├── FilterFunction.cpp
├── README.md
├── TsFltMgr.Win32.vddklaunch
├── TsFltMgr.cpp
├── TsFltMgr.h
├── TsFltMgr.reg
├── TsFltMgr.sln
├── TsFltMgr.suo
├── TsFltMgr.vcproj
├── TsFltMgr.x64.vddklaunch
├── VisualDDKHelpers.h
├── bin
    ├── TsFltMgr.pdb
    └── TsFltMgr.sys
├── stdafx.cpp
└── stdafx.h


/FilterFunction.cpp:
--------------------------------------------------------------------------------
  1 | #include "FilterFunction.h"
  2 | 
  3 | //typedef struct _TsFlt_NOTIFY_INFO
  4 | //{
  5 | //	PSLIST_HEADER OtherModuleFuncIndex;		//0x00
  6 | //	ULONG ParameterNumber;		//0x04
  7 | //	ULONG Parameter1;			//0x08
  8 | //	ULONG Parameter2;			//0x0c
  9 | //	ULONG Parameter3;			//0x10
 10 | //	ULONG Parameter4;			//0x14
 11 | //	ULONG Parameter5;			//0x18
 12 | //	ULONG Parameter6;			//0x1c
 13 | //	ULONG Parameter7;			//0x20
 14 | //	ULONG Parameter8;			//0x24
 15 | //	ULONG Parameter9;			//0x28
 16 | //	ULONG Parameter10;			//0x2c
 17 | //	ULONG Parameter11;			//0x30
 18 | //	ULONG Parameter12;			//0x34
 19 | //	ULONG Parameter13;			//0x38
 20 | //	ULONG Parameter14;			//0x3c
 21 | //	ULONG Parameter15;			//0x40
 22 | //	ULONG Reserve1[0x0e];		//0x44 - 0x74
 23 | //	ULONG FunctionRetValue;		//0x78
 24 | //	PVOID ProxyFunction;		//0x7c
 25 | //	PVOID IndexFunction;		//0x80
 26 | //
 27 | //}TsFlt_NOTIFY_INFO,*PTsFlt_NOTIFY_INFO;
 28 | //
 29 | //typedef struct _TsFlt_FILTER
 30 | //{
 31 | //	ULONG Type;				//0x0
 32 | //	LONG FuncIndex;		//0x4
 33 | //	PWCHAR FuncName;		//0x8
 34 | //	ULONG CurTsFltIndex;	//0xc
 35 | //	ULONG IsHook;			//0x10
 36 | //	LONG Lock1;				//0x14
 37 | //	LONG Lock2;				//0x18
 38 | //	ULONG Reserve1;			//0x1c
 39 | //	PVOID SaveFunc;			//0x20
 40 | //	PVOID ProxyFunc;		//0x24
 41 | //	ULONG Reserve2;			//0x28
 42 | //	ULONG Reserve3;			//0x2c
 43 | //	ULONG Reserve4;			//0x30
 44 | //	ULONG Reserve5;			//0x34
 45 | //	ULONG Reserve6;			//0x38
 46 | //	ULONG Reserve7;			//0x3c
 47 | //	ULONG Flag1;			//0x40
 48 | //	ULONG Reserve8;			//0x44
 49 | //	ULONG Flag2;			//0x48
 50 | //	KEVENT Kevent;			//0x4c
 51 | //}TsFlt_FILTER,*PTsFlt_FILTER;
 52 | 
 53 | int __stdcall xx_FilterNtOpenFile_1CCF0(int a1, int a2, int a3, int a4, int a5, int a6)
 54 | {
 55 | 	PTsFlt_FILTER pFilterInfo_v6; // esi@1
 56 | 	PTsFlt_NOTIFY_INFO pFilterNotifyInfo_v7; // edi@1
 57 | 	unsigned int status_v8; // edi@7
 58 | 	int (__stdcall *pfnFunc_v9)(DWORD, DWORD, DWORD, DWORD, DWORD, DWORD); // eax@10
 59 | 	int nFunctionRetValue_v10; // eax@11
 60 | 	unsigned int status_v11; // ST2C_4@11
 61 | 	int (__stdcall *pfnFunc_v13)(DWORD, DWORD, DWORD, DWORD, DWORD, DWORD); // esi@23
 62 | 	int v14; // [sp+18h] [bp-14h]@4
 63 | 	signed int nFunctionRetValue; // [sp+1Ch] [bp-10h]@4
 64 | 	ULONGLONG FastMutex; // [sp+24h] [bp-8h]@4
 65 | 
 66 | 	pFilterInfo_v6 = dword_28320;
 67 | 	
 68 | 	pFilterNotifyInfo_v7 = (PTsFlt_NOTIFY_INFO)ExAllocateFromNPagedLookasideList(&g_Lookaside);
 69 | 	memset((void *)pFilterNotifyInfo_v7, 0, 0xCCu);
 70 | 
 71 | 	v14 = pFilterNotifyInfo_v7;
 72 | 	nFunctionRetValue = 0xC0000022;
 73 | 	FastMutex = 0i64;
 74 | 	if ( g_FilterFlag_dword_281D4 == 1 )
 75 | 		FastMutex = KeQueryInterruptTime();
 76 | 	if ( pFilterNotifyInfo_v7 )
