├── .gitattributes
├── .gitignore
├── README.md
├── RemoveFlagTest.sln
└── RemoveFlagTestKernel
├── CRT
├── Ntddk.hpp
├── c_alloc.cc
├── c_alloc.h
├── corecrt.cc
├── corecrt.h
├── macro.h
├── new.cc
├── new.h
├── stlcrt.cc
└── stlcrt.h
├── RemoveFlagTestKernel.vcxproj
├── RemoveFlagTestKernel.vcxproj.filters
├── Wdk.h
├── Wdk
├── Cm
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── CmKernel.inl
├── CmStruct.inl
├── Dbg
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── DbgKernel.inl
├── DbgStruct.inl
├── Ex
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── ExKernel.inl
├── ExStruct.inl
├── Fs
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── FsKernel.inl
├── FsStruct.inl
├── Io
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── IoKernel.inl
├── IoStruct.inl
├── Ke
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── KeKernel.inl
├── KeStruct.inl
├── LPC
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── LPCKernel.inl
├── LPCStruct.inl
├── Mm
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── MmKernel.inl
├── MmStruct.inl
├── Native.inl
├── NetKernel.inl
├── NetStruct.inl
├── Ob
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── ObKernel.inl
├── ObStruct.inl
├── Ps
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── PsKernel.inl
├── PsStruct.inl
├── Rtl
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── RtlKernel.inl
├── RtlStruct.inl
├── Se
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── SeKernel.inl
├── SeMacro.inl
├── SeStruct.inl
├── Ts
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── TsKernel.inl
├── TsStruct.inl
├── Wmi
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── WmiKernel.inl
├── WmiStruct.inl
├── Zw
│ ├── build_10240.inl
│ ├── build_10586.inl
│ ├── build_14393.inl
│ ├── build_15063.inl
│ ├── build_16299.inl
│ ├── build_17134.inl
│ ├── build_17763.inl
│ ├── build_7600.inl
│ ├── build_7601.inl
│ ├── build_9200.inl
│ └── build_9600.inl
├── ZwKernel.inl
└── ZwStruct.inl
└── main.cpp
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
64 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 |
4 | # User-specific files
5 | *.suo
6 | *.user
7 | *.userosscache
8 | *.sln.docstates
9 |
10 | # User-specific files (MonoDevelop/Xamarin Studio)
11 | *.userprefs
12 |
13 | # Build results
14 | [Dd]ebug/
15 | [Dd]ebugPublic/
16 | [Rr]elease/
17 | [Rr]eleases/
18 | x64/
19 | x86/
20 | bld/
21 | [Bb]in/
22 | [Oo]bj/
23 | [Ll]og/
24 |
25 | # Visual Studio 2015 cache/options directory
26 | .vs/
27 | # Uncomment if you have tasks that create the project's static files in wwwroot
28 | #wwwroot/
29 |
30 | # MSTest test Results
31 | [Tt]est[Rr]esult*/
32 | [Bb]uild[Ll]og.*
33 |
34 | # NUNIT
35 | *.VisualState.xml
36 | TestResult.xml
37 |
38 | # Build Results of an ATL Project
39 | [Dd]ebugPS/
40 | [Rr]eleasePS/
41 | dlldata.c
42 |
43 | # DNX
44 | project.lock.json
45 | project.fragment.lock.json
46 | artifacts/
47 |
48 | *_i.c
49 | *_p.c
50 | *_i.h
51 | *.ilk
52 | *.meta
53 | *.obj
54 | *.pch
55 | *.pdb
56 | *.pgc
57 | *.pgd
58 | *.rsp
59 | *.sbr
60 | *.tlb
61 | *.tli
62 | *.tlh
63 | *.tmp
64 | *.tmp_proj
65 | *.log
66 | *.vspscc
67 | *.vssscc
68 | .builds
69 | *.pidb
70 | *.svclog
71 | *.scc
72 |
73 | # Chutzpah Test files
74 | _Chutzpah*
75 |
76 | # Visual C++ cache files
77 | ipch/
78 | *.aps
79 | *.ncb
80 | *.opendb
81 | *.opensdf
82 | *.sdf
83 | *.cachefile
84 | *.VC.db
85 | *.VC.VC.opendb
86 |
87 | # Visual Studio profiler
88 | *.psess
89 | *.vsp
90 | *.vspx
91 | *.sap
92 |
93 | # TFS 2012 Local Workspace
94 | $tf/
95 |
96 | # Guidance Automation Toolkit
97 | *.gpState
98 |
99 | # ReSharper is a .NET coding add-in
100 | _ReSharper*/
101 | *.[Rr]e[Ss]harper
102 | *.DotSettings.user
103 |
104 | # JustCode is a .NET coding add-in
105 | .JustCode
106 |
107 | # TeamCity is a build add-in
108 | _TeamCity*
109 |
110 | # DotCover is a Code Coverage Tool
111 | *.dotCover
112 |
113 | # NCrunch
114 | _NCrunch_*
115 | .*crunch*.local.xml
116 | nCrunchTemp_*
117 |
118 | # MightyMoose
119 | *.mm.*
120 | AutoTest.Net/
121 |
122 | # Web workbench (sass)
123 | .sass-cache/
124 |
125 | # Installshield output folder
126 | [Ee]xpress/
127 |
128 | # DocProject is a documentation generator add-in
129 | DocProject/buildhelp/
130 | DocProject/Help/*.HxT
131 | DocProject/Help/*.HxC
132 | DocProject/Help/*.hhc
133 | DocProject/Help/*.hhk
134 | DocProject/Help/*.hhp
135 | DocProject/Help/Html2
136 | DocProject/Help/html
137 |
138 | # Click-Once directory
139 | publish/
140 |
141 | # Publish Web Output
142 | *.[Pp]ublish.xml
143 | *.azurePubxml
144 | # TODO: Comment the next line if you want to checkin your web deploy settings
145 | # but database connection strings (with potential passwords) will be unencrypted
146 | #*.pubxml
147 | *.publishproj
148 |
149 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
150 | # checkin your Azure Web App publish settings, but sensitive information contained
151 | # in these scripts will be unencrypted
152 | PublishScripts/
153 |
154 | # NuGet Packages
155 | *.nupkg
156 | # The packages folder can be ignored because of Package Restore
157 | **/packages/*
158 | # except build/, which is used as an MSBuild target.
159 | !**/packages/build/
160 | # Uncomment if necessary however generally it will be regenerated when needed
161 | #!**/packages/repositories.config
162 | # NuGet v3's project.json files produces more ignoreable files
163 | *.nuget.props
164 | *.nuget.targets
165 |
166 | # Microsoft Azure Build Output
167 | csx/
168 | *.build.csdef
169 |
170 | # Microsoft Azure Emulator
171 | ecf/
172 | rcf/
173 |
174 | # Windows Store app package directories and files
175 | AppPackages/
176 | BundleArtifacts/
177 | Package.StoreAssociation.xml
178 | _pkginfo.txt
179 |
180 | # Visual Studio cache files
181 | # files ending in .cache can be ignored
182 | *.[Cc]ache
183 | # but keep track of directories ending in .cache
184 | !*.[Cc]ache/
185 |
186 | # Others
187 | ClientBin/
188 | ~$*
189 | *~
190 | *.dbmdl
191 | *.dbproj.schemaview
192 | *.jfm
193 | *.pfx
194 | *.publishsettings
195 | node_modules/
196 | orleans.codegen.cs
197 |
198 | # Since there are multiple workflows, uncomment next line to ignore bower_components
199 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
200 | #bower_components/
201 |
202 | # RIA/Silverlight projects
203 | Generated_Code/
204 |
205 | # Backup & report files from converting an old project file
206 | # to a newer Visual Studio version. Backup files are not needed,
207 | # because we have git ;-)
208 | _UpgradeReport_Files/
209 | Backup*/
210 | UpgradeLog*.XML
211 | UpgradeLog*.htm
212 |
213 | # SQL Server files
214 | *.mdf
215 | *.ldf
216 |
217 | # Business Intelligence projects
218 | *.rdl.data
219 | *.bim.layout
220 | *.bim_*.settings
221 |
222 | # Microsoft Fakes
223 | FakesAssemblies/
224 |
225 | # GhostDoc plugin setting file
226 | *.GhostDoc.xml
227 |
228 | # Node.js Tools for Visual Studio
229 | .ntvs_analysis.dat
230 |
231 | # Visual Studio 6 build log
232 | *.plg
233 |
234 | # Visual Studio 6 workspace options file
235 | *.opt
236 |
237 | # Visual Studio LightSwitch build output
238 | **/*.HTMLClient/GeneratedArtifacts
239 | **/*.DesktopClient/GeneratedArtifacts
240 | **/*.DesktopClient/ModelManifest.xml
241 | **/*.Server/GeneratedArtifacts
242 | **/*.Server/ModelManifest.xml
243 | _Pvt_Extensions
244 |
245 | # Paket dependency manager
246 | .paket/paket.exe
247 | paket-files/
248 |
249 | # FAKE - F# Make
250 | .fake/
251 |
252 | # JetBrains Rider
253 | .idea/
254 | *.sln.iml
255 |
256 | # CodeRush
257 | .cr/
258 |
259 | # Python Tools for Visual Studio (PTVS)
260 | __pycache__/
261 | *.pyc
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # RemoveFlagTest
2 | 对抗调试陷阱 ThraehideFromDebugger的另一种方法.
3 |
4 | 原贴见看雪:
5 | https://bbs.pediy.com/thread-249689.htm
6 |
7 | # 引用:
8 | [WDKExt](https://github.com/MeeSong/WDKExt) by [Meesong](https://github.com/MeeSong)
9 | [KTL](https://github.com/MeeSong/KTL) by [Meesong](https://github.com/MeeSong)
10 |
--------------------------------------------------------------------------------
/RemoveFlagTest.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.28307.271
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "RemoveFlagTestKernel", "RemoveFlagTestKernel\RemoveFlagTestKernel.vcxproj", "{85BF308E-3AD1-4DC5-87E1-8C29C1F08308}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Release|x64 = Release|x64
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {85BF308E-3AD1-4DC5-87E1-8C29C1F08308}.Debug|x64.ActiveCfg = Debug|x64
15 | {85BF308E-3AD1-4DC5-87E1-8C29C1F08308}.Debug|x64.Build.0 = Debug|x64
16 | {85BF308E-3AD1-4DC5-87E1-8C29C1F08308}.Debug|x64.Deploy.0 = Debug|x64
17 | {85BF308E-3AD1-4DC5-87E1-8C29C1F08308}.Release|x64.ActiveCfg = Release|x64
18 | {85BF308E-3AD1-4DC5-87E1-8C29C1F08308}.Release|x64.Build.0 = Release|x64
19 | {85BF308E-3AD1-4DC5-87E1-8C29C1F08308}.Release|x64.Deploy.0 = Release|x64
20 | EndGlobalSection
21 | GlobalSection(SolutionProperties) = preSolution
22 | HideSolutionNode = FALSE
23 | EndGlobalSection
24 | GlobalSection(ExtensibilityGlobals) = postSolution
25 | SolutionGuid = {D0249028-55E6-4B16-A2AE-505D7F424A2E}
26 | EndGlobalSection
27 | EndGlobal
28 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/CRT/Ntddk.hpp:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "ntddk.h"
3 |
4 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/CRT/c_alloc.cc:
--------------------------------------------------------------------------------
1 | #include "Ntddk.hpp"
2 | #include "c_alloc.h"
3 | #include "macro.h"
4 |
5 |
6 | extern unsigned long const DefaultPoolTag = ByteSwap32$('ccrt');
7 | extern POOL_TYPE DefaultPOOL_TYPE = NonPagedPool;
8 | extern unsigned long DefaultMdlProtection = MdlMappingNoExecute;
9 | #define memory_targe 'ock'
10 |
11 |
12 | extern "C" void __cdecl _initalloc()
13 | {
14 | RTL_OSVERSIONINFOW ver_info{};
15 |
16 | auto status = RtlGetVersion(&ver_info);
17 | if (!NT_SUCCESS(status))
18 | {
19 | return;
20 | }
21 |
22 | if ((ver_info.dwMajorVersion < 6) ||
23 | (ver_info.dwMajorVersion == 6 && ver_info.dwMinorVersion < 2))
24 | {
25 | DefaultPOOL_TYPE = POOL_TYPE::NonPagedPool;
26 | DefaultMdlProtection = 0;
27 | }
28 | }
29 |
30 | void* __cdecl __core_allocator(size_t _size, POOL_TYPE _pool_type, unsigned long _tag)
31 | {
32 | return ExAllocatePoolWithTag(_pool_type, _size, _tag);
33 | }
34 |
35 | void __cdecl __core_deletor(void * _ptr, POOL_TYPE /*_pool_type*/, unsigned long _tag)
36 | {
37 | return ExFreePoolWithTag(_ptr, _tag);
38 | }
39 |
40 | extern "C"
41 | {
42 | __declspec(restrict) auto __cdecl malloc(size_t _size) -> void *
43 | {
44 | return __core_allocator(_size, POOL_TYPE::PagedPool, memory_targe);
45 | }
46 |
47 | auto __cdecl free(void * _ptr) -> void
48 | {
49 | return __core_deletor(_ptr, POOL_TYPE::PagedPool, memory_targe);
50 | }
51 | }
52 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/CRT/c_alloc.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "Ntddk.hpp"
3 |
4 |
5 | extern unsigned long const DefaultPoolTag;
6 | extern POOL_TYPE DefaultPOOL_TYPE;
7 | extern unsigned long DefaultMdlProtection;
8 |
9 |
10 | void* __cdecl __core_allocator(size_t _size, POOL_TYPE _pool_type, unsigned long _tag);
11 |
12 | void __cdecl __core_deletor(void* _ptr, POOL_TYPE _pool_type, unsigned long _tag);
13 |
14 |
15 | extern "C"
16 | {
17 | #pragma warning(suppress: 4565)
18 | __declspec(restrict) void* __cdecl malloc(size_t _size);
19 |
20 | #pragma warning(suppress: 4565)
21 | void __cdecl free(void * _ptr);
22 | }
23 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/CRT/corecrt.cc:
--------------------------------------------------------------------------------
1 | // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2 | //
3 | // CoreSTL
4 | //
5 | // Copyright (C) MeeSong. All rights reserved.
6 | // Author : MeeSong
7 | // Email : meesong@live.cn
8 | // Github : https://github.com/meesong
9 | // License: GNU Library General Public License(LGPL) - Version 3
10 | //
11 | // This file is part of Idea
12 | //
13 | // Idea is free software; you can redistribute it and/or modify
14 | // it under the terms of the GNU Library General Public License as published
15 | // by the Free Software Foundation, either version 3 of the License, or
16 | // (at your option) any later version.
17 | //
18 | // Idea is distributed in the hope that it will be useful,
19 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
20 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 | // GNU Library General Public License for more details.
22 | //
23 | // You should have received a copy of the GNU Library General Public License
24 | // along with Idea. If not, see .
25 | //
26 | // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
27 |
28 | #include "Ntddk.hpp"
29 | #include "corecrt.h"
30 |
31 |
32 | // Need to put the following marker variables into the .CRT section.
33 | // The .CRT section contains arrays of function pointers.
34 | // The compiler creates functions and adds pointers to this section
35 | // for things like C++ global constructors.
36 | //
37 | // The XIA, XCA etc are group names with in the section.
38 | // The compiler sorts the contributions by the group name.
39 | // For example, .CRT$XCA followed by .CRT$XCB, ... .CRT$XCZ.
40 | // The marker variables below let us get pointers
41 | // to the beginning/end of the arrays of function pointers.
42 | //
43 | // For example, standard groups are
44 | // XCA used here, for begin marker
45 | // XCC "compiler" inits
46 | // XCL "library" inits
47 | // XCU "user" inits
48 | // XCZ used here, for end marker
49 | //
50 |
51 | #define _CRTAlloc$(x) __declspec(allocate(x))
52 |
53 | #pragma section(".CRT$XIA", long, read) // C Initializer
54 | #pragma section(".CRT$XIZ", long, read)
55 |
56 | #pragma section(".CRT$XCA", long, read) // C++ Initializer
57 | #pragma section(".CRT$XCZ", long, read)
58 |
59 | #pragma section(".CRT$XPA", long, read) // C pre-terminators
60 | #pragma section(".CRT$XPZ", long, read)
61 |
62 | #pragma section(".CRT$XTA", long, read) // C terminators
63 | #pragma section(".CRT$XTZ", long, read)
64 |
65 | extern "C" _CRTAlloc$(".CRT$XIA") _PIFV __xi_a[] = { nullptr };
66 | extern "C" _CRTAlloc$(".CRT$XIZ") _PIFV __xi_z[] = { nullptr };
67 | extern "C" _CRTAlloc$(".CRT$XCA") _PVFV __xc_a[] = { nullptr };
68 | extern "C" _CRTAlloc$(".CRT$XCZ") _PVFV __xc_z[] = { nullptr };
69 | extern "C" _CRTAlloc$(".CRT$XPA") _PVFV __xp_a[] = { nullptr };
70 | extern "C" _CRTAlloc$(".CRT$XPZ") _PVFV __xp_z[] = { nullptr };
71 | extern "C" _CRTAlloc$(".CRT$XTA") _PVFV __xt_a[] = { nullptr };
72 | extern "C" _CRTAlloc$(".CRT$XTZ") _PVFV __xt_z[] = { nullptr };
73 |
74 | #pragma comment(linker, "/merge:.CRT=.rdata")
75 |
76 |
77 | // Calls each function in [first, last). [first, last) must be a valid range of
78 | // function pointers. Each function is called, in order.
79 | extern "C" static void __cdecl _initterm(_PVFV* const first, _PVFV* const last)
80 | {
81 | for (_PVFV* it = first; it != last; ++it)
82 | {
83 | if (*it == nullptr)
84 | continue;
85 |
86 | (**it)();
87 | }
88 | }
89 |
90 | // Calls each function in [first, last). [first, last) must be a valid range of
91 | // function pointers. Each function must return zero on success, nonzero on
92 | // failure. If any function returns nonzero, iteration stops immediately and
93 | // the nonzero value is returned. Otherwise all functions are called and zero
94 | // is returned.
95 | //
96 | // If a nonzero value is returned, it is expected to be one of the runtime error
97 | // values (_RT_{NAME}, defined in the internal header files).
98 | extern "C" static int __cdecl _initterm_e(_PIFV* const first, _PIFV* const last)
99 | {
100 | for (_PIFV* it = first; it != last; ++it)
101 | {
102 | if (*it == nullptr)
103 | continue;
104 |
105 | int const result = (**it)();
106 | if (result != 0)
107 | return result;
108 | }
109 |
110 | return 0;
111 | }
112 |
113 | using $onexit = _PVFV;
114 |
115 | struct onexit_entry
116 | {
117 | onexit_entry* _next = nullptr;
118 | $onexit _destructor = nullptr;
119 |
120 | onexit_entry(onexit_entry* next, $onexit destructor)
121 | : _next { next }
122 | , _destructor { destructor }
123 | { }
124 |
125 | ~onexit_entry()
126 | {
127 | _destructor();
128 | }
129 | };
130 | static onexit_entry* s_onexit_table = nullptr;
131 |
132 | static int __cdecl register_onexit(onexit_entry* table, $onexit const function)
133 | {
134 | const auto entry = new onexit_entry(table, function);
135 | if (nullptr == entry)
136 | {
137 | return -1;
138 | }
139 | s_onexit_table = entry;
140 |
141 | return 0;
142 | }
143 |
144 | static int __cdecl execute_onexit(onexit_entry* table)
145 | {
146 | for (auto entry = table; entry;)
147 | {
148 | const auto next = entry->_next;
149 | delete entry;
150 | entry = next;
151 | }
152 |
153 | return 0;
154 | }
155 |
156 | extern "C" int __cdecl atexit(_PVFV const function)
157 | {
158 | return register_onexit(s_onexit_table, reinterpret_cast<$onexit const>(function));
159 | }
160 |
161 | // This function executes a table of atexit() functions. The Terminators
162 | // are executed in reverse order, to give the required LIFO execution order.
163 | // If the table is uninitialized, this function has no effect.
164 | // After executing the terminators, this function resets the table
165 | // so that it is uninitialized. Returns 0 on success; -1 on failure.
166 | extern "C" int __cdecl onexit()
167 | {
168 | return execute_onexit(s_onexit_table);
169 | }
170 |
171 | extern "C" auto __cdecl _initalloc()
172 | -> void;
173 |
174 | // Call all of the C++ static constructors.
175 | extern "C" int __cdecl doinit(void)
176 | {
177 | // do allocator initializions
178 | _initalloc();
179 |
180 | // do C initializations
181 | _initterm_e(__xi_a, __xi_z);
182 |
183 | // do C++ initializations
184 | _initterm(__xc_a, __xc_z);
185 | return 0;
186 | }
187 |
188 | extern "C" int __cdecl doexit(void)
189 | {
190 | // do exit() of atexit()
191 | onexit();
192 |
193 | // do C initializations
194 | _initterm(__xp_a, __xp_z);
195 |
196 | // do C++ terminations
197 | _initterm(__xt_a, __xt_z);
198 | return 0;
199 | }
200 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/CRT/corecrt.h:
--------------------------------------------------------------------------------
1 | // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2 | //
3 | // CoreSTL
4 | //
5 | // Copyright (C) MeeSong. All rights reserved.
6 | // Author : MeeSong
7 | // Email : meesong@live.cn
8 | // Github : https://github.com/meesong
9 | // License: GNU Library General Public License(LGPL) - Version 3
10 | //
11 | // This file is part of Idea
12 | //
13 | // Idea is free software; you can redistribute it and/or modify
14 | // it under the terms of the GNU Library General Public License as published
15 | // by the Free Software Foundation, either version 3 of the License, or
16 | // (at your option) any later version.
17 | //
18 | // Idea is distributed in the hope that it will be useful,
19 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
20 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 | // GNU Library General Public License for more details.
22 | //
23 | // You should have received a copy of the GNU Library General Public License
24 | // along with Idea. If not, see .
25 | //
26 | // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
27 |
28 | #pragma once
29 | #include "macro.h"
30 | #include "stlcrt.h"
31 | #include "new.h"
32 |
33 | using _PVFV = void(__cdecl*)();
34 | using _PIFV = int(__cdecl*)();
35 |
36 | extern "C" int __cdecl atexit(_PVFV const function);
37 | extern "C" int __cdecl doinit(void);
38 | extern "C" int __cdecl doexit(void);
39 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/CRT/macro.h:
--------------------------------------------------------------------------------
1 | // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2 | //
3 | // CoreSTL
4 | //
5 | // Copyright (C) MeeSong. All rights reserved.
6 | // Author : MeeSong
7 | // Email : meesong@live.cn
8 | // Github : https://github.com/meesong
9 | // License: GNU Library General Public License(LGPL) - Version 3
10 | //
11 | // This file is part of Idea
12 | //
13 | // Idea is free software; you can redistribute it and/or modify
14 | // it under the terms of the GNU Library General Public License as published
15 | // by the Free Software Foundation, either version 3 of the License, or
16 | // (at your option) any later version.
17 | //
18 | // Idea is distributed in the hope that it will be useful,
19 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
20 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 | // GNU Library General Public License for more details.
22 | //
23 | // You should have received a copy of the GNU Library General Public License
24 | // along with Idea. If not, see .
25 | //
26 | // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
27 |
28 | #pragma once
29 |
30 |
31 | /* Byte swap*/
32 | #ifndef ByteSwap16$
33 | #define ByteSwap16$(x) ( \
34 | ((unsigned __int16(x) & unsigned __int16(0xFF << 8)) >> 8) | \
35 | ((unsigned __int16(x) & unsigned __int16(0xFF >> 0)) << 8) \
36 | )
37 | #endif
38 |
39 | #ifndef ByteSwap32$
40 | #define ByteSwap32$(x) ( \
41 | ((unsigned __int32(x) & unsigned __int32(0xFF << 24)) >> 24) | \
42 | ((unsigned __int32(x) & unsigned __int32(0xFF << 16)) >> 8) | \
43 | ((unsigned __int32(x) & unsigned __int32(0xFF << 8)) << 8) | \
44 | ((unsigned __int32(x) & unsigned __int32(0xFF << 0)) << 24) \
45 | )
46 | #endif
47 |
48 | #ifndef ByteSwap64$
49 | #define ByteSwap64$(x) ( \
50 | ((unsigned __int64(x) & unsigned __int64(0xFF << 56)) >> 56) | \
51 | ((unsigned __int64(x) & unsigned __int64(0xFF << 48)) >> 40) | \
52 | ((unsigned __int64(x) & unsigned __int64(0xFF << 40)) >> 24) | \
53 | ((unsigned __int64(x) & unsigned __int64(0xFF << 32)) >> 8) | \
54 | ((unsigned __int64(x) & unsigned __int64(0xFF << 24)) << 8) | \
55 | ((unsigned __int64(x) & unsigned __int64(0xFF << 16)) << 24) | \
56 | ((unsigned __int64(x) & unsigned __int64(0xFF << 8)) << 40) | \
57 | ((unsigned __int64(x) & unsigned __int64(0xFF << 0)) << 56) | \
58 | )
59 | #endif
60 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/CRT/new.cc:
--------------------------------------------------------------------------------
1 | // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2 | //
3 | // CoreSTL
4 | //
5 | // Copyright (C) MeeSong. All rights reserved.
6 | // Author : MeeSong
7 | // Email : meesong@live.cn
8 | // Github : https://github.com/meesong
9 | // License: GNU Library General Public License(LGPL) - Version 3
10 | //
11 | // This file is part of Idea
12 | //
13 | // Idea is free software; you can redistribute it and/or modify
14 | // it under the terms of the GNU Library General Public License as published
15 | // by the Free Software Foundation, either version 3 of the License, or
16 | // (at your option) any later version.
17 | //
18 | // Idea is distributed in the hope that it will be useful,
19 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
20 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 | // GNU Library General Public License for more details.
22 | //
23 | // You should have received a copy of the GNU Library General Public License
24 | // along with Idea. If not, see .
