├── .gitignore
├── HazardShieldUI
    ├── HazardShieldUI.pro
    ├── main.cpp
    ├── mainwindow.cpp
    ├── mainwindow.h
    └── mainwindow.ui
├── HsCore
    ├── HsCore.sln
    ├── HsCore
    │   ├── Exports.def
    │   ├── HsCore.rc
    │   ├── HsCore.vcxproj
    │   ├── HsCore.vcxproj.filters
    │   ├── Ntfs.c
    │   ├── Ntfs.h
    │   ├── Scanner.c
    │   ├── Scanner.h
    │   ├── clamav.h
    │   ├── lib32
    │   │   └── libclamav.lib
    │   ├── lib64
    │   │   └── libclamav.lib
    │   ├── ossl_typ.h
    │   └── resource.h
    ├── HsService
    │   ├── HsService.rc
    │   ├── HsService.vcxproj
    │   ├── HsService.vcxproj.filters
    │   ├── KhsUser.c
    │   ├── KhsUser.h
    │   ├── KhspUser.h
    │   ├── Service.c
    │   ├── Service.h
    │   ├── Utility.c
    │   ├── Utility.h
    │   ├── main.c
    │   └── resource.h
    └── phlib
    │   ├── LICENSE.txt
    │   ├── apiimport.c
    │   ├── basesup.c
    │   ├── basesupa.c
    │   ├── circbuf.c
    │   ├── circbuf_i.h
    │   ├── collect.c
    │   ├── colorbox.c
    │   ├── cpysave.c
    │   ├── data.c
    │   ├── dspick.c
    │   ├── emenu.c
    │   ├── error.c
    │   ├── extlv.c
    │   ├── fastlock.c
    │   ├── filepool.c
    │   ├── format.c
    │   ├── format_i.h
    │   ├── global.c
    │   ├── graph.c
    │   ├── guisup.c
    │   ├── handle.c
    │   ├── hexedit.c
    │   ├── hndlinfo.c
    │   ├── icotobmp.c
    │   ├── include
    │       ├── apiimport.h
    │       ├── circbuf.h
    │       ├── circbuf_h.h
    │       ├── colorbox.h
    │       ├── cpysave.h
    │       ├── dltmgr.h
    │       ├── dspick.h
    │       ├── emenu.h
    │       ├── fastlock.h
    │       ├── filepool.h
    │       ├── filepoolp.h
    │       ├── graph.h
    │       ├── guisupp.h
    │       ├── handlep.h
    │       ├── hexedit.h
    │       ├── hexeditp.h
    │       ├── iosupp.h
    │       ├── kphapi.h
    │       ├── kphuser.h
    │       ├── md5.h
    │       ├── ntbasic.h
    │       ├── ntcm.h
    │       ├── ntdbg.h
    │       ├── ntexapi.h
    │       ├── ntgdi.h
    │       ├── ntioapi.h
    │       ├── ntkeapi.h
    │       ├── ntldr.h
    │       ├── ntlpcapi.h
    │       ├── ntlsa.h
    │       ├── ntmisc.h
    │       ├── ntmmapi.h
    │       ├── ntnls.h
    │       ├── ntobapi.h
    │       ├── ntpebteb.h
    │       ├── ntpfapi.h
    │       ├── ntpnpapi.h
    │       ├── ntpoapi.h
    │       ├── ntpsapi.h
    │       ├── ntregapi.h
    │       ├── ntrtl.h
    │       ├── ntsam.h
    │       ├── ntseapi.h
    │       ├── nttmapi.h
    │       ├── nttp.h
    │       ├── ntwin.h
    │       ├── ntwow64.h
    │       ├── ntxcapi.h
    │       ├── ntzwapi.h
    │       ├── ph.h
    │       ├── phbase.h
    │       ├── phgui.h
    │       ├── phintrnl.h
    │       ├── phnatinl.h
    │       ├── phnet.h
    │       ├── phnt.h
    │       ├── phsup.h
    │       ├── queuedlock.h
    │       ├── ref.h
    │       ├── refp.h
    │       ├── secedit.h
    │       ├── seceditp.h
    │       ├── sha.h
    │       ├── symprv.h
    │       ├── symprvp.h
    │       ├── templ.h
    │       ├── treenew.h
    │       ├── treenewp.h
    │       ├── verify.h
    │       ├── verifyp.h
    │       ├── winmisc.h
    │       └── winsta.h
    │   ├── iosup.c
    │   ├── kph.c
    │   ├── kphdata.c
    │   ├── lsa.c
    │   ├── mapimg.c
    │   ├── maplib.c
    │   ├── md5.c
    │   ├── native.c
    │   ├── phlib.vcxproj
    │   ├── phlib.vcxproj.filters
    │   ├── provider.c
    │   ├── queuedlock.c
    │   ├── ref.c
    │   ├── secdata.c
    │   ├── secedit.c
    │   ├── sha.c
    │   ├── support.c
    │   ├── svcsup.c
    │   ├── symprv.c
    │   ├── sync.c
    │   ├── treenew.c
    │   ├── verify.c
    │   └── workqueue.c
├── HzrFilter
    ├── Communication.c
    ├── Context.c
    ├── Context.h
    ├── HzrFilter.c
    ├── HzrFilter.h
    ├── HzrFilter.inf
    ├── HzrFilter.rc
    ├── HzrFilter.sln
    ├── HzrFilter.vcxproj
    ├── HzrFilter.vcxproj.filters
    ├── Protect.c
    ├── Protect.h
    ├── Utility.c
    ├── Utility.h
    └── resource.h
├── LICENSE
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
 1 | # User-specific files
 2 | *.suo
 3 | *.user
 4 | 
 5 | # Build results
 6 | *Debug/
 7 | *Release/
 8 | 
 9 | # Visual C++ cache files
10 | *.aps
11 | *.sdf
12 | *.opensdf
13 | 
14 | # phlib
15 | HsCore/phlib/obj/
16 | HsCore/phlib/bin/


