├── README.md ├── driver ├── TestWDK.sln └── TestWDK │ ├── GLOBAL.cpp │ ├── GLOBAL.h │ ├── WDKExt │ ├── LICENSE │ ├── README.md │ ├── Wdk.h │ └── Wdk │ │ ├── Cm │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── CmKernel.inl │ │ ├── CmStruct.inl │ │ ├── Dbg │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── DbgKernel.inl │ │ ├── DbgStruct.inl │ │ ├── Ex │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── ExKernel.inl │ │ ├── ExStruct.inl │ │ ├── Fs │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── FsKernel.inl │ │ ├── FsStruct.inl │ │ ├── Io │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── IoKernel.inl │ │ ├── IoStruct.inl │ │ ├── Ke │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── KeKernel.inl │ │ ├── KeStruct.inl │ │ ├── LPC │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── LPCKernel.inl │ │ ├── LPCStruct.inl │ │ ├── Mm │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── MmKernel.inl │ │ ├── MmStruct.inl │ │ ├── Native.inl │ │ ├── NetKernel.inl │ │ ├── NetStruct.inl │ │ ├── Ob │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── ObKernel.inl │ │ ├── ObStruct.inl │ │ ├── Ps │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── PsKernel.inl │ │ ├── PsStruct.inl │ │ ├── Rtl │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── RtlKernel.inl │ │ ├── RtlStruct.inl │ │ ├── Se │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── SeKernel.inl │ │ ├── SeMacro.inl │ │ ├── SeStruct.inl │ │ ├── Ts │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── TsKernel.inl │ │ ├── TsStruct.inl │ │ ├── Wmi │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── WmiKernel.inl │ │ ├── WmiStruct.inl │ │ ├── Zw │ │ ├── build_10240.inl │ │ ├── build_10586.inl │ │ ├── build_14393.inl │ │ ├── build_15063.inl │ │ ├── build_16299.inl │ │ ├── build_17134.inl │ │ ├── build_17763.inl │ │ ├── build_7600.inl │ │ ├── build_7601.inl │ │ ├── build_9200.inl │ │ └── build_9600.inl │ │ ├── ZwKernel.inl │ │ └── ZwStruct.inl │ ├── inject.cpp │ ├── inject.h │ ├── main.cpp │ ├── ntdll.cpp │ ├── ntdll.h │ ├── pe.cpp │ └── pe.h ├── img └── 1.gif └── ishellcode ├── ishellcode.sln └── ishellcode ├── Misc.cpp ├── Misc.h ├── ProcManager.cpp ├── ProcManager.h ├── instdrv.cpp ├── instdrv.h ├── ishellcode.cpp ├── pch.cpp └── pch.h /README.md: -------------------------------------------------------------------------------- 1 | # Inject-ShellCode 2 | 3 | 为了方便自己测试shellcode注入 4 | 5 | * 支持用户层和内核模式的注入 6 | * 支持32位64位进程的shellcode注入。 7 | 8 | ![](./img/1.gif) 9 | 10 | ## Reference 11 | 12 | [WdkExt](https://github.com/MiroKaku/WDKExt) 13 | 14 | [Blackbone](https://github.com/DarthTon/Blackbone) 15 | -------------------------------------------------------------------------------- /driver/TestWDK.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28010.2036 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TestWDK", "TestWDK\TestWDK.vcxproj", "{2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|ARM = Debug|ARM 11 | Debug|ARM64 = Debug|ARM64 12 | Debug|x64 = Debug|x64 13 | Debug|x86 = Debug|x86 14 | Release|ARM = Release|ARM 15 | Release|ARM64 = Release|ARM64 16 | Release|x64 = Release|x64 17 | Release|x86 = Release|x86 18 | EndGlobalSection 19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 20 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Debug|ARM.ActiveCfg = Debug|ARM 21 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Debug|ARM.Build.0 = Debug|ARM 22 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Debug|ARM.Deploy.0 = Debug|ARM 23 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Debug|ARM64.ActiveCfg = Debug|ARM64 24 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Debug|ARM64.Build.0 = Debug|ARM64 25 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Debug|ARM64.Deploy.0 = Debug|ARM64 26 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Debug|x64.ActiveCfg = Debug|x64 27 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Debug|x64.Build.0 = Debug|x64 28 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Debug|x64.Deploy.0 = Debug|x64 29 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Debug|x86.ActiveCfg = Debug|Win32 30 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Debug|x86.Build.0 = Debug|Win32 31 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Debug|x86.Deploy.0 = Debug|Win32 32 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Release|ARM.ActiveCfg = Release|ARM 33 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Release|ARM.Build.0 = Release|ARM 34 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Release|ARM.Deploy.0 = Release|ARM 35 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Release|ARM64.ActiveCfg = Release|ARM64 36 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Release|ARM64.Build.0 = Release|ARM64 37 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Release|ARM64.Deploy.0 = Release|ARM64 38 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Release|x64.ActiveCfg = Release|x64 39 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Release|x64.Build.0 = Release|x64 40 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Release|x64.Deploy.0 = Release|x64 41 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Release|x86.ActiveCfg = Release|Win32 42 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Release|x86.Build.0 = Release|Win32 43 | {2BCCC0BB-82B1-45B2-AB41-93DD44BCD50D}.Release|x86.Deploy.0 = Release|Win32 44 | EndGlobalSection 45 | GlobalSection(SolutionProperties) = preSolution 46 | HideSolutionNode = FALSE 47 | EndGlobalSection 48 | GlobalSection(ExtensibilityGlobals) = postSolution 49 | SolutionGuid = {23F8BA70-ED1A-4E9A-8182-0006B01859A7} 50 | EndGlobalSection 51 | EndGlobal 52 | -------------------------------------------------------------------------------- /driver/TestWDK/GLOBAL.cpp: -------------------------------------------------------------------------------- 1 | #include "GLOBAL.h" 2 | 3 | 4 | void* RtlAllocateMemory(bool InZeroMemory, SIZE_T InSize) 5 | { 6 | void* Result = ExAllocatePoolWithTag(NonPagedPool, InSize, MY_POOL_TAG); 7 | if (InZeroMemory && (Result != NULL)) 8 | RtlZeroMemory(Result, InSize); 9 | return Result; 10 | } 11 | 12 | void RtlFreeMemory(void* InPointer) 13 | { 14 | ExFreePool(InPointer); 15 | } 16 | 17 | //Based on: http://leguanyuan.blogspot.nl/2013/09/x64-inline-hook-zwcreatesection.html 18 | NTSTATUS RtlSuperCopyMemory(IN VOID UNALIGNED* Destination, IN CONST VOID UNALIGNED* Source, IN ULONG Length) 19 | { 20 | //Change memory properties. 21 | PMDL g_pmdl = IoAllocateMdl(Destination, Length, 0, 0, NULL); 22 | if (!g_pmdl) 23 | return STATUS_UNSUCCESSFUL; 24 | MmBuildMdlForNonPagedPool(g_pmdl); 25 | unsigned int* Mapped = (unsigned int*)MmMapLockedPages(g_pmdl, KernelMode); 26 | if (!Mapped) 27 | { 28 | IoFreeMdl(g_pmdl); 29 | return STATUS_UNSUCCESSFUL; 30 | } 31 | KIRQL kirql = KeRaiseIrqlToDpcLevel(); 32 | RtlCopyMemory(Mapped, Source, Length); 33 | KeLowerIrql(kirql); 34 | //Restore memory properties. 35 | MmUnmapLockedPages((PVOID)Mapped, g_pmdl); 36 | IoFreeMdl(g_pmdl); 37 | return STATUS_SUCCESS; 38 | } -------------------------------------------------------------------------------- /driver/TestWDK/GLOBAL.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | #include 5 | #include 6 | #include 7 | #include "WDKExt/Wdk.h" 8 | 9 | 10 | #define LOG_TAG "ishellcode" 11 | #define MYDEBUG 12 | 13 | #ifdef MYDEBUG 14 | #define debug_msg(fmt,...) DbgPrint("[%s]%s[%d]:"fmt,LOG_TAG,__FILE__,__LINE__,##__VA_ARGS__) 15 | #else 16 | #define debug_msg(fmt,...) 17 | #endif // DEBUG 18 | 19 | #define MY_POOL_TAG 'enoB' 20 | 21 | void* RtlAllocateMemory(bool InZeroMemory, SIZE_T InSize); 22 | void RtlFreeMemory(void* InPointer); 23 | NTSTATUS RtlSuperCopyMemory(IN VOID UNALIGNED* Destination, IN CONST VOID UNALIGNED* Source, IN ULONG Length); 24 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/LICENSE: -------------------------------------------------------------------------------- 1 | GNU LESSER GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | 9 | This version of the GNU Lesser General Public License incorporates 10 | the terms and conditions of version 3 of the GNU General Public 11 | License, supplemented by the additional permissions listed below. 12 | 13 | 0. Additional Definitions. 14 | 15 | As used herein, "this License" refers to version 3 of the GNU Lesser 16 | General Public License, and the "GNU GPL" refers to version 3 of the GNU 17 | General Public License. 18 | 19 | "The Library" refers to a covered work governed by this License, 20 | other than an Application or a Combined Work as defined below. 21 | 22 | An "Application" is any work that makes use of an interface provided 23 | by the Library, but which is not otherwise based on the Library. 24 | Defining a subclass of a class defined by the Library is deemed a mode 25 | of using an interface provided by the Library. 26 | 27 | A "Combined Work" is a work produced by combining or linking an 28 | Application with the Library. The particular version of the Library 29 | with which the Combined Work was made is also called the "Linked 30 | Version". 31 | 32 | The "Minimal Corresponding Source" for a Combined Work means the 33 | Corresponding Source for the Combined Work, excluding any source code 34 | for portions of the Combined Work that, considered in isolation, are 35 | based on the Application, and not on the Linked Version. 36 | 37 | The "Corresponding Application Code" for a Combined Work means the 38 | object code and/or source code for the Application, including any data 39 | and utility programs needed for reproducing the Combined Work from the 40 | Application, but excluding the System Libraries of the Combined Work. 41 | 42 | 1. Exception to Section 3 of the GNU GPL. 43 | 44 | You may convey a covered work under sections 3 and 4 of this License 45 | without being bound by section 3 of the GNU GPL. 46 | 47 | 2. Conveying Modified Versions. 48 | 49 | If you modify a copy of the Library, and, in your modifications, a 50 | facility refers to a function or data to be supplied by an Application 51 | that uses the facility (other than as an argument passed when the 52 | facility is invoked), then you may convey a copy of the modified 53 | version: 54 | 55 | a) under this License, provided that you make a good faith effort to 56 | ensure that, in the event an Application does not supply the 57 | function or data, the facility still operates, and performs 58 | whatever part of its purpose remains meaningful, or 59 | 60 | b) under the GNU GPL, with none of the additional permissions of 61 | this License applicable to that copy. 62 | 63 | 3. Object Code Incorporating Material from Library Header Files. 64 | 65 | The object code form of an Application may incorporate material from 66 | a header file that is part of the Library. You may convey such object 67 | code under terms of your choice, provided that, if the incorporated 68 | material is not limited to numerical parameters, data structure 69 | layouts and accessors, or small macros, inline functions and templates 70 | (ten or fewer lines in length), you do both of the following: 71 | 72 | a) Give prominent notice with each copy of the object code that the 73 | Library is used in it and that the Library and its use are 74 | covered by this License. 75 | 76 | b) Accompany the object code with a copy of the GNU GPL and this license 77 | document. 78 | 79 | 4. Combined Works. 80 | 81 | You may convey a Combined Work under terms of your choice that, 82 | taken together, effectively do not restrict modification of the 83 | portions of the Library contained in the Combined Work and reverse 84 | engineering for debugging such modifications, if you also do each of 85 | the following: 86 | 87 | a) Give prominent notice with each copy of the Combined Work that 88 | the Library is used in it and that the Library and its use are 89 | covered by this License. 90 | 91 | b) Accompany the Combined Work with a copy of the GNU GPL and this license 92 | document. 93 | 94 | c) For a Combined Work that displays copyright notices during 95 | execution, include the copyright notice for the Library among 96 | these notices, as well as a reference directing the user to the 97 | copies of the GNU GPL and this license document. 98 | 99 | d) Do one of the following: 100 | 101 | 0) Convey the Minimal Corresponding Source under the terms of this 102 | License, and the Corresponding Application Code in a form 103 | suitable for, and under terms that permit, the user to 104 | recombine or relink the Application with a modified version of 105 | the Linked Version to produce a modified Combined Work, in the 106 | manner specified by section 6 of the GNU GPL for conveying 107 | Corresponding Source. 108 | 109 | 1) Use a suitable shared library mechanism for linking with the 110 | Library. A suitable mechanism is one that (a) uses at run time 111 | a copy of the Library already present on the user's computer 112 | system, and (b) will operate properly with a modified version 113 | of the Library that is interface-compatible with the Linked 114 | Version. 115 | 116 | e) Provide Installation Information, but only if you would otherwise 117 | be required to provide such information under section 6 of the 118 | GNU GPL, and only to the extent that such information is 119 | necessary to install and execute a modified version of the 120 | Combined Work produced by recombining or relinking the 121 | Application with a modified version of the Linked Version. (If 122 | you use option 4d0, the Installation Information must accompany 123 | the Minimal Corresponding Source and Corresponding Application 124 | Code. If you use option 4d1, you must provide the Installation 125 | Information in the manner specified by section 6 of the GNU GPL 126 | for conveying Corresponding Source.) 127 | 128 | 5. Combined Libraries. 129 | 130 | You may place library facilities that are a work based on the 131 | Library side by side in a single library together with other library 132 | facilities that are not Applications and are not covered by this 133 | License, and convey such a combined library under terms of your 134 | choice, if you do both of the following: 135 | 136 | a) Accompany the combined library with a copy of the same work based 137 | on the Library, uncombined with any other library facilities, 138 | conveyed under the terms of this License. 139 | 140 | b) Give prominent notice with the combined library that part of it 141 | is a work based on the Library, and explaining where to find the 142 | accompanying uncombined form of the same work. 143 | 144 | 6. Revised Versions of the GNU Lesser General Public License. 145 | 146 | The Free Software Foundation may publish revised and/or new versions 147 | of the GNU Lesser General Public License from time to time. Such new 148 | versions will be similar in spirit to the present version, but may 149 | differ in detail to address new problems or concerns. 150 | 151 | Each version is given a distinguishing version number. If the 152 | Library as you received it specifies that a certain numbered version 153 | of the GNU Lesser General Public License "or any later version" 154 | applies to it, you have the option of following the terms and 155 | conditions either of that published version or of any later version 156 | published by the Free Software Foundation. If the Library as you 157 | received it does not specify a version number of the GNU Lesser 158 | General Public License, you may choose any version of the GNU Lesser 159 | General Public License ever published by the Free Software Foundation. 160 | 161 | If the Library as you received it specifies that a proxy can decide 162 | whether future versions of the GNU Lesser General Public License shall 163 | apply, that proxy's public statement of acceptance of any version is 164 | permanent authorization for you to choose that version for the 165 | Library. 166 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/README.md: -------------------------------------------------------------------------------- 1 | # Windows Driver Kit Extesion Header 2 | 3 | ## Environment 4 | 5 | * C++17 6 | * Windows 7 or higher 7 | * Arch: X86, AMD64 8 | 9 | ## Config 10 | 11 | 1. `#include ` 12 | 2. Call `wdk::WdkInitSystem()` in `DriverEntry` 13 | 14 | ```C++ 15 | extern"C" 16 | auto DriverEntry(PDRIVER_OBJECT aDriverObject, PUNICODE_STRING) -> NTSTATUS 17 | { 18 | auto vStatus = STATUS_SUCCESS; 19 | 20 | for (;;) 21 | { 22 | // Just a chestnut(example) 23 | 24 | vStatus = wdk::WdkInitSystem(); 25 | if (!NT_SUCCESS(vStatus)) 26 | { 27 | break; 28 | } 29 | 30 | aDriverObject->DriverUnload = DriverUnload; 31 | break; 32 | } 33 | if (!NT_SUCCESS(vStatus)) 34 | { 35 | DriverUnload(aDriverObject); 36 | } 37 | 38 | return vStatus; 39 | } 40 | ``` 41 | 42 | ## Feature 43 | 44 | Undocument struct, function and Tips. 45 | 46 | E.g 47 | * ETHREAD 48 | * EPROCESS 49 | * Other ... 50 | 51 | ## Thanks and references 52 | 53 | Thanks for the support of these projects 54 | 55 | > [MSDN](https://docs.microsoft.com/en-us/) 56 | > [ReactOS](https://github.com/reactos/reactos) 57 | > [ProcessHacker](https://github.com/processhacker/processhacker) 58 | > [wbenny/pdbex](https://github.com/wbenny/pdbex) 59 | > [wbenny/ntdiff](https://ntdiff.github.io/) 60 | > [tandasat/HyperPlatform](https://github.com/tandasat/HyperPlatform) 61 | 62 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #pragma warning(push) 3 | #pragma warning(disable: 4201) 4 | 5 | 6 | /* wdm */ 7 | #if !defined(_WDMDDK_) && !defined(__FLTKERNEL__) 8 | #error "Must include or " 9 | #endif 10 | 11 | #if defined(_WDM_INCLUDED_) 12 | #error "Must first include " 13 | #endif 14 | 15 | /* sys */ 16 | 17 | #include 18 | #include 19 | #include 20 | 21 | /* ext */ 22 | 23 | #include "Wdk\Native.inl" 24 | #include "Wdk\CmKernel.inl" 25 | #include "Wdk\DbgKernel.inl" 26 | #include "Wdk\ExKernel.inl" 27 | #include "Wdk\FsKernel.inl" 28 | #include "Wdk\IoKernel.inl" 29 | #include "Wdk\KeKernel.inl" 30 | #include "Wdk\LPCKernel.inl" 31 | #include "Wdk\MmKernel.inl" 32 | #include "Wdk\ObKernel.inl" 33 | #include "Wdk\PsKernel.inl" 34 | #include "Wdk\TsKernel.inl" 35 | #include "Wdk\RtlKernel.inl" 36 | #include "Wdk\SeKernel.inl" 37 | #include "Wdk\WmiKernel.inl" 38 | #include "Wdk\NetKernel.inl" 39 | #include "Wdk\ZwKernel.inl" 40 | 41 | 42 | namespace wdk 43 | { 44 | 45 | inline auto WdkInitSystem() -> NTSTATUS 46 | { 47 | #define SuccessCheck$(x) if (!NT_SUCCESS(vStatus = (x))) break 48 | 49 | auto vStatus = STATUS_SUCCESS; 50 | 51 | for (;;) 52 | { 53 | SuccessCheck$(RtlInitSystem()); 54 | SuccessCheck$(CmInitSystem()); 55 | SuccessCheck$(DbgInitSystem()); 56 | SuccessCheck$(ExInitSystem()); 57 | SuccessCheck$(FsInitSystem()); 58 | SuccessCheck$(IoInitSystem()); 59 | SuccessCheck$(KeInitSystem()); 60 | SuccessCheck$(LPCInitSystem()); 61 | SuccessCheck$(MmInitSystem()); 62 | SuccessCheck$(ObInitSystem()); 63 | SuccessCheck$(PsInitSystem()); 64 | SuccessCheck$(TsInitSystem()); 65 | SuccessCheck$(SeInitSystem()); 66 | SuccessCheck$(WmiInitSystem()); 67 | SuccessCheck$(ZwInitSystem()); 68 | 69 | break; 70 | } 71 | 72 | return vStatus; 73 | 74 | #undef SuccessCheck$ 75 | } 76 | 77 | } 78 | 79 | #pragma warning(pop) 80 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Cm/build_10240.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Cm/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Cm/build_14393.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Cm/build_15063.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Cm/build_16299.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Cm/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Cm/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Cm/build_7600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Cm/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Cm/build_9200.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Cm/build_9600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/CmKernel.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "CmStruct.inl" 3 | 4 | 5 | namespace wdk 6 | { 7 | extern"C" 8 | { 9 | 10 | } 11 | } 12 | 13 | namespace wdk 14 | { 15 | extern"C" 16 | { 17 | inline auto CmInitSystem() -> NTSTATUS 18 | { 19 | return STATUS_SUCCESS; 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/CmStruct.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | namespace wdk 5 | { 6 | 7 | } 8 | 9 | #include "Cm\build_7600.inl" 10 | #include "Cm\build_7601.inl" 11 | #include "Cm\build_9200.inl" 12 | #include "Cm\build_9600.inl" 13 | #include "Cm\build_10240.inl" 14 | #include "Cm\build_10586.inl" 15 | #include "Cm\build_14393.inl" 16 | #include "Cm\build_15063.inl" 17 | #include "Cm\build_16299.inl" 18 | #include "Cm\build_17134.inl" 19 | #include "Cm\build_17763.inl" 20 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Dbg/build_10240.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Dbg/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Dbg/build_14393.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Dbg/build_15063.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Dbg/build_16299.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Dbg/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Dbg/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Dbg/build_7600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Dbg/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Dbg/build_9200.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Dbg/build_9600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/DbgKernel.