├── .github
├── ISSUE_TEMPLATE
│ └── bug_report.md
└── PULL_REQUEST_TEMPLATE.md
├── Compiled
├── WHATSNEW_170.md
├── WHATSNEW_173.md
├── WHATSNEW_180.md
├── WHATSNEW_187.md
├── WHATSNEW_190.md
├── WHATSNEW_200.md
├── WinObjEx64.chm
├── WinObjEx64.exe
└── plugins
│ ├── ApiSetView.dll
│ ├── ExamplePlugin.dll
│ ├── ImageScope.dll
│ └── Sonar.dll
├── Docs
├── Callbacks.pdf
└── Plugins.pdf
├── LICENSE.md
├── README.md
├── Screenshots
├── AlpcPortConnections.png
├── ApiSetView.png
├── ApiSetView190.png
├── CallbackObjectView.png
├── CallbacksView.png
├── CmControlVector.png
├── FindObjectDialog.png
├── ImsSection.png
├── ImsStrings.png
├── MainWindow.png
├── NdisProtocols.png
├── ObjectTypeView.png
├── ProcessList.png
├── PropertiesDialog.png
├── SecurityDialogPage.png
├── TokenProperties.png
├── UnloadedDrivers.png
├── ViewingObjectDump.png
├── ViewingPipes.png
├── ViewingPrivateNamespaces.png
├── ViewingProcessProperties.png
├── ViewingSectionObject.png
├── ViewingServiceTable.png
├── ViewingThreadProperties.png
├── ViewingTokenProperties.png
├── ViewingTypeInformation.png
├── ViewingUserSharedData.png
└── W32pServiceTableView.png
├── Source
├── CHANGELOG.txt
├── FILELIST.txt
├── Plugins
│ ├── ApiSetView
│ │ ├── ApiSetView.vcxproj
│ │ ├── ApiSetView.vcxproj.filters
│ │ ├── ApiSetView.vcxproj.user
│ │ ├── Resource.rc
│ │ ├── export.def
│ │ ├── global.h
│ │ ├── main.c
│ │ ├── query.c
│ │ ├── query.h
│ │ ├── resource.h
│ │ └── ui.h
│ ├── ExamplePlugin
│ │ ├── ExamplePlugin.vcxproj
│ │ ├── ExamplePlugin.vcxproj.filters
│ │ ├── ExamplePlugin.vcxproj.user
│ │ ├── Resource.rc
│ │ ├── export.def
│ │ ├── main.c
│ │ └── resource.h
│ ├── ImageScope
│ │ ├── ImageScope.vcxproj
│ │ ├── ImageScope.vcxproj.filters
│ │ ├── ImageScope.vcxproj.user
│ │ ├── Resource.rc
│ │ ├── export.def
│ │ ├── global.h
│ │ ├── main.c
│ │ ├── query.c
│ │ ├── query.h
│ │ ├── resource.h
│ │ ├── sup.c
│ │ ├── sup.h
│ │ ├── ui.c
│ │ └── ui.h
│ ├── Sonar
│ │ ├── Resource.rc
│ │ ├── Sonar.vcxproj
│ │ ├── Sonar.vcxproj.filters
│ │ ├── Sonar.vcxproj.user
│ │ ├── export.def
│ │ ├── global.h
│ │ ├── main.c
│ │ ├── ndis.h
│ │ ├── query.c
│ │ ├── query.h
│ │ ├── resource.h
│ │ ├── sup.c
│ │ ├── sup.h
│ │ └── ui.h
│ ├── plugin_def.h
│ └── postbuild.cmd
├── Shared
│ ├── minirtl
│ │ ├── _filename.c
│ │ ├── _filename.h
│ │ ├── _strcat.c
│ │ ├── _strchr.c
│ │ ├── _strcmp.c
│ │ ├── _strcmpi.c
│ │ ├── _strcpy.c
│ │ ├── _strcpyn.c
│ │ ├── _strend.c
│ │ ├── _strlen.c
│ │ ├── _strncmp.c
│ │ ├── _strncmpi.c
│ │ ├── _strncpy.c
│ │ ├── _strstr.c
│ │ ├── _strstri.c
│ │ ├── hextou64.c
│ │ ├── hextoul.c
│ │ ├── i64tostr.c
│ │ ├── itostr.c
│ │ ├── minirtl.h
│ │ ├── rtltypes.h
│ │ ├── strtoi.c
│ │ ├── strtoi64.c
│ │ ├── strtou64.c
│ │ ├── strtoul.c
│ │ ├── u64tohex.c
│ │ ├── u64tostr.c
│ │ ├── ultohex.c
│ │ └── ultostr.c
│ ├── ntos
│ │ ├── apisetx.h
│ │ ├── halamd64.h
│ │ ├── ntalpc.h
│ │ ├── ntbuilds.h
│ │ ├── ntldr.c
│ │ ├── ntldr.h
│ │ ├── ntos.h
│ │ ├── ntsup.c
│ │ └── ntsup.h
│ ├── ntuser
│ │ └── ntuser.h
│ ├── sdk
│ │ └── extdef.h
│ ├── tabs
│ │ ├── tabsctrl.c
│ │ └── tabsctrl.h
│ └── treelist
│ │ ├── treelist.c
│ │ └── treelist.h
├── TypesWithNoDesc.txt
├── Utils
│ ├── GenAsIo2Unlock
│ │ ├── GenAsIo2Unlock.sln
│ │ ├── GenAsIo2Unlock.vcxproj
│ │ ├── GenAsIo2Unlock.vcxproj.filters
│ │ ├── GenAsIo2Unlock.vcxproj.user
│ │ └── main.cpp
│ ├── SearchPattern
│ │ ├── SearchPattern.cpp
│ │ ├── SearchPattern.sln
│ │ ├── SearchPattern.vcxproj
│ │ ├── SearchPattern.vcxproj.filters
│ │ ├── SearchPattern.vcxproj.user
│ │ └── test.cmd
│ └── readme.txt
├── WinObjEx64.sln
├── WinObjEx64
│ ├── Resource.rc
│ ├── WinObjEx64.vcxproj
│ ├── WinObjEx64.vcxproj.filters
│ ├── WinObjEx64.vcxproj.user
│ ├── aboutDlg.c
│ ├── driver.rc
│ ├── drivers
│ │ ├── wdbgdrv.c
│ │ ├── wdbgdrv.h
│ │ ├── wdrvprv.c
│ │ ├── wdrvprv.h
│ │ ├── winio.c
│ │ └── winio.h
│ ├── excepth.c
│ ├── excepth.h
│ ├── extapi.c
│ ├── extapi.h
│ ├── extras
│ │ ├── extras.c
│ │ ├── extras.h
│ │ ├── extrasCallbacks.c
│ │ ├── extrasCallbacksPatterns.h
│ │ ├── extrasCmOpt.c
│ │ ├── extrasDrivers.c
│ │ ├── extrasHandlers.h
│ │ ├── extrasIPC.c
│ │ ├── extrasPN.c
│ │ ├── extrasPSList.c
│ │ ├── extrasSL.c
│ │ ├── extrasSSDT.c
│ │ └── extrasUSD.c
│ ├── findDlg.c
│ ├── global.h
│ ├── hash.c
│ ├── hash.h
│ ├── hde
│ │ ├── hde64.c
│ │ ├── hde64.h
│ │ ├── pstdint.h
│ │ └── table64.h
│ ├── kldbg.c
│ ├── kldbg.h
│ ├── kldbg_patterns.h
│ ├── ksymbols.h
│ ├── list.c
│ ├── list.h
│ ├── log
│ │ ├── log.c
│ │ └── log.h
│ ├── main.c
│ ├── msvcver.h
│ ├── objects.c
│ ├── objects.h
│ ├── plugmngr.c
│ ├── plugmngr.h
│ ├── props
│ │ ├── propAlpcPort.c
│ │ ├── propBasic.c
│ │ ├── propBasicConsts.h
│ │ ├── propCommon.h
│ │ ├── propDesktop.c
│ │ ├── propDlg.c
│ │ ├── propDlg.h
│ │ ├── propDriver.c
│ │ ├── propObjectDump.c
│ │ ├── propObjectDumpConsts.h
│ │ ├── propProcess.c
│ │ ├── propSection.c
│ │ ├── propSecurity.c
│ │ ├── propSecurityConsts.h
│ │ ├── propToken.c
│ │ ├── propType.c
│ │ ├── propTypeConsts.h
│ │ └── props.h
│ ├── resource.h
│ ├── rsrc
│ │ ├── 100.ico
│ │ ├── 101.ico
│ │ ├── 102.ico
│ │ ├── 103.ico
│ │ ├── 104.ico
│ │ ├── 105.ico
│ │ ├── 106.ico
│ │ ├── 107.ico
│ │ ├── 108.ico
│ │ ├── 109.ico
│ │ ├── 110.ico
│ │ ├── 111.ico
│ │ ├── 112.ico
│ │ ├── 113.ico
│ │ ├── 114.ico
│ │ ├── 115.ico
│ │ ├── 116.ico
│ │ ├── 117.ico
│ │ ├── 118.ico
│ │ ├── 119.ico
│ │ ├── 120.ico
│ │ ├── 121.ico
│ │ ├── 122.ico
│ │ ├── 123.ico
│ │ ├── 124.ico
│ │ ├── 125.ico
│ │ ├── 126.ico
│ │ ├── 127.ico
│ │ ├── 128.ico
│ │ ├── 129.ico
│ │ ├── 130.ico
│ │ ├── 131.ico
│ │ ├── 132.ico
│ │ ├── 133.ico
│ │ ├── 134.ico
│ │ ├── 135.ico
│ │ ├── 136.ico
│ │ ├── 137.ico
│ │ ├── 138.ico
│ │ ├── 139.ico
│ │ ├── 140.ico
│ │ ├── 141.ico
│ │ ├── 142.ico
│ │ ├── 143.ico
│ │ ├── 144.ico
│ │ ├── 145.ico
│ │ ├── 146.ico
│ │ ├── 147.ico
│ │ ├── 148.ico
│ │ ├── 149.ico
│ │ ├── 6001.ico
│ │ ├── 6002.ico
│ │ ├── Bitmap_125.bmp
│ │ ├── grid.ico
│ │ ├── ico50.ico
│ │ ├── mailslot.ico
│ │ ├── obex.manifest
│ │ ├── pipe.ico
│ │ └── security.ico
│ ├── sdviewDlg.c
│ ├── sup
│ │ ├── sup.c
│ │ ├── sup.h
│ │ ├── sync.c
│ │ ├── w32k.c
│ │ ├── w32k.h
│ │ ├── wine.c
│ │ └── wine.h
│ ├── symparser.c
│ ├── symparser.h
│ ├── sysinfoDlg.c
│ ├── tests
│ │ ├── testunit.c
│ │ └── testunit.h
│ ├── ui.h
│ └── utils
│ │ └── GenAsIo2Unlock.exe
├── WinObjEx64_Plugins.sln
└── drvstore
│ └── kldbgdrv.sys
└── appveyor.yml
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 | title: ''
5 | labels: ''
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Describe the bug**
11 | A clear and concise description of what the bug is.
12 |
13 | **To Reproduce**
14 | If applicable, steps to reproduce the behavior.
15 |
16 | **Expected behavior**
17 | A clear and concise description of what you expected to happen.
18 |
19 | **Screenshots**
20 | If applicable, add screenshots to help explain your problem.
21 |
22 | **Environment**
23 | If applicable, add exact Windows version, including build number.
24 |
25 | **Additional context**
26 | Add any other context about the problem here.
27 |
--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | # Summary
2 |
3 | Please describe your changes here
4 |
5 | If you are going to resolve some issue, please add this context - Resolve #ISSUE_NUMBER
6 |
7 | If you are going to fix some bug issue, please add this context - Fix #ISSUE_NUMBER
8 |
--------------------------------------------------------------------------------
/Compiled/WHATSNEW_170.md:
--------------------------------------------------------------------------------
1 |
2 | ## What is new in 1.7
3 |
4 | - **W32pServiceTable viewer**
5 |
6 | 
7 |
8 | W32pServiceTable is a service table of Win32k - a Windows User and GDI subsystem driver. It is a secondary system service table (where first is a ntoskrnl managed KiServiceTable). This table can be saved to text file from popup menu.
9 |
10 | This feature available starting from Windows 10 1607 (RS1 14393) and require running program as administrator. Additionally Windows must be booted in the Debug mode (only for kldbgdrv version).
11 |
12 | - **Process list**
13 |
14 | 
15 |
16 | Simple process list dialog. Display tree of running processes, their id, address of EPROCESS structure, user and domain name. Additionally this list uses highlighting similar to SysInternals Process Explorer. You can copy EPROCESS address value from popup menu. To view all process information program must run elevated.
17 |
18 | - **Callbacks viewer**
19 |
20 | 
21 |
22 | List of system wide driver callbacks and notify routines registered with the following API:
23 |
24 | 1. ObRegisterCallbacks
25 | 2. CmRegisterCallbacks
26 | 3. CmRegisterCallbacksEx
27 | 4. PsSetCreateProcessNotifyRoutine
28 | 5. PsSetCreateProcessNotifyRoutineEx
29 | 6. PsSetCreateProcessNotifyRoutineEx2
30 | 7. PsSetCreateThreadNotifyRoutine
31 | 8. PsSetCreateThreadNotifyRoutineEx
32 | 9. PsSetLoadImageNotifyRoutine
33 | 10. PsSetLoadImageNotifyRoutineEx
34 | 11. KeRegisterBugCheckCallback
35 | 12. KeRegisterBugCheckReasonCallback
36 | 13. IoRegisterShutdownNotification
37 | 14. IoRegisterLastChanceShutdownNotification
38 | 15. SeRegisterLogonSessionTerminatedRoutine
39 | 16. SeRegisterLogonSessionTerminatedRoutineEx
40 | 17. PoRegisterPowerSettingCallback
41 | 18. DbgSetDebugPrintCallback
42 | 19. IoRegisterFsRegistrationChange
43 | 20. IoRegisterFileSystem
44 |
45 |
46 |
47 | - **Callback object type viewer**
48 |
49 | 
50 |
51 | Viewer of registered callbacks for Callback object type. Drivers can create callbacks with ExCreateCallback API and register them with ExRegisterCallback.
52 |
53 |
54 | - **Improved OBJECT_TYPE view**
55 |
56 | 
57 |
58 | Improved display of structured dump for OBJECT_TYPE and substructure OBJECT_TYPE_INITIALIZER by including newly added Windows 10 fields.
59 |
60 |
--------------------------------------------------------------------------------
/Compiled/WHATSNEW_173.md:
--------------------------------------------------------------------------------
1 |
2 | ## What is new in 1.7.3
3 |
4 | - **Threads view for Process list dialog**
5 |
6 |
7 |
8 | List of selected process threads. To view much of information administrative privilege and elevation required. Shows driver file for system threads.
9 |
10 | - **Process properties**
11 |
12 | 
13 |
14 | Show basic information about selected process object, including applied mitigation policies (if present) and security. To view all process information program must run elevated.
15 |
16 | - **Thread properties**
17 |
18 | 
19 |
20 | Show basic information about selected thread object, including object security. To view all thread information program must run elevated.
21 |
22 |
23 | - **Token properties**
24 |
25 | 
26 |
27 | Show basic information about access token (for Process or Thread object if it impersonating a client).
28 |
29 | - **Other**
30 |
31 | Number of UI changes and improvements, including but not limited to bug fixes, and compatibility improvements for upcoming Windows 10 19H1 release.
32 |
--------------------------------------------------------------------------------
/Compiled/WHATSNEW_180.md:
--------------------------------------------------------------------------------
1 |
2 | ## What is new in 1.8.0
3 |
4 | - **Plugins subsystem**
5 |
6 | Subsystem that allows expand WinObjEx64 functionality without modifying main executable with maximum 20 plugins supported implemented as dlls.
7 |
8 | - **NDIS protocols viewer**
9 |
10 | 
11 |
12 | Show basic information about registered NDIS protocols. Implemented as Sonar plugin, to use it administrative privilege and Windows Debug mode required.
13 |
14 | - **ApiSet viewer**
15 |
16 | 
17 |
18 | ApiSet viewer implemented as plugin. Can view current system apiset or parse and display apiset from apiset dll. Supports V2 (Windows 7), V4 (Windows 8+), V6 (Windows 10) apisets.
19 |
20 | - **Other**
21 |
22 | Run as LocalSystem feature improved (issue #14), compatibility improvements for upcoming Windows 10 20H1 release.
23 |
--------------------------------------------------------------------------------
/Compiled/WHATSNEW_187.md:
--------------------------------------------------------------------------------
1 |
2 | ## What is new in 1.8.7
3 |
4 | - **Plugins subsystem changes**
5 |
6 | It has been upgraded to include context plugins and multi-instance support.
7 |
8 | - **ImageScope section object viewer**
9 |
10 | 
11 |
12 | New WinObjEx64 context plugin. Display information about section object that is backed by an image file. Show version info fields, printable strings.
13 |
14 | 
15 |
16 |
17 | - **Other**
18 | + Compatibility improvements for Windows 10 20H1/20H2/21H1 versions.
19 | + Added recongnizing of shimmed drivers in drivers list, this feature is only supported starting from Windows 10
20 | + Process trust label (if present) now also displayed for objects of section type
21 | + Added plugins viewer
22 | + Multiple other minor changes in program logic and UI
23 | + Fixed several bugs
24 |
--------------------------------------------------------------------------------
/Compiled/WHATSNEW_190.md:
--------------------------------------------------------------------------------
1 |
2 | ## What is new in 1.9.0
3 |
4 | - **Unloaded drivers view**
5 |
6 | 
7 |
8 | View contents of MmUnloadedDrivers ntoskrnl managed array.
9 |
10 | - **ALPC Ports connections**
11 |
12 | 
13 |
14 | Display information about ALPC port connected clients, similar to WinDBG *!alpc /port* command.
15 |
16 | - **Section Object dump view**
17 |
18 | 
19 |
20 | View contents of Section object type and it child structures such as CONTROL_AREA, SEGMENT etc. Note that view is not complete and only list important fields, similar to WinDBG *!ca 0xX 4* command.
21 |
22 | - **Updated ApiSetSchema plugin**
23 |
24 | 
25 |
26 | Improved search and fixed some bugs.
27 |
28 | - **Other**
29 | + Added ExCreateCallback list to the callbacks list
30 | + Fixed several bugs
31 |
--------------------------------------------------------------------------------
/Compiled/WHATSNEW_200.md:
--------------------------------------------------------------------------------
1 |
2 | ## What is new in 2.0.0
3 |
4 | - **CmControlVector viewer**
5 |
6 | 
7 |
8 | View contents of CmControlVector ntoskrnl parameters array. Can display actual values of variables or dump them when driver support is enabled.
9 |
10 | - **Other**
11 | + Added entirely new handling of object names to support embedded nulls
12 | + Added Pico providers, Nmi, SiloMonitor and Errata manager callbacks
13 | + Added Copy Name/Copy Name (Binary) commands to the main window popup menus
14 | + Added program statistics (see Help->Statistics)
15 | + Added legend window description for process list
16 | + Added ability to fix image sections for dumped drivers
17 | + Added RegistryTransaction object view and access rights
18 | + Moved "Globals" from about box to the View->System Information and rearranged it output
19 | + Drivers dump operation can now be cancelled
20 | + Fix display of PUNICODE_STRING dump
21 | + Fix ALPC Port type objects sometimes unable to open while they can be opened
22 | + Plugin sdk updated to accommodate new named objects handling
23 | + Imagescope plugin updated to accomodate plugin sdk changes
24 | + Elevation required features in "extras" will now request elevation instead of just been disabled
25 | + Help file updated with drivers and symbols usage
26 | + Internal rearrange and minor UI changes
27 |
--------------------------------------------------------------------------------
/Compiled/WinObjEx64.chm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Compiled/WinObjEx64.chm
--------------------------------------------------------------------------------
/Compiled/WinObjEx64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Compiled/WinObjEx64.exe
--------------------------------------------------------------------------------
/Compiled/plugins/ApiSetView.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Compiled/plugins/ApiSetView.dll
--------------------------------------------------------------------------------
/Compiled/plugins/ExamplePlugin.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Compiled/plugins/ExamplePlugin.dll
--------------------------------------------------------------------------------
/Compiled/plugins/ImageScope.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Compiled/plugins/ImageScope.dll
--------------------------------------------------------------------------------
/Compiled/plugins/Sonar.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Compiled/plugins/Sonar.dll
--------------------------------------------------------------------------------
/Docs/Callbacks.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Docs/Callbacks.pdf
--------------------------------------------------------------------------------
/Docs/Plugins.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Docs/Plugins.pdf
--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
1 | Copyright (c) 2015 - 2025, WinObjEx64 Project, hfiref0x
2 |
3 | Redistribution and use in source and binary forms, with or without
4 | modification, are permitted provided that the following conditions are met:
5 |
6 | * Redistributions of source code must retain the above copyright notice, this
7 | list of conditions and the following disclaimer.
8 |
9 | * Redistributions in binary form must reproduce the above copyright notice,
10 | this list of conditions and the following disclaimer in the documentation
11 | and/or other materials provided with the distribution.
12 |
13 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
14 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
16 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
17 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
19 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
20 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
21 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
22 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 |
--------------------------------------------------------------------------------
/Screenshots/AlpcPortConnections.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/AlpcPortConnections.png
--------------------------------------------------------------------------------
/Screenshots/ApiSetView.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ApiSetView.png
--------------------------------------------------------------------------------
/Screenshots/ApiSetView190.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ApiSetView190.png
--------------------------------------------------------------------------------
/Screenshots/CallbackObjectView.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/CallbackObjectView.png
--------------------------------------------------------------------------------
/Screenshots/CallbacksView.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/CallbacksView.png
--------------------------------------------------------------------------------
/Screenshots/CmControlVector.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/CmControlVector.png
--------------------------------------------------------------------------------
/Screenshots/FindObjectDialog.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/FindObjectDialog.png
--------------------------------------------------------------------------------
/Screenshots/ImsSection.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ImsSection.png
--------------------------------------------------------------------------------
/Screenshots/ImsStrings.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ImsStrings.png
--------------------------------------------------------------------------------
/Screenshots/MainWindow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/MainWindow.png
--------------------------------------------------------------------------------
/Screenshots/NdisProtocols.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/NdisProtocols.png
--------------------------------------------------------------------------------
/Screenshots/ObjectTypeView.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ObjectTypeView.png
--------------------------------------------------------------------------------
/Screenshots/ProcessList.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ProcessList.png
--------------------------------------------------------------------------------
/Screenshots/PropertiesDialog.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/PropertiesDialog.png
--------------------------------------------------------------------------------
/Screenshots/SecurityDialogPage.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/SecurityDialogPage.png
--------------------------------------------------------------------------------
/Screenshots/TokenProperties.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/TokenProperties.png
--------------------------------------------------------------------------------
/Screenshots/UnloadedDrivers.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/UnloadedDrivers.png
--------------------------------------------------------------------------------
/Screenshots/ViewingObjectDump.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ViewingObjectDump.png
--------------------------------------------------------------------------------
/Screenshots/ViewingPipes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ViewingPipes.png
--------------------------------------------------------------------------------
/Screenshots/ViewingPrivateNamespaces.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ViewingPrivateNamespaces.png
--------------------------------------------------------------------------------
/Screenshots/ViewingProcessProperties.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ViewingProcessProperties.png
--------------------------------------------------------------------------------
/Screenshots/ViewingSectionObject.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ViewingSectionObject.png
--------------------------------------------------------------------------------
/Screenshots/ViewingServiceTable.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ViewingServiceTable.png
--------------------------------------------------------------------------------
/Screenshots/ViewingThreadProperties.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ViewingThreadProperties.png
--------------------------------------------------------------------------------
/Screenshots/ViewingTokenProperties.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ViewingTokenProperties.png
--------------------------------------------------------------------------------
/Screenshots/ViewingTypeInformation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ViewingTypeInformation.png
--------------------------------------------------------------------------------
/Screenshots/ViewingUserSharedData.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/ViewingUserSharedData.png
--------------------------------------------------------------------------------
/Screenshots/W32pServiceTableView.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Screenshots/W32pServiceTableView.png
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/ApiSetView.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {d8ef8d3d-fe7d-4908-93bf-5279accdabfe}
18 |
19 |
20 | {83c6e752-f5b5-48a7-8e6f-231cba8a450d}
21 |
22 |
23 |
24 |
25 | Source Files
26 |
27 |
28 | Source Files
29 |
30 |
31 | minirtl
32 |
33 |
34 | minirtl
35 |
36 |
37 | minirtl
38 |
39 |
40 | minirtl
41 |
42 |
43 | minirtl
44 |
45 |
46 | minirtl
47 |
48 |
49 | minirtl
50 |
51 |
52 | minirtl
53 |
54 |
55 | treelist
56 |
57 |
58 | minirtl
59 |
60 |
61 |
62 |
63 | Header Files
64 |
65 |
66 | Header Files
67 |
68 |
69 | Header Files
70 |
71 |
72 | Header Files
73 |
74 |
75 | Header Files
76 |
77 |
78 | minirtl
79 |
80 |
81 | minirtl
82 |
83 |
84 | treelist
85 |
86 |
87 |
88 |
89 | Resource Files
90 |
91 |
92 |
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/ApiSetView.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/Resource.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/Plugins/ApiSetView/Resource.rc
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/export.def:
--------------------------------------------------------------------------------
1 | EXPORTS
2 | PluginInit
3 |
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/global.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2021
4 | *
5 | * TITLE: GLOBAL.H
6 | *
7 | * VERSION: 1.11
8 | *
9 | * DATE: 01 Oct 2021
10 | *
11 | * Common header file for the Windows Object Explorer ApiSetView plugin.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | //
22 | // Strict UNICODE
23 | //
24 | #if !defined UNICODE
25 | #error ANSI build is not supported
26 | #endif
27 |
28 | #define OEMRESOURCE
29 | #include
30 | #include
31 | #include
32 | #include
33 | #include
34 | #include
35 |
36 | #pragma warning(push)
37 | #pragma warning(disable: 4005)
38 | #include
39 | #pragma warning(pop)
40 |
41 | #pragma warning(disable: 6258) // TerminateThread
42 | #pragma warning(disable: 6320) // Exception-filter expression is the constant EXCEPTION_EXECUTE_HANDLER
43 | #pragma warning(disable: 26812) // Prefer 'enum class' over 'enum'
44 |
45 |
46 | #include "ntos/ntos.h"
47 | #include "ntos/apisetx.h"
48 | #include "treelist/treelist.h"
49 | #include "minirtl/minirtl.h"
50 | #include "plugin_def.h"
51 | #include "resource.h"
52 | #include "ui.h"
53 | #include "query.h"
54 |
55 | //
56 | // Declared in main.c
57 | //
58 | extern GUI_CONTEXT g_ctx;
59 |
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/query.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2021
4 | *
5 | * TITLE: QUERY.H
6 | *
7 | * VERSION: 1.11
8 | *
9 | * DATE: 01 June 2021
10 | *
11 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
12 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
13 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
14 | * PARTICULAR PURPOSE.
