├── Source
├── Plugins
│ ├── Sonar
│ │ ├── export.def
│ │ ├── Resource.rc
│ │ ├── Sonar.vcxproj.user
│ │ ├── resource.h
│ │ ├── global.h
│ │ ├── ui.h
│ │ └── Sonar.vcxproj.filters
│ ├── ApiSetView
│ │ ├── export.def
│ │ ├── Resource.rc
│ │ ├── ApiSetView.vcxproj.user
│ │ ├── query.h
│ │ ├── resource.h
│ │ ├── ui.h
│ │ ├── global.h
│ │ └── ApiSetView.vcxproj.filters
│ ├── ImageScope
│ │ ├── export.def
│ │ ├── Resource.rc
│ │ ├── ImageScope.vcxproj.user
│ │ ├── resource.h
│ │ ├── global.h
│ │ ├── ui.h
│ │ ├── query.h
│ │ └── ImageScope.vcxproj.filters
│ ├── ExamplePlugin
│ │ ├── export.def
│ │ ├── Resource.rc
│ │ ├── ExamplePlugin.vcxproj.user
│ │ ├── resource.h
│ │ └── ExamplePlugin.vcxproj.filters
│ ├── postbuild.cmd
│ └── utils.h
├── TypesWithNoDesc.txt
├── WinObjEx64
│ ├── Resource.rc
│ ├── resource.h
│ ├── rsrc
│ │ ├── 100.ico
│ │ ├── 101.ico
│ │ ├── 102.ico
│ │ ├── 103.ico
│ │ ├── 104.ico
│ │ ├── 105.ico
│ │ ├── 106.ico
│ │ ├── 107.ico
│ │ ├── 108.ico
│ │ ├── 109.ico
│ │ ├── 110.ico
│ │ ├── 111.ico
│ │ ├── 112.ico
│ │ ├── 113.ico
│ │ ├── 114.ico
│ │ ├── 115.ico
│ │ ├── 116.ico
│ │ ├── 117.ico
│ │ ├── 118.ico
│ │ ├── 119.ico
│ │ ├── 120.ico
│ │ ├── 121.ico
│ │ ├── 122.ico
│ │ ├── 123.ico
│ │ ├── 124.ico
│ │ ├── 125.ico
│ │ ├── 126.ico
│ │ ├── 127.ico
│ │ ├── 128.ico
│ │ ├── 129.ico
│ │ ├── 130.ico
│ │ ├── 131.ico
│ │ ├── 132.ico
│ │ ├── 133.ico
│ │ ├── 134.ico
│ │ ├── 135.ico
│ │ ├── 136.ico
│ │ ├── 137.ico
│ │ ├── 138.ico
│ │ ├── 139.ico
│ │ ├── 140.ico
│ │ ├── 141.ico
│ │ ├── 142.ico
│ │ ├── 143.ico
│ │ ├── 144.ico
│ │ ├── 145.ico
│ │ ├── 146.ico
│ │ ├── 147.ico
│ │ ├── 148.ico
│ │ ├── 149.ico
│ │ ├── 6001.ico
│ │ ├── 6002.ico
│ │ ├── grid.ico
│ │ ├── pipe.ico
│ │ ├── ico50.ico
│ │ ├── mailslot.ico
│ │ ├── security.ico
│ │ ├── Bitmap_125.bmp
│ │ └── obex.manifest
│ ├── utils
│ │ └── GenAsIo2Unlock.exe
│ ├── driver.rc
│ ├── WinObjEx64.vcxproj.user
│ ├── sup
│ │ ├── wine.h
│ │ ├── wine.c
│ │ └── sync.c
│ ├── tests
│ │ ├── ntsup_tests.h
│ │ └── testunit.h
│ ├── drivers
│ │ ├── wdbgdrv.h
│ │ ├── winio.h
│ │ ├── wdbgdrv.c
│ │ └── wdrvprv.h
│ ├── excepth.h
│ ├── props
│ │ ├── propDlg.h
│ │ ├── propBasicConsts.h
│ │ ├── propCommon.h
│ │ └── props.h
│ ├── hash.h
│ ├── hde
│ │ ├── pstdint.h
│ │ ├── hde64.h
│ │ └── table64.h
│ ├── list.h
│ ├── log
│ │ └── log.h
│ ├── extapi.h
│ ├── extapi.c
│ ├── extras
│ │ ├── extras.h
│ │ └── extrasCallbacksPatterns.h
│ ├── kldbg_patterns.h
│ ├── msvcver.h
│ └── ksymbols.h
├── drvstore
│ └── kldbgdrv.sys
├── Utils
│ ├── readme.txt
│ ├── SearchPattern
│ │ ├── test.cmd
│ │ ├── SearchPattern.vcxproj.user
│ │ ├── SearchPattern.vcxproj.filters
│ │ └── SearchPattern.sln
│ └── GenAsIo2Unlock
│ │ ├── GenAsIo2Unlock.vcxproj.user
│ │ ├── GenAsIo2Unlock.sln
│ │ ├── GenAsIo2Unlock.vcxproj.filters
│ │ └── GenAsIo2Unlock.vcxproj
├── Shared
│ ├── minirtl
│ │ ├── _strend.c
│ │ ├── _strlen.c
│ │ ├── _strchr.c
│ │ ├── _strcat.c
│ │ ├── strtoul.c
│ │ ├── _strcpyn.c
│ │ ├── _strcpy.c
│ │ ├── strtou64.c
│ │ ├── ultohex.c
│ │ ├── ultostr.c
│ │ ├── _strcmp.c
│ │ ├── u64tohex.c
│ │ ├── u64tostr.c
│ │ ├── _strcmpi.c
│ │ ├── hextoul.c
│ │ ├── _strncpy.c
│ │ ├── _filename.h
│ │ ├── _strncmp.c
│ │ ├── _strncmpi.c
│ │ ├── hextou64.c
│ │ ├── rtltypes.h
│ │ ├── strtoi.c
│ │ ├── strtoi64.c
│ │ ├── itostr.c
│ │ ├── i64tostr.c
│ │ ├── _strstr.c
│ │ ├── _strstri.c
│ │ ├── _filename.c
│ │ └── minirtl.h
│ ├── ntos
│ │ ├── ntbuilds.h
│ │ └── ntldr.h
│ ├── tabs
│ │ └── tabsctrl.h
│ └── treelist
│ │ └── treelist.h
├── WinObjEx64.sln
└── WinObjEx64_Plugins.sln
├── .gitattributes
├── Docs
├── Callbacks.pdf
├── WinObjEx64.chm
├── Plugins
│ ├── Plugins.odt
│ └── Plugins.pdf
├── Screenshots
│ ├── ApiSetView.png
│ ├── ImsSection.png
│ ├── ImsStrings.png
│ ├── MainWindow.png
│ ├── ApiSetView190.png
│ ├── CallbacksView.png
│ ├── NdisProtocols.png
│ ├── ProcessList.png
│ ├── ViewingPipes.png
│ ├── CmControlVector.png
│ ├── ObjectTypeView.png
│ ├── TokenProperties.png
│ ├── UnloadedDrivers.png
│ ├── CallbackObjectView.png
│ ├── FindObjectDialog.png
│ ├── PropertiesDialog.png
│ ├── SecurityDialogPage.png
│ ├── ViewingObjectDump.png
│ ├── AlpcPortConnections.png
│ ├── ViewingSectionObject.png
│ ├── ViewingServiceTable.png
│ ├── W32pServiceTableView.png
│ ├── ViewingThreadProperties.png
│ ├── ViewingTokenProperties.png
│ ├── ViewingTypeInformation.png
│ ├── ViewingUserSharedData.png
│ ├── ViewingPrivateNamespaces.png
│ └── ViewingProcessProperties.png
├── WHATSNEW_180.md
├── WHATSNEW_187.md
├── WHATSNEW_190.md
├── WHATSNEW_200.md
├── WHATSNEW_173.md
└── WHATSNEW_170.md
├── .github
├── PULL_REQUEST_TEMPLATE.md
├── ISSUE_TEMPLATE
│ └── bug_report.md
└── workflows
│ └── msbuild.yml
├── appveyor.yml
└── LICENSE.md
/Source/Plugins/Sonar/export.def:
--------------------------------------------------------------------------------
1 | EXPORTS
2 | PluginInit
3 |
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/export.def:
--------------------------------------------------------------------------------
1 | EXPORTS
2 | PluginInit
3 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/export.def:
--------------------------------------------------------------------------------
1 | EXPORTS
2 | PluginInit
3 |
--------------------------------------------------------------------------------
/Source/Plugins/ExamplePlugin/export.def:
--------------------------------------------------------------------------------
1 | EXPORTS
2 | PluginInit
3 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
--------------------------------------------------------------------------------
/Docs/Callbacks.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Callbacks.pdf
--------------------------------------------------------------------------------
/Docs/WinObjEx64.chm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/WinObjEx64.chm
--------------------------------------------------------------------------------
/Docs/Plugins/Plugins.odt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Plugins/Plugins.odt
--------------------------------------------------------------------------------
/Docs/Plugins/Plugins.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Plugins/Plugins.pdf
--------------------------------------------------------------------------------
/Source/TypesWithNoDesc.txt:
--------------------------------------------------------------------------------
1 | Silo (r3 interface removed in 10240 release, object removed in TH2 builds)
2 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/Resource.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/Resource.rc
--------------------------------------------------------------------------------
/Source/WinObjEx64/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/resource.h
--------------------------------------------------------------------------------
/Source/drvstore/kldbgdrv.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/drvstore/kldbgdrv.sys
--------------------------------------------------------------------------------
/Docs/Screenshots/ApiSetView.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ApiSetView.png
--------------------------------------------------------------------------------
/Docs/Screenshots/ImsSection.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ImsSection.png
--------------------------------------------------------------------------------
/Docs/Screenshots/ImsStrings.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ImsStrings.png
--------------------------------------------------------------------------------
/Docs/Screenshots/MainWindow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/MainWindow.png
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/100.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/100.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/101.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/101.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/102.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/102.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/103.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/103.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/104.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/104.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/105.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/105.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/106.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/106.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/107.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/107.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/108.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/108.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/109.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/109.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/110.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/110.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/111.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/111.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/112.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/112.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/113.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/113.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/114.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/114.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/115.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/115.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/116.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/116.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/117.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/117.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/118.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/118.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/119.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/119.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/120.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/120.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/121.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/121.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/122.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/122.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/123.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/123.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/124.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/124.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/125.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/125.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/126.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/126.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/127.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/127.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/128.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/128.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/129.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/129.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/130.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/130.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/131.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/131.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/132.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/132.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/133.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/133.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/134.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/134.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/135.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/135.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/136.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/136.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/137.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/137.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/138.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/138.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/139.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/139.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/140.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/140.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/141.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/141.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/142.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/142.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/143.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/143.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/144.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/144.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/145.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/145.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/146.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/146.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/147.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/147.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/148.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/148.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/149.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/149.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/6001.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/6001.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/6002.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/6002.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/grid.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/grid.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/pipe.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/pipe.ico
--------------------------------------------------------------------------------
/Docs/Screenshots/ApiSetView190.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ApiSetView190.png
--------------------------------------------------------------------------------
/Docs/Screenshots/CallbacksView.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/CallbacksView.png
--------------------------------------------------------------------------------
/Docs/Screenshots/NdisProtocols.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/NdisProtocols.png
--------------------------------------------------------------------------------
/Docs/Screenshots/ProcessList.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ProcessList.png
--------------------------------------------------------------------------------
/Docs/Screenshots/ViewingPipes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ViewingPipes.png
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/Resource.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/Plugins/Sonar/Resource.rc
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/ico50.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/ico50.ico
--------------------------------------------------------------------------------
/Docs/Screenshots/CmControlVector.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/CmControlVector.png
--------------------------------------------------------------------------------
/Docs/Screenshots/ObjectTypeView.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ObjectTypeView.png
--------------------------------------------------------------------------------
/Docs/Screenshots/TokenProperties.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/TokenProperties.png
--------------------------------------------------------------------------------
/Docs/Screenshots/UnloadedDrivers.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/UnloadedDrivers.png
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/mailslot.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/mailslot.ico
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/security.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/security.ico
--------------------------------------------------------------------------------
/Docs/Screenshots/CallbackObjectView.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/CallbackObjectView.png
--------------------------------------------------------------------------------
/Docs/Screenshots/FindObjectDialog.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/FindObjectDialog.png
--------------------------------------------------------------------------------
/Docs/Screenshots/PropertiesDialog.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/PropertiesDialog.png
--------------------------------------------------------------------------------
/Docs/Screenshots/SecurityDialogPage.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/SecurityDialogPage.png
--------------------------------------------------------------------------------
/Docs/Screenshots/ViewingObjectDump.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ViewingObjectDump.png
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/Resource.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/Plugins/ApiSetView/Resource.rc
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/Resource.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/Plugins/ImageScope/Resource.rc
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/Bitmap_125.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/rsrc/Bitmap_125.bmp
--------------------------------------------------------------------------------
/Docs/Screenshots/AlpcPortConnections.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/AlpcPortConnections.png
--------------------------------------------------------------------------------
/Docs/Screenshots/ViewingSectionObject.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ViewingSectionObject.png
--------------------------------------------------------------------------------
/Docs/Screenshots/ViewingServiceTable.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ViewingServiceTable.png
--------------------------------------------------------------------------------
/Docs/Screenshots/W32pServiceTableView.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/W32pServiceTableView.png
--------------------------------------------------------------------------------
/Source/Plugins/ExamplePlugin/Resource.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/Plugins/ExamplePlugin/Resource.rc
--------------------------------------------------------------------------------
/Docs/Screenshots/ViewingThreadProperties.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ViewingThreadProperties.png
--------------------------------------------------------------------------------
/Docs/Screenshots/ViewingTokenProperties.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ViewingTokenProperties.png
--------------------------------------------------------------------------------
/Docs/Screenshots/ViewingTypeInformation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ViewingTypeInformation.png
--------------------------------------------------------------------------------
/Docs/Screenshots/ViewingUserSharedData.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ViewingUserSharedData.png
--------------------------------------------------------------------------------
/Source/WinObjEx64/utils/GenAsIo2Unlock.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Source/WinObjEx64/utils/GenAsIo2Unlock.exe
--------------------------------------------------------------------------------
/Docs/Screenshots/ViewingPrivateNamespaces.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ViewingPrivateNamespaces.png
--------------------------------------------------------------------------------
/Docs/Screenshots/ViewingProcessProperties.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hfiref0x/WinObjEx64/HEAD/Docs/Screenshots/ViewingProcessProperties.png
--------------------------------------------------------------------------------
/Source/Utils/readme.txt:
--------------------------------------------------------------------------------
1 | Support and test utilities.
2 |
3 | GenAsIo2Unlock - generate unlocking data for *locked* Asus drivers from EneTech.
4 | SearchPattern - test tool for pattern lookups.
5 |
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/Sonar.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/ApiSetView.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/ImageScope.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/Source/Plugins/ExamplePlugin/ExamplePlugin.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | # Summary
2 |
3 | Please describe your changes here
4 |
5 | If you are going to resolve some issue, please add this context - Resolve #ISSUE_NUMBER
6 |
7 | If you are going to fix some bug issue, please add this context - Fix #ISSUE_NUMBER
8 |
--------------------------------------------------------------------------------
/Source/Utils/SearchPattern/test.cmd:
--------------------------------------------------------------------------------
1 | @echo off
2 | echo Looking for pattern 1
3 | sp.exe C:\Dumps\ntoskrnl.exe "PAGE" "41 B8 FF 00 00 00 BF 06 00 00 00" "11 11 00 11 11 11 11 11 11 11 11"
4 | pause
5 | echo Looking for pattern 2
6 | sp.exe C:\Dumps\ntoskrnl.exe "PAGE" "BA D0 07 00 00 B9 40 00 00 00" "11 11 11 11 11 11 11 11 11 11"
7 | pause
--------------------------------------------------------------------------------
/Source/WinObjEx64/driver.rc:
--------------------------------------------------------------------------------
1 | #include "resource.h"
2 | #include "winres.h"
3 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
4 | #ifndef _UseOwnDriver
5 | IDR_KDBGDRV SYS "..\\drvstore\\kldbgdrv.sys"
6 | #else
7 | #ifdef _UseWinIo
8 | IDR_KDBGDRV SYS "..\\drvstore\\winio.sys"
9 | #else
10 | IDR_KDBGDRV SYS "..\\drvstore\\wodbgdrv.sys"
11 | #endif
12 | #endif
13 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strend.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strend_a(const char *s)
4 | {
5 | if ( s==0 )
6 | return 0;
7 |
8 | while ( *s!=0 )
9 | s++;
10 |
11 | return (char *)s;
12 | }
13 |
14 | wchar_t *_strend_w(const wchar_t *s)
15 | {
16 | if ( s==0 )
17 | return 0;
18 |
19 | while ( *s!=0 )
20 | s++;
21 |
22 | return (wchar_t *)s;
23 | }
24 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strlen.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t _strlen_a(const char *s)
4 | {
5 | char *s0 = (char *)s;
6 |
7 | if ( s==0 )
8 | return 0;
9 |
10 | while ( *s!=0 )
11 | s++;
12 |
13 | return (s-s0);
14 | }
15 |
16 | size_t _strlen_w(const wchar_t *s)
17 | {
18 | wchar_t *s0 = (wchar_t *)s;
19 |
20 | if ( s==0 )
21 | return 0;
22 |
23 | while ( *s!=0 )
24 | s++;
25 |
26 | return (s-s0);
27 | }
28 |
--------------------------------------------------------------------------------
/Source/Utils/GenAsIo2Unlock/GenAsIo2Unlock.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | c:\makeexe\kdu\kdu.exe
5 | WindowsLocalDebugger
6 |
7 |
--------------------------------------------------------------------------------
/Source/Plugins/ExamplePlugin/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by Resource.rc
4 |
5 | // Next default values for new objects
6 | //
7 | #ifdef APSTUDIO_INVOKED
8 | #ifndef APSTUDIO_READONLY_SYMBOLS
9 | #define _APS_NEXT_RESOURCE_VALUE 101
10 | #define _APS_NEXT_COMMAND_VALUE 40001
11 | #define _APS_NEXT_CONTROL_VALUE 1001
12 | #define _APS_NEXT_SYMED_VALUE 101
13 | #endif
14 | #endif
15 |
--------------------------------------------------------------------------------
/appveyor.yml:
--------------------------------------------------------------------------------
1 | version: 1.0.{build}
2 | branches:
3 | only:
4 | - master
5 | skip_tags: true
6 | image: Visual Studio 2022
7 | configuration: Release
8 | platform: x64
9 | shallow_clone: true
10 | clone_folder: c:\projects\winobjex64
11 |
12 | build_script:
13 | - cmd: msbuild Source\WinObjEx64.sln /m /verbosity:normal /p:Configuration=Release /p:Platform=x64 /p:PlatformToolset=v143
14 |
15 | artifacts:
16 | - path: Source\WinObjEx64\output\x64\Release\bin\WinObjEx64.exe
17 | name: WinObjEx64
18 |
--------------------------------------------------------------------------------
/Source/Plugins/postbuild.cmd:
--------------------------------------------------------------------------------
1 | echo ----------------------------------------------
2 | echo %1 post-build script
3 | echo ----------------------------------------------
4 |
5 | echo Copy %2 to Bin\Plugins
6 | copy %2 ..\..\Bin\plugins /y
7 |
8 | echo Copy %2 to WinObjEx64\Plugins [DEBUG]
9 | copy %2 ..\..\WinObjEx64\plugins /y
10 |
11 | IF EXIST %3 (
12 | Echo Copy %3 to WinObjEx64\Plugins [DEBUG]
13 | copy %3 ..\..\WinObjEx64\plugins /y
14 | ) ELSE (
15 | echo %3 pdb file was not found, skipping
16 | )
17 |
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by Resource.rc
4 | //
5 | #define IDI_ICON2 104
6 |
7 | // Next default values for new objects
8 | //
9 | #ifdef APSTUDIO_INVOKED
10 | #ifndef APSTUDIO_READONLY_SYMBOLS
11 | #define _APS_NEXT_RESOURCE_VALUE 106
12 | #define _APS_NEXT_COMMAND_VALUE 40001
13 | #define _APS_NEXT_CONTROL_VALUE 1001
14 | #define _APS_NEXT_SYMED_VALUE 101
15 | #endif
16 | #endif
17 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/WinObjEx64.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | WindowsLocalDebugger
5 |
6 |
7 |
8 |
9 | WindowsLocalDebugger
10 |
11 |
12 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strchr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strchr_a(const char *s, const char ch)
4 | {
5 | char *p = (char *)s;
6 |
7 | if (s == 0)
8 | return 0;
9 |
10 | while (*p != 0) {
11 | if (*p == ch)
12 | return p;
13 | p++;
14 | }
15 |
16 | return 0;
17 | }
18 |
19 | wchar_t *_strchr_w(const wchar_t *s, const wchar_t ch)
20 | {
21 | wchar_t *p = (wchar_t *)s;
22 |
23 | if (s == 0)
24 | return 0;
25 |
26 | while (*p != 0) {
27 | if (*p == ch)
28 | return p;
29 | p++;
30 | }
31 |
32 | return 0;
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strcat.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strcat_a(char *dest, const char *src)
4 | {
5 | if ( (dest==0) || (src==0) )
6 | return dest;
7 |
8 | while ( *dest!=0 )
9 | dest++;
10 |
11 | while ( *src!=0 ) {
12 | *dest = *src;
13 | dest++;
14 | src++;
15 | }
16 |
17 | *dest = 0;
18 | return dest;
19 | }
20 |
21 | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src)
22 | {
23 | if ( (dest==0) || (src==0) )
24 | return dest;
25 |
26 | while ( *dest!=0 )
27 | dest++;
28 |
29 | while ( *src!=0 ) {
30 | *dest = *src;
31 | dest++;
32 | src++;
33 | }
34 |
35 | *dest = 0;
36 | return dest;
37 | }
38 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/strtoul.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | unsigned long strtoul_a(char *s)
4 | {
5 | unsigned long a = 0;
6 | char c;
7 |
8 | if (s == 0)
9 | return 0;
10 |
11 | while (*s != 0) {
12 | c = *s;
13 | if (_isdigit_a(c))
14 | a = (a*10)+(c-'0');
15 | else
16 | break;
17 | s++;
18 | }
19 | return a;
20 | }
21 |
22 | unsigned long strtoul_w(wchar_t *s)
23 | {
24 | unsigned long a = 0;
25 | wchar_t c;
26 |
27 | if (s == 0)
28 | return 0;
29 |
30 | while (*s != 0) {
31 | c = *s;
32 | if (_isdigit_w(c))
33 | a = (a*10)+(c-L'0');
34 | else
35 | break;
36 | s++;
37 | }
38 | return a;
39 | }
40 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by Resource.rc
4 | //
5 | #define IDD_TABDLG_SECTION 9
6 | #define IDD_TABDLG_VSINFO 103
7 | #define IDD_TABDLG_STRINGS 105
8 | #define IDC_LIST 1002
9 |
10 | // Next default values for new objects
11 | //
12 | #ifdef APSTUDIO_INVOKED
13 | #ifndef APSTUDIO_READONLY_SYMBOLS
14 | #define _APS_NEXT_RESOURCE_VALUE 107
15 | #define _APS_NEXT_COMMAND_VALUE 40001
16 | #define _APS_NEXT_CONTROL_VALUE 1005
17 | #define _APS_NEXT_SYMED_VALUE 101
18 | #endif
19 | #endif
20 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strcpyn.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strcpyn_a(char* dest, const char* src, size_t n)
4 | {
5 | size_t i = 0;
6 | char *p;
7 |
8 | if ((dest == 0) || (src == 0))
9 | return dest;
10 |
11 | p = dest;
12 |
13 | while (i++ != n && (*p++ = *src++));
14 |
15 | *p = 0;
16 |
17 | return dest;
18 | }
19 |
20 | wchar_t *_strcpyn_w(wchar_t* dest, const wchar_t* src, size_t n)
21 | {
22 | size_t i = 0;
23 | wchar_t *p;
24 |
25 | if ((dest == 0) || (src == 0))
26 | return dest;
27 |
28 | p = dest;
29 |
30 | while (i++ != n && (*p++ = *src++));
31 |
32 | *p = 0;
33 |
34 | return dest;
35 | }
36 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 | title: ''
5 | labels: ''
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Describe the bug**
11 | A clear and concise description of what the bug is.
12 |
13 | **To Reproduce**
14 | If applicable, steps to reproduce the behavior.
15 |
16 | **Expected behavior**
17 | A clear and concise description of what you expected to happen.