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "DbgStruct.inl" 3 | 4 | 5 | namespace wdk 6 | { 7 | extern"C" 8 | { 9 | inline auto DbgInitSystem() -> NTSTATUS 10 | { 11 | return STATUS_SUCCESS; 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/DbgStruct.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | namespace wdk 5 | { 6 | 7 | #pragma region AccessMask 8 | enum DbgkAccessMask : ACCESS_MASK 9 | { 10 | DebugReadEvent = 0x0001, 11 | DebugProcessAssign = 0x0002, 12 | DebugSetInformation = 0x0004, 13 | DebugQueryInformation = 0x0008, 14 | 15 | DebugAllAccess = StandardRightsRequired | Synchronize | 16 | DebugReadEvent | DebugProcessAssign | DebugSetInformation | DebugQueryInformation 17 | }; 18 | #pragma endregion 19 | 20 | 21 | } 22 | 23 | #include "Dbg\build_7600.inl" 24 | #include "Dbg\build_7601.inl" 25 | #include "Dbg\build_9200.inl" 26 | #include "Dbg\build_9600.inl" 27 | #include "Dbg\build_10240.inl" 28 | #include "Dbg\build_10586.inl" 29 | #include "Dbg\build_14393.inl" 30 | #include "Dbg\build_15063.inl" 31 | #include "Dbg\build_16299.inl" 32 | #include "Dbg\build_17134.inl" 33 | #include "Dbg\build_17763.inl" -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ex/build_10240.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10240.17443\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_10240 11 | { 12 | 13 | SameDefine$(build_9600, EXHANDLE); 14 | SameDefine$(build_9600, HANDLE_TABLE_FREE_LIST); 15 | 16 | 17 | typedef struct _HANDLE_TABLE_ENTRY 18 | { 19 | union 20 | { 21 | volatile SSIZE_T VolatileLowValue; 22 | SSIZE_T LowValue; 23 | struct 24 | { 25 | struct _HANDLE_TABLE_ENTRY_INFO* volatile InfoTable; 26 | union 27 | { 28 | SSIZE_T HighValue; 29 | struct _HANDLE_TABLE_ENTRY* NextFreeHandleEntry; 30 | struct _EXHANDLE LeafHandleValue; 31 | }; 32 | }; 33 | #ifdef _WIN64 34 | INT64 RefCountField; 35 | #endif 36 | struct 37 | { 38 | struct /* bitfield */ 39 | { 40 | SIZE_T Unlocked : 1; /* bit position: 0 */ 41 | #ifdef _WIN64 42 | SIZE_T RefCnt : 16; /* bit position: 1 */ 43 | SIZE_T Attributes : 3; /* bit position: 17 */ 44 | SIZE_T ObjectPointerBits : 44; /* bit position: 20 */ 45 | #else 46 | SIZE_T Attributes : 2; /* bit position: 1 */ 47 | SIZE_T ObjectPointerBits : 29; /* bit position: 3 */ 48 | #endif 49 | }; /* bitfield */ 50 | #ifdef _WIN64 51 | struct /* bitfield */ 52 | { 53 | UINT32 GrantedAccessBits : 25; /* bit position: 0 */ 54 | UINT32 NoRightsUpgrade : 1; /* bit position: 25 */ 55 | UINT32 Spare1 : 6; /* bit position: 26 */ 56 | }; /* bitfield */ 57 | UINT32 Spare2; 58 | #else 59 | union 60 | { 61 | INT32 RefCountField; 62 | struct /* bitfield */ 63 | { 64 | UINT32 GrantedAccessBits : 25; /* bit position: 0 */ 65 | UINT32 ProtectFromClose : 1; /* bit position: 25 */ 66 | UINT32 NoRightsUpgrade : 1; /* bit position: 26 */ 67 | UINT32 RefCnt : 5; /* bit position: 27 */ 68 | }; /* bitfield */ 69 | }; /* size: 0x0004 */ 70 | #endif 71 | }; 72 | }; 73 | } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; /* size: 0x0010 */ /* size: 0x0008 */ 74 | static_assert(sizeof(HANDLE_TABLE_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008)); 75 | 76 | 77 | typedef struct _HANDLE_TABLE 78 | { 79 | UINT32 NextHandleNeedingPool; 80 | INT32 ExtraInfoPages; 81 | volatile SIZE_T TableCode; 82 | struct _EPROCESS* QuotaProcess; 83 | struct _LIST_ENTRY HandleTableList; 84 | UINT32 UniqueProcessId; 85 | union 86 | { 87 | UINT32 Flags; 88 | struct /* bitfield */ 89 | { 90 | UINT8 StrictFIFO : 1; /* bit position: 0 */ 91 | UINT8 EnableHandleExceptions : 1; /* bit position: 1 */ 92 | UINT8 Rundown : 1; /* bit position: 2 */ 93 | UINT8 Duplicated : 1; /* bit position: 3 */ 94 | UINT8 RaiseUMExceptionOnInvalidHandleClose : 1; /* bit position: 4 */ 95 | }; /* bitfield */ 96 | }; /* size: 0x0004 */ 97 | struct _EX_PUSH_LOCK HandleContentionEvent; 98 | struct _EX_PUSH_LOCK HandleTableLock; 99 | union 100 | { 101 | struct _HANDLE_TABLE_FREE_LIST FreeLists[1]; 102 | struct 103 | { 104 | enum : UINT32 105 | { 106 | ActualEntrySizeX86 = 20, 107 | ActualEntrySizeX64 = 32, 108 | ActualEntrySize = sizeof(SIZE_T) == sizeof(UINT64) ? ActualEntrySizeX64 : ActualEntrySizeX86 109 | }; 110 | 111 | UINT8 ActualEntry[ActualEntrySize]; 112 | struct _HANDLE_TRACE_DEBUG_INFO* DebugInfo; 113 | }; 114 | }; 115 | } HANDLE_TABLE, *PHANDLE_TABLE; /* size: 0x0080 */ /* size: 0x005c */ 116 | static_assert(sizeof(HANDLE_TABLE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0080 : 0x005c)); 117 | 118 | 119 | } 120 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ex/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10586.1176\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_10586 11 | { 12 | 13 | SameDefine$(build_10240, EXHANDLE); 14 | SameDefine$(build_10240, HANDLE_TABLE_FREE_LIST); 15 | SameDefine$(build_10240, HANDLE_TABLE_ENTRY); 16 | SameDefine$(build_10240, HANDLE_TABLE); 17 | 18 | } 19 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ex/build_14393.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.14393.2214\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_14393 11 | { 12 | 13 | SameDefine$(build_10586, EXHANDLE); 14 | SameDefine$(build_10586, HANDLE_TABLE_FREE_LIST); 15 | SameDefine$(build_10586, HANDLE_TABLE_ENTRY); 16 | SameDefine$(build_10586, HANDLE_TABLE); 17 | 18 | } 19 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ex/build_15063.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.15063.1418\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_15063 11 | { 12 | 13 | SameDefine$(build_14393, EXHANDLE); 14 | SameDefine$(build_14393, HANDLE_TABLE_FREE_LIST); 15 | SameDefine$(build_14393, HANDLE_TABLE_ENTRY); 16 | SameDefine$(build_14393, HANDLE_TABLE); 17 | 18 | } 19 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ex/build_16299.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.16299.755\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_16299 11 | { 12 | 13 | SameDefine$(build_15063, EXHANDLE); 14 | SameDefine$(build_15063, HANDLE_TABLE_FREE_LIST); 15 | SameDefine$(build_15063, HANDLE_TABLE_ENTRY); 16 | SameDefine$(build_15063, HANDLE_TABLE); 17 | 18 | } 19 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ex/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17134.376\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_17134 11 | { 12 | 13 | SameDefine$(build_16299, EXHANDLE); 14 | SameDefine$(build_16299, HANDLE_TABLE_FREE_LIST); 15 | SameDefine$(build_16299, HANDLE_TABLE_ENTRY); 16 | SameDefine$(build_16299, HANDLE_TABLE); 17 | 18 | } 19 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ex/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17763.55\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_17763 11 | { 12 | 13 | SameDefine$(build_17134, EXHANDLE); 14 | SameDefine$(build_17134, HANDLE_TABLE_FREE_LIST); 15 | SameDefine$(build_17134, HANDLE_TABLE_ENTRY); 16 | SameDefine$(build_17134, HANDLE_TABLE); 17 | 18 | } 19 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ex/build_7600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7600.17795\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_7600 11 | { 12 | 13 | typedef struct _HANDLE_TABLE_ENTRY_INFO 14 | { 15 | UINT32 AuditMask; 16 | } HANDLE_TABLE_ENTRY_INFO, *PHANDLE_TABLE_ENTRY_INFO; /* size: 0x0004 */ 17 | 18 | 19 | typedef struct _HANDLE_TABLE_ENTRY 20 | { 21 | union 22 | { 23 | VOID* Object; 24 | UINT32 ObAttributes; 25 | struct _HANDLE_TABLE_ENTRY_INFO* InfoTable; 26 | SIZE_T Value; 27 | }; /* size: 0x0008 */ /* size: 0x0004 */ 28 | union 29 | { 30 | UINT32 GrantedAccess; 31 | struct 32 | { 33 | UINT16 GrantedAccessIndex; 34 | UINT16 CreatorBackTraceIndex; 35 | }; /* size: 0x0004 */ 36 | UINT32 NextFreeTableEntry; 37 | }; /* size: 0x0004 */ 38 | } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; /* size: 0x0010 */ /* size: 0x0008 */ 39 | static_assert(sizeof(HANDLE_TABLE_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008)); 40 | 41 | 42 | typedef struct _HANDLE_TABLE 43 | { 44 | SIZE_T TableCode; 45 | struct _EPROCESS* QuotaProcess; 46 | VOID* UniqueProcessId; 47 | struct _EX_PUSH_LOCK HandleLock; 48 | struct _LIST_ENTRY HandleTableList; 49 | struct _EX_PUSH_LOCK HandleContentionEvent; 50 | struct _HANDLE_TRACE_DEBUG_INFO* DebugInfo; 51 | INT32 ExtraInfoPages; 52 | union 53 | { 54 | UINT32 Flags; 55 | UINT8 StrictFIFO : 1; /* bit position: 0 */ 56 | }; /* size: 0x0004 */ 57 | UINT32 FirstFreeHandle; 58 | struct _HANDLE_TABLE_ENTRY* LastFreeHandleEntry; 59 | UINT32 HandleCount; 60 | UINT32 NextHandleNeedingPool; 61 | UINT32 HandleCountHighWatermark; 62 | } HANDLE_TABLE, *PHANDLE_TABLE; /* size: 0x0068 */ /* size: 0x003c */ 63 | static_assert(sizeof(HANDLE_TABLE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0068 : 0x003c)); 64 | 65 | } 66 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ex/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7601.24260\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_7601 11 | { 12 | 13 | SameDefine$(build_7600, HANDLE_TABLE_ENTRY_INFO); 14 | SameDefine$(build_7600, HANDLE_TABLE_ENTRY); 15 | SameDefine$(build_7600, HANDLE_TABLE); 16 | 17 | } 18 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ex/build_9200.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.2.9200.17581\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_9200 11 | { 12 | 13 | SameDefine$(build_7601, HANDLE_TABLE_ENTRY_INFO); 14 | 15 | 16 | typedef struct _EXHANDLE 17 | { 18 | union 19 | { 20 | struct /* bitfield */ 21 | { 22 | UINT32 TagBits : 2; /* bit position: 0 */ 23 | UINT32 Index : 30; /* bit position: 2 */ 24 | }; /* bitfield */ 25 | VOID* GenericHandleOverlay; 26 | SIZE_T Value; 27 | }; 28 | } EXHANDLE, *PEXHANDLE; /* size: 0x0008 */ /* size: 0x0004 */ 29 | static_assert(sizeof(EXHANDLE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0008 : 0x0004)); 30 | 31 | 32 | typedef struct _HANDLE_TABLE_ENTRY 33 | { 34 | union 35 | { 36 | volatile SSIZE_T VolatileLowValue; 37 | SSIZE_T LowValue; 38 | struct _HANDLE_TABLE_ENTRY_INFO* volatile InfoTable; 39 | struct /* bitfield */ 40 | { 41 | SIZE_T Unlocked : 1; /* bit position: 0 */ 42 | #ifdef _WIN64 43 | SIZE_T RefCnt : 19; /* bit position: 1 */ 44 | SIZE_T Attributes : 3; /* bit position: 20 */ 45 | SIZE_T ObjectPointerBits : sizeof(SIZE_T) * 8 - 23; /* bit position: 23 */ 46 | #else 47 | SIZE_T Attributes : 2; /* bit position: 1 */ 48 | SIZE_T ObjectPointerBits : sizeof(SIZE_T) * 8 - 3; /* bit position: 3 */ 49 | #endif 50 | }; /* bitfield */ 51 | }; 52 | union 53 | { 54 | SSIZE_T HighValue; 55 | struct _HANDLE_TABLE_ENTRY* NextFreeHandleEntry; 56 | struct _EXHANDLE LeafHandleValue; 57 | struct 58 | { 59 | struct /* bitfield */ 60 | { 61 | UINT32 GrantedAccessBits : 25; /* bit position: 0 */ 62 | #ifdef _WIN64 63 | UINT32 Spare : 7; /* bit position: 25 */ 64 | #else 65 | UINT32 ProtectFromClose : 1; /* bit position: 25 */ 66 | UINT32 RefCnt : 6; /* bit position: 26 */ 67 | #endif 68 | }; /* bitfield */ 69 | #ifdef _WIN64 70 | UINT32 TypeInfo; 71 | #endif 72 | }; 73 | }; 74 | } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; /* size: 0x0010 */ /* size: 0x0008 */ 75 | static_assert(sizeof(HANDLE_TABLE_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008)); 76 | 77 | 78 | typedef struct _HANDLE_TABLE_FREE_LIST 79 | { 80 | struct _EX_PUSH_LOCK FreeListLock; 81 | struct _HANDLE_TABLE_ENTRY* FirstFreeHandleEntry; 82 | struct _HANDLE_TABLE_ENTRY* LastFreeHandleEntry; 83 | INT32 HandleCount; 84 | UINT32 HighWaterMark; 85 | UINT32 Reserved[8]; 86 | } HANDLE_TABLE_FREE_LIST, *PHANDLE_TABLE_FREE_LIST; /* size: 0x0040 */ /* size: 0x0034 */ 87 | static_assert(sizeof(HANDLE_TABLE_FREE_LIST) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0040 : 0x0034)); 88 | 89 | 90 | typedef struct _HANDLE_TABLE 91 | { 92 | UINT32 NextHandleNeedingPool; 93 | INT32 ExtraInfoPages; 94 | volatile SIZE_T TableCode; 95 | struct _EPROCESS* QuotaProcess; 96 | struct _LIST_ENTRY HandleTableList; 97 | UINT32 UniqueProcessId; 98 | union 99 | { 100 | UINT32 Flags; 101 | struct /* bitfield */ 102 | { 103 | UINT8 StrictFIFO : 1; /* bit position: 0 */ 104 | UINT8 EnableHandleExceptions : 1; /* bit position: 1 */ 105 | UINT8 Rundown : 1; /* bit position: 2 */ 106 | UINT8 Duplicated : 1; /* bit position: 3 */ 107 | }; /* bitfield */ 108 | }; /* size: 0x0004 */ 109 | struct _EX_PUSH_LOCK HandleContentionEvent; 110 | struct _EX_PUSH_LOCK HandleTableLock; 111 | union 112 | { 113 | struct _HANDLE_TABLE_FREE_LIST FreeLists[1]; 114 | struct 115 | { 116 | enum : UINT32 117 | { 118 | ActualEntrySizeX86 = 20, 119 | ActualEntrySizeX64 = 32, 120 | ActualEntrySize = sizeof(SIZE_T) == sizeof(UINT64) ? ActualEntrySizeX64 : ActualEntrySizeX86 121 | }; 122 | 123 | UINT8 ActualEntry[ActualEntrySize]; 124 | struct _HANDLE_TRACE_DEBUG_INFO* DebugInfo; 125 | }; 126 | }; 127 | } HANDLE_TABLE, *PHANDLE_TABLE; /* size: 0x0080 */ /* size: 0x005c */ 128 | static_assert(sizeof(HANDLE_TABLE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0080 : 0x005c)); 129 | 130 | } 131 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ex/build_9600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.3.9600.19038\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_9600 11 | { 12 | 13 | SameDefine$(build_9200, EXHANDLE); 14 | SameDefine$(build_9200, HANDLE_TABLE_FREE_LIST); 15 | SameDefine$(build_9200, HANDLE_TABLE); 16 | 17 | 18 | 19 | typedef struct _HANDLE_TABLE_ENTRY 20 | { 21 | union 22 | { 23 | volatile SSIZE_T VolatileLowValue; 24 | SSIZE_T LowValue; 25 | struct _HANDLE_TABLE_ENTRY_INFO* volatile InfoTable; 26 | struct /* bitfield */ 27 | { 28 | SIZE_T Unlocked : 1; /* bit position: 0 */ 29 | #ifdef _WIN64 30 | SIZE_T RefCnt : 16; /* bit position: 1 */ 31 | SIZE_T Attributes : 3; /* bit position: 20 */ 32 | SIZE_T ObjectPointerBits : sizeof(SIZE_T) * 8 - 20; /* bit position: 20 */ 33 | #else 34 | SIZE_T Attributes : 2; /* bit position: 1 */ 35 | SIZE_T ObjectPointerBits : sizeof(SIZE_T) * 8 - 3; /* bit position: 3 */ 36 | #endif 37 | }; /* bitfield */ 38 | }; 39 | union 40 | { 41 | SSIZE_T HighValue; 42 | struct _HANDLE_TABLE_ENTRY* NextFreeHandleEntry; 43 | EXHANDLE LeafHandleValue; 44 | struct 45 | { 46 | struct /* bitfield */ 47 | { 48 | UINT32 GrantedAccessBits : 25; /* bit position: 0 */ 49 | #ifdef _X86_ 50 | UINT32 ProtectFromClose : 1; /* bit position: 25 */ 51 | #endif 52 | UINT32 NoRightsUpgrade : 1; /* bit position: 25/26 */ 53 | #ifdef _WIN64 54 | UINT32 Spare : 6; /* bit position: 26 */ 55 | #else 56 | UINT32 RefCnt : 5; /* bit position: 27 */ 57 | #endif 58 | }; /* bitfield */ 59 | #ifdef _WIN64 60 | UINT32 TypeInfo; 61 | #endif 62 | }; 63 | }; 64 | } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; /* size: 0x0010 */ /* size: 0x0008 */ 65 | static_assert(sizeof(HANDLE_TABLE_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008)); 66 | 67 | } 68 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/ExKernel.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "ExStruct.inl" 3 | 4 | 5 | namespace wdk 6 | { 7 | extern"C" 8 | { 9 | 10 | extern POBJECT_TYPE* ExWindowStationObjectType; 11 | 12 | 13 | int NTAPI 14 | ExSystemExceptionFilter( 15 | VOID 16 | ); 17 | 18 | 19 | BOOLEAN NTAPI 20 | ExEnumHandleTable( 21 | _In_ struct _HANDLE_TABLE* HandleTable, 22 | _In_ ExEnumHandleRoutine EnumHandleProcedure, 23 | _In_ PVOID EnumParameter, 24 | _Out_opt_ PHANDLE Handle 25 | ); 26 | 27 | 28 | PEX_PUSH_LOCK_CACHE_AWARE NTAPI 29 | ExAllocateCacheAwarePushLock( 30 | VOID 31 | ); 32 | 33 | VOID NTAPI 34 | ExFreeCacheAwarePushLock( 35 | _Inout_ PEX_PUSH_LOCK_CACHE_AWARE PushLock 36 | ); 37 | 38 | VOID NTAPI 39 | ExAcquireCacheAwarePushLockExclusive( 40 | _Inout_ PEX_PUSH_LOCK_CACHE_AWARE CacheAwarePushLock 41 | ); 42 | 43 | VOID NTAPI 44 | ExReleaseCacheAwarePushLockExclusive( 45 | _Inout_ PEX_PUSH_LOCK_CACHE_AWARE CacheAwarePushLock 46 | ); 47 | 48 | VOID FASTCALL 49 | ExEnterCriticalRegionAndAcquireFastMutexUnsafe( 50 | _Inout_ PFAST_MUTEX FastMutex 51 | ); 52 | 53 | VOID NTAPI 54 | ExInitializePushLock( 55 | _Out_ PEX_PUSH_LOCK PushLock 56 | ); 57 | 58 | VOID FASTCALL 59 | ExfAcquirePushLockExclusive( 60 | _Inout_ PEX_PUSH_LOCK aPushLock 61 | ); 62 | 63 | VOID FASTCALL 64 | ExfReleasePushLockExclusive( 65 | _Inout_ PEX_PUSH_LOCK aPushLock); 66 | 67 | VOID FASTCALL 68 | ExfAcquirePushLockShared( 69 | _Inout_ PEX_PUSH_LOCK aPushLock 70 | ); 71 | 72 | VOID FASTCALL 73 | ExfReleasePushLockShared( 74 | _Inout_ PEX_PUSH_LOCK aPushLock); 75 | 76 | BOOLEAN FASTCALL 77 | ExfTryAcquirePushLockShared( 78 | _Inout_ PEX_PUSH_LOCK aPushLock); 79 | 80 | VOID FASTCALL 81 | ExfTryToWakePushLock( 82 | _Inout_ PEX_PUSH_LOCK aPushLock); 83 | 84 | VOID FASTCALL 85 | ExfReleasePushLock( 86 | _Inout_ PEX_PUSH_LOCK aPushLock 87 | ); 88 | 89 | // since win8.1 90 | VOID FASTCALL 91 | ExAcquirePushLockExclusiveEx( 92 | _Inout_ _Requires_lock_not_held_(*_Curr_) _Acquires_lock_(*_Curr_) 93 | PEX_PUSH_LOCK PushLock, 94 | _In_ ULONG Flags 95 | ); 96 | 97 | // since win8.1 98 | VOID FASTCALL 99 | ExAcquirePushLockSharedEx( 100 | _Inout_ _Requires_lock_not_held_(*_Curr_) _Acquires_lock_(*_Curr_) 101 | PEX_PUSH_LOCK PushLock, 102 | _In_ ULONG Flags 103 | ); 104 | 105 | // since win8.1 106 | VOID FASTCALL 107 | ExReleasePushLockExclusiveEx( 108 | _Inout_ _Requires_lock_held_(*_Curr_) _Releases_lock_(*_Curr_) 109 | PEX_PUSH_LOCK PushLock, 110 | _In_ ULONG Flags 111 | ); 112 | 113 | // since win8.1 114 | VOID FASTCALL 115 | ExReleasePushLockSharedEx( 116 | _Inout_ _Requires_lock_held_(*_Curr_) _Releases_lock_(*_Curr_) 117 | PEX_PUSH_LOCK PushLock, 118 | _In_ ULONG Flags 119 | ); 120 | } 121 | } 122 | 123 | namespace wdk 124 | { 125 | extern"C" 126 | { 127 | 128 | 129 | FORCEINLINE VOID ExReleasePushLock( 130 | PEX_PUSH_LOCK aPushLock) 131 | { 132 | EX_PUSH_LOCK_IMPL vOldValue{}, vNewValue{}; 133 | 134 | vOldValue.Value = *aPushLock; 135 | 136 | if (vOldValue.Shared > 1) 137 | { 138 | vNewValue.Value = vOldValue.Value - EX_PUSH_LOCK_IMPL::LockFlagsShareInc; 139 | } 140 | else 141 | { 142 | vNewValue.Value = 0; 143 | } 144 | 145 | if (vOldValue.Waiting || 146 | InterlockedCompareExchangePointer( 147 | &reinterpret_cast(aPushLock)->Ptr, 148 | vNewValue.Ptr, 149 | vOldValue.Ptr) != vOldValue.Ptr) 150 | { 151 | ExfReleasePushLock(aPushLock); 152 | } 153 | } 154 | 155 | #ifndef ExAcquirePushLockExclusive 156 | FORCEINLINE VOID ExAcquirePushLockExclusive( 157 | PEX_PUSH_LOCK aPushLock) 158 | { 159 | #ifdef _WIN64 160 | if (InterlockedBitTestAndSet64((LONG64 *)&reinterpret_cast(aPushLock)->Value, EX_PUSH_LOCK_IMPL::LockFlagsShift)) 161 | #else 162 | if (InterlockedBitTestAndSet((LONG *)&reinterpret_cast(aPushLock)->Value, EX_PUSH_LOCK_IMPL::LockFlagsShift)) 163 | #endif 164 | { 165 | ExfAcquirePushLockExclusive(aPushLock); 166 | } 167 | } 168 | #endif 169 | 170 | #ifndef ExAcquirePushLockShared 171 | FORCEINLINE VOID ExAcquirePushLockShared( 172 | PEX_PUSH_LOCK aPushLock) 173 | { 174 | if (InterlockedCompareExchangePointer( 175 | &(reinterpret_cast(aPushLock)->Ptr), 176 | (PVOID)(EX_PUSH_LOCK_IMPL::LockFlagsShareInc | EX_PUSH_LOCK_IMPL::LockFlagsLock), 177 | nullptr) != nullptr) 178 | { 179 | ExfAcquirePushLockShared(aPushLock); 180 | } 181 | } 182 | #endif 183 | 184 | FORCEINLINE BOOLEAN ExTryAcquirePushLockExclusive( 185 | PEX_PUSH_LOCK aPushLock) 186 | { 187 | #ifdef _WIN64 188 | if (InterlockedBitTestAndSet64((LONG64 *)&reinterpret_cast(aPushLock)->Value, EX_PUSH_LOCK_IMPL::LockFlagsShift)) 189 | #else 190 | if (InterlockedBitTestAndSet((LONG *)&reinterpret_cast(aPushLock)->Value, EX_PUSH_LOCK_IMPL::LockFlagsShift)) 191 | #endif 192 | { 193 | return TRUE; 194 | } 195 | else 196 | { 197 | return FALSE; 198 | } 199 | } 200 | 201 | FORCEINLINE BOOLEAN ExTryAcquirePushLockShared( 202 | PEX_PUSH_LOCK aPushLock 203 | ) 204 | { 205 | /* Fast path with the push lock not held at all. */ 206 | if (InterlockedCompareExchangePointer( 207 | &reinterpret_cast(aPushLock)->Ptr, 208 | (PVOID)(EX_PUSH_LOCK_IMPL::LockFlagsShareInc | EX_PUSH_LOCK_IMPL::LockFlagsLock), 209 | nullptr) != nullptr) 210 | { 211 | return ExfTryAcquirePushLockShared(aPushLock); 212 | } 213 | 214 | return TRUE; 215 | } 216 | 217 | #ifndef ExReleasePushLockExclusive 218 | VOID FORCEINLINE ExReleasePushLockExclusive( 219 | PEX_PUSH_LOCK aPushLock) 220 | { 221 | EX_PUSH_LOCK_IMPL OldValue; 222 | 223 | #if defined (_WIN64) 224 | OldValue.Value = InterlockedExchangeAdd64((PLONG64)&reinterpret_cast(aPushLock)->Value, -(LONG64)EX_PUSH_LOCK_IMPL::LockFlagsLock); 225 | #else 226 | OldValue.Value = InterlockedExchangeAdd((PLONG)&reinterpret_cast(aPushLock)->Value, -(LONG)EX_PUSH_LOCK_IMPL::LockFlagsLock); 227 | #endif 228 | 229 | if (!OldValue.Waiting || OldValue.Waking) 230 | { 231 | return; 232 | } 233 | 234 | ExfTryToWakePushLock(aPushLock); 235 | } 236 | #endif 237 | 238 | #ifndef ExReleasePushLockShared 239 | VOID FORCEINLINE ExReleasePushLockShared( 240 | PEX_PUSH_LOCK aPushLock) 241 | { 242 | EX_PUSH_LOCK_IMPL OldValue, NewValue; 243 | 244 | OldValue.Value = EX_PUSH_LOCK_IMPL::LockFlagsShareInc | EX_PUSH_LOCK_IMPL::LockFlagsLock; 245 | NewValue.Value = 0; 246 | 247 | if (InterlockedCompareExchangePointer(&reinterpret_cast(aPushLock)->Ptr, 248 | NewValue.Ptr, 249 | OldValue.Ptr) != OldValue.Ptr) 250 | { 251 | ExfReleasePushLockShared(aPushLock); 252 | } 253 | } 254 | #endif 255 | 256 | 257 | inline auto ExInitSystem() -> NTSTATUS 258 | { 259 | return STATUS_SUCCESS; 260 | } 261 | } 262 | } 263 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/ExStruct.