├── README.md
├── Generator
    ├── Generator.cpp
    ├── stdafx.cpp
    ├── stdafx.h
    ├── targetver.h
    ├── Generator.vcxproj.filters
    ├── Generator.vcproj
    └── Generator.vcxproj
├── SecureWinApi
    ├── SecureWinApi
    │   ├── WinNtApi.h
    │   ├── SecureWinApiTable.h
    │   ├── WinApiDefine.h
    │   ├── Win32Api.h
    │   ├── StructDefine.h
    │   └── SecureWinApi.h
    ├── SecureWinApiLib.cpp
    ├── SecureWinApi.vcxproj.filters
    ├── SecureWinApi.vcproj
    └── SecureWinApi.vcxproj
├── UnitTest
    ├── stdafx.cpp
    ├── stdafx.h
    ├── targetver.h
    ├── UnitTest.vcxproj.filters
    ├── UnitTest.vcproj
    ├── UnitTest.cpp
    └── UnitTest.vcxproj
├── .gitattributes
├── .gitignore
└── SecureWinApi.sln


/README.md:
--------------------------------------------------------------------------------
1 | # SecureWinApi
2 | 
3 | interesting code
4 | 


--------------------------------------------------------------------------------
/Generator/Generator.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/SecureWinApi/HEAD/Generator/Generator.cpp


--------------------------------------------------------------------------------
/SecureWinApi/SecureWinApi/WinNtApi.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tishion/SecureWinApi/HEAD/SecureWinApi/SecureWinApi/WinNtApi.h


--------------------------------------------------------------------------------
/SecureWinApi/SecureWinApiLib.cpp:
--------------------------------------------------------------------------------
 1 | 
 2 | #define SECURE_WIN_API_GENERATOR
 3 | 
 4 | #include ".\SecureWinApi\SecureWinApi.h"
 5 | 
 6 | #include ".\SecureWinApi\SecureWinApiTable.h"
 7 | #include ".\SecureWinApi\WinNtApi.h"
 8 | #include ".\SecureWinApi\Win32Api.h"
 9 | 
10 | 
11 | 


--------------------------------------------------------------------------------
/Generator/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // Generator.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/UnitTest/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // Generator.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
 1 | # Auto detect text files and perform LF normalization
 2 | * text=auto
 3 | 
 4 | # Custom for Visual Studio
 5 | *.cs     diff=csharp
 6 | 
 7 | # Standard to msysgit
 8 | *.doc	 diff=astextplain
 9 | *.DOC	 diff=astextplain
10 | *.docx diff=astextplain
11 | *.DOCX diff=astextplain
12 | *.dot  diff=astextplain
13 | *.DOT  diff=astextplain
14 | *.pdf  diff=astextplain
15 | *.PDF	 diff=astextplain
16 | *.rtf	 diff=astextplain
17 | *.RTF	 diff=astextplain
18 | 


--------------------------------------------------------------------------------
/Generator/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | 
13 | #include <atlbase.h>
14 | #include <atlstr.h>
15 | #include <atlfile.h>
16 | 
17 | 
18 | 
19 | // TODO: reference additional headers your program requires here
20 | 


--------------------------------------------------------------------------------
/UnitTest/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | 
13 | #include <atlbase.h>
14 | #include <atlstr.h>
15 | #include <atlfile.h>
16 | 
17 | 
18 | 
19 | // TODO: reference additional headers your program requires here
20 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Windows image file caches
 2 | Thumbs.db
 3 | ehthumbs.db
 4 | 
 5 | # Folder config file
 6 | Desktop.ini
 7 | 
 8 | # Recycle Bin used on file shares
 9 | $RECYCLE.BIN/
10 | 
11 | # Windows Installer files
12 | *.cab
13 | *.msi
14 | *.msm
15 | *.msp
16 | 
17 | # Windows shortcuts
18 | *.lnk
19 | 
20 | # =========================
21 | # Operating System Files
22 | # =========================
23 | 
24 | # OSX
25 | # =========================
26 | 
27 | .DS_Store
28 | .AppleDouble
29 | .LSOverride
30 | 
31 | # Thumbnails
32 | ._*
33 | 
34 | # Files that might appear on external disk
35 | .Spotlight-V100
36 | .Trashes
37 | 
38 | # Directories potentially created on remote AFP share
39 | .AppleDB
40 | .AppleDesktop
41 | Network Trash Folder
42 | Temporary Items
43 | .apdisk
44 | 


--------------------------------------------------------------------------------
/UnitTest/targetver.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | // The following macros define the minimum required platform.  The minimum required platform
 4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run 
 5 | // your application.  The macros work by enabling all features available on platform versions up to and 
 6 | // including the version specified.
 7 | 
 8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
 9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef _WIN32_WINNT            // Specifies that the minimum required platform is Windows Vista.
11 | #define _WIN32_WINNT 0x0600     // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 | 
14 | 


--------------------------------------------------------------------------------
/Generator/targetver.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | // The following macros define the minimum required platform.  The minimum required platform
 4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run 
 5 | // your application.  The macros work by enabling all features available on platform versions up to and 
 6 | // including the version specified.
 7 | 
 8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
 9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef _WIN32_WINNT            // Specifies that the minimum required platform is Windows Vista.
11 | #define _WIN32_WINNT 0x0600     // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 | 
14 | 


--------------------------------------------------------------------------------
/Generator/Generator.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="Generator.cpp">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |     <ClCompile Include="stdafx.cpp">
22 |       <Filter>Source Files</Filter>
23 |     </ClCompile>
24 |   </ItemGroup>
25 |   <ItemGroup>
26 |     <ClInclude Include="stdafx.h">
27 |       <Filter>Header Files</Filter>
28 |     </ClInclude>
29 |     <ClInclude Include="targetver.h">
30 |       <Filter>Header Files</Filter>
31 |     </ClInclude>
32 |   </ItemGroup>
33 |   <ItemGroup>
34 |     <None Include="ReadMe.txt" />
35 |   </ItemGroup>
36 | </Project>


--------------------------------------------------------------------------------
/UnitTest/UnitTest.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="stdafx.cpp">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |     <ClCompile Include="UnitTest.cpp">
22 |       <Filter>Source Files</Filter>
23 |     </ClCompile>
24 |   </ItemGroup>
25 |   <ItemGroup>
26 |     <ClInclude Include="stdafx.h">
27 |       <Filter>Header Files</Filter>
28 |     </ClInclude>
29 |     <ClInclude Include="targetver.h">
30 |       <Filter>Header Files</Filter>
31 |     </ClInclude>
32 |   </ItemGroup>
33 |   <ItemGroup>
34 |     <None Include="ReadMe.txt" />
35 |   </ItemGroup>
36 | </Project>


--------------------------------------------------------------------------------
/SecureWinApi.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 11.00
 3 | # Visual Studio 2010
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SecureWinApi", "SecureWinApi\SecureWinApi.vcxproj", "{D671AF0B-D944-44BC-9727-81E97E8EE92B}"
 5 | EndProject
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "UnitTest", "UnitTest\UnitTest.vcxproj", "{0F2F5367-1C8C-48BB-942D-E49C17481B92}"
 7 | EndProject
 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Generator", "Generator\Generator.vcxproj", "{65145883-2B29-460A-86BD-FBE1FF14CCDD}"
 9 | EndProject
10 | Global
11 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | 		Debug|Win32 = Debug|Win32
13 | 		Release|Win32 = Release|Win32
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{D671AF0B-D944-44BC-9727-81E97E8EE92B}.Debug|Win32.ActiveCfg = Debug|Win32
17 | 		{D671AF0B-D944-44BC-9727-81E97E8EE92B}.Debug|Win32.Build.0 = Debug|Win32
18 | 		{D671AF0B-D944-44BC-9727-81E97E8EE92B}.Release|Win32.ActiveCfg = Release|Win32
19 | 		{D671AF0B-D944-44BC-9727-81E97E8EE92B}.Release|Win32.Build.0 = Release|Win32
20 | 		{0F2F5367-1C8C-48BB-942D-E49C17481B92}.Debug|Win32.ActiveCfg = Debug|Win32
21 | 		{0F2F5367-1C8C-48BB-942D-E49C17481B92}.Debug|Win32.Build.0 = Debug|Win32
22 | 		{0F2F5367-1C8C-48BB-942D-E49C17481B92}.Release|Win32.ActiveCfg = Release|Win32
23 | 		{0F2F5367-1C8C-48BB-942D-E49C17481B92}.Release|Win32.Build.0 = Release|Win32
24 | 		{65145883-2B29-460A-86BD-FBE1FF14CCDD}.Debug|Win32.ActiveCfg = Debug|Win32
25 | 		{65145883-2B29-460A-86BD-FBE1FF14CCDD}.Debug|Win32.Build.0 = Debug|Win32
26 | 		{65145883-2B29-460A-86BD-FBE1FF14CCDD}.Release|Win32.ActiveCfg = Release|Win32
27 | 		{65145883-2B29-460A-86BD-FBE1FF14CCDD}.Release|Win32.Build.0 = Release|Win32
28 | 	EndGlobalSection
29 | 	GlobalSection(SolutionProperties) = preSolution
30 | 		HideSolutionNode = FALSE
31 | 	EndGlobalSection
32 | EndGlobal
33 | 


--------------------------------------------------------------------------------
/SecureWinApi/SecureWinApi.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Source Files\SecureWinApi">
 9 |       <UniqueIdentifier>{143fca89-d0b5-4ba5-8cd0-2bc83d27848a}</UniqueIdentifier>
10 |     </Filter>
11 |     <Filter Include="Header Files">
12 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
13 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
14 |     </Filter>
15 |     <Filter Include="Resource Files">
16 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
17 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>
18 |     </Filter>
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClCompile Include="SecureWinApiLib.cpp">
22 |       <Filter>Source Files</Filter>
23 |     </ClCompile>
24 |   </ItemGroup>
25 |   <ItemGroup>
26 |     <ClInclude Include="SecureWinApi\SecureWinApi.h">
27 |       <Filter>Source Files\SecureWinApi</Filter>
28 |     </ClInclude>
29 |     <ClInclude Include="SecureWinApi\SecureWinApiTable.h">
30 |       <Filter>Source Files\SecureWinApi</Filter>
31 |     </ClInclude>
32 |     <ClInclude Include="SecureWinApi\StructDefine.h">
33 |       <Filter>Source Files\SecureWinApi</Filter>
34 |     </ClInclude>
35 |     <ClInclude Include="SecureWinApi\Win32Api.h">
36 |       <Filter>Source Files\SecureWinApi</Filter>
37 |     </ClInclude>
38 |     <ClInclude Include="SecureWinApi\WinApiDefine.h">
39 |       <Filter>Source Files\SecureWinApi</Filter>
40 |     </ClInclude>
41 |     <ClInclude Include="SecureWinApi\WinNtApi.h">
42 |       <Filter>Source Files\SecureWinApi</Filter>
43 |     </ClInclude>
44 |     <ClInclude Include="targetver.h">
45 |       <Filter>Header Files</Filter>
46 |     </ClInclude>
47 |   </ItemGroup>
48 |   <ItemGroup>
49 |     <None Include="ReadMe.txt" />
50 |   </ItemGroup>
51 | </Project>


--------------------------------------------------------------------------------
/SecureWinApi/SecureWinApi.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="gb2312"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="9.00"
  5 | 	Name="SecureWinApi"
  6 | 	ProjectGUID="{D671AF0B-D944-44BC-9727-81E97E8EE92B}"
  7 | 	RootNamespace="SecureWinApi"
  8 | 	Keyword="Win32Proj"
  9 | 	TargetFrameworkVersion="196613"
 10 | 	>
 11 | 	<Platforms>
 12 | 		<Platform
 13 | 			Name="Win32"
 14 | 		/>
 15 | 	</Platforms>
 16 | 	<ToolFiles>
 17 | 	</ToolFiles>
 18 | 	<Configurations>
 19 | 		<Configuration
 20 | 			Name="Debug|Win32"
 21 | 			OutputDirectory="$(SolutionDir)Bin-$(ConfigurationName)"
 22 | 			IntermediateDirectory="$(ConfigurationName)"
 23 | 			ConfigurationType="4"
 24 | 			CharacterSet="1"
 25 | 			>
 26 | 			<Tool
 27 | 				Name="VCPreBuildEventTool"
 28 | 			/>
 29 | 			<Tool
 30 | 				Name="VCCustomBuildTool"
 31 | 			/>
 32 | 			<Tool
 33 | 				Name="VCXMLDataGeneratorTool"
 34 | 			/>
 35 | 			<Tool
 36 | 				Name="VCWebServiceProxyGeneratorTool"
 37 | 			/>
 38 | 			<Tool
 39 | 				Name="VCMIDLTool"
 40 | 			/>
 41 | 			<Tool
 42 | 				Name="VCCLCompilerTool"
 43 | 				Optimization="0"
 44 | 				PreprocessorDefinitions="WIN32;_DEBUG;_LIB"
 45 | 				MinimalRebuild="false"
 46 | 				BasicRuntimeChecks="0"
 47 | 				RuntimeLibrary="1"
 48 | 				BufferSecurityCheck="false"
 49 | 				UsePrecompiledHeader="0"
 50 | 				AssemblerOutput="4"
 51 | 				WarningLevel="3"
 52 | 				DebugInformationFormat="4"
 53 | 			/>
 54 | 			<Tool
 55 | 				Name="VCManagedResourceCompilerTool"
 56 | 			/>
 57 | 			<Tool
 58 | 				Name="VCResourceCompilerTool"
 59 | 			/>
 60 | 			<Tool
 61 | 				Name="VCPreLinkEventTool"
 62 | 			/>
 63 | 			<Tool
 64 | 				Name="VCLibrarianTool"
 65 | 				IgnoreAllDefaultLibraries="true"
 66 | 			/>
 67 | 			<Tool
 68 | 				Name="VCALinkTool"
 69 | 			/>
 70 | 			<Tool
 71 | 				Name="VCXDCMakeTool"
 72 | 			/>
 73 | 			<Tool
 74 | 				Name="VCBscMakeTool"
 75 | 			/>
 76 | 			<Tool
 77 | 				Name="VCFxCopTool"
 78 | 			/>
 79 | 			<Tool
 80 | 				Name="VCPostBuildEventTool"
 81 | 			/>
 82 | 		</Configuration>
 83 | 		<Configuration
 84 | 			Name="Release|Win32"
 85 | 			OutputDirectory="$(SolutionDir)Bin-$(ConfigurationName)"
 86 | 			IntermediateDirectory="$(ConfigurationName)"
 87 | 			ConfigurationType="4"
 88 | 			CharacterSet="1"
 89 | 			WholeProgramOptimization="1"
 90 | 			>
 91 | 			<Tool
 92 | 				Name="VCPreBuildEventTool"
 93 | 			/>
 94 | 			<Tool
 95 | 				Name="VCCustomBuildTool"
 96 | 			/>
 97 | 			<Tool
 98 | 				Name="VCXMLDataGeneratorTool"
 99 | 			/>
100 | 			<Tool
101 | 				Name="VCWebServiceProxyGeneratorTool"
102 | 			/>
103 | 			<Tool
104 | 				Name="VCMIDLTool"
105 | 			/>
106 | 			<Tool
107 | 				Name="VCCLCompilerTool"
108 | 				Optimization="2"
109 | 				EnableIntrinsicFunctions="true"
110 | 				PreprocessorDefinitions="WIN32;NDEBUG;_LIB"
111 | 				ExceptionHandling="0"
112 | 				RuntimeLibrary="0"
113 | 				BufferSecurityCheck="false"
114 | 				EnableFunctionLevelLinking="false"
115 | 				UsePrecompiledHeader="0"
116 | 				AssemblerOutput="4"
117 | 				WarningLevel="3"
118 | 				DebugInformationFormat="3"
119 | 			/>
120 | 			<Tool
121 | 				Name="VCManagedResourceCompilerTool"
122 | 			/>
123 | 			<Tool
124 | 				Name="VCResourceCompilerTool"
125 | 			/>
126 | 			<Tool
127 | 				Name="VCPreLinkEventTool"
128 | 			/>
129 | 			<Tool
130 | 				Name="VCLibrarianTool"
131 | 				IgnoreAllDefaultLibraries="true"
132 | 			/>
133 | 			<Tool
134 | 				Name="VCALinkTool"
135 | 			/>
136 | 			<Tool
137 | 				Name="VCXDCMakeTool"
138 | 			/>
139 | 			<Tool
140 | 				Name="VCBscMakeTool"
141 | 			/>
142 | 			<Tool
143 | 				Name="VCFxCopTool"
144 | 			/>
145 | 			<Tool
146 | 				Name="VCPostBuildEventTool"
147 | 			/>
148 | 		</Configuration>
149 | 	</Configurations>
150 | 	<References>
151 | 	</References>
152 | 	<Files>
153 | 		<Filter
154 | 			Name="Source Files"
155 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
156 | 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
157 | 			>
158 | 			<File
159 | 				RelativePath=".\SecureWinApiLib.cpp"
160 | 				>
161 | 			</File>
162 | 			<Filter
163 | 				Name="SecureWinApi"
164 | 				>
165 | 				<File
166 | 					RelativePath=".\SecureWinApi\SecureWinApi.h"
167 | 					>
168 | 				</File>
169 | 				<File
170 | 					RelativePath=".\SecureWinApi\SecureWinApiTable.h"
171 | 					>
172 | 				</File>
173 | 				<File
174 | 					RelativePath=".\SecureWinApi\StructDefine.h"
175 | 					>
176 | 				</File>
177 | 				<File
178 | 					RelativePath=".\SecureWinApi\Win32Api.h"
179 | 					>
180 | 				</File>
181 | 				<File
182 | 					RelativePath=".\SecureWinApi\WinApiDefine.h"
183 | 					>
184 | 				</File>
185 | 				<File
186 | 					RelativePath=".\SecureWinApi\WinNtApi.h"
187 | 					>
188 | 				</File>
189 | 			</Filter>
190 | 		</Filter>
191 | 		<Filter
192 | 			Name="Header Files"
193 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
194 | 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
195 | 			>
196 | 			<File
197 | 				RelativePath=".\targetver.h"
198 | 				>
199 | 			</File>
200 | 		</Filter>
201 | 		<Filter
202 | 			Name="Resource Files"
203 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
204 | 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
205 | 			>
206 | 		</Filter>
207 | 		<File
208 | 			RelativePath=".\ReadMe.txt"
209 | 			>
210 | 		</File>
211 | 	</Files>
212 | 	<Globals>
213 | 	</Globals>
214 | </VisualStudioProject>
215 | 


--------------------------------------------------------------------------------
/SecureWinApi/SecureWinApi.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |   </ItemGroup>
 13 |   <PropertyGroup Label="Globals">
 14 |     <ProjectGuid>{D671AF0B-D944-44BC-9727-81E97E8EE92B}</ProjectGuid>
 15 |     <RootNamespace>SecureWinApi</RootNamespace>
 16 |     <Keyword>Win32Proj</Keyword>
 17 |   </PropertyGroup>
 18 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 19 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 20 |     <ConfigurationType>StaticLibrary</ConfigurationType>
 21 |     <CharacterSet>Unicode</CharacterSet>
 22 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 23 |   </PropertyGroup>
 24 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 25 |     <ConfigurationType>StaticLibrary</ConfigurationType>
 26 |     <CharacterSet>Unicode</CharacterSet>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 29 |   <ImportGroup Label="ExtensionSettings">
 30 |   </ImportGroup>
 31 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
 32 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 33 |   </ImportGroup>
 34 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
 35 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 36 |   </ImportGroup>
 37 |   <PropertyGroup Label="UserMacros" />
 38 |   <PropertyGroup>
 39 |     <_ProjectFileVersion>10.0.40219.1</_ProjectFileVersion>
 40 |     <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(SolutionDir)Bin-$(Configuration)\</OutDir>
 41 |     <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(Configuration)\</IntDir>
 42 |     <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(SolutionDir)Bin-$(Configuration)\</OutDir>
 43 |     <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(Configuration)\</IntDir>
 44 |   </PropertyGroup>
 45 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 46 |     <ClCompile>
 47 |       <Optimization>Disabled</Optimization>
 48 |       <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 49 |       <MinimalRebuild>false</MinimalRebuild>
 50 |       <BasicRuntimeChecks>Default</BasicRuntimeChecks>
 51 |       <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
 52 |       <BufferSecurityCheck>false</BufferSecurityCheck>
 53 |       <PrecompiledHeader>
 54 |       </PrecompiledHeader>
 55 |       <AssemblerOutput>AssemblyAndSourceCode</AssemblerOutput>
 56 |       <WarningLevel>Level3</WarningLevel>
 57 |       <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
 58 |     </ClCompile>
 59 |     <Lib>
 60 |       <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
 61 |     </Lib>
 62 |   </ItemDefinitionGroup>
 63 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <ClCompile>
 65 |       <Optimization>MaxSpeed</Optimization>
 66 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 67 |       <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 68 |       <ExceptionHandling>
 69 |       </ExceptionHandling>
 70 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
 71 |       <BufferSecurityCheck>false</BufferSecurityCheck>
 72 |       <FunctionLevelLinking>false</FunctionLevelLinking>
 73 |       <PrecompiledHeader>
 74 |       </PrecompiledHeader>
 75 |       <AssemblerOutput>AssemblyAndSourceCode</AssemblerOutput>
 76 |       <WarningLevel>Level3</WarningLevel>
 77 |       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
 78 |     </ClCompile>
 79 |     <Lib>
 80 |       <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
 81 |     </Lib>
 82 |   </ItemDefinitionGroup>
 83 |   <ItemGroup>
 84 |     <ClCompile Include="SecureWinApiLib.cpp" />
 85 |   </ItemGroup>
 86 |   <ItemGroup>
 87 |     <ClInclude Include="SecureWinApi\SecureWinApi.h" />
 88 |     <ClInclude Include="SecureWinApi\SecureWinApiTable.h" />
 89 |     <ClInclude Include="SecureWinApi\StructDefine.h" />
 90 |     <ClInclude Include="SecureWinApi\Win32Api.h" />
 91 |     <ClInclude Include="SecureWinApi\WinApiDefine.h" />
 92 |     <ClInclude Include="SecureWinApi\WinNtApi.h" />
 93 |     <ClInclude Include="targetver.h" />
 94 |   </ItemGroup>
 95 |   <ItemGroup>
 96 |     <None Include="ReadMe.txt" />
 97 |   </ItemGroup>
 98 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
 99 |   <ImportGroup Label="ExtensionTargets">
100 |   </ImportGroup>
101 | </Project>


--------------------------------------------------------------------------------
/UnitTest/UnitTest.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="gb2312"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="9.00"
  5 | 	Name="UnitTest"
  6 | 	ProjectGUID="{0F2F5367-1C8C-48BB-942D-E49C17481B92}"
  7 | 	RootNamespace="UnitTest"
  8 | 	Keyword="Win32Proj"
  9 | 	TargetFrameworkVersion="196613"
 10 | 	>
 11 | 	<Platforms>
 12 | 		<Platform
 13 | 			Name="Win32"
 14 | 		/>
 15 | 	</Platforms>
 16 | 	<ToolFiles>
 17 | 	</ToolFiles>
 18 | 	<Configurations>
 19 | 		<Configuration
 20 | 			Name="Debug|Win32"
 21 | 			OutputDirectory="$(SolutionDir)Bin-$(ConfigurationName)"
 22 | 			IntermediateDirectory="$(ConfigurationName)"
 23 | 			ConfigurationType="1"
 24 | 			CharacterSet="1"
 25 | 			>
 26 | 			<Tool
 27 | 				Name="VCPreBuildEventTool"
 28 | 			/>
 29 | 			<Tool
 30 | 				Name="VCCustomBuildTool"
 31 | 			/>
 32 | 			<Tool
 33 | 				Name="VCXMLDataGeneratorTool"
 34 | 			/>
 35 | 			<Tool
 36 | 				Name="VCWebServiceProxyGeneratorTool"
 37 | 			/>
 38 | 			<Tool
 39 | 				Name="VCMIDLTool"
 40 | 			/>
 41 | 			<Tool
 42 | 				Name="VCCLCompilerTool"
 43 | 				Optimization="4"
 44 | 				FavorSizeOrSpeed="2"
 45 | 				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
 46 | 				MinimalRebuild="false"
 47 | 				ExceptionHandling="0"
 48 | 				BasicRuntimeChecks="0"
 49 | 				RuntimeLibrary="1"
 50 | 				BufferSecurityCheck="false"
 51 | 				UsePrecompiledHeader="2"
 52 | 				WarningLevel="3"
 53 | 				DebugInformationFormat="4"
 54 | 			/>
 55 | 			<Tool
 56 | 				Name="VCManagedResourceCompilerTool"
 57 | 			/>
 58 | 			<Tool
 59 | 				Name="VCResourceCompilerTool"
 60 | 			/>
 61 | 			<Tool
 62 | 				Name="VCPreLinkEventTool"
 63 | 			/>
 64 | 			<Tool
 65 | 				Name="VCLinkerTool"
 66 | 				LinkIncremental="1"
 67 | 				GenerateDebugInformation="true"
 68 | 				SubSystem="1"
 69 | 				DataExecutionPrevention="1"
 70 | 				TargetMachine="1"
 71 | 			/>
 72 | 			<Tool
 73 | 				Name="VCALinkTool"
 74 | 			/>
 75 | 			<Tool
 76 | 				Name="VCManifestTool"
 77 | 			/>
 78 | 			<Tool
 79 | 				Name="VCXDCMakeTool"
 80 | 			/>
 81 | 			<Tool
 82 | 				Name="VCBscMakeTool"
 83 | 			/>
 84 | 			<Tool
 85 | 				Name="VCFxCopTool"
 86 | 			/>
 87 | 			<Tool
 88 | 				Name="VCAppVerifierTool"
 89 | 			/>
 90 | 			<Tool
 91 | 				Name="VCPostBuildEventTool"
 92 | 			/>
 93 | 		</Configuration>
 94 | 		<Configuration
 95 | 			Name="Release|Win32"
 96 | 			OutputDirectory="$(SolutionDir)Bin-$(ConfigurationName)"
 97 | 			IntermediateDirectory="$(ConfigurationName)"
 98 | 			ConfigurationType="1"
 99 | 			CharacterSet="1"
100 | 			WholeProgramOptimization="1"
101 | 			>
102 | 			<Tool
103 | 				Name="VCPreBuildEventTool"
104 | 			/>
105 | 			<Tool
106 | 				Name="VCCustomBuildTool"
107 | 			/>
108 | 			<Tool
109 | 				Name="VCXMLDataGeneratorTool"
110 | 			/>
111 | 			<Tool
112 | 				Name="VCWebServiceProxyGeneratorTool"
113 | 			/>
114 | 			<Tool
115 | 				Name="VCMIDLTool"
116 | 			/>
117 | 			<Tool
118 | 				Name="VCCLCompilerTool"
119 | 				Optimization="4"
120 | 				EnableIntrinsicFunctions="false"
121 | 				FavorSizeOrSpeed="2"
122 | 				WholeProgramOptimization="false"
123 | 				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
124 | 				ExceptionHandling="0"
125 | 				RuntimeLibrary="0"
126 | 				BufferSecurityCheck="false"
127 | 				EnableFunctionLevelLinking="false"
128 | 				UsePrecompiledHeader="2"
129 | 				WarningLevel="3"
130 | 				DebugInformationFormat="3"
131 | 			/>
132 | 			<Tool
133 | 				Name="VCManagedResourceCompilerTool"
134 | 			/>
135 | 			<Tool
136 | 				Name="VCResourceCompilerTool"
137 | 			/>
138 | 			<Tool
139 | 				Name="VCPreLinkEventTool"
140 | 			/>
141 | 			<Tool
142 | 				Name="VCLinkerTool"
143 | 				LinkIncremental="1"
144 | 				GenerateDebugInformation="true"
145 | 				SubSystem="1"
146 | 				OptimizeReferences="2"
147 | 				EnableCOMDATFolding="2"
148 | 				TargetMachine="1"
149 | 			/>
150 | 			<Tool
151 | 				Name="VCALinkTool"
152 | 			/>
153 | 			<Tool
154 | 				Name="VCManifestTool"
155 | 			/>
156 | 			<Tool
157 | 				Name="VCXDCMakeTool"
158 | 			/>
159 | 			<Tool
160 | 				Name="VCBscMakeTool"
161 | 			/>
162 | 			<Tool
163 | 				Name="VCFxCopTool"
164 | 			/>
165 | 			<Tool
166 | 				Name="VCAppVerifierTool"
167 | 			/>
168 | 			<Tool
169 | 				Name="VCPostBuildEventTool"
170 | 			/>
171 | 		</Configuration>
172 | 	</Configurations>
173 | 	<References>
174 | 	</References>
175 | 	<Files>
176 | 		<Filter
177 | 			Name="Source Files"
178 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
179 | 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
180 | 			>
181 | 			<File
182 | 				RelativePath=".\stdafx.cpp"
183 | 				>
184 | 				<FileConfiguration
185 | 					Name="Debug|Win32"
186 | 					>
187 | 					<Tool
188 | 						Name="VCCLCompilerTool"
189 | 						UsePrecompiledHeader="1"
190 | 					/>
191 | 				</FileConfiguration>
192 | 				<FileConfiguration
193 | 					Name="Release|Win32"
194 | 					>
195 | 					<Tool
196 | 						Name="VCCLCompilerTool"
197 | 						UsePrecompiledHeader="1"
198 | 					/>
199 | 				</FileConfiguration>
200 | 			</File>
201 | 			<File
202 | 				RelativePath=".\UnitTest.cpp"
203 | 				>
204 | 			</File>
205 | 		</Filter>
206 | 		<Filter
207 | 			Name="Header Files"
208 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
209 | 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
210 | 			>
211 | 			<File
212 | 				RelativePath=".\stdafx.h"
213 | 				>
214 | 			</File>
215 | 			<File
216 | 				RelativePath=".\targetver.h"
217 | 				>
218 | 			</File>
219 | 		</Filter>
220 | 		<Filter
221 | 			Name="Resource Files"
222 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
223 | 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
224 | 			>
225 | 		</Filter>
226 | 		<File
227 | 			RelativePath=".\ReadMe.txt"
228 | 			>
229 | 		</File>
230 | 	</Files>
231 | 	<Globals>
232 | 	</Globals>
233 | </VisualStudioProject>
234 | 


--------------------------------------------------------------------------------
/Generator/Generator.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="gb2312"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="9.00"
  5 | 	Name="Generator"
  6 | 	ProjectGUID="{65145883-2B29-460A-86BD-FBE1FF14CCDD}"
  7 | 	RootNamespace="Generator"
  8 | 	Keyword="Win32Proj"
  9 | 	TargetFrameworkVersion="196613"
 10 | 	>
 11 | 	<Platforms>
 12 | 		<Platform
 13 | 			Name="Win32"
 14 | 		/>
 15 | 	</Platforms>
 16 | 	<ToolFiles>
 17 | 	</ToolFiles>
 18 | 	<Configurations>
 19 | 		<Configuration
 20 | 			Name="Debug|Win32"
 21 | 			OutputDirectory="$(SolutionDir)Bin-$(ConfigurationName)"
 22 | 			IntermediateDirectory="$(ConfigurationName)"
 23 | 			ConfigurationType="1"
 24 | 			CharacterSet="1"
 25 | 			>
 26 | 			<Tool
 27 | 				Name="VCPreBuildEventTool"
 28 | 			/>
 29 | 			<Tool
 30 | 				Name="VCCustomBuildTool"
 31 | 			/>
 32 | 			<Tool
 33 | 				Name="VCXMLDataGeneratorTool"
 34 | 			/>
 35 | 			<Tool
 36 | 				Name="VCWebServiceProxyGeneratorTool"
 37 | 			/>
 38 | 			<Tool
 39 | 				Name="VCMIDLTool"
 40 | 			/>
 41 | 			<Tool
 42 | 				Name="VCCLCompilerTool"
 43 | 				Optimization="4"
 44 | 				FavorSizeOrSpeed="2"
 45 | 				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
 46 | 				MinimalRebuild="true"
 47 | 				ExceptionHandling="0"
 48 | 				BasicRuntimeChecks="0"
 49 | 				RuntimeLibrary="1"
 50 | 				BufferSecurityCheck="false"
 51 | 				UsePrecompiledHeader="2"
 52 | 				AssemblerOutput="4"
 53 | 				WarningLevel="3"
 54 | 				DebugInformationFormat="3"
 55 | 			/>
 56 | 			<Tool
 57 | 				Name="VCManagedResourceCompilerTool"
 58 | 			/>
 59 | 			<Tool
 60 | 				Name="VCResourceCompilerTool"
 61 | 			/>
 62 | 			<Tool
 63 | 				Name="VCPreLinkEventTool"
 64 | 			/>
 65 | 			<Tool
 66 | 				Name="VCLinkerTool"
 67 | 				LinkIncremental="1"
 68 | 				GenerateDebugInformation="true"
 69 | 				SubSystem="1"
 70 | 				OptimizeReferences="2"
 71 | 				EnableCOMDATFolding="2"
 72 | 				EntryPointSymbol=""
 73 | 				DataExecutionPrevention="1"
 74 | 				TargetMachine="1"
 75 | 			/>
 76 | 			<Tool
 77 | 				Name="VCALinkTool"
 78 | 			/>
 79 | 			<Tool
 80 | 				Name="VCManifestTool"
 81 | 			/>
 82 | 			<Tool
 83 | 				Name="VCXDCMakeTool"
 84 | 			/>
 85 | 			<Tool
 86 | 				Name="VCBscMakeTool"
 87 | 			/>
 88 | 			<Tool
 89 | 				Name="VCFxCopTool"
 90 | 			/>
 91 | 			<Tool
 92 | 				Name="VCAppVerifierTool"
 93 | 			/>
 94 | 			<Tool
 95 | 				Name="VCPostBuildEventTool"
 96 | 			/>
 97 | 		</Configuration>
 98 | 		<Configuration
 99 | 			Name="Release|Win32"
100 | 			OutputDirectory="$(SolutionDir)Bin-$(ConfigurationName)"
101 | 			IntermediateDirectory="$(ConfigurationName)"
102 | 			ConfigurationType="1"
103 | 			CharacterSet="1"
104 | 			WholeProgramOptimization="1"
105 | 			>
106 | 			<Tool
107 | 				Name="VCPreBuildEventTool"
108 | 			/>
109 | 			<Tool
110 | 				Name="VCCustomBuildTool"
111 | 			/>
112 | 			<Tool
113 | 				Name="VCXMLDataGeneratorTool"
114 | 			/>
115 | 			<Tool
116 | 				Name="VCWebServiceProxyGeneratorTool"
117 | 			/>
118 | 			<Tool
119 | 				Name="VCMIDLTool"
120 | 			/>
121 | 			<Tool
122 | 				Name="VCCLCompilerTool"
123 | 				Optimization="4"
124 | 				EnableIntrinsicFunctions="false"
125 | 				FavorSizeOrSpeed="2"
126 | 				WholeProgramOptimization="false"
127 | 				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
128 | 				ExceptionHandling="0"
129 | 				RuntimeLibrary="0"
130 | 				BufferSecurityCheck="false"
131 | 				EnableFunctionLevelLinking="false"
132 | 				UsePrecompiledHeader="2"
133 | 				AssemblerOutput="4"
134 | 				WarningLevel="3"
135 | 				DebugInformationFormat="3"
136 | 			/>
137 | 			<Tool
138 | 				Name="VCManagedResourceCompilerTool"
139 | 			/>
140 | 			<Tool
141 | 				Name="VCResourceCompilerTool"
142 | 			/>
143 | 			<Tool
144 | 				Name="VCPreLinkEventTool"
145 | 			/>
146 | 			<Tool
147 | 				Name="VCLinkerTool"
148 | 				LinkIncremental="1"
149 | 				GenerateManifest="false"
150 | 				GenerateDebugInformation="true"
151 | 				SubSystem="1"
152 | 				OptimizeReferences="2"
153 | 				EnableCOMDATFolding="2"
154 | 				LinkTimeCodeGeneration="0"
155 | 				EntryPointSymbol=""
156 | 				TargetMachine="1"
157 | 			/>
158 | 			<Tool
159 | 				Name="VCALinkTool"
160 | 			/>
161 | 			<Tool
162 | 				Name="VCManifestTool"
163 | 			/>
164 | 			<Tool
165 | 				Name="VCXDCMakeTool"
166 | 			/>
167 | 			<Tool
168 | 				Name="VCBscMakeTool"
169 | 			/>
170 | 			<Tool
171 | 				Name="VCFxCopTool"
172 | 			/>
173 | 			<Tool
174 | 				Name="VCAppVerifierTool"
175 | 			/>
176 | 			<Tool
177 | 				Name="VCPostBuildEventTool"
178 | 			/>
179 | 		</Configuration>
180 | 	</Configurations>
181 | 	<References>
182 | 	</References>
183 | 	<Files>
184 | 		<Filter
185 | 			Name="Source Files"
186 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
187 | 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
188 | 			>
189 | 			<File
190 | 				RelativePath=".\Generator.cpp"
191 | 				>
192 | 			</File>
193 | 			<File
194 | 				RelativePath=".\stdafx.cpp"
195 | 				>
196 | 				<FileConfiguration
197 | 					Name="Debug|Win32"
198 | 					>
199 | 					<Tool
200 | 						Name="VCCLCompilerTool"
201 | 						UsePrecompiledHeader="1"
202 | 					/>
203 | 				</FileConfiguration>
204 | 				<FileConfiguration
205 | 					Name="Release|Win32"
206 | 					>
207 | 					<Tool
208 | 						Name="VCCLCompilerTool"
209 | 						UsePrecompiledHeader="1"
210 | 					/>
211 | 				</FileConfiguration>
212 | 			</File>
213 | 		</Filter>
214 | 		<Filter
215 | 			Name="Header Files"
216 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
217 | 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
218 | 			>
219 | 			<File
220 | 				RelativePath=".\stdafx.h"
221 | 				>
222 | 			</File>
223 | 			<File
224 | 				RelativePath=".\targetver.h"
225 | 				>
226 | 			</File>
227 | 		</Filter>
228 | 		<Filter
229 | 			Name="Resource Files"
230 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
231 | 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
232 | 			>
233 | 		</Filter>
234 | 		<File
235 | 			RelativePath=".\ReadMe.txt"
236 | 			>
237 | 		</File>
238 | 	</Files>
239 | 	<Globals>
240 | 	</Globals>
241 | </VisualStudioProject>
242 | 


