├── README.md ├── binary ├── FVPKernel.dll └── FVPLoaderGui.exe └── source ├── FVPKernel ├── FVPKernel.cpp ├── FVPKernel.h ├── FVPKernel.vcxproj ├── FVPKernel.vcxproj.filters ├── FVPKernel.vcxproj.user ├── Gdi32Hook.cpp ├── Gdi32Hook.h ├── SectionProtector.h └── undoc_k32.lib ├── FVPLoader.sln ├── FVPLoaderGui ├── FVPLoaderGui.aps ├── FVPLoaderGui.cpp ├── FVPLoaderGui.ico ├── FVPLoaderGui.rc ├── FVPLoaderGui.vcxproj ├── FVPLoaderGui.vcxproj.filters ├── FVPLoaderGui.vcxproj.user ├── Resource.h ├── SHINKU_e21a.bmp ├── small.ico ├── targetver.h └── undoc_k32.lib └── NativeLib ├── Hash.h ├── LICENSE ├── NativeLib.vcxproj ├── NativeLib.vcxproj.filters ├── NativeLib.vcxproj.user ├── mountmgr.h ├── my.cpp ├── my.h ├── ntdbg.h ├── ntexapi.h ├── ntgdi.h ├── ntioapi.h ├── ntkeapi.h ├── ntldr.h ├── ntlpcapi.h ├── ntmisc.h ├── ntmmapi.h ├── ntnls.h ├── ntobapi.h ├── ntpebteb.h ├── ntpfapi.h ├── ntpnpapi.h ├── ntpoapi.h ├── ntpsapi.h ├── ntregapi.h ├── ntrtl.h ├── ntsam.h ├── ntseapi.h ├── ntsmss.h ├── nttmapi.h ├── nttp.h ├── ntwow64.h ├── ntxcapi.h ├── phnt.h ├── phnt_ntdef.h ├── phnt_windows.h ├── subprocesstag.h └── winsta.h /README.md: -------------------------------------------------------------------------------- 1 | # FVPLoader 2 | 3 | 4 | A simple GUI Loader which allow you to run FAVORITE's game under none-Japanese OS 5 | 6 | ## How to use 7 | 1. Copy both `FVPKernel.dll` and `FVPLoaderGui.exe` into the game directory. 8 | 2. Double click `FVPLoaderGui.exe` and drag game executable file onto the window or just drag game executable file onto `FVPLoaderGui.exe`. 9 | 3. `FVPLoaderGui.exe` will create a configuration file automatically. Next time you play game, just double click `FVPLoaderGui.exe`. 10 | 4. Enjoy your game. 11 | 12 | 13 | ## Build 14 | - Microsoft Visual Studio 2017 15 | - Win10 SDK(19H2) 16 | 17 | 18 | ## 中文使用者可以直接看这一篇 19 | http://bgm.tv/blog/53474 20 | >虽然这篇blog已经很早之前写的了。 21 | 22 | ## OpenSource License 23 | 24 | ![Files](https://www.gnu.org/graphics/gplv3-127x51.png) 25 | 26 | All source code files in `source` folder are licensed under [GNU General Public License v3 (GPL v3)](https://www.gnu.org/licenses/gpl-3.0.en.html). 27 | 28 | -------------------------------------------------------------------------------- /binary/FVPKernel.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xmoezzz/FVPLoader/60456278896b19214a4747ea6f67935987e8f451/binary/FVPKernel.dll -------------------------------------------------------------------------------- /binary/FVPLoaderGui.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xmoezzz/FVPLoader/60456278896b19214a4747ea6f67935987e8f451/binary/FVPLoaderGui.exe -------------------------------------------------------------------------------- /source/FVPKernel/FVPKernel.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "FVPKernel.h" 3 | 4 | #pragma comment(lib, "undoc_k32.lib") 5 | 6 | OVERLOAD_CPP_NEW_WITH_HEAP(Nt_CurrentPeb()->ProcessHeap); 7 | 8 | static HookKernel* FVPKernel = NULL; 9 | 10 | ForceInline VOID CreateKernelObject() 11 | { 12 | FVPKernel = new HookKernel(); 13 | } 14 | 15 | PHookKernel LeGetGlobalData() 16 | { 17 | if (FVPKernel == nullptr) 18 | CreateKernelObject(); 19 | return FVPKernel; 20 | } 21 | 22 | //============================My Patch======================================= 23 | 24 | 25 | LRESULT CALLBACK HookMainWindowProc(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam) 26 | { 27 | FVPKernel->MainWindow = hWnd; 28 | return FVPKernel->StubMainWindowProc(hWnd, Msg, wParam, lParam); 29 | } 30 | 31 | ATOM WINAPI HookRegisterClassExA(CONST WNDCLASSEXA* lpWndClass) 32 | { 33 | WNDCLASSEXW ClassInfo; 34 | LPWSTR MenuName, ClassName; 35 | LONG_PTR MenuLength, ClassLength; 36 | 37 | 38 | MenuLength = StrLengthA(lpWndClass->lpszMenuName); 39 | ClassLength = StrLengthA(lpWndClass->lpszClassName); 40 | 41 | if (StrCompareA(lpWndClass->lpszClassName, "HS_MAIN_WINDOW_CLASS00")) 42 | return FVPKernel->StubRegisterClassExA(lpWndClass); 43 | 44 | MenuName = (LPWSTR)AllocStack((MenuLength + 1) * 2); 45 | ClassName = (LPWSTR)AllocStack((ClassLength + 1) * 2); 46 | 47 | RtlZeroMemory(MenuName, (MenuLength + 1) * 2); 48 | RtlZeroMemory(ClassName, (ClassLength + 1) * 2); 49 | 50 | MultiByteToWideChar(932, 0, lpWndClass->lpszMenuName, MenuLength, MenuName, MAX_PATH); 51 | MultiByteToWideChar(932, 0, lpWndClass->lpszClassName, ClassLength, ClassName, MAX_PATH); 52 | 53 | 54 | ClassInfo.cbSize = sizeof(WNDCLASSEXW); 55 | ClassInfo.style = lpWndClass->style; 56 | ClassInfo.lpfnWndProc = lpWndClass->lpfnWndProc; 57 | ClassInfo.cbClsExtra = lpWndClass->cbClsExtra; 58 | ClassInfo.cbWndExtra = lpWndClass->cbWndExtra; 59 | ClassInfo.hInstance = lpWndClass->hInstance; 60 | ClassInfo.hIcon = lpWndClass->hIcon; 61 | ClassInfo.hCursor = lpWndClass->hCursor; 62 | ClassInfo.hbrBackground = lpWndClass->hbrBackground; 63 | ClassInfo.lpszMenuName = MenuName; 64 | ClassInfo.lpszClassName = ClassName; 65 | ClassInfo.hIconSm = lpWndClass->hIconSm; 66 | 67 | if (FVPKernel->MainWindow == nullptr && lpWndClass->lpfnWndProc) 68 | { 69 | Mp::PATCH_MEMORY_DATA p[] = 70 | { 71 | Mp::FunctionJumpVa(lpWndClass->lpfnWndProc, HookMainWindowProc, &FVPKernel->StubMainWindowProc) 72 | }; 73 | 74 | Mp::PatchMemory(p, countof(p)); 75 | } 76 | 77 | return RegisterClassExW(&ClassInfo); 78 | } 79 | 80 | 81 | HWND WINAPI HookCreateWindowExA(DWORD dwExStyle, LPCSTR lpClassName, LPCSTR lpWindowName, DWORD dwStyle, int X, int Y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam) 82 | { 83 | ULONG Length; 84 | LPWSTR ClassName, WindowName; 85 | 86 | if (StrCompareA(lpClassName, "HS_MAIN_WINDOW_CLASS00")) 87 | return FVPKernel->StubCreateWindowExA(dwExStyle, lpClassName, lpWindowName, dwStyle, X, Y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 88 | 89 | 90 | Length = StrLengthA(lpClassName) + 1; 91 | ClassName = (LPWSTR)AllocStack(Length * sizeof(WCHAR)); 92 | RtlZeroMemory(ClassName, Length * sizeof(WCHAR)); 93 | MultiByteToWideChar(932, 0, lpClassName, Length, ClassName, Length * sizeof(WCHAR)); 94 | 95 | Length = StrLengthA(lpWindowName) + 1; 96 | WindowName = (LPWSTR)AllocStack(Length * sizeof(WCHAR)); 97 | RtlZeroMemory(WindowName, Length * sizeof(WCHAR)); 98 | MultiByteToWideChar(932, 0, lpWindowName, Length, WindowName, Length * sizeof(WCHAR)); 99 | FVPKernel->MainWindow = CreateWindowExW(dwExStyle, ClassName, WindowName, dwStyle, X, Y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam); 100 | return FVPKernel->MainWindow; 101 | } 102 | 103 | 104 | LRESULT CALLBACK HookDefWindowProcA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam) 105 | { 106 | if (hWnd == FVPKernel->MainWindow && FVPKernel->MainWindow != NULL) 107 | { 108 | return DefWindowProcW(hWnd, Msg, wParam, lParam); 109 | } 110 | 111 | return FVPKernel->StubDefWindowProcA(hWnd, Msg, wParam, lParam); 112 | } 113 | 114 | 115 | LRESULT WINAPI HookDispatchMessageA(MSG *lpMsg) 116 | { 117 | if (lpMsg->hwnd == FVPKernel->MainWindow && FVPKernel->MainWindow != NULL) 118 | { 119 | return DispatchMessageW(lpMsg); 120 | } 121 | 122 | return FVPKernel->StubDispatchMessageA(lpMsg); 123 | } 124 | 125 | 126 | BOOL WINAPI HookGetVersionExA(LPOSVERSIONINFOA lpVersionInfo) 127 | { 128 | BOOL Result; 129 | 130 | Result = FVPKernel->StubGetVersionExA(lpVersionInfo); 131 | lpVersionInfo->dwMajorVersion = 5; 132 | lpVersionInfo->dwMinorVersion = 1; 133 | return Result; 134 | } 135 | 136 | 137 | INT WINAPI HooklStrcmpiA(LPCSTR lpString1, LPCSTR lpString2) 138 | { 139 | int Result; 140 | 141 | Result = CompareStringA(0x411, 1, lpString1, -1, lpString2, -1); 142 | return Result - 2; 143 | } 144 | 145 | 146 | INT WINAPI HookMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType) 147 | { 148 | LPWSTR TextName, CaptionName; 149 | ULONG TextLength, CaptionLength; 150 | 151 | TextLength = lpText ? StrLengthA(lpText) : 0; 152 | CaptionLength = lpCaption ? StrLengthA(lpCaption) : 0; 153 | 154 | TextName = nullptr; 155 | CaptionName = nullptr; 156 | 157 | if (TextLength) 158 | { 159 | TextName = (LPWSTR)AllocStack((TextLength + 1) * 2); 160 | RtlZeroMemory(TextName, (TextLength + 1) * 2); 161 | MultiByteToWideChar(932, 0, lpText, TextLength, TextName, (TextLength + 1) * 2); 162 | } 163 | 164 | if (CaptionLength) 165 | { 166 | CaptionName = (LPWSTR)AllocStack((CaptionLength + 1) * 2); 167 | RtlZeroMemory(CaptionName, (CaptionLength + 1) * 2); 168 | MultiByteToWideChar(932, 0, lpCaption, CaptionLength, CaptionName, (CaptionLength + 1) * 2); 169 | } 170 | 171 | return MessageBoxW(hWnd, TextName, CaptionName, uType); 172 | } 173 | 174 | 175 | BOOL WINAPI HookGetMenuItemInfoA(HMENU hMenu, UINT uItem, BOOL fByPosition, LPMENUITEMINFOA lpmii) 176 | { 177 | BOOL Success; 178 | DWORD cchtmp, ccBuffer; 179 | MENUITEMINFOW miitmp; 180 | 181 | cchtmp = 0; 182 | RtlCopyMemory(&miitmp, lpmii, lpmii->cbSize); 183 | if (((miitmp.fMask & MIIM_TYPE) && miitmp.fType != 0) || (miitmp.fMask & MIIM_STRING) || miitmp.cch > 0) 184 | { 185 | cchtmp = miitmp.cch; 186 | miitmp.dwTypeData = (LPWSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (cchtmp + 1) * sizeof(WCHAR)); 187 | } 188 | 189 | Success = GetMenuItemInfoW(hMenu, uItem, fByPosition, &miitmp); 190 | if (Success) 191 | { 192 | RtlCopyMemory(lpmii, &miitmp, miitmp.cbSize); 193 | } 194 | 195 | if (cchtmp > 0) 196 | { 197 | ccBuffer = WideCharToMultiByte(932, 0, miitmp.dwTypeData, -1, lpmii->dwTypeData, lpmii->cch, NULL, NULL); 198 | if (ccBuffer > 0) 199 | { 200 | lpmii->cch = ccBuffer - 1; 201 | } 202 | 203 | if (miitmp.dwTypeData) 204 | { 205 | HeapFree(GetProcessHeap(), 0, miitmp.dwTypeData); 206 | } 207 | 208 | lpmii->dwTypeData[cchtmp - 1] = NULL; 209 | } 210 | 211 | return Success; 212 | } 213 | 214 | LPCWSTR FASTCALL MultiByteToWideCharInternal(LPCSTR lpString) 215 | { 216 | LONG_PTR Size, ccBuffer; 217 | LPWSTR UnicodeStr; 218 | 219 | Size = StrLengthA(lpString); 220 | UnicodeStr = (LPWSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (Size + 1) << 1); 221 | 222 | if (UnicodeStr) 223 | { 224 | ccBuffer = MultiByteToWideChar(932, 0, lpString, Size, UnicodeStr, Size); 225 | UnicodeStr[ccBuffer] = NULL; 226 | } 227 | return UnicodeStr; 228 | } 229 | 230 | BOOL WINAPI HookSetMenuItemInfoA(HMENU hMenu, UINT uItem, BOOL fByPosition, LPMENUITEMINFOA lpmii) 231 | { 232 | LPCSTR TypeDataA; 233 | BOOL Success; 234 | 235 | TypeDataA = NULL; 236 | if (((lpmii->fMask & MIIM_TYPE) && lpmii->fType != 0) || (lpmii->fMask & MIIM_STRING) || lpmii->cch > 0) 237 | { 238 | TypeDataA = lpmii->dwTypeData; 239 | lpmii->dwTypeData = (LPSTR)MultiByteToWideCharInternal(lpmii->dwTypeData); 240 | } 241 | 242 | Success = SetMenuItemInfoW(hMenu, uItem, fByPosition, (LPMENUITEMINFOW)lpmii); 243 | if (TypeDataA) 244 | { 245 | HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, (LPVOID)lpmii->dwTypeData); 246 | lpmii->dwTypeData = (LPSTR)TypeDataA; 247 | } 248 | return Success; 249 | } 250 | 251 | DWORD WINAPI HookGetGlyphOutlineA( 252 | _In_ HDC hdc, 253 | _In_ UINT uChar, 254 | _In_ UINT uFormat, 255 | _Out_ LPGLYPHMETRICS lpgm, 256 | _In_ DWORD cbBuffer, 257 | _Out_ LPVOID lpvBuffer, 258 | _In_ const MAT2 *lpmat2 259 | ) 260 | { 261 | ULONG len; 262 | CHAR mbchs[2]; 263 | UINT cp = 932; 264 | 265 | if (IsDBCSLeadByteEx(cp, uChar >> 8)) 266 | { 267 | len = 2; 268 | mbchs[0] = (uChar & 0xff00) >> 8; 269 | mbchs[1] = (uChar & 0xff); 270 | } 271 | else 272 | { 273 | len = 1; 274 | mbchs[0] = (uChar & 0xff); 275 | } 276 | 277 | uChar = 0; 278 | MultiByteToWideChar(cp, 0, mbchs, len, (LPWSTR)&uChar, 1); 279 | 280 | return GetGlyphOutlineW(hdc, uChar, uFormat, 281 | lpgm, cbBuffer, lpvBuffer, lpmat2); 282 | } 283 | 284 | HFONT WINAPI HookCreateFontA(int nHeight, int nWidth, int nEscapement, int nOrientation, 285 | int fnWeight, DWORD fdwItalic, DWORD fdwUnderline, DWORD fdwStrikeOut, 286 | DWORD fdwCharSet, DWORD fdwOutputPrecision, DWORD fdwClipPrecision, 287 | DWORD fdwQuality, DWORD fdwPitchAndFamily, LPCSTR lpszFace) 288 | { 289 | WCHAR FontFace[128]; 290 | 291 | RtlZeroMemory(FontFace, sizeof(FontFace)); 292 | MultiByteToWideChar(932, 0, lpszFace, StrLengthA(lpszFace), FontFace, 128); 293 | 294 | return CreateFontW(nHeight, nWidth, nEscapement, nOrientation, 295 | fnWeight, fdwItalic, fdwUnderline, fdwStrikeOut, 296 | 0x86, fdwOutputPrecision, fdwClipPrecision, 297 | fdwQuality, fdwPitchAndFamily, FontFace); 298 | } 299 | 300 | 301 | //=========================Kernel============================== 302 | 303 | BOOL FASTCALL Initialize(HMODULE hModule) 304 | { 305 | NTSTATUS Status; 306 | BOOL Success; 307 | WCHAR ExePath[MAX_PATH]; 308 | PVOID NlsBaseAddress; 309 | LCID DefaultLocaleID; 310 | LARGE_INTEGER DefaultCasingTableSize; 311 | 312 | Status = ml::MlInitialize(); 313 | if (NT_FAILED(Status)) 314 | return FALSE; 315 | 316 | CreateKernelObject(); 317 | 318 | Status = NtInitializeNlsFiles(&NlsBaseAddress, &DefaultLocaleID, &DefaultCasingTableSize); 319 | if (NT_FAILED(Status)) 320 | return FALSE; 321 | 322 | Status = FVPKernel->TextMetricCache.Initialize(); 323 | if (NT_FAILED(Status)) 324 | return FALSE; 325 | 326 | FVPKernel->OriginalLocaleID = DefaultLocaleID; 327 | FVPKernel->LocaleID = 0x411; 328 | 329 | 330 | FVPKernel->HookGdi32Routines(Nt_LoadLibrary(L"GDI32.DLL")); 331 | 332 | LOOP_ONCE 333 | { 334 | 335 | Mp::PATCH_MEMORY_DATA p[] = 336 | { 337 | Mp::FunctionJumpVa(GetVersionExA, HookGetVersionExA, &FVPKernel->StubGetVersionExA), 338 | Mp::FunctionJumpVa(lstrcmpiA, HooklStrcmpiA), 339 | Mp::FunctionJumpVa(GetGlyphOutlineA, HookGetGlyphOutlineA), 340 | Mp::FunctionJumpVa(CreateFontA, HookCreateFontA), 341 | Mp::FunctionJumpVa(RegisterClassExA, HookRegisterClassExA, &FVPKernel->StubRegisterClassExA), 342 | Mp::FunctionJumpVa(CreateWindowExA, HookCreateWindowExA, &FVPKernel->StubCreateWindowExA), 343 | Mp::FunctionJumpVa(DefWindowProcA, HookDefWindowProcA, &FVPKernel->StubDefWindowProcA), 344 | Mp::FunctionJumpVa(DispatchMessageA, HookDispatchMessageA, &FVPKernel->StubDispatchMessageA), 345 | Mp::FunctionJumpVa(GetMenuItemInfoA, HookGetMenuItemInfoA), 346 | Mp::FunctionJumpVa(SetMenuItemInfoA, HookSetMenuItemInfoA), 347 | Mp::FunctionJumpVa(MessageBoxA, HookMessageBoxA), 348 | }; 349 | 350 | Status = Mp::PatchMemory(p, countof(p)); 351 | if (NT_FAILED(Status)) 352 | break; 353 | } 354 | 355 | return NT_SUCCESS(Status); 356 | } 357 | 358 | BOOL FASTCALL UnInitialize(HMODULE hModule) 359 | { 360 | return TRUE; 361 | } 362 | 363 | BOOL NTAPI DllMain(HMODULE hModule, DWORD Reason, LPVOID lpReserved) 364 | { 365 | switch (Reason) 366 | { 367 | case DLL_PROCESS_ATTACH: 368 | return Initialize(hModule); 369 | } 370 | 371 | return TRUE; 372 | } 373 | 374 | 375 | 376 | 377 | -------------------------------------------------------------------------------- /source/FVPKernel/FVPKernel.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | typedef struct 6 | { 7 | HDC DC; 8 | HFONT Font; 9 | HFONT OldFont; 10 | ULONG_PTR FontType; 11 | LPENUMLOGFONTEXW EnumLogFontEx; 12 | 13 | } ADJUST_FONT_DATA, *PADJUST_FONT_DATA; 14 | 15 | typedef struct TEXT_METRIC_INTERNAL 16 | { 17 | ULONG Magic; 18 | BOOL Filled; 19 | TEXTMETRICA TextMetricA; 20 | TEXTMETRICW TextMetricW; 21 | 22 | TEXT_METRIC_INTERNAL() 23 | { 24 | this->Magic = TAG4('TMIN'); 25 | this->Filled = FALSE; 26 | } 27 | 28 | BOOL VerifyMagic() 29 | { 30 | return this->Magic == TAG4('TMIN'); 31 | } 32 | 33 | } TEXT_METRIC_INTERNAL, *PTEXT_METRIC_INTERNAL; 34 | 35 | 36 | 37 | typedef struct HookKernel 38 | { 39 | HWND MainWindow; 40 | WNDPROC StubMainWindowProc; 41 | 42 | ULONG_PTR OriginalLocaleID; 43 | ULONG LocaleID; 44 | CHAR ScriptNameA[LF_FACESIZE]; 45 | WCHAR ScriptNameW[LF_FACESIZE]; 46 | ULONG_PTR OriginalCharset; 47 | 48 | ml::HashTableT TextMetricCache; 49 | 50 | API_POINTER(GetVersionExA) StubGetVersionExA; 51 | API_POINTER(RegisterClassExA) StubRegisterClassExA; 52 | API_POINTER(CreateWindowExA) StubCreateWindowExA; 53 | API_POINTER(DefWindowProcA) StubDefWindowProcA; 54 | API_POINTER(DispatchMessageA) StubDispatchMessageA; 55 | 56 | struct 57 | { 58 | API_POINTER(GetStockObject) StubGetStockObject; 59 | API_POINTER(DeleteObject) StubDeleteObject; 60 | API_POINTER(CreateFontIndirectExW) StubCreateFontIndirectExW; 61 | API_POINTER(NtGdiHfontCreate) StubNtGdiHfontCreate; 62 | API_POINTER(CreateCompatibleDC) StubCreateCompatibleDC; 63 | API_POINTER(EnumFontsA) StubEnumFontsA; 64 | API_POINTER(EnumFontsW) StubEnumFontsW; 65 | API_POINTER(EnumFontFamiliesA) StubEnumFontFamiliesA; 66 | API_POINTER(EnumFontFamiliesW) StubEnumFontFamiliesW; 67 | API_POINTER(EnumFontFamiliesExA) StubEnumFontFamiliesExA; 68 | API_POINTER(EnumFontFamiliesExW) StubEnumFontFamiliesExW; 69 | 70 | } HookStub; 71 | 72 | struct HookRoutineData 73 | { 74 | struct 75 | { 76 | BOOLEAN StockObjectInitialized : 1; 77 | 78 | RTL_CRITICAL_SECTION GdiLock; 79 | 80 | HGDIOBJ StockObject[STOCK_LAST + 1]; 81 | 82 | } Gdi32; 83 | 84 | } HookRoutineData; 85 | 86 | HookKernel() 87 | { 88 | HookRoutineData.Gdi32.StockObjectInitialized = FALSE; 89 | RtlZeroMemory(HookRoutineData.Gdi32.StockObject, 0, sizeof(HookRoutineData.Gdi32.StockObject)); 90 | 91 | HookStub.StubGetStockObject = nullptr; 92 | HookStub.StubDeleteObject = nullptr; 93 | HookStub.StubCreateFontIndirectExW = nullptr; 94 | HookStub.StubNtGdiHfontCreate = nullptr; 95 | HookStub.StubCreateCompatibleDC = nullptr; 96 | HookStub.StubEnumFontsA = nullptr; 97 | HookStub.StubEnumFontsW = nullptr; 98 | HookStub.StubEnumFontFamiliesA = nullptr; 99 | HookStub.StubEnumFontFamiliesW = nullptr; 100 | HookStub.StubEnumFontFamiliesExA = nullptr; 101 | HookStub.StubEnumFontFamiliesExW = nullptr; 102 | 103 | StubGetVersionExA = nullptr; 104 | StubRegisterClassExA = nullptr; 105 | StubCreateWindowExA = nullptr; 106 | StubDefWindowProcA = nullptr; 107 | StubDispatchMessageA = nullptr; 108 | 109 | MainWindow = nullptr; 110 | StubMainWindowProc = nullptr; 111 | 112 | OriginalLocaleID = 0; 113 | LocaleID = 0; 114 | RtlZeroMemory(ScriptNameA, sizeof(ScriptNameA)); 115 | RtlZeroMemory(ScriptNameW, sizeof(ScriptNameW)); 116 | OriginalCharset = 0; 117 | 118 | } 119 | 120 | 121 | NTSTATUS AdjustFontData(HDC DC, LPENUMLOGFONTEXW EnumLogFontEx, PTEXT_METRIC_INTERNAL TextMetric, ULONG_PTR FontType); 122 | NTSTATUS AdjustFontDataInternal(PADJUST_FONT_DATA AdjustData); 123 | NTSTATUS GetNameRecordFromNameTable(PVOID TableBuffer, ULONG_PTR TableSize, ULONG_PTR NameID, ULONG_PTR LanguageID, PUNICODE_STRING Name); 124 | 125 | VOID GetTextMetricsWFromLogFont(PTEXTMETRICW TextMetricW, CONST LOGFONTW *LogFont); 126 | 127 | PTEXT_METRIC_INTERNAL GetTextMetricFromCache(LPENUMLOGFONTEXW LogFont); 128 | VOID AddTextMetricToCache(LPENUMLOGFONTEXW LogFont, PTEXT_METRIC_INTERNAL TextMetric); 129 | 130 | HDC CreateCompatibleDC(HDC hDC) 131 | { 132 | return HookStub.StubCreateCompatibleDC(hDC); 133 | } 134 | 135 | HGDIOBJ GetStockObject(LONG Object) 136 | { 137 | return HookStub.StubGetStockObject(Object); 138 | } 139 | 140 | BOOL DeleteObject(HGDIOBJ GdiObject) 141 | { 142 | return HookStub.StubDeleteObject(GdiObject); 143 | } 144 | 145 | int EnumFontsA(HDC hdc, PCSTR lpFaceName, FONTENUMPROCA lpFontFunc, LPARAM lParam) 146 | { 147 | return HookStub.StubEnumFontsA(hdc, lpFaceName, lpFontFunc, lParam); 148 | } 149 | 150 | int EnumFontsW(HDC hdc, PCWSTR lpFaceName, FONTENUMPROCW lpFontFunc, LPARAM lParam) 151 | { 152 | return HookStub.StubEnumFontsW(hdc, lpFaceName, lpFontFunc, lParam); 153 | } 154 | 155 | int EnumFontFamiliesA(HDC hdc, LPCSTR lpFaceName, FONTENUMPROCA lpProc, LPARAM lParam) 156 | { 157 | return HookStub.StubEnumFontFamiliesA(hdc, lpFaceName, lpProc, lParam); 158 | } 159 | 160 | int EnumFontFamiliesW(HDC hdc, LPCWSTR lpFaceName, FONTENUMPROCW lpProc, LPARAM lParam) 161 | { 162 | return HookStub.StubEnumFontFamiliesW(hdc, lpFaceName, lpProc, lParam); 163 | } 164 | 165 | int EnumFontFamiliesExA(HDC hdc, LPLOGFONTA lpLogfont, FONTENUMPROCA lpProc, LPARAM lParam, DWORD dwFlags) 166 | { 167 | return HookStub.StubEnumFontFamiliesExA(hdc, lpLogfont, lpProc, lParam, dwFlags); 168 | } 169 | 170 | int EnumFontFamiliesExW(HDC hdc, LPLOGFONTW lpLogfont, FONTENUMPROCW lpProc, LPARAM lParam, DWORD dwFlags) 171 | { 172 | return HookStub.StubEnumFontFamiliesExW(hdc, lpLogfont, lpProc, lParam, dwFlags); 173 | } 174 | 175 | NTSTATUS HookGdi32Routines(PVOID Gdi32); 176 | NTSTATUS UnHookGdi32Routines(); 177 | VOID InitFontCharsetInfo(); 178 | 179 | }HookKernel, *PHookKernel; 180 | 181 | 182 | PHookKernel LeGetGlobalData(); 183 | 184 | 185 | -------------------------------------------------------------------------------- /source/FVPKernel/FVPKernel.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Release 6 | Win32 7 | 8 | 9 | 10 | {8F8E17C1-754B-4854-B48E-67AEE1D0977D} 11 | Win32Proj 12 | FVPKernel 13 | 10.0.18362.0 14 | 15 | 16 | 17 | DynamicLibrary 18 | false 19 | v141 20 | true 21 | Unicode 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | false 32 | $(SolutionDir)NativeLib;$(IncludePath) 33 | 34 | 35 | 36 | Level3 37 | NotUsing 38 | MaxSpeed 39 | true 40 | true 41 | WIN32;NDEBUG;_WINDOWS;_USRDLL;FVPKERNEL_EXPORTS;%(PreprocessorDefinitions) 42 | Sync 43 | true 44 | StreamingSIMDExtensions 45 | MultiThreaded 46 | 47 | 48 | Windows 49 | true 50 | true 51 | true 52 | true 53 | true 54 | true 55 | $(TargetDir)NativeLib.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | -------------------------------------------------------------------------------- /source/FVPKernel/FVPKernel.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | 源文件 23 | 24 | 25 | 26 | 27 | 头文件 28 | 29 | 30 | 头文件 31 | 32 | 33 | 头文件 34 | 35 | 36 | -------------------------------------------------------------------------------- /source/FVPKernel/FVPKernel.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /source/FVPKernel/Gdi32Hook.h: -------------------------------------------------------------------------------- 1 | #include "FVPKernel.h" 2 | 3 | #define FMS_CALL_MAGIC TAG4('FMSC') 4 | #define GDI_HOOK_BYPASS TAG4('GHBP') 5 | 6 | 7 | struct FMS_CALL_CONTEXT : public TEB_ACTIVE_FRAME 8 | { 9 | HDC hDC; 10 | 11 | FMS_CALL_CONTEXT() 12 | { 13 | this->Flags = FMS_CALL_MAGIC; 14 | } 15 | 16 | static FMS_CALL_CONTEXT* Find() 17 | { 18 | return (FMS_CALL_CONTEXT *)Ps::FindThreadFrame(FMS_CALL_MAGIC); 19 | } 20 | }; 21 | 22 | typedef FMS_CALL_CONTEXT *PFMS_CALL_CONTEXT; 23 | 24 | typedef struct GDI_ENUM_FONT_PARAM 25 | { 26 | LPARAM lParam; 27 | PHookKernel GlobalData; 28 | PVOID Callback; 29 | ULONG Charset; 30 | HDC DC; 31 | 32 | GDI_ENUM_FONT_PARAM() 33 | { 34 | this->DC = nullptr; 35 | } 36 | 37 | NTSTATUS Prepare(PHookKernel GlobalData) 38 | { 39 | this->DC = GlobalData->CreateCompatibleDC(nullptr); 40 | return this->DC == nullptr ? STATUS_UNSUCCESSFUL : STATUS_SUCCESS; 41 | } 42 | 43 | ~GDI_ENUM_FONT_PARAM() 44 | { 45 | if (this->DC != nullptr) 46 | DeleteDC(this->DC); 47 | } 48 | 49 | } GDI_ENUM_FONT_PARAM, *PGDI_ENUM_FONT_PARAM; 50 | 51 | extern ULONG(NTAPI *GdiGetCodePage)(HDC NewDC); 52 | 53 | HFONT GetFontFromDC(PHookKernel GlobalData, HDC hDC); 54 | HFONT GetFontFromFont(PHookKernel GlobalData, HFONT Font); 55 | 56 | 57 | -------------------------------------------------------------------------------- /source/FVPKernel/SectionProtector.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #if SUPPORT_VA_ARGS_MACRO 6 | 7 | //#define PROTECT_SECTION_(Type, Ptr, ...) for (SectionProtector _cc(Ptr, __VA_ARGS__); _cc ; ) 8 | 9 | 10 | #define PROTECT_SECTION_WORKER(Type, Ptr, Name, ...) \ 11 | for (SectionProtector _cc(Ptr, __VA_ARGS__); _cc.__Condition; _cc.__Condition = FALSE) 12 | 13 | 14 | #define PROTECT_SECTION__(Type, Ptr, Name, ...) PROTECT_SECTION_WORKER(Type, Ptr, Name, __VA_ARGS__) 15 | #define PROTECT_SECTION_(Type, Ptr, ...) PROTECT_SECTION__(Type, Ptr, MAKE_UNIQUE_NAME(__LINE__), __VA_ARGS__) 16 | #define PROTECT_SECTION(LockPtr, ...) PROTECT_SECTION_(TYPE_OF(LockPtr), LockPtr, __VA_ARGS__) 17 | 18 | #else // no va args 19 | 20 | #define PROTECT_SECTION_(Type, Ptr) for (SectionProtector _cc(Ptr); _cc.__Number != 0 ; --_cc.