 77 | 	{
 78 | 		pFilterNotifyInfo_v7->ParameterNumber = 6;
 79 | 		pFilterNotifyInfo_v7->Parameter1 = a1;
 80 | 		pFilterNotifyInfo_v7->Parameter2 = a2;
 81 | 		pFilterNotifyInfo_v7->Parameter3 = a3;
 82 | 		pFilterNotifyInfo_v7->Parameter4 = a4;
 83 | 		pFilterNotifyInfo_v7->Parameter5 = a5;
 84 | 		pFilterNotifyInfo_v7->Parameter6 = a6;
 85 | 		pFilterNotifyInfo_v7->ProxyFunction = pFilterInfo_v6->SaveFunc;
 86 | 		pFilterNotifyInfo_v7->IndexFunction = 76;
 87 | 		//*(DWORD *)(pFilterNotifyInfo_v7 + 8) = a1;
 88 | 		//*(DWORD *)(pFilterNotifyInfo_v7 + 0xC) = a2;
 89 | 		//*(DWORD *)(pFilterNotifyInfo_v7 + 0x10) = a3;
 90 | 		//*(DWORD *)(pFilterNotifyInfo_v7 + 0x14) = a4;
 91 | 		//*(DWORD *)(pFilterNotifyInfo_v7 + 0x18) = a5;
 92 | 		//*(DWORD *)(pFilterNotifyInfo_v7 + 0x1C) = a6;
 93 | 		//*(DWORD *)(pFilterNotifyInfo_v7 + 4) = 6;
 94 | 		//*(DWORD *)(pFilterNotifyInfo_v7 + 0x7C) = *(DWORD *)(pFilterInfo_v6 + 0x20);
 95 | 		//*(DWORD *)(pFilterNotifyInfo_v7 + 0x80) = 76;
 96 | 		InterlockedIncrement(&pFilterInfo_v6->Lock1);
 97 | 		status_v8 = xx_Printf_20F90(pFilterNotifyInfo_v7, pFilterInfo_v6);
 98 | 		InterlockedDecrement(&pFilterInfo_v6->Lock1);
 99 | 		if ( status_v8 != 0xEEEE0004 )
100 | 		{
101 | 			if ( status_v8 == 0xEEEE0005 )
102 | 			{
103 | 				nFunctionRetValue = pFilterNotifyInfo_v7->FunctionRetValue;
104 | 			}
105 | 			else
106 | 			{
107 | 				pfnFunc_v9 = (int (__stdcall **)(DWORD, DWORD, DWORD, DWORD, DWORD, DWORD))(pFilterInfo_v6->SaveFunc);
108 | 				if ( pfnFunc_v9 )
109 | 				{
110 | 					nFunctionRetValue_v10 = pfnFunc_v9(
111 | 						pFilterNotifyInfo_v7->Parameter1,
112 | 						pFilterNotifyInfo_v7->Parameter2,
113 | 						pFilterNotifyInfo_v7->Parameter3,
114 | 						pFilterNotifyInfo_v7->Parameter4,
115 | 						pFilterNotifyInfo_v7->Parameter5,
116 | 						pFilterNotifyInfo_v7->Parameter6);
117 | 					pFilterNotifyInfo_v7->FunctionRetValue = nFunctionRetValue_v10;
118 | 					nFunctionRetValue = nFunctionRetValue_v10;
119 | 					InterlockedIncrement(&pFilterInfo_v6->Lock2);
120 | 					status_v11 = xx_TsLockInfo_21110(pFilterNotifyInfo_v7);
121 | 					InterlockedDecrement(&pFilterInfo_v6->Lock2);
122 | 					if ( status_v11 == 0xEEEE0005 )
123 | 						nFunctionRetValue = pFilterNotifyInfo_v7->FunctionRetValue;
124 | 				}
125 | 			}
126 | 		}
127 | 	}
128 | 	if ( pFilterInfo_v6->IsHook && FastMutex )
129 | 	{
130 | 		if ( g_FilterFlag_dword_281D4 )
131 | 			sub_11810(&pFilterInfo_v6->Reserve4, (PFAST_MUTEX)FastMutex, SHIDWORD(FastMutex));
132 | 	}
133 | 	if ( v14 )
134 | 	{
135 | 		ExFreeToNPagedLookasideList(&g_Lookaside, pFilterNotifyInfo_v7);
136 | 		return nFunctionRetValue;
137 | 	}
138 | 	pfnFunc_v13 = (int (__stdcall **)(DWORD, DWORD, DWORD, DWORD, DWORD, DWORD))(pFilterInfo_v6->SaveFunc);
139 | 	if ( !pfnFunc_v13 )
140 | 		return nFunctionRetValue;
141 | 	return pfnFunc_v13(a1, a2, a3, a4, a5, a6);
142 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # TsFltMgr
 2 | 逆向QQ管家TsFltMgr驱动
 3 | 
 4 | TsFltMgr.sys 
 5 | 10.1.16066.216 版本
 6 | 
 7 | 
 8 | 1.大体框架已经逆好
 9 | 
10 | 2.filter系列函数没有逆
11 | 
12 | 3.有一些没执行到的函数没有逆
13 | 
14 | 4.采用visual ddk编译
15 | 
16 | 5.调试环境是windows xp下，仅装了Q管的情况下
17 | 
18 | 6.奉上pdb和sys文件。
19 | 
20 | 