15 | *
16 | *******************************************************************************/
17 |
18 | #pragma once
19 |
20 | VOID ListApiSetFromFile(
21 | _In_opt_ LPCWSTR lpFileName,
22 | _In_opt_ LPCWSTR FilterByName);
23 |
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by Resource.rc
4 | //
5 | #define IDD_ASDIALOG 101
6 | #define IDC_ENTRY_EDIT 1001
7 | #define IDC_SEARCH_EDIT 1002
8 | #define IDC_SEARCH_BUTTON 1003
9 | #define IDC_BROWSE_BUTTON 1004
10 | #define ID_USE_SYSTEM_SCHEMA_FILE 40001
11 |
12 | // Next default values for new objects
13 | //
14 | #ifdef APSTUDIO_INVOKED
15 | #ifndef APSTUDIO_READONLY_SYMBOLS
16 | #define _APS_NEXT_RESOURCE_VALUE 103
17 | #define _APS_NEXT_COMMAND_VALUE 40002
18 | #define _APS_NEXT_CONTROL_VALUE 1005
19 | #define _APS_NEXT_SYMED_VALUE 101
20 | #endif
21 | #endif
22 |
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/ui.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2022
4 | *
5 | * TITLE: UI.H
6 | *
7 | * VERSION: 1.13
8 | *
9 | * DATE: 10 Jun 2022
10 | *
11 | * WinObjEx64 ApiSetView UI constants, definitions and includes.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | #pragma comment(lib, "comctl32.lib")
23 | #pragma comment(lib, "uxtheme.lib")
24 |
25 | #define DefaultSystemDpi 96
26 | #define WINOBJEX64_ICON_MAIN 174
27 | #define ID_OBJECT_COPY 40008
28 |
29 | #define T_EmptyString TEXT("")
30 |
31 | typedef struct _VALUE_DESC {
32 | ULONG Value;
33 | LPCWSTR Desc;
34 | } VALUE_DESC, * PVALUE_DESC;
35 |
36 | typedef struct _GUI_CONTEXT {
37 | HWND MainWindow;
38 | HWND TreeList;
39 | HWND SearchEdit;
40 | HANDLE PluginHeap;
41 | HANDLE WorkerThread;
42 | HICON WindowIcon;
43 |
44 | INT tlSubItemHit;
45 |
46 | WCHAR SchemaFileName[MAX_PATH * 2];
47 |
48 | //
49 | // WinObjEx64 data and pointers.
50 | //
51 | WINOBJEX_PARAM_BLOCK ParamBlock;
52 | } GUI_CONTEXT, *PGUI_CONTEXT;
53 |
54 | typedef struct _TL_SUBITEMS_FIXED {
55 | ULONG Count;
56 | ULONG ColorFlags;
57 | COLORREF BgColor;
58 | COLORREF FontColor;
59 | PVOID UserParam;
60 | LPTSTR CustomTooltip;
61 | LPTSTR Text[2];
62 | } TL_SUBITEMS_FIXED, * PTL_SUBITEMS_FIXED;
63 |
--------------------------------------------------------------------------------
/Source/Plugins/ExamplePlugin/ExamplePlugin.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 | Header Files
28 |
29 |
30 |
31 |
32 | Resource Files
33 |
34 |
35 |
--------------------------------------------------------------------------------
/Source/Plugins/ExamplePlugin/ExamplePlugin.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/Source/Plugins/ExamplePlugin/Resource.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/Plugins/ExamplePlugin/Resource.rc
--------------------------------------------------------------------------------
/Source/Plugins/ExamplePlugin/export.def:
--------------------------------------------------------------------------------
1 | EXPORTS
2 | PluginInit
3 |
--------------------------------------------------------------------------------
/Source/Plugins/ExamplePlugin/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by Resource.rc
4 |
5 | // Next default values for new objects
6 | //
7 | #ifdef APSTUDIO_INVOKED
8 | #ifndef APSTUDIO_READONLY_SYMBOLS
9 | #define _APS_NEXT_RESOURCE_VALUE 101
10 | #define _APS_NEXT_COMMAND_VALUE 40001
11 | #define _APS_NEXT_CONTROL_VALUE 1001
12 | #define _APS_NEXT_SYMED_VALUE 101
13 | #endif
14 | #endif
15 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/ImageScope.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {d2825bdd-fe43-4ebf-9d7e-93f70bee0a6f}
18 |
19 |
20 | {3fc49280-92ec-4638-ae24-6144bed64c6e}
21 |
22 |
23 | {47476539-9197-402f-8e71-0bd5fcb07914}
24 |
25 |
26 | {fbb5d080-c089-4398-bc97-6a35b013bcb7}
27 |
28 |
29 | {d9dffc49-f34e-4cb2-9938-e1a6bc53a50b}
30 |
31 |
32 |
33 |
34 | Source Files
35 |
36 |
37 | Source Files
38 |
39 |
40 | minirtl
41 |
42 |
43 | tabs
44 |
45 |
46 | Source Files
47 |
48 |
49 | minirtl
50 |
51 |
52 | minirtl
53 |
54 |
55 | treelist
56 |
57 |
58 | minirtl
59 |
60 |
61 | Source Files
62 |
63 |
64 | ntos
65 |
66 |
67 | minirtl
68 |
69 |
70 | minirtl
71 |
72 |
73 | minirtl
74 |
75 |
76 | minirtl
77 |
78 |
79 |
80 |
81 | Header Files
82 |
83 |
84 | Header Files
85 |
86 |
87 | ntos
88 |
89 |
90 | Header Files
91 |
92 |
93 | Header Files
94 |
95 |
96 | Header Files
97 |
98 |
99 | minirtl
100 |
101 |
102 | minirtl
103 |
104 |
105 | tabs
106 |
107 |
108 | treelist
109 |
110 |
111 | Header Files
112 |
113 |
114 | sdk
115 |
116 |
117 | ntos
118 |
119 |
120 |
121 |
122 | Resource Files
123 |
124 |
125 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/ImageScope.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/Resource.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/Plugins/ImageScope/Resource.rc
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/export.def:
--------------------------------------------------------------------------------
1 | EXPORTS
2 | PluginInit
3 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/global.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2020 - 2021
4 | *
5 | * TITLE: GLOBAL.H
6 | *
7 | * VERSION: 1.00
8 | *
9 | * DATE: 01 Oct 2021
10 | *
11 | * Common header file for the Windows Object Explorer ImageScope plugin.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | //
22 | // Strict UNICODE
23 | //
24 | #if !defined UNICODE
25 | #error ANSI build is not supported
26 | #endif
27 |
28 | #define OEMRESOURCE
29 | #include
30 | #include
31 | #include
32 | #include
33 | #include
34 |
35 | #pragma warning(push)
36 | #pragma warning(disable: 4005)
37 | #include
38 | #pragma warning(pop)
39 |
40 | #pragma warning(disable: 6258) // TerminateThread
41 | #pragma warning(disable: 6320) // Exception-filter expression is the constant EXCEPTION_EXECUTE_HANDLER
42 | #pragma warning(disable: 26812) // Prefer 'enum class' over 'enum'
43 |
44 |
45 | #include "ntos/ntos.h"
46 | #include "ntos/ntsup.h"
47 | #include "treelist/treelist.h"
48 | #include "minirtl/minirtl.h"
49 | #include "tabs/tabsctrl.h"
50 | #include "plugin_def.h"
51 | #include "sdk/extdef.h"
52 | #include "resource.h"
53 | #include "query.h"
54 | #include "sup.h"
55 | #include "ui.h"
56 |
57 | //declared in main.c
58 | extern HINSTANCE g_ThisDLL;
59 | extern volatile DWORD g_PluginState;
60 | extern WINOBJEX_PLUGIN* g_Plugin;
61 |
62 | #ifdef _DEBUG
63 | #define kdDebugPrint(f, ...) DbgPrint(f, __VA_ARGS__)
64 | #else
65 | #define kdDebugPrint(f, ...)
66 | #endif
67 |
68 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/query.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2020
4 | *
5 | * TITLE: QUERY.H
6 | *
7 | * VERSION: 1.00
8 | *
9 | * DATE: 10 July 2020
10 | *
11 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
12 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
13 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
14 | * PARTICULAR PURPOSE.
15 | *
16 | *******************************************************************************/
17 |
18 | #pragma once
19 |
20 | typedef BOOL(CALLBACK* PEnumStringInfoCallback)(
21 | _In_ PWCHAR key,
22 | _In_ PWCHAR value,
23 | _In_ PWCHAR langid,
24 | _In_opt_ LPVOID cbparam);
25 |
26 | typedef BOOL(CALLBACK* PEnumVarInfoCallback)(
27 | _In_ PWCHAR key,
28 | _In_ DWORD value,
29 | _In_opt_ LPVOID cbparam);
30 |
31 | typedef struct _IMGVSHDR {
32 | WORD wLength;
33 | WORD wValueLength;
34 | WORD wType;
35 | } IMGVSHDR, * PIMGVSHDR;
36 |
37 | typedef struct _IMGVSVERSIONINFO {
38 | IMGVSHDR vshdr;
39 | WCHAR wIdString[17];
40 | } IMGVSVERSIONINFO, * PIMGVSVERSIONINFO;
41 |
42 | typedef struct _IMGSTRINGINFO {
43 | IMGVSHDR vshdr;
44 | WCHAR wIdKey[15];
45 | } IMGSTRINGINFO, * PIMGSTRINGINFO;
46 |
47 | typedef struct _IMGVARINFO {
48 | IMGVSHDR vshdr;
49 | WCHAR wIdKey[13];
50 | } IMGVARINFO, * PIMGVARINFO;
51 |
52 | typedef struct _IMGSTRINGTABLE {
53 | IMGVSHDR vshdr;
54 | WCHAR wIdKey[9];
55 | } IMGSTRINGTABLE, * PIMGSTRINGTABLE;
56 |
57 | typedef struct _IMGVSTRING {
58 | IMGVSHDR vshdr;
59 | WCHAR szKey[1];
60 | } IMGVSTRING, * PIMGVSTRING;
61 |
62 | typedef struct _STRING_PTR {
63 | ULONG ofpstr;
64 | ULONG length;
65 | struct _STRING_PTR* pnext;
66 | } STRING_PTR, * PSTRING_PTR;
67 |
68 | VS_FIXEDFILEINFO* PEImageEnumVersionFields(
69 | _In_ HMODULE module,
70 | _In_ PEnumStringInfoCallback scallback,
71 | _In_opt_ PEnumVarInfoCallback vcallback,
72 | _Inout_opt_ PVOID cbparam);
73 |
74 | PSTRING_PTR EnumImageStringsW(
75 | _In_ PVOID HeapHandle,
76 | _In_ PWCHAR Buffer,
77 | _In_ ULONG Size);
78 |
79 | PSTRING_PTR EnumImageStringsA(
80 | _In_ PVOID HeapHandle,
81 | _In_ PCHAR Buffer,
82 | _In_ ULONG Size);
83 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by Resource.rc
4 | //
5 | #define IDD_TABDLG_SECTION 9
6 | #define IDD_TABDLG_VSINFO 103
7 | #define IDD_TABDLG_STRINGS 105
8 | #define IDC_LIST 1002
9 |
10 | // Next default values for new objects
11 | //
12 | #ifdef APSTUDIO_INVOKED
13 | #ifndef APSTUDIO_READONLY_SYMBOLS
14 | #define _APS_NEXT_RESOURCE_VALUE 107
15 | #define _APS_NEXT_COMMAND_VALUE 40001
16 | #define _APS_NEXT_CONTROL_VALUE 1005
17 | #define _APS_NEXT_SYMED_VALUE 101
18 | #endif
19 | #endif
20 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/sup.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2020 - 2022
4 | *
5 | * TITLE: SUP.H
6 | *
7 | * VERSION: 1.10
8 | *
9 | * DATE: 15 Jun 2022
10 | *
11 | * Common header file for the plugin support routines.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | PVOID supHeapAlloc(
22 | _In_ SIZE_T Size);
23 |
24 | BOOL supHeapFree(
25 | _In_ PVOID Memory);
26 |
27 | VOID supSetWaitCursor(
28 | _In_ BOOL fSet);
29 |
30 | NTSTATUS supMapSection(
31 | _In_ HANDLE SectionHandle,
32 | _Out_ PVOID* BaseAddress,
33 | _Out_ SIZE_T* ViewSize);
34 |
35 | BOOL supSaveDialogExecute(
36 | _In_ HWND OwnerWindow,
37 | _Inout_ LPWSTR SaveFileName,
38 | _In_ LPWSTR lpDialogFilter);
39 |
40 | BOOL supListViewExportToFile(
41 | _In_ LPWSTR FileName,
42 | _In_ HWND WindowHandle,
43 | _In_ HWND ListView,
44 | _In_ INT ColumnCount);
45 |
46 | VOID supStatusBarSetText(
47 | _In_ HWND hwndStatusBar,
48 | _In_ WPARAM partIndex,
49 | _In_ LPWSTR lpText);
50 |
51 | HTREEITEM supTreeListAddItem(
52 | _In_ HWND TreeList,
53 | _In_opt_ HTREEITEM hParent,
54 | _In_ UINT mask,
55 | _In_ UINT state,
56 | _In_ UINT stateMask,
57 | _In_opt_ LPWSTR pszText,
58 | _In_opt_ PVOID subitems);
59 |
60 | INT supAddListViewColumn(
61 | _In_ HWND ListViewHwnd,
62 | _In_ INT ColumnIndex,
63 | _In_ INT SubItemIndex,
64 | _In_ INT OrderIndex,
65 | _In_ INT ImageIndex,
66 | _In_ INT Format,
67 | _In_ LPWSTR Text,
68 | _In_ INT Width,
69 | _In_ INT DpiValue);
70 |
71 | BOOL supListViewAddCopyValueItem(
72 | _In_ HMENU hMenu,
73 | _In_ HWND hwndLv,
74 | _In_ UINT uId,
75 | _In_ UINT uPos,
76 | _In_ POINT* lpPoint,
77 | _Out_ INT* pItemHit,
78 | _Out_ INT* pColumnHit);
79 |
80 | void supCopyMemory(
81 | _Inout_ void* dest,
82 | _In_ size_t cbdest,
83 | _In_ const void* src,
84 | _In_ size_t cbsrc);
85 |
86 | LPWSTR supGetItemText(
87 | _In_ HWND ListView,
88 | _In_ INT nItem,
89 | _In_ INT nSubItem,
90 | _Out_opt_ PSIZE_T lpSize);
91 |
92 | VOID supClipboardCopy(
93 | _In_ LPWSTR lpText,
94 | _In_ SIZE_T cbText);
95 |
96 | BOOL supListViewCopyItemValueToClipboard(
97 | _In_ HWND hwndListView,
98 | _In_ INT iItem,
99 | _In_ INT iSubItem);
100 |
101 | _Success_(return)
102 | BOOL supFreeDuplicatedUnicodeString(
103 | _In_ HANDLE HeapHandle,
104 | _Inout_ PUNICODE_STRING DuplicatedString,
105 | _In_ BOOL DoZeroMemory);
106 |
107 | _Success_(return)
108 | BOOL supDuplicateUnicodeString(
109 | _In_ HANDLE HeapHandle,
110 | _Out_ PUNICODE_STRING DestinationString,
111 | _In_ PUNICODE_STRING SourceString);
112 |
113 |
114 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/ui.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2020 - 2022
4 | *
5 | * TITLE: UI.H
6 | *
7 | * VERSION: 1.02
8 | *
9 | * DATE: 08 Jun 2022
10 | *
11 | * WinObjEx64 ImageScope UI constants, definitions and includes.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | #pragma comment(lib, "comctl32.lib")
23 | #pragma comment(lib, "uxtheme.lib")
24 |
25 | #define DefaultSystemDpi 96
26 |
27 | #define ScaleDPI(Value, CurrentDPI) MulDiv(Value, CurrentDPI, DefaultSystemDpi)
28 |
29 | #define T_PLUGIN_NAME TEXT("ImageScope")
30 | #define IMAGESCOPE_WNDTITLE T_PLUGIN_NAME
31 | #define T_IMS_PROP TEXT("ImsProp")
32 |
33 | #define EMPTY_STRING TEXT("")
34 | #define T_EXPORTTOFILE TEXT("Export List to File")
35 | #define T_CSV_FILE_FILTER TEXT("CSV Files\0*.csv\0\0")
36 |
37 | #define PRINTF_BUFFER_LENGTH 100
38 |
39 | #define ID_MENU_LIST_DUMP 49001
40 | #define ID_MENU_LIST_COPY 49002
41 |
42 | typedef struct _GUI_CONTEXT {
43 | UINT CurrentDPI;
44 |
45 | INT LvItemHit;
46 | INT LvColumnHit;
47 |
48 | HWND MainWindow;
49 | HWND StatusBar;
50 | HWND TreeList;
51 | HANDLE WorkerThread;
52 | PVOID SectionAddress;
53 | SIZE_T SectionViewSize;
54 |
55 | TABHDR* TabHeader;
56 |
57 | //
58 | // WinObjEx64 data and pointers.
59 | //
60 | WINOBJEX_PARAM_BLOCK ParamBlock;
61 | } GUI_CONTEXT, * PGUI_CONTEXT;
62 |
63 | #define IDC_TAB 8086
64 |
65 | typedef enum _IMS_TAB_ID {
66 | TabIdSection = 0,
67 | TabIdVSInfo = 1,
68 | TabIdStrings = 2,
69 | TabIdMax
70 | } IMS_TAB_ID;
71 |
72 | typedef struct _IMS_TAB {
73 | UINT ResourceId;
74 | IMS_TAB_ID TabId;
75 | WNDPROC WndProc;
76 | LPTSTR TabCaption;
77 | } IMS_TAB;
78 |
79 | typedef struct _TL_SUBITEMS_FIXED {
80 | ULONG Count;
81 | ULONG ColorFlags;
82 | COLORREF BgColor;
83 | COLORREF FontColor;
84 | PVOID UserParam;
85 | LPTSTR CustomTooltip;
86 | LPTSTR Text[2];
87 | } TL_SUBITEMS_FIXED, * PTL_SUBITEMS_FIXED;
88 |
89 | typedef struct _VALUE_DESC {
90 | LPWSTR lpDescription;
91 | DWORD dwValue;
92 | } VALUE_DESC, * PVALUE_DESC;
93 |
94 | LRESULT CALLBACK MainWindowProc(
95 | _In_ HWND hwnd,
96 | _In_ UINT uMsg,
97 | _In_ WPARAM wParam,
98 | _In_ LPARAM lParam);
99 |
100 | BOOL RunUI(
101 | _In_ GUI_CONTEXT* Context);
102 |
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/Resource.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/Plugins/Sonar/Resource.rc
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/Sonar.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {4a1ef988-ec2c-4e01-9f42-58a21d9d7087}
18 |
19 |
20 | {cf71df74-886f-4e59-9549-bb7a5f08bd19}
21 |
22 |
23 | {cdc2911e-e806-4308-b367-3e794c15d6a0}
24 |
25 |
26 |
27 |
28 | Source Files
29 |
30 |
31 | Source Files
32 |
33 |
34 | treelist
35 |
36 |
37 | minirtl
38 |
39 |
40 | minirtl
41 |
42 |
43 | minirtl
44 |
45 |
46 | minirtl
47 |
48 |
49 | minirtl
50 |
51 |
52 | minirtl
53 |
54 |
55 | ntos
56 |
57 |
58 | minirtl
59 |
60 |
61 | Source Files
62 |
63 |
64 | minirtl
65 |
66 |
67 | minirtl
68 |
69 |
70 |
71 |
72 | Header Files
73 |
74 |
75 | Header Files
76 |
77 |
78 | Header Files
79 |
80 |
81 | Header Files
82 |
83 |
84 | Header Files
85 |
86 |
87 | Header Files
88 |
89 |
90 | Header Files
91 |
92 |
93 | treelist
94 |
95 |
96 | ntos
97 |
98 |
99 | ntos
100 |
101 |
102 | Header Files
103 |
104 |
105 | ntos
106 |
107 |
108 |
109 |
110 | Resource Files
111 |
112 |
113 |
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/Sonar.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/export.def:
--------------------------------------------------------------------------------
1 | EXPORTS
2 | PluginInit
3 |
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/global.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2021
4 | *
5 | * TITLE: GLOBAL.H
6 | *
7 | * VERSION: 1.03
8 | *
9 | * DATE: 27 July 2021
10 | *
11 | * Common header file for the Windows Object Explorer Sonar plugin.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | //
22 | // Strict UNICODE
23 | //
24 | #if !defined UNICODE
25 | #error ANSI build is not supported
26 | #endif
27 |
28 | #define OEMRESOURCE
29 | #include
30 | #include
31 | #include
32 | #include
33 | #include
34 |
35 | #pragma warning(push)
36 | #pragma warning(disable: 4005)
37 | #include
38 | #pragma warning(pop)
39 |
40 | #pragma warning(disable: 6320) //Exception-filter expression is the constant EXCEPTION_EXECUTE_HANDLER
41 |
42 | #include "ntos/ntos.h"
43 | #include "treelist/treelist.h"
44 | #include "minirtl/minirtl.h"
45 | #include "ntos/ntsup.h"
46 | #include "ntos/ntbuilds.h"
47 | #include "plugin_def.h"
48 | #include "sup.h"
49 | #include "ui.h"
50 | #include "resource.h"
51 | #include "ndis.h"
52 | #include "query.h"
53 |
54 | //declared in main.c
55 | extern SONARCONTEXT g_ctx;
56 |
57 | #ifdef _DEBUG
58 | #define kdDebugPrint(f, ...) DbgPrint(f, __VA_ARGS__)
59 | #else
60 | #define kdDebugPrint(f, ...)