__Number) 21 | #define PROTECT_SECTION(LockPtr) PROTECT_SECTION_(TYPE_OF(LockPtr), LockPtr) 22 | 23 | #endif // SUPPORT_VA_ARGS_MACRO 24 | 25 | #define PROTECT_SECTION_INLINE ForceInline 26 | 27 | namespace SectionProtectorTypes 28 | { 29 | enum 30 | { 31 | SharedLock, 32 | ExclusiveLock, 33 | }; 34 | }; 35 | 36 | class SectionProtectorBase 37 | { 38 | public: 39 | BOOL __Condition; 40 | 41 | PROTECT_SECTION_INLINE SectionProtectorBase() 42 | { 43 | __Condition = TRUE; 44 | } 45 | }; 46 | 47 | template 48 | class SectionProtector : public SectionProtectorBase 49 | { 50 | private: 51 | SectionProtector(LockType *Lock) {} 52 | }; 53 | 54 | 55 | #if ML_KERNEL_MODE 56 | 57 | /************************************************************************ 58 | KernelMode 59 | ************************************************************************/ 60 | 61 | template <> 62 | class SectionProtector : public SectionProtectorBase 63 | { 64 | public: 65 | KIRQL Irql, Irqlx; 66 | PKSPIN_LOCK SpinLock; 67 | 68 | PROTECT_SECTION_INLINE SectionProtector(PKSPIN_LOCK SpinLock) 69 | { 70 | Irqlx = KeGetCurrentIrql(); 71 | if (Irqlx > DISPATCH_LEVEL) 72 | return; 73 | 74 | KeAcquireSpinLock(SpinLock, &Irql); 75 | this->SpinLock = SpinLock; 76 | } 77 | 78 | PROTECT_SECTION_INLINE ~SectionProtector() 79 | { 80 | if (Irqlx > DISPATCH_LEVEL) 81 | return; 82 | 83 | KeReleaseSpinLock(SpinLock, Irql); 84 | } 85 | }; 86 | 87 | template <> 88 | class SectionProtector : public SectionProtectorBase 89 | { 90 | public: 91 | KIRQL Irql; 92 | PERESOURCE Resource; 93 | 94 | PROTECT_SECTION_INLINE SectionProtector(PERESOURCE Resource, BOOL Shared = SectionProtectorTypes::SharedLock, BOOL Wait = TRUE) 95 | { 96 | Irql = KeGetCurrentIrql(); 97 | if (Irql > APC_LEVEL) 98 | return; 99 | 100 | KeEnterCriticalRegion(); 101 | (Shared == SectionProtectorTypes::SharedLock) ? ExAcquireResourceSharedLite(Resource, Wait) : ExAcquireResourceExclusiveLite(Resource, Wait); 102 | this->Resource = Resource; 103 | } 104 | 105 | PROTECT_SECTION_INLINE ~SectionProtector() 106 | { 107 | if (Irql > APC_LEVEL) 108 | return; 109 | 110 | ExReleaseResourceLite(Resource); 111 | KeLeaveCriticalRegion(); 112 | } 113 | }; 114 | 115 | #else // r3 116 | 117 | template<> 118 | class SectionProtector : public SectionProtectorBase 119 | { 120 | public: 121 | PRTL_CRITICAL_SECTION CriticalSection; 122 | 123 | SectionProtector(PRTL_CRITICAL_SECTION CriticalSection) 124 | { 125 | this->CriticalSection = CriticalSection; 126 | RtlEnterCriticalSection(CriticalSection); 127 | } 128 | 129 | ~SectionProtector() 130 | { 131 | RtlLeaveCriticalSection(this->CriticalSection); 132 | } 133 | }; 134 | 135 | template <> 136 | class SectionProtector : public SectionProtectorBase 137 | { 138 | public: 139 | PRTL_RESOURCE Resource; 140 | 141 | PROTECT_SECTION_INLINE SectionProtector(PRTL_RESOURCE Resource, BOOL Shared = TRUE, BOOL Wait = TRUE) 142 | { 143 | Shared ? RtlAcquireResourceShared(Resource, Wait) : RtlAcquireResourceExclusive(Resource, Wait); 144 | this->Resource = Resource; 145 | } 146 | 147 | PROTECT_SECTION_INLINE ~SectionProtector() 148 | { 149 | RtlReleaseResource(Resource); 150 | } 151 | }; 152 | 153 | template<> 154 | class SectionProtector : public SectionProtectorBase 155 | { 156 | public: 157 | HANDLE m_Event; 158 | 159 | SectionProtector(HANDLE Event, ULONG_PTR Timeout = INFINITE, BOOL Altertable = FALSE) 160 | { 161 | LARGE_INTEGER TimeOut; 162 | 163 | m_Event = Event; 164 | 165 | FormatTimeOut(&TimeOut, Timeout); 166 | NtWaitForSingleObject(Event, Altertable, &TimeOut); 167 | } 168 | 169 | ~SectionProtector() 170 | { 171 | NtSetEvent(m_Event, NULL); 172 | } 173 | }; 174 | 175 | #endif // rx 176 | 177 | -------------------------------------------------------------------------------- /source/FVPKernel/undoc_k32.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xmoezzz/FVPLoader/60456278896b19214a4747ea6f67935987e8f451/source/FVPKernel/undoc_k32.lib -------------------------------------------------------------------------------- /source/FVPLoader.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28307.1000 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "FVPLoaderGui", "FVPLoaderGui\FVPLoaderGui.vcxproj", "{7CE64EEE-9840-431D-8E4B-B507C05DAB89}" 7 | ProjectSection(ProjectDependencies) = postProject 8 | {DAA25F59-2B60-422E-9AF6-BE56CF70DA99} = {DAA25F59-2B60-422E-9AF6-BE56CF70DA99} 9 | EndProjectSection 10 | EndProject 11 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "FVPKernel", "FVPKernel\FVPKernel.vcxproj", "{8F8E17C1-754B-4854-B48E-67AEE1D0977D}" 12 | ProjectSection(ProjectDependencies) = postProject 13 | {DAA25F59-2B60-422E-9AF6-BE56CF70DA99} = {DAA25F59-2B60-422E-9AF6-BE56CF70DA99} 14 | EndProjectSection 15 | EndProject 16 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "NativeLib", "NativeLib\NativeLib.vcxproj", "{DAA25F59-2B60-422E-9AF6-BE56CF70DA99}" 17 | EndProject 18 | Global 19 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 20 | Debug|Win32 = Debug|Win32 21 | Debug|x64 = Debug|x64 22 | Release|Win32 = Release|Win32 23 | Release|x64 = Release|x64 24 | EndGlobalSection 25 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 26 | {7CE64EEE-9840-431D-8E4B-B507C05DAB89}.Debug|Win32.ActiveCfg = Release|Win32 27 | {7CE64EEE-9840-431D-8E4B-B507C05DAB89}.Debug|Win32.Build.0 = Release|Win32 28 | {7CE64EEE-9840-431D-8E4B-B507C05DAB89}.Debug|x64.ActiveCfg = Release|Win32 29 | {7CE64EEE-9840-431D-8E4B-B507C05DAB89}.Debug|x64.Build.0 = Release|Win32 30 | {7CE64EEE-9840-431D-8E4B-B507C05DAB89}.Release|Win32.ActiveCfg = Release|Win32 31 | {7CE64EEE-9840-431D-8E4B-B507C05DAB89}.Release|Win32.Build.0 = Release|Win32 32 | {7CE64EEE-9840-431D-8E4B-B507C05DAB89}.Release|x64.ActiveCfg = Release|Win32 33 | {8F8E17C1-754B-4854-B48E-67AEE1D0977D}.Debug|Win32.ActiveCfg = Release|Win32 34 | {8F8E17C1-754B-4854-B48E-67AEE1D0977D}.Debug|Win32.Build.0 = Release|Win32 35 | {8F8E17C1-754B-4854-B48E-67AEE1D0977D}.Debug|x64.ActiveCfg = Release|Win32 36 | {8F8E17C1-754B-4854-B48E-67AEE1D0977D}.Debug|x64.Build.0 = Release|Win32 37 | {8F8E17C1-754B-4854-B48E-67AEE1D0977D}.Release|Win32.ActiveCfg = Release|Win32 38 | {8F8E17C1-754B-4854-B48E-67AEE1D0977D}.Release|Win32.Build.0 = Release|Win32 39 | {8F8E17C1-754B-4854-B48E-67AEE1D0977D}.Release|x64.ActiveCfg = Release|Win32 40 | {DAA25F59-2B60-422E-9AF6-BE56CF70DA99}.Debug|Win32.ActiveCfg = Debug|Win32 41 | {DAA25F59-2B60-422E-9AF6-BE56CF70DA99}.Debug|Win32.Build.0 = Debug|Win32 42 | {DAA25F59-2B60-422E-9AF6-BE56CF70DA99}.Debug|x64.ActiveCfg = Debug|x64 43 | {DAA25F59-2B60-422E-9AF6-BE56CF70DA99}.Debug|x64.Build.0 = Debug|x64 44 | {DAA25F59-2B60-422E-9AF6-BE56CF70DA99}.Release|Win32.ActiveCfg = Release|Win32 45 | {DAA25F59-2B60-422E-9AF6-BE56CF70DA99}.Release|Win32.Build.0 = Release|Win32 46 | {DAA25F59-2B60-422E-9AF6-BE56CF70DA99}.Release|x64.ActiveCfg = Release|x64 47 | {DAA25F59-2B60-422E-9AF6-BE56CF70DA99}.Release|x64.Build.0 = Release|x64 48 | EndGlobalSection 49 | GlobalSection(SolutionProperties) = preSolution 50 | HideSolutionNode = FALSE 51 | EndGlobalSection 52 | GlobalSection(ExtensibilityGlobals) = postSolution 53 | SolutionGuid = {499B0139-AA96-42FF-8123-1382816CAC39} 54 | EndGlobalSection 55 | EndGlobal 56 | -------------------------------------------------------------------------------- /source/FVPLoaderGui/FVPLoaderGui.aps: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xmoezzz/FVPLoader/60456278896b19214a4747ea6f67935987e8f451/source/FVPLoaderGui/FVPLoaderGui.aps -------------------------------------------------------------------------------- /source/FVPLoaderGui/FVPLoaderGui.cpp: -------------------------------------------------------------------------------- 1 | #include "targetver.h" 2 | #include "Resource.h" 3 | #include 4 | #include 5 | #include "Resource.h" 6 | 7 | #pragma comment(lib, "shell32.lib") 8 | #pragma comment(lib, "undoc_k32.lib") 9 | 10 | 11 | #define MAX_LOADSTRING 100 12 | 13 | struct 14 | { 15 | WCHAR Title[MAX_LOADSTRING]; 16 | WCHAR WindowClass[MAX_LOADSTRING]; 17 | HBITMAP Bitmap; 18 | BOOLEAN EnableWindowHook; 19 | BOOLEAN EnableMessageBoxHook; 20 | BOOLEAN EnableFontHook; 21 | }static FVPLoader; 22 | 23 | LRESULT WINAPI WndProc(HWND, UINT, WPARAM, LPARAM); 24 | 25 | BOOL FASTCALL InitInstance(HINSTANCE hInstance) 26 | { 27 | HWND hWnd; 28 | HMENU hMenu, hMenuPop; 29 | 30 | hMenu = CreateMenu(); 31 | hMenuPop = CreateMenu(); 32 | 33 | AppendMenuW(hMenu, MF_STRING, IDM_INFO, TEXT("Infomation")); 34 | 35 | hWnd = CreateWindowExW(NULL, FVPLoader.WindowClass, FVPLoader.Title, WS_POPUP | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX, 36 | 0, 0, 480, 272, NULL, hMenu, hInstance, NULL); 37 | 38 | if (!hWnd) 39 | return FALSE; 40 | 41 | SetWindowTextW(hWnd, L"FVPLoaderGui v0.7-re[X'moe]"); 42 | ShowWindow(hWnd, SW_SHOW); 43 | UpdateWindow(hWnd); 44 | 45 | return TRUE; 46 | } 47 | 48 | 49 | ATOM FASTCALL MyRegisterClass(HINSTANCE hInstance) 50 | { 51 | WNDCLASSEXW wcex; 52 | 53 | wcex.cbSize = sizeof(WNDCLASSEX); 54 | 55 | wcex.style = CS_HREDRAW | CS_VREDRAW; 56 | wcex.lpfnWndProc = WndProc; 57 | wcex.cbClsExtra = 0; 58 | wcex.cbWndExtra = 0; 59 | wcex.hInstance = hInstance; 60 | wcex.hIcon = LoadIconW(hInstance, MAKEINTRESOURCE(IDI_FVPLOADERGUI)); 61 | wcex.hCursor = LoadCursorW(NULL, IDC_ARROW); 62 | wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW + 1); 63 | wcex.lpszMenuName = MAKEINTRESOURCEW(IDC_FVPLOADERGUI); 64 | wcex.lpszClassName = FVPLoader.WindowClass; 65 | wcex.hIconSm = LoadIconW(wcex.hInstance, MAKEINTRESOURCE(IDI_SMALL)); 66 | 67 | return RegisterClassExW(&wcex); 68 | } 69 | 70 | 71 | #define LOG_SIG "STmoeSTmoechu>_<" 72 | 73 | BOOL FASTCALL ReadLogFile(LPWSTR ExePath, ULONG ccBuffer, BOOLEAN* bWindow, BOOLEAN* bMessageBox, BOOLEAN* bFont) 74 | { 75 | NTSTATUS Status; 76 | NtFileDisk File; 77 | BYTE Mark[0x10]; 78 | ULONG Length; 79 | 80 | 81 | Status = STATUS_SUCCESS; 82 | LOOP_ONCE 83 | { 84 | Status = File.Open(L"FVPLOG.ini"); 85 | if (NT_FAILED(Status)) 86 | break; 87 | 88 | Status = File.Read(Mark, sizeof(Mark)); 89 | if (NT_FAILED(Status)) 90 | break; 91 | 92 | if (RtlCompareMemory(Mark, LOG_SIG, sizeof(Mark)) != sizeof(Mark)) 93 | break; 94 | 95 | RtlZeroMemory(ExePath, ccBuffer * sizeof(ExePath[0])); 96 | Status = File.Read(&Length, sizeof(Length)); 97 | if (NT_FAILED(Status)) 98 | break; 99 | 100 | Status = STATUS_BUFFER_OVERFLOW; 101 | if (Length > MAX_PATH || Length > ccBuffer) 102 | break; 103 | 104 | Status = File.Read(ExePath, Length * 2); 105 | if (NT_FAILED(Status)) 106 | break; 107 | 108 | Status = File.Seek(20 + Length * 2, FILE_BEGIN); 109 | if (NT_FAILED(Status)) 110 | break; 111 | 112 | Status = File.Read(bWindow, 1); 113 | if (NT_FAILED(Status)) 114 | break; 115 | 116 | Status = File.Read(bMessageBox, 1); 117 | if (NT_FAILED(Status)) 118 | break; 119 | 120 | Status = File.Read(bFont, 1); 121 | if (NT_FAILED(Status)) 122 | break; 123 | } 124 | 125 | File.Close(); 126 | return NT_SUCCESS(Status); 127 | } 128 | 129 | BOOL WriteLogFile(LPCWSTR ExePath, BOOLEAN bWindow, BOOLEAN bMessage, BOOLEAN bFont) 130 | { 131 | NTSTATUS Status; 132 | NtFileDisk File; 133 | LONG_PTR Length; 134 | BOOLEAN Enable, Disable; 135 | 136 | Enable = TRUE; 137 | Disable = FALSE; 138 | Status = STATUS_SUCCESS; 139 | 140 | LOOP_ONCE 141 | { 142 | Status = File.Create(L"FVPLOG.ini"); 143 | if (NT_FAILED(Status)) 144 | break; 145 | 146 | Status = File.Write(LOG_SIG, strlen(LOG_SIG)); 147 | if (NT_FAILED(Status)) 148 | break; 149 | 150 | Length = wcslen(ExePath); 151 | Status = File.Write(&Length, sizeof(DWORD)); 152 | if (NT_FAILED(Status)) 153 | break; 154 | 155 | Status = File.Write((PVOID)ExePath, Length * 2); 156 | if (NT_FAILED(Status)) 157 | break; 158 | 159 | if (bWindow) 160 | Status = File.Write(&Enable, 1); 161 | else 162 | Status = File.Write(&Disable, 1); 163 | 164 | if (NT_FAILED(Status)) 165 | break; 166 | 167 | if (bMessage) 168 | Status = File.Write(&Enable, 1); 169 | else 170 | File.Write(&Disable, 1); 171 | 172 | if (NT_FAILED(Status)) 173 | break; 174 | 175 | if (bFont) 176 | Status = File.Write(&Enable, 1); 177 | else 178 | Status = File.Write(&Disable, 1); 179 | 180 | if (NT_FAILED(Status)) 181 | break; 182 | } 183 | 184 | File.Close(); 185 | return NT_SUCCESS(Status); 186 | } 187 | 188 | 189 | 190 | typedef 191 | BOOL 192 | (WINAPI 193 | *FuncCreateProcessInternalW)( 194 | HANDLE hToken, 195 | LPCWSTR lpApplicationName, 196 | LPWSTR lpCommandLine, 197 | LPSECURITY_ATTRIBUTES lpProcessAttributes, 198 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 199 | BOOL bInheritHandles, 200 | ULONG dwCreationFlags, 201 | LPVOID lpEnvironment, 202 | LPCWSTR lpCurrentDirectory, 203 | LPSTARTUPINFOW lpStartupInfo, 204 | LPPROCESS_INFORMATION lpProcessInformation, 205 | PHANDLE phNewToken 206 | ); 207 | 208 | BOOL 209 | (WINAPI 210 | *StubCreateProcessInternalW)( 211 | HANDLE hToken, 212 | LPCWSTR lpApplicationName, 213 | LPWSTR lpCommandLine, 214 | LPSECURITY_ATTRIBUTES lpProcessAttributes, 215 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 216 | BOOL bInheritHandles, 217 | ULONG dwCreationFlags, 218 | LPVOID lpEnvironment, 219 | LPCWSTR lpCurrentDirectory, 220 | LPSTARTUPINFOW lpStartupInfo, 221 | LPPROCESS_INFORMATION lpProcessInformation, 222 | PHANDLE phNewToken 223 | ); 224 | 225 | BOOL 226 | WINAPI 227 | VMeCreateProcess( 228 | HANDLE hToken, 229 | LPCWSTR lpApplicationName, 230 | LPWSTR lpCommandLine, 231 | LPCWSTR lpDllPath, 232 | LPSECURITY_ATTRIBUTES lpProcessAttributes, 233 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 234 | BOOL bInheritHandles, 235 | ULONG dwCreationFlags, 236 | LPVOID lpEnvironment, 237 | LPCWSTR lpCurrentDirectory, 238 | LPSTARTUPINFOW lpStartupInfo, 239 | LPPROCESS_INFORMATION lpProcessInformation, 240 | PHANDLE phNewToken 241 | ) 242 | { 243 | BOOL Result, IsSuspended; 244 | UNICODE_STRING FullDllPath; 245 | 246 | RtlInitUnicodeString(&FullDllPath, lpDllPath); 247 | 248 | IsSuspended = !!(dwCreationFlags & CREATE_SUSPENDED); 249 | dwCreationFlags |= CREATE_SUSPENDED; 250 | Result = StubCreateProcessInternalW( 251 | hToken, 252 | lpApplicationName, 253 | lpCommandLine, 254 | lpProcessAttributes, 255 | lpThreadAttributes, 256 | bInheritHandles, 257 | dwCreationFlags, 258 | lpEnvironment, 259 | lpCurrentDirectory, 260 | lpStartupInfo, 261 | lpProcessInformation, 262 | phNewToken); 263 | 264 | if (!Result) 265 | return Result; 266 | 267 | InjectDllToRemoteProcess( 268 | lpProcessInformation->hProcess, 269 | lpProcessInformation->hThread, 270 | &FullDllPath, 271 | IsSuspended 272 | ); 273 | 274 | NtResumeThread(lpProcessInformation->hThread, NULL); 275 | 276 | return TRUE; 277 | } 278 | 279 | #define KERNEL_DLL L"FVPKernel.dll" 280 | 281 | FORCEINLINE BOOL CheckDll() 282 | { 283 | DWORD Attribute; 284 | 285 | Attribute = GetFileAttributesW(KERNEL_DLL); 286 | return Attribute != 0xFFFFFFFF && (!(Attribute & FILE_ATTRIBUTE_DIRECTORY)); 287 | } 288 | 289 | 290 | BOOL FASTCALL CreateProcessInternalWithDll(LPCWSTR ProcessName) 291 | { 292 | STARTUPINFOW si; 293 | PROCESS_INFORMATION pi; 294 | 295 | RtlZeroMemory(&si, sizeof(si)); 296 | RtlZeroMemory(&pi, sizeof(pi)); 297 | si.cb = sizeof(si); 298 | 299 | return VMeCreateProcess(NULL, ProcessName, NULL, KERNEL_DLL, NULL, NULL, FALSE, NULL, NULL, NULL, &si, &pi, NULL); 300 | } 301 | 302 | 303 | 304 | int NTAPI wWinMain( 305 | HINSTANCE hInstance, 306 | HINSTANCE hPrevInstance, 307 | LPWSTR lpCmdLine, 308 | int nShowCmd 309 | ) 310 | { 311 | MSG Message; 312 | HACCEL AccelTable; 313 | HINSTANCE Instance; 314 | LPWSTR* Argv; 315 | LONG_PTR Argc; 316 | BOOL Success; 317 | BOOL HasParameter; 318 | WCHAR ExeFullPath[MAX_PATH]; 319 | BOOLEAN PatchWindow, PatchMessageBox, PatchFont; 320 | 321 | StubCreateProcessInternalW = (FuncCreateProcessInternalW)EATLookupRoutineByHashPNoFix(GetKernel32Handle(), KERNEL32_CreateProcessInternalW); 322 | 323 | FVPLoader.EnableWindowHook = FALSE; 324 | FVPLoader.EnableMessageBoxHook = FALSE; 325 | FVPLoader.EnableFontHook = FALSE; 326 | 327 | Instance = (HINSTANCE)GetModuleHandleW(nullptr); 328 | 329 | LoadStringW(Instance, IDS_APP_TITLE, FVPLoader.Title, MAX_LOADSTRING); 330 | LoadStringW(Instance, IDC_FVPLOADERGUI, FVPLoader.WindowClass, MAX_LOADSTRING); 331 | 332 | FVPLoader.Bitmap = LoadBitmapW(Instance, MAKEINTRESOURCE(IDB_BITMAP1)); 333 | Argv = CmdLineToArgv(::GetCommandLineW(), &Argc); 334 | 335 | switch (Argc) 336 | { 337 | case 1: 338 | default: 339 | HasParameter = FALSE; 340 | break; 341 | 342 | case 2: 343 | HasParameter = TRUE; 344 | break; 345 | } 346 | 347 | Success = ReadLogFile(ExeFullPath, countof(ExeFullPath), &PatchWindow, &PatchMessageBox, &PatchFont); 348 | if (Success) 349 | { 350 | Success = CreateProcessInternalWithDll(ExeFullPath); 351 | if (Success) 352 | { 353 | ReleaseArgv(Argv); 354 | Ps::ExitProcess(0); 355 | } 356 | else 357 | { 358 | MessageBoxW(NULL, L"Failed to CreateProcess", L"FVPLoader", MB_OK); 359 | } 360 | } 361 | 362 | if (HasParameter) 363 | { 364 | Success = CreateProcessInternalWithDll(Argv[1]); 365 | if (Success) 366 | { 367 | WriteLogFile(Argv[1], FALSE, FALSE, FALSE); 368 | ReleaseArgv(Argv); 369 | Ps::ExitProcess(0); 370 | } 371 | else 372 | { 373 | MessageBoxW(NULL, L"Failed to CreateProcess", L"FVPLoader", MB_OK); 374 | } 375 | } 376 | 377 | MyRegisterClass(Instance); 378 | if (!InitInstance (Instance)) 379 | { 380 | ReleaseArgv(Argv); 381 | Ps::ExitProcess(0); 382 | } 383 | 384 | AccelTable = LoadAcceleratorsW(Instance, MAKEINTRESOURCE(IDC_FVPLOADERGUI)); 385 | 386 | while (GetMessageW(&Message, NULL, 0, 0)) 387 | { 388 | if (!TranslateAcceleratorW(Message.hwnd, AccelTable, &Message)) 389 | { 390 | TranslateMessage(&Message); 391 | DispatchMessageW(&Message); 392 | } 393 | } 394 | 395 | ReleaseArgv(Argv); 396 | ExitProcess(Message.wParam); 397 | } 398 | 399 | 400 | 401 | 402 | VOID FASTCALL DrawBmp(HDC hDC, HBITMAP Bitmap, ULONG nWidth, ULONG nHeight) 403 | { 404 | BITMAP bm; 405 | HDC hdcImage; 406 | HDC hdcMEM; 407 | HBITMAP bmp; 408 | 409 | hdcMEM = CreateCompatibleDC(hDC); 410 | hdcImage = CreateCompatibleDC(hDC); 411 | bmp = CreateCompatibleBitmap(hDC, nWidth, nHeight); 412 | 413 | GetObjectW(Bitmap, sizeof(bm), (LPSTR)&bm); 414 | SelectObject(hdcMEM, bmp); 415 | SelectObject(hdcImage, Bitmap); 416 | StretchBlt(hdcMEM, 0, 0, nWidth, nHeight, hdcImage, 0, 0, bm.bmWidth, bm.bmHeight, SRCCOPY); 417 | StretchBlt(hDC, 0, 0, nWidth, nHeight, hdcMEM, 0, 0, nWidth, nHeight, SRCCOPY); 418 | 419 | DeleteObject(hdcImage); 420 | DeleteDC(hdcImage); 421 | DeleteDC(hdcMEM); 422 | } 423 | 424 | LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) 425 | { 426 | WORD WindowId, WindowEvent; 427 | BOOL Success; 428 | HMENU WindowMenu, SubMemu; 429 | 430 | WindowMenu = GetMenu(hWnd); 431 | SubMemu = GetSubMenu(WindowMenu, 1); 432 | 433 | switch (message) 434 | { 435 | case WM_CREATE: 436 | { 437 | RECT Rect; 438 | ULONG Width, Height; 439 | 440 | DragAcceptFiles(hWnd, TRUE); 441 | 442 | Width = GetSystemMetrics(SM_CXSCREEN); 443 | Height = GetSystemMetrics(SM_CYSCREEN); 444 | GetWindowRect(hWnd, &Rect); 445 | Rect.left = (Width - Rect.right) / 2; 446 | Rect.top = (Height - Rect.bottom) / 2; 447 | SetWindowPos(hWnd, HWND_TOP, Rect.left, Rect.top, Rect.right, Rect.bottom, SWP_SHOWWINDOW); 448 | DrawBmp(GetDC(hWnd), FVPLoader.Bitmap, 480, 272); 449 | } 450 | break; 451 | 452 | case WM_INITDIALOG: 453 | break; 454 | case WM_COMMAND: 455 | { 456 | WindowId = LOWORD(wParam); 457 | WindowEvent = HIWORD(wParam); 458 | 459 | switch (WindowId) 460 | { 461 | case IDM_INFO: 462 | MessageBoxW(hWnd, L"Author : X'moe\nxmoe.project@gmail.com", L"FVPLoaderGui", MB_OK); 463 | break; 464 | } 465 | } 466 | break; 467 | 468 | case WM_ERASEBKGND: 469 | break; 470 | 471 | case WM_DROPFILES: 472 | { 473 | WCHAR FilePath[MAX_PATH]; 474 | HDROP hDrop = (HDROP)wParam; 475 | UINT nFileNum = DragQueryFileW(hDrop, 0xFFFFFFFF, NULL, 0); 476 | 477 | RtlZeroMemory(FilePath, sizeof(FilePath)); 478 | if (nFileNum == 1) 479 | { 480 | InvalidateRect(hWnd, NULL, TRUE); 481 | DragQueryFileW(hDrop, 0, FilePath, MAX_PATH); 482 | Success = WriteLogFile(FilePath, FVPLoader.EnableWindowHook, FVPLoader.EnableMessageBoxHook, FVPLoader.EnableFontHook); 483 | Success = CreateProcessInternalWithDll(FilePath); 484 | if (Success) 485 | { 486 | DragFinish(hDrop); 487 | PostQuitMessage(0); 488 | } 489 | else 490 | { 491 | Io::DeleteFileW(L"FVPLOG.ini"); 492 | } 493 | } 494 | else 495 | { 496 | MessageBoxW(hWnd, L"Please Drop an executable file on this window", L"FVPLoader", MB_OK); 497 | DragFinish(hDrop); 498 | } 499 | return 0; 500 | } 501 | break; 502 | 503 | case WM_DESTROY: 504 | PostQuitMessage(0); 505 | break; 506 | 507 | default: 508 | return DefWindowProcW(hWnd, message, wParam, lParam); 509 | } 510 | return 0; 511 | } 512 | 513 | -------------------------------------------------------------------------------- /source/FVPLoaderGui/FVPLoaderGui.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xmoezzz/FVPLoader/60456278896b19214a4747ea6f67935987e8f451/source/FVPLoaderGui/FVPLoaderGui.ico -------------------------------------------------------------------------------- /source/FVPLoaderGui/FVPLoaderGui.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xmoezzz/FVPLoader/60456278896b19214a4747ea6f67935987e8f451/source/FVPLoaderGui/FVPLoaderGui.rc -------------------------------------------------------------------------------- /source/FVPLoaderGui/FVPLoaderGui.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Release 6 | Win32 7 | 8 | 9 | 10 | {7CE64EEE-9840-431D-8E4B-B507C05DAB89} 11 | Win32Proj 12 | FVPLoaderGui 13 | 10.0.18362.0 14 | 15 | 16 | 17 | Application 18 | false 19 | v141 20 | true 21 | Unicode 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | false 32 | $(SolutionDir)NativeLib;$(IncludePath) 33 | 34 | 35 | 36 | Level3 37 | NotUsing 38 | MaxSpeed 39 | true 40 | true 41 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions) 42 | MultiThreaded 43 | Sync 44 | true 45 | 46 | 47 | Windows 48 | false 49 | true 50 | true 51 | false 52 | $(TargetDir)NativeLib.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | -------------------------------------------------------------------------------- /source/FVPLoaderGui/FVPLoaderGui.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 头文件 20 | 21 | 22 | 头文件 23 | 24 | 25 | 26 | 27 | 源文件 28 | 29 | 30 | 31 | 32 | 资源文件 33 | 34 | 35 | 36 | 37 | 资源文件 38 | 39 | 40 | 资源文件 41 | 42 | 43 | 资源文件 44 | 45 | 46 | -------------------------------------------------------------------------------- /source/FVPLoaderGui/FVPLoaderGui.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /source/FVPLoaderGui/Resource.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xmoezzz/FVPLoader/60456278896b19214a4747ea6f67935987e8f451/source/FVPLoaderGui/Resource.h -------------------------------------------------------------------------------- /source/FVPLoaderGui/SHINKU_e21a.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xmoezzz/FVPLoader/60456278896b19214a4747ea6f67935987e8f451/source/FVPLoaderGui/SHINKU_e21a.bmp -------------------------------------------------------------------------------- /source/FVPLoaderGui/small.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xmoezzz/FVPLoader/60456278896b19214a4747ea6f67935987e8f451/source/FVPLoaderGui/small.ico -------------------------------------------------------------------------------- /source/FVPLoaderGui/targetver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xmoezzz/FVPLoader/60456278896b19214a4747ea6f67935987e8f451/source/FVPLoaderGui/targetver.h -------------------------------------------------------------------------------- /source/FVPLoaderGui/undoc_k32.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xmoezzz/FVPLoader/60456278896b19214a4747ea6f67935987e8f451/source/FVPLoaderGui/undoc_k32.lib -------------------------------------------------------------------------------- /source/NativeLib/LICENSE: -------------------------------------------------------------------------------- 1 | Attribution 4.0 International 2 | 3 | ======================================================================= 4 | 5 | Creative Commons Corporation ("Creative Commons") is not a law firm and 6 | does not provide legal services or legal advice. Distribution of 7 | Creative Commons public licenses does not create a lawyer-client or 8 | other relationship. Creative Commons makes its licenses and related 9 | information available on an "as-is" basis. Creative Commons gives no 10 | warranties regarding its licenses, any material licensed under their 11 | terms and conditions, or any related information. Creative Commons 12 | disclaims all liability for damages resulting from their use to the 13 | fullest extent possible. 14 | 15 | Using Creative Commons Public Licenses 16 | 17 | Creative Commons public licenses provide a standard set of terms and 18 | conditions that creators and other rights holders may use to share 19 | original works of authorship and other material subject to copyright 20 | and certain other rights specified in the public license below. The 21 | following considerations are for informational purposes only, are not 22 | exhaustive, and do not form part of our licenses. 23 | 24 | Considerations for licensors: Our public licenses are 25 | intended for use by those authorized to give the public 26 | permission to use material in ways otherwise restricted by 27 | copyright and certain other rights. Our licenses are 28 | irrevocable. Licensors should read and understand the terms 29 | and conditions of the license they choose before applying it. 30 | Licensors should also secure all rights necessary before 31 | applying our licenses so that the public can reuse the 32 | material as expected. Licensors should clearly mark any 33 | material not subject to the license. This includes other CC- 34 | licensed material, or material used under an exception or 35 | limitation to copyright. More considerations for licensors: 36 | wiki.creativecommons.org/Considerations_for_licensors 37 | 38 | Considerations for the public: By using one of our public 39 | licenses, a licensor grants the public permission to use the 40 | licensed material under specified terms and conditions. If 41 | the licensor's permission is not necessary for any reason--for 42 | example, because of any applicable exception or limitation to 43 | copyright--then that use is not regulated by the license. Our 44 | licenses grant only permissions under copyright and certain 45 | other rights that a licensor has authority to grant. Use of 46 | the licensed material may still be restricted for other 47 | reasons, including because others have copyright or other 48 | rights in the material. A licensor may make special requests, 49 | such as asking that all changes be marked or described. 