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | namespace wdk 5 | { 6 | 7 | #pragma region Handle 8 | using ExEnumHandleRoutineWin7 = BOOLEAN(*)( 9 | _Inout_ struct _HANDLE_TABLE_ENTRY* HandleTableEntry, 10 | _In_ HANDLE Handle, 11 | _In_ PVOID EnumParameter 12 | ); 13 | 14 | // since Windows 8 15 | using ExEnumHandleRoutine = BOOLEAN(*)( 16 | _In_ struct _HANDLE_TABLE* HandleTable, 17 | _Inout_ struct _HANDLE_TABLE_ENTRY* HandleTableEntry, 18 | _In_ HANDLE Handle, 19 | _In_ PVOID EnumParameter 20 | ); 21 | #pragma endregion 22 | 23 | 24 | #pragma region Lock 25 | #ifndef EX_PUSH_LOCK 26 | #define EX_PUSH_LOCK ULONG_PTR 27 | #define PEX_PUSH_LOCK ULONG_PTR* 28 | #endif 29 | 30 | 31 | typedef struct _EX_PUSH_LOCK 32 | { 33 | enum : ULONG_PTR 34 | { 35 | LockFlagsShift = 0x0000, 36 | LockFlagsLock = 0x0001, 37 | LockFlagsWaiting = 0x0002, 38 | LockFlagsWaking = 0x0004, 39 | LockFlagsMultipleShared = 0x0008, 40 | LockFlagsShareInc = 0x0010, 41 | LockFlagsPtrBits = 0x000F, 42 | }; 43 | 44 | union 45 | { 46 | struct 47 | { 48 | ULONG_PTR Locked : 1; /* bit position: 0 */ 49 | ULONG_PTR Waiting : 1; /* bit position: 1 */ 50 | ULONG_PTR Waking : 1; /* bit position: 2 */ 51 | ULONG_PTR MultipleShared : 1; /* bit position: 3 */ 52 | ULONG_PTR Shared : (sizeof(ULONG_PTR) * 8) - 4; /* bit position: 4 */ 53 | }; /* bitfield */ 54 | 55 | ULONG_PTR Value; 56 | void* Ptr; 57 | }; 58 | } EX_PUSH_LOCK_IMPL, *PEX_PUSH_LOCK_IMPL; 59 | 60 | 61 | enum : UINT32 62 | { 63 | ExCacheLineSize = 128, 64 | ExPushLockFannedCOunt = (PAGE_SIZE / ExCacheLineSize), 65 | }; 66 | 67 | typedef struct EX_PUSH_LOCK_CACHE_AWARE 68 | { 69 | PEX_PUSH_LOCK Locks[ExPushLockFannedCOunt]; 70 | }*PEX_PUSH_LOCK_CACHE_AWARE; 71 | 72 | 73 | typedef struct _EX_FAST_REF 74 | { 75 | enum : UINT32 76 | { 77 | BitOfRefCount = (sizeof(ULONG_PTR) == sizeof(UINT32)) ? 3 : 4, 78 | }; 79 | 80 | union 81 | { 82 | VOID * Object; 83 | ULONG_PTR RefCnt : BitOfRefCount; 84 | ULONG_PTR Value; 85 | }; 86 | } EX_FAST_REF, *PEX_FAST_REF; 87 | #pragma endregion 88 | 89 | } 90 | 91 | #include "Ex\build_7600.inl" 92 | #include "Ex\build_7601.inl" 93 | #include "Ex\build_9200.inl" 94 | #include "Ex\build_9600.inl" 95 | #include "Ex\build_10240.inl" 96 | #include "Ex\build_10586.inl" 97 | #include "Ex\build_14393.inl" 98 | #include "Ex\build_15063.inl" 99 | #include "Ex\build_16299.inl" 100 | #include "Ex\build_17134.inl" 101 | #include "Ex\build_17763.inl" 102 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Fs/build_10240.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Fs/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Fs/build_14393.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Fs/build_15063.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Fs/build_16299.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Fs/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Fs/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Fs/build_7600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Fs/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Fs/build_9200.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Fs/build_9600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/FsKernel.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "FsStruct.inl" 3 | 4 | 5 | namespace wdk 6 | { 7 | extern"C" 8 | { 9 | 10 | #ifndef _NTIFS_ 11 | #define FSRTL_FSP_TOP_LEVEL_IRP ((LONG_PTR)0x01) 12 | #define FSRTL_CACHE_TOP_LEVEL_IRP ((LONG_PTR)0x02) 13 | #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP ((LONG_PTR)0x03) 14 | #define FSRTL_FAST_IO_TOP_LEVEL_IRP ((LONG_PTR)0x04) 15 | #define FSRTL_NETWORK1_TOP_LEVEL_IRP ((LONG_PTR)0x05) 16 | #define FSRTL_NETWORK2_TOP_LEVEL_IRP ((LONG_PTR)0x06) 17 | #define FSRTL_ASYNC_CACHED_READ_TOP_LEVEL_IRP ((LONG_PTR)0x07) 18 | #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG ((LONG_PTR)0xFFFF) 19 | #endif 20 | 21 | inline void NTAPI 22 | FsRtlSetTopLevelIrpForModWriter() 23 | { 24 | auto TempIrp = (PIRP)FSRTL_MOD_WRITE_TOP_LEVEL_IRP; 25 | IoSetTopLevelIrp(TempIrp); 26 | } 27 | 28 | BOOLEAN NTAPI 29 | FsRtlCopyRead( 30 | _In_ PFILE_OBJECT FileObject, 31 | _In_ PLARGE_INTEGER FileOffset, 32 | _In_ ULONG Length, 33 | _In_ BOOLEAN Wait, 34 | _In_ ULONG LockKey, 35 | __out_bcount(Length) PVOID Buffer, 36 | _Out_ PIO_STATUS_BLOCK IoStatus, 37 | _In_ PDEVICE_OBJECT DeviceObject 38 | ); 39 | 40 | BOOLEAN NTAPI 41 | FsRtlCopyWrite( 42 | _In_ PFILE_OBJECT FileObject, 43 | _In_ PLARGE_INTEGER FileOffset, 44 | _In_ ULONG Length, 45 | _In_ BOOLEAN Wait, 46 | _In_ ULONG LockKey, 47 | __in_bcount(Length) PVOID Buffer, 48 | _Out_ PIO_STATUS_BLOCK IoStatus, 49 | _In_ PDEVICE_OBJECT DeviceObject 50 | ); 51 | 52 | BOOLEAN NTAPI 53 | FsRtlMdlRead( 54 | _In_ PFILE_OBJECT FileObject, 55 | _In_ PLARGE_INTEGER FileOffset, 56 | _In_ ULONG Length, 57 | _In_ ULONG LockKey, 58 | _Out_ PMDL *MdlChain, 59 | _Out_ PIO_STATUS_BLOCK IoStatus 60 | ); 61 | 62 | BOOLEAN NTAPI 63 | FsRtlMdlReadComplete( 64 | _In_ PFILE_OBJECT FileObject, 65 | _In_ PMDL MdlChain 66 | ); 67 | 68 | BOOLEAN NTAPI 69 | FsRtlPrepareMdlWrite( 70 | _In_ PFILE_OBJECT FileObject, 71 | _In_ PLARGE_INTEGER FileOffset, 72 | _In_ ULONG Length, 73 | _In_ ULONG LockKey, 74 | _Out_ PMDL *MdlChain, 75 | _Out_ PIO_STATUS_BLOCK IoStatus 76 | ); 77 | 78 | BOOLEAN NTAPI 79 | FsRtlMdlWriteComplete( 80 | _In_ PFILE_OBJECT FileObject, 81 | _In_ PLARGE_INTEGER FileOffset, 82 | _In_ PMDL MdlChain 83 | ); 84 | 85 | BOOLEAN NTAPI 86 | FsRtlMdlReadDev( 87 | _In_ PFILE_OBJECT FileObject, 88 | _In_ PLARGE_INTEGER FileOffset, 89 | _In_ ULONG Length, 90 | _In_ ULONG LockKey, 91 | _Out_ PMDL *MdlChain, 92 | _Out_ PIO_STATUS_BLOCK IoStatus, 93 | _In_ PDEVICE_OBJECT DeviceObject 94 | ); 95 | 96 | BOOLEAN NTAPI 97 | FsRtlMdlReadCompleteDev( 98 | _In_ PFILE_OBJECT FileObject, 99 | _In_ PMDL MdlChain, 100 | _In_ PDEVICE_OBJECT DeviceObject 101 | ); 102 | 103 | BOOLEAN NTAPI 104 | FsRtlPrepareMdlWriteDev( 105 | _In_ PFILE_OBJECT FileObject, 106 | _In_ PLARGE_INTEGER FileOffset, 107 | _In_ ULONG Length, 108 | _In_ ULONG LockKey, 109 | _Out_ PMDL *MdlChain, 110 | _Out_ PIO_STATUS_BLOCK IoStatus, 111 | _In_ PDEVICE_OBJECT DeviceObject 112 | ); 113 | 114 | BOOLEAN NTAPI 115 | FsRtlMdlWriteCompleteDev( 116 | _In_ PFILE_OBJECT FileObject, 117 | _In_ PLARGE_INTEGER FileOffset, 118 | _In_ PMDL MdlChain, 119 | _In_ PDEVICE_OBJECT DeviceObject 120 | ); 121 | 122 | VOID NTAPI 123 | FsRtlAcquireFileExclusive( 124 | _In_ PFILE_OBJECT FileObject 125 | ); 126 | 127 | VOID NTAPI 128 | FsRtlReleaseFile( 129 | _In_ PFILE_OBJECT FileObject 130 | ); 131 | 132 | NTSTATUS NTAPI 133 | FsRtlGetFileSize( 134 | _In_ PFILE_OBJECT FileObject, 135 | _Inout_ PLARGE_INTEGER FileSize 136 | ); 137 | 138 | BOOLEAN NTAPI 139 | FsRtlIsNameInExpression( 140 | _In_ PUNICODE_STRING Expression, 141 | _In_ PUNICODE_STRING Name, 142 | _In_ BOOLEAN IgnoreCase, 143 | _In_opt_ PWCH UpcaseTable 144 | ); 145 | } 146 | } 147 | 148 | namespace wdk 149 | { 150 | extern"C" 151 | { 152 | inline auto FsInitSystem() -> NTSTATUS 153 | { 154 | return STATUS_SUCCESS; 155 | } 156 | } 157 | } 158 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/FsStruct.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | namespace wdk 5 | { 6 | 7 | #pragma region Process 8 | // private 9 | typedef struct _PROCESS_DISK_COUNTERS 10 | { 11 | ULONGLONG BytesRead; 12 | ULONGLONG BytesWritten; 13 | ULONGLONG ReadOperationCount; 14 | ULONGLONG WriteOperationCount; 15 | ULONGLONG FlushOperationCount; 16 | } PROCESS_DISK_COUNTERS, *PPROCESS_DISK_COUNTERS; 17 | 18 | // private 19 | typedef union _ENERGY_STATE_DURATION 20 | { 21 | union 22 | { 23 | ULONGLONG Value; 24 | ULONG LastChangeTime; 25 | }; 26 | 27 | ULONG Duration : 31; 28 | ULONG IsInState : 1; 29 | } ENERGY_STATE_DURATION, *PENERGY_STATE_DURATION; 30 | 31 | // private 32 | typedef struct _PROCESS_ENERGY_VALUES 33 | { 34 | ULONGLONG Cycles[2][4]; 35 | ULONGLONG DiskEnergy; 36 | ULONGLONG NetworkTailEnergy; 37 | ULONGLONG MBBTailEnergy; 38 | ULONGLONG NetworkTxRxBytes; 39 | ULONGLONG MBBTxRxBytes; 40 | union 41 | { 42 | ENERGY_STATE_DURATION Durations[3]; 43 | struct 44 | { 45 | ENERGY_STATE_DURATION ForegroundDuration; 46 | ENERGY_STATE_DURATION DesktopVisibleDuration; 47 | ENERGY_STATE_DURATION PSMForegroundDuration; 48 | }; 49 | }; 50 | ULONG CompositionRendered; 51 | ULONG CompositionDirtyGenerated; 52 | ULONG CompositionDirtyPropagated; 53 | ULONG Reserved1; 54 | ULONGLONG AttributedCycles[4][2]; 55 | ULONGLONG WorkOnBehalfCycles[4][2]; 56 | } PROCESS_ENERGY_VALUES, *PPROCESS_ENERGY_VALUES; 57 | #pragma endregion 58 | 59 | 60 | #pragma region File 61 | // private 62 | typedef struct _FILE_PATH 63 | { 64 | ULONG Version; 65 | ULONG Length; 66 | ULONG Type; 67 | UCHAR FilePath[1]; 68 | } FILE_PATH, *PFILE_PATH; 69 | 70 | 71 | // private 72 | typedef struct _FILE_IO_COMPLETION_INFORMATION 73 | { 74 | PVOID KeyContext; 75 | PVOID ApcContext; 76 | IO_STATUS_BLOCK IoStatusBlock; 77 | } FILE_IO_COMPLETION_INFORMATION, *PFILE_IO_COMPLETION_INFORMATION; 78 | #pragma endregion 79 | 80 | 81 | } 82 | 83 | #include "Fs\build_7600.inl" 84 | #include "Fs\build_7601.inl" 85 | #include "Fs\build_9200.inl" 86 | #include "Fs\build_9600.inl" 87 | #include "Fs\build_10240.inl" 88 | #include "Fs\build_10586.inl" 89 | #include "Fs\build_14393.inl" 90 | #include "Fs\build_15063.inl" 91 | #include "Fs\build_16299.inl" 92 | #include "Fs\build_17134.inl" 93 | #include "Fs\build_17763.inl" -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Io/build_10240.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Io/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Io/build_14393.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Io/build_15063.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Io/build_16299.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Io/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Io/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Io/build_7600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Io/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Io/build_9200.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Io/build_9600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/IoKernel.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "IoStruct.inl" 3 | 4 | 5 | namespace wdk 6 | { 7 | extern"C" 8 | { 9 | extern POBJECT_TYPE *IoAdapterObjectType; 10 | extern POBJECT_TYPE *IoDriverObjectType; 11 | 12 | NTSTATUS NTAPI 13 | IoQueryFileDosDeviceName( 14 | _In_ PFILE_OBJECT FileObject, 15 | _Out_ POBJECT_NAME_INFORMATION *ObjectNameInformation 16 | ); 17 | 18 | NTSTATUS NTAPI 19 | IoCreateDriver( 20 | _In_opt_ PUNICODE_STRING DriverName, 21 | _In_ PDRIVER_INITIALIZE InitializationFunction 22 | ); 23 | 24 | VOID NTAPI 25 | IoDeleteDriver( 26 | _In_ PDRIVER_OBJECT DriverObject 27 | ); 28 | 29 | PDEVICE_OBJECT NTAPI 30 | IoGetBaseFileSystemDeviceObject( 31 | _In_ PFILE_OBJECT FileObject 32 | ); 33 | 34 | PDEVICE_OBJECT NTAPI 35 | IoGetDeviceAttachmentBaseRef( 36 | _In_ PDEVICE_OBJECT DeviceObject 37 | ); 38 | } 39 | } 40 | 41 | namespace wdk 42 | { 43 | extern"C" 44 | { 45 | inline auto IoInitSystem() -> NTSTATUS 46 | { 47 | return STATUS_SUCCESS; 48 | } 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/IoStruct.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | namespace wdk 5 | { 6 | 7 | } 8 | 9 | #include "Io\build_7600.inl" 10 | #include "Io\build_7601.inl" 11 | #include "Io\build_9200.inl" 12 | #include "Io\build_9600.inl" 13 | #include "Io\build_10240.inl" 14 | #include "Io\build_10586.inl" 15 | #include "Io\build_14393.inl" 16 | #include "Io\build_15063.inl" 17 | #include "Io\build_16299.inl" 18 | #include "Io\build_17134.inl" 19 | #include "Io\build_17763.inl" -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ke/build_10240.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10240.17443\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_10240 11 | { 12 | 13 | SameDefine$(build_9600, KWAIT_STATUS_REGISTER); 14 | 15 | 16 | typedef struct _KLOCK_ENTRY_LOCK_STATE 17 | { 18 | union 19 | { 20 | struct /* bitfield */ 21 | { 22 | SIZE_T CrossThreadReleasable : 1; /* bit position: 0 */ 23 | SIZE_T Busy : 1; /* bit position: 1 */ 24 | SIZE_T Reserved : sizeof(SIZE_T) * 8 - 3; /* bit position: 2 */ 25 | SIZE_T InTree : 1; /* bit position: 31 */ 26 | }; /* bitfield */ 27 | VOID* LockState; 28 | }; 29 | union 30 | { 31 | VOID* SessionState; 32 | struct 33 | { 34 | UINT32 SessionId; 35 | #ifdef _WIN64 36 | UINT32 SessionPad; 37 | #endif 38 | }; 39 | }; 40 | } KLOCK_ENTRY_LOCK_STATE, *PKLOCK_ENTRY_LOCK_STATE; /* size: 0x0010 */ /* size: 0x0008 */ 41 | static_assert(sizeof(KLOCK_ENTRY_LOCK_STATE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008)); 42 | 43 | 44 | typedef struct _KLOCK_ENTRY 45 | { 46 | union 47 | { 48 | struct _RTL_BALANCED_NODE TreeNode; 49 | struct _SINGLE_LIST_ENTRY FreeListEntry; 50 | }; 51 | union 52 | { 53 | UINT32 EntryFlags; 54 | struct 55 | { 56 | UINT8 EntryOffset; 57 | union 58 | { 59 | UINT8 ThreadLocalFlags; 60 | struct 61 | { 62 | struct /* bitfield */ 63 | { 64 | UINT8 WaitingBit : 1; /* bit position: 0 */ 65 | UINT8 Spare0 : 7; /* bit position: 1 */ 66 | }; /* bitfield */ 67 | union 68 | { 69 | UINT8 AcquiredByte; 70 | struct 71 | { 72 | UINT8 AcquiredBit : 1; /* bit position: 0 */ 73 | union 74 | { 75 | UINT8 CrossThreadFlags; 76 | struct /* bitfield */ 77 | { 78 | UINT8 HeadNodeBit : 1; /* bit position: 0 */ 79 | UINT8 IoPriorityBit : 1; /* bit position: 1 */ 80 | UINT8 Spare1 : 6; /* bit position: 2 */ 81 | }; /* bitfield */ 82 | }; /* size: 0x0001 */ 83 | }; /* size: 0x0002 */ 84 | }; /* size: 0x0002 */ 85 | }; /* size: 0x0003 */ 86 | }; /* size: 0x0003 */ 87 | }; /* size: 0x0004 */ 88 | struct /* bitfield */ 89 | { 90 | UINT32 StaticState : 8; /* bit position: 0 */ 91 | UINT32 AllFlags : 24; /* bit position: 8 */ 92 | }; /* bitfield */ 93 | }; /* size: 0x0004 */ 94 | #ifdef _WIN64 95 | UINT32 SpareFlags; 96 | #endif 97 | union 98 | { 99 | struct _KLOCK_ENTRY_LOCK_STATE LockState; 100 | VOID* volatile LockUnsafe; 101 | struct 102 | { 103 | volatile UINT8 CrossThreadReleasableAndBusyByte; 104 | UINT8 Reserved[sizeof(SIZE_T) - 2]; 105 | volatile UINT8 InTreeByte; 106 | union 107 | { 108 | VOID* SessionState; 109 | struct 110 | { 111 | UINT32 SessionId; 112 | #ifdef _WIN64 113 | UINT32 SessionPad; 114 | #endif 115 | }; 116 | }; 117 | }; 118 | }; 119 | union 120 | { 121 | struct 122 | { 123 | struct _RTL_RB_TREE OwnerTree; 124 | struct _RTL_RB_TREE WaiterTree; 125 | }; 126 | CHAR CpuPriorityKey; 127 | }; 128 | SIZE_T EntryLock; 129 | union 130 | { 131 | UINT16 AllBoosts; 132 | struct /* bitfield */ 133 | { 134 | UINT16 IoBoost : 1; /* bit position: 0 */ 135 | UINT16 CpuBoostsBitmap : 15; /* bit position: 1 */ 136 | }; /* bitfield */ 137 | }; /* size: 0x0002 */ 138 | UINT16 IoNormalPriorityWaiterCount; 139 | #ifdef _WIN64 140 | UINT16 SparePad; 141 | #endif 142 | } KLOCK_ENTRY, *PKLOCK_ENTRY; /* size: 0x0060 */ /* size: 0x0030 */ 143 | static_assert(sizeof(KLOCK_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0060 : 0x0030)); 144 | 145 | 146 | } 147 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ke/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10586.1176\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_10586 11 | { 12 | 13 | SameDefine$(build_10240, KWAIT_STATUS_REGISTER); 14 | SameDefine$(build_10240, KLOCK_ENTRY_LOCK_STATE); 15 | SameDefine$(build_10240, KLOCK_ENTRY); 16 | 17 | } 18 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ke/build_14393.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.14393.2214\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_14393 11 | { 12 | 13 | SameDefine$(build_10240, KWAIT_STATUS_REGISTER); 14 | SameDefine$(build_10240, KLOCK_ENTRY_LOCK_STATE); 15 | 16 | 17 | typedef struct _KLOCK_ENTRY 18 | { 19 | union 20 | { 21 | struct _RTL_BALANCED_NODE TreeNode; 22 | struct _SINGLE_LIST_ENTRY FreeListEntry; 23 | }; 24 | union 25 | { 26 | UINT32 EntryFlags; 27 | struct 28 | { 29 | UINT8 EntryOffset; 30 | union 31 | { 32 | UINT8 ThreadLocalFlags; 33 | struct 34 | { 35 | struct /* bitfield */ 36 | { 37 | UINT8 WaitingBit : 1; /* bit position: 0 */ 38 | UINT8 Spare0 : 7; /* bit position: 1 */ 39 | }; /* bitfield */ 40 | union 41 | { 42 | UINT8 AcquiredByte; 43 | struct 44 | { 45 | UINT8 AcquiredBit : 1; /* bit position: 0 */ 46 | union 47 | { 48 | UINT8 CrossThreadFlags; 49 | struct /* bitfield */ 50 | { 51 | UINT8 HeadNodeBit : 1; /* bit position: 0 */ 52 | UINT8 IoPriorityBit : 1; /* bit position: 1 */ 53 | UINT8 IoQoSWaiter : 1; /* bit position: 2 */ 54 | UINT8 Spare1 : 5; /* bit position: 3 */ 55 | }; /* bitfield */ 56 | }; /* size: 0x0001 */ 57 | }; /* size: 0x0002 */ 58 | }; /* size: 0x0002 */ 59 | }; /* size: 0x0003 */ 60 | }; /* size: 0x0003 */ 61 | }; /* size: 0x0004 */ 62 | struct /* bitfield */ 63 | { 64 | UINT32 StaticState : 8; /* bit position: 0 */ 65 | UINT32 AllFlags : 24; /* bit position: 8 */ 66 | }; /* bitfield */ 67 | }; /* size: 0x0004 */ 68 | #ifdef _WIN64 69 | UINT32 SpareFlags; 70 | #endif 71 | union 72 | { 73 | struct _KLOCK_ENTRY_LOCK_STATE LockState; 74 | VOID* volatile LockUnsafe; 75 | struct 76 | { 77 | volatile UINT8 CrossThreadReleasableAndBusyByte; 78 | UINT8 Reserved[sizeof(SIZE_T) - 2]; 79 | volatile UINT8 InTreeByte; 80 | union 81 | { 82 | VOID* SessionState; 83 | struct 84 | { 85 | UINT32 SessionId; 86 | #ifdef _WIN64 87 | UINT32 SessionPad; 88 | #endif 89 | }; 90 | }; 91 | }; 92 | }; 93 | union 94 | { 95 | struct 96 | { 97 | struct _RTL_RB_TREE OwnerTree; 98 | struct _RTL_RB_TREE WaiterTree; 99 | }; 100 | CHAR CpuPriorityKey; 101 | }; 102 | EX_PUSH_LOCK EntryLock; 103 | union 104 | { 105 | UINT32 AllBoosts : 17; /* bit position: 0 */ 106 | struct 107 | { 108 | struct /* bitfield */ 109 | { 110 | UINT16 CpuBoostsBitmap : 15; /* bit position: 0 */ 111 | UINT16 IoBoost : 1; /* bit position: 15 */ 112 | }; /* bitfield */ 113 | struct /* bitfield */ 114 | { 115 | UINT16 IoQoSBoost : 1; /* bit position: 0 */ 116 | UINT16 IoNormalPriorityWaiterCount : 8; /* bit position: 1 */ 117 | UINT16 IoQoSWaiterCount : 7; /* bit position: 9 */ 118 | }; /* bitfield */ 119 | }; /* size: 0x0004 */ 120 | }; /* size: 0x0004 */ 121 | #ifdef _WIN64 122 | UINT32 SparePad; 123 | #endif 124 | } KLOCK_ENTRY, *PKLOCK_ENTRY; /* size: 0x0060 */ /* size: 0x0030 */ 125 | static_assert(sizeof(KLOCK_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0060 : 0x0030)); 126 | 127 | } 128 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ke/build_15063.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.15063.1418\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_15063 11 | { 12 | 13 | SameDefine$(build_14393, KWAIT_STATUS_REGISTER); 14 | SameDefine$(build_14393, KLOCK_ENTRY_LOCK_STATE); 15 | 16 | 17 | typedef union _KLOCK_ENTRY_BOOST_BITMAP 18 | { 19 | union 20 | { 21 | UINT32 AllFields; 22 | struct /* bitfield */ 23 | { 24 | UINT32 AllBoosts : 17; /* bit position: 0 */ 25 | UINT32 Reserved : 15; /* bit position: 17 */ 26 | }; /* bitfield */ 27 | struct 28 | { 29 | struct /* bitfield */ 30 | { 31 | UINT16 CpuBoostsBitmap : 15; /* bit position: 0 */ 32 | UINT16 IoBoost : 1; /* bit position: 15 */ 33 | }; /* bitfield */ 34 | struct /* bitfield */ 35 | { 36 | UINT16 IoQoSBoost : 1; /* bit position: 0 */ 37 | UINT16 IoNormalPriorityWaiterCount : 8; /* bit position: 1 */ 38 | UINT16 IoQoSWaiterCount : 7; /* bit position: 9 */ 39 | }; /* bitfield */ 40 | }; /* size: 0x0004 */ 41 | }; /* size: 0x0004 */ 42 | } KLOCK_ENTRY_BOOST_BITMAP, *PKLOCK_ENTRY_BOOST_BITMAP; /* size: 0x0004 */ 43 | 44 | 45 | typedef struct _KLOCK_ENTRY 46 | { 47 | union 48 | { 49 | struct _RTL_BALANCED_NODE TreeNode; 50 | struct _SINGLE_LIST_ENTRY FreeListEntry; 51 | }; 52 | union 53 | { 54 | UINT32 EntryFlags; 55 | struct 56 | { 57 | UINT8 EntryOffset; 58 | union 59 | { 60 | UINT8 ThreadLocalFlags; 61 | struct 62 | { 63 | struct /* bitfield */ 64 | { 65 | UINT8 WaitingBit : 1; /* bit position: 0 */ 66 | UINT8 Spare0 : 7; /* bit position: 1 */ 67 | }; /* bitfield */ 68 | union 69 | { 70 | UINT8 AcquiredByte; 71 | struct 72 | { 73 | UINT8 AcquiredBit : 1; /* bit position: 0 */ 74 | union 75 | { 76 | UINT8 CrossThreadFlags; 77 | struct /* bitfield */ 78 | { 79 | UINT8 HeadNodeBit : 1; /* bit position: 0 */ 80 | UINT8 IoPriorityBit : 1; /* bit position: 1 */ 81 | UINT8 IoQoSWaiter : 1; /* bit position: 2 */ 82 | UINT8 Spare1 : 5; /* bit position: 3 */ 83 | }; /* bitfield */ 84 | }; /* size: 0x0001 */ 85 | }; /* size: 0x0002 */ 86 | }; /* size: 0x0002 */ 87 | }; /* size: 0x0003 */ 88 | }; /* size: 0x0003 */ 89 | }; /* size: 0x0004 */ 90 | struct /* bitfield */ 91 | { 92 | UINT32 StaticState : 8; /* bit position: 0 */ 93 | UINT32 AllFlags : 24; /* bit position: 8 */ 94 | }; /* bitfield */ 95 | }; /* size: 0x0004 */ 96 | #ifdef _WIN64 97 | UINT32 SpareFlags; 98 | #endif 99 | union 100 | { 101 | struct _KLOCK_ENTRY_LOCK_STATE LockState; 102 | VOID* volatile LockUnsafe; 103 | struct 104 | { 105 | volatile UINT8 CrossThreadReleasableAndBusyByte; 106 | UINT8 Reserved[sizeof(SIZE_T) - 2]; 107 | volatile UINT8 InTreeByte; 108 | union 109 | { 110 | VOID* SessionState; 111 | struct 112 | { 113 | UINT32 SessionId; 114 | #ifdef _WIN64 115 | UINT32 SessionPad; 116 | #endif 117 | }; 118 | }; 119 | }; 120 | }; 121 | union 122 | { 123 | struct 124 | { 125 | struct _RTL_RB_TREE OwnerTree; 126 | struct _RTL_RB_TREE WaiterTree; 127 | }; 128 | CHAR CpuPriorityKey; 129 | }; 130 | EX_PUSH_LOCK EntryLock; 131 | union _KLOCK_ENTRY_BOOST_BITMAP BoostBitmap; 132 | #ifdef _WIN64 133 | UINT32 SparePad; 134 | #endif 135 | } KLOCK_ENTRY, *PKLOCK_ENTRY; /* size: 0x0060 */ /* size: 0x0030 */ 136 | static_assert(sizeof(KLOCK_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0060 : 0x0030)); 137 | 138 | } 139 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ke/build_16299.