61 | #endif
62 |
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by Resource.rc
4 | //
5 | #define IDI_ICON2 104
6 |
7 | // Next default values for new objects
8 | //
9 | #ifdef APSTUDIO_INVOKED
10 | #ifndef APSTUDIO_READONLY_SYMBOLS
11 | #define _APS_NEXT_RESOURCE_VALUE 106
12 | #define _APS_NEXT_COMMAND_VALUE 40001
13 | #define _APS_NEXT_CONTROL_VALUE 1001
14 | #define _APS_NEXT_SYMED_VALUE 101
15 | #endif
16 | #endif
17 |
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/sup.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2021 - 2024
4 | *
5 | * TITLE: SUP.H
6 | *
7 | * VERSION: 1.14
8 | *
9 | * DATE: 04 Jun 2024
10 | *
11 | * Sonar plugin support definitions and declarations.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #include "global.h"
21 |
22 | PVOID HeapMemoryAlloc(
23 | _In_ SIZE_T Size);
24 |
25 | BOOL HeapMemoryFree(
26 | _In_ PVOID Memory);
27 |
28 | BOOL supGetWin32FileName(
29 | _In_ LPWSTR FileName,
30 | _Inout_ LPWSTR Win32FileName,
31 | _In_ SIZE_T ccWin32FileName);
32 |
33 | VOID supClipboardCopy(
34 | _In_ LPWSTR lpText,
35 | _In_ SIZE_T cbText);
36 |
37 | BOOL supTreeListAddCopyValueItem(
38 | _In_ HMENU hMenu,
39 | _In_ HWND hwndTreeList,
40 | _In_ UINT uId,
41 | _In_ UINT uPos,
42 | _In_ LPARAM lParam,
43 | _In_ INT* pSubItemHit);
44 |
45 | LPWSTR supGetItemText(
46 | _In_ HWND ListView,
47 | _In_ INT nItem,
48 | _In_ INT nSubItem,
49 | _Out_opt_ PSIZE_T lpSize);
50 |
51 | LPWSTR supGetItemText2(
52 | _In_ HWND ListView,
53 | _In_ INT nItem,
54 | _In_ INT nSubItem,
55 | _In_ WCHAR* pszText,
56 | _In_ UINT cchText);
57 |
58 | BOOL supListViewAddCopyValueItem(
59 | _In_ HMENU hMenu,
60 | _In_ HWND hwndLv,
61 | _In_ UINT uId,
62 | _In_ UINT uPos,
63 | _In_ POINT* lpPoint,
64 | _Out_ INT* pItemHit,
65 | _Out_ INT* pColumnHit);
66 |
67 | BOOL supListViewCopyItemValueToClipboard(
68 | _In_ HWND hwndListView,
69 | _In_ INT iItem,
70 | _In_ INT iSubItem);
71 |
72 | BOOL supTreeListCopyItemValueToClipboard(
73 | _In_ HWND hwndTreeList,
74 | _In_ INT tlSubItemHit);
75 |
76 | INT supGetMaxCompareTwoFixedStrings(
77 | _In_ HWND ListView,
78 | _In_ LPARAM lParam1,
79 | _In_ LPARAM lParam2,
80 | _In_ LPARAM lParamSort,
81 | _In_ BOOL Inverse);
82 |
83 | INT supGetMaxOfTwoU64FromHex(
84 | _In_ HWND ListView,
85 | _In_ LPARAM lParam1,
86 | _In_ LPARAM lParam2,
87 | _In_ LPARAM lParamSort,
88 | _In_ BOOL Inverse);
89 |
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/ui.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2022
4 | *
5 | * TITLE: UI.H
6 | *
7 | * VERSION: 1.15
8 | *
9 | * DATE: 10 Jun 2022
10 | *
11 | * WinObjEx64 Sonar UI constants, definitions and includes.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | #pragma comment(lib, "comctl32.lib")
23 | #pragma comment(lib, "uxtheme.lib")
24 |
25 | #define SONAR_WNDTITLE TEXT("Sonar")
26 |
27 | #define WINOBJEX64_ACC_TABLE 166
28 | #define WINOBJEX64_ICON_MAIN 174
29 | #define WINOBJEX64_ICON_SORT_UP 6001
30 | #define WINOBJEX64_ICON_SORT_DOWN 6002
31 | #define WINOBJEX64_ACC_F5 40003
32 | #define WINOBJEX64_OBJECT_PROP 40004
33 |
34 | #define ID_MENU_COPY_VALUE 41008
35 |
36 | #define Y_SPLITTER_SIZE 4
37 | #define Y_SPLITTER_MIN 100
38 |
39 | #define DefaultSystemDpi 96
40 |
41 | #define SCALE_DPI_VALUE(Value, CurrentDPI) MulDiv(Value, CurrentDPI, DefaultSystemDpi)
42 |
43 | typedef struct _TL_SUBITEMS_FIXED {
44 | ULONG Count;
45 | ULONG ColorFlags;
46 | COLORREF BgColor;
47 | COLORREF FontColor;
48 | PVOID UserParam;
49 | LPTSTR CustomTooltip;
50 | LPTSTR Text[2];
51 | } TL_SUBITEMS_FIXED, * PTL_SUBITEMS_FIXED;
52 |
53 | typedef struct _SONARCONTEXT {
54 | //
55 | // GUI context variables.
56 | //
57 | HWND MainWindow;
58 | HWND ListView;
59 | HWND TreeList;
60 | HWND StatusBar;
61 | HACCEL AccTable;
62 | HIMAGELIST ImageList;
63 | LONG lvColumnToSort;
64 | LONG lvColumnCount;
65 | BOOL bInverseSort;
66 |
67 | HANDLE PluginHeap;
68 | HANDLE WorkerThread;
69 |
70 | INT SplitterPosY;
71 | INT CapturePosY;
72 | INT SplitterMaxY;
73 |
74 | INT LvItemHit;
75 | INT LvColumnHit;
76 |
77 | INT tlSubItemHit;
78 |
79 | UINT CurrentDPI;
80 |
81 | //
82 | // NDIS related.
83 | //
84 | ULONG_PTR ndisProtocolList;
85 | ULONG ndisNextProtocolOffset;
86 |
87 | //
88 | // WinObjEx64 data and pointers.
89 | //
90 | WINOBJEX_PARAM_BLOCK ParamBlock;
91 | } SONARCONTEXT, *PSONARCONTEXT;
92 |
--------------------------------------------------------------------------------
/Source/Plugins/postbuild.cmd:
--------------------------------------------------------------------------------
1 | echo ----------------------------------------------
2 | echo %1 post-build script
3 | echo ----------------------------------------------
4 |
5 | echo Copy %2 to Bin\Plugins
6 | copy %2 ..\..\Bin\plugins /y
7 |
8 | echo Copy %2 to WinObjEx64\Plugins [DEBUG]
9 | copy %2 ..\..\WinObjEx64\plugins /y
10 |
11 | IF EXIST %3 (
12 | Echo Copy %3 to WinObjEx64\Plugins [DEBUG]
13 | copy %3 ..\..\WinObjEx64\plugins /y
14 | ) ELSE (
15 | echo %3 pdb file was not found, skipping
16 | )
17 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_filename.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include "minirtl.h"
3 |
4 | char *_filename_a(const char *f)
5 | {
6 | char *p = (char *)f;
7 |
8 | if (f == 0)
9 | return 0;
10 |
11 | while (*f != (char)0) {
12 | if (*f == '\\')
13 | p = (char *)f + 1;
14 | f++;
15 | }
16 | return p;
17 | }
18 |
19 | wchar_t *_filename_w(const wchar_t *f)
20 | {
21 | wchar_t *p = (wchar_t *)f;
22 |
23 | if (f == 0)
24 | return 0;
25 |
26 | while (*f != (wchar_t)0) {
27 | if (*f == (wchar_t)'\\')
28 | p = (wchar_t *)f + 1;
29 | f++;
30 | }
31 | return p;
32 | }
33 |
34 | char *_fileext_a(const char *f)
35 | {
36 | char *p = 0;
37 |
38 | if (f == 0)
39 | return 0;
40 |
41 | while (*f != (char)0) {
42 | if (*f == '.')
43 | p = (char *)f;
44 | f++;
45 | }
46 |
47 | if (p == 0)
48 | p = (char *)f;
49 |
50 | return p;
51 | }
52 |
53 | wchar_t *_fileext_w(const wchar_t *f)
54 | {
55 | wchar_t *p = 0;
56 |
57 | if (f == 0)
58 | return 0;
59 |
60 | while (*f != (wchar_t)0) {
61 | if (*f == (wchar_t)'.')
62 | p = (wchar_t *)f;
63 | f++;
64 | }
65 |
66 | if (p == 0)
67 | p = (wchar_t *)f;
68 |
69 | return p;
70 | }
71 |
72 | char *_filename_noext_a(char *dest, const char *f)
73 | {
74 | char *p, *l, *dot;
75 |
76 | if ((f == 0) || (dest == 0))
77 | return 0;
78 |
79 | p = _filename_a(f);
80 | if (p == 0)
81 | return 0;
82 |
83 | dot = _strend_a(p);
84 | if (dot == 0)
85 | return 0;
86 |
87 | l = p;
88 |
89 | while (*l != (char)0)
90 | {
91 | if (*l == '.')
92 | dot = l;
93 | l++;
94 | }
95 |
96 | while (p0) );
26 |
27 | return (int)(c1 - c2);
28 | }
29 |
30 | int _strncmp_w(const wchar_t *s1, const wchar_t *s2, size_t cchars)
31 | {
32 | wchar_t c1, c2;
33 |
34 | if ( s1==s2 )
35 | return 0;
36 |
37 | if ( s1==0 )
38 | return -1;
39 |
40 | if ( s2==0 )
41 | return 1;
42 |
43 | if ( cchars==0 )
44 | return 0;
45 |
46 | do {
47 | c1 = *s1;
48 | c2 = *s2;
49 | s1++;
50 | s2++;
51 | cchars--;
52 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
53 |
54 | return (int)(c1 - c2);
55 | }
56 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strncmpi.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | int _strncmpi_a(const char *s1, const char *s2, size_t cchars)
4 | {
5 | char c1, c2;
6 |
7 | if ( s1==s2 )
8 | return 0;
9 |
10 | if ( s1==0 )
11 | return -1;
12 |
13 | if ( s2==0 )
14 | return 1;
15 |
16 | if ( cchars==0 )
17 | return 0;
18 |
19 | do {
20 | c1 = locase_a(*s1);
21 | c2 = locase_a(*s2);
22 | s1++;
23 | s2++;
24 | cchars--;
25 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
26 |
27 | return (int)(c1 - c2);
28 | }
29 |
30 | int _strncmpi_w(const wchar_t *s1, const wchar_t *s2, size_t cchars)
31 | {
32 | wchar_t c1, c2;
33 |
34 | if ( s1==s2 )
35 | return 0;
36 |
37 | if ( s1==0 )
38 | return -1;
39 |
40 | if ( s2==0 )
41 | return 1;
42 |
43 | if ( cchars==0 )
44 | return 0;
45 |
46 | do {
47 | c1 = locase_w(*s1);
48 | c2 = locase_w(*s2);
49 | s1++;
50 | s2++;
51 | cchars--;
52 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
53 |
54 | return (int)(c1 - c2);
55 | }
56 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strncpy.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strncpy_a(char *dest, size_t ccdest, const char *src, size_t ccsrc)
4 | {
5 | char *p;
6 |
7 | if ( (dest==0) || (src==0) || (ccdest==0) )
8 | return dest;
9 |
10 | ccdest--;
11 | p = dest;
12 |
13 | while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) {
14 | *p = *src;
15 | p++;
16 | src++;
17 | ccdest--;
18 | ccsrc--;
19 | }
20 |
21 | *p = 0;
22 | return dest;
23 | }
24 |
25 | wchar_t *_strncpy_w(wchar_t *dest, size_t ccdest, const wchar_t *src, size_t ccsrc)
26 | {
27 | wchar_t *p;
28 |
29 | if ( (dest==0) || (src==0) || (ccdest==0) )
30 | return dest;
31 |
32 | ccdest--;
33 | p = dest;
34 |
35 | while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) {
36 | *p = *src;
37 | p++;
38 | src++;
39 | ccdest--;
40 | ccsrc--;
41 | }
42 |
43 | *p = 0;
44 | return dest;
45 | }
46 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strstr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strstr_a(const char *s, const char *sub_s)
4 | {
5 | char c0, c1, c2, *tmps, *tmpsub;
6 |
7 | if (s == sub_s)
8 | return (char *)s;
9 |
10 | if (s == 0)
11 | return 0;
12 |
13 | if (sub_s == 0)
14 | return 0;
15 |
16 | c0 = *sub_s;
17 | while (c0 != 0) {
18 |
19 | while (*s != 0) {
20 | c2 = *s;
21 | if (c2 == c0)
22 | break;
23 | s++;
24 | }
25 |
26 | if (*s == 0)
27 | return 0;
28 |
29 | tmps = (char *)s;
30 | tmpsub = (char *)sub_s;
31 | do {
32 | c1 = *tmps;
33 | c2 = *tmpsub;
34 | tmps++;
35 | tmpsub++;
36 | } while ((c1 == c2) && (c2 != 0));
37 |
38 | if (c2 == 0)
39 | return (char *)s;
40 |
41 | s++;
42 | }
43 | return 0;
44 | }
45 |
46 | wchar_t *_strstr_w(const wchar_t *s, const wchar_t *sub_s)
47 | {
48 | wchar_t c0, c1, c2, *tmps, *tmpsub;
49 |
50 | if (s == sub_s)
51 | return (wchar_t *)s;
52 |
53 | if (s == 0)
54 | return 0;
55 |
56 | if (sub_s == 0)
57 | return 0;
58 |
59 | c0 = *sub_s;
60 | while (c0 != 0) {
61 |
62 | while (*s != 0) {
63 | c2 = *s;
64 | if (c2 == c0)
65 | break;
66 | s++;
67 | }
68 |
69 | if (*s == 0)
70 | return 0;
71 |
72 | tmps = (wchar_t *)s;
73 | tmpsub = (wchar_t *)sub_s;
74 | do {
75 | c1 = *tmps;
76 | c2 = *tmpsub;
77 | tmps++;
78 | tmpsub++;
79 | } while ((c1 == c2) && (c2 != 0));
80 |
81 | if (c2 == 0)
82 | return (wchar_t *)s;
83 |
84 | s++;
85 | }
86 | return 0;
87 | }
88 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strstri.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strstri_a(const char *s, const char *sub_s)
4 | {
5 | char c0, c1, c2, *tmps, *tmpsub;
6 |
7 | if (s == sub_s)
8 | return (char *)s;
9 |
10 | if (s == 0)
11 | return 0;
12 |
13 | if (sub_s == 0)
14 | return 0;
15 |
16 | c0 = locase_a(*sub_s);
17 | while (c0 != 0) {
18 |
19 | while (*s != 0) {
20 | c2 = locase_a(*s);
21 | if (c2 == c0)
22 | break;
23 | s++;
24 | }
25 |
26 | if (*s == 0)
27 | return 0;
28 |
29 | tmps = (char *)s;
30 | tmpsub = (char *)sub_s;
31 | do {
32 | c1 = locase_a(*tmps);
33 | c2 = locase_a(*tmpsub);
34 | tmps++;
35 | tmpsub++;
36 | } while ((c1 == c2) && (c2 != 0));
37 |
38 | if (c2 == 0)
39 | return (char *)s;
40 |
41 | s++;
42 | }
43 | return 0;
44 | }
45 |
46 | wchar_t *_strstri_w(const wchar_t *s, const wchar_t *sub_s)
47 | {
48 | wchar_t c0, c1, c2, *tmps, *tmpsub;
49 |
50 | if (s == sub_s)
51 | return (wchar_t *)s;
52 |
53 | if (s == 0)
54 | return 0;
55 |
56 | if (sub_s == 0)
57 | return 0;
58 |
59 | c0 = locase_w(*sub_s);
60 | while (c0 != 0) {
61 |
62 | while (*s != 0) {
63 | c2 = locase_w(*s);
64 | if (c2 == c0)
65 | break;
66 | s++;
67 | }
68 |
69 | if (*s == 0)
70 | return 0;
71 |
72 | tmps = (wchar_t *)s;
73 | tmpsub = (wchar_t *)sub_s;
74 | do {
75 | c1 = locase_w(*tmps);
76 | c2 = locase_w(*tmpsub);
77 | tmps++;
78 | tmpsub++;
79 | } while ((c1 == c2) && (c2 != 0));
80 |
81 | if (c2 == 0)
82 | return (wchar_t *)s;
83 |
84 | s++;
85 | }
86 | return 0;
87 | }
88 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/hextou64.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | unsigned long long hextou64_a(char* s)
4 | {
5 | unsigned long long r = 0;
6 | char c;
7 |
8 | if (s == 0)
9 | return 0;
10 |
11 | while (*s != 0) {
12 | c = locase_a(*s);
13 | s++;
14 | if (_isdigit_a(c))
15 | r = 16 * r + (unsigned long int)c - (unsigned long int)'0';
16 | else
17 | if ((c >= 'a') && (c <= 'f'))
18 | r = 16 * r + (unsigned long int)c - (unsigned long int)'a' + 10;
19 | else
20 | break;
21 | }
22 | return r;
23 | }
24 |
25 | unsigned long long hextou64_w(wchar_t *s)
26 | {
27 | unsigned long long r = 0;
28 | wchar_t c;
29 |
30 | if ( s==0 )
31 | return 0;
32 |
33 | while ( *s!=0 ) {
34 | c = locase_w(*s);
35 | s++;
36 | if (_isdigit_w(c))
37 | r = 16 * r + (unsigned long int)c - (unsigned long int)L'0';
38 | else
39 | if ((c >= L'a') && (c <= L'f'))
40 | r = 16 * r + (unsigned long int)c - (unsigned long int)L'a' + 10;
41 | else
42 | break;
43 | }
44 | return r;
45 | }
46 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/hextoul.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | unsigned long hextoul_a(char *s)
4 | {
5 | unsigned long r = 0;
6 | char c;
7 |
8 | if (s == 0)
9 | return 0;
10 |
11 | while (*s != 0) {
12 | c = locase_a(*s);
13 | s++;
14 | if (_isdigit_a(c))
15 | r = 16 * r + (c - '0');
16 | else
17 | if ((c >= 'a') && (c <= 'f'))
18 | r = 16 * r + (c - 'a' + 10);
19 | else
20 | break;
21 | }
22 | return r;
23 | }
24 |
25 | unsigned long hextoul_w(wchar_t *s)
26 | {
27 | unsigned long r = 0;
28 | wchar_t c;
29 |
30 | if ( s==0 )
31 | return 0;
32 |
33 | while ( *s!=0 ) {
34 | c = locase_w(*s);
35 | s++;
36 | if (_isdigit_w(c))
37 | r = 16*r + (c-L'0');
38 | else
39 | if ((c >= L'a') && (c <= L'f'))
40 | r = 16*r + (c-L'a'+10);
41 | else
42 | break;
43 | }
44 | return r;
45 | }
46 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/i64tostr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t i64tostr_a(signed long long x, char *s)
4 | {
5 | signed long long t=x;
6 | size_t i, r=1, sign;
7 |
8 | if (x < 0) {
9 | sign = 1;
10 | while (t <= -10) {
11 | t /= 10;
12 | r++;
13 | }
14 | }
15 | else {
16 | sign = 0;
17 | while (t >= 10) {
18 | t /= 10;
19 | r++;
20 | }
21 | }
22 |
23 | if (s == 0)
24 | return r + sign;
25 |
26 | if (sign) {
27 | *s = '-';
28 | s++;
29 | }
30 |
31 | for (i = r; i != 0; i--) {
32 | s[i - 1] = (char)byteabs(x % 10) + '0';
33 | x /= 10;
34 | }
35 |
36 | s[r] = (char)0;
37 | return r + sign;
38 | }
39 |
40 | size_t i64tostr_w(signed long long x, wchar_t *s)
41 | {
42 | signed long long t=x;
43 | size_t i, r=1, sign;
44 |
45 | if (x < 0) {
46 | sign = 1;
47 | while (t <= -10) {
48 | t /= 10;
49 | r++;
50 | }
51 | } else {
52 | sign = 0;
53 | while (t >= 10) {
54 | t /= 10;
55 | r++;
56 | }
57 | }
58 |
59 | if (s == 0)
60 | return r+sign;
61 |
62 | if (sign) {
63 | *s = '-';
64 | s++;
65 | }
66 |
67 | for (i = r; i != 0; i--) {
68 | s[i-1] = (wchar_t)byteabs(x % 10) + L'0';
69 | x /= 10;
70 | }
71 |
72 | s[r] = (wchar_t)0;
73 | return r+sign;
74 | }
75 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/itostr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t itostr_a(int x, char *s)
4 | {
5 | int t;
6 | size_t i, r = 1, sign;
7 |
8 | t = x;
9 |
10 | if (x < 0) {
11 | sign = 1;
12 | while (t <= -10) {
13 | t /= 10;
14 | r++;
15 | }
16 | }
17 | else {
18 | sign = 0;
19 | while (t >= 10) {
20 | t /= 10;
21 | r++;
22 | }
23 | }
24 |
25 | if (s == 0)
26 | return r + sign;
27 |
28 | if (sign) {
29 | *s = '-';
30 | s++;
31 | }
32 |
33 | for (i = r; i != 0; i--) {
34 | s[i - 1] = (char)byteabs(x % 10) + '0';
35 | x /= 10;
36 | }
37 |
38 | s[r] = (char)0;
39 | return r + sign;
40 | }
41 |
42 |
43 | size_t itostr_w(int x, wchar_t *s)
44 | {
45 | int t;
46 | size_t i, r = 1, sign;
47 |
48 | t = x;
49 |
50 | if (x < 0) {
51 | sign = 1;
52 | while (t <= -10) {
53 | t /= 10;
54 | r++;
55 | }
56 | }
57 | else {
58 | sign = 0;
59 | while (t >= 10) {
60 | t /= 10;
61 | r++;
62 | }
63 | }
64 |
65 | if (s == 0)
66 | return r + sign;
67 |
68 | if (sign) {
69 | *s = '-';
70 | s++;
71 | }
72 |
73 | for (i = r; i != 0; i--) {
74 | s[i - 1] = (wchar_t)byteabs(x % 10) + L'0';
75 | x /= 10;
76 | }
77 |
78 | s[r] = (wchar_t)0;
79 | return r + sign;
80 | }
81 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/minirtl.h:
--------------------------------------------------------------------------------
1 | /*
2 | Module name:
3 | minirtl.h
4 |
5 | Description:
6 | header for string handling and conversion routines
7 |
8 | Date:
9 | 4 Oct 2020
10 | */
11 |
12 | #pragma once
13 |
14 | #ifndef _MINIRTL_
15 | #define _MINIRTL_
16 |
17 | // string copy/concat/length
18 |
19 | char *_strend_a(const char *s);
20 | wchar_t *_strend_w(const wchar_t *s);
21 |
22 | char *_strcpy_a(char *dest, const char *src);
23 | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src);
24 |
25 | char *_strcat_a(char *dest, const char *src);
26 | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src);
27 |
28 | char *_strncpy_a(char *dest, size_t ccdest, const char *src, size_t ccsrc);
29 | wchar_t *_strncpy_w(wchar_t *dest, size_t ccdest, const wchar_t *src, size_t ccsrc);