50 | Although not required by our licenses, you are encouraged to 51 | respect those requests where reasonable. More considerations 52 | for the public: 53 | wiki.creativecommons.org/Considerations_for_licensees 54 | 55 | ======================================================================= 56 | 57 | Creative Commons Attribution 4.0 International Public License 58 | 59 | By exercising the Licensed Rights (defined below), You accept and agree 60 | to be bound by the terms and conditions of this Creative Commons 61 | Attribution 4.0 International Public License ("Public License"). To the 62 | extent this Public License may be interpreted as a contract, You are 63 | granted the Licensed Rights in consideration of Your acceptance of 64 | these terms and conditions, and the Licensor grants You such rights in 65 | consideration of benefits the Licensor receives from making the 66 | Licensed Material available under these terms and conditions. 67 | 68 | 69 | Section 1 -- Definitions. 70 | 71 | a. Adapted Material means material subject to Copyright and Similar 72 | Rights that is derived from or based upon the Licensed Material 73 | and in which the Licensed Material is translated, altered, 74 | arranged, transformed, or otherwise modified in a manner requiring 75 | permission under the Copyright and Similar Rights held by the 76 | Licensor. For purposes of this Public License, where the Licensed 77 | Material is a musical work, performance, or sound recording, 78 | Adapted Material is always produced where the Licensed Material is 79 | synched in timed relation with a moving image. 80 | 81 | b. Adapter's License means the license You apply to Your Copyright 82 | and Similar Rights in Your contributions to Adapted Material in 83 | accordance with the terms and conditions of this Public License. 84 | 85 | c. Copyright and Similar Rights means copyright and/or similar rights 86 | closely related to copyright including, without limitation, 87 | performance, broadcast, sound recording, and Sui Generis Database 88 | Rights, without regard to how the rights are labeled or 89 | categorized. For purposes of this Public License, the rights 90 | specified in Section 2(b)(1)-(2) are not Copyright and Similar 91 | Rights. 92 | 93 | d. Effective Technological Measures means those measures that, in the 94 | absence of proper authority, may not be circumvented under laws 95 | fulfilling obligations under Article 11 of the WIPO Copyright 96 | Treaty adopted on December 20, 1996, and/or similar international 97 | agreements. 98 | 99 | e. Exceptions and Limitations means fair use, fair dealing, and/or 100 | any other exception or limitation to Copyright and Similar Rights 101 | that applies to Your use of the Licensed Material. 102 | 103 | f. Licensed Material means the artistic or literary work, database, 104 | or other material to which the Licensor applied this Public 105 | License. 106 | 107 | g. Licensed Rights means the rights granted to You subject to the 108 | terms and conditions of this Public License, which are limited to 109 | all Copyright and Similar Rights that apply to Your use of the 110 | Licensed Material and that the Licensor has authority to license. 111 | 112 | h. Licensor means the individual(s) or entity(ies) granting rights 113 | under this Public License. 114 | 115 | i. Share means to provide material to the public by any means or 116 | process that requires permission under the Licensed Rights, such 117 | as reproduction, public display, public performance, distribution, 118 | dissemination, communication, or importation, and to make material 119 | available to the public including in ways that members of the 120 | public may access the material from a place and at a time 121 | individually chosen by them. 122 | 123 | j. Sui Generis Database Rights means rights other than copyright 124 | resulting from Directive 96/9/EC of the European Parliament and of 125 | the Council of 11 March 1996 on the legal protection of databases, 126 | as amended and/or succeeded, as well as other essentially 127 | equivalent rights anywhere in the world. 128 | 129 | k. You means the individual or entity exercising the Licensed Rights 130 | under this Public License. Your has a corresponding meaning. 131 | 132 | 133 | Section 2 -- Scope. 134 | 135 | a. License grant. 136 | 137 | 1. Subject to the terms and conditions of this Public License, 138 | the Licensor hereby grants You a worldwide, royalty-free, 139 | non-sublicensable, non-exclusive, irrevocable license to 140 | exercise the Licensed Rights in the Licensed Material to: 141 | 142 | a. reproduce and Share the Licensed Material, in whole or 143 | in part; and 144 | 145 | b. produce, reproduce, and Share Adapted Material. 146 | 147 | 2. Exceptions and Limitations. For the avoidance of doubt, where 148 | Exceptions and Limitations apply to Your use, this Public 149 | License does not apply, and You do not need to comply with 150 | its terms and conditions. 151 | 152 | 3. Term. The term of this Public License is specified in Section 153 | 6(a). 154 | 155 | 4. Media and formats; technical modifications allowed. The 156 | Licensor authorizes You to exercise the Licensed Rights in 157 | all media and formats whether now known or hereafter created, 158 | and to make technical modifications necessary to do so. The 159 | Licensor waives and/or agrees not to assert any right or 160 | authority to forbid You from making technical modifications 161 | necessary to exercise the Licensed Rights, including 162 | technical modifications necessary to circumvent Effective 163 | Technological Measures. For purposes of this Public License, 164 | simply making modifications authorized by this Section 2(a) 165 | (4) never produces Adapted Material. 166 | 167 | 5. Downstream recipients. 168 | 169 | a. Offer from the Licensor -- Licensed Material. Every 170 | recipient of the Licensed Material automatically 171 | receives an offer from the Licensor to exercise the 172 | Licensed Rights under the terms and conditions of this 173 | Public License. 174 | 175 | b. No downstream restrictions. You may not offer or impose 176 | any additional or different terms or conditions on, or 177 | apply any Effective Technological Measures to, the 178 | Licensed Material if doing so restricts exercise of the 179 | Licensed Rights by any recipient of the Licensed 180 | Material. 181 | 182 | 6. No endorsement. Nothing in this Public License constitutes or 183 | may be construed as permission to assert or imply that You 184 | are, or that Your use of the Licensed Material is, connected 185 | with, or sponsored, endorsed, or granted official status by, 186 | the Licensor or others designated to receive attribution as 187 | provided in Section 3(a)(1)(A)(i). 188 | 189 | b. Other rights. 190 | 191 | 1. Moral rights, such as the right of integrity, are not 192 | licensed under this Public License, nor are publicity, 193 | privacy, and/or other similar personality rights; however, to 194 | the extent possible, the Licensor waives and/or agrees not to 195 | assert any such rights held by the Licensor to the limited 196 | extent necessary to allow You to exercise the Licensed 197 | Rights, but not otherwise. 198 | 199 | 2. Patent and trademark rights are not licensed under this 200 | Public License. 201 | 202 | 3. To the extent possible, the Licensor waives any right to 203 | collect royalties from You for the exercise of the Licensed 204 | Rights, whether directly or through a collecting society 205 | under any voluntary or waivable statutory or compulsory 206 | licensing scheme. In all other cases the Licensor expressly 207 | reserves any right to collect such royalties. 208 | 209 | 210 | Section 3 -- License Conditions. 211 | 212 | Your exercise of the Licensed Rights is expressly made subject to the 213 | following conditions. 214 | 215 | a. Attribution. 216 | 217 | 1. If You Share the Licensed Material (including in modified 218 | form), You must: 219 | 220 | a. retain the following if it is supplied by the Licensor 221 | with the Licensed Material: 222 | 223 | i. identification of the creator(s) of the Licensed 224 | Material and any others designated to receive 225 | attribution, in any reasonable manner requested by 226 | the Licensor (including by pseudonym if 227 | designated); 228 | 229 | ii. a copyright notice; 230 | 231 | iii. a notice that refers to this Public License; 232 | 233 | iv. a notice that refers to the disclaimer of 234 | warranties; 235 | 236 | v. a URI or hyperlink to the Licensed Material to the 237 | extent reasonably practicable; 238 | 239 | b. indicate if You modified the Licensed Material and 240 | retain an indication of any previous modifications; and 241 | 242 | c. indicate the Licensed Material is licensed under this 243 | Public License, and include the text of, or the URI or 244 | hyperlink to, this Public License. 245 | 246 | 2. You may satisfy the conditions in Section 3(a)(1) in any 247 | reasonable manner based on the medium, means, and context in 248 | which You Share the Licensed Material. For example, it may be 249 | reasonable to satisfy the conditions by providing a URI or 250 | hyperlink to a resource that includes the required 251 | information. 252 | 253 | 3. If requested by the Licensor, You must remove any of the 254 | information required by Section 3(a)(1)(A) to the extent 255 | reasonably practicable. 256 | 257 | 4. If You Share Adapted Material You produce, the Adapter's 258 | License You apply must not prevent recipients of the Adapted 259 | Material from complying with this Public License. 260 | 261 | 262 | Section 4 -- Sui Generis Database Rights. 263 | 264 | Where the Licensed Rights include Sui Generis Database Rights that 265 | apply to Your use of the Licensed Material: 266 | 267 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right 268 | to extract, reuse, reproduce, and Share all or a substantial 269 | portion of the contents of the database; 270 | 271 | b. if You include all or a substantial portion of the database 272 | contents in a database in which You have Sui Generis Database 273 | Rights, then the database in which You have Sui Generis Database 274 | Rights (but not its individual contents) is Adapted Material; and 275 | 276 | c. You must comply with the conditions in Section 3(a) if You Share 277 | all or a substantial portion of the contents of the database. 278 | 279 | For the avoidance of doubt, this Section 4 supplements and does not 280 | replace Your obligations under this Public License where the Licensed 281 | Rights include other Copyright and Similar Rights. 282 | 283 | 284 | Section 5 -- Disclaimer of Warranties and Limitation of Liability. 285 | 286 | a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE 287 | EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS 288 | AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF 289 | ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, 290 | IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, 291 | WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR 292 | PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, 293 | ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT 294 | KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT 295 | ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. 296 | 297 | b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE 298 | TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, 299 | NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, 300 | INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, 301 | COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR 302 | USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN 303 | ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR 304 | DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR 305 | IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. 306 | 307 | c. The disclaimer of warranties and limitation of liability provided 308 | above shall be interpreted in a manner that, to the extent 309 | possible, most closely approximates an absolute disclaimer and 310 | waiver of all liability. 311 | 312 | 313 | Section 6 -- Term and Termination. 314 | 315 | a. This Public License applies for the term of the Copyright and 316 | Similar Rights licensed here. However, if You fail to comply with 317 | this Public License, then Your rights under this Public License 318 | terminate automatically. 319 | 320 | b. Where Your right to use the Licensed Material has terminated under 321 | Section 6(a), it reinstates: 322 | 323 | 1. automatically as of the date the violation is cured, provided 324 | it is cured within 30 days of Your discovery of the 325 | violation; or 326 | 327 | 2. upon express reinstatement by the Licensor. 328 | 329 | For the avoidance of doubt, this Section 6(b) does not affect any 330 | right the Licensor may have to seek remedies for Your violations 331 | of this Public License. 332 | 333 | c. For the avoidance of doubt, the Licensor may also offer the 334 | Licensed Material under separate terms or conditions or stop 335 | distributing the Licensed Material at any time; however, doing so 336 | will not terminate this Public License. 337 | 338 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public 339 | License. 340 | 341 | 342 | Section 7 -- Other Terms and Conditions. 343 | 344 | a. The Licensor shall not be bound by any additional or different 345 | terms or conditions communicated by You unless expressly agreed. 346 | 347 | b. Any arrangements, understandings, or agreements regarding the 348 | Licensed Material not stated herein are separate from and 349 | independent of the terms and conditions of this Public License. 350 | 351 | 352 | Section 8 -- Interpretation. 353 | 354 | a. For the avoidance of doubt, this Public License does not, and 355 | shall not be interpreted to, reduce, limit, restrict, or impose 356 | conditions on any use of the Licensed Material that could lawfully 357 | be made without permission under this Public License. 358 | 359 | b. To the extent possible, if any provision of this Public License is 360 | deemed unenforceable, it shall be automatically reformed to the 361 | minimum extent necessary to make it enforceable. If the provision 362 | cannot be reformed, it shall be severed from this Public License 363 | without affecting the enforceability of the remaining terms and 364 | conditions. 365 | 366 | c. No term or condition of this Public License will be waived and no 367 | failure to comply consented to unless expressly agreed to by the 368 | Licensor. 369 | 370 | d. Nothing in this Public License constitutes or may be interpreted 371 | as a limitation upon, or waiver of, any privileges and immunities 372 | that apply to the Licensor or You, including from the legal 373 | processes of any jurisdiction or authority. 374 | 375 | 376 | ======================================================================= 377 | 378 | Creative Commons is not a party to its public 379 | licenses. Notwithstanding, Creative Commons may elect to apply one of 380 | its public licenses to material it publishes and in those instances 381 | will be considered the “Licensor.” The text of the Creative Commons 382 | public licenses is dedicated to the public domain under the CC0 Public 383 | Domain Dedication. Except for the limited purpose of indicating that 384 | material is shared under a Creative Commons public license or as 385 | otherwise permitted by the Creative Commons policies published at 386 | creativecommons.org/policies, Creative Commons does not authorize the 387 | use of the trademark "Creative Commons" or any other trademark or logo 388 | of Creative Commons without its prior written consent including, 389 | without limitation, in connection with any unauthorized modifications 390 | to any of its public licenses or any other arrangements, 391 | understandings, or agreements concerning use of licensed material. For 392 | the avoidance of doubt, this paragraph does not form part of the 393 | public licenses. 394 | 395 | Creative Commons may be contacted at creativecommons.org. 396 | -------------------------------------------------------------------------------- /source/NativeLib/NativeLib.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 15.0 30 | {DAA25F59-2B60-422E-9AF6-BE56CF70DA99} 31 | Win32Proj 32 | NativeLib 33 | 10.0.17763.0 34 | 35 | 36 | 37 | StaticLibrary 38 | true 39 | v141 40 | Unicode 41 | 42 | 43 | StaticLibrary 44 | false 45 | v141 46 | true 47 | Unicode 48 | 49 | 50 | StaticLibrary 51 | true 52 | v141 53 | Unicode 54 | 55 | 56 | StaticLibrary 57 | false 58 | v141 59 | true 60 | Unicode 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | false 82 | $(ProjectDir);$(IncludePath) 83 | 84 | 85 | true 86 | 87 | 88 | true 89 | 90 | 91 | false 92 | 93 | 94 | 95 | NotUsing 96 | Level3 97 | MaxSpeed 98 | true 99 | true 100 | true 101 | WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) 102 | true 103 | MultiThreaded 104 | 105 | 106 | Windows 107 | true 108 | true 109 | true 110 | 111 | 112 | 113 | 114 | Use 115 | Level3 116 | Disabled 117 | true 118 | WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) 119 | true 120 | 121 | 122 | Windows 123 | true 124 | 125 | 126 | 127 | 128 | Use 129 | Level3 130 | Disabled 131 | true 132 | _DEBUG;_LIB;%(PreprocessorDefinitions) 133 | true 134 | 135 | 136 | Windows 137 | true 138 | 139 | 140 | 141 | 142 | NotUsing 143 | Level3 144 | MaxSpeed 145 | true 146 | true 147 | true 148 | NDEBUG;_LIB;%(PreprocessorDefinitions) 149 | true 150 | 151 | 152 | Windows 153 | true 154 | true 155 | true 156 | 157 | 158 | 159 | 160 | 161 | -------------------------------------------------------------------------------- /source/NativeLib/NativeLib.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | Header Files 23 | 24 | 25 | 26 | 27 | Source Files 28 | 29 | 30 | -------------------------------------------------------------------------------- /source/NativeLib/NativeLib.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /source/NativeLib/mountmgr.h: -------------------------------------------------------------------------------- 1 | /*++ 2 | 3 | Copyright (c) 1997-1999 Microsoft Corporation 4 | 5 | Module Name: 6 | 7 | mountmgr.h 8 | 9 | Abstract: 10 | 11 | This file defines the external mount point interface for administering 12 | mount points. 13 | 14 | Revision History: 15 | 16 | --*/ 17 | 18 | #ifndef _MOUNTMGR_ 19 | #define _MOUNTMGR_ 20 | 21 | #if _MSC_VER > 1000 22 | #pragma once 23 | #endif 24 | 25 | #ifndef FAR 26 | #define FAR 27 | #endif 28 | 29 | #if (NTDDI_VERSION >= NTDDI_WIN2K) 30 | 31 | #define MOUNTMGR_DEVICE_NAME L"\\Device\\MountPointManager" 32 | #define MOUNTMGR_DOS_DEVICE_NAME L"\\\\.\\MountPointManager" 33 | 34 | #define MOUNTMGRCONTROLTYPE 0x0000006D // 'm' 35 | #define MOUNTDEVCONTROLTYPE 0x0000004D // 'M' 36 | 37 | // 38 | // These are the IOCTLs supported by the mount point manager. 39 | // 40 | 41 | #define IOCTL_MOUNTMGR_CREATE_POINT CTL_CODE(MOUNTMGRCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 42 | #define IOCTL_MOUNTMGR_DELETE_POINTS CTL_CODE(MOUNTMGRCONTROLTYPE, 1, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 43 | #define IOCTL_MOUNTMGR_QUERY_POINTS CTL_CODE(MOUNTMGRCONTROLTYPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) 44 | #define IOCTL_MOUNTMGR_DELETE_POINTS_DBONLY CTL_CODE(MOUNTMGRCONTROLTYPE, 3, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 45 | #define IOCTL_MOUNTMGR_NEXT_DRIVE_LETTER CTL_CODE(MOUNTMGRCONTROLTYPE, 4, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 46 | #define IOCTL_MOUNTMGR_AUTO_DL_ASSIGNMENTS CTL_CODE(MOUNTMGRCONTROLTYPE, 5, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 47 | #define IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED CTL_CODE(MOUNTMGRCONTROLTYPE, 6, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 48 | #define IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED CTL_CODE(MOUNTMGRCONTROLTYPE, 7, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 49 | #define IOCTL_MOUNTMGR_CHANGE_NOTIFY CTL_CODE(MOUNTMGRCONTROLTYPE, 8, METHOD_BUFFERED, FILE_READ_ACCESS) 50 | #define IOCTL_MOUNTMGR_KEEP_LINKS_WHEN_OFFLINE CTL_CODE(MOUNTMGRCONTROLTYPE, 9, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 51 | #define IOCTL_MOUNTMGR_CHECK_UNPROCESSED_VOLUMES CTL_CODE(MOUNTMGRCONTROLTYPE, 10, METHOD_BUFFERED, FILE_READ_ACCESS) 52 | #define IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION CTL_CODE(MOUNTMGRCONTROLTYPE, 11, METHOD_BUFFERED, FILE_READ_ACCESS) 53 | 54 | // 55 | // Input structure for IOCTL_MOUNTMGR_CREATE_POINT. 56 | // 57 | 58 | typedef struct _MOUNTMGR_CREATE_POINT_INPUT { 59 | USHORT SymbolicLinkNameOffset; 60 | USHORT SymbolicLinkNameLength; 61 | USHORT DeviceNameOffset; 62 | USHORT DeviceNameLength; 63 | } MOUNTMGR_CREATE_POINT_INPUT, *PMOUNTMGR_CREATE_POINT_INPUT; 64 | 65 | // 66 | // Input structure for IOCTL_MOUNTMGR_DELETE_POINTS, 67 | // IOCTL_MOUNTMGR_QUERY_POINTS, and IOCTL_MOUNTMGR_DELETE_POINTS_DBONLY. 68 | // 69 | 70 | typedef struct _MOUNTMGR_MOUNT_POINT { 71 | ULONG SymbolicLinkNameOffset; 72 | USHORT SymbolicLinkNameLength; 73 | USHORT Reserved1; 74 | ULONG UniqueIdOffset; 75 | USHORT UniqueIdLength; 76 | USHORT Reserved2; 77 | ULONG DeviceNameOffset; 78 | USHORT DeviceNameLength; 79 | USHORT Reserved3; 80 | } MOUNTMGR_MOUNT_POINT, *PMOUNTMGR_MOUNT_POINT; 81 | 82 | // 83 | // Output structure for IOCTL_MOUNTMGR_DELETE_POINTS, 84 | // IOCTL_MOUNTMGR_QUERY_POINTS, and IOCTL_MOUNTMGR_DELETE_POINTS_DBONLY. 85 | // 86 | 87 | typedef struct _MOUNTMGR_MOUNT_POINTS { 88 | ULONG Size; 89 | ULONG NumberOfMountPoints; 90 | MOUNTMGR_MOUNT_POINT MountPoints[1]; 91 | } MOUNTMGR_MOUNT_POINTS, *PMOUNTMGR_MOUNT_POINTS; 92 | 93 | // 94 | // Input structure for IOCTL_MOUNTMGR_NEXT_DRIVE_LETTER. 95 | // 96 | 97 | typedef struct _MOUNTMGR_DRIVE_LETTER_TARGET { 98 | USHORT DeviceNameLength; 99 | WCHAR DeviceName[1]; 100 | } MOUNTMGR_DRIVE_LETTER_TARGET, *PMOUNTMGR_DRIVE_LETTER_TARGET; 101 | 102 | // 103 | // Output structure for IOCTL_MOUNTMGR_NEXT_DRIVE_LETTER. 104 | // 105 | 106 | typedef struct _MOUNTMGR_DRIVE_LETTER_INFORMATION { 107 | BOOLEAN DriveLetterWasAssigned; 108 | UCHAR CurrentDriveLetter; 109 | } MOUNTMGR_DRIVE_LETTER_INFORMATION, *PMOUNTMGR_DRIVE_LETTER_INFORMATION; 110 | 111 | // 112 | // Input structure for IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED and 113 | // IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED. 114 | // 115 | 116 | typedef struct _MOUNTMGR_VOLUME_MOUNT_POINT { 117 | USHORT SourceVolumeNameOffset; 118 | USHORT SourceVolumeNameLength; 119 | USHORT TargetVolumeNameOffset; 120 | USHORT TargetVolumeNameLength; 121 | } MOUNTMGR_VOLUME_MOUNT_POINT, *PMOUNTMGR_VOLUME_MOUNT_POINT; 122 | 123 | // 124 | // Input structure for IOCTL_MOUNTMGR_CHANGE_NOTIFY. 125 | // Output structure for IOCTL_MOUNTMGR_CHANGE_NOTIFY. 126 | // 127 | 128 | typedef struct _MOUNTMGR_CHANGE_NOTIFY_INFO { 129 | ULONG EpicNumber; 130 | } MOUNTMGR_CHANGE_NOTIFY_INFO, *PMOUNTMGR_CHANGE_NOTIFY_INFO; 131 | 132 | // 133 | // Input structure for IOCTL_MOUNTMGR_KEEP_LINKS_WHEN_OFFLINE, 134 | // IOCTL_MOUNTMGR_VOLUME_ARRIVAL_NOTIFICATION, 135 | // IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH, and 136 | // IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS. 137 | // IOCTL_MOUNTMGR_PREPARE_VOLUME_DELETE 138 | // IOCTL_MOUNTMGR_CANCEL_VOLUME_DELETE 139 | // 140 | 141 | typedef struct _MOUNTMGR_TARGET_NAME { 142 | USHORT DeviceNameLength; 143 | WCHAR DeviceName[1]; 144 | } MOUNTMGR_TARGET_NAME, *PMOUNTMGR_TARGET_NAME; 145 | 146 | // 147 | // Macro that defines what a "drive letter" mount point is. This macro can 148 | // be used to scan the result from QUERY_POINTS to discover which mount points 149 | // are find "drive letter" mount points. 150 | // 151 | 152 | #define MOUNTMGR_IS_DRIVE_LETTER(s) ( \ 153 | (s)->Length == 28 && \ 154 | (s)->Buffer[0] == '\\' && \ 155 | (s)->Buffer[1] == 'D' && \ 156 | (s)->Buffer[2] == 'o' && \ 157 | (s)->Buffer[3] == 's' && \ 158 | (s)->Buffer[4] == 'D' && \ 159 | (s)->Buffer[5] == 'e' && \ 160 | (s)->Buffer[6] == 'v' && \ 161 | (s)->Buffer[7] == 'i' && \ 162 | (s)->Buffer[8] == 'c' && \ 163 | (s)->Buffer[9] == 'e' && \ 164 | (s)->Buffer[10] == 's' && \ 165 | (s)->Buffer[11] == '\\' && \ 166 | (s)->Buffer[12] >= 'A' && \ 167 | (s)->Buffer[12] <= 'Z' && \ 168 | (s)->Buffer[13] == ':') 169 | 170 | // 171 | // Macro that defines what a "volume name" mount point is. This macro can 172 | // be used to scan the result from QUERY_POINTS to discover which mount points 173 | // are "volume name" mount points. 