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.16299.755\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_16299 11 | { 12 | 13 | SameDefine$(build_15063, KWAIT_STATUS_REGISTER); 14 | SameDefine$(build_15063, KLOCK_ENTRY_LOCK_STATE); 15 | SameDefine$(build_15063, KLOCK_ENTRY_BOOST_BITMAP); 16 | SameDefine$(build_15063, KLOCK_ENTRY); 17 | 18 | } 19 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ke/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17134.376\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_17134 11 | { 12 | 13 | SameDefine$(build_16299, KWAIT_STATUS_REGISTER); 14 | SameDefine$(build_16299, KLOCK_ENTRY_LOCK_STATE); 15 | SameDefine$(build_16299, KLOCK_ENTRY_BOOST_BITMAP); 16 | SameDefine$(build_16299, KLOCK_ENTRY); 17 | 18 | } 19 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ke/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17763.55\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_17763 11 | { 12 | 13 | SameDefine$(build_17134, KWAIT_STATUS_REGISTER); 14 | SameDefine$(build_17134, KLOCK_ENTRY_LOCK_STATE); 15 | SameDefine$(build_17134, KLOCK_ENTRY_BOOST_BITMAP); 16 | SameDefine$(build_17134, KLOCK_ENTRY); 17 | 18 | } 19 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ke/build_7600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7600.17795\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_7600 11 | { 12 | 13 | typedef union _KWAIT_STATUS_REGISTER 14 | { 15 | union 16 | { 17 | UINT8 Flags; 18 | struct /* bitfield */ 19 | { 20 | UINT8 State : 2; /* bit position: 0 */ 21 | UINT8 Affinity : 1; /* bit position: 2 */ 22 | UINT8 Priority : 1; /* bit position: 3 */ 23 | UINT8 Apc : 1; /* bit position: 4 */ 24 | UINT8 UserApc : 1; /* bit position: 5 */ 25 | UINT8 Alert : 1; /* bit position: 6 */ 26 | UINT8 Unused : 1; /* bit position: 7 */ 27 | }; /* bitfield */ 28 | }; /* size: 0x0001 */ 29 | } KWAIT_STATUS_REGISTER, *PKWAIT_STATUS_REGISTER; /* size: 0x0001 */ 30 | static_assert(sizeof(KWAIT_STATUS_REGISTER) == 0x0001); 31 | 32 | 33 | } 34 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ke/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7601.24260\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_7601 11 | { 12 | 13 | SameDefine$(build_7600, KWAIT_STATUS_REGISTER); 14 | 15 | } 16 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ke/build_9200.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.2.9200.17581\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_9200 11 | { 12 | 13 | SameDefine$(build_7601, KWAIT_STATUS_REGISTER); 14 | 15 | } 16 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ke/build_9600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.3.9600.19038\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_9600 11 | { 12 | 13 | typedef union _KWAIT_STATUS_REGISTER 14 | { 15 | union 16 | { 17 | UINT8 Flags; 18 | struct /* bitfield */ 19 | { 20 | UINT8 State : 3; /* bit position: 0 */ 21 | UINT8 Affinity : 1; /* bit position: 3 */ 22 | UINT8 Priority : 1; /* bit position: 4 */ 23 | UINT8 Apc : 1; /* bit position: 5 */ 24 | UINT8 UserApc : 1; /* bit position: 6 */ 25 | UINT8 Alert : 1; /* bit position: 7 */ 26 | }; /* bitfield */ 27 | }; /* size: 0x0001 */ 28 | } KWAIT_STATUS_REGISTER, *PKWAIT_STATUS_REGISTER; /* size: 0x0001 */ 29 | 30 | 31 | typedef struct _KLOCK_ENTRY_LOCK_STATE 32 | { 33 | union 34 | { 35 | struct /* bitfield */ 36 | { 37 | SIZE_T Waiting : 1; /* bit position: 0 */ 38 | SIZE_T Busy : 1; /* bit position: 1 */ 39 | SIZE_T Spare : sizeof(SIZE_T) * 8 - 3; /* bit position: 2 */ 40 | SIZE_T InTree : 1; /* bit position: 63 */ /* bit position: 31 */ 41 | }; /* bitfield */ 42 | VOID* LockState; 43 | }; 44 | union 45 | { 46 | VOID* SessionState; 47 | struct 48 | { 49 | UINT32 SessionId; 50 | #ifdef _WIN64 51 | UINT32 SessionPad; 52 | #endif 53 | }; 54 | }; 55 | } KLOCK_ENTRY_LOCK_STATE, *PKLOCK_ENTRY_LOCK_STATE; /* size: 0x0010 */ /* size: 0x0008 */ 56 | static_assert(sizeof(KLOCK_ENTRY_LOCK_STATE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008)); 57 | 58 | 59 | typedef struct _KLOCK_ENTRY 60 | { 61 | union 62 | { 63 | struct _RTL_BALANCED_NODE TreeNode; 64 | struct _SINGLE_LIST_ENTRY FreeListEntry; 65 | }; 66 | union 67 | { 68 | VOID* ThreadUnsafe; 69 | struct 70 | { 71 | volatile UINT8 HeadNodeByte; 72 | UINT8 Reserved1[sizeof(SIZE_T) - 2]; 73 | volatile UINT8 AcquiredByte; 74 | }; 75 | }; 76 | union 77 | { 78 | struct _KLOCK_ENTRY_LOCK_STATE LockState; 79 | VOID* volatile LockUnsafe; 80 | struct 81 | { 82 | volatile UINT8 WaitingAndBusyByte; 83 | UINT8 Reserved[sizeof(SIZE_T) - 2]; 84 | volatile UINT8 InTreeByte; 85 | union 86 | { 87 | VOID* SessionState; 88 | struct 89 | { 90 | UINT32 SessionId; 91 | #ifdef _WIN64 92 | UINT32 SessionPad; 93 | #endif 94 | }; 95 | }; 96 | }; 97 | }; 98 | union 99 | { 100 | struct 101 | { 102 | struct _RTL_RB_TREE OwnerTree; 103 | struct _RTL_RB_TREE WaiterTree; 104 | }; 105 | CHAR CpuPriorityKey; 106 | }; 107 | SIZE_T EntryLock; 108 | union 109 | { 110 | UINT16 AllBoosts; 111 | struct /* bitfield */ 112 | { 113 | UINT16 IoBoost : 1; /* bit position: 0 */ 114 | UINT16 CpuBoostsBitmap : 15; /* bit position: 1 */ 115 | }; /* bitfield */ 116 | }; /* size: 0x0002 */ 117 | #ifdef _WIN64 118 | UINT16 IoNormalPriorityWaiterCount; 119 | struct /* bitfield */ 120 | { 121 | UINT8 IoPriorityBit : 1; /* bit position: 0 */ 122 | UINT8 AbSpare : 7; /* bit position: 1 */ 123 | }; /* bitfield */ 124 | UINT8 SparePad[3]; 125 | #else 126 | struct /* bitfield */ 127 | { 128 | UINT16 IoNormalPriorityWaiterCount : 15; /* bit position: 0 */ 129 | UINT16 IoPriorityBit : 1; /* bit position: 15 */ 130 | }; /* bitfield */ 131 | #endif 132 | } KLOCK_ENTRY, *PKLOCK_ENTRY; /* size: 0x0060 */ /* size: 0x0030 */ 133 | static_assert(sizeof(KLOCK_ENTRY) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0060 : 0x0030)); 134 | 135 | 136 | } 137 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/KeKernel.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "KeStruct.inl" 3 | 4 | 5 | namespace wdk 6 | { 7 | 8 | extern"C" 9 | { 10 | 11 | BOOLEAN NTAPI 12 | KeAddSystemServiceTable( 13 | _In_ PULONG_PTR aBase, 14 | _In_opt_ PULONG aCount, 15 | _In_ ULONG aLimit, 16 | _In_ PUCHAR aNumber, 17 | _In_ ULONG aIndex 18 | ); 19 | 20 | 21 | #ifndef KeGetPreviousMode 22 | #define KeGetPreviousMode ExGetPreviousMode 23 | #endif 24 | 25 | 26 | void NTAPI 27 | KeStackAttachProcess( 28 | _In_ PKPROCESS PROCESS, 29 | _Out_ PRKAPC_STATE ApcState 30 | ); 31 | 32 | 33 | void NTAPI 34 | KeUnstackDetachProcess( 35 | _In_ PRKAPC_STATE ApcState 36 | ); 37 | 38 | 39 | VOID NTAPI 40 | KeInitializeApc( 41 | _Out_ PRKAPC aApc, 42 | _In_ PRKTHREAD aThread, 43 | _In_ KAPC_ENVIRONMENT aEnvironment, 44 | _In_ PKKERNEL_ROUTINE aKernelRoutine, 45 | _In_opt_ PKRUNDOWN_ROUTINE aRundownRoutine, 46 | _In_opt_ PKNORMAL_ROUTINE aNormalRoutine, 47 | _In_opt_ KPROCESSOR_MODE aProcessorMode, 48 | _In_opt_ PVOID aNormalContext 49 | ); 50 | 51 | 52 | BOOLEAN NTAPI 53 | KeInsertQueueApc( 54 | _Inout_ PRKAPC aApc, 55 | _In_opt_ PVOID aSystemArgument1, 56 | _In_opt_ PVOID aSystemArgument2, 57 | _In_ KPRIORITY aIncrement 58 | ); 59 | 60 | 61 | //BOOLEAN NTAPI 62 | // KeRemoveQueueApc( 63 | // _Inout_ PKAPC Apc 64 | // ); 65 | 66 | 67 | BOOLEAN NTAPI 68 | KeTestAlertThread( 69 | _In_ KPROCESSOR_MODE AlertMode 70 | ); 71 | 72 | VOID NTAPI 73 | KeGenericCallDpc( 74 | _In_ PKDEFERRED_ROUTINE Routine, 75 | _In_opt_ PVOID Context 76 | ); 77 | 78 | VOID NTAPI 79 | KeSignalCallDpcDone( 80 | _In_ PVOID SystemArgument1 81 | ); 82 | 83 | LOGICAL NTAPI 84 | KeSignalCallDpcSynchronize( 85 | _In_ PVOID SystemArgument2 86 | ); 87 | 88 | } 89 | } 90 | 91 | namespace wdk 92 | { 93 | extern"C" 94 | { 95 | inline auto KeInitSystem() -> NTSTATUS 96 | { 97 | return STATUS_SUCCESS; 98 | } 99 | } 100 | } 101 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/LPC/build_10240.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/LPC/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/LPC/build_14393.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/LPC/build_15063.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/LPC/build_16299.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/LPC/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/LPC/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/LPC/build_7600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/LPC/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/LPC/build_9200.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/LPC/build_9600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/LPCKernel.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "LPCStruct.inl" 3 | 4 | 5 | namespace wdk 6 | { 7 | extern"C" 8 | { 9 | 10 | NTSTATUS NTAPI 11 | LpcRequestPort( 12 | _In_ PVOID PortAddress, 13 | _In_ PPORT_MESSAGE RequestMessage 14 | ); 15 | 16 | NTSTATUS NTAPI 17 | LpcRequestWaitReplyPort( 18 | _In_ PVOID PortAddress, 19 | _In_ PPORT_MESSAGE RequestMessage, 20 | _Out_ PPORT_MESSAGE ReplyMessage 21 | ); 22 | 23 | NTSTATUS NTAPI 24 | LpcRequestWaitReplyPortEx( 25 | _In_ PVOID PortAddress, 26 | _In_ PPORT_MESSAGE RequestMessage, 27 | _Out_ PPORT_MESSAGE ReplyMessage 28 | ); 29 | } 30 | } 31 | 32 | 33 | namespace wdk 34 | { 35 | extern"C" 36 | { 37 | inline auto LPCInitSystem() -> NTSTATUS 38 | { 39 | return STATUS_SUCCESS; 40 | } 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/LPCStruct.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "ObStruct.inl" 3 | #include "SeStruct.inl" 4 | 5 | 6 | namespace wdk 7 | { 8 | 9 | using LPC_PVOID = PVOID; 10 | using LPC_HANDLE = HANDLE; 11 | using LPC_SIZE_T = SIZE_T; 12 | using LPC_CLIENT_ID = CLIENT_ID; 13 | 14 | enum LPCAccessMask : ACCESS_MASK 15 | { 16 | PortConnect = 0x1, 17 | PortAllAccess = (StandardRightsRequired | Synchronize | PortConnect) 18 | }; 19 | 20 | enum PortObjectAttributesMask : ACCESS_MASK 21 | { 22 | PortValidObjectArrtibutes = ObjectCaseInsensitive 23 | }; 24 | 25 | enum LPCMessageType : UINT32 26 | { 27 | LPCNewMessage, 28 | LPCRequest, 29 | LPCReply, 30 | LPCDataGram, 31 | LPCLostReply, 32 | LPCPortClosed, 33 | LPCClientDied, 34 | LPCException, 35 | LPCDebugEvent, 36 | LPCErrorEvent, 37 | LPCConnectionRequest, 38 | LPCConnectionRefused, 39 | LPCMaximum, 40 | 41 | LPCNoImpersonate = 0x4000, 42 | LPCKernelModeMessage= 0x8000, 43 | }; 44 | 45 | typedef struct PORT_MESSAGE 46 | { 47 | union 48 | { 49 | struct 50 | { 51 | SHORT DataLength; 52 | SHORT TotalLength; 53 | } s1; 54 | ULONG Length; 55 | } u1; 56 | union 57 | { 58 | struct 59 | { 60 | SHORT Type; 61 | SHORT DataInfoOffset; 62 | } s2; 63 | ULONG ZeroInit; 64 | } u2; 65 | union 66 | { 67 | LPC_CLIENT_ID ClientId; 68 | double DoNotUseThisField; 69 | }; 70 | ULONG MessageId; 71 | union 72 | { 73 | LPC_SIZE_T ClientViewSize; 74 | ULONG CallbackId; 75 | }; 76 | } *PPORT_MESSAGE; 77 | 78 | typedef struct PORT_DATA_ENTRY 79 | { 80 | PVOID Base; 81 | ULONG Size; 82 | }*PPORT_DATA_ENTRY; 83 | 84 | typedef struct PORT_DATA_INFORMATION 85 | { 86 | ULONG CountDataEntries; 87 | PORT_DATA_ENTRY DataEntries[1]; 88 | }*PPORT_DATA_INFORMATION; 89 | 90 | enum : UINT32 91 | { 92 | PortMaximumMessageLength = 64 * sizeof(SIZE_T), 93 | LPCMaxConnectionInfoSize = 16 * sizeof(SIZE_T), 94 | 95 | PortTotalMaximumMessageLength = 96 | ((PortMaximumMessageLength + sizeof(PORT_MESSAGE) + LPCMaxConnectionInfoSize + 0xF) & ~0xF) 97 | }; 98 | 99 | typedef struct _LPC_CLIENT_DIED_MSG 100 | { 101 | PORT_MESSAGE PortMsg; 102 | LARGE_INTEGER CreateTime; 103 | } LPC_CLIENT_DIED_MSG, *PLPC_CLIENT_DIED_MSG; 104 | 105 | typedef struct _PORT_VIEW 106 | { 107 | ULONG Length; 108 | HANDLE SectionHandle; 109 | ULONG SectionOffset; 110 | SIZE_T ViewSize; 111 | PVOID ViewBase; 112 | PVOID ViewRemoteBase; 113 | } PORT_VIEW, *PPORT_VIEW; 114 | 115 | typedef struct _REMOTE_PORT_VIEW 116 | { 117 | ULONG Length; 118 | SIZE_T ViewSize; 119 | PVOID ViewBase; 120 | } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW; 121 | 122 | // WOW64 definitions 123 | 124 | // Except in a small number of special cases, WOW64 programs using the LPC APIs must use the 64-bit versions of the 125 | // PORT_MESSAGE, PORT_VIEW and REMOTE_PORT_VIEW data structures. Note that we take a different approach than the 126 | // official NT headers, which produce 64-bit versions in a 32-bit environment when USE_LPC6432 is defined. 127 | 128 | typedef struct _PORT_MESSAGE64 129 | { 130 | union 131 | { 132 | struct 133 | { 134 | CSHORT DataLength; 135 | CSHORT TotalLength; 136 | } s1; 137 | ULONG Length; 138 | } u1; 139 | union 140 | { 141 | struct 142 | { 143 | CSHORT Type; 144 | CSHORT DataInfoOffset; 145 | } s2; 146 | ULONG ZeroInit; 147 | } u2; 148 | union 149 | { 150 | CLIENT_ID64 ClientId; 151 | double DoNotUseThisField; 152 | }; 153 | ULONG MessageId; 154 | union 155 | { 156 | ULONGLONG ClientViewSize; // only valid for LPC_CONNECTION_REQUEST messages 157 | ULONG CallbackId; // only valid for LPC_REQUEST messages 158 | }; 159 | } PORT_MESSAGE64, *PPORT_MESSAGE64; 160 | 161 | typedef struct _LPC_CLIENT_DIED_MSG64 162 | { 163 | PORT_MESSAGE64 PortMsg; 164 | LARGE_INTEGER CreateTime; 165 | } LPC_CLIENT_DIED_MSG64, *PLPC_CLIENT_DIED_MSG64; 166 | 167 | typedef struct _PORT_VIEW64 168 | { 169 | ULONG Length; 170 | ULONGLONG SectionHandle; 171 | ULONG SectionOffset; 172 | ULONGLONG ViewSize; 173 | ULONGLONG ViewBase; 174 | ULONGLONG ViewRemoteBase; 175 | } PORT_VIEW64, *PPORT_VIEW64; 176 | 177 | typedef struct _REMOTE_PORT_VIEW64 178 | { 179 | ULONG Length; 180 | ULONGLONG ViewSize; 181 | ULONGLONG ViewBase; 182 | } REMOTE_PORT_VIEW64, *PREMOTE_PORT_VIEW64; 183 | 184 | typedef struct _LPCP_NONPAGED_PORT_QUEUE 185 | { 186 | KSEMAPHORE Semaphore; // Counting semaphore that is incremented 187 | // whenever a message is put in receive queue 188 | struct _LPCP_PORT_OBJECT *BackPointer; 189 | } LPCP_NONPAGED_PORT_QUEUE, *PLPCP_NONPAGED_PORT_QUEUE; 190 | 191 | typedef struct _LPCP_PORT_QUEUE 192 | { 193 | PLPCP_NONPAGED_PORT_QUEUE NonPagedPortQueue; 194 | PKSEMAPHORE Semaphore; // Counting semaphore that is incremented 195 | // whenever a message is put in receive queue 196 | LIST_ENTRY ReceiveHead; // list of messages to receive 197 | } LPCP_PORT_QUEUE, *PLPCP_PORT_QUEUE; 198 | 199 | typedef struct _LPCP_PORT_OBJECT 200 | { 201 | struct _LPCP_PORT_OBJECT *ConnectionPort; 202 | struct _LPCP_PORT_OBJECT *ConnectedPort; 203 | struct _LPCP_PORT_QUEUE MsgQueue; 204 | CLIENT_ID Creator; 205 | PVOID ClientSectionBase; 206 | PVOID ServerSectionBase; 207 | PVOID PortContext; 208 | PETHREAD ClientThread; // only SERVER_COMMUNICATION_PORT 209 | SECURITY_QUALITY_OF_SERVICE SecurityQos; 210 | SECURITY_CLIENT_CONTEXT StaticSecurity; 211 | LIST_ENTRY LpcReplyChainHead; // Only in _COMMUNICATION ports 212 | LIST_ENTRY LpcDataInfoChainHead; // Only in _COMMUNICATION ports 213 | union 214 | { 215 | PEPROCESS ServerProcess; // Only in SERVER_CONNECTION ports 216 | PEPROCESS MappingProcess; // Only in _COMMUNICATION ports 217 | }; 218 | USHORT MaxMessageLength; 219 | USHORT MaxConnectionInfoLength; 220 | ULONG Flags; 221 | KEVENT WaitEvent; // Object is truncated for non-waitable ports 222 | } LPCP_PORT_OBJECT, *PLPCP_PORT_OBJECT; 223 | 224 | typedef struct _LPCP_MESSAGE 225 | { 226 | union 227 | { 228 | LIST_ENTRY Entry; 229 | struct 230 | { 231 | SINGLE_LIST_ENTRY FreeEntry; 232 | ULONG Reserved0; 233 | }; 234 | }; 235 | 236 | PVOID SenderPort; 237 | PETHREAD RepliedToThread; // Filled in when reply is sent so recipient 238 | // of reply can dereference it. 239 | PVOID PortContext; // Captured from senders communication port. 240 | PORT_MESSAGE Request; 241 | } LPCP_MESSAGE, *PLPCP_MESSAGE; 242 | } 243 | 244 | #include "LPC\build_7600.inl" 245 | #include "LPC\build_7601.inl" 246 | #include "LPC\build_9200.inl" 247 | #include "LPC\build_9600.inl" 248 | #include "LPC\build_10240.inl" 249 | #include "LPC\build_10586.inl" 250 | #include "LPC\build_14393.inl" 251 | #include "LPC\build_15063.inl" 252 | #include "LPC\build_16299.inl" 253 | #include "LPC\build_17134.inl" 254 | #include "LPC\build_17763.inl" 255 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Mm/build_10240.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10240.17443\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_10240 11 | { 12 | 13 | typedef struct _MMSUPPORT 14 | { 15 | volatile INT32 WorkingSetLock; 16 | struct _KGATE* ExitOutswapGate; 17 | VOID* AccessLog; 18 | struct _LIST_ENTRY WorkingSetExpansionLinks; 19 | SIZE_T AgeDistribution[7]; 20 | SIZE_T MinimumWorkingSetSize; 21 | SIZE_T WorkingSetLeafSize; 22 | SIZE_T WorkingSetLeafPrivateSize; 23 | SIZE_T WorkingSetSize; 24 | SIZE_T WorkingSetPrivateSize; 25 | SIZE_T MaximumWorkingSetSize; 26 | SIZE_T ChargedWslePages; 27 | SIZE_T ActualWslePages; 28 | SIZE_T WorkingSetSizeOverhead; 29 | SIZE_T PeakWorkingSetSize; 30 | UINT32 HardFaultCount; 31 | #ifdef _WIN64 32 | UINT16 PartitionId; 33 | UINT16 Pad0; 34 | #endif 35 | struct _MMWSL* VmWorkingSetList; 36 | UINT16 NextPageColor; 37 | UINT16 LastTrimStamp; 38 | UINT32 PageFaultCount; 39 | SIZE_T TrimmedPageCount; 40 | SIZE_T ForceTrimPages; 41 | struct _MMSUPPORT_FLAGS Flags; 42 | SIZE_T ReleasedCommitDebt; 43 | VOID* WsSwapSupport; 44 | VOID* CommitReAcquireFailSupport; 45 | } MMSUPPORT, *PMMSUPPORT; /* size: 0x00f8 */ /* size: 0x0080 */ 46 | static_assert(sizeof(MMSUPPORT) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x00f8 : 0x0080)); 47 | 48 | } 49 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Mm/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10586.1176\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_10586 11 | { 12 | 13 | SameDefine$(build_10240, MMSUPPORT); 14 | 15 | } 16 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Mm/build_14393.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.14393.2214\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_14393 11 | { 12 | 13 | 14 | typedef struct _MMSUPPORT_INSTANCE 15 | { 16 | UINT16 NextPageColor; 17 | UINT16 LastTrimStamp; 18 | UINT32 PageFaultCount; 19 | SIZE_T TrimmedPageCount; 20 | struct _MMWSL_INSTANCE* VmWorkingSetList; 21 | struct _LIST_ENTRY WorkingSetExpansionLinks; 22 | SIZE_T AgeDistribution[7]; 23 | struct _KGATE* ExitOutswapGate; 24 | SIZE_T MinimumWorkingSetSize; 25 | SIZE_T WorkingSetLeafSize; 26 | SIZE_T WorkingSetLeafPrivateSize; 27 | SIZE_T WorkingSetSize; 28 | SIZE_T WorkingSetPrivateSize; 29 | SIZE_T MaximumWorkingSetSize; 30 | SIZE_T PeakWorkingSetSize; 31 | UINT32 HardFaultCount; 32 | #ifdef _WIN64 33 | UINT16 PartitionId; 34 | UINT16 Pad0; 35 | #endif 36 | union // _TAG_UNNAMED_21 37 | { 38 | VOID* InstancedWorkingSet; 39 | } u1; 40 | SIZE_T Reserved0; 41 | struct _MMSUPPORT_FLAGS Flags; 42 | } MMSUPPORT_INSTANCE, *PMMSUPPORT_INSTANCE; /* size: 0x00c0 */ /* size: 0x0064 */ 43 | static_assert(sizeof(MMSUPPORT_INSTANCE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x00c0 : 0x0064)); 44 | 45 | 46 | typedef struct _MMSUPPORT_SHARED 47 | { 48 | volatile INT32 WorkingSetLock; 49 | INT32 GoodCitizenWaiting; 50 | SIZE_T ReleasedCommitDebt; 51 | SIZE_T ResetPagesRepurposedCount; 52 | VOID* WsSwapSupport; 53 | VOID* CommitReleaseContext; 54 | VOID* AccessLog; 55 | SIZE_T ChargedWslePages; 56 | SIZE_T ActualWslePages; 57 | VOID* ShadowMapping; 58 | SIZE_T WorkingSetSizeOverhead; 59 | } MMSUPPORT_SHARED, *PMMSUPPORT_SHARED; /* size: 0x0050 */ /* size: 0x002c */ 60 | static_assert(sizeof(MMSUPPORT_SHARED) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0050 : 0x002c)); 61 | 62 | 63 | typedef struct _MMSUPPORT_FULL 64 | { 65 | struct _MMSUPPORT_INSTANCE Instance; 66 | struct _MMSUPPORT_SHARED Shared; 67 | } MMSUPPORT_FULL, *PMMSUPPORT_FULL; /* size: 0x0110 */ /* size: 0x0090 */ 68 | static_assert(sizeof(MMSUPPORT_FULL) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0110 : 0x0090)); 69 | 70 | 71 | } 72 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Mm/build_15063.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.15063.1418\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_15063 11 | { 12 | 13 | typedef struct _MMSUPPORT_INSTANCE 14 | { 15 | UINT16 NextPageColor; 16 | UINT16 LastTrimStamp; 17 | UINT32 PageFaultCount; 18 | SIZE_T TrimmedPageCount; 19 | struct _MMWSL_INSTANCE* VmWorkingSetList; 20 | struct _LIST_ENTRY WorkingSetExpansionLinks; 21 | SIZE_T AgeDistribution[8]; 22 | struct _KGATE* ExitOutswapGate; 23 | SIZE_T MinimumWorkingSetSize; 24 | SIZE_T WorkingSetLeafSize; 25 | SIZE_T WorkingSetLeafPrivateSize; 26 | SIZE_T WorkingSetSize; 27 | SIZE_T WorkingSetPrivateSize; 28 | SIZE_T MaximumWorkingSetSize; 29 | SIZE_T PeakWorkingSetSize; 30 | UINT32 HardFaultCount; 31 | #ifdef _WIN64 32 | UINT16 PartitionId; 33 | UINT16 Pad0; 34 | #endif 35 | union // _TAG_UNNAMED_21 36 | { 37 | VOID* InstancedWorkingSet; 38 | } u1; 39 | SIZE_T Reserved0; 40 | struct _MMSUPPORT_FLAGS Flags; 41 | } MMSUPPORT_INSTANCE, *PMMSUPPORT_INSTANCE; /* size: 0x00c8 */ /* size: 0x0068 */ 42 | static_assert(sizeof(MMSUPPORT_INSTANCE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x00c8 : 0x0068)); 43 | 44 | 45 | typedef struct _MMSUPPORT_SHARED 46 | { 47 | volatile INT32 WorkingSetLock; 48 | INT32 GoodCitizenWaiting; 49 | SIZE_T ReleasedCommitDebt; 50 | SIZE_T ResetPagesRepurposedCount; 51 | VOID* WsSwapSupport; 52 | VOID* CommitReleaseContext; 53 | VOID* AccessLog; 54 | SIZE_T ChargedWslePages; 55 | SIZE_T ActualWslePages; 56 | VOID* ShadowMapping; 57 | } MMSUPPORT_SHARED, *PMMSUPPORT_SHARED; /* size: 0x0048 */ /* size: 0x0028 */ 58 | static_assert(sizeof(MMSUPPORT_SHARED) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0048 : 0x0028)); 59 | 60 | 61 | typedef struct _MMSUPPORT_FULL 62 | { 63 | struct _MMSUPPORT_INSTANCE Instance; 64 | struct _MMSUPPORT_SHARED Shared; 65 | } MMSUPPORT_FULL, *PMMSUPPORT_FULL; /* size: 0x0110 */ /* size: 0x0090 */ 66 | static_assert(sizeof(MMSUPPORT_FULL) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0110 : 0x0090)); 67 | 68 | 69 | 70 | } 71 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Mm/build_16299.