25 | //
26 | // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
27 |
28 | #include "Ntddk.hpp"
29 | #include "new.h"
30 |
31 |
32 |
33 | void __cdecl CoreSTLRaiseException(
34 | unsigned long _code,
35 | size_t _arg1,
36 | size_t _arg2,
37 | size_t _arg3,
38 | size_t _arg4);
39 |
40 | namespace std
41 | {
42 | void __cdecl _Xbad_alloc();
43 | }
44 |
45 |
46 |
47 | // replaceable usual deallocation functions
48 | void* __cdecl operator new(size_t _size)
49 | {
50 | if (0 == _size) _size = 1;
51 |
52 | if (auto ptr = __core_allocator(_size, NonPagedPool, DefaultPoolTag))
53 | {
54 | return ptr;
55 | }
56 |
57 | std::_Xbad_alloc();
58 | }
59 |
60 | void __cdecl operator delete(void * _ptr)
61 | {
62 | if (nullptr == _ptr) return;
63 |
64 | return __core_deletor(_ptr, NonPagedPool, DefaultPoolTag);
65 | }
66 |
67 | void* __cdecl operator new(size_t _size, POOL_TYPE _pool_type)
68 | {
69 | if (0 == _size) _size = 1;
70 |
71 | if (auto ptr = __core_allocator(_size, _pool_type, DefaultPoolTag))
72 | {
73 | return ptr;
74 | }
75 |
76 | std::_Xbad_alloc();
77 | }
78 |
79 | void* __cdecl operator new(size_t _size, POOL_TYPE _pool_type, unsigned long _tag)
80 | {
81 | if (0 == _size) _size = 1;
82 |
83 | if (auto ptr = __core_allocator(_size, _pool_type, _tag))
84 | {
85 | return ptr;
86 | }
87 |
88 | std::_Xbad_alloc();
89 | }
90 |
91 | void __cdecl operator delete(void * _ptr, POOL_TYPE _pool_type)
92 | {
93 | if (nullptr == _ptr) return;
94 |
95 | return __core_deletor(_ptr, _pool_type, DefaultPoolTag);
96 | }
97 |
98 | void __cdecl operator delete(void * _ptr, POOL_TYPE _pool_type, unsigned long _tag)
99 | {
100 | if (nullptr == _ptr) return;
101 |
102 | return __core_deletor(_ptr, _pool_type, _tag);
103 | }
104 |
105 | void* __cdecl operator new[](size_t _size)
106 | {
107 | if (0 == _size) _size = 1;
108 |
109 | if (auto ptr = __core_allocator(_size, NonPagedPool, DefaultPoolTag))
110 | {
111 | return ptr;
112 | }
113 |
114 | std::_Xbad_alloc();
115 | }
116 |
117 | void __cdecl operator delete[](void * _ptr)
118 | {
119 | if (nullptr == _ptr) return;
120 |
121 | return __core_deletor(_ptr, NonPagedPool, DefaultPoolTag);
122 | }
123 |
124 | void* __cdecl operator new[](size_t _size, POOL_TYPE _pool_type)
125 | {
126 | if (0 == _size) _size = 1;
127 |
128 | if (auto ptr = __core_allocator(_size, _pool_type, DefaultPoolTag))
129 | {
130 | return ptr;
131 | }
132 |
133 | std::_Xbad_alloc();
134 | }
135 |
136 | void* __cdecl operator new[](size_t _size, POOL_TYPE _pool_type, unsigned long _tag)
137 | {
138 | if (0 == _size) _size = 1;
139 |
140 | if (auto ptr = __core_allocator(_size, _pool_type, _tag))
141 | {
142 | return ptr;
143 | }
144 |
145 | std::_Xbad_alloc();
146 | }
147 |
148 | void __cdecl operator delete[](void * _ptr, POOL_TYPE _pool_type)
149 | {
150 | if (nullptr == _ptr) return;
151 |
152 | return __core_deletor(_ptr, _pool_type, DefaultPoolTag);
153 | }
154 |
155 | void __cdecl operator delete[](void * _ptr, POOL_TYPE _pool_type, unsigned long _tag)
156 | {
157 | if (nullptr == _ptr) return;
158 |
159 | return __core_deletor(_ptr, _pool_type, _tag);
160 | }
161 |
162 | void __cdecl operator delete (void*, void*)
163 | {
164 | return ;
165 | }
166 |
167 | void __cdecl operator delete[](void*, void*)
168 | {
169 | return ;
170 | }
171 |
172 | // sized class - specific deallocation functions
173 | void __cdecl operator delete (void* _ptr, size_t /*_size*/)
174 | {
175 | if (nullptr == _ptr) return;
176 |
177 | return __core_deletor(_ptr, NonPagedPool, DefaultPoolTag);
178 | }
179 |
180 | void __cdecl operator delete[](void* _ptr, size_t /*_size*/)
181 | {
182 | if (nullptr == _ptr) return;
183 |
184 | return __core_deletor(_ptr, NonPagedPool, DefaultPoolTag);
185 | }
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/CRT/new.h:
--------------------------------------------------------------------------------
1 | // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2 | //
3 | // CoreSTL
4 | //
5 | // Copyright (C) MeeSong. All rights reserved.
6 | // Author : MeeSong
7 | // Email : meesong@live.cn
8 | // Github : https://github.com/meesong
9 | // License: GNU Library General Public License(LGPL) - Version 3
10 | //
11 | // This file is part of Idea
12 | //
13 | // Idea is free software; you can redistribute it and/or modify
14 | // it under the terms of the GNU Library General Public License as published
15 | // by the Free Software Foundation, either version 3 of the License, or
16 | // (at your option) any later version.
17 | //
18 | // Idea is distributed in the hope that it will be useful,
19 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
20 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 | // GNU Library General Public License for more details.
22 | //
23 | // You should have received a copy of the GNU Library General Public License
24 | // along with Idea. If not, see .
25 | //
26 | // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
27 |
28 | #pragma once
29 | #include "c_alloc.h"
30 |
31 |
32 | // replaceable usual deallocation functions
33 | void* __cdecl operator new (size_t _size);
34 | void __cdecl operator delete (void *_ptr);
35 |
36 | void* __cdecl operator new (size_t _size, POOL_TYPE _pool_type);
37 | void* __cdecl operator new (size_t _size, POOL_TYPE _pool_type, unsigned long _tag);
38 | void __cdecl operator delete (void *_ptr, POOL_TYPE _pool_type);
39 | void __cdecl operator delete (void *_ptr, POOL_TYPE _pool_type, unsigned long _tag);
40 |
41 | void* __cdecl operator new[](size_t _size);
42 | void __cdecl operator delete[](void* _ptr);
43 |
44 | void* __cdecl operator new[](size_t _size, POOL_TYPE _pool_type);
45 | void* __cdecl operator new[](size_t _size, POOL_TYPE _pool_type, unsigned long _tag);
46 | void __cdecl operator delete[](void *_ptr, POOL_TYPE _pool_type);
47 | void __cdecl operator delete[](void *_ptr, POOL_TYPE _pool_type, unsigned long _tag);
48 |
49 | // replaceable placement deallocation functions
50 | void* __cdecl operator new (size_t _size, void* _ptr);
51 | void* __cdecl operator new[](size_t _size, void* _ptr);
52 |
53 | // T::~T()
54 | void __cdecl operator delete (void*, void*);
55 | void __cdecl operator delete[](void*, void*);
56 |
57 | // sized class - specific deallocation functions
58 | void __cdecl operator delete (void* _ptr, size_t _size);
59 | void __cdecl operator delete[](void* _ptr, size_t _size);
60 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/CRT/stlcrt.cc:
--------------------------------------------------------------------------------
1 | // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2 | //
3 | // CoreSTL
4 | //
5 | // Copyright (C) MeeSong. All rights reserved.
6 | // Author : MeeSong
7 | // Email : meesong@live.cn
8 | // Github : https://github.com/meesong
9 | // License: GNU Library General Public License(LGPL) - Version 3
10 | #include "Ntddk.hpp"
11 | #include "stlcrt.h"
12 |
13 | extern "C"
14 | {
15 |
16 | void __cdecl CoreSTLRaiseException(unsigned long _code, size_t _arg1, size_t _arg2, size_t _arg3, size_t _arg4)
17 |
18 | {
19 |
20 | KeBugCheckEx(_code, _arg1, _arg2, _arg3, _arg4);
21 | }
22 |
23 | void __cdecl _invalid_parameter_noinfo_noreturn()
24 | {
25 | CoreSTLRaiseException(KMODE_EXCEPTION_NOT_HANDLED);
26 | }
27 |
28 | }
29 |
30 | namespace std
31 | {
32 |
33 | void __cdecl _Xbad_alloc()
34 | {
35 | CoreSTLRaiseException(KMODE_EXCEPTION_NOT_HANDLED);
36 | }
37 |
38 | void __cdecl _Xinvalid_argument(const char * _msg)
39 | {
40 | DbgPrintEx(DPFLTR_IHVDRIVER_ID, DPFLTR_ERROR_LEVEL, _msg);
41 | CoreSTLRaiseException(KMODE_EXCEPTION_NOT_HANDLED);
42 | }
43 |
44 | void __cdecl _Xlength_error(const char * _msg)
45 | {
46 | DbgPrintEx(DPFLTR_IHVDRIVER_ID, DPFLTR_ERROR_LEVEL, _msg);
47 | CoreSTLRaiseException(KMODE_EXCEPTION_NOT_HANDLED);
48 | }
49 |
50 | void __cdecl _Xout_of_range(const char * _msg)
51 | {
52 | DbgPrintEx(DPFLTR_IHVDRIVER_ID, DPFLTR_ERROR_LEVEL, _msg);
53 | CoreSTLRaiseException(KMODE_EXCEPTION_NOT_HANDLED);
54 | }
55 |
56 | void __cdecl _Xoverflow_error(const char * _msg)
57 | {
58 | DbgPrintEx(DPFLTR_IHVDRIVER_ID, DPFLTR_ERROR_LEVEL, _msg);
59 | CoreSTLRaiseException(KMODE_EXCEPTION_NOT_HANDLED);
60 | }
61 |
62 | void __cdecl _Xruntime_error(const char * _msg)
63 | {
64 | DbgPrintEx(DPFLTR_IHVDRIVER_ID, DPFLTR_ERROR_LEVEL, _msg);
65 | CoreSTLRaiseException(KMODE_EXCEPTION_NOT_HANDLED);
66 | }
67 |
68 | char const* __cdecl _Syserror_map( int)
69 | {
70 | __debugbreak();
71 | return nullptr;
72 | }
73 |
74 | char const*
75 | __cdecl
76 | _Winerror_map(
77 | int
78 | )
79 | {
80 | __debugbreak();
81 | return nullptr;
82 | }
83 | }
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/CRT/stlcrt.h:
--------------------------------------------------------------------------------
1 | // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2 | //
3 | // CoreSTL
4 | //
5 | // Copyright (C) MeeSong. All rights reserved.
6 | // Author : MeeSong
7 | // Email : meesong@live.cn
8 | // Github : https://github.com/meesong
9 | // License: GNU Library General Public License(LGPL) - Version 3
10 | //
11 | // This file is part of Idea
12 | //
13 | // Idea is free software; you can redistribute it and/or modify
14 | // it under the terms of the GNU Library General Public License as published
15 | // by the Free Software Foundation, either version 3 of the License, or
16 | // (at your option) any later version.
17 | //
18 | // Idea is distributed in the hope that it will be useful,
19 | // but WITHOUT ANY WARRANTY; without even the implied warranty of
20 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 | // GNU Library General Public License for more details.
22 | //
23 | // You should have received a copy of the GNU Library General Public License
24 | // along with Idea. If not, see .
25 | //
26 | // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
27 |
28 | #pragma once
29 |
30 | extern "C"
31 | {
32 |
33 | void __cdecl CoreSTLRaiseException(
34 | unsigned long _code,
35 | size_t _arg1 = 0,
36 | size_t _arg2 = 0,
37 | size_t _arg3 = 0,
38 | size_t _arg4 = 0);
39 |
40 | //void __cdecl _invalid_parameter_noinfo_noreturn();
41 |
42 | }
43 |
44 | namespace std
45 | {
46 |
47 | void __cdecl _Xbad_alloc();
48 |
49 | void __cdecl _Xinvalid_argument(const char* _msg);
50 |
51 | void __cdecl _Xlength_error(const char* _msg);
52 |
53 | void __cdecl _Xout_of_range(const char* _msg);
54 |
55 | void __cdecl _Xoverflow_error(const char* _msg);
56 |
57 | void __cdecl _Xruntime_error(const char* _msg);
58 |
59 | char const* __cdecl _Syserror_map( int);
60 |
61 | char const*
62 | __cdecl
63 | _Winerror_map(
64 | int
65 | );
66 |
67 | }
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/RemoveFlagTestKernel.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | x64
7 |
8 |
9 | Release
10 | x64
11 |
12 |
13 |
14 | {85BF308E-3AD1-4DC5-87E1-8C29C1F08308}
15 | {dd38f7fc-d7bd-488b-9242-7d8754cde80d}
16 | v4.5
17 | 12.0
18 | Debug
19 | Win32
20 | RemoveFlagTestKernel
21 |
22 |
23 |
24 | Windows7
25 | true
26 | WindowsKernelModeDriver10.0
27 | Driver
28 | WDM
29 |
30 |
31 | Windows7
32 | false
33 | WindowsKernelModeDriver10.0
34 | Driver
35 | WDM
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 | DbgengKernelDebugger
47 | false
48 |
49 |
50 | DbgengKernelDebugger
51 | false
52 |
53 |
54 |
55 | false
56 | $(VC_IncludePath);$(IncludePath);$(ProjectDir);%(AdditionalIncludeDirectories)
57 | stdcpplatest
58 | true
59 | _KERNEL_MODE;_WIN64;_AMD64_;AMD64;%(PreprocessorDefinitions)
60 |
61 |
62 |
63 |
64 | false
65 | $(VC_IncludePath);$(IncludePath);$(ProjectDir);%(AdditionalIncludeDirectories)
66 | stdcpplatest
67 | true
68 | _KERNEL_MODE;_WIN64;_AMD64_;AMD64;%(PreprocessorDefinitions)
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/RemoveFlagTestKernel.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 | {0b8c8b26-bf42-4da3-b3f8-aad59c152858}
22 |
23 |
24 |
25 |
26 | Source Files
27 |
28 |
29 | crt
30 |
31 |
32 | crt
33 |
34 |
35 | crt
36 |
37 |
38 | crt
39 |
40 |
41 |
42 |
43 | Header Files
44 |
45 |
46 | crt
47 |
48 |
49 | crt
50 |
51 |
52 | crt
53 |
54 |
55 | crt
56 |
57 |
58 | crt
59 |
60 |
61 | crt
62 |
63 |
64 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #pragma warning(push)
3 | #pragma warning(disable: 4201)
4 |
5 |
6 | /* wdm */
7 | #if !defined(_WDMDDK_) && !defined(__FLTKERNEL__)
8 | #error "Must include or "
9 | #endif
10 |
11 | #if defined(_WDM_INCLUDED_)
12 | #error "Must first include "
13 | #endif
14 |
15 | /* sys */
16 |
17 | #include
18 | #include
19 | #include
20 |
21 | /* ext */
22 |
23 | #include "Wdk\Native.inl"
24 | #include "Wdk\CmKernel.inl"
25 | #include "Wdk\DbgKernel.inl"
26 | #include "Wdk\ExKernel.inl"
27 | #include "Wdk\FsKernel.inl"
28 | #include "Wdk\IoKernel.inl"
29 | #include "Wdk\KeKernel.inl"
30 | #include "Wdk\LPCKernel.inl"
31 | #include "Wdk\MmKernel.inl"
32 | #include "Wdk\ObKernel.inl"
33 | #include "Wdk\PsKernel.inl"
34 | #include "Wdk\TsKernel.inl"
35 | #include "Wdk\RtlKernel.inl"
36 | #include "Wdk\SeKernel.inl"
37 | #include "Wdk\WmiKernel.inl"
38 | #include "Wdk\NetKernel.inl"
39 | #include "Wdk\ZwKernel.inl"
40 |
41 |
42 | namespace wdk
43 | {
44 |
45 | inline auto WdkInitSystem() -> NTSTATUS
46 | {
47 | #define SuccessCheck$(x) if (!NT_SUCCESS(vStatus = (x))) break
48 |
49 | auto vStatus = STATUS_SUCCESS;
50 |
51 | for (;;)
52 | {
53 | SuccessCheck$(RtlInitSystem());
54 | SuccessCheck$(CmInitSystem());
55 | SuccessCheck$(DbgInitSystem());
56 | SuccessCheck$(ExInitSystem());
57 | SuccessCheck$(FsInitSystem());
58 | SuccessCheck$(IoInitSystem());
59 | SuccessCheck$(KeInitSystem());
60 | SuccessCheck$(LPCInitSystem());
61 | SuccessCheck$(MmInitSystem());
62 | SuccessCheck$(ObInitSystem());
63 | SuccessCheck$(PsInitSystem());
64 | SuccessCheck$(TsInitSystem());
65 | SuccessCheck$(SeInitSystem());
66 | SuccessCheck$(WmiInitSystem());
67 | SuccessCheck$(ZwInitSystem());
68 |
69 | break;
70 | }
71 |
72 | return vStatus;
73 |
74 | #undef SuccessCheck$
75 | }
76 |
77 | }
78 |
79 | #pragma warning(pop)
80 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Cm/build_10240.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Cm/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Cm/build_14393.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Cm/build_15063.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Cm/build_16299.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Cm/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Cm/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Cm/build_7600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Cm/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Cm/build_9200.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Cm/build_9600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/CmKernel.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "CmStruct.inl"
3 |
4 |
5 | namespace wdk
6 | {
7 | extern"C"
8 | {
9 |
10 | }
11 | }
12 |
13 | namespace wdk
14 | {
15 | extern"C"
16 | {
17 | inline auto CmInitSystem() -> NTSTATUS
18 | {
19 | return STATUS_SUCCESS;
20 | }
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/CmStruct.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | namespace wdk
5 | {
6 |
7 | }
8 |
9 | #include "Cm\build_7600.inl"
10 | #include "Cm\build_7601.inl"
11 | #include "Cm\build_9200.inl"
12 | #include "Cm\build_9600.inl"
13 | #include "Cm\build_10240.inl"
14 | #include "Cm\build_10586.inl"
15 | #include "Cm\build_14393.inl"
16 | #include "Cm\build_15063.inl"
17 | #include "Cm\build_16299.inl"
18 | #include "Cm\build_17134.inl"
19 | #include "Cm\build_17763.inl"
20 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Dbg/build_10240.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Dbg/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Dbg/build_14393.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Dbg/build_15063.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Dbg/build_16299.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Dbg/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Dbg/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Dbg/build_7600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Dbg/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Dbg/build_9200.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Dbg/build_9600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/DbgKernel.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "DbgStruct.inl"
3 |
4 |
5 | namespace wdk
6 | {
7 | extern"C"
8 | {
9 | inline auto DbgInitSystem() -> NTSTATUS
10 | {
11 | return STATUS_SUCCESS;
12 | }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/DbgStruct.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | namespace wdk
5 | {
6 |
7 | #pragma region AccessMask
8 | enum DbgkAccessMask : ACCESS_MASK
9 | {
10 | DebugReadEvent = 0x0001,
11 | DebugProcessAssign = 0x0002,
12 | DebugSetInformation = 0x0004,
13 | DebugQueryInformation = 0x0008,
14 |
15 | DebugAllAccess = StandardRightsRequired | Synchronize |
16 | DebugReadEvent | DebugProcessAssign | DebugSetInformation | DebugQueryInformation
17 | };
18 | #pragma endregion
19 |
20 |
21 | }
22 |
23 | #include "Dbg\build_7600.inl"
24 | #include "Dbg\build_7601.inl"
25 | #include "Dbg\build_9200.inl"
26 | #include "Dbg\build_9600.inl"
27 | #include "Dbg\build_10240.inl"
28 | #include "Dbg\build_10586.inl"
29 | #include "Dbg\build_14393.inl"
30 | #include "Dbg\build_15063.inl"
31 | #include "Dbg\build_16299.inl"
32 | #include "Dbg\build_17134.inl"
33 | #include "Dbg\build_17763.inl"
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ex/build_10240.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10240.17443\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_10240
11 | {
12 |
13 | SameDefine$(build_9600, EXHANDLE);
14 | SameDefine$(build_9600, HANDLE_TABLE_FREE_LIST);
15 |
16 |
17 | typedef struct _HANDLE_TABLE_ENTRY
18 | {
19 | union
20 | {
21 | volatile SSIZE_T VolatileLowValue;
22 | SSIZE_T LowValue;
23 | struct
24 | {
25 | struct _HANDLE_TABLE_ENTRY_INFO* volatile InfoTable;
26 | union
27 | {
28 | SSIZE_T HighValue;
29 | struct _HANDLE_TABLE_ENTRY* NextFreeHandleEntry;
30 | struct _EXHANDLE LeafHandleValue;
31 | };
32 | };
33 | #ifdef _WIN64
34 | INT64 RefCountField;
35 | #endif
36 | struct
37 | {
38 | struct /* bitfield */
39 | {
40 | SIZE_T Unlocked : 1; /* bit position: 0 */
41 | #ifdef _WIN64
42 | SIZE_T RefCnt : 16; /* bit position: 1 */
43 | SIZE_T Attributes : 3; /* bit position: 17 */
44 | SIZE_T ObjectPointerBits : 44; /* bit position: 20 */
45 | #else
46 | SIZE_T Attributes : 2; /* bit position: 1 */
47 | SIZE_T ObjectPointerBits : 29; /* bit position: 3 */
48 | #endif
49 | }; /* bitfield */
50 | #ifdef _WIN64
51 | struct /* bitfield */
52 | {
53 | UINT32 GrantedAccessBits : 25; /* bit position: 0 */
54 | UINT32 NoRightsUpgrade : 1; /* bit position: 25 */
55 | UINT32 Spare1 : 6; /* bit position: 26 */
56 | }; /* bitfield */
57 | UINT32 Spare2;
58 | #else
59 | union
60 | {
61 | INT32 RefCountField;
62 | struct /* bitfield */
63 | {
64 | UINT32 GrantedAccessBits : 25; /* bit position: 0 */
65 | UINT32 ProtectFromClose : 1; /* bit position: 25 */
66 | UINT32 NoRightsUpgrade : 1; /* bit position: 26 */
67 | UINT32 RefCnt : 5; /* bit position: 27 */
68 | }; /* bitfield */
69 | }; /* size: 0x0004 */
70 | #endif
71 | };
72 | };
73 | } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; /* size: 0x0010 */ /* size: 0x0008 */
74 | static_assert(sizeof(HANDLE_TABLE_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008));
75 |
76 |
77 | typedef struct _HANDLE_TABLE
78 | {
79 | UINT32 NextHandleNeedingPool;
80 | INT32 ExtraInfoPages;
81 | volatile SIZE_T TableCode;
82 | struct _EPROCESS* QuotaProcess;
83 | struct _LIST_ENTRY HandleTableList;
84 | UINT32 UniqueProcessId;
85 | union
86 | {
87 | UINT32 Flags;
88 | struct /* bitfield */
89 | {
90 | UINT8 StrictFIFO : 1; /* bit position: 0 */
91 | UINT8 EnableHandleExceptions : 1; /* bit position: 1 */
92 | UINT8 Rundown : 1; /* bit position: 2 */
93 | UINT8 Duplicated : 1; /* bit position: 3 */
94 | UINT8 RaiseUMExceptionOnInvalidHandleClose : 1; /* bit position: 4 */
95 | }; /* bitfield */
96 | }; /* size: 0x0004 */
97 | struct _EX_PUSH_LOCK HandleContentionEvent;
98 | struct _EX_PUSH_LOCK HandleTableLock;
99 | union
100 | {
101 | struct _HANDLE_TABLE_FREE_LIST FreeLists[1];
102 | struct
103 | {
104 | enum : UINT32
105 | {
106 | ActualEntrySizeX86 = 20,
107 | ActualEntrySizeX64 = 32,
108 | ActualEntrySize = sizeof(SIZE_T) == sizeof(UINT64) ? ActualEntrySizeX64 : ActualEntrySizeX86
109 | };
110 |
111 | UINT8 ActualEntry[ActualEntrySize];
112 | struct _HANDLE_TRACE_DEBUG_INFO* DebugInfo;
113 | };
114 | };
115 | } HANDLE_TABLE, *PHANDLE_TABLE; /* size: 0x0080 */ /* size: 0x005c */
116 | static_assert(sizeof(HANDLE_TABLE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0080 : 0x005c));
117 |
118 |
119 | }
120 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ex/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10586.1176\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_10586