174 | // 175 | 176 | #define MOUNTMGR_IS_VOLUME_NAME(s) ( \ 177 | ((s)->Length == 96 || ((s)->Length == 98 && (s)->Buffer[48] == '\\')) && \ 178 | (s)->Buffer[0] == '\\' && \ 179 | ((s)->Buffer[1] == '?' || (s)->Buffer[1] == '\\') && \ 180 | (s)->Buffer[2] == '?' && \ 181 | (s)->Buffer[3] == '\\' && \ 182 | (s)->Buffer[4] == 'V' && \ 183 | (s)->Buffer[5] == 'o' && \ 184 | (s)->Buffer[6] == 'l' && \ 185 | (s)->Buffer[7] == 'u' && \ 186 | (s)->Buffer[8] == 'm' && \ 187 | (s)->Buffer[9] == 'e' && \ 188 | (s)->Buffer[10] == '{' && \ 189 | (s)->Buffer[19] == '-' && \ 190 | (s)->Buffer[24] == '-' && \ 191 | (s)->Buffer[29] == '-' && \ 192 | (s)->Buffer[34] == '-' && \ 193 | (s)->Buffer[47] == '}' \ 194 | ) 195 | 196 | // 197 | // The following IOCTL is supported by mounted devices. 198 | // 199 | 200 | #define IOCTL_MOUNTDEV_QUERY_DEVICE_NAME CTL_CODE(MOUNTDEVCONTROLTYPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) 201 | 202 | // 203 | // Output structure for IOCTL_MOUNTDEV_QUERY_DEVICE_NAME. 204 | // 205 | 206 | typedef struct _MOUNTDEV_NAME { 207 | USHORT NameLength; 208 | WCHAR Name[1]; 209 | } MOUNTDEV_NAME, *PMOUNTDEV_NAME; 210 | 211 | // 212 | // Devices that wish to be mounted should report this GUID in 213 | // IoRegisterDeviceInterface. 214 | // 215 | 216 | #ifdef DEFINE_GUID 217 | 218 | DEFINE_GUID(MOUNTDEV_MOUNTED_DEVICE_GUID, 0x53f5630d, 0xb6bf, 0x11d0, 0x94, 0xf2, 0x00, 0xa0, 0xc9, 0x1e, 0xfb, 0x8b); 219 | 220 | #endif 221 | 222 | 223 | #endif // NTDDI_VERSION >= NTDDI_WIN2K 224 | 225 | #if (NTDDI_VERSION >= NTDDI_WINXP) 226 | 227 | #define IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH CTL_CODE(MOUNTMGRCONTROLTYPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) 228 | #define IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS CTL_CODE(MOUNTMGRCONTROLTYPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS) 229 | 230 | // 231 | // Output structure for IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATH and 232 | // IOCTL_MOUNTMGR_QUERY_DOS_VOLUME_PATHS. 233 | // 234 | 235 | typedef struct _MOUNTMGR_VOLUME_PATHS { 236 | ULONG MultiSzLength; 237 | WCHAR MultiSz[1]; 238 | } MOUNTMGR_VOLUME_PATHS, *PMOUNTMGR_VOLUME_PATHS; 239 | 240 | 241 | #define MOUNTMGR_IS_DOS_VOLUME_NAME(s) ( \ 242 | MOUNTMGR_IS_VOLUME_NAME(s) && \ 243 | (s)->Length == 96 && \ 244 | (s)->Buffer[1] == '\\' \ 245 | ) 246 | 247 | #define MOUNTMGR_IS_DOS_VOLUME_NAME_WB(s) ( \ 248 | MOUNTMGR_IS_VOLUME_NAME(s) && \ 249 | (s)->Length == 98 && \ 250 | (s)->Buffer[1] == '\\' \ 251 | ) 252 | 253 | #define MOUNTMGR_IS_NT_VOLUME_NAME(s) ( \ 254 | MOUNTMGR_IS_VOLUME_NAME(s) && \ 255 | (s)->Length == 96 && \ 256 | (s)->Buffer[1] == '?' \ 257 | ) 258 | 259 | #define MOUNTMGR_IS_NT_VOLUME_NAME_WB(s) ( \ 260 | MOUNTMGR_IS_VOLUME_NAME(s) && \ 261 | (s)->Length == 98 && \ 262 | (s)->Buffer[1] == '?' \ 263 | ) 264 | 265 | #endif // NTDDI_VERSION >= NTDDI_WINXP 266 | 267 | #if (NTDDI_VERSION >= NTDDI_WS03) 268 | 269 | #define IOCTL_MOUNTMGR_SCRUB_REGISTRY CTL_CODE(MOUNTMGRCONTROLTYPE, 14, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 270 | #define IOCTL_MOUNTMGR_QUERY_AUTO_MOUNT CTL_CODE(MOUNTMGRCONTROLTYPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) 271 | #define IOCTL_MOUNTMGR_SET_AUTO_MOUNT CTL_CODE(MOUNTMGRCONTROLTYPE, 16, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 272 | 273 | // 274 | // Input / Output structure for querying / setting the auto-mount setting 275 | // 276 | 277 | typedef enum _MOUNTMGR_AUTO_MOUNT_STATE { 278 | Disabled = 0, 279 | Enabled 280 | } MOUNTMGR_AUTO_MOUNT_STATE; 281 | 282 | typedef struct _MOUNTMGR_QUERY_AUTO_MOUNT { 283 | MOUNTMGR_AUTO_MOUNT_STATE CurrentState; 284 | } MOUNTMGR_QUERY_AUTO_MOUNT, *PMOUNTMGR_QUERY_AUTO_MOUNT; 285 | 286 | typedef struct _MOUNTMGR_SET_AUTO_MOUNT { 287 | MOUNTMGR_AUTO_MOUNT_STATE NewState; 288 | } MOUNTMGR_SET_AUTO_MOUNT, *PMOUNTMGR_SET_AUTO_MOUNT; 289 | 290 | #endif // NTDDI_VERSION >= NTDDI_WS03 291 | 292 | #if (NTDDI_VERSION >= NTDDI_WIN7) 293 | 294 | #define IOCTL_MOUNTMGR_BOOT_DL_ASSIGNMENT CTL_CODE(MOUNTMGRCONTROLTYPE, 17, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 295 | #define IOCTL_MOUNTMGR_TRACELOG_CACHE CTL_CODE(MOUNTMGRCONTROLTYPE, 18, METHOD_BUFFERED, FILE_READ_ACCESS) 296 | 297 | #endif // NTDDI_VERSION >= NTDDI_WIN7 298 | 299 | #if (NTDDI_VERSION >= NTDDI_WIN8) 300 | 301 | #define IOCTL_MOUNTMGR_PREPARE_VOLUME_DELETE CTL_CODE(MOUNTMGRCONTROLTYPE, 19, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 302 | #define IOCTL_MOUNTMGR_CANCEL_VOLUME_DELETE CTL_CODE(MOUNTMGRCONTROLTYPE, 20, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 303 | 304 | #endif // NTDDI_VERSION >= NTDDI_WIN8 305 | 306 | #if (NTDDI_VERSION >= NTDDI_WIN10_RS1) 307 | 308 | #define IOCTL_MOUNTMGR_SILO_ARRIVAL CTL_CODE(MOUNTMGRCONTROLTYPE, 21, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 309 | 310 | // 311 | // Input structure for IOCTL_MOUNTMGR_SILO_ARRIVAL. 312 | // 313 | 314 | typedef struct _MOUNTMGR_SILO_ARRIVAL_INPUT { 315 | HANDLE JobHandle; 316 | } MOUNTMGR_SILO_ARRIVAL_INPUT, *PMOUNTMGR_SILO_ARRIVAL_INPUT; 317 | 318 | #endif // NTDDI_VERSION >= NTDDI_WIN10_RS1 319 | 320 | #if (NTDDI_VERSION >= NTDDI_WIN10_RS5) 321 | 322 | #define IOCTL_MOUNTMGR_VOLUME_REMOVAL_NOTIFICATION CTL_CODE(MOUNTMGRCONTROLTYPE, 22, METHOD_BUFFERED, FILE_READ_ACCESS) 323 | 324 | #endif // NTDDI_VERSION >= NTDDI_WIN10_RS5 325 | 326 | #endif // _MOUNTMGR_ 327 | -------------------------------------------------------------------------------- /source/NativeLib/ntdbg.h: -------------------------------------------------------------------------------- 1 | // Debugging 2 | 3 | #pragma once 4 | 5 | NTSYSAPI 6 | VOID 7 | NTAPI 8 | DbgUserBreakPoint( 9 | VOID 10 | ); 11 | 12 | NTSYSAPI 13 | VOID 14 | NTAPI 15 | DbgBreakPoint( 16 | VOID 17 | ); 18 | 19 | NTSYSAPI 20 | VOID 21 | NTAPI 22 | DbgBreakPointWithStatus( 23 | _In_ ULONG Status 24 | ); 25 | 26 | #define DBG_STATUS_CONTROL_C 1 27 | #define DBG_STATUS_SYSRQ 2 28 | #define DBG_STATUS_BUGCHECK_FIRST 3 29 | #define DBG_STATUS_BUGCHECK_SECOND 4 30 | #define DBG_STATUS_FATAL 5 31 | #define DBG_STATUS_DEBUG_CONTROL 6 32 | #define DBG_STATUS_WORKER 7 33 | 34 | NTSYSAPI 35 | ULONG 36 | STDAPIVCALLTYPE 37 | DbgPrint( 38 | _In_z_ _Printf_format_string_ PSTR Format, 39 | ... 40 | ); 41 | 42 | NTSYSAPI 43 | ULONG 44 | STDAPIVCALLTYPE 45 | DbgPrintEx( 46 | _In_ ULONG ComponentId, 47 | _In_ ULONG Level, 48 | _In_z_ _Printf_format_string_ PSTR Format, 49 | ... 50 | ); 51 | 52 | NTSYSAPI 53 | ULONG 54 | NTAPI 55 | vDbgPrintEx( 56 | _In_ ULONG ComponentId, 57 | _In_ ULONG Level, 58 | _In_z_ PCH Format, 59 | _In_ va_list arglist 60 | ); 61 | 62 | NTSYSAPI 63 | ULONG 64 | NTAPI 65 | vDbgPrintExWithPrefix( 66 | _In_z_ PCH Prefix, 67 | _In_ ULONG ComponentId, 68 | _In_ ULONG Level, 69 | _In_z_ PCH Format, 70 | _In_ va_list arglist 71 | ); 72 | 73 | NTSYSAPI 74 | NTSTATUS 75 | NTAPI 76 | DbgQueryDebugFilterState( 77 | _In_ ULONG ComponentId, 78 | _In_ ULONG Level 79 | ); 80 | 81 | NTSYSAPI 82 | NTSTATUS 83 | NTAPI 84 | DbgSetDebugFilterState( 85 | _In_ ULONG ComponentId, 86 | _In_ ULONG Level, 87 | _In_ BOOLEAN State 88 | ); 89 | 90 | NTSYSAPI 91 | ULONG 92 | NTAPI 93 | DbgPrompt( 94 | _In_ PCH Prompt, 95 | _Out_writes_bytes_(Length) PCH Response, 96 | _In_ ULONG Length 97 | ); 98 | 99 | // Definitions 100 | 101 | typedef struct _DBGKM_EXCEPTION 102 | { 103 | EXCEPTION_RECORD ExceptionRecord; 104 | ULONG FirstChance; 105 | } DBGKM_EXCEPTION, *PDBGKM_EXCEPTION; 106 | 107 | typedef struct _DBGKM_CREATE_THREAD 108 | { 109 | ULONG SubSystemKey; 110 | PVOID StartAddress; 111 | } DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD; 112 | 113 | typedef struct _DBGKM_CREATE_PROCESS 114 | { 115 | ULONG SubSystemKey; 116 | HANDLE FileHandle; 117 | PVOID BaseOfImage; 118 | ULONG DebugInfoFileOffset; 119 | ULONG DebugInfoSize; 120 | DBGKM_CREATE_THREAD InitialThread; 121 | } DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS; 122 | 123 | typedef struct _DBGKM_EXIT_THREAD 124 | { 125 | NTSTATUS ExitStatus; 126 | } DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD; 127 | 128 | typedef struct _DBGKM_EXIT_PROCESS 129 | { 130 | NTSTATUS ExitStatus; 131 | } DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS; 132 | 133 | typedef struct _DBGKM_LOAD_DLL 134 | { 135 | HANDLE FileHandle; 136 | PVOID BaseOfDll; 137 | ULONG DebugInfoFileOffset; 138 | ULONG DebugInfoSize; 139 | PVOID NamePointer; 140 | } DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL; 141 | 142 | typedef struct _DBGKM_UNLOAD_DLL 143 | { 144 | PVOID BaseAddress; 145 | } DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL; 146 | 147 | typedef enum _DBG_STATE 148 | { 149 | DbgIdle, 150 | DbgReplyPending, 151 | DbgCreateThreadStateChange, 152 | DbgCreateProcessStateChange, 153 | DbgExitThreadStateChange, 154 | DbgExitProcessStateChange, 155 | DbgExceptionStateChange, 156 | DbgBreakpointStateChange, 157 | DbgSingleStepStateChange, 158 | DbgLoadDllStateChange, 159 | DbgUnloadDllStateChange 160 | } DBG_STATE, *PDBG_STATE; 161 | 162 | typedef struct _DBGUI_CREATE_THREAD 163 | { 164 | HANDLE HandleToThread; 165 | DBGKM_CREATE_THREAD NewThread; 166 | } DBGUI_CREATE_THREAD, *PDBGUI_CREATE_THREAD; 167 | 168 | typedef struct _DBGUI_CREATE_PROCESS 169 | { 170 | HANDLE HandleToProcess; 171 | HANDLE HandleToThread; 172 | DBGKM_CREATE_PROCESS NewProcess; 173 | } DBGUI_CREATE_PROCESS, *PDBGUI_CREATE_PROCESS; 174 | 175 | typedef struct _DBGUI_WAIT_STATE_CHANGE 176 | { 177 | DBG_STATE NewState; 178 | CLIENT_ID AppClientId; 179 | union 180 | { 181 | DBGKM_EXCEPTION Exception; 182 | DBGUI_CREATE_THREAD CreateThread; 183 | DBGUI_CREATE_PROCESS CreateProcessInfo; 184 | DBGKM_EXIT_THREAD ExitThread; 185 | DBGKM_EXIT_PROCESS ExitProcess; 186 | DBGKM_LOAD_DLL LoadDll; 187 | DBGKM_UNLOAD_DLL UnloadDll; 188 | } StateInfo; 189 | } DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE; 190 | 191 | #define DEBUG_READ_EVENT 0x0001 192 | #define DEBUG_PROCESS_ASSIGN 0x0002 193 | #define DEBUG_SET_INFORMATION 0x0004 194 | #define DEBUG_QUERY_INFORMATION 0x0008 195 | #define DEBUG_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \ 196 | DEBUG_READ_EVENT | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | \ 197 | DEBUG_QUERY_INFORMATION) 198 | 199 | #define DEBUG_KILL_ON_CLOSE 0x1 200 | 201 | typedef enum _DEBUGOBJECTINFOCLASS 202 | { 203 | DebugObjectUnusedInformation, 204 | DebugObjectKillProcessOnExitInformation, 205 | MaxDebugObjectInfoClass 206 | } DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS; 207 | 208 | // System calls 209 | 210 | NTSYSCALLAPI 211 | NTSTATUS 212 | NTAPI 213 | NtCreateDebugObject( 214 | _Out_ PHANDLE DebugObjectHandle, 215 | _In_ ACCESS_MASK DesiredAccess, 216 | _In_ POBJECT_ATTRIBUTES ObjectAttributes, 217 | _In_ ULONG Flags 218 | ); 219 | 220 | NTSYSCALLAPI 221 | NTSTATUS 222 | NTAPI 223 | NtDebugActiveProcess( 224 | _In_ HANDLE ProcessHandle, 225 | _In_ HANDLE DebugObjectHandle 226 | ); 227 | 228 | NTSYSCALLAPI 229 | NTSTATUS 230 | NTAPI 231 | NtDebugContinue( 232 | _In_ HANDLE DebugObjectHandle, 233 | _In_ PCLIENT_ID ClientId, 234 | _In_ NTSTATUS ContinueStatus 235 | ); 236 | 237 | NTSYSCALLAPI 238 | NTSTATUS 239 | NTAPI 240 | NtRemoveProcessDebug( 241 | _In_ HANDLE ProcessHandle, 242 | _In_ HANDLE DebugObjectHandle 243 | ); 244 | 245 | NTSYSCALLAPI 246 | NTSTATUS 247 | NTAPI 248 | NtSetInformationDebugObject( 249 | _In_ HANDLE DebugObjectHandle, 250 | _In_ DEBUGOBJECTINFOCLASS DebugObjectInformationClass, 251 | _In_ PVOID DebugInformation, 252 | _In_ ULONG DebugInformationLength, 253 | _Out_opt_ PULONG ReturnLength 254 | ); 255 | 256 | NTSYSCALLAPI 257 | NTSTATUS 258 | NTAPI 259 | NtWaitForDebugEvent( 260 | _In_ HANDLE DebugObjectHandle, 261 | _In_ BOOLEAN Alertable, 262 | _In_opt_ PLARGE_INTEGER Timeout, 263 | _Out_ PVOID WaitStateChange 264 | ); 265 | 266 | // Debugging UI 267 | 268 | NTSYSAPI 269 | NTSTATUS 270 | NTAPI 271 | DbgUiConnectToDbg( 272 | VOID 273 | ); 274 | 275 | NTSYSAPI 276 | HANDLE 277 | NTAPI 278 | DbgUiGetThreadDebugObject( 279 | VOID 280 | ); 281 | 282 | NTSYSAPI 283 | VOID 284 | NTAPI 285 | DbgUiSetThreadDebugObject( 286 | _In_ HANDLE DebugObject 287 | ); 288 | 289 | NTSYSAPI 290 | NTSTATUS 291 | NTAPI 292 | DbgUiWaitStateChange( 293 | _Out_ PDBGUI_WAIT_STATE_CHANGE StateChange, 294 | _In_opt_ PLARGE_INTEGER Timeout 295 | ); 296 | 297 | NTSYSAPI 298 | NTSTATUS 299 | NTAPI 300 | DbgUiContinue( 301 | _In_ PCLIENT_ID AppClientId, 302 | _In_ NTSTATUS ContinueStatus 303 | ); 304 | 305 | NTSYSAPI 306 | NTSTATUS 307 | NTAPI 308 | DbgUiStopDebugging( 309 | _In_ HANDLE Process 310 | ); 311 | 312 | NTSYSAPI 313 | NTSTATUS 314 | NTAPI 315 | DbgUiDebugActiveProcess( 316 | _In_ HANDLE Process 317 | ); 318 | 319 | NTSYSAPI 320 | VOID 321 | NTAPI 322 | DbgUiRemoteBreakin( 323 | _In_ PVOID Context 324 | ); 325 | 326 | NTSYSAPI 327 | NTSTATUS 328 | NTAPI 329 | DbgUiIssueRemoteBreakin( 330 | _In_ HANDLE Process 331 | ); 332 | 333 | NTSYSAPI 334 | NTSTATUS 335 | NTAPI 336 | DbgUiConvertStateChangeStructure( 337 | _In_ PDBGUI_WAIT_STATE_CHANGE StateChange, 338 | _Out_ LPDEBUG_EVENT DebugEvent 339 | ); 340 | 341 | struct _EVENT_FILTER_DESCRIPTOR; 342 | 343 | typedef VOID (NTAPI *PENABLECALLBACK)( 344 | _In_ LPCGUID SourceId, 345 | _In_ ULONG IsEnabled, 346 | _In_ UCHAR Level, 347 | _In_ ULONGLONG MatchAnyKeyword, 348 | _In_ ULONGLONG MatchAllKeyword, 349 | _In_opt_ struct _EVENT_FILTER_DESCRIPTOR *FilterData, 350 | _Inout_opt_ PVOID CallbackContext 351 | ); 352 | 353 | typedef ULONGLONG REGHANDLE, *PREGHANDLE; 354 | 355 | NTSYSAPI 356 | NTSTATUS 357 | NTAPI 358 | EtwEventRegister( 359 | _In_ LPCGUID ProviderId, 360 | _In_opt_ PENABLECALLBACK EnableCallback, 361 | _In_opt_ PVOID CallbackContext, 362 | _Out_ PREGHANDLE RegHandle 363 | ); 364 | 365 | -------------------------------------------------------------------------------- /source/NativeLib/ntgdi.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define GDI_MAX_HANDLE_COUNT 0x4000 4 | 5 | #define GDI_HANDLE_INDEX_SHIFT 0 6 | #define GDI_HANDLE_INDEX_BITS 16 7 | #define GDI_HANDLE_INDEX_MASK 0xffff 8 | 9 | #define GDI_HANDLE_TYPE_SHIFT 16 10 | #define GDI_HANDLE_TYPE_BITS 5 11 | #define GDI_HANDLE_TYPE_MASK 0x1f 12 | 13 | #define GDI_HANDLE_ALTTYPE_SHIFT 21 14 | #define GDI_HANDLE_ALTTYPE_BITS 2 15 | #define GDI_HANDLE_ALTTYPE_MASK 0x3 16 | 17 | #define GDI_HANDLE_STOCK_SHIFT 23 18 | #define GDI_HANDLE_STOCK_BITS 1 19 | #define GDI_HANDLE_STOCK_MASK 0x1 20 | 21 | #define GDI_HANDLE_UNIQUE_SHIFT 24 22 | #define GDI_HANDLE_UNIQUE_BITS 8 23 | #define GDI_HANDLE_UNIQUE_MASK 0xff 24 | 25 | #define GDI_HANDLE_INDEX(Handle) ((ULONG)(Handle) & GDI_HANDLE_INDEX_MASK) 26 | #define GDI_HANDLE_TYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_TYPE_SHIFT) & GDI_HANDLE_TYPE_MASK) 27 | #define GDI_HANDLE_ALTTYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_ALTTYPE_SHIFT) & GDI_HANDLE_ALTTYPE_MASK) 28 | #define GDI_HANDLE_STOCK(Handle) (((ULONG)(Handle) >> GDI_HANDLE_STOCK_SHIFT)) & GDI_HANDLE_STOCK_MASK) 29 | 30 | #define GDI_MAKE_HANDLE(Index, Unique) ((ULONG)(((ULONG)(Unique) << GDI_HANDLE_INDEX_BITS) | (ULONG)(Index))) 31 | 32 | // GDI server-side types 33 | 34 | #define GDI_DEF_TYPE 0 // invalid handle 35 | #define GDI_DC_TYPE 1 36 | #define GDI_DD_DIRECTDRAW_TYPE 2 37 | #define GDI_DD_SURFACE_TYPE 3 38 | #define GDI_RGN_TYPE 4 39 | #define GDI_SURF_TYPE 5 40 | #define GDI_CLIENTOBJ_TYPE 6 41 | #define GDI_PATH_TYPE 7 42 | #define GDI_PAL_TYPE 8 43 | #define GDI_ICMLCS_TYPE 9 44 | #define GDI_LFONT_TYPE 10 45 | #define GDI_RFONT_TYPE 11 46 | #define GDI_PFE_TYPE 12 47 | #define GDI_PFT_TYPE 13 48 | #define GDI_ICMCXF_TYPE 14 49 | #define GDI_ICMDLL_TYPE 15 50 | #define GDI_BRUSH_TYPE 16 51 | #define GDI_PFF_TYPE 17 // unused 52 | #define GDI_CACHE_TYPE 18 // unused 53 | #define GDI_SPACE_TYPE 19 54 | #define GDI_DBRUSH_TYPE 20 // unused 55 | #define GDI_META_TYPE 21 56 | #define GDI_EFSTATE_TYPE 22 57 | #define GDI_BMFD_TYPE 23 // unused 58 | #define GDI_VTFD_TYPE 24 // unused 59 | #define GDI_TTFD_TYPE 25 // unused 60 | #define GDI_RC_TYPE 26 // unused 61 | #define GDI_TEMP_TYPE 27 // unused 62 | #define GDI_DRVOBJ_TYPE 28 63 | #define GDI_DCIOBJ_TYPE 29 // unused 64 | #define GDI_SPOOL_TYPE 30 65 | 66 | // GDI client-side types 67 | 68 | #define GDI_CLIENT_TYPE_FROM_HANDLE(Handle) ((ULONG)(Handle) & ((GDI_HANDLE_ALTTYPE_MASK << GDI_HANDLE_ALTTYPE_SHIFT) | \ 69 | (GDI_HANDLE_TYPE_MASK << GDI_HANDLE_TYPE_SHIFT))) 70 | #define GDI_CLIENT_TYPE_FROM_UNIQUE(Unique) GDI_CLIENT_TYPE_FROM_HANDLE((ULONG)(Unique) << 16) 71 | 72 | #define GDI_ALTTYPE_1 (1 << GDI_HANDLE_ALTTYPE_SHIFT) 73 | #define GDI_ALTTYPE_2 (2 << GDI_HANDLE_ALTTYPE_SHIFT) 74 | #define GDI_ALTTYPE_3 (3 << GDI_HANDLE_ALTTYPE_SHIFT) 75 | 76 | #define GDI_CLIENT_BITMAP_TYPE (GDI_SURF_TYPE << GDI_HANDLE_TYPE_SHIFT) 77 | #define GDI_CLIENT_BRUSH_TYPE (GDI_BRUSH_TYPE << GDI_HANDLE_TYPE_SHIFT) 78 | #define GDI_CLIENT_CLIENTOBJ_TYPE (GDI_CLIENTOBJ_TYPE << GDI_HANDLE_TYPE_SHIFT) 79 | #define GDI_CLIENT_DC_TYPE (GDI_DC_TYPE << GDI_HANDLE_TYPE_SHIFT) 80 | #define GDI_CLIENT_FONT_TYPE (GDI_LFONT_TYPE << GDI_HANDLE_TYPE_SHIFT) 81 | #define GDI_CLIENT_PALETTE_TYPE (GDI_PAL_TYPE << GDI_HANDLE_TYPE_SHIFT) 82 | #define GDI_CLIENT_REGION_TYPE (GDI_RGN_TYPE << GDI_HANDLE_TYPE_SHIFT) 83 | 84 | #define GDI_CLIENT_ALTDC_TYPE (GDI_CLIENT_DC_TYPE | GDI_ALTTYPE_1) 85 | #define GDI_CLIENT_DIBSECTION_TYPE (GDI_CLIENT_BITMAP_TYPE | GDI_ALTTYPE_1) 86 | #define GDI_CLIENT_EXTPEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_2) 87 | #define GDI_CLIENT_METADC16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_3) 88 | #define GDI_CLIENT_METAFILE_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_2) 89 | #define GDI_CLIENT_METAFILE16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_1) 90 | #define GDI_CLIENT_PEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_1) 91 | 92 | typedef struct _GDI_HANDLE_ENTRY 93 | { 94 | union 95 | { 96 | PVOID Object; 97 | PVOID NextFree; 98 | }; 99 | union 100 | { 101 | struct 102 | { 103 | USHORT ProcessId; 104 | USHORT Lock : 1; 105 | USHORT Count : 15; 106 | }; 107 | ULONG Value; 108 | } Owner; 109 | USHORT Unique; 110 | UCHAR Type; 111 | UCHAR Flags; 112 | PVOID UserPointer; 113 | } GDI_HANDLE_ENTRY, *PGDI_HANDLE_ENTRY; 114 | 115 | typedef struct _GDI_SHARED_MEMORY 116 | { 117 | GDI_HANDLE_ENTRY Handles[GDI_MAX_HANDLE_COUNT]; 118 | } GDI_SHARED_MEMORY, *PGDI_SHARED_MEMORY; 119 | 120 | -------------------------------------------------------------------------------- /source/NativeLib/ntkeapi.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define LOW_PRIORITY 0 // Lowest thread priority level 4 | #define LOW_REALTIME_PRIORITY 16 // Lowest realtime priority level 5 | #define HIGH_PRIORITY 31 // Highest thread priority level 6 | #define MAXIMUM_PRIORITY 32 // Number of thread priority levels 7 | 8 | typedef enum _KTHREAD_STATE 9 | { 10 | Initialized, 11 | Ready, 12 | Running, 13 | Standby, 14 | Terminated, 15 | Waiting, 16 | Transition, 17 | DeferredReady, 18 | GateWaitObsolete, 19 | WaitingForProcessInSwap, 20 | MaximumThreadState 21 | } KTHREAD_STATE, *PKTHREAD_STATE; 22 | 23 | // private 24 | typedef enum _KHETERO_CPU_POLICY 25 | { 26 | KHeteroCpuPolicyAll, 27 | KHeteroCpuPolicyLarge, 28 | KHeteroCpuPolicyLargeOrIdle, 29 | KHeteroCpuPolicySmall, 30 | KHeteroCpuPolicySmallOrIdle, 31 | KHeteroCpuPolicyDynamic, 32 | KHeteroCpuPolicyStaticMax, 33 | KHeteroCpuPolicyBiasedSmall, 34 | KHeteroCpuPolicyBiasedLarge, 35 | KHeteroCpuPolicyDefault, 36 | KHeteroCpuPolicyMax 37 | } KHETERO_CPU_POLICY, *PKHETERO_CPU_POLICY; 38 | 39 | typedef enum _KWAIT_REASON 40 | { 41 | Executive, 42 | FreePage, 43 | PageIn, 44 | PoolAllocation, 45 | DelayExecution, 46 | Suspended, 47 | UserRequest, 48 | WrExecutive, 49 | WrFreePage, 50 | WrPageIn, 51 | WrPoolAllocation, 52 | WrDelayExecution, 53 | WrSuspended, 54 | WrUserRequest, 55 | WrEventPair, 56 | WrQueue, 57 | WrLpcReceive, 58 | WrLpcReply, 59 | WrVirtualMemory, 60 | WrPageOut, 61 | WrRendezvous, 62 | WrKeyedEvent, 63 | WrTerminated, 64 | WrProcessInSwap, 65 | WrCpuRateControl, 66 | WrCalloutStack, 67 | WrKernel, 68 | WrResource, 69 | WrPushLock, 70 | WrMutex, 71 | WrQuantumEnd, 72 | WrDispatchInt, 73 | WrPreempted, 74 | WrYieldExecution, 75 | WrFastMutex, 76 | WrGuardedMutex, 77 | WrRundown, 78 | WrAlertByThreadId, 79 | WrDeferredPreempt, 80 | MaximumWaitReason 81 | } KWAIT_REASON, *PKWAIT_REASON; 82 | 83 | typedef enum _KPROFILE_SOURCE 84 | { 85 | ProfileTime, 86 | ProfileAlignmentFixup, 87 | ProfileTotalIssues, 88 | ProfilePipelineDry, 89 | ProfileLoadInstructions, 90 | ProfilePipelineFrozen, 91 | ProfileBranchInstructions, 92 | ProfileTotalNonissues, 93 | ProfileDcacheMisses, 94 | ProfileIcacheMisses, 95 | ProfileCacheMisses, 96 | ProfileBranchMispredictions, 97 | ProfileStoreInstructions, 98 | ProfileFpInstructions, 99 | ProfileIntegerInstructions, 100 | Profile2Issue, 101 | Profile3Issue, 102 | Profile4Issue, 103 | ProfileSpecialInstructions, 104 | ProfileTotalCycles, 105 | ProfileIcacheIssues, 106 | ProfileDcacheAccesses, 107 | ProfileMemoryBarrierCycles, 108 | ProfileLoadLinkedIssues, 109 | ProfileMaximum 110 | } KPROFILE_SOURCE; 111 | 112 | NTSYSCALLAPI 113 | NTSTATUS 114 | NTAPI 115 | NtCallbackReturn( 116 | _In_reads_bytes_opt_(OutputLength) PVOID OutputBuffer, 117 | _In_ ULONG OutputLength, 118 | _In_ NTSTATUS Status 119 | ); 120 | 121 | #if (NTDDI_VERSION >= NTDDI_VISTA) 122 | NTSYSCALLAPI 123 | VOID 124 | NTAPI 125 | NtFlushProcessWriteBuffers( 126 | VOID 127 | ); 128 | #endif 129 | 130 | NTSYSCALLAPI 131 | NTSTATUS 132 | NTAPI 133 | NtQueryDebugFilterState( 134 | _In_ ULONG ComponentId, 135 | _In_ ULONG Level 136 | ); 137 | 138 | NTSYSCALLAPI 139 | NTSTATUS 140 | NTAPI 141 | NtSetDebugFilterState( 142 | _In_ ULONG ComponentId, 143 | _In_ ULONG Level, 144 | _In_ BOOLEAN State 145 | ); 146 | 147 | NTSYSCALLAPI 148 | NTSTATUS 149 | NTAPI 150 | NtYieldExecution( 151 | VOID 152 | ); 153 | 154 | -------------------------------------------------------------------------------- /source/NativeLib/ntmisc.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Filter manager 4 | 5 | #define FLT_PORT_CONNECT 0x0001 6 | #define FLT_PORT_ALL_ACCESS (FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL) 7 | 8 | // VDM 9 | 10 | typedef enum _VDMSERVICECLASS 11 | { 12 | VdmStartExecution, 13 | VdmQueueInterrupt, 14 | VdmDelayInterrupt, 15 | VdmInitialize, 16 | VdmFeatures, 17 | VdmSetInt21Handler, 18 | VdmQueryDir, 19 | VdmPrinterDirectIoOpen, 20 | VdmPrinterDirectIoClose, 21 | VdmPrinterInitialize, 22 | VdmSetLdtEntries, 23 | VdmSetProcessLdtInfo, 24 | VdmAdlibEmulation, 25 | VdmPMCliControl, 26 | VdmQueryVdmProcess 27 | } VDMSERVICECLASS, *PVDMSERVICECLASS; 28 | 29 | NTSYSCALLAPI 30 | NTSTATUS 31 | NTAPI 32 | NtVdmControl( 33 | _In_ VDMSERVICECLASS Service, 34 | _Inout_ PVOID ServiceData 35 | ); 36 | 37 | // WMI/ETW 38 | 39 | NTSYSCALLAPI 40 | NTSTATUS 41 | NTAPI 42 | NtTraceEvent( 43 | _In_ HANDLE TraceHandle, 44 | _In_ ULONG Flags, 45 | _In_ ULONG FieldSize, 46 | _In_ PVOID Fields 47 | ); 48 | 49 | 50 | /* 51 | None = 0, 52 | String = 1, 53 | ExpandString = 2, 54 | Binary = 3, 55 | Dword = 4, 56 | DwordBigEndian = 5, 57 | Link = 6, 58 | MultiString = 7, 59 | ResourceList = 8, 60 | FullResourceDescriptor = 9, 61 | ResourceRequirementsList = 10, 62 | Qword = 11 63 | */ 64 | 65 | 66 | #if (NTDDI_VERSION >= NTDDI_VISTA) 67 | // private 68 | NTSYSCALLAPI 69 | NTSTATUS 70 | NTAPI 71 | NtTraceControl( 72 | _In_ ULONG FunctionCode, 73 | _In_reads_bytes_opt_(InBufferLen) PVOID InBuffer, 74 | _In_ ULONG InBufferLen, 75 | _Out_writes_bytes_opt_(OutBufferLen) PVOID OutBuffer, 76 | _In_ ULONG OutBufferLen, 77 | _Out_ PULONG ReturnLength 78 | ); 79 | #endif 80 | 81 | 82 | typedef ULONG REGISTRY_VALUE_TYPE; 83 | 84 | NTSYSCALLAPI 85 | NTSTATUS 86 | NTAPI 87 | NtQueryLicenseValue( 88 | _In_ PUNICODE_STRING Name, 89 | _Out_ REGISTRY_VALUE_TYPE* Type, 90 | _Out_writes_bytes_opt_(Length) PVOID Buffer, 91 | _In_ ULONG Length, 92 | _Out_ PULONG ReturnLength 93 | ); 94 | 95 | 96 | 97 | -------------------------------------------------------------------------------- /source/NativeLib/ntnls.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define MAXIMUM_LEADBYTES 12 4 | 5 | typedef struct _CPTABLEINFO 6 | { 7 | USHORT CodePage; 8 | USHORT MaximumCharacterSize; 9 | USHORT DefaultChar; 10 | USHORT UniDefaultChar; 11 | USHORT TransDefaultChar; 12 | USHORT TransUniDefaultChar; 13 | USHORT DBCSCodePage; 14 | UCHAR LeadByte[MAXIMUM_LEADBYTES]; 15 | PUSHORT MultiByteTable; 16 | PVOID WideCharTable; 17 | PUSHORT DBCSRanges; 18 | PUSHORT DBCSOffsets; 19 | } CPTABLEINFO, *PCPTABLEINFO; 20 | 21 | typedef struct _NLSTABLEINFO 22 | { 23 | CPTABLEINFO OemTableInfo; 24 | CPTABLEINFO AnsiTableInfo; 25 | PUSHORT UpperCaseTable; 26 | PUSHORT LowerCaseTable; 27 | } NLSTABLEINFO, *PNLSTABLEINFO; 28 | 29 | NTSYSAPI USHORT NlsAnsiCodePage; 30 | NTSYSAPI BOOLEAN NlsMbCodePageTag; 31 | NTSYSAPI BOOLEAN NlsMbOemCodePageTag; 32 | 33 | -------------------------------------------------------------------------------- /source/NativeLib/ntobapi.