¦   +-- udcli.pdb
69 | ¦   +-- x86
70 | ¦       +-- libudis86.dll
71 | ¦       +-- libudis86.pdb
72 | ¦       +-- udcli.exe
73 | ¦       +-- udcli.pdb
74 | +-- Include
75 | ¦   +-- libudis86
76 | ¦   ¦   +-- itab.h
77 | ¦   ¦   +-- types.h
78 | ¦   +-- udis86.h
79 | +-- Lib
80 | ¦   +-- Debug
81 | ¦   ¦   +-- x64
82 | ¦   ¦   ¦   +-- libudis86.lib
83 | ¦   ¦   +-- x86
84 | ¦   ¦       +-- libudis86.lib
85 | ¦   +-- x64
86 | ¦   ¦   +-- libudis86.lib
87 | ¦   +-- x86
88 | ¦       +-- libudis86.lib
89 | +-- LICENSE
90 | +-- README
91 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/BuildVS2010/README.txt:
--------------------------------------------------------------------------------
1 | Build notes for Windows:
2 | - If you don't have python installed at C:\Python27, edit build.proj accordingly
3 | - Execute buildVS2010.bat
4 |    - If you got VS2012, this will fail. 
5 |    - Edit/Copy the build script, so that it finds vcvars32.bat (just needed to replace 10.0 with 11.0).
6 |    - Open the solution and update the toolset.
7 |    - Compile with the build script and ignore an error regarding ./Win32 not deletable.
8 | - Be done with it :)


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/BuildVS2010/build.proj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <PropertyGroup>
 4 |     <PackageDir>.\Deploy</PackageDir>
 5 |     <BuildDir>.\Build</BuildDir>
 6 |   </PropertyGroup>
 7 | 
 8 |   <Target Name="PreBuild">
 9 |     <Exec Command="c:\python27\python.exe ../scripts/ud_itab.py &quot;../docs/x86/optable.xml&quot; &quot;../libudis86/&quot;" 
10 |           WorkingDirectory="../libudis86" />
11 |   </Target>
12 | 
13 |   <!-- Build all binaries -->
14 |   <Target Name="BuildRelease_x86" DependsOnTargets="PreBuild">
15 |     <MSBuild Projects="udis86.sln" Properties="Configuration=Release;Platform=Win32" />
16 |     <MSBuild Projects="udis86.sln" Properties="Configuration=Release-DLL;Platform=Win32" />
17 |   </Target>
18 |   
19 |   <Target Name="BuildRelease_x64" DependsOnTargets="PreBuild">
20 |     <MSBuild Projects="udis86.sln" Properties="Configuration=Release;Platform=x64" />
21 |     <MSBuild Projects="udis86.sln" Properties="Configuration=Release-DLL;Platform=x64" />
22 |   </Target>
23 | 
24 |   <Target Name="BuildDebug_x86" DependsOnTargets="PreBuild">
25 |     <MSBuild Projects="udis86.sln" Properties="Configuration=Debug;Platform=Win32" />
26 |     <MSBuild Projects="udis86.sln" Properties="Configuration=Debug-DLL;Platform=Win32" />
27 |   </Target>
28 | 
29 |   <Target Name="BuildDebug_x64" DependsOnTargets="PreBuild">
30 |     <MSBuild Projects="udis86.sln" Properties="Configuration=Debug;Platform=x64" />
31 |     <MSBuild Projects="udis86.sln" Properties="Configuration=Debug-DLL;Platform=x64" />
32 |   </Target>
33 | 
34 |   <!-- PreparePackage: Prepare Deployment package files within .\Deploy\ -->
35 |   <Target Name = "PostBuild">
36 |     <ItemGroup>
37 |       <CommonFiles Include="..\README" />
38 |       <CommonFiles Include="..\LICENSE" />
39 |       <HeaderFiles Include="..\udis86.h" />
40 |       <HeaderUdisFiles Include="..\libudis86/types.h" />
41 |       <HeaderUdisFiles Include="..\libudis86/itab.h" />
42 |       <HeaderUdisFiles Include="..\libudis86/itab.h" />
43 |     </ItemGroup>
44 |     
45 |     <MakeDir Directories = "$(BuildDir)\Include"
46 |             Condition = "!Exists('$(BuildDir)\Include')" />
47 |     <MakeDir Directories = "$(BuildDir)\Include\libudis86"
48 |             Condition = "!Exists('$(BuildDir)\Include\libudis86')" />
49 |     <Copy SourceFiles="@(CommonFiles)"
50 |           DestinationFolder="$(BuildDir)" />
51 |     <Copy SourceFiles="@(HeaderFiles)"
52 |           DestinationFolder="$(BuildDir)\Include" />
53 |     <Copy SourceFiles="@(HeaderUdisFiles)"
54 |           DestinationFolder="$(BuildDir)\Include\libudis86" />
55 |     <RemoveDir Directories=".\Win32;.\x64" />
56 |   </Target>
57 |   <Target Name = "Clean">
58 |     <RemoveDir Directories="$(BuildDir);$(PackageDir)" />
59 |   </Target>
60 | </Project>
61 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/BuildVS2010/buildVS2010.bat:
--------------------------------------------------------------------------------
1 | echo off
2 | call "C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\vcvarsall.bat" x86_amd64
3 | 
4 | msbuild.exe udis86.sln /t:Clean
5 | msbuild.exe build.proj /t:Clean,BuildRelease_x86,BuildRelease_x64,PostBuild
6 | REM msbuild.exe build.proj /t:Clean,BuildRelease_x86,BuildRelease_x64,BuildDebug_x86,BuildDebug_x64,PostBuild
7 | pause


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/BuildVS2010/libudis86.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |     <Filter Include="Source Files\Generated">
17 |       <UniqueIdentifier>{67a7943a-ad63-4da1-be6b-daf8a3fef1d6}</UniqueIdentifier>
18 |     </Filter>
19 |     <Filter Include="Header Files\Generated">
20 |       <UniqueIdentifier>{a0eee912-4b82-493a-8c43-3b712061afb1}</UniqueIdentifier>
21 |     </Filter>
22 |   </ItemGroup>
23 |   <ItemGroup>
24 |     <ClCompile Include="..\libudis86\decode.c">
25 |       <Filter>Source Files</Filter>
26 |     </ClCompile>
27 |     <ClCompile Include="..\libudis86\syn.c">
28 |       <Filter>Source Files</Filter>
29 |     </ClCompile>
30 |     <ClCompile Include="..\libudis86\syn-att.c">
31 |       <Filter>Source Files</Filter>
32 |     </ClCompile>
33 |     <ClCompile Include="..\libudis86\syn-intel.c">
34 |       <Filter>Source Files</Filter>
35 |     </ClCompile>
36 |     <ClCompile Include="..\libudis86\udis86.c">
37 |       <Filter>Source Files</Filter>
38 |     </ClCompile>
39 |     <ClCompile Include="..\libudis86\itab.c">
40 |       <Filter>Source Files\Generated</Filter>
41 |     </ClCompile>
42 |   </ItemGroup>
43 |   <ItemGroup>
44 |     <ClInclude Include="..\libudis86\decode.h">
45 |       <Filter>Header Files</Filter>
46 |     </ClInclude>
47 |     <ClInclude Include="..\libudis86\extern.h">
48 |       <Filter>Header Files</Filter>
49 |     </ClInclude>
50 |     <ClInclude Include="..\libudis86\syn.h">
51 |       <Filter>Header Files</Filter>
52 |     </ClInclude>
53 |     <ClInclude Include="..\libudis86\types.h">
54 |       <Filter>Header Files</Filter>
55 |     </ClInclude>
56 |     <ClInclude Include="..\libudis86\udint.h">
57 |       <Filter>Header Files</Filter>
58 |     </ClInclude>
59 |     <ClInclude Include="..\libudis86\itab.h">
60 |       <Filter>Header Files\Generated</Filter>
61 |     </ClInclude>
62 |   </ItemGroup>
63 | </Project>
64 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/BuildVS2010/udcli.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="udcli.c">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 |   <ItemGroup>
23 |     <ClInclude Include="..\udis86.h">
24 |       <Filter>Header Files</Filter>
25 |     </ClInclude>
26 |   </ItemGroup>
27 | </Project>