--------------------------------------------------------------------------------
/HazardShieldUI/HazardShieldUI.pro:
--------------------------------------------------------------------------------
 1 | #-------------------------------------------------
 2 | #
 3 | # Project created by QtCreator 2015-09-26T22:38:56
 4 | #
 5 | #-------------------------------------------------
 6 | 
 7 | QT       += core gui
 8 | 
 9 | greaterThan(QT_MAJOR_VERSION, 4): QT += widgets
10 | 
11 | TARGET = HazardShieldUI
12 | TEMPLATE = app
13 | 
14 | 
15 | SOURCES += main.cpp\
16 |         mainwindow.cpp
17 | 
18 | HEADERS  += mainwindow.h
19 | 
20 | FORMS    += mainwindow.ui
21 | 


--------------------------------------------------------------------------------
/HazardShieldUI/main.cpp:
--------------------------------------------------------------------------------
 1 | #include "mainwindow.h"
 2 | #include <QApplication>
 3 | 
 4 | int main(int argc, char *argv[])
 5 | {
 6 |     QApplication a(argc, argv);
 7 |     MainWindow w;
 8 |     w.show();
 9 | 
10 |     return a.exec();
11 | }
12 | 


--------------------------------------------------------------------------------
/HazardShieldUI/mainwindow.cpp:
--------------------------------------------------------------------------------
 1 | #include "mainwindow.h"
 2 | #include "ui_mainwindow.h"
 3 | 
 4 | MainWindow::MainWindow(QWidget *parent) :
 5 |     QMainWindow(parent),
 6 |     ui(new Ui::MainWindow)
 7 | {
 8 |     ui->setupUi(this);
 9 |     ui->verticalLayout->setAlignment(Qt::AlignTop);
10 | }
11 | 
12 | MainWindow::~MainWindow()
13 | {
14 |     delete ui;
15 | }
16 | 


--------------------------------------------------------------------------------
/HazardShieldUI/mainwindow.h:
--------------------------------------------------------------------------------
 1 | #ifndef MAINWINDOW_H
 2 | #define MAINWINDOW_H
 3 | 
 4 | #include <QMainWindow>
 5 | 
 6 | namespace Ui {
 7 | class MainWindow;
 8 | }
 9 | 
10 | class MainWindow : public QMainWindow
11 | {
12 |     Q_OBJECT
13 | 
14 | public:
15 |     explicit MainWindow(QWidget *parent = 0);
16 |     ~MainWindow();
17 | 
18 | private:
19 |     Ui::MainWindow *ui;
20 | };
21 | 
22 | #endif // MAINWINDOW_H
23 | 