30 |
31 | char *_strcpyn_a(char* dest, const char* src, size_t n);
32 | wchar_t *_strcpyn_w(wchar_t* dest, const wchar_t* src, size_t n);
33 |
34 | size_t _strlen_a(const char *s);
35 | size_t _strlen_w(const wchar_t *s);
36 |
37 | // comparing
38 |
39 | int _strcmp_a(const char *s1, const char *s2);
40 | int _strcmp_w(const wchar_t *s1, const wchar_t *s2);
41 |
42 | int _strncmp_a(const char *s1, const char *s2, size_t cchars);
43 | int _strncmp_w(const wchar_t *s1, const wchar_t *s2, size_t cchars);
44 |
45 | int _strcmpi_a(const char *s1, const char *s2);
46 | int _strcmpi_w(const wchar_t *s1, const wchar_t *s2);
47 |
48 | int _strncmpi_a(const char *s1, const char *s2, size_t cchars);
49 | int _strncmpi_w(const wchar_t *s1, const wchar_t *s2, size_t cchars);
50 |
51 | char *_strstr_a(const char *s, const char *sub_s);
52 | wchar_t *_strstr_w(const wchar_t *s, const wchar_t *sub_s);
53 |
54 | char *_strstri_a(const char *s, const char *sub_s);
55 | wchar_t *_strstri_w(const wchar_t *s, const wchar_t *sub_s);
56 |
57 | char *_strchr_a(const char *s, const char ch);
58 | wchar_t *_strchr_w(const wchar_t *s, const wchar_t ch);
59 |
60 |
61 | // conversion of integer types to string, returning string length
62 |
63 | size_t ultostr_a(unsigned long x, char *s);
64 | size_t ultostr_w(unsigned long x, wchar_t *s);
65 |
66 | size_t ultohex_a(unsigned long x, char *s);
67 | size_t ultohex_w(unsigned long x, wchar_t *s);
68 |
69 | size_t itostr_a(int x, char *s);
70 | size_t itostr_w(int x, wchar_t *s);
71 |
72 | size_t i64tostr_a(signed long long x, char *s);
73 | size_t i64tostr_w(signed long long x, wchar_t *s);
74 |
75 | size_t u64tostr_a(unsigned long long x, char *s);
76 | size_t u64tostr_w(unsigned long long x, wchar_t *s);
77 |
78 | size_t u64tohex_a(unsigned long long x, char *s);
79 | size_t u64tohex_w(unsigned long long x, wchar_t *s);
80 |
81 | // string to integers conversion
82 |
83 | unsigned long strtoul_a(char *s);
84 | unsigned long strtoul_w(wchar_t *s);
85 |
86 | unsigned long long strtou64_a(char *s);
87 | unsigned long long strtou64_w(wchar_t *s);
88 |
89 | unsigned long hextoul_a(char *s);
90 | unsigned long hextoul_w(wchar_t *s);
91 |
92 | int strtoi_a(char *s);
93 | int strtoi_w(wchar_t *s);
94 |
95 | signed long long strtoi64_a(char *s);
96 | signed long long strtoi64_w(wchar_t *s);
97 |
98 | unsigned long long hextou64_a(char *s);
99 | unsigned long long hextou64_w(wchar_t *s);
100 |
101 | /* =================================== */
102 |
103 | #ifdef UNICODE
104 |
105 | #define _strend _strend_w
106 | #define _strcpy _strcpy_w
107 | #define _strcat _strcat_w
108 | #define _strlen _strlen_w
109 | #define _strncpy _strncpy_w
110 | #define _strcpyn _strcpyn_w
111 |
112 | #define _strcmp _strcmp_w
113 | #define _strncmp _strncmp_w
114 | #define _strcmpi _strcmpi_w
115 | #define _strncmpi _strncmpi_w
116 | #define _strstr _strstr_w
117 | #define _strstri _strstri_w
118 | #define _strchr _strchr_w
119 |
120 | #define ultostr ultostr_w
121 | #define ultohex ultohex_w
122 | #define itostr itostr_w
123 | #define i64tostr i64tostr_w
124 | #define u64tostr u64tostr_w
125 | #define u64tohex u64tohex_w
126 |
127 | #define _strtoul strtoul_w
128 | #define hextoul hextoul_w
129 | #define strtoi strtoi_w
130 | #define strtoi64 strtoi64_w
131 | #define strtou64 strtou64_w
132 | #define hextou64 hextou64_w
133 |
134 | #else // ANSI
135 |
136 | #define _strend _strend_a
137 | #define _strcpy _strcpy_a
138 | #define _strcat _strcat_a
139 | #define _strlen _strlen_a
140 | #define _strncpy _strncpy_a
141 | #define _strcpyn _strcpyn_a
142 |
143 | #define _strcmp _strcmp_a
144 | #define _strncmp _strncmp_a
145 | #define _strcmpi _strcmpi_a
146 | #define _strncmpi _strncmpi_a
147 | #define _strstr _strstr_a
148 | #define _strstri _strstri_a
149 | #define _strchr _strchr_a
150 |
151 | #define ultostr ultostr_a
152 | #define ultohex ultohex_a
153 | #define itostr itostr_a
154 | #define i64tostr i64tostr_a
155 | #define u64tostr u64tostr_a
156 | #define u64tohex u64tohex_a
157 |
158 | #define _strtoul strtoul_a
159 | #define hextoul hextoul_a
160 | #define strtoi strtoi_a
161 | #define strtoi64 strtoi64_a
162 | #define strtou64 strtou64_a
163 | #define hextou64 hextou64_a
164 |
165 | #endif
166 |
167 | #endif /* _MINIRTL_ */
168 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/rtltypes.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #ifndef _WCHAR_T_DEFINED
4 | typedef unsigned short wchar_t;
5 | #define _WCHAR_T_DEFINED
6 | #endif /* _WCHAR_T_DEFINED */
7 |
8 | #ifndef _SIZE_T_DEFINED
9 | #ifdef _WIN64
10 | typedef unsigned __int64 size_t;
11 | #else /* _WIN64 */
12 | typedef __w64 unsigned int size_t;
13 | #endif /* _WIN64 */
14 | #define _SIZE_T_DEFINED
15 | #endif /* _SIZE_T_DEFINED */
16 |
17 | __forceinline char locase_a(char c)
18 | {
19 | if ((c >= 'A') && (c <= 'Z'))
20 | return c + 0x20;
21 | else
22 | return c;
23 | }
24 |
25 | __forceinline wchar_t locase_w(wchar_t c)
26 | {
27 | if ((c >= 'A') && (c <= 'Z'))
28 | return c + 0x20;
29 | else
30 | return c;
31 | }
32 |
33 | __forceinline char byteabs(char x) {
34 | if (x < 0)
35 | return -x;
36 | return x;
37 | }
38 |
39 | __forceinline int _isdigit_a(char x) {
40 | return ((x >= '0') && (x <= '9'));
41 | }
42 |
43 | __forceinline int _isdigit_w(wchar_t x) {
44 | return ((x >= L'0') && (x <= L'9'));
45 | }
46 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/strtoi.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | int strtoi_a(char *s)
4 | {
5 | int a = 0, sign;
6 | char c;
7 |
8 | if (s == 0)
9 | return 0;
10 |
11 | switch (*s) {
12 | case '-':
13 | s++;
14 | sign = -1;
15 | break;
16 |
17 | case '+':
18 | s++;
19 | sign = 1;
20 | break;
21 |
22 | default:
23 | sign = 1;
24 | }
25 |
26 | while (*s != 0) {
27 | c = *s;
28 | if (_isdigit_a(c))
29 | a = (a*10) + (c-'0');
30 | else
31 | break;
32 | s++;
33 | }
34 | return a*sign;
35 | }
36 |
37 | int strtoi_w(wchar_t *s)
38 | {
39 | int a = 0, sign;
40 | wchar_t c;
41 |
42 | if (s == 0)
43 | return 0;
44 |
45 | switch (*s) {
46 | case L'-':
47 | s++;
48 | sign = -1;
49 | break;
50 |
51 | case L'+':
52 | s++;
53 | sign = 1;
54 | break;
55 |
56 | default:
57 | sign = 1;
58 | }
59 |
60 | while (*s != 0) {
61 | c = *s;
62 | if (_isdigit_w(c))
63 | a = (a*10)+(c-L'0');
64 | else
65 | break;
66 | s++;
67 | }
68 | return a*sign;
69 | }
70 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/strtoi64.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | signed long long strtoi64_a(char *s)
4 | {
5 | signed long long a = 0, sign;
6 | char c;
7 |
8 | if (s == 0)
9 | return 0;
10 |
11 | switch (*s) {
12 | case '-':
13 | s++;
14 | sign = -1;
15 | break;
16 |
17 | case '+':
18 | s++;
19 | sign = 1;
20 | break;
21 |
22 | default:
23 | sign = 1;
24 | }
25 |
26 | while (*s != 0) {
27 | c = *s;
28 | if (_isdigit_a(c))
29 | a = (a*10) + ((signed long long)c-'0');
30 | else
31 | break;
32 | s++;
33 | }
34 | return a*sign;
35 | }
36 |
37 | signed long long strtoi64_w(wchar_t *s)
38 | {
39 | signed long long a = 0, sign;
40 | wchar_t c;
41 |
42 | if (s == 0)
43 | return 0;
44 |
45 | switch (*s) {
46 | case L'-':
47 | s++;
48 | sign = -1;
49 | break;
50 |
51 | case L'+':
52 | s++;
53 | sign = 1;
54 | break;
55 |
56 | default:
57 | sign = 1;
58 | }
59 |
60 | while (*s != 0) {
61 | c = *s;
62 | if (_isdigit_w(c))
63 | a = (a*10)+((signed long long)c-L'0');
64 | else
65 | break;
66 | s++;
67 | }
68 | return a*sign;
69 | }
70 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/strtou64.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | unsigned long long strtou64_a(char *s)
4 | {
5 | unsigned long long a = 0;
6 | char c;
7 |
8 | if (s == 0)
9 | return 0;
10 |
11 | while (*s != 0) {
12 | c = *s;
13 | if (_isdigit_w(c))
14 | a = (a*10)+((unsigned long long)c-'0');
15 | else
16 | break;
17 | s++;
18 | }
19 | return a;
20 | }
21 |
22 | unsigned long long strtou64_w(wchar_t *s)
23 | {
24 | unsigned long long a = 0;
25 | wchar_t c;
26 |
27 | if (s == 0)
28 | return 0;
29 |
30 | while (*s != 0) {
31 | c = *s;
32 | if (_isdigit_w(c))
33 | a = (a*10)+((unsigned long long)c-L'0');
34 | else
35 | break;
36 | s++;
37 | }
38 | return a;
39 | }
40 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/strtoul.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | unsigned long strtoul_a(char *s)
4 | {
5 | unsigned long a = 0;
6 | char c;
7 |
8 | if (s == 0)
9 | return 0;
10 |
11 | while (*s != 0) {
12 | c = *s;
13 | if (_isdigit_a(c))
14 | a = (a*10)+(c-'0');
15 | else
16 | break;
17 | s++;
18 | }
19 | return a;
20 | }
21 |
22 | unsigned long strtoul_w(wchar_t *s)
23 | {
24 | unsigned long a = 0;
25 | wchar_t c;
26 |
27 | if (s == 0)
28 | return 0;
29 |
30 | while (*s != 0) {
31 | c = *s;
32 | if (_isdigit_w(c))
33 | a = (a*10)+(c-L'0');
34 | else
35 | break;
36 | s++;
37 | }
38 | return a;
39 | }
40 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/u64tohex.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t u64tohex_a(unsigned long long x, char *s)
4 | {
5 | char p;
6 | size_t c;
7 |
8 | if (s==0)
9 | return 16;
10 |
11 | for (c=0; c<16; c++) {
12 | p = (char)(x & 0xf);
13 | x >>= 4;
14 |
15 | if (p<10)
16 | p += '0';
17 | else
18 | p = 'A' + (p-10);
19 |
20 | s[15-c] = p;
21 | }
22 |
23 | s[16] = 0;
24 | return 16;
25 | }
26 |
27 | size_t u64tohex_w(unsigned long long x, wchar_t *s)
28 | {
29 | wchar_t p;
30 | size_t c;
31 |
32 | if (s==0)
33 | return 16;
34 |
35 | for (c = 0; c<16; c++) {
36 | p = (wchar_t)(x & 0xf);
37 | x >>= 4;
38 |
39 | if (p<10)
40 | p += L'0';
41 | else
42 | p = L'A' + (p-10);
43 |
44 | s[15-c] = p;
45 | }
46 |
47 | s[16] = 0;
48 | return 16;
49 | }
50 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/u64tostr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t u64tostr_a(unsigned long long x, char *s)
4 | {
5 | unsigned long long t = x;
6 | size_t i, r=1;
7 |
8 | while ( t >= 10 ) {
9 | t /= 10;
10 | r++;
11 | }
12 |
13 | if (s == 0)
14 | return r;
15 |
16 | for (i = r; i != 0; i--) {
17 | s[i-1] = (char)(x % 10) + '0';
18 | x /= 10;
19 | }
20 |
21 | s[r] = (char)0;
22 | return r;
23 | }
24 |
25 | size_t u64tostr_w(unsigned long long x, wchar_t *s)
26 | {
27 | unsigned long long t = x;
28 | size_t i, r=1;
29 |
30 | while ( t >= 10 ) {
31 | t /= 10;
32 | r++;
33 | }
34 |
35 | if (s == 0)
36 | return r;
37 |
38 | for (i = r; i != 0; i--) {
39 | s[i-1] = (wchar_t)(x % 10) + L'0';
40 | x /= 10;
41 | }
42 |
43 | s[r] = (wchar_t)0;
44 | return r;
45 | }
46 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/ultohex.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t ultohex_a(unsigned long x, char *s)
4 | {
5 | char p;
6 | size_t c;
7 |
8 | if (s==0)
9 | return 8;
10 |
11 | for (c=0; c<8; c++) {
12 | p = (char)(x & 0xf);
13 | x >>= 4;
14 |
15 | if (p<10)
16 | p += '0';
17 | else
18 | p = 'A' + (p-10);
19 |
20 | s[7-c] = p;
21 | }
22 |
23 | s[8] = 0;
24 | return 8;
25 | }
26 |
27 | size_t ultohex_w(unsigned long x, wchar_t *s)
28 | {
29 | wchar_t p;
30 | size_t c;
31 |
32 | if (s==0)
33 | return 8;
34 |
35 | for (c=0; c<8; c++) {
36 | p = (wchar_t)(x & 0xf);
37 | x >>= 4;
38 |
39 | if (p<10)
40 | p += L'0';
41 | else
42 | p = L'A' + (p-10);
43 |
44 | s[7-c] = p;
45 | }
46 |
47 | s[8] = 0;
48 | return 8;
49 | }
50 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/ultostr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t ultostr_a(unsigned long x, char *s)
4 | {
5 | unsigned long t=x;
6 | size_t i, r=1;
7 |
8 | while ( t >= 10 ) {
9 | t /= 10;
10 | r++;
11 | }
12 |
13 | if (s == 0)
14 | return r;
15 |
16 | for (i = r; i != 0; i--) {
17 | s[i-1] = (char)(x % 10) + '0';
18 | x /= 10;
19 | }
20 |
21 | s[r] = (char)0;
22 | return r;
23 | }
24 |
25 | size_t ultostr_w(unsigned long x, wchar_t *s)
26 | {
27 | unsigned long t=x;
28 | size_t i, r=1;
29 |
30 | while ( t >= 10 ) {
31 | t /= 10;
32 | r++;
33 | }
34 |
35 | if (s == 0)
36 | return r;
37 |
38 | for (i = r; i != 0; i--) {
39 | s[i-1] = (wchar_t)(x % 10) + L'0';
40 | x /= 10;
41 | }
42 |
43 | s[r] = (wchar_t)0;
44 | return r;
45 | }
46 |
--------------------------------------------------------------------------------
/Source/Shared/ntos/ntbuilds.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2021 - 2025
4 | *
5 | * TITLE: NTBUILDS.H
6 | *
7 | * VERSION: 1.27
8 | *
9 | * DATE: 11 May 2025
10 | *
11 | * Windows NT builds definition file.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | //
22 | // Defines for Major Windows NT release builds
23 | //
24 |
25 | // Windows 7 RTM
26 | #define NT_WIN7_RTM 7600
27 |
28 | // Windows 7 SP1
29 | #define NT_WIN7_SP1 7601
30 |
31 | // Windows 8 RTM
32 | #define NT_WIN8_RTM 9200
33 |
34 | // Windows 8.1
35 | #define NT_WIN8_BLUE 9600
36 |
37 | // Windows 10 TH1
38 | #define NT_WIN10_THRESHOLD1 10240
39 |
40 | // Windows 10 TH2
41 | #define NT_WIN10_THRESHOLD2 10586
42 |
43 | // Windows 10 RS1
44 | #define NT_WIN10_REDSTONE1 14393
45 |
46 | // Windows 10 RS2
47 | #define NT_WIN10_REDSTONE2 15063
48 |
49 | // Windows 10 RS3
50 | #define NT_WIN10_REDSTONE3 16299
51 |
52 | // Windows 10 RS4
53 | #define NT_WIN10_REDSTONE4 17134
54 |
55 | // Windows 10 RS5
56 | #define NT_WIN10_REDSTONE5 17763
57 |
58 | // Windows 10 19H1
59 | #define NT_WIN10_19H1 18362
60 |
61 | // Windows 10 19H2
62 | #define NT_WIN10_19H2 18363
63 |
64 | // Windows 10 20H1
65 | #define NT_WIN10_20H1 19041
66 |
67 | // Windows 10 20H2
68 | #define NT_WIN10_20H2 19042
69 |
70 | // Windows 10 21H1
71 | #define NT_WIN10_21H1 19043
72 |
73 | // Windows 10 21H2
74 | #define NT_WIN10_21H2 19044
75 |
76 | // Windows 10 22H2
77 | #define NT_WIN10_22H2 19045
78 |
79 | // Windows Server 2022
80 | #define NT_WINSRV_21H1 20348
81 |
82 | // Windows 11 21H2
83 | #define NT_WIN11_21H2 22000
84 |
85 | // Windows 11 22H2
86 | #define NT_WIN11_22H2 22621
87 |
88 | // Windows 11 23H2
89 | #define NT_WIN11_23H2 22631
90 |
91 | // Windows 11 24H2
92 | #define NT_WIN11_24H2 26100
93 |
94 | // Windows 11 Active Development Branch
95 | #define NT_WIN11_25H2 27842 //canary (25H2)
96 |
--------------------------------------------------------------------------------
/Source/Shared/ntos/ntldr.h:
--------------------------------------------------------------------------------
1 | /************************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2014 - 2023
4 | *
5 | * TITLE: NTLDR.H
6 | *
7 | * VERSION: 1.22
8 | *
9 | * DATE: 25 Jul 2023
10 | *
11 | * Common header file for the NTLDR definitions.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | ************************************************************************************/
19 |
20 | #if defined (_MSC_VER) && (_MSC_VER >= 1020)
21 | #pragma once
22 | #endif
23 |
24 | #ifndef NTLDR_RTL
25 | #define NTLDR_RTL
26 |
27 | #pragma warning(push)
28 | #pragma warning(disable: 4201) // nameless struct/union
29 |
30 | #include
31 |
32 | #pragma warning(push)
33 | #pragma warning(disable: 4005) //macro redefinition
34 | #include
35 | #pragma warning(pop)
36 |
37 | #include "ntos.h"
38 | #include "apisetx.h"
39 | #include "minirtl/minirtl.h"
40 | #include "minirtl/rtltypes.h"
41 |
42 | typedef INT(*PFNNTLDR_EXCEPT_FILTER)(
43 | _In_ UINT ExceptionCode,
44 | _In_ EXCEPTION_POINTERS* ExceptionPointers);
45 |
46 | extern PFNNTLDR_EXCEPT_FILTER NtpLdrExceptionFilter;
47 |
48 | //
49 | //
50 | // W32pServiceTable query related structures and definitions.
51 | //
52 | //
53 |
54 | typedef enum _RESOLVE_POINTER_TYPE {
55 | ForwarderString = 0,
56 | FunctionCode = 1
57 | } RESOLVE_POINTER_TYPE;
58 |
59 | typedef struct _RESOLVE_INFO {
60 | RESOLVE_POINTER_TYPE ResultType;
61 | union {
62 | LPCSTR ForwarderName;
63 | LPVOID Function;
64 | };
65 | } RESOLVE_INFO, *PRESOLVE_INFO;
66 |
67 | typedef struct _RAW_SYSCALL_ENTRY {
68 | ULONG Index;
69 | CHAR Name[256];
70 | ULONG_PTR KernelStubAddress;
71 | ULONG_PTR KernelStubTargetAddress;
72 | struct _RAW_SYSCALL_ENTRY* NextEntry;
73 | } RAW_SYSCALL_ENTRY, *PRAW_SYSCALL_ENTRY;
74 |
75 | _Success_(return != NULL)
76 | LPCSTR NtRawIATEntryToImport(
77 | _In_ LPVOID Module,
78 | _In_ LPVOID IATEntry,
79 | _Out_opt_ LPCSTR *ImportModuleName);
80 |
81 | _Success_(return != 0)
82 | ULONG NtRawEnumSyscallExports(
83 | _In_ HANDLE HeapHandle,
84 | _In_ LPVOID Module,
85 | _Out_ PRAW_SYSCALL_ENTRY* SyscallTable);
86 |
87 | NTSTATUS NtRawGetProcAddress(
88 | _In_ LPVOID Module,
89 | _In_ LPCSTR ProcName,
90 | _In_ PRESOLVE_INFO Pointer);
91 |
92 | NTSTATUS NtRawApiSetResolveLibrary(
93 | _In_ PVOID Namespace,
94 | _In_ PCUNICODE_STRING ApiSetToResolve,
95 | _In_opt_ PCUNICODE_STRING ApiSetParentName,
96 | _Inout_ PUNICODE_STRING ResolvedHostLibraryName);
97 |
98 |
99 | #pragma warning(pop)
100 |
101 | #endif NTLDR_RTL
102 |
--------------------------------------------------------------------------------
/Source/Shared/tabs/tabsctrl.h:
--------------------------------------------------------------------------------
1 | /*++
2 |
3 | Copyright (c) 2015 (see AUTHORS.txt).
4 |
5 | Module Name:
6 |
7 | tabctrl.h
8 |
9 | Abstract:
10 |
11 | This file contains function prototypes/variables used by GUI tabs component.
12 |
13 | VERSION 2.0 (01.02.2015)
14 |
15 | WinObjEx64 version.