--------------------------------------------------------------------------------
/TsFltMgr.Win32.vddklaunch:
--------------------------------------------------------------------------------
1 | <?xml version="1.0"?>
2 | <DDKLaunchParams xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
3 |   <PathOnTarget>%SystemRoot%\System32\Drivers\TsFltMgr.sys</PathOnTarget>
4 |   <StartMode>LegacyStartStop</StartMode>
5 |   <StartModeArg>TsFltMgr</StartModeArg>
6 |   <StopMode>LegacyStartStop</StopMode>
7 |   <StopModeArg>TsFltMgr</StopModeArg>
8 | </DDKLaunchParams>


--------------------------------------------------------------------------------
/TsFltMgr.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xiaobfly/TsFltMgr/a20dadfd22c197b214e30f7c352942b555dd06a2/TsFltMgr.cpp


--------------------------------------------------------------------------------
/TsFltMgr.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xiaobfly/TsFltMgr/a20dadfd22c197b214e30f7c352942b555dd06a2/TsFltMgr.h


--------------------------------------------------------------------------------
/TsFltMgr.reg:
--------------------------------------------------------------------------------
1 | REGEDIT4
2 | 
3 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TsFltMgr]
4 | "ErrorControl"=dword:00000001
5 | "Start"=dword:00000001
6 | "Type"=dword:00000001
7 | 


--------------------------------------------------------------------------------
/TsFltMgr.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 10.00
 3 | # Visual Studio 2008
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TsFltMgr", "TsFltMgr.vcproj", "{E91C872E-6C34-42C7-A01E-2E7F1EBD2689}"
 5 | EndProject
 6 | Global
 7 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 8 | 		Debug|Win32 = Debug|Win32
 9 | 		Debug|x64 = Debug|x64
10 | 		Release|Win32 = Release|Win32
11 | 		Release|x64 = Release|x64
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{E91C872E-6C34-42C7-A01E-2E7F1EBD2689}.Debug|Win32.ActiveCfg = Debug|Win32
15 | 		{E91C872E-6C34-42C7-A01E-2E7F1EBD2689}.Debug|Win32.Build.0 = Debug|Win32
16 | 		{E91C872E-6C34-42C7-A01E-2E7F1EBD2689}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{E91C872E-6C34-42C7-A01E-2E7F1EBD2689}.Debug|x64.Build.0 = Debug|x64
18 | 		{E91C872E-6C34-42C7-A01E-2E7F1EBD2689}.Release|Win32.ActiveCfg = Release|Win32
19 | 		{E91C872E-6C34-42C7-A01E-2E7F1EBD2689}.Release|Win32.Build.0 = Release|Win32
20 | 		{E91C872E-6C34-42C7-A01E-2E7F1EBD2689}.Release|x64.ActiveCfg = Release|x64
21 | 		{E91C872E-6C34-42C7-A01E-2E7F1EBD2689}.Release|x64.Build.0 = Release|x64
22 | 	EndGlobalSection
23 | 	GlobalSection(SolutionProperties) = preSolution
24 | 		HideSolutionNode = FALSE
25 | 	EndGlobalSection
26 | EndGlobal
27 | 