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define OBJECT_TYPE_CREATE 0x0001 4 | #define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1) 5 | 6 | #define DIRECTORY_QUERY 0x0001 7 | #define DIRECTORY_TRAVERSE 0x0002 8 | #define DIRECTORY_CREATE_OBJECT 0x0004 9 | #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008 10 | #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xf) 11 | 12 | #define SYMBOLIC_LINK_QUERY 0x0001 13 | #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1) 14 | 15 | #define OBJ_PROTECT_CLOSE 0x00000001 16 | #ifndef OBJ_INHERIT 17 | #define OBJ_INHERIT 0x00000002 18 | #endif 19 | #define OBJ_AUDIT_OBJECT_CLOSE 0x00000004 20 | 21 | typedef enum _OBJECT_INFORMATION_CLASS 22 | { 23 | ObjectBasicInformation, // OBJECT_BASIC_INFORMATION 24 | ObjectNameInformation, // OBJECT_NAME_INFORMATION 25 | ObjectTypeInformation, // OBJECT_TYPE_INFORMATION 26 | ObjectTypesInformation, // OBJECT_TYPES_INFORMATION 27 | ObjectHandleFlagInformation, // OBJECT_HANDLE_FLAG_INFORMATION 28 | ObjectSessionInformation, 29 | ObjectSessionObjectInformation, 30 | MaxObjectInfoClass 31 | } OBJECT_INFORMATION_CLASS; 32 | 33 | typedef struct _OBJECT_BASIC_INFORMATION 34 | { 35 | ULONG Attributes; 36 | ACCESS_MASK GrantedAccess; 37 | ULONG HandleCount; 38 | ULONG PointerCount; 39 | ULONG PagedPoolCharge; 40 | ULONG NonPagedPoolCharge; 41 | ULONG Reserved[3]; 42 | ULONG NameInfoSize; 43 | ULONG TypeInfoSize; 44 | ULONG SecurityDescriptorSize; 45 | LARGE_INTEGER CreationTime; 46 | } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 47 | 48 | typedef struct _OBJECT_NAME_INFORMATION 49 | { 50 | UNICODE_STRING Name; 51 | } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; 52 | 53 | typedef struct _OBJECT_TYPE_INFORMATION 54 | { 55 | UNICODE_STRING TypeName; 56 | ULONG TotalNumberOfObjects; 57 | ULONG TotalNumberOfHandles; 58 | ULONG TotalPagedPoolUsage; 59 | ULONG TotalNonPagedPoolUsage; 60 | ULONG TotalNamePoolUsage; 61 | ULONG TotalHandleTableUsage; 62 | ULONG HighWaterNumberOfObjects; 63 | ULONG HighWaterNumberOfHandles; 64 | ULONG HighWaterPagedPoolUsage; 65 | ULONG HighWaterNonPagedPoolUsage; 66 | ULONG HighWaterNamePoolUsage; 67 | ULONG HighWaterHandleTableUsage; 68 | ULONG InvalidAttributes; 69 | GENERIC_MAPPING GenericMapping; 70 | ULONG ValidAccessMask; 71 | BOOLEAN SecurityRequired; 72 | BOOLEAN MaintainHandleCount; 73 | UCHAR TypeIndex; // since WINBLUE 74 | CHAR ReservedByte; 75 | ULONG PoolType; 76 | ULONG DefaultPagedPoolCharge; 77 | ULONG DefaultNonPagedPoolCharge; 78 | } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; 79 | 80 | typedef struct _OBJECT_TYPES_INFORMATION 81 | { 82 | ULONG NumberOfTypes; 83 | } OBJECT_TYPES_INFORMATION, *POBJECT_TYPES_INFORMATION; 84 | 85 | typedef struct _OBJECT_HANDLE_FLAG_INFORMATION 86 | { 87 | BOOLEAN Inherit; 88 | BOOLEAN ProtectFromClose; 89 | } OBJECT_HANDLE_FLAG_INFORMATION, *POBJECT_HANDLE_FLAG_INFORMATION; 90 | 91 | // Objects, handles 92 | 93 | NTSYSCALLAPI 94 | NTSTATUS 95 | NTAPI 96 | NtQueryObject( 97 | _In_opt_ HANDLE Handle, 98 | _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, 99 | _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, 100 | _In_ ULONG ObjectInformationLength, 101 | _Out_opt_ PULONG ReturnLength 102 | ); 103 | 104 | 105 | NTSYSCALLAPI 106 | NTSTATUS 107 | NTAPI 108 | ZwQueryObject( 109 | _In_opt_ HANDLE Handle, 110 | _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, 111 | _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, 112 | _In_ ULONG ObjectInformationLength, 113 | _Out_opt_ PULONG ReturnLength 114 | ); 115 | 116 | 117 | NTSYSCALLAPI 118 | NTSTATUS 119 | NTAPI 120 | NtSetInformationObject( 121 | _In_ HANDLE Handle, 122 | _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, 123 | _In_reads_bytes_(ObjectInformationLength) PVOID ObjectInformation, 124 | _In_ ULONG ObjectInformationLength 125 | ); 126 | 127 | #define DUPLICATE_CLOSE_SOURCE 0x00000001 128 | #define DUPLICATE_SAME_ACCESS 0x00000002 129 | #define DUPLICATE_SAME_ATTRIBUTES 0x00000004 130 | 131 | NTSYSCALLAPI 132 | NTSTATUS 133 | NTAPI 134 | NtDuplicateObject( 135 | _In_ HANDLE SourceProcessHandle, 136 | _In_ HANDLE SourceHandle, 137 | _In_opt_ HANDLE TargetProcessHandle, 138 | _Out_opt_ PHANDLE TargetHandle, 139 | _In_ ACCESS_MASK DesiredAccess, 140 | _In_ ULONG HandleAttributes, 141 | _In_ ULONG Options 142 | ); 143 | 144 | 145 | 146 | NTSYSCALLAPI 147 | NTSTATUS 148 | NTAPI 149 | ZwDuplicateObject( 150 | _In_ HANDLE SourceProcessHandle, 151 | _In_ HANDLE SourceHandle, 152 | _In_opt_ HANDLE TargetProcessHandle, 153 | _Out_opt_ PHANDLE TargetHandle, 154 | _In_ ACCESS_MASK DesiredAccess, 155 | _In_ ULONG HandleAttributes, 156 | _In_ ULONG Options 157 | ); 158 | 159 | 160 | 161 | NTSYSCALLAPI 162 | NTSTATUS 163 | NTAPI 164 | NtMakeTemporaryObject( 165 | _In_ HANDLE Handle 166 | ); 167 | 168 | NTSYSCALLAPI 169 | NTSTATUS 170 | NTAPI 171 | NtMakePermanentObject( 172 | _In_ HANDLE Handle 173 | ); 174 | 175 | NTSYSCALLAPI 176 | NTSTATUS 177 | NTAPI 178 | NtSignalAndWaitForSingleObject( 179 | _In_ HANDLE SignalHandle, 180 | _In_ HANDLE WaitHandle, 181 | _In_ BOOLEAN Alertable, 182 | _In_opt_ PLARGE_INTEGER Timeout 183 | ); 184 | 185 | NTSYSCALLAPI 186 | NTSTATUS 187 | NTAPI 188 | NtWaitForSingleObject( 189 | _In_ HANDLE Handle, 190 | _In_ BOOLEAN Alertable, 191 | _In_opt_ PLARGE_INTEGER Timeout 192 | ); 193 | 194 | NTSYSCALLAPI 195 | NTSTATUS 196 | NTAPI 197 | NtWaitForMultipleObjects( 198 | _In_ ULONG Count, 199 | _In_reads_(Count) HANDLE Handles[], 200 | _In_ WAIT_TYPE WaitType, 201 | _In_ BOOLEAN Alertable, 202 | _In_opt_ PLARGE_INTEGER Timeout 203 | ); 204 | 205 | #if (NTDDI_VERSION >= NTDDI_WS03) 206 | NTSYSCALLAPI 207 | NTSTATUS 208 | NTAPI 209 | NtWaitForMultipleObjects32( 210 | _In_ ULONG Count, 211 | _In_reads_(Count) LONG Handles[], 212 | _In_ WAIT_TYPE WaitType, 213 | _In_ BOOLEAN Alertable, 214 | _In_opt_ PLARGE_INTEGER Timeout 215 | ); 216 | #endif 217 | 218 | NTSYSCALLAPI 219 | NTSTATUS 220 | NTAPI 221 | NtSetSecurityObject( 222 | _In_ HANDLE Handle, 223 | _In_ SECURITY_INFORMATION SecurityInformation, 224 | _In_ PSECURITY_DESCRIPTOR SecurityDescriptor 225 | ); 226 | 227 | NTSYSCALLAPI 228 | NTSTATUS 229 | NTAPI 230 | NtQuerySecurityObject( 231 | _In_ HANDLE Handle, 232 | _In_ SECURITY_INFORMATION SecurityInformation, 233 | _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor, 234 | _In_ ULONG Length, 235 | _Out_ PULONG LengthNeeded 236 | ); 237 | 238 | NTSYSCALLAPI 239 | NTSTATUS 240 | NTAPI 241 | NtClose( 242 | _In_ HANDLE Handle 243 | ); 244 | 245 | NTSYSCALLAPI 246 | NTSTATUS 247 | NTAPI 248 | ZwClose( 249 | _In_ HANDLE Handle 250 | ); 251 | 252 | #if (NTDDI_VERSION >= NTDDI_WIN10) 253 | NTSYSCALLAPI 254 | NTSTATUS 255 | NTAPI 256 | NtCompareObjects( 257 | _In_ HANDLE FirstObjectHandle, 258 | _In_ HANDLE SecondObjectHandle 259 | ); 260 | #endif 261 | 262 | // Directory objects 263 | 264 | NTSYSCALLAPI 265 | NTSTATUS 266 | NTAPI 267 | NtCreateDirectoryObject( 268 | _Out_ PHANDLE DirectoryHandle, 269 | _In_ ACCESS_MASK DesiredAccess, 270 | _In_ POBJECT_ATTRIBUTES ObjectAttributes 271 | ); 272 | 273 | #if (NTDDI_VERSION >= NTDDI_WIN8) 274 | NTSYSCALLAPI 275 | NTSTATUS 276 | NTAPI 277 | NtCreateDirectoryObjectEx( 278 | _Out_ PHANDLE DirectoryHandle, 279 | _In_ ACCESS_MASK DesiredAccess, 280 | _In_ POBJECT_ATTRIBUTES ObjectAttributes, 281 | _In_ HANDLE ShadowDirectoryHandle, 282 | _In_ ULONG Flags 283 | ); 284 | #endif 285 | 286 | NTSYSCALLAPI 287 | NTSTATUS 288 | NTAPI 289 | NtOpenDirectoryObject( 290 | _Out_ PHANDLE DirectoryHandle, 291 | _In_ ACCESS_MASK DesiredAccess, 292 | _In_ POBJECT_ATTRIBUTES ObjectAttributes 293 | ); 294 | 295 | typedef struct _OBJECT_DIRECTORY_INFORMATION 296 | { 297 | UNICODE_STRING Name; 298 | UNICODE_STRING TypeName; 299 | } OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION; 300 | 301 | NTSYSCALLAPI 302 | NTSTATUS 303 | NTAPI 304 | NtQueryDirectoryObject( 305 | _In_ HANDLE DirectoryHandle, 306 | _Out_writes_bytes_opt_(Length) PVOID Buffer, 307 | _In_ ULONG Length, 308 | _In_ BOOLEAN ReturnSingleEntry, 309 | _In_ BOOLEAN RestartScan, 310 | _Inout_ PULONG Context, 311 | _Out_opt_ PULONG ReturnLength 312 | ); 313 | 314 | 315 | NTSYSCALLAPI 316 | NTSTATUS 317 | NTAPI 318 | NtQueryDirectoryFileEx( 319 | _In_ HANDLE FileHandle, 320 | _In_opt_ HANDLE Event, 321 | _In_opt_ struct IO_APC_ROUTINE *ApcRoutine, 322 | _In_opt_ PVOID ApcContext, 323 | _Out_ PIO_STATUS_BLOCK IoStatusBlock, 324 | _Out_writes_bytes_(Length) PVOID FileInformation, 325 | _In_ ULONG Length, 326 | _In_ FILE_INFORMATION_CLASS FileInformationClass, 327 | _In_ ULONG QueryFlags, 328 | _In_opt_ PUNICODE_STRING FileName 329 | ); 330 | 331 | // Private namespaces 332 | 333 | #if (NTDDI_VERSION >= NTDDI_VISTA) 334 | 335 | NTSYSCALLAPI 336 | NTSTATUS 337 | NTAPI 338 | NtCreatePrivateNamespace( 339 | _Out_ PHANDLE NamespaceHandle, 340 | _In_ ACCESS_MASK DesiredAccess, 341 | _In_ POBJECT_ATTRIBUTES ObjectAttributes, 342 | _In_ PVOID BoundaryDescriptor 343 | ); 344 | 345 | NTSYSCALLAPI 346 | NTSTATUS 347 | NTAPI 348 | NtOpenPrivateNamespace( 349 | _Out_ PHANDLE NamespaceHandle, 350 | _In_ ACCESS_MASK DesiredAccess, 351 | _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 352 | _In_ PVOID BoundaryDescriptor 353 | ); 354 | 355 | NTSYSCALLAPI 356 | NTSTATUS 357 | NTAPI 358 | NtDeletePrivateNamespace( 359 | _In_ HANDLE NamespaceHandle 360 | ); 361 | 362 | #endif 363 | 364 | // Symbolic links 365 | 366 | NTSYSCALLAPI 367 | NTSTATUS 368 | NTAPI 369 | NtCreateSymbolicLinkObject( 370 | _Out_ PHANDLE LinkHandle, 371 | _In_ ACCESS_MASK DesiredAccess, 372 | _In_ POBJECT_ATTRIBUTES ObjectAttributes, 373 | _In_ PUNICODE_STRING LinkTarget 374 | ); 375 | 376 | NTSYSCALLAPI 377 | NTSTATUS 378 | NTAPI 379 | NtOpenSymbolicLinkObject( 380 | _Out_ PHANDLE LinkHandle, 381 | _In_ ACCESS_MASK DesiredAccess, 382 | _In_ POBJECT_ATTRIBUTES ObjectAttributes 383 | ); 384 | 385 | NTSYSCALLAPI 386 | NTSTATUS 387 | NTAPI 388 | NtQuerySymbolicLinkObject( 389 | _In_ HANDLE LinkHandle, 390 | _Inout_ PUNICODE_STRING LinkTarget, 391 | _Out_opt_ PULONG ReturnedLength 392 | ); 393 | 394 | -------------------------------------------------------------------------------- /source/NativeLib/ntpebteb.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | typedef struct _RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS; 4 | typedef struct _RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION; 5 | 6 | // private 7 | typedef struct _ACTIVATION_CONTEXT_STACK 8 | { 9 | struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME* ActiveFrame; 10 | LIST_ENTRY FrameListCache; 11 | ULONG Flags; 12 | ULONG NextCookieSequenceNumber; 13 | ULONG StackId; 14 | } ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK; 15 | 16 | // private 17 | typedef struct _API_SET_NAMESPACE 18 | { 19 | ULONG Version; 20 | ULONG Size; 21 | ULONG Flags; 22 | ULONG Count; 23 | ULONG EntryOffset; 24 | ULONG HashOffset; 25 | ULONG HashFactor; 26 | } API_SET_NAMESPACE, *PAPI_SET_NAMESPACE; 27 | 28 | // private 29 | typedef struct _API_SET_HASH_ENTRY 30 | { 31 | ULONG Hash; 32 | ULONG Index; 33 | } API_SET_HASH_ENTRY, *PAPI_SET_HASH_ENTRY; 34 | 35 | // private 36 | typedef struct _API_SET_NAMESPACE_ENTRY 37 | { 38 | ULONG Flags; 39 | ULONG NameOffset; 40 | ULONG NameLength; 41 | ULONG HashedLength; 42 | ULONG ValueOffset; 43 | ULONG ValueCount; 44 | } API_SET_NAMESPACE_ENTRY, *PAPI_SET_NAMESPACE_ENTRY; 45 | 46 | // private 47 | typedef struct _API_SET_VALUE_ENTRY 48 | { 49 | ULONG Flags; 50 | ULONG NameOffset; 51 | ULONG NameLength; 52 | ULONG ValueOffset; 53 | ULONG ValueLength; 54 | } API_SET_VALUE_ENTRY, *PAPI_SET_VALUE_ENTRY; 55 | 56 | // symbols 57 | typedef struct _PEB 58 | { 59 | BOOLEAN InheritedAddressSpace; 60 | BOOLEAN ReadImageFileExecOptions; 61 | BOOLEAN BeingDebugged; 62 | union 63 | { 64 | BOOLEAN BitField; 65 | struct 66 | { 67 | BOOLEAN ImageUsesLargePages : 1; 68 | BOOLEAN IsProtectedProcess : 1; 69 | BOOLEAN IsImageDynamicallyRelocated : 1; 70 | BOOLEAN SkipPatchingUser32Forwarders : 1; 71 | BOOLEAN IsPackagedProcess : 1; 72 | BOOLEAN IsAppContainer : 1; 73 | BOOLEAN IsProtectedProcessLight : 1; 74 | BOOLEAN IsLongPathAwareProcess : 1; 75 | }; 76 | }; 77 | 78 | HANDLE Mutant; 79 | 80 | PVOID ImageBaseAddress; 81 | PPEB_LDR_DATA Ldr; 82 | PRTL_USER_PROCESS_PARAMETERS ProcessParameters; 83 | PVOID SubSystemData; 84 | PVOID ProcessHeap; 85 | PRTL_CRITICAL_SECTION FastPebLock; 86 | PVOID IFEOKey; 87 | PSLIST_HEADER AtlThunkSListPtr; 88 | union 89 | { 90 | ULONG CrossProcessFlags; 91 | struct 92 | { 93 | ULONG ProcessInJob : 1; 94 | ULONG ProcessInitializing : 1; 95 | ULONG ProcessUsingVEH : 1; 96 | ULONG ProcessUsingVCH : 1; 97 | ULONG ProcessUsingFTH : 1; 98 | ULONG ProcessPreviouslyThrottled : 1; 99 | ULONG ProcessCurrentlyThrottled : 1; 100 | ULONG ReservedBits0 : 25; 101 | }; 102 | }; 103 | union 104 | { 105 | PVOID KernelCallbackTable; 106 | PVOID UserSharedInfoPtr; 107 | }; 108 | ULONG SystemReserved[1]; 109 | ULONG AtlThunkSListPtr32; 110 | PAPI_SET_NAMESPACE ApiSetMap; 111 | ULONG TlsExpansionCounter; 112 | PVOID TlsBitmap; 113 | ULONG TlsBitmapBits[2]; 114 | 115 | PVOID ReadOnlySharedMemoryBase; 116 | PVOID SharedData; // HotpatchInformation 117 | PVOID *ReadOnlyStaticServerData; 118 | 119 | PVOID AnsiCodePageData; // PCPTABLEINFO 120 | PVOID OemCodePageData; // PCPTABLEINFO 121 | PVOID UnicodeCaseTableData; // PNLSTABLEINFO 122 | 123 | ULONG NumberOfProcessors; 124 | ULONG NtGlobalFlag; 125 | 126 | ULARGE_INTEGER CriticalSectionTimeout; 127 | SIZE_T HeapSegmentReserve; 128 | SIZE_T HeapSegmentCommit; 129 | SIZE_T HeapDeCommitTotalFreeThreshold; 130 | SIZE_T HeapDeCommitFreeBlockThreshold; 131 | 132 | ULONG NumberOfHeaps; 133 | ULONG MaximumNumberOfHeaps; 134 | PVOID *ProcessHeaps; // PHEAP 135 | 136 | PVOID GdiSharedHandleTable; 137 | PVOID ProcessStarterHelper; 138 | ULONG GdiDCAttributeList; 139 | 140 | PRTL_CRITICAL_SECTION LoaderLock; 141 | 142 | ULONG OSMajorVersion; 143 | ULONG OSMinorVersion; 144 | USHORT OSBuildNumber; 145 | USHORT OSCSDVersion; 146 | ULONG OSPlatformId; 147 | ULONG ImageSubsystem; 148 | ULONG ImageSubsystemMajorVersion; 149 | ULONG ImageSubsystemMinorVersion; 150 | ULONG_PTR ActiveProcessAffinityMask; 151 | GDI_HANDLE_BUFFER GdiHandleBuffer; 152 | PVOID PostProcessInitRoutine; 153 | 154 | PVOID TlsExpansionBitmap; 155 | ULONG TlsExpansionBitmapBits[32]; 156 | 157 | ULONG SessionId; 158 | 159 | ULARGE_INTEGER AppCompatFlags; 160 | ULARGE_INTEGER AppCompatFlagsUser; 161 | PVOID pShimData; 162 | PVOID AppCompatInfo; // APPCOMPAT_EXE_DATA 163 | 164 | UNICODE_STRING CSDVersion; 165 | 166 | PVOID ActivationContextData; // ACTIVATION_CONTEXT_DATA 167 | PVOID ProcessAssemblyStorageMap; // ASSEMBLY_STORAGE_MAP 168 | PVOID SystemDefaultActivationContextData; // ACTIVATION_CONTEXT_DATA 169 | PVOID SystemAssemblyStorageMap; // ASSEMBLY_STORAGE_MAP 170 | 171 | SIZE_T MinimumStackCommit; 172 | 173 | PVOID *FlsCallback; 174 | LIST_ENTRY FlsListHead; 175 | PVOID FlsBitmap; 176 | ULONG FlsBitmapBits[FLS_MAXIMUM_AVAILABLE / (sizeof(ULONG) * 8)]; 177 | ULONG FlsHighIndex; 178 | 179 | PVOID WerRegistrationData; 180 | PVOID WerShipAssertPtr; 181 | PVOID pUnused; // pContextData 182 | PVOID pImageHeaderHash; 183 | union 184 | { 185 | ULONG TracingFlags; 186 | struct 187 | { 188 | ULONG HeapTracingEnabled : 1; 189 | ULONG CritSecTracingEnabled : 1; 190 | ULONG LibLoaderTracingEnabled : 1; 191 | ULONG SpareTracingBits : 29; 192 | }; 193 | }; 194 | ULONGLONG CsrServerReadOnlySharedMemoryBase; 195 | PRTL_CRITICAL_SECTION TppWorkerpListLock; 196 | LIST_ENTRY TppWorkerpList; 197 | PVOID WaitOnAddressHashTable[128]; 198 | PVOID TelemetryCoverageHeader; // REDSTONE3 199 | ULONG CloudFileFlags; 200 | ULONG CloudFileDiagFlags; // REDSTONE4 201 | CHAR PlaceholderCompatibilityMode; 202 | CHAR PlaceholderCompatibilityModeReserved[7]; 203 | } PEB, *PPEB; 204 | 205 | #ifdef _WIN64 206 | C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x2C0); 207 | //C_ASSERT(sizeof(PEB) == 0x7B0); // REDSTONE3 208 | C_ASSERT(sizeof(PEB) == 0x7B8); // REDSTONE4 209 | #else 210 | C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x1D4); 211 | //C_ASSERT(sizeof(PEB) == 0x468); // REDSTONE3 212 | C_ASSERT(sizeof(PEB) == 0x470); 213 | #endif 214 | 215 | 216 | 217 | #ifndef _LDT_ENTRY_DEFINED 218 | #define _LDT_ENTRY_DEFINED 219 | 220 | typedef struct _LDT_ENTRY { 221 | WORD LimitLow; 222 | WORD BaseLow; 223 | union { 224 | struct { 225 | BYTE BaseMid; 226 | BYTE Flags1; // Declare as bytes to avoid alignment 227 | BYTE Flags2; // Problems. 228 | BYTE BaseHi; 229 | } Bytes; 230 | struct { 231 | DWORD BaseMid : 8; 232 | DWORD Type : 5; 233 | DWORD Dpl : 2; 234 | DWORD Pres : 1; 235 | DWORD LimitHi : 4; 236 | DWORD Sys : 1; 237 | DWORD Reserved_0 : 1; 238 | DWORD Default_Big : 1; 239 | DWORD Granularity : 1; 240 | DWORD BaseHi : 8; 241 | } Bits; 242 | } HighWord; 243 | } LDT_ENTRY, *PLDT_ENTRY; 244 | 245 | #endif 246 | 247 | typedef struct _DESCRIPTOR_TABLE_ENTRY { 248 | ULONG Selector; 249 | LDT_ENTRY Descriptor; 250 | } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY; 251 | 252 | #define GDI_BATCH_BUFFER_SIZE 310 253 | 254 | typedef struct _GDI_TEB_BATCH 255 | { 256 | ULONG Offset; 257 | ULONG_PTR HDC; 258 | ULONG Buffer[GDI_BATCH_BUFFER_SIZE]; 259 | } GDI_TEB_BATCH, *PGDI_TEB_BATCH; 260 | 261 | typedef struct _TEB_ACTIVE_FRAME_CONTEXT 262 | { 263 | ULONG Flags; 264 | PSTR FrameName; 265 | } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT; 266 | 267 | typedef struct _TEB_ACTIVE_FRAME 268 | { 269 | ULONG Flags; 270 | struct _TEB_ACTIVE_FRAME *Previous; 271 | PTEB_ACTIVE_FRAME_CONTEXT Context; 272 | } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME; 273 | 274 | typedef struct _TEB 275 | { 276 | NT_TIB NtTib; 277 | 278 | PVOID EnvironmentPointer; 279 | CLIENT_ID ClientId; 280 | PVOID ActiveRpcHandle; 281 | PVOID ThreadLocalStoragePointer; 282 | PPEB ProcessEnvironmentBlock; 283 | 284 | ULONG LastErrorValue; 285 | ULONG CountOfOwnedCriticalSections; 286 | PVOID CsrClientThread; 287 | PVOID Win32ThreadInfo; 288 | ULONG User32Reserved[26]; 289 | ULONG UserReserved[5]; 290 | PVOID WOW32Reserved; 291 | LCID CurrentLocale; 292 | ULONG FpSoftwareStatusRegister; 293 | PVOID ReservedForDebuggerInstrumentation[16]; 294 | #ifdef _WIN64 295 | PVOID SystemReserved1[30]; 296 | #else 297 | PVOID SystemReserved1[26]; 298 | #endif 299 | 300 | CHAR PlaceholderCompatibilityMode; 301 | CHAR PlaceholderReserved[11]; 302 | ULONG ProxiedProcessId; 303 | ACTIVATION_CONTEXT_STACK ActivationStack; 304 | 305 | UCHAR WorkingOnBehalfTicket[8]; 306 | NTSTATUS ExceptionCode; 307 | 308 | PACTIVATION_CONTEXT_STACK ActivationContextStackPointer; 309 | ULONG_PTR InstrumentationCallbackSp; 310 | ULONG_PTR InstrumentationCallbackPreviousPc; 311 | ULONG_PTR InstrumentationCallbackPreviousSp; 312 | #ifdef _WIN64 313 | ULONG TxFsContext; 314 | #endif 315 | 316 | BOOLEAN InstrumentationCallbackDisabled; 317 | #ifndef _WIN64 318 | UCHAR SpareBytes[23]; 319 | ULONG TxFsContext; 320 | #endif 321 | GDI_TEB_BATCH GdiTebBatch; 322 | CLIENT_ID RealClientId; 323 | HANDLE GdiCachedProcessHandle; 324 | ULONG GdiClientPID; 325 | ULONG GdiClientTID; 326 | PVOID GdiThreadLocalInfo; 327 | ULONG_PTR Win32ClientInfo[62]; 328 | PVOID glDispatchTable[233]; 329 | ULONG_PTR glReserved1[29]; 330 | PVOID glReserved2; 331 | PVOID glSectionInfo; 332 | PVOID glSection; 333 | PVOID glTable; 334 | PVOID glCurrentRC; 335 | PVOID glContext; 336 | 337 | NTSTATUS LastStatusValue; 338 | UNICODE_STRING StaticUnicodeString; 339 | WCHAR StaticUnicodeBuffer[261]; 340 | 341 | PVOID DeallocationStack; 342 | PVOID TlsSlots[64]; 343 | LIST_ENTRY TlsLinks; 344 | 345 | PVOID Vdm; 346 | PVOID ReservedForNtRpc; 347 | PVOID DbgSsReserved[2]; 348 | 349 | ULONG HardErrorMode; 350 | #ifdef _WIN64 351 | PVOID Instrumentation[11]; 352 | #else 353 | PVOID Instrumentation[9]; 354 | #endif 355 | GUID ActivityId; 356 | 357 | PVOID SubProcessTag; 358 | PVOID PerflibData; 359 | PVOID EtwTraceData; 360 | PVOID WinSockData; 361 | ULONG GdiBatchCount; 362 | 363 | union 364 | { 365 | PROCESSOR_NUMBER CurrentIdealProcessor; 366 | ULONG IdealProcessorValue; 367 | struct 368 | { 369 | UCHAR ReservedPad0; 370 | UCHAR ReservedPad1; 371 | UCHAR ReservedPad2; 372 | UCHAR IdealProcessor; 373 | }; 374 | }; 375 | 376 | ULONG GuaranteedStackBytes; 377 | PVOID ReservedForPerf; 378 | PVOID ReservedForOle; 379 | ULONG WaitingOnLoaderLock; 380 | PVOID SavedPriorityState; 381 | ULONG_PTR ReservedForCodeCoverage; 382 | PVOID ThreadPoolData; 383 | PVOID *TlsExpansionSlots; 384 | #ifdef _WIN64 385 | PVOID DeallocationBStore; 386 | PVOID BStoreLimit; 387 | #endif 388 | ULONG MuiGeneration; 389 | ULONG IsImpersonating; 390 | PVOID NlsCache; 391 | PVOID pShimData; 392 | USHORT HeapVirtualAffinity; 393 | USHORT LowFragHeapDataSlot; 394 | HANDLE CurrentTransactionHandle; 395 | PTEB_ACTIVE_FRAME ActiveFrame; 396 | PVOID FlsData; 397 | 398 | PVOID PreferredLanguages; 399 | PVOID UserPrefLanguages; 400 | PVOID MergedPrefLanguages; 401 | ULONG MuiImpersonation; 402 | 403 | union 404 | { 405 | USHORT CrossTebFlags; 406 | USHORT SpareCrossTebBits : 16; 407 | }; 408 | union 409 | { 410 | USHORT SameTebFlags; 411 | struct 412 | { 413 | USHORT SafeThunkCall : 1; 414 | USHORT InDebugPrint : 1; 415 | USHORT HasFiberData : 1; 416 | USHORT SkipThreadAttach : 1; 417 | USHORT WerInShipAssertCode : 1; 418 | USHORT RanProcessInit : 1; 419 | USHORT ClonedThread : 1; 420 | USHORT SuppressDebugMsg : 1; 421 | USHORT DisableUserStackWalk : 1; 422 | USHORT RtlExceptionAttached : 1; 423 | USHORT InitialThread : 1; 424 | USHORT SessionAware : 1; 425 | USHORT LoadOwner : 1; 426 | USHORT LoaderWorker : 1; 427 | USHORT SkipLoaderInit : 1; 428 | USHORT SpareSameTebBits : 1; 429 | }; 430 | }; 431 | 432 | PVOID TxnScopeEnterCallback; 433 | PVOID TxnScopeExitCallback; 434 | PVOID TxnScopeContext; 435 | ULONG LockCount; 436 | LONG WowTebOffset; 437 | PVOID ResourceRetValue; 438 | PVOID ReservedForWdf; 439 | ULONGLONG ReservedForCrt; 440 | GUID EffectiveContainerId; 441 | } TEB, *PTEB; 442 | 443 | -------------------------------------------------------------------------------- /source/NativeLib/ntpfapi.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | // begin_private 3 | 4 | // Prefetch 5 | 6 | typedef enum _PF_BOOT_PHASE_ID 7 | { 8 | PfKernelInitPhase = 0, 9 | PfBootDriverInitPhase = 90, 10 | PfSystemDriverInitPhase = 120, 11 | PfSessionManagerInitPhase = 150, 12 | PfSMRegistryInitPhase = 180, 13 | PfVideoInitPhase = 210, 14 | PfPostVideoInitPhase = 240, 15 | PfBootAcceptedRegistryInitPhase = 270, 16 | PfUserShellReadyPhase = 300, 17 | PfMaxBootPhaseId = 900 18 | } PF_BOOT_PHASE_ID; 19 | 20 | typedef enum _PF_ENABLE_STATUS 21 | { 22 | PfSvNotSpecified, 23 | PfSvEnabled, 24 | PfSvDisabled, 25 | PfSvMaxEnableStatus 26 | } PF_ENABLE_STATUS; 27 | 28 | typedef struct _PF_TRACE_LIMITS 29 | { 30 | ULONG MaxNumPages; 31 | ULONG MaxNumSections; 32 | LONGLONG TimerPeriod; 33 | } PF_TRACE_LIMITS, *PPF_TRACE_LIMITS; 34 | 35 | typedef struct _PF_SYSTEM_PREFETCH_PARAMETERS 36 | { 37 | PF_ENABLE_STATUS EnableStatus[2]; 38 | PF_TRACE_LIMITS TraceLimits[2]; 39 | ULONG MaxNumActiveTraces; 40 | ULONG MaxNumSavedTraces; 41 | WCHAR RootDirPath[32]; 42 | WCHAR HostingApplicationList[128]; 43 | } PF_SYSTEM_PREFETCH_PARAMETERS, *PPF_SYSTEM_PREFETCH_PARAMETERS; 44 | 45 | #define PF_BOOT_CONTROL_VERSION 1 46 | 47 | typedef struct _PF_BOOT_CONTROL 48 | { 49 | ULONG Version; 50 | ULONG DisableBootPrefetching; 51 | } PF_BOOT_CONTROL, *PPF_BOOT_CONTROL; 52 | 53 | typedef enum _PREFETCHER_INFORMATION_CLASS 54 | { 55 | PrefetcherRetrieveTrace = 1, // q: CHAR[] 56 | PrefetcherSystemParameters, // q: PF_SYSTEM_PREFETCH_PARAMETERS 57 | PrefetcherBootPhase, // s: PF_BOOT_PHASE_ID 58 | PrefetcherRetrieveBootLoaderTrace, // q: CHAR[] 59 | PrefetcherBootControl // s: PF_BOOT_CONTROL 60 | } PREFETCHER_INFORMATION_CLASS; 61 | 62 | #define PREFETCHER_INFORMATION_VERSION 23 // rev 63 | #define PREFETCHER_INFORMATION_MAGIC ('kuhC') // rev 64 | 65 | typedef struct _PREFETCHER_INFORMATION 66 | { 67 | ULONG Version; 68 | ULONG Magic; 69 | PREFETCHER_INFORMATION_CLASS PrefetcherInformationClass; 70 | PVOID PrefetcherInformation; 71 | ULONG PrefetcherInformationLength; 72 | } PREFETCHER_INFORMATION, *PPREFETCHER_INFORMATION; 73 | 74 | // Superfetch 75 | 76 | typedef struct _PF_SYSTEM_SUPERFETCH_PARAMETERS 77 | { 78 | ULONG EnabledComponents; 79 | ULONG BootID; 80 | ULONG SavedSectInfoTracesMax; 81 | ULONG SavedPageAccessTracesMax; 82 | ULONG ScenarioPrefetchTimeoutStandby; 83 | ULONG ScenarioPrefetchTimeoutHibernate; 84 | } PF_SYSTEM_SUPERFETCH_PARAMETERS, *PPF_SYSTEM_SUPERFETCH_PARAMETERS; 85 | 86 | #define PF_PFN_PRIO_REQUEST_VERSION 1 87 | #define PF_PFN_PRIO_REQUEST_QUERY_MEMORY_LIST 0x1 88 | #define PF_PFN_PRIO_REQUEST_VALID_FLAGS 0x1 89 | 90 | typedef struct _PF_PFN_PRIO_REQUEST 91 | { 92 | ULONG Version; 93 | ULONG RequestFlags; 94 | ULONG_PTR PfnCount; 95 | SYSTEM_MEMORY_LIST_INFORMATION MemInfo; 96 | MMPFN_IDENTITY PageData[256]; 97 | } PF_PFN_PRIO_REQUEST, *PPF_PFN_PRIO_REQUEST; 98 | 99 | typedef enum _PFS_PRIVATE_PAGE_SOURCE_TYPE 100 | { 101 | PfsPrivateSourceKernel, 102 | PfsPrivateSourceSession, 103 | PfsPrivateSourceProcess, 104 | PfsPrivateSourceMax 105 | } PFS_PRIVATE_PAGE_SOURCE_TYPE; 106 | 107 | typedef struct _PFS_PRIVATE_PAGE_SOURCE 108 | { 109 | PFS_PRIVATE_PAGE_SOURCE_TYPE Type; 110 | union 111 | { 112 | ULONG SessionId; 113 | ULONG ProcessId; 114 | }; 115 | ULONG ImagePathHash; 116 | ULONG_PTR UniqueProcessHash; 117 | } PFS_PRIVATE_PAGE_SOURCE, *PPFS_PRIVATE_PAGE_SOURCE; 118 | 119 | typedef struct _PF_PRIVSOURCE_INFO 120 | { 121 | PFS_PRIVATE_PAGE_SOURCE DbInfo; 122 | PVOID EProcess; 123 | SIZE_T WsPrivatePages; 124 | SIZE_T TotalPrivatePages; 125 | ULONG SessionID; 126 | CHAR ImageName[16]; 127 | union { 128 | ULONG_PTR WsSwapPages; // process only PF_PRIVSOURCE_QUERY_WS_SWAP_PAGES. 