--------------------------------------------------------------------------------
/HazardShieldUI/mainwindow.ui:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8"?>
  2 | <ui version="4.0">
  3 |  <class>MainWindow</class>
  4 |  <widget class="QMainWindow" name="MainWindow">
  5 |   <property name="geometry">
  6 |    <rect>
  7 |     <x>0</x>
  8 |     <y>0</y>
  9 |     <width>900</width>
 10 |     <height>450</height>
 11 |    </rect>
 12 |   </property>
 13 |   <property name="minimumSize">
 14 |    <size>
 15 |     <width>900</width>
 16 |     <height>450</height>
 17 |    </size>
 18 |   </property>
 19 |   <property name="windowTitle">
 20 |    <string>MainWindow</string>
 21 |   </property>
 22 |   <widget class="QWidget" name="centralWidget">
 23 |    <layout class="QGridLayout" name="gridLayout">
 24 |     <property name="leftMargin">
 25 |      <number>0</number>
 26 |     </property>
 27 |     <property name="topMargin">
 28 |      <number>0</number>
 29 |     </property>
 30 |     <property name="rightMargin">
 31 |      <number>0</number>
 32 |     </property>
 33 |     <property name="bottomMargin">
 34 |      <number>0</number>
 35 |     </property>
 36 |     <property name="spacing">
 37 |      <number>0</number>
 38 |     </property>
 39 |     <item row="0" column="1">
 40 |      <widget class="QStackedWidget" name="stackedWidget">
 41 |       <widget class="QWidget" name="page"/>
 42 |       <widget class="QWidget" name="page_2"/>
 43 |      </widget>
 44 |     </item>
 45 |     <item row="0" column="0">
 46 |      <layout class="QVBoxLayout" name="verticalLayout">
 47 |       <property name="spacing">
 48 |        <number>0</number>
 49 |       </property>
 50 |       <item>
 51 |        <widget class="QPushButton" name="pushButton">
 52 |         <property name="text">
 53 |          <string>Scanner</string>
 54 |         </property>
 55 |         <property name="checkable">
 56 |          <bool>true</bool>
 57 |         </property>
 58 |         <attribute name="buttonGroup">
 59 |          <string notr="true">buttonGroup</string>
 60 |         </attribute>
 61 |        </widget>
 62 |       </item>
 63 |       <item>
 64 |        <widget class="QPushButton" name="pushButton_2">
 65 |         <property name="text">
 66 |          <string>Updates</string>
 67 |         </property>
 68 |         <property name="checkable">
 69 |          <bool>true</bool>
 70 |         </property>
 71 |         <attribute name="buttonGroup">
 72 |          <string notr="true">buttonGroup</string>
 73 |         </attribute>
 74 |        </widget>
 75 |       </item>
 76 |       <item>
 77 |        <widget class="QPushButton" name="pushButton_3">
 78 |         <property name="text">
 79 |          <string>Protection</string>
 80 |         </property>
 81 |         <property name="checkable">
 82 |          <bool>true</bool>
 83 |         </property>
 84 |         <attribute name="buttonGroup">
 85 |          <string notr="true">buttonGroup</string>
 86 |         </attribute>
 87 |        </widget>
 88 |       </item>
 89 |       <item>
 90 |        <widget class="QPushButton" name="pushButton_4">
 91 |         <property name="text">
 92 |          <string>Settings</string>
 93 |         </property>
 94 |         <property name="checkable">
 95 |          <bool>true</bool>
 96 |         </property>
 97 |         <attribute name="buttonGroup">
 98 |          <string notr="true">buttonGroup</string>
 99 |         </attribute>
100 |        </widget>
101 |       </item>
102 |       <item>
103 |        <widget class="QPushButton" name="pushButton_5">
104 |         <property name="text">
105 |          <string>Quarantine</string>
106 |         </property>
107 |         <property name="checkable">
108 |          <bool>true</bool>
109 |         </property>
110 |         <attribute name="buttonGroup">
111 |          <string notr="true">buttonGroup</string>
112 |         </attribute>
113 |        </widget>
114 |       </item>
115 |       <item>
116 |        <widget class="QPushButton" name="pushButton_7">
117 |         <property name="text">
118 |          <string>About</string>
119 |         </property>
120 |         <property name="checkable">
121 |          <bool>true</bool>
122 |         </property>
123 |         <attribute name="buttonGroup">
124 |          <string notr="true">buttonGroup</string>
125 |         </attribute>
126 |        </widget>
127 |       </item>
128 |      </layout>
129 |     </item>
130 |    </layout>
131 |   </widget>
132 |  </widget>
133 |  <layoutdefault spacing="6" margin="11"/>
134 |  <resources/>
135 |  <connections/>
136 |  <buttongroups>
137 |   <buttongroup name="buttonGroup"/>
138 |  </buttongroups>
139 | </ui>
140 | 