--------------------------------------------------------------------------------
/UnitTest/UnitTest.cpp:
--------------------------------------------------------------------------------
  1 | #include "stdafx.h"
  2 | 
  3 | #define NO_CRT
  4 | 
  5 | #include "..\SecureWinApi\SecureWinApi\SecureWinApi.h"
  6 | #ifdef _DEBUG
  7 | #pragma comment( lib, "..\\Bin-Debug\\SecureWinApi.lib")
  8 | #else
  9 | #pragma comment( lib, "..\\Bin-Release\\SecureWinApi.lib")
 10 | #endif // _DEBUG
 11 | 
 12 | #ifdef NO_CRT
 13 | #pragma comment( linker, "/SUBSYSTEM:WINDOWS" )
 14 | #pragma comment( linker, "/ENTRY:main" )
 15 | //#define _tprintf __noop
 16 | //#define _tsystem __noop
 17 | #endif
 18 | 
 19 | 
 20 | DWORD GetThreadStartAddress( HANDLE ThreadHandle )
 21 | {
 22 | 	DWORD StartAddress = 0;
 23 | 
 24 | 	WinNtApi::NtQueryInformationThread( ThreadHandle, (PVOID)9, &StartAddress, sizeof( DWORD ), 0 );
 25 | 
 26 | 	if( !StartAddress )
 27 | 		WinNtApi::NtQueryInformationThread( ThreadHandle, (PVOID)8, &StartAddress, sizeof( DWORD ), 0 );
 28 | 
 29 | 	return( StartAddress );
 30 | }
 31 | 
 32 | // Checking the instruction pointer is removed temporarily,
 33 | // because imports are made to MSVCR functions when using a CONTEXT variable.
 34 | DWORD EnumerateThreads( DWORD ProcessId )
 35 | {
 36 | 	PVOID *SysProcess = ( PVOID * ) 0;
 37 | 	HANDLE ThreadHandle = 0;
 38 | 
 39 | 
 40 | 	CONTEXT ctx;
 41 | 	ctx.ContextFlags = CONTEXT_FULL;
 42 | 
 43 | 	DWORD BadThreadCount = 0;
 44 | 	DWORD ThreadStartAddress = 0;
 45 | 	DWORD ThreadIP = 0;
 46 | 
 47 | 	SYSTEM_PROCESS_INFORMATION *CurrProcess;
 48 | 
 49 | 	SysProcess = (PVOID *)Win32Api::VirtualAlloc(NULL, 0x100000, 0x1000, 0x04 );
 50 | 
 51 | 	NTSTATUS status = WinNtApi::NtQuerySystemInformation((PVOID)SystemProcessInformation, SysProcess, 0x100000,0);
 52 | 	if (status != STATUS_SUCCESS)
 53 | 	{
 54 | 		Win32Api::VirtualFree(SysProcess,0, MEM_RELEASE);
 55 | 		return 0;
 56 | 	}
 57 | 
 58 | 	CurrProcess = ( SYSTEM_PROCESS_INFORMATION * ) &SysProcess[0];
 59 | 	while( CurrProcess->NextEntryDelta && ( DWORD ) CurrProcess->ProcessId != ProcessId )
 60 | 	{
 61 | 		CurrProcess = ( SYSTEM_PROCESS_INFORMATION * ) ( ( DWORD ) CurrProcess + ( DWORD ) CurrProcess->NextEntryDelta );
 62 | 	}
 63 | 
 64 | 	for( unsigned int i = 0; i < CurrProcess->ThreadCount; i++ )
 65 | 	{
 66 | 		ThreadHandle = Win32Api::OpenThread( 0x48, FALSE, ( DWORD ) CurrProcess->Threads[i].ClientId.UniqueThread );
 67 | 		ThreadStartAddress = GetThreadStartAddress( ThreadHandle );
 68 | 
 69 | 		Win32Api::GetThreadContext( ThreadHandle, &ctx );
 70 | 
 71 | #ifdef _M_IX86
 72 | 		ThreadIP = ctx.Eip;
 73 | #elif _M_IX64
 74 | 		ThreadIP = ctx.Rip;
 75 | #endif
 76 | 
 77 | 		//_tprintf(_T("Thread [0x%08X]: StartAddress: 0x%08X\r\n"), CurrProcess->Threads[i].ClientId, ThreadStartAddress);
 78 | 
 79 | 		Win32Api::CloseHandle( ThreadHandle );
 80 | 	}
 81 | 	Win32Api::VirtualFree(SysProcess,0, MEM_RELEASE);
 82 | 	return 0;
 83 | 	return( BadThreadCount );
 84 | }
 85 | 
 86 | DWORD EnumerateModules( )
 87 | {
 88 | 	PLIST_ENTRY pebModuleHeader, ModuleLoop;
 89 | 	PLDR_MODULE lclModule;
 90 | 	PPEB_LDR_DATA pebModuleLdr;
 91 | 	DWORD BadModuleCount = 0;
 92 | 
 93 | #if _M_IX86
 94 | 	pebModuleLdr = ( PPEB_LDR_DATA ) *( ( DWORD_PTR * ) __readfsdword( 0x30 ) + 12 / sizeof( DWORD_PTR ) );
 95 | #elif _M_X64
 96 | 	pebModuleLdr = ( PPEB_LDR_DATA ) *( ( DWORD_PTR * ) __readgsqword( 0x60 ) + 24 / sizeof( DWORD_PTR ) );
 97 | #endif
 98 | 
 99 | 	pebModuleHeader = ( PLIST_ENTRY ) &pebModuleLdr->InLoadOrderModuleList;
100 | 
101 | 	lclModule = ( PLDR_MODULE ) pebModuleHeader->Flink;
102 | 	ModuleLoop = pebModuleHeader->Flink;
103 | 	while( pebModuleHeader != ModuleLoop)
104 | 	{
105 | 		//_tprintf(_T("Module [%s]:\r\n")
106 | 		//	_T("\tBaseName: %s\r\n")
107 | 		//	_T("\tEntryPoint: 0x%08X\r\n") 
108 | 		//	_T("\tBase: 0x%08X\r\n") 
109 | 		//	_T("\tSize: 0x%08X\r\n"), 
110 | 		//	lclModule->FullDllName.Buffer,
111 | 		//	lclModule->BaseDllName.Buffer,
112 | 		//	lclModule->EntryPoint,
113 | 		//	lclModule->BaseAddress,
114 | 		//	lclModule->SizeOfImage);
115 | 
116 | 		lclModule = ( PLDR_MODULE ) ModuleLoop->Flink;
117 | 		ModuleLoop = ModuleLoop->Flink;
118 | 	}
119 | 	return( BadModuleCount );
120 | }
121 | 
122 | DWORD EnumerateRegions( )
123 | {
124 | 	DWORD BadSegmentCount = 0;
125 | 	MEMORY_BASIC_INFORMATION pe, text, rdata, data, rsrc, reloc;
126 | 
127 | 	Win32Api::VirtualQuery( ( void * ) 0x00400000, &pe, sizeof( MEMORY_BASIC_INFORMATION ) );
128 | 	Win32Api::VirtualQuery( ( void * ) 0x00401000, &text, sizeof( MEMORY_BASIC_INFORMATION ) );
129 | 	Win32Api::VirtualQuery( ( void * ) 0x00402000, &rdata, sizeof( MEMORY_BASIC_INFORMATION ) );
130 | 	Win32Api::VirtualQuery( ( void * ) 0x00403000, &data, sizeof( MEMORY_BASIC_INFORMATION ) );
131 | 	Win32Api::VirtualQuery( ( void * ) 0x00405000, &rsrc, sizeof( MEMORY_BASIC_INFORMATION ) );
132 | 	Win32Api::VirtualQuery( ( void * ) 0x00406000, &reloc, sizeof( MEMORY_BASIC_INFORMATION ) );
133 | 
134 | 	//_tprintf(_T("MemRegion [0x00400000]:")
135 | 	//	_T("\tBaseAddress: 0x%08X\r\n")
136 | 	//	_T("\tAllocationBase: 0x%08X\r\n")
137 | 	//	_T("\tAllocationProtect: 0x%08X\r\n")
138 | 	//	_T("\tRegionSize: 0x%08X\r\n")
139 | 	//	_T("\tState: 0x%08X\r\n")
140 | 	//	_T("\tProtect: 0x%08X\r\n")
141 | 	//	_T("\tType: 0x%08X\r\n"),
142 | 	//	pe.BaseAddress,
143 | 	//	pe.AllocationBase,
144 | 	//	pe.AllocationProtect,
145 | 	//	pe.RegionSize,
146 | 	//	pe.State,
147 | 	//	pe.Protect,
148 | 	//	pe.Type);
149 | 
150 | 	return( BadSegmentCount );
151 | }
152 | 
153 | void main( )
154 | {
155 | 	//_tprintf(_T("EnumerateThreads:\r\n"));
156 | 
157 | 	HANDLE hMod = Win32Api::LoadLibraryA("CalleeMaze.dll");
158 | 
159 | 	if (hMod)
160 | 	{
161 | 		_tprintf(_T("LoadLibraryW success!\r\n"));
162 | 	}
163 | 	else
164 | 	{
165 | 		_tprintf(_T("LoadLibraryW failed!\r\n"));
166 | 	}
167 | 
168 | 	if( EnumerateThreads( Win32Api::GetCurrentProcessId( ) ) != 0 )
169 | 		Win32Api::ExitProcess( -1 );
170 | 
171 | 	//_tprintf(_T("\r\n"));
172 | 	//_tprintf(_T("EnumerateModules:\r\n"));
173 | 	if( EnumerateModules( ) != 0 )
174 | 		Win32Api::ExitProcess( -3 );
175 | 
176 | 	//_tprintf(_T("\r\n"));
177 | 	//_tprintf(_T("EnumerateRegions:\r\n"));
178 | 	if( EnumerateRegions( ) != 0 )
179 | 		Win32Api::ExitProcess( -4 );
180 | 
181 | 	//_tsystem(_T("PAUSE"));
182 | 	Win32Api::ExitProcess( 0 );
183 | }


--------------------------------------------------------------------------------
/UnitTest/UnitTest.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |   </ItemGroup>
 13 |   <PropertyGroup Label="Globals">
 14 |     <ProjectGuid>{0F2F5367-1C8C-48BB-942D-E49C17481B92}</ProjectGuid>
 15 |     <RootNamespace>UnitTest</RootNamespace>
 16 |     <Keyword>Win32Proj</Keyword>
 17 |   </PropertyGroup>
 18 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 19 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 20 |     <ConfigurationType>Application</ConfigurationType>
 21 |     <CharacterSet>Unicode</CharacterSet>
 22 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 23 |   </PropertyGroup>
 24 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 25 |     <ConfigurationType>Application</ConfigurationType>
 26 |     <CharacterSet>Unicode</CharacterSet>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 29 |   <ImportGroup Label="ExtensionSettings">
 30 |   </ImportGroup>
 31 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
 32 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 33 |   </ImportGroup>
 34 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
 35 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 36 |   </ImportGroup>
 37 |   <PropertyGroup Label="UserMacros" />
 38 |   <PropertyGroup>
 39 |     <_ProjectFileVersion>10.0.40219.1</_ProjectFileVersion>
 40 |     <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(SolutionDir)Bin-$(Configuration)\</OutDir>
 41 |     <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(Configuration)\</IntDir>
 42 |     <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</LinkIncremental>
 43 |     <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(SolutionDir)Bin-$(Configuration)\</OutDir>
 44 |     <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(Configuration)\</IntDir>
 45 |     <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
 46 |   </PropertyGroup>
 47 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 48 |     <ClCompile>
 49 |       <Optimization>Disabled</Optimization>
 50 |       <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
 51 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 52 |       <MinimalRebuild>false</MinimalRebuild>
 53 |       <ExceptionHandling>
 54 |       </ExceptionHandling>
 55 |       <BasicRuntimeChecks>Default</BasicRuntimeChecks>
 56 |       <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
 57 |       <BufferSecurityCheck>false</BufferSecurityCheck>
 58 |       <PrecompiledHeader>Use</PrecompiledHeader>
 59 |       <WarningLevel>Level3</WarningLevel>
 60 |       <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
 61 |     </ClCompile>
 62 |     <Link>
 63 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 64 |       <SubSystem>Console</SubSystem>
 65 |       <DataExecutionPrevention>false</DataExecutionPrevention>
 66 |       <TargetMachine>MachineX86</TargetMachine>
 67 |     </Link>
 68 |   </ItemDefinitionGroup>
 69 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 70 |     <ClCompile>
 71 |       <Optimization>Disabled</Optimization>
 72 |       <IntrinsicFunctions>false</IntrinsicFunctions>
 73 |       <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
 74 |       <WholeProgramOptimization>false</WholeProgramOptimization>
 75 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 76 |       <ExceptionHandling>
 77 |       </ExceptionHandling>
 78 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
 79 |       <BufferSecurityCheck>false</BufferSecurityCheck>
 80 |       <FunctionLevelLinking>false</FunctionLevelLinking>
 81 |       <PrecompiledHeader>Use</PrecompiledHeader>
 82 |       <WarningLevel>Level3</WarningLevel>
 83 |       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
 84 |     </ClCompile>
 85 |     <Link>
 86 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 87 |       <SubSystem>Console</SubSystem>
 88 |       <OptimizeReferences>true</OptimizeReferences>
 89 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 90 |       <TargetMachine>MachineX86</TargetMachine>
 91 |     </Link>
 92 |   </ItemDefinitionGroup>
 93 |   <ItemGroup>
 94 |     <ClCompile Include="stdafx.cpp">
 95 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
 96 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
 97 |     </ClCompile>
 98 |     <ClCompile Include="UnitTest.cpp" />
 99 |   </ItemGroup>
100 |   <ItemGroup>
101 |     <ClInclude Include="stdafx.h" />
102 |     <ClInclude Include="targetver.h" />
103 |   </ItemGroup>
104 |   <ItemGroup>
105 |     <None Include="ReadMe.txt" />
106 |   </ItemGroup>
107 |   <ItemGroup>
108 |     <ProjectReference Include="..\SecureWinApi\SecureWinApi.vcxproj">
109 |       <Project>{d671af0b-d944-44bc-9727-81e97e8ee92b}</Project>
110 |       <ReferenceOutputAssembly>false</ReferenceOutputAssembly>
111 |     </ProjectReference>
112 |   </ItemGroup>
113 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
114 |   <ImportGroup Label="ExtensionTargets">
115 |   </ImportGroup>
116 | </Project>


--------------------------------------------------------------------------------
/Generator/Generator.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |   </ItemGroup>
 13 |   <PropertyGroup Label="Globals">
 14 |     <ProjectGuid>{65145883-2B29-460A-86BD-FBE1FF14CCDD}</ProjectGuid>
 15 |     <RootNamespace>Generator</RootNamespace>
 16 |     <Keyword>Win32Proj</Keyword>
 17 |   </PropertyGroup>
 18 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 19 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 20 |     <ConfigurationType>Application</ConfigurationType>
 21 |     <CharacterSet>Unicode</CharacterSet>
 22 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 23 |   </PropertyGroup>
 24 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 25 |     <ConfigurationType>Application</ConfigurationType>
 26 |     <CharacterSet>Unicode</CharacterSet>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 29 |   <ImportGroup Label="ExtensionSettings">
 30 |   </ImportGroup>
 31 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
 32 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 33 |   </ImportGroup>
 34 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
 35 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 36 |   </ImportGroup>
 37 |   <PropertyGroup Label="UserMacros" />
 38 |   <PropertyGroup>
 39 |     <_ProjectFileVersion>10.0.40219.1</_ProjectFileVersion>
 40 |     <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(SolutionDir)Bin-$(Configuration)\</OutDir>
 41 |     <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(Configuration)\</IntDir>
 42 |     <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</LinkIncremental>
 43 |     <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(SolutionDir)Bin-$(Configuration)\</OutDir>
 44 |     <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(Configuration)\</IntDir>
 45 |     <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
 46 |     <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
 47 |   </PropertyGroup>
 48 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 49 |     <ClCompile>
 50 |       <Optimization>Disabled</Optimization>
 51 |       <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
 52 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 53 |       <MinimalRebuild>true</MinimalRebuild>
 54 |       <ExceptionHandling>
 55 |       </ExceptionHandling>
 56 |       <BasicRuntimeChecks>Default</BasicRuntimeChecks>
 57 |       <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
 58 |       <BufferSecurityCheck>false</BufferSecurityCheck>
 59 |       <PrecompiledHeader>Use</PrecompiledHeader>
 60 |       <AssemblerOutput>AssemblyAndSourceCode</AssemblerOutput>
 61 |       <WarningLevel>Level3</WarningLevel>
 62 |       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
 63 |     </ClCompile>
 64 |     <Link>
 65 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 66 |       <SubSystem>Console</SubSystem>
 67 |       <OptimizeReferences>true</OptimizeReferences>
 68 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 69 |       <EntryPointSymbol>
 70 |       </EntryPointSymbol>
 71 |       <DataExecutionPrevention>false</DataExecutionPrevention>
 72 |       <TargetMachine>MachineX86</TargetMachine>
 73 |     </Link>
 74 |   </ItemDefinitionGroup>
 75 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 76 |     <ClCompile>
 77 |       <Optimization>Disabled</Optimization>
 78 |       <IntrinsicFunctions>false</IntrinsicFunctions>
 79 |       <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
 80 |       <WholeProgramOptimization>false</WholeProgramOptimization>
 81 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 82 |       <ExceptionHandling>
 83 |       </ExceptionHandling>
 84 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
 85 |       <BufferSecurityCheck>false</BufferSecurityCheck>
 86 |       <FunctionLevelLinking>false</FunctionLevelLinking>
 87 |       <PrecompiledHeader>Use</PrecompiledHeader>
 88 |       <AssemblerOutput>AssemblyAndSourceCode</AssemblerOutput>
 89 |       <WarningLevel>Level3</WarningLevel>
 90 |       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 94 |       <SubSystem>Console</SubSystem>
 95 |       <OptimizeReferences>true</OptimizeReferences>
 96 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 97 |       <LinkTimeCodeGeneration>
 98 |       </LinkTimeCodeGeneration>
 99 |       <EntryPointSymbol>
100 |       </EntryPointSymbol>
101 |       <TargetMachine>MachineX86</TargetMachine>
102 |     </Link>
103 |   </ItemDefinitionGroup>
104 |   <ItemGroup>
105 |     <ClCompile Include="Generator.cpp" />
106 |     <ClCompile Include="stdafx.cpp">
107 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
108 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
109 |     </ClCompile>
110 |   </ItemGroup>
111 |   <ItemGroup>
112 |     <ClInclude Include="stdafx.h" />
113 |     <ClInclude Include="targetver.h" />
114 |   </ItemGroup>
115 |   <ItemGroup>
116 |     <None Include="ReadMe.txt" />
117 |   </ItemGroup>
118 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
119 |   <ImportGroup Label="ExtensionTargets">
120 |   </ImportGroup>
121 | </Project>