129 | ULONG_PTR SessionPagedPoolPages; // session only. 130 | ULONG_PTR StoreSizePages; // process only PF_PRIVSOURCE_QUERY_STORE_INFO. 131 | }; 132 | ULONG_PTR WsTotalPages; // process/session only. 133 | ULONG DeepFreezeTimeMs; // process only. 134 | ULONG ModernApp : 1; // process only. 135 | ULONG DeepFrozen : 1; // process only. If set, DeepFreezeTimeMs contains the time at which the freeze occurred 136 | ULONG Foreground : 1; // process only. 137 | ULONG PerProcessStore : 1; // process only. 138 | ULONG Spare : 28; 139 | } PF_PRIVSOURCE_INFO, *PPF_PRIVSOURCE_INFO; 140 | 141 | #define PF_PRIVSOURCE_QUERY_REQUEST_VERSION 3 142 | 143 | typedef struct _PF_PRIVSOURCE_QUERY_REQUEST 144 | { 145 | ULONG Version; 146 | ULONG Flags; 147 | ULONG InfoCount; 148 | PF_PRIVSOURCE_INFO InfoArray[1]; 149 | } PF_PRIVSOURCE_QUERY_REQUEST, *PPF_PRIVSOURCE_QUERY_REQUEST; 150 | 151 | typedef enum _PF_PHASED_SCENARIO_TYPE 152 | { 153 | PfScenarioTypeNone, 154 | PfScenarioTypeStandby, 155 | PfScenarioTypeHibernate, 156 | PfScenarioTypeFUS, 157 | PfScenarioTypeMax 158 | } PF_PHASED_SCENARIO_TYPE; 159 | 160 | #define PF_SCENARIO_PHASE_INFO_VERSION 4 161 | 162 | typedef struct _PF_SCENARIO_PHASE_INFO 163 | { 164 | ULONG Version; 165 | PF_PHASED_SCENARIO_TYPE ScenType; 166 | ULONG PhaseId; 167 | ULONG SequenceNumber; 168 | ULONG Flags; 169 | ULONG FUSUserId; 170 | } PF_SCENARIO_PHASE_INFO, *PPF_SCENARIO_PHASE_INFO; 171 | 172 | typedef struct _PF_MEMORY_LIST_NODE 173 | { 174 | ULONGLONG Node : 8; 175 | ULONGLONG Spare : 56; 176 | ULONGLONG StandbyLowPageCount; 177 | ULONGLONG StandbyMediumPageCount; 178 | ULONGLONG StandbyHighPageCount; 179 | ULONGLONG FreePageCount; 180 | ULONGLONG ModifiedPageCount; 181 | } PF_MEMORY_LIST_NODE, *PPF_MEMORY_LIST_NODE; 182 | 183 | #define PF_MEMORY_LIST_INFO_VERSION 1 184 | 185 | typedef struct _PF_MEMORY_LIST_INFO 186 | { 187 | ULONG Version; 188 | ULONG Size; 189 | ULONG NodeCount; 190 | PF_MEMORY_LIST_NODE Nodes[1]; 191 | } PF_MEMORY_LIST_INFO, *PPF_MEMORY_LIST_INFO; 192 | 193 | typedef struct _PF_PHYSICAL_MEMORY_RANGE 194 | { 195 | ULONG_PTR BasePfn; 196 | ULONG_PTR PageCount; 197 | } PF_PHYSICAL_MEMORY_RANGE, *PPF_PHYSICAL_MEMORY_RANGE; 198 | 199 | #define PF_PHYSICAL_MEMORY_RANGE_INFO_VERSION 1 200 | 201 | typedef struct _PF_PHYSICAL_MEMORY_RANGE_INFO 202 | { 203 | ULONG Version; 204 | ULONG RangeCount; 205 | PF_PHYSICAL_MEMORY_RANGE Ranges[1]; 206 | } PF_PHYSICAL_MEMORY_RANGE_INFO, *PPF_PHYSICAL_MEMORY_RANGE_INFO; 207 | 208 | // begin_rev 209 | 210 | #define PF_REPURPOSED_BY_PREFETCH_INFO_VERSION 1 211 | 212 | typedef struct _PF_REPURPOSED_BY_PREFETCH_INFO 213 | { 214 | ULONG Version; 215 | ULONG RepurposedByPrefetch; 216 | } PF_REPURPOSED_BY_PREFETCH_INFO, *PPF_REPURPOSED_BY_PREFETCH_INFO; 217 | 218 | // end_rev 219 | 220 | typedef enum _SUPERFETCH_INFORMATION_CLASS 221 | { 222 | SuperfetchRetrieveTrace = 1, // q: CHAR[] 223 | SuperfetchSystemParameters, // q: PF_SYSTEM_SUPERFETCH_PARAMETERS 224 | SuperfetchLogEvent, 225 | SuperfetchGenerateTrace, 226 | SuperfetchPrefetch, 227 | SuperfetchPfnQuery, // q: PF_PFN_PRIO_REQUEST 228 | SuperfetchPfnSetPriority, 229 | SuperfetchPrivSourceQuery, // q: PF_PRIVSOURCE_QUERY_REQUEST 230 | SuperfetchSequenceNumberQuery, // q: ULONG 231 | SuperfetchScenarioPhase, // 10 232 | SuperfetchWorkerPriority, 233 | SuperfetchScenarioQuery, // q: PF_SCENARIO_PHASE_INFO 234 | SuperfetchScenarioPrefetch, 235 | SuperfetchRobustnessControl, 236 | SuperfetchTimeControl, 237 | SuperfetchMemoryListQuery, // q: PF_MEMORY_LIST_INFO 238 | SuperfetchMemoryRangesQuery, // q: PF_PHYSICAL_MEMORY_RANGE_INFO 239 | SuperfetchTracingControl, 240 | SuperfetchTrimWhileAgingControl, 241 | SuperfetchRepurposedByPrefetch, // q: PF_REPURPOSED_BY_PREFETCH_INFO // rev 242 | SuperfetchInformationMax 243 | } SUPERFETCH_INFORMATION_CLASS; 244 | 245 | #define SUPERFETCH_INFORMATION_VERSION 45 // rev 246 | #define SUPERFETCH_INFORMATION_MAGIC ('kuhC') // rev 247 | 248 | typedef struct _SUPERFETCH_INFORMATION 249 | { 250 | _In_ ULONG Version; 251 | _In_ ULONG Magic; 252 | _In_ SUPERFETCH_INFORMATION_CLASS InfoClass; 253 | _Inout_ PVOID Data; 254 | _Inout_ ULONG Length; 255 | } SUPERFETCH_INFORMATION, *PSUPERFETCH_INFORMATION; 256 | 257 | // end_private 258 | 259 | -------------------------------------------------------------------------------- /source/NativeLib/ntpnpapi.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | typedef enum _PLUGPLAY_EVENT_CATEGORY 4 | { 5 | HardwareProfileChangeEvent, 6 | TargetDeviceChangeEvent, 7 | DeviceClassChangeEvent, 8 | CustomDeviceEvent, 9 | DeviceInstallEvent, 10 | DeviceArrivalEvent, 11 | PowerEvent, 12 | VetoEvent, 13 | BlockedDriverEvent, 14 | InvalidIDEvent, 15 | MaxPlugEventCategory 16 | } PLUGPLAY_EVENT_CATEGORY, *PPLUGPLAY_EVENT_CATEGORY; 17 | 18 | typedef struct _PLUGPLAY_EVENT_BLOCK 19 | { 20 | GUID EventGuid; 21 | PLUGPLAY_EVENT_CATEGORY EventCategory; 22 | PULONG Result; 23 | ULONG Flags; 24 | ULONG TotalSize; 25 | PVOID DeviceObject; 26 | 27 | union 28 | { 29 | struct 30 | { 31 | GUID ClassGuid; 32 | WCHAR SymbolicLinkName[1]; 33 | } DeviceClass; 34 | struct 35 | { 36 | WCHAR DeviceIds[1]; 37 | } TargetDevice; 38 | struct 39 | { 40 | WCHAR DeviceId[1]; 41 | } InstallDevice; 42 | struct 43 | { 44 | PVOID NotificationStructure; 45 | WCHAR DeviceIds[1]; 46 | } CustomNotification; 47 | struct 48 | { 49 | PVOID Notification; 50 | } ProfileNotification; 51 | struct 52 | { 53 | ULONG NotificationCode; 54 | ULONG NotificationData; 55 | } PowerNotification; 56 | struct 57 | { 58 | PNP_VETO_TYPE VetoType; 59 | WCHAR DeviceIdVetoNameBuffer[1]; // DeviceIdVetoName 60 | } VetoNotification; 61 | struct 62 | { 63 | GUID BlockedDriverGuid; 64 | } BlockedDriverNotification; 65 | struct 66 | { 67 | WCHAR ParentId[1]; 68 | } InvalidIDNotification; 69 | } u; 70 | } PLUGPLAY_EVENT_BLOCK, *PPLUGPLAY_EVENT_BLOCK; 71 | 72 | typedef enum _PLUGPLAY_CONTROL_CLASS 73 | { 74 | PlugPlayControlEnumerateDevice, 75 | PlugPlayControlRegisterNewDevice, 76 | PlugPlayControlDeregisterDevice, 77 | PlugPlayControlInitializeDevice, 78 | PlugPlayControlStartDevice, 79 | PlugPlayControlUnlockDevice, 80 | PlugPlayControlQueryAndRemoveDevice, 81 | PlugPlayControlUserResponse, 82 | PlugPlayControlGenerateLegacyDevice, 83 | PlugPlayControlGetInterfaceDeviceList, 84 | PlugPlayControlProperty, 85 | PlugPlayControlDeviceClassAssociation, 86 | PlugPlayControlGetRelatedDevice, 87 | PlugPlayControlGetInterfaceDeviceAlias, 88 | PlugPlayControlDeviceStatus, 89 | PlugPlayControlGetDeviceDepth, 90 | PlugPlayControlQueryDeviceRelations, 91 | PlugPlayControlTargetDeviceRelation, 92 | PlugPlayControlQueryConflictList, 93 | PlugPlayControlRetrieveDock, 94 | PlugPlayControlResetDevice, 95 | PlugPlayControlHaltDevice, 96 | PlugPlayControlGetBlockedDriverList, 97 | PlugPlayControlGetDeviceInterfaceEnabled, 98 | MaxPlugPlayControl 99 | } PLUGPLAY_CONTROL_CLASS, *PPLUGPLAY_CONTROL_CLASS; 100 | 101 | #if (NTDDI_VERSION < NTDDI_WIN8) 102 | NTSYSCALLAPI 103 | NTSTATUS 104 | NTAPI 105 | NtGetPlugPlayEvent( 106 | _In_ HANDLE EventHandle, 107 | _In_opt_ PVOID Context, 108 | _Out_writes_bytes_(EventBufferSize) PPLUGPLAY_EVENT_BLOCK EventBlock, 109 | _In_ ULONG EventBufferSize 110 | ); 111 | #endif 112 | 113 | NTSYSCALLAPI 114 | NTSTATUS 115 | NTAPI 116 | NtPlugPlayControl( 117 | _In_ PLUGPLAY_CONTROL_CLASS PnPControlClass, 118 | _Inout_updates_bytes_(PnPControlDataLength) PVOID PnPControlData, 119 | _In_ ULONG PnPControlDataLength 120 | ); 121 | 122 | #if (NTDDI_VERSION >= NTDDI_WIN7) 123 | 124 | NTSYSCALLAPI 125 | NTSTATUS 126 | NTAPI 127 | NtSerializeBoot( 128 | VOID 129 | ); 130 | 131 | NTSYSCALLAPI 132 | NTSTATUS 133 | NTAPI 134 | NtEnableLastKnownGood( 135 | VOID 136 | ); 137 | 138 | NTSYSCALLAPI 139 | NTSTATUS 140 | NTAPI 141 | NtDisableLastKnownGood( 142 | VOID 143 | ); 144 | 145 | #endif 146 | 147 | #if (NTDDI_VERSION >= NTDDI_VISTA) 148 | NTSYSCALLAPI 149 | NTSTATUS 150 | NTAPI 151 | NtReplacePartitionUnit( 152 | _In_ PUNICODE_STRING TargetInstancePath, 153 | _In_ PUNICODE_STRING SpareInstancePath, 154 | _In_ ULONG Flags 155 | ); 156 | #endif 157 | 158 | -------------------------------------------------------------------------------- /source/NativeLib/ntpoapi.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | typedef union _POWER_STATE 4 | { 5 | SYSTEM_POWER_STATE SystemState; 6 | DEVICE_POWER_STATE DeviceState; 7 | } POWER_STATE, *PPOWER_STATE; 8 | 9 | typedef enum _POWER_STATE_TYPE 10 | { 11 | SystemPowerState = 0, 12 | DevicePowerState 13 | } POWER_STATE_TYPE, *PPOWER_STATE_TYPE; 14 | 15 | #if (NTDDI_VERSION >= NTDDI_VISTA) 16 | // wdm 17 | typedef struct _SYSTEM_POWER_STATE_CONTEXT 18 | { 19 | union 20 | { 21 | struct 22 | { 23 | ULONG Reserved1 : 8; 24 | ULONG TargetSystemState : 4; 25 | ULONG EffectiveSystemState : 4; 26 | ULONG CurrentSystemState : 4; 27 | ULONG IgnoreHibernationPath : 1; 28 | ULONG PseudoTransition : 1; 29 | ULONG Reserved2 : 10; 30 | }; 31 | ULONG ContextAsUlong; 32 | }; 33 | } SYSTEM_POWER_STATE_CONTEXT, *PSYSTEM_POWER_STATE_CONTEXT; 34 | #endif 35 | 36 | #if (NTDDI_VERSION >= NTDDI_WIN7) 37 | /** \cond NEVER */ // disable doxygen warning 38 | // wdm 39 | typedef struct _COUNTED_REASON_CONTEXT 40 | { 41 | ULONG Version; 42 | ULONG Flags; 43 | union 44 | { 45 | struct 46 | { 47 | UNICODE_STRING ResourceFileName; 48 | USHORT ResourceReasonId; 49 | ULONG StringCount; 50 | PUNICODE_STRING _Field_size_(StringCount) ReasonStrings; 51 | }; 52 | UNICODE_STRING SimpleString; 53 | }; 54 | } COUNTED_REASON_CONTEXT, *PCOUNTED_REASON_CONTEXT; 55 | /** \endcond */ 56 | #endif 57 | 58 | typedef enum 59 | { 60 | PowerStateSleeping1 = 0, 61 | PowerStateSleeping2 = 1, 62 | PowerStateSleeping3 = 2, 63 | PowerStateSleeping4 = 3, 64 | PowerStateShutdownOff = 4, 65 | PowerStateShutdownReset = 5, 66 | PowerStateSleeping4Firmware = 6, 67 | PowerStateMaximum = 7 68 | } POWER_STATE_HANDLER_TYPE, *PPOWER_STATE_HANDLER_TYPE; 69 | 70 | typedef NTSTATUS (NTAPI *PENTER_STATE_SYSTEM_HANDLER)( 71 | _In_ PVOID SystemContext 72 | ); 73 | 74 | typedef NTSTATUS (NTAPI *PENTER_STATE_HANDLER)( 75 | _In_ PVOID Context, 76 | _In_opt_ PENTER_STATE_SYSTEM_HANDLER SystemHandler, 77 | _In_ PVOID SystemContext, 78 | _In_ LONG NumberProcessors, 79 | _In_ volatile PLONG Number 80 | ); 81 | 82 | typedef struct _POWER_STATE_HANDLER 83 | { 84 | POWER_STATE_HANDLER_TYPE Type; 85 | BOOLEAN RtcWake; 86 | UCHAR Spare[3]; 87 | PENTER_STATE_HANDLER Handler; 88 | PVOID Context; 89 | } POWER_STATE_HANDLER, *PPOWER_STATE_HANDLER; 90 | 91 | typedef NTSTATUS (NTAPI *PENTER_STATE_NOTIFY_HANDLER)( 92 | _In_ POWER_STATE_HANDLER_TYPE State, 93 | _In_ PVOID Context, 94 | _In_ BOOLEAN Entering 95 | ); 96 | 97 | typedef struct _POWER_STATE_NOTIFY_HANDLER 98 | { 99 | PENTER_STATE_NOTIFY_HANDLER Handler; 100 | PVOID Context; 101 | } POWER_STATE_NOTIFY_HANDLER, *PPOWER_STATE_NOTIFY_HANDLER; 102 | 103 | typedef struct _PROCESSOR_POWER_INFORMATION 104 | { 105 | ULONG Number; 106 | ULONG MaxMhz; 107 | ULONG CurrentMhz; 108 | ULONG MhzLimit; 109 | ULONG MaxIdleState; 110 | ULONG CurrentIdleState; 111 | } PROCESSOR_POWER_INFORMATION, *PPROCESSOR_POWER_INFORMATION; 112 | 113 | typedef struct _SYSTEM_POWER_INFORMATION 114 | { 115 | ULONG MaxIdlenessAllowed; 116 | ULONG Idleness; 117 | ULONG TimeRemaining; 118 | UCHAR CoolingMode; 119 | } SYSTEM_POWER_INFORMATION, *PSYSTEM_POWER_INFORMATION; 120 | 121 | NTSYSCALLAPI 122 | NTSTATUS 123 | NTAPI 124 | NtPowerInformation( 125 | _In_ POWER_INFORMATION_LEVEL InformationLevel, 126 | _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, 127 | _In_ ULONG InputBufferLength, 128 | _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, 129 | _In_ ULONG OutputBufferLength 130 | ); 131 | 132 | NTSYSCALLAPI 133 | NTSTATUS 134 | NTAPI 135 | NtSetThreadExecutionState( 136 | _In_ EXECUTION_STATE NewFlags, // ES_* flags 137 | _Out_ EXECUTION_STATE *PreviousFlags 138 | ); 139 | 140 | NTSYSCALLAPI 141 | NTSTATUS 142 | NTAPI 143 | NtRequestWakeupLatency( 144 | _In_ LATENCY_TIME latency 145 | ); 146 | 147 | NTSYSCALLAPI 148 | NTSTATUS 149 | NTAPI 150 | NtInitiatePowerAction( 151 | _In_ POWER_ACTION SystemAction, 152 | _In_ SYSTEM_POWER_STATE LightestSystemState, 153 | _In_ ULONG Flags, // POWER_ACTION_* flags 154 | _In_ BOOLEAN Asynchronous 155 | ); 156 | 157 | NTSYSCALLAPI 158 | NTSTATUS 159 | NTAPI 160 | NtSetSystemPowerState( 161 | _In_ POWER_ACTION SystemAction, 162 | _In_ SYSTEM_POWER_STATE LightestSystemState, 163 | _In_ ULONG Flags // POWER_ACTION_* flags 164 | ); 165 | 166 | NTSYSCALLAPI 167 | NTSTATUS 168 | NTAPI 169 | NtGetDevicePowerState( 170 | _In_ HANDLE Device, 171 | _Out_ PDEVICE_POWER_STATE State 172 | ); 173 | 174 | NTSYSCALLAPI 175 | BOOLEAN 176 | NTAPI 177 | NtIsSystemResumeAutomatic( 178 | VOID 179 | ); 180 | 181 | -------------------------------------------------------------------------------- /source/NativeLib/ntregapi.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Boot condition flags (NtInitializeRegistry) 4 | 5 | #define REG_INIT_BOOT_SM 0x0000 6 | #define REG_INIT_BOOT_SETUP 0x0001 7 | #define REG_INIT_BOOT_ACCEPTED_BASE 0x0002 8 | #define REG_INIT_BOOT_ACCEPTED_MAX REG_INIT_BOOT_ACCEPTED_BASE + 999 9 | 10 | #define REG_MAX_KEY_VALUE_NAME_LENGTH 32767 11 | #define REG_MAX_KEY_NAME_LENGTH 512 12 | 13 | typedef enum _KEY_INFORMATION_CLASS 14 | { 15 | KeyBasicInformation, // KEY_BASIC_INFORMATION 16 | KeyNodeInformation, // KEY_NODE_INFORMATION 17 | KeyFullInformation, // KEY_FULL_INFORMATION 18 | KeyNameInformation, // KEY_NAME_INFORMATION 19 | KeyCachedInformation, // KEY_CACHED_INFORMATION 20 | KeyFlagsInformation, // KEY_FLAGS_INFORMATION 21 | KeyVirtualizationInformation, // KEY_VIRTUALIZATION_INFORMATION 22 | KeyHandleTagsInformation, // KEY_HANDLE_TAGS_INFORMATION 23 | KeyTrustInformation, // KEY_TRUST_INFORMATION 24 | KeyLayerInformation, // KEY_LAYER_INFORMATION 25 | MaxKeyInfoClass 26 | } KEY_INFORMATION_CLASS; 27 | 28 | typedef struct _KEY_BASIC_INFORMATION 29 | { 30 | LARGE_INTEGER LastWriteTime; 31 | ULONG TitleIndex; 32 | ULONG NameLength; 33 | WCHAR Name[1]; 34 | } KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION; 35 | 36 | typedef struct _KEY_NODE_INFORMATION 37 | { 38 | LARGE_INTEGER LastWriteTime; 39 | ULONG TitleIndex; 40 | ULONG ClassOffset; 41 | ULONG ClassLength; 42 | ULONG NameLength; 43 | WCHAR Name[1]; 44 | // ... 45 | // WCHAR Class[1]; 46 | } KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION; 47 | 48 | typedef struct _KEY_FULL_INFORMATION 49 | { 50 | LARGE_INTEGER LastWriteTime; 51 | ULONG TitleIndex; 52 | ULONG ClassOffset; 53 | ULONG ClassLength; 54 | ULONG SubKeys; 55 | ULONG MaxNameLen; 56 | ULONG MaxClassLen; 57 | ULONG Values; 58 | ULONG MaxValueNameLen; 59 | ULONG MaxValueDataLen; 60 | WCHAR Class[1]; 61 | } KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION; 62 | 63 | typedef struct _KEY_NAME_INFORMATION 64 | { 65 | ULONG NameLength; 66 | WCHAR Name[1]; 67 | } KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION; 68 | 69 | typedef struct _KEY_CACHED_INFORMATION 70 | { 71 | LARGE_INTEGER LastWriteTime; 72 | ULONG TitleIndex; 73 | ULONG SubKeys; 74 | ULONG MaxNameLen; 75 | ULONG Values; 76 | ULONG MaxValueNameLen; 77 | ULONG MaxValueDataLen; 78 | ULONG NameLength; 79 | WCHAR Name[1]; 80 | } KEY_CACHED_INFORMATION, *PKEY_CACHED_INFORMATION; 81 | 82 | typedef struct _KEY_FLAGS_INFORMATION 83 | { 84 | ULONG UserFlags; 85 | } KEY_FLAGS_INFORMATION, *PKEY_FLAGS_INFORMATION; 86 | 87 | typedef struct _KEY_VIRTUALIZATION_INFORMATION 88 | { 89 | ULONG VirtualizationCandidate : 1; // Tells whether the key is part of the virtualization namespace scope (only HKLM\Software for now). 90 | ULONG VirtualizationEnabled : 1; // Tells whether virtualization is enabled on this key. Can be 1 only if above flag is 1. 91 | ULONG VirtualTarget : 1; // Tells if the key is a virtual key. Can be 1 only if above 2 are 0. Valid only on the virtual store key handles. 92 | ULONG VirtualStore : 1; // Tells if the key is a part of the virtual store path. Valid only on the virtual store key handles. 93 | ULONG VirtualSource : 1; // Tells if the key has ever been virtualized, can be 1 only if VirtualizationCandidate is 1. 94 | ULONG Reserved : 27; 95 | } KEY_VIRTUALIZATION_INFORMATION, *PKEY_VIRTUALIZATION_INFORMATION; 96 | 97 | // private 98 | typedef struct _KEY_TRUST_INFORMATION 99 | { 100 | ULONG TrustedKey : 1; 101 | ULONG Reserved : 31; 102 | } KEY_TRUST_INFORMATION, *PKEY_TRUST_INFORMATION; 103 | 104 | // private 105 | typedef struct _KEY_LAYER_INFORMATION 106 | { 107 | ULONG IsTombstone; 108 | ULONG IsSupersedeLocal; 109 | ULONG IsSupersedeTree; 110 | ULONG ClassIsInherited; 111 | ULONG Reserved; 112 | } KEY_LAYER_INFORMATION, *PKEY_LAYER_INFORMATION; 113 | 114 | typedef enum _KEY_SET_INFORMATION_CLASS 115 | { 116 | KeyWriteTimeInformation, // KEY_WRITE_TIME_INFORMATION 117 | KeyWow64FlagsInformation, // KEY_WOW64_FLAGS_INFORMATION 118 | KeyControlFlagsInformation, // KEY_CONTROL_FLAGS_INFORMATION 119 | KeySetVirtualizationInformation, // KEY_SET_VIRTUALIZATION_INFORMATION 120 | KeySetDebugInformation, 121 | KeySetHandleTagsInformation, // KEY_HANDLE_TAGS_INFORMATION 122 | KeySetLayerInformation, // KEY_SET_LAYER_INFORMATION 123 | MaxKeySetInfoClass 124 | } KEY_SET_INFORMATION_CLASS; 125 | 126 | typedef struct _KEY_WRITE_TIME_INFORMATION 127 | { 128 | LARGE_INTEGER LastWriteTime; 129 | } KEY_WRITE_TIME_INFORMATION, *PKEY_WRITE_TIME_INFORMATION; 130 | 131 | typedef struct _KEY_WOW64_FLAGS_INFORMATION 132 | { 133 | ULONG UserFlags; 134 | } KEY_WOW64_FLAGS_INFORMATION, *PKEY_WOW64_FLAGS_INFORMATION; 135 | 136 | typedef struct _KEY_HANDLE_TAGS_INFORMATION 137 | { 138 | ULONG HandleTags; 139 | } KEY_HANDLE_TAGS_INFORMATION, *PKEY_HANDLE_TAGS_INFORMATION; 140 | 141 | typedef struct _KEY_SET_LAYER_INFORMATION 142 | { 143 | ULONG IsTombstone : 1; 144 | ULONG IsSupersedeLocal : 1; 145 | ULONG IsSupersedeTree : 1; 146 | ULONG ClassIsInherited : 1; 147 | ULONG Reserved : 28; 148 | } KEY_SET_LAYER_INFORMATION, *PKEY_SET_LAYER_INFORMATION; 149 | 150 | typedef struct _KEY_CONTROL_FLAGS_INFORMATION 151 | { 152 | ULONG ControlFlags; 153 | } KEY_CONTROL_FLAGS_INFORMATION, *PKEY_CONTROL_FLAGS_INFORMATION; 154 | 155 | typedef struct _KEY_SET_VIRTUALIZATION_INFORMATION 156 | { 157 | ULONG VirtualTarget : 1; 158 | ULONG VirtualStore : 1; 159 | ULONG VirtualSource : 1; // true if key has been virtualized at least once 160 | ULONG Reserved : 29; 161 | } KEY_SET_VIRTUALIZATION_INFORMATION, *PKEY_SET_VIRTUALIZATION_INFORMATION; 162 | 163 | typedef enum _KEY_VALUE_INFORMATION_CLASS 164 | { 165 | KeyValueBasicInformation, // KEY_VALUE_BASIC_INFORMATION 166 | KeyValueFullInformation, // KEY_VALUE_FULL_INFORMATION 167 | KeyValuePartialInformation, // KEY_VALUE_PARTIAL_INFORMATION 168 | KeyValueFullInformationAlign64, 169 | KeyValuePartialInformationAlign64, // KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 170 | KeyValueLayerInformation, // KEY_VALUE_LAYER_INFORMATION 171 | MaxKeyValueInfoClass 172 | } KEY_VALUE_INFORMATION_CLASS; 173 | 174 | typedef struct _KEY_VALUE_BASIC_INFORMATION 175 | { 176 | ULONG TitleIndex; 177 | ULONG Type; 178 | ULONG NameLength; 179 | WCHAR Name[1]; 180 | } KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION; 181 | 182 | typedef struct _KEY_VALUE_FULL_INFORMATION 183 | { 184 | ULONG TitleIndex; 185 | ULONG Type; 186 | ULONG DataOffset; 187 | ULONG DataLength; 188 | ULONG NameLength; 189 | WCHAR Name[1]; 190 | // ... 191 | // UCHAR Data[1]; 192 | } KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION; 193 | 194 | typedef struct _KEY_VALUE_PARTIAL_INFORMATION 195 | { 196 | ULONG TitleIndex; 197 | ULONG Type; 198 | ULONG DataLength; 199 | UCHAR Data[1]; 200 | } KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION; 201 | 202 | typedef struct _KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 203 | { 204 | ULONG Type; 205 | ULONG DataLength; 206 | UCHAR Data[1]; 207 | } KEY_VALUE_PARTIAL_INFORMATION_ALIGN64, *PKEY_VALUE_PARTIAL_INFORMATION_ALIGN64; 208 | 209 | // private 210 | typedef struct _KEY_VALUE_LAYER_INFORMATION 211 | { 212 | ULONG IsTombstone; 213 | ULONG Reserved; 214 | } KEY_VALUE_LAYER_INFORMATION, *PKEY_VALUE_LAYER_INFORMATION; 215 | 216 | typedef struct _KEY_VALUE_ENTRY 217 | { 218 | PUNICODE_STRING ValueName; 219 | ULONG DataLength; 220 | ULONG DataOffset; 221 | ULONG Type; 222 | } KEY_VALUE_ENTRY, *PKEY_VALUE_ENTRY; 223 | 224 | typedef enum _REG_ACTION 225 | { 226 | KeyAdded, 227 | KeyRemoved, 228 | KeyModified 229 | } REG_ACTION; 230 | 231 | typedef struct _REG_NOTIFY_INFORMATION 232 | { 233 | ULONG NextEntryOffset; 234 | REG_ACTION Action; 235 | ULONG KeyLength; 236 | WCHAR Key[1]; 237 | } REG_NOTIFY_INFORMATION, *PREG_NOTIFY_INFORMATION; 238 | 239 | typedef struct _KEY_PID_ARRAY 240 | { 241 | HANDLE PID; 242 | UNICODE_STRING KeyName; 243 | } KEY_PID_ARRAY, *PKEY_PID_ARRAY; 244 | 245 | typedef struct _KEY_OPEN_SUBKEYS_INFORMATION 246 | { 247 | ULONG Count; 248 | KEY_PID_ARRAY KeyArray[1]; 249 | } KEY_OPEN_SUBKEYS_INFORMATION, *PKEY_OPEN_SUBKEYS_INFORMATION; 250 | 251 | // System calls 252 | 253 | NTSYSCALLAPI 254 | NTSTATUS 255 | NTAPI 256 | NtCreateKey( 257 | _Out_ PHANDLE KeyHandle, 258 | _In_ ACCESS_MASK DesiredAccess, 259 | _In_ POBJECT_ATTRIBUTES ObjectAttributes, 260 | _Reserved_ ULONG TitleIndex, 261 | _In_opt_ PUNICODE_STRING Class, 262 | _In_ ULONG CreateOptions, 263 | _Out_opt_ PULONG Disposition 264 | ); 265 | 266 | 267 | NTSYSCALLAPI 268 | NTSTATUS 269 | NTAPI 270 | ZwCreateKey( 271 | _Out_ PHANDLE KeyHandle, 272 | _In_ ACCESS_MASK DesiredAccess, 273 | _In_ POBJECT_ATTRIBUTES ObjectAttributes, 274 | _Reserved_ ULONG TitleIndex, 275 | _In_opt_ PUNICODE_STRING Class, 276 | _In_ ULONG CreateOptions, 277 | _Out_opt_ PULONG Disposition 278 | ); 279 | 280 | #if (NTDDI_VERSION >= NTDDI_VISTA) 281 | NTSYSCALLAPI 282 | NTSTATUS 283 | NTAPI 284 | NtCreateKeyTransacted( 285 | _Out_ PHANDLE KeyHandle, 286 | _In_ ACCESS_MASK DesiredAccess, 287 | _In_ POBJECT_ATTRIBUTES ObjectAttributes, 288 | _Reserved_ ULONG TitleIndex, 289 | _In_opt_ PUNICODE_STRING Class, 290 | _In_ ULONG CreateOptions, 291 | _In_ HANDLE TransactionHandle, 292 | _Out_opt_ PULONG Disposition 293 | ); 294 | #endif 295 | 296 | NTSYSCALLAPI 297 | NTSTATUS 298 | NTAPI 299 | NtOpenKey( 300 | _Out_ PHANDLE KeyHandle, 301 | _In_ ACCESS_MASK DesiredAccess, 302 | _In_ POBJECT_ATTRIBUTES ObjectAttributes 303 | ); 304 | 305 | 306 | NTSYSCALLAPI 307 | NTSTATUS 308 | NTAPI 309 | ZwOpenKey( 310 | _Out_ PHANDLE KeyHandle, 311 | _In_ ACCESS_MASK DesiredAccess, 312 | _In_ POBJECT_ATTRIBUTES ObjectAttributes 313 | ); 314 | 315 | #if (NTDDI_VERSION >= NTDDI_VISTA) 316 | NTSYSCALLAPI 317 | NTSTATUS 318 | NTAPI 319 | NtOpenKeyTransacted( 320 | _Out_ PHANDLE KeyHandle, 321 | _In_ ACCESS_MASK DesiredAccess, 322 | _In_ POBJECT_ATTRIBUTES ObjectAttributes, 323 | _In_ HANDLE TransactionHandle 324 | ); 325 | #endif 326 | 327 | #if (NTDDI_VERSION >= NTDDI_WIN7) 328 | NTSYSCALLAPI 329 | NTSTATUS 330 | NTAPI 331 | NtOpenKeyEx( 332 | _Out_ PHANDLE KeyHandle, 333 | _In_ ACCESS_MASK DesiredAccess, 334 | _In_ POBJECT_ATTRIBUTES ObjectAttributes, 335 | _In_ ULONG OpenOptions 336 | ); 337 | #endif 338 | 339 | #if (NTDDI_VERSION >= NTDDI_WIN7) 340 | NTSYSCALLAPI 341 | NTSTATUS 342 | NTAPI 343 | NtOpenKeyTransactedEx( 344 | _Out_ PHANDLE KeyHandle, 345 | _In_ ACCESS_MASK DesiredAccess, 346 | _In_ POBJECT_ATTRIBUTES ObjectAttributes, 347 | _In_ ULONG OpenOptions, 348 | _In_ HANDLE TransactionHandle 349 | ); 350 | #endif 351 | 352 | NTSYSCALLAPI 353 | NTSTATUS 354 | NTAPI 355 | NtDeleteKey( 356 | _In_ HANDLE KeyHandle 357 | ); 358 | 359 | NTSYSCALLAPI 360 | NTSTATUS 361 | NTAPI 362 | ZwDeleteKey( 363 | _In_ HANDLE KeyHandle 364 | ); 365 | 366 | NTSYSCALLAPI 367 | NTSTATUS 368 | NTAPI 369 | NtRenameKey( 370 | _In_ HANDLE KeyHandle, 371 | _In_ PUNICODE_STRING NewName 372 | ); 373 | 374 | NTSYSCALLAPI 375 | NTSTATUS 376 | NTAPI 377 | NtDeleteValueKey( 378 | _In_ HANDLE KeyHandle, 379 | _In_ PUNICODE_STRING ValueName 380 | ); 381 | 382 | 383 | NTSYSCALLAPI 384 | NTSTATUS 385 | NTAPI 386 | ZwDeleteValueKey( 387 | _In_ HANDLE KeyHandle, 388 | _In_ PUNICODE_STRING ValueName 389 | ); 390 | 391 | NTSYSCALLAPI 392 | NTSTATUS 393 | NTAPI 394 | NtQueryKey( 395 | _In_ HANDLE KeyHandle, 396 | _In_ KEY_INFORMATION_CLASS KeyInformationClass, 397 | _Out_writes_bytes_opt_(Length) PVOID KeyInformation, 398 | _In_ ULONG Length, 399 | _Out_ PULONG ResultLength 400 | ); 401 | 402 | NTSYSCALLAPI 403 | NTSTATUS 404 | NTAPI 405 | NtSetInformationKey( 406 | _In_ HANDLE KeyHandle, 407 | _In_ KEY_SET_INFORMATION_CLASS KeySetInformationClass, 408 | _In_reads_bytes_(KeySetInformationLength) PVOID KeySetInformation, 409 | _In_ ULONG KeySetInformationLength 410 | ); 411 | 412 | NTSYSCALLAPI 413 | NTSTATUS 414 | NTAPI 415 | NtQueryValueKey( 416 | _In_ HANDLE KeyHandle, 417 | _In_ PUNICODE_STRING ValueName, 418 | _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, 419 | _Out_writes_bytes_opt_(Length) PVOID KeyValueInformation, 420 | _In_ ULONG Length, 421 | _Out_ PULONG ResultLength 422 | ); 423 | 424 | 425 | NTSYSCALLAPI 426 | NTSTATUS 427 | NTAPI 428 | ZwQueryValueKey( 429 | _In_ HANDLE KeyHandle, 430 | _In_ PUNICODE_STRING ValueName, 431 | _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, 432 | _Out_writes_bytes_opt_(Length) PVOID KeyValueInformation, 433 | _In_ ULONG Length, 434 | _Out_ PULONG ResultLength 435 | ); 436 | 437 | 438 | NTSYSCALLAPI 439 | NTSTATUS 440 | NTAPI 441 | NtSetValueKey( 442 | _In_ HANDLE KeyHandle, 443 | _In_ PUNICODE_STRING ValueName, 444 | _In_opt_ ULONG TitleIndex, 445 | _In_ ULONG Type, 446 | _In_reads_bytes_opt_(DataSize) PVOID Data, 447 | _In_ ULONG DataSize 448 | ); 449 | 450 | 451 | NTSYSCALLAPI 452 | NTSTATUS 453 | NTAPI 454 | ZwSetValueKey( 455 | _In_ HANDLE KeyHandle, 456 | _In_ PUNICODE_STRING ValueName, 457 | _In_opt_ ULONG TitleIndex, 458 | _In_ ULONG Type, 459 | _In_reads_bytes_opt_(DataSize) PVOID Data, 460 | _In_ ULONG DataSize 461 | ); 462 | 463 | NTSYSCALLAPI 464 | NTSTATUS 465 | NTAPI 466 | NtQueryMultipleValueKey( 467 | _In_ HANDLE KeyHandle, 468 | _Inout_updates_(EntryCount) PKEY_VALUE_ENTRY ValueEntries, 469 | _In_ ULONG EntryCount, 470 | _Out_writes_bytes_(*BufferLength) PVOID ValueBuffer, 471 | _Inout_ PULONG BufferLength, 472 | _Out_opt_ PULONG RequiredBufferLength 473 | ); 474 | 475 | NTSYSCALLAPI 476 | NTSTATUS 477 | NTAPI 478 | NtEnumerateKey( 479 | _In_ HANDLE KeyHandle, 480 | _In_ ULONG Index, 481 | _In_ KEY_INFORMATION_CLASS KeyInformationClass, 482 | _Out_writes_bytes_opt_(Length) PVOID KeyInformation, 483 | _In_ ULONG Length, 484 | _Out_ PULONG ResultLength 485 | ); 486 | 487 | NTSYSCALLAPI 488 | NTSTATUS 489 | NTAPI 490 | NtEnumerateValueKey( 491 | _In_ HANDLE KeyHandle, 492 | _In_ ULONG Index, 493 | _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, 494 | _Out_writes_bytes_opt_(Length) PVOID KeyValueInformation, 495 | _In_ ULONG Length, 496 | _Out_ PULONG ResultLength 497 | ); 498 | 499 | NTSYSCALLAPI 500 | NTSTATUS 501 | NTAPI 502 | NtFlushKey( 503 | _In_ HANDLE KeyHandle 504 | ); 505 | 506 | NTSYSCALLAPI 507 | NTSTATUS 508 | NTAPI 509 | NtCompactKeys( 510 | _In_ ULONG Count, 511 | _In_reads_(Count) HANDLE KeyArray[] 512 | ); 513 | 514 | NTSYSCALLAPI 515 | NTSTATUS 516 | NTAPI 517 | NtCompressKey( 518 | _In_ HANDLE Key 519 | ); 520 | 521 | NTSYSCALLAPI 522 | NTSTATUS 523 | NTAPI 524 | NtLoadKey( 525 | _In_ POBJECT_ATTRIBUTES TargetKey, 526 | _In_ POBJECT_ATTRIBUTES SourceFile 527 | ); 528 | 529 | NTSYSCALLAPI 530 | NTSTATUS 531 | NTAPI 532 | NtLoadKey2( 533 | _In_ POBJECT_ATTRIBUTES TargetKey, 534 | _In_ POBJECT_ATTRIBUTES SourceFile, 535 | _In_ ULONG Flags 536 | ); 537 | 538 | NTSYSCALLAPI 539 | NTSTATUS 540 | NTAPI 541 | NtLoadKeyEx( 542 | _In_ POBJECT_ATTRIBUTES TargetKey, 543 | _In_ POBJECT_ATTRIBUTES SourceFile, 544 | _In_ ULONG Flags, 545 | _In_opt_ HANDLE TrustClassKey, 546 | _In_opt_ HANDLE Event, 547 | _In_opt_ ACCESS_MASK DesiredAccess, 548 | _Out_opt_ PHANDLE RootHandle, 549 | _Out_opt_ PIO_STATUS_BLOCK IoStatus 550 | ); 551 | 552 | NTSYSCALLAPI 553 | NTSTATUS 554 | NTAPI 555 | NtReplaceKey( 556 | _In_ POBJECT_ATTRIBUTES NewFile, 557 | _In_ HANDLE TargetHandle, 558 | _In_ POBJECT_ATTRIBUTES OldFile 559 | ); 560 | 561 | NTSYSCALLAPI 562 | NTSTATUS 563 | NTAPI 564 | NtSaveKey( 565 | _In_ HANDLE KeyHandle, 566 | _In_ HANDLE FileHandle 567 | ); 568 | 569 | NTSYSCALLAPI 570 | NTSTATUS 571 | NTAPI 572 | NtSaveKeyEx( 573 | _In_ HANDLE KeyHandle, 574 | _In_ HANDLE FileHandle, 575 | _In_ ULONG Format 576 | ); 577 | 578 | NTSYSCALLAPI 579 | NTSTATUS 580 | NTAPI 581 | NtSaveMergedKeys( 582 | _In_ HANDLE HighPrecedenceKeyHandle, 583 | _In_ HANDLE LowPrecedenceKeyHandle, 584 | _In_ HANDLE FileHandle 585 | ); 586 | 587 | NTSYSCALLAPI 588 | NTSTATUS 589 | NTAPI 590 | NtRestoreKey( 591 | _In_ HANDLE KeyHandle, 592 | _In_ HANDLE FileHandle, 593 | _In_ ULONG Flags 594 | ); 595 | 596 | NTSYSCALLAPI 597 | NTSTATUS 598 | NTAPI 599 | NtUnloadKey( 600 | _In_ POBJECT_ATTRIBUTES TargetKey 601 | ); 602 | 603 | // 604 | // NtUnloadKey2 Flags (from winnt.h) 605 | // 606 | //#define REG_FORCE_UNLOAD 1 607 | //#define REG_UNLOAD_LEGAL_FLAGS (REG_FORCE_UNLOAD) 608 | 609 | NTSYSCALLAPI 610 | NTSTATUS 611 | NTAPI 612 | NtUnloadKey2( 613 | _In_ POBJECT_ATTRIBUTES TargetKey, 614 | _In_ ULONG Flags 615 | ); 616 | 617 | NTSYSCALLAPI 618 | NTSTATUS 619 | NTAPI 620 | NtUnloadKeyEx( 621 | _In_ POBJECT_ATTRIBUTES TargetKey, 622 | _In_opt_ HANDLE Event 623 | ); 624 | 625 | NTSYSCALLAPI 626 | NTSTATUS 627 | NTAPI 628 | NtNotifyChangeKey( 629 | _In_ HANDLE KeyHandle, 630 | _In_opt_ HANDLE Event, 631 | _In_opt_ PIO_APC_ROUTINE ApcRoutine, 632 | _In_opt_ PVOID ApcContext, 633 | _Out_ PIO_STATUS_BLOCK IoStatusBlock, 634 | _In_ ULONG CompletionFilter, 635 | _In_ BOOLEAN WatchTree, 636 | _Out_writes_bytes_opt_(BufferSize) PVOID Buffer, 637 | _In_ ULONG BufferSize, 638 | _In_ BOOLEAN Asynchronous 639 | ); 640 | 641 | NTSYSCALLAPI 642 | NTSTATUS 643 | NTAPI 644 | NtNotifyChangeMultipleKeys( 645 | _In_ HANDLE MasterKeyHandle, 646 | _In_opt_ ULONG Count, 647 | _In_reads_opt_(Count) OBJECT_ATTRIBUTES SubordinateObjects[], 648 | _In_opt_ HANDLE Event, 649 | _In_opt_ PIO_APC_ROUTINE ApcRoutine, 650 | _In_opt_ PVOID ApcContext, 651 | _Out_ PIO_STATUS_BLOCK IoStatusBlock, 652 | _In_ ULONG CompletionFilter, 653 | _In_ BOOLEAN WatchTree, 654 | _Out_writes_bytes_opt_(BufferSize) PVOID Buffer, 655 | _In_ ULONG BufferSize, 656 | _In_ BOOLEAN Asynchronous 657 | ); 658 | 659 | NTSYSCALLAPI 660 | NTSTATUS 661 | NTAPI 662 | NtQueryOpenSubKeys( 663 | _In_ POBJECT_ATTRIBUTES TargetKey, 664 | _Out_ PULONG HandleCount 665 | ); 666 | 667 | NTSYSCALLAPI 668 | NTSTATUS 669 | NTAPI 670 | NtQueryOpenSubKeysEx( 671 | _In_ POBJECT_ATTRIBUTES TargetKey, 672 | _In_ ULONG BufferLength, 673 | _Out_writes_bytes_(BufferLength) PVOID Buffer, 674 | _Out_ PULONG RequiredSize 675 | ); 676 | 677 | NTSYSCALLAPI 678 | NTSTATUS 679 | NTAPI 680 | NtInitializeRegistry( 681 | _In_ USHORT BootCondition 682 | ); 683 | 684 | NTSYSCALLAPI 685 | NTSTATUS 686 | NTAPI 687 | NtLockRegistryKey( 688 | _In_ HANDLE KeyHandle 689 | ); 690 | 691 | NTSYSCALLAPI 692 | NTSTATUS 693 | NTAPI 694 | NtLockProductActivationKeys( 695 | _Inout_opt_ ULONG *pPrivateVer, 696 | _Out_opt_ ULONG *pSafeMode 697 | ); 698 | 699 | #if (NTDDI_VERSION >= NTDDI_VISTA) 700 | // private 701 | NTSYSCALLAPI 702 | NTSTATUS 703 | NTAPI 704 | NtFreezeRegistry( 705 | _In_ ULONG TimeOutInSeconds 706 | ); 707 | #endif 708 | 709 | #if (NTDDI_VERSION >= NTDDI_VISTA) 710 | // private 711 | NTSYSCALLAPI 712 | NTSTATUS 713 | NTAPI 714 | NtThawRegistry( 715 | VOID 716 | ); 717 | #endif 718 | 719 | -------------------------------------------------------------------------------- /source/NativeLib/ntsmss.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | NTSYSAPI 4 | NTSTATUS 5 | NTAPI 6 | RtlConnectToSm( 7 | _In_ PUNICODE_STRING ApiPortName, 8 | _In_ HANDLE ApiPortHandle, 9 | _In_ DWORD ProcessImageType, 10 | _Out_ PHANDLE SmssConnection 11 | ); 12 | 13 | NTSYSAPI 14 | NTSTATUS 15 | NTAPI 16 | RtlSendMsgToSm( 17 | _In_ HANDLE ApiPortHandle, 18 | _In_ PPORT_MESSAGE MessageData 19 | ); 20 | 21 | -------------------------------------------------------------------------------- /source/NativeLib/nttmapi.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #if (NTDDI_VERSION >= NTDDI_VISTA) 4 | NTSYSCALLAPI 5 | NTSTATUS 6 | NTAPI 7 | NtCreateTransactionManager( 8 | _Out_ PHANDLE TmHandle, 9 | _In_ ACCESS_MASK DesiredAccess, 10 | _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 11 | _In_opt_ PUNICODE_STRING LogFileName, 12 | _In_opt_ ULONG CreateOptions, 13 | _In_opt_ ULONG CommitStrength 14 | ); 15 | #endif 16 | 17 | #if (NTDDI_VERSION >= NTDDI_VISTA) 18 | NTSYSCALLAPI 19 | NTSTATUS 20 | NTAPI 21 | NtOpenTransactionManager( 22 | _Out_ PHANDLE TmHandle, 23 | _In_ ACCESS_MASK DesiredAccess, 24 | _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 25 | _In_opt_ PUNICODE_STRING LogFileName, 26 | _In_opt_ LPGUID TmIdentity, 27 | _In_opt_ ULONG OpenOptions 28 | ); 29 | #endif 30 | 31 | #if (NTDDI_VERSION >= NTDDI_VISTA) 32 | NTSYSCALLAPI 33 | NTSTATUS 34 | NTAPI 35 | NtRenameTransactionManager( 36 | _In_ PUNICODE_STRING LogFileName, 37 | _In_ LPGUID ExistingTransactionManagerGuid 38 | ); 39 | #endif 40 | 41 | #if (NTDDI_VERSION >= NTDDI_VISTA) 42 | NTSYSCALLAPI 43 | NTSTATUS 44 | NTAPI 45 | NtRollforwardTransactionManager( 46 | _In_ HANDLE TransactionManagerHandle, 47 | _In_opt_ PLARGE_INTEGER TmVirtualClock 48 | ); 49 | #endif 50 | 51 | #if (NTDDI_VERSION >= NTDDI_VISTA) 52 | NTSYSCALLAPI 53 | NTSTATUS 54 | NTAPI 55 | NtRecoverTransactionManager( 56 | _In_ HANDLE TransactionManagerHandle 57 | ); 58 | #endif 59 | 60 | #if (NTDDI_VERSION >= NTDDI_VISTA) 61 | NTSYSCALLAPI 62 | NTSTATUS 63 | NTAPI 64 | NtQueryInformationTransactionManager( 65 | _In_ HANDLE TransactionManagerHandle, 66 | _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass, 67 | _Out_writes_bytes_(TransactionManagerInformationLength) PVOID TransactionManagerInformation, 68 | _In_ ULONG TransactionManagerInformationLength, 69 | _Out_opt_ PULONG ReturnLength 70 | ); 71 | #endif 72 | 73 | #if (NTDDI_VERSION >= NTDDI_VISTA) 74 | NTSYSCALLAPI 75 | NTSTATUS 76 | NTAPI 77 | NtSetInformationTransactionManager( 78 | _In_opt_ HANDLE TmHandle, 79 | _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass, 80 | _In_reads_bytes_(TransactionManagerInformationLength) PVOID TransactionManagerInformation, 81 | _In_ ULONG TransactionManagerInformationLength 82 | ); 83 | #endif 84 | 85 | #if (NTDDI_VERSION >= NTDDI_VISTA) 86 | NTSYSCALLAPI 87 | NTSTATUS 88 | NTAPI 89 | NtEnumerateTransactionObject( 90 | _In_opt_ HANDLE RootObjectHandle, 91 | _In_ KTMOBJECT_TYPE QueryType, 92 | _Inout_updates_bytes_(ObjectCursorLength) PKTMOBJECT_CURSOR ObjectCursor, 93 | _In_ ULONG ObjectCursorLength, 94 | _Out_ PULONG ReturnLength 95 | ); 96 | #endif 97 | 98 | #if (NTDDI_VERSION >= NTDDI_VISTA) 99 | NTSYSCALLAPI 100 | NTSTATUS 101 | NTAPI 102 | NtCreateTransaction( 103 | _Out_ PHANDLE TransactionHandle, 104 | _In_ ACCESS_MASK DesiredAccess, 105 | _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 106 | _In_opt_ LPGUID Uow, 107 | _In_opt_ HANDLE TmHandle, 108 | _In_opt_ ULONG CreateOptions, 109 | _In_opt_ ULONG IsolationLevel, 110 | _In_opt_ ULONG IsolationFlags, 111 | _In_opt_ PLARGE_INTEGER Timeout, 112 | _In_opt_ PUNICODE_STRING Description 113 | ); 114 | #endif 115 | 116 | #if (NTDDI_VERSION >= NTDDI_VISTA) 117 | NTSYSCALLAPI 118 | NTSTATUS 119 | NTAPI 120 | NtOpenTransaction( 121 | _Out_ PHANDLE TransactionHandle, 122 | _In_ ACCESS_MASK DesiredAccess, 123 | _In_ POBJECT_ATTRIBUTES ObjectAttributes, 124 | _In_ LPGUID Uow, 125 | _In_opt_ HANDLE TmHandle 126 | ); 127 | #endif 128 | 129 | #if (NTDDI_VERSION >= NTDDI_VISTA) 130 | NTSYSCALLAPI 131 | NTSTATUS 132 | NTAPI 133 | NtQueryInformationTransaction( 134 | _In_ HANDLE TransactionHandle, 135 | _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass, 136 | _Out_writes_bytes_(TransactionInformationLength) PVOID TransactionInformation, 137 | _In_ ULONG TransactionInformationLength, 138 | _Out_opt_ PULONG ReturnLength 139 | ); 140 | #endif 141 | 142 | #if (NTDDI_VERSION >= NTDDI_VISTA) 143 | NTSYSCALLAPI 144 | NTSTATUS 145 | NTAPI 146 | NtSetInformationTransaction( 147 | _In_ HANDLE TransactionHandle, 148 | _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass, 149 | _In_reads_bytes_(TransactionInformationLength) PVOID TransactionInformation, 150 | _In_ ULONG TransactionInformationLength 151 | ); 152 | #endif 153 | 154 | #if (NTDDI_VERSION >= NTDDI_VISTA) 155 | NTSYSCALLAPI 156 | NTSTATUS 157 | NTAPI 158 | NtCommitTransaction( 159 | _In_ HANDLE TransactionHandle, 160 | _In_ BOOLEAN Wait 161 | ); 162 | #endif 163 | 164 | #if (NTDDI_VERSION >= NTDDI_VISTA) 165 | NTSYSCALLAPI 166 | NTSTATUS 167 | NTAPI 168 | NtRollbackTransaction( 169 | _In_ HANDLE TransactionHandle, 170 | _In_ BOOLEAN Wait 171 | ); 172 | #endif 173 | 174 | #if (NTDDI_VERSION >= NTDDI_VISTA) 175 | NTSYSCALLAPI 176 | NTSTATUS 177 | NTAPI 178 | NtCreateEnlistment( 179 | _Out_ PHANDLE EnlistmentHandle, 180 | _In_ ACCESS_MASK DesiredAccess, 181 | _In_ HANDLE ResourceManagerHandle, 182 | _In_ HANDLE TransactionHandle, 183 | _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 184 | _In_opt_ ULONG CreateOptions, 185 | _In_ NOTIFICATION_MASK NotificationMask, 186 | _In_opt_ PVOID EnlistmentKey 187 | ); 188 | #endif 189 | 190 | #if (NTDDI_VERSION >= NTDDI_VISTA) 191 | NTSYSCALLAPI 192 | NTSTATUS 193 | NTAPI 194 | NtOpenEnlistment( 195 | _Out_ PHANDLE EnlistmentHandle, 196 | _In_ ACCESS_MASK DesiredAccess, 197 | _In_ HANDLE ResourceManagerHandle, 198 | _In_ LPGUID EnlistmentGuid, 199 | _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes 200 | ); 201 | #endif 202 | 203 | #if (NTDDI_VERSION >= NTDDI_VISTA) 204 | NTSYSCALLAPI 205 | NTSTATUS 206 | NTAPI 207 | NtQueryInformationEnlistment( 208 | _In_ HANDLE EnlistmentHandle, 209 | _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, 210 | _Out_writes_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation, 211 | _In_ ULONG EnlistmentInformationLength, 212 | _Out_opt_ PULONG ReturnLength 213 | ); 214 | #endif 215 | 216 | #if (NTDDI_VERSION >= NTDDI_VISTA) 217 | NTSYSCALLAPI 218 | NTSTATUS 219 | NTAPI 220 | NtSetInformationEnlistment( 221 | _In_opt_ HANDLE EnlistmentHandle, 222 | _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass, 223 | _In_reads_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation, 224 | _In_ ULONG EnlistmentInformationLength 225 | ); 226 | #endif 227 | 228 | #if (NTDDI_VERSION >= NTDDI_VISTA) 229 | NTSYSCALLAPI 230 | NTSTATUS 231 | NTAPI 232 | NtRecoverEnlistment( 233 | _In_ HANDLE EnlistmentHandle, 234 | _In_opt_ PVOID EnlistmentKey 235 | ); 236 | #endif 237 | 238 | #if (NTDDI_VERSION >= NTDDI_VISTA) 239 | NTSYSCALLAPI 240 | NTSTATUS 241 | NTAPI 242 | NtPrePrepareEnlistment( 243 | _In_ HANDLE EnlistmentHandle, 244 | _In_opt_ PLARGE_INTEGER TmVirtualClock 245 | ); 246 | #endif 247 | 248 | #if (NTDDI_VERSION >= NTDDI_VISTA) 249 | NTSYSCALLAPI 250 | NTSTATUS 251 | NTAPI 252 | NtPrepareEnlistment( 253 | _In_ HANDLE EnlistmentHandle, 254 | _In_opt_ PLARGE_INTEGER TmVirtualClock 255 | ); 256 | #endif 257 | 258 | #if (NTDDI_VERSION >= NTDDI_VISTA) 259 | NTSYSCALLAPI 260 | NTSTATUS 261 | NTAPI 262 | NtCommitEnlistment( 263 | _In_ HANDLE EnlistmentHandle, 264 | _In_opt_ PLARGE_INTEGER TmVirtualClock 265 | ); 266 | #endif 267 | 268 | #if (NTDDI_VERSION >= NTDDI_VISTA) 269 | NTSYSCALLAPI 270 | NTSTATUS 271 | NTAPI 272 | NtRollbackEnlistment( 273 | _In_ HANDLE EnlistmentHandle, 274 | _In_opt_ PLARGE_INTEGER TmVirtualClock 275 | ); 276 | 277 | NTSYSCALLAPI 278 | NTSTATUS 279 | NTAPI 280 | NtRollbackRegistryTransaction( 281 | _In_ HANDLE Handle, 282 | _In_ DWORD Flags 283 | ); 284 | 285 | #endif 286 | 287 | #if (NTDDI_VERSION >= NTDDI_VISTA) 288 | NTSYSCALLAPI 289 | NTSTATUS 290 | NTAPI 291 | NtPrePrepareComplete( 292 | _In_ HANDLE EnlistmentHandle, 293 | _In_opt_ PLARGE_INTEGER TmVirtualClock 294 | ); 295 | #endif 296 | 297 | #if (NTDDI_VERSION >= NTDDI_VISTA) 298 | NTSYSCALLAPI 299 | NTSTATUS 300 | NTAPI 301 | NtPrepareComplete( 302 | _In_ HANDLE EnlistmentHandle, 303 | _In_opt_ PLARGE_INTEGER TmVirtualClock 304 | ); 305 | #endif 306 | 307 | #if (NTDDI_VERSION >= NTDDI_VISTA) 308 | NTSYSCALLAPI 309 | NTSTATUS 310 | NTAPI 311 | NtCommitComplete( 312 | _In_ HANDLE EnlistmentHandle, 313 | _In_opt_ PLARGE_INTEGER TmVirtualClock 314 | ); 315 | #endif 316 | 317 | #if (NTDDI_VERSION >= NTDDI_VISTA) 318 | NTSYSCALLAPI 319 | NTSTATUS 320 | NTAPI 321 | NtReadOnlyEnlistment( 322 | _In_ HANDLE EnlistmentHandle, 323 | _In_opt_ PLARGE_INTEGER TmVirtualClock 324 | ); 325 | #endif 326 | 327 | #if (NTDDI_VERSION >= NTDDI_VISTA) 328 | NTSYSCALLAPI 329 | NTSTATUS 330 | NTAPI 331 | NtRollbackComplete( 332 | _In_ HANDLE EnlistmentHandle, 333 | _In_opt_ PLARGE_INTEGER TmVirtualClock 334 | ); 335 | #endif 336 | 337 | #if (NTDDI_VERSION >= NTDDI_VISTA) 338 | NTSYSCALLAPI 339 | NTSTATUS 340 | NTAPI 341 | NtSinglePhaseReject( 342 | _In_ HANDLE EnlistmentHandle, 343 | _In_opt_ PLARGE_INTEGER TmVirtualClock 344 | ); 345 | #endif 346 | 347 | #if (NTDDI_VERSION >= NTDDI_VISTA) 348 | NTSYSCALLAPI 349 | NTSTATUS 350 | NTAPI 351 | NtCreateResourceManager( 352 | _Out_ PHANDLE ResourceManagerHandle, 353 | _In_ ACCESS_MASK DesiredAccess, 354 | _In_ HANDLE TmHandle, 355 | _In_ LPGUID RmGuid, 356 | _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 357 | _In_opt_ ULONG CreateOptions, 358 | _In_opt_ PUNICODE_STRING Description 359 | ); 360 | 361 | 362 | NTSYSCALLAPI 363 | NTSTATUS 364 | NTAPI 365 | NtCreateRegistryTransaction( 366 | _Out_ PHANDLE RegistryHandle, 367 | _In_ ACCESS_MASK DesiredAccess, 368 | _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 369 | _In_ DWORD Flags 370 | ); 371 | #endif 372 | 373 | #if (NTDDI_VERSION >= NTDDI_VISTA) 374 | NTSYSCALLAPI 375 | NTSTATUS 376 | NTAPI 377 | NtOpenResourceManager( 378 | _Out_ PHANDLE ResourceManagerHandle, 379 | _In_ ACCESS_MASK DesiredAccess, 380 | _In_ HANDLE TmHandle, 381 | _In_opt_ LPGUID ResourceManagerGuid, 382 | _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes 383 | ); 384 | #endif 385 | 386 | #if (NTDDI_VERSION >= NTDDI_VISTA) 387 | NTSYSCALLAPI 388 | NTSTATUS 389 | NTAPI 390 | NtRecoverResourceManager( 391 | _In_ HANDLE ResourceManagerHandle 392 | ); 393 | #endif 394 | 395 | #if (NTDDI_VERSION >= NTDDI_VISTA) 396 | NTSYSCALLAPI 397 | NTSTATUS 398 | NTAPI 399 | NtGetNotificationResourceManager( 400 | _In_ HANDLE ResourceManagerHandle, 401 | _Out_ PTRANSACTION_NOTIFICATION TransactionNotification, 402 | _In_ ULONG NotificationLength, 403 | _In_opt_ PLARGE_INTEGER Timeout, 404 | _Out_opt_ PULONG ReturnLength, 405 | _In_ ULONG Asynchronous, 406 | _In_opt_ ULONG_PTR AsynchronousContext 407 | ); 408 | #endif 409 | 410 | #if (NTDDI_VERSION >= NTDDI_VISTA) 411 | NTSYSCALLAPI 412 | NTSTATUS 413 | NTAPI 414 | NtQueryInformationResourceManager( 415 | _In_ HANDLE ResourceManagerHandle, 416 | _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, 417 | _Out_writes_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation, 418 | _In_ ULONG ResourceManagerInformationLength, 419 | _Out_opt_ PULONG ReturnLength 420 | ); 421 | #endif 422 | 423 | #if (NTDDI_VERSION >= NTDDI_VISTA) 424 | NTSYSCALLAPI 425 | NTSTATUS 426 | NTAPI 427 | NtSetInformationResourceManager( 428 | _In_ HANDLE ResourceManagerHandle, 429 | _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass, 430 | _In_reads_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation, 431 | _In_ ULONG ResourceManagerInformationLength 432 | ); 433 | #endif 434 | 435 | 436 | #if (NTDDI_VERSION >= NTDDI_VISTA) 437 | 438 | typedef ULONG SYMBOLIC_LINK_ALL_INFORMATION_CLASS; 439 | 440 | NTSYSCALLAPI 441 | NTSTATUS 442 | NTAPI 443 | NtSetInformationSymbolicLink( 444 | _In_ HANDLE LinkHandle, 445 | _In_ SYMBOLIC_LINK_ALL_INFORMATION_CLASS LinkInformationClass, 446 | _In_reads_bytes_(LinkInformationLength) PVOID LinkInformation, 447 | _In_ ULONG LinkInformationLength 448 | ); 449 | #endif 450 | 451 | #if (NTDDI_VERSION >= NTDDI_VISTA) 452 | NTSYSCALLAPI 453 | NTSTATUS 454 | NTAPI 455 | NtRegisterProtocolAddressInformation( 456 | _In_ HANDLE ResourceManager, 457 | _In_ PCRM_PROTOCOL_ID ProtocolId, 458 | _In_ ULONG ProtocolInformationSize, 459 | _In_ PVOID ProtocolInformation, 460 | _In_opt_ ULONG CreateOptions 461 | ); 462 | #endif 463 | 464 | #if (NTDDI_VERSION >= NTDDI_VISTA) 465 | NTSYSCALLAPI 466 | NTSTATUS 467 | NTAPI 468 | NtPropagationComplete( 469 | _In_ HANDLE ResourceManagerHandle, 470 | _In_ ULONG RequestCookie, 471 | _In_ ULONG BufferLength, 472 | _In_ PVOID Buffer 473 | ); 474 | #endif 475 | 476 | #if (NTDDI_VERSION >= NTDDI_VISTA) 477 | NTSYSCALLAPI 478 | NTSTATUS 479 | NTAPI 480 | NtPropagationFailed( 481 | _In_ HANDLE ResourceManagerHandle, 482 | _In_ ULONG RequestCookie, 483 | _In_ NTSTATUS PropStatus 484 | ); 485 | #endif 486 | 487 | #if (NTDDI_VERSION >= NTDDI_VISTA) 488 | // private 489 | NTSYSCALLAPI 490 | NTSTATUS 491 | NTAPI 492 | NtFreezeTransactions( 493 | _In_ PLARGE_INTEGER FreezeTimeout, 494 | _In_ PLARGE_INTEGER ThawTimeout 495 | ); 496 | #endif 497 | 498 | #if (NTDDI_VERSION >= NTDDI_VISTA) 499 | // private 500 | NTSYSCALLAPI 501 | NTSTATUS 502 | NTAPI 503 | NtThawTransactions( 504 | VOID 505 | ); 506 | #endif 507 | 508 | -------------------------------------------------------------------------------- /source/NativeLib/nttp.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Some types are already defined in winnt.h. 4 | 5 | typedef struct _TP_ALPC TP_ALPC, *PTP_ALPC; 6 | 7 | // private 8 | typedef VOID (NTAPI *PTP_ALPC_CALLBACK)( 9 | _Inout_ PTP_CALLBACK_INSTANCE Instance, 10 | _Inout_opt_ PVOID Context, 11 | _In_ PTP_ALPC Alpc 12 | ); 13 | 14 | // rev 15 | typedef VOID (NTAPI *PTP_ALPC_CALLBACK_EX)( 16 | _Inout_ PTP_CALLBACK_INSTANCE Instance, 17 | _Inout_opt_ PVOID Context, 18 | _In_ PTP_ALPC Alpc, 19 | _In_ PVOID ApcContext 20 | ); 21 | 22 | #if (NTDDI_VERSION >= NTDDI_VISTA) 23 | 24 | // private 25 | _Check_return_ 26 | NTSYSAPI 27 | NTSTATUS 28 | NTAPI 29 | TpAllocPool( 30 | _Out_ PTP_POOL *PoolReturn, 31 | _Reserved_ PVOID Reserved 32 | ); 33 | 34 | // winbase:CloseThreadpool 35 | NTSYSAPI 36 | VOID 37 | NTAPI 38 | TpReleasePool( 39 | _Inout_ PTP_POOL Pool 40 | ); 41 | 42 | // winbase:SetThreadpoolThreadMaximum 43 | NTSYSAPI 44 | VOID 45 | NTAPI 46 | TpSetPoolMaxThreads( 47 | _Inout_ PTP_POOL Pool, 48 | _In_ LONG MaxThreads 49 | ); 50 | 51 | // private 52 | NTSYSAPI 53 | NTSTATUS 54 | NTAPI 55 | TpSetPoolMinThreads( 56 | _Inout_ PTP_POOL Pool, 57 | _In_ LONG MinThreads 58 | ); 59 | 60 | #if (NTDDI_VERSION >= NTDDI_WIN7) 61 | // rev 62 | NTSYSAPI 63 | NTSTATUS 64 | NTAPI 65 | TpQueryPoolStackInformation( 66 | _In_ PTP_POOL Pool, 67 | _Out_ PTP_POOL_STACK_INFORMATION PoolStackInformation 68 | ); 69 | #endif 70 | 71 | #if (NTDDI_VERSION >= NTDDI_WIN7) 72 | // rev 73 | NTSYSAPI 74 | NTSTATUS 75 | NTAPI 76 | TpSetPoolStackInformation( 77 | _Inout_ PTP_POOL Pool, 78 | _In_ PTP_POOL_STACK_INFORMATION PoolStackInformation 79 | ); 80 | #endif 81 | 82 | // private 83 | _Check_return_ 84 | NTSYSAPI 85 | NTSTATUS 86 | NTAPI 87 | TpAllocCleanupGroup( 88 | _Out_ PTP_CLEANUP_GROUP *CleanupGroupReturn 89 | ); 90 | 91 | // winbase:CloseThreadpoolCleanupGroup 92 | NTSYSAPI 93 | VOID 94 | NTAPI 95 | TpReleaseCleanupGroup( 96 | _Inout_ PTP_CLEANUP_GROUP CleanupGroup 97 | ); 98 | 99 | // winbase:CloseThreadpoolCleanupGroupMembers 100 | NTSYSAPI 101 | VOID 102 | NTAPI 103 | TpReleaseCleanupGroupMembers( 104 | _Inout_ PTP_CLEANUP_GROUP CleanupGroup, 105 | _In_ LOGICAL CancelPendingCallbacks, 106 | _Inout_opt_ PVOID CleanupParameter 107 | ); 108 | 109 | // winbase:SetEventWhenCallbackReturns 110 | NTSYSAPI 111 | VOID 112 | NTAPI 113 | TpCallbackSetEventOnCompletion( 114 | _Inout_ PTP_CALLBACK_INSTANCE Instance, 115 | _In_ HANDLE Event 116 | ); 117 | 118 | // winbase:ReleaseSemaphoreWhenCallbackReturns 119 | NTSYSAPI 120 | VOID 121 | NTAPI 122 | TpCallbackReleaseSemaphoreOnCompletion( 123 | _Inout_ PTP_CALLBACK_INSTANCE Instance, 124 | _In_ HANDLE Semaphore, 125 | _In_ LONG ReleaseCount 126 | ); 127 | 128 | // winbase:ReleaseMutexWhenCallbackReturns 129 | NTSYSAPI 130 | VOID 131 | NTAPI 132 | TpCallbackReleaseMutexOnCompletion( 133 | _Inout_ PTP_CALLBACK_INSTANCE Instance, 134 | _In_ HANDLE Mutex 135 | ); 136 | 137 | // winbase:LeaveCriticalSectionWhenCallbackReturns 138 | NTSYSAPI 139 | VOID 140 | NTAPI 141 | TpCallbackLeaveCriticalSectionOnCompletion( 142 | _Inout_ PTP_CALLBACK_INSTANCE Instance, 143 | _Inout_ PRTL_CRITICAL_SECTION CriticalSection 144 | ); 145 | 146 | // winbase:FreeLibraryWhenCallbackReturns 147 | NTSYSAPI 148 | VOID 149 | NTAPI 150 | TpCallbackUnloadDllOnCompletion( 151 | _Inout_ PTP_CALLBACK_INSTANCE Instance, 152 | _In_ PVOID DllHandle 153 | ); 154 | 155 | // winbase:CallbackMayRunLong 156 | NTSYSAPI 157 | NTSTATUS 158 | NTAPI 159 | TpCallbackMayRunLong( 160 | _Inout_ PTP_CALLBACK_INSTANCE Instance 161 | ); 162 | 163 | // winbase:DisassociateCurrentThreadFromCallback 164 | NTSYSAPI 165 | VOID 166 | NTAPI 167 | TpDisassociateCallback( 168 | _Inout_ PTP_CALLBACK_INSTANCE Instance 169 | ); 170 | 171 | // winbase:TrySubmitThreadpoolCallback 172 | _Check_return_ 173 | NTSYSAPI 174 | NTSTATUS 175 | NTAPI 176 | TpSimpleTryPost( 