--------------------------------------------------------------------------------
/HsCore/HsCore.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 2013
 4 | VisualStudioVersion = 12.0.31101.0
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HsCore", "HsCore\HsCore.vcxproj", "{5E25F565-F8CD-461E-8743-895A3C9243B5}"
 7 | EndProject
 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HsService", "HsService\HsService.vcxproj", "{9393AB8E-ABFD-4783-BF3A-464FD966C465}"
 9 | EndProject
10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "phlib", "phlib\phlib.vcxproj", "{477D0215-F252-41A1-874B-F27E3EA1ED17}"
11 | EndProject
12 | Global
13 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
14 | 		Debug|Win32 = Debug|Win32
15 | 		Debug|x64 = Debug|x64
16 | 		Release|Win32 = Release|Win32
17 | 		Release|x64 = Release|x64
18 | 	EndGlobalSection
19 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | 		{5E25F565-F8CD-461E-8743-895A3C9243B5}.Debug|Win32.ActiveCfg = Debug|Win32
21 | 		{5E25F565-F8CD-461E-8743-895A3C9243B5}.Debug|Win32.Build.0 = Debug|Win32
22 | 		{5E25F565-F8CD-461E-8743-895A3C9243B5}.Debug|x64.ActiveCfg = Debug|x64
23 | 		{5E25F565-F8CD-461E-8743-895A3C9243B5}.Debug|x64.Build.0 = Debug|x64
24 | 		{5E25F565-F8CD-461E-8743-895A3C9243B5}.Release|Win32.ActiveCfg = Release|Win32
25 | 		{5E25F565-F8CD-461E-8743-895A3C9243B5}.Release|Win32.Build.0 = Release|Win32
26 | 		{5E25F565-F8CD-461E-8743-895A3C9243B5}.Release|x64.ActiveCfg = Release|x64
27 | 		{5E25F565-F8CD-461E-8743-895A3C9243B5}.Release|x64.Build.0 = Release|x64
28 | 		{9393AB8E-ABFD-4783-BF3A-464FD966C465}.Debug|Win32.ActiveCfg = Debug|Win32
29 | 		{9393AB8E-ABFD-4783-BF3A-464FD966C465}.Debug|Win32.Build.0 = Debug|Win32
30 | 		{9393AB8E-ABFD-4783-BF3A-464FD966C465}.Debug|x64.ActiveCfg = Debug|x64
31 | 		{9393AB8E-ABFD-4783-BF3A-464FD966C465}.Debug|x64.Build.0 = Debug|x64
32 | 		{9393AB8E-ABFD-4783-BF3A-464FD966C465}.Release|Win32.ActiveCfg = Release|Win32
33 | 		{9393AB8E-ABFD-4783-BF3A-464FD966C465}.Release|Win32.Build.0 = Release|Win32
34 | 		{9393AB8E-ABFD-4783-BF3A-464FD966C465}.Release|x64.ActiveCfg = Release|x64
35 | 		{9393AB8E-ABFD-4783-BF3A-464FD966C465}.Release|x64.Build.0 = Release|x64
36 | 		{477D0215-F252-41A1-874B-F27E3EA1ED17}.Debug|Win32.ActiveCfg = Debug|Win32
37 | 		{477D0215-F252-41A1-874B-F27E3EA1ED17}.Debug|Win32.Build.0 = Debug|Win32
38 | 		{477D0215-F252-41A1-874B-F27E3EA1ED17}.Debug|x64.ActiveCfg = Debug|x64
39 | 		{477D0215-F252-41A1-874B-F27E3EA1ED17}.Debug|x64.Build.0 = Debug|x64
40 | 		{477D0215-F252-41A1-874B-F27E3EA1ED17}.Release|Win32.ActiveCfg = Release|Win32
41 | 		{477D0215-F252-41A1-874B-F27E3EA1ED17}.Release|Win32.Build.0 = Release|Win32
42 | 		{477D0215-F252-41A1-874B-F27E3EA1ED17}.Release|x64.ActiveCfg = Release|x64
43 | 		{477D0215-F252-41A1-874B-F27E3EA1ED17}.Release|x64.Build.0 = Release|x64
44 | 	EndGlobalSection
45 | 	GlobalSection(SolutionProperties) = preSolution
46 | 		HideSolutionNode = FALSE
47 | 	EndGlobalSection
48 | EndGlobal
49 | 


--------------------------------------------------------------------------------
/HsCore/HsCore/Exports.def:
--------------------------------------------------------------------------------
1 | LIBRARY
2 | 
3 | EXPORTS HsInit
4 | EXPORTS HsCreateScanner
5 | EXPORTS HsDeleteScanner
6 | EXPORTS HsLoadClamAvDatabase
7 | EXPORTS HsCompileClamAvDatabase
8 | EXPORTS HsScanBuffer


--------------------------------------------------------------------------------
/HsCore/HsCore/HsCore.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xqrzd/HazardShield/009ceecdbdad464c8654598c1ba2e9ae737951a3/HsCore/HsCore/HsCore.rc