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.16299.755\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_16299 11 | { 12 | 13 | SameDefine$(build_15063, MMSUPPORT_INSTANCE); 14 | SameDefine$(build_15063, MMSUPPORT_SHARED); 15 | SameDefine$(build_15063, MMSUPPORT_FULL); 16 | 17 | } 18 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Mm/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17134.376\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_17134 11 | { 12 | 13 | typedef struct _MMSUPPORT_INSTANCE 14 | { 15 | UINT32 NextPageColor; 16 | UINT32 PageFaultCount; 17 | SIZE_T TrimmedPageCount; 18 | struct _MMWSL_INSTANCE* VmWorkingSetList; 19 | struct _LIST_ENTRY WorkingSetExpansionLinks; 20 | SIZE_T AgeDistribution[8]; 21 | struct _KGATE* ExitOutswapGate; 22 | SIZE_T MinimumWorkingSetSize; 23 | SIZE_T WorkingSetLeafSize; 24 | SIZE_T WorkingSetLeafPrivateSize; 25 | SIZE_T WorkingSetSize; 26 | SIZE_T WorkingSetPrivateSize; 27 | SIZE_T MaximumWorkingSetSize; 28 | SIZE_T PeakWorkingSetSize; 29 | UINT32 HardFaultCount; 30 | UINT16 LastTrimStamp; 31 | #ifdef _WIN64 32 | UINT16 PartitionId; 33 | UINT64 SelfmapLock; 34 | #else 35 | UINT16 Unused0; 36 | #endif 37 | struct _MMSUPPORT_FLAGS Flags; 38 | } MMSUPPORT_INSTANCE, *PMMSUPPORT_INSTANCE; /* size: 0x00c0 */ /* size: 0x0064 */ 39 | static_assert(sizeof(MMSUPPORT_INSTANCE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x00c0 : 0x0064)); 40 | 41 | 42 | typedef struct _MMSUPPORT_SHARED 43 | { 44 | volatile INT32 WorkingSetLock; 45 | INT32 GoodCitizenWaiting; 46 | SIZE_T ReleasedCommitDebt; 47 | SIZE_T ResetPagesRepurposedCount; 48 | VOID* WsSwapSupport; 49 | VOID* CommitReleaseContext; 50 | volatile INT32 WorkingSetCoreLock; 51 | VOID* AccessLog; 52 | volatile SIZE_T ChargedWslePages; 53 | SIZE_T ActualWslePages; 54 | VOID* ShadowMapping; 55 | } MMSUPPORT_SHARED, *PMMSUPPORT_SHARED; /* size: 0x0050 */ /* size: 0x002c */ 56 | static_assert(sizeof(MMSUPPORT_SHARED) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0050 : 0x002c)); 57 | 58 | 59 | typedef struct _MMSUPPORT_FULL 60 | { 61 | struct _MMSUPPORT_INSTANCE Instance; 62 | struct _MMSUPPORT_SHARED Shared; 63 | } MMSUPPORT_FULL, *PMMSUPPORT_FULL; /* size: 0x0110 */ /* size: 0x0090 */ 64 | static_assert(sizeof(MMSUPPORT_FULL) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0110 : 0x0090)); 65 | 66 | 67 | } 68 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Mm/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17763.55\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_17763 11 | { 12 | 13 | SameDefine$(build_17134, MMSUPPORT_INSTANCE); 14 | SameDefine$(build_17134, MMSUPPORT_SHARED); 15 | SameDefine$(build_17134, MMSUPPORT_FULL); 16 | 17 | } 18 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Mm/build_7600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7600.17795\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_7600 11 | { 12 | 13 | typedef struct _MMADDRESS_NODE 14 | { 15 | union 16 | { 17 | union 18 | { 19 | SIZE_T Balance : 2; /* bit position: 0 */ 20 | struct _MMADDRESS_NODE* Parent; 21 | }; 22 | } u1; 23 | struct _MMADDRESS_NODE* LeftChild; 24 | struct _MMADDRESS_NODE* RightChild; 25 | SIZE_T StartingVpn; 26 | SIZE_T EndingVpn; 27 | } MMADDRESS_NODE, *PMMADDRESS_NODE; /* size: 0x0028 */ /* size: 0x0014 */ 28 | static_assert(sizeof(MMADDRESS_NODE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0028 : 0x0014)); 29 | 30 | 31 | typedef struct _MM_AVL_TABLE 32 | { 33 | struct _MMADDRESS_NODE BalancedRoot; 34 | struct /* bitfield */ 35 | { 36 | SIZE_T DepthOfTree : 5; /* bit position: 0 */ 37 | SIZE_T Unused : 3; /* bit position: 5 */ 38 | SIZE_T NumberGenericTableElements : (sizeof(SIZE_T) * 8) - 8; /* bit position: 8 */ 39 | }; /* bitfield */ 40 | VOID* NodeHint; 41 | VOID* NodeFreeHint; 42 | } MM_AVL_TABLE, *PMM_AVL_TABLE; /* size: 0x0040 */ /* size: 0x0020 */ 43 | static_assert(sizeof(MM_AVL_TABLE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0040 : 0x0020)); 44 | 45 | 46 | typedef struct _MMSUPPORT 47 | { 48 | struct _EX_PUSH_LOCK WorkingSetMutex; 49 | struct _KGATE* ExitGate; 50 | VOID* AccessLog; 51 | struct _LIST_ENTRY WorkingSetExpansionLinks; 52 | UINT32 AgeDistribution[7]; 53 | UINT32 MinimumWorkingSetSize; 54 | UINT32 WorkingSetSize; 55 | UINT32 WorkingSetPrivateSize; 56 | UINT32 MaximumWorkingSetSize; 57 | UINT32 ChargedWslePages; 58 | UINT32 ActualWslePages; 59 | UINT32 WorkingSetSizeOverhead; 60 | UINT32 PeakWorkingSetSize; 61 | UINT32 HardFaultCount; 62 | struct _MMWSL* VmWorkingSetList; 63 | UINT16 NextPageColor; 64 | UINT16 LastTrimStamp; 65 | UINT32 PageFaultCount; 66 | UINT32 RepurposeCount; 67 | UINT32 Spare[sizeof(SIZE_T) / sizeof(UINT32)]; 68 | struct _MMSUPPORT_FLAGS Flags; 69 | } MMSUPPORT, *PMMSUPPORT; /* size: 0x0088 */ /* size: 0x006c */ 70 | static_assert(sizeof(MMSUPPORT) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0088 : 0x006c)); 71 | 72 | } 73 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Mm/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7601.24260\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_7601 11 | { 12 | 13 | SameDefine$(build_7600, MMADDRESS_NODE); 14 | SameDefine$(build_7600, MM_AVL_TABLE); 15 | SameDefine$(build_7600, MMSUPPORT); 16 | 17 | } 18 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Mm/build_9200.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.2.9200.17581\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_9200 11 | { 12 | 13 | typedef struct _MM_AVL_NODE 14 | { 15 | union // _TAG_UNNAMED_65 16 | { 17 | union 18 | { 19 | SSIZE_T Balance : 2; /* bit position: 0 */ 20 | struct _MM_AVL_NODE* Parent; 21 | }; 22 | } u1; 23 | struct _MM_AVL_NODE* LeftChild; 24 | struct _MM_AVL_NODE* RightChild; 25 | } MM_AVL_NODE, *PMM_AVL_NODE; /* size: 0x0018 */ /* size: 0x000c */ 26 | static_assert(sizeof(MM_AVL_NODE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0018 : 0x000c)); 27 | 28 | 29 | typedef struct _MM_AVL_TABLE 30 | { 31 | struct _MM_AVL_NODE BalancedRoot; 32 | struct /* bitfield */ 33 | { 34 | SIZE_T DepthOfTree : 5; /* bit position: 0 */ 35 | SIZE_T TableType : 3; /* bit position: 5 */ 36 | SIZE_T NumberGenericTableElements : sizeof(SIZE_T) * 8 - 8; /* bit position: 8 */ 37 | }; /* bitfield */ 38 | VOID* NodeHint; 39 | VOID* NodeFreeHint; 40 | } MM_AVL_TABLE, *PMM_AVL_TABLE; /* size: 0x0030 */ /* size: 0x0018 */ 41 | static_assert(sizeof(MM_AVL_TABLE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0030 : 0x0018)); 42 | 43 | 44 | typedef struct _MMSUPPORT 45 | { 46 | struct _EX_PUSH_LOCK WorkingSetMutex; 47 | struct _KGATE* ExitGate; 48 | VOID* AccessLog; 49 | struct _LIST_ENTRY WorkingSetExpansionLinks; 50 | UINT32 AgeDistribution[7]; 51 | UINT32 MinimumWorkingSetSize; 52 | UINT32 WorkingSetSize; 53 | UINT32 WorkingSetPrivateSize; 54 | UINT32 MaximumWorkingSetSize; 55 | UINT32 ChargedWslePages; 56 | UINT32 ActualWslePages; 57 | UINT32 WorkingSetSizeOverhead; 58 | UINT32 PeakWorkingSetSize; 59 | UINT32 HardFaultCount; 60 | struct _MMWSL* VmWorkingSetList; 61 | UINT16 NextPageColor; 62 | UINT16 LastTrimStamp; 63 | UINT32 PageFaultCount; 64 | UINT32 TrimmedPageCount; 65 | #ifdef _WIN64 66 | UINT32 Spare; 67 | #endif 68 | UINT32 ForceTrimPages; 69 | struct _MMSUPPORT_FLAGS Flags; 70 | VOID* WsSwapSupport; 71 | } MMSUPPORT, *PMMSUPPORT; /* size: 0x0090 */ /* size: 0x0070 */ 72 | static_assert(sizeof(MMSUPPORT) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0090 : 0x0070)); 73 | 74 | 75 | } 76 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Mm/build_9600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.3.9600.19038\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_9600 11 | { 12 | 13 | 14 | typedef struct _MMSUPPORT 15 | { 16 | struct _KGATE* ExitGate; 17 | VOID* AccessLog; 18 | struct _EX_PUSH_LOCK WorkingSetMutex; 19 | struct _LIST_ENTRY WorkingSetExpansionLinks; 20 | SIZE_T AgeDistribution[7]; 21 | SIZE_T MinimumWorkingSetSize; 22 | SIZE_T WorkingSetLeafSize; 23 | SIZE_T WorkingSetLeafPrivateSize; 24 | SIZE_T WorkingSetSize; 25 | SIZE_T WorkingSetPrivateSize; 26 | SIZE_T MaximumWorkingSetSize; 27 | SIZE_T ChargedWslePages; 28 | SIZE_T ActualWslePages; 29 | SIZE_T WorkingSetSizeOverhead; 30 | SIZE_T PeakWorkingSetSize; 31 | UINT32 HardFaultCount; 32 | struct _MMWSL* VmWorkingSetList; 33 | UINT16 NextPageColor; 34 | UINT16 LastTrimStamp; 35 | UINT32 PageFaultCount; 36 | SIZE_T TrimmedPageCount; 37 | SIZE_T ForceTrimPages; 38 | struct _MMSUPPORT_FLAGS Flags; 39 | VOID* WsSwapSupport; 40 | VOID* ShadowMapping; 41 | } MMSUPPORT, *PMMSUPPORT; /* size: 0x00f0 */ /* size: 0x007c */ 42 | static_assert(sizeof(MMSUPPORT) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x00f0 : 0x007c)); 43 | 44 | } 45 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/MmStruct.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | namespace wdk 5 | { 6 | 7 | #pragma region PTE 8 | typedef struct _HARDWARE_PTE 9 | { 10 | enum : UINT64 { HARDWARE_PTE_WORKING_SET_BITS = 11 }; 11 | 12 | UINT64 Valid : 1; 13 | UINT64 Write : 1; // UP version 14 | UINT64 Owner : 1; 15 | UINT64 WriteThrough : 1; 16 | UINT64 CacheDisable : 1; 17 | UINT64 Accessed : 1; 18 | UINT64 Dirty : 1; 19 | UINT64 LargePage : 1; 20 | UINT64 Global : 1; 21 | UINT64 CopyOnWrite : 1; // software field 22 | UINT64 Prototype : 1; // software field 23 | UINT64 reserved0 : 1; // software field 24 | UINT64 PageFrameNumber : 36; 25 | UINT64 reserved1 : 4; 26 | UINT64 SoftwareWsIndex : HARDWARE_PTE_WORKING_SET_BITS; 27 | UINT64 NoExecute : 1; 28 | } HARDWARE_PTE, *PHARDWARE_PTE; 29 | static_assert(sizeof(HARDWARE_PTE) == 8, "sizeof(HARDWARE_PTE) != 8"); 30 | #pragma endregion 31 | 32 | 33 | #pragma region Page 34 | enum PageAccessMask : ACCESS_MASK 35 | { 36 | PageNoAccess = 0x00000001, 37 | PageReadOnly = 0x00000002, 38 | PageReadWrite = 0x00000004, 39 | PageWriteCopy = 0x00000008, 40 | 41 | PageExecute = 0x00000010, 42 | PageExecuteRead = 0x00000020, 43 | PageExecuteReadWrite = 0x00000040, 44 | PageExecuteWriteCopy = 0x00000080, 45 | 46 | PageGuard = 0x00000100, 47 | PageNoCache = 0x00000200, 48 | PageWriteCombine = 0x00000400, 49 | 50 | PageEnclaveDecommit = 0x10000000, 51 | PageEnclaveUnvalidated = 0x20000000, 52 | PageTargetsNoUpdate = 0x40000000, 53 | PageTargetsInvalid = 0x40000000, 54 | PageEnclaveThreadControl = 0x80000000, 55 | PageRevertToFileMap = 0x80000000, 56 | }; 57 | 58 | 59 | enum SecType : UINT32 60 | { 61 | SecFile = 0x00800000, 62 | SecImage = 0x01000000, 63 | SecProtectedImage = 0x02000000, 64 | SecReserve = 0x04000000, 65 | SecCommit = 0x08000000, 66 | SecNoCache = 0x10000000, 67 | SecWriteCombine = 0x40000000, 68 | SecLargePages = 0x80000000, 69 | SecImageNoExecute = (SecImage | SecNoCache), 70 | }; 71 | 72 | 73 | enum MemType : UINT32 74 | { 75 | MemCommit = 0x00001000, 76 | MemReserve = 0x00002000, 77 | MemDecommit = 0x00004000, 78 | MemRelease = 0x00008000, 79 | 80 | MemFree = 0x00010000, 81 | MemPrivate = 0x00020000, 82 | MemMapped = 0x00040000, 83 | MemReset = 0x00080000, 84 | 85 | MemTopDown = 0x00100000, 86 | MemWriteWatch = 0x00200000, 87 | MemPhysical = 0x00400000, 88 | MemRotate = 0x00800000, 89 | MemDifferentImageBaseOk = 0x00800000, 90 | 91 | MemResetUndo = 0x01000000, 92 | 93 | MemLargePages = 0x20000000, 94 | Mem4MBPages = 0x80000000, 95 | Mem64KPages = (MemLargePages | MemPhysical), 96 | 97 | MemImage = SecImage, 98 | }; 99 | 100 | 101 | __declspec(selectany) ULONG MmProtectToValue[32] = 102 | { 103 | PAGE_NOACCESS, 104 | PAGE_READONLY, 105 | PAGE_EXECUTE, 106 | PAGE_EXECUTE_READ, 107 | PAGE_READWRITE, 108 | PAGE_WRITECOPY, 109 | PAGE_EXECUTE_READWRITE, 110 | PAGE_EXECUTE_WRITECOPY, 111 | PAGE_NOACCESS, 112 | PAGE_NOCACHE | PAGE_READONLY, 113 | PAGE_NOCACHE | PAGE_EXECUTE, 114 | PAGE_NOCACHE | PAGE_EXECUTE_READ, 115 | PAGE_NOCACHE | PAGE_READWRITE, 116 | PAGE_NOCACHE | PAGE_WRITECOPY, 117 | PAGE_NOCACHE | PAGE_EXECUTE_READWRITE, 118 | PAGE_NOCACHE | PAGE_EXECUTE_WRITECOPY, 119 | PAGE_NOACCESS, 120 | PAGE_GUARD | PAGE_READONLY, 121 | PAGE_GUARD | PAGE_EXECUTE, 122 | PAGE_GUARD | PAGE_EXECUTE_READ, 123 | PAGE_GUARD | PAGE_READWRITE, 124 | PAGE_GUARD | PAGE_WRITECOPY, 125 | PAGE_GUARD | PAGE_EXECUTE_READWRITE, 126 | PAGE_GUARD | PAGE_EXECUTE_WRITECOPY, 127 | PAGE_NOACCESS, 128 | PAGE_WRITECOMBINE | PAGE_READONLY, 129 | PAGE_WRITECOMBINE | PAGE_EXECUTE, 130 | PAGE_WRITECOMBINE | PAGE_EXECUTE_READ, 131 | PAGE_WRITECOMBINE | PAGE_READWRITE, 132 | PAGE_WRITECOMBINE | PAGE_WRITECOPY, 133 | PAGE_WRITECOMBINE | PAGE_EXECUTE_READWRITE, 134 | PAGE_WRITECOMBINE | PAGE_EXECUTE_WRITECOPY 135 | }; 136 | #pragma endregion 137 | 138 | 139 | #pragma region Mm Flags 140 | typedef struct _MMSUPPORT_FLAGS 141 | { 142 | union 143 | { 144 | struct 145 | { 146 | struct 147 | { 148 | UINT8 WorkingSetType : 3; /* bit position: 0 */ 149 | UINT8 Reserved0 : 3; /* bit position: 3 */ 150 | UINT8 MaximumWorkingSetHard : 1; /* bit position: 6 */ 151 | UINT8 MinimumWorkingSetHard : 1; /* bit position: 7 */ 152 | }; 153 | struct 154 | { 155 | UINT8 SessionMaster : 1; /* bit position: 0 */ 156 | UINT8 TrimmerState : 2; /* bit position: 1 */ 157 | UINT8 Reserved : 1; /* bit position: 3 */ 158 | UINT8 PageStealers : 4; /* bit position: 4 */ 159 | }; 160 | }; /* size: 0x0002 */ 161 | UINT16 u1; 162 | }; /* size: 0x0002 */ 163 | UINT8 MemoryPriority; 164 | union 165 | { 166 | struct 167 | { 168 | UINT8 WsleDeleted : 1; /* bit position: 0 */ 169 | UINT8 SvmEnabled : 1; /* bit position: 1 */ 170 | UINT8 ForceAge : 1; /* bit position: 2 */ 171 | UINT8 ForceTrim : 1; /* bit position: 3 */ 172 | UINT8 NewMaximum : 1; /* bit position: 4 */ 173 | UINT8 CommitReleaseState : 2; /* bit position: 5 */ 174 | }; 175 | UINT8 u2; 176 | }; /* size: 0x0001 */ 177 | } MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS; /* size: 0x0004 */ 178 | static_assert(sizeof(MMSUPPORT_FLAGS) == 0x0004); 179 | #pragma endregion 180 | 181 | 182 | 183 | } 184 | 185 | #include "Mm\build_7600.inl" 186 | #include "Mm\build_7601.inl" 187 | #include "Mm\build_9200.inl" 188 | #include "Mm\build_9600.inl" 189 | #include "Mm\build_10240.inl" 190 | #include "Mm\build_10586.inl" 191 | #include "Mm\build_14393.inl" 192 | #include "Mm\build_15063.inl" 193 | #include "Mm\build_16299.inl" 194 | #include "Mm\build_17134.inl" 195 | #include "Mm\build_17763.inl" 196 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Native.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* native type */ 5 | 6 | using INT8 = signed __int8; 7 | using INT16 = signed __int16; 8 | using INT32 = signed __int32; 9 | using INT64 = signed __int64; 10 | 11 | using UINT8 = unsigned __int8; 12 | using UINT16 = unsigned __int16; 13 | using UINT32 = unsigned __int32; 14 | using UINT64 = unsigned __int64; 15 | 16 | using CHAR = char; 17 | using SHORT = short; 18 | using LONG = long; 19 | using LONGLONG = INT64; 20 | using LONG64 = INT64; 21 | 22 | using UCHAR = unsigned char; 23 | using USHORT = unsigned short; 24 | using ULONG = unsigned long; 25 | using ULONGLONG = UINT64; 26 | using ULONG64 = UINT64; 27 | 28 | using BYTE = UCHAR; 29 | using WORD = USHORT; 30 | using DWORD = ULONG; 31 | using QWORD = UINT64; 32 | 33 | using PVOID32 = void * __ptr32; 34 | using PVOID64 = void * __ptr64; 35 | using HANDLE32 = PVOID32; 36 | using HANDLE64 = PVOID64; 37 | 38 | #ifdef _WIN64 39 | using INT_PTR = INT64; 40 | using LONG_PTR = INT64; 41 | using SSIZE_T = INT64; 42 | 43 | using UINT_PTR = UINT64; 44 | using ULONG_PTR = UINT64; 45 | using SIZE_T = UINT64; 46 | #else 47 | using INT_PTR = INT32; 48 | using LONG_PTR = LONG; 49 | using SSIZE_T = LONG_PTR; 50 | 51 | using UINT_PTR = UINT32; 52 | using ULONG_PTR = ULONG; 53 | using SIZE_T = ULONG_PTR; 54 | #endif 55 | 56 | 57 | #ifndef SameDefine$ 58 | #define SameDefine$(ns, type) \ 59 | using ns::_##type; \ 60 | using ns::type; \ 61 | using ns::P##type 62 | #endif 63 | 64 | 65 | namespace wdk 66 | { 67 | 68 | enum StandardAccessMask : ACCESS_MASK 69 | { 70 | Delete = 0x00010000, 71 | ReadControl = 0x00020000, 72 | WriteDac = 0x00040000, 73 | WriteOwner = 0x00080000, 74 | Synchronize = 0x00100000, 75 | 76 | StandardRightsRequired = 0x000F0000, 77 | StandardRightsRead = ReadControl, 78 | StandardRightsWrite = ReadControl, 79 | StandardRightsExecute = ReadControl, 80 | 81 | StandardRightsAll = 0x001F0000, 82 | SpecificRightsAll = 0x0000FFFF, 83 | 84 | AccessSystemSecurity = 0x01000000, 85 | MaximumAllowed = 0x02000000, 86 | }; 87 | 88 | 89 | enum GenericAccessMask : ACCESS_MASK 90 | { 91 | GenericRead = 0x80000000, 92 | GenericWrite = 0x40000000, 93 | GenericExecute = 0x20000000, 94 | GenericAll = 0x10000000, 95 | }; 96 | 97 | 98 | template 99 | struct CLIENT_ID_T 100 | { 101 | T UniqueProcess; 102 | T UniqueThread; 103 | }; 104 | using CLIENT_ID32 = CLIENT_ID_T; 105 | using CLIENT_ID64 = CLIENT_ID_T; 106 | 107 | 108 | template 109 | struct LIST_ENTRY_T 110 | { 111 | T Flink; 112 | T Blink; 113 | }; 114 | 115 | 116 | template 117 | struct T_STRING 118 | { 119 | USHORT Length; 120 | USHORT MaximumLength; 121 | 122 | T Buffer; 123 | }; 124 | 125 | } 126 | 127 | 128 | namespace wdk 129 | { 130 | 131 | template 132 | FORCEINLINE auto InitializeListHead( 133 | _Out_ LIST_ENTRY_T * ListHead) 134 | -> VOID 135 | 136 | { 137 | ListHead->Flink = ListHead->Blink = ListHead; 138 | } 139 | 140 | 141 | template 142 | FORCEINLINE auto IsListEmpty( 143 | _In_ const LIST_ENTRY_T * ListHead) 144 | -> BOOLEAN 145 | { 146 | return (BOOLEAN)(ListHead->Flink == ListHead); 147 | } 148 | 149 | 150 | template 151 | FORCEINLINE auto RemoveEntryList( 152 | _In_ LIST_ENTRY_T* Entry) 153 | -> BOOLEAN 154 | { 155 | using LIST_TYPE = LIST_ENTRY_T; 156 | using PLIST_TYPE = LIST_TYPE*; 157 | 158 | auto Blink = PLIST_TYPE(); 159 | auto Flink = PLIST_TYPE(); 160 | 161 | Blink = (PLIST_TYPE)Entry->Blink; 162 | Flink = (PLIST_TYPE)Entry->Flink; 163 | 164 | if constexpr (sizeof(T) == sizeof(PVOID32)) 165 | { 166 | Blink->Flink = (PVOID32)(UINT32)(SIZE_T)Flink; 167 | Flink->Blink = (PVOID32)(UINT32)(SIZE_T)Blink; 168 | } 169 | else 170 | { 171 | Blink->Flink = Flink; 172 | Flink->Blink = Blink; 173 | } 174 | 175 | return (BOOLEAN)(Flink == Blink); 176 | } 177 | 178 | 179 | template 180 | FORCEINLINE auto RemoveHeadList( 181 | _Inout_ LIST_ENTRY_T* ListHead) 182 | -> LIST_ENTRY_T* 183 | { 184 | using LIST_TYPE = LIST_ENTRY_T; 185 | using PLIST_TYPE = LIST_TYPE * ; 186 | 187 | auto Flink = PLIST_TYPE(); 188 | auto Entry = PLIST_TYPE(); 189 | 190 | Entry = (PLIST_TYPE)ListHead->Flink; 191 | Flink = (PLIST_TYPE)Entry->Flink; 192 | 193 | if constexpr (sizeof(T) == sizeof(PVOID32)) 194 | { 195 | ListHead->Flink = (PVOID32)(UINT32)(SIZE_T)Flink; 196 | Flink->Blink = (PVOID32)(UINT32)(SIZE_T)ListHead; 197 | } 198 | else 199 | { 200 | ListHead->Flink = Flink; 201 | Flink->Blink = ListHead; 202 | } 203 | 204 | return Entry; 205 | } 206 | 207 | 208 | template 209 | FORCEINLINE auto RemoveTailList( 210 | _Inout_ LIST_ENTRY_T* ListHead) 211 | -> LIST_ENTRY_T* 212 | { 213 | using LIST_TYPE = LIST_ENTRY_T; 214 | using PLIST_TYPE = LIST_TYPE * ; 215 | 216 | auto Blink = PLIST_TYPE(); 217 | auto Entry = PLIST_TYPE(); 218 | 219 | Entry = (PLIST_TYPE)ListHead->Blink; 220 | Blink = (PLIST_TYPE)Entry->Blink; 221 | 222 | if constexpr (sizeof(T) == sizeof(PVOID32)) 223 | { 224 | ListHead->Blink = (PVOID32)(UINT32)(SIZE_T)Blink; 225 | Blink->Flink = (PVOID32)(UINT32)(SIZE_T)ListHead; 226 | } 227 | else 228 | { 229 | ListHead->Blink = Blink; 230 | Blink->Flink = ListHead; 231 | } 232 | } 233 | 234 | 235 | template 236 | FORCEINLINE auto InsertTailList( 237 | _Inout_ LIST_ENTRY_T* ListHead, 238 | _Inout_ __drv_aliasesMem LIST_ENTRY_T* Entry) 239 | -> VOID 240 | { 241 | using LIST_TYPE = LIST_ENTRY_T; 242 | using PLIST_TYPE = LIST_TYPE * ; 243 | 244 | auto Blink = PLIST_TYPE(); 245 | 246 | Blink = (PLIST_TYPE)ListHead->Blink; 247 | 248 | if constexpr (sizeof(T) == sizeof(PVOID32)) 249 | { 250 | Entry->Flink = (PVOID32)(UINT32)(SIZE_T)ListHead; 251 | Entry->Blink = (PVOID32)(UINT32)(SIZE_T)Blink; 252 | Blink->Flink = (PVOID32)(UINT32)(SIZE_T)Entry; 253 | ListHead->Blink = (PVOID32)(UINT32)(SIZE_T)Entry; 254 | } 255 | else 256 | { 257 | Entry->Flink = ListHead; 258 | Entry->Blink = Blink; 259 | Blink->Flink = Entry; 260 | ListHead->Blink = Entry; 261 | } 262 | } 263 | 264 | 265 | template 266 | FORCEINLINE auto InsertHeadList( 267 | _Inout_ LIST_ENTRY_T* ListHead, 268 | _Inout_ __drv_aliasesMem LIST_ENTRY_T* Entry) 269 | -> VOID 270 | { 271 | using LIST_TYPE = LIST_ENTRY_T; 272 | using PLIST_TYPE = LIST_TYPE * ; 273 | 274 | auto Flink = PLIST_TYPE(); 275 | 276 | Flink = (PLIST_TYPE)ListHead->Flink; 277 | 278 | if constexpr (sizeof(T) == sizeof(PVOID32)) 279 | { 280 | Entry->Flink = (PVOID32)(UINT32)(SIZE_T)Flink; 281 | Entry->Blink = (PVOID32)(UINT32)(SIZE_T)ListHead; 282 | Flink->Blink = (PVOID32)(UINT32)(SIZE_T)Entry; 283 | ListHead->Flink = (PVOID32)(UINT32)(SIZE_T)Entry; 284 | } 285 | else 286 | { 287 | Entry->Flink = Flink; 288 | Entry->Blink = ListHead; 289 | Flink->Blink = Entry; 290 | ListHead->Flink = Entry; 291 | } 292 | } 293 | 294 | 295 | template 296 | FORCEINLINE auto AppendTailList( 297 | _Inout_ LIST_ENTRY_T* ListHead, 298 | _Inout_ LIST_ENTRY_T* ListToAppend) 299 | -> VOID 300 | { 301 | using LIST_TYPE = LIST_ENTRY_T; 302 | using PLIST_TYPE = LIST_TYPE * ; 303 | 304 | auto ListEnd = PLIST_TYPE(); 305 | 306 | ListEnd = (PLIST_TYPE)ListHead->Blink; 307 | 308 | if constexpr (sizeof(T) == sizeof(PVOID32)) 309 | { 310 | ListHead->Blink->Flink = (PVOID32)(UINT32)(SIZE_T)ListToAppend; 311 | ListHead->Blink = (PVOID32)(UINT32)(SIZE_T)ListToAppend->Blink; 312 | ListToAppend->Blink->Flink = (PVOID32)(UINT32)(SIZE_T)ListHead; 313 | ListToAppend->Blink = (PVOID32)(UINT32)(SIZE_T)ListEnd; 314 | } 315 | else 316 | { 317 | ListHead->Blink->Flink = ListToAppend; 318 | ListHead->Blink = ListToAppend->Blink; 319 | ListToAppend->Blink->Flink = ListHead; 320 | ListToAppend->Blink = ListEnd; 321 | } 322 | } 323 | 324 | } -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/NetKernel.