11 | {
12 |
13 | SameDefine$(build_10240, EXHANDLE);
14 | SameDefine$(build_10240, HANDLE_TABLE_FREE_LIST);
15 | SameDefine$(build_10240, HANDLE_TABLE_ENTRY);
16 | SameDefine$(build_10240, HANDLE_TABLE);
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ex/build_14393.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.14393.2214\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_14393
11 | {
12 |
13 | SameDefine$(build_10586, EXHANDLE);
14 | SameDefine$(build_10586, HANDLE_TABLE_FREE_LIST);
15 | SameDefine$(build_10586, HANDLE_TABLE_ENTRY);
16 | SameDefine$(build_10586, HANDLE_TABLE);
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ex/build_15063.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.15063.1418\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_15063
11 | {
12 |
13 | SameDefine$(build_14393, EXHANDLE);
14 | SameDefine$(build_14393, HANDLE_TABLE_FREE_LIST);
15 | SameDefine$(build_14393, HANDLE_TABLE_ENTRY);
16 | SameDefine$(build_14393, HANDLE_TABLE);
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ex/build_16299.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.16299.755\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_16299
11 | {
12 |
13 | SameDefine$(build_15063, EXHANDLE);
14 | SameDefine$(build_15063, HANDLE_TABLE_FREE_LIST);
15 | SameDefine$(build_15063, HANDLE_TABLE_ENTRY);
16 | SameDefine$(build_15063, HANDLE_TABLE);
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ex/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17134.376\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_17134
11 | {
12 |
13 | SameDefine$(build_16299, EXHANDLE);
14 | SameDefine$(build_16299, HANDLE_TABLE_FREE_LIST);
15 | SameDefine$(build_16299, HANDLE_TABLE_ENTRY);
16 | SameDefine$(build_16299, HANDLE_TABLE);
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ex/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17763.55\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_17763
11 | {
12 |
13 | SameDefine$(build_17134, EXHANDLE);
14 | SameDefine$(build_17134, HANDLE_TABLE_FREE_LIST);
15 | SameDefine$(build_17134, HANDLE_TABLE_ENTRY);
16 | SameDefine$(build_17134, HANDLE_TABLE);
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ex/build_7600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7600.17795\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_7600
11 | {
12 |
13 | typedef struct _HANDLE_TABLE_ENTRY_INFO
14 | {
15 | UINT32 AuditMask;
16 | } HANDLE_TABLE_ENTRY_INFO, *PHANDLE_TABLE_ENTRY_INFO; /* size: 0x0004 */
17 |
18 |
19 | typedef struct _HANDLE_TABLE_ENTRY
20 | {
21 | union
22 | {
23 | VOID* Object;
24 | UINT32 ObAttributes;
25 | struct _HANDLE_TABLE_ENTRY_INFO* InfoTable;
26 | SIZE_T Value;
27 | }; /* size: 0x0008 */ /* size: 0x0004 */
28 | union
29 | {
30 | UINT32 GrantedAccess;
31 | struct
32 | {
33 | UINT16 GrantedAccessIndex;
34 | UINT16 CreatorBackTraceIndex;
35 | }; /* size: 0x0004 */
36 | UINT32 NextFreeTableEntry;
37 | }; /* size: 0x0004 */
38 | } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; /* size: 0x0010 */ /* size: 0x0008 */
39 | static_assert(sizeof(HANDLE_TABLE_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008));
40 |
41 |
42 | typedef struct _HANDLE_TABLE
43 | {
44 | SIZE_T TableCode;
45 | struct _EPROCESS* QuotaProcess;
46 | VOID* UniqueProcessId;
47 | struct _EX_PUSH_LOCK HandleLock;
48 | struct _LIST_ENTRY HandleTableList;
49 | struct _EX_PUSH_LOCK HandleContentionEvent;
50 | struct _HANDLE_TRACE_DEBUG_INFO* DebugInfo;
51 | INT32 ExtraInfoPages;
52 | union
53 | {
54 | UINT32 Flags;
55 | UINT8 StrictFIFO : 1; /* bit position: 0 */
56 | }; /* size: 0x0004 */
57 | UINT32 FirstFreeHandle;
58 | struct _HANDLE_TABLE_ENTRY* LastFreeHandleEntry;
59 | UINT32 HandleCount;
60 | UINT32 NextHandleNeedingPool;
61 | UINT32 HandleCountHighWatermark;
62 | } HANDLE_TABLE, *PHANDLE_TABLE; /* size: 0x0068 */ /* size: 0x003c */
63 | static_assert(sizeof(HANDLE_TABLE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0068 : 0x003c));
64 |
65 | }
66 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ex/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7601.24260\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_7601
11 | {
12 |
13 | SameDefine$(build_7600, HANDLE_TABLE_ENTRY_INFO);
14 | SameDefine$(build_7600, HANDLE_TABLE_ENTRY);
15 | SameDefine$(build_7600, HANDLE_TABLE);
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ex/build_9200.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.2.9200.17581\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_9200
11 | {
12 |
13 | SameDefine$(build_7601, HANDLE_TABLE_ENTRY_INFO);
14 |
15 |
16 | typedef struct _EXHANDLE
17 | {
18 | union
19 | {
20 | struct /* bitfield */
21 | {
22 | UINT32 TagBits : 2; /* bit position: 0 */
23 | UINT32 Index : 30; /* bit position: 2 */
24 | }; /* bitfield */
25 | VOID* GenericHandleOverlay;
26 | SIZE_T Value;
27 | };
28 | } EXHANDLE, *PEXHANDLE; /* size: 0x0008 */ /* size: 0x0004 */
29 | static_assert(sizeof(EXHANDLE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0008 : 0x0004));
30 |
31 |
32 | typedef struct _HANDLE_TABLE_ENTRY
33 | {
34 | union
35 | {
36 | volatile SSIZE_T VolatileLowValue;
37 | SSIZE_T LowValue;
38 | struct _HANDLE_TABLE_ENTRY_INFO* volatile InfoTable;
39 | struct /* bitfield */
40 | {
41 | SIZE_T Unlocked : 1; /* bit position: 0 */
42 | #ifdef _WIN64
43 | SIZE_T RefCnt : 19; /* bit position: 1 */
44 | SIZE_T Attributes : 3; /* bit position: 20 */
45 | SIZE_T ObjectPointerBits : sizeof(SIZE_T) * 8 - 23; /* bit position: 23 */
46 | #else
47 | SIZE_T Attributes : 2; /* bit position: 1 */
48 | SIZE_T ObjectPointerBits : sizeof(SIZE_T) * 8 - 3; /* bit position: 3 */
49 | #endif
50 | }; /* bitfield */
51 | };
52 | union
53 | {
54 | SSIZE_T HighValue;
55 | struct _HANDLE_TABLE_ENTRY* NextFreeHandleEntry;
56 | struct _EXHANDLE LeafHandleValue;
57 | struct
58 | {
59 | struct /* bitfield */
60 | {
61 | UINT32 GrantedAccessBits : 25; /* bit position: 0 */
62 | #ifdef _WIN64
63 | UINT32 Spare : 7; /* bit position: 25 */
64 | #else
65 | UINT32 ProtectFromClose : 1; /* bit position: 25 */
66 | UINT32 RefCnt : 6; /* bit position: 26 */
67 | #endif
68 | }; /* bitfield */
69 | #ifdef _WIN64
70 | UINT32 TypeInfo;
71 | #endif
72 | };
73 | };
74 | } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; /* size: 0x0010 */ /* size: 0x0008 */
75 | static_assert(sizeof(HANDLE_TABLE_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008));
76 |
77 |
78 | typedef struct _HANDLE_TABLE_FREE_LIST
79 | {
80 | struct _EX_PUSH_LOCK FreeListLock;
81 | struct _HANDLE_TABLE_ENTRY* FirstFreeHandleEntry;
82 | struct _HANDLE_TABLE_ENTRY* LastFreeHandleEntry;
83 | INT32 HandleCount;
84 | UINT32 HighWaterMark;
85 | UINT32 Reserved[8];
86 | } HANDLE_TABLE_FREE_LIST, *PHANDLE_TABLE_FREE_LIST; /* size: 0x0040 */ /* size: 0x0034 */
87 | static_assert(sizeof(HANDLE_TABLE_FREE_LIST) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0040 : 0x0034));
88 |
89 |
90 | typedef struct _HANDLE_TABLE
91 | {
92 | UINT32 NextHandleNeedingPool;
93 | INT32 ExtraInfoPages;
94 | volatile SIZE_T TableCode;
95 | struct _EPROCESS* QuotaProcess;
96 | struct _LIST_ENTRY HandleTableList;
97 | UINT32 UniqueProcessId;
98 | union
99 | {
100 | UINT32 Flags;
101 | struct /* bitfield */
102 | {
103 | UINT8 StrictFIFO : 1; /* bit position: 0 */
104 | UINT8 EnableHandleExceptions : 1; /* bit position: 1 */
105 | UINT8 Rundown : 1; /* bit position: 2 */
106 | UINT8 Duplicated : 1; /* bit position: 3 */
107 | }; /* bitfield */
108 | }; /* size: 0x0004 */
109 | struct _EX_PUSH_LOCK HandleContentionEvent;
110 | struct _EX_PUSH_LOCK HandleTableLock;
111 | union
112 | {
113 | struct _HANDLE_TABLE_FREE_LIST FreeLists[1];
114 | struct
115 | {
116 | enum : UINT32
117 | {
118 | ActualEntrySizeX86 = 20,
119 | ActualEntrySizeX64 = 32,
120 | ActualEntrySize = sizeof(SIZE_T) == sizeof(UINT64) ? ActualEntrySizeX64 : ActualEntrySizeX86
121 | };
122 |
123 | UINT8 ActualEntry[ActualEntrySize];
124 | struct _HANDLE_TRACE_DEBUG_INFO* DebugInfo;
125 | };
126 | };
127 | } HANDLE_TABLE, *PHANDLE_TABLE; /* size: 0x0080 */ /* size: 0x005c */
128 | static_assert(sizeof(HANDLE_TABLE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0080 : 0x005c));
129 |
130 | }
131 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ex/build_9600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.3.9600.19038\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_9600
11 | {
12 |
13 | SameDefine$(build_9200, EXHANDLE);
14 | SameDefine$(build_9200, HANDLE_TABLE_FREE_LIST);
15 | SameDefine$(build_9200, HANDLE_TABLE);
16 |
17 |
18 |
19 | typedef struct _HANDLE_TABLE_ENTRY
20 | {
21 | union
22 | {
23 | volatile SSIZE_T VolatileLowValue;
24 | SSIZE_T LowValue;
25 | struct _HANDLE_TABLE_ENTRY_INFO* volatile InfoTable;
26 | struct /* bitfield */
27 | {
28 | SIZE_T Unlocked : 1; /* bit position: 0 */
29 | #ifdef _WIN64
30 | SIZE_T RefCnt : 16; /* bit position: 1 */
31 | SIZE_T Attributes : 3; /* bit position: 20 */
32 | SIZE_T ObjectPointerBits : sizeof(SIZE_T) * 8 - 20; /* bit position: 20 */
33 | #else
34 | SIZE_T Attributes : 2; /* bit position: 1 */
35 | SIZE_T ObjectPointerBits : sizeof(SIZE_T) * 8 - 3; /* bit position: 3 */
36 | #endif
37 | }; /* bitfield */
38 | };
39 | union
40 | {
41 | SSIZE_T HighValue;
42 | struct _HANDLE_TABLE_ENTRY* NextFreeHandleEntry;
43 | EXHANDLE LeafHandleValue;
44 | struct
45 | {
46 | struct /* bitfield */
47 | {
48 | UINT32 GrantedAccessBits : 25; /* bit position: 0 */
49 | #ifdef _X86_
50 | UINT32 ProtectFromClose : 1; /* bit position: 25 */
51 | #endif
52 | UINT32 NoRightsUpgrade : 1; /* bit position: 25/26 */
53 | #ifdef _WIN64
54 | UINT32 Spare : 6; /* bit position: 26 */
55 | #else
56 | UINT32 RefCnt : 5; /* bit position: 27 */
57 | #endif
58 | }; /* bitfield */
59 | #ifdef _WIN64
60 | UINT32 TypeInfo;
61 | #endif
62 | };
63 | };
64 | } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; /* size: 0x0010 */ /* size: 0x0008 */
65 | static_assert(sizeof(HANDLE_TABLE_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008));
66 |
67 | }
68 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/ExKernel.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "ExStruct.inl"
3 |
4 |
5 | namespace wdk
6 | {
7 | extern"C"
8 | {
9 |
10 | extern POBJECT_TYPE* ExWindowStationObjectType;
11 |
12 |
13 | int NTAPI
14 | ExSystemExceptionFilter(
15 | VOID
16 | );
17 |
18 |
19 | BOOLEAN NTAPI
20 | ExEnumHandleTable(
21 | _In_ struct _HANDLE_TABLE* HandleTable,
22 | _In_ ExEnumHandleRoutine EnumHandleProcedure,
23 | _In_ PVOID EnumParameter,
24 | _Out_opt_ PHANDLE Handle
25 | );
26 |
27 |
28 | PEX_PUSH_LOCK_CACHE_AWARE NTAPI
29 | ExAllocateCacheAwarePushLock(
30 | VOID
31 | );
32 |
33 | VOID NTAPI
34 | ExFreeCacheAwarePushLock(
35 | _Inout_ PEX_PUSH_LOCK_CACHE_AWARE PushLock
36 | );
37 |
38 | VOID NTAPI
39 | ExAcquireCacheAwarePushLockExclusive(
40 | _Inout_ PEX_PUSH_LOCK_CACHE_AWARE CacheAwarePushLock
41 | );
42 |
43 | VOID NTAPI
44 | ExReleaseCacheAwarePushLockExclusive(
45 | _Inout_ PEX_PUSH_LOCK_CACHE_AWARE CacheAwarePushLock
46 | );
47 |
48 | VOID FASTCALL
49 | ExEnterCriticalRegionAndAcquireFastMutexUnsafe(
50 | _Inout_ PFAST_MUTEX FastMutex
51 | );
52 |
53 | VOID NTAPI
54 | ExInitializePushLock(
55 | _Out_ PEX_PUSH_LOCK PushLock
56 | );
57 |
58 | VOID FASTCALL
59 | ExfAcquirePushLockExclusive(
60 | _Inout_ PEX_PUSH_LOCK aPushLock
61 | );
62 |
63 | VOID FASTCALL
64 | ExfReleasePushLockExclusive(
65 | _Inout_ PEX_PUSH_LOCK aPushLock);
66 |
67 | VOID FASTCALL
68 | ExfAcquirePushLockShared(
69 | _Inout_ PEX_PUSH_LOCK aPushLock
70 | );
71 |
72 | VOID FASTCALL
73 | ExfReleasePushLockShared(
74 | _Inout_ PEX_PUSH_LOCK aPushLock);
75 |
76 | BOOLEAN FASTCALL
77 | ExfTryAcquirePushLockShared(
78 | _Inout_ PEX_PUSH_LOCK aPushLock);
79 |
80 | VOID FASTCALL
81 | ExfTryToWakePushLock(
82 | _Inout_ PEX_PUSH_LOCK aPushLock);
83 |
84 | VOID FASTCALL
85 | ExfReleasePushLock(
86 | _Inout_ PEX_PUSH_LOCK aPushLock
87 | );
88 |
89 | // since win8.1
90 | VOID FASTCALL
91 | ExAcquirePushLockExclusiveEx(
92 | _Inout_ _Requires_lock_not_held_(*_Curr_) _Acquires_lock_(*_Curr_)
93 | PEX_PUSH_LOCK PushLock,
94 | _In_ ULONG Flags
95 | );
96 |
97 | // since win8.1
98 | VOID FASTCALL
99 | ExAcquirePushLockSharedEx(
100 | _Inout_ _Requires_lock_not_held_(*_Curr_) _Acquires_lock_(*_Curr_)
101 | PEX_PUSH_LOCK PushLock,
102 | _In_ ULONG Flags
103 | );
104 |
105 | // since win8.1
106 | VOID FASTCALL
107 | ExReleasePushLockExclusiveEx(
108 | _Inout_ _Requires_lock_held_(*_Curr_) _Releases_lock_(*_Curr_)
109 | PEX_PUSH_LOCK PushLock,
110 | _In_ ULONG Flags
111 | );
112 |
113 | // since win8.1
114 | VOID FASTCALL
115 | ExReleasePushLockSharedEx(
116 | _Inout_ _Requires_lock_held_(*_Curr_) _Releases_lock_(*_Curr_)
117 | PEX_PUSH_LOCK PushLock,
118 | _In_ ULONG Flags
119 | );
120 | }
121 | }
122 |
123 | namespace wdk
124 | {
125 | extern"C"
126 | {
127 |
128 |
129 | FORCEINLINE VOID ExReleasePushLock(
130 | PEX_PUSH_LOCK aPushLock)
131 | {
132 | EX_PUSH_LOCK_IMPL vOldValue{}, vNewValue{};
133 |
134 | vOldValue.Value = *aPushLock;
135 |
136 | if (vOldValue.Shared > 1)
137 | {
138 | vNewValue.Value = vOldValue.Value - EX_PUSH_LOCK_IMPL::LockFlagsShareInc;
139 | }
140 | else
141 | {
142 | vNewValue.Value = 0;
143 | }
144 |
145 | if (vOldValue.Waiting ||
146 | InterlockedCompareExchangePointer(
147 | &reinterpret_cast(aPushLock)->Ptr,
148 | vNewValue.Ptr,
149 | vOldValue.Ptr) != vOldValue.Ptr)
150 | {
151 | ExfReleasePushLock(aPushLock);
152 | }
153 | }
154 |
155 | #ifndef ExAcquirePushLockExclusive
156 | FORCEINLINE VOID ExAcquirePushLockExclusive(
157 | PEX_PUSH_LOCK aPushLock)
158 | {
159 | #ifdef _WIN64
160 | if (InterlockedBitTestAndSet64((LONG64 *)&reinterpret_cast(aPushLock)->Value, EX_PUSH_LOCK_IMPL::LockFlagsShift))
161 | #else
162 | if (InterlockedBitTestAndSet((LONG *)&reinterpret_cast(aPushLock)->Value, EX_PUSH_LOCK_IMPL::LockFlagsShift))
163 | #endif
164 | {
165 | ExfAcquirePushLockExclusive(aPushLock);
166 | }
167 | }
168 | #endif
169 |
170 | #ifndef ExAcquirePushLockShared
171 | FORCEINLINE VOID ExAcquirePushLockShared(
172 | PEX_PUSH_LOCK aPushLock)
173 | {
174 | if (InterlockedCompareExchangePointer(
175 | &(reinterpret_cast(aPushLock)->Ptr),
176 | (PVOID)(EX_PUSH_LOCK_IMPL::LockFlagsShareInc | EX_PUSH_LOCK_IMPL::LockFlagsLock),
177 | nullptr) != nullptr)
178 | {
179 | ExfAcquirePushLockShared(aPushLock);
180 | }
181 | }
182 | #endif
183 |
184 | FORCEINLINE BOOLEAN ExTryAcquirePushLockExclusive(
185 | PEX_PUSH_LOCK aPushLock)
186 | {
187 | #ifdef _WIN64
188 | if (InterlockedBitTestAndSet64((LONG64 *)&reinterpret_cast(aPushLock)->Value, EX_PUSH_LOCK_IMPL::LockFlagsShift))
189 | #else
190 | if (InterlockedBitTestAndSet((LONG *)&reinterpret_cast(aPushLock)->Value, EX_PUSH_LOCK_IMPL::LockFlagsShift))
191 | #endif
192 | {
193 | return TRUE;
194 | }
195 | else
196 | {
197 | return FALSE;
198 | }
199 | }
200 |
201 | FORCEINLINE BOOLEAN ExTryAcquirePushLockShared(
202 | PEX_PUSH_LOCK aPushLock
203 | )
204 | {
205 | /* Fast path with the push lock not held at all. */
206 | if (InterlockedCompareExchangePointer(
207 | &reinterpret_cast(aPushLock)->Ptr,
208 | (PVOID)(EX_PUSH_LOCK_IMPL::LockFlagsShareInc | EX_PUSH_LOCK_IMPL::LockFlagsLock),
209 | nullptr) != nullptr)
210 | {
211 | return ExfTryAcquirePushLockShared(aPushLock);
212 | }
213 |
214 | return TRUE;
215 | }
216 |
217 | #ifndef ExReleasePushLockExclusive
218 | VOID FORCEINLINE ExReleasePushLockExclusive(
219 | PEX_PUSH_LOCK aPushLock)
220 | {
221 | EX_PUSH_LOCK_IMPL OldValue;
222 |
223 | #if defined (_WIN64)
224 | OldValue.Value = InterlockedExchangeAdd64((PLONG64)&reinterpret_cast(aPushLock)->Value, -(LONG64)EX_PUSH_LOCK_IMPL::LockFlagsLock);
225 | #else
226 | OldValue.Value = InterlockedExchangeAdd((PLONG)&reinterpret_cast(aPushLock)->Value, -(LONG)EX_PUSH_LOCK_IMPL::LockFlagsLock);
227 | #endif
228 |
229 | if (!OldValue.Waiting || OldValue.Waking)
230 | {
231 | return;
232 | }
233 |
234 | ExfTryToWakePushLock(aPushLock);
235 | }
236 | #endif
237 |
238 | #ifndef ExReleasePushLockShared
239 | VOID FORCEINLINE ExReleasePushLockShared(
240 | PEX_PUSH_LOCK aPushLock)
241 | {
242 | EX_PUSH_LOCK_IMPL OldValue, NewValue;
243 |
244 | OldValue.Value = EX_PUSH_LOCK_IMPL::LockFlagsShareInc | EX_PUSH_LOCK_IMPL::LockFlagsLock;
245 | NewValue.Value = 0;
246 |
247 | if (InterlockedCompareExchangePointer(&reinterpret_cast(aPushLock)->Ptr,
248 | NewValue.Ptr,
249 | OldValue.Ptr) != OldValue.Ptr)
250 | {
251 | ExfReleasePushLockShared(aPushLock);
252 | }
253 | }
254 | #endif
255 |
256 |
257 | inline auto ExInitSystem() -> NTSTATUS
258 | {
259 | return STATUS_SUCCESS;
260 | }
261 | }
262 | }
263 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/ExStruct.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | namespace wdk
5 | {
6 |
7 | #pragma region Handle
8 | using ExEnumHandleRoutineWin7 = BOOLEAN(*)(
9 | _Inout_ struct _HANDLE_TABLE_ENTRY* HandleTableEntry,
10 | _In_ HANDLE Handle,
11 | _In_ PVOID EnumParameter
12 | );
13 |
14 | // since Windows 8
15 | using ExEnumHandleRoutine = BOOLEAN(*)(
16 | _In_ struct _HANDLE_TABLE* HandleTable,
17 | _Inout_ struct _HANDLE_TABLE_ENTRY* HandleTableEntry,
18 | _In_ HANDLE Handle,
19 | _In_ PVOID EnumParameter
20 | );
21 | #pragma endregion
22 |
23 |
24 | #pragma region Lock
25 | #ifndef EX_PUSH_LOCK
26 | #define EX_PUSH_LOCK ULONG_PTR
27 | #define PEX_PUSH_LOCK ULONG_PTR*
28 | #endif
29 |
30 |
31 | typedef struct _EX_PUSH_LOCK
32 | {
33 | enum : ULONG_PTR
34 | {
35 | LockFlagsShift = 0x0000,
36 | LockFlagsLock = 0x0001,
37 | LockFlagsWaiting = 0x0002,
38 | LockFlagsWaking = 0x0004,
39 | LockFlagsMultipleShared = 0x0008,
40 | LockFlagsShareInc = 0x0010,
41 | LockFlagsPtrBits = 0x000F,
42 | };
43 |
44 | union
45 | {
46 | struct
47 | {
48 | ULONG_PTR Locked : 1; /* bit position: 0 */
49 | ULONG_PTR Waiting : 1; /* bit position: 1 */
50 | ULONG_PTR Waking : 1; /* bit position: 2 */
51 | ULONG_PTR MultipleShared : 1; /* bit position: 3 */
52 | ULONG_PTR Shared : (sizeof(ULONG_PTR) * 8) - 4; /* bit position: 4 */
53 | }; /* bitfield */
54 |
55 | ULONG_PTR Value;
56 | void* Ptr;
57 | };
58 | } EX_PUSH_LOCK_IMPL, *PEX_PUSH_LOCK_IMPL;
59 |
60 |
61 | enum : UINT32
62 | {
63 | ExCacheLineSize = 128,
64 | ExPushLockFannedCOunt = (PAGE_SIZE / ExCacheLineSize),
65 | };
66 |
67 | typedef struct EX_PUSH_LOCK_CACHE_AWARE
68 | {
69 | PEX_PUSH_LOCK Locks[ExPushLockFannedCOunt];
70 | }*PEX_PUSH_LOCK_CACHE_AWARE;
71 |
72 |
73 | typedef struct _EX_FAST_REF
74 | {
75 | enum : UINT32
76 | {
77 | BitOfRefCount = (sizeof(ULONG_PTR) == sizeof(UINT32)) ? 3 : 4,
78 | };
79 |
80 | union
81 | {
82 | VOID * Object;
83 | ULONG_PTR RefCnt : BitOfRefCount;
84 | ULONG_PTR Value;
85 | };
86 | } EX_FAST_REF, *PEX_FAST_REF;
87 | #pragma endregion
88 |
89 | }
90 |
91 | #include "Ex\build_7600.inl"
92 | #include "Ex\build_7601.inl"
93 | #include "Ex\build_9200.inl"
94 | #include "Ex\build_9600.inl"
95 | #include "Ex\build_10240.inl"
96 | #include "Ex\build_10586.inl"
97 | #include "Ex\build_14393.inl"
98 | #include "Ex\build_15063.inl"
99 | #include "Ex\build_16299.inl"
100 | #include "Ex\build_17134.inl"
101 | #include "Ex\build_17763.inl"
102 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Fs/build_10240.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Fs/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Fs/build_14393.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Fs/build_15063.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Fs/build_16299.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Fs/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Fs/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Fs/build_7600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Fs/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Fs/build_9200.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Fs/build_9600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/FsKernel.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "FsStruct.inl"
3 |
4 |
5 | namespace wdk
6 | {
7 | extern"C"
8 | {
9 |
10 | #ifndef _NTIFS_
11 | #define FSRTL_FSP_TOP_LEVEL_IRP ((LONG_PTR)0x01)
12 | #define FSRTL_CACHE_TOP_LEVEL_IRP ((LONG_PTR)0x02)
13 | #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP ((LONG_PTR)0x03)
14 | #define FSRTL_FAST_IO_TOP_LEVEL_IRP ((LONG_PTR)0x04)
15 | #define FSRTL_NETWORK1_TOP_LEVEL_IRP ((LONG_PTR)0x05)
16 | #define FSRTL_NETWORK2_TOP_LEVEL_IRP ((LONG_PTR)0x06)
17 | #define FSRTL_ASYNC_CACHED_READ_TOP_LEVEL_IRP ((LONG_PTR)0x07)
18 | #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG ((LONG_PTR)0xFFFF)
19 | #endif
20 |
21 | inline void NTAPI
22 | FsRtlSetTopLevelIrpForModWriter()
23 | {
24 | auto TempIrp = (PIRP)FSRTL_MOD_WRITE_TOP_LEVEL_IRP;
25 | IoSetTopLevelIrp(TempIrp);
26 | }
27 |
28 | BOOLEAN NTAPI
29 | FsRtlCopyRead(
30 | _In_ PFILE_OBJECT FileObject,
31 | _In_ PLARGE_INTEGER FileOffset,
32 | _In_ ULONG Length,
33 | _In_ BOOLEAN Wait,
34 | _In_ ULONG LockKey,
35 | __out_bcount(Length) PVOID Buffer,
36 | _Out_ PIO_STATUS_BLOCK IoStatus,