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/BuildVS2010/udis86.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 11.00
 3 | # Visual Studio 2010
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libudis86", "libudis86.vcxproj", "{D5C34A21-7218-4A08-9578-1EBB35280A42}"
 5 | EndProject
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "udcli", "udcli.vcxproj", "{620E885C-DA4A-4296-AFEB-AFB0077EFA14}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|Win32 = Debug|Win32
11 | 		Debug|x64 = Debug|x64
12 | 		Debug-DLL|Win32 = Debug-DLL|Win32
13 | 		Debug-DLL|x64 = Debug-DLL|x64
14 | 		Release|Win32 = Release|Win32
15 | 		Release|x64 = Release|x64
16 | 		Release-DLL|Win32 = Release-DLL|Win32
17 | 		Release-DLL|x64 = Release-DLL|x64
18 | 	EndGlobalSection
19 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Debug|Win32.ActiveCfg = Debug|Win32
21 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Debug|Win32.Build.0 = Debug|Win32
22 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Debug|x64.ActiveCfg = Debug|x64
23 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Debug|x64.Build.0 = Debug|x64
24 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Debug-DLL|Win32.ActiveCfg = Debug-DLL|Win32
25 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Debug-DLL|Win32.Build.0 = Debug-DLL|Win32
26 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Debug-DLL|x64.ActiveCfg = Debug-DLL|x64
27 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Debug-DLL|x64.Build.0 = Debug-DLL|x64
28 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Release|Win32.ActiveCfg = Release|Win32
29 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Release|Win32.Build.0 = Release|Win32
30 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Release|x64.ActiveCfg = Release|x64
31 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Release|x64.Build.0 = Release|x64
32 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Release-DLL|Win32.ActiveCfg = Release-DLL|Win32
33 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Release-DLL|Win32.Build.0 = Release-DLL|Win32
34 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Release-DLL|x64.ActiveCfg = Release-DLL|x64
35 | 		{D5C34A21-7218-4A08-9578-1EBB35280A42}.Release-DLL|x64.Build.0 = Release-DLL|x64
36 | 		{620E885C-DA4A-4296-AFEB-AFB0077EFA14}.Debug|Win32.ActiveCfg = Debug|Win32
37 | 		{620E885C-DA4A-4296-AFEB-AFB0077EFA14}.Debug|Win32.Build.0 = Debug|Win32
38 | 		{620E885C-DA4A-4296-AFEB-AFB0077EFA14}.Debug|x64.ActiveCfg = Debug|x64
39 | 		{620E885C-DA4A-4296-AFEB-AFB0077EFA14}.Debug|x64.Build.0 = Debug|x64
40 | 		{620E885C-DA4A-4296-AFEB-AFB0077EFA14}.Debug-DLL|Win32.ActiveCfg = Debug-DLL|Win32
41 | 		{620E885C-DA4A-4296-AFEB-AFB0077EFA14}.Debug-DLL|x64.ActiveCfg = Debug-DLL|x64
42 | 		{620E885C-DA4A-4296-AFEB-AFB0077EFA14}.Release|Win32.ActiveCfg = Release|Win32
43 | 		{620E885C-DA4A-4296-AFEB-AFB0077EFA14}.Release|Win32.Build.0 = Release|Win32
44 | 		{620E885C-DA4A-4296-AFEB-AFB0077EFA14}.Release|x64.ActiveCfg = Release|x64
45 | 		{620E885C-DA4A-4296-AFEB-AFB0077EFA14}.Release|x64.Build.0 = Release|x64
46 | 		{620E885C-DA4A-4296-AFEB-AFB0077EFA14}.Release-DLL|Win32.ActiveCfg = Release-DLL|Win32
47 | 		{620E885C-DA4A-4296-AFEB-AFB0077EFA14}.Release-DLL|x64.ActiveCfg = Release-DLL|x64
48 | 	EndGlobalSection
49 | 	GlobalSection(SolutionProperties) = preSolution
50 | 		HideSolutionNode = FALSE
51 | 	EndGlobalSection
52 | EndGlobal
53 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/CHANGES:
--------------------------------------------------------------------------------
 1 | v1.7.2
 2 | 
 3 |     * Clean up input handling, removing unnecessary caching
 4 |       of input, which should speed up things.
 5 |     * Add the missing ud_insn_mnemonic api function.
 6 |     * Rename ud_opr_isgpr to ud_opr_is_gpr.
 7 |     * Fix decoding of relative jumps.
 8 |     * Fix build with automake-1.14
 9 |     * Minor fix to AT&T syntax (missing "$" prefix for immedaites)
10 |     * Add a new api checker (tests/libcheck.c).
11 |     * Add a standalone script for diff-testing (tests/difftest.sh)
12 |     * Refinements to the documentation.
13 | 
14 |     Acknowledgements:
15 | 
16 |     Brendan Long (https://github.com/brendanlong)
17 |     radare (https://github.com/radare)
18 |     Sergey Basalaev (https://github.com/SBasalaev)
19 |     ebfe (https://github.com/ebfe)
20 | 
21 | v1.7.1
22 | 
23 |     * Full support for SSSE3, SSE4.1, SSE4.2, SMX, AES.
24 |     * New Sphinx-doc/RST based documentation.
25 |     * New api for client size symbol resolver.
26 |     * Visual Studio 2010 Build Support.
27 |     * Added an operand tester.
28 |     * Python 3.0 compatibility changes.
29 |     * Minor fixes to AT&T syntax.
30 |     * Fix install directory for data files.
31 |     * Many bug fixes, and optable updates.
32 |     * Add Texinfo document (make install-info).
33 | 
34 |     Acknowledgements:
35 | 
36 |     L Peter Deutsch (https://github.com/ghghost)
37 |     Bjoern Doebel (https://github.com/bjoernd)
38 |     Justin Stenning (http://github.com/spazzarama)
39 |     Jamie Iles (https://github.com/jamieiles)
40 |     Stephen Fewer (https://github.com/stephenfewer)
41 |     Piotr Gaczkowski (https://github.com/DoomHammer)
42 |     Evan Pheonix
43 |     mbarbu (https://github.com/mbarbu)
44 | 
45 |     
46 | 
47 | Please see the commit logs for change information for older releases
48 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2002-2012, Vivek Thampi <vivek.mt@gmail.com>
 2 | All rights reserved.
 3 | 
 4 | Redistribution and use in source and binary forms, with or without modification, 
 5 | are permitted provided that the following conditions are met:
 6 | 
 7 | 1. Redistributions of source code must retain the above copyright notice, 
 8 |    this list of conditions and the following disclaimer.
 9 | 2. Redistributions in binary form must reproduce the above copyright notice, 
10 |    this list of conditions and the following disclaimer in the documentation 
11 |    and/or other materials provided with the distribution.
12 | 
13 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 
14 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
15 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
16 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 
17 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
18 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
19 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 
20 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
21 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
22 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/Makefile.am:
--------------------------------------------------------------------------------
 1 | ACLOCAL_AMFLAGS = -I build/m4
 2 | 
 3 | SUBDIRS = scripts libudis86 udcli docs tests
 4 | 
 5 | MAINTAINERCLEANFILES = \
 6 | 	Makefile.in \
 7 | 	configure \
 8 | 	config.h.in \
 9 | 	config.h.in~ \
10 | 	missing \
11 | 	aclocal.m4 \
12 | 	build/config.guess \
13 | 	build/config.sub \
14 | 	build/compile \
15 | 	build/config.guess \
16 | 	build/config.sub \
17 | 	build/depcomp \
18 | 	build/install-sh \
19 | 	build/ltmain.sh \
20 | 	build/missing
21 | 
22 | include_ladir = ${includedir}
23 | include_la_HEADERS = udis86.h
24 | 
25 | .PHONY: libudis86 udcli tests docs
26 | 
27 | libudis86:
28 | 	$(MAKE) -C $@
29 | 
30 | udcli: libudis86
31 | 	$(MAKE) -C $@
32 | 
33 | tests: check
34 | 
35 | maintainer-clean-local:
36 | 	-rm -rf build/m4
37 | 	-rm -rf build
38 | 	-rm -rf autom4te.cache
39 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/README:
--------------------------------------------------------------------------------
 1 | Udis86
 2 | ======
 3 | 
 4 | Udis86 is a disassembler for the x86 and x86-64 class of instruction set
 5 | architectures. It consists of a C library called libudis86 which
 6 | provides a clean and simple interface to decode a stream of raw binary
 7 | data, and to inspect the disassembled instructions in a structured
 8 | manner.
 9 | 
10 | 
11 | LICENSE
12 | -------
13 | 
14 | Udis86 is distributed under the terms of the 2-clause "Simplified BSD
15 | License".  A copy of the license is included with the source in LICENSE.
16 | 
17 | 
18 | libudis86
19 | ---------
20 | 
21 |   o Supports all x86 and x86-64 (AMD64) General purpose and
22 |     System instructions.
23 |   o Supported ISA extensions:
24 |     - MMX, FPU (x87), AMD 3DNow
25 |     - SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AES,
26 |     - AMD-V, INTEL-VMX, SMX
27 |   o Instructions are defined in an XML document, with opcode
28 |     tables generated for performance.
29 |   o Supports output in both INTEL (NASM) as well as AT&T (GNU as) style
30 |     assembly language syntax.
31 |   o Supports a variety of input methods: Files, Memory Buffers, and
32 |     Function Callback hooks.
33 |   o Re-entrant, no dynamic memory allocation.
34 |   o Fully documented API
35 | 
36 | 
37 |   -- EXAMPLE -----------------------------------------------------------
38 |     
39 |     ud_t u;
40 |     
41 |     ud_init(&u);
42 |     ud_set_input_file(&u, stdin);
43 |     ud_set_mode(&u, 64);
44 |     ud_set_syntax(&u, UD_SYN_INTEL);
45 |     
46 |     while (ud_disassemble(&u)) {
47 |       printf("\t%s\n", ud_insn_asm(&ud_obj));
48 |     }
49 | 
50 |   ----------------------------------------------------------------------
51 |     
52 | 
53 | udcli
54 | -----
55 | 
56 | udcli is a small command-line tool for your quick disassembly needs.
57 | 
58 |   -- EXAMPLE -----------------------------------------------------------
59 | 
60 |     $ echo "65 67 89 87 76 65 54 56 78 89 09 00 90" | udcli -32 -x 
61 |     0000000080000800 656789877665     mov [gs:bx+0x6576], eax
62 |     0000000080000806 54               push esp
63 |     0000000080000807 56               push esi
64 |     0000000080000808 7889             js 0x80000793
65 |     000000008000080a 0900             or [eax], eax
66 |     000000008000080c 90               nop
67 | 
68 |   ----------------------------------------------------------------------
69 | 
70 | 
71 | Documentation
72 | -------------
73 | 
74 | The libudis86 api is fully documented. The package distribution contains
75 | a Texinfo file which can be installed by invoking "make install-info".
76 | You can also find an online html version of the documentation available
77 | at http://udis86.sourceforge.net/.
78 | 
79 | 
80 | Autotools Build
81 | ---------------
82 | 
83 | You need autotools if building from sources cloned form version control
84 | system, or if you need to regenerate the build system. The wrapper
85 | script 'autogen.sh' is provided that'll generate the build system.
86 | 
87 | 
88 | AUTHOR
89 | ------
90 | 
91 | Udis86 is written and maintained by Vivek Thampi (vivek.mt@gmail.com).
92 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/autogen.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | if [ ! -e build/m4 ]; then mkdir -p build/m4; fi
4 | autoreconf --force -v --install || ( echo "autogen: autoreconf -i failed." && false )
5 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/configure.ac:
--------------------------------------------------------------------------------
 1 | #
 2 | # udis86 autoconf
 3 | #
 4 | AC_PREREQ(2.60)
 5 | AC_INIT([udis86], [1.7.2], [vivek.mt@gmail.com])
 6 | AC_CONFIG_HEADERS(config.h)
 7 | AC_CONFIG_AUX_DIR(build)
 8 | AC_CONFIG_MACRO_DIR([build/m4])
 9 | 
10 | m4_include([m4/ax_compare_version.m4])
11 | m4_include([m4/ax_prog_sphinx_version.m4])
12 | m4_include([m4/ax_prog_yasm_version.m4])
13 | m4_include([m4/ax_with_prog.m4])
14 | m4_include([m4/ax_with_python.m4])
15 | 
16 | # Make sure $ACLOCAL_FLAGS are used during a rebuild.
17 | AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \${ACLOCAL_FLAGS}"])
18 | 
19 | #
20 | # Determine the build host; we notify automake of Windows 
21 | # builds, so it can pass proper parameters for building 
22 | # DLLs to the linker.
23 | #
24 | AC_CANONICAL_HOST
25 | 
26 | case "$host_os" in
27 | 	mingw32* )
28 | 		TARGET_OS=windows
29 | 		AC_LIBTOOL_WIN32_DLL
30 | 		;;
31 | esac
32 | 
33 | # Initialize the automake subsystem.
34 | AM_INIT_AUTOMAKE([1.11 -Wall -Wno-portability -Wno-extra-portability -Werror foreign])
35 | AM_SILENT_RULES([yes])
36 | 
37 | #
38 | # In case we have a Windows build, we pass a 
39 | # TARGET_WINDOWS conditional to automake.
40 | #
41 | AM_CONDITIONAL(TARGET_WINDOWS, test "$TARGET_OS" = windows)
42 | 
43 | AC_PROG_CC
44 | AC_DISABLE_STATIC
45 | AC_PROG_LIBTOOL
46 | AM_PROG_CC_C_O
47 | 
48 | # If this is a gnu compiler, pass -Wall
49 | if test "$ac_cv_c_compiler_gnu" = "yes"; then
50 | 	CFLAGS="$CFLAGS -Wall"
51 | fi
52 | 
53 | # Look for python
54 | AX_WITH_PYTHON
55 | if test "x$PYTHON" = "x"; then
56 | 	AC_MSG_ERROR([Python not found. Use --with-python to specify path to python binary])
57 | fi
58 | 
59 | # Yasm (>= 1.2.0)  for testing
60 | AX_WITH_PROG(YASM,yasm)
61 | AX_PROG_YASM_VERSION([1.2.0],[ac_have_yasm_version=1],[])
62 | AM_CONDITIONAL(HAVE_YASM, [test -n "$ac_have_yasm_version"])
63 | 
64 | # Sphinx (>= 1.1.3) for documentation
65 | AX_WITH_PROG(SPHINX_BUILD,sphinx-build)
66 | AX_PROG_SPHINX([1.1.3],[ac_have_sphinx_version=1],[])
67 | AM_CONDITIONAL(HAVE_SPHINX_DOC, [test -n "$ac_have_sphinx_version"])
68 | 
69 | AC_CHECK_HEADERS([assert.h stdio.h])
70 | 
71 | AC_CONFIG_FILES([
72 | 	Makefile
73 | 	scripts/Makefile
74 | 	libudis86/Makefile
75 | 	udcli/Makefile
76 | 	tests/Makefile
77 | 	docs/Makefile
78 | 	docs/manual/Makefile
79 | 	docs/x86/Makefile
80 | 	tests/difftest.sh
81 | ])
82 | 
83 | AC_OUTPUT
84 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/docs/Makefile.am:
--------------------------------------------------------------------------------
1 | SUBDIRS = x86 manual
2 | MAINTAINERCLEANFILES = Makefile.in
3 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/docs/manual/Makefile.am:
--------------------------------------------------------------------------------
 1 | manualdir = ${docdir}/manual
 2 | 
 3 | rst_sources = \
 4 | 	index.rst \
 5 | 	getstarted.rst \
 6 | 	libudis86.rst
 7 | 
 8 | #
 9 | # The official distribution only contains the rst files. So users
10 | # may generate documentation using Sphinx if they wish to.
11 | #
12 | EXTRA_DIST = \
13 | 	$(rst_sources) \
14 | 	udis86.info \
15 | 	conf.py \
16 | 	static
17 | 
18 | MAINTAINERCLEANFILES = \
19 | 	Makefile.in \
20 | 	udis86.info
21 | 
22 | if HAVE_SPHINX_DOC
23 | 
24 | html-local:
25 | 	$(SPHINX_BUILD) -c $(srcdir) -b html $(srcdir) $(builddir)/html
26 | 
27 | udis86.info: $(rst_sources)
28 | 	$(SPHINX_BUILD) -E -c $(srcdir) -b texinfo $(srcdir) $(builddir)/texinfo
29 | 	$(MAKEINFO) --no-split $(builddir)/texinfo/udis86.texi
30 | 
31 | check-local: html-local
32 | 
33 | else
34 | 
35 | udis86.info: $(rst_sources)
36 | html-local udis86.info:
37 | 	@echo ""
38 | 	@echo "------------------------------------------------------------------"
39 | 	@echo ""
40 | 	@echo " Please make sure you have Sphinx (sphinx-doc.org) version 1.1.3"
41 | 	@echo " or above, to be able to build documentation."
42 | 	@echo ""
43 | 	@echo " You can also find documentation at http://udis86.sourceforge.net/"
44 | 	@echo ""
45 | 	@echo "------------------------------------------------------------------"
46 | 	@echo ""
47 | 	@exit 1
48 | 
49 | endif
50 | 
51 | install-info-local: udis86.info
52 | 	install-info --info-dir=$(infodir) $<
53 | 
54 | clean-local:
55 | 	-rm -rf $(builddir)/html
56 | 	-rm -rf $(builddir)/texinfo $(builddir)/udis86.info
57 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/docs/manual/conf.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | import sys, os
 3 | 
 4 | source_suffix = '.rst'
 5 | master_doc = 'index'
 6 | project = u'udis86'
 7 | copyright = u'2013, Vivek Thampi'
 8 | version = '1.7'
 9 | release = '1.7.2'
10 | 
11 | # List of patterns, relative to source directory, that match files and
12 | # directories to ignore when looking for source files.
13 | exclude_patterns = ['_build']
14 | 
15 | pygments_style = 'sphinx'
16 | html_theme = 'pyramid'
17 | html_theme_options = { "nosidebar" : True }
18 | html_static_path = ['static']
19 | html_style = "udis86.css"
20 | htmlhelp_basename = 'udis86doc'
21 | 
22 | latex_documents = [
23 |   ('index', 'udis86.tex', u'udis86 Documentation',
24 |    u'Vivek Thampi', 'manual'),
25 | ]
26 | 
27 | man_pages = [
28 |     ('index', 'udis86', u'udis86 Documentation',
29 |      [u'Vivek Thampi'], 1)
30 | ]
31 | 
32 | texinfo_documents = [
33 |   ('index', 'udis86', u'udis86 Documentation',
34 |    u'Vivek Thampi', 'udis86', 'Disassembler library for x86.',
35 |    'Miscellaneous', True),
36 | ]
37 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/docs/manual/getstarted.rst:
--------------------------------------------------------------------------------
 1 | Getting Started
 2 | ===============
 3 | 
 4 | 
 5 | Building and Installing udis86
 6 | ------------------------------
 7 | 
 8 | udis86 is developed for unix-like environments, and like most software,
 9 | the basic steps towards building and installing it are as follows.
10 | 
11 | .. code::
12 | 
13 |     $ ./configure
14 |     $ make
15 |     $ make install
16 | 
17 | Depending on your choice of install location, you may need to have root
18 | privileges to do an install. The install scripts copy the necessary header
19 | and library files to appropriate locations in your system.
20 | 
21 | 
22 | Interfacing with libudis86: A Quick Example
23 | -------------------------------------------
24 | 
25 | The following is an example of a program that interfaces with libudis86
26 | and uses the API to generate assembly language output for 64-bit code,
27 | input from STDIN.
28 | 
29 | .. code-block:: c
30 | 
31 |     #include <stdio.h>
32 |     #include <udis86.h>
33 | 
34 |     int main()
35 |     {
36 |         ud_t ud_obj;
37 | 
38 |         ud_init(&ud_obj);
39 |         ud_set_input_file(&ud_obj, stdin);
40 |         ud_set_mode(&ud_obj, 64);
41 |         ud_set_syntax(&ud_obj, UD_SYN_INTEL);
42 | 
43 |         while (ud_disassemble(&ud_obj)) {
44 |             printf("\t%s\n", ud_insn_asm(&ud_obj));
45 |         }
46 | 
47 |         return 0;
48 |     }
49 | 
50 | To compile the program (using gcc):
51 | 
52 | .. code::
53 | 
54 |     $ gcc -ludis86 example.c -o example
55 | 
56 | This example should give you an idea of how this library can be used. The
57 | following sections describe, in detail, the complete API of libudis86.
58 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/docs/manual/index.rst:
--------------------------------------------------------------------------------
 1 | .. udis86 documentation master file
 2 | 
 3 | Welcome to udis86's documentation!
 4 | ==================================
 5 | 
 6 | Udis86 is a disassembler engine that decodes a stream of binary
 7 | machine code bytes as opcodes defined in the x86 and x86-64 class
 8 | of Instruction Set Archictures. The core component of this project
 9 | is libudis86 which provides a clean and simple interface to
10 | disassemble binary code, and to inspect the disassembly to various
11 | degrees of detail. The library is designed to aid software
12 | projects that entail analysis and manipulation of all flavors of
13 | x86 binary code.
14 | 
15 | 
16 | .. toctree::
17 |    :maxdepth: 3
18 | 
19 |    getstarted
20 |    libudis86
21 | 
22 | Indices and tables
23 | ==================
24 | 
25 | * :ref:`genindex`
26 | * :ref:`search`
27 | 
28 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/docs/manual/static/udis86.css:
--------------------------------------------------------------------------------
  1 | /* override pyramid */
  2 | 
  3 | @import url("pyramid.css");
  4 | 
  5 | body {
  6 |     background-color: #eee;
  7 |     background-color: #e8ecef;
  8 | }
  9 | 
 10 | pre {
 11 |     background-color: #e8ecef;
 12 |     border: 1px solid #bbb;   
 13 |     border-radius: 5px;
 14 |     -moz-border-radius: 5px;
 15 | }
 16 | 
 17 | div.body {
 18 |     border: 1px solid #bbb;   
 19 |     border-radius: 5px;
 20 |     -moz-border-radius: 5px;
 21 |     color: black;
 22 | }
 23 | 
 24 | div.related,
 25 | div.document {
 26 |     width: 840px;
 27 |     margin-left: auto;
 28 |     margin-right: auto;
 29 | }
 30 | 
 31 | div.related ul {
 32 |     padding-left: 8px;
 33 | }
 34 | 
 35 | div.footer a,
 36 | div.footer {
 37 |     color: #000;
 38 |     font-weight: bold;
 39 | }
 40 | 
 41 | div.footer {
 42 |     margin-top: 40px;
 43 |     background-color: #ddd;   
 44 | }
 45 | 
 46 | /*
 47 | div.body {
 48 |     margin-left: auto;
 49 |     margin-right: auto;
 50 |     width: 720px;
 51 | }*/
 52 | 
 53 | body,
 54 | div.body,
 55 | div.body h1,
 56 | div.body h2,
 57 | div.body h3,
 58 | div.body h4,
 59 | div.body h5, 
 60 | div.body h6 {
 61 |     font-family: Arial, "Helvetica Neue", Arial, Helvetica, "sans-serif";
 62 | }
 63 | 
 64 | div.body h1,
 65 | div.body h2,
 66 | div.body h3,
 67 | div.body h4,
 68 | div.body h5, 
 69 | div.body h6 {
 70 |     font-weight: bold;
 71 | }
 72 | 
 73 | code,
 74 | .function dt,
 75 | .member dt,
 76 | .type dt,
 77 | .var dt,
 78 | .function tt.descname,
 79 | .member tt.descname,
 80 | .var tt.descname,
 81 | .type tt.descname,
 82 | pre {
 83 |     font-family: 'Consolas', 'Deja Vu Sans Mono', 'Bitstream Vera Sans Mono', monospace;
 84 |     font-size: 1em;
 85 |     padding-bottom: 6px;
 86 | }
 87 | 
 88 | .function dt
 89 | {
 90 |     font-size: 1em;
 91 |     padding-bottom: 6px;
 92 | }
 93 | 
 94 | .function tt.descname {
 95 |     font-size: 1em;
 96 | }
 97 | 
 98 | a .pre,
 99 | div.related a,
100 | a {
101 |     text-decoration: none;
102 |     color: #444;
103 |     border-bottom: 1px solid #eee;
104 | }
105 | 
106 | a .pre {
107 |     font-weight: bold;
108 | }
109 | 
110 | a:hover .pre,
111 | a:hover, div.toctree-wrapper a:hover, .indextable a:hover, #indices-and-tables a:hover {
112 |     text-decoration: none;
113 |     color: #111;
114 |     border-bottom: 1px solid #111;
115 | }
116 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/docs/x86/Makefile.am:
--------------------------------------------------------------------------------
1 | x86dir = ${docdir}/x86
2 | dist_x86_DATA = optable.xml optable.xsl
3 | 
4 | MAINTAINERCLEANFILES = Makefile.in
5 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/docs/x86/README:
--------------------------------------------------------------------------------
 1 | x86 optable reference
 2 | ---------------------
 3 | (incomplete)
 4 | 
 5 |     P   - modrm (reg mmx)
 6 |     PR  - modrm (rm mmx, mod must be 11b)
 7 |     Q   - modrm (rm mmx if mod=11b else mem)
 8 | 
 9 |     V   - modrm (reg - xmm)
10 |     VR  - modrm (rm xmm, mod must be 11b)
11 |     W   - modrm (rm xmm if mod=11b else mem)
12 | 
13 |     G   - modrm (reg - gpr)
14 |     S   - modrm (reg - seg)
15 |     VR  - modrm (rm gpr, mod must be 11b)
16 |     E   - modrm (rm gpr if mod=11b else mem)
17 |     M   - modrm (mem), mod!=11b
18 | 
19 |     I   - immediate
20 |     J   - relative immediate
21 |     O   - memory offset
22 |     
23 |     C   - control reg
24 |     D   - debug reg
25 | 
26 | 
27 |     opc <>
28 | 
29 |         /n       - modrm reg field extends opcode
30 |         /Mnn     - disassembly mode extends opcode
31 |         /Onn     - operand mode extends opcode
32 |         /mod=!11 - modrm mod field extends opcode
33 | 
34 | 
35 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/docs/x86/optable.xsl:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0" >
 3 | <xsl:template match="x86optable">
 4 | <html>
 5 |    <head>
 6 |     <title>x86 opcode table</title>
 7 |     <style>
 8 |      body {  font-family: "lucida sans", georgia, helvetica, arial, verdana, georgia; }
 9 | 
10 |     .mnm {
11 |        border-bottom: 1px dotted #cdcdcd;
12 |        font-family: "lucida sans", georgia, helvetica, arial, verdana, georgia;
13 |        border-right: 1px solid #cdcdcd;
14 |        font-size: 1em;
15 |     }
16 | 
17 |     .opc {
18 |        border-bottom: 1px dotted #cdcdcd;
19 |        border-right: 1px solid #cdcdcd;
20 |        font-family: monospace;
21 |        font-size: 1.1em;
22 |     }
23 | 
24 |     .vdr {
25 |        border-bottom: 1px dotted #cdcdcd;
26 |        border-right: 1px solid #cdcdcd;
27 |        font-size: .9em;
28 |     }      
29 |     </style>
30 |    </head>
31 |    <body> 
32 |       <h1 style="text-align:left; padding-left:8px;">x86/optable.xml</h1>
33 | 	<p style="text-align:left; padding-left:8px">
34 | 		<a style="text-decoration:none" href="http://udis86.sourceforge.net/">udis86.sourceforge.net</a></p>
35 |       <table cellpadding="4" cellspacing="6" width="800px"> 
36 |          <tr bgcolor='lightblue'>
37 |             <td align="center">Mnemonic</td>
38 | 	    <td align="center">Opcodes</td>
39 | 	    <td align="center">Vendor</td>
40 |          </tr>
41 |          <xsl:for-each select="instruction">
42 |             <tr>   
43 |                 <td class="mnm" align="center" valign="middle">
44 |                     <xsl:for-each select="mnemonic">
45 |                         <xsl:apply-templates/>	
46 |                     </xsl:for-each>
47 |                 </td>
48 | 		        <td class="opc">
49 | 		            <xsl:for-each select="def">
50 |                         <xsl:for-each select="pfx"><xsl:apply-templates/></xsl:for-each> ; 
51 |                         <xsl:for-each select="opc"><xsl:apply-templates/></xsl:for-each> ;
52 |                         <xsl:for-each select="opr"><xsl:apply-templates/></xsl:for-each>
53 |                         <br/>
54 |                     </xsl:for-each>
55 |                 </td>
56 | 		<td class="vdr" align="center" valign="top">
57 | 		<xsl:for-each select="vendor">
58 | 		<xsl:apply-templates/>	
59 | 		<br/>
60 | 		</xsl:for-each>
61 | 		</td>
62 |             </tr>
63 |          </xsl:for-each>
64 |       </table>
65 | 
66 | 	<p style="text-align:left; padding-left:8px">
67 | 		<small>Copyright (c) 2008, Vivek Thampi</small>
68 | 	</p>
69 | 
70 |    </body>
71 | </html>
72 | </xsl:template>
73 | </xsl:stylesheet>
74 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/libudis86/Makefile.am:
--------------------------------------------------------------------------------
 1 | #
 2 | # -- udis86/libudis86
 3 | #
 4 | 
 5 | PYTHON  = @PYTHON@
 6 | OPTABLE = @top_srcdir@/docs/x86/optable.xml
 7 | 
 8 | MAINTAINERCLEANFILES = Makefile.in
 9 | 
10 | lib_LTLIBRARIES = libudis86.la
11 | 
12 | libudis86_la_SOURCES = \
13 | 	itab.c \
14 | 	decode.c \
15 | 	syn.c \
16 | 	syn-intel.c \
17 | 	syn-att.c \
18 | 	udis86.c \
19 | 	udint.h \
20 | 	syn.h \
21 | 	decode.h
22 | 
23 | include_ladir = ${includedir}/libudis86
24 | include_la_HEADERS = \
25 | 	types.h \
26 | 	extern.h \
27 | 	itab.h
28 | 
29 | 
30 | BUILT_SOURCES = \
31 | 	itab.c \
32 | 	itab.h
33 | 
34 | #
35 | # DLLs may not contain undefined symbol references.  
36 | # We have the linker check this explicitly.
37 | #
38 | if TARGET_WINDOWS
39 | libudis86_la_LDFLAGS = -no-undefined -version-info 0:0:0
40 | endif
41 | 
42 | itab.c itab.h: $(OPTABLE) \
43 |                $(top_srcdir)/scripts/ud_itab.py \
44 |                $(top_srcdir)/scripts/ud_opcode.py
45 | 	$(PYTHON) $(top_srcdir)/scripts/ud_itab.py $(OPTABLE) $(srcdir)
46 | 
47 | 
48 | clean-local:
49 | 	rm -rf $(BUILT_SOURCES)
50 | 
51 | maintainer-clean-local:
52 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/libudis86/extern.h:
--------------------------------------------------------------------------------
  1 | /* udis86 - libudis86/extern.h
  2 |  *
  3 |  * Copyright (c) 2002-2009, 2013 Vivek Thampi
  4 |  * All rights reserved.
  5 |  * 
  6 |  * Redistribution and use in source and binary forms, with or without modification, 
  7 |  * are permitted provided that the following conditions are met:
  8 |  * 
  9 |  *     * Redistributions of source code must retain the above copyright notice, 
 10 |  *       this list of conditions and the following disclaimer.
 11 |  *     * Redistributions in binary form must reproduce the above copyright notice, 
 12 |  *       this list of conditions and the following disclaimer in the documentation 
 13 |  *       and/or other materials provided with the distribution.
 14 |  * 
 15 |  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 
 16 |  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
 17 |  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
 18 |  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 
 19 |  * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
 20 |  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
 21 |  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 
 22 |  * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
 23 |  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
 24 |  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 25 |  */
 26 | #ifndef UD_EXTERN_H
 27 | #define UD_EXTERN_H
 28 | 
 29 | #ifdef __cplusplus
 30 | extern "C" {
 31 | #endif
 32 | 
 33 | #include "types.h"
 34 | 
 35 | #if defined(_MSC_VER) && defined(_USRDLL)
 36 | # ifdef LIBUDIS86_EXPORTS
 37 | #  define LIBUDIS86_DLLEXTERN __declspec(dllexport)
 38 | # else 
 39 | #  define LIBUDIS86_DLLEXTERN __declspec(dllimport)
 40 | # endif
 41 | #else
 42 | # define LIBUDIS86_DLLEXTERN 
 43 | #endif
 44 | 
 45 | /* ============================= PUBLIC API ================================= */
 46 | 
 47 | extern LIBUDIS86_DLLEXTERN void ud_init(struct ud*);
 48 | 
 49 | extern LIBUDIS86_DLLEXTERN void ud_set_mode(struct ud*, uint8_t);
 50 | 
 51 | extern LIBUDIS86_DLLEXTERN void ud_set_pc(struct ud*, uint64_t);
 52 | 
 53 | extern LIBUDIS86_DLLEXTERN void ud_set_input_hook(struct ud*, int (*)(struct ud*));
 54 | 
 55 | extern LIBUDIS86_DLLEXTERN void ud_set_input_buffer(struct ud*, const uint8_t*, size_t);
 56 | 
 57 | #ifndef __UD_STANDALONE__
 58 | extern LIBUDIS86_DLLEXTERN void ud_set_input_file(struct ud*, FILE*);
 59 | #endif /* __UD_STANDALONE__ */
 60 | 
 61 | extern LIBUDIS86_DLLEXTERN void ud_set_vendor(struct ud*, unsigned);
 62 | 
 63 | extern LIBUDIS86_DLLEXTERN void ud_set_syntax(struct ud*, void (*)(struct ud*));
 64 | 
 65 | extern LIBUDIS86_DLLEXTERN void ud_input_skip(struct ud*, size_t);
 66 | 
 67 | extern LIBUDIS86_DLLEXTERN int ud_input_end(const struct ud*);
 68 | 
 69 | extern LIBUDIS86_DLLEXTERN unsigned int ud_decode(struct ud*);
 70 | 
 71 | extern LIBUDIS86_DLLEXTERN unsigned int ud_disassemble(struct ud*);
 72 | 
 73 | extern LIBUDIS86_DLLEXTERN void ud_translate_intel(struct ud*);
 74 | 
 75 | extern LIBUDIS86_DLLEXTERN void ud_translate_att(struct ud*);
 76 | 
 77 | extern LIBUDIS86_DLLEXTERN const char* ud_insn_asm(const struct ud* u);
 78 | 
 79 | extern LIBUDIS86_DLLEXTERN const uint8_t* ud_insn_ptr(const struct ud* u);
 80 | 
 81 | extern LIBUDIS86_DLLEXTERN uint64_t ud_insn_off(const struct ud*);
 82 | 
 83 | extern LIBUDIS86_DLLEXTERN const char* ud_insn_hex(struct ud*);
 84 | 
 85 | extern LIBUDIS86_DLLEXTERN unsigned int ud_insn_len(const struct ud* u);
 86 | 
 87 | extern LIBUDIS86_DLLEXTERN const struct ud_operand* ud_insn_opr(const struct ud *u, unsigned int n);
 88 | 
 89 | extern LIBUDIS86_DLLEXTERN int ud_opr_is_sreg(const struct ud_operand *opr);
 90 | 
 91 | extern LIBUDIS86_DLLEXTERN int ud_opr_is_gpr(const struct ud_operand *opr);
 92 | 
 93 | extern LIBUDIS86_DLLEXTERN enum ud_mnemonic_code ud_insn_mnemonic(const struct ud *u);
 94 | 
 95 | extern LIBUDIS86_DLLEXTERN const char* ud_lookup_mnemonic(enum ud_mnemonic_code c);
 96 | 
 97 | extern LIBUDIS86_DLLEXTERN void ud_set_user_opaque_data(struct ud*, void*);
 98 | 
 99 | extern LIBUDIS86_DLLEXTERN void* ud_get_user_opaque_data(const struct ud*);
100 | 
101 | extern LIBUDIS86_DLLEXTERN void ud_set_asm_buffer(struct ud *u, char *buf, size_t size);
102 | 
103 | extern LIBUDIS86_DLLEXTERN void ud_set_sym_resolver(struct ud *u, 
104 |                                 const char* (*resolver)(struct ud*, 
105 |                                                         uint64_t addr,
106 |                                                         int64_t *offset));
107 | 
108 | /* ========================================================================== */
109 | 
110 | #ifdef __cplusplus
111 | }
112 | #endif
113 | #endif /* UD_EXTERN_H */
114 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/libudis86/syn.h:
--------------------------------------------------------------------------------
 1 | /* udis86 - libudis86/syn.h
 2 |  *
 3 |  * Copyright (c) 2002-2009
 4 |  * All rights reserved.
 5 |  * 
 6 |  * Redistribution and use in source and binary forms, with or without modification, 
 7 |  * are permitted provided that the following conditions are met:
 8 |  * 
 9 |  *     * Redistributions of source code must retain the above copyright notice, 
10 |  *       this list of conditions and the following disclaimer.
11 |  *     * Redistributions in binary form must reproduce the above copyright notice, 
12 |  *       this list of conditions and the following disclaimer in the documentation 
13 |  *       and/or other materials provided with the distribution.
14 |  * 
15 |  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 
16 |  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
17 |  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
18 |  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 
19 |  * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
20 |  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
21 |  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 
22 |  * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
23 |  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
24 |  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 |  */
26 | #ifndef UD_SYN_H
27 | #define UD_SYN_H
28 | 
29 | #include "types.h"
30 | #ifndef __UD_STANDALONE__
31 | # include <stdarg.h>
32 | #endif /* __UD_STANDALONE__ */
33 | 
34 | extern const char* ud_reg_tab[];
35 | 
36 | uint64_t ud_syn_rel_target(struct ud*, struct ud_operand*);
37 | 
38 | #ifdef __GNUC__
39 | int ud_asmprintf(struct ud *u, const char *fmt, ...)
40 |     __attribute__ ((format (printf, 2, 3)));
41 | #else
42 | int ud_asmprintf(struct ud *u, const char *fmt, ...);
43 | #endif
44 | 
45 | void ud_syn_print_addr(struct ud *u, uint64_t addr);
46 | void ud_syn_print_imm(struct ud* u, const struct ud_operand *op);
47 | void ud_syn_print_mem_disp(struct ud* u, const struct ud_operand *, int sign);
48 | 
49 | #endif /* UD_SYN_H */
50 | 
51 | /*
52 | vim: set ts=2 sw=2 expandtab
53 | */
54 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/libudis86/udint.h:
--------------------------------------------------------------------------------
  1 | /* udis86 - libudis86/udint.h -- definitions for internal use only
  2 |  * 
  3 |  * Copyright (c) 2002-2009 Vivek Thampi
  4 |  * All rights reserved.
  5 |  * 
  6 |  * Redistribution and use in source and binary forms, with or without modification, 
  7 |  * are permitted provided that the following conditions are met:
  8 |  * 
  9 |  *     * Redistributions of source code must retain the above copyright notice, 
 10 |  *       this list of conditions and the following disclaimer.
 11 |  *     * Redistributions in binary form must reproduce the above copyright notice, 
 12 |  *       this list of conditions and the following disclaimer in the documentation 
 13 |  *       and/or other materials provided with the distribution.
 14 |  * 
 15 |  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 
 16 |  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
 17 |  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
 18 |  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 
 19 |  * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
 20 |  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
 21 |  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 
 22 |  * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
 23 |  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
 24 |  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 25 |  */
 26 | #ifndef _UDINT_H_
 27 | #define _UDINT_H_
 28 | 
 29 | #include "types.h"
 30 | 
 31 | #ifdef HAVE_CONFIG_H
 32 | # include <config.h>
 33 | #endif /* HAVE_CONFIG_H */
 34 | 
 35 | #if defined(UD_DEBUG) && HAVE_ASSERT_H
 36 | # include <assert.h>
 37 | # define UD_ASSERT(_x) assert(_x)
 38 | #else
 39 | # define UD_ASSERT(_x)
 40 | #endif /* !HAVE_ASSERT_H */
 41 | 
 42 | #if defined(UD_DEBUG)
 43 |   #define UDERR(u, msg) \
 44 |     do { \
 45 |       (u)->error = 1; \
 46 |       fprintf(stderr, "decode-error: %s:%d: %s", \
 47 |               __FILE__, __LINE__, (msg)); \
 48 |     } while (0)
 49 | #else
 50 |   #define UDERR(u, m) \
 51 |     do { \
 52 |       (u)->error = 1; \
 53 |     } while (0)
 54 | #endif /* !LOGERR */
 55 | 
 56 | #define UD_RETURN_ON_ERROR(u) \
 57 |   do { \
 58 |     if ((u)->error != 0) { \
 59 |       return (u)->error; \
 60 |     } \
 61 |   } while (0)
 62 | 
 63 | #define UD_RETURN_WITH_ERROR(u, m) \
 64 |   do { \
 65 |     UDERR(u, m); \
 66 |     return (u)->error; \
 67 |   } while (0)
 68 | 
 69 | #ifndef __UD_STANDALONE__
 70 | # define UD_NON_STANDALONE(x) x
 71 | #else
 72 | # define UD_NON_STANDALONE(x)
 73 | #endif
 74 | 
 75 | /* printf formatting int64 specifier */
 76 | #ifdef FMT64
 77 | # undef FMT64
 78 | #endif
 79 | #if defined(_MSC_VER) || defined(__BORLANDC__)
 80 | # define FMT64 "I64"
 81 | #else
 82 | # if defined(__APPLE__)
 83 | #  define FMT64 "ll"
 84 | # elif defined(__amd64__) || defined(__x86_64__)
 85 | #  define FMT64 "l"
 86 | # else 
 87 | #  define FMT64 "ll"
 88 | # endif /* !x64 */
 89 | #endif
 90 | 
 91 | /* define an inline macro */
 92 | #if defined(_MSC_VER) || defined(__BORLANDC__)
 93 | # define UD_INLINE __inline /* MS Visual Studio requires __inline
 94 |                                instead of inline for C code */
 95 | #else
 96 | # define UD_INLINE inline
 97 | #endif
 98 | 
 99 | #endif /* _UDINT_H_ */
100 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/m4/ax_prog_sphinx_version.m4:
--------------------------------------------------------------------------------
 1 | # SYNOPSIS
 2 | #
 3 | #   AX_PROG_SPHINX_VERSION([VERSION],[ACTION-IF-TRUE],[ACTION-IF-FALSE])
 4 | #
 5 | # DESCRIPTION
 6 | #
 7 | #   Makes sure that sphinx-build supports the version indicated. If true 
 8 | #   the shell commands in ACTION-IF-TRUE are executed. If not the shell
 9 | #   commands in ACTION-IF-FALSE are run. Note if $SPHINX_BUILD is not set
10 | #   (for example by running AX_WITH_PROG) the macro will fail.
11 | #
12 | #   Example:
13 | #
14 | #     AX_WITH_PROG(SPHINX_BUILD,sphinx-build)
15 | #     AX_PROG_SPHINX([1.1.1],[ ... ],[ ... ])
16 | #
17 | # LICENSE
18 | #
19 | #   ax_prog_python_version.m4
20 | #
21 | #   Copyright (c) 2009 Francesco Salvestrini <salvestrini@users.sourceforge.net>
22 | #
23 | #   Copying and distribution of this file, with or without modification, are
24 | #   permitted in any medium without royalty provided the copyright notice
25 | #   and this notice are preserved. This file is offered as-is, without any
26 | #   warranty.
27 | #
28 | #   ax_prog_sphinx_version.m4
29 | #
30 | #   Copyright (c) 2013 Vivek Thampi <vivekthampi@users.sourceforge.net>
31 | 
32 | 
33 | AC_DEFUN([AX_PROG_SPHINX],[
34 |     AC_REQUIRE([AC_PROG_SED])
35 |     AC_REQUIRE([AC_PROG_GREP])
36 | 
37 | 
38 |     AS_IF([test -n "$SPHINX_BUILD"],[
39 |         ax_sphinx_version="$1"
40 | 
41 |         AC_MSG_CHECKING([for sphinx version])
42 |         changequote(<<,>>)
43 |         sphinx_version=`$SPHINX_BUILD -h 2>&1 | $GREP "^Sphinx v" | $SED -e 's/^.* v\([0-9]*\.[0-9]*\.[0-9]*\)/\1/'`
44 |         changequote([,])
45 |         AC_MSG_RESULT($sphinx_version)
46 | 
47 |         AC_SUBST([SPHINX_VERSION],[$sphinx_version])
48 | 
49 |         AX_COMPARE_VERSION([$ax_sphinx_version],[le],[$sphinx_version],[
50 |         :
51 |             $2
52 |         ],[
53 |         :
54 |             $3
55 |         ])
56 |     ],[
57 |         AC_MSG_WARN([could not find the sphinx documentation tool])
58 |         $3
59 |     ])
60 | ])
61 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/m4/ax_prog_yasm_version.m4:
--------------------------------------------------------------------------------
 1 | # SYNOPSIS
 2 | #
 3 | #   AX_PROG_YASM_VERSION([VERSION],[ACTION-IF-TRUE],[ACTION-IF-FALSE])
 4 | #
 5 | # DESCRIPTION
 6 | #
 7 | #   Makes sure that yasm supports the version indicated. If true 
 8 | #   the shell commands in ACTION-IF-TRUE are executed. If not the shell
 9 | #   commands in ACTION-IF-FALSE are run. Note if $YASM is not set
10 | #   (for example by running AX_WITH_PROG) the macro will fail.
11 | #
12 | #   Example:
13 | #
14 | #     AX_WITH_PROG(YASM,yasm)
15 | #     AX_PROG_YASM_VERSION([1.1.1],[ ... ],[ ... ])
16 | #
17 | # LICENSE
18 | #
19 | #   ax_prog_python_version.m4
20 | #
21 | #   Copyright (c) 2009 Francesco Salvestrini <salvestrini@users.sourceforge.net>
22 | #
23 | #   Copying and distribution of this file, with or without modification, are
24 | #   permitted in any medium without royalty provided the copyright notice
25 | #   and this notice are preserved. This file is offered as-is, without any
26 | #   warranty.
27 | #
28 | #   ax_prog_yasm_version.m4
29 | #
30 | #   Copyright (c) 2013 Vivek Thampi <vivekthampi@users.sourceforge.net>
31 | 
32 | 
33 | AC_DEFUN([AX_PROG_YASM_VERSION],[
34 |     AC_REQUIRE([AC_PROG_SED])
35 |     AC_REQUIRE([AC_PROG_GREP])
36 | 
37 | 
38 |     AS_IF([test -n "$YASM"],[
39 |         ax_yasm_version="$1"
40 | 
41 |         AC_MSG_CHECKING([for yasm version])
42 |         changequote(<<,>>)
43 |         yasm_version=`$YASM --version 2>&1 | $GREP "^yasm " | $SED -e 's/^.* \([0-9]*\.[0-9]*\.[0-9]*\)/\1/'`
44 |         changequote([,])
45 |         AC_MSG_RESULT($yasm_version)
46 | 
47 |         AC_SUBST([YASM_VERSION],[$yasm_version])
48 | 
49 |         AX_COMPARE_VERSION([$ax_yasm_version],[le],[$yasm_version],[
50 |         :
51 |             $2
52 |         ],[
53 |         :
54 |             $3
55 |         ])
56 |     ],[
57 |         AC_MSG_WARN([could not find the yasm])
58 |         $3
59 |     ])
60 | ])
61 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/m4/ax_with_prog.m4:
--------------------------------------------------------------------------------
 1 | # ===========================================================================
 2 | #          http://www.nongnu.org/autoconf-archive/ax_with_prog.html
 3 | # ===========================================================================
 4 | #
 5 | # SYNOPSIS
 6 | #
 7 | #   AX_WITH_PROG([VARIABLE],[program],[VALUE-IF-NOT-FOUND],[PATH])
 8 | #
 9 | # DESCRIPTION
10 | #
11 | #   Locates an installed program binary, placing the result in the precious
12 | #   variable VARIABLE. Accepts a present VARIABLE, then --with-program, and
13 | #   failing that searches for program in the given path (which defaults to
14 | #   the system path). If program is found, VARIABLE is set to the full path
15 | #   of the binary; if it is not found VARIABLE is set to VALUE-IF-NOT-FOUND
16 | #   if provided, unchanged otherwise.
17 | #
18 | #   A typical example could be the following one:
19 | #
20 | #         AX_WITH_PROG(PERL,perl)