--------------------------------------------------------------------------------
/SecureWinApi/SecureWinApi/SecureWinApiTable.h:
--------------------------------------------------------------------------------
  1 | 
  2 | #if defined(SECURE_WIN_API_GENERATOR)
  3 | 
  4 | #define API_TABLE_START void __declspec(naked) g_ApiTable() {
  5 | 
  6 | #define API_THUNK(ns, api, hash, argcount) __asm jmp ns##::##api	\
  7 | 	__asm mov edi, hash	\
  8 | 	__asm mov edi, argcount
  9 | 
 10 | #define API_TABLE_END }
 11 | 
 12 | #else
 13 | 
 14 | #define API_TABLE_START enum SecureWinApiIndex {
 15 | 
 16 | #define API_THUNK(ns, api, hash, argcount) i_##api##,
 17 | 
 18 | #define API_TABLE_END };
 19 | 
 20 | #pragma pack(push, 1)
 21 | typedef struct _WINAPI_THUNK_DATA {
 22 | 	union 
 23 | 	{
 24 | 		UCHAR jmp_thunk[5];
 25 | 		struct   
 26 | 		{
 27 | 			UCHAR op_jmp;
 28 | 			DWORD op_offset;
 29 | 		};
 30 | 	};
 31 | 
 32 | 	UCHAR r1;
 33 | 	DWORD Hash;
 34 | 	UCHAR r2;
 35 | 	DWORD ArgCount;
 36 | }WINAPI_THUNK_DATA, *PWINAPI_THUNK_DATA;
 37 | #pragma pack(pop)
 38 | 
 39 | #define SECURE_WIN_API_TABLE PWINAPI_THUNK_DATA
 40 | #endif
 41 | 
 42 | 
 43 | // When SECURE_WIN_API_GENERATOR is defined, the code will be parsed as follows:
 44 | // 
 45 | // void __declspec(naked) g_ApiTable() {
 46 | //
 47 | //	__asm jmp Win32Api, GetCurrentProcess
 48 | //  __asm mov edi, 0x000000
 49 | //  __asm mov edi, 0x000000
 50 | //  
 51 | //	__asm jmp Win32Api, GetCurrentProcessId
 52 | //  __asm mov edi, 0x000000
 53 | //  __asm mov edi, 0x000000
 54 | //  
 55 | //		............
 56 | // }
 57 | //
 58 | // When SECURE_WIN_API_GENERATOR is not defined, the code will parsed as follows:
 59 | // 
 60 | // enum SecureWinApiIndex {
 61 | //		i_GetCurrentProcess,
 62 | //		i_GetCurrentProcessId,
 63 | //		
 64 | //		..................
 65 | // }
 66 | 
 67 | API_TABLE_START
 68 | 	// Win32Apis
 69 | 	API_THUNK(Win32Api, GetCurrentProcess, 0xBC85D1F6, 0x00000000)
 70 | 	API_THUNK(Win32Api, GetCurrentThread, 0xE25BEC90, 0x00000000)
 71 | 	API_THUNK(Win32Api, GetCurrentProcessId, 0x91CBF6C1, 0x00000000)
 72 | 	API_THUNK(Win32Api, GetCurrentThreadId, 0xFA04282F, 0x00000000)
 73 | 	API_THUNK(Win32Api, OpenProcess, 0x24D73A92, 0x00000003)
 74 | 	API_THUNK(Win32Api, OpenThread, 0x629034D2, 0x00000003)
 75 | 	API_THUNK(Win32Api, GetThreadContext, 0x55125DCF, 0x00000002)
 76 | 	API_THUNK(Win32Api, SetThreadContext, 0x437FBCAD, 0x00000002)
 77 | 	API_THUNK(Win32Api, TerminateProcess, 0x0B81BD02, 0x00000002)
 78 | 	API_THUNK(Win32Api, ExitProcess, 0xC91F6309, 0x00000001)
 79 | 	API_THUNK(Win32Api, Thread32First, 0xEBB22164, 0x00000002)
 80 | 	API_THUNK(Win32Api, Thread32Next, 0x00abcdef, 0x00000002)
 81 | 	API_THUNK(Win32Api, Process32FirstA, 0xE432ADB0, 0x00000002)
 82 | 	API_THUNK(Win32Api, Process32NextA, 0x81662D33, 0x00000002)
 83 | 	API_THUNK(Win32Api, Process32FirstW, 0x9F55D75A, 0x00000002)
 84 | 	API_THUNK(Win32Api, Process32NextW, 0x5EBC16C8, 0x00000002)
 85 | 	API_THUNK(Win32Api, Module32FirstA, 0x3C0E6822, 0x00000002)
 86 | 	API_THUNK(Win32Api, Module32FirstW, 0xE3D453D9, 0x00000002)
 87 | 	API_THUNK(Win32Api, Module32NextA, 0xDC0D19FD, 0x00000002)
 88 | 	API_THUNK(Win32Api, Module32NextW, 0x03D72206, 0x00000002)
 89 | 	API_THUNK(Win32Api, Toolhelp32ReadProcessMemory, 0x3EEAA09D, 0x00000005)
 90 | 	API_THUNK(Win32Api, ReadProcessMemory, 0x9AE5BC7E, 0x00000005)
 91 | 	API_THUNK(Win32Api, WriteProcessMemory, 0x546DB682, 0x00000005)
 92 | 	API_THUNK(Win32Api, VirtualAlloc, 0x9C4D6422, 0x00000004)
 93 | 	API_THUNK(Win32Api, VirtualAllocEx, 0x9F5CC0FA, 0x00000005)
 94 | 	API_THUNK(Win32Api, VirtualQuery, 0x2908E9A7, 0x00000003)
 95 | 	API_THUNK(Win32Api, VirtualQueryEx, 0x4AA1E62C, 0x00000004)
 96 | 	API_THUNK(Win32Api, VirtualFree, 0xF44FFBAC, 0x00000003)
 97 | 	API_THUNK(Win32Api, VirtualFreeEx, 0x5AEC93E8, 0x00000004) 
 98 | 	API_THUNK(Win32Api, VirtualProtect, 0x436E824D, 0x00000004)
 99 | 	API_THUNK(Win32Api, VirtualProtectEx, 0x34502FFC, 0x00000005)
100 | 	API_THUNK(Win32Api, GetProcessHeap, 0xAB3DC953, 0x00000000)
101 | 	API_THUNK(Win32Api, HeapAlloc, 0xE2213943, 0x00000003)
102 | 	API_THUNK(Win32Api, HeapReAlloc, 0x6BF78147, 0x00000004)
103 | 	API_THUNK(Win32Api, HeapFree, 0x296E27A1, 0x00000003)
104 | 	API_THUNK(Win32Api, MapViewOfFile, 0x636DA884, 0x00000005)	
105 | 	API_THUNK(Win32Api, MapViewOfFileEx, 0xF5D3AA2E, 0x00000006)
106 | 	API_THUNK(Win32Api, UnmapViewOfFile, 0x5336CB91, 0x00000001)
107 | 	API_THUNK(Win32Api, GetVersion, 0x7F862CCD, 0x00000000)
108 | 	API_THUNK(Win32Api, LoadLibraryA, 0x34B3D920, 0x00000003)
109 | 	API_THUNK(Win32Api, LoadLibraryW, 0xEB69E2DB, 0x00000003)
110 | 	API_THUNK(Win32Api, GetModuleHandleA, 0x8DBD9218, 0x00000001)
111 | 	API_THUNK(Win32Api, GetModuleHandleW, 0x5267A9E3, 0x00000001)
112 | 	API_THUNK(Win32Api, GetModuleFileNameW, 0xA722F917, 0x00000003)
113 | 	API_THUNK(Win32Api, GetProcAddress, 0x874717F5, 0x00000002)
114 | 	API_THUNK(Win32Api, IsBadReadPtr, 0x366D5D9B, 0x00000002)
115 | 	API_THUNK(Win32Api, IsBadWritePtr, 0xFE091BE6, 0x00000002)
116 | 	API_THUNK(Win32Api, CloseHandle, 0x017C1E0C, 0x00000001)
117 | 	API_THUNK(Win32Api, SetLastError, 0x6F226FD0, 0x00000001)
118 | 	API_THUNK(Win32Api, CreateFileA, 0xC100651F, 0x00000007)
119 | 	API_THUNK(Win32Api, CreateFileW, 0x1EDA5EE4, 0x00000007)
120 | 	API_THUNK(Win32Api, CreateFileMappingW, 0x041F7EC0, 0x00000006)
121 | 	API_THUNK(Win32Api, CreateFileMappingA, 0xDBC5453B, 0x00000006)
122 | 	API_THUNK(Win32Api, WideCharToMultiByte, 0x4B636C68, 0x00000008)
123 | 
124 | 	// WinNtApis
125 | 	API_THUNK(WinNtApi, LdrGetProcedureAddress, 0xDDA0FB84, 0x00000004)
126 | 	API_THUNK(WinNtApi, LdrLoadDll, 0x24E99BFC, 0x00000004)
127 | 	API_THUNK(WinNtApi, NtAcceptConnectPort, 0x5969A20D, 0x00000006)
128 | 	API_THUNK(WinNtApi, NtAccessCheck, 0x336B4200, 0x00000008)
129 | 	API_THUNK(WinNtApi, NtAccessCheckAndAuditAlarm, 0x908DFDC4, 0x0000000B)
130 | 	API_THUNK(WinNtApi, NtAddAtom, 0x3522D0CA, 0x00000003)
131 | 	API_THUNK(WinNtApi, NtAdjustGroupsToken, 0xA6B96A8F, 0x00000006)
132 | 	API_THUNK(WinNtApi, NtAdjustPrivilegesToken, 0xE93040C8, 0x00000006)
133 | 	API_THUNK(WinNtApi, NtAlertResumeThread, 0x83F59376, 0x00000002)
134 | 	API_THUNK(WinNtApi, NtAlertThread, 0x2382A4AE, 0x00000001)
135 | 	API_THUNK(WinNtApi, NtAllocateLocallyUniqueId, 0x298CEB83, 0x00000001)
136 | 	API_THUNK(WinNtApi, NtAllocateVirtualMemory, 0xE639191D, 0x00000006)
137 | 	API_THUNK(WinNtApi, NtCallbackReturn, 0x72E22936, 0x00000003)
138 | 	API_THUNK(WinNtApi, NtCancelIoFile, 0x4BE4D524, 0x00000002)
139 | 	API_THUNK(WinNtApi, NtCancelTimer, 0xB0F5AF66, 0x00000002)
140 | 	API_THUNK(WinNtApi, NtClearEvent, 0xBDC376AF, 0x00000001)
141 | 	API_THUNK(WinNtApi, NtClose, 0xBE6C1D90, 0x00000001)
142 | 	API_THUNK(WinNtApi, NtCloseObjectAuditAlarm, 0x7CD060E3, 0x00000003)
143 | 	API_THUNK(WinNtApi, NtCompleteConnectPort, 0xFEF7A12D, 0x00000001)
144 | 	API_THUNK(WinNtApi, NtConnectPort, 0x22FC56FA, 0x00000008)
145 | 	API_THUNK(WinNtApi, NtContinue, 0x4907D7EC, 0x00000002)
146 | 	API_THUNK(WinNtApi, NtCreateDirectoryObject, 0xD06EEF81, 0x00000003)
147 | 	API_THUNK(WinNtApi, NtCreateEvent, 0x3311CA68, 0x00000005)
148 | 	API_THUNK(WinNtApi, NtCreateEventPair, 0xF161867D, 0x00000003)
149 | 	API_THUNK(WinNtApi, NtCreateFile, 0x017735CB, 0x0000000B)
150 | 	API_THUNK(WinNtApi, NtCreateIoCompletion, 0xD09FD7C1, 0x00000004)
151 | 	API_THUNK(WinNtApi, NtCreateKey, 0x0CDAB90F, 0x00000007)
152 | 	API_THUNK(WinNtApi, NtCreateMailslotFile, 0x55E4256A, 0x00000008)
153 | 	API_THUNK(WinNtApi, NtCreateMutant, 0x864DB378, 0x00000004)
154 | 	API_THUNK(WinNtApi, NtCreateNamedPipeFile, 0xB04D1C27, 0x0000000E)
155 | 	API_THUNK(WinNtApi, NtCreatePagingFile, 0x90C93B7D, 0x00000004)
156 | 	API_THUNK(WinNtApi, NtCreatePort, 0x883B50FD, 0x00000005)
157 | 	API_THUNK(WinNtApi, NtCreateProcess, 0xE6DDF878, 0x00000008)
158 | 	API_THUNK(WinNtApi, NtCreateProfile, 0x7D1BFC31, 0x00000009)
159 | 	API_THUNK(WinNtApi, NtCreateSection, 0x7CE2EFA2, 0x00000007)
160 | 	API_THUNK(WinNtApi, NtCreateSemaphore, 0x80F30ED8, 0x00000005)
161 | 	API_THUNK(WinNtApi, NtCreateSymbolicLinkObject, 0xF6CD3297, 0x00000004)
162 | 	API_THUNK(WinNtApi, NtCreateThread, 0xBFAD796E, 0x00000008)
163 | 	API_THUNK(WinNtApi, NtCreateTimer, 0x1535A482, 0x00000004)
164 | 	API_THUNK(WinNtApi, NtCreateToken, 0x58497A44, 0x0000000D)
165 | 	API_THUNK(WinNtApi, NtCurrentTeb, 0xF0C8F067, 0x00000000)
166 | 	API_THUNK(WinNtApi, NtDelayExecution, 0x19DBEBAB, 0x00000002)
167 | 	API_THUNK(WinNtApi, NtDeleteAtom, 0xC188C87C, 0x00000001)
168 | 	API_THUNK(WinNtApi, NtDeleteFile, 0x809DB124, 0x00000001)
169 | 	API_THUNK(WinNtApi, NtDeleteKey, 0x58489BDB, 0x00000001)
170 | 	API_THUNK(WinNtApi, NtDeleteValueKey, 0x50206FEF, 0x00000002)
171 | 	API_THUNK(WinNtApi, NtDeviceIoControlFile, 0xD451F2CC, 0x0000000A)
172 | 	API_THUNK(WinNtApi, NtDisplayString, 0x74588DAE, 0x00000001)
173 | 	API_THUNK(WinNtApi, NtDuplicateObject, 0x0CFF301C, 0x00000007)
174 | 	API_THUNK(WinNtApi, NtDuplicateToken, 0x93FBEB87, 0x00000006)
175 | 	API_THUNK(WinNtApi, NtEnumerateKey, 0x1D5454C3, 0x00000006)
176 | 	API_THUNK(WinNtApi, NtEnumerateValueKey, 0xB6ACACA8, 0x00000006)
177 | 	API_THUNK(WinNtApi, NtExtendSection, 0x99D7F1BB, 0x00000002)
178 | 	API_THUNK(WinNtApi, NtFindAtom, 0x7C93FAA2, 0x00000003)
179 | 	API_THUNK(WinNtApi, NtFlushBuffersFile, 0x873CB9B0, 0x00000002)
180 | 	API_THUNK(WinNtApi, NtFlushInstructionCache, 0x279936D5, 0x00000003)
181 | 	API_THUNK(WinNtApi, NtFlushKey, 0x77EE3E2D, 0x00000001)
182 | 	API_THUNK(WinNtApi, NtFlushVirtualMemory, 0x667148AC, 0x00000004)
183 | 	API_THUNK(WinNtApi, NtFlushWriteBuffer, 0x58919D69, 0x00000000)
184 | 	API_THUNK(WinNtApi, NtFreeVirtualMemory, 0xCC6B26EB, 0x00000004)
185 | 	API_THUNK(WinNtApi, NtFsControlFile, 0x0EE8B2F9, 0x0000000A)
186 | 	API_THUNK(WinNtApi, NtGetContextThread, 0x6FF2ADDE, 0x00000002)
187 | 	API_THUNK(WinNtApi, NtGetPlugPlayEvent, 0xD59F441A, 0x00000004)
188 | 	API_THUNK(WinNtApi, NtImpersonateClientOfPort, 0x8DFEE7F3, 0x00000002)
189 | 	API_THUNK(WinNtApi, NtImpersonateThread, 0x0E16B412, 0x00000003)
190 | 	API_THUNK(WinNtApi, NtInitializeRegistry, 0xB431D3D3, 0x00000001)
191 | 	API_THUNK(WinNtApi, NtListenPort, 0x02B86DF5, 0x00000002)
192 | 	API_THUNK(WinNtApi, NtLoadDriver, 0x14ECCD00, 0x00000001)
193 | 	API_THUNK(WinNtApi, NtLoadKey, 0x4635BABE, 0x00000002)
194 | 	API_THUNK(WinNtApi, NtLockFile, 0x7B45484A, 0x0000000A)
195 | 	API_THUNK(WinNtApi, NtLockVirtualMemory, 0x133B2500, 0x00000004)
196 | 	API_THUNK(WinNtApi, NtMapViewOfSection, 0x4C92A2D7, 0x0000000A)
197 | 	API_THUNK(WinNtApi, NtNotifyChangeDirectoryFile, 0xFD0ED9AF, 0x00000009)
198 | 	API_THUNK(WinNtApi, NtNotifyChangeKey, 0xBF7372EA, 0x0000000A) 
199 | 	API_THUNK(WinNtApi, NtOpenDirectoryObject, 0x4F35D905, 0x00000003)
200 | 	API_THUNK(WinNtApi, NtOpenEvent, 0x34DAF31C, 0x00000003)
201 | 	API_THUNK(WinNtApi, NtOpenEventPair, 0x88ECF48F, 0x00000003)
202 | 	API_THUNK(WinNtApi, NtOpenFile, 0xA78A58CF, 0x00000006)
203 | 	API_THUNK(WinNtApi, NtOpenIoCompletion, 0xE8DF94EF, 0x00000003)
204 | 	API_THUNK(WinNtApi, NtOpenKey, 0x4DE0DAAA, 0x00000003)
205 | 	API_THUNK(WinNtApi, NtOpenMutant, 0xD122CD64, 0x00000003)
206 | 	API_THUNK(WinNtApi, NtOpenObjectAuditAlarm, 0xC047FB26, 0x0000000C)
207 | 	API_THUNK(WinNtApi, NtOpenProcess, 0xF28BCB49, 0x00000004)
208 | 	API_THUNK(WinNtApi, NtOpenProcessToken, 0xBA08F99C, 0x00000003)
209 | 	API_THUNK(WinNtApi, NtOpenSection, 0x68B4DC93, 0x00000003)
210 | 	API_THUNK(WinNtApi, NtOpenSemaphore, 0xF97E7C2A, 0x00000003)
211 | 	API_THUNK(WinNtApi, NtOpenSymbolicLinkObject, 0x6554985D, 0x00000003)
212 | 	API_THUNK(WinNtApi, NtOpenThread, 0xE8C20772, 0x00000004)
213 | 	API_THUNK(WinNtApi, NtOpenThreadToken, 0x9F046D21, 0x00000004)
214 | 	API_THUNK(WinNtApi, NtOpenTimer, 0x12FE9DF6, 0x00000003)
215 | 	API_THUNK(WinNtApi, NtPrivilegeCheck, 0x96D80F56, 0x00000003)
216 | 	API_THUNK(WinNtApi, NtPrivilegeObjectAuditAlarm, 0x50FAAE3A, 0x00000006)
217 | 	API_THUNK(WinNtApi, NtPrivilegedServiceAuditAlarm, 0xAA4AA0E2, 0x00000005)
218 | 	API_THUNK(WinNtApi, NtProtectVirtualMemory, 0x5AEB376D, 0x00000005)
219 | 	API_THUNK(WinNtApi, NtPulseEvent, 0x3DE15CD9, 0x00000002)
220 | 	API_THUNK(WinNtApi, NtQueryAttributesFile, 0x9D80628C, 0x00000002)
221 | 	API_THUNK(WinNtApi, NtQueryDefaultLocale, 0x3EF0BCC7, 0x00000002)
222 | 	API_THUNK(WinNtApi, NtQueryDirectoryFile, 0xED7DF349, 0x0000000B)
223 | 	API_THUNK(WinNtApi, NtQueryDirectoryObject, 0x75EB60C1, 0x00000007)
224 | 	API_THUNK(WinNtApi, NtQueryEaFile, 0x99F67EE0, 0x00000009)
225 | 	API_THUNK(WinNtApi, NtQueryEvent, 0xFA74924F, 0x00000005)
226 | 	API_THUNK(WinNtApi, NtQueryFullAttributesFile, 0x4FDA19FD, 0x00000002)
227 | 	API_THUNK(WinNtApi, NtQueryInformationAtom, 0x8A21A069, 0x00000005)
228 | 	API_THUNK(WinNtApi, NtQueryInformationFile, 0xCB34D931, 0x00000005)
229 | 	API_THUNK(WinNtApi, NtQueryInformationPort, 0x4278BC07, 0x00000005)
230 | 	API_THUNK(WinNtApi, NtQueryInformationProcess, 0x4390A27E, 0x00000005)
231 | 	API_THUNK(WinNtApi, NtQueryInformationThread, 0xF8421449, 0x00000005)
232 | 	API_THUNK(WinNtApi, NtQueryInformationToken, 0x05EB22AA, 0x00000005)
233 | 	API_THUNK(WinNtApi, NtQueryIntervalProfile, 0xDB7B1CCD, 0x00000002)
234 | 	API_THUNK(WinNtApi, NtQueryIoCompletion, 0x60CF03F8, 0x00000005)
235 | 	API_THUNK(WinNtApi, NtQueryKey, 0x72B9349C, 0x00000005)
236 | 	API_THUNK(WinNtApi, NtQueryMultipleValueKey, 0xB5541499, 0x00000006)
237 | 	API_THUNK(WinNtApi, NtQueryMutant, 0x238E634B, 0x00000005)
238 | 	API_THUNK(WinNtApi, NtQueryObject, 0xAB9AC1B4, 0x00000005)
239 | 	API_THUNK(WinNtApi, NtQueryPerformanceCounter, 0x857B5D3D, 0x00000002)
240 | 	API_THUNK(WinNtApi, NtQuerySection, 0xC3974D64, 0x00000005)
241 | 	API_THUNK(WinNtApi, NtQuerySecurityObject, 0x9A6EFA2E, 0x00000005)
242 | 	API_THUNK(WinNtApi, NtQuerySemaphore, 0x258B03A1, 0x00000005)
243 | 	API_THUNK(WinNtApi, NtQuerySymbolicLinkObject, 0xA79E4CD9, 0x00000003)
244 | 	API_THUNK(WinNtApi, NtQuerySystemEnvironmentValue, 0x19B139E4, 0x00000004)
245 | 	API_THUNK(WinNtApi, NtQuerySystemInformation, 0xFB1A9D57, 0x00000004)
246 | 	API_THUNK(WinNtApi, NtQuerySystemTime, 0x528E5BA5, 0x00000001)
247 | 	API_THUNK(WinNtApi, NtQueryTimer, 0xDC50FCA5, 0x00000005)
248 | 	API_THUNK(WinNtApi, NtQueryTimerResolution, 0xAABEB818, 0x00000003)
249 | 	API_THUNK(WinNtApi, NtQueryValueKey, 0x7496372A, 0x00000006)
250 | 	API_THUNK(WinNtApi, NtQueryVirtualMemory, 0x9FB0F74D, 0x00000006)
251 | 	API_THUNK(WinNtApi, NtQueryVolumeInformationFile, 0x4C4DDEFF, 0x00000005)
252 | 	API_THUNK(WinNtApi, NtQueueApcThread, 0xF19C7360, 0x00000005)
253 | 	API_THUNK(WinNtApi, NtRaiseException, 0x69151B70, 0x00000003)
254 | 	API_THUNK(WinNtApi, NtRaiseHardError, 0x122924C5, 0x00000006)
255 | 	API_THUNK(WinNtApi, NtReadFile, 0x1CF1ECF1, 0x00000009)
256 | 	API_THUNK(WinNtApi, NtReadFileScatter, 0x6D693CDF, 0x00000009)
257 | 	API_THUNK(WinNtApi, NtReadRequestData, 0xDF1CE1A5, 0x00000006)
258 | 	API_THUNK(WinNtApi, NtReadVirtualMemory, 0x36C6C667, 0x00000005)
259 | 	API_THUNK(WinNtApi, NtRegisterThreadTerminatePort, 0x0FA38473, 0x00000001)
260 | 	API_THUNK(WinNtApi, NtReleaseMutant, 0x42913368, 0x00000002)
261 | 	API_THUNK(WinNtApi, NtReleaseSemaphore, 0x2833ABD8, 0x00000003)
262 | 	API_THUNK(WinNtApi, NtRemoveIoCompletion, 0x1AB9358A, 0x00000005)
263 | 	API_THUNK(WinNtApi, NtReplaceKey, 0xD27F83ED, 0x00000003)
264 | 	API_THUNK(WinNtApi, NtReplyPort, 0x8E32DCBC, 0x00000002)
265 | 	API_THUNK(WinNtApi, NtReplyWaitReceivePort, 0x4A7F2847, 0x00000004)
266 | 	API_THUNK(WinNtApi, NtReplyWaitReplyPort, 0x2B85992B, 0x00000002)
267 | 	API_THUNK(WinNtApi, NtRequestPort, 0xFF44ABC0, 0x00000002)
268 | 	API_THUNK(WinNtApi, NtRequestWaitReplyPort, 0xD4410A16, 0x00000003)
269 | 	API_THUNK(WinNtApi, NtResetEvent, 0xDA8C6124, 0x00000002)
270 | 	API_THUNK(WinNtApi, NtRestoreKey, 0xD2564E08, 0x00000003)
271 | 	API_THUNK(WinNtApi, NtResumeThread, 0x1CAA3723, 0x00000002)
272 | 	API_THUNK(WinNtApi, NtSaveKey, 0xCF955F01, 0x00000002)
273 | 	API_THUNK(WinNtApi, NtSetContextThread, 0x799F4CBC, 0x00000002)
274 | 	API_THUNK(WinNtApi, NtSetDefaultHardErrorPort, 0xFC1F942C, 0x00000001)
275 | 	API_THUNK(WinNtApi, NtSetDefaultLocale, 0x4CABC824, 0x00000002)
276 | 	API_THUNK(WinNtApi, NtSetEaFile, 0x8792E585, 0x00000004)
277 | 	API_THUNK(WinNtApi, NtSetEvent, 0x9F1D9FDD, 0x00000002)
278 | 	API_THUNK(WinNtApi, NtSetHighEventPair, 0x6373AE21, 0x00000001)
279 | 	API_THUNK(WinNtApi, NtSetHighWaitLowEventPair, 0xB223BD3E, 0x00000001)
280 | 	API_THUNK(WinNtApi, NtSetInformationFile, 0xE90FBE60, 0x00000005)
281 | 	API_THUNK(WinNtApi, NtSetInformationKey, 0xCC852148, 0x00000004)
282 | 	API_THUNK(WinNtApi, NtSetInformationObject, 0x39C0C675, 0x00000004)
283 | 	API_THUNK(WinNtApi, NtSetInformationProcess, 0xB559F29F, 0x00000004)
284 | 	API_THUNK(WinNtApi, NtSetInformationThread, 0x8834AE9C, 0x00000004)
285 | 	API_THUNK(WinNtApi, NtSetInformationToken, 0x19A578AF, 0x00000004)
286 | 	API_THUNK(WinNtApi, NtSetIntervalProfile, 0xF9407B9C, 0x00000002)
287 | 	API_THUNK(WinNtApi, NtSetIoCompletion, 0x3CDC653E, 0x00000005)
288 | 	API_THUNK(WinNtApi, NtSetLowEventPair, 0xD66C2459, 0x00000001)
289 | 	API_THUNK(WinNtApi, NtSetLowWaitHighEventPair, 0xC9B51DF0, 0x00000001)
290 | 	API_THUNK(WinNtApi, NtSetSecurityObject, 0xA31F1298, 0x00000003)
291 | 	API_THUNK(WinNtApi, NtSetSystemEnvironmentValue, 0x55280A27, 0x00000002)
292 | 	API_THUNK(WinNtApi, NtSetSystemInformation, 0x8B6C2782, 0x00000003)
293 | 	API_THUNK(WinNtApi, NtSetSystemPowerState, 0x97296466, 0x00000003)
294 | 	API_THUNK(WinNtApi, NtSetSystemTime, 0x54AE9845, 0x00000002)
295 | 	API_THUNK(WinNtApi, NtSetTimer, 0xB939F137, 0x00000007)
296 | 	API_THUNK(WinNtApi, NtSetTimerResolution, 0x8885DF49, 0x00000003)
297 | 	API_THUNK(WinNtApi, NtSetValueKey, 0x0BC1FC60, 0x00000006)
298 | 	API_THUNK(WinNtApi, NtSetVolumeInformationFile, 0xBC6E43DE, 0x00000005)
299 | 	API_THUNK(WinNtApi, NtShutdownSystem, 0xD7366F0C, 0x00000001)
300 | 	API_THUNK(WinNtApi, NtSignalAndWaitForSingleObject, 0xD9E09880, 0x00000004)
301 | 	API_THUNK(WinNtApi, NtStartProfile, 0xDDA03D7C, 0x00000001)
302 | 	API_THUNK(WinNtApi, NtStopProfile, 0x65E72407, 0x00000001)
303 | 	API_THUNK(WinNtApi, NtSuspendThread, 0xBB77C11E, 0x00000002)
304 | 	API_THUNK(WinNtApi, NtSystemDebugControl, 0xE0C0BB15, 0x00000006)
305 | 	API_THUNK(WinNtApi, NtTerminateProcess, 0x79BA37C5, 0x00000002)
306 | 	API_THUNK(WinNtApi, NtTerminateThread, 0x67866128, 0x00000002)
307 | 	API_THUNK(WinNtApi, NtTestAlert, 0xC3663ED4, 0x00000000)
308 | 	API_THUNK(WinNtApi, NtUnloadDriver, 0xC02430C1, 0x00000001)
309 | 	API_THUNK(WinNtApi, NtUnloadKey, 0x72DE6165, 0x00000001)
310 | 	API_THUNK(WinNtApi, NtUnlockFile, 0x6A70A8CD, 0x00000005)
311 | 	API_THUNK(WinNtApi, NtUnlockVirtualMemory, 0xA00E362C, 0x00000004)
312 | 	API_THUNK(WinNtApi, NtUnmapViewOfSection, 0x1FFBA02F, 0x00000002)
313 | 	API_THUNK(WinNtApi, NtWaitForMultipleObjects, 0xF30251F4, 0x00000005)
314 | 	API_THUNK(WinNtApi, NtWaitForSingleObject, 0xBC08D384, 0x00000003)
315 | 	API_THUNK(WinNtApi, NtWaitHighEventPair, 0x2620A625, 0x00000001)
316 | 	API_THUNK(WinNtApi, NtWaitLowEventPair, 0x5A385574, 0x00000001)
317 | 	API_THUNK(WinNtApi, NtWriteFile, 0xA14826B6, 0x00000009)
318 | 	API_THUNK(WinNtApi, NtWriteFileGather, 0x661B7B91, 0x00000009)
319 | 	API_THUNK(WinNtApi, NtWriteRequestData, 0x1C0C6BA2, 0x00000006)
320 | 	API_THUNK(WinNtApi, NtWriteVirtualMemory, 0x74EAF98E, 0x00000005)
321 | 	API_THUNK(WinNtApi, NtYieldExecution, 0x677293DF, 0x00000000)
322 | 	API_THUNK(WinNtApi, RtlAllocateHeap, 0x71127369, 0x00000003)
323 | 	API_THUNK(WinNtApi, RtlAnsiStringToUnicodeString, 0xFA592AAD, 0x00000003)
324 | 	API_THUNK(WinNtApi, RtlCompareUnicodeString, 0xDF6026A2, 0x00000003)
325 | 	API_THUNK(WinNtApi, RtlFreeAnsiString, 0x7BA791DC, 0x00000001)
326 | 	API_THUNK(WinNtApi, RtlFreeHeap, 0x6A3B92DE, 0x00000003)
327 | 	API_THUNK(WinNtApi, RtlFreeUnicodeString, 0x54ECB2BA, 0x00000001)
328 | 	API_THUNK(WinNtApi, RtlInitAnsiString, 0xCC441004, 0x00000002)
329 | 	API_THUNK(WinNtApi, RtlInitUnicodeString, 0xCCEDCC4D, 0x00000002)
330 | 	API_THUNK(WinNtApi, RtlReAllocateHeap, 0x2AD321F7, 0x00000004)
331 | API_TABLE_END
332 | 