16 |
17 | --*/
18 |
19 | #pragma once
20 |
21 | #ifndef _GUITABSUNIT_
22 | #define _GUITABSUNIT_
23 |
24 | #include
25 | #include
26 | #include
27 | #include "ntos/ntos.h"
28 |
29 | typedef struct _tagTABHDR* PTABHDR;
30 |
31 | typedef VOID(CALLBACK* TABRESIZECALLBACK)(
32 | _In_ PTABHDR hdr);
33 |
34 | typedef VOID(CALLBACK* TABSELCHANGECALLBACK)(
35 | _In_ PTABHDR hdr,
36 | _In_ INT SelectedPage);
37 |
38 | typedef PVOID(CALLBACK* TABCALLBACK_ALLOCMEM)(
39 | _In_ SIZE_T size);
40 |
41 | typedef BOOL(CALLBACK* TABCALLBACK_FREEMEM)(
42 | _In_ PVOID ptr);
43 |
44 | typedef struct _TABENTRY {
45 | LIST_ENTRY ListEntry;
46 | INT TabIndex;
47 | INT ResId;
48 | DLGPROC DlgProc;
49 | PVOID UserParam; // sent as lParam to newly created page dialog
50 | } TABENTRY, * PTABENTRY;
51 |
52 | typedef struct _tagTABHDR {
53 |
54 | HWND hwndTab; //tab control window handle
55 | HWND hwndDisplay; //current page window handle
56 | RECT rcDisplay;
57 |
58 | HINSTANCE hInstance;
59 | INT tabsCount;
60 |
61 | HIMAGELIST hImageList;
62 |
63 | TABSELCHANGECALLBACK OnSelChange;
64 | TABRESIZECALLBACK OnResize;
65 |
66 | TABCALLBACK_ALLOCMEM MemAlloc;
67 | TABCALLBACK_FREEMEM FreeMem;
68 |
69 | LIST_ENTRY tabsHead;
70 |
71 | INT cxMargin;
72 | INT cyMargin;
73 |
74 | } TABHDR, * PTABHDR;
75 |
76 | PTABHDR TabCreateControl(
77 | _In_ HINSTANCE hInstance,
78 | _In_ HWND hParentWnd,
79 | _In_opt_ HIMAGELIST hImageList,
80 | _In_opt_ TABSELCHANGECALLBACK OnSelChangeTab,
81 | _In_opt_ TABRESIZECALLBACK OnResizeTab,
82 | _In_ TABCALLBACK_ALLOCMEM MemAlloc,
83 | _In_ TABCALLBACK_FREEMEM MemFree);
84 |
85 | BOOL TabAddPage(
86 | _In_ PTABHDR hdr,
87 | _In_ INT ResId,
88 | _In_opt_ DLGPROC DlgProc,
89 | _In_ LPTSTR szCaption,
90 | _In_ INT iImage,
91 | _In_ LPARAM lParam);
92 |
93 | BOOL TabDeletePage(
94 | _In_ PTABHDR hdr,
95 | _In_ INT TabIndex);
96 |
97 | VOID TabDestroyControl(
98 | _In_ PTABHDR hdr);
99 |
100 | VOID TabOnChangeTab(
101 | _In_ PTABHDR hdr,
102 | _In_ LPNMHDR pnmhdr);
103 |
104 | VOID TabOnSelChanged(
105 | _In_ PTABHDR hdr);
106 |
107 | VOID TabResizeTabWindow(
108 | _In_ PTABHDR hdr);
109 |
110 | #endif /* _GUITABSUNIT_ */
111 |
--------------------------------------------------------------------------------
/Source/Shared/treelist/treelist.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: TREELIST.H
6 | *
7 | * VERSION: 1.35
8 | *
9 | * DATE: 10 Jun 2022
10 | *
11 | * Tree-List custom control header file.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #if defined (_MSC_VER) && (_MSC_VER >= 1020)
21 | #pragma once
22 | #endif
23 |
24 | #define WC_TREELISTA "CustomTreeList"
25 | #define WC_TREELISTW L"CustomTreeList"
26 |
27 | #ifdef UNICODE
28 | #define WC_TREELIST WC_TREELISTW
29 | #else
30 | #define WC_TREELIST WC_TREELISTA
31 | #endif
32 |
33 | #define TL_TREECONTROL_SLOT 0
34 | #define TL_HEADERCONTROL_SLOT sizeof(HANDLE)
35 | #define TL_TREEWNDPROC_SLOT sizeof(HANDLE)*2
36 | #define TL_HEAP_SLOT sizeof(HANDLE)*3
37 | #define TL_TOOLTIPS_SLOT sizeof(HANDLE)*4
38 | #define TL_TOOLTIPSBUFFER_SLOT sizeof(HANDLE)*5
39 | #define TL_HEADERWNDPROC_SLOT sizeof(HANDLE)*6
40 |
41 | #define TL_SIZEOF_PRIVATEBUFFER (sizeof(TCHAR) * (MAX_PATH + 1))
42 |
43 | #define TLF_BGCOLOR_SET 0x01
44 | #define TLF_FONTCOLOR_SET 0x02
45 |
46 | #define TLSTYLE_COLAUTOEXPAND 0x01
47 | #define TLSTYLE_LINKLINES 0x02
48 |
49 | typedef struct _TL_SUBITEMS {
50 | ULONG Count;
51 | ULONG ColorFlags;
52 | COLORREF BgColor;
53 | COLORREF FontColor;
54 | PVOID UserParam;
55 | LPTSTR CustomTooltip;
56 | LPTSTR Text[1];
57 | } TL_SUBITEMS, *PTL_SUBITEMS;
58 |
59 | ATOM InitializeTreeListControl();
60 |
61 | #define TreeList_GetTreeControlWindow(hwnd) \
62 | (HWND)GetWindowLongPtr(hwnd, TL_TREECONTROL_SLOT)
63 |
64 | #define TreeList_GetTreeItem(hwnd, lpitem, subitems) \
65 | (BOOL)SNDMSG((hwnd), TVM_GETITEM, (WPARAM)(LPTVITEMEX)(lpitem), (LPARAM)(PTL_SUBITEMS *)(subitems))
66 |
67 | #define TreeList_SetTreeItem(hwnd, lpitem, subitems) \
68 | (BOOL)SNDMSG((hwnd), TVM_SETITEM, (WPARAM)(LPTVITEMEX)(lpitem), (LPARAM)(PTL_SUBITEMS *)(subitems))
69 |
70 | #define TreeList_InsertTreeItem(hwnd, lpis, subitems) \
71 | (HTREEITEM)SNDMSG((hwnd), TVM_INSERTITEM, (WPARAM)(LPTV_INSERTSTRUCT)(lpis), (LPARAM)(PTL_SUBITEMS)(subitems))
72 |
73 | #define TreeList_InsertHeaderItem(hwndHD, i, phdi) \
74 | (int)SNDMSG((hwndHD), HDM_INSERTITEM, (WPARAM)(int)(i), (LPARAM)(const HD_ITEM *)(phdi))
75 |
76 | #define TreeList_ClearTree(hwnd) \
77 | (BOOL)SNDMSG((hwnd), TVM_DELETEITEM, 0, (LPARAM)TVI_ROOT)
78 |
79 | #define TreeList_Expand(hwnd, hitem, code) \
80 | (BOOL)SNDMSG((hwnd), TVM_EXPAND, (WPARAM)(code), (LPARAM)(HTREEITEM)(hitem))
81 |
82 | #define TreeList_GetSelection(hwnd) \
83 | (HTREEITEM)SNDMSG((hwnd), TVM_GETNEXTITEM, TVGN_CARET, 0)
84 |
85 | #define TreeList_EnsureVisible(hwnd, hitem) \
86 | (BOOL)SNDMSG((hwnd), TVM_ENSUREVISIBLE, 0, (LPARAM)(HTREEITEM)(hitem))
87 |
88 | #define TreeList_GetRoot(hwnd) \
89 | (HTREEITEM)SNDMSG((hwnd), TVM_GETNEXTITEM, TVGN_ROOT, 0)
90 |
91 | #define TreeList_GetNextItem(hwnd, hitem, code) \
92 | (HTREEITEM)SNDMSG((hwnd), TVM_GETNEXTITEM, (WPARAM)(code), (LPARAM)(HTREEITEM)(hitem))
93 |
94 | #define TreeList_SetImageList(hwnd, himl, iImage) \
95 | (HIMAGELIST)SNDMSG((hwnd), TVM_SETIMAGELIST, iImage, (LPARAM)(HIMAGELIST)(himl))
96 |
97 | #define TreeList_RedrawDisable(hwnd) \
98 | SNDMSG(hwnd, WM_SETREDRAW, FALSE, 0)
99 |
100 | #define TreeList_RedrawEnableAndUpdateNow(hwnd) { SNDMSG(hwnd, WM_SETREDRAW, TRUE, 0); \
101 | RedrawWindow(hwnd, NULL, NULL, RDW_ERASE | RDW_INVALIDATE); }
102 |
103 | #define TreeList_GetChild(hwnd, hitem) TreeList_GetNextItem(hwnd, hitem, TVGN_CHILD)
104 | #define TreeList_GetNextSibling(hwnd, hitem) TreeList_GetNextItem(hwnd, hitem, TVGN_NEXT)
105 |
106 | #define TreeList_GetHeaderItem(hwndHD, i, phdi) \
107 | (int)SNDMSG((hwndHD), HDM_GETITEM, (WPARAM)(int)(i), (LPARAM)(HD_ITEM *)(phdi))
108 |
109 | #define TreeList_SetHeaderItem(hwndHD, i, phdi) \
110 | (int)SNDMSG((hwndHD), HDM_SETITEM, (WPARAM)(int)(i), (LPARAM)(const HD_ITEM *)(phdi))
111 |
112 | #define TreeList_HeaderHittest(hwndHD, phti) \
113 | (int)SNDMSG((hwndHD), HDM_HITTEST, (WPARAM)0, (LPARAM)(LPHDHITTESTINFO)(phti))
114 |
--------------------------------------------------------------------------------
/Source/TypesWithNoDesc.txt:
--------------------------------------------------------------------------------
1 | CrossVmEvent - new Win11 object
2 | CrossVmMutant - new Win11 object
3 | CpuPartition - new Win11 object, unnamed objects
4 | EtwSessionDemuxEntry - new Win10 object
5 | NetworkNamespace - managed by NDIS.sys (renamed to NdisCmState in RS1)
6 | ProcessStateChange - new 21H1 object
7 | ThreadStateChange - new 21H1 object
8 | PsSiloContextNonPaged - new RS1 object
9 | PsSiloContextPaged - new RS1 object
10 | SchedulerSharedData - new win11 22h2+ object, unnamed objects
11 | Silo (r3 interface removed in 10240 release, object removed in TH2 builds)
12 | VirtualKey - new RS1 object (not present in RS2)
13 | VRegConfigurationContext - new RS1 object
14 | DxgkDisplayMuxSwitch - new 25H2 object
15 |
--------------------------------------------------------------------------------
/Source/Utils/GenAsIo2Unlock/GenAsIo2Unlock.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.31025.218
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "GenAsIo2Unlock", "GenAsIo2Unlock.vcxproj", "{19A7EF82-4431-4167-AAC9-57FA29B1AE21}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Release|x64 = Release|x64
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {19A7EF82-4431-4167-AAC9-57FA29B1AE21}.Debug|x64.ActiveCfg = Debug|x64
15 | {19A7EF82-4431-4167-AAC9-57FA29B1AE21}.Debug|x64.Build.0 = Debug|x64
16 | {19A7EF82-4431-4167-AAC9-57FA29B1AE21}.Release|x64.ActiveCfg = Release|x64
17 | {19A7EF82-4431-4167-AAC9-57FA29B1AE21}.Release|x64.Build.0 = Release|x64
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {61964766-0C22-42CC-8170-469C28F6C2D8}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/Source/Utils/GenAsIo2Unlock/GenAsIo2Unlock.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | x64
7 |
8 |
9 | Release
10 | x64
11 |
12 |
13 |
14 | 16.0
15 | Win32Proj
16 | {19a7ef82-4431-4167-aac9-57fa29b1ae21}
17 | GenAsusUnlock
18 | 10.0
19 | GenAsIo2Unlock
20 |
21 |
22 |
23 | Application
24 | true
25 | v142
26 | Unicode
27 |
28 |
29 | Application
30 | false
31 | v142
32 | true
33 | Unicode
34 | false
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 | true
50 | .\output\$(Platform)\$(Configuration)\
51 | .\output\$(Platform)\$(Configuration)\
52 |
53 |
54 | false
55 | .\output\$(Platform)\$(Configuration)\
56 | .\output\$(Platform)\$(Configuration)\
57 | true
58 |
59 |
60 |
61 | Level3
62 | true
63 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
64 | true
65 |
66 |
67 | Console
68 | true
69 |
70 |
71 |
72 |
73 | Level4
74 | true
75 | true
76 | true
77 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
78 | true
79 | MultiThreaded
80 | true
81 | Guard
82 |
83 |
84 | Console
85 | true
86 | true
87 | false
88 | /NOCOFFGRPINFO %(AdditionalOptions)
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
--------------------------------------------------------------------------------
/Source/Utils/GenAsIo2Unlock/GenAsIo2Unlock.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {df6b50ba-6a92-4149-873b-67cf23736ddf}
18 |
19 |
20 |
21 |
22 | Source Files
23 |
24 |
25 | minirtl
26 |
27 |
28 |
29 |
30 | Header Files
31 |
32 |
33 | minirtl
34 |
35 |
36 |
--------------------------------------------------------------------------------
/Source/Utils/GenAsIo2Unlock/GenAsIo2Unlock.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | c:\makeexe\kdu\kdu.exe
5 | WindowsLocalDebugger
6 |
7 |
--------------------------------------------------------------------------------
/Source/Utils/SearchPattern/SearchPattern.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 17
4 | VisualStudioVersion = 17.2.32516.85
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SearchPattern", "SearchPattern.vcxproj", "{B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Debug|x64.ActiveCfg = Debug|x64
17 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Debug|x64.Build.0 = Debug|x64
18 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Debug|x86.ActiveCfg = Debug|Win32
19 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Debug|x86.Build.0 = Debug|Win32
20 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Release|x64.ActiveCfg = Release|x64
21 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Release|x64.Build.0 = Release|x64
22 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Release|x86.ActiveCfg = Release|Win32
23 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {C910A337-D65F-41AB-9EB6-5303B9099E4E}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/Source/Utils/SearchPattern/SearchPattern.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/Source/Utils/SearchPattern/SearchPattern.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | C:\Dumps\ntoskrnl.exe "PAGE" "41B8C4000000BF06000000" "1111001111111111111110"
5 | WindowsLocalDebugger
6 |
7 |
8 | C:\Dumps\ntoskrnl.exe "PAGE" "41B8C4000000BF06000000" "1111001111111111111110"
9 | WindowsLocalDebugger
10 |
11 |
--------------------------------------------------------------------------------
/Source/Utils/SearchPattern/test.cmd:
--------------------------------------------------------------------------------
1 | @echo off
2 | echo Looking for pattern 1
3 | sp.exe C:\Dumps\ntoskrnl.exe "PAGE" "41 B8 FF 00 00 00 BF 06 00 00 00" "11 11 00 11 11 11 11 11 11 11 11"
4 | pause
5 | echo Looking for pattern 2
6 | sp.exe C:\Dumps\ntoskrnl.exe "PAGE" "BA D0 07 00 00 B9 40 00 00 00" "11 11 11 11 11 11 11 11 11 11"
7 | pause
--------------------------------------------------------------------------------
/Source/Utils/readme.txt:
--------------------------------------------------------------------------------
1 | Support and test utilities.
2 |
3 | GenAsIo2Unlock - generate unlocking data for *locked* Asus drivers from EneTech.
4 | SearchPattern - test tool for pattern lookups.
5 |
--------------------------------------------------------------------------------
/Source/WinObjEx64.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.29613.14
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WinObjEx64", "WinObjEx64\WinObjEx64.vcxproj", "{A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | DebugWithDriver|x64 = DebugWithDriver|x64
12 | Release|x64 = Release|x64
13 | ReleasePrivateDriver|x64 = ReleasePrivateDriver|x64
14 | ReleaseWinIoDriver|x64 = ReleaseWinIoDriver|x64
15 | EndGlobalSection
16 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
17 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.Debug|x64.ActiveCfg = Debug|x64
18 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.Debug|x64.Build.0 = Debug|x64
19 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.DebugWithDriver|x64.ActiveCfg = DebugWithDriver|x64
20 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.DebugWithDriver|x64.Build.0 = DebugWithDriver|x64
21 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.Release|x64.ActiveCfg = Release|x64
22 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.Release|x64.Build.0 = Release|x64
23 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.ReleasePrivateDriver|x64.ActiveCfg = ReleasePrivateDriver|x64
24 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.ReleasePrivateDriver|x64.Build.0 = ReleasePrivateDriver|x64
25 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.ReleaseWinIoDriver|x64.ActiveCfg = ReleaseWinIoDriver|x64
26 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.ReleaseWinIoDriver|x64.Build.0 = ReleaseWinIoDriver|x64
27 | EndGlobalSection
28 | GlobalSection(SolutionProperties) = preSolution
29 | HideSolutionNode = FALSE
30 | EndGlobalSection
31 | GlobalSection(ExtensibilityGlobals) = postSolution
32 | SolutionGuid = {4FAAD6B8-C83A-4862-BD27-9C4030CBA89C}
33 | EndGlobalSection
34 | EndGlobal
35 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/Resource.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/Resource.rc
--------------------------------------------------------------------------------
/Source/WinObjEx64/WinObjEx64.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | WindowsLocalDebugger
5 |
6 |
7 |
8 |
9 | WindowsLocalDebugger
10 |
11 |
12 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/driver.rc:
--------------------------------------------------------------------------------
1 | #include "resource.h"
2 | #include "winres.h"
3 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
4 | #ifndef _UseOwnDriver
5 | IDR_KDBGDRV SYS "..\\drvstore\\kldbgdrv.sys"
6 | #else
7 | #ifdef _UseWinIo
8 | IDR_KDBGDRV SYS "..\\drvstore\\winio.sys"
9 | #else
10 | IDR_KDBGDRV SYS "..\\drvstore\\wodbgdrv.sys"
11 | #endif
12 | #endif
13 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/drivers/wdbgdrv.c:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2022
4 | *
5 | * TITLE: WDBGDRV.C
6 | *
7 | * VERSION: 1.93
8 | *
9 | * DATE: 22 Apr 2022
10 | *
11 | * MS WinDbg kldbgdrv based reader.
12 | *
13 | * Note:
14 | *
15 | * Windows Debug mode is required for using this driver.
16 | *
17 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
18 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
19 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
20 | * PARTICULAR PURPOSE.
21 | *
22 | *******************************************************************************/
23 | #include "global.h"
24 | #include "wdbgdrv.h"
25 |
26 | /*
27 | * WDbgpDrvReadSystemMemoryWithStatus
28 | *
29 | * Purpose:
30 | *
31 | * Wrapper around SysDbgReadVirtual request to the KLDBGDRV/WODBGDRV
32 | *
33 | */
34 | BOOL WDbgpDrvReadSystemMemoryWithStatus(
35 | _In_ WDRV_CONTEXT* Context,
36 | _In_ ULONG_PTR Address,
37 | _Inout_ PVOID Buffer,
38 | _In_ ULONG BufferSize,
39 | _Out_opt_ PULONG NumberOfBytesRead,
40 | _Out_ NTSTATUS* Status,
41 | _Out_ PIO_STATUS_BLOCK IoStatus
42 | )
43 | {
44 | BOOL bResult;
45 | NTSTATUS ntStatus;
46 | KLDBG kldbg;
47 | IO_STATUS_BLOCK iost;
48 | SYSDBG_VIRTUAL dbgRequest;
49 |
50 | if (NumberOfBytesRead)
51 | *NumberOfBytesRead = 0;
52 |
53 | *Status = STATUS_UNSUCCESSFUL;
54 | IoStatus->Information = 0;
55 | IoStatus->Status = STATUS_UNSUCCESSFUL;
56 |
57 | //
58 | // Fill parameters for KdSystemDebugControl.
59 | //
60 | dbgRequest.Address = (PVOID)Address;
61 | dbgRequest.Buffer = Buffer;
62 | dbgRequest.Request = BufferSize;
63 |
64 | //
65 | // Fill parameters for kldbgdrv ioctl.
66 | //
67 | kldbg.SysDbgRequest = SysDbgReadVirtual;
68 | kldbg.Buffer = &dbgRequest;
69 | kldbg.BufferSize = sizeof(SYSDBG_VIRTUAL);
70 |
71 | iost.Information = 0;
72 | iost.Status = 0;
73 |
74 | ntStatus = NtDeviceIoControlFile(Context->DeviceHandle,
75 | NULL,
76 | NULL,
77 | NULL,
78 | &iost,
79 | IOCTL_KD_PASS_THROUGH,
80 | &kldbg,
81 | sizeof(kldbg),
82 | &dbgRequest,
83 | sizeof(dbgRequest));
84 |
85 | if (ntStatus == STATUS_PENDING) {
86 |
87 | ntStatus = NtWaitForSingleObject(Context->DeviceHandle,
88 | FALSE,
89 | NULL);
90 |
91 | }
92 |
93 | *Status = ntStatus;
94 |
95 | if (NT_SUCCESS(ntStatus))
96 | ntStatus = iost.Status;
97 |
98 | IoStatus->Information = iost.Information;
99 | IoStatus->Status = iost.Status;
100 |
101 | bResult = NT_SUCCESS(ntStatus);
102 |
103 | if (bResult) {
104 |
105 | if (NumberOfBytesRead)
106 | *NumberOfBytesRead = (ULONG)iost.Information;
107 |
108 | }
109 | else {
110 | //
111 | // We don't need this information in case of error.
112 | //
113 | if (!NT_ERROR(ntStatus)) {
114 | if (NumberOfBytesRead)
115 | *NumberOfBytesRead = (ULONG)iost.Information;
116 | }
117 |
118 | }
119 |
120 | return bResult;
121 | }
122 |
123 | /*
124 | * WDbgDrvReadSystemMemory
125 | *
126 | * Purpose:
127 | *
128 | * Call internal WDbgpDrvReadSystemMemoryWithStatus.
129 | *
130 | */
131 | BOOL WDbgDrvReadSystemMemory(
132 | _In_ WDRV_CONTEXT* Context,
133 | _In_ ULONG_PTR Address,
134 | _Inout_ PVOID Buffer,
135 | _In_ ULONG BufferSize,
136 | _Out_opt_ PULONG NumberOfBytesRead
137 | )
138 | {
139 | ULONG numberOfBytesRead = 0;
140 |
141 | if (NumberOfBytesRead)
142 | *NumberOfBytesRead = 0;
143 |
144 | if ((Buffer == NULL) ||
145 | (BufferSize == 0) ||
146 | (Address < g_kdctx.SystemRangeStart))
147 | {
148 | return FALSE;
149 | }
150 |
151 | BOOL bResult = WDbgpDrvReadSystemMemoryWithStatus(Context,
152 | Address,
153 | Buffer,
154 | BufferSize,
155 | &numberOfBytesRead,
156 | &Context->LastNtStatus,
157 | &Context->IoStatusBlock);
158 |
159 | if (NumberOfBytesRead)
160 | *NumberOfBytesRead = numberOfBytesRead;
161 |
162 | return bResult;
163 | }
164 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/drivers/wdbgdrv.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2022
4 | *
5 | * TITLE: WDBGDRV.H
6 | *
7 | * VERSION: 1.93
8 | *
9 | * DATE: 22 Apr 2022
10 | *
11 | * Common header file for the WINDBG Driver Helper support.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | BOOL WDbgDrvReadSystemMemory(
22 | _In_ WDRV_CONTEXT* Context,
23 | _In_ ULONG_PTR Address,
24 | _Inout_ PVOID Buffer,
25 | _In_ ULONG BufferSize,
26 | _Out_opt_ PULONG NumberOfBytesRead);
27 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/drivers/winio.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2022
4 | *
5 | * TITLE: WINIO.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Common header file for the WINIO Driver Helper support.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | #define FILE_DEVICE_ASUSIO (DWORD)0x0000A040
22 |
23 | #define ASUSIO_MAP_FUNCID (DWORD)0x920
24 | #define ASUSIO_UNMAP_FUNCID (DWORD)0x914
25 |
26 | #define IOCTL_ASUSIO_MAP_USER_PHYSICAL_MEMORY \
27 | CTL_CODE(FILE_DEVICE_ASUSIO, ASUSIO_MAP_FUNCID, METHOD_BUFFERED, FILE_WRITE_ACCESS)
28 |
29 | #define IOCTL_ASUSIO_UNMAP_USER_PHYSICAL_MEMORY \
30 | CTL_CODE(FILE_DEVICE_ASUSIO, ASUSIO_UNMAP_FUNCID, METHOD_BUFFERED, FILE_ANY_ACCESS)
31 |
32 | #define WINIO_IOCTL_MAP IOCTL_ASUSIO_MAP_USER_PHYSICAL_MEMORY
33 | #define WINIO_IOCTL_UNMAP IOCTL_ASUSIO_UNMAP_USER_PHYSICAL_MEMORY
34 | #define WINIO_DRV_NAME L"Asusgio2"
35 | #define WINIO_DEV_NAME L"Asusgio2"
36 |
37 |
38 | typedef struct _WINIO_PHYSICAL_MEMORY_INFO {
39 | ULONG_PTR ViewSize;
40 | ULONG_PTR BusAddress; //physical address
41 | HANDLE SectionHandle;
42 | PVOID BaseAddress;
43 | PVOID ReferencedObject;
44 | } WINIO_PHYSICAL_MEMORY_INFO, * PWINIO_PHYSICAL_MEMORYINFO;
45 |
46 | typedef struct _WINIO_PHYSICAL_MEMORY_INFO_EX {
47 | ULONG_PTR CommitSize;
48 | ULONG_PTR BusAddress;
49 | HANDLE SectionHandle;
50 | PVOID BaseAddress;
51 | PVOID ReferencedObject;
52 | UCHAR EncryptedKey[16];
53 | } WINIO_PHYSICAL_MEMORY_INFO_EX, * PWINIO_PHYSICAL_MEMORY_INFO_EX;
54 |
55 | BOOL WinIoReadSystemMemory(
56 | _In_ WDRV_CONTEXT* Context,
57 | _In_ ULONG_PTR Address,
58 | _Inout_ PVOID Buffer,
59 | _In_ ULONG BufferSize,
60 | _Out_opt_ PULONG NumberOfBytesRead);
61 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/excepth.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: EXCEPTH.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Common header file for the exception handling routines.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | INT exceptFilter(
22 | _In_ UINT ExceptionCode,
23 | _In_ EXCEPTION_POINTERS *ExceptionPointers);
24 |
25 | INT exceptFilterWithLog(
26 | _In_ UINT ExceptionCode,
27 | _In_opt_ EXCEPTION_POINTERS* ExceptionPointers);
28 |
29 | INT exceptFilterUnhandled(
30 | _In_ struct _EXCEPTION_POINTERS* ExceptionInfo);
31 |
32 | #define WOBJ_EXCEPTION_FILTER exceptFilter(GetExceptionCode(), GetExceptionInformation())
33 | #define WOBJ_EXCEPTION_FILTER_LOG exceptFilterWithLog(GetExceptionCode(), GetExceptionInformation())
34 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/extapi.c:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2017 - 2022
4 | *
5 | * TITLE: EXTAPI.C
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Support unit for pre Windows 10 missing APIs.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #include "global.h"
20 |
21 | EXTENDED_API_SET g_ExtApiSet;
22 |
23 | /*
24 | * ExApiSetInit
25 | *
26 | * Purpose:
27 | *
28 | * Initializes newest Windows version specific function pointers.