21 | #
22 | #   NOTE: This macro is based upon the original AX_WITH_PYTHON macro from
23 | #   Dustin J. Mitchell <dustin@cs.uchicago.edu>.
24 | #
25 | # LICENSE
26 | #
27 | #   Copyright (c) 2008 Francesco Salvestrini <salvestrini@users.sourceforge.net>
28 | #   Copyright (c) 2008 Dustin J. Mitchell <dustin@cs.uchicago.edu>
29 | #
30 | #   Copying and distribution of this file, with or without modification, are
31 | #   permitted in any medium without royalty provided the copyright notice
32 | #   and this notice are preserved.
33 | 
34 | AC_DEFUN([AX_WITH_PROG],[
35 |     AC_PREREQ([2.61])
36 | 
37 |     pushdef([VARIABLE],$1)
38 |     pushdef([EXECUTABLE],$2)
39 |     pushdef([VALUE_IF_NOT_FOUND],$3)
40 |     pushdef([PATH_PROG],$4)
41 | 
42 |     AC_ARG_VAR(VARIABLE,Absolute path to EXECUTABLE executable)
43 | 
44 |     AS_IF(test -z "$VARIABLE",[
45 |         AC_MSG_CHECKING(whether EXECUTABLE executable path has been provided)
46 |         AC_ARG_WITH(EXECUTABLE,AS_HELP_STRING([--with-EXECUTABLE=[[[[PATH]]]]],absolute path to EXECUTABLE executable), [
47 |             AS_IF([test "$withval" != yes -a "$withval" != no],[
48 |                 VARIABLE="$withval"
49 |                 AC_MSG_RESULT($VARIABLE)
50 |             ],[
51 |                 VARIABLE=""
52 |                 AC_MSG_RESULT([no])
53 |                 AS_IF([test "$withval" != no], [
54 |                   AC_PATH_PROG([]VARIABLE[],[]EXECUTABLE[],[]VALUE_IF_NOT_FOUND[],[]PATH_PROG[])
55 |                 ])
56 |             ])
57 |         ],[
58 |             AC_MSG_RESULT([no])
59 |             AC_PATH_PROG([]VARIABLE[],[]EXECUTABLE[],[]VALUE_IF_NOT_FOUND[],[]PATH_PROG[])
60 |         ])
61 |     ])
62 | 
63 |     popdef([PATH_PROG])
64 |     popdef([VALUE_IF_NOT_FOUND])
65 |     popdef([EXECUTABLE])
66 |     popdef([VARIABLE])
67 | ])
68 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/m4/ax_with_python.m4:
--------------------------------------------------------------------------------
 1 | # ===========================================================================
 2 | #         http://www.nongnu.org/autoconf-archive/ax_with_python.html
 3 | # ===========================================================================
 4 | #
 5 | # SYNOPSIS
 6 | #
 7 | #   AX_WITH_PYTHON([VALUE-IF-NOT-FOUND],[PATH])
 8 | #
 9 | # DESCRIPTION
10 | #
11 | #   Locates an installed Python binary, placing the result in the precious
12 | #   variable $PYTHON. Accepts a present $PYTHON, then --with-python, and
13 | #   failing that searches for python in the given path (which defaults to
14 | #   the system path). If python is found, $PYTHON is set to the full path of
15 | #   the binary; if it is not found $PYTHON is set to VALUE-IF-NOT-FOUND if
16 | #   provided, unchanged otherwise.
17 | #
18 | #   A typical use could be the following one:
19 | #
20 | #         AX_WITH_PYTHON
21 | #
22 | # LICENSE
23 | #
24 | #   Copyright (c) 2008 Francesco Salvestrini <salvestrini@users.sourceforge.net>
25 | #
26 | #   Copying and distribution of this file, with or without modification, are
27 | #   permitted in any medium without royalty provided the copyright notice
28 | #   and this notice are preserved.
29 | 
30 | AC_DEFUN([AX_WITH_PYTHON],[
31 |     AX_WITH_PROG(PYTHON,python,$1,$2)
32 | ])
33 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/scripts/Makefile.am:
--------------------------------------------------------------------------------
 1 | EXTRA_DIST = \
 2 | 	ud_opcode.py \
 3 | 	ud_itab.py
 4 | 
 5 | MAINTAINERCLEANFILES = Makefile.in
 6 | 
 7 | clean-local:
 8 | 	-rm -f *.pyc
 9 | 	-rm -f ud_asmtest*
10 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/scripts/asmtest.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | objdump="otool -tV"
 4 | yasm=yasm
 5 | asmfile="ud_yasmtest.asm"
 6 | binfile="ud_yasmtest.bin"
 7 | Sfile="ud_yasmtest.S"
 8 | objfile="ud_yasmtest.o"
 9 | 
10 | echo "[bits $1]" > $asmfile
11 | echo $2 >> $asmfile 
12 | 
13 | $yasm -f bin -o $binfile $asmfile
14 | 
15 | if [ ! $? -eq 0 ]; then
16 |     echo "error: failed to assemble"
17 |     exit 1
18 | fi
19 | 
20 | echo "-- hexdump --------------------------------------"
21 | hexdump $binfile
22 | echo
23 | 
24 | echo "-- objdump --------------------------------------"
25 | hexdump -e '1/1 ".byte 0x%02x\n"' $binfile > $Sfile
26 | gcc -c $Sfile -o $objfile
27 | $objdump -d $objfile
28 | echo
29 | 
30 | echo "-- udcli (intel) ---------------------------------"
31 | ../udcli/udcli -$1 $binfile
32 | echo
33 | 
34 | echo "-- udcli (at&t) ----------------------------------"
35 | ../udcli/udcli -$1 -att $binfile
36 | echo
37 | 
38 | exit 0
39 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/Makefile.am:
--------------------------------------------------------------------------------
 1 | #
 2 | # Automake definitions for udis86 tests
 3 | #
 4 | check_PROGRAMS = \
 5 | 	symresolve \
 6 | 	libcheck
 7 | 
 8 | symresolve_SOURCES = symresolve.c
 9 | symresolve_LDADD   = $(top_builddir)/libudis86/libudis86.la
10 | symresolve_CFLAGS  = -I$(top_srcdir)/libudis86 -I$(top_srcdir)
11 | 
12 | libcheck_SOURCES  = libcheck.c
13 | libcheck_LDADD    = $(top_builddir)/libudis86/libudis86.la
14 | libcheck_CFLAGS   = -I$(top_srcdir)/libudis86 -I$(top_srcdir)
15 | 
16 | MAINTAINERCLEANFILES = Makefile.in
17 | 
18 | DISTCLEANFILES = difftest.sh
19 | 
20 | YASM    = @YASM@
21 | PYTHON  = @PYTHON@
22 | TESTDIS = $(top_builddir)/udcli/udcli
23 | 
24 | EXTRA_DIST = \
25 | 	$(srcdir)/asm \
26 | 	$(srcdir)/oprgen.py \
27 | 	$(srcdir)/symresolve.ref \
28 | 	$(srcdir)/installcheck.c \
29 | 	$(srcdir)/libcheck.c
30 | 
31 | if HAVE_YASM
32 | tests: difftest test-sym-resolver test-libcheck
33 | else
34 | tests: warn_no_yasm test-sym-resolver test-libcheck
35 | endif
36 | 
37 | SEED = 1984
38 | 
39 | 
40 | .PHONY: test-sym-resolver
41 | test-sym-resolver: symresolve
42 | 	@$(top_builddir)/tests/$< > $@.out
43 | 	@diff -w $(srcdir)/symresolve.ref $@.out && echo "$@: passed."
44 | 
45 | .PHONY: test-libcheck
46 | test-libcheck: libcheck
47 | 	@./libcheck && echo "$@: passed"
48 | 
49 | #
50 | # generate operand tests
51 | #
52 | oprtest_generate = \
53 | 	outdir=$(builddir)/_results/asm/$(1) && \
54 | 	mkdir -p $${outdir} && \
55 | 	PYTHONPATH=$(top_srcdir)/scripts $(PYTHON) $(top_srcdir)/tests/oprgen.py \
56 | 	$(top_srcdir)/docs/x86/optable.xml $(SEED) $(1) >$${outdir}/oprtest.asm
57 | 
58 | .PHONY: oprtest
59 | oprtest: oprgen.py
60 | 	@echo "Generating operand tests."
61 | 	@$(call oprtest_generate,64)
62 | 	@$(call oprtest_generate,32)
63 | 	@$(call oprtest_generate,16)
64 | 
65 | 
66 | .PHONY: difftest
67 | difftest: oprtest $(builddir)/difftest.sh
68 | 	@bash $(builddir)/difftest.sh
69 | 
70 | 
71 | .PHONY: difftest-refup
72 | difftest-refup: $(builddir)/difftest.sh
73 | 	@bash $(builddir)/difftest.sh refup
74 | 
75 | 
76 | .PHONY: warn_no_yasm
77 | warn_no_yasm:
78 | 	@echo "*** YASM NOT FOUND: Poor Test Coverage ***"
79 | 
80 | check-local: tests
81 | 
82 | installcheck-local:
83 | 	@$(CC) $(srcdir)/installcheck.c -o installcheck.bin -I$(includedir) -L$(libdir) -ludis86
84 | 	@echo "$@: passed"
85 | 
86 | clean-local:
87 | 	rm  -f $(builddir)/*.bin $(builddir)/*.out $(builddir)/*.pyc
88 | 	rm -rf $(builddir)/_results
89 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/16/disp.asm:
--------------------------------------------------------------------------------
1 | [bits 16]
2 |     mov ax, [eax-0x10]
3 |     add bx, [esi+0x10]
4 |     add ax, [0xffff]
5 |     add ax, [esi+edi*4-0x10]
6 |     add ax, [bx+si-0x4877]
7 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/16/test16.asm:
--------------------------------------------------------------------------------
1 | [bits 16]
2 |     movzx eax, word [bx]
3 |     iretd
4 |     dpps xmm2, xmm1, 0x10
5 |     blendvpd xmm1, xmm2
6 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/att.asm:
--------------------------------------------------------------------------------
1 | [bits 32]
2 |     mov eax, 0x1234
3 |     mov eax, [0x1234]
4 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/att.asm.Sref:
--------------------------------------------------------------------------------
1 | 0000000000000000 b834120000       mov $0x1234, %eax       
2 | 0000000000000005 a134120000       mov 0x1234, %eax        
3 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/att.asm.ref:
--------------------------------------------------------------------------------
1 | 0000000000000000 b834120000       mov eax, 0x1234         
2 | 0000000000000005 a134120000       mov eax, [0x1234]       
3 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/avx.asm:
--------------------------------------------------------------------------------
 1 | [bits 32]
 2 |     vaddsd xmm1, xmm2, xmm4
 3 |     vaddsd xmm2, xmm3, [eax]
 4 |     vaddps ymm1, ymm2, ymm3
 5 |     vaddps ymm1, ymm7, [eax]
 6 |     vblendpd ymm1, ymm7, ymm4, 0x42 
 7 |     vcvtpd2ps xmm1, xmm2 
 8 |     vcvtpd2ps xmm1, ymm3
 9 |     vcvtpd2ps xmm1, oword [eax]
10 |     vcvtpd2ps xmm1, yword [eax]
11 |     vcvtpd2dq xmm1, xmm2 
12 |     vcvtpd2dq xmm1, ymm3
13 |     vcvtpd2dq xmm1, oword [eax]
14 |     vcvtpd2dq xmm1, yword [eax]
15 |     vcvttpd2dq xmm1, xmm2 
16 |     vcvttpd2dq xmm1, ymm3
17 |     vcvttpd2dq xmm1, oword [eax]
18 |     vcvttpd2dq xmm1, yword [eax]
19 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/avx.asm.Sref:
--------------------------------------------------------------------------------
 1 | 0000000000000000 c5eb58cc         vaddsd %xmm4, %xmm2, %xmm1
 2 | 0000000000000004 c5e35810         vaddsd (%eax), %xmm3, %xmm2
 3 | 0000000000000008 c5ec58cb         vaddps %ymm3, %ymm2, %ymm1
 4 | 000000000000000c c5c45808         vaddps (%eax), %ymm7, %ymm1
 5 | 0000000000000010 c4e3450dcc42     vblendpd $0x42, %ymm4, %ymm7, %ymm1
 6 | 0000000000000016 c5f95aca         vcvtpd2ps %xmm2, %xmm1  
 7 | 000000000000001a c5fd5acb         vcvtpd2ps %ymm3, %xmm1  
 8 | 000000000000001e c5f95a08         vcvtpd2ps (%eax), %xmm1 
 9 | 0000000000000022 c5fd5a08         vcvtpd2ps (%eax), %xmm1 
10 | 0000000000000026 c5fbe6ca         vcvtpd2dq %xmm2, %xmm1  
11 | 000000000000002a c5ffe6cb         vcvtpd2dq %ymm3, %xmm1  
12 | 000000000000002e c5fbe608         vcvtpd2dq (%eax), %xmm1 
13 | 0000000000000032 c5ffe608         vcvtpd2dq (%eax), %xmm1 
14 | 0000000000000036 c5f9e6ca         vcvttpd2dq %xmm2, %xmm1 
15 | 000000000000003a c5fde6cb         vcvttpd2dq %ymm3, %xmm1 
16 | 000000000000003e c5f9e608         vcvttpd2dq (%eax), %xmm1
17 | 0000000000000042 c5fde608         vcvttpd2dq (%eax), %xmm1
18 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/avx.asm.ref:
--------------------------------------------------------------------------------
 1 | 0000000000000000 c5eb58cc         vaddsd xmm1, xmm2, xmm4 
 2 | 0000000000000004 c5e35810         vaddsd xmm2, xmm3, [eax]
 3 | 0000000000000008 c5ec58cb         vaddps ymm1, ymm2, ymm3 
 4 | 000000000000000c c5c45808         vaddps ymm1, ymm7, [eax]
 5 | 0000000000000010 c4e3450dcc42     vblendpd ymm1, ymm7, ymm4, 0x42
 6 | 0000000000000016 c5f95aca         vcvtpd2ps xmm1, xmm2    
 7 | 000000000000001a c5fd5acb         vcvtpd2ps xmm1, ymm3    
 8 | 000000000000001e c5f95a08         vcvtpd2ps xmm1, [eax]   
 9 | 0000000000000022 c5fd5a08         vcvtpd2ps xmm1, yword [eax]
10 | 0000000000000026 c5fbe6ca         vcvtpd2dq xmm1, xmm2    
11 | 000000000000002a c5ffe6cb         vcvtpd2dq xmm1, ymm3    
12 | 000000000000002e c5fbe608         vcvtpd2dq xmm1, [eax]   
13 | 0000000000000032 c5ffe608         vcvtpd2dq xmm1, yword [eax]
14 | 0000000000000036 c5f9e6ca         vcvttpd2dq xmm1, xmm2   
15 | 000000000000003a c5fde6cb         vcvttpd2dq xmm1, ymm3   
16 | 000000000000003e c5f9e608         vcvttpd2dq xmm1, [eax]  
17 | 0000000000000042 c5fde608         vcvttpd2dq xmm1, yword [eax]
18 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/corner.asm:
--------------------------------------------------------------------------------
1 | [bits 32]
2 | 
3 |     lar eax, [bx+si]
4 |     nop
5 |     pause
6 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/corner.asm.ref:
--------------------------------------------------------------------------------
1 | 0000000000000000 670f0200         lar eax, word [bx+si]   
2 | 0000000000000004 90               nop                     
3 | 0000000000000005 f390             pause                   
4 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/disp.asm:
--------------------------------------------------------------------------------
1 | [bits 32]
2 |     mov eax, [eax-0x10]
3 |     add eax, [esi+0x10]
4 |     add eax, [0x10]
5 |     add eax, [esi+edi*4+0x10]
6 |     add eax, [bx+si-0x4877]
7 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/disp.asm.Sref:
--------------------------------------------------------------------------------
1 | 0000000000000000 8b40f0           mov -0x10(%eax), %eax   
2 | 0000000000000003 034610           add 0x10(%esi), %eax    
3 | 0000000000000006 030510000000     add 0x10, %eax          
4 | 000000000000000c 0344be10         add 0x10(%esi,%edi,4), %eax
5 | 0000000000000010 67038089b7       add -0x4877(%bx,%si), %eax
6 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/invalid_seg.asm:
--------------------------------------------------------------------------------
1 | [bits 32]
2 |     db 0x8C, 0x38
3 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/invalid_seg.asm.ref:
--------------------------------------------------------------------------------
1 | 0000000000000000 8c38             invalid                 
2 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/obscure.asm:
--------------------------------------------------------------------------------
 1 | 
 2 | 	db 0xd1, 0xf6		; shl Ev, 0x1
 3 | 	db 0xd0, 0xf6		; shl Eb, 0x1
 4 | 	db 0xd9, 0xd9		; fstp1 st1
 5 | 	db 0xdc, 0xd0		; fcom2
 6 | 	db 0xdc, 0xd8		; fcomp3
 7 | 	db 0xdd, 0xc8		; fxch4
 8 | 	db 0xde, 0xd1		; fcomp5
 9 | 	db 0xdf, 0xc3		; fxch7
10 | 	db 0xdf, 0xd0		; fstp8
11 | 	db 0xdf, 0xd8		; fstp9
12 |   db 0x83, 0xe2, 0xdf ; and edx, 0xffffffdf (sign-extension)	
13 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/obscure.asm.ref:
--------------------------------------------------------------------------------
 1 | 0000000000000000 d1f6             shl esi, 1              
 2 | 0000000000000002 d0f6             shl dh, 1               
 3 | 0000000000000004 d9d9             fstp1 st1               
 4 | 0000000000000006 dcd0             fcom2 st0               
 5 | 0000000000000008 dcd8             fcomp3 st0              
 6 | 000000000000000a ddc8             fxch4 st0               
 7 | 000000000000000c ded1             fcomp5 st1              
 8 | 000000000000000e dfc3             ffreep st3              
 9 | 0000000000000010 dfd0             fstp8 st0               
10 | 0000000000000012 dfd8             fstp9 st0               
11 | 0000000000000014 83e2df           and edx, 0xffffffdf     
12 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/reljmp.asm:
--------------------------------------------------------------------------------
 1 | [bits 32]
 2 | [org 0x80000000]
 3 | 
 4 | l1:
 5 |     nop
 6 |     nop
 7 |     nop
 8 |     nop
 9 |     nop
10 | 
11 |     jmp l1
12 |     nop
13 |     jmp word l2
14 | 
15 |     nop
16 |     nop
17 |     jmp dword l2
18 |     nop
19 |     nop
20 |     nop
21 | l2:
22 |     nop
23 |     nop
24 |     jmp l1
25 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/reljmp.asm.ref:
--------------------------------------------------------------------------------
 1 | 0000000080000000 90               nop                     
 2 | 0000000080000001 90               nop                     
 3 | 0000000080000002 90               nop                     
 4 | 0000000080000003 90               nop                     
 5 | 0000000080000004 90               nop                     
 6 | 0000000080000005 ebf9             jmp 0x80000000          
 7 | 0000000080000007 90               nop                     
 8 | 0000000080000008 66e90a00         jmp 0x16                
 9 | 000000008000000c 90               nop                     
10 | 000000008000000d 90               nop                     
11 | 000000008000000e e903000000       jmp 0x80000016          
12 | 0000000080000013 90               nop                     
13 | 0000000080000014 90               nop                     
14 | 0000000080000015 90               nop                     
15 | 0000000080000016 90               nop                     
16 | 0000000080000017 90               nop                     
17 | 0000000080000018 ebe6             jmp 0x80000000          
18 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/sext.asm:
--------------------------------------------------------------------------------
 1 | [bits 32]
 2 | 
 3 |     ;; test sign extension
 4 | 
 5 |     adc  ax, -100
 6 |     and edx, -3
 7 |     or   dx, -1000
 8 |     or   dx, -1
 9 |     add edx, -1000
10 |     imul dx, bx, -100
11 |     imul edx, ebx, -1
12 |     imul edx, ebx, -128
13 |     imul edx, ebx, -129
14 |     imul ax, bx, -129
15 |     sub dword [eax], -1
16 |     sub word [eax], -2000
17 |     test eax, 1
18 |     test eax, -1
19 |     push byte -1
20 |     push word -1
21 |     push dword -1000
22 |     push word -1000
23 | 
24 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/32/sext.asm.ref:
--------------------------------------------------------------------------------
 1 | 0000000000000000 6683d09c         adc ax, 0xff9c          
 2 | 0000000000000004 83e2fd           and edx, 0xfffffffd     
 3 | 0000000000000007 6681ca18fc       or dx, 0xfc18           
 4 | 000000000000000c 6683caff         or dx, 0xffff           
 5 | 0000000000000010 81c218fcffff     add edx, 0xfffffc18     
 6 | 0000000000000016 666bd39c         imul dx, bx, 0xff9c     
 7 | 000000000000001a 6bd3ff           imul edx, ebx, 0xffffffff
 8 | 000000000000001d 6bd380           imul edx, ebx, 0xffffff80
 9 | 0000000000000020 69d37fffffff     imul edx, ebx, 0xffffff7f
10 | 0000000000000026 6669c37fff       imul ax, bx, 0xff7f     
11 | 000000000000002b 8328ff           sub dword [eax], 0xffffffff
12 | 000000000000002e 66812830f8       sub word [eax], 0xf830  
13 | 0000000000000033 a901000000       test eax, 0x1           
14 | 0000000000000038 a9ffffffff       test eax, 0xffffffff    
15 | 000000000000003d 6aff             push 0xffffffff         
16 | 000000000000003f 666aff           push 0xffff             
17 | 0000000000000042 6818fcffff       push 0xfffffc18         
18 | 0000000000000047 666818fc         push 0xfc18             
19 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/amd/invalid.asm:
--------------------------------------------------------------------------------
1 | ;; Test amd specific 64bit instructions
2 | 
3 | [bits 64]
4 | 
5 |     ;; Invalid instructions in amd 64bit mode
6 |     db 0x0f, 0x34    ; sysenter (invalid)
7 |     db 0x0f, 0x35    ; sysexit  (invalid)
8 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/amd/invalid.asm.ref:
--------------------------------------------------------------------------------
1 | 0000000000000000 0f34             invalid                 
2 | 0000000000000002 0f35             invalid                 
3 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/avx.asm:
--------------------------------------------------------------------------------
1 | [bits 64]
2 |     vaddsd xmm12, xmm4, xmm1
3 |     vminsd xmm13, xmm15, qword [rbx+r8-0x10]
4 |     vaddps ymm8, ymm3, ymm14
5 |     vaddps ymm8, ymm3, [rax]
6 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/avx.asm.ref:
--------------------------------------------------------------------------------
1 | 0000000000000000 c55b58e1         vaddsd xmm12, xmm4, xmm1
2 | 0000000000000004 c421035d6c03f0   vminsd xmm13, xmm15, qword [rbx+r8-0x10]
3 | 000000000000000b c4416458c6       vaddps ymm8, ymm3, ymm14
4 | 0000000000000010 c5645800         vaddps ymm8, ymm3, [rax]
5 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/branch.asm:
--------------------------------------------------------------------------------
 1 | ;; Test branching instructions
 2 | ;;
 3 | [bits 64]
 4 | 
 5 | 	jnz near x
 6 | 	jo near x
 7 | 	jno word x
 8 | 	jc near x
 9 | 	jnc word x
10 | 	jae dword x
11 | 	jcxz x
12 | 	jecxz x
13 | 	jrcxz x
14 | 	jmp dword near x
15 | 	call dword near x
16 | 	jmp word x
17 | 	jmp dword x
18 | 	jmp word [eax]	
19 | x:	jmp qword [rax]
20 | 	jmp word x
21 | 	jmp dword x
22 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/branch.asm.ref:
--------------------------------------------------------------------------------
 1 | 0000000000000000 0f853b000000     jnz 0x41                
 2 | 0000000000000006 0f8035000000     jo 0x41                 
 3 | 000000000000000c 660f813000       jno 0x41                
 4 | 0000000000000011 0f822a000000     jb 0x41                 
 5 | 0000000000000017 660f832500       jae 0x41                
 6 | 000000000000001c 0f831f000000     jae 0x41                
 7 | 0000000000000022 67e31c           jecxz 0x41              
 8 | 0000000000000025 67e319           jecxz 0x41              
 9 | 0000000000000028 e317             jrcxz 0x41              
10 | 000000000000002a e912000000       jmp 0x41                
11 | 000000000000002f e80d000000       call 0x41               
12 | 0000000000000034 66e90900         jmp 0x41                
13 | 0000000000000038 e904000000       jmp 0x41                
14 | 000000000000003d 6766ff20         jmp word [eax]          
15 | 0000000000000041 ff20             jmp qword [rax]         
16 | 0000000000000043 66e9faff         jmp 0x41                
17 | 0000000000000047 e9f5ffffff       jmp 0x41                
18 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/disp.asm:
--------------------------------------------------------------------------------
1 | [bits 64]
2 |     mov ax, [eax-0x10]
3 |     add bx, [esi+0x10]
4 |     add rax, [0xffff]
5 |     add ax, [esi+edi*4-0x10]
6 |     add r8, [rax+rbx*4-0x80000000]
7 |     mov rax, [qword 0x800000000000]
8 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/disp.asm.Sref:
--------------------------------------------------------------------------------
1 | 0000000000000000 67668b40f0       mov -0x10(%eax), %ax    
2 | 0000000000000005 6766035e10       add 0x10(%esi), %bx     
3 | 000000000000000a 48030425ffff0000 add 0xffff, %rax        
4 | 0000000000000012 67660344bef0     add -0x10(%esi,%edi,4), %ax
5 | 0000000000000018 4c03849800000080 add -0x80000000(%rax,%rbx,4), %r8
6 | 0000000000000020 48a1000000000080 mov 0x800000000000, %rax
7 |                 -0000            
8 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/disp.asm.ref:
--------------------------------------------------------------------------------
1 | 0000000000000000 67668b40f0       mov ax, [eax-0x10]      
2 | 0000000000000005 6766035e10       add bx, [esi+0x10]      
3 | 000000000000000a 48030425ffff0000 add rax, [0xffff]       
4 | 0000000000000012 67660344bef0     add ax, [esi+edi*4-0x10]
5 | 0000000000000018 4c03849800000080 add r8, [rax+rbx*4-0x80000000]
6 | 0000000000000020 48a1000000000080 mov rax, [0x800000000000]
7 |                 -0000            
8 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/intel/invalid.asm:
--------------------------------------------------------------------------------
1 | ;; Test intel specific instructions in 64bit mode
2 | 
3 | [bits 64]
4 | 
5 |     ;; yasm doesn't seem to support a mode for intel
6 |     ;; specific instructions
7 |     db 0x0f, 0x34    ; sysenter
8 |     db 0x0f, 0x35    ; sysexit
9 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/intel/invalid.asm.ref:
--------------------------------------------------------------------------------
1 | 0000000000000000 0f34             sysenter                
2 | 0000000000000002 0f35             sysexit                 
3 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/reljmp.asm:
--------------------------------------------------------------------------------
 1 | [bits 64]
 2 | [org 0x8000000000000000]
 3 | 
 4 | l1:
 5 |     nop
 6 |     nop
 7 |     nop
 8 |     nop
 9 |     nop
10 | 
11 |     jmp l1
12 |     nop
13 |     jmp word l2
14 | 
15 |     nop
16 |     nop
17 |     jmp dword l2
18 |     nop
19 |     nop
20 |     nop
21 | l2:
22 |     nop
23 |     nop
24 |     jmp l1
25 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/reljmp.asm.ref:
--------------------------------------------------------------------------------
 1 | 8000000000000000 90               nop                     
 2 | 8000000000000001 90               nop                     
 3 | 8000000000000002 90               nop                     
 4 | 8000000000000003 90               nop                     
 5 | 8000000000000004 90               nop                     
 6 | 8000000000000005 ebf9             jmp 0x8000000000000000  
 7 | 8000000000000007 90               nop                     
 8 | 8000000000000008 66e90a00         jmp 0x16                
 9 | 800000000000000c 90               nop                     
10 | 800000000000000d 90               nop                     
11 | 800000000000000e e903000000       jmp 0x8000000000000016  
12 | 8000000000000013 90               nop                     
13 | 8000000000000014 90               nop                     
14 | 8000000000000015 90               nop                     
15 | 8000000000000016 90               nop                     
16 | 8000000000000017 90               nop                     
17 | 8000000000000018 ebe6             jmp 0x8000000000000000  
18 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/sext.asm:
--------------------------------------------------------------------------------
 1 | [bits 64]
 2 | 
 3 |     ;; test sign extension
 4 | 
 5 |     adc   al, -100
 6 |     adc   ax, -100
 7 |     adc  eax, -100
 8 |     adc  rax, -100
 9 |     imul dx, bx, -100
10 |     imul edx, ebx, -100
11 |     imul rdx, r11, -100
12 |     push byte -1
13 |     push word -1
14 |     push dword -1000
15 |     push word -1000
16 |     push -1
17 |     push byte -1
18 |     push dword -1
19 |     push word -1
20 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/sext.asm.ref:
--------------------------------------------------------------------------------
 1 | 0000000000000000 149c             adc al, 0x9c            
 2 | 0000000000000002 6683d09c         adc ax, 0xff9c          
 3 | 0000000000000006 83d09c           adc eax, 0xffffff9c     
 4 | 0000000000000009 4883d09c         adc rax, 0xffffffffffffff9c
 5 | 000000000000000d 666bd39c         imul dx, bx, 0xff9c     
 6 | 0000000000000011 6bd39c           imul edx, ebx, 0xffffff9c
 7 | 0000000000000014 496bd39c         imul rdx, r11, 0xffffffffffffff9c
 8 | 0000000000000018 6aff             push 0xffffffffffffffff 
 9 | 000000000000001a 666aff           push 0xffff             
10 | 000000000000001d 6818fcffff       push 0xfffffffffffffc18 
11 | 0000000000000022 666818fc         push 0xfc18             
12 | 0000000000000026 6aff             push 0xffffffffffffffff 
13 | 0000000000000028 6aff             push 0xffffffffffffffff 
14 | 000000000000002a 6aff             push 0xffffffffffffffff 
15 | 000000000000002c 666aff           push 0xffff             
16 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/asm/64/test64.asm:
--------------------------------------------------------------------------------
  1 | [bits 64]
  2 |     mov rax, 0x102030405060708
  3 |     mov [eax+0x10], ax
  4 |     mov [eax+0x1000], ebx
  5 |     mov [ebp+eax+0x40], esi
  6 |     mov qword [ebp+edi+0x1000], 0x10
  7 |     mov byte [esp], 0x10
  8 |     mov [eax], rax
  9 |     mov [r12], eax
 10 |     mov [r13+r12+0x200], eax
 11 |     mov [r8*4+0x670], sil
 12 |     inc rax
 13 |     dec rax
 14 |     mov [rip+0x200], rax
 15 |     mov rax, 0x10000
 16 |     push rax
 17 |     push r12
 18 |     call qword [r8]
 19 |     call qword [rax]
 20 |     call far word [r8]
 21 |     call far dword [rax]
 22 |     cbw 
 23 |     cwde 
 24 |     cdqe 
 25 |     cwd 
 26 |     cdq 
 27 |     cqo 
 28 |     cmovl rax, [rax]
 29 |     cmovge eax, [rax]
 30 |     clflush [r14]
 31 |     cmp [rax], rax
 32 |     cmp rbx, r12
 33 |     cmp r12d, r8d
 34 |     cmpsb 
 35 |     cmpsw 
 36 |     cmpsd 
 37 |     cmpsq 
 38 |     cmpxchg [eax], r14
 39 |     cmpxchg8b [ebx]
 40 |     inc r12d
 41 |     inc dword [rax]
 42 |     dec r11w
 43 |     hlt 
 44 |     imul rax, [eax+ebx*8+0x100000], 0x10
 45 |     idiv dword [r12]
 46 |     enter 0x100, 0x0
 47 |     enter 0x100, 0x1
 48 |     enter 0x100, 0x10
 49 |     in al, 0x10
 50 |     in ax, 0x10
 51 |     in eax, 0x10
 52 |     lfs eax, [eax]
 53 |     lgs eax, [ebx]
 54 |     lea eax, [rbx]
 55 |     lea r11, [eax]
 56 |     lodsb 
 57 |     lodsq 
 58 |     lodsd 
 59 |     push rax
 60 |     push r11
 61 |     xchg [eax], sil
 62 |     xchg [eax], ebx
 63 |     xchg [eax], bx
 64 |     xchg r8, rax
 65 |     xchg r9, rax
 66 |     xchg cx, ax
 67 |     movsd 
 68 |     movsq 
 69 |     mov al, r11b
 70 |     mov sil, al
 71 |     mov r11b, dil
 72 |     ret 0x10
 73 |     pop rax
 74 |     pop r11
 75 |     pop qword [eax]
 76 |     insd 
 77 |     outsd 
 78 |     mov [r14d], cs
 79 |     mov cs, [ebx+ecx]
 80 |     pushfq 
 81 |     scasq 
 82 |     lsl ax, [rbx]
 83 |     movups xmm0, [r12d]
 84 |     movupd xmm0, [r12d]
 85 |     movsldup xmm0, [r12d]
 86 |     movups xmm0, xmm1
 87 |     movups xmm10, xmm12
 88 |     movups xmm0, xmm12
 89 |     movlps xmm0, [rax]
 90 |     movlps [rax], xmm0
 91 |     unpcklps xmm4, xmm5
 92 |     unpckhps xmm4, xmm5
 93 |     movhps xmm3, [eax]
 94 |     movhps [rax], xmm3
 95 |     movss xmm0, dword [eax]
 96 |     movss [eax], xmm0
 97 |     movlpd [eax], xmm0
 98 |     movlpd xmm0, [eax]
 99 |     unpcklpd xmm2, xmm4
100 |     unpckhpd xmm3, [eax+ebx*8-0x1243]
101 |     movhpd xmm3, [rax]
102 |     movhpd [rax], xmm2
103 |     movsd xmm3, xmm4
104 |     movddup xmm3, [rax]
105 |     mov dr0, rax
106 |     mov rax, dr1
107 |     movnti [eax], eax
108 |     movnti [rax], rax
109 |     movd dword [eax], xmm0
110 |     movd dword [eax], xmm0
111 |     movq xmm11, [eax]
112 |     vmmcall 
113 |     vmrun 
114 |     clgi 
115 |     stgi 
116 |     mfence 
117 |     lfence 
118 |     sfence 
119 |     clflush [rax]
120 |     mov cr8, rax
121 |     push qword [eax]
122 |     push word [eax]
123 |     add bh, bh
124 |     add dil, dil
125 |     add sil, bpl
126 |     add al, sil
127 |     add rax, r12
128 |     add eax, r12d
129 |     prefetcht0 [eax]
130 |     prefetchnta [eax]
131 |     prefetch [eax]
132 |     add [r8], r9b
133 |     mov [rax-0x1], eax
134 |     inc rax
135 |     jmp qword [eax]
136 |     jmp rax
137 |     mov [0x10], rax
138 |     mov rax, [0x10]
139 |     mov rax, 0x102030405060708
140 |     xchg r8, rax
141 |     push ax
142 |     push rax
143 |     push r11
144 |     mov rax, [0x100]
145 |     pmovmskb r12d, xmm14
146 |     movdq2q mm0, xmm13
147 |     psrlw xmm10, 0x10
148 |     psraw xmm7, 0x1
149 |     psllw xmm12, 0x23
150 |     swapgs 
151 |     fadd dword [rax+rbx]
152 |     shl rsi, 1
153 |     cvtsi2ss xmm1, qword [eax]
154 |     cvtss2si rax, dword [eax]
155 |     cvttsd2si rax, [eax]
156 |     call 0x64
157 |     mpsadbw xmm7, xmm6, 0x7
158 |     popfq
159 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/difftest.sh.in:
--------------------------------------------------------------------------------
  1 | # udis86 - tests/difftest.sh.in
  2 | # 
  3 | # Copyright (c) 2013 Vivek Thampi
  4 | # All rights reserved.
  5 | # 
  6 | # Redistribution and use in source and binary forms, with or without modification, 
  7 | # are permitted provided that the following conditions are met:
  8 | # 
  9 | #     * Redistributions of source code must retain the above copyright notice, 
 10 | #       this list of conditions and the following disclaimer.
 11 | #     * Redistributions in binary form must reproduce the above copyright notice, 
 12 | #       this list of conditions and the following disclaimer in the documentation 
 13 | #       and/or other materials provided with the distribution.
 14 | # 
 15 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 
 16 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
 17 | # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
 18 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 
 19 | # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
 20 | # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
 21 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 
 22 | # ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
 23 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
 24 | # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 25 | 
 26 | 
 27 | udcli=@top_builddir@/udcli/udcli
 28 | srcdir=@srcdir@
 29 | builddir=@builddir@
 30 | yasm=@YASM@
 31 | 
 32 | 
 33 | function asm_org # (srcasm)
 34 | {
 35 |     cat $1 | sed -n 's/\[org \(.*\)\]/\1/p'
 36 | }
 37 | 
 38 | 
 39 | function vendor_opt # (vendor)
 40 | {
 41 |     if [ ! -z "$1" -a "$1" != "any" ]; then
 42 |         echo "-v $1"
 43 |     fi
 44 | }
 45 | 
 46 | 
 47 | function org_opt # (org)
 48 | {
 49 |     if [ ! -z "$1" ]; then
 50 |         echo "-o $1"
 51 |     fi
 52 | }
 53 | 
 54 | 
 55 | function update_ref # (srcasm, outasm, mode, vendor)
 56 | {
 57 |     local srcasm=$1
 58 |     local outasm=$2
 59 |     local mode=$3
 60 |     local vendor=$4
 61 |     local org=`org_opt $4`
 62 |     local vendor=`vendor_opt $5`
 63 | 
 64 |     $yasm -f bin ${srcasm} -o ${outasm}.bin &&
 65 |     if [ -f "${srcasm}.ref" ]; then 
 66 |         echo "REFUP  ${outasm}.out -> ${srcasm}.ref"
 67 |         $udcli $vendor $org -${mode} ${outasm}.bin > ${outasm}.out &&
 68 |         cp ${outasm}.out ${srcasm}.ref
 69 |     fi &&
 70 |     if [ -f "${srcasm}.Sref" ]; then 
 71 |         echo "REFUP  ${outasm}.out -> ${srcasm}.Sref"
 72 |         $udcli $vendor $org -att -${mode} ${outasm}.bin > ${outasm}.out &&
 73 |         cp ${outasm}.out ${srcasm}.Sref
 74 |     fi
 75 | }
 76 | 
 77 | 
 78 | 
 79 | function diff_test # (srcasm, outasm, mode, org, vendor)
 80 | {
 81 |     local srcasm=$1
 82 |     local outasm=$2
 83 |     local mode=$3
 84 |     local vendor=$4
 85 |     local org=`org_opt $4`
 86 |     local vendor=`vendor_opt $5`
 87 | 
 88 |     $yasm -f bin ${srcasm} -o ${outasm}.bin &&
 89 |     if [ ! -f "${srcasm}.ref" ]; then 
 90 |         echo "[bits ${mode}]" > ${outasm}.out &&
 91 |         $udcli $vendor $org -${mode} -noff -nohex ${outasm}.bin >> ${outasm}.out &&
 92 |         diff -w ${srcasm} ${outasm}.out 2>&1 > ${outasm}.diff.log
 93 |     else 
 94 |         $udcli ${vendor} $org -${mode} ${outasm}.bin > ${outasm}.out &&
 95 |         diff -w ${srcasm}.ref ${outasm}.out 2>&1 > ${outasm}.diff.log
 96 |     fi &&
 97 |     if [ -f "${srcasm}.Sref" ]; then 
 98 |         $udcli ${vendor} $org -att -${mode} ${outasm}.bin > ${outasm}.out &&
 99 |         diff -w ${srcasm}.Sref ${outasm}.out 2>&1 > ${outasm}.diff.log
100 |     fi && 
101 |     echo "DIFFTEST ${srcasm}: PASS" ||
102 |     ( echo "DIFFTEST ${srcasm}: ***FAIL*** (${outasm}.diff.log)" && return 1 )
103 | }
104 | 
105 | 
106 | function for_each_asm # (do_op)
107 | {
108 |     local do_op=$1
109 |     local rc=0
110 |     for mode in 16 32 64; do
111 |         for vendor in amd intel any; do
112 |             if [ "${vendor}" == "any" ]; then
113 |                 asmdir=${srcdir}/asm/${mode}
114 |                 outdir=${builddir}/_results/asm/${mode}
115 |             else
116 |                 asmdir=${srcdir}/asm/${mode}/${vendor}
117 |                 outdir=${builddir}/_results/asm/${mode}/${vendor}
118 |             fi
119 | 
120 |             if [ ! -d "${asmdir}" ]; then
121 |                 continue
122 |             fi
123 |      
124 |             mkdir -p ${outdir} || ( echo "failed to create output dir" && exit 1 )
125 | 
126 |             for a in `find ${asmdir} -maxdepth 1 -name "*.asm"` \
127 |                      `find ${outdir} -maxdepth 1 -name "*.asm"`; do
128 |                 srcasm=$a
129 |                 outasm=${outdir}/`basename $a`
130 |                 org=`asm_org $srcasm`
131 |                 $do_op $srcasm $outasm $mode "$org" "$vendor" ||
132 |                     rc=$?
133 |             done
134 |         done
135 |     done
136 |     return $rc
137 | } 
138 | 
139 | 
140 | if [ "$1" == "refup" ]; then
141 |     for_each_asm update_ref && exit 0 || exit 1
142 | else
143 |     for_each_asm diff_test  && exit 0 || exit 1
144 | fi
145 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/installcheck.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <udis86.h>
 3 | 
 4 | int main(void)
 5 | {
 6 |     ud_t ud_obj;
 7 | 
 8 |     ud_init(&ud_obj);
 9 |     ud_set_input_file(&ud_obj, stdin);
10 |     ud_set_mode(&ud_obj, 64);
11 |     ud_set_syntax(&ud_obj, UD_SYN_INTEL);
12 | 
13 |     while (ud_disassemble(&ud_obj)) {
14 |         printf("\t%s\n", ud_insn_asm(&ud_obj));
15 |     }
16 | 
17 |     return 0;
18 | }
19 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/symresolve.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <udis86.h>
 3 | 
 4 | #if defined(__amd64__) || defined(__x86_64__)
 5 | #  define FMT "l"
 6 | #else
 7 | #  define FMT "ll"
 8 | #endif
 9 | 
10 | uint8_t bin[] = {
11 |   0x01, 0xc0, 0xeb, 0x11, 0x01, 0xc0, 0xe8, 0x14, 
12 |   0x00, 0x00, 0x00, 0x01, 0xc0, 0x01, 0xc0, 0x74,
13 |   0x02, 0x01, 0xc0, 0x90, 0x90, 0xeb, 0xfe, 0x90,
14 |   0x90, 0xeb, 0xf8, 0x90, 0x90, 0x74, 0xf6, 0x90,
15 |   0x90, 0xe8, 0xf4, 0xff, 0xff, 0xff
16 | };
17 | 
18 | static const char* 
19 | resolve(struct ud *u, uint64_t addr, int64_t *offset)
20 | {
21 |   *offset = addr - 0x15;
22 |   return "target";
23 | }
24 | 
25 | static void
26 | dis_loop(struct ud *ud_obj)
27 | {
28 |   while (ud_disassemble(ud_obj) != 0) {
29 |     printf("%016llx %-16s %s\n", ud_insn_off(ud_obj),
30 |                                  ud_insn_hex(ud_obj),
31 |                                  ud_insn_asm(ud_obj));
32 |   }
33 | }
34 | 
35 | int
36 | main() {
37 |   ud_t ud_obj;
38 |   ud_init(&ud_obj);
39 |   ud_set_mode(&ud_obj, 32);
40 |   ud_set_input_buffer(&ud_obj, bin, sizeof(bin));
41 |   ud_set_syntax(&ud_obj, UD_SYN_INTEL);
42 | 
43 |   printf("==> Without Symbol Resolution\n");
44 |   dis_loop(&ud_obj);
45 | 
46 |   printf("==> With Symbol Resolution\n");
47 |   ud_set_pc(&ud_obj, 0);
48 |   ud_set_input_buffer(&ud_obj, bin, sizeof(bin));
49 |   ud_set_sym_resolver(&ud_obj, &resolve);
50 |   dis_loop(&ud_obj);
51 | 
52 |   return 0;
53 | }
54 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/tests/symresolve.ref:
--------------------------------------------------------------------------------
 1 | ==> Without Symbol Resolution
 2 | 0000000000000000 01c0             add eax, eax
 3 | 0000000000000002 eb11             jmp 0x15
 4 | 0000000000000004 01c0             add eax, eax
 5 | 0000000000000006 e814000000       call 0x1f
 6 | 000000000000000b 01c0             add eax, eax
 7 | 000000000000000d 01c0             add eax, eax
 8 | 000000000000000f 7402             jz 0x13
 9 | 0000000000000011 01c0             add eax, eax
10 | 0000000000000013 90               nop
11 | 0000000000000014 90               nop
12 | 0000000000000015 ebfe             jmp 0x15
13 | 0000000000000017 90               nop
14 | 0000000000000018 90               nop
15 | 0000000000000019 ebf8             jmp 0x13
16 | 000000000000001b 90               nop
17 | 000000000000001c 90               nop
18 | 000000000000001d 74f6             jz 0x15
19 | 000000000000001f 90               nop
20 | 0000000000000020 90               nop
21 | 0000000000000021 e8f4ffffff       call 0x1a
22 | ==> With Symbol Resolution
23 | 0000000000000000 01c0             add eax, eax
24 | 0000000000000002 eb11             jmp target
25 | 0000000000000004 01c0             add eax, eax
26 | 0000000000000006 e814000000       call target+10
27 | 000000000000000b 01c0             add eax, eax
28 | 000000000000000d 01c0             add eax, eax
29 | 000000000000000f 7402             jz target-2
30 | 0000000000000011 01c0             add eax, eax
31 | 0000000000000013 90               nop
32 | 0000000000000014 90               nop
33 | 0000000000000015 ebfe             jmp target
34 | 0000000000000017 90               nop
35 | 0000000000000018 90               nop
36 | 0000000000000019 ebf8             jmp target-2
37 | 000000000000001b 90               nop
38 | 000000000000001c 90               nop
39 | 000000000000001d 74f6             jz target
40 | 000000000000001f 90               nop
41 | 0000000000000020 90               nop
42 | 0000000000000021 e8f4ffffff       call target+5
43 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/udcli/Makefile.am:
--------------------------------------------------------------------------------
1 | bin_PROGRAMS  = udcli
2 | udcli_SOURCES = udcli.c
3 | udcli_CFLAGS  = -I$(top_srcdir)/libudis86 -I$(top_srcdir)
4 | udcli_LDADD   = $(top_builddir)/libudis86/libudis86.la
5 | MAINTAINERCLEANFILES = Makefile.in
6 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/source/udis86.h:
--------------------------------------------------------------------------------
 1 | /* udis86 - udis86.h
 2 |  *
 3 |  * Copyright (c) 2002-2009 Vivek Thampi
 4 |  * All rights reserved.
 5 |  * 
 6 |  * Redistribution and use in source and binary forms, with or without modification, 
 7 |  * are permitted provided that the following conditions are met:
 8 |  * 
 9 |  *     * Redistributions of source code must retain the above copyright notice, 
10 |  *       this list of conditions and the following disclaimer.
11 |  *     * Redistributions in binary form must reproduce the above copyright notice, 
12 |  *       this list of conditions and the following disclaimer in the documentation 
13 |  *       and/or other materials provided with the distribution.
14 |  * 
15 |  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 
16 |  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
17 |  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
18 |  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 
19 |  * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
20 |  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
21 |  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 
22 |  * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
23 |  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
24 |  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 |  */
26 | #ifndef UDIS86_H
27 | #define UDIS86_H
28 | 
29 | #include "libudis86/types.h"
30 | #include "libudis86/extern.h"
31 | #include "libudis86/itab.h"
32 | 
33 | #endif
34 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/stdint.h:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <memory.h>
 3 | 
 4 | #pragma warning(disable : 4996 4267 4715)
 5 | 
 6 | typedef signed char        int8_t;
 7 | typedef short              int16_t;
 8 | typedef int                int32_t;
 9 | typedef long long          int64_t;
10 | typedef unsigned char      uint8_t;
11 | typedef unsigned short     uint16_t;
12 | typedef unsigned int       uint32_t;
13 | typedef unsigned long long uint64_t;
14 | 