18 |
19 | **Screenshots**
20 | If applicable, add screenshots to help explain your problem.
21 |
22 | **Environment**
23 | If applicable, add exact Windows version, including build number.
24 |
25 | **Additional context**
26 | Add any other context about the problem here.
27 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strcpy.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strcpy_a(char *dest, const char *src)
4 | {
5 | char *p;
6 |
7 | if ( (dest==0) || (src==0) )
8 | return dest;
9 |
10 | if (dest == src)
11 | return dest;
12 |
13 | p = dest;
14 | while ( *src!=0 ) {
15 | *p = *src;
16 | p++;
17 | src++;
18 | }
19 |
20 | *p = 0;
21 | return dest;
22 | }
23 |
24 | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src)
25 | {
26 | wchar_t *p;
27 |
28 | if ((dest == 0) || (src == 0))
29 | return dest;
30 |
31 | if (dest == src)
32 | return dest;
33 |
34 | p = dest;
35 | while ( *src!=0 ) {
36 | *p = *src;
37 | p++;
38 | src++;
39 | }
40 |
41 | *p = 0;
42 | return dest;
43 | }
44 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/strtou64.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | unsigned long long strtou64_a(char *s)
4 | {
5 | unsigned long long a = 0;
6 | char c;
7 |
8 | if (s == 0)
9 | return 0;
10 |
11 | while (*s != 0) {
12 | c = *s;
13 | if (_isdigit_a(c))
14 | a = (a*10)+((unsigned long long)c-'0');
15 | else
16 | break;
17 | s++;
18 | }
19 | return a;
20 | }
21 |
22 | unsigned long long strtou64_w(wchar_t *s)
23 | {
24 | unsigned long long a = 0;
25 | wchar_t c;
26 |
27 | if (s == 0)
28 | return 0;
29 |
30 | while (*s != 0) {
31 | c = *s;
32 | if (_isdigit_w(c))
33 | a = (a*10)+((unsigned long long)c-L'0');
34 | else
35 | break;
36 | s++;
37 | }
38 | return a;
39 | }
40 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/sup/wine.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2018 - 2022
4 | *
5 | * TITLE: WINE.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Wine/Wine staging support header file.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | PCHAR GetWineVersion(VOID);
23 | BOOLEAN IsWine(VOID);
24 |
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/query.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2021
4 | *
5 | * TITLE: QUERY.H
6 | *
7 | * VERSION: 1.11
8 | *
9 | * DATE: 01 June 2021
10 | *
11 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
12 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
13 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
14 | * PARTICULAR PURPOSE.
15 | *
16 | *******************************************************************************/
17 |
18 | #pragma once
19 |
20 | VOID ListApiSetFromFile(
21 | _In_opt_ LPCWSTR lpFileName,
22 | _In_opt_ LPCWSTR FilterByName);
23 |
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by Resource.rc
4 | //
5 | #define IDD_ASDIALOG 101
6 | #define IDC_ENTRY_EDIT 1001
7 | #define IDC_SEARCH_EDIT 1002
8 | #define IDC_SEARCH_BUTTON 1003
9 | #define IDC_BROWSE_BUTTON 1004
10 | #define ID_USE_SYSTEM_SCHEMA_FILE 40001
11 |
12 | // Next default values for new objects
13 | //
14 | #ifdef APSTUDIO_INVOKED
15 | #ifndef APSTUDIO_READONLY_SYMBOLS
16 | #define _APS_NEXT_RESOURCE_VALUE 103
17 | #define _APS_NEXT_COMMAND_VALUE 40002
18 | #define _APS_NEXT_CONTROL_VALUE 1005
19 | #define _APS_NEXT_SYMED_VALUE 101
20 | #endif
21 | #endif
22 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/ultohex.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t ultohex_a(unsigned long x, char *s)
4 | {
5 | char p;
6 | size_t c;
7 |
8 | if (s==0)
9 | return 8;
10 |
11 | for (c=0; c<8; c++) {
12 | p = (char)(x & 0xf);
13 | x >>= 4;
14 |
15 | if (p<10)
16 | p += '0';
17 | else
18 | p = 'A' + (p-10);
19 |
20 | s[7-c] = p;
21 | }
22 |
23 | s[8] = 0;
24 | return 8;
25 | }
26 |
27 | size_t ultohex_w(unsigned long x, wchar_t *s)
28 | {
29 | wchar_t p;
30 | size_t c;
31 |
32 | if (s==0)
33 | return 8;
34 |
35 | for (c=0; c<8; c++) {
36 | p = (wchar_t)(x & 0xf);
37 | x >>= 4;
38 |
39 | if (p<10)
40 | p += L'0';
41 | else
42 | p = L'A' + (p-10);
43 |
44 | s[7-c] = p;
45 | }
46 |
47 | s[8] = 0;
48 | return 8;
49 | }
50 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/ultostr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t ultostr_a(unsigned long x, char *s)
4 | {
5 | unsigned long t=x;
6 | size_t i, r=1;
7 |
8 | while ( t >= 10 ) {
9 | t /= 10;
10 | r++;
11 | }
12 |
13 | if (s == 0)
14 | return r;
15 |
16 | for (i = r; i != 0; i--) {
17 | s[i-1] = (char)(x % 10) + '0';
18 | x /= 10;
19 | }
20 |
21 | s[r] = (char)0;
22 | return r;
23 | }
24 |
25 | size_t ultostr_w(unsigned long x, wchar_t *s)
26 | {
27 | unsigned long t=x;
28 | size_t i, r=1;
29 |
30 | while ( t >= 10 ) {
31 | t /= 10;
32 | r++;
33 | }
34 |
35 | if (s == 0)
36 | return r;
37 |
38 | for (i = r; i != 0; i--) {
39 | s[i-1] = (wchar_t)(x % 10) + L'0';
40 | x /= 10;
41 | }
42 |
43 | s[r] = (wchar_t)0;
44 | return r;
45 | }
46 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strcmp.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | int _strcmp_a(const char *s1, const char *s2)
4 | {
5 | char c1, c2;
6 |
7 | if ( s1==s2 )
8 | return 0;
9 |
10 | if ( s1==0 )
11 | return -1;
12 |
13 | if ( s2==0 )
14 | return 1;
15 |
16 | do {
17 | c1 = *s1;
18 | c2 = *s2;
19 | s1++;
20 | s2++;
21 | } while ( (c1 != 0) && (c1 == c2) );
22 |
23 | return (int)(c1 - c2);
24 | }
25 |
26 | int _strcmp_w(const wchar_t *s1, const wchar_t *s2)
27 | {
28 | wchar_t c1, c2;
29 |
30 | if ( s1==s2 )
31 | return 0;
32 |
33 | if ( s1==0 )
34 | return -1;
35 |
36 | if ( s2==0 )
37 | return 1;
38 |
39 | do {
40 | c1 = *s1;
41 | c2 = *s2;
42 | s1++;
43 | s2++;
44 | } while ( (c1 != 0) && (c1 == c2) );
45 |
46 | return (int)(c1 - c2);
47 | }
48 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/u64tohex.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t u64tohex_a(unsigned long long x, char *s)
4 | {
5 | char p;
6 | size_t c;
7 |
8 | if (s==0)
9 | return 16;
10 |
11 | for (c=0; c<16; c++) {
12 | p = (char)(x & 0xf);
13 | x >>= 4;
14 |
15 | if (p<10)
16 | p += '0';
17 | else
18 | p = 'A' + (p-10);
19 |
20 | s[15-c] = p;
21 | }
22 |
23 | s[16] = 0;
24 | return 16;
25 | }
26 |
27 | size_t u64tohex_w(unsigned long long x, wchar_t *s)
28 | {
29 | wchar_t p;
30 | size_t c;
31 |
32 | if (s==0)
33 | return 16;
34 |
35 | for (c = 0; c<16; c++) {
36 | p = (wchar_t)(x & 0xf);
37 | x >>= 4;
38 |
39 | if (p<10)
40 | p += L'0';
41 | else
42 | p = L'A' + (p-10);
43 |
44 | s[15-c] = p;
45 | }
46 |
47 | s[16] = 0;
48 | return 16;
49 | }
50 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/u64tostr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t u64tostr_a(unsigned long long x, char *s)
4 | {
5 | unsigned long long t = x;
6 | size_t i, r=1;
7 |
8 | while ( t >= 10 ) {
9 | t /= 10;
10 | r++;
11 | }
12 |
13 | if (s == 0)
14 | return r;
15 |
16 | for (i = r; i != 0; i--) {
17 | s[i-1] = (char)(x % 10) + '0';
18 | x /= 10;
19 | }
20 |
21 | s[r] = (char)0;
22 | return r;
23 | }
24 |
25 | size_t u64tostr_w(unsigned long long x, wchar_t *s)
26 | {
27 | unsigned long long t = x;
28 | size_t i, r=1;
29 |
30 | while ( t >= 10 ) {
31 | t /= 10;
32 | r++;
33 | }
34 |
35 | if (s == 0)
36 | return r;
37 |
38 | for (i = r; i != 0; i--) {
39 | s[i-1] = (wchar_t)(x % 10) + L'0';
40 | x /= 10;
41 | }
42 |
43 | s[r] = (wchar_t)0;
44 | return r;
45 | }
46 |
--------------------------------------------------------------------------------
/Source/Utils/SearchPattern/SearchPattern.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | C:\Dumps\ntoskrnl.exe "PAGE" "41B8C4000000BF06000000" "1111001111111111111110"
5 | WindowsLocalDebugger
6 |
7 |
8 | C:\Dumps\ntoskrnl.exe "PAGE" "41B8C4000000BF06000000" "1111001111111111111110"
9 | WindowsLocalDebugger
10 |
11 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strcmpi.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | int _strcmpi_a(const char *s1, const char *s2)
4 | {
5 | char c1, c2;
6 |
7 | if ( s1==s2 )
8 | return 0;
9 |
10 | if ( s1==0 )
11 | return -1;
12 |
13 | if ( s2==0 )
14 | return 1;
15 |
16 | do {
17 | c1 = locase_a(*s1);
18 | c2 = locase_a(*s2);
19 | s1++;
20 | s2++;
21 | } while ( (c1 != 0) && (c1 == c2) );
22 |
23 | return (int)(c1 - c2);
24 | }
25 |
26 | int _strcmpi_w(const wchar_t *s1, const wchar_t *s2)
27 | {
28 | wchar_t c1, c2;
29 |
30 | if ( s1==s2 )
31 | return 0;
32 |
33 | if ( s1==0 )
34 | return -1;
35 |
36 | if ( s2==0 )
37 | return 1;
38 |
39 | do {
40 | c1 = locase_w(*s1);
41 | c2 = locase_w(*s2);
42 | s1++;
43 | s2++;
44 | } while ( (c1 != 0) && (c1 == c2) );
45 |
46 | return (int)(c1 - c2);
47 | }
48 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/hextoul.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | unsigned long hextoul_a(char *s)
4 | {
5 | unsigned long r = 0;
6 | char c;
7 |
8 | if (s == 0)
9 | return 0;
10 |
11 | while (*s != 0) {
12 | c = locase_a(*s);
13 | s++;
14 | if (_isdigit_a(c))
15 | r = 16 * r + (c - '0');
16 | else
17 | if ((c >= 'a') && (c <= 'f'))
18 | r = 16 * r + (c - 'a' + 10);
19 | else
20 | break;
21 | }
22 | return r;
23 | }
24 |
25 | unsigned long hextoul_w(wchar_t *s)
26 | {
27 | unsigned long r = 0;
28 | wchar_t c;
29 |
30 | if ( s==0 )
31 | return 0;
32 |
33 | while ( *s!=0 ) {
34 | c = locase_w(*s);
35 | s++;
36 | if (_isdigit_w(c))
37 | r = 16*r + (c-L'0');
38 | else
39 | if ((c >= L'a') && (c <= L'f'))
40 | r = 16*r + (c-L'a'+10);
41 | else
42 | break;
43 | }
44 | return r;
45 | }
46 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strncpy.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strncpy_a(char *dest, size_t ccdest, const char *src, size_t ccsrc)
4 | {
5 | char *p;
6 |
7 | if ( (dest==0) || (src==0) || (ccdest==0) )
8 | return dest;
9 |
10 | ccdest--;
11 | p = dest;
12 |
13 | while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) {
14 | *p = *src;
15 | p++;
16 | src++;
17 | ccdest--;
18 | ccsrc--;
19 | }
20 |
21 | *p = 0;
22 | return dest;
23 | }
24 |
25 | wchar_t *_strncpy_w(wchar_t *dest, size_t ccdest, const wchar_t *src, size_t ccsrc)
26 | {
27 | wchar_t *p;
28 |
29 | if ( (dest==0) || (src==0) || (ccdest==0) )
30 | return dest;
31 |
32 | ccdest--;
33 | p = dest;
34 |
35 | while ( (*src!=0) && (ccdest>0) && (ccsrc>0) ) {
36 | *p = *src;
37 | p++;
38 | src++;
39 | ccdest--;
40 | ccsrc--;
41 | }
42 |
43 | *p = 0;
44 | return dest;
45 | }
46 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/tests/ntsup_tests.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2025 UGN/HE
4 | *
5 | * TITLE: NTSUP_TESTS.H
6 | *
7 | * VERSION: 2.09
8 | *
9 | * DATE: 10 Aug 2025
10 | *
11 | * Common header file for NTSUP test code.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | VOID Test_WriteBufferToFile();
22 | VOID Test_FindModuleNameByAddress();
23 | VOID Test_GetLoadedModulesListEx();
24 | VOID Test_GetSystemInfoEx();
25 | VOID Test_HashImageSections();
26 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_filename.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #ifndef _FILENAMEH_
4 | #define _FILENAMEH_
5 |
6 | char *_filename_a(const char *f);
7 | wchar_t *_filename_w(const wchar_t *f);
8 | char *_fileext_a(const char *f);
9 | wchar_t *_fileext_w(const wchar_t *f);
10 | char *_filename_noext_a(char *dest, const char *f);
11 | wchar_t *_filename_noext_w(wchar_t *dest, const wchar_t *f);
12 | char *_filepath_a(const char *fname, char *fpath);
13 | wchar_t *_filepath_w(const wchar_t *fname, wchar_t *fpath);
14 |
15 | #ifdef UNICODE
16 | #define _filename _filename_w
17 | #define _fileext _fileext_w
18 | #define _filepath _filepath_w
19 | #define _filename_noext _filename_noext_w
20 | #else // ANSI
21 | #define _filename _filename_a
22 | #define _fileext _fileext_a
23 | #define _filepath _filepath_a
24 | #define _filename_noext _filename_noext_a
25 | #endif
26 |
27 | #endif /* _FILENAMEH_ */
--------------------------------------------------------------------------------
/Source/WinObjEx64/drivers/wdbgdrv.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2022
4 | *
5 | * TITLE: WDBGDRV.H
6 | *
7 | * VERSION: 1.93
8 | *
9 | * DATE: 22 Apr 2022
10 | *
11 | * Common header file for the WINDBG Driver Helper support.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | BOOL WDbgDrvReadSystemMemory(
22 | _In_ WDRV_CONTEXT* Context,
23 | _In_ ULONG_PTR Address,
24 | _Inout_ PVOID Buffer,
25 | _In_ ULONG BufferSize,
26 | _Out_opt_ PULONG NumberOfBytesRead);
27 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strncmp.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | int _strncmp_a(const char *s1, const char *s2, size_t cchars)
4 | {
5 | char c1, c2;
6 |
7 | if ( s1==s2 )
8 | return 0;
9 |
10 | if ( s1==0 )
11 | return -1;
12 |
13 | if ( s2==0 )
14 | return 1;
15 |
16 | if ( cchars==0 )
17 | return 0;
18 |
19 | do {
20 | c1 = *s1;
21 | c2 = *s2;
22 | s1++;
23 | s2++;
24 | cchars--;
25 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
26 |
27 | return (int)(c1 - c2);
28 | }
29 |
30 | int _strncmp_w(const wchar_t *s1, const wchar_t *s2, size_t cchars)
31 | {
32 | wchar_t c1, c2;
33 |
34 | if ( s1==s2 )
35 | return 0;
36 |
37 | if ( s1==0 )
38 | return -1;
39 |
40 | if ( s2==0 )
41 | return 1;
42 |
43 | if ( cchars==0 )
44 | return 0;
45 |
46 | do {
47 | c1 = *s1;
48 | c2 = *s2;
49 | s1++;
50 | s2++;
51 | cchars--;
52 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
53 |
54 | return (int)(c1 - c2);
55 | }
56 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/tests/testunit.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: TESTUNIT.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Common header file for test code.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | VOID TestStart(VOID);
22 | VOID TestStop(VOID);
23 | VOID TestException(_In_ BOOL bNaked);
24 | HANDLE TestGetPortHandle();
25 |
26 | #ifdef _DEBUG
27 | #define BeginTests() TestStart()
28 | #define EndTests() TestStop()
29 | #else
30 | #define BeginTests()
31 | #define EndTests()
32 | #endif
33 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strncmpi.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | int _strncmpi_a(const char *s1, const char *s2, size_t cchars)
4 | {
5 | char c1, c2;
6 |
7 | if ( s1==s2 )
8 | return 0;
9 |
10 | if ( s1==0 )
11 | return -1;
12 |
13 | if ( s2==0 )
14 | return 1;
15 |
16 | if ( cchars==0 )
17 | return 0;
18 |
19 | do {
20 | c1 = locase_a(*s1);
21 | c2 = locase_a(*s2);
22 | s1++;
23 | s2++;
24 | cchars--;
25 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
26 |
27 | return (int)(c1 - c2);
28 | }
29 |
30 | int _strncmpi_w(const wchar_t *s1, const wchar_t *s2, size_t cchars)
31 | {
32 | wchar_t c1, c2;
33 |
34 | if ( s1==s2 )
35 | return 0;
36 |
37 | if ( s1==0 )
38 | return -1;
39 |
40 | if ( s2==0 )
41 | return 1;
42 |
43 | if ( cchars==0 )
44 | return 0;
45 |
46 | do {
47 | c1 = locase_w(*s1);
48 | c2 = locase_w(*s2);
49 | s1++;
50 | s2++;
51 | cchars--;
52 | } while ( (c1 != 0) && (c1 == c2) && (cchars>0) );
53 |
54 | return (int)(c1 - c2);
55 | }
56 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/hextou64.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | unsigned long long hextou64_a(char* s)
4 | {
5 | unsigned long long r = 0;
6 | char c;
7 |
8 | if (s == 0)
9 | return 0;
10 |
11 | while (*s != 0) {
12 | c = locase_a(*s);
13 | s++;
14 | if (_isdigit_a(c))
15 | r = 16 * r + (unsigned long int)c - (unsigned long int)'0';
16 | else
17 | if ((c >= 'a') && (c <= 'f'))
18 | r = 16 * r + (unsigned long int)c - (unsigned long int)'a' + 10;
19 | else
20 | break;
21 | }
22 | return r;
23 | }
24 |
25 | unsigned long long hextou64_w(wchar_t *s)
26 | {
27 | unsigned long long r = 0;
28 | wchar_t c;
29 |
30 | if ( s==0 )
31 | return 0;
32 |
33 | while ( *s!=0 ) {
34 | c = locase_w(*s);
35 | s++;
36 | if (_isdigit_w(c))
37 | r = 16 * r + (unsigned long int)c - (unsigned long int)L'0';
38 | else
39 | if ((c >= L'a') && (c <= L'f'))
40 | r = 16 * r + (unsigned long int)c - (unsigned long int)L'a' + 10;
41 | else
42 | break;
43 | }
44 | return r;
45 | }
46 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/rtltypes.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #ifndef _WCHAR_T_DEFINED
4 | typedef unsigned short wchar_t;
5 | #define _WCHAR_T_DEFINED
6 | #endif /* _WCHAR_T_DEFINED */
7 |
8 | #ifndef _SIZE_T_DEFINED
9 | #ifdef _WIN64
10 | typedef unsigned __int64 size_t;
11 | #else /* _WIN64 */
12 | typedef __w64 unsigned int size_t;
13 | #endif /* _WIN64 */
14 | #define _SIZE_T_DEFINED
15 | #endif /* _SIZE_T_DEFINED */
16 |
17 | __forceinline char locase_a(char c)
18 | {
19 | if ((c >= 'A') && (c <= 'Z'))
20 | return c + 0x20;
21 | else
22 | return c;
23 | }
24 |
25 | __forceinline wchar_t locase_w(wchar_t c)
26 | {
27 | if ((c >= 'A') && (c <= 'Z'))
28 | return c + 0x20;
29 | else
30 | return c;
31 | }
32 |
33 | __forceinline char byteabs(char x) {
34 | if (x < 0)
35 | return -x;
36 | return x;
37 | }
38 |
39 | __forceinline int _isdigit_a(char x) {
40 | return ((x >= '0') && (x <= '9'));
41 | }
42 |
43 | __forceinline int _isdigit_w(wchar_t x) {
44 | return ((x >= L'0') && (x <= L'9'));
45 | }
46 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/strtoi.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | int strtoi_a(char *s)
4 | {
5 | int a = 0, sign;
6 | char c;
7 |
8 | if (s == 0)
9 | return 0;
10 |
11 | switch (*s) {
12 | case '-':
13 | s++;
14 | sign = -1;
15 | break;
16 |
17 | case '+':
18 | s++;
19 | sign = 1;
20 | break;
21 |
22 | default:
23 | sign = 1;
24 | }
25 |
26 | while (*s != 0) {
27 | c = *s;
28 | if (_isdigit_a(c))
29 | a = (a*10) + (c-'0');
30 | else
31 | break;
32 | s++;
33 | }
34 | return a*sign;
35 | }
36 |
37 | int strtoi_w(wchar_t *s)
38 | {
39 | int a = 0, sign;
40 | wchar_t c;
41 |
42 | if (s == 0)
43 | return 0;
44 |
45 | switch (*s) {
46 | case L'-':
47 | s++;
48 | sign = -1;
49 | break;
50 |
51 | case L'+':
52 | s++;
53 | sign = 1;
54 | break;
55 |
56 | default:
57 | sign = 1;
58 | }
59 |
60 | while (*s != 0) {
61 | c = *s;
62 | if (_isdigit_w(c))
63 | a = (a*10)+(c-L'0');
64 | else
65 | break;
66 | s++;
67 | }
68 | return a*sign;
69 | }
70 |
--------------------------------------------------------------------------------
/Docs/WHATSNEW_180.md:
--------------------------------------------------------------------------------
1 |
2 | ## What is new in 1.8.0
3 |
4 | - **Plugins subsystem**
5 |
6 | Subsystem that allows expand WinObjEx64 functionality without modifying main executable with maximum 20 plugins supported implemented as dlls.
7 |
8 | - **NDIS protocols viewer**
9 |
10 | 
11 |
12 | Show basic information about registered NDIS protocols. Implemented as Sonar plugin, to use it administrative privilege and Windows Debug mode required.
13 |
14 | - **ApiSet viewer**
15 |
16 | 
17 |
18 | ApiSet viewer implemented as plugin. Can view current system apiset or parse and display apiset from apiset dll. Supports V2 (Windows 7), V4 (Windows 8+), V6 (Windows 10) apisets.
19 |
20 | - **Other**
21 |
22 | Run as LocalSystem feature improved (issue #14), compatibility improvements for upcoming Windows 10 20H1 release.
23 |
--------------------------------------------------------------------------------
/Docs/WHATSNEW_187.md:
--------------------------------------------------------------------------------
1 |
2 | ## What is new in 1.8.7
3 |
4 | - **Plugins subsystem changes**
5 |
6 | It has been upgraded to include context plugins and multi-instance support.
7 |
8 | - **ImageScope section object viewer**
9 |
10 | 
11 |
12 | New WinObjEx64 context plugin. Display information about section object that is backed by an image file. Show version info fields, printable strings.
13 |
14 | 
15 |
16 |
17 | - **Other**
18 | + Compatibility improvements for Windows 10 20H1/20H2/21H1 versions.