29 | *
30 | * Called once during supInit
31 | *
32 | */
33 | NTSTATUS ExApiSetInit(
34 | VOID
35 | )
36 | {
37 | NTSTATUS Status;
38 | HMODULE hNtdll, hUser32;
39 |
40 | RtlSecureZeroMemory(&g_ExtApiSet, sizeof(g_ExtApiSet));
41 |
42 |
43 | hNtdll = GetModuleHandle(TEXT("ntdll.dll"));
44 | if (hNtdll) {
45 | //
46 | // New Partition API introduced in Windows 10 TH1.
47 | //
48 | g_ExtApiSet.NtOpenPartition = (pfnNtOpenPartition)GetProcAddress(hNtdll, "NtOpenPartition");
49 |
50 | if (g_ExtApiSet.NtOpenPartition) {
51 | g_ExtApiSet.NumberOfAPI += 1;
52 | }
53 |
54 | //
55 | // Available since Windows 10 REDSTONE 1.
56 | //
57 | g_ExtApiSet.NtOpenRegistryTransaction = (pfnNtOpenRegistryTransaction)GetProcAddress(hNtdll, "NtOpenRegistryTransaction");
58 |
59 | if (g_ExtApiSet.NtOpenRegistryTransaction) {
60 | g_ExtApiSet.NumberOfAPI += 1;
61 | }
62 | }
63 |
64 | //
65 | // User32 API introduced with Windows 8.
66 | //
67 | hUser32 = GetModuleHandle(TEXT("user32.dll"));
68 | if (hUser32) {
69 | g_ExtApiSet.IsImmersiveProcess = (pfnIsImmersiveProcess)GetProcAddress(hUser32, "IsImmersiveProcess");
70 | if (g_ExtApiSet.IsImmersiveProcess) {
71 | g_ExtApiSet.NumberOfAPI += 1;
72 | }
73 | g_ExtApiSet.GetAwarenessFromDpiAwarenessContext =
74 | (pfnGetAwarenessFromDpiAwarenessContext)GetProcAddress(hUser32, "GetAwarenessFromDpiAwarenessContext");
75 | if (g_ExtApiSet.GetAwarenessFromDpiAwarenessContext) {
76 | g_ExtApiSet.NumberOfAPI += 1;
77 | }
78 | g_ExtApiSet.GetDpiForSystem = (pfnGetDpiForSystem)GetProcAddress(hUser32, "GetDpiForSystem");
79 | if (g_ExtApiSet.GetDpiForSystem) {
80 | g_ExtApiSet.NumberOfAPI += 1;
81 | }
82 | g_ExtApiSet.GetDpiForWindow = (pfnGetDpiForWindow)GetProcAddress(hUser32, "GetDpiForWindow");
83 | if (g_ExtApiSet.GetDpiForWindow) {
84 | g_ExtApiSet.NumberOfAPI += 1;
85 | }
86 | g_ExtApiSet.GetThreadDpiAwarenessContext = (pfnGetThreadDpiAwarenessContext)
87 | GetProcAddress(hUser32, "GetThreadDpiAwarenessContext");
88 | if (g_ExtApiSet.GetThreadDpiAwarenessContext) {
89 | g_ExtApiSet.NumberOfAPI += 1;
90 | }
91 |
92 | }
93 |
94 | Status = (g_ExtApiSet.NumberOfAPI == EXTAPI_ALL_MAPPED) ?
95 | STATUS_SUCCESS : STATUS_NOT_ALL_ASSIGNED;
96 |
97 | return Status;
98 | }
99 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/extapi.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: EXTAPI.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Header for pre Windows 10+ missing API.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | typedef NTSTATUS (NTAPI *pfnNtOpenPartition)(
22 | _Out_ PHANDLE PartitionHandle,
23 | _In_ ACCESS_MASK DesiredAccess,
24 | _In_ POBJECT_ATTRIBUTES ObjectAttributes
25 | );
26 |
27 | typedef NTSTATUS (NTAPI *pfnNtManagePartition)(
28 | _In_ HANDLE TargetHandle,
29 | _In_opt_ HANDLE SourceHandle,
30 | _In_ MEMORY_PARTITION_INFORMATION_CLASS PartitionInformationClass,
31 | _In_ PVOID PartitionInformation,
32 | _In_ ULONG PartitionInformationLength
33 | );
34 |
35 | typedef NTSTATUS (NTAPI *pfnNtOpenRegistryTransaction)(
36 | _Out_ PHANDLE RegistryHandle,
37 | _In_ ACCESS_MASK DesiredAccess,
38 | _In_ POBJECT_ATTRIBUTES ObjectAttributes);
39 |
40 | typedef BOOL (WINAPI *pfnIsImmersiveProcess)(
41 | HANDLE hProcess
42 | );
43 |
44 | typedef DPI_AWARENESS_CONTEXT (WINAPI *pfnGetThreadDpiAwarenessContext)(
45 | VOID);
46 |
47 | typedef DPI_AWARENESS (WINAPI *pfnGetAwarenessFromDpiAwarenessContext)(
48 | _In_ DPI_AWARENESS_CONTEXT value);
49 |
50 | typedef UINT (WINAPI *pfnGetDpiForWindow)(
51 | _In_ HWND hwnd);
52 |
53 | typedef UINT (WINAPI *pfnGetDpiForSystem)(
54 | VOID);
55 |
56 | #define EXTAPI_ALL_MAPPED 7
57 |
58 | typedef struct _EXTENDED_API_SET {
59 | ULONG NumberOfAPI;
60 | pfnNtOpenPartition NtOpenPartition;
61 | pfnNtOpenRegistryTransaction NtOpenRegistryTransaction;
62 | pfnIsImmersiveProcess IsImmersiveProcess;
63 | pfnGetThreadDpiAwarenessContext GetThreadDpiAwarenessContext;
64 | pfnGetAwarenessFromDpiAwarenessContext GetAwarenessFromDpiAwarenessContext;
65 | pfnGetDpiForWindow GetDpiForWindow;
66 | pfnGetDpiForSystem GetDpiForSystem;
67 | } EXTENDED_API_SET, *PEXTENDED_API_SET;
68 |
69 | NTSTATUS ExApiSetInit(
70 | VOID
71 | );
72 |
73 | extern EXTENDED_API_SET g_ExtApiSet;
74 |
75 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/extras/extras.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2023
4 | *
5 | * TITLE: EXTRAS.H
6 | *
7 | * VERSION: 2.01
8 | *
9 | * DATE: 20 Mar 2023
10 | *
11 | * Common header file for Extras dialogs.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | typedef struct _EXTRASCONTEXT {
22 | HWND hwndDlg;
23 | HWND ListView;
24 | HWND TreeList;
25 | HWND StatusBar;
26 | PVOID TooltipInfo;
27 | HIMAGELIST ImageList;
28 | INT lvColumnToSort;
29 | INT lvColumnCount;
30 | INT lvColumnHit;
31 | INT lvItemHit;
32 | INT tlSubItemHit;
33 | BOOL bInverseSort;
34 | union {
35 | ULONG_PTR Reserved;
36 | ULONG_PTR DialogMode;
37 | };
38 | HICON ObjectIcon;
39 | HICON DialogIcon;
40 | } EXTRASCONTEXT, *PEXTRASCONTEXT;
41 |
42 | typedef struct _EXTRASCALLBACK {
43 | ULONG_PTR lParam;
44 | ULONG_PTR Value;
45 | } EXTRASCALLBACK, *PEXTRASCALLBACK;
46 |
47 | typedef enum _IPC_DLG_MODE {
48 | IpcModeNamedPipes = 0,
49 | IpcModeMailSlots = 1,
50 | IpcMaxMode = 2
51 | } IPC_DLG_MODE;
52 |
53 | typedef enum _DRIVERS_DLG_MODE {
54 | DrvModeNormal = 0,
55 | DrvModeUnloaded = 1,
56 | DrvModeMax = 2
57 | } DRIVERS_DLG_MODE;
58 |
59 | typedef enum _SSDT_DLG_MODE {
60 | SST_Ntos = 0,
61 | SST_Win32k = 1,
62 | SST_Max = 2
63 | } SSDT_DLG_MODE;
64 |
65 | typedef INT(CALLBACK *DlgCompareFunction)(
66 | _In_ LPARAM lParam1,
67 | _In_ LPARAM lParam2,
68 | _In_ LPARAM lParamSort
69 | );
70 |
71 | typedef BOOL(CALLBACK *CustomNotifyFunction)(
72 | _In_ LPNMLISTVIEW nhdr,
73 | _In_ EXTRASCONTEXT *Context,
74 | _In_opt_ PVOID Parameter
75 | );
76 |
77 | VOID extrasSimpleListResize(
78 | _In_ HWND hwndDlg);
79 |
80 | VOID extrasSetDlgIcon(
81 | _In_ EXTRASCONTEXT* Context);
82 |
83 | VOID extrasRemoveDlgIcon(
84 | _In_ EXTRASCONTEXT* Context);
85 |
86 | VOID extrasShowDialogById(
87 | _In_ WORD DialogId);
88 |
89 | VOID extrasHandleSettingsChange(
90 | EXTRASCONTEXT* Context);
91 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/extras/extrasCallbacksPatterns.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2025
4 | *
5 | * TITLE: EXTRASCALLBACKSPATTERNS.H
6 | *
7 | * VERSION: 2.07
8 | *
9 | * DATE: 14 May 2025
10 | *
11 | * Header with search patterns used by Callbacks dialog routines.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | //
23 | // PsAltSystemCallHandlers
24 | //
25 | #define MAX_ALT_SYSTEM_CALL_HANDLERS 2
26 |
27 | BYTE PsAltSystemCallHandlersPattern[] = {
28 | 0x4C, 0x8D, 0x35
29 | };
30 |
31 |
32 | /*+++
33 |
34 | SeCiCallbacks search patterns
35 |
36 | +++*/
37 |
38 | //Windows 8/8.1
39 | BYTE SeCiCallbacksPattern_9200_9600[] = {
40 | 0x48, 0x83, 0xEC, 0x20, 0xBF, 0x06, 0x00, 0x00, 0x00
41 | };
42 |
43 | //Windows 10 TH1/TH2
44 | BYTE SeCiCallbacksPattern_10240_10586[] = {
45 | 0x48, 0x83, 0xEC, 0x20, 0xBB, 0x98, 0x00, 0x00, 0x00
46 | };
47 |
48 | //Windows 10 RS1
49 | BYTE SeCiCallbacksPattern_14393[] = {
50 | 0x48, 0x83, 0xEC, 0x20, 0xBB, 0xB0, 0x00, 0x00, 0x00
51 | };
52 |
53 | //Windows 10 RS2/RS3
54 | BYTE SeCiCallbacksPattern_15063_16299[] = {
55 | 0x48, 0x83, 0xEC, 0x20, 0xBB, 0xC0, 0x00, 0x00, 0x00
56 | };
57 |
58 | //Windows 10 RS4/RS5
59 | BYTE SeCiCallbacksPattern_17134_17763[] = {
60 | 0x48, 0x83, 0xEC, 0x20, 0xBB, 0xD0, 0x00, 0x00, 0x00
61 | };
62 |
63 | // Instruction match pattern
64 | BYTE SeCiCallbacksMatchingPattern[] = {
65 | 0x48, 0x8D, 0x0D
66 | };
67 |
68 | //Windows 7
69 | BYTE g_CiCallbacksPattern_7601[] = {
70 | 0x8D, 0x7B, 0x06, 0x48, 0x89, 0x05
71 | };
72 |
73 | BYTE g_CiCallbacksMatchingPattern[] = {
74 | 0x48, 0x89, 0x05
75 | };
76 |
77 | #define LEA_INSTRUCTION_LENGTH_7B 7
78 | #define CI_CALLBACKS_3BYTE_INSTRUCTION_SIZE 3
79 |
80 | /*+++
81 |
82 | EmpSearchCallbackDatabase search pattern
83 |
84 | +++*/
85 | BYTE g_EmpSearchCallbackDatabase[] = { 0x48, 0x8B, 0x4E, 0xF8, 0x48, 0x85, 0xC9 };
86 | BYTE g_EmpSearchCallbackDatabase2[] = { 0x49, 0x8B, 0x4A, 0xF8, 0x48, 0x85, 0xC9 };
87 | BYTE g_EmpSearchCallbackDatabase3[] = { 0x4B, 0x8B, 0x0C, 0xDC, 0x48, 0x85, 0xC9, 0x74, 0x48 };
88 |
89 | /*+++
90 |
91 | ExpFindHost search pattern
92 |
93 | +++*/
94 |
95 | BYTE g_ExpFindHost22000_22621[] = { 0x41, 0x0F, 0xB7, 0x0E };
96 | BYTE g_ExpFindHost22631_27842[] = { 0x44, 0x89, 0x44, 0x24, 0x78 };
97 |
98 | /*+++
99 |
100 | PnpDeviceClassNotifyList search pattern
101 |
102 | +++*/
103 |
104 | //
105 | // mul ecx
106 | //
107 | BYTE g_PnpDeviceClassNotifyList_SubPattern_7601[] = { 0xF7, 0xE1 };
108 |
109 | BYTE g_PnpDeviceClassNotifyList_SubPattern_9200[] = { 0xC1, 0xEA, 0x02, 0x6B, 0xD2, 0x0D };
110 |
111 | //
112 | // shr edx, 2
113 | // imul eax, edx, 0Dh
114 | //
115 | BYTE g_PnpDeviceClassNofityList_SubPattern_9600_26080[] = { 0xC1, 0xEA, 0x02, 0x6B, 0xC2, 0x0D };
116 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/extras/extrasHandlers.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: EXTRAS.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Common header file for Extras dialogs handlers.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | VOID extrasCreateCallbacksDialog(
23 | VOID);
24 |
25 | VOID extrasCreateCmOptDialog(
26 | VOID);
27 |
28 | VOID extrasCreateDriversDialog(
29 | _In_ DRIVERS_DLG_MODE Mode);
30 |
31 | VOID extrasCreateIpcDialog(
32 | _In_ IPC_DLG_MODE Mode);
33 |
34 | VOID extrasCreatePNDialog(
35 | VOID);
36 |
37 | VOID extrasCreatePsListDialog(
38 | VOID);
39 |
40 | VOID extrasCreateSLCacheDialog(
41 | VOID);
42 |
43 | VOID extrasCreateSSDTDialog(
44 | _In_ SSDT_DLG_MODE Mode);
45 |
46 | VOID extrasCreateUsdDialog(
47 | VOID);
48 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/hash.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2021 - 2022
4 | *
5 | * TITLE: HASH.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Header file for the hash support routines.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | #include
22 | #pragma comment(lib, "Bcrypt.lib")
23 |
24 | typedef struct _CNG_CTX {
25 | PVOID Hash;
26 | PVOID HashObject;
27 | ULONG HashSize;
28 | ULONG HashObjectSize;
29 | BCRYPT_ALG_HANDLE AlgHandle;
30 | BCRYPT_HASH_HANDLE HashHandle;
31 | HANDLE HeapHandle;
32 | } CNG_CTX, * PCNG_CTX;
33 |
34 | NTSTATUS CreateHashContext(
35 | _In_ HANDLE HeapHandle,
36 | _In_ PCWSTR AlgId,
37 | _Out_ PCNG_CTX* Context);
38 |
39 | VOID DestroyHashContext(
40 | _In_ PCNG_CTX Context);
41 |
42 | NTSTATUS HashLoadFile(
43 | _In_ PFILE_VIEW_INFO ViewInformation,
44 | _In_ BOOLEAN PartialMap);
45 |
46 | FORCEINLINE VOID HashUnloadFile(
47 | _In_ PFILE_VIEW_INFO ViewInformation
48 | )
49 | {
50 | supDestroyFileViewInfo(ViewInformation);
51 | }
52 |
53 | LPWSTR ComputeHashForFile(
54 | _In_ PFILE_VIEW_INFO ViewInformation,
55 | _In_ LPCWSTR lpAlgId,
56 | _In_ DWORD PageSize,
57 | _In_ HANDLE HeapHandle,
58 | _In_ BOOLEAN FirstPageHashOnly);
59 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/hde/hde64.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Hacker Disassembler Engine 64
3 | * Copyright (c) 2008-2009, Vyacheslav Patkov.
4 | * All rights reserved.
5 | *
6 | * hde64.h: C/C++ header file
7 | *
8 | */
9 |
10 | #ifndef _HDE64_H_
11 | #define _HDE64_H_
12 |
13 | /* stdint.h - C99 standard header
14 | * http://en.wikipedia.org/wiki/stdint.h
15 | *
16 | * if your compiler doesn't contain "stdint.h" header (for
17 | * example, Microsoft Visual C++), you can download file:
18 | * http://www.azillionmonkeys.com/qed/pstdint.h
19 | * and change next line to:
20 | * #include "pstdint.h"
21 | */
22 | #include "pstdint.h"
23 |
24 | #define F_MODRM 0x00000001
25 | #define F_SIB 0x00000002
26 | #define F_IMM8 0x00000004
27 | #define F_IMM16 0x00000008
28 | #define F_IMM32 0x00000010
29 | #define F_IMM64 0x00000020
30 | #define F_DISP8 0x00000040
31 | #define F_DISP16 0x00000080
32 | #define F_DISP32 0x00000100
33 | #define F_RELATIVE 0x00000200
34 | #define F_ERROR 0x00001000
35 | #define F_ERROR_OPCODE 0x00002000
36 | #define F_ERROR_LENGTH 0x00004000
37 | #define F_ERROR_LOCK 0x00008000
38 | #define F_ERROR_OPERAND 0x00010000
39 | #define F_PREFIX_REPNZ 0x01000000
40 | #define F_PREFIX_REPX 0x02000000
41 | #define F_PREFIX_REP 0x03000000
42 | #define F_PREFIX_66 0x04000000
43 | #define F_PREFIX_67 0x08000000
44 | #define F_PREFIX_LOCK 0x10000000
45 | #define F_PREFIX_SEG 0x20000000
46 | #define F_PREFIX_REX 0x40000000
47 | #define F_PREFIX_ANY 0x7f000000
48 |
49 | #define PREFIX_SEGMENT_CS 0x2e
50 | #define PREFIX_SEGMENT_SS 0x36
51 | #define PREFIX_SEGMENT_DS 0x3e
52 | #define PREFIX_SEGMENT_ES 0x26
53 | #define PREFIX_SEGMENT_FS 0x64
54 | #define PREFIX_SEGMENT_GS 0x65
55 | #define PREFIX_LOCK 0xf0
56 | #define PREFIX_REPNZ 0xf2
57 | #define PREFIX_REPX 0xf3
58 | #define PREFIX_OPERAND_SIZE 0x66
59 | #define PREFIX_ADDRESS_SIZE 0x67
60 |
61 | #pragma pack(push,1)
62 |
63 | typedef struct {
64 | uint8_t len;
65 | uint8_t p_rep;
66 | uint8_t p_lock;
67 | uint8_t p_seg;
68 | uint8_t p_66;
69 | uint8_t p_67;
70 | uint8_t rex;
71 | uint8_t rex_w;
72 | uint8_t rex_r;
73 | uint8_t rex_x;
74 | uint8_t rex_b;
75 | uint8_t opcode;
76 | uint8_t opcode2;
77 | uint8_t modrm;
78 | uint8_t modrm_mod;
79 | uint8_t modrm_reg;
80 | uint8_t modrm_rm;
81 | uint8_t sib;
82 | uint8_t sib_scale;
83 | uint8_t sib_index;
84 | uint8_t sib_base;
85 | union {
86 | uint8_t imm8;
87 | uint16_t imm16;
88 | uint32_t imm32;
89 | uint64_t imm64;
90 | } imm;
91 | union {
92 | uint8_t disp8;
93 | uint16_t disp16;
94 | uint32_t disp32;
95 | } disp;
96 | uint32_t flags;
97 | } hde64s;
98 |
99 | #pragma pack(pop)
100 |
101 | #ifdef __cplusplus
102 | extern "C" {
103 | #endif
104 |
105 | /* __cdecl */
106 | unsigned int hde64_disasm(const void *code, hde64s *hs);
107 |
108 | #ifdef __cplusplus
109 | }
110 | #endif
111 |
112 | #endif /* _HDE64_H_ */
113 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/hde/pstdint.h:
--------------------------------------------------------------------------------
1 | /*
2 | * MinHook - The Minimalistic API Hooking Library for x64/x86
3 | * Copyright (C) 2009-2015 Tsuda Kageyu. All rights reserved.
4 | *
5 | * Redistribution and use in source and binary forms, with or without
6 | * modification, are permitted provided that the following conditions
7 | * are met:
8 | *
9 | * 1. Redistributions of source code must retain the above copyright
10 | * notice, this list of conditions and the following disclaimer.
11 | * 2. Redistributions in binary form must reproduce the above copyright
12 | * notice, this list of conditions and the following disclaimer in the
13 | * documentation and/or other materials provided with the distribution.
14 | *
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 | */
26 |
27 | #pragma once
28 |
29 | #include
30 |
31 | // Integer types for HDE.
32 | typedef INT8 int8_t;
33 | typedef INT16 int16_t;
34 | typedef INT32 int32_t;
35 | typedef INT64 int64_t;
36 | typedef UINT8 uint8_t;
37 | typedef UINT16 uint16_t;
38 | typedef UINT32 uint32_t;
39 | typedef UINT64 uint64_t;
40 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/hde/table64.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Hacker Disassembler Engine 64 C
3 | * Copyright (c) 2008-2009, Vyacheslav Patkov.
4 | * All rights reserved.