--------------------------------------------------------------------------------
/NktHookLib/Src/libudis86/tables/decode.h:
--------------------------------------------------------------------------------
1 | #include "../source/libudis86/decode.h"
2 | 


--------------------------------------------------------------------------------
/Obj2Inc/Obj2Inc_2019.vcxproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup Label="ProjectConfigurations">
 4 |     <ProjectConfiguration Include="Debug|Win32">
 5 |       <Configuration>Debug</Configuration>
 6 |       <Platform>Win32</Platform>
 7 |     </ProjectConfiguration>
 8 |     <ProjectConfiguration Include="Release|Win32">
 9 |       <Configuration>Release</Configuration>
10 |       <Platform>Win32</Platform>
11 |     </ProjectConfiguration>
12 |   </ItemGroup>
13 |   <PropertyGroup Label="Globals">
14 |     <ProjectGuid>{E36F841B-7542-4C90-A9B6-7FC53B533A14}</ProjectGuid>
15 |     <RootNamespace>Obj2Inc</RootNamespace>
16 |     <Keyword>Win32Proj</Keyword>
17 |     <ProjectName>Obj2Inc</ProjectName>
18 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
19 |   </PropertyGroup>
20 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
21 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
22 |     <ConfigurationType>Application</ConfigurationType>
23 |     <CharacterSet>Unicode</CharacterSet>
24 |     <WholeProgramOptimization>false</WholeProgramOptimization>
25 |     <PlatformToolset>v142</PlatformToolset>
26 |   </PropertyGroup>
27 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
28 |     <ConfigurationType>Application</ConfigurationType>
29 |     <CharacterSet>Unicode</CharacterSet>
30 |     <WholeProgramOptimization>true</WholeProgramOptimization>
31 |     <PlatformToolset>v142</PlatformToolset>
32 |   </PropertyGroup>
33 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
34 |   <ImportGroup Label="ExtensionSettings">
35 |   </ImportGroup>
36 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
37 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
38 |   </ImportGroup>
39 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
40 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
41 |   </ImportGroup>
42 |   <PropertyGroup Label="UserMacros" />
43 |   <PropertyGroup>
44 |     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
45 |   </PropertyGroup>
46 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
47 |     <OutDir>..\bin\2019\</OutDir>
48 |     <IntDir>..\obj\2019\$(ProjectName)\$(Configuration)\$(Platform)\</IntDir>
49 |     <LinkIncremental>false</LinkIncremental>
50 |   </PropertyGroup>
51 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
52 |     <OutDir>..\bin\2019\</OutDir>
53 |     <IntDir>..\obj\2019\$(ProjectName)\$(Configuration)\$(Platform)\</IntDir>
54 |     <LinkIncremental>true</LinkIncremental>
55 |   </PropertyGroup>
56 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
57 |     <ClCompile>
58 |       <Optimization>MaxSpeed</Optimization>
59 |       <IntrinsicFunctions>true</IntrinsicFunctions>
60 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
61 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
62 |       <FunctionLevelLinking>true</FunctionLevelLinking>
63 |       <WarningLevel>Level3</WarningLevel>
64 |     </ClCompile>
65 |     <Link>
66 |       <OutputFile>$(OutDir)$(ProjectName).exe</OutputFile>
67 |       <SubSystem>Console</SubSystem>
68 |       <OptimizeReferences>true</OptimizeReferences>
69 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
70 |       <TargetMachine>MachineX86</TargetMachine>
71 |     </Link>
72 |   </ItemDefinitionGroup>
73 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
74 |     <ClCompile>
75 |       <Optimization>Disabled</Optimization>
76 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
77 |       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
78 |       <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
79 |       <WarningLevel>Level3</WarningLevel>
80 |       <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
81 |     </ClCompile>
82 |     <Link>
83 |       <OutputFile>$(OutDir)$(ProjectName).exe</OutputFile>
84 |       <GenerateDebugInformation>true</GenerateDebugInformation>
85 |       <SubSystem>Console</SubSystem>
86 |       <TargetMachine>MachineX86</TargetMachine>
87 |     </Link>
88 |   </ItemDefinitionGroup>
89 |   <ItemGroup>
90 |     <ClCompile Include="Obj2Inc.cpp" />
91 |   </ItemGroup>
92 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
93 |   <ImportGroup Label="ExtensionTargets">
94 |   </ImportGroup>
95 | </Project>