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "NetStruct.inl" 3 | 4 | 5 | namespace wdk 6 | { 7 | extern"C" 8 | { 9 | inline auto NetInitSystem() -> NTSTATUS 10 | { 11 | return STATUS_SUCCESS; 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/NetStruct.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | namespace wdk 5 | { 6 | 7 | 8 | enum class NetworkAdapterCharacteristics : UINT32 9 | { 10 | NCF_VIRTUAL = 0x00000001, 11 | NCF_SOFTWARE_ENUMERATED = 0x00000002, 12 | NCF_PHYSICAL = 0x00000004, 13 | NCF_HIDDEN = 0x00000008, 14 | NCF_NO_SERVICE = 0x00000010, 15 | NCF_NOT_USER_REMOVABLE = 0x00000020, 16 | NCF_MULTIPORT_INSTANCED_ADAPTER = 0x00000040, 17 | NCF_HAS_UI = 0x00000080, 18 | NCF_SINGLE_INSTANCE = 0x00000100, 19 | NCF_FILTER = 0x00000400, 20 | NCF_DONTEXPOSELOWER = 0x00001000, 21 | NCF_HIDE_BINDING = 0x00002000, 22 | NCF_NDIS_PROTOCOL = 0x00004000, 23 | NCF_FIXED_BINDING = 0x00020000, 24 | NCF_LW_FILTER = 0x00040000 25 | }; 26 | 27 | 28 | enum class AddressFamily : UINT16 29 | { 30 | Unspecified = 0, // Unspecified address family 31 | Unix = 1, // Unix local to host address 32 | InterNetwork = 2, // Address for IP version 4 33 | ImpLink = 3, // ARPANET IMP address 34 | Pup = 4, // Address for PUP protocols 35 | Chaos = 5, // Address for MIT CHAOS protocols 36 | Ipx = 6, // IPX or SPX address 37 | XeroxNS = 6, // Address for Xerox NS protocols 38 | Iso = 7, // Address for ISO protocols 39 | Osi = 7, // Address for OSI protocols 40 | Ecma = 8, // European Computer Manufacturers Association (ECMA) address 41 | DataKit = 9, // Address for Datakit protocols 42 | Ccitt = 10, // Addresses for CCITT protocols, such as X.25. 43 | Sna = 11, // IBM SNA address 44 | DecNet = 12, // DECnet address 45 | DataLink = 13, // Direct data-link interface address 46 | Lat = 14, // LAT address 47 | HyperChannel = 15, // NSC Hyperchannel address 48 | Appletalk = 16, // AppleTalk address 49 | NetBios = 17, // NetBios address 50 | VoiceView = 18, // VoiceView address 51 | FireFox = 19, // FireFox address 52 | Banyan = 21, // Banyan address 53 | Atm = 22, // Native ATM services address 54 | InterNetworkV6 = 23, // Address for IP version 6 55 | Cluster = 24, // Address for Microsoft cluster products 56 | Ieee12844 = 25, // IEEE 1284.4 workgroup address 57 | InfraredData = 26, // IrDA address 58 | NetworkDesigners= 28, // Address for Network Designers OSI gateway-enabled protocols 59 | Bluetooth = 32, // Bluetooth address 60 | 61 | Max = 35 62 | }; 63 | 64 | } 65 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ob/build_10240.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ob/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ob/build_14393.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ob/build_15063.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ob/build_16299.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ob/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ob/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ob/build_7600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ob/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ob/build_9200.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ob/build_9600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/ObKernel.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "ObStruct.inl" 3 | #include "RtlKernel.inl" 4 | 5 | 6 | namespace wdk 7 | { 8 | 9 | extern"C" 10 | { 11 | 12 | NTSTATUS NTAPI 13 | ObCreateObjectType( 14 | _In_ PUNICODE_STRING aTypeName, 15 | _In_ POBJECT_TYPE_INITIALIZER aObjectTypeInitializer, 16 | _In_opt_ PSECURITY_DESCRIPTOR aSecurityDescriptor, 17 | _Out_ POBJECT_TYPE * aObjectType 18 | ); 19 | 20 | NTSTATUS NTAPI 21 | ObCreateObject( 22 | _In_ KPROCESSOR_MODE ProbeMode, 23 | _In_ POBJECT_TYPE ObjectType, 24 | _In_ POBJECT_ATTRIBUTES ObjectAttributes, 25 | _In_ KPROCESSOR_MODE OwnershipMode, 26 | _Inout_opt_ PVOID ParseContext, 27 | _In_ ULONG ObjectBodySize, 28 | _In_ ULONG PagedPoolCharge, 29 | _In_ ULONG NonPagedPoolCharge, 30 | _Out_ PVOID * Object 31 | ); 32 | 33 | NTSTATUS NTAPI 34 | ObInsertObject( 35 | _In_ PVOID Object, 36 | _In_opt_ PACCESS_STATE PassedAccessState, 37 | _In_opt_ ACCESS_MASK DesiredAccess, 38 | _In_ ULONG ObjectPointerBias, 39 | _Out_opt_ PVOID * NewObject, 40 | _Out_opt_ PHANDLE Handle 41 | ); 42 | 43 | NTSTATUS NTAPI 44 | ObOpenObjectByName( 45 | _In_ POBJECT_ATTRIBUTES ObjectAttributes, 46 | _In_opt_ POBJECT_TYPE ObjectType, 47 | _In_ KPROCESSOR_MODE AccessMode, 48 | _Inout_opt_ PACCESS_STATE AccessState, 49 | _In_opt_ ACCESS_MASK DesiredAccess, 50 | _Inout_opt_ PVOID ParseContext, 51 | _Out_ PHANDLE Handle 52 | ); 53 | 54 | NTSTATUS NTAPI 55 | ObOpenObjectByPointer( 56 | _In_ PVOID aObject, 57 | _In_ ULONG aHandleAttributes, 58 | _In_opt_ PACCESS_STATE aPassedAccessState, 59 | _In_ ACCESS_MASK aDesiredAccess, 60 | _In_opt_ POBJECT_TYPE aObjectType, 61 | _In_ KPROCESSOR_MODE aAccessMode, 62 | _Out_ PHANDLE aHandle 63 | ); 64 | 65 | NTSTATUS NTAPI 66 | ObOpenObjectByPointerWithTag( 67 | _In_ PVOID aObject, 68 | _In_ ULONG aHandleAttributes, 69 | _In_opt_ PACCESS_STATE aPassedAccessState, 70 | _In_ ACCESS_MASK aDesiredAccess, 71 | _In_opt_ POBJECT_TYPE aObjectType, 72 | _In_ KPROCESSOR_MODE aAccessMode, 73 | _In_ ULONG aTag, 74 | _Out_ PHANDLE aHandle 75 | ); 76 | 77 | VOID NTAPI 78 | ObMakeTemporaryObject( 79 | _In_ PVOID Object 80 | ); 81 | 82 | BOOLEAN NTAPI 83 | ObFindHandleForObject( 84 | _In_ PEPROCESS Process, 85 | _In_ PVOID Object, 86 | _In_opt_ POBJECT_TYPE ObjectType, 87 | _In_opt_ POBJECT_HANDLE_INFORMATION MatchCriteria, 88 | _Out_ PHANDLE Handle 89 | ); 90 | 91 | // begin win8 92 | BOOLEAN FASTCALL 93 | ObReferenceObjectSafe( 94 | _In_ PVOID Object 95 | ); 96 | 97 | // begin win8 98 | BOOLEAN FASTCALL 99 | ObReferenceObjectSafeWithTag( 100 | _In_ PVOID Object, 101 | _In_ ULONG Tag 102 | ); 103 | 104 | NTSTATUS NTAPI 105 | ObReferenceObjectByName( 106 | _In_ PUNICODE_STRING ObjectName, 107 | _In_ ULONG Attributes, 108 | _In_opt_ PACCESS_STATE AccessState, 109 | _In_opt_ ACCESS_MASK DesiredAccess, 110 | _In_ POBJECT_TYPE ObjectType, 111 | _In_ KPROCESSOR_MODE AccessMode, 112 | _Inout_opt_ PVOID ParseContext, 113 | _Out_ PVOID *Object 114 | ); 115 | 116 | NTSTATUS NTAPI 117 | ObQueryNameString( 118 | _In_ PVOID Object, 119 | _Out_writes_bytes_opt_(Length) POBJECT_NAME_INFORMATION ObjectNameInfo, 120 | _In_ ULONG Length, 121 | _Out_ PULONG ReturnLength 122 | ); 123 | 124 | BOOLEAN NTAPI 125 | ObIsKernelHandle( 126 | _In_ HANDLE Handle 127 | ); 128 | 129 | struct _OBJECT_HEADER_NAME_INFO* NTAPI 130 | ObQueryNameInfo( 131 | _In_ PVOID Object 132 | ); 133 | 134 | POBJECT_TYPE NTAPI 135 | ObGetObjectType( 136 | _In_ PVOID Object 137 | ); 138 | 139 | NTSTATUS NTAPI 140 | ObDuplicateObject( 141 | _In_ PEPROCESS SourceProcess, 142 | _In_ HANDLE SourceHandle, 143 | _In_opt_ PEPROCESS TargetProcess, 144 | _Out_opt_ PHANDLE TargetHandle, 145 | _In_ ACCESS_MASK DesiredAccess, 146 | _In_ ULONG HandleAttributes, 147 | _In_ ULONG Options, 148 | _In_ KPROCESSOR_MODE PreviousMode 149 | ); 150 | } 151 | } 152 | 153 | namespace wdk 154 | { 155 | extern"C" 156 | { 157 | inline auto ObMakeKernelHandle(HANDLE aHandle) -> HANDLE 158 | { 159 | #ifdef _X86_ 160 | #define KERNEL_HANDLE_BIT (0x80000000) 161 | #else 162 | #define KERNEL_HANDLE_BIT (0xffffffff80000000) 163 | #endif 164 | 165 | return ((HANDLE)((ULONG_PTR)(aHandle) | KERNEL_HANDLE_BIT)); 166 | } 167 | 168 | __declspec(selectany) UINT8 ObInfoMaskToOffset[UINT8(~UINT8(0u)) + 1u]{}; 169 | inline auto ObInitInfoBlockOffsets() -> NTSTATUS 170 | { 171 | auto vVer = GetSystemVersion(); 172 | if (vVer == SystemVersion::Unknown) 173 | { 174 | return STATUS_NOT_SUPPORTED; 175 | } 176 | 177 | for (auto vMask = 0u; vMask < _countof(ObInfoMaskToOffset); ++vMask) 178 | { 179 | auto vOffset = UINT8(); 180 | 181 | if (vMask & ObInfoMask::ObInfoMaskCreatorInfo) 182 | { 183 | vOffset += sizeof(OBJECT_HEADER_CREATOR_INFO); 184 | } 185 | if (vMask & ObInfoMask::ObInfoMaskNameInfo) 186 | { 187 | vOffset += sizeof(OBJECT_HEADER_NAME_INFO); 188 | } 189 | if (vMask & ObInfoMask::ObInfoMaskHandleInfo) 190 | { 191 | vOffset += sizeof(OBJECT_HEADER_HANDLE_INFO); 192 | } 193 | if (vMask & ObInfoMask::ObInfoMaskQuotaInfo) 194 | { 195 | vOffset += sizeof(OBJECT_HEADER_QUOTA_INFO); 196 | } 197 | if (vMask & ObInfoMask::ObInfoMaskProcessInfo) 198 | { 199 | vOffset += sizeof(OBJECT_HEADER_PROCESS_INFO); 200 | } 201 | 202 | if (vVer >= SystemVersion::Windows8) 203 | { 204 | if (vMask & ObInfoMask::ObInfoMaskAuditInfo) 205 | { 206 | vOffset += sizeof(OBJECT_HEADER_AUDIT_INFO); 207 | } 208 | } 209 | 210 | if (vVer >= SystemVersion::Windows10_1507 && vVer <= SystemVersion::Windows10_1511) 211 | { 212 | if (vMask & ObInfoMask::ObInfoMaskHandleRevocationInfo) 213 | { 214 | vOffset += sizeof(OBJECT_HEADER_HANDLE_REVOCATION_INFO); 215 | } 216 | } 217 | 218 | if (vVer >= SystemVersion::Windows10_1607) 219 | { 220 | if (vMask & ObInfoMask::ObInfoMaskExtendedInfo) 221 | { 222 | vOffset += sizeof(OBJECT_HEADER_EXTENDED_INFO); 223 | } 224 | } 225 | 226 | if (vVer >= SystemVersion::Windows7 && vVer <= SystemVersion::Windows7_SP1) 227 | { 228 | if (vMask & ObInfoMask::ObInfoMaskPaddingInfoWin7x) 229 | { 230 | vOffset += sizeof(OBJECT_HEADER_PADDING_INFO); 231 | } 232 | } 233 | 234 | if (vVer >= SystemVersion::Windows8 && vVer <= SystemVersion::Windows8_1) 235 | { 236 | if (vMask & ObInfoMask::ObInfoMaskPaddingInfoWin8x) 237 | { 238 | vOffset += sizeof(OBJECT_HEADER_PADDING_INFO); 239 | } 240 | } 241 | 242 | if (vVer >= SystemVersion::Windows10_1507) 243 | { 244 | if (vMask & ObInfoMask::ObInfoMaskPaddingInfo) 245 | { 246 | vOffset += sizeof(OBJECT_HEADER_PADDING_INFO); 247 | } 248 | } 249 | 250 | ObInfoMaskToOffset[vMask] = vOffset; 251 | } 252 | 253 | return STATUS_SUCCESS; 254 | } 255 | 256 | inline auto ObGetObjectHeader(PVOID aObject) -> POBJECT_HEADER 257 | { 258 | return CONTAINING_RECORD(aObject, OBJECT_HEADER, Body); 259 | } 260 | 261 | inline auto ObGetObjectHeaderInfo(PVOID aObject, ObInfoMask aMask) 262 | -> PVOID 263 | { 264 | auto vInfo = PVOID{}; 265 | auto vHeader = ObGetObjectHeader(aObject); 266 | 267 | if (vHeader->InfoMask & aMask) 268 | { 269 | auto vMaxMask = (aMask | (aMask - 1)); 270 | vInfo = (UINT8*)vHeader - ObInfoMaskToOffset[vHeader->InfoMask & vMaxMask]; 271 | } 272 | return vInfo; 273 | } 274 | 275 | 276 | __declspec(selectany) POBJECT_TYPE _ObTypeObjectType = nullptr; 277 | __declspec(selectany) POBJECT_TYPE * ObTypeObjectType = &_ObTypeObjectType; 278 | 279 | 280 | inline auto ObInitSystem() -> NTSTATUS 281 | { 282 | auto vStatus = STATUS_SUCCESS; 283 | 284 | for (;;) 285 | { 286 | vStatus = ObInitInfoBlockOffsets(); 287 | if (!NT_SUCCESS(vStatus)) 288 | { 289 | break; 290 | } 291 | 292 | _ObTypeObjectType = ObGetObjectType(*PsProcessType); 293 | break; 294 | } 295 | 296 | return vStatus; 297 | } 298 | } 299 | } -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ps/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.1.7601.24260\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_7601 11 | { 12 | using build_7600::NumberOfProcessor; 13 | 14 | SameDefine$(build_7600, KAFFINITY_EX); 15 | SameDefine$(build_7600, KPROCESS); 16 | SameDefine$(build_7600, EPROCESS); 17 | 18 | } 19 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/PsKernel.inl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/w1nds/ishellcode/24b5c64b568a7c1f59db01e0592b867959c5894a/driver/TestWDK/WDKExt/Wdk/PsKernel.inl -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Rtl/build_10240.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10240.17443\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_10240 11 | { 12 | 13 | SameDefine$(build_9600, RTL_BALANCED_NODE); 14 | SameDefine$(build_9600, RTL_RB_TREE); 15 | SameDefine$(build_9600, RTL_AVL_TREE); 16 | 17 | } 18 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Rtl/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10586.1176\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_10586 11 | { 12 | 13 | SameDefine$(build_10240, RTL_BALANCED_NODE); 14 | SameDefine$(build_10240, RTL_RB_TREE); 15 | SameDefine$(build_10240, RTL_AVL_TREE); 16 | 17 | } 18 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Rtl/build_14393.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.14393.2214\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_14393 11 | { 12 | 13 | SameDefine$(build_10586, RTL_BALANCED_NODE); 14 | SameDefine$(build_10586, RTL_RB_TREE); 15 | SameDefine$(build_10586, RTL_AVL_TREE); 16 | 17 | } 18 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Rtl/build_15063.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.15063.1418\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_15063 11 | { 12 | 13 | SameDefine$(build_14393, RTL_BALANCED_NODE); 14 | SameDefine$(build_14393, RTL_AVL_TREE); 15 | 16 | 17 | typedef struct _RTL_RB_TREE 18 | { 19 | struct _RTL_BALANCED_NODE* Root; 20 | union 21 | { 22 | UINT8 Encoded : 1; /* bit position: 0 */ 23 | struct _RTL_BALANCED_NODE* Min; 24 | }; 25 | } RTL_RB_TREE, *PRTL_RB_TREE; /* size: 0x0010 */ /* size: 0x0008 */ 26 | static_assert(sizeof(RTL_RB_TREE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0010 : 0x0008)); 27 | 28 | 29 | } 30 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Rtl/build_16299.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.16299.755\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_16299 11 | { 12 | 13 | SameDefine$(build_15063, RTL_BALANCED_NODE); 14 | SameDefine$(build_15063, RTL_AVL_TREE); 15 | SameDefine$(build_15063, RTL_RB_TREE); 16 | 17 | } 18 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Rtl/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17134.376\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_17134 11 | { 12 | 13 | SameDefine$(build_16299, RTL_BALANCED_NODE); 14 | SameDefine$(build_16299, RTL_AVL_TREE); 15 | SameDefine$(build_16299, RTL_RB_TREE); 16 | 17 | } 18 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Rtl/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17763.55\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_17763 11 | { 12 | 13 | SameDefine$(build_17134, RTL_BALANCED_NODE); 14 | SameDefine$(build_17134, RTL_AVL_TREE); 15 | SameDefine$(build_17134, RTL_RB_TREE); 16 | 17 | } 18 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Rtl/build_7600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Rtl/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Rtl/build_9200.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Rtl/build_9600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\6.3.9600.19038\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_9600 11 | { 12 | 13 | typedef struct _RTL_BALANCED_NODE 14 | { 15 | union 16 | { 17 | struct _RTL_BALANCED_NODE* Children[2]; 18 | struct 19 | { 20 | struct _RTL_BALANCED_NODE* Left; 21 | struct _RTL_BALANCED_NODE* Right; 22 | }; /* size: 0x0010 */ /* size: 0x0008 */ 23 | }; /* size: 0x0010 */ /* size: 0x0008 */ 24 | union 25 | { 26 | UINT8 Red : 1; /* bit position: 0 */ 27 | UINT8 Balance : 2; /* bit position: 0 */ 28 | SIZE_T ParentValue; 29 | }; /* size: 0x0008 */ /* size: 0x0004 */ 30 | } RTL_BALANCED_NODE, *PRTL_BALANCED_NODE; /* size: 0x0018 */ /* size: 0x000c */ 31 | static_assert(sizeof(RTL_BALANCED_NODE) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0018 : 0x000c)); 32 | 33 | 34 | typedef struct _RTL_RB_TREE 35 | { 36 | struct _RTL_BALANCED_NODE* Root; 37 | struct _RTL_BALANCED_NODE* Min; 38 | } RTL_RB_TREE, *PRTL_RB_TREE; /* size: 0x0010 */ /* size: 0x0008 */ 39 | 40 | 41 | typedef struct _RTL_AVL_TREE 42 | { 43 | struct _RTL_BALANCED_NODE* Root; 44 | } RTL_AVL_TREE, *PRTL_AVL_TREE; 45 | 46 | 47 | } 48 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/RtlKernel.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "RtlStruct.inl" 3 | 4 | 5 | namespace wdk 6 | { 7 | extern"C" 8 | { 9 | 10 | PIMAGE_NT_HEADERS NTAPI 11 | RtlImageNtHeader( 12 | _In_ PVOID Base 13 | ); 14 | 15 | PVOID NTAPI 16 | RtlImageDirectoryEntryToData( 17 | _In_ PVOID Base, 18 | _In_ BOOLEAN MappedAsImage, 19 | _In_ USHORT DirectoryEntry, 20 | _Out_ PULONG Size 21 | ); 22 | 23 | ULONG NTAPI 24 | RtlGetNtGlobalFlags( 25 | VOID 26 | ); 27 | 28 | BOOLEAN NTAPI 29 | RtlIsSandboxedToken( 30 | _In_opt_ PSECURITY_SUBJECT_CONTEXT Context, 31 | _In_ KPROCESSOR_MODE PreviousMode 32 | ); 33 | 34 | NTSTATUS NTAPI 35 | RtlConvertSidToUnicodeString( 36 | _Inout_ PUNICODE_STRING UnicodeString, 37 | _In_ PSID Sid, 38 | _In_ BOOLEAN AllocateDestinationString 39 | ); 40 | 41 | ULONG NTAPI 42 | RtlNtStatusToDosError( 43 | _In_ NTSTATUS Status 44 | ); 45 | 46 | ULONG NTAPI 47 | RtlNtStatusToDosErrorNoTeb( 48 | _In_ NTSTATUS Status 49 | ); 50 | 51 | } 52 | } 53 | 54 | namespace wdk 55 | { 56 | extern"C" 57 | { 58 | 59 | inline constexpr auto Is64BitSystem() -> bool { return (sizeof(SIZE_T) == sizeof(UINT64)); }; 60 | inline constexpr auto Is32BitSystem() -> bool { return !Is64BitSystem(); } 61 | 62 | __declspec(selectany) SystemVersion NtSystemVersion = SystemVersion::Unknown; 63 | inline auto GetSystemVersion() 64 | ->SystemVersion 65 | { 66 | if (SystemVersion::Unknown != NtSystemVersion) 67 | { 68 | return NtSystemVersion; 69 | } 70 | 71 | NTSTATUS vStatus = STATUS_SUCCESS; 72 | RTL_OSVERSIONINFOW vVersion{}; 73 | 74 | vStatus = RtlGetVersion(&vVersion); 75 | if (STATUS_SUCCESS != vStatus) 76 | { 77 | return SystemVersion::Unknown; 78 | } 79 | 80 | switch (vVersion.dwBuildNumber) 81 | { 82 | default: 83 | break; 84 | case 2600: 85 | NtSystemVersion = SystemVersion::WindowsXP; 86 | break; 87 | case 3790: 88 | NtSystemVersion = SystemVersion::WindowsXP64; 89 | break; 90 | case 6000: 91 | NtSystemVersion = SystemVersion::WindowsVista; 92 | break; 93 | case 6001: 94 | NtSystemVersion = SystemVersion::WindowsVista_SP1; 95 | break; 96 | case 6002: 97 | NtSystemVersion = SystemVersion::WindowsVista_SP2; 98 | break; 99 | case 7600: 100 | NtSystemVersion = SystemVersion::Windows7; 101 | break; 102 | case 7601: 103 | NtSystemVersion = SystemVersion::Windows7_SP1; 104 | break; 105 | case 9200: 106 | NtSystemVersion = SystemVersion::Windows8; 107 | break; 108 | case 9600: 109 | NtSystemVersion = SystemVersion::Windows8_1; 110 | break; 111 | case 10240: 112 | NtSystemVersion = SystemVersion::Windows10; 113 | break; 114 | case 10586: 115 | NtSystemVersion = SystemVersion::Windows10_1511; 116 | break; 117 | case 14393: 118 | NtSystemVersion = SystemVersion::Windows10_1607; 119 | break; 120 | case 15063: 121 | NtSystemVersion = SystemVersion::Windows10_1703; 122 | break; 123 | case 16299: 124 | NtSystemVersion = SystemVersion::Windows10_1709; 125 | break; 126 | case 17134: 127 | NtSystemVersion = SystemVersion::Windows10_1803; 128 | break; 129 | case 17763: 130 | NtSystemVersion = SystemVersion::Windows10_1809; 131 | break; 132 | } 133 | 134 | return NtSystemVersion; 135 | } 136 | 137 | inline bool IsWindowsXPOrGreater() 138 | { 139 | if (GetSystemVersion() >= SystemVersion::WindowsXP) 140 | { 141 | return true; 142 | } 143 | return false; 144 | } 145 | 146 | inline bool IsWindowsXPSP1OrGreater() 147 | { 148 | if (GetSystemVersion() >= SystemVersion::WindowsXP) 149 | { 150 | return true; 151 | } 152 | return false; 153 | } 154 | 155 | inline bool IsWindowsXPSP2OrGreater() 156 | { 157 | if (GetSystemVersion() >= SystemVersion::WindowsXP) 158 | { 159 | return true; 160 | } 161 | return false; 162 | } 163 | 164 | inline bool IsWindowsXPSP3OrGreater() 165 | { 166 | if (GetSystemVersion() >= SystemVersion::WindowsXP) 167 | { 168 | return true; 169 | } 170 | return false; 171 | } 172 | 173 | inline bool IsWindowsVistaOrGreater() 174 | { 175 | if (GetSystemVersion() >= SystemVersion::WindowsVista) 176 | { 177 | return true; 178 | } 179 | return false; 180 | } 181 | 182 | inline bool IsWindowsVistaSP1OrGreater() 183 | { 184 | if (GetSystemVersion() >= SystemVersion::WindowsVista_SP1) 185 | { 186 | return true; 187 | } 188 | return false; 189 | } 190 | 191 | inline bool IsWindowsVistaSP2OrGreater() 192 | { 193 | if (GetSystemVersion() >= SystemVersion::WindowsVista_SP2) 194 | { 195 | return true; 196 | } 197 | return false; 198 | } 199 | 200 | inline bool IsWindows7OrGreater() 201 | { 202 | if (GetSystemVersion() >= SystemVersion::Windows7) 203 | { 204 | return true; 205 | } 206 | return false; 207 | } 208 | 209 | inline bool IsWindows7SP1OrGreater() 210 | { 211 | if (GetSystemVersion() >= SystemVersion::Windows7_SP1) 212 | { 213 | return true; 214 | } 215 | return false; 216 | } 217 | 218 | inline bool IsWindows8OrGreater() 219 | { 220 | if (GetSystemVersion() >= SystemVersion::Windows8) 221 | { 222 | return true; 223 | } 224 | return false; 225 | } 226 | 227 | inline bool IsWindows8Point1OrGreater() 228 | { 229 | if (GetSystemVersion() >= SystemVersion::Windows8_1) 230 | { 231 | return true; 232 | } 233 | return false; 234 | } 235 | 236 | inline bool IsWindows10OrGreater() 237 | { 238 | if (GetSystemVersion() >= SystemVersion::Windows10) 239 | { 240 | return true; 241 | } 242 | return false; 243 | } 244 | 245 | inline bool IsWindowsThreshold1OrGreater() 246 | { 247 | if (GetSystemVersion() >= SystemVersion::Windows10_1507) 248 | { 249 | return true; 250 | } 251 | return false; 252 | } 253 | 254 | inline bool IsWindowsThreshold2OrGreater() 255 | { 256 | if (GetSystemVersion() >= SystemVersion::Windows10_1511) 257 | { 258 | return true; 259 | } 260 | return false; 261 | } 262 | 263 | inline bool IsWindowsRedstone1OrGreater() 264 | { 265 | if (GetSystemVersion() >= SystemVersion::Windows10_1607) 266 | { 267 | return true; 268 | } 269 | return false; 270 | } 271 | 272 | inline bool IsWindowsRedstone2OrGreater() 273 | { 274 | if (GetSystemVersion() >= SystemVersion::Windows10_1703) 275 | { 276 | return true; 277 | } 278 | return false; 279 | } 280 | 281 | inline bool IsWindowsRedstone3OrGreater() 282 | { 283 | if (GetSystemVersion() >= SystemVersion::Windows10_1709) 284 | { 285 | return true; 286 | } 287 | return false; 288 | } 289 | 290 | inline bool IsWindowsRedstone4OrGreater() 291 | { 292 | if (GetSystemVersion() >= SystemVersion::Windows10_1803) 293 | { 294 | return true; 295 | } 296 | return false; 297 | } 298 | 299 | inline bool IsWindowsRedstone5OrGreater() 300 | { 301 | if (GetSystemVersion() >= SystemVersion::Windows10_1809) 302 | { 303 | return true; 304 | } 305 | return false; 306 | } 307 | 308 | inline auto RtlInitSystem() -> NTSTATUS 309 | { 310 | if (GetSystemVersion() == SystemVersion::Unknown) 311 | { 312 | return STATUS_NOT_SUPPORTED; 313 | } 314 | 315 | return STATUS_SUCCESS; 316 | } 317 | 318 | } 319 | } 320 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/RtlStruct.