177 | _In_ PTP_SIMPLE_CALLBACK Callback, 178 | _Inout_opt_ PVOID Context, 179 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron 180 | ); 181 | 182 | // private 183 | _Check_return_ 184 | NTSYSAPI 185 | NTSTATUS 186 | NTAPI 187 | TpAllocWork( 188 | _Out_ PTP_WORK *WorkReturn, 189 | _In_ PTP_WORK_CALLBACK Callback, 190 | _Inout_opt_ PVOID Context, 191 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron 192 | ); 193 | 194 | // winbase:CloseThreadpoolWork 195 | NTSYSAPI 196 | VOID 197 | NTAPI 198 | TpReleaseWork( 199 | _Inout_ PTP_WORK Work 200 | ); 201 | 202 | // winbase:SubmitThreadpoolWork 203 | NTSYSAPI 204 | VOID 205 | NTAPI 206 | TpPostWork( 207 | _Inout_ PTP_WORK Work 208 | ); 209 | 210 | // winbase:WaitForThreadpoolWorkCallbacks 211 | NTSYSAPI 212 | VOID 213 | NTAPI 214 | TpWaitForWork( 215 | _Inout_ PTP_WORK Work, 216 | _In_ LOGICAL CancelPendingCallbacks 217 | ); 218 | 219 | // private 220 | _Check_return_ 221 | NTSYSAPI 222 | NTSTATUS 223 | NTAPI 224 | TpAllocTimer( 225 | _Out_ PTP_TIMER *Timer, 226 | _In_ PTP_TIMER_CALLBACK Callback, 227 | _Inout_opt_ PVOID Context, 228 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron 229 | ); 230 | 231 | // winbase:CloseThreadpoolTimer 232 | NTSYSAPI 233 | VOID 234 | NTAPI 235 | TpReleaseTimer( 236 | _Inout_ PTP_TIMER Timer 237 | ); 238 | 239 | // winbase:SetThreadpoolTimer 240 | NTSYSAPI 241 | VOID 242 | NTAPI 243 | TpSetTimer( 244 | _Inout_ PTP_TIMER Timer, 245 | _In_opt_ PLARGE_INTEGER DueTime, 246 | _In_ LONG Period, 247 | _In_opt_ LONG WindowLength 248 | ); 249 | 250 | // winbase:IsThreadpoolTimerSet 251 | NTSYSAPI 252 | LOGICAL 253 | NTAPI 254 | TpIsTimerSet( 255 | _In_ PTP_TIMER Timer 256 | ); 257 | 258 | // winbase:WaitForThreadpoolTimerCallbacks 259 | NTSYSAPI 260 | VOID 261 | NTAPI 262 | TpWaitForTimer( 263 | _Inout_ PTP_TIMER Timer, 264 | _In_ LOGICAL CancelPendingCallbacks 265 | ); 266 | 267 | // private 268 | _Check_return_ 269 | NTSYSAPI 270 | NTSTATUS 271 | NTAPI 272 | TpAllocWait( 273 | _Out_ PTP_WAIT *WaitReturn, 274 | _In_ PTP_WAIT_CALLBACK Callback, 275 | _Inout_opt_ PVOID Context, 276 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron 277 | ); 278 | 279 | // winbase:CloseThreadpoolWait 280 | NTSYSAPI 281 | VOID 282 | NTAPI 283 | TpReleaseWait( 284 | _Inout_ PTP_WAIT Wait 285 | ); 286 | 287 | // winbase:SetThreadpoolWait 288 | NTSYSAPI 289 | VOID 290 | NTAPI 291 | TpSetWait( 292 | _Inout_ PTP_WAIT Wait, 293 | _In_opt_ HANDLE Handle, 294 | _In_opt_ PLARGE_INTEGER Timeout 295 | ); 296 | 297 | // winbase:WaitForThreadpoolWaitCallbacks 298 | NTSYSAPI 299 | VOID 300 | NTAPI 301 | TpWaitForWait( 302 | _Inout_ PTP_WAIT Wait, 303 | _In_ LOGICAL CancelPendingCallbacks 304 | ); 305 | 306 | // private 307 | typedef VOID (NTAPI *PTP_IO_CALLBACK)( 308 | _Inout_ PTP_CALLBACK_INSTANCE Instance, 309 | _Inout_opt_ PVOID Context, 310 | _In_ PVOID ApcContext, 311 | _In_ PIO_STATUS_BLOCK IoSB, 312 | _In_ PTP_IO Io 313 | ); 314 | 315 | // private 316 | _Check_return_ 317 | NTSYSAPI 318 | NTSTATUS 319 | NTAPI 320 | TpAllocIoCompletion( 321 | _Out_ PTP_IO *IoReturn, 322 | _In_ HANDLE File, 323 | _In_ PTP_IO_CALLBACK Callback, 324 | _Inout_opt_ PVOID Context, 325 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron 326 | ); 327 | 328 | // winbase:CloseThreadpoolIo 329 | NTSYSAPI 330 | VOID 331 | NTAPI 332 | TpReleaseIoCompletion( 333 | _Inout_ PTP_IO Io 334 | ); 335 | 336 | // winbase:StartThreadpoolIo 337 | NTSYSAPI 338 | VOID 339 | NTAPI 340 | TpStartAsyncIoOperation( 341 | _Inout_ PTP_IO Io 342 | ); 343 | 344 | // winbase:CancelThreadpoolIo 345 | NTSYSAPI 346 | VOID 347 | NTAPI 348 | TpCancelAsyncIoOperation( 349 | _Inout_ PTP_IO Io 350 | ); 351 | 352 | // winbase:WaitForThreadpoolIoCallbacks 353 | NTSYSAPI 354 | VOID 355 | NTAPI 356 | TpWaitForIoCompletion( 357 | _Inout_ PTP_IO Io, 358 | _In_ LOGICAL CancelPendingCallbacks 359 | ); 360 | 361 | // private 362 | NTSYSAPI 363 | NTSTATUS 364 | NTAPI 365 | TpAllocAlpcCompletion( 366 | _Out_ PTP_ALPC *AlpcReturn, 367 | _In_ HANDLE AlpcPort, 368 | _In_ PTP_ALPC_CALLBACK Callback, 369 | _Inout_opt_ PVOID Context, 370 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron 371 | ); 372 | 373 | #if (NTDDI_VERSION >= NTDDI_WIN7) 374 | // rev 375 | NTSYSAPI 376 | NTSTATUS 377 | NTAPI 378 | TpAllocAlpcCompletionEx( 379 | _Out_ PTP_ALPC *AlpcReturn, 380 | _In_ HANDLE AlpcPort, 381 | _In_ PTP_ALPC_CALLBACK_EX Callback, 382 | _Inout_opt_ PVOID Context, 383 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron 384 | ); 385 | #endif 386 | 387 | // private 388 | NTSYSAPI 389 | VOID 390 | NTAPI 391 | TpReleaseAlpcCompletion( 392 | _Inout_ PTP_ALPC Alpc 393 | ); 394 | 395 | // private 396 | NTSYSAPI 397 | VOID 398 | NTAPI 399 | TpWaitForAlpcCompletion( 400 | _Inout_ PTP_ALPC Alpc 401 | ); 402 | 403 | // private 404 | typedef enum _TP_TRACE_TYPE 405 | { 406 | TpTraceThreadPriority = 1, 407 | TpTraceThreadAffinity, 408 | MaxTpTraceType 409 | } TP_TRACE_TYPE; 410 | 411 | // private 412 | NTSYSAPI 413 | VOID 414 | NTAPI 415 | TpCaptureCaller( 416 | _In_ TP_TRACE_TYPE Type 417 | ); 418 | 419 | // private 420 | NTSYSAPI 421 | VOID 422 | NTAPI 423 | TpCheckTerminateWorker( 424 | _In_ HANDLE Thread 425 | ); 426 | 427 | #endif 428 | 429 | -------------------------------------------------------------------------------- /source/NativeLib/ntxcapi.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | NTSYSAPI 4 | BOOLEAN 5 | NTAPI 6 | RtlDispatchException( 7 | _In_ PEXCEPTION_RECORD ExceptionRecord, 8 | _In_ PCONTEXT ContextRecord 9 | ); 10 | 11 | NTSYSAPI 12 | DECLSPEC_NORETURN 13 | VOID 14 | NTAPI 15 | RtlRaiseStatus( 16 | _In_ NTSTATUS Status 17 | ); 18 | 19 | NTSYSAPI 20 | VOID 21 | NTAPI 22 | RtlRaiseException( 23 | _In_ PEXCEPTION_RECORD ExceptionRecord 24 | ); 25 | 26 | NTSYSCALLAPI 27 | NTSTATUS 28 | NTAPI 29 | NtContinue( 30 | _In_ PCONTEXT ContextRecord, 31 | _In_ BOOLEAN TestAlert 32 | ); 33 | 34 | NTSYSCALLAPI 35 | NTSTATUS 36 | NTAPI 37 | NtRaiseException( 38 | _In_ PEXCEPTION_RECORD ExceptionRecord, 39 | _In_ PCONTEXT ContextRecord, 40 | _In_ BOOLEAN FirstChance 41 | ); 42 | 43 | __analysis_noreturn 44 | NTSYSCALLAPI 45 | VOID 46 | NTAPI 47 | RtlAssert( 48 | _In_ PVOID VoidFailedAssertion, 49 | _In_ PVOID VoidFileName, 50 | _In_ ULONG LineNumber, 51 | _In_opt_ PSTR MutableMessage 52 | ); 53 | 54 | #define RTL_ASSERT(exp) \ 55 | ((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, NULL), FALSE) : TRUE) 56 | #define RTL_ASSERTMSG(msg, exp) \ 57 | ((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, msg), FALSE) : TRUE) 58 | #define RTL_SOFT_ASSERT(_exp) \ 59 | ((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n Expression: %s\n", __FILE__, __LINE__, #_exp), FALSE) : TRUE) 60 | #define RTL_SOFT_ASSERTMSG(_msg, _exp) \ 61 | ((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n Expression: %s\n Message: %s\n", __FILE__, __LINE__, #_exp, (_msg)), FALSE) : TRUE) 62 | 63 | -------------------------------------------------------------------------------- /source/NativeLib/phnt.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // This header file provides access to NT APIs. 4 | 5 | // Definitions are annotated to indicate their source. If a definition is not annotated, it has been 6 | // retrieved from an official Microsoft source (NT headers, DDK headers, winnt.h). 7 | 8 | // * "winbase" indicates that a definition has been reconstructed from a Win32-ized NT definition in 9 | // winbase.h. 10 | // * "rev" indicates that a definition has been reverse-engineered. 11 | // * "dbg" indicates that a definition has been obtained from a debug message or assertion in a 12 | // checked build of the kernel or file. 13 | 14 | // Reliability: 15 | // 1. No annotation. 16 | // 2. dbg. 17 | // 3. symbols, private. Types may be incorrect. 18 | // 4. winbase. Names and types may be incorrect. 19 | // 5. rev. 20 | 21 | // Version 22 | #include 23 | 24 | #pragma comment(lib,"ntdll.lib") 25 | #pragma comment(lib,"samlib.lib") 26 | #pragma comment(lib,"winsta.lib") 27 | 28 | // Warnings which disabled for compiling 29 | #if _MSC_VER >= 1200 30 | #pragma warning(push) 31 | // nonstandard extension used : nameless struct/union 32 | #pragma warning(disable:4201) 33 | // 'struct_name' : structure was padded due to __declspec(align()) 34 | #pragma warning(disable:4324) 35 | // 'enumeration': a forward declaration of an unscoped enumeration must have an 36 | // underlying type (int assumed) 37 | #pragma warning(disable:4471) 38 | #endif 39 | 40 | #ifdef __cplusplus 41 | extern "C" { 42 | #endif 43 | 44 | #include 45 | #include 46 | #include 47 | 48 | #include 49 | #include 50 | 51 | #include 52 | 53 | #include 54 | #include 55 | #include 56 | #include 57 | 58 | #include 59 | #include 60 | #include 61 | #include 62 | #include 63 | #include 64 | #include 65 | #include 66 | 67 | #include 68 | #include 69 | #include 70 | #include 71 | 72 | #include 73 | 74 | #include 75 | #include 76 | 77 | #include 78 | 79 | #include 80 | 81 | #include 82 | 83 | #include 84 | 85 | #ifdef __cplusplus 86 | } 87 | #endif 88 | 89 | #if _MSC_VER >= 1200 90 | #pragma warning(pop) 91 | #endif 92 | 93 | -------------------------------------------------------------------------------- /source/NativeLib/phnt_ntdef.h: -------------------------------------------------------------------------------- 1 | #ifndef _NTDEF_ 2 | #define _NTDEF_ 3 | 4 | // This header file provides basic NT types not included in Win32. If you have included winnt.h 5 | // (perhaps indirectly), you must use this file instead of ntdef.h. 6 | 7 | #ifndef NOTHING 8 | #define NOTHING 9 | #endif 10 | 11 | // Basic types 12 | 13 | typedef struct _QUAD 14 | { 15 | union 16 | { 17 | __int64 UseThisFieldToCopy; 18 | double DoNotUseThisField; 19 | }; 20 | } QUAD, *PQUAD; 21 | 22 | // This isn't in NT, but it's useful. 23 | typedef struct DECLSPEC_ALIGN(MEMORY_ALLOCATION_ALIGNMENT) _QUAD_PTR 24 | { 25 | ULONG_PTR DoNotUseThisField1; 26 | ULONG_PTR DoNotUseThisField2; 27 | } QUAD_PTR, *PQUAD_PTR; 28 | 29 | typedef ULONG LOGICAL; 30 | typedef ULONG *PLOGICAL; 31 | 32 | typedef _Success_(return >= 0) LONG NTSTATUS; 33 | typedef NTSTATUS *PNTSTATUS; 34 | 35 | // Cardinal types 36 | 37 | typedef char CCHAR; 38 | typedef short CSHORT; 39 | typedef ULONG CLONG; 40 | 41 | typedef CCHAR *PCCHAR; 42 | typedef CSHORT *PCSHORT; 43 | typedef CLONG *PCLONG; 44 | 45 | typedef PCSTR PCSZ; 46 | 47 | // Specific 48 | 49 | typedef UCHAR KIRQL, *PKIRQL; 50 | typedef LONG KPRIORITY; 51 | typedef USHORT RTL_ATOM, *PRTL_ATOM; 52 | 53 | typedef LARGE_INTEGER PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS; 54 | 55 | // NT status macros 56 | 57 | #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) 58 | #define NT_INFORMATION(Status) ((((ULONG)(Status)) >> 30) == 1) 59 | #define NT_WARNING(Status) ((((ULONG)(Status)) >> 30) == 2) 60 | #define NT_ERROR(Status) ((((ULONG)(Status)) >> 30) == 3) 61 | 62 | #define NT_FACILITY_MASK 0xfff 63 | #define NT_FACILITY_SHIFT 16 64 | #define NT_FACILITY(Status) ((((ULONG)(Status)) >> NT_FACILITY_SHIFT) & NT_FACILITY_MASK) 65 | 66 | #define NT_NTWIN32(Status) (NT_FACILITY(Status) == FACILITY_NTWIN32) 67 | #define WIN32_FROM_NTSTATUS(Status) (((ULONG)(Status)) & 0xffff) 68 | 69 | // Functions 70 | 71 | #ifndef _WIN64 72 | #define FASTCALL __fastcall 73 | #else 74 | #define FASTCALL 75 | #endif 76 | 77 | // Synchronization enumerations 78 | 79 | typedef enum _EVENT_TYPE 80 | { 81 | NotificationEvent, 82 | SynchronizationEvent 83 | } EVENT_TYPE; 84 | 85 | typedef enum _TIMER_TYPE 86 | { 87 | NotificationTimer, 88 | SynchronizationTimer 89 | } TIMER_TYPE; 90 | 91 | typedef enum _WAIT_TYPE 92 | { 93 | WaitAll, 94 | WaitAny, 95 | WaitNotification 96 | } WAIT_TYPE; 97 | 98 | // Strings 99 | 100 | typedef struct _STRING 101 | { 102 | USHORT Length; 103 | USHORT MaximumLength; 104 | _Field_size_bytes_part_opt_(MaximumLength, Length) PCHAR Buffer; 105 | } STRING, *PSTRING, ANSI_STRING, *PANSI_STRING, OEM_STRING, *POEM_STRING; 106 | 107 | typedef const STRING *PCSTRING; 108 | typedef const ANSI_STRING *PCANSI_STRING; 109 | typedef const OEM_STRING *PCOEM_STRING; 110 | 111 | typedef struct _UNICODE_STRING 112 | { 113 | USHORT Length; 114 | USHORT MaximumLength; 115 | _Field_size_bytes_part_(MaximumLength, Length) PWCH Buffer; 116 | } UNICODE_STRING, *PUNICODE_STRING; 117 | 118 | typedef const UNICODE_STRING *PCUNICODE_STRING; 119 | 120 | #define RTL_CONSTANT_STRING(s) { sizeof(s) - sizeof((s)[0]), sizeof(s), s } 121 | 122 | typedef struct _LARGE_UNICODE_STRING 123 | { 124 | ULONG Length; 125 | ULONG MaximumLength : 31; 126 | ULONG Ansi : 1; 127 | 128 | union 129 | { 130 | PWSTR UnicodeBuffer; 131 | PSTR AnsiBuffer; 132 | ULONG64 Buffer; 133 | }; 134 | 135 | } LARGE_UNICODE_STRING, *PLARGE_UNICODE_STRING; 136 | 137 | // Balanced tree node 138 | 139 | #define RTL_BALANCED_NODE_RESERVED_PARENT_MASK 3 140 | 141 | typedef struct _RTL_BALANCED_NODE 142 | { 143 | union 144 | { 145 | struct _RTL_BALANCED_NODE *Children[2]; 146 | struct 147 | { 148 | struct _RTL_BALANCED_NODE *Left; 149 | struct _RTL_BALANCED_NODE *Right; 150 | }; 151 | }; 152 | union 153 | { 154 | UCHAR Red : 1; 155 | UCHAR Balance : 2; 156 | ULONG_PTR ParentValue; 157 | }; 158 | } RTL_BALANCED_NODE, *PRTL_BALANCED_NODE; 159 | 160 | #define RTL_BALANCED_NODE_GET_PARENT_POINTER(Node) \ 161 | ((PRTL_BALANCED_NODE)((Node)->ParentValue & ~RTL_BALANCED_NODE_RESERVED_PARENT_MASK)) 162 | 163 | // Portability 164 | 165 | typedef struct _SINGLE_LIST_ENTRY32 166 | { 167 | ULONG Next; 168 | } SINGLE_LIST_ENTRY32, *PSINGLE_LIST_ENTRY32; 169 | 170 | typedef struct _STRING32 171 | { 172 | USHORT Length; 173 | USHORT MaximumLength; 174 | ULONG Buffer; 175 | } STRING32, *PSTRING32; 176 | 177 | typedef STRING32 UNICODE_STRING32, *PUNICODE_STRING32; 178 | typedef STRING32 ANSI_STRING32, *PANSI_STRING32; 179 | 180 | typedef struct _STRING64 181 | { 182 | USHORT Length; 183 | USHORT MaximumLength; 184 | ULONGLONG Buffer; 185 | } STRING64, *PSTRING64; 186 | 187 | typedef STRING64 UNICODE_STRING64, *PUNICODE_STRING64; 188 | typedef STRING64 ANSI_STRING64, *PANSI_STRING64; 189 | 190 | // Object attributes 191 | 192 | #define OBJ_INHERIT 0x00000002 193 | #define OBJ_PERMANENT 0x00000010 194 | #define OBJ_EXCLUSIVE 0x00000020 195 | #define OBJ_CASE_INSENSITIVE 0x00000040 196 | #define OBJ_OPENIF 0x00000080 197 | #define OBJ_OPENLINK 0x00000100 198 | #define OBJ_KERNEL_HANDLE 0x00000200 199 | #define OBJ_FORCE_ACCESS_CHECK 0x00000400 200 | #define OBJ_IGNORE_IMPERSONATED_DEVICEMAP 0x00000800 201 | #define OBJ_DONT_REPARSE 0x00001000 202 | #define OBJ_VALID_ATTRIBUTES 0x00001ff2 203 | 204 | typedef struct _OBJECT_ATTRIBUTES 205 | { 206 | ULONG Length; 207 | HANDLE RootDirectory; 208 | PUNICODE_STRING ObjectName; 209 | ULONG Attributes; 210 | PVOID SecurityDescriptor; // PSECURITY_DESCRIPTOR; 211 | PVOID SecurityQualityOfService; // PSECURITY_QUALITY_OF_SERVICE 212 | } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; 213 | 214 | typedef const OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES; 215 | 216 | #define InitializeObjectAttributes(p, n, a, r, s) { \ 217 | (p)->Length = sizeof(OBJECT_ATTRIBUTES); \ 218 | (p)->RootDirectory = r; \ 219 | (p)->Attributes = a; \ 220 | (p)->ObjectName = n; \ 221 | (p)->SecurityDescriptor = s; \ 222 | (p)->SecurityQualityOfService = NULL; \ 223 | } 224 | 225 | #define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) { sizeof(OBJECT_ATTRIBUTES), NULL, n, a, NULL, NULL } 226 | #define RTL_INIT_OBJECT_ATTRIBUTES(n, a) RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) 227 | 228 | #define OBJ_NAME_PATH_SEPARATOR ((WCHAR)L'\\') 229 | 230 | // Portability 231 | 232 | typedef struct _OBJECT_ATTRIBUTES64 233 | { 234 | ULONG Length; 235 | ULONG64 RootDirectory; 236 | ULONG64 ObjectName; 237 | ULONG Attributes; 238 | ULONG64 SecurityDescriptor; 239 | ULONG64 SecurityQualityOfService; 240 | } OBJECT_ATTRIBUTES64, *POBJECT_ATTRIBUTES64; 241 | 242 | typedef const OBJECT_ATTRIBUTES64 *PCOBJECT_ATTRIBUTES64; 243 | 244 | typedef struct _OBJECT_ATTRIBUTES32 245 | { 246 | ULONG Length; 247 | ULONG RootDirectory; 248 | ULONG ObjectName; 249 | ULONG Attributes; 250 | ULONG SecurityDescriptor; 251 | ULONG SecurityQualityOfService; 252 | } OBJECT_ATTRIBUTES32, *POBJECT_ATTRIBUTES32; 253 | 254 | typedef const OBJECT_ATTRIBUTES32 *PCOBJECT_ATTRIBUTES32; 255 | 256 | // Product types 257 | 258 | typedef enum _NT_PRODUCT_TYPE 259 | { 260 | NtProductWinNt = 1, 261 | NtProductLanManNt, 262 | NtProductServer 263 | } NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE; 264 | 265 | typedef enum _SUITE_TYPE 266 | { 267 | SmallBusiness, 268 | Enterprise, 269 | BackOffice, 270 | CommunicationServer, 271 | TerminalServer, 272 | SmallBusinessRestricted, 273 | EmbeddedNT, 274 | DataCenter, 275 | SingleUserTS, 276 | Personal, 277 | Blade, 278 | EmbeddedRestricted, 279 | SecurityAppliance, 280 | StorageServer, 281 | ComputeServer, 282 | WHServer, 283 | PhoneNT, 284 | MaxSuiteType 285 | } SUITE_TYPE; 286 | 287 | // Specific 288 | 289 | typedef struct _CLIENT_ID 290 | { 291 | HANDLE UniqueProcess; 292 | HANDLE UniqueThread; 293 | } CLIENT_ID, *PCLIENT_ID; 294 | 295 | typedef struct _CLIENT_ID32 296 | { 297 | ULONG UniqueProcess; 298 | ULONG UniqueThread; 299 | } CLIENT_ID32, *PCLIENT_ID32; 300 | 301 | typedef struct _CLIENT_ID64 302 | { 303 | ULONGLONG UniqueProcess; 304 | ULONGLONG UniqueThread; 305 | } CLIENT_ID64, *PCLIENT_ID64; 306 | 307 | #include 308 | 309 | typedef struct _KSYSTEM_TIME 310 | { 311 | ULONG LowPart; 312 | LONG High1Time; 313 | LONG High2Time; 314 | } KSYSTEM_TIME, *PKSYSTEM_TIME; 315 | 316 | #include 317 | 318 | #endif 319 | 320 | -------------------------------------------------------------------------------- /source/NativeLib/phnt_windows.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | // This header file provides access to Win32, plus NTSTATUS values and some access mask values. 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | #undef STATUS_WAIT_0 9 | #undef STATUS_ABANDONED_WAIT_0 10 | #undef STATUS_USER_APC 11 | #undef STATUS_TIMEOUT 12 | #undef STATUS_PENDING 13 | #undef DBG_EXCEPTION_HANDLED 14 | #undef DBG_CONTINUE 15 | #undef STATUS_SEGMENT_NOTIFICATION 16 | #undef STATUS_FATAL_APP_EXIT 17 | #undef DBG_TERMINATE_THREAD 18 | #undef DBG_TERMINATE_PROCESS 19 | #undef DBG_CONTROL_C 20 | #undef DBG_PRINTEXCEPTION_C 21 | #undef DBG_RIPEXCEPTION 22 | #undef DBG_CONTROL_BREAK 23 | #undef DBG_COMMAND_EXCEPTION 24 | #undef STATUS_GUARD_PAGE_VIOLATION 25 | #undef STATUS_DATATYPE_MISALIGNMENT 26 | #undef STATUS_BREAKPOINT 27 | #undef STATUS_SINGLE_STEP 28 | #undef STATUS_LONGJUMP 29 | #undef STATUS_UNWIND_CONSOLIDATE 30 | #undef DBG_EXCEPTION_NOT_HANDLED 31 | #undef STATUS_ACCESS_VIOLATION 32 | #undef STATUS_IN_PAGE_ERROR 33 | #undef STATUS_INVALID_HANDLE 34 | #undef STATUS_INVALID_PARAMETER 35 | #undef STATUS_NO_MEMORY 36 | #undef STATUS_ILLEGAL_INSTRUCTION 37 | #undef STATUS_NONCONTINUABLE_EXCEPTION 38 | #undef STATUS_INVALID_DISPOSITION 39 | #undef STATUS_ARRAY_BOUNDS_EXCEEDED 40 | #undef STATUS_FLOAT_DENORMAL_OPERAND 41 | #undef STATUS_FLOAT_DIVIDE_BY_ZERO 42 | #undef STATUS_FLOAT_INEXACT_RESULT 43 | #undef STATUS_FLOAT_INVALID_OPERATION 44 | #undef STATUS_FLOAT_OVERFLOW 45 | #undef STATUS_FLOAT_STACK_CHECK 46 | #undef STATUS_FLOAT_UNDERFLOW 47 | #undef STATUS_INTEGER_DIVIDE_BY_ZERO 48 | #undef STATUS_INTEGER_OVERFLOW 49 | #undef STATUS_PRIVILEGED_INSTRUCTION 50 | #undef STATUS_STACK_OVERFLOW 51 | #undef STATUS_DLL_NOT_FOUND 52 | #undef STATUS_ORDINAL_NOT_FOUND 53 | #undef STATUS_ENTRYPOINT_NOT_FOUND 54 | #undef STATUS_CONTROL_C_EXIT 55 | #undef STATUS_DLL_INIT_FAILED 56 | #undef STATUS_FLOAT_MULTIPLE_FAULTS 57 | #undef STATUS_FLOAT_MULTIPLE_TRAPS 58 | #undef STATUS_REG_NAT_CONSUMPTION 59 | #undef STATUS_HEAP_CORRUPTION 60 | #undef STATUS_STACK_BUFFER_OVERRUN 61 | #undef STATUS_INVALID_CRUNTIME_PARAMETER 62 | #undef STATUS_ASSERTION_FAILURE 63 | #undef STATUS_ENCLAVE_VIOLATION 64 | 65 | #undef STATUS_SXS_EARLY_DEACTIVATION 66 | #undef STATUS_SXS_INVALID_DEACTIVATION 67 | 68 | #undef DBG_REPLY_LATER 69 | #undef DBG_PRINTEXCEPTION_WIDE_C 70 | 71 | #include 72 | 73 | typedef double DOUBLE; 74 | typedef GUID *PGUID; 75 | 76 | // Desktop access rights 77 | #define DESKTOP_ALL_ACCESS \ 78 | (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | \ 79 | DESKTOP_HOOKCONTROL | DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | \ 80 | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS | \ 81 | STANDARD_RIGHTS_REQUIRED) 82 | #define DESKTOP_GENERIC_READ \ 83 | (DESKTOP_ENUMERATE | DESKTOP_READOBJECTS | STANDARD_RIGHTS_READ) 84 | #define DESKTOP_GENERIC_WRITE \ 85 | (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_HOOKCONTROL | \ 86 | DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | DESKTOP_WRITEOBJECTS | \ 87 | STANDARD_RIGHTS_WRITE) 88 | #define DESKTOP_GENERIC_EXECUTE \ 89 | (DESKTOP_SWITCHDESKTOP | STANDARD_RIGHTS_EXECUTE) 90 | 91 | // Window station access rights 92 | #define WINSTA_GENERIC_READ \ 93 | (WINSTA_ENUMDESKTOPS | WINSTA_ENUMERATE | WINSTA_READATTRIBUTES | \ 94 | WINSTA_READSCREEN | STANDARD_RIGHTS_READ) 95 | #define WINSTA_GENERIC_WRITE \ 96 | (WINSTA_ACCESSCLIPBOARD | WINSTA_CREATEDESKTOP | WINSTA_WRITEATTRIBUTES | \ 97 | STANDARD_RIGHTS_WRITE) 98 | #define WINSTA_GENERIC_EXECUTE \ 99 | (WINSTA_ACCESSGLOBALATOMS | WINSTA_EXITWINDOWS | STANDARD_RIGHTS_EXECUTE) 100 | 101 | // WMI access rights 102 | #define WMIGUID_GENERIC_READ \ 103 | (WMIGUID_QUERY | WMIGUID_NOTIFICATION | WMIGUID_READ_DESCRIPTION | \ 104 | STANDARD_RIGHTS_READ) 105 | #define WMIGUID_GENERIC_WRITE \ 106 | (WMIGUID_SET | TRACELOG_CREATE_REALTIME | TRACELOG_CREATE_ONDISK | \ 107 | STANDARD_RIGHTS_WRITE) 108 | #define WMIGUID_GENERIC_EXECUTE \ 109 | (WMIGUID_EXECUTE | TRACELOG_GUID_ENABLE | TRACELOG_LOG_EVENT | \ 110 | TRACELOG_ACCESS_REALTIME | TRACELOG_REGISTER_GUIDS | \ 111 | STANDARD_RIGHTS_EXECUTE) 112 | 113 | -------------------------------------------------------------------------------- /source/NativeLib/subprocesstag.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | // Subprocess tag information 3 | 4 | typedef enum _TAG_INFO_LEVEL 5 | { 6 | eTagInfoLevelNameFromTag = 1, // TAG_INFO_NAME_FROM_TAG 7 | eTagInfoLevelNamesReferencingModule, // TAG_INFO_NAMES_REFERENCING_MODULE 8 | eTagInfoLevelNameTagMapping, // TAG_INFO_NAME_TAG_MAPPING 9 | eTagInfoLevelMax 10 | } TAG_INFO_LEVEL; 11 | 12 | typedef enum _TAG_TYPE 13 | { 14 | eTagTypeService = 1, 15 | eTagTypeMax 16 | } TAG_TYPE; 17 | 18 | typedef struct _TAG_INFO_NAME_FROM_TAG_IN_PARAMS 19 | { 20 | DWORD dwPid; 21 | DWORD dwTag; 22 | } TAG_INFO_NAME_FROM_TAG_IN_PARAMS, *PTAG_INFO_NAME_FROM_TAG_IN_PARAMS; 23 | 24 | typedef struct _TAG_INFO_NAME_FROM_TAG_OUT_PARAMS 25 | { 26 | DWORD eTagType; 27 | LPWSTR pszName; 28 | } TAG_INFO_NAME_FROM_TAG_OUT_PARAMS, *PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS; 29 | 30 | typedef struct _TAG_INFO_NAME_FROM_TAG 31 | { 32 | TAG_INFO_NAME_FROM_TAG_IN_PARAMS InParams; 33 | TAG_INFO_NAME_FROM_TAG_OUT_PARAMS OutParams; 34 | } TAG_INFO_NAME_FROM_TAG, *PTAG_INFO_NAME_FROM_TAG; 35 | 36 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS 37 | { 38 | DWORD dwPid; 39 | LPWSTR pszModule; 40 | } TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS; 41 | 42 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS 43 | { 44 | DWORD eTagType; 45 | LPWSTR pmszNames; 46 | } TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS; 47 | 48 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE 49 | { 50 | TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS InParams; 51 | TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS OutParams; 52 | } TAG_INFO_NAMES_REFERENCING_MODULE, *PTAG_INFO_NAMES_REFERENCING_MODULE; 53 | 54 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS 55 | { 56 | DWORD dwPid; 57 | } TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_IN_PARAMS; 58 | 59 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_ELEMENT 60 | { 61 | DWORD eTagType; 62 | DWORD dwTag; 63 | LPWSTR pszName; 64 | LPWSTR pszGroupName; 65 | } TAG_INFO_NAME_TAG_MAPPING_ELEMENT, *PTAG_INFO_NAME_TAG_MAPPING_ELEMENT; 66 | 67 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS 68 | { 69 | DWORD cElements; 70 | PTAG_INFO_NAME_TAG_MAPPING_ELEMENT pNameTagMappingElements; 71 | } TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS; 72 | 73 | typedef struct _TAG_INFO_NAME_TAG_MAPPING 74 | { 75 | TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS InParams; 76 | PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS pOutParams; 77 | } TAG_INFO_NAME_TAG_MAPPING, *PTAG_INFO_NAME_TAG_MAPPING; 78 | 79 | _Must_inspect_result_ 80 | DWORD 81 | WINAPI 82 | I_QueryTagInformation( 83 | _In_opt_ LPCWSTR pszMachineName, 84 | _In_ TAG_INFO_LEVEL eInfoLevel, 85 | _Inout_ PVOID pTagInfo 86 | ); 87 | 88 | typedef DWORD (WINAPI *PQUERY_TAG_INFORMATION)( 89 | _In_opt_ LPCWSTR pszMachineName, 90 | _In_ TAG_INFO_LEVEL eInfoLevel, 91 | _Inout_ PVOID pTagInfo 92 | ); 93 | 94 | --------------------------------------------------------------------------------