--------------------------------------------------------------------------------
/Obj2Inc/Obj2Inc_2019.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/PSDeObfuscator/Hooks.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Runtime.InteropServices;
 3 | using System.Reflection;
 4 | using Newtonsoft.Json;
 5 | using System.Diagnostics;
 6 | using System.IO;
 7 | using System.Windows.Forms;
 8 | using System.Collections.Generic;
 9 | 
10 | namespace PSDeObfuscator
11 | {
12 |     public class PowershellApiHookHelper
13 |     {
14 |         static DeviareLiteInterop.HookLib cHook;
15 |         public static List<object> hookedobjects = new List<object>();
16 | 
17 |         public PowershellApiHookHelper()
18 |         {
19 |   
20 |         }
21 | 
22 | 
23 |         public static void EnableAllhook()
24 |         {
25 |         
26 |             cHook = new DeviareLiteInterop.HookLib();
27 |             
28 |             object[][] hookInfo = PSDeObfuscator.HookedFunctions.GetHookInfo();
29 | 
30 |             for (int i = 0; i < hookInfo.Length; i++)
31 |             {
32 |                 try
33 |                 {
34 |                     Type targetType = (Type)hookInfo[i][0];
35 |                     string targetMethod = (string)hookInfo[i][1];
36 |                     Type[] targetMethodParams = (Type[])hookInfo[i][2];
37 |                     Type replacementType = (Type)hookInfo[i][3];
38 |                     string replacementMethod = (string)hookInfo[i][4];
39 |                     Type[] replacementMethodParams = (Type[])hookInfo[i][5];
40 | 
41 |                     object hookedObject = cHook.Hook(targetType, targetMethod, targetMethodParams,
42 |                                         replacementType, replacementMethod, replacementMethodParams);
43 | 
44 |                     if (hookedObject != null)
45 |                     {
46 |                         hookedobjects.Add(hookedObject); // Add the hooked object to the list
47 |                         Logger.WriteLog($"Success hook {((Type)hookInfo[i][0]).FullName}.{hookInfo[i][1]} ");
48 |                     }
49 |                     else
50 |                     {
51 |                         Logger.WriteLog($"Hook initialization failed for {((Type)hookInfo[i][0]).FullName}.{hookInfo[i][1]}");
52 |                     }
53 |                 }
54 |                 catch (Exception e)
55 |                 {
56 |                     // Handle exception
57 |                     Logger.WriteLog($"Error hook {((Type)hookInfo[i][0]).FullName}.{hookInfo[i][1]}: {e.Message}");
58 |                 }
59 |             }
60 |         }
61 | 
62 |         public static void DisableAllhook()
63 |         {
64 |             if (hookedobjects != null)
65 |             {
66 |                 foreach (object hookedobject in hookedobjects)
67 |                 {
68 |                     cHook.Unhook(hookedobject);
69 |                 }
70 |                 hookedobjects.Clear(); // Clear the list after unhooking
71 |             }
72 |         }
73 | 
74 |     }
75 | }
76 | 