--------------------------------------------------------------------------------
/TsFltMgr.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xiaobfly/TsFltMgr/a20dadfd22c197b214e30f7c352942b555dd06a2/TsFltMgr.suo


--------------------------------------------------------------------------------
/TsFltMgr.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="gb2312"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="9.00"
  5 | 	Name="TsFltMgr"
  6 | 	ProjectGUID="{E91C872E-6C34-42C7-A01E-2E7F1EBD2689}"
  7 | 	Keyword="MakeFileProj"
  8 | 	TargetFrameworkVersion="196613"
  9 | 	>
 10 | 	<Platforms>
 11 | 		<Platform
 12 | 			Name="Win32"
 13 | 		/>
 14 | 		<Platform
 15 | 			Name="x64"
 16 | 		/>
 17 | 	</Platforms>
 18 | 	<ToolFiles>
 19 | 	</ToolFiles>
 20 | 	<Configurations>
 21 | 		<Configuration
 22 | 			Name="Debug|Win32"
 23 | 			OutputDirectory="$(ProjectDir)\objchk_win7_x86"
 24 | 			IntermediateDirectory="$(ProjectDir)\objchk_win7_x86"
 25 | 			ConfigurationType="0"
 26 | 			>
 27 | 			<Tool
 28 | 				Name="VCNMakeTool"
 29 | 				BuildCommandLine="call $(WDKPATH)\bin\setenv.bat $(WDKPATH) chk win7&#x0D;&#x0A;cd /d $(ProjectDir)&#x0D;&#x0A;build"
 30 | 				ReBuildCommandLine="rmdir /s /q $(ProjectDir)\objchk_win7_x86&#x0D;&#x0A;call $(WDKPATH)\bin\setenv.bat $(WDKPATH) chk win7&#x0D;&#x0A;cd /d $(ProjectDir)&#x0D;&#x0A;build"
 31 | 				CleanCommandLine="rmdir /s /q $(ProjectDir)\objchk_win7_x86"
 32 | 				Output="$(ProjectDir)\objchk_win7_x86\i386\TsFltMgr.sys"
 33 | 				PreprocessorDefinitions="WIN32;_CONSOLE;_X86_;_DDK_;_DEBUG;DBG=1"
 34 | 				IncludeSearchPath="$(WDKPATH)\inc\ddk;$(WDKPATH)\inc\api;$(WDKPATH)\inc\crt"
 35 | 				ForcedIncludes=""
 36 | 				AssemblySearchPath=""
 37 | 				ForcedUsingAssemblies=""
 38 | 				CompileAsManaged=""
 39 | 			/>
 40 | 		</Configuration>
 41 | 		<Configuration
 42 | 			Name="Debug|x64"
 43 | 			OutputDirectory="$(ProjectDir)\objchk_win7_amd64"
 44 | 			IntermediateDirectory="$(ProjectDir)\objchk_win7_amd64"
 45 | 			ConfigurationType="0"
 46 | 			>
 47 | 			<Tool
 48 | 				Name="VCNMakeTool"
 49 | 				BuildCommandLine="call $(WDKPATH)\bin\setenv.bat $(WDKPATH) chk x64 win7&#x0D;&#x0A;cd /d $(ProjectDir)&#x0D;&#x0A;build"
 50 | 				ReBuildCommandLine="rmdir /s /q $(ProjectDir)\objchk_win7_amd64&#x0D;&#x0A;call $(WDKPATH)\bin\setenv.bat $(WDKPATH) chk x64 win7&#x0D;&#x0A;cd /d $(ProjectDir)&#x0D;&#x0A;build"
 51 | 				CleanCommandLine="rmdir /s /q $(ProjectDir)\objchk_win7_amd64"
 52 | 				Output="$(ProjectDir)\objchk_win7_amd64\amd64\TsFltMgr.sys"
 53 | 				PreprocessorDefinitions="WIN32;_CONSOLE;_AMD64_;_DDK_;_DEBUG;DBG=1"
 54 | 				IncludeSearchPath="$(WDKPATH)\inc\ddk;$(WDKPATH)\inc\api;$(WDKPATH)\inc\crt"
 55 | 				ForcedIncludes=""
 56 | 				AssemblySearchPath=""
 57 | 				ForcedUsingAssemblies=""
 58 | 				CompileAsManaged=""
 59 | 			/>
 60 | 		</Configuration>
 61 | 		<Configuration
 62 | 			Name="Release|Win32"
 63 | 			OutputDirectory="$(ProjectDir)\objfre_win7_x86"
 64 | 			IntermediateDirectory="$(ProjectDir)\objfre_win7_x86"