37 | _In_ PDEVICE_OBJECT DeviceObject
38 | );
39 |
40 | BOOLEAN NTAPI
41 | FsRtlCopyWrite(
42 | _In_ PFILE_OBJECT FileObject,
43 | _In_ PLARGE_INTEGER FileOffset,
44 | _In_ ULONG Length,
45 | _In_ BOOLEAN Wait,
46 | _In_ ULONG LockKey,
47 | __in_bcount(Length) PVOID Buffer,
48 | _Out_ PIO_STATUS_BLOCK IoStatus,
49 | _In_ PDEVICE_OBJECT DeviceObject
50 | );
51 |
52 | BOOLEAN NTAPI
53 | FsRtlMdlRead(
54 | _In_ PFILE_OBJECT FileObject,
55 | _In_ PLARGE_INTEGER FileOffset,
56 | _In_ ULONG Length,
57 | _In_ ULONG LockKey,
58 | _Out_ PMDL *MdlChain,
59 | _Out_ PIO_STATUS_BLOCK IoStatus
60 | );
61 |
62 | BOOLEAN NTAPI
63 | FsRtlMdlReadComplete(
64 | _In_ PFILE_OBJECT FileObject,
65 | _In_ PMDL MdlChain
66 | );
67 |
68 | BOOLEAN NTAPI
69 | FsRtlPrepareMdlWrite(
70 | _In_ PFILE_OBJECT FileObject,
71 | _In_ PLARGE_INTEGER FileOffset,
72 | _In_ ULONG Length,
73 | _In_ ULONG LockKey,
74 | _Out_ PMDL *MdlChain,
75 | _Out_ PIO_STATUS_BLOCK IoStatus
76 | );
77 |
78 | BOOLEAN NTAPI
79 | FsRtlMdlWriteComplete(
80 | _In_ PFILE_OBJECT FileObject,
81 | _In_ PLARGE_INTEGER FileOffset,
82 | _In_ PMDL MdlChain
83 | );
84 |
85 | BOOLEAN NTAPI
86 | FsRtlMdlReadDev(
87 | _In_ PFILE_OBJECT FileObject,
88 | _In_ PLARGE_INTEGER FileOffset,
89 | _In_ ULONG Length,
90 | _In_ ULONG LockKey,
91 | _Out_ PMDL *MdlChain,
92 | _Out_ PIO_STATUS_BLOCK IoStatus,
93 | _In_ PDEVICE_OBJECT DeviceObject
94 | );
95 |
96 | BOOLEAN NTAPI
97 | FsRtlMdlReadCompleteDev(
98 | _In_ PFILE_OBJECT FileObject,
99 | _In_ PMDL MdlChain,
100 | _In_ PDEVICE_OBJECT DeviceObject
101 | );
102 |
103 | BOOLEAN NTAPI
104 | FsRtlPrepareMdlWriteDev(
105 | _In_ PFILE_OBJECT FileObject,
106 | _In_ PLARGE_INTEGER FileOffset,
107 | _In_ ULONG Length,
108 | _In_ ULONG LockKey,
109 | _Out_ PMDL *MdlChain,
110 | _Out_ PIO_STATUS_BLOCK IoStatus,
111 | _In_ PDEVICE_OBJECT DeviceObject
112 | );
113 |
114 | BOOLEAN NTAPI
115 | FsRtlMdlWriteCompleteDev(
116 | _In_ PFILE_OBJECT FileObject,
117 | _In_ PLARGE_INTEGER FileOffset,
118 | _In_ PMDL MdlChain,
119 | _In_ PDEVICE_OBJECT DeviceObject
120 | );
121 |
122 | VOID NTAPI
123 | FsRtlAcquireFileExclusive(
124 | _In_ PFILE_OBJECT FileObject
125 | );
126 |
127 | VOID NTAPI
128 | FsRtlReleaseFile(
129 | _In_ PFILE_OBJECT FileObject
130 | );
131 |
132 | NTSTATUS NTAPI
133 | FsRtlGetFileSize(
134 | _In_ PFILE_OBJECT FileObject,
135 | _Inout_ PLARGE_INTEGER FileSize
136 | );
137 |
138 | BOOLEAN NTAPI
139 | FsRtlIsNameInExpression(
140 | _In_ PUNICODE_STRING Expression,
141 | _In_ PUNICODE_STRING Name,
142 | _In_ BOOLEAN IgnoreCase,
143 | _In_opt_ PWCH UpcaseTable
144 | );
145 | }
146 | }
147 |
148 | namespace wdk
149 | {
150 | extern"C"
151 | {
152 | inline auto FsInitSystem() -> NTSTATUS
153 | {
154 | return STATUS_SUCCESS;
155 | }
156 | }
157 | }
158 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/FsStruct.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | namespace wdk
5 | {
6 |
7 | #pragma region Process
8 | // private
9 | typedef struct _PROCESS_DISK_COUNTERS
10 | {
11 | ULONGLONG BytesRead;
12 | ULONGLONG BytesWritten;
13 | ULONGLONG ReadOperationCount;
14 | ULONGLONG WriteOperationCount;
15 | ULONGLONG FlushOperationCount;
16 | } PROCESS_DISK_COUNTERS, *PPROCESS_DISK_COUNTERS;
17 |
18 | // private
19 | typedef union _ENERGY_STATE_DURATION
20 | {
21 | union
22 | {
23 | ULONGLONG Value;
24 | ULONG LastChangeTime;
25 | };
26 |
27 | ULONG Duration : 31;
28 | ULONG IsInState : 1;
29 | } ENERGY_STATE_DURATION, *PENERGY_STATE_DURATION;
30 |
31 | // private
32 | typedef struct _PROCESS_ENERGY_VALUES
33 | {
34 | ULONGLONG Cycles[2][4];
35 | ULONGLONG DiskEnergy;
36 | ULONGLONG NetworkTailEnergy;
37 | ULONGLONG MBBTailEnergy;
38 | ULONGLONG NetworkTxRxBytes;
39 | ULONGLONG MBBTxRxBytes;
40 | union
41 | {
42 | ENERGY_STATE_DURATION Durations[3];
43 | struct
44 | {
45 | ENERGY_STATE_DURATION ForegroundDuration;
46 | ENERGY_STATE_DURATION DesktopVisibleDuration;
47 | ENERGY_STATE_DURATION PSMForegroundDuration;
48 | };
49 | };
50 | ULONG CompositionRendered;
51 | ULONG CompositionDirtyGenerated;
52 | ULONG CompositionDirtyPropagated;
53 | ULONG Reserved1;
54 | ULONGLONG AttributedCycles[4][2];
55 | ULONGLONG WorkOnBehalfCycles[4][2];
56 | } PROCESS_ENERGY_VALUES, *PPROCESS_ENERGY_VALUES;
57 | #pragma endregion
58 |
59 |
60 | #pragma region File
61 | // private
62 | typedef struct _FILE_PATH
63 | {
64 | ULONG Version;
65 | ULONG Length;
66 | ULONG Type;
67 | UCHAR FilePath[1];
68 | } FILE_PATH, *PFILE_PATH;
69 |
70 |
71 | // private
72 | typedef struct _FILE_IO_COMPLETION_INFORMATION
73 | {
74 | PVOID KeyContext;
75 | PVOID ApcContext;
76 | IO_STATUS_BLOCK IoStatusBlock;
77 | } FILE_IO_COMPLETION_INFORMATION, *PFILE_IO_COMPLETION_INFORMATION;
78 | #pragma endregion
79 |
80 |
81 | }
82 |
83 | #include "Fs\build_7600.inl"
84 | #include "Fs\build_7601.inl"
85 | #include "Fs\build_9200.inl"
86 | #include "Fs\build_9600.inl"
87 | #include "Fs\build_10240.inl"
88 | #include "Fs\build_10586.inl"
89 | #include "Fs\build_14393.inl"
90 | #include "Fs\build_15063.inl"
91 | #include "Fs\build_16299.inl"
92 | #include "Fs\build_17134.inl"
93 | #include "Fs\build_17763.inl"
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Io/build_10240.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Io/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Io/build_14393.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Io/build_15063.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Io/build_16299.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Io/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Io/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Io/build_7600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Io/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Io/build_9200.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Io/build_9600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/IoKernel.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "IoStruct.inl"
3 |
4 |
5 | namespace wdk
6 | {
7 | extern"C"
8 | {
9 | extern POBJECT_TYPE *IoAdapterObjectType;
10 | extern POBJECT_TYPE *IoDriverObjectType;
11 |
12 | NTSTATUS NTAPI
13 | IoQueryFileDosDeviceName(
14 | _In_ PFILE_OBJECT FileObject,
15 | _Out_ POBJECT_NAME_INFORMATION *ObjectNameInformation
16 | );
17 |
18 | NTSTATUS NTAPI
19 | IoCreateDriver(
20 | _In_opt_ PUNICODE_STRING DriverName,
21 | _In_ PDRIVER_INITIALIZE InitializationFunction
22 | );
23 |
24 | VOID NTAPI
25 | IoDeleteDriver(
26 | _In_ PDRIVER_OBJECT DriverObject
27 | );
28 |
29 | PDEVICE_OBJECT NTAPI
30 | IoGetBaseFileSystemDeviceObject(
31 | _In_ PFILE_OBJECT FileObject
32 | );
33 |
34 | PDEVICE_OBJECT NTAPI
35 | IoGetDeviceAttachmentBaseRef(
36 | _In_ PDEVICE_OBJECT DeviceObject
37 | );
38 | }
39 | }
40 |
41 | namespace wdk
42 | {
43 | extern"C"
44 | {
45 | inline auto IoInitSystem() -> NTSTATUS
46 | {
47 | return STATUS_SUCCESS;
48 | }
49 | }
50 | }
51 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/IoStruct.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | namespace wdk
5 | {
6 |
7 | }
8 |
9 | #include "Io\build_7600.inl"
10 | #include "Io\build_7601.inl"
11 | #include "Io\build_9200.inl"
12 | #include "Io\build_9600.inl"
13 | #include "Io\build_10240.inl"
14 | #include "Io\build_10586.inl"
15 | #include "Io\build_14393.inl"
16 | #include "Io\build_15063.inl"
17 | #include "Io\build_16299.inl"
18 | #include "Io\build_17134.inl"
19 | #include "Io\build_17763.inl"
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ke/build_10240.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10240.17443\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_10240
11 | {
12 |
13 | SameDefine$(build_9600, KWAIT_STATUS_REGISTER);
14 |
15 |
16 | typedef struct _KLOCK_ENTRY_LOCK_STATE
17 | {
18 | union
19 | {
20 | struct /* bitfield */
21 | {
22 | SIZE_T CrossThreadReleasable : 1; /* bit position: 0 */
23 | SIZE_T Busy : 1; /* bit position: 1 */
24 | SIZE_T Reserved : sizeof(SIZE_T) * 8 - 3; /* bit position: 2 */
25 | SIZE_T InTree : 1; /* bit position: 31 */
26 | }; /* bitfield */
27 | VOID* LockState;
28 | };
29 | union
30 | {
31 | VOID* SessionState;
32 | struct
33 | {
34 | UINT32 SessionId;
35 | #ifdef _WIN64
36 | UINT32 SessionPad;
37 | #endif
38 | };
39 | };
40 | } KLOCK_ENTRY_LOCK_STATE, *PKLOCK_ENTRY_LOCK_STATE; /* size: 0x0010 */ /* size: 0x0008 */
41 | static_assert(sizeof(KLOCK_ENTRY_LOCK_STATE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008));
42 |
43 |
44 | typedef struct _KLOCK_ENTRY
45 | {
46 | union
47 | {
48 | struct _RTL_BALANCED_NODE TreeNode;
49 | struct _SINGLE_LIST_ENTRY FreeListEntry;
50 | };
51 | union
52 | {
53 | UINT32 EntryFlags;
54 | struct
55 | {
56 | UINT8 EntryOffset;
57 | union
58 | {
59 | UINT8 ThreadLocalFlags;
60 | struct
61 | {
62 | struct /* bitfield */
63 | {
64 | UINT8 WaitingBit : 1; /* bit position: 0 */
65 | UINT8 Spare0 : 7; /* bit position: 1 */
66 | }; /* bitfield */
67 | union
68 | {
69 | UINT8 AcquiredByte;
70 | struct
71 | {
72 | UINT8 AcquiredBit : 1; /* bit position: 0 */
73 | union
74 | {
75 | UINT8 CrossThreadFlags;
76 | struct /* bitfield */
77 | {
78 | UINT8 HeadNodeBit : 1; /* bit position: 0 */
79 | UINT8 IoPriorityBit : 1; /* bit position: 1 */
80 | UINT8 Spare1 : 6; /* bit position: 2 */
81 | }; /* bitfield */
82 | }; /* size: 0x0001 */
83 | }; /* size: 0x0002 */
84 | }; /* size: 0x0002 */
85 | }; /* size: 0x0003 */
86 | }; /* size: 0x0003 */
87 | }; /* size: 0x0004 */
88 | struct /* bitfield */
89 | {
90 | UINT32 StaticState : 8; /* bit position: 0 */
91 | UINT32 AllFlags : 24; /* bit position: 8 */
92 | }; /* bitfield */
93 | }; /* size: 0x0004 */
94 | #ifdef _WIN64
95 | UINT32 SpareFlags;
96 | #endif
97 | union
98 | {
99 | struct _KLOCK_ENTRY_LOCK_STATE LockState;
100 | VOID* volatile LockUnsafe;
101 | struct
102 | {
103 | volatile UINT8 CrossThreadReleasableAndBusyByte;
104 | UINT8 Reserved[sizeof(SIZE_T) - 2];
105 | volatile UINT8 InTreeByte;
106 | union
107 | {
108 | VOID* SessionState;
109 | struct
110 | {
111 | UINT32 SessionId;
112 | #ifdef _WIN64
113 | UINT32 SessionPad;
114 | #endif
115 | };
116 | };
117 | };
118 | };
119 | union
120 | {
121 | struct
122 | {
123 | struct _RTL_RB_TREE OwnerTree;
124 | struct _RTL_RB_TREE WaiterTree;
125 | };
126 | CHAR CpuPriorityKey;
127 | };
128 | SIZE_T EntryLock;
129 | union
130 | {
131 | UINT16 AllBoosts;
132 | struct /* bitfield */
133 | {
134 | UINT16 IoBoost : 1; /* bit position: 0 */
135 | UINT16 CpuBoostsBitmap : 15; /* bit position: 1 */
136 | }; /* bitfield */
137 | }; /* size: 0x0002 */
138 | UINT16 IoNormalPriorityWaiterCount;
139 | #ifdef _WIN64
140 | UINT16 SparePad;
141 | #endif
142 | } KLOCK_ENTRY, *PKLOCK_ENTRY; /* size: 0x0060 */ /* size: 0x0030 */
143 | static_assert(sizeof(KLOCK_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0060 : 0x0030));
144 |
145 |
146 | }
147 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ke/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10586.1176\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_10586
11 | {
12 |
13 | SameDefine$(build_10240, KWAIT_STATUS_REGISTER);
14 | SameDefine$(build_10240, KLOCK_ENTRY_LOCK_STATE);
15 | SameDefine$(build_10240, KLOCK_ENTRY);
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ke/build_14393.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.14393.2214\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_14393
11 | {
12 |
13 | SameDefine$(build_10240, KWAIT_STATUS_REGISTER);
14 | SameDefine$(build_10240, KLOCK_ENTRY_LOCK_STATE);
15 |
16 |
17 | typedef struct _KLOCK_ENTRY
18 | {
19 | union
20 | {
21 | struct _RTL_BALANCED_NODE TreeNode;
22 | struct _SINGLE_LIST_ENTRY FreeListEntry;
23 | };
24 | union
25 | {
26 | UINT32 EntryFlags;
27 | struct
28 | {
29 | UINT8 EntryOffset;
30 | union
31 | {
32 | UINT8 ThreadLocalFlags;
33 | struct
34 | {
35 | struct /* bitfield */
36 | {
37 | UINT8 WaitingBit : 1; /* bit position: 0 */
38 | UINT8 Spare0 : 7; /* bit position: 1 */
39 | }; /* bitfield */
40 | union
41 | {
42 | UINT8 AcquiredByte;
43 | struct
44 | {
45 | UINT8 AcquiredBit : 1; /* bit position: 0 */
46 | union
47 | {
48 | UINT8 CrossThreadFlags;
49 | struct /* bitfield */
50 | {
51 | UINT8 HeadNodeBit : 1; /* bit position: 0 */
52 | UINT8 IoPriorityBit : 1; /* bit position: 1 */
53 | UINT8 IoQoSWaiter : 1; /* bit position: 2 */
54 | UINT8 Spare1 : 5; /* bit position: 3 */
55 | }; /* bitfield */
56 | }; /* size: 0x0001 */
57 | }; /* size: 0x0002 */
58 | }; /* size: 0x0002 */
59 | }; /* size: 0x0003 */
60 | }; /* size: 0x0003 */
61 | }; /* size: 0x0004 */
62 | struct /* bitfield */
63 | {
64 | UINT32 StaticState : 8; /* bit position: 0 */
65 | UINT32 AllFlags : 24; /* bit position: 8 */
66 | }; /* bitfield */
67 | }; /* size: 0x0004 */
68 | #ifdef _WIN64
69 | UINT32 SpareFlags;
70 | #endif
71 | union
72 | {
73 | struct _KLOCK_ENTRY_LOCK_STATE LockState;
74 | VOID* volatile LockUnsafe;
75 | struct
76 | {
77 | volatile UINT8 CrossThreadReleasableAndBusyByte;
78 | UINT8 Reserved[sizeof(SIZE_T) - 2];
79 | volatile UINT8 InTreeByte;
80 | union
81 | {
82 | VOID* SessionState;
83 | struct
84 | {
85 | UINT32 SessionId;
86 | #ifdef _WIN64
87 | UINT32 SessionPad;
88 | #endif
89 | };
90 | };
91 | };
92 | };
93 | union
94 | {
95 | struct
96 | {
97 | struct _RTL_RB_TREE OwnerTree;
98 | struct _RTL_RB_TREE WaiterTree;
99 | };
100 | CHAR CpuPriorityKey;
101 | };
102 | EX_PUSH_LOCK EntryLock;
103 | union
104 | {
105 | UINT32 AllBoosts : 17; /* bit position: 0 */
106 | struct
107 | {
108 | struct /* bitfield */
109 | {
110 | UINT16 CpuBoostsBitmap : 15; /* bit position: 0 */
111 | UINT16 IoBoost : 1; /* bit position: 15 */
112 | }; /* bitfield */
113 | struct /* bitfield */
114 | {
115 | UINT16 IoQoSBoost : 1; /* bit position: 0 */
116 | UINT16 IoNormalPriorityWaiterCount : 8; /* bit position: 1 */
117 | UINT16 IoQoSWaiterCount : 7; /* bit position: 9 */
118 | }; /* bitfield */
119 | }; /* size: 0x0004 */
120 | }; /* size: 0x0004 */
121 | #ifdef _WIN64
122 | UINT32 SparePad;
123 | #endif
124 | } KLOCK_ENTRY, *PKLOCK_ENTRY; /* size: 0x0060 */ /* size: 0x0030 */
125 | static_assert(sizeof(KLOCK_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0060 : 0x0030));
126 |
127 | }
128 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ke/build_15063.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.15063.1418\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_15063
11 | {
12 |
13 | SameDefine$(build_14393, KWAIT_STATUS_REGISTER);
14 | SameDefine$(build_14393, KLOCK_ENTRY_LOCK_STATE);
15 |
16 |
17 | typedef union _KLOCK_ENTRY_BOOST_BITMAP
18 | {
19 | union
20 | {
21 | UINT32 AllFields;
22 | struct /* bitfield */
23 | {
24 | UINT32 AllBoosts : 17; /* bit position: 0 */
25 | UINT32 Reserved : 15; /* bit position: 17 */
26 | }; /* bitfield */
27 | struct
28 | {
29 | struct /* bitfield */
30 | {
31 | UINT16 CpuBoostsBitmap : 15; /* bit position: 0 */
32 | UINT16 IoBoost : 1; /* bit position: 15 */
33 | }; /* bitfield */
34 | struct /* bitfield */
35 | {
36 | UINT16 IoQoSBoost : 1; /* bit position: 0 */
37 | UINT16 IoNormalPriorityWaiterCount : 8; /* bit position: 1 */
38 | UINT16 IoQoSWaiterCount : 7; /* bit position: 9 */
39 | }; /* bitfield */
40 | }; /* size: 0x0004 */
41 | }; /* size: 0x0004 */
42 | } KLOCK_ENTRY_BOOST_BITMAP, *PKLOCK_ENTRY_BOOST_BITMAP; /* size: 0x0004 */
43 |
44 |
45 | typedef struct _KLOCK_ENTRY
46 | {
47 | union
48 | {
49 | struct _RTL_BALANCED_NODE TreeNode;
50 | struct _SINGLE_LIST_ENTRY FreeListEntry;
51 | };
52 | union
53 | {
54 | UINT32 EntryFlags;
55 | struct
56 | {
57 | UINT8 EntryOffset;
58 | union
59 | {
60 | UINT8 ThreadLocalFlags;
61 | struct
62 | {
63 | struct /* bitfield */
64 | {
65 | UINT8 WaitingBit : 1; /* bit position: 0 */
66 | UINT8 Spare0 : 7; /* bit position: 1 */
67 | }; /* bitfield */
68 | union
69 | {
70 | UINT8 AcquiredByte;
71 | struct
72 | {
73 | UINT8 AcquiredBit : 1; /* bit position: 0 */
74 | union
75 | {
76 | UINT8 CrossThreadFlags;
77 | struct /* bitfield */
78 | {
79 | UINT8 HeadNodeBit : 1; /* bit position: 0 */
80 | UINT8 IoPriorityBit : 1; /* bit position: 1 */
81 | UINT8 IoQoSWaiter : 1; /* bit position: 2 */
82 | UINT8 Spare1 : 5; /* bit position: 3 */
83 | }; /* bitfield */
84 | }; /* size: 0x0001 */
85 | }; /* size: 0x0002 */
86 | }; /* size: 0x0002 */
87 | }; /* size: 0x0003 */
88 | }; /* size: 0x0003 */
89 | }; /* size: 0x0004 */
90 | struct /* bitfield */
91 | {
92 | UINT32 StaticState : 8; /* bit position: 0 */
93 | UINT32 AllFlags : 24; /* bit position: 8 */
94 | }; /* bitfield */
95 | }; /* size: 0x0004 */
96 | #ifdef _WIN64
97 | UINT32 SpareFlags;
98 | #endif
99 | union
100 | {
101 | struct _KLOCK_ENTRY_LOCK_STATE LockState;
102 | VOID* volatile LockUnsafe;
103 | struct
104 | {
105 | volatile UINT8 CrossThreadReleasableAndBusyByte;
106 | UINT8 Reserved[sizeof(SIZE_T) - 2];
107 | volatile UINT8 InTreeByte;
108 | union
109 | {
110 | VOID* SessionState;
111 | struct
112 | {
113 | UINT32 SessionId;
114 | #ifdef _WIN64
115 | UINT32 SessionPad;
116 | #endif
117 | };
118 | };
119 | };
120 | };
121 | union
122 | {
123 | struct
124 | {
125 | struct _RTL_RB_TREE OwnerTree;
126 | struct _RTL_RB_TREE WaiterTree;
127 | };
128 | CHAR CpuPriorityKey;
129 | };
130 | EX_PUSH_LOCK EntryLock;
131 | union _KLOCK_ENTRY_BOOST_BITMAP BoostBitmap;
132 | #ifdef _WIN64
133 | UINT32 SparePad;
134 | #endif
135 | } KLOCK_ENTRY, *PKLOCK_ENTRY; /* size: 0x0060 */ /* size: 0x0030 */
136 | static_assert(sizeof(KLOCK_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0060 : 0x0030));
137 |
138 | }
139 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ke/build_16299.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.16299.755\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_16299
11 | {
12 |
13 | SameDefine$(build_15063, KWAIT_STATUS_REGISTER);
14 | SameDefine$(build_15063, KLOCK_ENTRY_LOCK_STATE);
15 | SameDefine$(build_15063, KLOCK_ENTRY_BOOST_BITMAP);
16 | SameDefine$(build_15063, KLOCK_ENTRY);
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ke/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17134.376\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_17134
11 | {
12 |
13 | SameDefine$(build_16299, KWAIT_STATUS_REGISTER);
14 | SameDefine$(build_16299, KLOCK_ENTRY_LOCK_STATE);
15 | SameDefine$(build_16299, KLOCK_ENTRY_BOOST_BITMAP);
16 | SameDefine$(build_16299, KLOCK_ENTRY);
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ke/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17763.55\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_17763
11 | {
12 |
13 | SameDefine$(build_17134, KWAIT_STATUS_REGISTER);
14 | SameDefine$(build_17134, KLOCK_ENTRY_LOCK_STATE);
15 | SameDefine$(build_17134, KLOCK_ENTRY_BOOST_BITMAP);
16 | SameDefine$(build_17134, KLOCK_ENTRY);
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ke/build_7600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7600.17795\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_7600
11 | {
12 |
13 | typedef union _KWAIT_STATUS_REGISTER
14 | {
15 | union
16 | {
17 | UINT8 Flags;
18 | struct /* bitfield */
19 | {
20 | UINT8 State : 2; /* bit position: 0 */
21 | UINT8 Affinity : 1; /* bit position: 2 */
22 | UINT8 Priority : 1; /* bit position: 3 */
23 | UINT8 Apc : 1; /* bit position: 4 */
24 | UINT8 UserApc : 1; /* bit position: 5 */
25 | UINT8 Alert : 1; /* bit position: 6 */
26 | UINT8 Unused : 1; /* bit position: 7 */
27 | }; /* bitfield */
28 | }; /* size: 0x0001 */
29 | } KWAIT_STATUS_REGISTER, *PKWAIT_STATUS_REGISTER; /* size: 0x0001 */
30 | static_assert(sizeof(KWAIT_STATUS_REGISTER) == 0x0001);
31 |
32 |
33 | }
34 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ke/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7601.24260\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_7601
11 | {
12 |
13 | SameDefine$(build_7600, KWAIT_STATUS_REGISTER);
14 |
15 | }
16 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ke/build_9200.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.2.9200.17581\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_9200
11 | {
12 |
13 | SameDefine$(build_7601, KWAIT_STATUS_REGISTER);
14 |
15 | }
16 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ke/build_9600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.3.9600.19038\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_9600
11 | {
12 |
13 | typedef union _KWAIT_STATUS_REGISTER
14 | {
15 | union
16 | {
17 | UINT8 Flags;
18 | struct /* bitfield */
19 | {
20 | UINT8 State : 3; /* bit position: 0 */
21 | UINT8 Affinity : 1; /* bit position: 3 */
22 | UINT8 Priority : 1; /* bit position: 4 */
23 | UINT8 Apc : 1; /* bit position: 5 */
24 | UINT8 UserApc : 1; /* bit position: 6 */
25 | UINT8 Alert : 1; /* bit position: 7 */
26 | }; /* bitfield */
27 | }; /* size: 0x0001 */
28 | } KWAIT_STATUS_REGISTER, *PKWAIT_STATUS_REGISTER; /* size: 0x0001 */
29 |
30 |
31 | typedef struct _KLOCK_ENTRY_LOCK_STATE
32 | {
33 | union
34 | {
35 | struct /* bitfield */
36 | {
37 | SIZE_T Waiting : 1; /* bit position: 0 */
38 | SIZE_T Busy : 1; /* bit position: 1 */
39 | SIZE_T Spare : sizeof(SIZE_T) * 8 - 3; /* bit position: 2 */