--------------------------------------------------------------------------------
/PSDeObfuscator/Logger.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Collections.Generic;
 3 | using System.Linq;
 4 | using System.Text;
 5 | using System.Threading.Tasks;
 6 | using System.IO;
 7 | using System.Diagnostics;
 8 | using Newtonsoft.Json;
 9 | 
10 | namespace PSDeObfuscator
11 | {
12 |     class Logger
13 |     {
14 | 
15 |         private static readonly string logFolderPath = @"C:\psdecode_dir";
16 | 
17 |         public sealed class LogWriter
18 |         {
19 |             private static readonly Lazy<LogWriter> lazy = new Lazy<LogWriter>(() => new LogWriter());
20 |             private StreamWriter streamWriter;
21 | 
22 |             public static LogWriter Instance { get { return lazy.Value; } }
23 | 
24 |             private LogWriter()
25 |             {
26 |                 int pid = Process.GetCurrentProcess().Id;
27 |                 string filePath = Path.Combine(logFolderPath, $"{pid}.log");
28 |                 Directory.CreateDirectory(logFolderPath);
29 |                 FileStream fileStream = new FileStream(filePath, FileMode.OpenOrCreate, FileAccess.Write);
30 |                 streamWriter = new StreamWriter(fileStream) { AutoFlush = true }; ;
31 |             }
32 | 
33 |             public void WriteLine(string message)
34 |             {
35 |                 streamWriter.WriteLine(message);
36 |             }
37 | 
38 |             public void Close()
39 |             {
40 |                 streamWriter.Close();
41 |                 streamWriter.Dispose();
42 |             }
43 |         }
44 | 
45 |         public static void WriteLog(string message)
46 |         {
47 |             LogWriter.Instance.WriteLine(message);
48 |         }
49 | 
50 |         public sealed class ApiWriter
51 |         {
52 |             private static readonly Lazy<ApiWriter> lazy = new Lazy<ApiWriter>(() => new ApiWriter());
53 |             private StreamWriter streamWriter;
54 | 
55 |             public static ApiWriter Instance { get { return lazy.Value; } }
56 | 
57 |             private ApiWriter()
58 |             {
59 |                 int pid = Process.GetCurrentProcess().Id;
60 |                 string filePath = Path.Combine(logFolderPath, $"{pid}.json");
61 |                 Directory.CreateDirectory(logFolderPath);
62 |                 FileStream fileStream = new FileStream(filePath, FileMode.OpenOrCreate, FileAccess.Write);
63 |                 streamWriter = new StreamWriter(fileStream) { AutoFlush = true }; ;
64 |             }
65 | 
66 |             public void WriteLine(string message)
67 |             {
68 |                 streamWriter.WriteLine(message);
69 |             }
70 | 
71 |             public void Close()
72 |             {
73 |                 streamWriter.Close();
74 |                 streamWriter.Dispose();
75 |             }
76 |         }
77 | 
78 |         private static void WriteJson(string message)
79 |         {
80 |             ApiWriter.Instance.WriteLine(message);
81 |         }
82 | 
83 |         public static void WriteJsonObject(object obj)
84 |         {
85 |             string json = JsonConvert.SerializeObject(obj);
86 |             WriteJson(json);
87 |         }
88 |     }
89 | }
90 | 