 65 | 			ConfigurationType="0"
 66 | 			>
 67 | 			<Tool
 68 | 				Name="VCNMakeTool"
 69 | 				BuildCommandLine="call $(WDKPATH)\bin\setenv.bat $(WDKPATH) fre win7&#x0D;&#x0A;cd /d $(ProjectDir)&#x0D;&#x0A;build"
 70 | 				ReBuildCommandLine="rmdir /s /q $(ProjectDir)\objfre_win7_x86&#x0D;&#x0A;call $(WDKPATH)\bin\setenv.bat $(WDKPATH) fre win7&#x0D;&#x0A;cd /d $(ProjectDir)&#x0D;&#x0A;build"
 71 | 				CleanCommandLine="rmdir /s /q $(ProjectDir)\objfre_win7_x86"
 72 | 				Output="$(ProjectDir)\objfre_win7_x86\i386\TsFltMgr.sys"
 73 | 				PreprocessorDefinitions="WIN32;_CONSOLE;_X86_;_DDK_;_NDEBUG;DBG=0"
 74 | 				IncludeSearchPath="$(WDKPATH)\inc\ddk;$(WDKPATH)\inc\api;$(WDKPATH)\inc\crt"
 75 | 				ForcedIncludes=""
 76 | 				AssemblySearchPath=""
 77 | 				ForcedUsingAssemblies=""
 78 | 				CompileAsManaged=""
 79 | 			/>
 80 | 		</Configuration>
 81 | 		<Configuration
 82 | 			Name="Release|x64"
 83 | 			OutputDirectory="$(ProjectDir)\objfre_win7_amd64"
 84 | 			IntermediateDirectory="$(ProjectDir)\objfre_win7_amd64"
 85 | 			ConfigurationType="0"
 86 | 			>
 87 | 			<Tool
 88 | 				Name="VCNMakeTool"
 89 | 				BuildCommandLine="call $(WDKPATH)\bin\setenv.bat $(WDKPATH) fre x64 win7&#x0D;&#x0A;cd /d $(ProjectDir)&#x0D;&#x0A;build"
 90 | 				ReBuildCommandLine="rmdir /s /q $(ProjectDir)\objfre_win7_amd64&#x0D;&#x0A;call $(WDKPATH)\bin\setenv.bat $(WDKPATH) fre x64 win7&#x0D;&#x0A;cd /d $(ProjectDir)&#x0D;&#x0A;build"
 91 | 				CleanCommandLine="rmdir /s /q $(ProjectDir)\objfre_win7_amd64"
 92 | 				Output="$(ProjectDir)\objfre_win7_amd64\amd64\TsFltMgr.sys"
 93 | 				PreprocessorDefinitions="WIN32;_CONSOLE;_AMD64_;_DDK_;_NDEBUG;DBG=0"
 94 | 				IncludeSearchPath="$(WDKPATH)\inc\ddk;$(WDKPATH)\inc\api;$(WDKPATH)\inc\crt"
 95 | 				ForcedIncludes=""
 96 | 				AssemblySearchPath=""
 97 | 				ForcedUsingAssemblies=""
 98 | 				CompileAsManaged=""
 99 | 			/>
100 | 		</Configuration>
101 | 	</Configurations>
102 | 	<References>
103 | 	</References>
104 | 	<Files>
105 | 		<Filter
106 | 			Name="Source files"
107 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
108 | 			>
109 | 			<File
110 | 				RelativePath=".\FilterFunction.cpp"
111 | 				>
112 | 			</File>
113 | 			<File
114 | 				RelativePath=".\stdafx.cpp"
115 | 				>
116 | 			</File>
117 | 			<File
118 | 				RelativePath=".\TsFltMgr.cpp"
119 | 				>
120 | 			</File>
121 | 		</Filter>
122 | 		<Filter
123 | 			Name="Resource files"
124 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
125 | 			>
126 | 		</Filter>
127 | 		<Filter
128 | 			Name="Header files"
129 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
130 | 			>
131 | 			<File
132 | 				RelativePath=".\stdafx.h"
133 | 				>
134 | 			</File>
135 | 			<File
136 | 				RelativePath=".\TsFltMgr.h"
137 | 				>
138 | 			</File>
139 | 			<File
140 | 				RelativePath=".\VisualDDKHelpers.h"
141 | 				>
142 | 			</File>
143 | 		</Filter>
144 | 		<File
145 | 			RelativePath=".\$(ProjectDir)\sources"
146 | 			>
147 | 		</File>
148 | 	</Files>
149 | 	<Globals>
150 | 	</Globals>
151 | </VisualStudioProject>
152 | 