--------------------------------------------------------------------------------
/HsCore/HsCore/HsCore.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Resource Files">
 5 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
 6 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="NTFS">
 9 |       <UniqueIdentifier>{2b9f8a3a-e309-483f-b7fc-c2db5fc14847}</UniqueIdentifier>
10 |     </Filter>
11 |     <Filter Include="Scanner">
12 |       <UniqueIdentifier>{82e5a463-da7e-46ad-99ef-bf3f7e0f8d7a}</UniqueIdentifier>
13 |     </Filter>
14 |     <Filter Include="ClamAV">
15 |       <UniqueIdentifier>{4c5db6c7-cdae-4cbd-811f-ba868cf4159e}</UniqueIdentifier>
16 |     </Filter>
17 |   </ItemGroup>
18 |   <ItemGroup>
19 |     <ClInclude Include="Ntfs.h">
20 |       <Filter>NTFS</Filter>
21 |     </ClInclude>
22 |     <ClInclude Include="resource.h" />
23 |     <ClInclude Include="Scanner.h">
24 |       <Filter>Scanner</Filter>
25 |     </ClInclude>
26 |     <ClInclude Include="clamav.h">
27 |       <Filter>ClamAV</Filter>
28 |     </ClInclude>
29 |     <ClInclude Include="ossl_typ.h">
30 |       <Filter>ClamAV</Filter>
31 |     </ClInclude>
32 |   </ItemGroup>
33 |   <ItemGroup>
34 |     <ClCompile Include="Ntfs.c">
35 |       <Filter>NTFS</Filter>
36 |     </ClCompile>
37 |     <ClCompile Include="Scanner.c">
38 |       <Filter>Scanner</Filter>
39 |     </ClCompile>
40 |   </ItemGroup>
41 |   <ItemGroup>
42 |     <ResourceCompile Include="HsCore.rc">
43 |       <Filter>Resource Files</Filter>
44 |     </ResourceCompile>
45 |   </ItemGroup>
46 |   <ItemGroup>
47 |     <None Include="Exports.def">
48 |       <Filter>Resource Files</Filter>
49 |     </None>
50 |   </ItemGroup>
51 | </Project>


--------------------------------------------------------------------------------
/HsCore/HsCore/Scanner.c:
--------------------------------------------------------------------------------
  1 | /*
  2 | *  Copyright (C) 2015 Orbitech
  3 | *
  4 | *  Authors: xqrzd
  5 | *
  6 | *  This program is free software; you can redistribute it and/or modify
  7 | *  it under the terms of the GNU General Public License version 2 as
  8 | *  published by the Free Software Foundation.
  9 | *
 10 | *  This program is distributed in the hope that it will be useful,
 11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 13 | *  GNU General Public License for more details.
 14 | *
 15 | *  You should have received a copy of the GNU General Public License
 16 | *  along with this program; if not, write to the Free Software
 17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 18 | *  MA 02110-1301, USA.
 19 | */
 20 | 
 21 | #include "Scanner.h"
 22 | 
 23 | BOOLEAN HsInit()
 24 | {
 25 | 	if (cl_init(CL_INIT_DEFAULT) != CL_SUCCESS)
 26 | 		return FALSE;
 27 | 
 28 | 	return NT_SUCCESS(PhInitializePhLib());
 29 | }
 30 | 
 31 | BOOLEAN HsCreateScanner(
 32 | 	_Out_ PHS_SCANNER* Scanner)
 33 | {
 34 | 	PHS_SCANNER scanner = PhAllocate(sizeof(HS_SCANNER));
 35 | 
 36 | 	scanner->ClamAvEngine = cl_engine_new();
 37 | 
 38 | 	if (scanner->ClamAvEngine)
 39 | 	{
 40 | 		scanner->Signatures = 0;
 41 | 		*Scanner = scanner;
 42 | 
 43 | 		return TRUE;
 44 | 	}
 45 | 
 46 | 	PhFree(scanner);
 47 | 
 48 | 	return FALSE;
 49 | }
 50 | 
 51 | VOID HsDeleteScanner(
 52 | 	_In_ PHS_SCANNER Scanner)
 53 | {
 54 | 	cl_engine_free(Scanner->ClamAvEngine);
 55 | 	PhFree(Scanner);
 56 | }
 57 | 
 58 | cl_error_t HsLoadClamAvDatabase(
 59 | 	_In_ PHS_SCANNER Scanner,
 60 | 	_In_ PSTR Path,
 61 | 	_In_ ULONG DatabaseOptions)
 62 | {
 63 | 	return cl_load(
 64 | 		Path,
 65 | 		Scanner->ClamAvEngine,
 66 | 		&Scanner->Signatures,
 67 | 		DatabaseOptions);
 68 | }
 69 | 
 70 | cl_error_t HsCompileClamAvDatabase(
 71 | 	_In_ PHS_SCANNER Scanner)
 72 | {
 73 | 	return cl_engine_compile(Scanner->ClamAvEngine);
 74 | }
 75 | 
 76 | cl_error_t HsScanBuffer(
 77 | 	_In_ PHS_SCANNER Scanner,
 78 | 	_In_ PVOID Buffer,
 79 | 	_In_ SIZE_T Length,
 80 | 	_In_ ULONG ScanOptions,
 81 | 	_Out_ PPH_BYTES* VirusName)
 82 | {
 83 | 	cl_error_t result;
 84 | 	struct cl_fmap* map;
 85 | 	char* virusName;
 86 | 
 87 | 	map = cl_fmap_open_memory(Buffer, Length);
 88 | 
 89 | 	if (map)
 90 | 	{
 91 | 		result = cl_scanmap_callback(
 92 | 			map,
 93 | 			&virusName,
 94 | 			NULL,
 95 | 			Scanner->ClamAvEngine,
 96 | 			ScanOptions,
 97 | 			NULL);
 98 | 
 99 | 		cl_fmap_close(map);
100 | 
101 | 		if (result == CL_VIRUS)
102 | 			*VirusName = PhCreateBytes(virusName);
103 | 	}
104 | 	else
105 | 		result = CL_EMAP;
106 | 
107 | 	return result;
108 | }