19 | + Added recongnizing of shimmed drivers in drivers list, this feature is only supported starting from Windows 10
20 | + Process trust label (if present) now also displayed for objects of section type
21 | + Added plugins viewer
22 | + Multiple other minor changes in program logic and UI
23 | + Fixed several bugs
24 |
--------------------------------------------------------------------------------
/Source/Utils/SearchPattern/SearchPattern.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/strtoi64.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | signed long long strtoi64_a(char *s)
4 | {
5 | signed long long a = 0, sign;
6 | char c;
7 |
8 | if (s == 0)
9 | return 0;
10 |
11 | switch (*s) {
12 | case '-':
13 | s++;
14 | sign = -1;
15 | break;
16 |
17 | case '+':
18 | s++;
19 | sign = 1;
20 | break;
21 |
22 | default:
23 | sign = 1;
24 | }
25 |
26 | while (*s != 0) {
27 | c = *s;
28 | if (_isdigit_a(c))
29 | a = (a*10) + ((signed long long)c-'0');
30 | else
31 | break;
32 | s++;
33 | }
34 | return a*sign;
35 | }
36 |
37 | signed long long strtoi64_w(wchar_t *s)
38 | {
39 | signed long long a = 0, sign;
40 | wchar_t c;
41 |
42 | if (s == 0)
43 | return 0;
44 |
45 | switch (*s) {
46 | case L'-':
47 | s++;
48 | sign = -1;
49 | break;
50 |
51 | case L'+':
52 | s++;
53 | sign = 1;
54 | break;
55 |
56 | default:
57 | sign = 1;
58 | }
59 |
60 | while (*s != 0) {
61 | c = *s;
62 | if (_isdigit_w(c))
63 | a = (a*10)+((signed long long)c-L'0');
64 | else
65 | break;
66 | s++;
67 | }
68 | return a*sign;
69 | }
70 |
--------------------------------------------------------------------------------
/Source/Utils/GenAsIo2Unlock/GenAsIo2Unlock.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.31025.218
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "GenAsIo2Unlock", "GenAsIo2Unlock.vcxproj", "{19A7EF82-4431-4167-AAC9-57FA29B1AE21}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Release|x64 = Release|x64
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {19A7EF82-4431-4167-AAC9-57FA29B1AE21}.Debug|x64.ActiveCfg = Debug|x64
15 | {19A7EF82-4431-4167-AAC9-57FA29B1AE21}.Debug|x64.Build.0 = Debug|x64
16 | {19A7EF82-4431-4167-AAC9-57FA29B1AE21}.Release|x64.ActiveCfg = Release|x64
17 | {19A7EF82-4431-4167-AAC9-57FA29B1AE21}.Release|x64.Build.0 = Release|x64
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {61964766-0C22-42CC-8170-469C28F6C2D8}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/excepth.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: EXCEPTH.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Common header file for the exception handling routines.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | INT exceptFilter(
22 | _In_ UINT ExceptionCode,
23 | _In_ EXCEPTION_POINTERS *ExceptionPointers);
24 |
25 | INT exceptFilterWithLog(
26 | _In_ UINT ExceptionCode,
27 | _In_opt_ EXCEPTION_POINTERS* ExceptionPointers);
28 |
29 | INT exceptFilterUnhandled(
30 | _In_ struct _EXCEPTION_POINTERS* ExceptionInfo);
31 |
32 | #define WOBJ_EXCEPTION_FILTER exceptFilter(GetExceptionCode(), GetExceptionInformation())
33 | #define WOBJ_EXCEPTION_FILTER_LOG exceptFilterWithLog(GetExceptionCode(), GetExceptionInformation())
34 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/itostr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t itostr_a(int x, char *s)
4 | {
5 | int t;
6 | size_t i, r = 1, sign;
7 |
8 | t = x;
9 |
10 | if (x < 0) {
11 | sign = 1;
12 | while (t <= -10) {
13 | t /= 10;
14 | r++;
15 | }
16 | }
17 | else {
18 | sign = 0;
19 | while (t >= 10) {
20 | t /= 10;
21 | r++;
22 | }
23 | }
24 |
25 | if (s == 0)
26 | return r + sign;
27 |
28 | if (sign) {
29 | *s = '-';
30 | s++;
31 | }
32 |
33 | for (i = r; i != 0; i--) {
34 | s[i - 1] = (char)byteabs(x % 10) + '0';
35 | x /= 10;
36 | }
37 |
38 | s[r] = (char)0;
39 | return r + sign;
40 | }
41 |
42 |
43 | size_t itostr_w(int x, wchar_t *s)
44 | {
45 | int t;
46 | size_t i, r = 1, sign;
47 |
48 | t = x;
49 |
50 | if (x < 0) {
51 | sign = 1;
52 | while (t <= -10) {
53 | t /= 10;
54 | r++;
55 | }
56 | }
57 | else {
58 | sign = 0;
59 | while (t >= 10) {
60 | t /= 10;
61 | r++;
62 | }
63 | }
64 |
65 | if (s == 0)
66 | return r + sign;
67 |
68 | if (sign) {
69 | *s = '-';
70 | s++;
71 | }
72 |
73 | for (i = r; i != 0; i--) {
74 | s[i - 1] = (wchar_t)byteabs(x % 10) + L'0';
75 | x /= 10;
76 | }
77 |
78 | s[r] = (wchar_t)0;
79 | return r + sign;
80 | }
81 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/i64tostr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | size_t i64tostr_a(signed long long x, char *s)
4 | {
5 | signed long long t=x;
6 | size_t i, r=1, sign;
7 |
8 | if (x < 0) {
9 | sign = 1;
10 | while (t <= -10) {
11 | t /= 10;
12 | r++;
13 | }
14 | }
15 | else {
16 | sign = 0;
17 | while (t >= 10) {
18 | t /= 10;
19 | r++;
20 | }
21 | }
22 |
23 | if (s == 0)
24 | return r + sign;
25 |
26 | if (sign) {
27 | *s = '-';
28 | s++;
29 | }
30 |
31 | for (i = r; i != 0; i--) {
32 | s[i - 1] = (char)byteabs(x % 10) + '0';
33 | x /= 10;
34 | }
35 |
36 | s[r] = (char)0;
37 | return r + sign;
38 | }
39 |
40 | size_t i64tostr_w(signed long long x, wchar_t *s)
41 | {
42 | signed long long t=x;
43 | size_t i, r=1, sign;
44 |
45 | if (x < 0) {
46 | sign = 1;
47 | while (t <= -10) {
48 | t /= 10;
49 | r++;
50 | }
51 | } else {
52 | sign = 0;
53 | while (t >= 10) {
54 | t /= 10;
55 | r++;
56 | }
57 | }
58 |
59 | if (s == 0)
60 | return r+sign;
61 |
62 | if (sign) {
63 | *s = '-';
64 | s++;
65 | }
66 |
67 | for (i = r; i != 0; i--) {
68 | s[i-1] = (wchar_t)byteabs(x % 10) + L'0';
69 | x /= 10;
70 | }
71 |
72 | s[r] = (wchar_t)0;
73 | return r+sign;
74 | }
75 |
--------------------------------------------------------------------------------
/Docs/WHATSNEW_190.md:
--------------------------------------------------------------------------------
1 |
2 | ## What is new in 1.9.0
3 |
4 | - **Unloaded drivers view**
5 |
6 | 
7 |
8 | View contents of MmUnloadedDrivers ntoskrnl managed array.
9 |
10 | - **ALPC Ports connections**
11 |
12 | 
13 |
14 | Display information about ALPC port connected clients, similar to WinDBG *!alpc /port* command.
15 |
16 | - **Section Object dump view**
17 |
18 | 
19 |
20 | View contents of Section object type and it child structures such as CONTROL_AREA, SEGMENT etc. Note that view is not complete and only list important fields, similar to WinDBG *!ca 0xX 4* command.
21 |
22 | - **Updated ApiSetSchema plugin**
23 |
24 | 
25 |
26 | Improved search and fixed some bugs.
27 |
28 | - **Other**
29 | + Added ExCreateCallback list to the callbacks list
30 | + Fixed several bugs
31 |
--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
1 | Copyright (c) 2015 - 2025, WinObjEx64 Project, hfiref0x
2 |
3 | Redistribution and use in source and binary forms, with or without
4 | modification, are permitted provided that the following conditions are met:
5 |
6 | * Redistributions of source code must retain the above copyright notice, this
7 | list of conditions and the following disclaimer.
8 |
9 | * Redistributions in binary form must reproduce the above copyright notice,
10 | this list of conditions and the following disclaimer in the documentation
11 | and/or other materials provided with the distribution.
12 |
13 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
14 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
16 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
17 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
19 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
20 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
21 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
22 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/props/propDlg.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: PROPDLG.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Common header file for properties dialog.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | HWND propGetCommonWindow();
22 | HWND propGetProcessesWindow();
23 | HWND propGetThreadsWindow();
24 | HWND propGetTokenWindow();
25 | HWND propGetDesktopWindow();
26 | HWND propGetNamespaceWindow();
27 |
28 | _Success_(return)
29 | BOOL propOpenCurrentObject(
30 | _In_ PROP_OBJECT_INFO *Context,
31 | _Out_ PHANDLE phObject,
32 | _In_ ACCESS_MASK DesiredAccess);
33 |
34 | BOOL propCloseCurrentObject(
35 | _In_ PROP_OBJECT_INFO *Context,
36 | _In_ HANDLE hObject);
37 |
38 | VOID propCreateDialog(
39 | _In_ PROP_CONFIG *Config);
40 |
41 | PPROP_OBJECT_INFO propContextCreate(
42 | _In_ PROP_CONFIG* Config);
43 |
44 | VOID propContextDestroy(
45 | _In_ PROP_OBJECT_INFO *Context);
46 |
--------------------------------------------------------------------------------
/Source/Plugins/ExamplePlugin/ExamplePlugin.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 | Header Files
28 |
29 |
30 |
31 |
32 | Resource Files
33 |
34 |
35 |
--------------------------------------------------------------------------------
/Docs/WHATSNEW_200.md:
--------------------------------------------------------------------------------
1 |
2 | ## What is new in 2.0.0
3 |
4 | - **CmControlVector viewer**
5 |
6 | 
7 |
8 | View contents of CmControlVector ntoskrnl parameters array. Can display actual values of variables or dump them when driver support is enabled.
9 |
10 | - **Other**
11 | + Added entirely new handling of object names to support embedded nulls
12 | + Added Pico providers, Nmi, SiloMonitor and Errata manager callbacks
13 | + Added Copy Name/Copy Name (Binary) commands to the main window popup menus
14 | + Added program statistics (see Help->Statistics)
15 | + Added legend window description for process list
16 | + Added ability to fix image sections for dumped drivers
17 | + Added RegistryTransaction object view and access rights
18 | + Moved "Globals" from about box to the View->System Information and rearranged it output
19 | + Drivers dump operation can now be cancelled
20 | + Fix display of PUNICODE_STRING dump
21 | + Fix ALPC Port type objects sometimes unable to open while they can be opened
22 | + Plugin sdk updated to accommodate new named objects handling
23 | + Imagescope plugin updated to accomodate plugin sdk changes
24 | + Elevation required features in "extras" will now request elevation instead of just been disabled
25 | + Help file updated with drivers and symbols usage
26 | + Internal rearrange and minor UI changes
27 |
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/ui.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2025
4 | *
5 | * TITLE: UI.H
6 | *
7 | * VERSION: 1.20
8 | *
9 | * DATE: 03 Oct 2025
10 | *
11 | * WinObjEx64 ApiSetView UI constants, definitions and includes.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | #pragma comment(lib, "comctl32.lib")
23 | #pragma comment(lib, "uxtheme.lib")
24 |
25 | #define DefaultSystemDpi 96
26 | #define WINOBJEX64_ICON_MAIN 174
27 | #define ID_OBJECT_COPY 40008
28 |
29 | #define T_EmptyString TEXT("")
30 |
31 | typedef struct _VALUE_DESC {
32 | ULONG Value;
33 | LPCWSTR Desc;
34 | } VALUE_DESC, * PVALUE_DESC;
35 |
36 | typedef struct _GUI_CONTEXT {
37 | HWND MainWindow;
38 | HWND TreeList;
39 | HWND SearchEdit;
40 | HANDLE PluginHeap;
41 | HANDLE WorkerThread;
42 | HICON WindowIcon;
43 |
44 | INT tlSubItemHit;
45 |
46 | WCHAR SchemaFileName[MAX_PATH * 2];
47 |
48 | //
49 | // WinObjEx64 data and pointers.
50 | //
51 | WINOBJEX_PARAM_BLOCK ParamBlock;
52 | } GUI_CONTEXT, *PGUI_CONTEXT;
53 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strstr.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strstr_a(const char *s, const char *sub_s)
4 | {
5 | char c0, c1, c2, *tmps, *tmpsub;
6 |
7 | if (s == sub_s)
8 | return (char *)s;
9 |
10 | if (s == 0)
11 | return 0;
12 |
13 | if (sub_s == 0)
14 | return 0;
15 |
16 | c0 = *sub_s;
17 | while (c0 != 0) {
18 |
19 | while (*s != 0) {
20 | c2 = *s;
21 | if (c2 == c0)
22 | break;
23 | s++;
24 | }
25 |
26 | if (*s == 0)
27 | return 0;
28 |
29 | tmps = (char *)s;
30 | tmpsub = (char *)sub_s;
31 | do {
32 | c1 = *tmps;
33 | c2 = *tmpsub;
34 | tmps++;
35 | tmpsub++;
36 | } while ((c1 == c2) && (c2 != 0));
37 |
38 | if (c2 == 0)
39 | return (char *)s;
40 |
41 | s++;
42 | }
43 | return 0;
44 | }
45 |
46 | wchar_t *_strstr_w(const wchar_t *s, const wchar_t *sub_s)
47 | {
48 | wchar_t c0, c1, c2, *tmps, *tmpsub;
49 |
50 | if (s == sub_s)
51 | return (wchar_t *)s;
52 |
53 | if (s == 0)
54 | return 0;
55 |
56 | if (sub_s == 0)
57 | return 0;
58 |
59 | c0 = *sub_s;
60 | while (c0 != 0) {
61 |
62 | while (*s != 0) {
63 | c2 = *s;
64 | if (c2 == c0)
65 | break;
66 | s++;
67 | }
68 |
69 | if (*s == 0)
70 | return 0;
71 |
72 | tmps = (wchar_t *)s;
73 | tmpsub = (wchar_t *)sub_s;
74 | do {
75 | c1 = *tmps;
76 | c2 = *tmpsub;
77 | tmps++;
78 | tmpsub++;
79 | } while ((c1 == c2) && (c2 != 0));
80 |
81 | if (c2 == 0)
82 | return (wchar_t *)s;
83 |
84 | s++;
85 | }
86 | return 0;
87 | }
88 |
--------------------------------------------------------------------------------
/Docs/WHATSNEW_173.md:
--------------------------------------------------------------------------------
1 |
2 | ## What is new in 1.7.3
3 |
4 | - **Threads view for Process list dialog**
5 |
6 | 
7 |
8 | List of selected process threads. To view much of information administrative privilege and elevation required. Shows driver file for system threads.
9 |
10 | - **Process properties**
11 |
12 | 
13 |
14 | Show basic information about selected process object, including applied mitigation policies (if present) and security. To view all process information program must run elevated.
15 |
16 | - **Thread properties**
17 |
18 | 
19 |
20 | Show basic information about selected thread object, including object security. To view all thread information program must run elevated.
21 |
22 |
23 | - **Token properties**
24 |
25 | 
26 |
27 | Show basic information about access token (for Process or Thread object if it impersonating a client).
28 |
29 | - **Other**
30 |
31 | Number of UI changes and improvements, including but not limited to bug fixes, and compatibility improvements for upcoming Windows 10 19H1 release.
32 |
--------------------------------------------------------------------------------
/Source/Utils/SearchPattern/SearchPattern.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 17
4 | VisualStudioVersion = 17.2.32516.85
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SearchPattern", "SearchPattern.vcxproj", "{B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Debug|x64.ActiveCfg = Debug|x64
17 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Debug|x64.Build.0 = Debug|x64
18 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Debug|x86.ActiveCfg = Debug|Win32
19 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Debug|x86.Build.0 = Debug|Win32
20 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Release|x64.ActiveCfg = Release|x64
21 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Release|x64.Build.0 = Release|x64
22 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Release|x86.ActiveCfg = Release|Win32
23 | {B7A2C94C-D4CA-43D5-BD32-FF70E0AA1443}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {C910A337-D65F-41AB-9EB6-5303B9099E4E}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_strstri.c:
--------------------------------------------------------------------------------
1 | #include "rtltypes.h"
2 |
3 | char *_strstri_a(const char *s, const char *sub_s)
4 | {
5 | char c0, c1, c2, *tmps, *tmpsub;
6 |
7 | if (s == sub_s)
8 | return (char *)s;
9 |
10 | if (s == 0)
11 | return 0;
12 |
13 | if (sub_s == 0)
14 | return 0;
15 |
16 | c0 = locase_a(*sub_s);
17 | while (c0 != 0) {
18 |
19 | while (*s != 0) {
20 | c2 = locase_a(*s);
21 | if (c2 == c0)
22 | break;
23 | s++;
24 | }
25 |
26 | if (*s == 0)
27 | return 0;
28 |
29 | tmps = (char *)s;
30 | tmpsub = (char *)sub_s;
31 | do {
32 | c1 = locase_a(*tmps);
33 | c2 = locase_a(*tmpsub);
34 | tmps++;
35 | tmpsub++;
36 | } while ((c1 == c2) && (c2 != 0));
37 |
38 | if (c2 == 0)
39 | return (char *)s;
40 |
41 | s++;
42 | }
43 | return 0;
44 | }
45 |
46 | wchar_t *_strstri_w(const wchar_t *s, const wchar_t *sub_s)
47 | {
48 | wchar_t c0, c1, c2, *tmps, *tmpsub;
49 |
50 | if (s == sub_s)
51 | return (wchar_t *)s;
52 |
53 | if (s == 0)
54 | return 0;
55 |
56 | if (sub_s == 0)
57 | return 0;
58 |
59 | c0 = locase_w(*sub_s);
60 | while (c0 != 0) {
61 |
62 | while (*s != 0) {
63 | c2 = locase_w(*s);
64 | if (c2 == c0)
65 | break;
66 | s++;
67 | }
68 |
69 | if (*s == 0)
70 | return 0;
71 |
72 | tmps = (wchar_t *)s;
73 | tmpsub = (wchar_t *)sub_s;
74 | do {
75 | c1 = locase_w(*tmps);
76 | c2 = locase_w(*tmpsub);
77 | tmps++;
78 | tmpsub++;
79 | } while ((c1 == c2) && (c2 != 0));
80 |
81 | if (c2 == 0)
82 | return (wchar_t *)s;
83 |
84 | s++;
85 | }
86 | return 0;
87 | }
88 |
--------------------------------------------------------------------------------
/Source/Utils/GenAsIo2Unlock/GenAsIo2Unlock.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {df6b50ba-6a92-4149-873b-67cf23736ddf}
18 |
19 |
20 |
21 |
22 | Source Files
23 |
24 |
25 | minirtl
26 |
27 |
28 |
29 |
30 | Header Files
31 |
32 |
33 | minirtl
34 |
35 |
36 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/hash.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2021 - 2022
4 | *
5 | * TITLE: HASH.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Header file for the hash support routines.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | #include
22 | #pragma comment(lib, "Bcrypt.lib")
23 |
24 | typedef struct _CNG_CTX {
25 | PVOID Hash;
26 | PVOID HashObject;
27 | ULONG HashSize;
28 | ULONG HashObjectSize;
29 | BCRYPT_ALG_HANDLE AlgHandle;
30 | BCRYPT_HASH_HANDLE HashHandle;
31 | HANDLE HeapHandle;
32 | } CNG_CTX, * PCNG_CTX;
33 |
34 | NTSTATUS CreateHashContext(
35 | _In_ HANDLE HeapHandle,
36 | _In_ PCWSTR AlgId,
37 | _Out_ PCNG_CTX* Context);
38 |
39 | VOID DestroyHashContext(
40 | _In_ PCNG_CTX Context);
41 |
42 | NTSTATUS HashLoadFile(
43 | _In_ PFILE_VIEW_INFO ViewInformation,
44 | _In_ BOOLEAN PartialMap);
45 |
46 | FORCEINLINE VOID HashUnloadFile(
47 | _In_ PFILE_VIEW_INFO ViewInformation
48 | )
49 | {
50 | supDestroyFileViewInfo(ViewInformation);
51 | }
52 |
53 | LPWSTR ComputeHashForFile(
54 | _In_ PFILE_VIEW_INFO ViewInformation,
55 | _In_ LPCWSTR lpAlgId,
56 | _In_ DWORD PageSize,
57 | _In_ HANDLE HeapHandle,
58 | _In_ BOOLEAN FirstPageHashOnly);
59 |
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/global.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2025
4 | *
5 | * TITLE: GLOBAL.H
6 | *
7 | * VERSION: 1.20
8 | *
9 | * DATE: 03 Oct 2025
10 | *
11 | * Common header file for the Windows Object Explorer ApiSetView plugin.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | //
22 | // Strict UNICODE
23 | //
24 | #if !defined UNICODE
25 | #error ANSI build is not supported
26 | #endif
27 |
28 | #define OEMRESOURCE
29 | #include
30 | #include
31 | #include
32 | #include
33 | #include
34 | #include
35 |
36 | #pragma warning(push)
37 | #pragma warning(disable: 4005)
38 | #include
39 | #pragma warning(pop)
40 |
41 | #pragma warning(disable: 6258) // TerminateThread
42 | #pragma warning(disable: 6320) // Exception-filter expression is the constant EXCEPTION_EXECUTE_HANDLER
43 | #pragma warning(disable: 26812) // Prefer 'enum class' over 'enum'
44 |
45 |
46 | #include "ntos/ntos.h"
47 | #include "ntos/apisetx.h"
48 | #include "treelist/treelist.h"
49 | #include "minirtl/minirtl.h"
50 | #include "plugin_def.h"
51 | #include "resource.h"
52 | #include "ui.h"
53 | #include "query.h"
54 |
55 | //
56 | // Declared in main.c
57 | //
58 | extern GUI_CONTEXT g_ctx;
59 |
60 | #include "utils.h"
61 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/rsrc/obex.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
9 | WinObjEx64
10 |
11 |
12 |
13 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
40 |
41 |
42 |
43 |
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/global.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2025
4 | *
5 | * TITLE: GLOBAL.H
6 | *
7 | * VERSION: 1.20
8 | *
9 | * DATE: 03 Oct 2025
10 | *
11 | * Common header file for the Windows Object Explorer Sonar plugin.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | //
22 | // Strict UNICODE
23 | //
24 | #if !defined UNICODE
25 | #error ANSI build is not supported
26 | #endif
27 |
28 | #define OEMRESOURCE
29 | #include
30 | #include
31 | #include
32 | #include
33 | #include
34 |
35 | #pragma warning(push)
36 | #pragma warning(disable: 4005)
37 | #include
38 | #pragma warning(pop)
39 |
40 | #pragma warning(disable: 6320) //Exception-filter expression is the constant EXCEPTION_EXECUTE_HANDLER
41 |
42 | #include "ntos/ntos.h"
43 | #include "treelist/treelist.h"
44 | #include "minirtl/minirtl.h"
45 | #include "ntos/ntsup.h"
46 | #include "ntos/ntbuilds.h"
47 | #include "plugin_def.h"
48 | #include "utils.h"
49 | #include "ui.h"
50 | #include "resource.h"
51 | #include "ndis.h"
52 | #include "query.h"
53 |
54 | //declared in main.c
55 | extern SONARCONTEXT g_ctx;
56 |
57 | #ifdef _DEBUG
58 | #define kdDebugPrint(f, ...) DbgPrint(f, __VA_ARGS__)
59 | #else
60 | #define kdDebugPrint(f, ...)
61 | #endif
62 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/hde/pstdint.h:
--------------------------------------------------------------------------------
1 | /*
2 | * MinHook - The Minimalistic API Hooking Library for x64/x86
3 | * Copyright (C) 2009-2015 Tsuda Kageyu. All rights reserved.
4 | *
5 | * Redistribution and use in source and binary forms, with or without
6 | * modification, are permitted provided that the following conditions
7 | * are met:
8 | *
9 | * 1. Redistributions of source code must retain the above copyright
10 | * notice, this list of conditions and the following disclaimer.
11 | * 2. Redistributions in binary form must reproduce the above copyright
12 | * notice, this list of conditions and the following disclaimer in the
13 | * documentation and/or other materials provided with the distribution.
14 | *
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 | */
26 |
27 | #pragma once
28 |
29 | #include
30 |
31 | // Integer types for HDE.