--------------------------------------------------------------------------------
/TsFltMgr.x64.vddklaunch:
--------------------------------------------------------------------------------
1 | <?xml version="1.0"?>
2 | <DDKLaunchParams xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
3 |   <PathOnTarget>%SystemRoot%\System32\Drivers\TsFltMgr.sys</PathOnTarget>
4 |   <StartMode>LegacyStartStop</StartMode>
5 |   <StartModeArg>TsFltMgr</StartModeArg>
6 |   <StopMode>LegacyStartStop</StopMode>
7 |   <StopModeArg>TsFltMgr</StopModeArg>
8 | </DDKLaunchParams>


--------------------------------------------------------------------------------
/VisualDDKHelpers.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | /*!	\file 
 4 | 	\brief Contains definitions making handles and NTSTATUS variables recognizable by debugger
 5 | 	This file contains definitions for special helper structures and enums, so NTSTATUS and HANDLE
 6 | 	variables will not appear in debugger as "unsigned long" and "void *".
 7 | 	
 8 | 	Once the variable type is recognized correctly, VisualDDK can display additional information
 9 | 	about this types, such as translated NTSTATUS code and object referenced by handle.
10 | */
11 | 
12 | #ifdef _DEBUG
13 | 
14 | #include <excpt.h>
15 | #include <ntdef.h>
16 | 
17 | typedef enum NTSTATUS_VisualDDK_Helper {} NTSTATUS_VisualDDK_Helper_t;
18 | C_ASSERT(sizeof(NTSTATUS_VisualDDK_Helper_t) == sizeof(NTSTATUS));
19 | 
20 | #define NTSTATUS NTSTATUS_VisualDDK_Helper_t
21 | 
22 | typedef struct HANDLE_VisualDDK_Helper *HANDLE_VisualDDK_Helper_t, **PHANDLE_VisualDDK_Helper_t;
23 | C_ASSERT(sizeof(HANDLE_VisualDDK_Helper_t) == sizeof(HANDLE));
24 | C_ASSERT(sizeof(PHANDLE_VisualDDK_Helper_t) == sizeof(PHANDLE));
25 | 
26 | #define HANDLE HANDLE_VisualDDK_Helper_t
27 | #define PHANDLE PHANDLE_VisualDDK_Helper_t 
28 | 
29 | #endif


--------------------------------------------------------------------------------
/bin/TsFltMgr.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xiaobfly/TsFltMgr/a20dadfd22c197b214e30f7c352942b555dd06a2/bin/TsFltMgr.pdb


--------------------------------------------------------------------------------
/bin/TsFltMgr.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xiaobfly/TsFltMgr/a20dadfd22c197b214e30f7c352942b555dd06a2/bin/TsFltMgr.sys


--------------------------------------------------------------------------------
/stdafx.cpp:
--------------------------------------------------------------------------------
1 | //This file is used to build a precompiled header
2 | #include "stdafx.h"


--------------------------------------------------------------------------------
/stdafx.h:
--------------------------------------------------------------------------------
 1 | #ifndef _WIN32_WINNT		// Allow use of features specific to Windows XP or later.                   
 2 | #define _WIN32_WINNT 0x0501	// Change this to the appropriate value to target other versions of Windows.
 3 | #endif						
 4 | 
 5 | #ifdef __cplusplus
 6 | extern "C" 
 7 | {
 8 | 
 9 | #endif
10 | 
11 | #include <ntifs.h>
12 | #include <ntddk.h>
13 | #include <WINDEF.H>
14 | #include <Wdm.h>	
15 | #include <ntimage.h>
16 | 
17 | #include "VisualDDKHelpers.h"
18 | #include <ntddk.h>
19 | #include <ntddstor.h>
20 | #include <mountdev.h>
21 | #include <ntddvol.h>
22 | 
23 | 
24 | #ifdef __cplusplus
25 | }
26 | #endif
27 | 


--------------------------------------------------------------------------------