--------------------------------------------------------------------------------
/HsCore/HsCore/Scanner.h:
--------------------------------------------------------------------------------
 1 | /*
 2 | *  Copyright (C) 2015 Orbitech
 3 | *
 4 | *  Authors: xqrzd
 5 | *
 6 | *  This program is free software; you can redistribute it and/or modify
 7 | *  it under the terms of the GNU General Public License version 2 as
 8 | *  published by the Free Software Foundation.
 9 | *
10 | *  This program is distributed in the hope that it will be useful,
11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 | *  GNU General Public License for more details.
14 | *
15 | *  You should have received a copy of the GNU General Public License
16 | *  along with this program; if not, write to the Free Software
17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 | *  MA 02110-1301, USA.
19 | */
20 | 
21 | #pragma once
22 | 
23 | #include "ph.h"
24 | #include "clamav.h"
25 | 
26 | typedef struct _HS_SCANNER {
27 | 	struct cl_engine* ClamAvEngine;
28 | 	ULONG Signatures;
29 | } HS_SCANNER, *PHS_SCANNER;
30 | 
31 | BOOLEAN HsInit(
32 | 	);
33 | 
34 | BOOLEAN HsCreateScanner(
35 | 	_Out_ PHS_SCANNER* Scanner
36 | 	);
37 | 
38 | VOID HsDeleteScanner(
39 | 	_In_ PHS_SCANNER Scanner
40 | 	);
41 | 
42 | cl_error_t HsLoadClamAvDatabase(
43 | 	_In_ PHS_SCANNER Scanner,
44 | 	_In_ PSTR Path,
45 | 	_In_ ULONG DatabaseOptions
46 | 	);
47 | 
48 | cl_error_t HsCompileClamAvDatabase(
49 | 	_In_ PHS_SCANNER Scanner
50 | 	);
51 | 
52 | cl_error_t HsScanBuffer(
53 | 	_In_ PHS_SCANNER Scanner,
54 | 	_In_ PVOID Buffer,
55 | 	_In_ SIZE_T Length,
56 | 	_In_ ULONG ScanOptions,
57 | 	_Out_ PPH_BYTES* VirusName
58 | 	);


--------------------------------------------------------------------------------
/HsCore/HsCore/lib32/libclamav.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xqrzd/HazardShield/009ceecdbdad464c8654598c1ba2e9ae737951a3/HsCore/HsCore/lib32/libclamav.lib


--------------------------------------------------------------------------------
/HsCore/HsCore/lib64/libclamav.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xqrzd/HazardShield/009ceecdbdad464c8654598c1ba2e9ae737951a3/HsCore/HsCore/lib64/libclamav.lib


--------------------------------------------------------------------------------
/HsCore/HsCore/resource.h:
--------------------------------------------------------------------------------
 1 | //{{NO_DEPENDENCIES}}
 2 | // Microsoft Visual C++ generated include file.
 3 | // Used by HsCore.rc
 4 | 
 5 | // Next default values for new objects
 6 | // 
 7 | #ifdef APSTUDIO_INVOKED
 8 | #ifndef APSTUDIO_READONLY_SYMBOLS
 9 | #define _APS_NEXT_RESOURCE_VALUE        101
10 | #define _APS_NEXT_COMMAND_VALUE         40001
11 | #define _APS_NEXT_CONTROL_VALUE         1001
12 | #define _APS_NEXT_SYMED_VALUE           101
13 | #endif
14 | #endif
15 | 