40 | SIZE_T InTree : 1; /* bit position: 63 */ /* bit position: 31 */
41 | }; /* bitfield */
42 | VOID* LockState;
43 | };
44 | union
45 | {
46 | VOID* SessionState;
47 | struct
48 | {
49 | UINT32 SessionId;
50 | #ifdef _WIN64
51 | UINT32 SessionPad;
52 | #endif
53 | };
54 | };
55 | } KLOCK_ENTRY_LOCK_STATE, *PKLOCK_ENTRY_LOCK_STATE; /* size: 0x0010 */ /* size: 0x0008 */
56 | static_assert(sizeof(KLOCK_ENTRY_LOCK_STATE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008));
57 |
58 |
59 | typedef struct _KLOCK_ENTRY
60 | {
61 | union
62 | {
63 | struct _RTL_BALANCED_NODE TreeNode;
64 | struct _SINGLE_LIST_ENTRY FreeListEntry;
65 | };
66 | union
67 | {
68 | VOID* ThreadUnsafe;
69 | struct
70 | {
71 | volatile UINT8 HeadNodeByte;
72 | UINT8 Reserved1[sizeof(SIZE_T) - 2];
73 | volatile UINT8 AcquiredByte;
74 | };
75 | };
76 | union
77 | {
78 | struct _KLOCK_ENTRY_LOCK_STATE LockState;
79 | VOID* volatile LockUnsafe;
80 | struct
81 | {
82 | volatile UINT8 WaitingAndBusyByte;
83 | UINT8 Reserved[sizeof(SIZE_T) - 2];
84 | volatile UINT8 InTreeByte;
85 | union
86 | {
87 | VOID* SessionState;
88 | struct
89 | {
90 | UINT32 SessionId;
91 | #ifdef _WIN64
92 | UINT32 SessionPad;
93 | #endif
94 | };
95 | };
96 | };
97 | };
98 | union
99 | {
100 | struct
101 | {
102 | struct _RTL_RB_TREE OwnerTree;
103 | struct _RTL_RB_TREE WaiterTree;
104 | };
105 | CHAR CpuPriorityKey;
106 | };
107 | SIZE_T EntryLock;
108 | union
109 | {
110 | UINT16 AllBoosts;
111 | struct /* bitfield */
112 | {
113 | UINT16 IoBoost : 1; /* bit position: 0 */
114 | UINT16 CpuBoostsBitmap : 15; /* bit position: 1 */
115 | }; /* bitfield */
116 | }; /* size: 0x0002 */
117 | #ifdef _WIN64
118 | UINT16 IoNormalPriorityWaiterCount;
119 | struct /* bitfield */
120 | {
121 | UINT8 IoPriorityBit : 1; /* bit position: 0 */
122 | UINT8 AbSpare : 7; /* bit position: 1 */
123 | }; /* bitfield */
124 | UINT8 SparePad[3];
125 | #else
126 | struct /* bitfield */
127 | {
128 | UINT16 IoNormalPriorityWaiterCount : 15; /* bit position: 0 */
129 | UINT16 IoPriorityBit : 1; /* bit position: 15 */
130 | }; /* bitfield */
131 | #endif
132 | } KLOCK_ENTRY, *PKLOCK_ENTRY; /* size: 0x0060 */ /* size: 0x0030 */
133 | static_assert(sizeof(KLOCK_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0060 : 0x0030));
134 |
135 |
136 | }
137 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/KeKernel.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "KeStruct.inl"
3 |
4 |
5 | namespace wdk
6 | {
7 |
8 | extern"C"
9 | {
10 |
11 | BOOLEAN NTAPI
12 | KeAddSystemServiceTable(
13 | _In_ PULONG_PTR aBase,
14 | _In_opt_ PULONG aCount,
15 | _In_ ULONG aLimit,
16 | _In_ PUCHAR aNumber,
17 | _In_ ULONG aIndex
18 | );
19 |
20 |
21 | #ifndef KeGetPreviousMode
22 | #define KeGetPreviousMode ExGetPreviousMode
23 | #endif
24 |
25 |
26 | void NTAPI
27 | KeStackAttachProcess(
28 | _In_ PKPROCESS PROCESS,
29 | _Out_ PRKAPC_STATE ApcState
30 | );
31 |
32 |
33 | void NTAPI
34 | KeUnstackDetachProcess(
35 | _In_ PRKAPC_STATE ApcState
36 | );
37 |
38 |
39 | VOID NTAPI
40 | KeInitializeApc(
41 | _Out_ PRKAPC aApc,
42 | _In_ PRKTHREAD aThread,
43 | _In_ KAPC_ENVIRONMENT aEnvironment,
44 | _In_ PKKERNEL_ROUTINE aKernelRoutine,
45 | _In_opt_ PKRUNDOWN_ROUTINE aRundownRoutine,
46 | _In_opt_ PKNORMAL_ROUTINE aNormalRoutine,
47 | _In_opt_ KPROCESSOR_MODE aProcessorMode,
48 | _In_opt_ PVOID aNormalContext
49 | );
50 |
51 |
52 | BOOLEAN NTAPI
53 | KeInsertQueueApc(
54 | _Inout_ PRKAPC aApc,
55 | _In_opt_ PVOID aSystemArgument1,
56 | _In_opt_ PVOID aSystemArgument2,
57 | _In_ KPRIORITY aIncrement
58 | );
59 |
60 |
61 | //BOOLEAN NTAPI
62 | // KeRemoveQueueApc(
63 | // _Inout_ PKAPC Apc
64 | // );
65 |
66 |
67 | BOOLEAN NTAPI
68 | KeTestAlertThread(
69 | _In_ KPROCESSOR_MODE AlertMode
70 | );
71 |
72 | VOID NTAPI
73 | KeGenericCallDpc(
74 | _In_ PKDEFERRED_ROUTINE Routine,
75 | _In_opt_ PVOID Context
76 | );
77 |
78 | VOID NTAPI
79 | KeSignalCallDpcDone(
80 | _In_ PVOID SystemArgument1
81 | );
82 |
83 | LOGICAL NTAPI
84 | KeSignalCallDpcSynchronize(
85 | _In_ PVOID SystemArgument2
86 | );
87 |
88 | }
89 | }
90 |
91 | namespace wdk
92 | {
93 | extern"C"
94 | {
95 | inline auto KeInitSystem() -> NTSTATUS
96 | {
97 | return STATUS_SUCCESS;
98 | }
99 | }
100 | }
101 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/LPC/build_10240.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/LPC/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/LPC/build_14393.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/LPC/build_15063.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/LPC/build_16299.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/LPC/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/LPC/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/LPC/build_7600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/LPC/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/LPC/build_9200.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/LPC/build_9600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/LPCKernel.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "LPCStruct.inl"
3 |
4 |
5 | namespace wdk
6 | {
7 | extern"C"
8 | {
9 |
10 | NTSTATUS NTAPI
11 | LpcRequestPort(
12 | _In_ PVOID PortAddress,
13 | _In_ PPORT_MESSAGE RequestMessage
14 | );
15 |
16 | NTSTATUS NTAPI
17 | LpcRequestWaitReplyPort(
18 | _In_ PVOID PortAddress,
19 | _In_ PPORT_MESSAGE RequestMessage,
20 | _Out_ PPORT_MESSAGE ReplyMessage
21 | );
22 |
23 | NTSTATUS NTAPI
24 | LpcRequestWaitReplyPortEx(
25 | _In_ PVOID PortAddress,
26 | _In_ PPORT_MESSAGE RequestMessage,
27 | _Out_ PPORT_MESSAGE ReplyMessage
28 | );
29 | }
30 | }
31 |
32 |
33 | namespace wdk
34 | {
35 | extern"C"
36 | {
37 | inline auto LPCInitSystem() -> NTSTATUS
38 | {
39 | return STATUS_SUCCESS;
40 | }
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/LPCStruct.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "ObStruct.inl"
3 | #include "SeStruct.inl"
4 |
5 |
6 | namespace wdk
7 | {
8 |
9 | using LPC_PVOID = PVOID;
10 | using LPC_HANDLE = HANDLE;
11 | using LPC_SIZE_T = SIZE_T;
12 | using LPC_CLIENT_ID = CLIENT_ID;
13 |
14 | enum LPCAccessMask : ACCESS_MASK
15 | {
16 | PortConnect = 0x1,
17 | PortAllAccess = (StandardRightsRequired | Synchronize | PortConnect)
18 | };
19 |
20 | enum PortObjectAttributesMask : ACCESS_MASK
21 | {
22 | PortValidObjectArrtibutes = ObjectCaseInsensitive
23 | };
24 |
25 | enum LPCMessageType : UINT32
26 | {
27 | LPCNewMessage,
28 | LPCRequest,
29 | LPCReply,
30 | LPCDataGram,
31 | LPCLostReply,
32 | LPCPortClosed,
33 | LPCClientDied,
34 | LPCException,
35 | LPCDebugEvent,
36 | LPCErrorEvent,
37 | LPCConnectionRequest,
38 | LPCConnectionRefused,
39 | LPCMaximum,
40 |
41 | LPCNoImpersonate = 0x4000,
42 | LPCKernelModeMessage= 0x8000,
43 | };
44 |
45 | typedef struct PORT_MESSAGE
46 | {
47 | union
48 | {
49 | struct
50 | {
51 | SHORT DataLength;
52 | SHORT TotalLength;
53 | } s1;
54 | ULONG Length;
55 | } u1;
56 | union
57 | {
58 | struct
59 | {
60 | SHORT Type;
61 | SHORT DataInfoOffset;
62 | } s2;
63 | ULONG ZeroInit;
64 | } u2;
65 | union
66 | {
67 | LPC_CLIENT_ID ClientId;
68 | double DoNotUseThisField;
69 | };
70 | ULONG MessageId;
71 | union
72 | {
73 | LPC_SIZE_T ClientViewSize;
74 | ULONG CallbackId;
75 | };
76 | } *PPORT_MESSAGE;
77 |
78 | typedef struct PORT_DATA_ENTRY
79 | {
80 | PVOID Base;
81 | ULONG Size;
82 | }*PPORT_DATA_ENTRY;
83 |
84 | typedef struct PORT_DATA_INFORMATION
85 | {
86 | ULONG CountDataEntries;
87 | PORT_DATA_ENTRY DataEntries[1];
88 | }*PPORT_DATA_INFORMATION;
89 |
90 | enum : UINT32
91 | {
92 | PortMaximumMessageLength = 64 * sizeof(SIZE_T),
93 | LPCMaxConnectionInfoSize = 16 * sizeof(SIZE_T),
94 |
95 | PortTotalMaximumMessageLength =
96 | ((PortMaximumMessageLength + sizeof(PORT_MESSAGE) + LPCMaxConnectionInfoSize + 0xF) & ~0xF)
97 | };
98 |
99 | typedef struct _LPC_CLIENT_DIED_MSG
100 | {
101 | PORT_MESSAGE PortMsg;
102 | LARGE_INTEGER CreateTime;
103 | } LPC_CLIENT_DIED_MSG, *PLPC_CLIENT_DIED_MSG;
104 |
105 | typedef struct _PORT_VIEW
106 | {
107 | ULONG Length;
108 | HANDLE SectionHandle;
109 | ULONG SectionOffset;
110 | SIZE_T ViewSize;
111 | PVOID ViewBase;
112 | PVOID ViewRemoteBase;
113 | } PORT_VIEW, *PPORT_VIEW;
114 |
115 | typedef struct _REMOTE_PORT_VIEW
116 | {
117 | ULONG Length;
118 | SIZE_T ViewSize;
119 | PVOID ViewBase;
120 | } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
121 |
122 | // WOW64 definitions
123 |
124 | // Except in a small number of special cases, WOW64 programs using the LPC APIs must use the 64-bit versions of the
125 | // PORT_MESSAGE, PORT_VIEW and REMOTE_PORT_VIEW data structures. Note that we take a different approach than the
126 | // official NT headers, which produce 64-bit versions in a 32-bit environment when USE_LPC6432 is defined.
127 |
128 | typedef struct _PORT_MESSAGE64
129 | {
130 | union
131 | {
132 | struct
133 | {
134 | CSHORT DataLength;
135 | CSHORT TotalLength;
136 | } s1;
137 | ULONG Length;
138 | } u1;
139 | union
140 | {
141 | struct
142 | {
143 | CSHORT Type;
144 | CSHORT DataInfoOffset;
145 | } s2;
146 | ULONG ZeroInit;
147 | } u2;
148 | union
149 | {
150 | CLIENT_ID64 ClientId;
151 | double DoNotUseThisField;
152 | };
153 | ULONG MessageId;
154 | union
155 | {
156 | ULONGLONG ClientViewSize; // only valid for LPC_CONNECTION_REQUEST messages
157 | ULONG CallbackId; // only valid for LPC_REQUEST messages
158 | };
159 | } PORT_MESSAGE64, *PPORT_MESSAGE64;
160 |
161 | typedef struct _LPC_CLIENT_DIED_MSG64
162 | {
163 | PORT_MESSAGE64 PortMsg;
164 | LARGE_INTEGER CreateTime;
165 | } LPC_CLIENT_DIED_MSG64, *PLPC_CLIENT_DIED_MSG64;
166 |
167 | typedef struct _PORT_VIEW64
168 | {
169 | ULONG Length;
170 | ULONGLONG SectionHandle;
171 | ULONG SectionOffset;
172 | ULONGLONG ViewSize;
173 | ULONGLONG ViewBase;
174 | ULONGLONG ViewRemoteBase;
175 | } PORT_VIEW64, *PPORT_VIEW64;
176 |
177 | typedef struct _REMOTE_PORT_VIEW64
178 | {
179 | ULONG Length;
180 | ULONGLONG ViewSize;
181 | ULONGLONG ViewBase;
182 | } REMOTE_PORT_VIEW64, *PREMOTE_PORT_VIEW64;
183 |
184 | typedef struct _LPCP_NONPAGED_PORT_QUEUE
185 | {
186 | KSEMAPHORE Semaphore; // Counting semaphore that is incremented
187 | // whenever a message is put in receive queue
188 | struct _LPCP_PORT_OBJECT *BackPointer;
189 | } LPCP_NONPAGED_PORT_QUEUE, *PLPCP_NONPAGED_PORT_QUEUE;
190 |
191 | typedef struct _LPCP_PORT_QUEUE
192 | {
193 | PLPCP_NONPAGED_PORT_QUEUE NonPagedPortQueue;
194 | PKSEMAPHORE Semaphore; // Counting semaphore that is incremented
195 | // whenever a message is put in receive queue
196 | LIST_ENTRY ReceiveHead; // list of messages to receive
197 | } LPCP_PORT_QUEUE, *PLPCP_PORT_QUEUE;
198 |
199 | typedef struct _LPCP_PORT_OBJECT
200 | {
201 | struct _LPCP_PORT_OBJECT *ConnectionPort;
202 | struct _LPCP_PORT_OBJECT *ConnectedPort;
203 | struct _LPCP_PORT_QUEUE MsgQueue;
204 | CLIENT_ID Creator;
205 | PVOID ClientSectionBase;
206 | PVOID ServerSectionBase;
207 | PVOID PortContext;
208 | PETHREAD ClientThread; // only SERVER_COMMUNICATION_PORT
209 | SECURITY_QUALITY_OF_SERVICE SecurityQos;
210 | SECURITY_CLIENT_CONTEXT StaticSecurity;
211 | LIST_ENTRY LpcReplyChainHead; // Only in _COMMUNICATION ports
212 | LIST_ENTRY LpcDataInfoChainHead; // Only in _COMMUNICATION ports
213 | union
214 | {
215 | PEPROCESS ServerProcess; // Only in SERVER_CONNECTION ports
216 | PEPROCESS MappingProcess; // Only in _COMMUNICATION ports
217 | };
218 | USHORT MaxMessageLength;
219 | USHORT MaxConnectionInfoLength;
220 | ULONG Flags;
221 | KEVENT WaitEvent; // Object is truncated for non-waitable ports
222 | } LPCP_PORT_OBJECT, *PLPCP_PORT_OBJECT;
223 |
224 | typedef struct _LPCP_MESSAGE
225 | {
226 | union
227 | {
228 | LIST_ENTRY Entry;
229 | struct
230 | {
231 | SINGLE_LIST_ENTRY FreeEntry;
232 | ULONG Reserved0;
233 | };
234 | };
235 |
236 | PVOID SenderPort;
237 | PETHREAD RepliedToThread; // Filled in when reply is sent so recipient
238 | // of reply can dereference it.
239 | PVOID PortContext; // Captured from senders communication port.
240 | PORT_MESSAGE Request;
241 | } LPCP_MESSAGE, *PLPCP_MESSAGE;
242 | }
243 |
244 | #include "LPC\build_7600.inl"
245 | #include "LPC\build_7601.inl"
246 | #include "LPC\build_9200.inl"
247 | #include "LPC\build_9600.inl"
248 | #include "LPC\build_10240.inl"
249 | #include "LPC\build_10586.inl"
250 | #include "LPC\build_14393.inl"
251 | #include "LPC\build_15063.inl"
252 | #include "LPC\build_16299.inl"
253 | #include "LPC\build_17134.inl"
254 | #include "LPC\build_17763.inl"
255 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Mm/build_10240.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10240.17443\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_10240
11 | {
12 |
13 | typedef struct _MMSUPPORT
14 | {
15 | volatile INT32 WorkingSetLock;
16 | struct _KGATE* ExitOutswapGate;
17 | VOID* AccessLog;
18 | struct _LIST_ENTRY WorkingSetExpansionLinks;
19 | SIZE_T AgeDistribution[7];
20 | SIZE_T MinimumWorkingSetSize;
21 | SIZE_T WorkingSetLeafSize;
22 | SIZE_T WorkingSetLeafPrivateSize;
23 | SIZE_T WorkingSetSize;
24 | SIZE_T WorkingSetPrivateSize;
25 | SIZE_T MaximumWorkingSetSize;
26 | SIZE_T ChargedWslePages;
27 | SIZE_T ActualWslePages;
28 | SIZE_T WorkingSetSizeOverhead;
29 | SIZE_T PeakWorkingSetSize;
30 | UINT32 HardFaultCount;
31 | #ifdef _WIN64
32 | UINT16 PartitionId;
33 | UINT16 Pad0;
34 | #endif
35 | struct _MMWSL* VmWorkingSetList;
36 | UINT16 NextPageColor;
37 | UINT16 LastTrimStamp;
38 | UINT32 PageFaultCount;
39 | SIZE_T TrimmedPageCount;
40 | SIZE_T ForceTrimPages;
41 | struct _MMSUPPORT_FLAGS Flags;
42 | SIZE_T ReleasedCommitDebt;
43 | VOID* WsSwapSupport;
44 | VOID* CommitReAcquireFailSupport;
45 | } MMSUPPORT, *PMMSUPPORT; /* size: 0x00f8 */ /* size: 0x0080 */
46 | static_assert(sizeof(MMSUPPORT) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x00f8 : 0x0080));
47 |
48 | }
49 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Mm/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10586.1176\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_10586
11 | {
12 |
13 | SameDefine$(build_10240, MMSUPPORT);
14 |
15 | }
16 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Mm/build_14393.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.14393.2214\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_14393
11 | {
12 |
13 |
14 | typedef struct _MMSUPPORT_INSTANCE
15 | {
16 | UINT16 NextPageColor;
17 | UINT16 LastTrimStamp;
18 | UINT32 PageFaultCount;
19 | SIZE_T TrimmedPageCount;
20 | struct _MMWSL_INSTANCE* VmWorkingSetList;
21 | struct _LIST_ENTRY WorkingSetExpansionLinks;
22 | SIZE_T AgeDistribution[7];
23 | struct _KGATE* ExitOutswapGate;
24 | SIZE_T MinimumWorkingSetSize;
25 | SIZE_T WorkingSetLeafSize;
26 | SIZE_T WorkingSetLeafPrivateSize;
27 | SIZE_T WorkingSetSize;
28 | SIZE_T WorkingSetPrivateSize;
29 | SIZE_T MaximumWorkingSetSize;
30 | SIZE_T PeakWorkingSetSize;
31 | UINT32 HardFaultCount;
32 | #ifdef _WIN64
33 | UINT16 PartitionId;
34 | UINT16 Pad0;
35 | #endif
36 | union // _TAG_UNNAMED_21
37 | {
38 | VOID* InstancedWorkingSet;
39 | } u1;
40 | SIZE_T Reserved0;
41 | struct _MMSUPPORT_FLAGS Flags;
42 | } MMSUPPORT_INSTANCE, *PMMSUPPORT_INSTANCE; /* size: 0x00c0 */ /* size: 0x0064 */
43 | static_assert(sizeof(MMSUPPORT_INSTANCE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x00c0 : 0x0064));
44 |
45 |
46 | typedef struct _MMSUPPORT_SHARED
47 | {
48 | volatile INT32 WorkingSetLock;
49 | INT32 GoodCitizenWaiting;
50 | SIZE_T ReleasedCommitDebt;
51 | SIZE_T ResetPagesRepurposedCount;
52 | VOID* WsSwapSupport;
53 | VOID* CommitReleaseContext;
54 | VOID* AccessLog;
55 | SIZE_T ChargedWslePages;
56 | SIZE_T ActualWslePages;
57 | VOID* ShadowMapping;
58 | SIZE_T WorkingSetSizeOverhead;
59 | } MMSUPPORT_SHARED, *PMMSUPPORT_SHARED; /* size: 0x0050 */ /* size: 0x002c */
60 | static_assert(sizeof(MMSUPPORT_SHARED) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0050 : 0x002c));
61 |
62 |
63 | typedef struct _MMSUPPORT_FULL
64 | {
65 | struct _MMSUPPORT_INSTANCE Instance;
66 | struct _MMSUPPORT_SHARED Shared;
67 | } MMSUPPORT_FULL, *PMMSUPPORT_FULL; /* size: 0x0110 */ /* size: 0x0090 */
68 | static_assert(sizeof(MMSUPPORT_FULL) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0110 : 0x0090));
69 |
70 |
71 | }
72 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Mm/build_15063.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.15063.1418\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_15063
11 | {
12 |
13 | typedef struct _MMSUPPORT_INSTANCE
14 | {
15 | UINT16 NextPageColor;
16 | UINT16 LastTrimStamp;
17 | UINT32 PageFaultCount;
18 | SIZE_T TrimmedPageCount;
19 | struct _MMWSL_INSTANCE* VmWorkingSetList;
20 | struct _LIST_ENTRY WorkingSetExpansionLinks;
21 | SIZE_T AgeDistribution[8];
22 | struct _KGATE* ExitOutswapGate;
23 | SIZE_T MinimumWorkingSetSize;
24 | SIZE_T WorkingSetLeafSize;
25 | SIZE_T WorkingSetLeafPrivateSize;
26 | SIZE_T WorkingSetSize;
27 | SIZE_T WorkingSetPrivateSize;
28 | SIZE_T MaximumWorkingSetSize;
29 | SIZE_T PeakWorkingSetSize;
30 | UINT32 HardFaultCount;
31 | #ifdef _WIN64
32 | UINT16 PartitionId;
33 | UINT16 Pad0;
34 | #endif
35 | union // _TAG_UNNAMED_21
36 | {
37 | VOID* InstancedWorkingSet;
38 | } u1;
39 | SIZE_T Reserved0;
40 | struct _MMSUPPORT_FLAGS Flags;
41 | } MMSUPPORT_INSTANCE, *PMMSUPPORT_INSTANCE; /* size: 0x00c8 */ /* size: 0x0068 */
42 | static_assert(sizeof(MMSUPPORT_INSTANCE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x00c8 : 0x0068));
43 |
44 |
45 | typedef struct _MMSUPPORT_SHARED
46 | {
47 | volatile INT32 WorkingSetLock;
48 | INT32 GoodCitizenWaiting;
49 | SIZE_T ReleasedCommitDebt;
50 | SIZE_T ResetPagesRepurposedCount;
51 | VOID* WsSwapSupport;
52 | VOID* CommitReleaseContext;
53 | VOID* AccessLog;
54 | SIZE_T ChargedWslePages;
55 | SIZE_T ActualWslePages;
56 | VOID* ShadowMapping;
57 | } MMSUPPORT_SHARED, *PMMSUPPORT_SHARED; /* size: 0x0048 */ /* size: 0x0028 */
58 | static_assert(sizeof(MMSUPPORT_SHARED) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0048 : 0x0028));
59 |
60 |
61 | typedef struct _MMSUPPORT_FULL
62 | {
63 | struct _MMSUPPORT_INSTANCE Instance;
64 | struct _MMSUPPORT_SHARED Shared;
65 | } MMSUPPORT_FULL, *PMMSUPPORT_FULL; /* size: 0x0110 */ /* size: 0x0090 */
66 | static_assert(sizeof(MMSUPPORT_FULL) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0110 : 0x0090));
67 |
68 |
69 |
70 | }
71 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Mm/build_16299.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.16299.755\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_16299
11 | {
12 |
13 | SameDefine$(build_15063, MMSUPPORT_INSTANCE);
14 | SameDefine$(build_15063, MMSUPPORT_SHARED);
15 | SameDefine$(build_15063, MMSUPPORT_FULL);
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Mm/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17134.376\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_17134
11 | {
12 |
13 | typedef struct _MMSUPPORT_INSTANCE
14 | {
15 | UINT32 NextPageColor;
16 | UINT32 PageFaultCount;
17 | SIZE_T TrimmedPageCount;
18 | struct _MMWSL_INSTANCE* VmWorkingSetList;
19 | struct _LIST_ENTRY WorkingSetExpansionLinks;
20 | SIZE_T AgeDistribution[8];
21 | struct _KGATE* ExitOutswapGate;
22 | SIZE_T MinimumWorkingSetSize;
23 | SIZE_T WorkingSetLeafSize;
24 | SIZE_T WorkingSetLeafPrivateSize;
25 | SIZE_T WorkingSetSize;
26 | SIZE_T WorkingSetPrivateSize;
27 | SIZE_T MaximumWorkingSetSize;
28 | SIZE_T PeakWorkingSetSize;
29 | UINT32 HardFaultCount;
30 | UINT16 LastTrimStamp;
31 | #ifdef _WIN64
32 | UINT16 PartitionId;
33 | UINT64 SelfmapLock;
34 | #else
35 | UINT16 Unused0;
36 | #endif
37 | struct _MMSUPPORT_FLAGS Flags;
38 | } MMSUPPORT_INSTANCE, *PMMSUPPORT_INSTANCE; /* size: 0x00c0 */ /* size: 0x0064 */
39 | static_assert(sizeof(MMSUPPORT_INSTANCE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x00c0 : 0x0064));
40 |
41 |
42 | typedef struct _MMSUPPORT_SHARED
43 | {
44 | volatile INT32 WorkingSetLock;
45 | INT32 GoodCitizenWaiting;
46 | SIZE_T ReleasedCommitDebt;
47 | SIZE_T ResetPagesRepurposedCount;
48 | VOID* WsSwapSupport;
49 | VOID* CommitReleaseContext;
50 | volatile INT32 WorkingSetCoreLock;
51 | VOID* AccessLog;
52 | volatile SIZE_T ChargedWslePages;
53 | SIZE_T ActualWslePages;
54 | VOID* ShadowMapping;
55 | } MMSUPPORT_SHARED, *PMMSUPPORT_SHARED; /* size: 0x0050 */ /* size: 0x002c */
56 | static_assert(sizeof(MMSUPPORT_SHARED) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0050 : 0x002c));
57 |
58 |
59 | typedef struct _MMSUPPORT_FULL
60 | {
61 | struct _MMSUPPORT_INSTANCE Instance;
62 | struct _MMSUPPORT_SHARED Shared;
63 | } MMSUPPORT_FULL, *PMMSUPPORT_FULL; /* size: 0x0110 */ /* size: 0x0090 */
64 | static_assert(sizeof(MMSUPPORT_FULL) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0110 : 0x0090));
65 |
66 |
67 | }
68 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Mm/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17763.55\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_17763
11 | {
12 |
13 | SameDefine$(build_17134, MMSUPPORT_INSTANCE);