--------------------------------------------------------------------------------
/SecureWinApi/SecureWinApi/WinApiDefine.h:
--------------------------------------------------------------------------------
  1 | 
  2 | // Native Function Type definition
  3 | typedef NTSTATUS  (WINAPI * Type_LdrAccessResource)(HMODULE,const IMAGE_RESOURCE_DATA_ENTRY*,void**,PULONG);
  4 | typedef NTSTATUS  (WINAPI * Type_LdrAddRefDll)(ULONG,HMODULE);
  5 | typedef NTSTATUS  (WINAPI * Type_LdrFindResourceDirectory_U)(HMODULE,const PVOID,ULONG,const IMAGE_RESOURCE_DIRECTORY**);
  6 | typedef NTSTATUS  (WINAPI * Type_LdrFindResource_U)(HMODULE,const PVOID,ULONG,const IMAGE_RESOURCE_DATA_ENTRY**);
  7 | typedef NTSTATUS  (WINAPI * Type_LdrDisableThreadCalloutsForDll)(HMODULE);
  8 | typedef NTSTATUS  (WINAPI * Type_LdrFindEntryForAddress)(const void*,PLDR_MODULE*);
  9 | typedef NTSTATUS  (WINAPI * Type_LdrGetDllHandle)(LPCWSTR,ULONG,const UNICODE_STRING*,HMODULE*);
 10 | typedef NTSTATUS  (WINAPI * Type_LdrGetProcedureAddress)(HMODULE,const ANSI_STRING*,ULONG,void**);
 11 | typedef void      (WINAPI * Type_LdrInitializeThunk)(void*,ULONG_PTR,ULONG_PTR,ULONG_PTR);
 12 | typedef NTSTATUS  (WINAPI * Type_LdrLoadDll)(LPCWSTR,DWORD,const UNICODE_STRING*,HMODULE*);
 13 | typedef NTSTATUS  (WINAPI * Type_LdrLockLoaderLock)(ULONG,ULONG*,ULONG*);
 14 | typedef PVOID	  (WINAPI * Type_LdrProcessRelocationBlock)(void*,UINT,USHORT*,INT_PTR);
 15 | typedef NTSTATUS  (WINAPI * Type_LdrQueryImageFileExecutionOptions)(const UNICODE_STRING*,LPCWSTR,ULONG,void*,ULONG,ULONG*);
 16 | typedef NTSTATUS  (WINAPI * Type_LdrQueryProcessModuleInformation)(PVOID,ULONG,ULONG*);
 17 | typedef void      (WINAPI * Type_LdrShutdownProcess)(void);
 18 | typedef void      (WINAPI * Type_LdrShutdownThread)(void);
 19 | typedef NTSTATUS  (WINAPI * Type_LdrUnloadDll)(HMODULE);
 20 | typedef NTSTATUS  (WINAPI * Type_LdrUnlockLoaderLock)(ULONG,ULONG);
 21 | 
 22 | typedef NTSTATUS (WINAPI * Type_NtAcceptConnectPort)(PHANDLE,ULONG,PVOID,BOOLEAN,PVOID,PVOID);
 23 | typedef NTSTATUS (WINAPI * Type_NtAccessCheck)(PSECURITY_DESCRIPTOR,HANDLE,ACCESS_MASK,PGENERIC_MAPPING,PPRIVILEGE_SET,PULONG,PULONG,NTSTATUS*);
 24 | typedef NTSTATUS (WINAPI * Type_NtAccessCheckAndAuditAlarm)(PUNICODE_STRING,HANDLE,PUNICODE_STRING,PUNICODE_STRING,PSECURITY_DESCRIPTOR,ACCESS_MASK,PGENERIC_MAPPING,BOOLEAN,PACCESS_MASK,PBOOLEAN,PBOOLEAN);
 25 | typedef NTSTATUS (WINAPI * Type_NtAddAtom)(const WCHAR*,ULONG,PVOID);
 26 | typedef NTSTATUS (WINAPI * Type_NtAdjustGroupsToken)(HANDLE,BOOLEAN,PTOKEN_GROUPS,ULONG,PTOKEN_GROUPS,PULONG);
 27 | typedef NTSTATUS (WINAPI * Type_NtAdjustPrivilegesToken)(HANDLE,BOOLEAN,PTOKEN_PRIVILEGES,DWORD,PTOKEN_PRIVILEGES,PDWORD);
 28 | typedef NTSTATUS (WINAPI * Type_NtAlertResumeThread)(HANDLE,PULONG);
 29 | typedef NTSTATUS (WINAPI * Type_NtAlertThread)(HANDLE);
 30 | typedef NTSTATUS (WINAPI * Type_NtAllocateLocallyUniqueId)(PLUID);
 31 | typedef NTSTATUS (WINAPI * Type_NtAllocateUuids)(PULARGE_INTEGER,PULONG,PULONG);
 32 | typedef NTSTATUS (WINAPI * Type_NtAllocateVirtualMemory)(HANDLE,PVOID*,ULONG,SIZE_T*,ULONG,ULONG);
 33 | typedef NTSTATUS (WINAPI * Type_NtAreMappedFilesTheSame)(PVOID,PVOID);
 34 | typedef NTSTATUS (WINAPI * Type_NtAssignProcessToJobObject)(HANDLE,HANDLE);
 35 | typedef NTSTATUS (WINAPI * Type_NtCallbackReturn)(PVOID,ULONG,NTSTATUS);
 36 | typedef NTSTATUS (WINAPI * Type_NtCancelIoFile)(HANDLE,PVOID);
 37 | typedef NTSTATUS (WINAPI * Type_NtCancelIoFileEx)(HANDLE,PVOID,PVOID);
 38 | typedef NTSTATUS (WINAPI * Type_NtCancelTimer)(HANDLE,BOOLEAN*);
 39 | typedef NTSTATUS (WINAPI * Type_NtClearEvent)(HANDLE);
 40 | typedef NTSTATUS (WINAPI * Type_NtClose)(HANDLE);
 41 | typedef NTSTATUS (WINAPI * Type_NtCloseObjectAuditAlarm)(PUNICODE_STRING,HANDLE,BOOLEAN);
 42 | typedef NTSTATUS (WINAPI * Type_NtCompleteConnectPort)(HANDLE);
 43 | typedef NTSTATUS (WINAPI * Type_NtConnectPort)(PHANDLE,PUNICODE_STRING,PSECURITY_QUALITY_OF_SERVICE,PVOID,PVOID,PULONG,PVOID,PULONG);
 44 | typedef NTSTATUS (WINAPI * Type_NtContinue)(PCONTEXT,BOOLEAN);
 45 | typedef NTSTATUS (WINAPI * Type_NtCreateDirectoryObject)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
 46 | typedef NTSTATUS (WINAPI * Type_NtCreateEvent)(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES *,PVOID,BOOLEAN);
 47 | typedef NTSTATUS (WINAPI * Type_NtCreateEventPair)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
 48 | typedef NTSTATUS (WINAPI * Type_NtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PVOID,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG);
 49 | typedef NTSTATUS (WINAPI * Type_NtCreateIoCompletion)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,ULONG);
 50 | typedef NTSTATUS (WINAPI * Type_NtCreateJobObject)(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
 51 | typedef NTSTATUS (WINAPI * Type_NtCreateKey)(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG,const UNICODE_STRING*,ULONG,PULONG);
 52 | typedef NTSTATUS (WINAPI * Type_NtCreateKeyedEvent)(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG);
 53 | typedef NTSTATUS (WINAPI * Type_NtCreateMailslotFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PVOID,ULONG,ULONG,ULONG,PLARGE_INTEGER);
 54 | typedef NTSTATUS (WINAPI * Type_NtCreateMutant)(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,BOOLEAN);
 55 | typedef NTSTATUS (WINAPI * Type_NtCreateNamedPipeFile)(PHANDLE,ULONG,POBJECT_ATTRIBUTES,PVOID,ULONG,ULONG,ULONG,ULONG,ULONG,ULONG,ULONG,ULONG,ULONG,PLARGE_INTEGER);
 56 | typedef NTSTATUS (WINAPI * Type_NtCreatePagingFile)(PUNICODE_STRING,PLARGE_INTEGER,PLARGE_INTEGER,PLARGE_INTEGER);
 57 | typedef NTSTATUS (WINAPI * Type_NtCreatePort)(PHANDLE,POBJECT_ATTRIBUTES,ULONG,ULONG,PULONG);
 58 | typedef NTSTATUS (WINAPI * Type_NtCreateProcess)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,HANDLE,BOOLEAN,HANDLE,HANDLE,HANDLE);
 59 | typedef NTSTATUS (WINAPI * Type_NtCreateProfile)(PHANDLE,HANDLE,PVOID,ULONG,ULONG,PVOID,ULONG,PVOID,KAFFINITY);
 60 | typedef NTSTATUS (WINAPI * Type_NtCreateSection)(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,const LARGE_INTEGER*,ULONG,ULONG,HANDLE);
 61 | typedef NTSTATUS (WINAPI * Type_NtCreateSemaphore)(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,LONG,LONG);
 62 | typedef NTSTATUS (WINAPI * Type_NtCreateSymbolicLinkObject)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PUNICODE_STRING);
 63 | typedef NTSTATUS (WINAPI * Type_NtCreateThread)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,HANDLE,PCLIENT_ID,PCONTEXT,PVOID,BOOLEAN);
 64 | typedef NTSTATUS (WINAPI * Type_NtCreateTimer)(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,PVOID);
 65 | typedef NTSTATUS (WINAPI * Type_NtCreateToken)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,TOKEN_TYPE,PLUID,PLARGE_INTEGER,PTOKEN_USER,PTOKEN_GROUPS,PTOKEN_PRIVILEGES,PTOKEN_OWNER,PTOKEN_PRIMARY_GROUP,PTOKEN_DEFAULT_DACL,PTOKEN_SOURCE);
 66 | typedef NTSTATUS (WINAPI * Type_NtDelayExecution)(BOOLEAN,const LARGE_INTEGER*);
 67 | typedef NTSTATUS (WINAPI * Type_NtDeleteAtom)(PVOID);
 68 | typedef NTSTATUS (WINAPI * Type_NtDeleteFile)(POBJECT_ATTRIBUTES);
 69 | typedef NTSTATUS (WINAPI * Type_NtDeleteKey)(HANDLE);
 70 | typedef NTSTATUS (WINAPI * Type_NtDeleteValueKey)(HANDLE,const UNICODE_STRING *);
 71 | typedef NTSTATUS (WINAPI * Type_NtDeviceIoControlFile)(HANDLE,HANDLE,PVOID,PVOID,PVOID,ULONG,PVOID,ULONG,PVOID,ULONG);
 72 | typedef NTSTATUS (WINAPI * Type_NtDisplayString)(PUNICODE_STRING);
 73 | typedef NTSTATUS (WINAPI * Type_NtDuplicateObject)(HANDLE,HANDLE,HANDLE,PHANDLE,ACCESS_MASK,ULONG,ULONG);
 74 | typedef NTSTATUS (WINAPI * Type_NtDuplicateToken)(HANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,SECURITY_IMPERSONATION_LEVEL,TOKEN_TYPE,PHANDLE);
 75 | typedef NTSTATUS (WINAPI * Type_NtEnumerateKey)(HANDLE,ULONG,PVOID,void *,DWORD,DWORD *);
 76 | typedef NTSTATUS (WINAPI * Type_NtEnumerateValueKey)(HANDLE,ULONG,PVOID,PVOID,ULONG,PULONG);
 77 | typedef NTSTATUS (WINAPI * Type_NtExtendSection)(HANDLE,PLARGE_INTEGER);
 78 | typedef NTSTATUS (WINAPI * Type_NtFindAtom)(const WCHAR*,ULONG,PVOID*);
 79 | typedef NTSTATUS (WINAPI * Type_NtFlushBuffersFile)(HANDLE,PVOID);
 80 | typedef NTSTATUS (WINAPI * Type_NtFlushInstructionCache)(HANDLE,LPCVOID,SIZE_T);
 81 | typedef NTSTATUS (WINAPI * Type_NtFlushKey)(HANDLE);
 82 | typedef NTSTATUS (WINAPI * Type_NtFlushVirtualMemory)(HANDLE,LPCVOID*,SIZE_T*,ULONG);
 83 | typedef NTSTATUS (WINAPI * Type_NtFlushWriteBuffer)();
 84 | typedef NTSTATUS (WINAPI * Type_NtFreeVirtualMemory)(HANDLE,PVOID*,SIZE_T*,ULONG);
 85 | typedef NTSTATUS (WINAPI * Type_NtFsControlFile)(HANDLE,HANDLE,PVOID,PVOID,PVOID,ULONG,PVOID,ULONG,PVOID,ULONG);
 86 | typedef NTSTATUS (WINAPI * Type_NtGetContextThread)(HANDLE,CONTEXT*);
 87 | typedef NTSTATUS (WINAPI * Type_NtGetPlugPlayEvent)(ULONG,ULONG,PVOID,ULONG);
 88 | typedef ULONG    (WINAPI * Type_NtGetTickCount)();
 89 | typedef NTSTATUS (WINAPI * Type_NtGetWriteWatch)(HANDLE,ULONG,PVOID,SIZE_T,PVOID*,ULONG_PTR*,ULONG*);
 90 | typedef NTSTATUS (WINAPI * Type_NtImpersonateAnonymousToken)(HANDLE);
 91 | typedef NTSTATUS (WINAPI * Type_NtImpersonateClientOfPort)(HANDLE,PVOID);
 92 | typedef NTSTATUS (WINAPI * Type_NtImpersonateThread)(HANDLE,HANDLE,PSECURITY_QUALITY_OF_SERVICE);
 93 | typedef NTSTATUS (WINAPI * Type_NtInitializeRegistry)(BOOLEAN);
 94 | typedef NTSTATUS (WINAPI * Type_NtInitiatePowerAction)(POWER_ACTION,SYSTEM_POWER_STATE,ULONG,BOOLEAN);
 95 | typedef NTSTATUS (WINAPI * Type_NtIsProcessInJob)(HANDLE,HANDLE);
 96 | typedef NTSTATUS (WINAPI * Type_NtListenPort)(HANDLE,PVOID);
 97 | typedef NTSTATUS (WINAPI * Type_NtLoadDriver)(const UNICODE_STRING *);
 98 | typedef NTSTATUS (WINAPI * Type_NtLoadKey)(const OBJECT_ATTRIBUTES *,OBJECT_ATTRIBUTES *);
 99 | typedef NTSTATUS (WINAPI * Type_NtLockFile)(HANDLE,HANDLE,PVOID,void*,PVOID,PLARGE_INTEGER,PLARGE_INTEGER,ULONG*,BOOLEAN,BOOLEAN);
100 | typedef NTSTATUS (WINAPI * Type_NtLockVirtualMemory)(HANDLE,PVOID*,SIZE_T*,ULONG);
101 | typedef NTSTATUS (WINAPI * Type_NtMakeTemporaryObject)(HANDLE);
102 | typedef NTSTATUS (WINAPI * Type_NtMapViewOfSection)(HANDLE,HANDLE,PVOID*,ULONG,SIZE_T,const LARGE_INTEGER*,SIZE_T*,SECTION_INHERIT,ULONG,ULONG);
103 | typedef NTSTATUS (WINAPI * Type_NtNotifyChangeDirectoryFile)(HANDLE,HANDLE,PVOID,PVOID,PVOID,PVOID,ULONG,ULONG,BOOLEAN);
104 | typedef NTSTATUS (WINAPI * Type_NtNotifyChangeKey)(HANDLE,HANDLE,PVOID,PVOID,PVOID,ULONG,BOOLEAN,PVOID,ULONG,BOOLEAN);
105 | typedef NTSTATUS (WINAPI * Type_NtOpenDirectoryObject)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
106 | typedef NTSTATUS (WINAPI * Type_NtOpenEvent)(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES *);
107 | typedef NTSTATUS (WINAPI * Type_NtOpenEventPair)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
108 | typedef NTSTATUS (WINAPI * Type_NtOpenFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PVOID,ULONG,ULONG);
109 | typedef NTSTATUS (WINAPI * Type_NtOpenIoCompletion)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
110 | typedef NTSTATUS (WINAPI * Type_NtOpenJobObject)(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
111 | typedef NTSTATUS (WINAPI * Type_NtOpenKey)(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES *);
112 | typedef NTSTATUS (WINAPI * Type_NtOpenKeyedEvent)(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
113 | typedef NTSTATUS (WINAPI * Type_NtOpenMutant)(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
114 | typedef NTSTATUS (WINAPI * Type_NtOpenObjectAuditAlarm)(PUNICODE_STRING,PHANDLE,PUNICODE_STRING,PUNICODE_STRING,PSECURITY_DESCRIPTOR,HANDLE,ACCESS_MASK,ACCESS_MASK,PPRIVILEGE_SET,BOOLEAN,BOOLEAN,PBOOLEAN);
115 | typedef NTSTATUS (WINAPI * Type_NtOpenProcess)(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,const CLIENT_ID*);
116 | typedef NTSTATUS (WINAPI * Type_NtOpenProcessToken)(HANDLE,DWORD,HANDLE *);
117 | typedef NTSTATUS (WINAPI * Type_NtOpenProcessTokenEx)(HANDLE,DWORD,DWORD,HANDLE *);
118 | typedef NTSTATUS (WINAPI * Type_NtOpenSection)(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
119 | typedef NTSTATUS (WINAPI * Type_NtOpenSemaphore)(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
120 | typedef NTSTATUS (WINAPI * Type_NtOpenSymbolicLinkObject)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
121 | typedef NTSTATUS (WINAPI * Type_NtOpenThread)(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,const CLIENT_ID*);
122 | typedef NTSTATUS (WINAPI * Type_NtOpenThreadToken)(HANDLE,DWORD,BOOLEAN,HANDLE *);
123 | typedef NTSTATUS (WINAPI * Type_NtOpenThreadTokenEx)(HANDLE,DWORD,BOOLEAN,DWORD,HANDLE *);
124 | typedef NTSTATUS (WINAPI * Type_NtOpenTimer)(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
125 | typedef NTSTATUS (WINAPI * Type_NtPowerInformation)(POWER_INFORMATION_LEVEL,PVOID,ULONG,PVOID,ULONG);
126 | typedef NTSTATUS (WINAPI * Type_NtPrivilegeCheck)(HANDLE,PPRIVILEGE_SET,PBOOLEAN);
127 | typedef NTSTATUS (WINAPI * Type_NtPrivilegeObjectAuditAlarm)(PUNICODE_STRING,HANDLE,HANDLE,ULONG,PPRIVILEGE_SET,BOOLEAN);
128 | typedef NTSTATUS (WINAPI * Type_NtPrivilegedServiceAuditAlarm)(PUNICODE_STRING,PUNICODE_STRING,HANDLE,PPRIVILEGE_SET,BOOLEAN);
129 | typedef NTSTATUS (WINAPI * Type_NtProtectVirtualMemory)(HANDLE,PVOID*,PULONG,ULONG,ULONG*);
130 | typedef NTSTATUS (WINAPI * Type_NtPulseEvent)(HANDLE,PULONG);
131 | typedef NTSTATUS (WINAPI * Type_NtQueueApcThread)(HANDLE,PVOID,ULONG_PTR,ULONG_PTR,ULONG_PTR);
132 | typedef NTSTATUS (WINAPI * Type_NtQueryAttributesFile)(const OBJECT_ATTRIBUTES*,PVOID);
133 | typedef NTSTATUS (WINAPI * Type_NtQueryDefaultLocale)(BOOLEAN,LCID*);
134 | typedef NTSTATUS (WINAPI * Type_NtQueryDefaultUILanguage)(LANGID*);
135 | typedef NTSTATUS (WINAPI * Type_NtQueryDirectoryFile)(HANDLE,HANDLE,PVOID,PVOID,PVOID,PVOID,ULONG,PVOID,BOOLEAN,PUNICODE_STRING,BOOLEAN);
136 | typedef NTSTATUS (WINAPI * Type_NtQueryDirectoryObject)(HANDLE,PVOID,ULONG,BOOLEAN,BOOLEAN,PULONG,PULONG);
137 | typedef NTSTATUS (WINAPI * Type_NtQueryEaFile)(HANDLE,PVOID,PVOID,ULONG,BOOLEAN,PVOID,ULONG,PULONG,BOOLEAN);
138 | typedef NTSTATUS (WINAPI * Type_NtQueryEvent)(HANDLE,PVOID,PVOID,ULONG,PULONG);
139 | typedef NTSTATUS (WINAPI * Type_NtQueryFullAttributesFile)(const OBJECT_ATTRIBUTES*,PVOID);
140 | typedef NTSTATUS (WINAPI * Type_NtQueryInformationAtom)(PVOID,PVOID,PVOID,ULONG,ULONG*);
141 | typedef NTSTATUS (WINAPI * Type_NtQueryInformationFile)(HANDLE,PVOID,PVOID,LONG,PVOID);
142 | typedef NTSTATUS (WINAPI * Type_NtQueryInformationJobObject)(HANDLE,JOBOBJECTINFOCLASS,PVOID,ULONG,PULONG);
143 | typedef NTSTATUS (WINAPI * Type_NtQueryInformationPort)(HANDLE,PVOID,PVOID,ULONG,PULONG);
144 | typedef NTSTATUS (WINAPI * Type_NtQueryInformationProcess)(HANDLE,PVOID,PVOID,ULONG,PULONG);
145 | typedef NTSTATUS (WINAPI * Type_NtQueryInformationThread)(HANDLE,PVOID,PVOID,ULONG,PULONG);
146 | typedef NTSTATUS (WINAPI * Type_NtQueryInformationToken)(HANDLE,TOKEN_INFORMATION_CLASS,PVOID,ULONG,PULONG);
147 | typedef NTSTATUS (WINAPI * Type_NtQueryInstallUILanguage)(LANGID*);
148 | typedef NTSTATUS (WINAPI * Type_NtQueryIntervalProfile)(PVOID,PULONG);
149 | typedef NTSTATUS (WINAPI * Type_NtQueryIoCompletion)(HANDLE,PVOID,PVOID,ULONG,PULONG);
150 | typedef NTSTATUS (WINAPI * Type_NtQueryKey)(HANDLE,PVOID,void *,DWORD,DWORD *);
151 | typedef NTSTATUS (WINAPI * Type_NtQueryMultipleValueKey)(HANDLE,PVOID,ULONG,PVOID,ULONG,PULONG);
152 | typedef NTSTATUS (WINAPI * Type_NtQueryMutant)(HANDLE,PVOID,PVOID,ULONG,PULONG);
153 | typedef NTSTATUS (WINAPI * Type_NtQueryObject)(HANDLE,OBJECT_INFORMATION_CLASS,PVOID,ULONG,PULONG);
154 | typedef NTSTATUS (WINAPI * Type_NtQueryOpenSubKeys)(POBJECT_ATTRIBUTES,PULONG);
155 | typedef NTSTATUS (WINAPI * Type_NtQueryPerformanceCounter)(PLARGE_INTEGER,PLARGE_INTEGER);
156 | typedef NTSTATUS (WINAPI * Type_NtQuerySecurityObject)(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR,ULONG,PULONG);
157 | typedef NTSTATUS (WINAPI * Type_NtQuerySection)(HANDLE,PVOID,PVOID,ULONG,PULONG);
158 | typedef NTSTATUS (WINAPI * Type_NtQuerySemaphore)(HANDLE,PVOID,PVOID,ULONG,PULONG);
159 | typedef NTSTATUS (WINAPI * Type_NtQuerySymbolicLinkObject)(HANDLE,PUNICODE_STRING,PULONG);
160 | typedef NTSTATUS (WINAPI * Type_NtQuerySystemEnvironmentValue)(PUNICODE_STRING,PWCHAR,ULONG,PULONG);
161 | typedef NTSTATUS (WINAPI * Type_NtQuerySystemInformation)(PVOID,PVOID,ULONG,PULONG);
162 | typedef NTSTATUS (WINAPI * Type_NtQuerySystemTime)(PLARGE_INTEGER);
163 | typedef NTSTATUS (WINAPI * Type_NtQueryTimer)(HANDLE,PVOID,PVOID,ULONG,PULONG);
164 | typedef NTSTATUS (WINAPI * Type_NtQueryTimerResolution)(PULONG,PULONG,PULONG);
165 | typedef NTSTATUS (WINAPI * Type_NtQueryValueKey)(HANDLE,const UNICODE_STRING *,PVOID,void *,DWORD,DWORD *);
166 | typedef NTSTATUS (WINAPI * Type_NtQueryVirtualMemory)(HANDLE,LPCVOID,MEMORY_INFORMATION_CLASS,PVOID,SIZE_T,SIZE_T*);
167 | typedef NTSTATUS (WINAPI * Type_NtQueryVolumeInformationFile)(HANDLE,PVOID,PVOID,ULONG,PVOID);
168 | typedef NTSTATUS (WINAPI * Type_NtRaiseException)(PEXCEPTION_RECORD,PCONTEXT,BOOL);
169 | typedef NTSTATUS (WINAPI * Type_NtRaiseHardError)(NTSTATUS,ULONG,PUNICODE_STRING,PVOID*,PVOID,PVOID);
170 | typedef NTSTATUS (WINAPI * Type_NtReadFile)(HANDLE,HANDLE,PVOID,PVOID,PVOID,PVOID,ULONG,PLARGE_INTEGER,PULONG);
171 | typedef NTSTATUS (WINAPI * Type_NtReadFileScatter)(HANDLE,HANDLE,PVOID,PVOID,PVOID,FILE_SEGMENT_ELEMENT*,ULONG,PLARGE_INTEGER,PULONG);
172 | typedef NTSTATUS (WINAPI * Type_NtReadRequestData)(HANDLE,PVOID,ULONG,PVOID,ULONG,PULONG);
173 | typedef NTSTATUS (WINAPI * Type_NtReadVirtualMemory)(HANDLE,const void*,void*,SIZE_T,SIZE_T*);
174 | typedef NTSTATUS (WINAPI * Type_NtRegisterThreadTerminatePort)(HANDLE);
175 | typedef NTSTATUS (WINAPI * Type_NtReleaseKeyedEvent)(HANDLE,const void*,BOOLEAN,const LARGE_INTEGER*);
176 | typedef NTSTATUS (WINAPI * Type_NtReleaseMutant)(HANDLE,PLONG);
177 | typedef NTSTATUS (WINAPI * Type_NtReleaseSemaphore)(HANDLE,ULONG,PULONG);
178 | typedef NTSTATUS (WINAPI * Type_NtRemoveIoCompletion)(HANDLE,PULONG_PTR,PULONG_PTR,PVOID,PLARGE_INTEGER);
179 | typedef NTSTATUS (WINAPI * Type_NtReplaceKey)(POBJECT_ATTRIBUTES,HANDLE,POBJECT_ATTRIBUTES);
180 | typedef NTSTATUS (WINAPI * Type_NtReplyPort)(HANDLE,PVOID);
181 | typedef NTSTATUS (WINAPI * Type_NtReplyWaitReceivePort)(HANDLE,PULONG,PVOID,PVOID);
182 | typedef NTSTATUS (WINAPI * Type_NtReplyWaitReceivePortEx)(HANDLE,PVOID*,PVOID,PVOID,PLARGE_INTEGER);
183 | typedef NTSTATUS (WINAPI * Type_NtReplyWaitReplyPort)(HANDLE,PVOID);
184 | typedef NTSTATUS (WINAPI * Type_NtRequestPort)(HANDLE,PVOID);
185 | typedef NTSTATUS (WINAPI * Type_NtRequestWaitReplyPort)(HANDLE,PVOID,PVOID);
186 | typedef NTSTATUS (WINAPI * Type_NtResetEvent)(HANDLE,PULONG);
187 | typedef NTSTATUS (WINAPI * Type_NtResetWriteWatch)(HANDLE,PVOID,SIZE_T);
188 | typedef NTSTATUS (WINAPI * Type_NtRestoreKey)(HANDLE,HANDLE,ULONG);
189 | typedef NTSTATUS (WINAPI * Type_NtResumeThread)(HANDLE,PULONG);
190 | typedef NTSTATUS (WINAPI * Type_NtSaveKey)(HANDLE,HANDLE);
191 | typedef NTSTATUS (WINAPI * Type_NtSecureConnectPort)(PHANDLE,PUNICODE_STRING,PSECURITY_QUALITY_OF_SERVICE,PVOID,PSID,PVOID,PULONG,PVOID,PULONG);
192 | typedef NTSTATUS (WINAPI * Type_NtSetContextThread)(HANDLE,const CONTEXT*);
193 | typedef NTSTATUS (WINAPI * Type_NtSetDefaultHardErrorPort)(HANDLE);
194 | typedef NTSTATUS (WINAPI * Type_NtSetDefaultLocale)(BOOLEAN,LCID);
195 | typedef NTSTATUS (WINAPI * Type_NtSetDefaultUILanguage)(LANGID);
196 | typedef NTSTATUS (WINAPI * Type_NtSetEaFile)(HANDLE,PVOID,PVOID,ULONG);
197 | typedef NTSTATUS (WINAPI * Type_NtSetEvent)(HANDLE,PULONG);
198 | typedef NTSTATUS (WINAPI * Type_NtSetHighEventPair)(HANDLE);
199 | typedef NTSTATUS (WINAPI * Type_NtSetHighWaitLowEventPair)(HANDLE);
200 | typedef NTSTATUS (WINAPI * Type_NtSetHighWaitLowThread)();
201 | typedef NTSTATUS (WINAPI * Type_NtSetInformationFile)(HANDLE,PVOID,PVOID,ULONG,PVOID);
202 | typedef NTSTATUS (WINAPI * Type_NtSetInformationJobObject)(HANDLE,JOBOBJECTINFOCLASS,PVOID,ULONG);
203 | typedef NTSTATUS (WINAPI * Type_NtSetInformationKey)(HANDLE,const int,PVOID,ULONG);
204 | typedef NTSTATUS (WINAPI * Type_NtSetInformationObject)(HANDLE,OBJECT_INFORMATION_CLASS,PVOID,ULONG);
205 | typedef NTSTATUS (WINAPI * Type_NtSetInformationProcess)(HANDLE,PVOID,PVOID,ULONG);
206 | typedef NTSTATUS (WINAPI * Type_NtSetInformationThread)(HANDLE,PVOID,LPCVOID,ULONG);
207 | typedef NTSTATUS (WINAPI * Type_NtSetInformationToken)(HANDLE,TOKEN_INFORMATION_CLASS,PVOID,ULONG);
208 | typedef NTSTATUS (WINAPI * Type_NtSetIntervalProfile)(ULONG,PVOID);
209 | typedef NTSTATUS (WINAPI * Type_NtSetIoCompletion)(HANDLE,ULONG_PTR,ULONG_PTR,NTSTATUS,SIZE_T);
210 | typedef NTSTATUS (WINAPI * Type_NtSetLdtEntries)(ULONG,LDT_ENTRY,ULONG,LDT_ENTRY);
211 | typedef NTSTATUS (WINAPI * Type_NtSetLowEventPair)(HANDLE);
212 | typedef NTSTATUS (WINAPI * Type_NtSetLowWaitHighEventPair)(HANDLE);
213 | typedef NTSTATUS (WINAPI * Type_NtSetLowWaitHighThread)();
214 | typedef NTSTATUS (WINAPI * Type_NtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR);
215 | typedef NTSTATUS (WINAPI * Type_NtSetSystemEnvironmentValue)(PUNICODE_STRING,PUNICODE_STRING);
216 | typedef NTSTATUS (WINAPI * Type_NtSetSystemInformation)(PVOID,PVOID,ULONG);
217 | typedef NTSTATUS (WINAPI * Type_NtSetSystemPowerState)(POWER_ACTION,SYSTEM_POWER_STATE,ULONG);
218 | typedef NTSTATUS (WINAPI * Type_NtSetSystemTime)(const LARGE_INTEGER*,LARGE_INTEGER*);
219 | typedef NTSTATUS (WINAPI * Type_NtSetTimer)(HANDLE,const LARGE_INTEGER*,PVOID,PVOID,BOOLEAN,ULONG,BOOLEAN*);
220 | typedef NTSTATUS (WINAPI * Type_NtSetTimerResolution)(ULONG,BOOLEAN,PULONG);
221 | typedef NTSTATUS (WINAPI * Type_NtSetValueKey)(HANDLE,const UNICODE_STRING *,ULONG,ULONG,const void *,ULONG);
222 | typedef NTSTATUS (WINAPI * Type_NtSetVolumeInformationFile)(HANDLE,PVOID,PVOID,ULONG,PVOID);
223 | typedef NTSTATUS (WINAPI * Type_NtSignalAndWaitForSingleObject)(HANDLE,HANDLE,BOOLEAN,const LARGE_INTEGER*);
224 | typedef NTSTATUS (WINAPI * Type_NtShutdownSystem)(PVOID);
225 | typedef NTSTATUS (WINAPI * Type_NtStartProfile)(HANDLE);
226 | typedef NTSTATUS (WINAPI * Type_NtStopProfile)(HANDLE);
227 | typedef NTSTATUS (WINAPI * Type_NtSuspendThread)(HANDLE,PULONG);
228 | typedef NTSTATUS (WINAPI * Type_NtSystemDebugControl)(PVOID,PVOID,ULONG,PVOID,ULONG,PULONG);
229 | typedef NTSTATUS (WINAPI * Type_NtTerminateJobObject)(HANDLE,NTSTATUS);
230 | typedef NTSTATUS (WINAPI * Type_NtTerminateProcess)(HANDLE,LONG);
231 | typedef NTSTATUS (WINAPI * Type_NtTerminateThread)(HANDLE,LONG);
232 | typedef NTSTATUS (WINAPI * Type_NtTestAlert)();
233 | typedef NTSTATUS (WINAPI * Type_NtUnloadDriver)(const UNICODE_STRING *);
234 | typedef NTSTATUS (WINAPI * Type_NtUnloadKey)(POBJECT_ATTRIBUTES);
235 | typedef NTSTATUS (WINAPI * Type_NtUnloadKeyEx)(POBJECT_ATTRIBUTES,HANDLE);
236 | typedef NTSTATUS (WINAPI * Type_NtUnlockFile)(HANDLE,PVOID,PLARGE_INTEGER,PLARGE_INTEGER,PULONG);
237 | typedef NTSTATUS (WINAPI * Type_NtUnlockVirtualMemory)(HANDLE,PVOID*,SIZE_T*,ULONG);
238 | typedef NTSTATUS (WINAPI * Type_NtUnmapViewOfSection)(HANDLE,PVOID);
239 | typedef NTSTATUS (WINAPI * Type_NtVdmControl)(ULONG,PVOID);
240 | typedef NTSTATUS (WINAPI * Type_NtWaitForKeyedEvent)(HANDLE,const void*,BOOLEAN,const LARGE_INTEGER*);
241 | typedef NTSTATUS (WINAPI * Type_NtWaitForSingleObject)(HANDLE,BOOLEAN,const LARGE_INTEGER*);
242 | typedef NTSTATUS (WINAPI * Type_NtWaitForMultipleObjects)(ULONG,const HANDLE*,BOOLEAN,BOOLEAN,const LARGE_INTEGER*);
243 | typedef NTSTATUS (WINAPI * Type_NtWaitHighEventPair)(HANDLE);
244 | typedef NTSTATUS (WINAPI * Type_NtWaitLowEventPair)(HANDLE);
245 | typedef NTSTATUS (WINAPI * Type_NtWriteFile)(HANDLE,HANDLE,PVOID,PVOID,PVOID,const void*,ULONG,PLARGE_INTEGER,PULONG);
246 | typedef NTSTATUS (WINAPI * Type_NtWriteFileGather)(HANDLE,HANDLE,PVOID,PVOID,PVOID,FILE_SEGMENT_ELEMENT*,ULONG,PLARGE_INTEGER,PULONG);
247 | typedef NTSTATUS (WINAPI * Type_NtWriteRequestData)(HANDLE,PVOID,ULONG,PVOID,ULONG,PULONG);
248 | typedef NTSTATUS (WINAPI * Type_NtWriteVirtualMemory)(HANDLE,void*,const void*,SIZE_T,SIZE_T*);
249 | typedef NTSTATUS (WINAPI * Type_NtYieldExecution)(void);
250 | 
251 | typedef LPVOID	 (WINAPI * Type_RtlAllocateHeap)(PVOID,ULONG,ULONG); 
252 | typedef BOOL	 (WINAPI * Type_RtlFreeHeap)(PVOID,ULONG,PVOID); 
253 | typedef LPVOID	 (WINAPI * Type_RtlReAllocateHeap)(PVOID,ULONG,PVOID,ULONG); 
254 | 
255 | typedef VOID	 (WINAPI * Type_RtlInitUnicodeString)(PUNICODE_STRING,PCWSTR);
256 | typedef VOID	 (WINAPI * Type_RtlFreeUnicodeString)(PUNICODE_STRING);
257 | typedef VOID	 (WINAPI * Type_RtlInitAnsiString)(PANSI_STRING,PCSTR);
258 | typedef VOID	 (WINAPI * Type_RtlFreeAnsiString)(PANSI_STRING);
259 | typedef NTSTATUS (WINAPI * Type_RtlAnsiStringToUnicodeString)(PUNICODE_STRING,PANSI_STRING,BOOLEAN);
260 | typedef LONG	 (WINAPI * Type_RtlCompareUnicodeString)(const UNICODE_STRING*,const UNICODE_STRING*,BOOLEAN);
261 | typedef errno_t  (CDECL * Type_wcsncpy_s)(wchar_t*,size_t,const wchar_t*,size_t);
262 | typedef errno_t  (CDECL * Type_wcscat_s)(wchar_t*,size_t,const wchar_t*);
263 | 
264 | typedef size_t	 (CDECL * Type_strlen)(const char*);
265 | typedef size_t	 (CDECL * Type_wcslen)(const wchar_t*);
266 | 
267 | typedef int		(CDECL * Type_strcmp)(const char*,const char*);
268 | typedef int		(CDECL * Type_wcscmp)(const wchar_t*,const wchar_t*);
269 | typedef int		(CDECL * Type_towlower)(wint_t c);
270 | 
271 | 
272 | 
273 | 
274 | //////////////////////////////////////////////////////////////////////////
275 | // Win32
276 | 
277 | typedef int		(WINAPI * Type_WideCharToMultiByte)(UINT,DWORD,LPCWSTR,int,LPSTR,int,LPCSTR,LPBOOL);