--------------------------------------------------------------------------------
/PSDeObfuscator/PSDeObfuscator.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{5689B091-2B6C-49ED-9BCB-B79872D5515F}</ProjectGuid>
 8 |     <OutputType>Library</OutputType>
 9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
10 |     <RootNamespace>PSDeObfuscator</RootNamespace>
11 |     <AssemblyName>PSDeObfuscator</AssemblyName>
12 |     <TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>
13 |     <FileAlignment>512</FileAlignment>
14 |     <Deterministic>true</Deterministic>
15 |   </PropertyGroup>
16 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
17 |     <DebugSymbols>true</DebugSymbols>
18 |     <DebugType>full</DebugType>
19 |     <Optimize>false</Optimize>
20 |     <OutputPath>..\bin64\2019\</OutputPath>
21 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
22 |     <ErrorReport>prompt</ErrorReport>
23 |     <WarningLevel>4</WarningLevel>
24 |   </PropertyGroup>
25 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
26 |     <DebugType>pdbonly</DebugType>
27 |     <Optimize>true</Optimize>
28 |     <OutputPath>..\bin64\2019\</OutputPath>
29 |     <DefineConstants>TRACE</DefineConstants>
30 |     <ErrorReport>prompt</ErrorReport>
31 |     <WarningLevel>4</WarningLevel>
32 |   </PropertyGroup>
33 |   <ItemGroup>
34 |     <Reference Include="Microsoft.PowerShell.Commands.Utility, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
35 |       <SpecificVersion>False</SpecificVersion>
36 |       <HintPath>..\packages\Microsoft.PowerShell.Commands.Utility.dll</HintPath>
37 |     </Reference>
38 |     <Reference Include="Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
39 |       <HintPath>..\packages\Newtonsoft.Json.13.0.3\lib\net45\Newtonsoft.Json.dll</HintPath>
40 |     </Reference>
41 |     <Reference Include="System" />
42 |     <Reference Include="System.Core" />
43 |     <Reference Include="System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
44 |       <SpecificVersion>False</SpecificVersion>
45 |       <HintPath>..\packages\System.Management.Automation.dll</HintPath>
46 |     </Reference>
47 |     <Reference Include="System.Windows.Forms" />
48 |     <Reference Include="System.Xml.Linq" />
49 |     <Reference Include="System.Data.DataSetExtensions" />
50 |     <Reference Include="Microsoft.CSharp" />
51 |     <Reference Include="System.Data" />
52 |     <Reference Include="System.Net.Http" />
53 |     <Reference Include="System.Xml" />
54 |   </ItemGroup>
55 |   <ItemGroup>
56 |     <Compile Include="HookedFunctions.cs" />
57 |     <Compile Include="Hooks.cs" />
58 |     <Compile Include="Logger.cs" />
59 |     <Compile Include="Properties\AssemblyInfo.cs" />
60 |   </ItemGroup>
61 |   <ItemGroup>
62 |     <ProjectReference Include="..\DeviareLiteInterop\DeviareLiteInterop_2019.csproj">
63 |       <Project>{ad8d0f36-e576-4249-8523-ea84fe5a4e47}</Project>
64 |       <Name>DeviareLiteInterop_2019</Name>
65 |     </ProjectReference>
66 |   </ItemGroup>
67 |   <ItemGroup>
68 |     <None Include="packages.config" />
69 |   </ItemGroup>
70 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
71 | </Project>