32 | typedef INT8 int8_t;
33 | typedef INT16 int16_t;
34 | typedef INT32 int32_t;
35 | typedef INT64 int64_t;
36 | typedef UINT8 uint8_t;
37 | typedef UINT16 uint16_t;
38 | typedef UINT32 uint32_t;
39 | typedef UINT64 uint64_t;
40 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/list.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2025
4 | *
5 | * TITLE: LIST.H
6 | *
7 | * VERSION: 2.09
8 | *
9 | * DATE: 19 Aug 2025
10 | *
11 | * Common header file for the program object listing logic.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | typedef struct _FO_LIST_ITEM {
22 | struct _FO_LIST_ITEM *Prev;
23 | UNICODE_STRING ObjectName;
24 | UNICODE_STRING ObjectType;
25 | WCHAR NameBuffer[2];
26 | } FO_LIST_ITEM, *PFO_LIST_ITEM;
27 |
28 | typedef struct _OBEX_ITEM {
29 | struct _OBEX_ITEM *Prev;
30 | WOBJ_OBJECT_TYPE TypeIndex;
31 | UNICODE_STRING Name;
32 | UNICODE_STRING TypeName;
33 | } OBEX_ITEM, * POBEX_ITEM;
34 |
35 | typedef struct _OBEX_PATH_ELEMENT {
36 | LIST_ENTRY ListEntry;
37 | WOBJ_OBJECT_TYPE TypeIndex;
38 | UNICODE_STRING Name;
39 | UNICODE_STRING TypeName;
40 | } OBEX_PATH_ELEMENT, * POBEX_PATH_ELEMENT;
41 |
42 | VOID ListHeapDestroy(
43 | VOID);
44 |
45 | VOID ListToObject(
46 | _In_z_ LPWSTR ObjectName);
47 |
48 | VOID ListObjectDirectoryTree(
49 | _In_ PUNICODE_STRING SubDirName,
50 | _In_opt_ HANDLE RootHandle,
51 | _In_opt_ HTREEITEM ViewRootHandle);
52 |
53 | VOID FindObject(
54 | _In_ PUNICODE_STRING DirectoryName,
55 | _In_opt_ PUNICODE_STRING NameSubstring,
56 | _In_opt_ PUNICODE_STRING TypeName,
57 | _In_ PFO_LIST_ITEM *List);
58 |
59 | VOID ListCurrentDirectoryObjects(
60 | _In_ HTREEITEM ViewRootHandle);
61 |
--------------------------------------------------------------------------------
/Source/WinObjEx64.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.29613.14
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WinObjEx64", "WinObjEx64\WinObjEx64.vcxproj", "{A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | DebugWithDriver|x64 = DebugWithDriver|x64
12 | Release|x64 = Release|x64
13 | ReleasePrivateDriver|x64 = ReleasePrivateDriver|x64
14 | ReleaseWinIoDriver|x64 = ReleaseWinIoDriver|x64
15 | EndGlobalSection
16 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
17 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.Debug|x64.ActiveCfg = Debug|x64
18 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.Debug|x64.Build.0 = Debug|x64
19 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.DebugWithDriver|x64.ActiveCfg = DebugWithDriver|x64
20 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.DebugWithDriver|x64.Build.0 = DebugWithDriver|x64
21 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.Release|x64.ActiveCfg = Release|x64
22 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.Release|x64.Build.0 = Release|x64
23 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.ReleasePrivateDriver|x64.ActiveCfg = ReleasePrivateDriver|x64
24 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.ReleasePrivateDriver|x64.Build.0 = ReleasePrivateDriver|x64
25 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.ReleaseWinIoDriver|x64.ActiveCfg = ReleaseWinIoDriver|x64
26 | {A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.ReleaseWinIoDriver|x64.Build.0 = ReleaseWinIoDriver|x64
27 | EndGlobalSection
28 | GlobalSection(SolutionProperties) = preSolution
29 | HideSolutionNode = FALSE
30 | EndGlobalSection
31 | GlobalSection(ExtensibilityGlobals) = postSolution
32 | SolutionGuid = {4FAAD6B8-C83A-4862-BD27-9C4030CBA89C}
33 | EndGlobalSection
34 | EndGlobal
35 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/global.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2020 - 2025
4 | *
5 | * TITLE: GLOBAL.H
6 | *
7 | * VERSION: 1.20
8 | *
9 | * DATE: 03 Oct 2025
10 | *
11 | * Common header file for the Windows Object Explorer ImageScope plugin.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | //
22 | // Strict UNICODE
23 | //
24 | #if !defined UNICODE
25 | #error ANSI build is not supported
26 | #endif
27 |
28 | #define OEMRESOURCE
29 | #include
30 | #include
31 | #include
32 | #include
33 | #include
34 |
35 | #pragma warning(push)
36 | #pragma warning(disable: 4005)
37 | #include
38 | #pragma warning(pop)
39 |
40 | #pragma warning(disable: 6258) // TerminateThread
41 | #pragma warning(disable: 6320) // Exception-filter expression is the constant EXCEPTION_EXECUTE_HANDLER
42 | #pragma warning(disable: 26812) // Prefer 'enum class' over 'enum'
43 |
44 |
45 | #include "ntos/ntos.h"
46 | #include "ntos/ntsup.h"
47 | #include "treelist/treelist.h"
48 | #include "minirtl/minirtl.h"
49 | #include "tabs/tabsctrl.h"
50 | #include "plugin_def.h"
51 | #include "sdk/extdef.h"
52 | #include "resource.h"
53 | #include "query.h"
54 | #include "ui.h"
55 |
56 | //declared in main.c
57 | extern HINSTANCE g_thisDll;
58 | extern volatile DWORD g_pluginState;
59 | extern WINOBJEX_PLUGIN* g_plugin;
60 |
61 | #ifdef _DEBUG
62 | #define kdDebugPrint(f, ...) DbgPrint(f, __VA_ARGS__)
63 | #else
64 | #define kdDebugPrint(f, ...)
65 | #endif
66 |
67 | #include "utils.h"
68 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/log/log.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2025
4 | *
5 | * TITLE: LOG.H
6 | *
7 | * VERSION: 2.09
8 | *
9 | * DATE: 13 Aug 2025
10 | *
11 | * Header file for simplified log support.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | typedef enum _WOBJ_ENTRY_TYPE {
22 | EntryTypeError = 0,
23 | EntryTypeSuccess,
24 | EntryTypeInformation,
25 | EntryTypeWarning,
26 | EntryTypeMax
27 | } WOBJ_ENTRY_TYPE;
28 |
29 | //
30 | // Maximum messages in log.
31 | //
32 | #define WOBJ_MAX_LOG_CAPACITY 4096
33 |
34 | //
35 | // Maximum length of message in log.
36 | //
37 | #define WOBJ_MAX_MESSAGE 2000
38 |
39 | typedef struct _WOBJ_LOG_ENTRY {
40 | WOBJ_ENTRY_TYPE Type;
41 | LARGE_INTEGER LoggedTime;
42 | WCHAR MessageData[WOBJ_MAX_MESSAGE];
43 | BYTE Reserved[74];
44 | } WOBJ_LOG_ENTRY, * PWOBJ_LOG_ENTRY;
45 |
46 | typedef struct _WOBJ_LOG {
47 | BOOL Initialized;
48 | BOOL LockInitialized;
49 | ULONG Count;
50 | ULONGLONG TotalWritten;
51 | CRITICAL_SECTION Lock;
52 | WOBJ_LOG_ENTRY *Entries;
53 | } WOBJ_LOG, * PWOBJ_LOG;
54 |
55 | typedef BOOL(CALLBACK* PLOGENUMERATECALLBACK)(
56 | _In_ WOBJ_LOG_ENTRY *Entry,
57 | _In_ PVOID CallbackContext);
58 |
59 | VOID logCreate();
60 | VOID logFree();
61 |
62 | VOID logAdd(
63 | _In_ WOBJ_ENTRY_TYPE EntryType,
64 | _In_ const WCHAR* Message);
65 |
66 | BOOL logEnumEntries(
67 | _In_ PLOGENUMERATECALLBACK EnumCallback,
68 | _In_ PVOID CallbackContext);
69 |
70 | VOID LogViewerShowDialog(
71 | _In_ HWND hwndParent);
72 |
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/ui.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2025
4 | *
5 | * TITLE: UI.H
6 | *
7 | * VERSION: 1.20
8 | *
9 | * DATE: 03 Oct 2025
10 | *
11 | * WinObjEx64 Sonar UI constants, definitions and includes.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | #pragma comment(lib, "comctl32.lib")
23 | #pragma comment(lib, "uxtheme.lib")
24 |
25 | #define SONAR_WNDTITLE TEXT("Sonar")
26 |
27 | #define WINOBJEX64_ACC_TABLE 166
28 | #define WINOBJEX64_ICON_MAIN 174
29 | #define WINOBJEX64_ICON_SORT_UP 6001
30 | #define WINOBJEX64_ICON_SORT_DOWN 6002
31 | #define WINOBJEX64_ACC_F5 40003
32 | #define WINOBJEX64_OBJECT_PROP 40004
33 |
34 | #define ID_MENU_COPY_VALUE 41008
35 |
36 | #define Y_SPLITTER_SIZE 4
37 | #define Y_SPLITTER_MIN 100
38 |
39 | typedef struct _SONARCONTEXT {
40 | //
41 | // GUI context variables.
42 | //
43 | HWND MainWindow;
44 | HWND ListView;
45 | HWND TreeList;
46 | HWND StatusBar;
47 | HACCEL AccTable;
48 | HIMAGELIST ImageList;
49 | LONG lvColumnToSort;
50 | LONG lvColumnCount;
51 | BOOL bInverseSort;
52 |
53 | HANDLE PluginHeap;
54 | HANDLE WorkerThread;
55 |
56 | INT SplitterPosY;
57 | INT CapturePosY;
58 | INT SplitterMaxY;
59 |
60 | INT LvItemHit;
61 | INT LvColumnHit;
62 |
63 | INT tlSubItemHit;
64 |
65 | UINT CurrentDPI;
66 |
67 | //
68 | // NDIS related.
69 | //
70 | ULONG_PTR ndisProtocolList;
71 | ULONG ndisNextProtocolOffset;
72 |
73 | //
74 | // WinObjEx64 data and pointers.
75 | //
76 | WINOBJEX_PARAM_BLOCK ParamBlock;
77 | } SONARCONTEXT, *PSONARCONTEXT;
78 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/sup/wine.c:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2025
4 | *
5 | * TITLE: WINE.C
6 | *
7 | * VERSION: 2.09
8 | *
9 | * DATE: 13 Aug 2025
10 | *
11 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
12 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
13 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
14 | * PARTICULAR PURPOSE.
15 | *
16 | *******************************************************************************/
17 |
18 | #include "global.h"
19 | #include "ntos/ntldr.h"
20 |
21 | #define _WINE_DEBUG_MODE
22 | #undef _WINE_DEBUG_MODE
23 |
24 | typedef char* (__cdecl* pwine_get_version)(void);
25 |
26 | /*
27 | * GetWineVersion
28 | *
29 | * Purpose:
30 | *
31 | * Query Wine version.
32 | *
33 | * N.B. This function bypasses current WineStaging hide exports hack.
34 | *
35 | */
36 | #ifndef _WINE_DEBUG_MODE
37 | PCHAR GetWineVersion(
38 | VOID
39 | )
40 | {
41 | pwine_get_version pfn = NULL;
42 | HMODULE hmod;
43 | RESOLVE_INFO rfn;
44 |
45 | hmod = GetModuleHandle(TEXT("ntdll.dll"));
46 | if (hmod) {
47 |
48 | rfn.ForwarderName = NULL;
49 | rfn.Function = NULL;
50 | rfn.ResultType = FunctionCode;
51 |
52 | if (NT_SUCCESS(NtRawGetProcAddress(
53 | (LPVOID)hmod,
54 | "wine_get_version",
55 | &rfn)))
56 | {
57 | if (rfn.ResultType == FunctionCode)
58 | pfn = (pwine_get_version)rfn.Function;
59 | }
60 |
61 | if (pfn)
62 | return pfn();
63 | }
64 | return NULL;
65 | }
66 | #else
67 | PCHAR GetWineVersion(
68 | VOID
69 | )
70 | {
71 | return "10.0";
72 | }
73 | #endif
74 |
75 |
76 | /*
77 | * IsWine
78 | *
79 | * Purpose:
80 | *
81 | * Query if there is a Wine layer enabled.
82 | *
83 | */
84 | BOOLEAN IsWine(
85 | VOID
86 | )
87 | {
88 | PCHAR lpWine;
89 |
90 | lpWine = GetWineVersion();
91 |
92 | return (lpWine != NULL);
93 | }
94 |
--------------------------------------------------------------------------------
/.github/workflows/msbuild.yml:
--------------------------------------------------------------------------------
1 | name: Build WinObjEx64 and Plugins
2 |
3 | on:
4 | push:
5 | branches: [ "master" ]
6 | pull_request:
7 | branches: [ "master" ]
8 | workflow_dispatch: # Allow manual runs from the Actions tab
9 |
10 | env:
11 | BUILD_CONFIGURATION: Release
12 | PLATFORM: x64
13 |
14 | jobs:
15 | build:
16 | runs-on: windows-latest
17 |
18 | steps:
19 | - name: Checkout code
20 | uses: actions/checkout@v2
21 |
22 | - name: Setup MSBuild
23 | uses: microsoft/setup-msbuild@v2
24 |
25 | - name: Build WinObjEx64
26 | working-directory: ./Source
27 | run: msbuild /m /p:Platform=x64 /p:Configuration=Release /p:PlatformToolset=v143 WinObjEx64.sln
28 |
29 | - name: Build WinObjEx64 package
30 | run: |
31 | mkdir Package\Application
32 | copy Source\WinObjEx64\output\x64\Release\bin\WinObjEx64.exe Package\Application
33 | copy Docs\WinObjEx64.chm Package\Application
34 |
35 | - name: Build WinObjEx64 Plugins
36 | working-directory: ./Source
37 | run: msbuild /m /p:Platform=x64 /p:PostBuildEventUseInBuild=false /p:Configuration=Release /p:PlatformToolset=v143 WinObjEx64_Plugins.sln
38 |
39 | - name: Gather all plugin DLLs
40 | run: |
41 | mkdir Package\Plugins
42 | copy Source\Plugins\ApiSetView\output\x64\Release\bin\ApiSetView.dll Package\Plugins
43 | copy Source\Plugins\Sonar\output\x64\Release\bin\Sonar.dll Package\Plugins
44 | copy Source\Plugins\ExamplePlugin\output\x64\Release\bin\ExamplePlugin.dll Package\Plugins
45 | copy Source\Plugins\ImageScope\output\x64\Release\bin\ImageScope.dll Package\Plugins
46 |
47 | - name: Upload WinObjEx64 artifacts
48 | uses: actions/upload-artifact@v4
49 | with:
50 | name: WinObjEx64
51 | path: Package\Application\*
52 |
53 | - name: Upload WinObjEx64 Plugins artifact (zip)
54 | uses: actions/upload-artifact@v4
55 | with:
56 | name: WinObjEx64_Plugins
57 | path: Package\Plugins\*
58 |
59 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/drivers/winio.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2022
4 | *
5 | * TITLE: WINIO.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Common header file for the WINIO Driver Helper support.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | #define FILE_DEVICE_ASUSIO (DWORD)0x0000A040
22 |
23 | #define ASUSIO_MAP_FUNCID (DWORD)0x920
24 | #define ASUSIO_UNMAP_FUNCID (DWORD)0x914
25 |
26 | #define IOCTL_ASUSIO_MAP_USER_PHYSICAL_MEMORY \
27 | CTL_CODE(FILE_DEVICE_ASUSIO, ASUSIO_MAP_FUNCID, METHOD_BUFFERED, FILE_WRITE_ACCESS)
28 |
29 | #define IOCTL_ASUSIO_UNMAP_USER_PHYSICAL_MEMORY \
30 | CTL_CODE(FILE_DEVICE_ASUSIO, ASUSIO_UNMAP_FUNCID, METHOD_BUFFERED, FILE_ANY_ACCESS)
31 |
32 | #define WINIO_IOCTL_MAP IOCTL_ASUSIO_MAP_USER_PHYSICAL_MEMORY
33 | #define WINIO_IOCTL_UNMAP IOCTL_ASUSIO_UNMAP_USER_PHYSICAL_MEMORY
34 | #define WINIO_DRV_NAME L"Asusgio2"
35 | #define WINIO_DEV_NAME L"Asusgio2"
36 |
37 |
38 | typedef struct _WINIO_PHYSICAL_MEMORY_INFO {
39 | ULONG_PTR ViewSize;
40 | ULONG_PTR BusAddress; //physical address
41 | HANDLE SectionHandle;
42 | PVOID BaseAddress;
43 | PVOID ReferencedObject;
44 | } WINIO_PHYSICAL_MEMORY_INFO, * PWINIO_PHYSICAL_MEMORYINFO;
45 |
46 | typedef struct _WINIO_PHYSICAL_MEMORY_INFO_EX {
47 | ULONG_PTR CommitSize;
48 | ULONG_PTR BusAddress;
49 | HANDLE SectionHandle;
50 | PVOID BaseAddress;
51 | PVOID ReferencedObject;
52 | UCHAR EncryptedKey[16];
53 | } WINIO_PHYSICAL_MEMORY_INFO_EX, * PWINIO_PHYSICAL_MEMORY_INFO_EX;
54 |
55 | BOOL WinIoReadSystemMemory(
56 | _In_ WDRV_CONTEXT* Context,
57 | _In_ ULONG_PTR Address,
58 | _Inout_ PVOID Buffer,
59 | _In_ ULONG BufferSize,
60 | _Out_opt_ PULONG NumberOfBytesRead);
61 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/ui.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2020 - 2025
4 | *
5 | * TITLE: UI.H
6 | *
7 | * VERSION: 1.20
8 | *
9 | * DATE: 03 Oct 2025
10 | *
11 | * WinObjEx64 ImageScope UI constants, definitions and includes.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | #pragma comment(lib, "comctl32.lib")
23 | #pragma comment(lib, "uxtheme.lib")
24 |
25 | #define T_PLUGIN_NAME TEXT("ImageScope")
26 | #define IMAGESCOPE_WNDTITLE T_PLUGIN_NAME
27 | #define T_IMS_PROP TEXT("ImsProp")
28 |
29 | #define EMPTY_STRING TEXT("")
30 | #define T_EXPORTTOFILE TEXT("Export List to File")
31 | #define T_CSV_FILE_FILTER TEXT("CSV Files\0*.csv\0\0")
32 |
33 | #define PRINTF_BUFFER_LENGTH 100
34 |
35 | #define ID_MENU_LIST_DUMP 49001
36 | #define ID_MENU_LIST_COPY 49002
37 |
38 | typedef struct _GUI_CONTEXT {
39 | UINT CurrentDPI;
40 |
41 | INT LvItemHit;
42 | INT LvColumnHit;
43 |
44 | HWND MainWindow;
45 | HWND StatusBar;
46 | HWND TreeList;
47 | HANDLE WorkerThread;
48 | PVOID SectionAddress;
49 | SIZE_T SectionViewSize;
50 |
51 | TABHDR* TabHeader;
52 |
53 | //
54 | // WinObjEx64 data and pointers.
55 | //
56 | WINOBJEX_PARAM_BLOCK ParamBlock;
57 | } GUI_CONTEXT, * PGUI_CONTEXT;
58 |
59 | #define IDC_TAB 8086
60 |
61 | typedef enum _IMS_TAB_ID {
62 | TabIdSection = 0,
63 | TabIdVSInfo = 1,
64 | TabIdStrings = 2,
65 | TabIdMax
66 | } IMS_TAB_ID;
67 |
68 | typedef struct _IMS_TAB {
69 | UINT ResourceId;
70 | IMS_TAB_ID TabId;
71 | WNDPROC WndProc;
72 | LPTSTR TabCaption;
73 | } IMS_TAB;
74 |
75 | typedef struct _VALUE_DESC {
76 | LPWSTR lpDescription;
77 | DWORD dwValue;
78 | } VALUE_DESC, * PVALUE_DESC;
79 |
80 | LRESULT CALLBACK MainWindowProc(
81 | _In_ HWND hwnd,
82 | _In_ UINT uMsg,
83 | _In_ WPARAM wParam,
84 | _In_ LPARAM lParam);
85 |
86 | BOOL RunUI(_In_ GUI_CONTEXT* Context);
87 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/query.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2020
4 | *
5 | * TITLE: QUERY.H
6 | *
7 | * VERSION: 1.00
8 | *
9 | * DATE: 10 July 2020
10 | *
11 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
12 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
13 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
14 | * PARTICULAR PURPOSE.