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | namespace wdk 5 | { 6 | 7 | #pragma region Version 8 | enum class SystemVersion : UINT32 9 | { 10 | Unknown, 11 | 12 | WindowsXP, // 5.1.2600 13 | WindowsXP64, // 5.2.3790 14 | 15 | WindowsVista, // 6.0.6000 16 | WindowsVista_SP1, // 6.0.6001 17 | WindowsVista_SP2, // 6.0.6002 18 | 19 | Windows7, // 6.1.7600 20 | Windows7_SP1, // 6.1.7601 21 | 22 | Windows8, // 6.2.9200 23 | 24 | Windows8_1, // 6.3.9600 25 | 26 | Windows10, 27 | Windows10_1507 = Windows10, // 10.0.10240 28 | Windows10_1511, // 10.0.10586 29 | Windows10_1607, // 10.0.14393 30 | Windows10_1703, // 10.0.15063 31 | Windows10_1709, // 10.0.16299 32 | Windows10_1803, // 10.0.17134 33 | Windows10_1809, // 10.0.17763 34 | WindowsMax, 35 | }; 36 | #pragma endregion 37 | 38 | 39 | #pragma region Module 40 | typedef struct _RTL_PROCESS_MODULE_INFORMATION 41 | { 42 | HANDLE Section; 43 | PVOID MappedBase; 44 | PVOID ImageBase; 45 | ULONG ImageSize; 46 | ULONG Flags; 47 | USHORT LoadOrderIndex; 48 | USHORT InitOrderIndex; 49 | USHORT LoadCount; 50 | USHORT OffsetToFileName; 51 | UCHAR FullPathName[256]; 52 | } RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION; 53 | 54 | typedef struct _RTL_PROCESS_MODULES 55 | { 56 | ULONG NumberOfModules; 57 | RTL_PROCESS_MODULE_INFORMATION Modules[1]; 58 | } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES; 59 | 60 | // private 61 | typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX 62 | { 63 | USHORT NextOffset; 64 | RTL_PROCESS_MODULE_INFORMATION BaseInfo; 65 | ULONG ImageChecksum; 66 | ULONG TimeDateStamp; 67 | PVOID DefaultBase; 68 | } RTL_PROCESS_MODULE_INFORMATION_EX, *PRTL_PROCESS_MODULE_INFORMATION_EX; 69 | #pragma endregion 70 | 71 | 72 | #pragma region PEB-UserParameters 73 | template 74 | struct CURDIR_T 75 | { 76 | using UNICODE_STRING = T_STRING; 77 | 78 | UNICODE_STRING DosPath; 79 | T Handle; 80 | }; /* size: 0x0018 */ /* size: 0x000c */ 81 | 82 | using CURDIR = CURDIR_T; 83 | using CURDIR32 = CURDIR_T; 84 | using CURDIR64 = CURDIR_T; 85 | 86 | using PCURDIR = CURDIR * ; 87 | using PCURDIR32 = CURDIR32 * ; 88 | using PCURDIR64 = CURDIR64 * ; 89 | 90 | static_assert(sizeof(CURDIR32) == 0x000c); 91 | static_assert(sizeof(CURDIR64) == 0x0018); 92 | 93 | 94 | template 95 | struct RTL_DRIVE_LETTER_CURDIR_T 96 | { 97 | using UNICODE_STRING = T_STRING; 98 | 99 | UINT16 Flags; 100 | UINT16 Length; 101 | UINT32 TimeStamp; 102 | UNICODE_STRING DosPath; 103 | }; /* size: 0x0018 */ /* size: 0x0010 */ 104 | 105 | using RTL_DRIVE_LETTER_CURDIR = RTL_DRIVE_LETTER_CURDIR_T; 106 | using RTL_DRIVE_LETTER_CURDIR32 = RTL_DRIVE_LETTER_CURDIR_T; 107 | using RTL_DRIVE_LETTER_CURDIR64 = RTL_DRIVE_LETTER_CURDIR_T; 108 | 109 | using PRTL_DRIVE_LETTER_CURDIR = RTL_DRIVE_LETTER_CURDIR * ; 110 | using PRTL_DRIVE_LETTER_CURDIR32 = RTL_DRIVE_LETTER_CURDIR32 * ; 111 | using PRTL_DRIVE_LETTER_CURDIR64 = RTL_DRIVE_LETTER_CURDIR64 * ; 112 | 113 | static_assert(sizeof(RTL_DRIVE_LETTER_CURDIR32) == 0x0010); 114 | static_assert(sizeof(RTL_DRIVE_LETTER_CURDIR64) == 0x0018); 115 | 116 | 117 | enum : UINT32 118 | { 119 | RtlMaxDriveLetters = 32 120 | }; 121 | 122 | 123 | template 124 | struct RTL_USER_PROCESS_PARAMETERS_T 125 | { 126 | using CURDIR = CURDIR_T; 127 | using UNICODE_STRING = T_STRING; 128 | using CURDIR = CURDIR_T; 129 | using RTL_DRIVE_LETTER_CURDIR = RTL_DRIVE_LETTER_CURDIR_T; 130 | 131 | UINT32 MaximumLength; 132 | UINT32 Length; 133 | UINT32 Flags; 134 | UINT32 DebugFlags; 135 | T ConsoleHandle; 136 | UINT32 ConsoleFlags; 137 | T StandardInput; 138 | T StandardOutput; 139 | T StandardError; 140 | CURDIR CurrentDirectory; 141 | UNICODE_STRING DllPath; 142 | UNICODE_STRING ImagePathName; 143 | UNICODE_STRING CommandLine; 144 | T Environment; 145 | UINT32 StartingX; 146 | UINT32 StartingY; 147 | UINT32 CountX; 148 | UINT32 CountY; 149 | UINT32 CountCharsX; 150 | UINT32 CountCharsY; 151 | UINT32 FillAttribute; 152 | UINT32 WindowFlags; 153 | UINT32 ShowWindowFlags; 154 | UNICODE_STRING WindowTitle; 155 | UNICODE_STRING DesktopInfo; 156 | UNICODE_STRING ShellInfo; 157 | UNICODE_STRING RuntimeData; 158 | RTL_DRIVE_LETTER_CURDIR CurrentDirectores[RtlMaxDriveLetters]; 159 | I EnvironmentSize; 160 | I EnvironmentVersion; 161 | T PackageDependencyData; 162 | UINT32 ProcessGroupId; 163 | UINT32 LoaderThreads; 164 | UNICODE_STRING RedirectionDllName; 165 | }; /* size: 0x0420 */ /* size: 0x02ac */ 166 | 167 | using RTL_USER_PROCESS_PARAMETERS = RTL_USER_PROCESS_PARAMETERS_T; 168 | using RTL_USER_PROCESS_PARAMETERS32 = RTL_USER_PROCESS_PARAMETERS_T; 169 | using RTL_USER_PROCESS_PARAMETERS64 = RTL_USER_PROCESS_PARAMETERS_T; 170 | 171 | using PRTL_USER_PROCESS_PARAMETERS = RTL_USER_PROCESS_PARAMETERS * ; 172 | using PRTL_USER_PROCESS_PARAMETERS32 = RTL_USER_PROCESS_PARAMETERS32 * ; 173 | using PRTL_USER_PROCESS_PARAMETERS64 = RTL_USER_PROCESS_PARAMETERS64 * ; 174 | 175 | static_assert(sizeof(RTL_USER_PROCESS_PARAMETERS32) == 0x02ac); 176 | static_assert(sizeof(RTL_USER_PROCESS_PARAMETERS64) == 0x0420); 177 | #pragma endregion 178 | 179 | 180 | } 181 | 182 | #include "Rtl\build_7600.inl" 183 | #include "Rtl\build_7601.inl" 184 | #include "Rtl\build_9200.inl" 185 | #include "Rtl\build_9600.inl" 186 | #include "Rtl\build_10240.inl" 187 | #include "Rtl\build_10586.inl" 188 | #include "Rtl\build_14393.inl" 189 | #include "Rtl\build_15063.inl" 190 | #include "Rtl\build_16299.inl" 191 | #include "Rtl\build_17134.inl" 192 | #include "Rtl\build_17763.inl" 193 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Se/build_10240.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Se/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Se/build_14393.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Se/build_15063.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Se/build_16299.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Se/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Se/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Se/build_7600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Se/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Se/build_9200.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Se/build_9600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/SeKernel.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "SeMacro.inl" 3 | #include "SeStruct.inl" 4 | 5 | 6 | namespace wdk 7 | { 8 | extern"C" 9 | { 10 | extern PACL SeSystemDefaultDacl; 11 | 12 | NTSTATUS NTAPI 13 | SeLocateProcessImageName( 14 | _Inout_ PEPROCESS Process, 15 | _Outptr_ PUNICODE_STRING *pImageFileName 16 | ); 17 | 18 | SECURITY_IMPERSONATION_LEVEL NTAPI 19 | SeTokenImpersonationLevel( 20 | __in PACCESS_TOKEN Token 21 | ); 22 | 23 | TOKEN_TYPE NTAPI 24 | SeTokenType( 25 | _In_ PACCESS_TOKEN Token 26 | ); 27 | 28 | BOOLEAN NTAPI 29 | SeTokenIsAdmin( 30 | _In_ PACCESS_TOKEN Token 31 | ); 32 | 33 | BOOLEAN NTAPI 34 | SeTokenIsRestricted( 35 | _In_ PACCESS_TOKEN Token 36 | ); 37 | } 38 | } 39 | 40 | namespace wdk 41 | { 42 | extern"C" 43 | { 44 | inline auto SeInitSystem() -> NTSTATUS 45 | { 46 | return STATUS_SUCCESS; 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ts/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.10586.1176\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_10586 11 | { 12 | 13 | SameDefine$(build_10240, KTHREAD); 14 | SameDefine$(build_10240, ETHREAD); 15 | 16 | } 17 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ts/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17134.376\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_17134 11 | { 12 | 13 | SameDefine$(build_16299, KTHREAD); 14 | SameDefine$(build_16299, ETHREAD); 15 | 16 | } 17 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Ts/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | /* 5 | * PDB file: \Nt-Crucial-Modules\Ntoskrnl\10.0.17763.55\ 6 | * Dumped by pdbex tool v0.4, by wbenny 7 | */ 8 | 9 | 10 | namespace wdk::build_17763 11 | { 12 | 13 | SameDefine$(build_17134, KTHREAD); 14 | 15 | 16 | typedef struct _ETHREAD 17 | { 18 | struct _KTHREAD Tcb; 19 | union _LARGE_INTEGER CreateTime; 20 | union 21 | { 22 | union _LARGE_INTEGER ExitTime; 23 | struct _LIST_ENTRY KeyedWaitChain; 24 | }; 25 | #ifdef _X86_ 26 | VOID* ChargeOnlySession; 27 | #endif 28 | union 29 | { 30 | struct _LIST_ENTRY PostBlockList; 31 | struct 32 | { 33 | VOID* ForwardLinkShadow; 34 | VOID* StartAddress; 35 | }; 36 | }; 37 | union 38 | { 39 | struct _TERMINATION_PORT* TerminationPort; 40 | struct _ETHREAD* ReaperLink; 41 | VOID* KeyedWaitValue; 42 | }; 43 | SIZE_T ActiveTimerListLock; 44 | struct _LIST_ENTRY ActiveTimerListHead; 45 | struct _CLIENT_ID Cid; 46 | union 47 | { 48 | struct _KSEMAPHORE KeyedWaitSemaphore; 49 | struct _KSEMAPHORE AlpcWaitSemaphore; 50 | }; 51 | union _PS_CLIENT_SECURITY_CONTEXT ClientSecurity; 52 | struct _LIST_ENTRY IrpList; 53 | SIZE_T TopLevelIrp; 54 | struct _DEVICE_OBJECT* DeviceToVerify; 55 | VOID* Win32StartAddress; 56 | #ifdef _WIN64 57 | VOID* ChargeOnlySession; 58 | #endif 59 | VOID* LegacyPowerObject; 60 | struct _LIST_ENTRY ThreadListEntry; 61 | struct _EX_RUNDOWN_REF RundownProtect; 62 | struct _EX_PUSH_LOCK ThreadLock; 63 | UINT32 ReadClusterSize; 64 | volatile INT32 MmLockOrdering; 65 | union 66 | { 67 | UINT32 CrossThreadFlags; 68 | struct /* bitfield */ 69 | { 70 | UINT32 Terminated : 1; /* bit position: 0 */ 71 | UINT32 ThreadInserted : 1; /* bit position: 1 */ 72 | UINT32 HideFromDebugger : 1; /* bit position: 2 */ 73 | UINT32 ActiveImpersonationInfo : 1; /* bit position: 3 */ 74 | UINT32 HardErrorsAreDisabled : 1; /* bit position: 4 */ 75 | UINT32 BreakOnTermination : 1; /* bit position: 5 */ 76 | UINT32 SkipCreationMsg : 1; /* bit position: 6 */ 77 | UINT32 SkipTerminationMsg : 1; /* bit position: 7 */ 78 | UINT32 CopyTokenOnOpen : 1; /* bit position: 8 */ 79 | UINT32 ThreadIoPriority : 3; /* bit position: 9 */ 80 | UINT32 ThreadPagePriority : 3; /* bit position: 12 */ 81 | UINT32 RundownFail : 1; /* bit position: 15 */ 82 | UINT32 UmsForceQueueTermination : 1; /* bit position: 16 */ 83 | UINT32 IndirectCpuSets : 1; /* bit position: 17 */ 84 | UINT32 DisableDynamicCodeOptOut : 1; /* bit position: 18 */ 85 | UINT32 ExplicitCaseSensitivity : 1; /* bit position: 19 */ 86 | UINT32 PicoNotifyExit : 1; /* bit position: 20 */ 87 | UINT32 DbgWerUserReportActive : 1; /* bit position: 21 */ 88 | UINT32 ForcedSelfTrimActive : 1; /* bit position: 22 */ 89 | UINT32 SamplingCoverage : 1; /* bit position: 23 */ 90 | UINT32 ReservedCrossThreadFlags : 8; /* bit position: 24 */ 91 | }; /* bitfield */ 92 | }; /* size: 0x0004 */ 93 | union 94 | { 95 | UINT32 SameThreadPassiveFlags; 96 | struct /* bitfield */ 97 | { 98 | UINT32 ActiveExWorker : 1; /* bit position: 0 */ 99 | UINT32 MemoryMaker : 1; /* bit position: 1 */ 100 | UINT32 StoreLockThread : 2; /* bit position: 2 */ 101 | UINT32 ClonedThread : 1; /* bit position: 4 */ 102 | UINT32 KeyedEventInUse : 1; /* bit position: 5 */ 103 | UINT32 SelfTerminate : 1; /* bit position: 6 */ 104 | UINT32 RespectIoPriority : 1; /* bit position: 7 */ 105 | UINT32 ActivePageLists : 1; /* bit position: 8 */ 106 | UINT32 SecureContext : 1; /* bit position: 9 */ 107 | UINT32 ZeroPageThread : 1; /* bit position: 10 */ 108 | UINT32 WorkloadClass : 1; /* bit position: 11 */ 109 | UINT32 ReservedSameThreadPassiveFlags : 20; /* bit position: 12 */ 110 | }; /* bitfield */ 111 | }; /* size: 0x0004 */ 112 | union 113 | { 114 | UINT32 SameThreadApcFlags; 115 | struct 116 | { 117 | struct /* bitfield */ 118 | { 119 | UINT8 OwnsProcessAddressSpaceExclusive : 1; /* bit position: 0 */ 120 | UINT8 OwnsProcessAddressSpaceShared : 1; /* bit position: 1 */ 121 | UINT8 HardFaultBehavior : 1; /* bit position: 2 */ 122 | volatile UINT8 StartAddressInvalid : 1; /* bit position: 3 */ 123 | UINT8 EtwCalloutActive : 1; /* bit position: 4 */ 124 | UINT8 SuppressSymbolLoad : 1; /* bit position: 5 */ 125 | UINT8 Prefetching : 1; /* bit position: 6 */ 126 | UINT8 OwnsVadExclusive : 1; /* bit position: 7 */ 127 | }; /* bitfield */ 128 | struct /* bitfield */ 129 | { 130 | UINT8 SystemPagePriorityActive : 1; /* bit position: 0 */ 131 | UINT8 SystemPagePriority : 3; /* bit position: 1 */ 132 | UINT8 AllowWritesToExecutableMemory : 1; /* bit position: 4 */ 133 | UINT8 OwnsVadShared : 1; /* bit position: 5 */ 134 | }; /* bitfield */ 135 | }; /* size: 0x0002 */ 136 | }; /* size: 0x0004 */ 137 | UINT8 CacheManagerActive; 138 | UINT8 DisablePageFaultClustering; 139 | UINT8 ActiveFaultCount; 140 | UINT8 LockOrderState; 141 | SIZE_T AlpcMessageId; 142 | union 143 | { 144 | VOID* AlpcMessage; 145 | UINT32 AlpcReceiveAttributeSet; 146 | }; 147 | struct _LIST_ENTRY AlpcWaitListEntry; 148 | INT32 ExitStatus; 149 | UINT32 CacheManagerCount; 150 | UINT32 IoBoostCount; 151 | UINT32 IoQoSBoostCount; 152 | UINT32 IoQoSThrottleCount; 153 | UINT32 KernelStackReference; 154 | struct _LIST_ENTRY BoostList; 155 | struct _LIST_ENTRY DeboostList; 156 | EX_PUSH_LOCK BoostListLock; 157 | EX_PUSH_LOCK IrpListLock; 158 | VOID* ReservedForSynchTracking; 159 | struct _SINGLE_LIST_ENTRY CmCallbackListHead; 160 | const struct _GUID* ActivityId; 161 | struct _SINGLE_LIST_ENTRY SeLearningModeListHead; 162 | VOID* VerifierContext; 163 | VOID* AdjustedClientToken; 164 | VOID* WorkOnBehalfThread; 165 | struct _PS_PROPERTY_SET PropertySet; 166 | VOID* PicoContext; 167 | SIZE_T UserFsBase; 168 | SIZE_T UserGsBase; 169 | struct _THREAD_ENERGY_VALUES* EnergyValues; 170 | VOID* CmDbgInfo; 171 | union 172 | { 173 | SIZE_T SelectedCpuSets; 174 | SIZE_T* SelectedCpuSetsIndirect; 175 | }; 176 | struct _EJOB* Silo; 177 | struct _UNICODE_STRING* ThreadName; 178 | #ifdef _WIN64 179 | struct _CONTEXT* SetContextState; 180 | #endif 181 | UINT32 LastExpectedRunTime; 182 | UINT32 HeapData; 183 | struct _LIST_ENTRY OwnerEntryListHead; 184 | SIZE_T DisownedOwnerEntryListLock; 185 | struct _LIST_ENTRY DisownedOwnerEntryListHead; 186 | } ETHREAD, *PETHREAD; /* size: 0x0810 */ /* size: 0x0480 */ 187 | static_assert(sizeof(ETHREAD) == (sizeof(SIZE_T) == sizeof(UINT64) ? 0x0810 : 0x0480)); 188 | 189 | 190 | } 191 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Wmi/build_10240.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Wmi/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Wmi/build_14393.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Wmi/build_15063.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Wmi/build_16299.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Wmi/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Wmi/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Wmi/build_7600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Wmi/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Wmi/build_9200.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Wmi/build_9600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/WmiKernel.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "WmiStruct.inl" 3 | 4 | 5 | namespace wdk 6 | { 7 | 8 | extern"C" 9 | { 10 | 11 | LONG64 FASTCALL 12 | WmiGetClock( 13 | _In_ WMI_CLOCK_TYPE ClockType, 14 | _In_ PVOID Context 15 | ); 16 | 17 | } 18 | } 19 | 20 | namespace wdk 21 | { 22 | extern"C" 23 | { 24 | inline auto WmiInitSystem() -> NTSTATUS 25 | { 26 | return STATUS_SUCCESS; 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/WmiStruct.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | namespace wdk 5 | { 6 | enum WMI_CLOCK_TYPE 7 | { 8 | WmiClockTypeDefault, 9 | WmiClockTypeSystemTime, 10 | WmiClockTypePerfCounter, 11 | WmiClockTypeProcess, 12 | WmiClockTypeThread, 13 | WmiClockTypeCPUCycle, 14 | }; 15 | } 16 | 17 | #include "Wmi\build_7600.inl" 18 | #include "Wmi\build_7601.inl" 19 | #include "Wmi\build_9200.inl" 20 | #include "Wmi\build_9600.inl" 21 | #include "Wmi\build_10240.inl" 22 | #include "Wmi\build_10586.inl" 23 | #include "Wmi\build_14393.inl" 24 | #include "Wmi\build_15063.inl" 25 | #include "Wmi\build_16299.inl" 26 | #include "Wmi\build_17134.inl" 27 | #include "Wmi\build_17763.inl" 28 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Zw/build_10240.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Zw/build_10586.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Zw/build_14393.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Zw/build_15063.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Zw/build_16299.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Zw/build_17134.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Zw/build_17763.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Zw/build_7600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Zw/build_7601.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Zw/build_9200.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/WDKExt/Wdk/Zw/build_9600.inl: -------------------------------------------------------------------------------- 1 | #pragma once 2 | -------------------------------------------------------------------------------- /driver/TestWDK/inject.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/w1nds/ishellcode/24b5c64b568a7c1f59db01e0592b867959c5894a/driver/TestWDK/inject.cpp -------------------------------------------------------------------------------- /driver/TestWDK/inject.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "GLOBAL.h" 3 | 4 | typedef struct _THREAD_BASIC_INFORMATION 5 | { 6 | NTSTATUS ExitStatus; 7 | PVOID TebBaseAddress; 8 | CLIENT_ID ClientId; 9 | ULONG_PTR AffinityMask; 10 | LONG Priority; 11 | LONG BasePriority; 12 | } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; 13 | 14 | typedef struct _NT_PROC_THREAD_ATTRIBUTE_ENTRY 15 | { 16 | ULONG Attribute; // PROC_THREAD_ATTRIBUTE_XXX 17 | SIZE_T Size; 18 | ULONG_PTR Value; 19 | ULONG Unknown; 20 | } NT_PROC_THREAD_ATTRIBUTE_ENTRY, *NT_PPROC_THREAD_ATTRIBUTE_ENTRY; 21 | 22 | typedef struct _NT_PROC_THREAD_ATTRIBUTE_LIST 23 | { 24 | ULONG Length; 25 | NT_PROC_THREAD_ATTRIBUTE_ENTRY Entry[1]; 26 | } NT_PROC_THREAD_ATTRIBUTE_LIST, *PNT_PROC_THREAD_ATTRIBUTE_LIST; 27 | 28 | typedef struct _SYSTEM_SERVICE_DESCRIPTOR_TABLE 29 | { 30 | PULONG_PTR ServiceTableBase; 31 | PULONG ServiceCounterTableBase; 32 | ULONG_PTR NumberOfServices; 33 | PUCHAR ParamTableBase; 34 | } SYSTEM_SERVICE_DESCRIPTOR_TABLE, *PSYSTEM_SERVICE_DESCRIPTOR_TABLE; 35 | 36 | typedef struct _RTL_PROCESS_MODULE_INFORMATION 37 | { 38 | HANDLE Section; // Not filled in 39 | PVOID MappedBase; 40 | PVOID ImageBase; 41 | ULONG ImageSize; 42 | ULONG Flags; 43 | USHORT LoadOrderIndex; 44 | USHORT InitOrderIndex; 45 | USHORT LoadCount; 46 | USHORT OffsetToFileName; 47 | UCHAR FullPathName[MAXIMUM_FILENAME_LENGTH]; 48 | } RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION; 49 | 50 | typedef struct _RTL_PROCESS_MODULES 51 | { 52 | ULONG NumberOfModules; 53 | RTL_PROCESS_MODULE_INFORMATION Modules[1]; 54 | } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES; 55 | 56 | extern PVOID g_KernelBase; 57 | extern ULONG g_KernelSize; 58 | extern PSYSTEM_SERVICE_DESCRIPTOR_TABLE g_SSDT; 59 | 60 | NTSTATUS MySearchPattern(IN PCUCHAR pattern, IN UCHAR wildcard, IN ULONG_PTR len, IN const VOID* base, IN ULONG_PTR size, OUT PVOID* ppFound); 61 | PVOID GetKernelBase(OUT PULONG pSize); 62 | PSYSTEM_SERVICE_DESCRIPTOR_TABLE GetSSDTBase(); 63 | PVOID GetSSDTEntry(IN ULONG index); 64 | 65 | #define THREAD_CREATE_FLAGS_CREATE_SUSPENDED 0x00000001 66 | #define THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH 0x00000002 67 | #define THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER 0x00000004 68 | 69 | NTSTATUS KernelInjectProcess(IN HANDLE ProcessID, IN PVOID bShell, IN SIZE_T dwShellSize); 70 | 71 | NTSTATUS ExecuteInNewThread( 72 | IN PVOID BaseAddress, 73 | IN PVOID Parameter, 74 | IN ULONG Flags, 75 | IN BOOLEAN Wait, 76 | OUT PNTSTATUS ExitStatus 77 | ); 78 | 79 | typedef NTSTATUS(NTAPI* fnNtCreateThreadEx) 80 | ( 81 | OUT PHANDLE hThread, 82 | IN ACCESS_MASK DesiredAccess, 83 | IN PVOID ObjectAttributes, 84 | IN HANDLE ProcessHandle, 85 | IN PVOID lpStartAddress, 86 | IN PVOID lpParameter, 87 | IN ULONG Flags, 88 | IN SIZE_T StackZeroBits, 89 | IN SIZE_T SizeOfStackCommit, 90 | IN SIZE_T SizeOfStackReserve, 91 | OUT PVOID lpBytesBuffer 92 | ); 93 | 94 | NTSTATUS 95 | NTAPI 96 | ZwCreateThreadEx( 97 | OUT PHANDLE hThread, 98 | IN ACCESS_MASK DesiredAccess, 99 | IN PVOID ObjectAttributes, 100 | IN HANDLE ProcessHandle, 101 | IN PVOID lpStartAddress, 102 | IN PVOID lpParameter, 103 | IN ULONG Flags, 104 | IN SIZE_T StackZeroBits, 105 | IN SIZE_T SizeOfStackCommit, 106 | IN SIZE_T SizeOfStackReserve, 107 | IN PNT_PROC_THREAD_ATTRIBUTE_LIST AttributeList 108 | ); -------------------------------------------------------------------------------- /driver/TestWDK/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/w1nds/ishellcode/24b5c64b568a7c1f59db01e0592b867959c5894a/driver/TestWDK/main.cpp -------------------------------------------------------------------------------- /driver/TestWDK/ntdll.cpp: -------------------------------------------------------------------------------- 1 | #include "ntdll.h" 2 | 3 | #include "pe.h" 4 | 5 | unsigned char* NTDLL::FileData = 0; 6 | ULONG NTDLL::FileSize = 0; 7 | 8 | NTSTATUS NTDLL::Initialize() 9 | { 10 | UNICODE_STRING FileName; 11 | OBJECT_ATTRIBUTES ObjectAttributes; 12 | RtlInitUnicodeString(&FileName, L"\\SystemRoot\\system32\\ntdll.dll"); 13 | InitializeObjectAttributes(&ObjectAttributes, &FileName, 14 | OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, 15 | NULL, NULL); 16 | 17 | if(KeGetCurrentIrql() != PASSIVE_LEVEL) 18 | { 19 | #ifdef _DEBUG 20 | debug_msg(" KeGetCurrentIrql != PASSIVE_LEVEL!