--------------------------------------------------------------------------------
/PSDeObfuscator/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // 有关程序集的一般信息由以下
 6 | // 控制。更改这些特性值可修改
 7 | // 与程序集关联的信息。
 8 | [assembly: AssemblyTitle("PowershellApiLogger")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PowershellApiLogger")]
13 | [assembly: AssemblyCopyright("Copyright ©  2023")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // 将 ComVisible 设置为 false 会使此程序集中的类型
18 | //对 COM 组件不可见。如果需要从 COM 访问此程序集中的类型
19 | //请将此类型的 ComVisible 特性设置为 true。
20 | [assembly: ComVisible(false)]
21 | 
22 | // 如果此项目向 COM 公开，则下列 GUID 用于类型库的 ID
23 | [assembly: Guid("5689b091-2b6c-49ed-9bcb-b79872d5515f")]
24 | 
25 | // 程序集的版本信息由下列四个值组成: 
26 | //
27 | //      主版本
28 | //      次版本
29 | //      生成号
30 | //      修订号
31 | //
32 | //可以指定所有这些值，也可以使用“生成号”和“修订号”的默认值
33 | //通过使用 "*"，如下所示:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/PSDeObfuscator/packages.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <packages>
3 |   <package id="Newtonsoft.Json" version="13.0.3" targetFramework="net461" />
4 | </packages>


--------------------------------------------------------------------------------
/README.CN.md:
--------------------------------------------------------------------------------
 1 | [English](./README.md) | 简体中文 
 2 | 
 3 | # PSDeObfuscator
 4 | 
 5 | PSDeObfuscator 是一款基于 C# 函数钩子（hook）技术的 PowerShell 解混淆工具。它专门设计用于识别并还原常见的 PowerShell 混淆技巧，通过拦截和分析关键函数的调用，有效地帮助安全研究人员揭示被混淆的 PowerShell 脚本原本的内容和意图。
 6 | 
 7 | 
 8 | ## 1. 工作原理
 9 | 通过定制PowerShell的profile文件，我们引入了DLL注入技术，该技术能够在核心层面对关键函数施加钩子。这些钩子的作用是识别和解构任何混淆的代码流，有效地进行去混淆处理。处理完成后，我们会将结果转换成JSON格式，并自动输出到一个预定义的日志文件中，方便后续的数据分析和代码审计工作。
10 | 
11 | ## 2. 目前hook的函数列表
12 | ```
13 | System.Convert.FromBase64String
14 | System.Net.WebClient.DownloadString
15 | System.Net.WebClient.DownloadFile
16 | System.Text.UTF8Encoding.GetBytes
17 | System.IO.MemoryStream.MemoryStream
18 | System.IO.Compression.GZipStream.GZipStream
19 | System.IO.Compression.DeflateStream.DeflateStream
20 | System.IO.StreamReader.ReadToEnd
21 | Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord
22 | System.Management.Automation.ScriptBlock.Create
23 | ```
24 | 
25 | 
26 | ## 3. 使用方法
27 | ### 安装
28 | 
29 | ```
30 | 以管理员权限执行 .\Bin\install_psdeobfuscator.bat 来安装 profile 文件
31 | ```
32 | ### 执行例子
33 | 
34 | ```
35 | 运行位于 .\Examples 文件夹内的示例脚本，例如通过 PowerShell 命令 powershell .\Examples\IEX.ps1。
36 | 在执行完成后，进入C:\psdecode_dir目录，能看到该脚本执行后解混淆的输出结果，其文件格式为 {pid}.json。
37 | ```
38 | ### 卸载
39 | 
40 | ```
41 | 以管理员权限执行.\Bin\uninstall_psdeobfuscator.bat 来卸载profile文件
42 | ```
43 | 
44 | ## 4. 注意事项
45 | 
46 | 为了进行PowerShell脚本的解混淆工作，我们的方法需要执行样本代码。鉴于此操作的风险性，我们强烈建议在完全隔离的虚拟机环境内进行，以避免恶意代码的执行可能对主机系统造成的安全威胁或损害。在虚拟环境中运行样本不仅可以保护设备安全，还能确保恶意软件不会对外部网络造成影响。
47 | 
48 | ## 5. 开源 LICENSE
49 | 
50 | [GPL 3.0](LICENSE.GPL)


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | English | [简体中文](./README.CN.md) 
 2 | 
 3 | # PSDeObfuscator
 4 | 
 5 | PSDeObfuscator is a PowerShell deobfuscation tool that utilizes C# function hooking techniques. It is designed to identify and restore the original content and intentions of obfuscated PowerShell scripts by intercepting and analyzing the calls to key functions. This tool is particularly useful for security researchers in uncovering the true nature of obfuscated PowerShell code.
 6 | 
 7 | 
 8 | ## 1. Working Principle
 9 | By customizing the PowerShell profile file, we have introduced DLL injection technology, which is capable of imposing hooks on critical functions at the core level. The purpose of these hooks is to identify and deconstruct any obfuscated code streams, effectively managing the deobfuscation process. Once the process is complete, the results are transformed into JSON format and are automatically output to a predefined log file, facilitating subsequent data analysis and code review tasks.
10 | 
11 | ## 2. List of Functions Currently Hooked
12 | ```
13 | System.Convert.FromBase64String
14 | System.Net.WebClient.DownloadString
15 | System.Net.WebClient.DownloadFile
16 | System.Text.UTF8Encoding.GetBytes
17 | System.IO.MemoryStream.MemoryStream
18 | System.IO.Compression.GZipStream.GZipStream
19 | System.IO.Compression.DeflateStream.DeflateStream
20 | System.IO.StreamReader.ReadToEnd
21 | Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord
22 | System.Management.Automation.ScriptBlock.Create
23 | ```
24 | 
25 | 
26 | ## 3. Usage
27 | ### Installation
28 | 
29 | ```
30 | Run .\Bin\install_psdeobfuscator.bat with administrator rights to install the profile file.
31 | ```
32 | ### Example Execution
33 | 
34 | ```
35 | Execute the sample scripts located in the .\Examples folder, such as by using the PowerShell command powershell .\Examples\IEX.ps1.
36 | After the script has finished executing, enter the C:\psdecode_dir directory to view the deobfuscated output result of the script, which is in the format {pid}.json.
37 | ```
38 | ### Uninstallation
39 | 
40 | ```
41 | Run .\Bin\uninstall_psdeobfuscator.bat with administrator rights to uninstall the profile file.
42 | ```
43 | 
44 | ## 4. Cautions
45 | 
46 | To perform the deobfuscation of PowerShell scripts, our method requires the execution of sample code. Due to the risk associated with this operation, we strongly advise performing it within a completely isolated virtual machine environment, to prevent potential security threats or damage that the execution of malicious code might cause to the host system. Running the sample in a virtual environment not only protects your hardware but also ensures that malware does not impact external networks.
47 | 
48 | ## 5. Open Source LICENSE
49 | 
50 | [GPL 3.0](LICENSE.GPL)


--------------------------------------------------------------------------------
/packages/Microsoft.PowerShell.Commands.Utility.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/packages/Microsoft.PowerShell.Commands.Utility.dll


--------------------------------------------------------------------------------
/packages/Newtonsoft.Json.13.0.3/.signature.p7s:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/packages/Newtonsoft.Json.13.0.3/.signature.p7s


--------------------------------------------------------------------------------
/packages/Newtonsoft.Json.13.0.3/LICENSE.md:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2007 James Newton-King
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of
 6 | this software and associated documentation files (the "Software"), to deal in
 7 | the Software without restriction, including without limitation the rights to
 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 9 | the Software, and to permit persons to whom the Software is furnished to do so,
10 | subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 | 


--------------------------------------------------------------------------------
/packages/Newtonsoft.Json.13.0.3/Newtonsoft.Json.13.0.3.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/packages/Newtonsoft.Json.13.0.3/Newtonsoft.Json.13.0.3.nupkg


--------------------------------------------------------------------------------
/packages/Newtonsoft.Json.13.0.3/README.md:
--------------------------------------------------------------------------------
 1 | # ![Logo](https://raw.githubusercontent.com/JamesNK/Newtonsoft.Json/master/Doc/icons/logo.jpg) Json.NET
 2 | 
 3 | [![NuGet version (Newtonsoft.Json)](https://img.shields.io/nuget/v/Newtonsoft.Json.svg?style=flat-square)](https://www.nuget.org/packages/Newtonsoft.Json/)
 4 | [![Build status](https://dev.azure.com/jamesnk/Public/_apis/build/status/JamesNK.Newtonsoft.Json?branchName=master)](https://dev.azure.com/jamesnk/Public/_build/latest?definitionId=8)
 5 | 
 6 | Json.NET is a popular high-performance JSON framework for .NET
 7 | 
 8 | ## Serialize JSON
 9 | 
10 | ```csharp
11 | Product product = new Product();
12 | product.Name = "Apple";
13 | product.Expiry = new DateTime(2008, 12, 28);
14 | product.Sizes = new string[] { "Small" };
15 | 
16 | string json = JsonConvert.SerializeObject(product);
17 | // {
18 | //   "Name": "Apple",
19 | //   "Expiry": "2008-12-28T00:00:00",
20 | //   "Sizes": [
21 | //     "Small"
22 | //   ]
23 | // }
24 | ```
25 | 
26 | ## Deserialize JSON
27 | 
28 | ```csharp
29 | string json = @"{
30 |   'Name': 'Bad Boys',
31 |   'ReleaseDate': '1995-4-7T00:00:00',
32 |   'Genres': [
33 |     'Action',
34 |     'Comedy'
35 |   ]
36 | }";
37 | 
38 | Movie m = JsonConvert.DeserializeObject<Movie>(json);
39 | 
40 | string name = m.Name;
41 | // Bad Boys
42 | ```
43 | 
44 | ## LINQ to JSON
45 | 
46 | ```csharp
47 | JArray array = new JArray();
48 | array.Add("Manual text");
49 | array.Add(new DateTime(2000, 5, 23));
50 | 
51 | JObject o = new JObject();
52 | o["MyArray"] = array;
53 | 
54 | string json = o.ToString();
55 | // {
56 | //   "MyArray": [
57 | //     "Manual text",
58 | //     "2000-05-23T00:00:00"
59 | //   ]
60 | // }
61 | ```
62 | 
63 | ## Links
64 | 
65 | - [Homepage](https://www.newtonsoft.com/json)
66 | - [Documentation](https://www.newtonsoft.com/json/help)
67 | - [NuGet Package](https://www.nuget.org/packages/Newtonsoft.Json)
68 | - [Release Notes](https://github.com/JamesNK/Newtonsoft.Json/releases)
69 | - [Contributing Guidelines](https://github.com/JamesNK/Newtonsoft.Json/blob/master/CONTRIBUTING.md)
70 | - [License](https://github.com/JamesNK/Newtonsoft.Json/blob/master/LICENSE.md)
71 | - [Stack Overflow](https://stackoverflow.com/questions/tagged/json.net)
72 | 


--------------------------------------------------------------------------------
/packages/Newtonsoft.Json.13.0.3/lib/net20/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/packages/Newtonsoft.Json.13.0.3/lib/net20/Newtonsoft.Json.dll


--------------------------------------------------------------------------------
/packages/Newtonsoft.Json.13.0.3/lib/net35/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/packages/Newtonsoft.Json.13.0.3/lib/net35/Newtonsoft.Json.dll


--------------------------------------------------------------------------------
/packages/Newtonsoft.Json.13.0.3/lib/net40/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/packages/Newtonsoft.Json.13.0.3/lib/net40/Newtonsoft.Json.dll


--------------------------------------------------------------------------------
/packages/Newtonsoft.Json.13.0.3/lib/net45/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/packages/Newtonsoft.Json.13.0.3/lib/net45/Newtonsoft.Json.dll


--------------------------------------------------------------------------------
/packages/Newtonsoft.Json.13.0.3/lib/net6.0/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/packages/Newtonsoft.Json.13.0.3/lib/net6.0/Newtonsoft.Json.dll


--------------------------------------------------------------------------------
/packages/Newtonsoft.Json.13.0.3/lib/netstandard1.0/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/packages/Newtonsoft.Json.13.0.3/lib/netstandard1.0/Newtonsoft.Json.dll


--------------------------------------------------------------------------------
/packages/Newtonsoft.Json.13.0.3/lib/netstandard1.3/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/packages/Newtonsoft.Json.13.0.3/lib/netstandard1.3/Newtonsoft.Json.dll


--------------------------------------------------------------------------------
/packages/Newtonsoft.Json.13.0.3/lib/netstandard2.0/Newtonsoft.Json.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/packages/Newtonsoft.Json.13.0.3/lib/netstandard2.0/Newtonsoft.Json.dll


--------------------------------------------------------------------------------
/packages/Newtonsoft.Json.13.0.3/packageIcon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/packages/Newtonsoft.Json.13.0.3/packageIcon.png


--------------------------------------------------------------------------------
/packages/System.Management.Automation.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aliyun/aliyun-psdeobfuscator/6c5ca3ded863df7fa7d41e7790b4012bb62eef86/packages/System.Management.Automation.dll


--------------------------------------------------------------------------------