--------------------------------------------------------------------------------
/SecureWinApi/SecureWinApi/Win32Api.h:
--------------------------------------------------------------------------------
  1 | 
  2 | 
  3 | BOOL WINAPI thread_next(HANDLE hSnapShot, LPTHREADENTRY32 lpte, BOOL first);
  4 | BOOL WINAPI process_next(HANDLE hSnapShot, LPPROCESSENTRY32W lppe,BOOL first, BOOL unicode);
  5 | BOOL WINAPI module_nextW(HANDLE hSnapShot, LPMODULEENTRY32W lpme, BOOL first);
  6 | BOOL WINAPI module_nextA(HANDLE handle, LPMODULEENTRY32 lpme, BOOL first);
  7 | 
  8 | namespace Win32Api
  9 | {
 10 | 	HANDLE WINAPI GetCurrentProcess()
 11 | 	{
 12 | 		return (HANDLE)0xffffffff;
 13 | 	}
 14 | 
 15 | 
 16 | 	HANDLE WINAPI GetCurrentThread()
 17 | 	{
 18 | 		return (HANDLE)0xfffffffe;
 19 | 	}
 20 | 
 21 | 	DWORD WINAPI GetCurrentProcessId()
 22 | 	{
 23 | #ifdef _M_IX86
 24 | 		return *((DWORD_PTR *) __readfsdword(0x18) + 0x20 / sizeof(DWORD_PTR));
 25 | #elif _M_IX64
 26 | 		return *((DWORD_PTR *) __readgsqword(0x30) + 0x40 / sizeof(DWORD_PTR));
 27 | #endif
 28 | 	}
 29 | 
 30 | 	DWORD WINAPI GetCurrentThreadId()
 31 | 	{
 32 | 		return (DWORD)WinNtApi::NtCurrentTeb()->Cid.UniqueThread;
 33 | 	}
 34 | 
 35 | 	HANDLE WINAPI OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwThreadId)
 36 | 	{
 37 | 		LONG				status;
 38 | 		HANDLE              handle;
 39 | 		OBJECT_ATTRIBUTES   attr;
 40 | 		CLIENT_ID           cid;
 41 | 
 42 | 		cid.UniqueProcess = (HANDLE)dwThreadId;
 43 | 		cid.UniqueThread = 0;
 44 | 
 45 | 		attr.Length = sizeof(OBJECT_ATTRIBUTES);
 46 | 		attr.RootDirectory = NULL;
 47 | 		attr.Attributes = bInheritHandle ? OBJ_INHERIT : 0;
 48 | 		attr.SecurityDescriptor = NULL;
 49 | 		attr.SecurityQualityOfService = NULL;
 50 | 		attr.ObjectName = NULL;
 51 | 
 52 | 		if (Win32Api::GetVersion() & 0x80000000) dwDesiredAccess = PROCESS_ALL_ACCESS;
 53 | 
 54 | 		status = WinNtApi::NtOpenProcess(&handle, dwDesiredAccess, &attr, &cid);
 55 | 
 56 | 		if (status != STATUS_SUCCESS)
 57 | 		{
 58 | 			return NULL;
 59 | 		}
 60 | 		return handle;
 61 | 	}
 62 | 
 63 | 	HANDLE WINAPI OpenThread(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwThreadId)
 64 | 	{
 65 | 		HANDLE ThreadHandle;
 66 | 		NTSTATUS ErrorCode;
 67 | 		CLIENT_ID CliId;
 68 | 		OBJECT_ATTRIBUTES ObjAtt={0};
 69 | 
 70 | 		CliId.UniqueProcess = 0;
 71 | 		CliId.UniqueThread = (PVOID) dwThreadId;
 72 | 
 73 | 		if (!bInheritHandle)
 74 | 			ObjAtt.Attributes = 0;
 75 | 		else
 76 | 			ObjAtt.Attributes = 2;
 77 | 
 78 | 		ObjAtt.Length = 0x18;
 79 | 		ObjAtt.ObjectName = 0;
 80 | 
 81 | 		if ((ErrorCode = WinNtApi::NtOpenThread(&ThreadHandle, dwDesiredAccess, &ObjAtt, &CliId)) == 0)
 82 | 			return(ThreadHandle);
 83 | 		else
 84 | 			return((HANDLE) ErrorCode);
 85 | 	}
 86 | 
 87 | 	BOOL WINAPI GetThreadContext(HANDLE hThread, LPCONTEXT lpContext)
 88 | 	{
 89 | 		return WinNtApi::NtGetContextThread(hThread, lpContext);
 90 | 	}
 91 | 
 92 | 	BOOL WINAPI SetThreadContext(HANDLE hThread, LPCONTEXT lpContext)
 93 | 	{
 94 | 		return WinNtApi::NtSetContextThread(hThread, lpContext);
 95 | 	}
 96 | 
 97 | 	BOOL WINAPI TerminateProcess(HANDLE hThread, UINT uExitCode)
 98 | 	{
 99 | 		NTSTATUS status = WinNtApi::NtTerminateProcess(hThread, uExitCode);
100 | 		return !status;
101 | 	}
102 | 
103 | 	VOID WINAPI ExitProcess(UINT uExitCode)
104 | 	{
105 | 		WinNtApi::NtTerminateProcess((HANDLE)0xFFFFFFFF, uExitCode);
106 | 	}
107 | 
108 | 	BOOL WINAPI Thread32First(HANDLE hSnapShot, LPTHREADENTRY32 lpte)
109 | 	{
110 | 		return thread_next(hSnapShot, lpte, TRUE);
111 | 	}
112 | 
113 | 	BOOL WINAPI Thread32Next(HANDLE hSnapShot, LPTHREADENTRY32 lpte)
114 | 	{
115 | 		return thread_next(hSnapShot, lpte, FALSE);
116 | 	}
117 | 
118 | 	BOOL WINAPI Process32FirstA(HANDLE hSnapshot, LPPROCESSENTRY32 lppe)
119 | 	{
120 | 		return process_next(hSnapshot, (PROCESSENTRY32W*)lppe, TRUE, FALSE);
121 | 	}
122 | 
123 | 	BOOL WINAPI Process32NextA(HANDLE hSnapshot, LPPROCESSENTRY32 lppe)
124 | 	{
125 | 		return process_next(hSnapshot, (PROCESSENTRY32W*)lppe, FALSE, FALSE);
126 | 	}
127 | 
128 | 	BOOL WINAPI Process32FirstW(HANDLE hSnapshot, LPPROCESSENTRY32W lppe)
129 | 	{
130 | 		return process_next(hSnapshot, lppe, TRUE, TRUE);
131 | 	}
132 | 
133 | 	BOOL WINAPI Process32NextW(HANDLE hSnapshot, LPPROCESSENTRY32W lppe)
134 | 	{
135 | 		return process_next(hSnapshot, lppe, FALSE, TRUE);
136 | 	}
137 | 
138 | 	BOOL WINAPI Module32FirstA(HANDLE hSnapshot, LPMODULEENTRY32 lpme)
139 | 	{
140 | 		return module_nextA(hSnapshot, lpme, TRUE);
141 | 	}
142 | 
143 | 	BOOL WINAPI Module32NextA(HANDLE hSnapshot, LPMODULEENTRY32 lpme)
144 | 	{
145 | 		return module_nextA(hSnapshot, lpme, FALSE);
146 | 	}
147 | 
148 | 	BOOL WINAPI Module32FirstW(HANDLE hSnapshot, LPMODULEENTRY32W lpme)
149 | 	{
150 | 		return module_nextW(hSnapshot, lpme, TRUE);
151 | 	}
152 | 
153 | 	BOOL WINAPI Module32NextW(HANDLE hSnapshot, LPMODULEENTRY32W lpme)
154 | 	{
155 | 		return module_nextW(hSnapshot, lpme, FALSE);
156 | 	}
157 | 
158 | 	BOOL WINAPI Toolhelp32ReadProcessMemory(DWORD th32ProcessID, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T cbRead, SIZE_T* lpNumberOfBytesRead)
159 | 	{
160 | 		HANDLE h;
161 | 		BOOL   ret = FALSE;
162 | 
163 | 		h = (th32ProcessID) ? Win32Api::OpenProcess(PROCESS_VM_READ, FALSE, th32ProcessID) : Win32Api::GetCurrentProcess();
164 | 		if (h != NULL)
165 | 		{
166 | 			ret = Win32Api::ReadProcessMemory(h, lpBaseAddress, lpBuffer, cbRead, lpNumberOfBytesRead);
167 | 			if (th32ProcessID) Win32Api::CloseHandle(h);
168 | 		}
169 | 		return ret;
170 | 	}
171 | 
172 | 	BOOL WINAPI ReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead)
173 | 	{
174 | 		return WinNtApi::NtReadVirtualMemory(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead);
175 | 	}
176 | 
177 | 	BOOL WINAPI WriteProcessMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten)
178 | 	{
179 | 		return WinNtApi::NtWriteVirtualMemory(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesWritten);
180 | 	}
181 | 
182 | 	LPVOID WINAPI VirtualAllocEx(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
183 | 	{
184 | 		WinNtApi::NtAllocateVirtualMemory(hProcess, &lpAddress, 0, &dwSize, flAllocationType, flProtect);
185 | 		return lpAddress;
186 | 	}
187 | 
188 | 	LPVOID WINAPI VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
189 | 	{
190 | 		return Win32Api::VirtualAllocEx(GetCurrentProcess(), lpAddress, dwSize, flAllocationType, flProtect);
191 | 	}
192 | 
193 | 	SIZE_T WINAPI VirtualQuery(LPVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer , SIZE_T dwLength)
194 | 	{
195 | 		return Win32Api::VirtualQueryEx(Win32Api::GetCurrentProcess(), lpAddress, lpBuffer, dwLength);
196 | 	}
197 | 
198 | 	SIZE_T WINAPI VirtualQueryEx(HANDLE hProcess, LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength)
199 | 	{
200 | 		SIZE_T nRetLen;
201 | 		NTSTATUS status;
202 | 
203 | 		if ((status = WinNtApi::NtQueryVirtualMemory(hProcess, (PVOID)lpAddress, MemoryBasicInformation, lpBuffer, dwLength, &nRetLen)))
204 | 		{
205 | 			nRetLen = 0;
206 | 		}
207 | 		return nRetLen;
208 | 	}
209 | 
210 | 	BOOL WINAPI VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)
211 | 	{
212 | 		return Win32Api::VirtualFreeEx(Win32Api::GetCurrentProcess(), lpAddress, dwSize, dwFreeType);
213 | 	}
214 | 
215 | 	BOOL WINAPI VirtualFreeEx(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)
216 | 	{
217 | 		NTSTATUS status = WinNtApi::NtFreeVirtualMemory(hProcess, &lpAddress, &dwSize, dwFreeType);
218 | 		return !status;
219 | 	}
220 | 
221 | 	BOOL WINAPI VirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect , LPDWORD lpflOldProtect)
222 | 	{
223 | 		return Win32Api::VirtualProtectEx(Win32Api::GetCurrentProcess(), lpAddress, dwSize, flNewProtect, lpflOldProtect);
224 | 	}
225 | 
226 | 	BOOL WINAPI VirtualProtectEx(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize,DWORD flNewProtect, LPDWORD lpflOldProtect)
227 | 	{
228 | 		NTSTATUS status = WinNtApi::NtProtectVirtualMemory(hProcess, &lpAddress, &dwSize, flNewProtect, lpflOldProtect);
229 | 		return !status;
230 | 	}
231 | 
232 | 	HANDLE WINAPI GetProcessHeap()
233 | 	{
234 | 		return WinNtApi::NtCurrentTeb()->Peb->ProcessHeap;
235 | 	}
236 | 
237 | 	LPVOID WINAPI HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwSize)
238 | 	{
239 | 		return WinNtApi::RtlAllocateHeap(hHeap, dwFlags, dwSize);
240 | 	}
241 | 
242 | 	LPVOID WINAPI HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwSize)
243 | 	{
244 | 		return WinNtApi::RtlReAllocateHeap(hHeap, dwFlags, lpMem, dwSize);
245 | 	}
246 | 
247 | 	BOOL WINAPI HeapFree(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem)
248 | 	{
249 | 		return WinNtApi::RtlFreeHeap(hHeap, dwFlags, lpMem);
250 | 	}
251 | 
252 | 	LPVOID WINAPI MapViewOfFile(HANDLE hFileMappingObject, DWORD dwDesiredAccess , DWORD dwFileOffsetHigh , DWORD dwFileOffsetLow , SIZE_T dwNumberOfBytesToMap)
253 | 	{
254 | 		return Win32Api::MapViewOfFileEx(hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh, dwFileOffsetLow, dwNumberOfBytesToMap, NULL);
255 | 	}
256 | 
257 | 	LPVOID WINAPI MapViewOfFileEx(HANDLE hFileMappingObject, DWORD dwDesiredAccess , DWORD dwFileOffsetHigh , DWORD dwFileOffsetLow , SIZE_T dwNumberOfBytesToMap , LPVOID lpBaseAddress)
258 | 	{
259 | 		NTSTATUS status;
260 | 		LARGE_INTEGER offset;
261 | 		ULONG protect;
262 | 
263 | 		offset.u.LowPart  = dwFileOffsetHigh;
264 | 		offset.u.HighPart = dwFileOffsetLow;
265 | 
266 | 		if (dwDesiredAccess & FILE_MAP_WRITE) 
267 | 			protect = PAGE_READWRITE;
268 | 		else if (dwDesiredAccess & FILE_MAP_READ) 
269 | 			protect = PAGE_READONLY;
270 | 		else if (dwDesiredAccess & FILE_MAP_COPY) 
271 | 			protect = PAGE_WRITECOPY;
272 | 		else 
273 | 			protect = PAGE_NOACCESS;
274 | 
275 | 		if ((status = WinNtApi::NtMapViewOfSection(hFileMappingObject, Win32Api::GetCurrentProcess(), &lpBaseAddress, 0, 0, &offset, &dwNumberOfBytesToMap, ViewShare, 0, protect)))
276 | 		{
277 | 			lpBaseAddress = NULL;
278 | 		}
279 | 		return lpBaseAddress;
280 | 	}
281 | 
282 | 	BOOL WINAPI UnmapViewOfFile(LPVOID lpBaseAddress)
283 | 	{
284 | 		NTSTATUS status = WinNtApi::NtUnmapViewOfSection(Win32Api::GetCurrentProcess(), lpBaseAddress);
285 | 		return !status;
286 | 	}
287 | 
288 | 	DWORD WINAPI GetVersion()
289 | 	{
290 | 		ULONG OSMajorVersion = WinNtApi::NtCurrentTeb()->Peb->OSMajorVersion;
291 | 		ULONG OSMinorVersion = WinNtApi::NtCurrentTeb()->Peb->OSMinorVersion;
292 | 		ULONG OSPlatformId = WinNtApi::NtCurrentTeb()->Peb->OSPlatformId;
293 | 
294 | 		DWORD result = MAKELONG(MAKEWORD(OSMajorVersion, OSMinorVersion), (OSPlatformId ^ 2) << 14);
295 | 		if (OSPlatformId == VER_PLATFORM_WIN32_NT)
296 | 		{
297 | 			ULONG OSBuildNumber = WinNtApi::NtCurrentTeb()->Peb->OSBuildNumber;
298 | 			result |= LOWORD(OSBuildNumber) << 16;
299 | 		}
300 | 
301 | 		return result;
302 | 	}
303 | 
304 | 	HMODULE WINAPI LoadLibraryA(LPCSTR lpModuleName)
305 | 	{
306 | 		ANSI_STRING asModuleName;
307 | 		UNICODE_STRING usModuleName;
308 | 		HMODULE hModule;
309 | 
310 | 		asModuleName.Buffer = (PCHAR)lpModuleName;
311 | 		asModuleName.Length = WinNtApi::strlen(lpModuleName);
312 | 		asModuleName.MaximumLength = asModuleName.Length;
313 | 
314 | 		if (!NT_SUCCESS(WinNtApi::RtlAnsiStringToUnicodeString(&usModuleName, &asModuleName, TRUE)))
315 | 			return NULL;
316 | 
317 | 		if (!NT_SUCCESS(WinNtApi::LdrLoadDll(NULL, 0, &usModuleName, &hModule)))
318 | 		{
319 | 			WinNtApi::RtlFreeUnicodeString(&usModuleName);
320 | 			return NULL;
321 | 		}
322 | 
323 | 		WinNtApi::RtlFreeUnicodeString(&usModuleName);
324 | 
325 | 		return (HMODULE)hModule;
326 | 	}
327 | 
328 | 	HMODULE WINAPI LoadLibraryW(LPCWSTR lpModuleName)
329 | 	{
330 | 		UNICODE_STRING usModuleName;
331 | 		HMODULE hModule;
332 | 
333 | 		usModuleName.Buffer = (PWCHAR)lpModuleName;
334 | 		usModuleName.Length = WinNtApi::wcslen(lpModuleName);
335 | 		usModuleName.MaximumLength = usModuleName.Length;
336 | 
337 | 		if (!NT_SUCCESS(WinNtApi::LdrLoadDll(NULL, 0, &usModuleName, &hModule)))
338 | 		{
339 | 			return NULL;
340 | 		}
341 | 
342 | 		return hModule;
343 | 	}
344 | 
345 | 	HMODULE WINAPI GetModuleHandleA(LPCSTR lpModuleName)
346 | 	{
347 | 		PLIST_ENTRY fModule, fMark;
348 | 		PLDR_MODULE pMod;
349 | 
350 | 		ANSI_STRING asModuleName;
351 | 		UNICODE_STRING usModuleName;
352 | 
353 | 		asModuleName.Buffer = (PCHAR)lpModuleName;
354 | 		asModuleName.Length = WinNtApi::strlen(lpModuleName);
355 | 		asModuleName.MaximumLength = asModuleName.Length;
356 | 
357 | 		if (!NT_SUCCESS(WinNtApi::RtlAnsiStringToUnicodeString(&usModuleName, &asModuleName, TRUE)))
358 | 			return NULL;
359 | 
360 | 		fMark = &WinNtApi::NtCurrentTeb()->Peb->LoaderData->InLoadOrderModuleList;
361 | 
362 | 		for(fModule = fMark->Flink; fModule != fMark; fModule = fModule->Flink)
363 | 		{
364 | 			pMod = (PLDR_MODULE)fModule;
365 | 			if (WinNtApi::RtlCompareUnicodeString(&pMod->BaseDllName, &usModuleName, FALSE) == 0)
366 | 			{
367 | 				WinNtApi::RtlFreeUnicodeString(&usModuleName);
368 | 				return (HMODULE)pMod->BaseAddress;
369 | 			}
370 | 		}
371 | 
372 | 		WinNtApi::RtlFreeUnicodeString(&usModuleName);
373 | 
374 | 		return NULL;
375 | 	}
376 | 
377 | 	HMODULE WINAPI GetModuleHandleW(LPCWSTR ModuleName)
378 | 	{
379 | 		PLIST_ENTRY pebModuleHeader, ModuleLoop;
380 | 		PLDR_MODULE lclModule;
381 | 		PPEB_LDR_DATA pebModuleLdr;
382 | 		DWORD BadModuleCount = 0;
383 | 
384 | #if _M_IX86
385 | 		pebModuleLdr = (PPEB_LDR_DATA) *((DWORD_PTR *) __readfsdword(0x30) + 12 / sizeof(DWORD_PTR));
386 | #elif _M_X64
387 | 		pebModuleLdr = (PPEB_LDR_DATA) *((DWORD_PTR *) __readgsqword(0x60) + 24 / sizeof(DWORD_PTR));
388 | #endif
389 | 
390 | 		pebModuleHeader = (PLIST_ENTRY) &pebModuleLdr->InLoadOrderModuleList;
391 | 
392 | 		lclModule = (PLDR_MODULE) pebModuleHeader->Flink;
393 | 		ModuleLoop = pebModuleHeader->Flink;
394 | 		do
395 | 		{
396 | 			if (!WinNtApi::wcscmp(ModuleName, lclModule->BaseDllName.Buffer))
397 | 			{
398 | 				return((HMODULE) lclModule->BaseAddress);
399 | 			}
400 | 			lclModule = (PLDR_MODULE) ModuleLoop->Flink;
401 | 			ModuleLoop = ModuleLoop->Flink;
402 | 		} while(pebModuleHeader != ModuleLoop);
403 | 
404 | 		return(0);
405 | 	}
406 | 
407 | 	DWORD WINAPI GetModuleSize(HMODULE hModule)
408 | 	{
409 | 		if (hModule == NULL) return 0;
410 | 		PBYTE pbImageBase = (PBYTE)hModule;
411 | 		PIMAGE_DOS_HEADER DosHeader = (PIMAGE_DOS_HEADER)pbImageBase;
412 | 		PIMAGE_NT_HEADERS NTHeaders = (PIMAGE_NT_HEADERS)(pbImageBase + DosHeader->e_lfanew);
413 | 
414 | 		return NTHeaders->OptionalHeader.SizeOfImage;
415 | 	}
416 | 
417 | 	LPCWSTR WINAPI GetModuleFileNameW(HMODULE handle)
418 | 	{
419 | 		PLIST_ENTRY fModule,fMark;
420 | 		PLDR_MODULE pMod;
421 | 
422 | 		fMark = &WinNtApi::NtCurrentTeb()->Peb->LoaderData->InLoadOrderModuleList;
423 | 
424 | 		for(fModule = fMark->Flink; fModule != fMark; fModule = fModule->Flink)
425 | 		{
426 | 			pMod = (PLDR_MODULE)fModule;
427 | 			if (pMod->BaseAddress == handle)
428 | 			{
429 | 				return pMod->BaseDllName.Buffer;
430 | 			}
431 | 		}
432 | 
433 | 		return NULL;
434 | 	}
435 | 
436 | 	LPCWSTR WINAPI GetModuleFullFileNameW(HMODULE handle)
437 | 	{
438 | 		PLIST_ENTRY fModule,fMark;
439 | 		PLDR_MODULE pMod;
440 | 
441 | 		fMark = &WinNtApi::NtCurrentTeb()->Peb->LoaderData->InLoadOrderModuleList;
442 | 
443 | 		for(fModule = fMark->Flink; fModule != fMark; fModule = fModule->Flink)
444 | 		{
445 | 			pMod = (PLDR_MODULE)fModule;
446 | 			if (pMod->BaseAddress == handle)
447 | 			{
448 | 				return pMod->FullDllName.Buffer;
449 | 			}
450 | 		}
451 | 
452 | 		return NULL;
453 | 	}
454 | 
455 | 	FARPROC WINAPI GetProcAddress(HMODULE hModule, LPCSTR lpProcName)
456 | 	{
457 | 		if (!hModule)
458 | 			return(0);
459 | 
460 | 		PIMAGE_NT_HEADERS ModuleHeader = (PIMAGE_NT_HEADERS)((PCHAR) hModule + ((PIMAGE_DOS_HEADER) hModule)->e_lfanew);
461 | 		if (ModuleHeader->Signature != IMAGE_NT_SIGNATURE)
462 | 			return(0);
463 | 
464 | 		PIMAGE_DATA_DIRECTORY data_dir = &ModuleHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
465 | 		if (!data_dir->VirtualAddress)
466 | 			return(0);
467 | 
468 | 		PIMAGE_EXPORT_DIRECTORY ExportDirectory = (PIMAGE_EXPORT_DIRECTORY) (data_dir->VirtualAddress + (ULONG) hModule);
469 | 		if (!ExportDirectory)
470 | 			return(0);
471 | 
472 | 		PCHAR *Name = (PCHAR *) (ExportDirectory->AddressOfNames + (ULONG) hModule);
473 | 		if (!Name)
474 | 			return(0);
475 | 
476 | 		for(ULONG FunctionIndex = 0; FunctionIndex < ExportDirectory->NumberOfNames; FunctionIndex++)
477 | 		{
478 | 			if (!WinNtApi::strcmp((PCHAR) *Name + (ULONG) hModule, lpProcName))
479 | 			{
480 | 				PULONG FunctionAddress = (PULONG) (ExportDirectory->AddressOfFunctions + (ULONG) hModule);
481 | 				PUSHORT Ordinals =  (PUSHORT) (ExportDirectory->AddressOfNameOrdinals + (ULONG) hModule);
482 | 
483 | 				if (!Ordinals || !FunctionAddress || !lpProcName)
484 | 					return(0);
485 | 				else
486 | 					return((FARPROC) (FunctionAddress[Ordinals[FunctionIndex]] + (ULONG) hModule));
487 | 			}
488 | 			Name++;
489 | 		}
490 | 		return(0);
491 | 	}
492 | 
493 | 
494 | 	BOOL WINAPI IsBadReadPtr(CONST VOID* lp,UINT ucb)
495 | 	{
496 | 		MEMORY_BASIC_INFORMATION MemoryInformation;
497 | 
498 | 		if (ucb == 0) return TRUE;
499 | 		Win32Api::VirtualQuery((LPVOID)lp, &MemoryInformation, sizeof(MEMORY_BASIC_INFORMATION));
500 | 
501 | 		if (MemoryInformation.State != MEM_COMMIT) return TRUE;
502 | 		if (MemoryInformation.RegionSize < ucb) return TRUE;
503 | 		if (MemoryInformation.Protect == PAGE_EXECUTE) return TRUE;
504 | 		if (MemoryInformation.Protect == PAGE_NOACCESS)return TRUE;
505 | 
506 | 		return FALSE;
507 | 	}
508 | 
509 | 	BOOL WINAPI IsBadWritePtr(LPVOID lp, UINT ucb)
510 | 	{
511 | 		MEMORY_BASIC_INFORMATION MemoryInformation;
512 | 
513 | 		if (ucb == 0)return TRUE;
514 | 		Win32Api::VirtualQuery((LPVOID)lp, &MemoryInformation, sizeof(MEMORY_BASIC_INFORMATION));
515 | 
516 | 		if (MemoryInformation.State != MEM_COMMIT) return TRUE;
517 | 		if (MemoryInformation.RegionSize < ucb) return TRUE;
518 | 		if (MemoryInformation.Protect == PAGE_READONLY) return TRUE;
519 | 		if ((MemoryInformation.Protect == PAGE_EXECUTE)
520 | 			|| (MemoryInformation.Protect == PAGE_EXECUTE_READ))return TRUE;
521 | 		if (MemoryInformation.Protect == PAGE_NOACCESS)return TRUE;
522 | 
523 | 		return FALSE;
524 | 	}
525 | 
526 | 	BOOL WINAPI CloseHandle(HANDLE Object)
527 | 	{
528 | 		return WinNtApi::NtClose(Object);
529 | 	}
530 | 
531 | 	void WINAPI SetLastError(DWORD error)
532 | 	{
533 | 		WinNtApi::NtCurrentTeb()->LastErrorValue = error;
534 | 	}
535 | 
536 | 	HANDLE WINAPI CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
537 | 	{
538 | 		return INVALID_HANDLE_VALUE;
539 | 	}
540 | 
541 | 	HANDLE WINAPI CreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
542 | 	{
543 | 		return INVALID_HANDLE_VALUE;
544 | 	}
545 | 
546 | 	HANDLE WINAPI CreateFileMappingA(HANDLE hFile, SECURITY_ATTRIBUTES *sa, DWORD protect, DWORD size_high, DWORD size_low, LPCSTR name)
547 | 	{
548 | 		return NULL;
549 | 	}
550 | 
551 | 	HANDLE WINAPI CreateFileMappingW(HANDLE hFile, LPSECURITY_ATTRIBUTES sa, DWORD protect, DWORD size_high, DWORD size_low, LPCWSTR name)
552 | 	{
553 | 		static const int sec_flags = SEC_FILE | SEC_IMAGE | SEC_RESERVE | SEC_COMMIT | SEC_NOCACHE;
554 | 
555 | 		HANDLE ret;
556 | 		NTSTATUS status;
557 | 		DWORD access, sec_type;
558 | 		LARGE_INTEGER size;
559 | 
560 | 		sec_type = protect & sec_flags;
561 | 		protect &= ~sec_flags;
562 | 		if (!sec_type) sec_type = SEC_COMMIT;
563 | 
564 | 		/* Win9x compatibility */
565 | 		if (!protect && (Win32Api::GetVersion() & 0x80000000)) protect = PAGE_READONLY;
566 | 
567 | 		switch(protect)
568 | 		{
569 | 		case PAGE_READONLY:
570 | 		case PAGE_WRITECOPY:
571 | 			access = STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ;
572 | 			break;
573 | 		case PAGE_READWRITE:
574 | 			access = STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE;
575 | 			break;
576 | 		case PAGE_EXECUTE_READ:
577 | 		case PAGE_EXECUTE_WRITECOPY:
578 | 			access = STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_EXECUTE;
579 | 			break;
580 | 		case PAGE_EXECUTE_READWRITE:
581 | 			access = STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE | SECTION_MAP_EXECUTE;
582 | 			break;
583 | 		default:
584 | 			Win32Api::SetLastError(ERROR_INVALID_PARAMETER);
585 | 			return 0;
586 | 		}
587 | 
588 | 		if (hFile == INVALID_HANDLE_VALUE)
589 | 		{
590 | 			hFile = 0;
591 | 			if (!size_low && !size_high)
592 | 			{
593 | 				Win32Api::SetLastError(ERROR_INVALID_PARAMETER);
594 | 				return 0;
595 | 			}
596 | 		}
597 | 
598 | 		size.u.LowPart  = size_low;
599 | 		size.u.HighPart = size_high;
600 | 
601 | 		if (sa || name)
602 | 		{
603 | 			__asm int 3;
604 | 		}
605 | 		else status = WinNtApi::NtCreateSection(&ret, access, NULL, &size, protect, sec_type, hFile);
606 | 
607 | 		return ret;
608 | 	}
609 | 
610 | 	int WINAPI WideCharToMultiByte(
611 | 		UINT CodePage, 
612 | 		DWORD dwFlags, 
613 | 		LPCWSTR lpWideCharStr, 
614 | 		int cchWideChar,
615 | 		LPSTR lpMultiByteStr, 
616 | 		int cbMultiByte,
617 | 		LPCSTR lpDefaultChar,
618 | 		LPBOOL lpUsedDefaultChar)
619 | 	{
620 | 		WCHAR wcsKernel32[] = {'K', 'e', 'r', 'n', 'e', 'l', '3', '2', '.', 'd', 'l', 'l', '\0'};
621 | 		CHAR szProcName[] = {'W', 'i', 'd', 'e', 'C', 'h', 'a', 'r', 'T', 'o', 'M', 'u', 'l', 't', 'i', 'B', 'y', 't', 'e', '\0'};
622 | 		Type_WideCharToMultiByte pfn = (Type_WideCharToMultiByte)(Win32Api::GetProcAddress(
623 | 			Win32Api::GetModuleHandleW(wcsKernel32),
624 | 			szProcName));
625 | 
626 | 		return pfn(
627 | 			CodePage, 
628 | 			dwFlags, 
629 | 			lpWideCharStr, 
630 | 			cchWideChar, 
631 | 			lpMultiByteStr, 
632 | 			cbMultiByte, 
633 | 			lpDefaultChar, 
634 | 			lpUsedDefaultChar);
635 | 	}
636 | }
637 | 
638 | 
639 | //////////////////////////////////////////////////////////////////////////
640 | // some util functions	
641 | BOOL WINAPI thread_next(HANDLE hSnapShot, LPTHREADENTRY32 lpte, BOOL first)
642 | {
643 | 	struct snapshot*    snap;
644 | 	BOOL                ret = FALSE;
645 | 
646 | 	if (lpte->dwSize < sizeof(THREADENTRY32))
647 | 	{
648 | 		return FALSE;
649 | 	}
650 | 	if ((snap = (struct snapshot*)Win32Api::MapViewOfFile(hSnapShot, FILE_MAP_ALL_ACCESS, 0, 0, 0)))
651 | 	{
652 | 		if (first) snap->thread_pos = 0;
653 | 		if (snap->thread_pos < snap->thread_count)
654 | 		{
655 | 			LPTHREADENTRY32 te = (THREADENTRY32*)&snap->data[snap->thread_offset];
656 | 			*lpte = te[snap->thread_pos++];
657 | 			ret = TRUE;
658 | 		}
659 | 		Win32Api::UnmapViewOfFile(snap);
660 | 	}
661 | 	return ret;
662 | }
663 | 
664 | BOOL WINAPI process_next(HANDLE hSnapShot, LPPROCESSENTRY32W lppe,BOOL first, BOOL unicode)
665 | {
666 | 	struct snapshot*    snap;
667 | 	BOOL                ret = FALSE;
668 | 	DWORD               sz = unicode ? sizeof(PROCESSENTRY32W) : sizeof(PROCESSENTRY32);
669 | 
670 | 	if (lppe->dwSize < sz)
671 | 	{
672 | 		return FALSE;
673 | 	}
674 | 
675 | 	if ((snap = (struct snapshot*)Win32Api::MapViewOfFile(hSnapShot, FILE_MAP_ALL_ACCESS, 0, 0, 0)))
676 | 	{
677 | 		if (first) snap->process_pos = 0;
678 | 		if (snap->process_pos < snap->process_count)
679 | 		{
680 | 			LPPROCESSENTRY32W pe = (PROCESSENTRY32W*)&snap->data[snap->process_offset];
681 | 			if (unicode)
682 | 				*lppe = pe[snap->process_pos];
683 | 			else
684 | 			{
685 | 				lppe->cntUsage = pe[snap->process_pos].cntUsage;
686 | 				lppe->th32ProcessID = pe[snap->process_pos].th32ProcessID;
687 | 				lppe->th32DefaultHeapID = pe[snap->process_pos].th32DefaultHeapID;
688 | 				lppe->th32ModuleID = pe[snap->process_pos].th32ModuleID;
689 | 				lppe->cntThreads = pe[snap->process_pos].cntThreads;
690 | 				lppe->th32ParentProcessID = pe[snap->process_pos].th32ParentProcessID;
691 | 				lppe->pcPriClassBase = pe[snap->process_pos].pcPriClassBase;
692 | 				lppe->dwFlags = pe[snap->process_pos].dwFlags;
693 | 
694 | 				Win32Api::WideCharToMultiByte(CP_ACP, 0, pe[snap->process_pos].szExeFile, -1,
695 | 					(char*)lppe->szExeFile, sizeof(lppe->szExeFile), 0, 0);
696 | 			}
697 | 			snap->process_pos++;
698 | 			ret = TRUE;
699 | 		}
700 | 		Win32Api::UnmapViewOfFile(snap);
701 | 	}
702 | 
703 | 	return ret;
704 | }
705 | 
706 | BOOL WINAPI module_nextA(HANDLE handle, LPMODULEENTRY32 lpme, BOOL first)
707 | {
708 | 	BOOL ret;
709 | 	MODULEENTRY32W mew;
710 | 
711 | 	if (lpme->dwSize < sizeof(MODULEENTRY32))
712 | 	{
713 | 		return FALSE;
714 | 	}
715 | 
716 | 	mew.dwSize = sizeof(mew);
717 | 	if ((ret = module_nextW(handle, &mew, first)))
718 | 	{
719 | 		lpme->th32ModuleID  = mew.th32ModuleID;
720 | 		lpme->th32ProcessID = mew.th32ProcessID;
721 | 		lpme->GlblcntUsage  = mew.GlblcntUsage;
722 | 		lpme->ProccntUsage  = mew.ProccntUsage;
723 | 		lpme->modBaseAddr   = mew.modBaseAddr;
724 | 		lpme->modBaseSize   = mew.modBaseSize;
725 | 		lpme->hModule       = mew.hModule;
726 | 		Win32Api::WideCharToMultiByte(CP_ACP, 0, mew.szModule, -1, lpme->szModule, sizeof(lpme->szModule), NULL, NULL);
727 | 		Win32Api::WideCharToMultiByte(CP_ACP, 0, mew.szExePath, -1, lpme->szExePath, sizeof(lpme->szExePath), NULL, NULL);
728 | 	}
729 | 	return ret;
730 | }
731 | 
732 | 
733 | BOOL WINAPI module_nextW(HANDLE hSnapShot, LPMODULEENTRY32W lpme, BOOL first)
734 | {
735 | 	struct snapshot*    snap;
736 | 	BOOL                ret = FALSE;
737 | 
738 | 	if (lpme->dwSize < sizeof (MODULEENTRY32W))
739 | 	{
740 | 		return FALSE;
741 | 	}
742 | 	if ((snap = (struct snapshot*)Win32Api::MapViewOfFile(hSnapShot, FILE_MAP_ALL_ACCESS, 0, 0, 0)))
743 | 	{
744 | 		if (first) snap->module_pos = 0;
745 | 		if (snap->module_pos < snap->module_count)
746 | 		{
747 | 			LPMODULEENTRY32W pe = (MODULEENTRY32W*)&snap->data[snap->module_offset];
748 | 			*lpme = pe[snap->module_pos++];
749 | 			ret = TRUE;
750 | 		}
751 | 		Win32Api::UnmapViewOfFile(snap);
752 | 	}
753 | 
754 | 	return ret;
755 | }
756 | 