5 | *
6 | */
7 |
8 | #define C_NONE 0x00
9 | #define C_MODRM 0x01
10 | #define C_IMM8 0x02
11 | #define C_IMM16 0x04
12 | #define C_IMM_P66 0x10
13 | #define C_REL8 0x20
14 | #define C_REL32 0x40
15 | #define C_GROUP 0x80
16 | #define C_ERROR 0xff
17 |
18 | #define PRE_ANY 0x00
19 | #define PRE_NONE 0x01
20 | #define PRE_F2 0x02
21 | #define PRE_F3 0x04
22 | #define PRE_66 0x08
23 | #define PRE_67 0x10
24 | #define PRE_LOCK 0x20
25 | #define PRE_SEG 0x40
26 | #define PRE_ALL 0xff
27 |
28 | #define DELTA_OPCODES 0x4a
29 | #define DELTA_FPU_REG 0xfd
30 | #define DELTA_FPU_MODRM 0x104
31 | #define DELTA_PREFIXES 0x13c
32 | #define DELTA_OP_LOCK_OK 0x1ae
33 | #define DELTA_OP2_LOCK_OK 0x1c6
34 | #define DELTA_OP_ONLY_MEM 0x1d8
35 | #define DELTA_OP2_ONLY_MEM 0x1e7
36 |
37 | unsigned char hde64_table[] = {
38 | 0xa5,0xaa,0xa5,0xb8,0xa5,0xaa,0xa5,0xaa,0xa5,0xb8,0xa5,0xb8,0xa5,0xb8,0xa5,
39 | 0xb8,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xac,0xc0,0xcc,0xc0,0xa1,0xa1,
40 | 0xa1,0xa1,0xb1,0xa5,0xa5,0xa6,0xc0,0xc0,0xd7,0xda,0xe0,0xc0,0xe4,0xc0,0xea,
41 | 0xea,0xe0,0xe0,0x98,0xc8,0xee,0xf1,0xa5,0xd3,0xa5,0xa5,0xa1,0xea,0x9e,0xc0,
42 | 0xc0,0xc2,0xc0,0xe6,0x03,0x7f,0x11,0x7f,0x01,0x7f,0x01,0x3f,0x01,0x01,0xab,
43 | 0x8b,0x90,0x64,0x5b,0x5b,0x5b,0x5b,0x5b,0x92,0x5b,0x5b,0x76,0x90,0x92,0x92,
44 | 0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x6a,0x73,0x90,
45 | 0x5b,0x52,0x52,0x52,0x52,0x5b,0x5b,0x5b,0x5b,0x77,0x7c,0x77,0x85,0x5b,0x5b,
46 | 0x70,0x5b,0x7a,0xaf,0x76,0x76,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,
47 | 0x5b,0x5b,0x86,0x01,0x03,0x01,0x04,0x03,0xd5,0x03,0xd5,0x03,0xcc,0x01,0xbc,
48 | 0x03,0xf0,0x03,0x03,0x04,0x00,0x50,0x50,0x50,0x50,0xff,0x20,0x20,0x20,0x20,
49 | 0x01,0x01,0x01,0x01,0xc4,0x02,0x10,0xff,0xff,0xff,0x01,0x00,0x03,0x11,0xff,
50 | 0x03,0xc4,0xc6,0xc8,0x02,0x10,0x00,0xff,0xcc,0x01,0x01,0x01,0x00,0x00,0x00,
51 | 0x00,0x01,0x01,0x03,0x01,0xff,0xff,0xc0,0xc2,0x10,0x11,0x02,0x03,0x01,0x01,
52 | 0x01,0xff,0xff,0xff,0x00,0x00,0x00,0xff,0x00,0x00,0xff,0xff,0xff,0xff,0x10,
53 | 0x10,0x10,0x10,0x02,0x10,0x00,0x00,0xc6,0xc8,0x02,0x02,0x02,0x02,0x06,0x00,
54 | 0x04,0x00,0x02,0xff,0x00,0xc0,0xc2,0x01,0x01,0x03,0x03,0x03,0xca,0x40,0x00,
55 | 0x0a,0x00,0x04,0x00,0x00,0x00,0x00,0x7f,0x00,0x33,0x01,0x00,0x00,0x00,0x00,
56 | 0x00,0x00,0xff,0xbf,0xff,0xff,0x00,0x00,0x00,0x00,0x07,0x00,0x00,0xff,0x00,
57 | 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,
58 | 0x00,0x00,0x00,0xbf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x7f,0x00,0x00,
59 | 0xff,0x40,0x40,0x40,0x40,0x41,0x49,0x40,0x40,0x40,0x40,0x4c,0x42,0x40,0x40,
60 | 0x40,0x40,0x40,0x40,0x40,0x40,0x4f,0x44,0x53,0x40,0x40,0x40,0x44,0x57,0x43,
61 | 0x5c,0x40,0x60,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,
62 | 0x40,0x40,0x64,0x66,0x6e,0x6b,0x40,0x40,0x6a,0x46,0x40,0x40,0x44,0x46,0x40,
63 | 0x40,0x5b,0x44,0x40,0x40,0x00,0x00,0x00,0x00,0x06,0x06,0x06,0x06,0x01,0x06,
64 | 0x06,0x02,0x06,0x06,0x00,0x06,0x00,0x0a,0x0a,0x00,0x00,0x00,0x02,0x07,0x07,
65 | 0x06,0x02,0x0d,0x06,0x06,0x06,0x0e,0x05,0x05,0x02,0x02,0x00,0x00,0x04,0x04,
66 | 0x04,0x04,0x05,0x06,0x06,0x06,0x00,0x00,0x00,0x0e,0x00,0x00,0x08,0x00,0x10,
67 | 0x00,0x18,0x00,0x20,0x00,0x28,0x00,0x30,0x00,0x80,0x01,0x82,0x01,0x86,0x00,
68 | 0xf6,0xcf,0xfe,0x3f,0xab,0x00,0xb0,0x00,0xb1,0x00,0xb3,0x00,0xba,0xf8,0xbb,
69 | 0x00,0xc0,0x00,0xc1,0x00,0xc7,0xbf,0x62,0xff,0x00,0x8d,0xff,0x00,0xc4,0xff,
70 | 0x00,0xc5,0xff,0x00,0xff,0xff,0xeb,0x01,0xff,0x0e,0x12,0x08,0x00,0x13,0x09,
71 | 0x00,0x16,0x08,0x00,0x17,0x09,0x00,0x2b,0x09,0x00,0xae,0xff,0x07,0xb2,0xff,
72 | 0x00,0xb4,0xff,0x00,0xb5,0xff,0x00,0xc3,0x01,0x00,0xc7,0xff,0xbf,0xe7,0x08,
73 | 0x00,0xf0,0x02,0x00
74 | };
75 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/kldbg_patterns.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2024
4 | *
5 | * TITLE: KLDBG_PATTERNS.H
6 | *
7 | * VERSION: 2.05
8 | *
9 | * DATE: 11 Jul 2024
10 | *
11 | * Header with search patterns used by KLDBG.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | // lea rax, PspHostSiloGlobals
22 | #define IL_PspHostSiloGlobals 7
23 |
24 | // Number of bytes to scan for table lookup var 1
25 | #define DA_ScanBytesPNSVariant1 64
26 |
27 | // Number of bytes to scan for table lookup var 2
28 | #define DA_ScanBytesPNSVariant2 128
29 |
30 | // movzx ecx, byte ptr cs:ObHeaderCookie
31 | #define IL_ObHeaderCookie 7
32 |
33 | // Number of bytes to scan
34 | #define DA_ScanBytesObHeaderCookie 256
35 |
36 | //
37 | // ObHeaderCookie
38 | //
39 | BYTE ObHeaderCookiePattern[] = {
40 | 0x0F, 0xB6, 0x0D
41 | };
42 |
43 | //
44 | // ObpLookupNamespaceEntry signatures
45 | //
46 |
47 | // 7600, 7601, 9600, 10240
48 | BYTE NamespacePattern[] = {
49 | 0x0F, 0xB6, 0x7A, 0x28, 0x48, 0x8D, 0x05
50 | };
51 |
52 | // 9200 (8 failed even here)
53 | BYTE NamespacePattern8[] = {
54 | 0x0F, 0xB6, 0x79, 0x28, 0x48, 0x8D, 0x05
55 | };
56 |
57 | /*+++
58 |
59 | Host Server Silo signature patterns
60 |
61 | +++*/
62 |
63 | //
64 | // PrivateNamespaces redesigned in Windows 10 starting from 10586.
65 | //
66 |
67 | BYTE PsGetServerSiloGlobalsPattern_14393[] = {
68 | 0x48, 0x83, 0xEC, 0x28, 0x48, 0x83, 0xF9, 0xFF
69 | };
70 |
71 | BYTE PsGetServerSiloGlobalsPattern_15064_16299[] = {
72 | 0x48, 0x83, 0xEC, 0x28, 0x48, 0x8B, 0xC1, 0x48, 0x83, 0xF9, 0xFF
73 | };
74 |
75 | //
76 | // lea rax, ObpPrivateNamespaceLookupTable
77 | //
78 | BYTE LeaPattern_PNS[] = {
79 | 0x48, 0x8d, 0x05
80 | };
81 |
82 | //KiSystemServiceStartPattern(KiSystemServiceRepeat) signature
83 |
84 | BYTE KiSystemServiceStartPattern[] = { 0x8B, 0xF8, 0xC1, 0xEF, 0x07, 0x83, 0xE7, 0x20, 0x25, 0xFF, 0x0F, 0x00, 0x00 };
85 |
86 | //
87 | // lea r10, KeServiceDescriptorTable
88 | //
89 | BYTE LeaPattern_KeServiceDescriptorTable[] = {
90 | 0x4c, 0x8d, 0x15
91 | };
92 |
93 | //
94 | // lea r11, KeServiceDescriptorTableShadow
95 | //
96 | BYTE LeaPattern_KeServiceDescriptorTableShadow[] = {
97 | 0x4c, 0x8d, 0x1d
98 | };
99 |
100 | // lea
101 | #define IL_KeServiceDescriptorTableShadow 7
102 |
103 | // Number of bytes to scan
104 | #define DA_ScanBytesKeServiceDescriptorTableShadow 128
105 |
106 | //
107 | // KSE
108 | //
109 |
110 | #define IL_KseEngine 6
111 | #define DA_ScanBytesKseEngine 64
112 |
113 | BYTE KseEnginePattern[] = {
114 | 0x8B, 0x05
115 | };
116 |
117 | //
118 | // PAGE: MiRememberUnloadedDriver
119 | //
120 | // mov reg, 7D0h ; -> NumberOfBytes = MI_UNLOADED_DRIVERS * sizeof (UNLOADED_DRIVERS);
121 | //
122 | BYTE MiRememberUnloadedDriverPattern[] = {
123 | 0xBB, 0xD0, 0x07, 0x00, 0x00
124 | };
125 |
126 | //
127 | // PAGE: MiRememberUnloadedDriver
128 | //
129 | // mov reg, 7D0h ; -> NumberOfBytes = MI_UNLOADED_DRIVERS * sizeof (UNLOADED_DRIVERS);
130 | // mov ecx, 40h ;
131 | //
132 | BYTE MiRememberUnloadedDriverPattern2[] = {
133 | 0xBA, 0xD0, 0x07, 0x00, 0x00, // mov edx, 7D0h
134 | 0xB9, 0x40, 0x00, 0x00, 0x00 // mov ecx, 40h
135 | };
136 |
137 | #define FIX_WIN10_THRESHOULD_REG 0xBF
138 |
139 | BYTE MiRememberUnloadedDriverPattern24H2[] = {
140 | 0xBA, 0xD0, 0x07, 0x00, 0x00, // mov edx, 7D0h
141 | 0x41, 0x8D, 0x4E, 0x40 // lea ecx, [r14+40h]
142 | };
143 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/ksymbols.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2020 - 2024
4 | *
5 | * TITLE: KSYMBOLS.H
6 | *
7 | * VERSION: 2.05
8 | *
9 | * DATE: 12 Mar 2024
10 | *
11 | * Header file for kernel symbol names.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | #define KVAR_KeServiceDescriptorTableShadow L"KeServiceDescriptorTableShadow"
22 | #define KVAR_KseEngine L"KseEngine"
23 | #define KVAR_ObHeaderCookie L"ObHeaderCookie"
24 | #define KVAR_IopInvalidDeviceRequest L"IopInvalidDeviceRequest"
25 | #define KVAR_MmUnloadedDrivers L"MmUnloadedDrivers"
26 | #define KVAR_PspHostSiloGlobals L"PspHostSiloGlobals"
27 |
28 | #define KVAR_SeCiCallbacks L"SeCiCallbacks"
29 | #define KVAR_g_CiCallbacks L"g_CiCallbacks"
30 |
31 | #define KVAR_gSessionGlobalSlots L"gSessionGlobalSlots"
32 |
33 | #define KVAR_IopFsNotifyChangeQueueHead L"IopFsNotifyChangeQueueHead"
34 | #define KVAR_RtlpDebugPrintCallbackList L"RtlpDebugPrintCallbackList"
35 | #define KVAR_PopRegisteredPowerSettingCallbacks L"PopRegisteredPowerSettingCallbacks"
36 |
37 | #define KVAR_IopCdRomFileSystemQueueHead L"IopCdRomFileSystemQueueHead"
38 | #define KVAR_IopDiskFileSystemQueueHead L"IopDiskFileSystemQueueHead"
39 | #define KVAR_IopTapeFileSystemQueueHead L"IopTapeFileSystemQueueHead"
40 | #define KVAR_IopNetworkFileSystemQueueHead L"IopNetworkFileSystemQueueHead"
41 |
42 | #define KVAR_SeFileSystemNotifyRoutinesHead L"SeFileSystemNotifyRoutinesHead"
43 | #define KVAR_SeFileSystemNotifyRoutinesExHead L"SeFileSystemNotifyRoutinesExHead"
44 |
45 | #define KVAR_IopNotifyShutdownQueueHead L"IopNotifyShutdownQueueHead"
46 | #define KVAR_IopNotifyLastChanceShutdownQueueHead L"IopNotifyLastChanceShutdownQueueHead"
47 |
48 | #define KVAR_CallbackListHead L"CallbackListHead"
49 |
50 | #define KVAR_KeBugCheckCallbackListHead L"KeBugCheckCallbackListHead"
51 | #define KVAR_KeBugCheckReasonCallbackListHead L"KeBugCheckReasonCallbackListHead"
52 |
53 | #define KVAR_PspLoadImageNotifyRoutine L"PspLoadImageNotifyRoutine"
54 | #define KVAR_PspCreateThreadNotifyRoutine L"PspCreateThreadNotifyRoutine"
55 | #define KVAR_PspCreateProcessNotifyRoutine L"PspCreateProcessNotifyRoutine"
56 |
57 | #define KVAR_DbgkLmdCallbacks L"DbgkLmdCallbacks"
58 |
59 | #define KVAR_PsAltSystemCallHandlers L"PsAltSystemCallHandlers"
60 |
61 | #define KVAR_ExpHostList L"ExpHostList"
62 |
63 | #define KVAR_PopCoalescingCallbackRoutine L"PopCoalescingCallbackRoutine"
64 | #define KVAR_PopCoalRegistrationList L"PopCoalRegistrationList"
65 |
66 | #define KVAR_PspPicoProviderRoutines L"PspPicoProviderRoutines"
67 |
68 | #define KVAR_KiNmiCallbackListHead L"KiNmiCallbackListHead"
69 |
70 | #define KVAR_PspSiloMonitorList L"PspSiloMonitorList"
71 |
72 | #define KVAR_EmpCallbackListHead L"EmpCallbackListHead"
73 |
74 | #define KVAR_PnpDeviceClassNotifyList L"PnpDeviceClassNotifyList"
75 |
76 | #define KVAR_Win32kApiSetTable L"Win32kApiSetTable"
77 |
78 | #define KFLD_UniqueProcessId L"UniqueProcessId"
79 | #define KFLD_ImageFileName L"ImageFileName"
80 |
81 | #define KSYM_EPROCESS L"_EPROCESS"
82 | #define KSYM_CONTROL_AREA L"_CONTROL_AREA"
83 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/list.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: LIST.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Common header file for the program object listing logic.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | typedef struct _FO_LIST_ITEM {
22 | struct _FO_LIST_ITEM *Prev;
23 | UNICODE_STRING ObjectName;
24 | UNICODE_STRING ObjectType;
25 | WCHAR NameBuffer[2];
26 | } FO_LIST_ITEM, *PFO_LIST_ITEM;
27 |
28 | typedef struct _OBEX_ITEM {
29 | struct _OBEX_ITEM *Prev;
30 | WOBJ_OBJECT_TYPE TypeIndex;
31 | UNICODE_STRING Name;
32 | UNICODE_STRING TypeName;
33 | } OBEX_ITEM, * POBEX_ITEM;
34 |
35 | typedef struct _OBEX_PATH_ELEMENT {
36 | LIST_ENTRY ListEntry;
37 | WOBJ_OBJECT_TYPE TypeIndex;
38 | UNICODE_STRING Name;
39 | UNICODE_STRING TypeName;
40 | } OBEX_PATH_ELEMENT, * POBEX_PATH_ELEMENT;
41 |
42 | VOID ListHeapDestroy(
43 | VOID);
44 |
45 | VOID ListToObject(
46 | _In_ LPWSTR ObjectName);
47 |
48 | VOID ListObjectDirectoryTree(
49 | _In_ PUNICODE_STRING SubDirName,
50 | _In_opt_ HANDLE RootHandle,
51 | _In_opt_ HTREEITEM ViewRootHandle);
52 |
53 | VOID FindObject(
54 | _In_ PUNICODE_STRING DirectoryName,
55 | _In_opt_ PUNICODE_STRING NameSubstring,
56 | _In_opt_ PUNICODE_STRING TypeName,
57 | _In_ PFO_LIST_ITEM *List);
58 |
59 | VOID ListCurrentDirectoryObjects(
60 | _In_ HTREEITEM ViewRootHandle);
61 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/log/log.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2023
4 | *
5 | * TITLE: LOG.H
6 | *
7 | * VERSION: 2.03
8 | *
9 | * DATE: 27 Jul 2022
10 | *
11 | * Header file for simplified log support.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | typedef enum _WOBJ_ENTRY_TYPE {
22 | EntryTypeError = 0,
23 | EntryTypeSuccess,
24 | EntryTypeInformation,
25 | EntryTypeWarning,
26 | EntryTypeMax
27 | } WOBJ_ENTRY_TYPE;
28 |
29 | //
30 | // Maximum messages in log.
31 | //
32 | #define WOBJ_MAX_LOG_CAPACITY 4096
33 |
34 | //
35 | // Maximum length of message in log.
36 | //
37 | #define WOBJ_MAX_MESSAGE 2000
38 |
39 | typedef struct _WOBJ_LOG_ENTRY {
40 | WOBJ_ENTRY_TYPE Type;
41 | LARGE_INTEGER LoggedTime;
42 | WCHAR MessageData[WOBJ_MAX_MESSAGE];
43 | BYTE Reserved[74];
44 | } WOBJ_LOG_ENTRY, * PWOBJ_LOG_ENTRY;
45 |
46 | typedef struct _WOBJ_LOG {
47 | BOOL Initialized;
48 | ULONG Count;
49 | CRITICAL_SECTION Lock;
50 | WOBJ_LOG_ENTRY *Entries;
51 | } WOBJ_LOG, * PWOBJ_LOG;
52 |
53 | typedef BOOL(CALLBACK* PLOGENUMERATECALLBACK)(
54 | _In_ WOBJ_LOG_ENTRY *Entry,
55 | _In_ PVOID CallbackContext);
56 |
57 | VOID logCreate();
58 | VOID logFree();
59 |
60 | VOID logAdd(
61 | _In_ WOBJ_ENTRY_TYPE EntryType,
62 | _In_ WCHAR* Message);
63 |
64 | BOOL logEnumEntries(
65 | _In_ PLOGENUMERATECALLBACK EnumCallback,
66 | _In_ PVOID CallbackContext);
67 |
68 | VOID LogViewerShowDialog(
69 | _In_ HWND hwndParent);
70 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/msvcver.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2018 - 2022
4 | *
5 | * TITLE: MSVCVER.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Visual Studio compiler version determination.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | #if defined _MSC_VER && _MSC_FULL_VER
23 | #if (_MSC_VER >= 1930)
24 | #define VC_VER L"MSVC 2022" //2022 all variants (too many to list)
25 | #elif (_MSC_VER >= 1920 && _MSC_VER < 1930) //2019 all variants (too many to list)
26 | #define VC_VER L"MSVC 2019"
27 | #elif (_MSC_VER >= 1910) //2017 all variants (too many to list)
28 | #define VC_VER L"MSVC 2017"
29 | #elif (_MSC_VER == 1900) //2015
30 | #if (_MSC_FULL_VER == 190023026) //2015 RTM
31 | #define VC_VER L"MSVC 2015"
32 | #elif (_MSC_FULL_VER == 190023506) // 2015 Update 1
33 | #define VC_VER L"MSVC 2015 Update 1"
34 | #elif (_MSC_FULL_VER == 190023918) // 2015 Update 2
35 | #define VC_VER L"MSVC 2015 Update 2"
36 | #elif (_MSC_FULL_VER == 190024210) // 2015 Update 3
37 | #define VC_VER L"MSVC 2015 Update 3"
38 | #elif (_MSC_FULL_VER == 190024215) // 2015 Update 3 with Cumulative Servicing Release
39 | #define VC_VER L"MSVC 2015 Update 3 CSR"
40 | #else
41 | #define VC_VER L"MSVC 2015" //exact variant unknown
42 | #endif
43 | #elif (_MSC_VER == 1810)
44 | #if (_MSC_FULL_VER == 180040629)
45 | #define VC_VER L"MSVC 2013 Update 5"
46 | #elif (_MSC_FULL_VER == 180031101)
47 | #define VC_VER L"MSVC 2013 Update 4"
48 | #elif (_MSC_FULL_VER == 180030723)
49 | #define VC_VER L"MSVC 2013 Update 3"
50 | #elif (_MSC_FULL_VER == 180030501)
51 | #define VC_VER L"MSVC 2013 Update 2"
52 | #elif (_MSC_FULL_VER < 180021005)
53 | #define VC_VER L"MSVC 2013 Preview/Beta/RC"
54 | #else
55 | #define VC_VER L"MSVC 2013"
56 | #endif
57 | #else
58 | #define VC_VER 0
59 | #endif
60 | #else
61 | #define VC_VER L"Unknown Compiler"
62 | #endif
--------------------------------------------------------------------------------
/Source/WinObjEx64/props/propBasicConsts.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: PROPBASICCONSTS.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Consts header file for Basic property sheet.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | #define T_COULD_NOT_QUERY TEXT("*Could not query requested information*")
22 |
23 | //OBJECT_HEADER Flags
24 | static LPCWSTR T_ObjectFlags[8] = {
25 | L"NewObject",
26 | L"KernelObject",
27 | L"KernelOnlyAccess",
28 | L"Exclusive",
29 | L"Permanent",
30 | L"DefSecurityQuota",
31 | L"SingleHandleEntry",
32 | L"DeletedInline"
33 | };
34 |
35 | //
36 | // Process Trust Label related descriptions.
37 | //
38 |
39 | #define MAX_KNOWN_TRUSTLABEL_PROTECTIONTYPE 3
40 | static VALUE_DESC TrustLabelProtectionType[MAX_KNOWN_TRUSTLABEL_PROTECTIONTYPE] = {
41 | { L"None", 0x0 },
42 | { L"PPL", 0x200 },
43 | { L"PP", 0x400 }
44 | };
45 |
46 | #define MAX_KNOWN_TRUSTLABEL_PROTECTIONLEVEL 6
47 | static VALUE_DESC TrustLabelProtectionLevel[MAX_KNOWN_TRUSTLABEL_PROTECTIONLEVEL] = {
48 | { L"None", 0x0 },
49 | { L"Authenticode", 0x400 },
50 | { L"Antimalware", 0x600 },
51 | { L"App", 0x800 },
52 | { L"Windows", 0x1000 },
53 | { L"WinTcb", 0x2000 }
54 | };
55 |
56 | #define MAX_KNOWN_PROCESS_TYPE_FLAGS 9
57 | LPCWSTR T_ProcessTypeFlags[MAX_KNOWN_PROCESS_TYPE_FLAGS] = {
58 | L"ProtectedProcess",
59 | L"Wow64Process",
60 | L"ProcessDeleting",
61 | L"CrossSessionCreate",
62 | L"Frozen",
63 | L"Background",
64 | L"StronglyNamed",
65 | L"SecureProcess",
66 | L"SubsystemProcess"
67 | };
68 |
69 | #define MAX_KNOWN_PS_PROTECTED_SIGNER 9
70 | static LPWSTR T_PSPROTECTED_SIGNER[MAX_KNOWN_PS_PROTECTED_SIGNER] = {
71 | L"None",
72 | L"Authenticode",
73 | L"CodeGen",
74 | L"Antimalware",
75 | L"Lsa",
76 | L"Windows",
77 | L"WinTcb",
78 | L"WinSystem",
79 | L"App"
80 | };
81 |
82 | #define MAX_KNOWN_PS_PROTECTED_TYPE 3
83 | static LPWSTR T_PSPROTECTED_TYPE[MAX_KNOWN_PS_PROTECTED_TYPE] = {
84 | L"None",
85 | L"ProtectedLight",
86 | L"Protected"
87 | };
88 |
89 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/props/propCommon.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2022
4 | *
5 | * TITLE: PROPCOMMON.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Common header file for the property sheet based dialogs.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | typedef enum _PROP_CONTEXT_TYPE {
23 | propNormal = 0,
24 | propPrivateNamespace = 1,
25 | propUnnamed = 2,
26 | propMax = 3
27 | } PROP_CONTEXT_TYPE;
28 |
29 | typedef struct _PROP_NAMESPACE_INFO {
30 | ULONG Reserved;
31 | ULONG SizeOfBoundaryDescriptor;
32 | OBJECT_BOUNDARY_DESCRIPTOR* BoundaryDescriptor;
33 | ULONG_PTR ObjectAddress;
34 | } PROP_NAMESPACE_INFO, * PPROP_NAMESPACE_INFO;
35 |
36 | typedef struct _PROP_UNNAMED_OBJECT_INFO {
37 | BOOL IsThreadToken;
38 | ULONG_PTR ObjectAddress;
39 | CLIENT_ID ClientId;
40 | SYSTEM_THREAD_INFORMATION ThreadInformation;
41 | UNICODE_STRING ImageName;
42 | } PROP_UNNAMED_OBJECT_INFO, * PPROP_UNNAMED_OBJECT_INFO;
43 |
44 | typedef struct _PROP_OBJECT_INFO {
45 |
46 | PROP_CONTEXT_TYPE ContextType;
47 | WOBJ_OBJECT_TYPE ObjectTypeIndex;
48 |
49 | //
50 | // Object specific flags
51 | //
52 | DWORD ObjectFlags;
53 |
54 | //
55 | // Unicode strings for object name/path where used.