15 | *
16 | *******************************************************************************/
17 |
18 | #pragma once
19 |
20 | typedef BOOL(CALLBACK* PEnumStringInfoCallback)(
21 | _In_ PWCHAR key,
22 | _In_ PWCHAR value,
23 | _In_ PWCHAR langid,
24 | _In_opt_ LPVOID cbparam);
25 |
26 | typedef BOOL(CALLBACK* PEnumVarInfoCallback)(
27 | _In_ PWCHAR key,
28 | _In_ DWORD value,
29 | _In_opt_ LPVOID cbparam);
30 |
31 | typedef struct _IMGVSHDR {
32 | WORD wLength;
33 | WORD wValueLength;
34 | WORD wType;
35 | } IMGVSHDR, * PIMGVSHDR;
36 |
37 | typedef struct _IMGVSVERSIONINFO {
38 | IMGVSHDR vshdr;
39 | WCHAR wIdString[17];
40 | } IMGVSVERSIONINFO, * PIMGVSVERSIONINFO;
41 |
42 | typedef struct _IMGSTRINGINFO {
43 | IMGVSHDR vshdr;
44 | WCHAR wIdKey[15];
45 | } IMGSTRINGINFO, * PIMGSTRINGINFO;
46 |
47 | typedef struct _IMGVARINFO {
48 | IMGVSHDR vshdr;
49 | WCHAR wIdKey[13];
50 | } IMGVARINFO, * PIMGVARINFO;
51 |
52 | typedef struct _IMGSTRINGTABLE {
53 | IMGVSHDR vshdr;
54 | WCHAR wIdKey[9];
55 | } IMGSTRINGTABLE, * PIMGSTRINGTABLE;
56 |
57 | typedef struct _IMGVSTRING {
58 | IMGVSHDR vshdr;
59 | WCHAR szKey[1];
60 | } IMGVSTRING, * PIMGVSTRING;
61 |
62 | typedef struct _STRING_PTR {
63 | ULONG ofpstr;
64 | ULONG length;
65 | struct _STRING_PTR* pnext;
66 | } STRING_PTR, * PSTRING_PTR;
67 |
68 | VS_FIXEDFILEINFO* PEImageEnumVersionFields(
69 | _In_ HMODULE module,
70 | _In_ PEnumStringInfoCallback scallback,
71 | _In_opt_ PEnumVarInfoCallback vcallback,
72 | _Inout_opt_ PVOID cbparam);
73 |
74 | PSTRING_PTR EnumImageStringsW(
75 | _In_ PVOID HeapHandle,
76 | _In_ PWCHAR Buffer,
77 | _In_ ULONG Size);
78 |
79 | PSTRING_PTR EnumImageStringsA(
80 | _In_ PVOID HeapHandle,
81 | _In_ PCHAR Buffer,
82 | _In_ ULONG Size);
83 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/extapi.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: EXTAPI.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Header for pre Windows 10+ missing API.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | typedef NTSTATUS (NTAPI *pfnNtOpenPartition)(
22 | _Out_ PHANDLE PartitionHandle,
23 | _In_ ACCESS_MASK DesiredAccess,
24 | _In_ POBJECT_ATTRIBUTES ObjectAttributes
25 | );
26 |
27 | typedef NTSTATUS (NTAPI *pfnNtManagePartition)(
28 | _In_ HANDLE TargetHandle,
29 | _In_opt_ HANDLE SourceHandle,
30 | _In_ MEMORY_PARTITION_INFORMATION_CLASS PartitionInformationClass,
31 | _In_ PVOID PartitionInformation,
32 | _In_ ULONG PartitionInformationLength
33 | );
34 |
35 | typedef NTSTATUS (NTAPI *pfnNtOpenRegistryTransaction)(
36 | _Out_ PHANDLE RegistryHandle,
37 | _In_ ACCESS_MASK DesiredAccess,
38 | _In_ POBJECT_ATTRIBUTES ObjectAttributes);
39 |
40 | typedef BOOL (WINAPI *pfnIsImmersiveProcess)(
41 | HANDLE hProcess
42 | );
43 |
44 | typedef DPI_AWARENESS_CONTEXT (WINAPI *pfnGetThreadDpiAwarenessContext)(
45 | VOID);
46 |
47 | typedef DPI_AWARENESS (WINAPI *pfnGetAwarenessFromDpiAwarenessContext)(
48 | _In_ DPI_AWARENESS_CONTEXT value);
49 |
50 | typedef UINT (WINAPI *pfnGetDpiForWindow)(
51 | _In_ HWND hwnd);
52 |
53 | typedef UINT (WINAPI *pfnGetDpiForSystem)(
54 | VOID);
55 |
56 | #define EXTAPI_ALL_MAPPED 7
57 |
58 | typedef struct _EXTENDED_API_SET {
59 | ULONG NumberOfAPI;
60 | pfnNtOpenPartition NtOpenPartition;
61 | pfnNtOpenRegistryTransaction NtOpenRegistryTransaction;
62 | pfnIsImmersiveProcess IsImmersiveProcess;
63 | pfnGetThreadDpiAwarenessContext GetThreadDpiAwarenessContext;
64 | pfnGetAwarenessFromDpiAwarenessContext GetAwarenessFromDpiAwarenessContext;
65 | pfnGetDpiForWindow GetDpiForWindow;
66 | pfnGetDpiForSystem GetDpiForSystem;
67 | } EXTENDED_API_SET, *PEXTENDED_API_SET;
68 |
69 | NTSTATUS ExApiSetInit(
70 | VOID
71 | );
72 |
73 | extern EXTENDED_API_SET g_ExtApiSet;
74 |
75 |
--------------------------------------------------------------------------------
/Source/Shared/ntos/ntbuilds.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2021 - 2025
4 | *
5 | * TITLE: NTBUILDS.H
6 | *
7 | * VERSION: 1.28
8 | *
9 | * DATE: 18 Sep 2025
10 | *
11 | * Windows NT builds definition file.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | //
22 | // Defines for Major Windows NT release builds
23 | //
24 |
25 | // Windows 7 RTM
26 | #define NT_WIN7_RTM 7600
27 |
28 | // Windows 7 SP1
29 | #define NT_WIN7_SP1 7601
30 |
31 | // Windows 8 RTM
32 | #define NT_WIN8_RTM 9200
33 |
34 | // Windows 8.1
35 | #define NT_WIN8_BLUE 9600
36 |
37 | // Windows 10 TH1
38 | #define NT_WIN10_THRESHOLD1 10240
39 |
40 | // Windows 10 TH2
41 | #define NT_WIN10_THRESHOLD2 10586
42 |
43 | // Windows 10 RS1
44 | #define NT_WIN10_REDSTONE1 14393
45 |
46 | // Windows 10 RS2
47 | #define NT_WIN10_REDSTONE2 15063
48 |
49 | // Windows 10 RS3
50 | #define NT_WIN10_REDSTONE3 16299
51 |
52 | // Windows 10 RS4
53 | #define NT_WIN10_REDSTONE4 17134
54 |
55 | // Windows 10 RS5
56 | #define NT_WIN10_REDSTONE5 17763
57 |
58 | // Windows 10 19H1
59 | #define NT_WIN10_19H1 18362
60 |
61 | // Windows 10 19H2
62 | #define NT_WIN10_19H2 18363
63 |
64 | // Windows 10 20H1
65 | #define NT_WIN10_20H1 19041
66 |
67 | // Windows 10 20H2
68 | #define NT_WIN10_20H2 19042
69 |
70 | // Windows 10 21H1
71 | #define NT_WIN10_21H1 19043
72 |
73 | // Windows 10 21H2
74 | #define NT_WIN10_21H2 19044
75 |
76 | // Windows 10 22H2
77 | #define NT_WIN10_22H2 19045
78 |
79 | // Windows Server 2022
80 | #define NT_WINSRV_21H1 20348
81 |
82 | // Windows 11 21H2
83 | #define NT_WIN11_21H2 22000
84 |
85 | // Windows 11 22H2
86 | #define NT_WIN11_22H2 22621
87 |
88 | // Windows 11 23H2
89 | #define NT_WIN11_23H2 22631
90 |
91 | // Windows 11 24H2
92 | #define NT_WIN11_24H2 26100
93 |
94 | // Windows 11 25H2
95 | #define NT_WIN11_25H2 26200
96 |
97 | // Windows 11 Active Development Branch
98 | #define NT_WIN11_ADB 27943
99 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/props/propBasicConsts.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: PROPBASICCONSTS.H
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Consts header file for Basic property sheet.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | #define T_COULD_NOT_QUERY TEXT("*Could not query requested information*")
22 |
23 | //OBJECT_HEADER Flags
24 | static LPCWSTR T_ObjectFlags[8] = {
25 | L"NewObject",
26 | L"KernelObject",
27 | L"KernelOnlyAccess",
28 | L"Exclusive",
29 | L"Permanent",
30 | L"DefSecurityQuota",
31 | L"SingleHandleEntry",
32 | L"DeletedInline"
33 | };
34 |
35 | //
36 | // Process Trust Label related descriptions.
37 | //
38 |
39 | #define MAX_KNOWN_TRUSTLABEL_PROTECTIONTYPE 3
40 | static VALUE_DESC TrustLabelProtectionType[MAX_KNOWN_TRUSTLABEL_PROTECTIONTYPE] = {
41 | { L"None", 0x0 },
42 | { L"PPL", 0x200 },
43 | { L"PP", 0x400 }
44 | };
45 |
46 | #define MAX_KNOWN_TRUSTLABEL_PROTECTIONLEVEL 6
47 | static VALUE_DESC TrustLabelProtectionLevel[MAX_KNOWN_TRUSTLABEL_PROTECTIONLEVEL] = {
48 | { L"None", 0x0 },
49 | { L"Authenticode", 0x400 },
50 | { L"Antimalware", 0x600 },
51 | { L"App", 0x800 },
52 | { L"Windows", 0x1000 },
53 | { L"WinTcb", 0x2000 }
54 | };
55 |
56 | #define MAX_KNOWN_PROCESS_TYPE_FLAGS 9
57 | LPCWSTR T_ProcessTypeFlags[MAX_KNOWN_PROCESS_TYPE_FLAGS] = {
58 | L"ProtectedProcess",
59 | L"Wow64Process",
60 | L"ProcessDeleting",
61 | L"CrossSessionCreate",
62 | L"Frozen",
63 | L"Background",
64 | L"StronglyNamed",
65 | L"SecureProcess",
66 | L"SubsystemProcess"
67 | };
68 |
69 | #define MAX_KNOWN_PS_PROTECTED_SIGNER 9
70 | static LPWSTR T_PSPROTECTED_SIGNER[MAX_KNOWN_PS_PROTECTED_SIGNER] = {
71 | L"None",
72 | L"Authenticode",
73 | L"CodeGen",
74 | L"Antimalware",
75 | L"Lsa",
76 | L"Windows",
77 | L"WinTcb",
78 | L"WinSystem",
79 | L"App"
80 | };
81 |
82 | #define MAX_KNOWN_PS_PROTECTED_TYPE 3
83 | static LPWSTR T_PSPROTECTED_TYPE[MAX_KNOWN_PS_PROTECTED_TYPE] = {
84 | L"None",
85 | L"ProtectedLight",
86 | L"Protected"
87 | };
88 |
89 |
--------------------------------------------------------------------------------
/Source/WinObjEx64_Plugins.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.30803.129
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ApiSetView", "Plugins\ApiSetView\ApiSetView.vcxproj", "{72BF2A8F-E7AE-467F-B00F-1C51F1C3D2C8}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ExamplePlugin", "Plugins\ExamplePlugin\ExamplePlugin.vcxproj", "{7C10DDD2-E88A-4133-B140-80679BE8AFDD}"
9 | EndProject
10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ImageScope", "Plugins\ImageScope\ImageScope.vcxproj", "{38D717F0-9152-4B74-8D32-5222373EAB3E}"
11 | EndProject
12 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Sonar", "Plugins\Sonar\Sonar.vcxproj", "{91A5250B-99D2-48F9-B649-82D66C9A6396}"
13 | EndProject
14 | Global
15 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
16 | Debug|x64 = Debug|x64
17 | Release|x64 = Release|x64
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {72BF2A8F-E7AE-467F-B00F-1C51F1C3D2C8}.Debug|x64.ActiveCfg = Debug|x64
21 | {72BF2A8F-E7AE-467F-B00F-1C51F1C3D2C8}.Debug|x64.Build.0 = Debug|x64
22 | {72BF2A8F-E7AE-467F-B00F-1C51F1C3D2C8}.Release|x64.ActiveCfg = Release|x64
23 | {72BF2A8F-E7AE-467F-B00F-1C51F1C3D2C8}.Release|x64.Build.0 = Release|x64
24 | {7C10DDD2-E88A-4133-B140-80679BE8AFDD}.Debug|x64.ActiveCfg = Debug|x64
25 | {7C10DDD2-E88A-4133-B140-80679BE8AFDD}.Debug|x64.Build.0 = Debug|x64
26 | {7C10DDD2-E88A-4133-B140-80679BE8AFDD}.Release|x64.ActiveCfg = Release|x64
27 | {7C10DDD2-E88A-4133-B140-80679BE8AFDD}.Release|x64.Build.0 = Release|x64
28 | {38D717F0-9152-4B74-8D32-5222373EAB3E}.Debug|x64.ActiveCfg = Debug|x64
29 | {38D717F0-9152-4B74-8D32-5222373EAB3E}.Debug|x64.Build.0 = Debug|x64
30 | {38D717F0-9152-4B74-8D32-5222373EAB3E}.Release|x64.ActiveCfg = Release|x64
31 | {38D717F0-9152-4B74-8D32-5222373EAB3E}.Release|x64.Build.0 = Release|x64
32 | {91A5250B-99D2-48F9-B649-82D66C9A6396}.Debug|x64.ActiveCfg = Debug|x64
33 | {91A5250B-99D2-48F9-B649-82D66C9A6396}.Debug|x64.Build.0 = Debug|x64
34 | {91A5250B-99D2-48F9-B649-82D66C9A6396}.Release|x64.ActiveCfg = Release|x64
35 | {91A5250B-99D2-48F9-B649-82D66C9A6396}.Release|x64.Build.0 = Release|x64
36 | EndGlobalSection
37 | GlobalSection(SolutionProperties) = preSolution
38 | HideSolutionNode = FALSE
39 | EndGlobalSection
40 | GlobalSection(ExtensibilityGlobals) = postSolution
41 | SolutionGuid = {C0DEFB87-8F58-4650-8008-3113A0E0969F}
42 | EndGlobalSection
43 | EndGlobal
44 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/extapi.c:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2017 - 2025
4 | *
5 | * TITLE: EXTAPI.C
6 | *
7 | * VERSION: 2.09
8 | *
9 | * DATE: 19 Aug 2025
10 | *
11 | * Support unit for pre Windows 10 missing APIs.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #include "global.h"
20 |
21 | EXTENDED_API_SET g_ExtApiSet;
22 |
23 | #define RESOLVE_API(set, mod, field, type, name) \
24 | set->field = (type)GetProcAddress(mod, name); \
25 | if (set->field) set->NumberOfAPI += 1;
26 |
27 | /*
28 | * ExApiSetInit
29 | *
30 | * Purpose:
31 | *
32 | * Initializes newest Windows version specific function pointers.
33 | *
34 | * Called once during supInit
35 | *
36 | */
37 | NTSTATUS ExApiSetInit(
38 | VOID
39 | )
40 | {
41 | NTSTATUS Status;
42 | HMODULE hNtdll, hUser32;
43 | PEXTENDED_API_SET set = &g_ExtApiSet;
44 |
45 | RtlSecureZeroMemory(&g_ExtApiSet, sizeof(g_ExtApiSet));
46 |
47 | hNtdll = GetModuleHandle(TEXT("ntdll.dll"));
48 | if (hNtdll) {
49 | // Available since Windows 10 TH1.
50 | RESOLVE_API(set, hNtdll, NtOpenPartition, pfnNtOpenPartition, "NtOpenPartition");
51 | // Available since Windows 10 REDSTONE 1.
52 | RESOLVE_API(set, hNtdll, NtOpenRegistryTransaction, pfnNtOpenRegistryTransaction, "NtOpenRegistryTransaction");
53 | }
54 |
55 | //
56 | // User32 API introduced with Windows 8.
57 | //
58 | hUser32 = GetModuleHandle(TEXT("user32.dll"));
59 | if (hUser32) {
60 | RESOLVE_API(set, hUser32, IsImmersiveProcess, pfnIsImmersiveProcess, "IsImmersiveProcess");
61 | RESOLVE_API(set, hUser32, GetAwarenessFromDpiAwarenessContext, pfnGetAwarenessFromDpiAwarenessContext, "GetAwarenessFromDpiAwarenessContext");
62 | RESOLVE_API(set, hUser32, GetDpiForSystem, pfnGetDpiForSystem, "GetDpiForSystem");
63 | RESOLVE_API(set, hUser32, GetDpiForWindow, pfnGetDpiForWindow, "GetDpiForWindow");
64 | RESOLVE_API(set, hUser32, GetThreadDpiAwarenessContext, pfnGetThreadDpiAwarenessContext, "GetThreadDpiAwarenessContext");
65 | }
66 |
67 | Status = (g_ExtApiSet.NumberOfAPI == EXTAPI_ALL_MAPPED) ?
68 | STATUS_SUCCESS : STATUS_NOT_ALL_ASSIGNED;
69 |
70 | return Status;
71 | }
72 |
--------------------------------------------------------------------------------
/Source/Shared/tabs/tabsctrl.h:
--------------------------------------------------------------------------------
1 | /*++
2 |
3 | Copyright (c) 2015 (see AUTHORS.txt).
4 |
5 | Module Name:
6 |
7 | tabctrl.h
8 |
9 | Abstract:
10 |
11 | This file contains function prototypes/variables used by GUI tabs component.
12 |
13 | VERSION 2.0 (01.02.2015)
14 |
15 | WinObjEx64 version.
16 |
17 | --*/
18 |
19 | #pragma once
20 |
21 | #ifndef _GUITABSUNIT_
22 | #define _GUITABSUNIT_
23 |
24 | #include
25 | #include
26 | #include
27 | #include "ntos/ntos.h"
28 |
29 | typedef struct _tagTABHDR* PTABHDR;
30 |
31 | typedef VOID(CALLBACK* TABRESIZECALLBACK)(
32 | _In_ PTABHDR hdr);
33 |
34 | typedef VOID(CALLBACK* TABSELCHANGECALLBACK)(
35 | _In_ PTABHDR hdr,
36 | _In_ INT SelectedPage);
37 |
38 | typedef PVOID(CALLBACK* TABCALLBACK_ALLOCMEM)(
39 | _In_ SIZE_T size);
40 |
41 | typedef BOOL(CALLBACK* TABCALLBACK_FREEMEM)(
42 | _In_ PVOID ptr);
43 |
44 | typedef struct _TABENTRY {
45 | LIST_ENTRY ListEntry;
46 | INT TabIndex;
47 | INT ResId;
48 | DLGPROC DlgProc;
49 | PVOID UserParam; // sent as lParam to newly created page dialog
50 | } TABENTRY, * PTABENTRY;
51 |
52 | typedef struct _tagTABHDR {
53 |
54 | HWND hwndTab; //tab control window handle
55 | HWND hwndDisplay; //current page window handle
56 | RECT rcDisplay;
57 |
58 | HINSTANCE hInstance;
59 | INT tabsCount;
60 |
61 | HIMAGELIST hImageList;
62 |
63 | TABSELCHANGECALLBACK OnSelChange;
64 | TABRESIZECALLBACK OnResize;
65 |
66 | TABCALLBACK_ALLOCMEM MemAlloc;
67 | TABCALLBACK_FREEMEM FreeMem;
68 |
69 | LIST_ENTRY tabsHead;
70 |
71 | INT cxMargin;
72 | INT cyMargin;
73 |
74 | } TABHDR, * PTABHDR;
75 |
76 | PTABHDR TabCreateControl(
77 | _In_ HINSTANCE hInstance,
78 | _In_ HWND hParentWnd,
79 | _In_opt_ HIMAGELIST hImageList,
80 | _In_opt_ TABSELCHANGECALLBACK OnSelChangeTab,
81 | _In_opt_ TABRESIZECALLBACK OnResizeTab,
82 | _In_ TABCALLBACK_ALLOCMEM MemAlloc,
83 | _In_ TABCALLBACK_FREEMEM MemFree);
84 |
85 | BOOL TabAddPage(
86 | _In_ PTABHDR hdr,
87 | _In_ INT ResId,
88 | _In_opt_ DLGPROC DlgProc,
89 | _In_ LPTSTR szCaption,
90 | _In_ INT iImage,
91 | _In_ LPARAM lParam);
92 |
93 | BOOL TabDeletePage(
94 | _In_ PTABHDR hdr,
95 | _In_ INT TabIndex);
96 |
97 | VOID TabDestroyControl(
98 | _In_ PTABHDR hdr);
99 |
100 | VOID TabOnChangeTab(
101 | _In_ PTABHDR hdr,
102 | _In_ LPNMHDR pnmhdr);
103 |
104 | VOID TabOnSelChanged(
105 | _In_ PTABHDR hdr);
106 |
107 | VOID TabResizeTabWindow(
108 | _In_ PTABHDR hdr);
109 |
110 | #endif /* _GUITABSUNIT_ */
111 |
--------------------------------------------------------------------------------
/Docs/WHATSNEW_170.md:
--------------------------------------------------------------------------------
1 |
2 | ## What is new in 1.7
3 |
4 | - **W32pServiceTable viewer**
5 |
6 | 
7 |
8 | W32pServiceTable is a service table of Win32k - a Windows User and GDI subsystem driver. It is a secondary system service table (where first is a ntoskrnl managed KiServiceTable). This table can be saved to text file from popup menu.
9 |
10 | This feature available starting from Windows 10 1607 (RS1 14393) and require running program as administrator. Additionally Windows must be booted in the Debug mode (only for kldbgdrv version).
11 |
12 | - **Process list**
13 |
14 |
15 |
16 | Simple process list dialog. Display tree of running processes, their id, address of EPROCESS structure, user and domain name. Additionally this list uses highlighting similar to SysInternals Process Explorer. You can copy EPROCESS address value from popup menu. To view all process information program must run elevated.
17 |
18 | - **Callbacks viewer**
19 |
20 | 
21 |
22 | List of system wide driver callbacks and notify routines registered with the following API:
23 |
24 | 1. ObRegisterCallbacks
25 | 2. CmRegisterCallbacks
26 | 3. CmRegisterCallbacksEx
27 | 4. PsSetCreateProcessNotifyRoutine
28 | 5. PsSetCreateProcessNotifyRoutineEx
29 | 6. PsSetCreateProcessNotifyRoutineEx2
30 | 7. PsSetCreateThreadNotifyRoutine
31 | 8. PsSetCreateThreadNotifyRoutineEx
32 | 9. PsSetLoadImageNotifyRoutine
33 | 10. PsSetLoadImageNotifyRoutineEx
34 | 11. KeRegisterBugCheckCallback
35 | 12. KeRegisterBugCheckReasonCallback
36 | 13. IoRegisterShutdownNotification
37 | 14. IoRegisterLastChanceShutdownNotification
38 | 15. SeRegisterLogonSessionTerminatedRoutine
39 | 16. SeRegisterLogonSessionTerminatedRoutineEx
40 | 17. PoRegisterPowerSettingCallback
41 | 18. DbgSetDebugPrintCallback
42 | 19. IoRegisterFsRegistrationChange
43 | 20. IoRegisterFileSystem
44 |
45 |
46 |
47 | - **Callback object type viewer**
48 |
49 | 
50 |
51 | Viewer of registered callbacks for Callback object type. Drivers can create callbacks with ExCreateCallback API and register them with ExRegisterCallback.
52 |
53 |
54 | - **Improved OBJECT_TYPE view**
55 |
56 | 
57 |
58 | Improved display of structured dump for OBJECT_TYPE and substructure OBJECT_TYPE_INITIALIZER by including newly added Windows 10 fields.
59 |
60 |
--------------------------------------------------------------------------------
/Source/Shared/ntos/ntldr.h:
--------------------------------------------------------------------------------
1 | /************************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2014 - 2023
4 | *
5 | * TITLE: NTLDR.H
6 | *
7 | * VERSION: 1.22
8 | *
9 | * DATE: 25 Jul 2023
10 | *
11 | * Common header file for the NTLDR definitions.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | ************************************************************************************/
19 |
20 | #if defined (_MSC_VER) && (_MSC_VER >= 1020)
21 | #pragma once
22 | #endif
23 |
24 | #ifndef NTLDR_RTL
25 | #define NTLDR_RTL
26 |
27 | #pragma warning(push)
28 | #pragma warning(disable: 4201) // nameless struct/union
29 |
30 | #include
31 |
32 | #pragma warning(push)
33 | #pragma warning(disable: 4005) //macro redefinition
34 | #include
35 | #pragma warning(pop)
36 |
37 | #include "ntos.h"
38 | #include "apisetx.h"
39 | #include "minirtl/minirtl.h"
40 | #include "minirtl/rtltypes.h"
41 |
42 | typedef INT(*PFNNTLDR_EXCEPT_FILTER)(
43 | _In_ UINT ExceptionCode,
44 | _In_ EXCEPTION_POINTERS* ExceptionPointers);
45 |
46 | extern PFNNTLDR_EXCEPT_FILTER NtpLdrExceptionFilter;
47 |
48 | //
49 | //
50 | // W32pServiceTable query related structures and definitions.
51 | //
52 | //
53 |
54 | typedef enum _RESOLVE_POINTER_TYPE {
55 | ForwarderString = 0,
56 | FunctionCode = 1
57 | } RESOLVE_POINTER_TYPE;
58 |
59 | typedef struct _RESOLVE_INFO {
60 | RESOLVE_POINTER_TYPE ResultType;
61 | union {
62 | LPCSTR ForwarderName;
63 | LPVOID Function;
64 | };
65 | } RESOLVE_INFO, *PRESOLVE_INFO;
66 |
67 | typedef struct _RAW_SYSCALL_ENTRY {
68 | ULONG Index;
69 | CHAR Name[256];
70 | ULONG_PTR KernelStubAddress;
71 | ULONG_PTR KernelStubTargetAddress;
72 | struct _RAW_SYSCALL_ENTRY* NextEntry;
73 | } RAW_SYSCALL_ENTRY, *PRAW_SYSCALL_ENTRY;
74 |
75 | _Success_(return != NULL)
76 | LPCSTR NtRawIATEntryToImport(
77 | _In_ LPVOID Module,
78 | _In_ LPVOID IATEntry,
79 | _Out_opt_ LPCSTR *ImportModuleName);
80 |
81 | _Success_(return != 0)
82 | ULONG NtRawEnumSyscallExports(
83 | _In_ HANDLE HeapHandle,
84 | _In_ LPVOID Module,
85 | _Out_ PRAW_SYSCALL_ENTRY* SyscallTable);
86 |
87 | NTSTATUS NtRawGetProcAddress(
88 | _In_ LPVOID Module,
89 | _In_ LPCSTR ProcName,
90 | _In_ PRESOLVE_INFO Pointer);
91 |
92 | NTSTATUS NtRawApiSetResolveLibrary(
93 | _In_ PVOID Namespace,
94 | _In_ PCUNICODE_STRING ApiSetToResolve,
95 | _In_opt_ PCUNICODE_STRING ApiSetParentName,
96 | _Inout_ PUNICODE_STRING ResolvedHostLibraryName);
97 |
98 |
99 | #pragma warning(pop)
100 |
101 | #endif NTLDR_RTL
102 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/extras/extras.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2025
4 | *
5 | * TITLE: EXTRAS.H
6 | *
7 | * VERSION: 2.09
8 | *
9 | * DATE: 21 Aug 2025
10 | *
11 | * Common header file for Extras dialogs.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | typedef struct _EXTRASCONTEXT {
22 | HWND hwndDlg;
23 | HWND ListView;
24 | HWND TreeList;
25 | HWND StatusBar;
26 | PVOID TooltipInfo;
27 | HIMAGELIST ImageList;
28 | INT lvColumnToSort;
29 | INT lvColumnCount;
30 | INT lvColumnHit;
31 | INT lvItemHit;
32 | INT tlSubItemHit;
33 | BOOL bInverseSort;
34 | union {
35 | ULONG_PTR Reserved;
36 | ULONG_PTR DialogMode;
37 | };
38 | HICON ObjectIcon;
39 | HICON DialogIcon;
40 | } EXTRASCONTEXT, *PEXTRASCONTEXT;
41 |
42 | typedef struct _EXTRASCALLBACK {
43 | ULONG_PTR lParam;
44 | ULONG_PTR Value;
45 | } EXTRASCALLBACK, *PEXTRASCALLBACK;
46 |
47 | typedef enum _IPC_DLG_MODE {
48 | IpcModeNamedPipes = 0,
49 | IpcModeMailSlots = 1,
50 | IpcMaxMode = 2
51 | } IPC_DLG_MODE;
52 |
53 | typedef enum _DRIVERS_DLG_MODE {
54 | DrvModeNormal = 0,
55 | DrvModeUnloaded = 1,
56 | DrvModeMax = 2
57 | } DRIVERS_DLG_MODE;
58 |
59 | typedef enum _SSDT_DLG_MODE {
60 | SST_Ntos = 0,
61 | SST_Win32k = 1,
62 | SST_Max = 2
63 | } SSDT_DLG_MODE;
64 |
65 | typedef INT(CALLBACK *DlgCompareFunction)(
66 | _In_ LPARAM lParam1,
67 | _In_ LPARAM lParam2,
68 | _In_ LPARAM lParamSort
69 | );
70 |
71 | typedef BOOL(CALLBACK *CustomNotifyFunction)(
72 | _In_ LPNMLISTVIEW nhdr,
73 | _In_ EXTRASCONTEXT *Context,
74 | _In_opt_ PVOID Parameter
75 | );
76 |
77 | VOID extrasSimpleListResize(
78 | _In_ HWND hwndDlg);
79 |
80 | VOID extrasSetDlgIcon(
81 | _In_ EXTRASCONTEXT* Context);
82 |
83 | VOID extrasRemoveDlgIcon(
84 | _In_ EXTRASCONTEXT* Context);
85 |
86 | VOID extrasShowDialogById(
87 | _In_ WORD DialogId);
88 |
89 | VOID extrasHandleSettingsChange(
90 | EXTRASCONTEXT* Context);
91 |
92 | //
93 | // Dialog handlers.