--------------------------------------------------------------------------------
/SecureWinApi/SecureWinApi/StructDefine.h:
--------------------------------------------------------------------------------
  1 | //#include <windows.h>
  2 | 
  3 | #pragma once
  4 | 
  5 | #define SystemProcessInformation 5
  6 | 
  7 | #ifndef _WINDOWS_
  8 | #define TRUE 1
  9 | #define FALSE 0
 10 | 
 11 | #define WINAPI __stdcall
 12 | #define NT_SUCCESS( status ) ( status >= 0 )
 13 | 
 14 | #define VOID void
 15 | #define CONST const
 16 | #define CALLBACK __stdcall
 17 | 
 18 | #define IMAGE_NT_SIGNATURE 0x00004550
 19 | #define IMAGE_DIRECTORY_ENTRY_EXPORT 0
 20 | #define IMAGE_DIRECTORY_ENTRY_IMPORT 1
 21 | 
 22 | typedef int BOOL;
 23 | typedef __w64 unsigned long ULONG_PTR;
 24 | typedef ULONG_PTR DWORD_PTR;
 25 | typedef void *HANDLE;
 26 | typedef unsigned long DWORD, *PDWORD;
 27 | typedef signed short WORD, *PWORD;
 28 | typedef unsigned long ULONG, *PULONG;
 29 | typedef long LONG, *PLONG;
 30 | typedef short SHORT, *PSHORT;
 31 | typedef unsigned short USHORT, *PUSHORT;
 32 | typedef long long LONGLONG;
 33 | typedef unsigned int UINT;
 34 | typedef void *LPVOID, *LPCVOID, *PVOID;
 35 | typedef char *PCHAR, CHAR, BYTE, *PBYTE;
 36 | typedef unsigned char *PUCHAR, UCHAR;
 37 | typedef DWORD *PDWORD;
 38 | typedef ULONG_PTR SIZE_T;
 39 | typedef LONG NTSTATUS;
 40 | typedef unsigned short USHORT, *PUSHORT;
 41 | typedef wchar_t WCHAR;
 42 | typedef WCHAR *PWSTR;
 43 | 
 44 | typedef PVOID HANDLE;
 45 | typedef HANDLE HINSTANCE;
 46 | typedef HINSTANCE HMODULE;
 47 | typedef __nullterminated CONST CHAR *LPCSTR;
 48 | 
 49 | typedef int ( CALLBACK* FARPROC )( );
 50 | 
 51 | typedef struct _IMAGE_DATA_DIRECTORY
 52 | {
 53 | 	DWORD VirtualAddress;
 54 | 	DWORD Size;
 55 | } IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
 56 | 
 57 | typedef struct _FLOATING_SAVE_AREA
 58 | {
 59 | 	DWORD ControlWord;
 60 | 	DWORD StatusWord;
 61 | 	DWORD TagWord;
 62 | 	DWORD ErrorOffset;
 63 | 	DWORD ErrorSelector;
 64 | 	DWORD DataOffset;
 65 | 	DWORD DataSelector;
 66 | 	BYTE RegisterArea[80];
 67 | 	DWORD Cr0NpxState;
 68 | } FLOATING_SAVE_AREA;
 69 | 
 70 | typedef struct _IMAGE_FILE_HEADER
 71 | {
 72 | 	WORD Machine;
 73 | 	WORD NumberOfSections;
 74 | 	DWORD TimeDateStamp;
 75 | 	DWORD PointerToSymbolTable;
 76 | 	DWORD NumberOfSymbols;
 77 | 	WORD SizeOfOptionalHeader;
 78 | 	WORD Characteristics;
 79 | } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
 80 | 
 81 | typedef struct _IMAGE_OPTIONAL_HEADER
 82 | {
 83 | 	WORD Magic;
 84 | 	BYTE MajorLinkerVersion;
 85 | 	BYTE MinorLinkerVersion;
 86 | 	DWORD SizeOfCode;
 87 | 	DWORD SizeOfInitializedData;
 88 | 	DWORD SizeOfUninitializedData;
 89 | 	DWORD AddressOfEntryPoint;
 90 | 	DWORD BaseOfCode;
 91 | 	DWORD BaseOfData;
 92 | 	DWORD ImageBase;
 93 | 	DWORD SectionAlignment;
 94 | 	DWORD FileAlignment;
 95 | 	WORD MajorOperatingSystemVersion;
 96 | 	WORD MinorOperatingSystemVersion;
 97 | 	WORD MajorImageVersion;
 98 | 	WORD MinorImageVersion;
 99 | 	WORD MajorSubsystemVersion;
100 | 	WORD MinorSubsystemVersion;
101 | 	DWORD Win32VersionValue;
102 | 	DWORD SizeOfImage;
103 | 	DWORD SizeOfHeaders;
104 | 	DWORD CheckSum;
105 | 	WORD Subsystem;
106 | 	WORD DllCharacteristics;
107 | 	DWORD SizeOfStackReserve;
108 | 	DWORD SizeOfStackCommit;
109 | 	DWORD SizeOfHeapReserve;
110 | 	DWORD SizeOfHeapCommit;
111 | 	DWORD LoaderFlags;
112 | 	DWORD NumberOfRvaAndSizes;
113 | 	IMAGE_DATA_DIRECTORY DataDirectory[16];
114 | } IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER;
115 | 
116 | typedef struct _IMAGE_DOS_HEADER
117 | {
118 | 	WORD e_magic;
119 | 	WORD e_cblp;
120 | 	WORD e_cp;
121 | 	WORD e_crlc;
122 | 	WORD e_cparhdr;
123 | 	WORD e_minalloc;
124 | 	WORD e_maxalloc;
125 | 	WORD e_ss;
126 | 	WORD e_sp;
127 | 	WORD e_csum;
128 | 	WORD e_ip;
129 | 	WORD e_cs;
130 | 	WORD e_lfarlc;
131 | 	WORD e_ovno;
132 | 	WORD e_res[4];
133 | 	WORD e_oemid;
134 | 	WORD e_oeminfo;
135 | 	WORD e_res2[10];
136 | 	LONG e_lfanew;
137 | } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
138 | 
139 | typedef struct _IMAGE_NT_HEADERS
140 | {
141 | 	DWORD Signature;
142 | 	IMAGE_FILE_HEADER FileHeader;
143 | 	IMAGE_OPTIONAL_HEADER OptionalHeader;
144 | } IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS;
145 | 
146 | typedef struct _IMAGE_EXPORT_DIRECTORY
147 | {
148 | 	DWORD Characteristics;
149 | 	DWORD TimeDateStamp;
150 | 	WORD MajorVersion;
151 | 	WORD MinorVersion;
152 | 	DWORD Name;
153 | 	DWORD Base;
154 | 	DWORD NumberOfFunctions;
155 | 	DWORD NumberOfNames;
156 | 	DWORD AddressOfFunctions;
157 | 	DWORD AddressOfNames;
158 | 	DWORD AddressOfNameOrdinals;
159 | } IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
160 | 
161 | #ifdef _M_IX86
162 | #define CONTEXT_i386 0x00010000
163 | 
164 | #define CONTEXT_CONTROL (CONTEXT_i386 | 0x00000001L)
165 | #define CONTEXT_INTEGER (CONTEXT_i386 | 0x00000002L)
166 | #define CONTEXT_SEGMENTS (CONTEXT_i386 | 0x00000004L)
167 | #define CONTEXT_FLOATING_POINT  (CONTEXT_i386 | 0x00000008L)
168 | #define CONTEXT_DEBUG_REGISTERS (CONTEXT_i386 | 0x00000010L)
169 | #define CONTEXT_EXTENDED_REGISTERS  (CONTEXT_i386 | 0x00000020L)
170 | 
171 | #define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_INTEGER |\
172 | 	CONTEXT_SEGMENTS)
173 | 
174 | #define CONTEXT_ALL (CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS | \
175 | 	CONTEXT_FLOATING_POINT | CONTEXT_DEBUG_REGISTERS | \
176 | 	CONTEXT_EXTENDED_REGISTERS)
177 | typedef struct _CONTEXT
178 | {
179 | 	DWORD ContextFlags;
180 | 
181 | 	DWORD Dr0;
182 | 	DWORD Dr1;
183 | 	DWORD Dr2;
184 | 	DWORD Dr3;
185 | 	DWORD Dr6;
186 | 	DWORD Dr7;
187 | 
188 | 	FLOATING_SAVE_AREA FloatSave;
189 | 
190 | 	DWORD SegGs;
191 | 	DWORD SegFs;
192 | 	DWORD SegEs;
193 | 	DWORD SegDs;
194 | 
195 | 	DWORD Edi;
196 | 	DWORD Esi;
197 | 	DWORD Ebx;
198 | 	DWORD Edx;
199 | 	DWORD Ecx;
200 | 	DWORD Eax;
201 | 
202 | 
203 | 	DWORD Ebp;
204 | 	DWORD Eip;
205 | 	DWORD SegCs;
206 | 	DWORD EFlags;
207 | 	DWORD Esp;
208 | 	DWORD SegSs;
209 | 
210 | 	BYTE ExtendedRegisters[512];
211 | 
212 | } CONTEXT;
213 | typedef double ULONGLONG;
214 | 
215 | #elif _M_X64
216 | 
217 | #define CONTEXT_AMD64 0x100000
218 | 
219 | #define CONTEXT_CONTROL (CONTEXT_AMD64 | 0x1L)
220 | #define CONTEXT_INTEGER (CONTEXT_AMD64 | 0x2L)
221 | #define CONTEXT_SEGMENTS (CONTEXT_AMD64 | 0x4L)
222 | #define CONTEXT_FLOATING_POINT  (CONTEXT_AMD64 | 0x8L)
223 | #define CONTEXT_DEBUG_REGISTERS (CONTEXT_AMD64 | 0x10L)
224 | 
225 | #define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_FLOATING_POINT)
226 | 
227 | #define CONTEXT_ALL (CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS | CONTEXT_FLOATING_POINT | CONTEXT_DEBUG_REGISTERS)
228 | 
229 | #define CONTEXT_EXCEPTION_ACTIVE 0x8000000
230 | #define CONTEXT_SERVICE_ACTIVE 0x10000000
231 | #define CONTEXT_EXCEPTION_REQUEST 0x40000000
232 | #define CONTEXT_EXCEPTION_REPORTING 0x80000000
233 | 
234 | 
235 | typedef struct DECLSPEC_ALIGN(16) _CONTEXT
236 | {
237 | 	DWORD64 P1Home;
238 | 	DWORD64 P2Home;
239 | 	DWORD64 P3Home;
240 | 	DWORD64 P4Home;
241 | 	DWORD64 P5Home;
242 | 	DWORD64 P6Home;
243 | 
244 | 	DWORD ContextFlags;
245 | 	DWORD MxCsr;
246 | 	WORD SegCs;
247 | 	WORD SegDs;
248 | 	WORD SegEs;
249 | 	WORD SegFs;
250 | 	WORD SegGs;
251 | 	WORD SegSs;
252 | 	DWORD EFlags;
253 | 
254 | 	DWORD64 Dr0;
255 | 	DWORD64 Dr1;
256 | 	DWORD64 Dr2;
257 | 	DWORD64 Dr3;
258 | 	DWORD64 Dr6;
259 | 	DWORD64 Dr7;
260 | 
261 | 
262 | 	DWORD64 Rax;
263 | 	DWORD64 Rcx;
264 | 	DWORD64 Rdx;
265 | 	DWORD64 Rbx;
266 | 	DWORD64 Rsp;
267 | 	DWORD64 Rbp;
268 | 	DWORD64 Rsi;
269 | 	DWORD64 Rdi;
270 | 	DWORD64 R8;
271 | 	DWORD64 R9;
272 | 	DWORD64 R10;
273 | 	DWORD64 R11;
274 | 	DWORD64 R12;
275 | 	DWORD64 R13;
276 | 	DWORD64 R14;
277 | 	DWORD64 R15;
278 | 
279 | 	DWORD64 Rip;
280 | 
281 | 	union {
282 | 		XMM_SAVE_AREA32 FltSave;
283 | 		struct {
284 | 			M128A Header[2];
285 | 			M128A Legacy[8];
286 | 			M128A Xmm0;
287 | 			M128A Xmm1;
288 | 			M128A Xmm2;
289 | 			M128A Xmm3;
290 | 			M128A Xmm4;
291 | 			M128A Xmm5;
292 | 			M128A Xmm6;
293 | 			M128A Xmm7;
294 | 			M128A Xmm8;
295 | 			M128A Xmm9;
296 | 			M128A Xmm10;
297 | 			M128A Xmm11;
298 | 			M128A Xmm12;
299 | 			M128A Xmm13;
300 | 			M128A Xmm14;
301 | 			M128A Xmm15;
302 | 		};
303 | 	};
304 | 
305 | 	M128A VectorRegister[26];
306 | 	DWORD64 VectorControl;
307 | 
308 | 
309 | 	DWORD64 DebugControl;
310 | 	DWORD64 LastBranchToRip;
311 | 	DWORD64 LastBranchFromRip;
312 | 	DWORD64 LastExceptionToRip;
313 | 	DWORD64 LastExceptionFromRip;
314 | } CONTEXT, *PCONTEXT;
315 | typedef unsigned __int64 ULONGLONG;
316 | 
317 | #endif
318 | 
319 | 
320 | typedef union _LARGE_INTEGER
321 | {
322 | 	union
323 | 	{
324 | 		DWORD LowPart;
325 | 		LONG HighPart;
326 | 	};
327 | 	union
328 | 	{
329 | 		DWORD LowPart;
330 | 		LONG HighPart;
331 | 	} u;
332 | 	LONGLONG QuadPart;
333 | } LARGE_INTEGER, *PLARGE_INTEGER;
334 | 
335 | typedef struct _IO_COUNTERS
336 | {
337 | 	ULONGLONG ReadOperationCount;
338 | 	ULONGLONG WriteOperationCount;
339 | 	ULONGLONG OtherOperationCount;
340 | 	ULONGLONG ReadTransferCount;
341 | 	ULONGLONG WriteTransferCount;
342 | 	ULONGLONG OtherTransferCount;
343 | } IO_COUNTERS, *PIO_COUNTERS;
344 | 
345 | 
346 | typedef struct _LIST_ENTRY
347 | {
348 | 	struct _LIST_ENTRY  *Flink;
349 | 	struct _LIST_ENTRY  *Blink;
350 | } LIST_ENTRY, *PLIST_ENTRY;
351 | 
352 | typedef struct _MEMORY_BASIC_INFORMATION
353 | {
354 | 	PVOID BaseAddress;
355 | 	PVOID AllocationBase;
356 | 	DWORD AllocationProtect;
357 | 	SIZE_T RegionSize;
358 | 	DWORD State;
359 | 	DWORD Protect;
360 | 	DWORD Type;
361 | } MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;
362 | #endif
363 | 
364 | 
365 | typedef struct _CLIENT_ID
366 | {
367 | 	PVOID UniqueProcess;
368 | 	PVOID UniqueThread;
369 | } CLIENT_ID, *PCLIENT_ID;
370 | 
371 | typedef long KPRIORITY;
372 | 
373 | typedef enum _KWAIT_REASON
374 | {
375 | 	Executive = 0,
376 | 	FreePage = 1,
377 | 	PageIn = 2,
378 | 	PoolAllocation = 3,
379 | 	DelayExecution = 4,
380 | 	Suspended = 5,
381 | 	UserRequest = 6,
382 | 	WrExecutive = 7,
383 | 	WrFreePage = 8,
384 | 	WrPageIn = 9,
385 | 	WrPoolAllocation = 10,
386 | 	WrDelayExecution = 11,
387 | 	WrSuspended = 12,
388 | 	WrUserRequest = 13,
389 | 	WrEventPair = 14,
390 | 	WrQueue = 15,
391 | 	WrLpcReceive = 16,
392 | 	WrLpcReply = 17,
393 | 	WrVirtualMemory = 18,
394 | 	WrPageOut = 19,
395 | 	WrRendezvous = 20,
396 | 	Spare2 = 21,
397 | 	Spare3 = 22,
398 | 	Spare4 = 23,
399 | 	Spare5 = 24,
400 | 	WrCalloutStack = 25,
401 | 	WrKernel = 26,
402 | 	WrResource = 27,
403 | 	WrPushLock = 28,
404 | 	WrMutex = 29,
405 | 	WrQuantumEnd = 30,
406 | 	WrDispatchInt = 31,
407 | 	WrPreempted = 32,
408 | 	WrYieldExecution = 33,
409 | 	WrFastMutex = 34,
410 | 	WrGuardedMutex = 35,
411 | 	WrRundown = 36,
412 | 	MaximumWaitReason = 37
413 | } KWAIT_REASON;
414 | 
415 | typedef struct _VM_COUNTERS { 
416 | 	SIZE_T PeakVirtualSize; 
417 | 	SIZE_T VirtualSize; 
418 | 	ULONG PageFaultCount; 
419 | 	SIZE_T PeakWorkingSetSize; 
420 | 	SIZE_T WorkingSetSize; 
421 | 	SIZE_T QuotaPeakPagedPoolUsage; 
422 | 	SIZE_T QuotaPagedPoolUsage; 
423 | 	SIZE_T QuotaPeakNonPagedPoolUsage; 
424 | 	SIZE_T QuotaNonPagedPoolUsage; 
425 | 	SIZE_T PagefileUsage; 
426 | 	SIZE_T PeakPagefileUsage; 
427 | } VM_COUNTERS; 
428 | 
429 | 
430 | typedef struct _SYSTEM_THREAD_INFORMATION
431 | {
432 | 	LARGE_INTEGER KernelTime;
433 | 	LARGE_INTEGER UserTime;
434 | 	LARGE_INTEGER CreateTime;
435 | 	ULONG WaitTime;
436 | 	PVOID StartAddress;
437 | 	CLIENT_ID ClientId;
438 | 	KPRIORITY Priority;
439 | 	KPRIORITY BasePriority;
440 | 	ULONG ContextSwitchCount;
441 | 	LONG State;
442 | 	LONG WaitReason;
443 | } SYSTEM_THREAD_INFORMATION, * PSYSTEM_THREAD_INFORMATION;
444 | 
445 | typedef struct _UNICODE_STRING
446 | {
447 | 	USHORT Length;
448 | 	USHORT MaximumLength;
449 | 	PWSTR Buffer;
450 | } UNICODE_STRING,*PUNICODE_STRING;
451 | 
452 | #define UNICODE_STRING_ \
453 | 	sizeof (UNICODE_STRING)
454 | 
455 | typedef struct _OBJECT_ATTRIBUTES
456 | {
457 | 	ULONG Length;
458 | 	HANDLE RootDirectory;
459 | 	PUNICODE_STRING ObjectName;
460 | 	ULONG Attributes;
461 | 	PVOID SecurityDescriptor;
462 | 	PVOID SecurityQualityOfService;
463 | } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
464 | 
465 | 
466 | typedef struct _SYSTEM_PROCESS_INFORMATION {
467 | 	ULONG           NextEntryDelta;         // offset to the next entry
468 | 	ULONG           ThreadCount;            // number of threads
469 | 	ULONG           Reserved1[6];           // reserved
470 | 	LARGE_INTEGER   CreateTime;             // process creation time
471 | 	LARGE_INTEGER   UserTime;               // time spent in user mode
472 | 	LARGE_INTEGER   KernelTime;             // time spent in kernel mode
473 | 	UNICODE_STRING  ProcessName;            // process name
474 | 	KPRIORITY       BasePriority;           // base process priority
475 | 	ULONG           ProcessId;              // process identifier
476 | 	ULONG           InheritedFromProcessId; // parent process identifier
477 | 	ULONG           HandleCount;            // number of handles
478 | 	ULONG           Reserved2[2];           // reserved
479 | 	VM_COUNTERS     VmCounters;             // virtual memory counters
480 | #if _WIN32_WINNT >= 0x500
481 | 	IO_COUNTERS     IoCounters;             // i/o counters
482 | #endif
483 | 	SYSTEM_THREAD_INFORMATION Threads[1];   // threads
484 | } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
485 | 
486 | typedef struct _PEB_LDR_DATA
487 | {
488 | 	ULONG Length;
489 | 	BOOL Initialized;
490 | 	PVOID SsHandle;
491 | 	LIST_ENTRY InLoadOrderModuleList;
492 | 	LIST_ENTRY InMemoryOrderModuleList;
493 | 	LIST_ENTRY InInitializationOrderModuleList;
494 | } PEB_LDR_DATA, *PPEB_LDR_DATA;
495 | 
496 | typedef struct _LDR_MODULE {
497 | 	LIST_ENTRY InLoadOrderModuleList;
498 | 	LIST_ENTRY InMemoryOrderModuleList;
499 | 	LIST_ENTRY InInitializationOrderModuleList;
500 | 	PVOID BaseAddress;
501 | 	PVOID EntryPoint;
502 | 	ULONG SizeOfImage;
503 | 	UNICODE_STRING FullDllName;
504 | 	UNICODE_STRING BaseDllName;
505 | 	ULONG Flags;
506 | 	SHORT LoadCount;
507 | 	SHORT TlsIndex;
508 | 	LIST_ENTRY HashTableEntry;
509 | 	ULONG TimeDateStamp;
510 | } LDR_MODULE, *PLDR_MODULE;
511 | 
512 | typedef enum _OBJECT_INFORMATION_CLASS
513 | {
514 | 	ObjectBasicInformation,
515 | 	ObjectNameInformation,
516 | 	ObjectTypeInformation,
517 | 	ObjectAllTypesInformation,
518 | 	ObjectHandleInformation
519 | } OBJECT_INFORMATION_CLASS;
520 | 
521 | typedef DWORD ACCESS_MASK;
522 | 
523 | typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION
524 | {
525 | 	ULONG Attributes;
526 | 	ACCESS_MASK GrantedAccess;
527 | 	ULONG HandleCount;
528 | 	ULONG PointerCount;
529 | 	ULONG Reserved[10];
530 | } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
531 | 
532 | 
533 | 
534 | typedef LONG NTSTATUS;
535 | typedef NTSTATUS *PNTSTATUS;
536 | 
537 | 
538 | #define OBJ_INHERIT          0x00000002
539 | #define OBJ_PERMANENT        0x00000010
540 | #define OBJ_EXCLUSIVE        0x00000020
541 | #define OBJ_CASE_INSENSITIVE 0x00000040
542 | #define OBJ_OPENIF           0x00000080
543 | #define OBJ_OPENLINK         0x00000100
544 | #define OBJ_KERNEL_HANDLE    0x00000200
545 | #define OBJ_VALID_ATTRIBUTES 0x000003F2
546 | 
547 | #define OBJECT_ATTRIBUTES_ \
548 |         sizeof (OBJECT_ATTRIBUTES)
549 | 
550 | 
551 | 
552 | typedef struct _RTL_DRIVE_LETTER_CURDIR {
553 | 	USHORT Flags; 
554 | 	USHORT Length; 
555 | 	ULONG TimeStamp; 
556 | 	UNICODE_STRING DosPath;
557 | } RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;
558 | 
559 | typedef struct _RTL_USER_PROCESS_PARAMETERS {
560 | 	ULONG MaximumLength; 
561 | 	ULONG Length; 
562 | 	ULONG Flags; 
563 | 	ULONG DebugFlags; 
564 | 	PVOID ConsoleHandle; 
565 | 	ULONG ConsoleFlags; 
566 | 	HANDLE StdInputHandle; 
567 | 	HANDLE StdOutputHandle; 
568 | 	HANDLE StdErrorHandle; 
569 | 	UNICODE_STRING CurrentDirectoryPath; 
570 | 	HANDLE CurrentDirectoryHandle; 
571 | 	UNICODE_STRING DllPath; 
572 | 	UNICODE_STRING ImagePathName; 
573 | 	UNICODE_STRING CommandLine; 
574 | 	PVOID Environment; 
575 | 	ULONG StartingPositionLeft; 
576 | 	ULONG StartingPositionTop; 
577 | 	ULONG Width; 
578 | 	ULONG Height; 
579 | 	ULONG CharWidth; 
580 | 	ULONG CharHeight; 
581 | 	ULONG ConsoleTextAttributes; 
582 | 	ULONG WindowFlags; 
583 | 	ULONG ShowWindowFlags; 
584 | 	UNICODE_STRING WindowTitle; 
585 | 	UNICODE_STRING DesktopName; 
586 | 	UNICODE_STRING ShellInfo; 
587 | 	UNICODE_STRING RuntimeData; 
588 | 	RTL_DRIVE_LETTER_CURDIR DLCurrentDirectory[0x20];
589 | 
590 | } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
591 | 
592 | typedef void (*PPEBLOCKROUTINE)(
593 | 	PVOID PebLock
594 | ); 
595 | 
596 | typedef PVOID *PPVOID;
597 | 
598 | typedef struct _PEB_FREE_BLOCK
599 | {
600 |    struct _PEB_FREE_BLOCK* Next;
601 |    ULONG Size;
602 | } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
603 | 
604 | typedef struct _IO_STATUS_BLOCK {
605 | 	union {
606 | 		NTSTATUS Status;
607 | 		PVOID    Pointer;
608 | 	};
609 | 	ULONG_PTR Information;
610 | } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
611 | 
612 | typedef struct _PEB {
613 | 	BOOLEAN InheritedAddressSpace; 
614 | 	BOOLEAN ReadImageFileExecOptions; 
615 | 	BOOLEAN BeingDebugged; 
616 | 	BOOLEAN Spare; 
617 | 	HANDLE Mutant; 
618 | 	PVOID ImageBaseAddress; 
619 | 	PPEB_LDR_DATA LoaderData; 
620 | 	PRTL_USER_PROCESS_PARAMETERS ProcessParameters; 
621 | 	PVOID SubSystemData; 
622 | 	PVOID ProcessHeap; 
623 | 	PVOID FastPebLock; 
624 | 	PPEBLOCKROUTINE FastPebLockRoutine; 
625 | 	PPEBLOCKROUTINE FastPebUnlockRoutine; 
626 | 	ULONG EnvironmentUpdateCount; 
627 | 	PPVOID KernelCallbackTable; 
628 | 	PVOID EventLogSection; 
629 | 	PVOID EventLog; 
630 | 	PPEB_FREE_BLOCK FreeList; 
631 | 	ULONG TlsExpansionCounter; 
632 | 	PVOID TlsBitmap; 
633 | 	ULONG TlsBitmapBits[0x2]; 
634 | 	PVOID ReadOnlySharedMemoryBase; 
635 | 	PVOID ReadOnlySharedMemoryHeap; 
636 | 	PPVOID ReadOnlyStaticServerData; 
637 | 	PVOID AnsiCodePageData; 
638 | 	PVOID OemCodePageData; 
639 | 	PVOID UnicodeCaseTableData; 
640 | 	ULONG NumberOfProcessors; 
641 | 	ULONG NtGlobalFlag; 
642 | 	BYTE Spare2[0x4]; 
643 | 	LARGE_INTEGER CriticalSectionTimeout; 
644 | 	ULONG HeapSegmentReserve; 
645 | 	ULONG HeapSegmentCommit; 
646 | 	ULONG HeapDeCommitTotalFreeThreshold; 
647 | 	ULONG HeapDeCommitFreeBlockThreshold; 
648 | 	ULONG NumberOfHeaps; 
649 | 	ULONG MaximumNumberOfHeaps; 
650 | 	PPVOID *ProcessHeaps; 
651 | 	PVOID GdiSharedHandleTable; 
652 | 	PVOID ProcessStarterHelper; 
653 | 	PVOID GdiDCAttributeList; 
654 | 	PVOID LoaderLock; 
655 | 	ULONG OSMajorVersion; 
656 | 	ULONG OSMinorVersion; 
657 | 	ULONG OSBuildNumber; 
658 | 	ULONG OSPlatformId; 
659 | 	ULONG ImageSubSystem; 
660 | 	ULONG ImageSubSystemMajorVersion; 
661 | 	ULONG ImageSubSystemMinorVersion; 
662 | 	ULONG GdiHandleBuffer[0x22]; 
663 | 	ULONG PostProcessInitRoutine; 
664 | 	ULONG TlsExpansionBitmap; 
665 | 	BYTE TlsExpansionBitmapBits[0x80]; 
666 | 	ULONG SessionId;
667 | } PEB, *PPEB;
668 | 
669 | typedef struct _TEB {
670 | 	NT_TIB Tib; 
671 | 	PVOID EnvironmentPointer; 
672 | 	CLIENT_ID Cid; 
673 | 	PVOID ActiveRpcInfo; 
674 | 	PVOID ThreadLocalStoragePointer; 
675 | 	PPEB Peb; ULONG LastErrorValue; 
676 | 	ULONG CountOfOwnedCriticalSections; 
677 | 	PVOID CsrClientThread; 
678 | 	PVOID Win32ThreadInfo; 
679 | 	ULONG Win32ClientInfo[0x1F]; 
680 | 	PVOID WOW32Reserved; 
681 | 	ULONG CurrentLocale; 
682 | 	ULONG FpSoftwareStatusRegister; 
683 | 	PVOID SystemReserved1[0x36]; 
684 | 	PVOID Spare1; 
685 | 	ULONG ExceptionCode; 
686 | 	ULONG SpareBytes1[0x28]; 
687 | 	PVOID SystemReserved2[0xA]; 
688 | 	ULONG GdiRgn; 
689 | 	ULONG GdiPen; 
690 | 	ULONG GdiBrush; 
691 | 	CLIENT_ID RealClientId; 
692 | 	PVOID GdiCachedProcessHandle; 
693 | 	ULONG GdiClientPID; 
694 | 	ULONG GdiClientTID; 
695 | 	PVOID GdiThreadLocaleInfo; 
696 | 	PVOID UserReserved[5]; 
697 | 	PVOID GlDispatchTable[0x118]; 
698 | 	ULONG GlReserved1[0x1A]; 
699 | 	PVOID GlReserved2; 
700 | 	PVOID GlSectionInfo; 
701 | 	PVOID GlSection; 
702 | 	PVOID GlTable; 
703 | 	PVOID GlCurrentRC; 
704 | 	PVOID GlContext; 
705 | 	NTSTATUS LastStatusValue; 
706 | 	UNICODE_STRING StaticUnicodeString; 
707 | 	WCHAR StaticUnicodeBuffer[0x105]; 
708 | 	PVOID DeallocationStack; 
709 | 	PVOID TlsSlots[0x40]; 
710 | 	LIST_ENTRY TlsLinks; 
711 | 	PVOID Vdm; 
712 | 	PVOID ReservedForNtRpc; 
713 | 	PVOID DbgSsReserved[0x2]; 
714 | 	ULONG HardErrorDisabled; 
715 | 	PVOID Instrumentation[0x10]; 
716 | 	PVOID WinSockData; 
717 | 	ULONG GdiBatchCount; 
718 | 	ULONG Spare2; 
719 | 	ULONG Spare3; 
720 | 	ULONG Spare4; 
721 | 	PVOID ReservedForOle; 
722 | 	ULONG WaitingOnLoaderLock; 
723 | 	PVOID StackCommit; 
724 | 	PVOID StackCommitMax; 
725 | 	PVOID StackReserved;
726 | } TEB, *PTEB;
727 | 
728 | typedef struct _STRING {
729 |   USHORT  Length;
730 |   USHORT  MaximumLength;
731 |   PCHAR  Buffer;
732 | } ANSI_STRING, *PANSI_STRING;
733 | 
734 | #define STATUS_SUCCESS                   ((NTSTATUS) 0x00000000)
735 | 
736 | typedef LONG    KPRIORITY;
737 | 
738 | 
739 | 
740 | #define TH32CS_SNAPHEAPLIST	0x1
741 | #define TH32CS_SNAPPROCESS	0x2
742 | #define TH32CS_SNAPTHREAD	0x4
743 | #define TH32CS_SNAPMODULE	0x8
744 | #define TH32CS_SNAPALL	(TH32CS_SNAPHEAPLIST|TH32CS_SNAPPROCESS|TH32CS_SNAPTHREAD|TH32CS_SNAPMODULE)
745 | #define TH32CS_INHERIT	0x80000000
746 | 
747 | struct snapshot
748 | {
749 |     int         process_count;
750 |     int         process_pos;
751 |     int         process_offset;
752 |     int         thread_count;
753 |     int         thread_pos;
754 |     int         thread_offset;
755 |     int         module_count;
756 |     int         module_pos;
757 |     int         module_offset;
758 |     char        data[1];
759 | };
760 | 
761 | #define MAX_MODULE_NAME32 255
762 | 
763 | typedef struct tagMODULEENTRY32W
764 | {
765 |     DWORD   dwSize;
766 |     DWORD   th32ModuleID;       // This module
767 |     DWORD   th32ProcessID;      // owning process
768 |     DWORD   GlblcntUsage;       // Global usage count on the module
769 |     DWORD   ProccntUsage;       // Module usage count in th32ProcessID's context
770 |     BYTE  * modBaseAddr;        // Base address of module in th32ProcessID's context
771 |     DWORD   modBaseSize;        // Size in bytes of module starting at modBaseAddr
772 |     HMODULE hModule;            // The hModule of this module in th32ProcessID's context
773 |     WCHAR   szModule[MAX_MODULE_NAME32 + 1];
774 |     WCHAR   szExePath[MAX_PATH];
775 | } MODULEENTRY32W;
776 | typedef MODULEENTRY32W *  PMODULEENTRY32W;
777 | typedef MODULEENTRY32W *  LPMODULEENTRY32W;
778 | 
779 | typedef unsigned long ULONG_PTR;
780 | 
781 | typedef struct tagPROCESSENTRY32W
782 | {
783 |     DWORD   dwSize;
784 |     DWORD   cntUsage;
785 |     DWORD   th32ProcessID;          // this process
786 |     ULONG_PTR th32DefaultHeapID;
787 |     DWORD   th32ModuleID;           // associated exe
788 |     DWORD   cntThreads;
789 |     DWORD   th32ParentProcessID;    // this process's parent process
790 |     LONG    pcPriClassBase;         // Base priority of process's threads
791 |     DWORD   dwFlags;
792 |     WCHAR   szExeFile[MAX_PATH];    // Path
793 | } PROCESSENTRY32W;
794 | typedef PROCESSENTRY32W *  PPROCESSENTRY32W;
795 | typedef PROCESSENTRY32W *  LPPROCESSENTRY32W;
796 | 
797 | typedef struct tagTHREADENTRY32
798 | {
799 |     DWORD   dwSize;
800 |     DWORD   cntUsage;
801 |     DWORD   th32ThreadID;       // this thread
802 |     DWORD   th32OwnerProcessID; // Process this thread is associated with
803 |     LONG    tpBasePri;
804 |     LONG    tpDeltaPri;
805 |     DWORD   dwFlags;
806 | } THREADENTRY32;
807 | typedef THREADENTRY32 *  PTHREADENTRY32;
808 | typedef THREADENTRY32 *  LPTHREADENTRY32;
809 | 
810 | typedef enum _SECTION_INHERIT {
811 |     ViewShare = 1,
812 |     ViewUnmap = 2
813 | } SECTION_INHERIT;
814 | 
815 | typedef struct _PROCESS_BASIC_INFORMATION {
816 |     PVOID Reserved1;
817 |     PPEB PebBaseAddress;
818 |     PVOID Reserved2[2];
819 |     ULONG_PTR UniqueProcessId;
820 |     PVOID Reserved3;
821 | } PROCESS_BASIC_INFORMATION;
822 | 
823 | #ifndef NT_SUCCESS
824 | #define NT_SUCCESS(x) ((x)>=0)
825 | #endif
826 | 
827 | typedef struct {
828 | 	PIMAGE_NT_HEADERS headers;
829 | 	unsigned char *codeBase;
830 | 	HMODULE *modules;
831 | 	int numModules;
832 | 	int initialized;
833 | } MEMORYMODULE, *PMEMORYMODULE;
834 | 
835 | #define GET_HEADER_DICTIONARY(module, idx)	&(module)->headers->OptionalHeader.DataDirectory[idx]
836 | 
837 | 	typedef enum _MEMORY_INFORMATION_CLASS
838 | 	{
839 | 		MemoryBasicInformation
840 | 
841 | 	} MEMORY_INFORMATION_CLASS, *PMEMORY_INFORMATION_CLASS;
842 | 
843 | 
844 | typedef struct tagPROCESSENTRY32
845 | {
846 |     DWORD   dwSize;
847 |     DWORD   cntUsage;
848 |     DWORD   th32ProcessID;          // this process
849 |     ULONG_PTR th32DefaultHeapID;
850 |     DWORD   th32ModuleID;           // associated exe
851 |     DWORD   cntThreads;
852 |     DWORD   th32ParentProcessID;    // this process's parent process
853 |     LONG    pcPriClassBase;         // Base priority of process's threads
854 |     DWORD   dwFlags;
855 |     CHAR    szExeFile[MAX_PATH];    // Path
856 | } PROCESSENTRY32;
857 | typedef PROCESSENTRY32 *  PPROCESSENTRY32;
858 | typedef PROCESSENTRY32 *  LPPROCESSENTRY32;
859 | 
860 | typedef struct tagMODULEENTRY32
861 | {
862 |     DWORD   dwSize;
863 |     DWORD   th32ModuleID;       // This module
864 |     DWORD   th32ProcessID;      // owning process
865 |     DWORD   GlblcntUsage;       // Global usage count on the module
866 |     DWORD   ProccntUsage;       // Module usage count in th32ProcessID's context
867 |     BYTE  * modBaseAddr;        // Base address of module in th32ProcessID's context
868 |     DWORD   modBaseSize;        // Size in bytes of module starting at modBaseAddr
869 |     HMODULE hModule;            // The hModule of this module in th32ProcessID's context
870 |     char    szModule[MAX_MODULE_NAME32 + 1];
871 |     char    szExePath[MAX_PATH];
872 | } MODULEENTRY32;
873 | typedef MODULEENTRY32 *  PMODULEENTRY32;
874 | typedef MODULEENTRY32 *  LPMODULEENTRY32;
875 | 
876 | 
877 | /* disposition for NtCreateFile */
878 | #define FILE_SUPERSEDE                  0
879 | #define FILE_OPEN                       1
880 | #define FILE_CREATE                     2
881 | #define FILE_OPEN_IF                    3
882 | #define FILE_OVERWRITE                  4
883 | #define FILE_OVERWRITE_IF               5
884 | #define FILE_MAXIMUM_DISPOSITION        5
885 | 
886 | /* flags for NtCreateFile and NtOpenFile */
887 | #define FILE_DIRECTORY_FILE             0x00000001
888 | #define FILE_WRITE_THROUGH              0x00000002
889 | #define FILE_SEQUENTIAL_ONLY            0x00000004
890 | #define FILE_NO_INTERMEDIATE_BUFFERING  0x00000008
891 | #define FILE_SYNCHRONOUS_IO_ALERT       0x00000010
892 | #define FILE_SYNCHRONOUS_IO_NONALERT    0x00000020
893 | #define FILE_NON_DIRECTORY_FILE         0x00000040
894 | #define FILE_CREATE_TREE_CONNECTION     0x00000080
895 | #define FILE_COMPLETE_IF_OPLOCKED       0x00000100
896 | #define FILE_NO_EA_KNOWLEDGE            0x00000200
897 | #define FILE_OPEN_FOR_RECOVERY          0x00000400
898 | #define FILE_RANDOM_ACCESS              0x00000800
899 | #define FILE_DELETE_ON_CLOSE            0x00001000
900 | #define FILE_OPEN_BY_FILE_ID            0x00002000
901 | #define FILE_OPEN_FOR_BACKUP_INTENT     0x00004000
902 | #define FILE_NO_COMPRESSION             0x00008000
903 | #define FILE_RESERVE_OPFILTER           0x00100000
904 | #define FILE_TRANSACTED_MODE            0x00200000
905 | #define FILE_OPEN_OFFLINE_FILE          0x00400000
906 | #define FILE_OPEN_FOR_FREE_SPACE_QUERY  0x00800000