--------------------------------------------------------------------------------
/HsCore/HsService/HsService.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xqrzd/HazardShield/009ceecdbdad464c8654598c1ba2e9ae737951a3/HsCore/HsService/HsService.rc


--------------------------------------------------------------------------------
/HsCore/HsService/HsService.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Resource Files">
 5 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
 6 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Driver">
 9 |       <UniqueIdentifier>{b856b754-7092-4c57-bd0d-2fab47fb60ea}</UniqueIdentifier>
10 |     </Filter>
11 |     <Filter Include="Utility">
12 |       <UniqueIdentifier>{4fe49c1d-34e0-40e8-a439-0c75653588c6}</UniqueIdentifier>
13 |     </Filter>
14 |   </ItemGroup>
15 |   <ItemGroup>
16 |     <ClCompile Include="main.c" />
17 |     <ClCompile Include="KhsUser.c">
18 |       <Filter>Driver</Filter>
19 |     </ClCompile>
20 |     <ClCompile Include="Service.c" />
21 |     <ClCompile Include="Utility.c">
22 |       <Filter>Utility</Filter>
23 |     </ClCompile>
24 |   </ItemGroup>
25 |   <ItemGroup>
26 |     <ClInclude Include="KhsUser.h">
27 |       <Filter>Driver</Filter>
28 |     </ClInclude>
29 |     <ClInclude Include="KhspUser.h">
30 |       <Filter>Driver</Filter>
31 |     </ClInclude>
32 |     <ClInclude Include="resource.h" />
33 |     <ClInclude Include="Service.h" />
34 |     <ClInclude Include="Utility.h">
35 |       <Filter>Utility</Filter>
36 |     </ClInclude>
37 |   </ItemGroup>
38 |   <ItemGroup>
39 |     <ResourceCompile Include="HsService.rc">
40 |       <Filter>Resource Files</Filter>
41 |     </ResourceCompile>
42 |   </ItemGroup>
43 | </Project>


--------------------------------------------------------------------------------
/HsCore/HsService/KhsUser.h:
--------------------------------------------------------------------------------
 1 | /*
 2 | *  Copyright (C) 2015 Orbitech
 3 | *
 4 | *  Authors: xqrzd
 5 | *
 6 | *  This program is free software; you can redistribute it and/or modify
 7 | *  it under the terms of the GNU General Public License version 2 as
 8 | *  published by the Free Software Foundation.
 9 | *
10 | *  This program is distributed in the hope that it will be useful,
11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 | *  GNU General Public License for more details.
14 | *
15 | *  You should have received a copy of the GNU General Public License
16 | *  along with this program; if not, write to the Free Software
17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 | *  MA 02110-1301, USA.
19 | */
20 | 
21 | #pragma once
22 | 
23 | #include "ph.h"
24 | 
25 | #define KHS_PORT_NAME L"\\HzrFilterPort"
26 | 
27 | typedef struct _HS_FILE_INFO {
28 | 	LONGLONG ScanId;
29 | 	PPH_STRING FileName;
30 | } HS_FILE_INFO, *PHS_FILE_INFO;
31 | 
32 | typedef struct _HS_FILE_DATA {
33 | 	HANDLE SectionHandle;
34 | 	PVOID BaseAddress;
35 | 	SIZE_T Size;
36 | } HS_FILE_DATA, *PHS_FILE_DATA;
37 | 
38 | // This response is the lack of any other flags.
39 | // It cannot be combined with any other flags.
40 | #define HS_RESPONSE_FLAG_CLEAN 0x0
41 | #define HS_RESPONSE_FLAG_INFECTED 0x1
42 | #define HS_RESPONSE_FLAG_DELETE 0x2
43 | 
44 | typedef UCHAR(NTAPI *PHS_SCAN_FILE_ROUTINE)(
45 | 	_In_ LONGLONG ScanId,
46 | 	_In_ PPH_STRING FileName
47 | 	);
48 | 
49 | HRESULT KhsConnect(
50 | 	_In_ LPCWSTR PortName
51 | 	);
52 | 
53 | NTSTATUS KhsStartFiltering(
54 | 	_In_ DWORD NumberOfScanThreads,
55 | 	_In_ PHS_SCAN_FILE_ROUTINE FileScanRoutine
56 | 	);
57 | 
58 | VOID KhsDisconnect(
59 | 	);
60 | 
61 | NTSTATUS KhsReadFile(
62 | 	_In_ LONGLONG ScanId,
63 | 	_Out_ PHS_FILE_DATA FileData
64 | 	);
65 | 
66 | VOID KhsCloseFile(
67 | 	_In_ PHS_FILE_DATA FileData
68 | 	);