94 | //
95 |
96 | VOID extrasCreateCallbacksDialog(
97 | VOID);
98 |
99 | VOID extrasCreateCmOptDialog(
100 | VOID);
101 |
102 | VOID extrasCreateDriversDialog(
103 | _In_ DRIVERS_DLG_MODE Mode);
104 |
105 | VOID extrasCreateIpcDialog(
106 | _In_ IPC_DLG_MODE Mode);
107 |
108 | VOID extrasCreatePNDialog(
109 | VOID);
110 |
111 | VOID extrasCreatePsListDialog(
112 | VOID);
113 |
114 | VOID extrasCreateSLCacheDialog(
115 | VOID);
116 |
117 | VOID extrasCreateSSDTDialog(
118 | _In_ SSDT_DLG_MODE Mode);
119 |
120 | VOID extrasCreateUsdDialog(
121 | VOID);
122 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/hde/hde64.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Hacker Disassembler Engine 64
3 | * Copyright (c) 2008-2009, Vyacheslav Patkov.
4 | * All rights reserved.
5 | *
6 | * hde64.h: C/C++ header file
7 | *
8 | */
9 |
10 | #ifndef _HDE64_H_
11 | #define _HDE64_H_
12 |
13 | /* stdint.h - C99 standard header
14 | * http://en.wikipedia.org/wiki/stdint.h
15 | *
16 | * if your compiler doesn't contain "stdint.h" header (for
17 | * example, Microsoft Visual C++), you can download file:
18 | * http://www.azillionmonkeys.com/qed/pstdint.h
19 | * and change next line to:
20 | * #include "pstdint.h"
21 | */
22 | #include "pstdint.h"
23 |
24 | #define F_MODRM 0x00000001
25 | #define F_SIB 0x00000002
26 | #define F_IMM8 0x00000004
27 | #define F_IMM16 0x00000008
28 | #define F_IMM32 0x00000010
29 | #define F_IMM64 0x00000020
30 | #define F_DISP8 0x00000040
31 | #define F_DISP16 0x00000080
32 | #define F_DISP32 0x00000100
33 | #define F_RELATIVE 0x00000200
34 | #define F_ERROR 0x00001000
35 | #define F_ERROR_OPCODE 0x00002000
36 | #define F_ERROR_LENGTH 0x00004000
37 | #define F_ERROR_LOCK 0x00008000
38 | #define F_ERROR_OPERAND 0x00010000
39 | #define F_PREFIX_REPNZ 0x01000000
40 | #define F_PREFIX_REPX 0x02000000
41 | #define F_PREFIX_REP 0x03000000
42 | #define F_PREFIX_66 0x04000000
43 | #define F_PREFIX_67 0x08000000
44 | #define F_PREFIX_LOCK 0x10000000
45 | #define F_PREFIX_SEG 0x20000000
46 | #define F_PREFIX_REX 0x40000000
47 | #define F_PREFIX_ANY 0x7f000000
48 |
49 | #define PREFIX_SEGMENT_CS 0x2e
50 | #define PREFIX_SEGMENT_SS 0x36
51 | #define PREFIX_SEGMENT_DS 0x3e
52 | #define PREFIX_SEGMENT_ES 0x26
53 | #define PREFIX_SEGMENT_FS 0x64
54 | #define PREFIX_SEGMENT_GS 0x65
55 | #define PREFIX_LOCK 0xf0
56 | #define PREFIX_REPNZ 0xf2
57 | #define PREFIX_REPX 0xf3
58 | #define PREFIX_OPERAND_SIZE 0x66
59 | #define PREFIX_ADDRESS_SIZE 0x67
60 |
61 | #pragma pack(push,1)
62 |
63 | typedef struct {
64 | uint8_t len;
65 | uint8_t p_rep;
66 | uint8_t p_lock;
67 | uint8_t p_seg;
68 | uint8_t p_66;
69 | uint8_t p_67;
70 | uint8_t rex;
71 | uint8_t rex_w;
72 | uint8_t rex_r;
73 | uint8_t rex_x;
74 | uint8_t rex_b;
75 | uint8_t opcode;
76 | uint8_t opcode2;
77 | uint8_t modrm;
78 | uint8_t modrm_mod;
79 | uint8_t modrm_reg;
80 | uint8_t modrm_rm;
81 | uint8_t sib;
82 | uint8_t sib_scale;
83 | uint8_t sib_index;
84 | uint8_t sib_base;
85 | union {
86 | uint8_t imm8;
87 | uint16_t imm16;
88 | uint32_t imm32;
89 | uint64_t imm64;
90 | } imm;
91 | union {
92 | uint8_t disp8;
93 | uint16_t disp16;
94 | uint32_t disp32;
95 | } disp;
96 | uint32_t flags;
97 | } hde64s;
98 |
99 | #pragma pack(pop)
100 |
101 | #ifdef __cplusplus
102 | extern "C" {
103 | #endif
104 |
105 | /* __cdecl */
106 | unsigned int hde64_disasm(const void *code, hde64s *hs);
107 |
108 | #ifdef __cplusplus
109 | }
110 | #endif
111 |
112 | #endif /* _HDE64_H_ */
113 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/extras/extrasCallbacksPatterns.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2019 - 2025
4 | *
5 | * TITLE: EXTRASCALLBACKSPATTERNS.H
6 | *
7 | * VERSION: 2.07
8 | *
9 | * DATE: 14 May 2025
10 | *
11 | * Header with search patterns used by Callbacks dialog routines.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | //
23 | // PsAltSystemCallHandlers
24 | //
25 | #define MAX_ALT_SYSTEM_CALL_HANDLERS 2
26 |
27 | BYTE PsAltSystemCallHandlersPattern[] = {
28 | 0x4C, 0x8D, 0x35
29 | };
30 |
31 |
32 | /*+++
33 |
34 | SeCiCallbacks search patterns
35 |
36 | +++*/
37 |
38 | //Windows 8/8.1
39 | BYTE SeCiCallbacksPattern_9200_9600[] = {
40 | 0x48, 0x83, 0xEC, 0x20, 0xBF, 0x06, 0x00, 0x00, 0x00
41 | };
42 |
43 | //Windows 10 TH1/TH2
44 | BYTE SeCiCallbacksPattern_10240_10586[] = {
45 | 0x48, 0x83, 0xEC, 0x20, 0xBB, 0x98, 0x00, 0x00, 0x00
46 | };
47 |
48 | //Windows 10 RS1
49 | BYTE SeCiCallbacksPattern_14393[] = {
50 | 0x48, 0x83, 0xEC, 0x20, 0xBB, 0xB0, 0x00, 0x00, 0x00
51 | };
52 |
53 | //Windows 10 RS2/RS3
54 | BYTE SeCiCallbacksPattern_15063_16299[] = {
55 | 0x48, 0x83, 0xEC, 0x20, 0xBB, 0xC0, 0x00, 0x00, 0x00
56 | };
57 |
58 | //Windows 10 RS4/RS5
59 | BYTE SeCiCallbacksPattern_17134_17763[] = {
60 | 0x48, 0x83, 0xEC, 0x20, 0xBB, 0xD0, 0x00, 0x00, 0x00
61 | };
62 |
63 | // Instruction match pattern
64 | BYTE SeCiCallbacksMatchingPattern[] = {
65 | 0x48, 0x8D, 0x0D
66 | };
67 |
68 | //Windows 7
69 | BYTE g_CiCallbacksPattern_7601[] = {
70 | 0x8D, 0x7B, 0x06, 0x48, 0x89, 0x05
71 | };
72 |
73 | BYTE g_CiCallbacksMatchingPattern[] = {
74 | 0x48, 0x89, 0x05
75 | };
76 |
77 | #define LEA_INSTRUCTION_LENGTH_7B 7
78 | #define CI_CALLBACKS_3BYTE_INSTRUCTION_SIZE 3
79 |
80 | /*+++
81 |
82 | EmpSearchCallbackDatabase search pattern
83 |
84 | +++*/
85 | BYTE g_EmpSearchCallbackDatabase[] = { 0x48, 0x8B, 0x4E, 0xF8, 0x48, 0x85, 0xC9 };
86 | BYTE g_EmpSearchCallbackDatabase2[] = { 0x49, 0x8B, 0x4A, 0xF8, 0x48, 0x85, 0xC9 };
87 | BYTE g_EmpSearchCallbackDatabase3[] = { 0x4B, 0x8B, 0x0C, 0xDC, 0x48, 0x85, 0xC9, 0x74, 0x48 };
88 |
89 | /*+++
90 |
91 | ExpFindHost search pattern
92 |
93 | +++*/
94 |
95 | BYTE g_ExpFindHost22000_22621[] = { 0x41, 0x0F, 0xB7, 0x0E };
96 | BYTE g_ExpFindHost22631_27842[] = { 0x44, 0x89, 0x44, 0x24, 0x78 };
97 |
98 | /*+++
99 |
100 | PnpDeviceClassNotifyList search pattern
101 |
102 | +++*/
103 |
104 | //
105 | // mul ecx
106 | //
107 | BYTE g_PnpDeviceClassNotifyList_SubPattern_7601[] = { 0xF7, 0xE1 };
108 |
109 | BYTE g_PnpDeviceClassNotifyList_SubPattern_9200[] = { 0xC1, 0xEA, 0x02, 0x6B, 0xD2, 0x0D };
110 |
111 | //
112 | // shr edx, 2
113 | // imul eax, edx, 0Dh
114 | //
115 | BYTE g_PnpDeviceClassNofityList_SubPattern_9600_26080[] = { 0xC1, 0xEA, 0x02, 0x6B, 0xC2, 0x0D };
116 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/_filename.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include "minirtl.h"
3 |
4 | char *_filename_a(const char *f)
5 | {
6 | char *p = (char *)f;
7 |
8 | if (f == 0)
9 | return 0;
10 |
11 | while (*f != (char)0) {
12 | if (*f == '\\')
13 | p = (char *)f + 1;
14 | f++;
15 | }
16 | return p;
17 | }
18 |
19 | wchar_t *_filename_w(const wchar_t *f)
20 | {
21 | wchar_t *p = (wchar_t *)f;
22 |
23 | if (f == 0)
24 | return 0;
25 |
26 | while (*f != (wchar_t)0) {
27 | if (*f == (wchar_t)'\\')
28 | p = (wchar_t *)f + 1;
29 | f++;
30 | }
31 | return p;
32 | }
33 |
34 | char *_fileext_a(const char *f)
35 | {
36 | char *p = 0;
37 |
38 | if (f == 0)
39 | return 0;
40 |
41 | while (*f != (char)0) {
42 | if (*f == '.')
43 | p = (char *)f;
44 | f++;
45 | }
46 |
47 | if (p == 0)
48 | p = (char *)f;
49 |
50 | return p;
51 | }
52 |
53 | wchar_t *_fileext_w(const wchar_t *f)
54 | {
55 | wchar_t *p = 0;
56 |
57 | if (f == 0)
58 | return 0;
59 |
60 | while (*f != (wchar_t)0) {
61 | if (*f == (wchar_t)'.')
62 | p = (wchar_t *)f;
63 | f++;
64 | }
65 |
66 | if (p == 0)
67 | p = (wchar_t *)f;
68 |
69 | return p;
70 | }
71 |
72 | char *_filename_noext_a(char *dest, const char *f)
73 | {
74 | char *p, *l, *dot;
75 |
76 | if ((f == 0) || (dest == 0))
77 | return 0;
78 |
79 | p = _filename_a(f);
80 | if (p == 0)
81 | return 0;
82 |
83 | dot = _strend_a(p);
84 | if (dot == 0)
85 | return 0;
86 |
87 | l = p;
88 |
89 | while (*l != (char)0)
90 | {
91 | if (*l == '.')
92 | dot = l;
93 | l++;
94 | }
95 |
96 | while (p NumberOfBytes = MI_UNLOADED_DRIVERS * sizeof (UNLOADED_DRIVERS);
121 | //
122 | BYTE MiRememberUnloadedDriverPattern[] = {
123 | 0xBB, 0xD0, 0x07, 0x00, 0x00
124 | };
125 |
126 | //
127 | // PAGE: MiRememberUnloadedDriver
128 | //
129 | // mov reg, 7D0h ; -> NumberOfBytes = MI_UNLOADED_DRIVERS * sizeof (UNLOADED_DRIVERS);
130 | // mov ecx, 40h ;
131 | //
132 | BYTE MiRememberUnloadedDriverPattern2[] = {
133 | 0xBA, 0xD0, 0x07, 0x00, 0x00, // mov edx, 7D0h
134 | 0xB9, 0x40, 0x00, 0x00, 0x00 // mov ecx, 40h
135 | };
136 |
137 | #define FIX_WIN10_THRESHOULD_REG 0xBF
138 |
139 | BYTE MiRememberUnloadedDriverPattern24H2[] = {
140 | 0xBA, 0xD0, 0x07, 0x00, 0x00, // mov edx, 7D0h
141 | 0x41, 0x8D, 0x4E, 0x40 // lea ecx, [r14+40h]
142 | };
143 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/msvcver.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2018 - 2025
4 | *
5 | * TITLE: MSVCVER.H
6 | *
7 | * VERSION: 2.10
8 | *
9 | * DATE: 29 Nov 2025
10 | *
11 | * Visual Studio compiler version determination.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | #if defined _MSC_VER && _MSC_FULL_VER
23 |
24 | // Visual Studio 2026 (18.x)
25 | #if (_MSC_VER >= 1950)
26 | #if (_MSC_VER >= 1951)
27 | #define VC_VER L"MSVC 2026 (v18.1+)"
28 | #elif (_MSC_VER == 1950)
29 | #define VC_VER L"MSVC 2026 (v18.0)"
30 | #else
31 | #define VC_VER L"MSVC 2026"
32 | #endif
33 |
34 | // Visual Studio 2022 (17.x)
35 | #elif (_MSC_VER >= 1930 && _MSC_VER < 1950)
36 | #if (_MSC_VER >= 1938)
37 | #define VC_VER L"MSVC 2022 (v17.8)"
38 | #elif (_MSC_VER >= 1937)
39 | #define VC_VER L"MSVC 2022 (v17.7)"
40 | #elif (_MSC_VER >= 1936)
41 | #define VC_VER L"MSVC 2022 (v17.6)"
42 | #elif (_MSC_VER >= 1935)
43 | #define VC_VER L"MSVC 2022 (v17.5)"
44 | #elif (_MSC_VER >= 1934)
45 | #define VC_VER L"MSVC 2022 (v17.4)"
46 | #elif (_MSC_VER >= 1932 && _MSC_VER < 1934)
47 | #define VC_VER L"MSVC 2022 (v17.2-v17.3)"
48 | #elif (_MSC_VER >= 1931)
49 | #define VC_VER L"MSVC 2022 (v17.1)"
50 | #elif (_MSC_VER == 1930)
51 | #define VC_VER L"MSVC 2022 (v17.0)"
52 | #else
53 | #define VC_VER L"MSVC 2022"
54 | #endif
55 |
56 | // Visual Studio 2019 (16.x)
57 | #elif (_MSC_VER >= 1920 && _MSC_VER < 1930)
58 | #if (_MSC_VER == 1929)
59 | #define VC_VER L"MSVC 2019 (v16.10-v16. 11)"
60 | #elif (_MSC_VER == 1928)
61 | #define VC_VER L"MSVC 2019 (v16.8-v16.9)"
62 | #elif (_MSC_VER == 1927)
63 | #define VC_VER L"MSVC 2019 (v16.7)"
64 | #elif (_MSC_VER == 1926)
65 | #define VC_VER L"MSVC 2019 (v16.6)"
66 | #elif (_MSC_VER == 1925)
67 | #define VC_VER L"MSVC 2019 (v16.5)"
68 | #elif (_MSC_VER == 1924)
69 | #define VC_VER L"MSVC 2019 (v16. 4)"
70 | #elif (_MSC_VER == 1923)
71 | #define VC_VER L"MSVC 2019 (v16.3)"
72 | #elif (_MSC_VER == 1922)
73 | #define VC_VER L"MSVC 2019 (v16.2)"
74 | #elif (_MSC_VER == 1921)
75 | #define VC_VER L"MSVC 2019 (v16.1)"
76 | #elif (_MSC_VER == 1920)
77 | #define VC_VER L"MSVC 2019 (v16.0)"
78 | #else
79 | #define VC_VER L"MSVC 2019"
80 | #endif
81 |
82 | // Visual Studio 2017 (15.x)
83 | #elif (_MSC_VER >= 1910 && _MSC_VER < 1920)
84 | #if (_MSC_VER == 1916)
85 | #define VC_VER L"MSVC 2017 (v15.9)"
86 | #elif (_MSC_VER == 1915)
87 | #define VC_VER L"MSVC 2017 (v15.8)"
88 | #elif (_MSC_VER == 1914)
89 | #define VC_VER L"MSVC 2017 (v15.7)"
90 | #elif (_MSC_VER == 1913)
91 | #define VC_VER L"MSVC 2017 (v15. 6)"
92 | #elif (_MSC_VER == 1912)
93 | #define VC_VER L"MSVC 2017 (v15.5)"
94 | #elif (_MSC_VER == 1911)
95 | #define VC_VER L"MSVC 2017 (v15.3-v15.4)"
96 | #elif (_MSC_VER == 1910)
97 | #define VC_VER L"MSVC 2017 (v15.0-v15.2)"
98 | #else
99 | #define VC_VER L"MSVC 2017"
100 | #endif
101 |
102 | // Other versions
103 | #else
104 | #define VC_VER L"Unknown MSVC Version"
105 | #endif
106 |
107 | #else
108 | #define VC_VER L"Unknown Compiler"
109 | #endif
--------------------------------------------------------------------------------
/Source/WinObjEx64/ksymbols.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2020 - 2024
4 | *
5 | * TITLE: KSYMBOLS.H
6 | *
7 | * VERSION: 2.05
8 | *
9 | * DATE: 12 Mar 2024
10 | *
11 | * Header file for kernel symbol names.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | #define KVAR_KeServiceDescriptorTableShadow L"KeServiceDescriptorTableShadow"
22 | #define KVAR_KseEngine L"KseEngine"
23 | #define KVAR_ObHeaderCookie L"ObHeaderCookie"
24 | #define KVAR_IopInvalidDeviceRequest L"IopInvalidDeviceRequest"
25 | #define KVAR_MmUnloadedDrivers L"MmUnloadedDrivers"
26 | #define KVAR_PspHostSiloGlobals L"PspHostSiloGlobals"
27 |
28 | #define KVAR_SeCiCallbacks L"SeCiCallbacks"
29 | #define KVAR_g_CiCallbacks L"g_CiCallbacks"
30 |
31 | #define KVAR_gSessionGlobalSlots L"gSessionGlobalSlots"
32 |
33 | #define KVAR_IopFsNotifyChangeQueueHead L"IopFsNotifyChangeQueueHead"
34 | #define KVAR_RtlpDebugPrintCallbackList L"RtlpDebugPrintCallbackList"
35 | #define KVAR_PopRegisteredPowerSettingCallbacks L"PopRegisteredPowerSettingCallbacks"
36 |
37 | #define KVAR_IopCdRomFileSystemQueueHead L"IopCdRomFileSystemQueueHead"
38 | #define KVAR_IopDiskFileSystemQueueHead L"IopDiskFileSystemQueueHead"
39 | #define KVAR_IopTapeFileSystemQueueHead L"IopTapeFileSystemQueueHead"
40 | #define KVAR_IopNetworkFileSystemQueueHead L"IopNetworkFileSystemQueueHead"
41 |
42 | #define KVAR_SeFileSystemNotifyRoutinesHead L"SeFileSystemNotifyRoutinesHead"
43 | #define KVAR_SeFileSystemNotifyRoutinesExHead L"SeFileSystemNotifyRoutinesExHead"
44 |
45 | #define KVAR_IopNotifyShutdownQueueHead L"IopNotifyShutdownQueueHead"
46 | #define KVAR_IopNotifyLastChanceShutdownQueueHead L"IopNotifyLastChanceShutdownQueueHead"
47 |
48 | #define KVAR_CallbackListHead L"CallbackListHead"
49 |
50 | #define KVAR_KeBugCheckCallbackListHead L"KeBugCheckCallbackListHead"
51 | #define KVAR_KeBugCheckReasonCallbackListHead L"KeBugCheckReasonCallbackListHead"
52 |
53 | #define KVAR_PspLoadImageNotifyRoutine L"PspLoadImageNotifyRoutine"
54 | #define KVAR_PspCreateThreadNotifyRoutine L"PspCreateThreadNotifyRoutine"
55 | #define KVAR_PspCreateProcessNotifyRoutine L"PspCreateProcessNotifyRoutine"
56 |
57 | #define KVAR_DbgkLmdCallbacks L"DbgkLmdCallbacks"
58 |
59 | #define KVAR_PsAltSystemCallHandlers L"PsAltSystemCallHandlers"
60 |
61 | #define KVAR_ExpHostList L"ExpHostList"
62 |
63 | #define KVAR_PopCoalescingCallbackRoutine L"PopCoalescingCallbackRoutine"
64 | #define KVAR_PopCoalRegistrationList L"PopCoalRegistrationList"
65 |
66 | #define KVAR_PspPicoProviderRoutines L"PspPicoProviderRoutines"
67 |
68 | #define KVAR_KiNmiCallbackListHead L"KiNmiCallbackListHead"
69 |
70 | #define KVAR_PspSiloMonitorList L"PspSiloMonitorList"
71 |
72 | #define KVAR_EmpCallbackListHead L"EmpCallbackListHead"
73 |
74 | #define KVAR_PnpDeviceClassNotifyList L"PnpDeviceClassNotifyList"
75 |
76 | #define KVAR_Win32kApiSetTable L"Win32kApiSetTable"
77 |
78 | #define KFLD_UniqueProcessId L"UniqueProcessId"
79 | #define KFLD_ImageFileName L"ImageFileName"
80 |
81 | #define KSYM_EPROCESS L"_EPROCESS"
82 | #define KSYM_CONTROL_AREA L"_CONTROL_AREA"
83 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/drivers/wdbgdrv.c:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2022
4 | *
5 | * TITLE: WDBGDRV.C
6 | *
7 | * VERSION: 1.93
8 | *
9 | * DATE: 22 Apr 2022
10 | *
11 | * MS WinDbg kldbgdrv based reader.
12 | *
13 | * Note:
14 | *
15 | * Windows Debug mode is required for using this driver.
16 | *
17 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
18 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
19 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
20 | * PARTICULAR PURPOSE.