56 | //
57 | UNICODE_STRING NtObjectName;
58 | UNICODE_STRING NtObjectPath;
59 |
60 | //
61 | // Context specific data.
62 | //
63 | PVOID ExtrasContext;
64 |
65 | //
66 | // Reference to object type description entry in global array.
67 | //
68 | WOBJ_TYPE_DESC* TypeDescription;
69 | WOBJ_TYPE_DESC* ShadowTypeDescription; //valid only for types, same as TypeDescription for everything else.
70 |
71 | //
72 | // Icons assigned during runtime.
73 | //
74 | HICON ObjectIcon;
75 | HICON ObjectTypeIcon;
76 |
77 | OBEX_OBJECT_INFORMATION ObjectInfo; //object dump related structures
78 |
79 | //
80 | // Private namespace or unnamed object (process/thread/token) information.
81 | //
82 | union {
83 | PROP_NAMESPACE_INFO NamespaceInfo;
84 | PROP_UNNAMED_OBJECT_INFO UnnamedObjectInfo;
85 | } u1;
86 |
87 | } PROP_OBJECT_INFO, * PPROP_OBJECT_INFO;
88 |
89 | typedef struct _PROP_CONFIG {
90 | PROP_CONTEXT_TYPE ContextType;
91 | HWND hwndParent;
92 |
93 | WOBJ_OBJECT_TYPE ObjectTypeIndex;
94 |
95 | PUNICODE_STRING NtObjectName;
96 | PUNICODE_STRING NtObjectPath;
97 |
98 | union {
99 | PVOID ObjectData;
100 | union {
101 | PROP_NAMESPACE_INFO* NamespaceObject;
102 | PROP_UNNAMED_OBJECT_INFO* UnnamedObject;
103 | } u1;
104 | };
105 | } PROP_CONFIG, * PPROP_CONFIG;
106 |
107 | //open object method (propOpenCurrentObject)
108 | typedef BOOL(CALLBACK* POPENOBJECTMETHOD)(
109 | _In_ PROP_OBJECT_INFO* Context,
110 | _Inout_ PHANDLE phObject,
111 | _In_ ACCESS_MASK DesiredAccess
112 | );
113 |
114 | //close object method (propCloseCurrentObject)
115 | typedef VOID(CALLBACK* PCLOSEOBJECTMETHOD)(
116 | _In_ PROP_OBJECT_INFO* Context,
117 | _In_ HANDLE hObject
118 | );
119 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/props/propDlg.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: PROPDLG.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Common header file for properties dialog.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | HWND propGetCommonWindow();
22 | HWND propGetProcessesWindow();
23 | HWND propGetThreadsWindow();
24 | HWND propGetTokenWindow();
25 | HWND propGetDesktopWindow();
26 | HWND propGetNamespaceWindow();
27 |
28 | _Success_(return)
29 | BOOL propOpenCurrentObject(
30 | _In_ PROP_OBJECT_INFO *Context,
31 | _Out_ PHANDLE phObject,
32 | _In_ ACCESS_MASK DesiredAccess);
33 |
34 | BOOL propCloseCurrentObject(
35 | _In_ PROP_OBJECT_INFO *Context,
36 | _In_ HANDLE hObject);
37 |
38 | VOID propCreateDialog(
39 | _In_ PROP_CONFIG *Config);
40 |
41 | PPROP_OBJECT_INFO propContextCreate(
42 | _In_ PROP_CONFIG* Config);
43 |
44 | VOID propContextDestroy(
45 | _In_ PROP_OBJECT_INFO *Context);
46 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/props/props.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2024
4 | *
5 | * TITLE: PROPS.H
6 | *
7 | * VERSION: 2.05
8 | *
9 | * DATE: 11 Mar 2024
10 | *
11 | * Common header file for properties dialog definitions.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | //
23 | // Dialog procs.
24 | //
25 |
26 | INT_PTR CALLBACK AlpcPortListDialogProc(
27 | _In_ HWND hwndDlg,
28 | _In_ UINT uMsg,
29 | _In_ WPARAM wParam,
30 | _In_ LPARAM lParam);
31 |
32 | INT_PTR CALLBACK BasicPropDialogProc(
33 | _In_ HWND hwndDlg,
34 | _In_ UINT uMsg,
35 | _In_ WPARAM wParam,
36 | _In_ LPARAM lParam);
37 |
38 | INT_PTR CALLBACK DesktopListDialogProc(
39 | _In_ HWND hwndDlg,
40 | _In_ UINT uMsg,
41 | _In_ WPARAM wParam,
42 | _In_ LPARAM lParam);
43 |
44 | INT_PTR CALLBACK DriverRegistryDialogProc(
45 | _In_ HWND hwndDlg,
46 | _In_ UINT uMsg,
47 | _In_ WPARAM wParam,
48 | _In_ LPARAM lParam);
49 |
50 | INT_PTR CALLBACK ObjectDumpDialogProc(
51 | _In_ HWND hwndDlg,
52 | _In_ UINT uMsg,
53 | _In_ WPARAM wParam,
54 | _In_ LPARAM lParam);
55 |
56 | INT_PTR CALLBACK ProcessListDialogProc(
57 | _In_ HWND hwndDlg,
58 | _In_ UINT uMsg,
59 | _In_ WPARAM wParam,
60 | _In_ LPARAM lParam);
61 |
62 | INT_PTR CALLBACK SectionPropertiesDialogProc(
63 | _In_ HWND hwndDlg,
64 | _In_ UINT uMsg,
65 | _In_ WPARAM wParam,
66 | _In_ LPARAM lParam);
67 |
68 | INT_PTR CALLBACK TokenPageDialogProc(
69 | _In_ HWND hwndDlg,
70 | _In_ UINT uMsg,
71 | _In_ WPARAM wParam,
72 | _In_ LPARAM lParam);
73 |
74 | INT_PTR CALLBACK TypePropDialogProc(
75 | _In_ HWND hwndDlg,
76 | _In_ UINT uMsg,
77 | _In_ WPARAM wParam,
78 | _In_ LPARAM lParam);
79 |
80 | //
81 | // Security page.
82 | //
83 | HPROPSHEETPAGE propSecurityCreatePage(
84 | _In_ PROP_OBJECT_INFO* Context,
85 | _In_ POPENOBJECTMETHOD OpenObjectMethod,
86 | _In_opt_ PCLOSEOBJECTMETHOD CloseObjectMethod,
87 | _In_ ULONG psiFlags);
88 |
89 | //
90 | // Object dump
91 | //
92 | HTREEITEM propObDumpUlong(
93 | _In_ HWND TreeList,
94 | _In_ HTREEITEM hParent,
95 | _In_ LPWSTR lpszName,
96 | _In_opt_ LPWSTR lpszDesc,
97 | _In_ ULONG Value,
98 | _In_ BOOL HexDump,
99 | _In_ BOOL IsUShort,
100 | _In_ COLORREF BgColor,
101 | _In_ COLORREF FontColor);
102 |
103 | VOID propObDumpUlong64(
104 | _In_ HWND TreeList,
105 | _In_ HTREEITEM hParent,
106 | _In_ LPWSTR lpszName,
107 | _In_opt_ LPWSTR lpszDesc,
108 | _In_ ULONG64 Value,
109 | _In_ BOOL OutAsHex,
110 | _In_ COLORREF BgColor,
111 | _In_ COLORREF FontColor);
112 |
113 | VOID propObDumpByte(
114 | _In_ HWND TreeList,
115 | _In_ HTREEITEM hParent,
116 | _In_ LPWSTR lpszName,
117 | _In_opt_ LPWSTR lpszDesc,
118 | _In_ BYTE Value,
119 | _In_ COLORREF BgColor,
120 | _In_ COLORREF FontColor,
121 | _In_ BOOL IsBool);
122 |
123 | HTREEITEM propObDumpAddress(
124 | _In_ HWND TreeList,
125 | _In_ HTREEITEM hParent,
126 | _In_ LPWSTR lpszName,
127 | _In_opt_ LPWSTR lpszDesc,
128 | _In_opt_ PVOID Address,
129 | _In_ COLORREF BgColor,
130 | _In_ COLORREF FontColor);
131 |
132 | HTREEITEM propObDumpSetString(
133 | _In_ HWND TreeList,
134 | _In_ HTREEITEM hParent,
135 | _In_ LPWSTR lpszName,
136 | _In_opt_ LPWSTR lpszDesc,
137 | _In_opt_ LPWSTR lpszValue,
138 | _In_ COLORREF BgColor,
139 | _In_ COLORREF FontColor);
140 |
141 | HTREEITEM propObDumpLong(
142 | _In_ HWND TreeList,
143 | _In_ HTREEITEM hParent,
144 | _In_ LPWSTR lpszName,
145 | _In_opt_ LPWSTR lpszDesc,
146 | _In_ LONG Value,
147 | _In_ BOOL HexDump,
148 | _In_ COLORREF BgColor,
149 | _In_ COLORREF FontColor);
150 |
151 | VOID propObDumpLong64(
152 | _In_ HWND TreeList,
153 | _In_ HTREEITEM hParent,
154 | _In_ LPWSTR lpszName,
155 | _In_opt_ LPWSTR lpszDesc,
156 | _In_opt_ LONG64 Value,
157 | _In_ BOOL OutAsHex,
158 | _In_ COLORREF BgColor,
159 | _In_ COLORREF FontColor);
160 |
161 | VOID propObDumpListEntry(
162 | _In_ HWND TreeList,
163 | _In_ HTREEITEM hParent,
164 | _In_ LPWSTR ListEntryName,
165 | _In_opt_ PLIST_ENTRY ListEntry);
166 |
167 | VOID propObDumpUSHORT(
168 | _In_ HWND TreeList,
169 | _In_ HTREEITEM hParent,
170 | _In_ LPWSTR Name,
171 | _In_ USHORT Value,
172 | _In_ BOOLEAN HexOutput);
173 |
174 | VOID propObDumpUnicodeString(
175 | _In_ HWND TreeList,
176 | _In_ HTREEITEM hParent,
177 | _In_ LPWSTR StringName,
178 | _In_ PUNICODE_STRING InputString,
179 | _In_ BOOLEAN IsKernelPointer);
180 |
181 | VOID propDumpEnumWithNames(
182 | _In_ HWND TreeList,
183 | _In_ HTREEITEM ParentItem,
184 | _In_ LPWSTR EnumName,
185 | _In_ ULONG EnumValue,
186 | _In_ PVALUE_DESC EnumNames,
187 | _In_ ULONG EnumNamesCount);
188 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/resource.h
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/100.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/100.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/101.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/101.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/102.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/102.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/103.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/103.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/104.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/104.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/105.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/105.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/106.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/106.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/107.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/107.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/108.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/108.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/109.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/109.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/110.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/110.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/111.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/111.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/112.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/112.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/113.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/113.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/114.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/114.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/115.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/115.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/116.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/116.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/117.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/117.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/118.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/118.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/119.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/119.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/120.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/120.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/121.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/121.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/122.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/122.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/123.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/123.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/124.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/124.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/125.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/125.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/126.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/126.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/127.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/127.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/128.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/128.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/129.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/129.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/130.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/130.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/131.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/131.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/132.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/132.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/133.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/133.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/134.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/134.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/135.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/135.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/136.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/136.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/137.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/137.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/138.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/138.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/139.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/139.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/140.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/140.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/141.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/141.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/142.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/142.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/143.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/143.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/144.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/144.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/145.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/145.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/146.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/146.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/147.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/147.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/148.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/148.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/149.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/149.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/6001.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/6001.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/6002.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/6002.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/Bitmap_125.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/Bitmap_125.bmp
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/grid.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/grid.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/ico50.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/ico50.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/mailslot.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/mailslot.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/obex.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
9 | WinObjEx64
10 |
11 |
12 |
13 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
40 |
41 |
42 |
43 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/pipe.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/pipe.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/security.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/rsrc/security.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/sup/sync.c:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2022
4 | *
5 | * TITLE: SYNC.C
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Synchronization primitives.
12 | *
13 | *
14 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
15 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
16 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
17 | * PARTICULAR PURPOSE.
18 | *
19 | *******************************************************************************/
20 | #include "global.h"
21 |
22 | /*
23 | *
24 | * Fast events, taken from ph2
25 | *
26 | */
27 |
28 | /*
29 | * supInitFastEvent
30 | *
31 | * Purpose:
32 | *
33 | * Initialize fast event.
34 | *
35 | */
36 | VOID supInitFastEvent(
37 | _In_ PFAST_EVENT Event
38 | )
39 | {
40 | Event->Value = FAST_EVENT_REFCOUNT_INC;
41 | Event->EventHandle = NULL;
42 | }
43 |
44 | /*
45 | * supReferenceFastEvent
46 | *
47 | * Purpose:
48 | *
49 | * Make a reference for fast event.
50 | *
51 | */
52 | VOID supReferenceFastEvent(
53 | _In_ PFAST_EVENT Event
54 | )
55 | {
56 | _InterlockedExchangeAddPointer((PLONG_PTR)&Event->Value, FAST_EVENT_REFCOUNT_INC);
57 | }
58 |
59 | /*
60 | * supDereferenceFastEvent
61 | *
62 | * Purpose:
63 | *
64 | * Remove reference from fast event.
65 | *
66 | */
67 | VOID supDereferenceFastEvent(
68 | _In_ PFAST_EVENT Event,
69 | _In_opt_ HANDLE EventHandle
70 | )
71 | {
72 | ULONG_PTR value;
73 |
74 | value = _InterlockedExchangeAddPointer((PLONG_PTR)&Event->Value, -FAST_EVENT_REFCOUNT_INC);
75 | if (((value >> FAST_EVENT_REFCOUNT_SHIFT) & FAST_EVENT_REFCOUNT_MASK) - 1 == 0)
76 | {
77 | if (EventHandle)
78 | {
79 | NtClose(EventHandle);
80 | Event->EventHandle = NULL;
81 | }
82 | }
83 | }
84 |
85 | /*
86 | * supSetFastEvent
87 | *
88 | * Purpose:
89 | *
90 | * Set event to signaled state.
91 | *
92 | */
93 | VOID supSetFastEvent(
94 | _In_ PFAST_EVENT Event
95 | )
96 | {
97 | HANDLE eventHandle;
98 | if (!_InterlockedBitTestAndSetPointer((PLONG_PTR)&Event->Value, FAST_EVENT_SET_SHIFT)) {
99 | eventHandle = Event->EventHandle;
100 |
101 | if (eventHandle)
102 | {
103 | NtSetEvent(eventHandle, NULL);
104 | }
105 | }
106 | }
107 |
108 | /*
109 | * supTestFastEvent
110 | *
111 | * Purpose:
112 | *
113 | * Returns fast event state.
114 | *
115 | */
116 | BOOLEAN supTestFastEvent(
117 | _In_ PFAST_EVENT Event
118 | )
119 | {
120 | return (BOOLEAN)Event->Set;
121 | }
122 |
123 | /*
124 | * supResetFastEvent
125 | *
126 | * Purpose:
127 | *
128 | * Perform fast event manual reset.
129 | *
130 | */
131 | VOID supResetFastEvent(
132 | _In_ PFAST_EVENT Event
133 | )
134 | {
135 | if (Event == NULL)
136 | return;
137 |
138 | if (supTestFastEvent(Event))
139 | Event->Value = FAST_EVENT_REFCOUNT_INC;
140 | }
141 |
142 | /*
143 | * supWaitForFastEvent
144 | *
145 | * Purpose:
146 | *
147 | * Do the wait for event, if event object not allocated - allocate it.
148 | *
149 | */
150 | BOOLEAN supWaitForFastEvent(
151 | _In_ PFAST_EVENT Event,
152 | _In_opt_ PLARGE_INTEGER Timeout
153 | )
154 | {
155 | BOOLEAN result;
156 | ULONG_PTR value;
157 | HANDLE eventHandle;
158 |
159 | value = Event->Value;
160 | if (value & FAST_EVENT_SET)
161 | return TRUE;
162 |
163 | if (Timeout && Timeout->QuadPart == 0)
164 | return FALSE;
165 |
166 | supReferenceFastEvent(Event);
167 | eventHandle = Event->EventHandle;
168 |
169 | if (eventHandle == NULL) {
170 |
171 | NtCreateEvent(&eventHandle, EVENT_ALL_ACCESS, NULL, NotificationEvent, FALSE);
172 | assert(eventHandle);
173 |
174 | if (NULL != _InterlockedCompareExchangePointer(
175 | &Event->EventHandle,
176 | eventHandle,
177 | NULL))
178 | {
179 | NtClose(eventHandle);
180 | eventHandle = Event->EventHandle;
181 | }
182 |
183 | }
184 |
185 | if (!(Event->Value & FAST_EVENT_SET)) {
186 | result = (NtWaitForSingleObject(eventHandle, FALSE, Timeout) == STATUS_WAIT_0);
187 | }
188 | else {
189 | result = TRUE;
190 | }
191 |
192 | supDereferenceFastEvent(Event, eventHandle);
193 |
194 | return result;
195 | }
196 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/sup/wine.c:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2022
4 | *
5 | * TITLE: WINE.C
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
12 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
13 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
14 | * PARTICULAR PURPOSE.
15 | *
16 | *******************************************************************************/
17 |
18 | #include "global.h"
19 | #include "ntos/ntldr.h"
20 |
21 | #define _WINE_DEBUG_MODE
22 | #undef _WINE_DEBUG_MODE
23 |
24 | typedef char* (__cdecl* pwine_get_version)(void);
25 |
26 | /*
27 | * GetWineVersion
28 | *
29 | * Purpose:
30 | *
31 | * Query Wine version.
32 | *
33 | * N.B. This function bypasses current WineStaging hide exports hack.
34 | *
35 | */
36 | #ifndef _WINE_DEBUG_MODE
37 | PCHAR GetWineVersion(
38 | VOID
39 | )
40 | {
41 | pwine_get_version pfn = NULL;
42 | HMODULE hmod;
43 | RESOLVE_INFO rfn;
44 |
45 | hmod = GetModuleHandle(TEXT("ntdll.dll"));
46 | if (hmod) {
47 |
48 | rfn.ForwarderName = NULL;
49 | rfn.Function = NULL;
50 | rfn.ResultType = FunctionCode;
51 |
52 | if (NT_SUCCESS(NtRawGetProcAddress(
53 | (LPVOID)hmod,
54 | "wine_get_version",
55 | &rfn)))
56 | {
57 | if (rfn.ResultType == FunctionCode)
58 | pfn = (pwine_get_version)rfn.Function;
59 | }
60 |
61 | if (pfn)
62 | return pfn();
63 | }
64 | return NULL;
65 | }
66 | #else
67 | PCHAR WineGetVersion(void)
68 | {
69 | return "6.0";
70 | }
71 | #endif
72 |
73 |
74 | /*
75 | * IsWine
76 | *
77 | * Purpose:
78 | *
79 | * Query if there is a Wine layer enabled.
80 | *
81 | */
82 | BOOLEAN IsWine(
83 | VOID
84 | )
85 | {
86 | PCHAR lpWine;
87 |
88 | lpWine = GetWineVersion();
89 |
90 | return (lpWine != NULL);
91 | }
92 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/sup/wine.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2018 - 2022
4 | *
5 | * TITLE: WINE.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Wine/Wine staging support header file.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | PCHAR GetWineVersion(VOID);
23 | BOOLEAN IsWine(VOID);
24 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/tests/testunit.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: TESTUNIT.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Common header file for test code.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | VOID TestStart(VOID);
22 | VOID TestStop(VOID);
23 | VOID TestException(_In_ BOOL bNaked);
24 | HANDLE TestGetPortHandle();
25 |
26 | #ifdef _DEBUG
27 | #define BeginTests() TestStart()
28 | #define EndTests() TestStop()
29 | #else
30 | #define BeginTests()
31 | #define EndTests()
32 | #endif
33 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/utils/GenAsIo2Unlock.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/WinObjEx64/utils/GenAsIo2Unlock.exe
--------------------------------------------------------------------------------
/Source/WinObjEx64_Plugins.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.30803.129
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ApiSetView", "Plugins\ApiSetView\ApiSetView.vcxproj", "{72BF2A8F-E7AE-467F-B00F-1C51F1C3D2C8}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ExamplePlugin", "Plugins\ExamplePlugin\ExamplePlugin.vcxproj", "{7C10DDD2-E88A-4133-B140-80679BE8AFDD}"
9 | EndProject
10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ImageScope", "Plugins\ImageScope\ImageScope.vcxproj", "{38D717F0-9152-4B74-8D32-5222373EAB3E}"
11 | EndProject
12 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Sonar", "Plugins\Sonar\Sonar.vcxproj", "{91A5250B-99D2-48F9-B649-82D66C9A6396}"
13 | EndProject
14 | Global
15 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
16 | Debug|x64 = Debug|x64
17 | Release|x64 = Release|x64
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {72BF2A8F-E7AE-467F-B00F-1C51F1C3D2C8}.Debug|x64.ActiveCfg = Debug|x64
21 | {72BF2A8F-E7AE-467F-B00F-1C51F1C3D2C8}.Debug|x64.Build.0 = Debug|x64
22 | {72BF2A8F-E7AE-467F-B00F-1C51F1C3D2C8}.Release|x64.ActiveCfg = Release|x64
23 | {72BF2A8F-E7AE-467F-B00F-1C51F1C3D2C8}.Release|x64.Build.0 = Release|x64
24 | {7C10DDD2-E88A-4133-B140-80679BE8AFDD}.Debug|x64.ActiveCfg = Debug|x64
25 | {7C10DDD2-E88A-4133-B140-80679BE8AFDD}.Debug|x64.Build.0 = Debug|x64
26 | {7C10DDD2-E88A-4133-B140-80679BE8AFDD}.Release|x64.ActiveCfg = Release|x64
27 | {7C10DDD2-E88A-4133-B140-80679BE8AFDD}.Release|x64.Build.0 = Release|x64
28 | {38D717F0-9152-4B74-8D32-5222373EAB3E}.Debug|x64.ActiveCfg = Debug|x64
29 | {38D717F0-9152-4B74-8D32-5222373EAB3E}.Debug|x64.Build.0 = Debug|x64
30 | {38D717F0-9152-4B74-8D32-5222373EAB3E}.Release|x64.ActiveCfg = Release|x64
31 | {38D717F0-9152-4B74-8D32-5222373EAB3E}.Release|x64.Build.0 = Release|x64
32 | {91A5250B-99D2-48F9-B649-82D66C9A6396}.Debug|x64.ActiveCfg = Debug|x64
33 | {91A5250B-99D2-48F9-B649-82D66C9A6396}.Debug|x64.Build.0 = Debug|x64
34 | {91A5250B-99D2-48F9-B649-82D66C9A6396}.Release|x64.ActiveCfg = Release|x64
35 | {91A5250B-99D2-48F9-B649-82D66C9A6396}.Release|x64.Build.0 = Release|x64
36 | EndGlobalSection
37 | GlobalSection(SolutionProperties) = preSolution
38 | HideSolutionNode = FALSE
39 | EndGlobalSection
40 | GlobalSection(ExtensibilityGlobals) = postSolution
41 | SolutionGuid = {C0DEFB87-8F58-4650-8008-3113A0E0969F}
42 | EndGlobalSection
43 | EndGlobal
44 |
--------------------------------------------------------------------------------
/Source/drvstore/kldbgdrv.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/8b3b1d1bc0ad836397a6a356f268a88f78f981b9/Source/drvstore/kldbgdrv.sys
--------------------------------------------------------------------------------
/appveyor.yml:
--------------------------------------------------------------------------------
1 | version: 1.0.{build}
2 | branches:
3 | only:
4 | - master
5 | skip_tags: true
6 | image: Visual Studio 2022
7 | configuration: Release
8 | platform: x64
9 | shallow_clone: true
10 | clone_folder: c:\projects\winobjex64
11 | build:
12 | project: Source/WinObjEx64.sln
13 | verbosity: normal
14 | artifacts:
15 | - path: Source\WinObjEx64\output\x64\Release\bin\WinObjEx64.exe
16 | name: WinObjEx64
--------------------------------------------------------------------------------