\n"); 21 | #endif 22 | return STATUS_UNSUCCESSFUL; 23 | } 24 | 25 | HANDLE FileHandle; 26 | IO_STATUS_BLOCK IoStatusBlock; 27 | NTSTATUS NtStatus = ZwCreateFile(&FileHandle, 28 | GENERIC_READ, 29 | &ObjectAttributes, 30 | &IoStatusBlock, NULL, 31 | FILE_ATTRIBUTE_NORMAL, 32 | FILE_SHARE_READ, 33 | FILE_OPEN, 34 | FILE_SYNCHRONOUS_IO_NONALERT, 35 | NULL, 0); 36 | if(NT_SUCCESS(NtStatus)) 37 | { 38 | FILE_STANDARD_INFORMATION StandardInformation = { 0 }; 39 | NtStatus = ZwQueryInformationFile(FileHandle, &IoStatusBlock, &StandardInformation, sizeof(FILE_STANDARD_INFORMATION), FileStandardInformation); 40 | if(NT_SUCCESS(NtStatus)) 41 | { 42 | FileSize = StandardInformation.EndOfFile.LowPart; 43 | debug_msg(" FileSize of ntdll.dll is %08X!\r\n", StandardInformation.EndOfFile.LowPart); 44 | FileData = (unsigned char*)RtlAllocateMemory(true, FileSize); 45 | 46 | LARGE_INTEGER ByteOffset; 47 | ByteOffset.LowPart = ByteOffset.HighPart = 0; 48 | NtStatus = ZwReadFile(FileHandle, 49 | NULL, NULL, NULL, 50 | &IoStatusBlock, 51 | FileData, 52 | FileSize, 53 | &ByteOffset, NULL); 54 | 55 | if(!NT_SUCCESS(NtStatus)) 56 | { 57 | RtlFreeMemory(FileData); 58 | debug_msg(" ZwReadFile failed with status %08X...\r\n", NtStatus); 59 | } 60 | } 61 | else 62 | debug_msg(" ZwQueryInformationFile failed with status %08X...\r\n", NtStatus); 63 | ZwClose(FileHandle); 64 | } 65 | else 66 | debug_msg(" ZwCreateFile failed with status %08X...\r\n", NtStatus); 67 | return NtStatus; 68 | } 69 | 70 | void NTDLL::Deinitialize() 71 | { 72 | RtlFreeMemory(FileData); 73 | } 74 | 75 | int NTDLL::GetExportSsdtIndex(const char* ExportName) 76 | { 77 | ULONG_PTR ExportOffset = PE::GetExportOffset(FileData, FileSize, ExportName); 78 | if(ExportOffset == PE_ERROR_VALUE) 79 | return -1; 80 | 81 | int SsdtOffset = -1; 82 | unsigned char* ExportData = FileData + ExportOffset; 83 | for(int i = 0; i < 32 && ExportOffset + i < FileSize; i++) 84 | { 85 | if(ExportData[i] == 0xC2 || ExportData[i] == 0xC3) //RET 86 | break; 87 | if(ExportData[i] == 0xB8) //mov eax,X 88 | { 89 | SsdtOffset = *(int*)(ExportData + i + 1); 90 | break; 91 | } 92 | } 93 | 94 | if(SsdtOffset == -1) 95 | { 96 | debug_msg(" SSDT Offset for %s not found...\r\n", ExportName); 97 | } 98 | 99 | return SsdtOffset; 100 | } -------------------------------------------------------------------------------- /driver/TestWDK/ntdll.h: -------------------------------------------------------------------------------- 1 | #ifndef _NTDLL_H 2 | #define _NTDLL_H 3 | 4 | #include "GLOBAL.h" 5 | 6 | class NTDLL 7 | { 8 | public: 9 | static NTSTATUS Initialize(); 10 | static void Deinitialize(); 11 | static int GetExportSsdtIndex(const char* ExportName); 12 | 13 | private: 14 | static unsigned char* FileData; 15 | static ULONG FileSize; 16 | }; 17 | 18 | #endif //_NTDLL_H -------------------------------------------------------------------------------- /driver/TestWDK/pe.cpp: -------------------------------------------------------------------------------- 1 | #include "pe.h" 2 | 3 | 4 | static ULONG RvaToSection(IMAGE_NT_HEADERS* pNtHdr, ULONG dwRVA) 5 | { 6 | USHORT wSections; 7 | PIMAGE_SECTION_HEADER pSectionHdr; 8 | pSectionHdr = IMAGE_FIRST_SECTION(pNtHdr); 9 | wSections = pNtHdr->FileHeader.NumberOfSections; 10 | for(int i = 0; i < wSections; i++) 11 | { 12 | if(pSectionHdr[i].VirtualAddress <= dwRVA) 13 | if((pSectionHdr[i].VirtualAddress + pSectionHdr[i].Misc.VirtualSize) > dwRVA) 14 | { 15 | return i; 16 | } 17 | } 18 | return (ULONG) - 1; 19 | } 20 | 21 | static ULONG RvaToOffset(PIMAGE_NT_HEADERS pnth, ULONG Rva, ULONG FileSize) 22 | { 23 | PIMAGE_SECTION_HEADER psh = IMAGE_FIRST_SECTION(pnth); 24 | USHORT NumberOfSections = pnth->FileHeader.NumberOfSections; 25 | for(int i = 0; i < NumberOfSections; i++) 26 | { 27 | if(psh->VirtualAddress <= Rva) 28 | { 29 | if((psh->VirtualAddress + psh->Misc.VirtualSize) > Rva) 30 | { 31 | Rva -= psh->VirtualAddress; 32 | Rva += psh->PointerToRawData; 33 | return Rva < FileSize ? Rva : PE_ERROR_VALUE; 34 | } 35 | } 36 | psh++; 37 | } 38 | return PE_ERROR_VALUE; 39 | } 40 | 41 | ULONG PE::GetExportOffset(const unsigned char* FileData, ULONG FileSize, const char* ExportName) 42 | { 43 | //Verify DOS Header 44 | PIMAGE_DOS_HEADER pdh = (PIMAGE_DOS_HEADER)FileData; 45 | if(pdh->e_magic != IMAGE_DOS_SIGNATURE) 46 | { 47 | debug_msg(" Invalid IMAGE_DOS_SIGNATURE!\r\n"); 48 | return PE_ERROR_VALUE; 49 | } 50 | 51 | //Verify PE Header 52 | PIMAGE_NT_HEADERS pnth = (PIMAGE_NT_HEADERS)(FileData + pdh->e_lfanew); 53 | if(pnth->Signature != IMAGE_NT_SIGNATURE) 54 | { 55 | debug_msg(" Invalid IMAGE_NT_SIGNATURE!\r\n"); 56 | return PE_ERROR_VALUE; 57 | } 58 | 59 | //Verify Export Directory 60 | PIMAGE_DATA_DIRECTORY pdd = NULL; 61 | if(pnth->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) 62 | pdd = ((PIMAGE_NT_HEADERS64)pnth)->OptionalHeader.DataDirectory; 63 | else 64 | pdd = ((PIMAGE_NT_HEADERS32)pnth)->OptionalHeader.DataDirectory; 65 | ULONG ExportDirRva = pdd[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; 66 | ULONG ExportDirSize = pdd[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; 67 | ULONG ExportDirOffset = RvaToOffset(pnth, ExportDirRva, FileSize); 68 | if(ExportDirOffset == PE_ERROR_VALUE) 69 | { 70 | debug_msg(" Invalid Export Directory!\r\n"); 71 | return PE_ERROR_VALUE; 72 | } 73 | 74 | //Read Export Directory 75 | PIMAGE_EXPORT_DIRECTORY ExportDir = (PIMAGE_EXPORT_DIRECTORY)(FileData + ExportDirOffset); 76 | ULONG NumberOfNames = ExportDir->NumberOfNames; 77 | ULONG AddressOfFunctionsOffset = RvaToOffset(pnth, ExportDir->AddressOfFunctions, FileSize); 78 | ULONG AddressOfNameOrdinalsOffset = RvaToOffset(pnth, ExportDir->AddressOfNameOrdinals, FileSize); 79 | ULONG AddressOfNamesOffset = RvaToOffset(pnth, ExportDir->AddressOfNames, FileSize); 80 | if(AddressOfFunctionsOffset == PE_ERROR_VALUE || 81 | AddressOfNameOrdinalsOffset == PE_ERROR_VALUE || 82 | AddressOfNamesOffset == PE_ERROR_VALUE) 83 | { 84 | debug_msg(" Invalid Export Directory Contents!\r\n"); 85 | return PE_ERROR_VALUE; 86 | } 87 | ULONG* AddressOfFunctions = (ULONG*)(FileData + AddressOfFunctionsOffset); 88 | USHORT* AddressOfNameOrdinals = (USHORT*)(FileData + AddressOfNameOrdinalsOffset); 89 | ULONG* AddressOfNames = (ULONG*)(FileData + AddressOfNamesOffset); 90 | 91 | //Find Export 92 | ULONG ExportOffset = PE_ERROR_VALUE; 93 | for(ULONG i = 0; i < NumberOfNames; i++) 94 | { 95 | ULONG CurrentNameOffset = RvaToOffset(pnth, AddressOfNames[i], FileSize); 96 | if(CurrentNameOffset == PE_ERROR_VALUE) 97 | continue; 98 | const char* CurrentName = (const char*)(FileData + CurrentNameOffset); 99 | ULONG CurrentFunctionRva = AddressOfFunctions[AddressOfNameOrdinals[i]]; 100 | if(CurrentFunctionRva >= ExportDirRva && CurrentFunctionRva < ExportDirRva + ExportDirSize) 101 | continue; //we ignore forwarded exports 102 | if(!strcmp(CurrentName, ExportName)) //compare the export name to the requested export 103 | { 104 | ExportOffset = RvaToOffset(pnth, CurrentFunctionRva, FileSize); 105 | break; 106 | } 107 | } 108 | 109 | if(ExportOffset == PE_ERROR_VALUE) 110 | { 111 | debug_msg(" Export %s not found in export table!\r\n", ExportName); 112 | } 113 | 114 | return ExportOffset; 115 | } 116 | 117 | PVOID PE::GetPageBase(PVOID lpHeader, ULONG* Size, PVOID ptr) 118 | { 119 | if((unsigned char*)ptr < (unsigned char*)lpHeader) 120 | return 0; 121 | ULONG dwRva = (ULONG)((unsigned char*)ptr - (unsigned char*)lpHeader); 122 | IMAGE_DOS_HEADER* pdh = (IMAGE_DOS_HEADER*)lpHeader; 123 | if(pdh->e_magic != IMAGE_DOS_SIGNATURE) 124 | return 0; 125 | IMAGE_NT_HEADERS* pnth = (IMAGE_NT_HEADERS*)((unsigned char*)lpHeader + pdh->e_lfanew); 126 | if(pnth->Signature != IMAGE_NT_SIGNATURE) 127 | return 0; 128 | IMAGE_SECTION_HEADER* psh = IMAGE_FIRST_SECTION(pnth); 129 | int section = RvaToSection(pnth, dwRva); 130 | if(section == -1) 131 | return 0; 132 | if(Size) 133 | *Size = psh[section].SizeOfRawData; 134 | return (PVOID)((unsigned char*)lpHeader + psh[section].VirtualAddress); 135 | } -------------------------------------------------------------------------------- /driver/TestWDK/pe.h: -------------------------------------------------------------------------------- 1 | #ifndef _PE_H 2 | #define _PE_H 3 | 4 | #include "GLOBAL.h" 5 | 6 | #define PE_ERROR_VALUE (ULONG)-1 7 | 8 | class PE 9 | { 10 | public: 11 | static PVOID GetPageBase(PVOID lpHeader, ULONG* Size, PVOID ptr); 12 | static ULONG GetExportOffset(const unsigned char* FileData, ULONG FileSize, const char* ExportName); 13 | }; 14 | 15 | #endif -------------------------------------------------------------------------------- /img/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/w1nds/ishellcode/24b5c64b568a7c1f59db01e0592b867959c5894a/img/1.gif -------------------------------------------------------------------------------- /ishellcode/ishellcode.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28010.2036 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ishellcode", "ishellcode\ishellcode.vcxproj", "{29162C7A-476E-4C87-8702-A2A474565DD1}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x64 = Debug|x64 11 | Debug|x86 = Debug|x86 12 | Release|x64 = Release|x64 13 | Release|x86 = Release|x86 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {29162C7A-476E-4C87-8702-A2A474565DD1}.Debug|x64.ActiveCfg = Debug|x64 17 | {29162C7A-476E-4C87-8702-A2A474565DD1}.Debug|x64.Build.0 = Debug|x64 18 | {29162C7A-476E-4C87-8702-A2A474565DD1}.Debug|x86.ActiveCfg = Debug|Win32 19 | {29162C7A-476E-4C87-8702-A2A474565DD1}.Debug|x86.Build.0 = Debug|Win32 20 | {29162C7A-476E-4C87-8702-A2A474565DD1}.Release|x64.ActiveCfg = Release|x64 21 | {29162C7A-476E-4C87-8702-A2A474565DD1}.Release|x64.Build.0 = Release|x64 22 | {29162C7A-476E-4C87-8702-A2A474565DD1}.Release|x86.ActiveCfg = Release|Win32 23 | {29162C7A-476E-4C87-8702-A2A474565DD1}.Release|x86.Build.0 = Release|Win32 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | GlobalSection(ExtensibilityGlobals) = postSolution 29 | SolutionGuid = {7220A75C-3AB2-4E1C-A667-078CBC4BB021} 30 | EndGlobalSection 31 | EndGlobal 32 | -------------------------------------------------------------------------------- /ishellcode/ishellcode/Misc.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/w1nds/ishellcode/24b5c64b568a7c1f59db01e0592b867959c5894a/ishellcode/ishellcode/Misc.cpp -------------------------------------------------------------------------------- /ishellcode/ishellcode/Misc.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #define MYPRINT 3 | #include 4 | 5 | //MyOutputDebugStringA("%d,%s",123,"hello"); 6 | void MyOutputDebugStringA(const char * lpcszOutputString, ...); 7 | //MyOutputDebugStringW(L"%d,%s",456,L"world!"); 8 | void MyOutputDebugStringW(const wchar_t * szOutputString, ...); 9 | -------------------------------------------------------------------------------- /ishellcode/ishellcode/ProcManager.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/w1nds/ishellcode/24b5c64b568a7c1f59db01e0592b867959c5894a/ishellcode/ishellcode/ProcManager.cpp -------------------------------------------------------------------------------- /ishellcode/ishellcode/ProcManager.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | class ProcManager 6 | { 7 | public: 8 | ProcManager(); 9 | ~ProcManager(); 10 | static int GetProcessIdByName(LPCTSTR szProcess); 11 | static BOOL EnableDebugPriv(); 12 | static DWORD_PTR GetModuleBase(DWORD dwPid, LPCTSTR szModName); 13 | static int GetProcessThreadNumByID(DWORD dwPID); 14 | static BOOL InjectShellcode(DWORD dwPid, BYTE * bShell, DWORD dwShellSize); 15 | }; 16 | -------------------------------------------------------------------------------- /ishellcode/ishellcode/instdrv.cpp: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * 3 | * (C) COPYRIGHT AUTHORS, 2015 - 2017, portions (C) Mark Russinovich, FileMon 4 | * 5 | * TITLE: INSTDRV.C 6 | * 7 | * VERSION: 1.10 8 | * 9 | * DATE: 17 Apr 2017 10 | * 11 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF 12 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED 13 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A 14 | * PARTICULAR PURPOSE. 15 | * 16 | *******************************************************************************/ 17 | #include "instdrv.h" 18 | #include 19 | /* 20 | * scmInstallDriver 21 | * 22 | * Purpose: 23 | * 24 | * Create SCM service entry describing kernel driver. 25 | * 26 | */ 27 | BOOL scmInstallDriver( 28 | _In_ SC_HANDLE SchSCManager, 29 | _In_ LPCTSTR DriverName, 30 | _In_opt_ LPCTSTR ServiceExe 31 | ) 32 | { 33 | SC_HANDLE schService=NULL; 34 | for (int i = 0; i < 3 && (NULL == schService); i++) 35 | { 36 | schService = CreateService(SchSCManager, // SCManager database 37 | DriverName, // name of service 38 | DriverName, // name to display 39 | SC_MANAGER_ALL_ACCESS, // desired access 40 | SERVICE_KERNEL_DRIVER, // service type 41 | SERVICE_DEMAND_START, // start type 42 | SERVICE_ERROR_IGNORE, // error control type 43 | ServiceExe, // service's binary 44 | NULL, // no load ordering group 45 | NULL, // no tag identifier 46 | NULL, // no dependencies 47 | NULL, // LocalSystem account 48 | NULL // no password 49 | ); 50 | if (schService == NULL) { 51 | printf("s1%s\n", DriverName); 52 | char szOut[100] = { 0 }; 53 | wsprintfA(szOut, "%x weeor:%d", (DWORD_PTR)SchSCManager, GetLastError()); 54 | OutputDebugStringA(szOut); 55 | } 56 | else 57 | { 58 | break; 59 | } 60 | } 61 | 62 | CloseServiceHandle(schService); 63 | return TRUE; 64 | } 65 | 66 | /* 67 | * scmStartDriver 68 | * 69 | * Purpose: 70 | * 71 | * Start service, resulting in SCM drvier load. 72 | * 73 | */ 74 | BOOL scmStartDriver( 75 | _In_ SC_HANDLE SchSCManager, 76 | _In_ LPCTSTR DriverName 77 | ) 78 | { 79 | SC_HANDLE schService; 80 | BOOL ret; 81 | 82 | schService = OpenService(SchSCManager, 83 | DriverName, 84 | SC_MANAGER_ALL_ACCESS 85 | ); 86 | if (schService == NULL) 87 | { 88 | return FALSE; 89 | } 90 | 91 | 92 | ret = StartService(schService, 0, NULL) 93 | || GetLastError() == ERROR_SERVICE_ALREADY_RUNNING; 94 | 95 | CloseServiceHandle(schService); 96 | 97 | return ret; 98 | } 99 | 100 | /* 101 | * scmOpenDevice 102 | * 103 | * Purpose: 104 | * 105 | * Open driver device by symbolic link. 106 | * 107 | */ 108 | BOOL scmOpenDevice( 109 | _In_ LPCTSTR DriverName, 110 | _Inout_opt_ PHANDLE lphDevice 111 | ) 112 | { 113 | TCHAR completeDeviceName[64]; 114 | HANDLE hDevice; 115 | 116 | RtlSecureZeroMemory(completeDeviceName, sizeof(completeDeviceName)); 117 | wsprintf(completeDeviceName, TEXT("\\\\.\\%s"), DriverName); 118 | 119 | hDevice = CreateFile(completeDeviceName, 120 | GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0 121 | ); 122 | if (hDevice == INVALID_HANDLE_VALUE) 123 | { 124 | return FALSE; 125 | } 126 | 127 | 128 | if (lphDevice) { 129 | *lphDevice = hDevice; 130 | } 131 | else { 132 | CloseHandle(hDevice); 133 | } 134 | 135 | return TRUE; 136 | } 137 | 138 | /* 139 | * scmStopDriver 140 | * 141 | * Purpose: 142 | * 143 | * Command SCM to stop service, resulting in driver unload. 144 | * 145 | */ 146 | BOOL scmStopDriver( 147 | _In_ SC_HANDLE SchSCManager, 148 | _In_ LPCTSTR DriverName 149 | ) 150 | { 151 | BOOL ret; 152 | INT iRetryCount; 153 | SC_HANDLE schService; 154 | SERVICE_STATUS serviceStatus; 155 | 156 | ret = FALSE; 157 | schService = OpenService(SchSCManager, DriverName, SC_MANAGER_ALL_ACCESS); 158 | if (schService == NULL) { 159 | return ret; 160 | } 161 | 162 | iRetryCount = 5; 163 | do { 164 | SetLastError(0); 165 | ret = ControlService(schService, SERVICE_CONTROL_STOP, &serviceStatus); 166 | if (ret != FALSE) 167 | break; 168 | 169 | if (GetLastError() != ERROR_DEPENDENT_SERVICES_RUNNING) 170 | break; 171 | Sleep(1000); 172 | iRetryCount--; 173 | } while (iRetryCount); 174 | CloseServiceHandle(schService); 175 | 176 | return ret; 177 | } 178 | 179 | /* 180 | * scmRemoveDriver 181 | * 182 | * Purpose: 183 | * 184 | * Remove service entry from SCM database. 185 | * 186 | */ 187 | BOOL scmRemoveDriver( 188 | _In_ SC_HANDLE SchSCManager, 189 | _In_ LPCTSTR DriverName 190 | ) 191 | { 192 | SC_HANDLE schService; 193 | BOOL bResult = FALSE; 194 | 195 | schService = OpenService(SchSCManager, DriverName, SC_MANAGER_ALL_ACCESS); 196 | if (schService) { 197 | bResult = DeleteService(schService); 198 | CloseServiceHandle(schService); 199 | } 200 | return bResult; 201 | } 202 | 203 | /* 204 | * scmUnloadDeviceDriver 205 | * 206 | * Purpose: 207 | * 208 | * Combines scmStopDriver and scmRemoveDriver. 209 | * 210 | */ 211 | BOOL scmUnloadDeviceDriver( 212 | _In_ LPCTSTR Name 213 | ) 214 | { 215 | SC_HANDLE schSCManager; 216 | BOOL bResult = FALSE; 217 | 218 | if (Name == NULL) { 219 | return bResult; 220 | } 221 | schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); 222 | if (schSCManager) { 223 | scmStopDriver(schSCManager, Name); 224 | bResult = scmRemoveDriver(schSCManager, Name); 225 | CloseServiceHandle(schSCManager); 226 | } 227 | return bResult; 228 | } 229 | 230 | /* 231 | * scmLoadDeviceDriver 232 | * 233 | * Purpose: 234 | * 235 | * Unload if already exists, Create, Load and Open driver instance. 236 | * 237 | */ 238 | BOOL scmLoadDeviceDriver( 239 | _In_ LPCTSTR Name, 240 | _In_opt_ LPCTSTR Path, 241 | _Inout_ PHANDLE lphDevice 242 | ) 243 | { 244 | SC_HANDLE schSCManager; 245 | BOOL bResult = FALSE; 246 | 247 | if (Name == NULL) { 248 | return bResult; 249 | } 250 | 251 | schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); 252 | if (schSCManager) { 253 | //scmRemoveDriver(schSCManager, Name); 254 | scmUnloadDeviceDriver(Name); 255 | scmInstallDriver(schSCManager, Name, Path); 256 | scmStartDriver(schSCManager, Name); 257 | bResult = scmOpenDevice(Name, lphDevice); 258 | CloseServiceHandle(schSCManager); 259 | 260 | } 261 | 262 | return bResult; 263 | } 264 | -------------------------------------------------------------------------------- /ishellcode/ishellcode/instdrv.h: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * 3 | * (C) COPYRIGHT AUTHORS, 2015 - 2017, portions (C) Mark Russinovich, FileMon 4 | * 5 | * TITLE: INSTDRV.H 6 | * 7 | * VERSION: 1.10 8 | * 9 | * DATE: 17 Apr 2017 10 | * 11 | * Common header file for the program SCM usage. 12 | * 13 | * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF 14 | * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED 15 | * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A 16 | * PARTICULAR PURPOSE. 17 | * 18 | *******************************************************************************/ 19 | #pragma once 20 | #include 21 | #include 22 | 23 | BOOL scmInstallDriver( 24 | _In_ SC_HANDLE SchSCManager, 25 | _In_ LPCTSTR DriverName, 26 | _In_opt_ LPCTSTR ServiceExe 27 | ); 28 | 29 | BOOL scmStartDriver( 30 | _In_ SC_HANDLE SchSCManager, 31 | _In_ LPCTSTR DriverName 32 | ); 33 | 34 | BOOL scmOpenDevice( 35 | _In_ LPCTSTR DriverName, 36 | _Inout_opt_ PHANDLE lphDevice 37 | ); 38 | 39 | BOOL scmStopDriver( 40 | _In_ SC_HANDLE SchSCManager, 41 | _In_ LPCTSTR DriverName 42 | ); 43 | 44 | BOOL scmRemoveDriver( 45 | _In_ SC_HANDLE SchSCManager, 46 | _In_ LPCTSTR DriverName 47 | ); 48 | 49 | BOOL scmUnloadDeviceDriver( 50 | _In_ LPCTSTR Name 51 | ); 52 | 53 | BOOL scmLoadDeviceDriver( 54 | _In_ LPCTSTR Name, 55 | _In_opt_ LPCTSTR Path, 56 | _Inout_ PHANDLE lphDevice 57 | ); 58 | -------------------------------------------------------------------------------- /ishellcode/ishellcode/ishellcode.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/w1nds/ishellcode/24b5c64b568a7c1f59db01e0592b867959c5894a/ishellcode/ishellcode/ishellcode.cpp -------------------------------------------------------------------------------- /ishellcode/ishellcode/pch.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/w1nds/ishellcode/24b5c64b568a7c1f59db01e0592b867959c5894a/ishellcode/ishellcode/pch.cpp -------------------------------------------------------------------------------- /ishellcode/ishellcode/pch.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/w1nds/ishellcode/24b5c64b568a7c1f59db01e0592b867959c5894a/ishellcode/ishellcode/pch.h --------------------------------------------------------------------------------