21 | *
22 | *******************************************************************************/
23 | #include "global.h"
24 | #include "wdbgdrv.h"
25 |
26 | /*
27 | * WDbgpDrvReadSystemMemoryWithStatus
28 | *
29 | * Purpose:
30 | *
31 | * Wrapper around SysDbgReadVirtual request to the KLDBGDRV/WODBGDRV
32 | *
33 | */
34 | BOOL WDbgpDrvReadSystemMemoryWithStatus(
35 | _In_ WDRV_CONTEXT* Context,
36 | _In_ ULONG_PTR Address,
37 | _Inout_ PVOID Buffer,
38 | _In_ ULONG BufferSize,
39 | _Out_opt_ PULONG NumberOfBytesRead,
40 | _Out_ NTSTATUS* Status,
41 | _Out_ PIO_STATUS_BLOCK IoStatus
42 | )
43 | {
44 | BOOL bResult;
45 | NTSTATUS ntStatus;
46 | KLDBG kldbg;
47 | IO_STATUS_BLOCK iost;
48 | SYSDBG_VIRTUAL dbgRequest;
49 |
50 | if (NumberOfBytesRead)
51 | *NumberOfBytesRead = 0;
52 |
53 | *Status = STATUS_UNSUCCESSFUL;
54 | IoStatus->Information = 0;
55 | IoStatus->Status = STATUS_UNSUCCESSFUL;
56 |
57 | //
58 | // Fill parameters for KdSystemDebugControl.
59 | //
60 | dbgRequest.Address = (PVOID)Address;
61 | dbgRequest.Buffer = Buffer;
62 | dbgRequest.Request = BufferSize;
63 |
64 | //
65 | // Fill parameters for kldbgdrv ioctl.
66 | //
67 | kldbg.SysDbgRequest = SysDbgReadVirtual;
68 | kldbg.Buffer = &dbgRequest;
69 | kldbg.BufferSize = sizeof(SYSDBG_VIRTUAL);
70 |
71 | iost.Information = 0;
72 | iost.Status = 0;
73 |
74 | ntStatus = NtDeviceIoControlFile(Context->DeviceHandle,
75 | NULL,
76 | NULL,
77 | NULL,
78 | &iost,
79 | IOCTL_KD_PASS_THROUGH,
80 | &kldbg,
81 | sizeof(kldbg),
82 | &dbgRequest,
83 | sizeof(dbgRequest));
84 |
85 | if (ntStatus == STATUS_PENDING) {
86 |
87 | ntStatus = NtWaitForSingleObject(Context->DeviceHandle,
88 | FALSE,
89 | NULL);
90 |
91 | }
92 |
93 | *Status = ntStatus;
94 |
95 | if (NT_SUCCESS(ntStatus))
96 | ntStatus = iost.Status;
97 |
98 | IoStatus->Information = iost.Information;
99 | IoStatus->Status = iost.Status;
100 |
101 | bResult = NT_SUCCESS(ntStatus);
102 |
103 | if (bResult) {
104 |
105 | if (NumberOfBytesRead)
106 | *NumberOfBytesRead = (ULONG)iost.Information;
107 |
108 | }
109 | else {
110 | //
111 | // We don't need this information in case of error.
112 | //
113 | if (!NT_ERROR(ntStatus)) {
114 | if (NumberOfBytesRead)
115 | *NumberOfBytesRead = (ULONG)iost.Information;
116 | }
117 |
118 | }
119 |
120 | return bResult;
121 | }
122 |
123 | /*
124 | * WDbgDrvReadSystemMemory
125 | *
126 | * Purpose:
127 | *
128 | * Call internal WDbgpDrvReadSystemMemoryWithStatus.
129 | *
130 | */
131 | BOOL WDbgDrvReadSystemMemory(
132 | _In_ WDRV_CONTEXT* Context,
133 | _In_ ULONG_PTR Address,
134 | _Inout_ PVOID Buffer,
135 | _In_ ULONG BufferSize,
136 | _Out_opt_ PULONG NumberOfBytesRead
137 | )
138 | {
139 | ULONG numberOfBytesRead = 0;
140 |
141 | if (NumberOfBytesRead)
142 | *NumberOfBytesRead = 0;
143 |
144 | if ((Buffer == NULL) ||
145 | (BufferSize == 0) ||
146 | (Address < g_kdctx.SystemRangeStart))
147 | {
148 | return FALSE;
149 | }
150 |
151 | BOOL bResult = WDbgpDrvReadSystemMemoryWithStatus(Context,
152 | Address,
153 | Buffer,
154 | BufferSize,
155 | &numberOfBytesRead,
156 | &Context->LastNtStatus,
157 | &Context->IoStatusBlock);
158 |
159 | if (NumberOfBytesRead)
160 | *NumberOfBytesRead = numberOfBytesRead;
161 |
162 | return bResult;
163 | }
164 |
--------------------------------------------------------------------------------
/Source/Plugins/Sonar/Sonar.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {4a1ef988-ec2c-4e01-9f42-58a21d9d7087}
18 |
19 |
20 | {cf71df74-886f-4e59-9549-bb7a5f08bd19}
21 |
22 |
23 | {cdc2911e-e806-4308-b367-3e794c15d6a0}
24 |
25 |
26 |
27 |
28 | Source Files
29 |
30 |
31 | Source Files
32 |
33 |
34 | treelist
35 |
36 |
37 | minirtl
38 |
39 |
40 | minirtl
41 |
42 |
43 | minirtl
44 |
45 |
46 | minirtl
47 |
48 |
49 | minirtl
50 |
51 |
52 | minirtl
53 |
54 |
55 | ntos
56 |
57 |
58 | minirtl
59 |
60 |
61 | minirtl
62 |
63 |
64 | minirtl
65 |
66 |
67 | Source Files
68 |
69 |
70 |
71 |
72 | Header Files
73 |
74 |
75 | Header Files
76 |
77 |
78 | Header Files
79 |
80 |
81 | Header Files
82 |
83 |
84 | Header Files
85 |
86 |
87 | Header Files
88 |
89 |
90 | Header Files
91 |
92 |
93 | treelist
94 |
95 |
96 | ntos
97 |
98 |
99 | ntos
100 |
101 |
102 | ntos
103 |
104 |
105 | Header Files
106 |
107 |
108 |
109 |
110 | Resource Files
111 |
112 |
113 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/sup/sync.c:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2022
4 | *
5 | * TITLE: SYNC.C
6 | *
7 | * VERSION: 2.00
8 | *
9 | * DATE: 19 Jun 2022
10 | *
11 | * Synchronization primitives.
12 | *
13 | *
14 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
15 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
16 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
17 | * PARTICULAR PURPOSE.
18 | *
19 | *******************************************************************************/
20 | #include "global.h"
21 |
22 | /*
23 | *
24 | * Fast events, taken from ph2
25 | *
26 | */
27 |
28 | /*
29 | * supInitFastEvent
30 | *
31 | * Purpose:
32 | *
33 | * Initialize fast event.
34 | *
35 | */
36 | VOID supInitFastEvent(
37 | _In_ PFAST_EVENT Event
38 | )
39 | {
40 | Event->Value = FAST_EVENT_REFCOUNT_INC;
41 | Event->EventHandle = NULL;
42 | }
43 |
44 | /*
45 | * supReferenceFastEvent
46 | *
47 | * Purpose:
48 | *
49 | * Make a reference for fast event.
50 | *
51 | */
52 | VOID supReferenceFastEvent(
53 | _In_ PFAST_EVENT Event
54 | )
55 | {
56 | _InterlockedExchangeAddPointer((PLONG_PTR)&Event->Value, FAST_EVENT_REFCOUNT_INC);
57 | }
58 |
59 | /*
60 | * supDereferenceFastEvent
61 | *
62 | * Purpose:
63 | *
64 | * Remove reference from fast event.
65 | *
66 | */
67 | VOID supDereferenceFastEvent(
68 | _In_ PFAST_EVENT Event,
69 | _In_opt_ HANDLE EventHandle
70 | )
71 | {
72 | ULONG_PTR value;
73 |
74 | value = _InterlockedExchangeAddPointer((PLONG_PTR)&Event->Value, -FAST_EVENT_REFCOUNT_INC);
75 | if (((value >> FAST_EVENT_REFCOUNT_SHIFT) & FAST_EVENT_REFCOUNT_MASK) - 1 == 0)
76 | {
77 | if (EventHandle)
78 | {
79 | NtClose(EventHandle);
80 | Event->EventHandle = NULL;
81 | }
82 | }
83 | }
84 |
85 | /*
86 | * supSetFastEvent
87 | *
88 | * Purpose:
89 | *
90 | * Set event to signaled state.
91 | *
92 | */
93 | VOID supSetFastEvent(
94 | _In_ PFAST_EVENT Event
95 | )
96 | {
97 | HANDLE eventHandle;
98 | if (!_InterlockedBitTestAndSetPointer((PLONG_PTR)&Event->Value, FAST_EVENT_SET_SHIFT)) {
99 | eventHandle = Event->EventHandle;
100 |
101 | if (eventHandle)
102 | {
103 | NtSetEvent(eventHandle, NULL);
104 | }
105 | }
106 | }
107 |
108 | /*
109 | * supTestFastEvent
110 | *
111 | * Purpose:
112 | *
113 | * Returns fast event state.
114 | *
115 | */
116 | BOOLEAN supTestFastEvent(
117 | _In_ PFAST_EVENT Event
118 | )
119 | {
120 | return (BOOLEAN)Event->Set;
121 | }
122 |
123 | /*
124 | * supResetFastEvent
125 | *
126 | * Purpose:
127 | *
128 | * Perform fast event manual reset.
129 | *
130 | */
131 | VOID supResetFastEvent(
132 | _In_ PFAST_EVENT Event
133 | )
134 | {
135 | if (Event == NULL)
136 | return;
137 |
138 | if (supTestFastEvent(Event))
139 | Event->Value = FAST_EVENT_REFCOUNT_INC;
140 | }
141 |
142 | /*
143 | * supWaitForFastEvent
144 | *
145 | * Purpose:
146 | *
147 | * Do the wait for event, if event object not allocated - allocate it.
148 | *
149 | */
150 | BOOLEAN supWaitForFastEvent(
151 | _In_ PFAST_EVENT Event,
152 | _In_opt_ PLARGE_INTEGER Timeout
153 | )
154 | {
155 | BOOLEAN result;
156 | ULONG_PTR value;
157 | HANDLE eventHandle;
158 |
159 | value = Event->Value;
160 | if (value & FAST_EVENT_SET)
161 | return TRUE;
162 |
163 | if (Timeout && Timeout->QuadPart == 0)
164 | return FALSE;
165 |
166 | supReferenceFastEvent(Event);
167 | eventHandle = Event->EventHandle;
168 |
169 | if (eventHandle == NULL) {
170 |
171 | NtCreateEvent(&eventHandle, EVENT_ALL_ACCESS, NULL, NotificationEvent, FALSE);
172 | assert(eventHandle);
173 |
174 | if (NULL != _InterlockedCompareExchangePointer(
175 | &Event->EventHandle,
176 | eventHandle,
177 | NULL))
178 | {
179 | NtClose(eventHandle);
180 | eventHandle = Event->EventHandle;
181 | }
182 |
183 | }
184 |
185 | if (!(Event->Value & FAST_EVENT_SET)) {
186 | result = (NtWaitForSingleObject(eventHandle, FALSE, Timeout) == STATUS_WAIT_0);
187 | }
188 | else {
189 | result = TRUE;
190 | }
191 |
192 | supDereferenceFastEvent(Event, eventHandle);
193 |
194 | return result;
195 | }
196 |
--------------------------------------------------------------------------------
/Source/Shared/treelist/treelist.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2022
4 | *
5 | * TITLE: TREELIST.H
6 | *
7 | * VERSION: 1.35
8 | *
9 | * DATE: 10 Jun 2022
10 | *
11 | * Tree-List custom control header file.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #if defined (_MSC_VER) && (_MSC_VER >= 1020)
21 | #pragma once
22 | #endif
23 |
24 | #define WC_TREELISTA "CustomTreeList"
25 | #define WC_TREELISTW L"CustomTreeList"
26 |
27 | #ifdef UNICODE
28 | #define WC_TREELIST WC_TREELISTW
29 | #else
30 | #define WC_TREELIST WC_TREELISTA
31 | #endif
32 |
33 | #define TL_TREECONTROL_SLOT 0
34 | #define TL_HEADERCONTROL_SLOT sizeof(HANDLE)
35 | #define TL_TREEWNDPROC_SLOT sizeof(HANDLE)*2
36 | #define TL_HEAP_SLOT sizeof(HANDLE)*3
37 | #define TL_TOOLTIPS_SLOT sizeof(HANDLE)*4
38 | #define TL_TOOLTIPSBUFFER_SLOT sizeof(HANDLE)*5
39 | #define TL_HEADERWNDPROC_SLOT sizeof(HANDLE)*6
40 |
41 | #define TL_SIZEOF_PRIVATEBUFFER (sizeof(TCHAR) * (MAX_PATH + 1))
42 |
43 | #define TLF_BGCOLOR_SET 0x01
44 | #define TLF_FONTCOLOR_SET 0x02
45 |
46 | #define TLSTYLE_COLAUTOEXPAND 0x01
47 | #define TLSTYLE_LINKLINES 0x02
48 |
49 | typedef struct _TL_SUBITEMS {
50 | ULONG Count;
51 | ULONG ColorFlags;
52 | COLORREF BgColor;
53 | COLORREF FontColor;
54 | PVOID UserParam;
55 | LPTSTR CustomTooltip;
56 | LPTSTR Text[1];
57 | } TL_SUBITEMS, *PTL_SUBITEMS;
58 |
59 | ATOM InitializeTreeListControl();
60 |
61 | #define TreeList_GetTreeControlWindow(hwnd) \
62 | (HWND)GetWindowLongPtr(hwnd, TL_TREECONTROL_SLOT)
63 |
64 | #define TreeList_GetTreeItem(hwnd, lpitem, subitems) \
65 | (BOOL)SNDMSG((hwnd), TVM_GETITEM, (WPARAM)(LPTVITEMEX)(lpitem), (LPARAM)(PTL_SUBITEMS *)(subitems))
66 |
67 | #define TreeList_SetTreeItem(hwnd, lpitem, subitems) \
68 | (BOOL)SNDMSG((hwnd), TVM_SETITEM, (WPARAM)(LPTVITEMEX)(lpitem), (LPARAM)(PTL_SUBITEMS *)(subitems))
69 |
70 | #define TreeList_InsertTreeItem(hwnd, lpis, subitems) \
71 | (HTREEITEM)SNDMSG((hwnd), TVM_INSERTITEM, (WPARAM)(LPTV_INSERTSTRUCT)(lpis), (LPARAM)(PTL_SUBITEMS)(subitems))
72 |
73 | #define TreeList_InsertHeaderItem(hwndHD, i, phdi) \
74 | (int)SNDMSG((hwndHD), HDM_INSERTITEM, (WPARAM)(int)(i), (LPARAM)(const HD_ITEM *)(phdi))
75 |
76 | #define TreeList_ClearTree(hwnd) \
77 | (BOOL)SNDMSG((hwnd), TVM_DELETEITEM, 0, (LPARAM)TVI_ROOT)
78 |
79 | #define TreeList_Expand(hwnd, hitem, code) \
80 | (BOOL)SNDMSG((hwnd), TVM_EXPAND, (WPARAM)(code), (LPARAM)(HTREEITEM)(hitem))
81 |
82 | #define TreeList_GetSelection(hwnd) \
83 | (HTREEITEM)SNDMSG((hwnd), TVM_GETNEXTITEM, TVGN_CARET, 0)
84 |
85 | #define TreeList_EnsureVisible(hwnd, hitem) \
86 | (BOOL)SNDMSG((hwnd), TVM_ENSUREVISIBLE, 0, (LPARAM)(HTREEITEM)(hitem))
87 |
88 | #define TreeList_GetRoot(hwnd) \
89 | (HTREEITEM)SNDMSG((hwnd), TVM_GETNEXTITEM, TVGN_ROOT, 0)
90 |
91 | #define TreeList_GetNextItem(hwnd, hitem, code) \
92 | (HTREEITEM)SNDMSG((hwnd), TVM_GETNEXTITEM, (WPARAM)(code), (LPARAM)(HTREEITEM)(hitem))
93 |
94 | #define TreeList_SetImageList(hwnd, himl, iImage) \
95 | (HIMAGELIST)SNDMSG((hwnd), TVM_SETIMAGELIST, iImage, (LPARAM)(HIMAGELIST)(himl))
96 |
97 | #define TreeList_RedrawDisable(hwnd) \
98 | SNDMSG(hwnd, WM_SETREDRAW, FALSE, 0)
99 |
100 | #define TreeList_RedrawEnableAndUpdateNow(hwnd) { SNDMSG(hwnd, WM_SETREDRAW, TRUE, 0); \
101 | RedrawWindow(hwnd, NULL, NULL, RDW_ERASE | RDW_INVALIDATE); }
102 |
103 | #define TreeList_GetChild(hwnd, hitem) TreeList_GetNextItem(hwnd, hitem, TVGN_CHILD)
104 | #define TreeList_GetNextSibling(hwnd, hitem) TreeList_GetNextItem(hwnd, hitem, TVGN_NEXT)
105 |
106 | #define TreeList_GetHeaderItem(hwndHD, i, phdi) \
107 | (int)SNDMSG((hwndHD), HDM_GETITEM, (WPARAM)(int)(i), (LPARAM)(HD_ITEM *)(phdi))
108 |
109 | #define TreeList_SetHeaderItem(hwndHD, i, phdi) \
110 | (int)SNDMSG((hwndHD), HDM_SETITEM, (WPARAM)(int)(i), (LPARAM)(const HD_ITEM *)(phdi))
111 |
112 | #define TreeList_HeaderHittest(hwndHD, phti) \
113 | (int)SNDMSG((hwndHD), HDM_HITTEST, (WPARAM)0, (LPARAM)(LPHDHITTESTINFO)(phti))
114 |
--------------------------------------------------------------------------------
/Source/Plugins/ApiSetView/ApiSetView.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {d8ef8d3d-fe7d-4908-93bf-5279accdabfe}
18 |
19 |
20 | {83c6e752-f5b5-48a7-8e6f-231cba8a450d}
21 |
22 |
23 | {315785cb-45b6-49b7-ad7e-eb6925ca5197}
24 |
25 |
26 |
27 |
28 | Source Files
29 |
30 |
31 | Source Files
32 |
33 |
34 | minirtl
35 |
36 |
37 | minirtl
38 |
39 |
40 | minirtl
41 |
42 |
43 | minirtl
44 |
45 |
46 | minirtl
47 |
48 |
49 | minirtl
50 |
51 |
52 | minirtl
53 |
54 |
55 | minirtl
56 |
57 |
58 | treelist
59 |
60 |
61 | minirtl
62 |
63 |
64 | Source Files
65 |
66 |
67 | ntos
68 |
69 |
70 | minirtl
71 |
72 |
73 | minirtl
74 |
75 |
76 |
77 |
78 | Header Files
79 |
80 |
81 | Header Files
82 |
83 |
84 | Header Files
85 |
86 |
87 | Header Files
88 |
89 |
90 | Header Files
91 |
92 |
93 | minirtl
94 |
95 |
96 | minirtl
97 |
98 |
99 | treelist
100 |
101 |
102 | Header Files
103 |
104 |
105 | ntos
106 |
107 |
108 | ntos
109 |
110 |
111 | ntos
112 |
113 |
114 |
115 |
116 | Resource Files
117 |
118 |
119 |
--------------------------------------------------------------------------------
/Source/Plugins/utils.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2020 - 2025
4 | *
5 | * TITLE: UTILS.H
6 | *
7 | * VERSION: 1.20
8 | *
9 | * DATE: 03 Oct 2025
10 | *
11 | * Common header file for the plugin support routines.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #if defined (_MSC_VER) && (_MSC_VER >= 1020)
21 | #pragma once
22 | #endif
23 |
24 | #ifndef PLUGIN_UTILS_H
25 | #define PLUGIN_UTILS_H
26 |
27 | #ifndef _WINDOWS_
28 | #include
29 | #endif
30 |
31 | #pragma warning(push)
32 | #pragma warning(disable: 4005) //macro redefinition
33 | #include
34 | #pragma warning(pop)
35 |
36 | #include "ntos/ntos.h"
37 | #include "ntos/ntsup.h"
38 | #include
39 |
40 | #define _NTDEF_
41 | #include
42 | #undef _NTDEF_
43 |
44 | #include "minirtl/minirtl.h"
45 | #include "tabs/tabsctrl.h"
46 | #include "treelist/treelist.h"
47 |
48 | #define supHeapAlloc ntsupHeapAlloc
49 | #define supHeapFree ntsupHeapFree
50 |
51 | #define DefaultSystemDpi 96
52 | #define ScaleDPI(Value, CurrentDPI) MulDiv(Value, CurrentDPI, DefaultSystemDpi)
53 |
54 | typedef struct _TL_SUBITEMS_FIXED {
55 | ULONG Count;
56 | ULONG ColorFlags;
57 | COLORREF BgColor;
58 | COLORREF FontColor;
59 | PVOID UserParam;
60 | LPTSTR CustomTooltip;
61 | LPTSTR Text[2];
62 | } TL_SUBITEMS_FIXED, * PTL_SUBITEMS_FIXED;
63 |
64 | VOID supSetWaitCursor(
65 | _In_ BOOL fSet);
66 |
67 | NTSTATUS supMapSection(
68 | _In_ HANDLE SectionHandle,
69 | _Out_ PVOID* BaseAddress,
70 | _Out_ SIZE_T* ViewSize);
71 |
72 | BOOL supSaveDialogExecute(
73 | _In_ HWND OwnerWindow,
74 | _Inout_ LPWSTR SaveFileName,
75 | _In_ LPWSTR lpDialogFilter);
76 |
77 | BOOL supListViewExportToFile(
78 | _In_ LPWSTR FileName,
79 | _In_ HWND WindowHandle,
80 | _In_ HWND ListView,
81 | _In_ LPWSTR FileFilter);
82 |
83 | VOID supStatusBarSetText(
84 | _In_ HWND hwndStatusBar,
85 | _In_ WPARAM partIndex,
86 | _In_ LPWSTR lpText);
87 |
88 | HTREEITEM supTreeListAddItem(
89 | _In_ HWND TreeList,
90 | _In_opt_ HTREEITEM hParent,
91 | _In_ UINT mask,
92 | _In_ UINT state,
93 | _In_ UINT stateMask,
94 | _In_opt_ LPWSTR pszText,
95 | _In_opt_ PVOID subitems);
96 |
97 | INT supAddListViewColumn(
98 | _In_ HWND ListViewHwnd,
99 | _In_ INT ColumnIndex,
100 | _In_ INT SubItemIndex,
101 | _In_ INT OrderIndex,
102 | _In_ INT ImageIndex,
103 | _In_ INT Format,
104 | _In_ LPWSTR Text,
105 | _In_ INT Width,
106 | _In_ INT DpiValue);
107 |
108 | BOOL supListViewAddCopyValueItem(
109 | _In_ HMENU hMenu,
110 | _In_ HWND hwndLv,
111 | _In_ UINT uId,
112 | _In_ UINT uPos,
113 | _In_ POINT* lpPoint,
114 | _Out_ INT* pItemHit,
115 | _Out_ INT* pColumnHit);
116 |
117 | LPWSTR supGetItemText(
118 | _In_ HWND ListView,
119 | _In_ INT nItem,
120 | _In_ INT nSubItem,
121 | _Out_opt_ PSIZE_T lpSize);
122 |
123 | VOID supClipboardCopy(
124 | _In_ LPWSTR lpText,
125 | _In_ SIZE_T cbText);
126 |
127 | BOOL supListViewCopyItemValueToClipboard(
128 | _In_ HWND hwndListView,
129 | _In_ INT iItem,
130 | _In_ INT iSubItem);
131 |
132 | _Success_(return)
133 | BOOL supFreeDuplicatedUnicodeString(
134 | _In_ HANDLE HeapHandle,
135 | _Inout_ PUNICODE_STRING DuplicatedString,
136 | _In_ BOOL DoZeroMemory);
137 |
138 | _Success_(return)
139 | BOOL supDuplicateUnicodeString(
140 | _In_ HANDLE HeapHandle,
141 | _Out_ PUNICODE_STRING DestinationString,
142 | _In_ PUNICODE_STRING SourceString);
143 |
144 | BOOL supTreeListAddCopyValueItem(
145 | _In_ HMENU hMenu,
146 | _In_ HWND hwndTreeList,
147 | _In_ UINT uId,
148 | _In_ UINT uPos,
149 | _In_ LPARAM lParam,
150 | _In_ INT * pSubItemHit);
151 |
152 | BOOL supGetWin32FileName(
153 | _In_ LPWSTR FileName,
154 | _Inout_ LPWSTR Win32FileName,
155 | _In_ SIZE_T ccWin32FileName);
156 |
157 | INT supGetMaxCompareTwoFixedStrings(
158 | _In_ HWND ListView,
159 | _In_ LPARAM lParam1,
160 | _In_ LPARAM lParam2,
161 | _In_ LPARAM lParamSort,
162 | _In_ BOOL Inverse);
163 |
164 | INT supGetMaxOfTwoU64FromHex(
165 | _In_ HWND ListView,
166 | _In_ LPARAM lParam1,
167 | _In_ LPARAM lParam2,
168 | _In_ LPARAM lParamSort,
169 | _In_ BOOL Inverse);
170 |
171 | BOOL supTreeListCopyItemValueToClipboard(
172 | _In_ HWND hwndTreeList,
173 | _In_ INT tlSubItemHit);
174 |
175 | #endif /* PLUGIN_UTILS_H */