14 | SameDefine$(build_17134, MMSUPPORT_SHARED);
15 | SameDefine$(build_17134, MMSUPPORT_FULL);
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Mm/build_7600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7600.17795\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_7600
11 | {
12 |
13 | typedef struct _MMADDRESS_NODE
14 | {
15 | union
16 | {
17 | union
18 | {
19 | SIZE_T Balance : 2; /* bit position: 0 */
20 | struct _MMADDRESS_NODE* Parent;
21 | };
22 | } u1;
23 | struct _MMADDRESS_NODE* LeftChild;
24 | struct _MMADDRESS_NODE* RightChild;
25 | SIZE_T StartingVpn;
26 | SIZE_T EndingVpn;
27 | } MMADDRESS_NODE, *PMMADDRESS_NODE; /* size: 0x0028 */ /* size: 0x0014 */
28 | static_assert(sizeof(MMADDRESS_NODE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0028 : 0x0014));
29 |
30 |
31 | typedef struct _MM_AVL_TABLE
32 | {
33 | struct _MMADDRESS_NODE BalancedRoot;
34 | struct /* bitfield */
35 | {
36 | SIZE_T DepthOfTree : 5; /* bit position: 0 */
37 | SIZE_T Unused : 3; /* bit position: 5 */
38 | SIZE_T NumberGenericTableElements : (sizeof(SIZE_T) * 8) - 8; /* bit position: 8 */
39 | }; /* bitfield */
40 | VOID* NodeHint;
41 | VOID* NodeFreeHint;
42 | } MM_AVL_TABLE, *PMM_AVL_TABLE; /* size: 0x0040 */ /* size: 0x0020 */
43 | static_assert(sizeof(MM_AVL_TABLE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0040 : 0x0020));
44 |
45 |
46 | typedef struct _MMSUPPORT
47 | {
48 | struct _EX_PUSH_LOCK WorkingSetMutex;
49 | struct _KGATE* ExitGate;
50 | VOID* AccessLog;
51 | struct _LIST_ENTRY WorkingSetExpansionLinks;
52 | UINT32 AgeDistribution[7];
53 | UINT32 MinimumWorkingSetSize;
54 | UINT32 WorkingSetSize;
55 | UINT32 WorkingSetPrivateSize;
56 | UINT32 MaximumWorkingSetSize;
57 | UINT32 ChargedWslePages;
58 | UINT32 ActualWslePages;
59 | UINT32 WorkingSetSizeOverhead;
60 | UINT32 PeakWorkingSetSize;
61 | UINT32 HardFaultCount;
62 | struct _MMWSL* VmWorkingSetList;
63 | UINT16 NextPageColor;
64 | UINT16 LastTrimStamp;
65 | UINT32 PageFaultCount;
66 | UINT32 RepurposeCount;
67 | UINT32 Spare[sizeof(SIZE_T) / sizeof(UINT32)];
68 | struct _MMSUPPORT_FLAGS Flags;
69 | } MMSUPPORT, *PMMSUPPORT; /* size: 0x0088 */ /* size: 0x006c */
70 | static_assert(sizeof(MMSUPPORT) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0088 : 0x006c));
71 |
72 | }
73 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Mm/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7601.24260\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_7601
11 | {
12 |
13 | SameDefine$(build_7600, MMADDRESS_NODE);
14 | SameDefine$(build_7600, MM_AVL_TABLE);
15 | SameDefine$(build_7600, MMSUPPORT);
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Mm/build_9200.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.2.9200.17581\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_9200
11 | {
12 |
13 | typedef struct _MM_AVL_NODE
14 | {
15 | union // _TAG_UNNAMED_65
16 | {
17 | union
18 | {
19 | SSIZE_T Balance : 2; /* bit position: 0 */
20 | struct _MM_AVL_NODE* Parent;
21 | };
22 | } u1;
23 | struct _MM_AVL_NODE* LeftChild;
24 | struct _MM_AVL_NODE* RightChild;
25 | } MM_AVL_NODE, *PMM_AVL_NODE; /* size: 0x0018 */ /* size: 0x000c */
26 | static_assert(sizeof(MM_AVL_NODE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0018 : 0x000c));
27 |
28 |
29 | typedef struct _MM_AVL_TABLE
30 | {
31 | struct _MM_AVL_NODE BalancedRoot;
32 | struct /* bitfield */
33 | {
34 | SIZE_T DepthOfTree : 5; /* bit position: 0 */
35 | SIZE_T TableType : 3; /* bit position: 5 */
36 | SIZE_T NumberGenericTableElements : sizeof(SIZE_T) * 8 - 8; /* bit position: 8 */
37 | }; /* bitfield */
38 | VOID* NodeHint;
39 | VOID* NodeFreeHint;
40 | } MM_AVL_TABLE, *PMM_AVL_TABLE; /* size: 0x0030 */ /* size: 0x0018 */
41 | static_assert(sizeof(MM_AVL_TABLE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0030 : 0x0018));
42 |
43 |
44 | typedef struct _MMSUPPORT
45 | {
46 | struct _EX_PUSH_LOCK WorkingSetMutex;
47 | struct _KGATE* ExitGate;
48 | VOID* AccessLog;
49 | struct _LIST_ENTRY WorkingSetExpansionLinks;
50 | UINT32 AgeDistribution[7];
51 | UINT32 MinimumWorkingSetSize;
52 | UINT32 WorkingSetSize;
53 | UINT32 WorkingSetPrivateSize;
54 | UINT32 MaximumWorkingSetSize;
55 | UINT32 ChargedWslePages;
56 | UINT32 ActualWslePages;
57 | UINT32 WorkingSetSizeOverhead;
58 | UINT32 PeakWorkingSetSize;
59 | UINT32 HardFaultCount;
60 | struct _MMWSL* VmWorkingSetList;
61 | UINT16 NextPageColor;
62 | UINT16 LastTrimStamp;
63 | UINT32 PageFaultCount;
64 | UINT32 TrimmedPageCount;
65 | #ifdef _WIN64
66 | UINT32 Spare;
67 | #endif
68 | UINT32 ForceTrimPages;
69 | struct _MMSUPPORT_FLAGS Flags;
70 | VOID* WsSwapSupport;
71 | } MMSUPPORT, *PMMSUPPORT; /* size: 0x0090 */ /* size: 0x0070 */
72 | static_assert(sizeof(MMSUPPORT) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0090 : 0x0070));
73 |
74 |
75 | }
76 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Mm/build_9600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.3.9600.19038\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_9600
11 | {
12 |
13 |
14 | typedef struct _MMSUPPORT
15 | {
16 | struct _KGATE* ExitGate;
17 | VOID* AccessLog;
18 | struct _EX_PUSH_LOCK WorkingSetMutex;
19 | struct _LIST_ENTRY WorkingSetExpansionLinks;
20 | SIZE_T AgeDistribution[7];
21 | SIZE_T MinimumWorkingSetSize;
22 | SIZE_T WorkingSetLeafSize;
23 | SIZE_T WorkingSetLeafPrivateSize;
24 | SIZE_T WorkingSetSize;
25 | SIZE_T WorkingSetPrivateSize;
26 | SIZE_T MaximumWorkingSetSize;
27 | SIZE_T ChargedWslePages;
28 | SIZE_T ActualWslePages;
29 | SIZE_T WorkingSetSizeOverhead;
30 | SIZE_T PeakWorkingSetSize;
31 | UINT32 HardFaultCount;
32 | struct _MMWSL* VmWorkingSetList;
33 | UINT16 NextPageColor;
34 | UINT16 LastTrimStamp;
35 | UINT32 PageFaultCount;
36 | SIZE_T TrimmedPageCount;
37 | SIZE_T ForceTrimPages;
38 | struct _MMSUPPORT_FLAGS Flags;
39 | VOID* WsSwapSupport;
40 | VOID* ShadowMapping;
41 | } MMSUPPORT, *PMMSUPPORT; /* size: 0x00f0 */ /* size: 0x007c */
42 | static_assert(sizeof(MMSUPPORT) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x00f0 : 0x007c));
43 |
44 | }
45 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/MmStruct.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | namespace wdk
5 | {
6 |
7 | #pragma region PTE
8 | typedef struct _HARDWARE_PTE
9 | {
10 | enum : UINT64 { HARDWARE_PTE_WORKING_SET_BITS = 11 };
11 |
12 | UINT64 Valid : 1;
13 | UINT64 Write : 1; // UP version
14 | UINT64 Owner : 1;
15 | UINT64 WriteThrough : 1;
16 | UINT64 CacheDisable : 1;
17 | UINT64 Accessed : 1;
18 | UINT64 Dirty : 1;
19 | UINT64 LargePage : 1;
20 | UINT64 Global : 1;
21 | UINT64 CopyOnWrite : 1; // software field
22 | UINT64 Prototype : 1; // software field
23 | UINT64 reserved0 : 1; // software field
24 | UINT64 PageFrameNumber : 36;
25 | UINT64 reserved1 : 4;
26 | UINT64 SoftwareWsIndex : HARDWARE_PTE_WORKING_SET_BITS;
27 | UINT64 NoExecute : 1;
28 | } HARDWARE_PTE, *PHARDWARE_PTE;
29 | static_assert(sizeof(HARDWARE_PTE) == 8, "sizeof(HARDWARE_PTE) != 8");
30 | #pragma endregion
31 |
32 |
33 | #pragma region Page
34 | enum PageAccessMask : ACCESS_MASK
35 | {
36 | PageNoAccess = 0x00000001,
37 | PageReadOnly = 0x00000002,
38 | PageReadWrite = 0x00000004,
39 | PageWriteCopy = 0x00000008,
40 |
41 | PageExecute = 0x00000010,
42 | PageExecuteRead = 0x00000020,
43 | PageExecuteReadWrite = 0x00000040,
44 | PageExecuteWriteCopy = 0x00000080,
45 |
46 | PageGuard = 0x00000100,
47 | PageNoCache = 0x00000200,
48 | PageWriteCombine = 0x00000400,
49 |
50 | PageEnclaveDecommit = 0x10000000,
51 | PageEnclaveUnvalidated = 0x20000000,
52 | PageTargetsNoUpdate = 0x40000000,
53 | PageTargetsInvalid = 0x40000000,
54 | PageEnclaveThreadControl = 0x80000000,
55 | PageRevertToFileMap = 0x80000000,
56 | };
57 |
58 |
59 | enum SecType : UINT32
60 | {
61 | SecFile = 0x00800000,
62 | SecImage = 0x01000000,
63 | SecProtectedImage = 0x02000000,
64 | SecReserve = 0x04000000,
65 | SecCommit = 0x08000000,
66 | SecNoCache = 0x10000000,
67 | SecWriteCombine = 0x40000000,
68 | SecLargePages = 0x80000000,
69 | SecImageNoExecute = (SecImage | SecNoCache),
70 | };
71 |
72 |
73 | enum MemType : UINT32
74 | {
75 | MemCommit = 0x00001000,
76 | MemReserve = 0x00002000,
77 | MemDecommit = 0x00004000,
78 | MemRelease = 0x00008000,
79 |
80 | MemFree = 0x00010000,
81 | MemPrivate = 0x00020000,
82 | MemMapped = 0x00040000,
83 | MemReset = 0x00080000,
84 |
85 | MemTopDown = 0x00100000,
86 | MemWriteWatch = 0x00200000,
87 | MemPhysical = 0x00400000,
88 | MemRotate = 0x00800000,
89 | MemDifferentImageBaseOk = 0x00800000,
90 |
91 | MemResetUndo = 0x01000000,
92 |
93 | MemLargePages = 0x20000000,
94 | Mem4MBPages = 0x80000000,
95 | Mem64KPages = (MemLargePages | MemPhysical),
96 |
97 | MemImage = SecImage,
98 | };
99 |
100 |
101 | __declspec(selectany) ULONG MmProtectToValue[32] =
102 | {
103 | PAGE_NOACCESS,
104 | PAGE_READONLY,
105 | PAGE_EXECUTE,
106 | PAGE_EXECUTE_READ,
107 | PAGE_READWRITE,
108 | PAGE_WRITECOPY,
109 | PAGE_EXECUTE_READWRITE,
110 | PAGE_EXECUTE_WRITECOPY,
111 | PAGE_NOACCESS,
112 | PAGE_NOCACHE | PAGE_READONLY,
113 | PAGE_NOCACHE | PAGE_EXECUTE,
114 | PAGE_NOCACHE | PAGE_EXECUTE_READ,
115 | PAGE_NOCACHE | PAGE_READWRITE,
116 | PAGE_NOCACHE | PAGE_WRITECOPY,
117 | PAGE_NOCACHE | PAGE_EXECUTE_READWRITE,
118 | PAGE_NOCACHE | PAGE_EXECUTE_WRITECOPY,
119 | PAGE_NOACCESS,
120 | PAGE_GUARD | PAGE_READONLY,
121 | PAGE_GUARD | PAGE_EXECUTE,
122 | PAGE_GUARD | PAGE_EXECUTE_READ,
123 | PAGE_GUARD | PAGE_READWRITE,
124 | PAGE_GUARD | PAGE_WRITECOPY,
125 | PAGE_GUARD | PAGE_EXECUTE_READWRITE,
126 | PAGE_GUARD | PAGE_EXECUTE_WRITECOPY,
127 | PAGE_NOACCESS,
128 | PAGE_WRITECOMBINE | PAGE_READONLY,
129 | PAGE_WRITECOMBINE | PAGE_EXECUTE,
130 | PAGE_WRITECOMBINE | PAGE_EXECUTE_READ,
131 | PAGE_WRITECOMBINE | PAGE_READWRITE,
132 | PAGE_WRITECOMBINE | PAGE_WRITECOPY,
133 | PAGE_WRITECOMBINE | PAGE_EXECUTE_READWRITE,
134 | PAGE_WRITECOMBINE | PAGE_EXECUTE_WRITECOPY
135 | };
136 | #pragma endregion
137 |
138 |
139 | #pragma region Mm Flags
140 | typedef struct _MMSUPPORT_FLAGS
141 | {
142 | union
143 | {
144 | struct
145 | {
146 | struct
147 | {
148 | UINT8 WorkingSetType : 3; /* bit position: 0 */
149 | UINT8 Reserved0 : 3; /* bit position: 3 */
150 | UINT8 MaximumWorkingSetHard : 1; /* bit position: 6 */
151 | UINT8 MinimumWorkingSetHard : 1; /* bit position: 7 */
152 | };
153 | struct
154 | {
155 | UINT8 SessionMaster : 1; /* bit position: 0 */
156 | UINT8 TrimmerState : 2; /* bit position: 1 */
157 | UINT8 Reserved : 1; /* bit position: 3 */
158 | UINT8 PageStealers : 4; /* bit position: 4 */
159 | };
160 | }; /* size: 0x0002 */
161 | UINT16 u1;
162 | }; /* size: 0x0002 */
163 | UINT8 MemoryPriority;
164 | union
165 | {
166 | struct
167 | {
168 | UINT8 WsleDeleted : 1; /* bit position: 0 */
169 | UINT8 SvmEnabled : 1; /* bit position: 1 */
170 | UINT8 ForceAge : 1; /* bit position: 2 */
171 | UINT8 ForceTrim : 1; /* bit position: 3 */
172 | UINT8 NewMaximum : 1; /* bit position: 4 */
173 | UINT8 CommitReleaseState : 2; /* bit position: 5 */
174 | };
175 | UINT8 u2;
176 | }; /* size: 0x0001 */
177 | } MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS; /* size: 0x0004 */
178 | static_assert(sizeof(MMSUPPORT_FLAGS) == 0x0004);
179 | #pragma endregion
180 |
181 |
182 |
183 | }
184 |
185 | #include "Mm\build_7600.inl"
186 | #include "Mm\build_7601.inl"
187 | #include "Mm\build_9200.inl"
188 | #include "Mm\build_9600.inl"
189 | #include "Mm\build_10240.inl"
190 | #include "Mm\build_10586.inl"
191 | #include "Mm\build_14393.inl"
192 | #include "Mm\build_15063.inl"
193 | #include "Mm\build_16299.inl"
194 | #include "Mm\build_17134.inl"
195 | #include "Mm\build_17763.inl"
196 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Native.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /* native type */
5 |
6 | using INT8 = signed __int8;
7 | using INT16 = signed __int16;
8 | using INT32 = signed __int32;
9 | using INT64 = signed __int64;
10 |
11 | using UINT8 = unsigned __int8;
12 | using UINT16 = unsigned __int16;
13 | using UINT32 = unsigned __int32;
14 | using UINT64 = unsigned __int64;
15 |
16 | using CHAR = char;
17 | using SHORT = short;
18 | using LONG = long;
19 | using LONGLONG = INT64;
20 | using LONG64 = INT64;
21 |
22 | using UCHAR = unsigned char;
23 | using USHORT = unsigned short;
24 | using ULONG = unsigned long;
25 | using ULONGLONG = UINT64;
26 | using ULONG64 = UINT64;
27 |
28 | using BYTE = UCHAR;
29 | using WORD = USHORT;
30 | using DWORD = ULONG;
31 | using QWORD = UINT64;
32 |
33 | using PVOID32 = void * __ptr32;
34 | using PVOID64 = void * __ptr64;
35 | using HANDLE32 = PVOID32;
36 | using HANDLE64 = PVOID64;
37 |
38 | #ifdef _WIN64
39 | using INT_PTR = INT64;
40 | using LONG_PTR = INT64;
41 | using SSIZE_T = INT64;
42 |
43 | using UINT_PTR = UINT64;
44 | using ULONG_PTR = UINT64;
45 | using SIZE_T = UINT64;
46 | #else
47 | using INT_PTR = INT32;
48 | using LONG_PTR = LONG;
49 | using SSIZE_T = LONG_PTR;
50 |
51 | using UINT_PTR = UINT32;
52 | using ULONG_PTR = ULONG;
53 | using SIZE_T = ULONG_PTR;
54 | #endif
55 |
56 |
57 | #ifndef SameDefine$
58 | #define SameDefine$(ns, type) \
59 | using ns::_##type; \
60 | using ns::type; \
61 | using ns::P##type
62 | #endif
63 |
64 |
65 | namespace wdk
66 | {
67 |
68 | enum StandardAccessMask : ACCESS_MASK
69 | {
70 | Delete = 0x00010000,
71 | ReadControl = 0x00020000,
72 | WriteDac = 0x00040000,
73 | WriteOwner = 0x00080000,
74 | Synchronize = 0x00100000,
75 |
76 | StandardRightsRequired = 0x000F0000,
77 | StandardRightsRead = ReadControl,
78 | StandardRightsWrite = ReadControl,
79 | StandardRightsExecute = ReadControl,
80 |
81 | StandardRightsAll = 0x001F0000,
82 | SpecificRightsAll = 0x0000FFFF,
83 |
84 | AccessSystemSecurity = 0x01000000,
85 | MaximumAllowed = 0x02000000,
86 | };
87 |
88 |
89 | enum GenericAccessMask : ACCESS_MASK
90 | {
91 | GenericRead = 0x80000000,
92 | GenericWrite = 0x40000000,
93 | GenericExecute = 0x20000000,
94 | GenericAll = 0x10000000,
95 | };
96 |
97 |
98 | template
99 | struct CLIENT_ID_T
100 | {
101 | T UniqueProcess;
102 | T UniqueThread;
103 | };
104 | using CLIENT_ID32 = CLIENT_ID_T;
105 | using CLIENT_ID64 = CLIENT_ID_T;
106 |
107 |
108 | template
109 | struct LIST_ENTRY_T
110 | {
111 | T Flink;
112 | T Blink;
113 | };
114 |
115 |
116 | template
117 | struct T_STRING
118 | {
119 | USHORT Length;
120 | USHORT MaximumLength;
121 |
122 | T Buffer;
123 | };
124 |
125 | }
126 |
127 |
128 | namespace wdk
129 | {
130 |
131 | template
132 | FORCEINLINE auto InitializeListHead(
133 | _Out_ LIST_ENTRY_T * ListHead)
134 | -> VOID
135 |
136 | {
137 | ListHead->Flink = ListHead->Blink = ListHead;
138 | }
139 |
140 |
141 | template
142 | FORCEINLINE auto IsListEmpty(
143 | _In_ const LIST_ENTRY_T * ListHead)
144 | -> BOOLEAN
145 | {
146 | return (BOOLEAN)(ListHead->Flink == ListHead);
147 | }
148 |
149 |
150 | template
151 | FORCEINLINE auto RemoveEntryList(
152 | _In_ LIST_ENTRY_T* Entry)
153 | -> BOOLEAN
154 | {
155 | using LIST_TYPE = LIST_ENTRY_T;
156 | using PLIST_TYPE = LIST_TYPE*;
157 |
158 | auto Blink = PLIST_TYPE();
159 | auto Flink = PLIST_TYPE();
160 |
161 | Blink = (PLIST_TYPE)Entry->Blink;
162 | Flink = (PLIST_TYPE)Entry->Flink;
163 |
164 | if constexpr (sizeof(T) == sizeof(PVOID32))
165 | {
166 | Blink->Flink = (PVOID32)(UINT32)(SIZE_T)Flink;
167 | Flink->Blink = (PVOID32)(UINT32)(SIZE_T)Blink;
168 | }
169 | else
170 | {
171 | Blink->Flink = Flink;
172 | Flink->Blink = Blink;
173 | }
174 |
175 | return (BOOLEAN)(Flink == Blink);
176 | }
177 |
178 |
179 | template
180 | FORCEINLINE auto RemoveHeadList(
181 | _Inout_ LIST_ENTRY_T* ListHead)
182 | -> LIST_ENTRY_T*
183 | {
184 | using LIST_TYPE = LIST_ENTRY_T;
185 | using PLIST_TYPE = LIST_TYPE * ;
186 |
187 | auto Flink = PLIST_TYPE();
188 | auto Entry = PLIST_TYPE();
189 |
190 | Entry = (PLIST_TYPE)ListHead->Flink;
191 | Flink = (PLIST_TYPE)Entry->Flink;
192 |
193 | if constexpr (sizeof(T) == sizeof(PVOID32))
194 | {
195 | ListHead->Flink = (PVOID32)(UINT32)(SIZE_T)Flink;
196 | Flink->Blink = (PVOID32)(UINT32)(SIZE_T)ListHead;
197 | }
198 | else
199 | {
200 | ListHead->Flink = Flink;
201 | Flink->Blink = ListHead;
202 | }
203 |
204 | return Entry;
205 | }
206 |
207 |
208 | template
209 | FORCEINLINE auto RemoveTailList(
210 | _Inout_ LIST_ENTRY_T* ListHead)
211 | -> LIST_ENTRY_T*
212 | {
213 | using LIST_TYPE = LIST_ENTRY_T;
214 | using PLIST_TYPE = LIST_TYPE * ;
215 |
216 | auto Blink = PLIST_TYPE();
217 | auto Entry = PLIST_TYPE();
218 |
219 | Entry = (PLIST_TYPE)ListHead->Blink;
220 | Blink = (PLIST_TYPE)Entry->Blink;
221 |
222 | if constexpr (sizeof(T) == sizeof(PVOID32))
223 | {
224 | ListHead->Blink = (PVOID32)(UINT32)(SIZE_T)Blink;
225 | Blink->Flink = (PVOID32)(UINT32)(SIZE_T)ListHead;
226 | }
227 | else
228 | {
229 | ListHead->Blink = Blink;
230 | Blink->Flink = ListHead;
231 | }
232 | }
233 |
234 |
235 | template
236 | FORCEINLINE auto InsertTailList(
237 | _Inout_ LIST_ENTRY_T* ListHead,
238 | _Inout_ __drv_aliasesMem LIST_ENTRY_T* Entry)
239 | -> VOID
240 | {
241 | using LIST_TYPE = LIST_ENTRY_T;
242 | using PLIST_TYPE = LIST_TYPE * ;
243 |
244 | auto Blink = PLIST_TYPE();
245 |
246 | Blink = (PLIST_TYPE)ListHead->Blink;
247 |
248 | if constexpr (sizeof(T) == sizeof(PVOID32))
249 | {
250 | Entry->Flink = (PVOID32)(UINT32)(SIZE_T)ListHead;
251 | Entry->Blink = (PVOID32)(UINT32)(SIZE_T)Blink;
252 | Blink->Flink = (PVOID32)(UINT32)(SIZE_T)Entry;
253 | ListHead->Blink = (PVOID32)(UINT32)(SIZE_T)Entry;
254 | }
255 | else
256 | {
257 | Entry->Flink = ListHead;
258 | Entry->Blink = Blink;
259 | Blink->Flink = Entry;
260 | ListHead->Blink = Entry;
261 | }
262 | }
263 |
264 |
265 | template
266 | FORCEINLINE auto InsertHeadList(
267 | _Inout_ LIST_ENTRY_T* ListHead,
268 | _Inout_ __drv_aliasesMem LIST_ENTRY_T* Entry)
269 | -> VOID
270 | {
271 | using LIST_TYPE = LIST_ENTRY_T;
272 | using PLIST_TYPE = LIST_TYPE * ;
273 |
274 | auto Flink = PLIST_TYPE();
275 |
276 | Flink = (PLIST_TYPE)ListHead->Flink;
277 |
278 | if constexpr (sizeof(T) == sizeof(PVOID32))
279 | {
280 | Entry->Flink = (PVOID32)(UINT32)(SIZE_T)Flink;
281 | Entry->Blink = (PVOID32)(UINT32)(SIZE_T)ListHead;
282 | Flink->Blink = (PVOID32)(UINT32)(SIZE_T)Entry;
283 | ListHead->Flink = (PVOID32)(UINT32)(SIZE_T)Entry;
284 | }
285 | else
286 | {
287 | Entry->Flink = Flink;
288 | Entry->Blink = ListHead;
289 | Flink->Blink = Entry;
290 | ListHead->Flink = Entry;
291 | }
292 | }
293 |
294 |
295 | template
296 | FORCEINLINE auto AppendTailList(
297 | _Inout_ LIST_ENTRY_T* ListHead,
298 | _Inout_ LIST_ENTRY_T* ListToAppend)
299 | -> VOID
300 | {
301 | using LIST_TYPE = LIST_ENTRY_T;
302 | using PLIST_TYPE = LIST_TYPE * ;
303 |
304 | auto ListEnd = PLIST_TYPE();
305 |
306 | ListEnd = (PLIST_TYPE)ListHead->Blink;
307 |
308 | if constexpr (sizeof(T) == sizeof(PVOID32))
309 | {
310 | ListHead->Blink->Flink = (PVOID32)(UINT32)(SIZE_T)ListToAppend;
311 | ListHead->Blink = (PVOID32)(UINT32)(SIZE_T)ListToAppend->Blink;
312 | ListToAppend->Blink->Flink = (PVOID32)(UINT32)(SIZE_T)ListHead;
313 | ListToAppend->Blink = (PVOID32)(UINT32)(SIZE_T)ListEnd;
314 | }
315 | else
316 | {
317 | ListHead->Blink->Flink = ListToAppend;
318 | ListHead->Blink = ListToAppend->Blink;
319 | ListToAppend->Blink->Flink = ListHead;
320 | ListToAppend->Blink = ListEnd;
321 | }
322 | }
323 |
324 | }
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/NetKernel.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "NetStruct.inl"
3 |
4 |
5 | namespace wdk
6 | {
7 | extern"C"
8 | {
9 | inline auto NetInitSystem() -> NTSTATUS
10 | {
11 | return STATUS_SUCCESS;
12 | }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/NetStruct.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | namespace wdk
5 | {
6 |
7 |
8 | enum class NetworkAdapterCharacteristics : UINT32
9 | {
10 | NCF_VIRTUAL = 0x00000001,
11 | NCF_SOFTWARE_ENUMERATED = 0x00000002,
12 | NCF_PHYSICAL = 0x00000004,
13 | NCF_HIDDEN = 0x00000008,
14 | NCF_NO_SERVICE = 0x00000010,
15 | NCF_NOT_USER_REMOVABLE = 0x00000020,
16 | NCF_MULTIPORT_INSTANCED_ADAPTER = 0x00000040,
17 | NCF_HAS_UI = 0x00000080,
18 | NCF_SINGLE_INSTANCE = 0x00000100,
19 | NCF_FILTER = 0x00000400,
20 | NCF_DONTEXPOSELOWER = 0x00001000,
21 | NCF_HIDE_BINDING = 0x00002000,
22 | NCF_NDIS_PROTOCOL = 0x00004000,
23 | NCF_FIXED_BINDING = 0x00020000,
24 | NCF_LW_FILTER = 0x00040000
25 | };
26 |
27 |
28 | enum class AddressFamily : UINT16
29 | {
30 | Unspecified = 0, // Unspecified address family
31 | Unix = 1, // Unix local to host address
32 | InterNetwork = 2, // Address for IP version 4
33 | ImpLink = 3, // ARPANET IMP address
34 | Pup = 4, // Address for PUP protocols
35 | Chaos = 5, // Address for MIT CHAOS protocols
36 | Ipx = 6, // IPX or SPX address
37 | XeroxNS = 6, // Address for Xerox NS protocols
38 | Iso = 7, // Address for ISO protocols
39 | Osi = 7, // Address for OSI protocols
40 | Ecma = 8, // European Computer Manufacturers Association (ECMA) address
41 | DataKit = 9, // Address for Datakit protocols
42 | Ccitt = 10, // Addresses for CCITT protocols, such as X.25.