--------------------------------------------------------------------------------
/SecureWinApi/SecureWinApi/SecureWinApi.h:
--------------------------------------------------------------------------------
   1 | #ifndef DirectSysCall_h_INC
   2 | #define DirectSysCall_h_INC
   3 | 
   4 | #include <windows.h>
   5 | #include <intrin.h>
   6 | #include "StructDefine.h"
   7 | #include "WinApiDefine.h"
   8 | 
   9 | #if !defined(_M_IX86) && !defined(_M_X64)
  10 | #error Unsupported platform.
  11 | #endif
  12 | 
  13 | namespace WinNtApi
  14 | {
  15 | 	HMODULE OriginalNtdllHanlde();
  16 | 	HMODULE NtdllModuleHandle();
  17 | 
  18 | 	PTEB NtCurrentTeb();
  19 | 
  20 | 	NTSTATUS WINAPI LdrLoadDll(
  21 | 		LPCWSTR path_name,
  22 | 		DWORD flags,
  23 | 		const UNICODE_STRING* libname, HMODULE* phModule);
  24 | 
  25 | 	NTSTATUS WINAPI LdrGetProcedureAddress(
  26 | 		HMODULE module, 
  27 | 		const ANSI_STRING *name,
  28 | 		ULONG ord, 
  29 | 		PVOID *address);
  30 | 
  31 | 	NTSTATUS WINAPI NtAcceptConnectPort(
  32 | 		PHANDLE PortHandle,
  33 | 		ULONG PortIdentifier,
  34 | 		PVOID Message,
  35 | 		BOOLEAN Accept,
  36 | 		PVOID ServerView,
  37 | 		PVOID ClientView);
  38 | 
  39 | 	NTSTATUS WINAPI NtAccessCheck(
  40 | 		PSECURITY_DESCRIPTOR SecurityDescriptor,
  41 | 		HANDLE TokenHandle,
  42 | 		ACCESS_MASK DesiredAccess,
  43 | 		PGENERIC_MAPPING GenericMapping,
  44 | 		PPRIVILEGE_SET PrivilegeSet,
  45 | 		PULONG PrivilegeSetLength,
  46 | 		PULONG GrantedAccess,
  47 | 		NTSTATUS* AccessStatus);
  48 | 
  49 | 	NTSTATUS WINAPI NtAccessCheckAndAuditAlarm(
  50 | 		PUNICODE_STRING SubsystemName,
  51 | 		HANDLE HandleId,
  52 | 		PUNICODE_STRING ObjectTypeName,
  53 | 		PUNICODE_STRING ObjectName,
  54 | 		PSECURITY_DESCRIPTOR SecurityDescriptor,
  55 | 		ACCESS_MASK DesiredAccess,
  56 | 		PGENERIC_MAPPING GenericMapping,
  57 | 		BOOLEAN ObjectCreation,
  58 | 		PACCESS_MASK GrantedAccess,
  59 | 		PBOOLEAN AccessStatus,
  60 | 		PBOOLEAN GenerateOnClose);
  61 | 
  62 | 	NTSTATUS WINAPI NtAddAtom(
  63 | 		const WCHAR* String,
  64 | 		ULONG StringLength,
  65 | 		PVOID Atom);
  66 | 
  67 | 	NTSTATUS WINAPI NtAdjustGroupsToken(
  68 | 		HANDLE TokenHandle,
  69 | 		BOOLEAN ResetToDefault,
  70 | 		PTOKEN_GROUPS NewState,
  71 | 		ULONG BufferLength,
  72 | 		PTOKEN_GROUPS PreviousState,
  73 | 		PULONG ReturnLength);
  74 | 
  75 | 	NTSTATUS WINAPI NtAdjustPrivilegesToken(
  76 | 		HANDLE TokenHandle,
  77 | 		BOOLEAN DisableAllPrivileges,
  78 | 		PTOKEN_PRIVILEGES NewState,
  79 | 		DWORD BufferLength,
  80 | 		PTOKEN_PRIVILEGES PreviousState,
  81 | 		PDWORD ReturnLength);
  82 | 
  83 | 	NTSTATUS WINAPI NtAlertResumeThread(
  84 | 		HANDLE ThreadHandle,
  85 | 		PULONG PreviousSuspendCount);
  86 | 
  87 | 	NTSTATUS WINAPI NtAlertThread(
  88 | 		HANDLE ThreadHandle);
  89 | 
  90 | 	NTSTATUS WINAPI NtAllocateLocallyUniqueId(
  91 | 		PLUID Luid);
  92 | 
  93 | 	NTSTATUS WINAPI NtAllocateVirtualMemory(
  94 | 		HANDLE ProcessHandle,
  95 | 		PVOID* BaseAddress,
  96 | 		ULONG ZeroBits,
  97 | 		SIZE_T* AllocationSize,
  98 | 		ULONG AllocationType,
  99 | 		ULONG Protect);
 100 | 
 101 | 	NTSTATUS WINAPI NtCallbackReturn(
 102 | 		PVOID Result,
 103 | 		ULONG ResultLength,
 104 | 		NTSTATUS Status);
 105 | 
 106 | 	NTSTATUS WINAPI NtCancelIoFile(
 107 | 		HANDLE FileHandle,
 108 | 		PIO_STATUS_BLOCK IoStatusBlock);
 109 | 
 110 | 	NTSTATUS WINAPI NtCancelTimer(
 111 | 		HANDLE TimerHandle,
 112 | 		BOOLEAN* PreviousState);
 113 | 
 114 | 	NTSTATUS WINAPI NtClearEvent(
 115 | 		HANDLE EventHandle);
 116 | 
 117 | 	NTSTATUS WINAPI NtClose(
 118 | 		HANDLE Handle);
 119 | 
 120 | 	NTSTATUS WINAPI NtCloseObjectAuditAlarm(
 121 | 		PUNICODE_STRING SubsystemName,
 122 | 		HANDLE Id,
 123 | 		BOOLEAN GenerateOnClose);
 124 | 
 125 | 	NTSTATUS WINAPI NtCompleteConnectPort(
 126 | 		HANDLE PortHandle);
 127 | 
 128 | 	NTSTATUS WINAPI NtConnectPort(
 129 | 		PHANDLE PortHandle,
 130 | 		PUNICODE_STRING PortName,
 131 | 		PSECURITY_QUALITY_OF_SERVICE SecurityQos,
 132 | 		PVOID ClientView,
 133 | 		PVOID ServerView,
 134 | 		PULONG MaxMessageLength,
 135 | 		PVOID ConnectInformation,
 136 | 		PULONG ConnectInformationLength);
 137 | 
 138 | 	NTSTATUS WINAPI NtContinue(
 139 | 		PCONTEXT Context,
 140 | 		BOOLEAN TestAlert);
 141 | 
 142 | 	NTSTATUS WINAPI NtCreateDirectoryObject(
 143 | 		PHANDLE DirectoryHandle,
 144 | 		ACCESS_MASK DesiredAccess,
 145 | 		POBJECT_ATTRIBUTES ObjectAttributes);
 146 | 
 147 | 	NTSTATUS WINAPI NtCreateEvent(
 148 | 		PHANDLE EventHandle,
 149 | 		ACCESS_MASK DesiredAccess,
 150 | 		const OBJECT_ATTRIBUTES* ObjectAttributes,
 151 | 		PVOID EventType,
 152 | 		BOOLEAN InitialState);
 153 | 
 154 | 	NTSTATUS WINAPI NtCreateEventPair(
 155 | 		PHANDLE EventPairHandle,
 156 | 		ACCESS_MASK DesiredAccess,
 157 | 		POBJECT_ATTRIBUTES ObjectAttributes);
 158 | 
 159 | 	NTSTATUS WINAPI NtCreateFile(
 160 | 		PHANDLE FileHandle,
 161 | 		ACCESS_MASK DesiredAccess,
 162 | 		POBJECT_ATTRIBUTES ObjectAttributes,
 163 | 		PIO_STATUS_BLOCK IoStatusBlock,
 164 | 		PLARGE_INTEGER AllocationSize,
 165 | 		ULONG FileAttributes,
 166 | 		ULONG ShareAccess,
 167 | 		ULONG CreateDisposition,
 168 | 		ULONG CreateOptions,
 169 | 		PVOID EaBuffer,
 170 | 		ULONG EaLength);
 171 | 
 172 | 	NTSTATUS WINAPI NtCreateIoCompletion(
 173 | 		PHANDLE IoCompletionHandle,
 174 | 		ACCESS_MASK DesiredAccess,
 175 | 		POBJECT_ATTRIBUTES ObjectAttributes,
 176 | 		ULONG NumberOfConcurrentThreads);
 177 | 
 178 | 	NTSTATUS WINAPI NtCreateKey(
 179 | 		PHANDLE KeyHandle,
 180 | 		ACCESS_MASK DesiredAccess,
 181 | 		const OBJECT_ATTRIBUTES* ObjectAttributes,
 182 | 		ULONG TitleIndex,
 183 | 		const UNICODE_STRING* Class,
 184 | 		ULONG CreateOptions,
 185 | 		PULONG Disposition);
 186 | 
 187 | 	NTSTATUS WINAPI NtCreateMailslotFile(
 188 | 		PHANDLE FileHandle,
 189 | 		ACCESS_MASK DesiredAccess,
 190 | 		POBJECT_ATTRIBUTES ObjectAttributes,
 191 | 		PIO_STATUS_BLOCK IoStatusBlock,
 192 | 		ULONG CreateOptions,
 193 | 		ULONG InBufferSize,
 194 | 		ULONG MaxMessageSize,
 195 | 		PLARGE_INTEGER ReadTime);
 196 | 
 197 | 	NTSTATUS WINAPI NtCreateMutant(
 198 | 		HANDLE* MutantHandle,
 199 | 		ACCESS_MASK DesiredAccess,
 200 | 		const OBJECT_ATTRIBUTES* ObjectAttributes,
 201 | 		BOOLEAN InitialOwner);
 202 | 
 203 | 	NTSTATUS WINAPI NtCreateNamedPipeFile(
 204 | 		PHANDLE FileHandle,
 205 | 		ULONG DesiredAccess,
 206 | 		POBJECT_ATTRIBUTES ObjectAttributes,
 207 | 		PIO_STATUS_BLOCK IoStatusBlock,
 208 | 		ULONG ShareAccess,
 209 | 		ULONG CreateDisposition,
 210 | 		ULONG CreateOptions,
 211 | 		ULONG TypeMessage,
 212 | 		ULONG ReadmodeMessage,
 213 | 		ULONG Nonblocking,
 214 | 		ULONG MaxInstances,
 215 | 		ULONG InBufferSize,
 216 | 		ULONG OutBufferSize,
 217 | 		PLARGE_INTEGER DefaultTime);
 218 | 
 219 | 	NTSTATUS WINAPI NtCreatePagingFile(
 220 | 		PUNICODE_STRING FileName,
 221 | 		PLARGE_INTEGER InitialSize,
 222 | 		PLARGE_INTEGER MaximumSize,
 223 | 		PLARGE_INTEGER Priority);
 224 | 
 225 | 	NTSTATUS WINAPI NtCreatePort(
 226 | 		PHANDLE PortHandle,
 227 | 		POBJECT_ATTRIBUTES ObjectAttributes,
 228 | 		ULONG MaxConnectionInfoLength,
 229 | 		ULONG MaxMessageLength,
 230 | 		PULONG MaxPoolUsage);
 231 | 
 232 | 	NTSTATUS WINAPI NtCreateProcess(
 233 | 		PHANDLE ProcessHandle,
 234 | 		ACCESS_MASK DesiredAccess,
 235 | 		POBJECT_ATTRIBUTES ObjectAttributes,
 236 | 		HANDLE InheritFromProcessHandle,
 237 | 		BOOLEAN InheritHandles,
 238 | 		HANDLE SectionHandle,
 239 | 		HANDLE DebugPort,
 240 | 		HANDLE ExceptionPort);
 241 | 
 242 | 	NTSTATUS WINAPI NtCreateProfile(
 243 | 		PHANDLE ProfileHandle,
 244 | 		HANDLE ProcessHandle,
 245 | 		PVOID Base,
 246 | 		ULONG Size,
 247 | 		ULONG BucketShift,
 248 | 		PVOID Buffer,
 249 | 		ULONG BufferLength,
 250 | 		PVOID Source,
 251 | 		KAFFINITY ProcessorMask);
 252 | 
 253 | 	NTSTATUS WINAPI NtCreateSection(
 254 | 		HANDLE* SectionHandle,
 255 | 		ACCESS_MASK DesiredAccess,
 256 | 		const OBJECT_ATTRIBUTES* ObjectAttributes,
 257 | 		const LARGE_INTEGER* SectionSize,
 258 | 		ULONG Protect,
 259 | 		ULONG Attributes,
 260 | 		HANDLE FileHandle);
 261 | 
 262 | 	NTSTATUS WINAPI NtCreateSemaphore(
 263 | 		PHANDLE SemaphoreHandle,
 264 | 		ACCESS_MASK DesiredAccess,
 265 | 		const OBJECT_ATTRIBUTES* ObjectAttributes,
 266 | 		LONG InitialCount,
 267 | 		LONG MaximumCount);
 268 | 
 269 | 	NTSTATUS WINAPI NtCreateSymbolicLinkObject(
 270 | 		PHANDLE SymbolicLinkHandle,
 271 | 		ACCESS_MASK DesiredAccess,
 272 | 		POBJECT_ATTRIBUTES ObjectAttributes,
 273 | 		PUNICODE_STRING TargetName);
 274 | 
 275 | 	NTSTATUS WINAPI NtCreateThread(
 276 | 		PHANDLE ThreadHandle,
 277 | 		ACCESS_MASK DesiredAccess,
 278 | 		POBJECT_ATTRIBUTES ObjectAttributes,
 279 | 		HANDLE ProcessHandle,
 280 | 		PCLIENT_ID ClientId,
 281 | 		PCONTEXT ThreadContext,
 282 | 		PVOID UserStack,
 283 | 		BOOLEAN CreateSuspended);
 284 | 
 285 | 	NTSTATUS WINAPI NtCreateTimer(
 286 | 		HANDLE* TimerHandle,
 287 | 		ACCESS_MASK DesiredAccess,
 288 | 		const OBJECT_ATTRIBUTES* ObjectAttributes,
 289 | 		PVOID TimerType);
 290 | 
 291 | 	NTSTATUS WINAPI NtCreateToken(
 292 | 		PHANDLE TokenHandle,
 293 | 		ACCESS_MASK DesiredAccess,
 294 | 		POBJECT_ATTRIBUTES ObjectAttributes,
 295 | 		TOKEN_TYPE Type,
 296 | 		PLUID AuthenticationId,
 297 | 		PLARGE_INTEGER ExpirationTime,
 298 | 		PTOKEN_USER User,
 299 | 		PTOKEN_GROUPS Groups,
 300 | 		PTOKEN_PRIVILEGES Privileges,
 301 | 		PTOKEN_OWNER Owner,
 302 | 		PTOKEN_PRIMARY_GROUP PrimaryGroup,
 303 | 		PTOKEN_DEFAULT_DACL DefaultDacl,
 304 | 		PTOKEN_SOURCE Source);
 305 | 
 306 | 	NTSTATUS WINAPI NtDelayExecution(
 307 | 		BOOLEAN Alertable,
 308 | 		const LARGE_INTEGER* Interval);
 309 | 
 310 | 	NTSTATUS WINAPI NtDeleteAtom(
 311 | 		PVOID Atom);
 312 | 
 313 | 	NTSTATUS WINAPI NtDeleteFile(
 314 | 		POBJECT_ATTRIBUTES ObjectAttributes);
 315 | 
 316 | 	NTSTATUS WINAPI NtDeleteKey(
 317 | 		HANDLE KeyHandle);
 318 | 
 319 | 	NTSTATUS WINAPI NtDeleteValueKey(
 320 | 		HANDLE KeyHandle,
 321 | 		const UNICODE_STRING* ValueName);
 322 | 
 323 | 	NTSTATUS WINAPI NtDeviceIoControlFile(
 324 | 		HANDLE FileHandle,
 325 | 		HANDLE Event,
 326 | 		PVOID ApcRoutine,
 327 | 		PVOID ApcContext,
 328 | 		PIO_STATUS_BLOCK IoStatusBlock,
 329 | 		ULONG IoControlCode,
 330 | 		PVOID InputBuffer,
 331 | 		ULONG InputBufferLength,
 332 | 		PVOID OutputBuffer,
 333 | 		ULONG OutputBufferLength);
 334 | 
 335 | 	NTSTATUS WINAPI NtDisplayString(
 336 | 		PUNICODE_STRING String);
 337 | 
 338 | 	NTSTATUS WINAPI NtDuplicateObject(
 339 | 		HANDLE SourceProcessHandle,
 340 | 		HANDLE SourceHandle,
 341 | 		HANDLE TargetProcessHandle,
 342 | 		PHANDLE TargetHandle,
 343 | 		ACCESS_MASK DesiredAccess,
 344 | 		ULONG Attributes,
 345 | 		ULONG Options);
 346 | 
 347 | 	NTSTATUS WINAPI NtDuplicateToken(
 348 | 		HANDLE ExistingTokenHandle,
 349 | 		ACCESS_MASK DesiredAccess,
 350 | 		POBJECT_ATTRIBUTES ObjectAttributes,
 351 | 		SECURITY_IMPERSONATION_LEVEL EffectiveOnly,
 352 | 		TOKEN_TYPE TokenType,
 353 | 		PHANDLE NewTokenHandle);
 354 | 
 355 | 	NTSTATUS WINAPI NtEnumerateKey(
 356 | 		HANDLE KeyHandle,
 357 | 		ULONG Index,
 358 | 		PVOID KeyInformationClass,
 359 | 		void* KeyInformation,
 360 | 		DWORD KeyInformationLength,
 361 | 		DWORD* ResultLength);
 362 | 
 363 | 	NTSTATUS WINAPI NtEnumerateValueKey(
 364 | 		HANDLE KeyHandle,
 365 | 		ULONG Index,
 366 | 		PVOID KeyValueInformationClass,
 367 | 		PVOID KeyValueInformation,
 368 | 		ULONG KeyValueInformationLength,
 369 | 		PULONG ResultLength);
 370 | 
 371 | 	NTSTATUS WINAPI NtExtendSection(
 372 | 		HANDLE SectionHandle,
 373 | 		PLARGE_INTEGER SectionSize);
 374 | 
 375 | 	NTSTATUS WINAPI NtFindAtom(
 376 | 		const WCHAR* String,
 377 | 		ULONG StringLength,
 378 | 		PVOID* Atom);
 379 | 
 380 | 	NTSTATUS WINAPI NtFlushBuffersFile(
 381 | 		HANDLE FileHandle,
 382 | 		PIO_STATUS_BLOCK IoStatusBlock);
 383 | 
 384 | 	NTSTATUS WINAPI NtFlushInstructionCache(
 385 | 		HANDLE ProcessHandle,
 386 | 		LPCVOID BaseAddress,
 387 | 		SIZE_T FlushSize);
 388 | 
 389 | 	NTSTATUS WINAPI NtFlushKey(
 390 | 		HANDLE KeyHandle);
 391 | 
 392 | 	NTSTATUS WINAPI NtFlushVirtualMemory(
 393 | 		HANDLE ProcessHandle,
 394 | 		LPCVOID* BaseAddress,
 395 | 		SIZE_T* FlushSize,
 396 | 		ULONG IoStatusBlock);
 397 | 
 398 | 	NTSTATUS WINAPI NtFlushWriteBuffer();
 399 | 
 400 | 	NTSTATUS WINAPI NtFreeVirtualMemory(
 401 | 		HANDLE ProcessHandle,
 402 | 		PVOID* BaseAddress,
 403 | 		SIZE_T* FreeSize,
 404 | 		ULONG FreeType);
 405 | 
 406 | 	NTSTATUS WINAPI NtFsControlFile(
 407 | 		HANDLE FileHandle,
 408 | 		HANDLE Event,
 409 | 		PVOID ApcRoutine,
 410 | 		PVOID ApcContext,
 411 | 		PIO_STATUS_BLOCK IoStatusBlock,
 412 | 		ULONG FsControlCode,
 413 | 		PVOID InputBuffer,
 414 | 		ULONG InputBufferLength,
 415 | 		PVOID OutputBuffer,
 416 | 		ULONG OutputBufferLength);
 417 | 
 418 | 	NTSTATUS WINAPI NtGetContextThread(
 419 | 		HANDLE ThreadHandle,
 420 | 		CONTEXT* Context);
 421 | 
 422 | 	NTSTATUS WINAPI NtGetPlugPlayEvent(
 423 | 		ULONG Reserved1,
 424 | 		ULONG Reserved2,
 425 | 		PVOID Buffer,
 426 | 		ULONG BufferLength);
 427 | 
 428 | 	NTSTATUS WINAPI NtImpersonateClientOfPort(
 429 | 		HANDLE PortHandle,
 430 | 		PVOID Message);
 431 | 
 432 | 	NTSTATUS WINAPI NtImpersonateThread(
 433 | 		HANDLE ThreadHandle,
 434 | 		HANDLE TargetThreadHandle,
 435 | 		PSECURITY_QUALITY_OF_SERVICE SecurityQos);
 436 | 
 437 | 	NTSTATUS WINAPI NtInitializeRegistry(
 438 | 		BOOLEAN Setup);
 439 | 
 440 | 	NTSTATUS WINAPI NtListenPort(
 441 | 		HANDLE PortHandle,
 442 | 		PVOID Message);
 443 | 
 444 | 	NTSTATUS WINAPI NtLoadDriver(
 445 | 		const UNICODE_STRING* DriverServiceName);
 446 | 
 447 | 	NTSTATUS WINAPI NtLoadKey(
 448 | 		const OBJECT_ATTRIBUTES* KeyObjectAttributes,
 449 | 		OBJECT_ATTRIBUTES* FileObjectAttributes);
 450 | 
 451 | 	NTSTATUS WINAPI NtLockFile(
 452 | 		HANDLE FileHandle,
 453 | 		HANDLE Event,
 454 | 		PVOID ApcRoutine,
 455 | 		void* ApcContext,
 456 | 		PIO_STATUS_BLOCK IoStatusBlock,
 457 | 		PLARGE_INTEGER LockOffset,
 458 | 		PLARGE_INTEGER LockLength,
 459 | 		ULONG* Key,
 460 | 		BOOLEAN FailImmediately,
 461 | 		BOOLEAN ExclusiveLock);
 462 | 
 463 | 	NTSTATUS WINAPI NtLockVirtualMemory(
 464 | 		HANDLE ProcessHandle,
 465 | 		PVOID* BaseAddress,
 466 | 		SIZE_T* LockSize,
 467 | 		ULONG LockType);
 468 | 
 469 | 	NTSTATUS WINAPI NtMapViewOfSection(
 470 | 		HANDLE SectionHandle,
 471 | 		HANDLE ProcessHandle,
 472 | 		PVOID* BaseAddress,
 473 | 		ULONG ZeroBits,
 474 | 		SIZE_T CommitSize,
 475 | 		const LARGE_INTEGER* SectionOffset,
 476 | 		SIZE_T* ViewSize,
 477 | 		SECTION_INHERIT InheritDisposition,
 478 | 		ULONG AllocationType,
 479 | 		ULONG Protect);
 480 | 
 481 | 	NTSTATUS WINAPI NtNotifyChangeDirectoryFile(
 482 | 		HANDLE FileHandle,
 483 | 		HANDLE Event,
 484 | 		PVOID ApcRoutine,
 485 | 		PVOID ApcContext,
 486 | 		PIO_STATUS_BLOCK IoStatusBlock,
 487 | 		PVOID Buffer,
 488 | 		ULONG BufferLength,
 489 | 		ULONG NotifyFilter,
 490 | 		BOOLEAN WatchSubtree);
 491 | 
 492 | 	NTSTATUS WINAPI NtNotifyChangeKey(
 493 | 		HANDLE KeyHandle,
 494 | 		HANDLE EventHandle,
 495 | 		PVOID ApcRoutine,
 496 | 		PVOID ApcContext,
 497 | 		PIO_STATUS_BLOCK IoStatusBlock,
 498 | 		ULONG NotifyFilter,
 499 | 		BOOLEAN WatchSubtree,
 500 | 		PVOID Buffer,
 501 | 		ULONG BufferLength,
 502 | 		BOOLEAN Asynchronous);
 503 | 
 504 | 	NTSTATUS WINAPI NtOpenDirectoryObject(
 505 | 		PHANDLE DirectoryHandle,
 506 | 		ACCESS_MASK DesiredAccess,
 507 | 		POBJECT_ATTRIBUTES ObjectAttributes);
 508 | 
 509 | 	NTSTATUS WINAPI NtOpenEvent(
 510 | 		PHANDLE EventHandle,
 511 | 		ACCESS_MASK DesiredAccess,
 512 | 		const OBJECT_ATTRIBUTES* ObjectAttributes);
 513 | 
 514 | 	NTSTATUS WINAPI NtOpenEventPair(
 515 | 		PHANDLE EventPairHandle,
 516 | 		ACCESS_MASK DesiredAccess,
 517 | 		POBJECT_ATTRIBUTES ObjectAttributes);
 518 | 
 519 | 	NTSTATUS WINAPI NtOpenFile(
 520 | 		PHANDLE FileHandle,
 521 | 		ACCESS_MASK DesiredAccess,
 522 | 		POBJECT_ATTRIBUTES ObjectAttributes,
 523 | 		PIO_STATUS_BLOCK IoStatusBlock,
 524 | 		ULONG ShareAccess,
 525 | 		ULONG OpenOptions);
 526 | 
 527 | 	NTSTATUS WINAPI NtOpenIoCompletion(
 528 | 		PHANDLE IoCompletionHandle,
 529 | 		ACCESS_MASK DesiredAccess,
 530 | 		POBJECT_ATTRIBUTES ObjectAttributes);
 531 | 
 532 | 	NTSTATUS WINAPI NtOpenKey(
 533 | 		PHANDLE KeyHandle,
 534 | 		ACCESS_MASK DesiredAccess,
 535 | 		const OBJECT_ATTRIBUTES* ObjectAttributes);
 536 | 
 537 | 	NTSTATUS WINAPI NtOpenMutant(
 538 | 		PHANDLE MutantHandle,
 539 | 		ACCESS_MASK DesiredAccess,
 540 | 		const OBJECT_ATTRIBUTES* ObjectAttributes);
 541 | 
 542 | 	NTSTATUS WINAPI NtOpenObjectAuditAlarm(
 543 | 		PUNICODE_STRING SubsystemName,
 544 | 		PHANDLE HandleId,
 545 | 		PUNICODE_STRING ObjectTypeName,
 546 | 		PUNICODE_STRING ObjectName,
 547 | 		PSECURITY_DESCRIPTOR SecurityDescriptor,
 548 | 		HANDLE TokenHandle,
 549 | 		ACCESS_MASK DesiredAccess,
 550 | 		ACCESS_MASK GrantedAccess,
 551 | 		PPRIVILEGE_SET Privileges,
 552 | 		BOOLEAN ObjectCreation,
 553 | 		BOOLEAN AccessGranted,
 554 | 		PBOOLEAN GenerateOnClose);
 555 | 
 556 | 	NTSTATUS WINAPI NtOpenProcess(
 557 | 		PHANDLE ProcessHandle,
 558 | 		ACCESS_MASK DesiredAccess,
 559 | 		const OBJECT_ATTRIBUTES* ObjectAttributes,
 560 | 		const CLIENT_ID* ClientId);
 561 | 
 562 | 	NTSTATUS WINAPI NtOpenProcessToken(
 563 | 		HANDLE ProcessHandle,
 564 | 		DWORD DesiredAccess,
 565 | 		HANDLE* TokenHandle);
 566 | 
 567 | 	NTSTATUS WINAPI NtOpenSection(
 568 | 		HANDLE* SectionHandle,
 569 | 		ACCESS_MASK DesiredAccess,
 570 | 		const OBJECT_ATTRIBUTES* ObjectAttributes);
 571 | 
 572 | 	NTSTATUS WINAPI NtOpenSemaphore(
 573 | 		PHANDLE SemaphoreHandle,
 574 | 		ACCESS_MASK DesiredAccess,
 575 | 		const OBJECT_ATTRIBUTES* ObjectAttributes);
 576 | 
 577 | 	NTSTATUS WINAPI NtOpenSymbolicLinkObject(
 578 | 		PHANDLE SymbolicLinkHandle,
 579 | 		ACCESS_MASK DesiredAccess,
 580 | 		POBJECT_ATTRIBUTES ObjectAttributes);
 581 | 
 582 | 	NTSTATUS WINAPI NtOpenThread(
 583 | 		HANDLE* ThreadHandle,
 584 | 		ACCESS_MASK DesiredAccess,
 585 | 		const OBJECT_ATTRIBUTES* ObjectAttributes,
 586 | 		const CLIENT_ID* ClientId);
 587 | 
 588 | 	NTSTATUS WINAPI NtOpenThreadToken(
 589 | 		HANDLE ThreadHandle,
 590 | 		DWORD DesiredAccess,
 591 | 		BOOLEAN OpenAsSelf,
 592 | 		HANDLE* TokenHandle);
 593 | 
 594 | 	NTSTATUS WINAPI NtOpenTimer(
 595 | 		HANDLE* TimerHandle,
 596 | 		ACCESS_MASK DesiredAccess,
 597 | 		const OBJECT_ATTRIBUTES* ObjectAttributes);
 598 | 
 599 | 	NTSTATUS WINAPI NtPrivilegeCheck(
 600 | 		HANDLE TokenHandle,
 601 | 		PPRIVILEGE_SET RequiredPrivileges,
 602 | 		PBOOLEAN Result);
 603 | 
 604 | 	NTSTATUS WINAPI NtPrivilegeObjectAuditAlarm(
 605 | 		PUNICODE_STRING SubsystemName,
 606 | 		HANDLE Id,
 607 | 		HANDLE TokenHandle,
 608 | 		ULONG DesiredAccess,
 609 | 		PPRIVILEGE_SET Privileges,
 610 | 		BOOLEAN AccessGranted);
 611 | 
 612 | 	NTSTATUS WINAPI NtPrivilegedServiceAuditAlarm(
 613 | 		PUNICODE_STRING SubsystemName,
 614 | 		PUNICODE_STRING ServiceName,
 615 | 		HANDLE TokenHandle,
 616 | 		PPRIVILEGE_SET Privileges,
 617 | 		BOOLEAN AccessGranted);
 618 | 
 619 | 	NTSTATUS WINAPI NtProtectVirtualMemory(
 620 | 		HANDLE ProcessHandle,
 621 | 		PVOID* BaseAddress,
 622 | 		PULONG ProtectSize,
 623 | 		ULONG NewProtect,
 624 | 		PULONG OldProtect);
 625 | 
 626 | 	NTSTATUS WINAPI NtPulseEvent(
 627 | 		HANDLE EventHandle,
 628 | 		PULONG PreviousState);
 629 | 
 630 | 	NTSTATUS WINAPI NtQueryAttributesFile(
 631 | 		const OBJECT_ATTRIBUTES* ObjectAttributes,
 632 | 		PVOID FileInformation);
 633 | 
 634 | 	NTSTATUS WINAPI NtQueryDefaultLocale(
 635 | 		BOOLEAN ThreadOrSystem,
 636 | 		LCID* Locale);
 637 | 
 638 | 	NTSTATUS WINAPI NtQueryDirectoryFile(
 639 | 		HANDLE FileHandle,
 640 | 		HANDLE Event,
 641 | 		PVOID ApcRoutine,
 642 | 		PVOID ApcContext,
 643 | 		PIO_STATUS_BLOCK IoStatusBlock,
 644 | 		PVOID FileInformation,
 645 | 		ULONG FileInformationLength,
 646 | 		PVOID FileInformationClass,
 647 | 		BOOLEAN ReturnSingleEntry,
 648 | 		PUNICODE_STRING FileName,
 649 | 		BOOLEAN RestartScan);
 650 | 
 651 | 	NTSTATUS WINAPI NtQueryDirectoryObject(
 652 | 		HANDLE DirectoryHandle,
 653 | 		PVOID Buffer,
 654 | 		ULONG BufferLength,
 655 | 		BOOLEAN ReturnSingleEntry,
 656 | 		BOOLEAN RestartScan,
 657 | 		PULONG Context,
 658 | 		PULONG ReturnLength);
 659 | 
 660 | 	NTSTATUS WINAPI NtQueryEaFile(
 661 | 		HANDLE FileHandle,
 662 | 		PIO_STATUS_BLOCK IoStatusBlock,
 663 | 		PVOID Buffer,
 664 | 		ULONG BufferLength,
 665 | 		BOOLEAN ReturnSingleEntry,
 666 | 		PVOID EaList,
 667 | 		ULONG EaListLength,
 668 | 		PULONG EaIndex,
 669 | 		BOOLEAN RestartScan);
 670 | 
 671 | 	NTSTATUS WINAPI NtQueryEvent(
 672 | 		HANDLE EventHandle,
 673 | 		PVOID EventInformationClass,
 674 | 		PVOID EventInformation,
 675 | 		ULONG EventInformationLength,
 676 | 		PULONG ResultLength);
 677 | 
 678 | 	NTSTATUS WINAPI NtQueryFullAttributesFile(
 679 | 		const OBJECT_ATTRIBUTES* ObjectAttributes,
 680 | 		PVOID FileInformation);
 681 | 
 682 | 	NTSTATUS WINAPI NtQueryInformationAtom(
 683 | 		PVOID Atom,
 684 | 		PVOID AtomInformationClass,
 685 | 		PVOID AtomInformation,
 686 | 		ULONG AtomInformationLength,
 687 | 		ULONG* ReturnLength);
 688 | 
 689 | 	NTSTATUS WINAPI NtQueryInformationFile(
 690 | 		HANDLE FileHandle,
 691 | 		PIO_STATUS_BLOCK IoStatusBlock,
 692 | 		PVOID FileInformation,
 693 | 		LONG FileInformationLength,
 694 | 		PVOID FileInformationClass);
 695 | 
 696 | 	NTSTATUS WINAPI NtQueryInformationPort(
 697 | 		HANDLE PortHandle,
 698 | 		PVOID PortInformationClass,
 699 | 		PVOID PortInformation,
 700 | 		ULONG PortInformationLength,
 701 | 		PULONG ReturnLength);
 702 | 
 703 | 	NTSTATUS WINAPI NtQueryInformationProcess(
 704 | 		HANDLE ProcessHandle,
 705 | 		PVOID ProcessInformationClass,
 706 | 		PVOID ProcessInformation,
 707 | 		ULONG ProcessInformationLength,
 708 | 		PULONG ReturnLength);
 709 | 
 710 | 	NTSTATUS WINAPI NtQueryInformationThread(
 711 | 		HANDLE ThreadHandle,
 712 | 		PVOID ThreadInformationClass,
 713 | 		PVOID ThreadInformation,
 714 | 		ULONG ThreadInformationLength,
 715 | 		PULONG ReturnLength);
 716 | 
 717 | 	NTSTATUS WINAPI NtQueryInformationToken(
 718 | 		HANDLE TokenHandle,
 719 | 		TOKEN_INFORMATION_CLASS TokenInformationClass,
 720 | 		PVOID TokenInformation,
 721 | 		ULONG TokenInformationLength,
 722 | 		PULONG ReturnLength);
 723 | 
 724 | 	NTSTATUS WINAPI NtQueryIntervalProfile(
 725 | 		PVOID Source,
 726 | 		PULONG Interval);
 727 | 
 728 | 	NTSTATUS WINAPI NtQueryIoCompletion(
 729 | 		HANDLE IoCompletionHandle,
 730 | 		PVOID IoCompletionInformationClass,
 731 | 		PVOID IoCompletionInformation,
 732 | 		ULONG IoCompletionInformationLength,
 733 | 		PULONG ResultLength);
 734 | 
 735 | 	NTSTATUS WINAPI NtQueryKey(
 736 | 		HANDLE KeyHandle,
 737 | 		PVOID KeyInformationClass,
 738 | 		void* KeyInformation,
 739 | 		DWORD KeyInformationLength,
 740 | 		DWORD* ResultLength);
 741 | 
 742 | 	NTSTATUS WINAPI NtQueryMultipleValueKey(
 743 | 		HANDLE KeyHandle,
 744 | 		PVOID ValueList,