176 |
--------------------------------------------------------------------------------
/Source/Shared/minirtl/minirtl.h:
--------------------------------------------------------------------------------
1 | /*
2 | Module name:
3 | minirtl.h
4 |
5 | Description:
6 | header for string handling and conversion routines
7 |
8 | Date:
9 | 4 Oct 2020
10 | */
11 |
12 | #pragma once
13 |
14 | #ifndef _MINIRTL_
15 | #define _MINIRTL_
16 |
17 | // string copy/concat/length
18 |
19 | char *_strend_a(const char *s);
20 | wchar_t *_strend_w(const wchar_t *s);
21 |
22 | char *_strcpy_a(char *dest, const char *src);
23 | wchar_t *_strcpy_w(wchar_t *dest, const wchar_t *src);
24 |
25 | char *_strcat_a(char *dest, const char *src);
26 | wchar_t *_strcat_w(wchar_t *dest, const wchar_t *src);
27 |
28 | char *_strncpy_a(char *dest, size_t ccdest, const char *src, size_t ccsrc);
29 | wchar_t *_strncpy_w(wchar_t *dest, size_t ccdest, const wchar_t *src, size_t ccsrc);
30 |
31 | char *_strcpyn_a(char* dest, const char* src, size_t n);
32 | wchar_t *_strcpyn_w(wchar_t* dest, const wchar_t* src, size_t n);
33 |
34 | size_t _strlen_a(const char *s);
35 | size_t _strlen_w(const wchar_t *s);
36 |
37 | // comparing
38 |
39 | int _strcmp_a(const char *s1, const char *s2);
40 | int _strcmp_w(const wchar_t *s1, const wchar_t *s2);
41 |
42 | int _strncmp_a(const char *s1, const char *s2, size_t cchars);
43 | int _strncmp_w(const wchar_t *s1, const wchar_t *s2, size_t cchars);
44 |
45 | int _strcmpi_a(const char *s1, const char *s2);
46 | int _strcmpi_w(const wchar_t *s1, const wchar_t *s2);
47 |
48 | int _strncmpi_a(const char *s1, const char *s2, size_t cchars);
49 | int _strncmpi_w(const wchar_t *s1, const wchar_t *s2, size_t cchars);
50 |
51 | char *_strstr_a(const char *s, const char *sub_s);
52 | wchar_t *_strstr_w(const wchar_t *s, const wchar_t *sub_s);
53 |
54 | char *_strstri_a(const char *s, const char *sub_s);
55 | wchar_t *_strstri_w(const wchar_t *s, const wchar_t *sub_s);
56 |
57 | char *_strchr_a(const char *s, const char ch);
58 | wchar_t *_strchr_w(const wchar_t *s, const wchar_t ch);
59 |
60 |
61 | // conversion of integer types to string, returning string length
62 |
63 | size_t ultostr_a(unsigned long x, char *s);
64 | size_t ultostr_w(unsigned long x, wchar_t *s);
65 |
66 | size_t ultohex_a(unsigned long x, char *s);
67 | size_t ultohex_w(unsigned long x, wchar_t *s);
68 |
69 | size_t itostr_a(int x, char *s);
70 | size_t itostr_w(int x, wchar_t *s);
71 |
72 | size_t i64tostr_a(signed long long x, char *s);
73 | size_t i64tostr_w(signed long long x, wchar_t *s);
74 |
75 | size_t u64tostr_a(unsigned long long x, char *s);
76 | size_t u64tostr_w(unsigned long long x, wchar_t *s);
77 |
78 | size_t u64tohex_a(unsigned long long x, char *s);
79 | size_t u64tohex_w(unsigned long long x, wchar_t *s);
80 |
81 | // string to integers conversion
82 |
83 | unsigned long strtoul_a(char *s);
84 | unsigned long strtoul_w(wchar_t *s);
85 |
86 | unsigned long long strtou64_a(char *s);
87 | unsigned long long strtou64_w(wchar_t *s);
88 |
89 | unsigned long hextoul_a(char *s);
90 | unsigned long hextoul_w(wchar_t *s);
91 |
92 | int strtoi_a(char *s);
93 | int strtoi_w(wchar_t *s);
94 |
95 | signed long long strtoi64_a(char *s);
96 | signed long long strtoi64_w(wchar_t *s);
97 |
98 | unsigned long long hextou64_a(char *s);
99 | unsigned long long hextou64_w(wchar_t *s);
100 |
101 | /* =================================== */
102 |
103 | #ifdef UNICODE
104 |
105 | #define _strend _strend_w
106 | #define _strcpy _strcpy_w
107 | #define _strcat _strcat_w
108 | #define _strlen _strlen_w
109 | #define _strncpy _strncpy_w
110 | #define _strcpyn _strcpyn_w
111 |
112 | #define _strcmp _strcmp_w
113 | #define _strncmp _strncmp_w
114 | #define _strcmpi _strcmpi_w
115 | #define _strncmpi _strncmpi_w
116 | #define _strstr _strstr_w
117 | #define _strstri _strstri_w
118 | #define _strchr _strchr_w
119 |
120 | #define ultostr ultostr_w
121 | #define ultohex ultohex_w
122 | #define itostr itostr_w
123 | #define i64tostr i64tostr_w
124 | #define u64tostr u64tostr_w
125 | #define u64tohex u64tohex_w
126 |
127 | #define _strtoul strtoul_w
128 | #define hextoul hextoul_w
129 | #define strtoi strtoi_w
130 | #define strtoi64 strtoi64_w
131 | #define strtou64 strtou64_w
132 | #define hextou64 hextou64_w
133 |
134 | #else // ANSI
135 |
136 | #define _strend _strend_a
137 | #define _strcpy _strcpy_a
138 | #define _strcat _strcat_a
139 | #define _strlen _strlen_a
140 | #define _strncpy _strncpy_a
141 | #define _strcpyn _strcpyn_a
142 |
143 | #define _strcmp _strcmp_a
144 | #define _strncmp _strncmp_a
145 | #define _strcmpi _strcmpi_a
146 | #define _strncmpi _strncmpi_a
147 | #define _strstr _strstr_a
148 | #define _strstri _strstri_a
149 | #define _strchr _strchr_a
150 |
151 | #define ultostr ultostr_a
152 | #define ultohex ultohex_a
153 | #define itostr itostr_a
154 | #define i64tostr i64tostr_a
155 | #define u64tostr u64tostr_a
156 | #define u64tohex u64tohex_a
157 |
158 | #define _strtoul strtoul_a
159 | #define hextoul hextoul_a
160 | #define strtoi strtoi_a
161 | #define strtoi64 strtoi64_a
162 | #define strtou64 strtou64_a
163 | #define hextou64 hextou64_a
164 |
165 | #endif
166 |
167 | #endif /* _MINIRTL_ */
168 |
--------------------------------------------------------------------------------
/Source/Plugins/ImageScope/ImageScope.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {d2825bdd-fe43-4ebf-9d7e-93f70bee0a6f}
18 |
19 |
20 | {3fc49280-92ec-4638-ae24-6144bed64c6e}
21 |
22 |
23 | {47476539-9197-402f-8e71-0bd5fcb07914}
24 |
25 |
26 | {fbb5d080-c089-4398-bc97-6a35b013bcb7}
27 |
28 |
29 | {d9dffc49-f34e-4cb2-9938-e1a6bc53a50b}
30 |
31 |
32 |
33 |
34 | Source Files
35 |
36 |
37 | Source Files
38 |
39 |
40 | minirtl
41 |
42 |
43 | tabs
44 |
45 |
46 | Source Files
47 |
48 |
49 | minirtl
50 |
51 |
52 | minirtl
53 |
54 |
55 | treelist
56 |
57 |
58 | minirtl
59 |
60 |
61 | ntos
62 |
63 |
64 | minirtl
65 |
66 |
67 | minirtl
68 |
69 |
70 | minirtl
71 |
72 |
73 | minirtl
74 |
75 |
76 | Source Files
77 |
78 |
79 | minirtl
80 |
81 |
82 | minirtl
83 |
84 |
85 |
86 |
87 | Header Files
88 |
89 |
90 | Header Files
91 |
92 |
93 | ntos
94 |
95 |
96 | Header Files
97 |
98 |
99 | Header Files
100 |
101 |
102 | Header Files
103 |
104 |
105 | minirtl
106 |
107 |
108 | minirtl
109 |
110 |
111 | tabs
112 |
113 |
114 | treelist
115 |
116 |
117 | sdk
118 |
119 |
120 | ntos
121 |
122 |
123 | Header Files
124 |
125 |
126 |
127 |
128 | Resource Files
129 |
130 |
131 |
--------------------------------------------------------------------------------
/Source/Utils/GenAsIo2Unlock/GenAsIo2Unlock.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | x64
7 |
8 |
9 | Release
10 | x64
11 |
12 |
13 |
14 | 16.0
15 | Win32Proj
16 | {19a7ef82-4431-4167-aac9-57fa29b1ae21}
17 | GenAsusUnlock
18 | 10.0
19 | GenAsIo2Unlock
20 |
21 |
22 |
23 | Application
24 | true
25 | v142
26 | Unicode
27 |
28 |
29 | Application
30 | false
31 | v142
32 | true
33 | Unicode
34 | false
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 | true
50 | .\output\$(Platform)\$(Configuration)\
51 | .\output\$(Platform)\$(Configuration)\
52 |
53 |
54 | false
55 | .\output\$(Platform)\$(Configuration)\
56 | .\output\$(Platform)\$(Configuration)\
57 | true
58 |
59 |
60 |
61 | Level3
62 | true
63 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
64 | true
65 |
66 |
67 | Console
68 | true
69 |
70 |
71 |
72 |
73 | Level4
74 | true
75 | true
76 | true
77 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
78 | true
79 | MultiThreaded
80 | true
81 | Guard
82 |
83 |
84 | Console
85 | true
86 | true
87 | false
88 | /NOCOFFGRPINFO %(AdditionalOptions)
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/props/props.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2015 - 2024
4 | *
5 | * TITLE: PROPS.H
6 | *
7 | * VERSION: 2.05
8 | *
9 | * DATE: 11 Mar 2024
10 | *
11 | * Common header file for properties dialog definitions.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 |
20 | #pragma once
21 |
22 | //
23 | // Dialog procs.
24 | //
25 |
26 | INT_PTR CALLBACK AlpcPortListDialogProc(
27 | _In_ HWND hwndDlg,
28 | _In_ UINT uMsg,
29 | _In_ WPARAM wParam,
30 | _In_ LPARAM lParam);
31 |
32 | INT_PTR CALLBACK BasicPropDialogProc(
33 | _In_ HWND hwndDlg,
34 | _In_ UINT uMsg,
35 | _In_ WPARAM wParam,
36 | _In_ LPARAM lParam);
37 |
38 | INT_PTR CALLBACK DesktopListDialogProc(
39 | _In_ HWND hwndDlg,
40 | _In_ UINT uMsg,
41 | _In_ WPARAM wParam,
42 | _In_ LPARAM lParam);
43 |
44 | INT_PTR CALLBACK DriverRegistryDialogProc(
45 | _In_ HWND hwndDlg,
46 | _In_ UINT uMsg,
47 | _In_ WPARAM wParam,
48 | _In_ LPARAM lParam);
49 |
50 | INT_PTR CALLBACK ObjectDumpDialogProc(
51 | _In_ HWND hwndDlg,
52 | _In_ UINT uMsg,
53 | _In_ WPARAM wParam,
54 | _In_ LPARAM lParam);
55 |
56 | INT_PTR CALLBACK ProcessListDialogProc(
57 | _In_ HWND hwndDlg,
58 | _In_ UINT uMsg,
59 | _In_ WPARAM wParam,
60 | _In_ LPARAM lParam);
61 |
62 | INT_PTR CALLBACK SectionPropertiesDialogProc(
63 | _In_ HWND hwndDlg,
64 | _In_ UINT uMsg,
65 | _In_ WPARAM wParam,
66 | _In_ LPARAM lParam);
67 |
68 | INT_PTR CALLBACK TokenPageDialogProc(
69 | _In_ HWND hwndDlg,
70 | _In_ UINT uMsg,
71 | _In_ WPARAM wParam,
72 | _In_ LPARAM lParam);
73 |
74 | INT_PTR CALLBACK TypePropDialogProc(
75 | _In_ HWND hwndDlg,
76 | _In_ UINT uMsg,
77 | _In_ WPARAM wParam,
78 | _In_ LPARAM lParam);
79 |
80 | //
81 | // Security page.
82 | //
83 | HPROPSHEETPAGE propSecurityCreatePage(
84 | _In_ PROP_OBJECT_INFO* Context,
85 | _In_ POPENOBJECTMETHOD OpenObjectMethod,
86 | _In_opt_ PCLOSEOBJECTMETHOD CloseObjectMethod,
87 | _In_ ULONG psiFlags);
88 |
89 | //
90 | // Object dump
91 | //
92 | HTREEITEM propObDumpUlong(
93 | _In_ HWND TreeList,
94 | _In_ HTREEITEM hParent,
95 | _In_ LPWSTR lpszName,
96 | _In_opt_ LPWSTR lpszDesc,
97 | _In_ ULONG Value,
98 | _In_ BOOL HexDump,
99 | _In_ BOOL IsUShort,
100 | _In_ COLORREF BgColor,
101 | _In_ COLORREF FontColor);
102 |
103 | VOID propObDumpUlong64(
104 | _In_ HWND TreeList,
105 | _In_ HTREEITEM hParent,
106 | _In_ LPWSTR lpszName,
107 | _In_opt_ LPWSTR lpszDesc,
108 | _In_ ULONG64 Value,
109 | _In_ BOOL OutAsHex,
110 | _In_ COLORREF BgColor,
111 | _In_ COLORREF FontColor);
112 |
113 | VOID propObDumpByte(
114 | _In_ HWND TreeList,
115 | _In_ HTREEITEM hParent,
116 | _In_ LPWSTR lpszName,
117 | _In_opt_ LPWSTR lpszDesc,
118 | _In_ BYTE Value,
119 | _In_ COLORREF BgColor,
120 | _In_ COLORREF FontColor,
121 | _In_ BOOL IsBool);
122 |
123 | HTREEITEM propObDumpAddress(
124 | _In_ HWND TreeList,
125 | _In_ HTREEITEM hParent,
126 | _In_ LPWSTR lpszName,
127 | _In_opt_ LPWSTR lpszDesc,
128 | _In_opt_ PVOID Address,
129 | _In_ COLORREF BgColor,
130 | _In_ COLORREF FontColor);
131 |
132 | HTREEITEM propObDumpSetString(
133 | _In_ HWND TreeList,
134 | _In_ HTREEITEM hParent,
135 | _In_ LPWSTR lpszName,
136 | _In_opt_ LPWSTR lpszDesc,
137 | _In_opt_ LPWSTR lpszValue,
138 | _In_ COLORREF BgColor,
139 | _In_ COLORREF FontColor);
140 |
141 | HTREEITEM propObDumpLong(
142 | _In_ HWND TreeList,
143 | _In_ HTREEITEM hParent,
144 | _In_ LPWSTR lpszName,
145 | _In_opt_ LPWSTR lpszDesc,
146 | _In_ LONG Value,
147 | _In_ BOOL HexDump,
148 | _In_ COLORREF BgColor,
149 | _In_ COLORREF FontColor);
150 |
151 | VOID propObDumpLong64(
152 | _In_ HWND TreeList,
153 | _In_ HTREEITEM hParent,
154 | _In_ LPWSTR lpszName,
155 | _In_opt_ LPWSTR lpszDesc,
156 | _In_opt_ LONG64 Value,
157 | _In_ BOOL OutAsHex,
158 | _In_ COLORREF BgColor,
159 | _In_ COLORREF FontColor);
160 |
161 | VOID propObDumpListEntry(
162 | _In_ HWND TreeList,
163 | _In_ HTREEITEM hParent,
164 | _In_ LPWSTR ListEntryName,
165 | _In_opt_ PLIST_ENTRY ListEntry);
166 |
167 | VOID propObDumpUSHORT(
168 | _In_ HWND TreeList,
169 | _In_ HTREEITEM hParent,
170 | _In_ LPWSTR Name,
171 | _In_ USHORT Value,
172 | _In_ BOOLEAN HexOutput);
173 |
174 | VOID propObDumpUnicodeString(
175 | _In_ HWND TreeList,
176 | _In_ HTREEITEM hParent,
177 | _In_ LPWSTR StringName,
178 | _In_ PUNICODE_STRING InputString,
179 | _In_ BOOLEAN IsKernelPointer);
180 |
181 | VOID propDumpEnumWithNames(
182 | _In_ HWND TreeList,
183 | _In_ HTREEITEM ParentItem,
184 | _In_ LPWSTR EnumName,
185 | _In_ ULONG EnumValue,
186 | _In_ PVALUE_DESC EnumNames,
187 | _In_ ULONG EnumNamesCount);
188 |
--------------------------------------------------------------------------------
/Source/WinObjEx64/drivers/wdrvprv.h:
--------------------------------------------------------------------------------
1 | /*******************************************************************************
2 | *
3 | * (C) COPYRIGHT AUTHORS, 2022 - 2025
4 | *
5 | * TITLE: WDRVPRV.H
6 | *
7 | * VERSION: 2.09
8 | *
9 | * DATE: 20 Aug 2025
10 | *
11 | * Common header file for WinObjEx64 driver providers.
12 | *
13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
16 | * PARTICULAR PURPOSE.
17 | *
18 | *******************************************************************************/
19 | #pragma once
20 |
21 | typedef enum _WDRVPRVTYPE {
22 | // Microsoft WinDbg driver
23 | wdrvMicrosoft = 0,
24 | // WinObjEx64 driver
25 | wdrvWinObjEx64 = 1,
26 | // WinIO based driver
27 | wdrvWinIo = 2,
28 | // Rkhdrv series driver deprecated
29 | // Alice driver
30 | wdrvAlice = 4,
31 | // Ronova kernel driver
32 | wdrvRonova = 5,
33 | wdrvMax
34 | } WDRVPRVTYPE;
35 |
36 | //
37 | // Providers abstraction interface.
38 | //
39 |
40 | typedef struct _WDRV_CONTEXT* PWDRV_CONTEXT;
41 |
42 | //
43 | // Prototype for read physical memory function.
44 | //
45 | typedef NTSTATUS(WINAPI* provReadPhysicalMemory)(
46 | _In_ HANDLE DeviceHandle,
47 | _In_ ULONG_PTR PhysicalAddress,
48 | _In_ PVOID Buffer,
49 | _In_ ULONG NumberOfBytes);
50 |
51 | //
52 | // Prototype for query PML4 value function.
53 | //
54 | typedef NTSTATUS(WINAPI* provQueryPML4)(
55 | _In_ HANDLE DeviceHandle,
56 | _Out_ ULONG_PTR* Value);
57 |
58 | //
59 | // Prototype for read kernel virtual memory function.
60 | //
61 | typedef BOOL(WINAPI* provReadSystemMemory)(
62 | _In_ struct _WDRV_CONTEXT* Context,
63 | _In_ ULONG_PTR Address,
64 | _Inout_ PVOID Buffer,
65 | _In_ ULONG BufferSize,
66 | _Out_opt_ PULONG NumberOfBytesRead);
67 |
68 | //
69 | // Prototype for driver registering/unlocking function.
70 | //
71 | typedef BOOL(WINAPI* provRegisterDriver)(
72 | _In_ HANDLE DeviceHandle,
73 | _In_opt_ PVOID Param);
74 |
75 | //
76 | // Prototype for driver unregistering function.
77 | //
78 | typedef BOOL(WINAPI* provUnregisterDriver)(
79 | _In_ HANDLE DeviceHandle,
80 | _In_opt_ PVOID Param);
81 |
82 | //
83 | // Prototype for driver specific pre-open actions.
84 | //
85 | typedef BOOL(WINAPI* provPreOpenDriver)(
86 | _In_opt_ PVOID Param
87 | );
88 |
89 | //
90 | // Prototype for driver specific post-open actions.
91 | //
92 | typedef BOOL(WINAPI* provPostOpenDriver)(
93 | _In_opt_ PVOID Param
94 | );
95 |
96 | //
97 | // Start/Stop/Open prototypes.
98 | //
99 | typedef NTSTATUS(WINAPI* provStartDriver)(
100 | _In_ struct _WDRV_CONTEXT* Context
101 | );
102 | typedef void(WINAPI* provStopDriver)(
103 | _In_ struct _WDRV_CONTEXT* Context
104 | );
105 | typedef NTSTATUS(WINAPI* provOpenDriver)(
106 | _In_ struct _WDRV_CONTEXT* Context
107 | );
108 |
109 | //
110 | // No optional provider flags specified, this is default value.
111 | //
112 | #define WDRVPROV_FLAGS_NONE 0x00000000
113 |
114 | //
115 | // Provider requires UEFI firmware type.
116 | //
117 | #define WDRVPROV_FLAGS_UEFI_REQUIRED 0x00000001
118 |
119 | //
120 | // Set System/Admin-only security descriptor to the provider driver device.
121 | //
122 | #define WDRVPROV_FLAGS_FORCE_SD 0x00000002
123 |
124 | //
125 | // Do not unload, driver does not support this.
126 | //
127 | #define WDRVPROV_FLAGS_NO_UNLOAD_SUP 0x00000004
128 |
129 |
130 | typedef struct _WDRV_PROVIDER {
131 | LPWSTR DriverName; // file name only
132 | LPWSTR DeviceName; // device name only
133 |
134 | union {
135 | ULONG Flags;
136 | struct {
137 | ULONG UefiRequired : 1;
138 | ULONG ForceSD : 1;
139 | ULONG NoUnloadSupported : 1;
140 | ULONG Reserved : 29;
141 | };
142 | };
143 |
144 | struct {
145 | provStartDriver StartDriver;
146 | provStopDriver StopDriver;
147 | provOpenDriver OpenDriver;
148 |
149 | provRegisterDriver RegisterDriver; //optional
150 | provUnregisterDriver UnregisterDriver; //optional
151 |
152 | provPreOpenDriver PreOpenDriver; //optional;
153 | provPostOpenDriver PostOpenDriver; //optional;
154 |
155 | provReadSystemMemory ReadSystemMemory;
156 | } Callbacks;
157 |
158 | } WDRV_PROVIDER, * PWDRV_PROVIDER;
159 |
160 | typedef struct _WDRV_CONTEXT {
161 |
162 | BOOL IsOurLoad;
163 |
164 | NTSTATUS LoadStatus;
165 | NTSTATUS OpenStatus;
166 |
167 | HANDLE DeviceHandle;
168 | PWDRV_PROVIDER Provider;
169 |
170 | //full file name to the driver
171 | WCHAR DriverFileName[MAX_PATH * 2];
172 |
173 | NTSTATUS LastNtStatus;
174 | IO_STATUS_BLOCK IoStatusBlock;
175 |
176 | } WDRV_CONTEXT, * PWDRV_CONTEXT;
177 |
178 | WDRVPRVTYPE WDrvGetActiveProviderType(
179 | VOID);
180 |
181 | BOOL WINAPI WDrvProvPostOpen(
182 | _In_ PVOID Param);
183 |
184 | NTSTATUS WDrvStartDriver(
185 | _In_ PWDRV_CONTEXT Context);
186 |
187 | VOID WDrvStopDriver(
188 | _In_ PWDRV_CONTEXT Context);
189 |
190 | NTSTATUS WDrvOpenDriver(
191 | _In_ PWDRV_CONTEXT Context);
192 |
193 | NTSTATUS WDrvProvCreate(
194 | _In_ FIRMWARE_TYPE FirmwareType,
195 | _Out_ PWDRV_CONTEXT Context);
196 |
197 | VOID WDrvProvRelease(
198 | _In_ PWDRV_CONTEXT Context);
199 |
200 | NTSTATUS PwVirtualToPhysical(
201 | _In_ HANDLE DeviceHandle,
202 | _In_ provQueryPML4 QueryPML4Routine,
203 | _In_ provReadPhysicalMemory ReadPhysicalMemoryRoutine,
204 | _In_ ULONG_PTR VirtualAddress,
205 | _Out_ ULONG_PTR* PhysicalAddress);
206 |
--------------------------------------------------------------------------------