43 | Sna = 11, // IBM SNA address
44 | DecNet = 12, // DECnet address
45 | DataLink = 13, // Direct data-link interface address
46 | Lat = 14, // LAT address
47 | HyperChannel = 15, // NSC Hyperchannel address
48 | Appletalk = 16, // AppleTalk address
49 | NetBios = 17, // NetBios address
50 | VoiceView = 18, // VoiceView address
51 | FireFox = 19, // FireFox address
52 | Banyan = 21, // Banyan address
53 | Atm = 22, // Native ATM services address
54 | InterNetworkV6 = 23, // Address for IP version 6
55 | Cluster = 24, // Address for Microsoft cluster products
56 | Ieee12844 = 25, // IEEE 1284.4 workgroup address
57 | InfraredData = 26, // IrDA address
58 | NetworkDesigners= 28, // Address for Network Designers OSI gateway-enabled protocols
59 | Bluetooth = 32, // Bluetooth address
60 |
61 | Max = 35
62 | };
63 |
64 | }
65 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ob/build_10240.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ob/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ob/build_14393.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ob/build_15063.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ob/build_16299.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ob/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ob/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ob/build_7600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ob/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ob/build_9200.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ob/build_9600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/ObKernel.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "ObStruct.inl"
3 | #include "RtlKernel.inl"
4 |
5 |
6 | namespace wdk
7 | {
8 |
9 | extern"C"
10 | {
11 |
12 | NTSTATUS NTAPI
13 | ObCreateObjectType(
14 | _In_ PUNICODE_STRING aTypeName,
15 | _In_ POBJECT_TYPE_INITIALIZER aObjectTypeInitializer,
16 | _In_opt_ PSECURITY_DESCRIPTOR aSecurityDescriptor,
17 | _Out_ POBJECT_TYPE * aObjectType
18 | );
19 |
20 | NTSTATUS NTAPI
21 | ObCreateObject(
22 | _In_ KPROCESSOR_MODE ProbeMode,
23 | _In_ POBJECT_TYPE ObjectType,
24 | _In_ POBJECT_ATTRIBUTES ObjectAttributes,
25 | _In_ KPROCESSOR_MODE OwnershipMode,
26 | _Inout_opt_ PVOID ParseContext,
27 | _In_ ULONG ObjectBodySize,
28 | _In_ ULONG PagedPoolCharge,
29 | _In_ ULONG NonPagedPoolCharge,
30 | _Out_ PVOID * Object
31 | );
32 |
33 | NTSTATUS NTAPI
34 | ObInsertObject(
35 | _In_ PVOID Object,
36 | _In_opt_ PACCESS_STATE PassedAccessState,
37 | _In_opt_ ACCESS_MASK DesiredAccess,
38 | _In_ ULONG ObjectPointerBias,
39 | _Out_opt_ PVOID * NewObject,
40 | _Out_opt_ PHANDLE Handle
41 | );
42 |
43 | NTSTATUS NTAPI
44 | ObOpenObjectByName(
45 | _In_ POBJECT_ATTRIBUTES ObjectAttributes,
46 | _In_opt_ POBJECT_TYPE ObjectType,
47 | _In_ KPROCESSOR_MODE AccessMode,
48 | _Inout_opt_ PACCESS_STATE AccessState,
49 | _In_opt_ ACCESS_MASK DesiredAccess,
50 | _Inout_opt_ PVOID ParseContext,
51 | _Out_ PHANDLE Handle
52 | );
53 |
54 | NTSTATUS NTAPI
55 | ObOpenObjectByPointer(
56 | _In_ PVOID aObject,
57 | _In_ ULONG aHandleAttributes,
58 | _In_opt_ PACCESS_STATE aPassedAccessState,
59 | _In_ ACCESS_MASK aDesiredAccess,
60 | _In_opt_ POBJECT_TYPE aObjectType,
61 | _In_ KPROCESSOR_MODE aAccessMode,
62 | _Out_ PHANDLE aHandle
63 | );
64 |
65 | NTSTATUS NTAPI
66 | ObOpenObjectByPointerWithTag(
67 | _In_ PVOID aObject,
68 | _In_ ULONG aHandleAttributes,
69 | _In_opt_ PACCESS_STATE aPassedAccessState,
70 | _In_ ACCESS_MASK aDesiredAccess,
71 | _In_opt_ POBJECT_TYPE aObjectType,
72 | _In_ KPROCESSOR_MODE aAccessMode,
73 | _In_ ULONG aTag,
74 | _Out_ PHANDLE aHandle
75 | );
76 |
77 | VOID NTAPI
78 | ObMakeTemporaryObject(
79 | _In_ PVOID Object
80 | );
81 |
82 | BOOLEAN NTAPI
83 | ObFindHandleForObject(
84 | _In_ PEPROCESS Process,
85 | _In_ PVOID Object,
86 | _In_opt_ POBJECT_TYPE ObjectType,
87 | _In_opt_ POBJECT_HANDLE_INFORMATION MatchCriteria,
88 | _Out_ PHANDLE Handle
89 | );
90 |
91 | // begin win8
92 | BOOLEAN FASTCALL
93 | ObReferenceObjectSafe(
94 | _In_ PVOID Object
95 | );
96 |
97 | // begin win8
98 | BOOLEAN FASTCALL
99 | ObReferenceObjectSafeWithTag(
100 | _In_ PVOID Object,
101 | _In_ ULONG Tag
102 | );
103 |
104 | NTSTATUS NTAPI
105 | ObReferenceObjectByName(
106 | _In_ PUNICODE_STRING ObjectName,
107 | _In_ ULONG Attributes,
108 | _In_opt_ PACCESS_STATE AccessState,
109 | _In_opt_ ACCESS_MASK DesiredAccess,
110 | _In_ POBJECT_TYPE ObjectType,
111 | _In_ KPROCESSOR_MODE AccessMode,
112 | _Inout_opt_ PVOID ParseContext,
113 | _Out_ PVOID *Object
114 | );
115 |
116 | NTSTATUS NTAPI
117 | ObQueryNameString(
118 | _In_ PVOID Object,
119 | _Out_writes_bytes_opt_(Length) POBJECT_NAME_INFORMATION ObjectNameInfo,
120 | _In_ ULONG Length,
121 | _Out_ PULONG ReturnLength
122 | );
123 |
124 | BOOLEAN NTAPI
125 | ObIsKernelHandle(
126 | _In_ HANDLE Handle
127 | );
128 |
129 | struct _OBJECT_HEADER_NAME_INFO* NTAPI
130 | ObQueryNameInfo(
131 | _In_ PVOID Object
132 | );
133 |
134 | POBJECT_TYPE NTAPI
135 | ObGetObjectType(
136 | _In_ PVOID Object
137 | );
138 |
139 | NTSTATUS NTAPI
140 | ObDuplicateObject(
141 | _In_ PEPROCESS SourceProcess,
142 | _In_ HANDLE SourceHandle,
143 | _In_opt_ PEPROCESS TargetProcess,
144 | _Out_opt_ PHANDLE TargetHandle,
145 | _In_ ACCESS_MASK DesiredAccess,
146 | _In_ ULONG HandleAttributes,
147 | _In_ ULONG Options,
148 | _In_ KPROCESSOR_MODE PreviousMode
149 | );
150 | }
151 | }
152 |
153 | namespace wdk
154 | {
155 | extern"C"
156 | {
157 | inline auto ObMakeKernelHandle(HANDLE aHandle) -> HANDLE
158 | {
159 | #ifdef _X86_
160 | #define KERNEL_HANDLE_BIT (0x80000000)
161 | #else
162 | #define KERNEL_HANDLE_BIT (0xffffffff80000000)
163 | #endif
164 |
165 | return ((HANDLE)((ULONG_PTR)(aHandle) | KERNEL_HANDLE_BIT));
166 | }
167 |
168 | __declspec(selectany) UINT8 ObInfoMaskToOffset[UINT8(~UINT8(0u)) + 1u]{};
169 | inline auto ObInitInfoBlockOffsets() -> NTSTATUS
170 | {
171 | auto vVer = GetSystemVersion();
172 | if (vVer == SystemVersion::Unknown)
173 | {
174 | return STATUS_NOT_SUPPORTED;
175 | }
176 |
177 | for (auto vMask = 0u; vMask < _countof(ObInfoMaskToOffset); ++vMask)
178 | {
179 | auto vOffset = UINT8();
180 |
181 | if (vMask & ObInfoMask::ObInfoMaskCreatorInfo)
182 | {
183 | vOffset += sizeof(OBJECT_HEADER_CREATOR_INFO);
184 | }
185 | if (vMask & ObInfoMask::ObInfoMaskNameInfo)
186 | {
187 | vOffset += sizeof(OBJECT_HEADER_NAME_INFO);
188 | }
189 | if (vMask & ObInfoMask::ObInfoMaskHandleInfo)
190 | {
191 | vOffset += sizeof(OBJECT_HEADER_HANDLE_INFO);
192 | }
193 | if (vMask & ObInfoMask::ObInfoMaskQuotaInfo)
194 | {
195 | vOffset += sizeof(OBJECT_HEADER_QUOTA_INFO);
196 | }
197 | if (vMask & ObInfoMask::ObInfoMaskProcessInfo)
198 | {
199 | vOffset += sizeof(OBJECT_HEADER_PROCESS_INFO);
200 | }
201 |
202 | if (vVer >= SystemVersion::Windows8)
203 | {
204 | if (vMask & ObInfoMask::ObInfoMaskAuditInfo)
205 | {
206 | vOffset += sizeof(OBJECT_HEADER_AUDIT_INFO);
207 | }
208 | }
209 |
210 | if (vVer >= SystemVersion::Windows10_1507 && vVer <= SystemVersion::Windows10_1511)
211 | {
212 | if (vMask & ObInfoMask::ObInfoMaskHandleRevocationInfo)
213 | {
214 | vOffset += sizeof(OBJECT_HEADER_HANDLE_REVOCATION_INFO);
215 | }
216 | }
217 |
218 | if (vVer >= SystemVersion::Windows10_1607)
219 | {
220 | if (vMask & ObInfoMask::ObInfoMaskExtendedInfo)
221 | {
222 | vOffset += sizeof(OBJECT_HEADER_EXTENDED_INFO);
223 | }
224 | }
225 |
226 | if (vVer >= SystemVersion::Windows7 && vVer <= SystemVersion::Windows7_SP1)
227 | {
228 | if (vMask & ObInfoMask::ObInfoMaskPaddingInfoWin7x)
229 | {
230 | vOffset += sizeof(OBJECT_HEADER_PADDING_INFO);
231 | }
232 | }
233 |
234 | if (vVer >= SystemVersion::Windows8 && vVer <= SystemVersion::Windows8_1)
235 | {
236 | if (vMask & ObInfoMask::ObInfoMaskPaddingInfoWin8x)
237 | {
238 | vOffset += sizeof(OBJECT_HEADER_PADDING_INFO);
239 | }
240 | }
241 |
242 | if (vVer >= SystemVersion::Windows10_1507)
243 | {
244 | if (vMask & ObInfoMask::ObInfoMaskPaddingInfo)
245 | {
246 | vOffset += sizeof(OBJECT_HEADER_PADDING_INFO);
247 | }
248 | }
249 |
250 | ObInfoMaskToOffset[vMask] = vOffset;
251 | }
252 |
253 | return STATUS_SUCCESS;
254 | }
255 |
256 | inline auto ObGetObjectHeader(PVOID aObject) -> POBJECT_HEADER
257 | {
258 | return CONTAINING_RECORD(aObject, OBJECT_HEADER, Body);
259 | }
260 |
261 | inline auto ObGetObjectHeaderInfo(PVOID aObject, ObInfoMask aMask)
262 | -> PVOID
263 | {
264 | auto vInfo = PVOID{};
265 | auto vHeader = ObGetObjectHeader(aObject);
266 |
267 | if (vHeader->InfoMask & aMask)
268 | {
269 | auto vMaxMask = (aMask | (aMask - 1));
270 | vInfo = (UINT8*)vHeader - ObInfoMaskToOffset[vHeader->InfoMask & vMaxMask];
271 | }
272 | return vInfo;
273 | }
274 |
275 |
276 | __declspec(selectany) POBJECT_TYPE _ObTypeObjectType = nullptr;
277 | __declspec(selectany) POBJECT_TYPE * ObTypeObjectType = &_ObTypeObjectType;
278 |
279 |
280 | inline auto ObInitSystem() -> NTSTATUS
281 | {
282 | auto vStatus = STATUS_SUCCESS;
283 |
284 | for (;;)
285 | {
286 | vStatus = ObInitInfoBlockOffsets();
287 | if (!NT_SUCCESS(vStatus))
288 | {
289 | break;
290 | }
291 |
292 | _ObTypeObjectType = ObGetObjectType(*PsProcessType);
293 | break;
294 | }
295 |
296 | return vStatus;
297 | }
298 | }
299 | }
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ps/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7601.24260\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_7601
11 | {
12 | using build_7600::NumberOfProcessor;
13 |
14 | SameDefine$(build_7600, KAFFINITY_EX);
15 | SameDefine$(build_7600, KPROCESS);
16 | SameDefine$(build_7600, EPROCESS);
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/PsKernel.inl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luciouskami/RemoveFlagTest/6a9d347fbf345be820c3ad9986d5a444c1b56995/RemoveFlagTestKernel/Wdk/PsKernel.inl
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Rtl/build_10240.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10240.17443\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_10240
11 | {
12 |
13 | SameDefine$(build_9600, RTL_BALANCED_NODE);
14 | SameDefine$(build_9600, RTL_RB_TREE);
15 | SameDefine$(build_9600, RTL_AVL_TREE);
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Rtl/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10586.1176\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_10586
11 | {
12 |
13 | SameDefine$(build_10240, RTL_BALANCED_NODE);
14 | SameDefine$(build_10240, RTL_RB_TREE);
15 | SameDefine$(build_10240, RTL_AVL_TREE);
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Rtl/build_14393.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.14393.2214\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_14393
11 | {
12 |
13 | SameDefine$(build_10586, RTL_BALANCED_NODE);
14 | SameDefine$(build_10586, RTL_RB_TREE);
15 | SameDefine$(build_10586, RTL_AVL_TREE);
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Rtl/build_15063.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.15063.1418\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_15063
11 | {
12 |
13 | SameDefine$(build_14393, RTL_BALANCED_NODE);
14 | SameDefine$(build_14393, RTL_AVL_TREE);
15 |
16 |
17 | typedef struct _RTL_RB_TREE
18 | {
19 | struct _RTL_BALANCED_NODE* Root;
20 | union
21 | {
22 | UINT8 Encoded : 1; /* bit position: 0 */
23 | struct _RTL_BALANCED_NODE* Min;
24 | };
25 | } RTL_RB_TREE, *PRTL_RB_TREE; /* size: 0x0010 */ /* size: 0x0008 */
26 | static_assert(sizeof(RTL_RB_TREE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008));
27 |
28 |
29 | }
30 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Rtl/build_16299.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.16299.755\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_16299
11 | {
12 |
13 | SameDefine$(build_15063, RTL_BALANCED_NODE);
14 | SameDefine$(build_15063, RTL_AVL_TREE);
15 | SameDefine$(build_15063, RTL_RB_TREE);
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Rtl/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17134.376\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_17134
11 | {
12 |
13 | SameDefine$(build_16299, RTL_BALANCED_NODE);
14 | SameDefine$(build_16299, RTL_AVL_TREE);
15 | SameDefine$(build_16299, RTL_RB_TREE);
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Rtl/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17763.55\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_17763
11 | {
12 |
13 | SameDefine$(build_17134, RTL_BALANCED_NODE);
14 | SameDefine$(build_17134, RTL_AVL_TREE);
15 | SameDefine$(build_17134, RTL_RB_TREE);
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Rtl/build_7600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Rtl/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Rtl/build_9200.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Rtl/build_9600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.3.9600.19038\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_9600
11 | {
12 |
13 | typedef struct _RTL_BALANCED_NODE
14 | {
15 | union
16 | {
17 | struct _RTL_BALANCED_NODE* Children[2];
18 | struct
19 | {
20 | struct _RTL_BALANCED_NODE* Left;
21 | struct _RTL_BALANCED_NODE* Right;
22 | }; /* size: 0x0010 */ /* size: 0x0008 */
23 | }; /* size: 0x0010 */ /* size: 0x0008 */
24 | union
25 | {
26 | UINT8 Red : 1; /* bit position: 0 */
27 | UINT8 Balance : 2; /* bit position: 0 */
28 | SIZE_T ParentValue;
29 | }; /* size: 0x0008 */ /* size: 0x0004 */
30 | } RTL_BALANCED_NODE, *PRTL_BALANCED_NODE; /* size: 0x0018 */ /* size: 0x000c */
31 | static_assert(sizeof(RTL_BALANCED_NODE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0018 : 0x000c));
32 |
33 |
34 | typedef struct _RTL_RB_TREE
35 | {
36 | struct _RTL_BALANCED_NODE* Root;
37 | struct _RTL_BALANCED_NODE* Min;
38 | } RTL_RB_TREE, *PRTL_RB_TREE; /* size: 0x0010 */ /* size: 0x0008 */
39 |
40 |
41 | typedef struct _RTL_AVL_TREE
42 | {
43 | struct _RTL_BALANCED_NODE* Root;
44 | } RTL_AVL_TREE, *PRTL_AVL_TREE;
45 |
46 |
47 | }
48 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/RtlKernel.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "RtlStruct.inl"
3 |
4 |
5 | namespace wdk
6 | {
7 | extern"C"
8 | {
9 |
10 | PIMAGE_NT_HEADERS NTAPI
11 | RtlImageNtHeader(
12 | _In_ PVOID Base
13 | );
14 |
15 | PVOID NTAPI
16 | RtlImageDirectoryEntryToData(
17 | _In_ PVOID Base,
18 | _In_ BOOLEAN MappedAsImage,
19 | _In_ USHORT DirectoryEntry,
20 | _Out_ PULONG Size
21 | );
22 |
23 | ULONG NTAPI
24 | RtlGetNtGlobalFlags(
25 | VOID
26 | );
27 |
28 | BOOLEAN NTAPI
29 | RtlIsSandboxedToken(
30 | _In_opt_ PSECURITY_SUBJECT_CONTEXT Context,
31 | _In_ KPROCESSOR_MODE PreviousMode
32 | );
33 |
34 | NTSTATUS NTAPI
35 | RtlConvertSidToUnicodeString(
36 | _Inout_ PUNICODE_STRING UnicodeString,
37 | _In_ PSID Sid,
38 | _In_ BOOLEAN AllocateDestinationString
39 | );
40 |
41 | ULONG NTAPI
42 | RtlNtStatusToDosError(
43 | _In_ NTSTATUS Status
44 | );
45 |
46 | ULONG NTAPI
47 | RtlNtStatusToDosErrorNoTeb(
48 | _In_ NTSTATUS Status
49 | );
50 |
51 | }
52 | }
53 |
54 | namespace wdk
55 | {
56 | extern"C"
57 | {
58 |
59 | inline constexpr auto Is64BitSystem() -> bool { return (sizeof(SIZE_T) == sizeof(UINT64)); };
60 | inline constexpr auto Is32BitSystem() -> bool { return !Is64BitSystem(); }
61 |
62 | __declspec(selectany) SystemVersion NtSystemVersion = SystemVersion::Unknown;
63 | inline auto GetSystemVersion()
64 | ->SystemVersion
65 | {
66 | if (SystemVersion::Unknown != NtSystemVersion)
67 | {
68 | return NtSystemVersion;
69 | }
70 |
71 | NTSTATUS vStatus = STATUS_SUCCESS;
72 | RTL_OSVERSIONINFOW vVersion{};
73 |
74 | vStatus = RtlGetVersion(&vVersion);
75 | if (STATUS_SUCCESS != vStatus)
76 | {
77 | return SystemVersion::Unknown;
78 | }
79 |
80 | switch (vVersion.dwBuildNumber)
81 | {
82 | default:
83 | break;
84 | case 2600:
85 | NtSystemVersion = SystemVersion::WindowsXP;
86 | break;
87 | case 3790:
88 | NtSystemVersion = SystemVersion::WindowsXP64;
89 | break;
90 | case 6000:
91 | NtSystemVersion = SystemVersion::WindowsVista;
92 | break;
93 | case 6001:
94 | NtSystemVersion = SystemVersion::WindowsVista_SP1;
95 | break;
96 | case 6002:
97 | NtSystemVersion = SystemVersion::WindowsVista_SP2;
98 | break;
99 | case 7600:
100 | NtSystemVersion = SystemVersion::Windows7;
101 | break;
102 | case 7601:
103 | NtSystemVersion = SystemVersion::Windows7_SP1;
104 | break;
105 | case 9200:
106 | NtSystemVersion = SystemVersion::Windows8;
107 | break;
108 | case 9600:
109 | NtSystemVersion = SystemVersion::Windows8_1;
110 | break;
111 | case 10240:
112 | NtSystemVersion = SystemVersion::Windows10;
113 | break;
114 | case 10586:
115 | NtSystemVersion = SystemVersion::Windows10_1511;
116 | break;
117 | case 14393:
118 | NtSystemVersion = SystemVersion::Windows10_1607;
119 | break;
120 | case 15063:
121 | NtSystemVersion = SystemVersion::Windows10_1703;
122 | break;
123 | case 16299:
124 | NtSystemVersion = SystemVersion::Windows10_1709;
125 | break;
126 | case 17134:
127 | NtSystemVersion = SystemVersion::Windows10_1803;
128 | break;
129 | case 17763:
130 | NtSystemVersion = SystemVersion::Windows10_1809;
131 | break;
132 | }
133 |
134 | return NtSystemVersion;
135 | }
136 |
137 | inline bool IsWindowsXPOrGreater()
138 | {
139 | if (GetSystemVersion() >= SystemVersion::WindowsXP)
140 | {
141 | return true;
142 | }
143 | return false;
144 | }
145 |
146 | inline bool IsWindowsXPSP1OrGreater()
147 | {
148 | if (GetSystemVersion() >= SystemVersion::WindowsXP)
149 | {
150 | return true;
151 | }
152 | return false;
153 | }
154 |
155 | inline bool IsWindowsXPSP2OrGreater()
156 | {
157 | if (GetSystemVersion() >= SystemVersion::WindowsXP)
158 | {
159 | return true;
160 | }
161 | return false;
162 | }
163 |
164 | inline bool IsWindowsXPSP3OrGreater()
165 | {
166 | if (GetSystemVersion() >= SystemVersion::WindowsXP)
167 | {
168 | return true;
169 | }
170 | return false;
171 | }
172 |
173 | inline bool IsWindowsVistaOrGreater()
174 | {
175 | if (GetSystemVersion() >= SystemVersion::WindowsVista)
176 | {
177 | return true;
178 | }
179 | return false;
180 | }
181 |
182 | inline bool IsWindowsVistaSP1OrGreater()
183 | {
184 | if (GetSystemVersion() >= SystemVersion::WindowsVista_SP1)
185 | {
186 | return true;
187 | }
188 | return false;
189 | }
190 |
191 | inline bool IsWindowsVistaSP2OrGreater()
192 | {
193 | if (GetSystemVersion() >= SystemVersion::WindowsVista_SP2)
194 | {
195 | return true;
196 | }
197 | return false;
198 | }
199 |
200 | inline bool IsWindows7OrGreater()
201 | {
202 | if (GetSystemVersion() >= SystemVersion::Windows7)
203 | {
204 | return true;
205 | }
206 | return false;
207 | }
208 |
209 | inline bool IsWindows7SP1OrGreater()
210 | {
211 | if (GetSystemVersion() >= SystemVersion::Windows7_SP1)
212 | {
213 | return true;
214 | }
215 | return false;
216 | }
217 |
218 | inline bool IsWindows8OrGreater()
219 | {
220 | if (GetSystemVersion() >= SystemVersion::Windows8)
221 | {
222 | return true;
223 | }
224 | return false;
225 | }
226 |
227 | inline bool IsWindows8Point1OrGreater()
228 | {