 745 | 		ULONG NumberOfValues,
 746 | 		PVOID Buffer,
 747 | 		ULONG Length,
 748 | 		PULONG ReturnLength);
 749 | 
 750 | 	NTSTATUS WINAPI NtQueryMutant(
 751 | 		HANDLE MutantHandle,
 752 | 		PVOID MutantInformationClass,
 753 | 		PVOID MutantInformation,
 754 | 		ULONG MutantInformationLength,
 755 | 		PULONG ResultLength);
 756 | 
 757 | 	NTSTATUS WINAPI NtQueryObject(
 758 | 		HANDLE ObjectHandle,
 759 | 		OBJECT_INFORMATION_CLASS ObjectInformationClass,
 760 | 		PVOID ObjectInformation,
 761 | 		ULONG ObjectInformationLength,
 762 | 		PULONG ReturnLength);
 763 | 
 764 | 	NTSTATUS WINAPI NtQueryPerformanceCounter(
 765 | 		PLARGE_INTEGER PerformanceCount,
 766 | 		PLARGE_INTEGER PerformanceFrequency);
 767 | 
 768 | 	NTSTATUS WINAPI NtQuerySection(
 769 | 		HANDLE SectionHandle,
 770 | 		PVOID SectionInformationClass,
 771 | 		PVOID SectionInformation,
 772 | 		ULONG SectionInformationLength,
 773 | 		PULONG ResultLength);
 774 | 
 775 | 	NTSTATUS WINAPI NtQuerySecurityObject(
 776 | 		HANDLE Handle,
 777 | 		SECURITY_INFORMATION SecurityInformation,
 778 | 		PSECURITY_DESCRIPTOR SecurityDescriptor,
 779 | 		ULONG SecurityDescriptorLength,
 780 | 		PULONG ReturnLength);
 781 | 
 782 | 	NTSTATUS WINAPI NtQuerySemaphore(
 783 | 		HANDLE SemaphoreHandle,
 784 | 		PVOID SemaphoreInformationClass,
 785 | 		PVOID SemaphoreInformation,
 786 | 		ULONG SemaphoreInformationLength,
 787 | 		PULONG ResultLength);
 788 | 
 789 | 	NTSTATUS WINAPI NtQuerySymbolicLinkObject(
 790 | 		HANDLE SymbolicLinkHandle,
 791 | 		PUNICODE_STRING TargetName,
 792 | 		PULONG ReturnLength);
 793 | 
 794 | 	NTSTATUS WINAPI NtQuerySystemEnvironmentValue(
 795 | 		PUNICODE_STRING Name,
 796 | 		PWCHAR Value,
 797 | 		ULONG ValueLength,
 798 | 		PULONG ReturnLength);
 799 | 
 800 | 	NTSTATUS WINAPI NtQuerySystemInformation(
 801 | 		PVOID SystemInformationClass,
 802 | 		PVOID SystemInformation,
 803 | 		ULONG SystemInformationLength,
 804 | 		PULONG ReturnLength);
 805 | 
 806 | 	NTSTATUS WINAPI NtQuerySystemTime(
 807 | 		PLARGE_INTEGER CurrentTime);
 808 | 
 809 | 	NTSTATUS WINAPI NtQueryTimer(
 810 | 		HANDLE TimerHandle,
 811 | 		PVOID TimerInformationClass,
 812 | 		PVOID TimerInformation,
 813 | 		ULONG TimerInformationLength,
 814 | 		PULONG ResultLength);
 815 | 
 816 | 	NTSTATUS WINAPI NtQueryTimerResolution(
 817 | 		PULONG CoarsestResolution,
 818 | 		PULONG FinestResolution,
 819 | 		PULONG ActualResolution);
 820 | 
 821 | 	NTSTATUS WINAPI NtQueryValueKey(
 822 | 		HANDLE KeyHandle,
 823 | 		const UNICODE_STRING* ValueName,
 824 | 		PVOID KeyValueInformationClass,
 825 | 		void* KeyValueInformation,
 826 | 		DWORD KeyValueInformationLength,
 827 | 		DWORD* ResultLength);
 828 | 
 829 | 	NTSTATUS WINAPI NtQueryVirtualMemory(
 830 | 		HANDLE ProcessHandle,
 831 | 		LPCVOID BaseAddress,
 832 | 		MEMORY_INFORMATION_CLASS MemoryInformationClass,
 833 | 		PVOID MemoryInformation,
 834 | 		SIZE_T MemoryInformationLength,
 835 | 		SIZE_T* ReturnLength);
 836 | 
 837 | 	NTSTATUS WINAPI NtQueryVolumeInformationFile(
 838 | 		HANDLE FileHandle,
 839 | 		PIO_STATUS_BLOCK IoStatusBlock,
 840 | 		PVOID VolumeInformation,
 841 | 		ULONG VolumeInformationLength,
 842 | 		PVOID VolumeInformationClass);
 843 | 
 844 | 	NTSTATUS WINAPI NtQueueApcThread(
 845 | 		HANDLE ThreadHandle,
 846 | 		PVOID ApcRoutine,
 847 | 		ULONG_PTR ApcContext,
 848 | 		ULONG_PTR Argument1,
 849 | 		ULONG_PTR Argument2);
 850 | 
 851 | 	NTSTATUS WINAPI NtRaiseException(
 852 | 		PEXCEPTION_RECORD ExceptionRecord,
 853 | 		PCONTEXT Context,
 854 | 		BOOL SearchFrames);
 855 | 
 856 | 	NTSTATUS WINAPI NtRaiseHardError(
 857 | 		NTSTATUS Status,
 858 | 		ULONG NumberOfArguments,
 859 | 		PUNICODE_STRING StringArgumentsMask,
 860 | 		PVOID* Arguments,
 861 | 		PVOID ResponseOption,
 862 | 		PVOID Response);
 863 | 
 864 | 	NTSTATUS WINAPI NtReadFile(
 865 | 		HANDLE FileHandle,
 866 | 		HANDLE Event,
 867 | 		PVOID ApcRoutine,
 868 | 		PVOID ApcContext,
 869 | 		PIO_STATUS_BLOCK IoStatusBlock,
 870 | 		PVOID Buffer,
 871 | 		ULONG Length,
 872 | 		PLARGE_INTEGER ByteOffset,
 873 | 		PULONG Key);
 874 | 
 875 | 	NTSTATUS WINAPI NtReadFileScatter(
 876 | 		HANDLE FileHandle,
 877 | 		HANDLE Event,
 878 | 		PVOID ApcRoutine,
 879 | 		PVOID ApcContext,
 880 | 		PIO_STATUS_BLOCK IoStatusBlock,
 881 | 		FILE_SEGMENT_ELEMENT* Buffer,
 882 | 		ULONG Length,
 883 | 		PLARGE_INTEGER ByteOffset,
 884 | 		PULONG Key);
 885 | 
 886 | 	NTSTATUS WINAPI NtReadRequestData(
 887 | 		HANDLE PortHandle,
 888 | 		PVOID Message,
 889 | 		ULONG Index,
 890 | 		PVOID Buffer,
 891 | 		ULONG BufferLength,
 892 | 		PULONG ReturnLength);
 893 | 
 894 | 	NTSTATUS WINAPI NtReadVirtualMemory(
 895 | 		HANDLE ProcessHandle,
 896 | 		const void* BaseAddress,
 897 | 		void* Buffer,
 898 | 		SIZE_T BufferLength,
 899 | 		SIZE_T* ReturnLength);
 900 | 
 901 | 	NTSTATUS WINAPI NtRegisterThreadTerminatePort(
 902 | 		HANDLE PortHandle);
 903 | 
 904 | 	NTSTATUS WINAPI NtReleaseMutant(
 905 | 		HANDLE MutantHandle,
 906 | 		PLONG PreviousState);
 907 | 
 908 | 	NTSTATUS WINAPI NtReleaseSemaphore(
 909 | 		HANDLE SemaphoreHandle,
 910 | 		ULONG ReleaseCount,
 911 | 		PULONG PPreviousCount);
 912 | 
 913 | 	NTSTATUS WINAPI NtRemoveIoCompletion(
 914 | 		HANDLE IoCompletionHandle,
 915 | 		PULONG_PTR CompletionKey,
 916 | 		PULONG_PTR CompletionValue,
 917 | 		PIO_STATUS_BLOCK IoStatusBlock,
 918 | 		PLARGE_INTEGER Time);
 919 | 
 920 | 	NTSTATUS WINAPI NtReplaceKey(
 921 | 		POBJECT_ATTRIBUTES NewFileObjectAttributes,
 922 | 		HANDLE KeyHandle,
 923 | 		POBJECT_ATTRIBUTES OldFileObjectAttributes);
 924 | 
 925 | 	NTSTATUS WINAPI NtReplyPort(
 926 | 		HANDLE PortHandle,
 927 | 		PVOID ReplyMessage);
 928 | 
 929 | 	NTSTATUS WINAPI NtReplyWaitReceivePort(
 930 | 		HANDLE PortHandle,
 931 | 		PULONG PortIdentifier,
 932 | 		PVOID ReplyMessage,
 933 | 		PVOID Message);
 934 | 
 935 | 	NTSTATUS WINAPI NtReplyWaitReplyPort(
 936 | 		HANDLE PortHandle,
 937 | 		PVOID ReplyMessage);
 938 | 
 939 | 	NTSTATUS WINAPI NtRequestPort(
 940 | 		HANDLE PortHandle,
 941 | 		PVOID RequestMessage);
 942 | 
 943 | 	NTSTATUS WINAPI NtRequestWaitReplyPort(
 944 | 		HANDLE PortHandle,
 945 | 		PVOID RequestMessage,
 946 | 		PVOID ReplyMessage);
 947 | 
 948 | 	NTSTATUS WINAPI NtResetEvent(
 949 | 		HANDLE EventHandle,
 950 | 		PULONG PreviousState);
 951 | 
 952 | 	NTSTATUS WINAPI NtRestoreKey(
 953 | 		HANDLE KeyHandle,
 954 | 		HANDLE FileHandle,
 955 | 		ULONG Flags);
 956 | 
 957 | 	NTSTATUS WINAPI NtResumeThread(
 958 | 		HANDLE ThreadHandle,
 959 | 		PULONG PreviousSuspendCount);
 960 | 
 961 | 	NTSTATUS WINAPI NtSaveKey(
 962 | 		HANDLE KeyHandle,
 963 | 		HANDLE FileHandle);
 964 | 
 965 | 	NTSTATUS WINAPI NtSetContextThread(
 966 | 		HANDLE ThreadHandle,
 967 | 		const CONTEXT* Context);
 968 | 
 969 | 	NTSTATUS WINAPI NtSetDefaultHardErrorPort(
 970 | 		HANDLE PortHandle);
 971 | 
 972 | 	NTSTATUS WINAPI NtSetDefaultLocale(
 973 | 		BOOLEAN ThreadOrSystem,
 974 | 		LCID Locale);
 975 | 
 976 | 	NTSTATUS WINAPI NtSetEaFile(
 977 | 		HANDLE FileHandle,
 978 | 		PIO_STATUS_BLOCK IoStatusBlock,
 979 | 		PVOID Buffer,
 980 | 		ULONG BufferLength);
 981 | 
 982 | 	NTSTATUS WINAPI NtSetEvent(
 983 | 		HANDLE EventHandle,
 984 | 		PULONG PreviousState);
 985 | 
 986 | 	NTSTATUS WINAPI NtSetHighEventPair(
 987 | 		HANDLE EventPairHandle);
 988 | 
 989 | 	NTSTATUS WINAPI NtSetHighWaitLowEventPair(
 990 | 		HANDLE EventPairHandle);
 991 | 
 992 | 	NTSTATUS WINAPI NtSetInformationFile(
 993 | 		HANDLE FileHandle,
 994 | 		PIO_STATUS_BLOCK IoStatusBlock,
 995 | 		PVOID FileInformation,
 996 | 		ULONG FileInformationLength,
 997 | 		PVOID FileInformationClass);
 998 | 
 999 | 	NTSTATUS WINAPI NtSetInformationKey(
1000 | 		HANDLE KeyHandle,
1001 | 		const int KeyInformationClass,
1002 | 		PVOID KeyInformation,
1003 | 		ULONG KeyInformationLength);
1004 | 
1005 | 	NTSTATUS WINAPI NtSetInformationObject(
1006 | 		HANDLE ObjectHandle,
1007 | 		OBJECT_INFORMATION_CLASS ObjectInformationClass,
1008 | 		PVOID ObjectInformation,
1009 | 		ULONG ObjectInformationLength);
1010 | 
1011 | 	NTSTATUS WINAPI NtSetInformationProcess(
1012 | 		HANDLE ProcessHandle,
1013 | 		PVOID ProcessInformationClass,
1014 | 		PVOID ProcessInformation,
1015 | 		ULONG ProcessInformationLength);
1016 | 
1017 | 	NTSTATUS WINAPI NtSetInformationThread(
1018 | 		HANDLE ThreadHandle,
1019 | 		PVOID ThreadInformationClass,
1020 | 		LPCVOID ThreadInformation,
1021 | 		ULONG ThreadInformationLength);
1022 | 
1023 | 	NTSTATUS WINAPI NtSetInformationToken(
1024 | 		HANDLE TokenHandle,
1025 | 		TOKEN_INFORMATION_CLASS TokenInformationClass,
1026 | 		PVOID TokenInformation,
1027 | 		ULONG TokenInformationLength);
1028 | 
1029 | 	NTSTATUS WINAPI NtSetIntervalProfile(
1030 | 		ULONG Interval,
1031 | 		PVOID Source);
1032 | 
1033 | 	NTSTATUS WINAPI NtSetIoCompletion(
1034 | 		HANDLE IoCompletionHandle,
1035 | 		ULONG_PTR CompletionKey,
1036 | 		ULONG_PTR CompletionValue,
1037 | 		NTSTATUS Status,
1038 | 		SIZE_T Information);
1039 | 
1040 | 	NTSTATUS WINAPI NtSetLowEventPair(
1041 | 		HANDLE EventPairHandle);
1042 | 
1043 | 	NTSTATUS WINAPI NtSetLowWaitHighEventPair(
1044 | 		HANDLE EventPairHandle);
1045 | 
1046 | 	NTSTATUS WINAPI NtSetSecurityObject(
1047 | 		HANDLE Handle,
1048 | 		SECURITY_INFORMATION SecurityInformation,
1049 | 		PSECURITY_DESCRIPTOR SecurityDescriptor);
1050 | 
1051 | 	NTSTATUS WINAPI NtSetSystemEnvironmentValue(
1052 | 		PUNICODE_STRING Name,
1053 | 		PUNICODE_STRING Value);
1054 | 
1055 | 	NTSTATUS WINAPI NtSetSystemInformation(
1056 | 		PVOID SystemInformationClass,
1057 | 		PVOID SystemInformation,
1058 | 		ULONG SystemInformationLength);
1059 | 
1060 | 	NTSTATUS WINAPI NtSetSystemPowerState(
1061 | 		POWER_ACTION SystemAction,
1062 | 		SYSTEM_POWER_STATE MinSystemState,
1063 | 		ULONG Flags);
1064 | 
1065 | 	NTSTATUS WINAPI NtSetSystemTime(
1066 | 		const LARGE_INTEGER* NewTime,
1067 | 		LARGE_INTEGER* OldTime);
1068 | 
1069 | 	NTSTATUS WINAPI NtSetTimer(
1070 | 		HANDLE TimerHandle,
1071 | 		const LARGE_INTEGER* DueTime,
1072 | 		PVOID TimerApcRoutine,
1073 | 		PVOID TimerContext,
1074 | 		BOOLEAN Resume,
1075 | 		ULONG Period,
1076 | 		BOOLEAN* PreviousState);
1077 | 
1078 | 	NTSTATUS WINAPI NtSetTimerResolution(
1079 | 		ULONG RequestedResolution,
1080 | 		BOOLEAN Set,
1081 | 		PULONG ActualResolution);
1082 | 
1083 | 	NTSTATUS WINAPI NtSetValueKey(
1084 | 		HANDLE KeyHandle,
1085 | 		const UNICODE_STRING* ValueName,
1086 | 		ULONG TitleIndex,
1087 | 		ULONG Type,
1088 | 		const void* Data,
1089 | 		ULONG DataSize);
1090 | 
1091 | 	NTSTATUS WINAPI NtSetVolumeInformationFile(
1092 | 		HANDLE FileHandle,
1093 | 		PIO_STATUS_BLOCK IoStatusBlock,
1094 | 		PVOID Buffer,
1095 | 		ULONG BufferLength,
1096 | 		PVOID VolumeInformationClass);
1097 | 
1098 | 	NTSTATUS WINAPI NtShutdownSystem(
1099 | 		PVOID Action);
1100 | 
1101 | 	NTSTATUS WINAPI NtSignalAndWaitForSingleObject(
1102 | 		HANDLE HandleToSignal,
1103 | 		HANDLE HandleToWait,
1104 | 		BOOLEAN Alertable,
1105 | 		const LARGE_INTEGER* Time);
1106 | 
1107 | 	NTSTATUS WINAPI NtStartProfile(
1108 | 		HANDLE ProfileHandle);
1109 | 
1110 | 	NTSTATUS WINAPI NtStopProfile(
1111 | 		HANDLE ProfileHandle);
1112 | 
1113 | 	NTSTATUS WINAPI NtSuspendThread(
1114 | 		HANDLE ThreadHandle,
1115 | 		PULONG PreviousSuspendCount);
1116 | 
1117 | 	NTSTATUS WINAPI NtSystemDebugControl(
1118 | 		PVOID ControlCode,
1119 | 		PVOID InputBuffer,
1120 | 		ULONG InputBufferLength,
1121 | 		PVOID OutputBuffer,
1122 | 		ULONG OutputBufferLength,
1123 | 		PULONG ReturnLength);
1124 | 
1125 | 	NTSTATUS WINAPI NtTerminateProcess(
1126 | 		HANDLE ProcessHandle,
1127 | 		LONG ExitStatus);
1128 | 
1129 | 	NTSTATUS WINAPI NtTerminateThread(
1130 | 		HANDLE ThreadHandle,
1131 | 		LONG ExitStatus);
1132 | 
1133 | 	NTSTATUS WINAPI NtTestAlert();
1134 | 
1135 | 	NTSTATUS WINAPI NtUnloadDriver(
1136 | 		const UNICODE_STRING* DriverServiceName);
1137 | 
1138 | 	NTSTATUS WINAPI NtUnloadKey(
1139 | 		POBJECT_ATTRIBUTES KeyObjectAttributes);
1140 | 
1141 | 	NTSTATUS WINAPI NtUnlockFile(
1142 | 		HANDLE FileHandle,
1143 | 		PIO_STATUS_BLOCK IoStatusBlock,
1144 | 		PLARGE_INTEGER LockOffset,
1145 | 		PLARGE_INTEGER LockLength,
1146 | 		PULONG Key);
1147 | 
1148 | 	NTSTATUS WINAPI NtUnlockVirtualMemory(
1149 | 		HANDLE ProcessHandle,
1150 | 		PVOID* BaseAddress,
1151 | 		SIZE_T* LockSize,
1152 | 		ULONG LockType);
1153 | 
1154 | 	NTSTATUS WINAPI NtUnmapViewOfSection(
1155 | 		HANDLE ProcessHandle,
1156 | 		PVOID BaseAddress);
1157 | 
1158 | 	NTSTATUS WINAPI NtWaitForMultipleObjects(
1159 | 		ULONG HandleCount,
1160 | 		const HANDLE* Handles,
1161 | 		BOOLEAN WaitType,
1162 | 		BOOLEAN Alertable,
1163 | 		const LARGE_INTEGER* Time);
1164 | 
1165 | 	NTSTATUS WINAPI NtWaitForSingleObject(
1166 | 		HANDLE Handle,
1167 | 		BOOLEAN Alertable,
1168 | 		const LARGE_INTEGER* Time);
1169 | 
1170 | 	NTSTATUS WINAPI NtWaitHighEventPair(
1171 | 		HANDLE EventPairHandle);
1172 | 
1173 | 	NTSTATUS WINAPI NtWaitLowEventPair(
1174 | 		HANDLE EventPairHandle);
1175 | 
1176 | 	NTSTATUS WINAPI NtWriteFile(
1177 | 		HANDLE FileHandle,
1178 | 		HANDLE Event,
1179 | 		PVOID ApcRoutine,
1180 | 		PVOID ApcContext,
1181 | 		PIO_STATUS_BLOCK IoStatusBlock,
1182 | 		const void* Buffer,
1183 | 		ULONG Length,
1184 | 		PLARGE_INTEGER ByteOffset,
1185 | 		PULONG Key);
1186 | 
1187 | 	NTSTATUS WINAPI NtWriteFileGather(
1188 | 		HANDLE FileHandle,
1189 | 		HANDLE Event,
1190 | 		PVOID ApcRoutine,
1191 | 		PVOID ApcContext,
1192 | 		PIO_STATUS_BLOCK IoStatusBlock,
1193 | 		FILE_SEGMENT_ELEMENT* Buffer,
1194 | 		ULONG Length,
1195 | 		PLARGE_INTEGER ByteOffset,
1196 | 		PULONG Key);
1197 | 
1198 | 	NTSTATUS WINAPI NtWriteRequestData(
1199 | 		HANDLE PortHandle,
1200 | 		PVOID Message,
1201 | 		ULONG Index,
1202 | 		PVOID Buffer,
1203 | 		ULONG BufferLength,
1204 | 		PULONG ReturnLength);
1205 | 
1206 | 	NTSTATUS WINAPI NtWriteVirtualMemory(
1207 | 		HANDLE ProcessHandle,
1208 | 		void* BaseAddress,
1209 | 		const void* Buffer,
1210 | 		SIZE_T BufferLength,
1211 | 		SIZE_T* ReturnLength);
1212 | 
1213 | 	NTSTATUS WINAPI NtYieldExecution();
1214 | 
1215 | 	LPVOID WINAPI RtlAllocateHeap(
1216 | 		PVOID heap,
1217 | 		ULONG flags,
1218 | 		ULONG size);
1219 | 
1220 | 	LPVOID WINAPI RtlReAllocateHeap(
1221 | 		PVOID heap,
1222 | 		ULONG flags,
1223 | 		PVOID ptr,
1224 | 		ULONG size);
1225 | 
1226 | 	BOOL WINAPI RtlFreeHeap(
1227 | 		PVOID heap,
1228 | 		ULONG flags,
1229 | 		PVOID ptr);
1230 | 
1231 | 	VOID WINAPI RtlInitUnicodeString(
1232 | 		PUNICODE_STRING target, 
1233 | 		PCWSTR source);
1234 | 
1235 | 	VOID WINAPI RtlInitAnsiString(
1236 | 		PANSI_STRING target,
1237 | 		PCSTR source);
1238 | 
1239 | 	NTSTATUS WINAPI RtlAnsiStringToUnicodeString(
1240 | 		PUNICODE_STRING dst,
1241 | 		PANSI_STRING src,
1242 | 		BOOLEAN doalloc);
1243 | 
1244 | 	VOID WINAPI RtlFreeUnicodeString(
1245 | 		PUNICODE_STRING str);
1246 | 
1247 | 	VOID WINAPI RtlFreeAnsiString(
1248 | 		PANSI_STRING str);
1249 | 
1250 | 	LONG WINAPI RtlCompareUnicodeString(
1251 | 		const UNICODE_STRING *s1, 
1252 | 		const UNICODE_STRING *s2,
1253 | 		BOOLEAN CaseInsensitive);
1254 | 
1255 | 	errno_t CDECL wcsncpy_s(
1256 | 		wchar_t *strDest,
1257 | 		size_t numberOfElements,
1258 | 		const wchar_t *strSource,
1259 | 		size_t count);
1260 | 
1261 | 	errno_t CDECL wcscat_s(
1262 | 		wchar_t *strDestination,
1263 | 		size_t numberOfElements,
1264 | 		const wchar_t *strSource);
1265 | 
1266 | 	size_t CDECL strlen(
1267 | 		const char *str);
1268 | 
1269 | 	size_t CDECL wcslen(
1270 | 		const wchar_t *str);
1271 | 
1272 | 	int CDECL strcmp(
1273 | 		const char *string1,
1274 | 		const char *string2);
1275 | 
1276 | 	int CDECL wcscmp(
1277 | 		const wchar_t *string1,
1278 | 		const wchar_t *string2);
1279 | 
1280 | 	int CDECL wcscmpi(
1281 | 		const wchar_t *string1,
1282 | 		const wchar_t *string2);
1283 | 
1284 | 	wchar_t towlower(
1285 | 		wchar_t c);
1286 | 
1287 | 
1288 | }
1289 | 
1290 | namespace Win32Api
1291 | {
1292 | 	HANDLE	WINAPI GetCurrentProcess();
1293 | 
1294 | 	HANDLE	WINAPI GetCurrentThread();
1295 | 
1296 | 	DWORD	WINAPI GetCurrentProcessId();
1297 | 
1298 | 	DWORD	WINAPI GetCurrentThreadId();
1299 | 
1300 | 	HANDLE	WINAPI OpenProcess(
1301 | 		DWORD dwDesiredAccess, 
1302 | 		BOOL bInheritHandle, 
1303 | 		DWORD dwThreadId);
1304 | 
1305 | 	HANDLE	WINAPI OpenThread(
1306 | 		DWORD dwDesiredAccess, 
1307 | 		BOOL bInheritHandle, 
1308 | 		DWORD dwThreadId);
1309 | 
1310 | 	BOOL	WINAPI GetThreadContext(
1311 | 		HANDLE hThread, 
1312 | 		LPCONTEXT lpContext);
1313 | 
1314 | 	BOOL	WINAPI SetThreadContext(
1315 | 		HANDLE hThread, 
1316 | 		LPCONTEXT lpContext);
1317 | 
1318 | 	BOOL	WINAPI TerminateProcess(
1319 | 		HANDLE hThread, 
1320 | 		UINT uExitCode);
1321 | 
1322 | 	VOID	WINAPI ExitProcess(
1323 | 		UINT uExitCode);
1324 | 
1325 | 	BOOL	WINAPI Thread32First(
1326 | 		HANDLE hSnapShot, 
1327 | 		LPTHREADENTRY32 lpte);
1328 | 
1329 | 	BOOL	WINAPI Thread32Next(
1330 | 		HANDLE hSnapShot, 
1331 | 		LPTHREADENTRY32 lpte);
1332 | 	
1333 | 	BOOL	WINAPI Process32FirstA(
1334 | 		HANDLE hSnapshot, 
1335 | 		LPPROCESSENTRY32 lppe);
1336 | 
1337 | 	BOOL	WINAPI Process32NextA(
1338 | 		HANDLE hSnapshot, 
1339 | 		LPPROCESSENTRY32 lppe);
1340 | 
1341 | 	BOOL	WINAPI Process32FirstW(
1342 | 		HANDLE hSnapshot, 
1343 | 		LPPROCESSENTRY32W lppe);
1344 | 
1345 | 	BOOL	WINAPI Process32NextW(
1346 | 		HANDLE hSnapshot, 
1347 | 		LPPROCESSENTRY32W lppe);
1348 | 
1349 | 	BOOL	WINAPI Module32FirstW(
1350 | 		HANDLE hSnapshot, 
1351 | 		LPMODULEENTRY32W lpme);
1352 | 
1353 | 	BOOL	WINAPI Module32FirstA(
1354 | 		HANDLE hSnapshot, 
1355 | 		LPMODULEENTRY32 lpme);
1356 | 
1357 | 	BOOL	WINAPI Module32NextA(
1358 | 		HANDLE hSnapshot, 
1359 | 		LPMODULEENTRY32 lpme);
1360 | 
1361 | 	BOOL	WINAPI Module32NextW(
1362 | 		HANDLE hSnapshot, 
1363 | 		LPMODULEENTRY32W lpme);
1364 | 
1365 | 	BOOL	WINAPI Toolhelp32ReadProcessMemory(
1366 | 		DWORD th32ProcessID, 
1367 | 		LPCVOID lpBaseAddress, 
1368 | 		LPVOID lpBuffer, 
1369 | 		SIZE_T cbRead, 
1370 | 		SIZE_T* lpNumberOfBytesRead);
1371 | 
1372 | 	BOOL	WINAPI ReadProcessMemory(
1373 | 		HANDLE hProcess, 
1374 | 		LPCVOID lpBaseAddress, 
1375 | 		LPVOID lpBuffer, 
1376 | 		SIZE_T nSize, 
1377 | 		SIZE_T * lpNumberOfBytesRead);
1378 | 
1379 | 	BOOL	WINAPI WriteProcessMemory(
1380 | 		HANDLE hProcess, 
1381 | 		LPVOID lpBaseAddress, 
1382 | 		LPCVOID lpBuffer, 
1383 | 		SIZE_T nSize, 
1384 | 		SIZE_T* lpNumberOfBytesWritten);
1385 | 
1386 | 	LPVOID	WINAPI VirtualAllocEx(
1387 | 		HANDLE hProcess, 
1388 | 		LPVOID lpAddress, 
1389 | 		SIZE_T dwSize, 
1390 | 		DWORD flAllocationType, 
1391 | 		DWORD flProtect);
1392 | 
1393 | 	LPVOID	WINAPI VirtualAlloc(
1394 | 		LPVOID lpAddress, 
1395 | 		SIZE_T dwSize, 
1396 | 		DWORD flAllocationType, 
1397 | 		DWORD flProtect);
1398 | 
1399 | 	SIZE_T	WINAPI VirtualQuery(
1400 | 		LPVOID lpAddress, 
1401 | 		PMEMORY_BASIC_INFORMATION lpBuffer , 
1402 | 		SIZE_T dwLength);
1403 | 
1404 | 	SIZE_T	WINAPI VirtualQueryEx(
1405 | 		HANDLE hProcess, 
1406 | 		LPCVOID lpAddress, 
1407 | 		PMEMORY_BASIC_INFORMATION lpBuffer, 
1408 | 		SIZE_T dwLength);
1409 | 	
1410 | 	BOOL	WINAPI VirtualFree(
1411 | 		LPVOID lpAddress, 
1412 | 		SIZE_T dwSize, 
1413 | 		DWORD dwFreeType);
1414 | 	
1415 | 	BOOL	WINAPI VirtualFreeEx(
1416 | 		HANDLE hProcess, 
1417 | 		LPVOID lpAddress, 
1418 | 		SIZE_T dwSize, 
1419 | 		DWORD dwFreeType);
1420 | 	
1421 | 	BOOL	WINAPI VirtualProtect(
1422 | 		LPVOID lpAddress, 
1423 | 		SIZE_T dwSize, 
1424 | 		DWORD flNewProtect , 
1425 | 		LPDWORD lpflOldProtect);
1426 | 	
1427 | 	BOOL	WINAPI VirtualProtectEx(
1428 | 		HANDLE hProcess, 
1429 | 		LPVOID lpAddress, 
1430 | 		SIZE_T dwSize, 
1431 | 		DWORD flNewProtect, 
1432 | 		LPDWORD lpflOldProtect);
1433 | 
1434 | 	HANDLE	WINAPI GetProcessHeap();
1435 | 	
1436 | 	LPVOID	WINAPI HeapAlloc(
1437 | 		HANDLE hHeap, 
1438 | 		DWORD dwFlags, 
1439 | 		SIZE_T dwSize);
1440 | 	
1441 | 	LPVOID	WINAPI HeapReAlloc(
1442 | 		HANDLE hHeap, 
1443 | 		DWORD dwFlags, 
1444 | 		LPVOID lpMem, 
1445 | 		SIZE_T dwSize);
1446 | 	
1447 | 	BOOL	WINAPI HeapFree(
1448 | 		HANDLE hHeap, 
1449 | 		DWORD dwFlags, 
1450 | 		LPVOID lpMem);
1451 | 
1452 | 	LPVOID	WINAPI MapViewOfFile(
1453 | 		HANDLE hFileMappingObject, 
1454 | 		DWORD dwDesiredAccess, 
1455 | 		DWORD dwFileOffsetHigh, 
1456 | 		DWORD dwFileOffsetLow, 
1457 | 		SIZE_T dwNumberOfBytesToMap);
1458 | 	
1459 | 	LPVOID	WINAPI MapViewOfFileEx(
1460 | 		HANDLE hFileMappingObject, 
1461 | 		DWORD dwDesiredAccess, 
1462 | 		DWORD dwFileOffsetHigh, 
1463 | 		DWORD dwFileOffsetLow, 
1464 | 		SIZE_T dwNumberOfBytesToMap, 
1465 | 		LPVOID lpBaseAddress);
1466 | 	
1467 | 	BOOL	WINAPI UnmapViewOfFile(
1468 | 		LPVOID lpBaseAddress);
1469 | 
1470 | 	DWORD	WINAPI GetVersion();
1471 | 
1472 | 	HMODULE	WINAPI LoadLibraryA(
1473 | 		LPCSTR lpModuleName);
1474 | 	
1475 | 	HMODULE	WINAPI LoadLibraryW(
1476 | 		LPCWSTR lpModuleName);
1477 | 	
1478 | 	HMODULE WINAPI GetModuleHandleA(
1479 | 		LPCSTR lpModuleName);
1480 | 	
1481 | 	HMODULE WINAPI GetModuleHandleW(
1482 | 		LPCWSTR lpModuleName);
1483 | 	
1484 | 	DWORD	WINAPI GetModuleSize(
1485 | 		HMODULE hModule);
1486 | 	
1487 | 	LPCWSTR	WINAPI GetModuleFileNameW(
1488 | 		HMODULE handle);
1489 | 
1490 | 	LPCWSTR WINAPI GetModuleFullFileNameW(
1491 | 		HMODULE handle);
1492 | 	
1493 | 	FARPROC WINAPI GetProcAddress(
1494 | 		HMODULE hModule, 
1495 | 		LPCSTR lpProcName);
1496 | 
1497 | 	BOOL	WINAPI IsBadReadPtr(
1498 | 		CONST VOID	* lp, 
1499 | 		UINT ucb);
1500 | 	
1501 | 	BOOL	WINAPI IsBadWritePtr(
1502 | 		LPVOID lp, 
1503 | 		UINT ucb);
1504 | 	
1505 | 	BOOL WINAPI CloseHandle(
1506 | 		HANDLE Object);
1507 | 
1508 | 	void WINAPI SetLastError(
1509 | 		DWORD error);
1510 | 
1511 | 	HANDLE WINAPI CreateFileA(
1512 | 		LPCSTR lpFileName,
1513 | 		DWORD dwDesiredAccess,
1514 | 		DWORD dwShareMode,
1515 | 		LPSECURITY_ATTRIBUTES lpSecurityAttributes,
1516 | 		DWORD dwCreationDisposition,
1517 | 		DWORD dwFlagsAndAttributes,
1518 | 		HANDLE hTemplateFile);
1519 | 
1520 | 		HANDLE WINAPI CreateFileW(
1521 | 		LPCWSTR lpFileName,
1522 | 		DWORD dwDesiredAccess,
1523 | 		DWORD dwShareMode,
1524 | 		LPSECURITY_ATTRIBUTES lpSecurityAttributes,
1525 | 		DWORD dwCreationDisposition,
1526 | 		DWORD dwFlagsAndAttributes,
1527 | 		HANDLE hTemplateFile);
1528 | 
1529 | 
1530 | 		HANDLE WINAPI CreateFileMappingW(
1531 | 			HANDLE hFile, 
1532 | 			LPSECURITY_ATTRIBUTES sa,
1533 | 			DWORD protect, 
1534 | 			DWORD size_high,
1535 | 			DWORD size_low, 
1536 | 			LPCWSTR name);
1537 | 
1538 | 		HANDLE WINAPI CreateFileMappingA(
1539 | 			HANDLE hFile,
1540 | 			SECURITY_ATTRIBUTES *sa,
1541 | 			DWORD protect,
1542 | 			DWORD size_high,
1543 | 			DWORD size_low,
1544 | 			LPCSTR name );
1545 | 
1546 | 		int WINAPI WideCharToMultiByte(
1547 | 			UINT CodePage, 
1548 | 			DWORD dwFlags, 
1549 | 			LPCWSTR lpWideCharStr, 
1550 | 			int cchWideChar,
1551 | 			LPSTR lpMultiByteStr, 
1552 | 			int cbMultiByte,
1553 | 			LPCSTR lpDefaultChar,
1554 | 			LPBOOL lpUsedDefaultChar);
1555 | }
1556 | 
1557 | #endif


--------------------------------------------------------------------------------