229 | if (GetSystemVersion() >= SystemVersion::Windows8_1)
230 | {
231 | return true;
232 | }
233 | return false;
234 | }
235 |
236 | inline bool IsWindows10OrGreater()
237 | {
238 | if (GetSystemVersion() >= SystemVersion::Windows10)
239 | {
240 | return true;
241 | }
242 | return false;
243 | }
244 |
245 | inline bool IsWindowsThreshold1OrGreater()
246 | {
247 | if (GetSystemVersion() >= SystemVersion::Windows10_1507)
248 | {
249 | return true;
250 | }
251 | return false;
252 | }
253 |
254 | inline bool IsWindowsThreshold2OrGreater()
255 | {
256 | if (GetSystemVersion() >= SystemVersion::Windows10_1511)
257 | {
258 | return true;
259 | }
260 | return false;
261 | }
262 |
263 | inline bool IsWindowsRedstone1OrGreater()
264 | {
265 | if (GetSystemVersion() >= SystemVersion::Windows10_1607)
266 | {
267 | return true;
268 | }
269 | return false;
270 | }
271 |
272 | inline bool IsWindowsRedstone2OrGreater()
273 | {
274 | if (GetSystemVersion() >= SystemVersion::Windows10_1703)
275 | {
276 | return true;
277 | }
278 | return false;
279 | }
280 |
281 | inline bool IsWindowsRedstone3OrGreater()
282 | {
283 | if (GetSystemVersion() >= SystemVersion::Windows10_1709)
284 | {
285 | return true;
286 | }
287 | return false;
288 | }
289 |
290 | inline bool IsWindowsRedstone4OrGreater()
291 | {
292 | if (GetSystemVersion() >= SystemVersion::Windows10_1803)
293 | {
294 | return true;
295 | }
296 | return false;
297 | }
298 |
299 | inline bool IsWindowsRedstone5OrGreater()
300 | {
301 | if (GetSystemVersion() >= SystemVersion::Windows10_1809)
302 | {
303 | return true;
304 | }
305 | return false;
306 | }
307 |
308 | inline auto RtlInitSystem() -> NTSTATUS
309 | {
310 | if (GetSystemVersion() == SystemVersion::Unknown)
311 | {
312 | return STATUS_NOT_SUPPORTED;
313 | }
314 |
315 | return STATUS_SUCCESS;
316 | }
317 |
318 | }
319 | }
320 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/RtlStruct.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | namespace wdk
5 | {
6 |
7 | #pragma region Version
8 | enum class SystemVersion : UINT32
9 | {
10 | Unknown,
11 |
12 | WindowsXP, // 5.1.2600
13 | WindowsXP64, // 5.2.3790
14 |
15 | WindowsVista, // 6.0.6000
16 | WindowsVista_SP1, // 6.0.6001
17 | WindowsVista_SP2, // 6.0.6002
18 |
19 | Windows7, // 6.1.7600
20 | Windows7_SP1, // 6.1.7601
21 |
22 | Windows8, // 6.2.9200
23 |
24 | Windows8_1, // 6.3.9600
25 |
26 | Windows10,
27 | Windows10_1507 = Windows10, // 10.0.10240
28 | Windows10_1511, // 10.0.10586
29 | Windows10_1607, // 10.0.14393
30 | Windows10_1703, // 10.0.15063
31 | Windows10_1709, // 10.0.16299
32 | Windows10_1803, // 10.0.17134
33 | Windows10_1809, // 10.0.17763
34 | WindowsMax,
35 | };
36 | #pragma endregion
37 |
38 |
39 | #pragma region Module
40 | typedef struct _RTL_PROCESS_MODULE_INFORMATION
41 | {
42 | HANDLE Section;
43 | PVOID MappedBase;
44 | PVOID ImageBase;
45 | ULONG ImageSize;
46 | ULONG Flags;
47 | USHORT LoadOrderIndex;
48 | USHORT InitOrderIndex;
49 | USHORT LoadCount;
50 | USHORT OffsetToFileName;
51 | UCHAR FullPathName[256];
52 | } RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION;
53 |
54 | typedef struct _RTL_PROCESS_MODULES
55 | {
56 | ULONG NumberOfModules;
57 | RTL_PROCESS_MODULE_INFORMATION Modules[1];
58 | } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES;
59 |
60 | // private
61 | typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX
62 | {
63 | USHORT NextOffset;
64 | RTL_PROCESS_MODULE_INFORMATION BaseInfo;
65 | ULONG ImageChecksum;
66 | ULONG TimeDateStamp;
67 | PVOID DefaultBase;
68 | } RTL_PROCESS_MODULE_INFORMATION_EX, *PRTL_PROCESS_MODULE_INFORMATION_EX;
69 | #pragma endregion
70 |
71 |
72 | #pragma region PEB-UserParameters
73 | template
74 | struct CURDIR_T
75 | {
76 | using UNICODE_STRING = T_STRING;
77 |
78 | UNICODE_STRING DosPath;
79 | T Handle;
80 | }; /* size: 0x0018 */ /* size: 0x000c */
81 |
82 | using CURDIR = CURDIR_T;
83 | using CURDIR32 = CURDIR_T;
84 | using CURDIR64 = CURDIR_T;
85 |
86 | using PCURDIR = CURDIR * ;
87 | using PCURDIR32 = CURDIR32 * ;
88 | using PCURDIR64 = CURDIR64 * ;
89 |
90 | static_assert(sizeof(CURDIR32) == 0x000c);
91 | static_assert(sizeof(CURDIR64) == 0x0018);
92 |
93 |
94 | template
95 | struct RTL_DRIVE_LETTER_CURDIR_T
96 | {
97 | using UNICODE_STRING = T_STRING;
98 |
99 | UINT16 Flags;
100 | UINT16 Length;
101 | UINT32 TimeStamp;
102 | UNICODE_STRING DosPath;
103 | }; /* size: 0x0018 */ /* size: 0x0010 */
104 |
105 | using RTL_DRIVE_LETTER_CURDIR = RTL_DRIVE_LETTER_CURDIR_T;
106 | using RTL_DRIVE_LETTER_CURDIR32 = RTL_DRIVE_LETTER_CURDIR_T;
107 | using RTL_DRIVE_LETTER_CURDIR64 = RTL_DRIVE_LETTER_CURDIR_T;
108 |
109 | using PRTL_DRIVE_LETTER_CURDIR = RTL_DRIVE_LETTER_CURDIR * ;
110 | using PRTL_DRIVE_LETTER_CURDIR32 = RTL_DRIVE_LETTER_CURDIR32 * ;
111 | using PRTL_DRIVE_LETTER_CURDIR64 = RTL_DRIVE_LETTER_CURDIR64 * ;
112 |
113 | static_assert(sizeof(RTL_DRIVE_LETTER_CURDIR32) == 0x0010);
114 | static_assert(sizeof(RTL_DRIVE_LETTER_CURDIR64) == 0x0018);
115 |
116 |
117 | enum : UINT32
118 | {
119 | RtlMaxDriveLetters = 32
120 | };
121 |
122 |
123 | template
124 | struct RTL_USER_PROCESS_PARAMETERS_T
125 | {
126 | using CURDIR = CURDIR_T;
127 | using UNICODE_STRING = T_STRING;
128 | using CURDIR = CURDIR_T;
129 | using RTL_DRIVE_LETTER_CURDIR = RTL_DRIVE_LETTER_CURDIR_T;
130 |
131 | UINT32 MaximumLength;
132 | UINT32 Length;
133 | UINT32 Flags;
134 | UINT32 DebugFlags;
135 | T ConsoleHandle;
136 | UINT32 ConsoleFlags;
137 | T StandardInput;
138 | T StandardOutput;
139 | T StandardError;
140 | CURDIR CurrentDirectory;
141 | UNICODE_STRING DllPath;
142 | UNICODE_STRING ImagePathName;
143 | UNICODE_STRING CommandLine;
144 | T Environment;
145 | UINT32 StartingX;
146 | UINT32 StartingY;
147 | UINT32 CountX;
148 | UINT32 CountY;
149 | UINT32 CountCharsX;
150 | UINT32 CountCharsY;
151 | UINT32 FillAttribute;
152 | UINT32 WindowFlags;
153 | UINT32 ShowWindowFlags;
154 | UNICODE_STRING WindowTitle;
155 | UNICODE_STRING DesktopInfo;
156 | UNICODE_STRING ShellInfo;
157 | UNICODE_STRING RuntimeData;
158 | RTL_DRIVE_LETTER_CURDIR CurrentDirectores[RtlMaxDriveLetters];
159 | I EnvironmentSize;
160 | I EnvironmentVersion;
161 | T PackageDependencyData;
162 | UINT32 ProcessGroupId;
163 | UINT32 LoaderThreads;
164 | UNICODE_STRING RedirectionDllName;
165 | }; /* size: 0x0420 */ /* size: 0x02ac */
166 |
167 | using RTL_USER_PROCESS_PARAMETERS = RTL_USER_PROCESS_PARAMETERS_T;
168 | using RTL_USER_PROCESS_PARAMETERS32 = RTL_USER_PROCESS_PARAMETERS_T;
169 | using RTL_USER_PROCESS_PARAMETERS64 = RTL_USER_PROCESS_PARAMETERS_T;
170 |
171 | using PRTL_USER_PROCESS_PARAMETERS = RTL_USER_PROCESS_PARAMETERS * ;
172 | using PRTL_USER_PROCESS_PARAMETERS32 = RTL_USER_PROCESS_PARAMETERS32 * ;
173 | using PRTL_USER_PROCESS_PARAMETERS64 = RTL_USER_PROCESS_PARAMETERS64 * ;
174 |
175 | static_assert(sizeof(RTL_USER_PROCESS_PARAMETERS32) == 0x02ac);
176 | static_assert(sizeof(RTL_USER_PROCESS_PARAMETERS64) == 0x0420);
177 | #pragma endregion
178 |
179 |
180 | }
181 |
182 | #include "Rtl\build_7600.inl"
183 | #include "Rtl\build_7601.inl"
184 | #include "Rtl\build_9200.inl"
185 | #include "Rtl\build_9600.inl"
186 | #include "Rtl\build_10240.inl"
187 | #include "Rtl\build_10586.inl"
188 | #include "Rtl\build_14393.inl"
189 | #include "Rtl\build_15063.inl"
190 | #include "Rtl\build_16299.inl"
191 | #include "Rtl\build_17134.inl"
192 | #include "Rtl\build_17763.inl"
193 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Se/build_10240.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Se/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Se/build_14393.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Se/build_15063.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Se/build_16299.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Se/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Se/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Se/build_7600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Se/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Se/build_9200.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Se/build_9600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/SeKernel.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "SeMacro.inl"
3 | #include "SeStruct.inl"
4 |
5 |
6 | namespace wdk
7 | {
8 | extern"C"
9 | {
10 | extern PACL SeSystemDefaultDacl;
11 |
12 | NTSTATUS NTAPI
13 | SeLocateProcessImageName(
14 | _Inout_ PEPROCESS Process,
15 | _Outptr_ PUNICODE_STRING *pImageFileName
16 | );
17 |
18 | SECURITY_IMPERSONATION_LEVEL NTAPI
19 | SeTokenImpersonationLevel(
20 | __in PACCESS_TOKEN Token
21 | );
22 |
23 | TOKEN_TYPE NTAPI
24 | SeTokenType(
25 | _In_ PACCESS_TOKEN Token
26 | );
27 |
28 | BOOLEAN NTAPI
29 | SeTokenIsAdmin(
30 | _In_ PACCESS_TOKEN Token
31 | );
32 |
33 | BOOLEAN NTAPI
34 | SeTokenIsRestricted(
35 | _In_ PACCESS_TOKEN Token
36 | );
37 | }
38 | }
39 |
40 | namespace wdk
41 | {
42 | extern"C"
43 | {
44 | inline auto SeInitSystem() -> NTSTATUS
45 | {
46 | return STATUS_SUCCESS;
47 | }
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ts/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10586.1176\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_10586
11 | {
12 |
13 | SameDefine$(build_10240, KTHREAD);
14 | SameDefine$(build_10240, ETHREAD);
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ts/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17134.376\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_17134
11 | {
12 |
13 | SameDefine$(build_16299, KTHREAD);
14 | SameDefine$(build_16299, ETHREAD);
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Ts/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | /*
5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17763.55\
6 | * Dumped by pdbex tool v0.4, by wbenny
7 | */
8 |
9 |
10 | namespace wdk::build_17763
11 | {
12 |
13 | SameDefine$(build_17134, KTHREAD);
14 |
15 |
16 | typedef struct _ETHREAD
17 | {
18 | struct _KTHREAD Tcb;
19 | union _LARGE_INTEGER CreateTime;
20 | union
21 | {
22 | union _LARGE_INTEGER ExitTime;
23 | struct _LIST_ENTRY KeyedWaitChain;
24 | };
25 | #ifdef _X86_
26 | VOID* ChargeOnlySession;
27 | #endif
28 | union
29 | {
30 | struct _LIST_ENTRY PostBlockList;
31 | struct
32 | {
33 | VOID* ForwardLinkShadow;
34 | VOID* StartAddress;
35 | };
36 | };
37 | union
38 | {
39 | struct _TERMINATION_PORT* TerminationPort;
40 | struct _ETHREAD* ReaperLink;
41 | VOID* KeyedWaitValue;
42 | };
43 | SIZE_T ActiveTimerListLock;
44 | struct _LIST_ENTRY ActiveTimerListHead;
45 | struct _CLIENT_ID Cid;
46 | union
47 | {
48 | struct _KSEMAPHORE KeyedWaitSemaphore;
49 | struct _KSEMAPHORE AlpcWaitSemaphore;
50 | };
51 | union _PS_CLIENT_SECURITY_CONTEXT ClientSecurity;
52 | struct _LIST_ENTRY IrpList;
53 | SIZE_T TopLevelIrp;
54 | struct _DEVICE_OBJECT* DeviceToVerify;
55 | VOID* Win32StartAddress;
56 | #ifdef _WIN64
57 | VOID* ChargeOnlySession;
58 | #endif
59 | VOID* LegacyPowerObject;
60 | struct _LIST_ENTRY ThreadListEntry;
61 | struct _EX_RUNDOWN_REF RundownProtect;
62 | struct _EX_PUSH_LOCK ThreadLock;
63 | UINT32 ReadClusterSize;
64 | volatile INT32 MmLockOrdering;
65 | union
66 | {
67 | UINT32 CrossThreadFlags;
68 | struct /* bitfield */
69 | {
70 | UINT32 Terminated : 1; /* bit position: 0 */
71 | UINT32 ThreadInserted : 1; /* bit position: 1 */
72 | UINT32 HideFromDebugger : 1; /* bit position: 2 */
73 | UINT32 ActiveImpersonationInfo : 1; /* bit position: 3 */
74 | UINT32 HardErrorsAreDisabled : 1; /* bit position: 4 */
75 | UINT32 BreakOnTermination : 1; /* bit position: 5 */
76 | UINT32 SkipCreationMsg : 1; /* bit position: 6 */
77 | UINT32 SkipTerminationMsg : 1; /* bit position: 7 */
78 | UINT32 CopyTokenOnOpen : 1; /* bit position: 8 */
79 | UINT32 ThreadIoPriority : 3; /* bit position: 9 */
80 | UINT32 ThreadPagePriority : 3; /* bit position: 12 */
81 | UINT32 RundownFail : 1; /* bit position: 15 */
82 | UINT32 UmsForceQueueTermination : 1; /* bit position: 16 */
83 | UINT32 IndirectCpuSets : 1; /* bit position: 17 */
84 | UINT32 DisableDynamicCodeOptOut : 1; /* bit position: 18 */
85 | UINT32 ExplicitCaseSensitivity : 1; /* bit position: 19 */
86 | UINT32 PicoNotifyExit : 1; /* bit position: 20 */
87 | UINT32 DbgWerUserReportActive : 1; /* bit position: 21 */
88 | UINT32 ForcedSelfTrimActive : 1; /* bit position: 22 */
89 | UINT32 SamplingCoverage : 1; /* bit position: 23 */
90 | UINT32 ReservedCrossThreadFlags : 8; /* bit position: 24 */
91 | }; /* bitfield */
92 | }; /* size: 0x0004 */
93 | union
94 | {
95 | UINT32 SameThreadPassiveFlags;
96 | struct /* bitfield */
97 | {
98 | UINT32 ActiveExWorker : 1; /* bit position: 0 */
99 | UINT32 MemoryMaker : 1; /* bit position: 1 */
100 | UINT32 StoreLockThread : 2; /* bit position: 2 */
101 | UINT32 ClonedThread : 1; /* bit position: 4 */
102 | UINT32 KeyedEventInUse : 1; /* bit position: 5 */
103 | UINT32 SelfTerminate : 1; /* bit position: 6 */
104 | UINT32 RespectIoPriority : 1; /* bit position: 7 */
105 | UINT32 ActivePageLists : 1; /* bit position: 8 */
106 | UINT32 SecureContext : 1; /* bit position: 9 */
107 | UINT32 ZeroPageThread : 1; /* bit position: 10 */
108 | UINT32 WorkloadClass : 1; /* bit position: 11 */
109 | UINT32 ReservedSameThreadPassiveFlags : 20; /* bit position: 12 */
110 | }; /* bitfield */
111 | }; /* size: 0x0004 */
112 | union
113 | {
114 | UINT32 SameThreadApcFlags;
115 | struct
116 | {
117 | struct /* bitfield */
118 | {
119 | UINT8 OwnsProcessAddressSpaceExclusive : 1; /* bit position: 0 */
120 | UINT8 OwnsProcessAddressSpaceShared : 1; /* bit position: 1 */
121 | UINT8 HardFaultBehavior : 1; /* bit position: 2 */
122 | volatile UINT8 StartAddressInvalid : 1; /* bit position: 3 */
123 | UINT8 EtwCalloutActive : 1; /* bit position: 4 */
124 | UINT8 SuppressSymbolLoad : 1; /* bit position: 5 */
125 | UINT8 Prefetching : 1; /* bit position: 6 */
126 | UINT8 OwnsVadExclusive : 1; /* bit position: 7 */
127 | }; /* bitfield */
128 | struct /* bitfield */
129 | {
130 | UINT8 SystemPagePriorityActive : 1; /* bit position: 0 */
131 | UINT8 SystemPagePriority : 3; /* bit position: 1 */
132 | UINT8 AllowWritesToExecutableMemory : 1; /* bit position: 4 */
133 | UINT8 OwnsVadShared : 1; /* bit position: 5 */
134 | }; /* bitfield */
135 | }; /* size: 0x0002 */
136 | }; /* size: 0x0004 */
137 | UINT8 CacheManagerActive;
138 | UINT8 DisablePageFaultClustering;
139 | UINT8 ActiveFaultCount;
140 | UINT8 LockOrderState;
141 | SIZE_T AlpcMessageId;
142 | union
143 | {
144 | VOID* AlpcMessage;
145 | UINT32 AlpcReceiveAttributeSet;
146 | };
147 | struct _LIST_ENTRY AlpcWaitListEntry;
148 | INT32 ExitStatus;
149 | UINT32 CacheManagerCount;
150 | UINT32 IoBoostCount;
151 | UINT32 IoQoSBoostCount;
152 | UINT32 IoQoSThrottleCount;
153 | UINT32 KernelStackReference;
154 | struct _LIST_ENTRY BoostList;
155 | struct _LIST_ENTRY DeboostList;
156 | EX_PUSH_LOCK BoostListLock;
157 | EX_PUSH_LOCK IrpListLock;
158 | VOID* ReservedForSynchTracking;
159 | struct _SINGLE_LIST_ENTRY CmCallbackListHead;
160 | const struct _GUID* ActivityId;
161 | struct _SINGLE_LIST_ENTRY SeLearningModeListHead;
162 | VOID* VerifierContext;
163 | VOID* AdjustedClientToken;
164 | VOID* WorkOnBehalfThread;
165 | struct _PS_PROPERTY_SET PropertySet;
166 | VOID* PicoContext;
167 | SIZE_T UserFsBase;
168 | SIZE_T UserGsBase;
169 | struct _THREAD_ENERGY_VALUES* EnergyValues;
170 | VOID* CmDbgInfo;
171 | union
172 | {
173 | SIZE_T SelectedCpuSets;
174 | SIZE_T* SelectedCpuSetsIndirect;
175 | };
176 | struct _EJOB* Silo;
177 | struct _UNICODE_STRING* ThreadName;
178 | #ifdef _WIN64
179 | struct _CONTEXT* SetContextState;
180 | #endif
181 | UINT32 LastExpectedRunTime;
182 | UINT32 HeapData;
183 | struct _LIST_ENTRY OwnerEntryListHead;
184 | SIZE_T DisownedOwnerEntryListLock;
185 | struct _LIST_ENTRY DisownedOwnerEntryListHead;
186 | } ETHREAD, *PETHREAD; /* size: 0x0810 */ /* size: 0x0480 */
187 | static_assert(sizeof(ETHREAD) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0810 : 0x0480));
188 |
189 |
190 | }
191 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Wmi/build_10240.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Wmi/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Wmi/build_14393.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Wmi/build_15063.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Wmi/build_16299.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Wmi/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Wmi/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Wmi/build_7600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Wmi/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Wmi/build_9200.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Wmi/build_9600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/WmiKernel.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "WmiStruct.inl"
3 |
4 |
5 | namespace wdk
6 | {
7 |
8 | extern"C"
9 | {
10 |
11 | LONG64 FASTCALL
12 | WmiGetClock(
13 | _In_ WMI_CLOCK_TYPE ClockType,
14 | _In_ PVOID Context
15 | );
16 |
17 | }
18 | }
19 |
20 | namespace wdk
21 | {
22 | extern"C"
23 | {
24 | inline auto WmiInitSystem() -> NTSTATUS
25 | {
26 | return STATUS_SUCCESS;
27 | }
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/WmiStruct.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 |
4 | namespace wdk
5 | {
6 | enum WMI_CLOCK_TYPE
7 | {
8 | WmiClockTypeDefault,
9 | WmiClockTypeSystemTime,
10 | WmiClockTypePerfCounter,
11 | WmiClockTypeProcess,
12 | WmiClockTypeThread,
13 | WmiClockTypeCPUCycle,
14 | };
15 | }
16 |
17 | #include "Wmi\build_7600.inl"
18 | #include "Wmi\build_7601.inl"
19 | #include "Wmi\build_9200.inl"
20 | #include "Wmi\build_9600.inl"
21 | #include "Wmi\build_10240.inl"
22 | #include "Wmi\build_10586.inl"
23 | #include "Wmi\build_14393.inl"
24 | #include "Wmi\build_15063.inl"
25 | #include "Wmi\build_16299.inl"
26 | #include "Wmi\build_17134.inl"
27 | #include "Wmi\build_17763.inl"
28 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Zw/build_10240.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Zw/build_10586.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Zw/build_14393.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Zw/build_15063.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Zw/build_16299.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Zw/build_17134.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Zw/build_17763.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Zw/build_7600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Zw/build_7601.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Zw/build_9200.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/Wdk/Zw/build_9600.inl:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/RemoveFlagTestKernel/main.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luciouskami/RemoveFlagTest/6a9d347fbf345be820c3ad9986d5a444c1b56995/RemoveFlagTestKernel/main.cpp
--------------------------------------------------------------------------------