--------------------------------------------------------------------------------
/HsCore/HsService/KhspUser.h:
--------------------------------------------------------------------------------
 1 | /*
 2 | *  Copyright (C) 2015 Orbitech
 3 | *
 4 | *  Authors: xqrzd
 5 | *
 6 | *  This program is free software; you can redistribute it and/or modify
 7 | *  it under the terms of the GNU General Public License version 2 as
 8 | *  published by the Free Software Foundation.
 9 | *
10 | *  This program is distributed in the hope that it will be useful,
11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 | *  GNU General Public License for more details.
14 | *
15 | *  You should have received a copy of the GNU General Public License
16 | *  along with this program; if not, write to the Free Software
17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 | *  MA 02110-1301, USA.
19 | */
20 | 
21 | #pragma once
22 | 
23 | typedef enum _HS_SCAN_REASON {
24 | 	HsScanOnPeOpen
25 | } HS_SCAN_REASON;
26 | 
27 | typedef struct _HS_SCANNER_NOTIFICATION {
28 | 	HS_SCAN_REASON ScanReason;
29 | 	USHORT FileNameLength;
30 | 	LONGLONG ScanId;
31 | } HS_SCANNER_NOTIFICATION, *PHS_SCANNER_NOTIFICATION;
32 | 
33 | typedef struct _HS_DRIVER_NOTIFICATION {
34 | 	FILTER_MESSAGE_HEADER MessageHeader;
35 | 	HS_SCANNER_NOTIFICATION Notification;
36 | 	OVERLAPPED Overlapped;
37 | } HS_DRIVER_NOTIFICATION, *PHS_DRIVER_NOTIFICATION;
38 | 
39 | typedef enum _HS_COMMAND {
40 | 	HsCmdCreateSectionForDataScan,
41 | 	HsCmdQueryFileName
42 | } HS_COMMAND;
43 | 
44 | typedef struct _HS_SERVICE_RESPONSE {
45 | 	FILTER_REPLY_HEADER ReplyHeader;
46 | 	BOOLEAN Flags;
47 | } HS_SERVICE_RESPONSE, *PHS_SERVICE_RESPONSE;
48 | 
49 | NTSTATUS NTAPI KhspUserScanWorker(
50 | 	_In_ PVOID Parameter
51 | 	);
52 | 
53 | NTSTATUS KhspHandleScanMessage(
54 | 	_In_ PHS_SCANNER_NOTIFICATION Notification,
55 | 	_Out_ PUCHAR ResponseFlags
56 | 	);
57 | 
58 | NTSTATUS KhspHandleScanPeOpen(
59 | 	_In_ LONGLONG ScanId,
60 | 	_In_ USHORT FileNameLength,
61 | 	_Out_ PUCHAR ResponseFlags
62 | 	);
63 | 
64 | HRESULT KhspFilterReplyMessage(
65 | 	_In_ PFILTER_MESSAGE_HEADER MessageHeader,
66 | 	_In_ BOOLEAN Flags
67 | 	);
68 | 
69 | HRESULT KhspCreateSectionForDataScan(
70 | 	_In_ LONGLONG ScanId,
71 | 	_Out_ PHANDLE SectionHandle
72 | 	);
73 | 
74 | PPH_STRING KhspQueryFileName(
75 | 	_In_ LONGLONG ScanId,
76 | 	_In_ USHORT FileNameLength
77 | 	);


--------------------------------------------------------------------------------
/HsCore/HsService/Service.c:
--------------------------------------------------------------------------------
  1 | /*
  2 | *  Copyright (C) 2015 Orbitech
  3 | *
  4 | *  Authors: xqrzd
  5 | *
  6 | *  This program is free software; you can redistribute it and/or modify
  7 | *  it under the terms of the GNU General Public License version 2 as
  8 | *  published by the Free Software Foundation.
  9 | *
 10 | *  This program is distributed in the hope that it will be useful,
 11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 13 | *  GNU General Public License for more details.
 14 | *
 15 | *  You should have received a copy of the GNU General Public License
 16 | *  along with this program; if not, write to the Free Software
 17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 18 | *  MA 02110-1301, USA.
 19 | */
 20 | 
 21 | #include "Service.h"
 22 | #include "KhsUser.h"
 23 | #include "Scanner.h"
 24 | #include "Utility.h"
 25 | #include <Sfc.h>
 26 | 
 27 | PPH_BYTES HspGetClamAvDatabaseDirectory(
 28 | 	);
 29 | 
 30 | struct {
 31 | 	SERVICE_STATUS ServiceStatus;
 32 | 	SERVICE_STATUS_HANDLE ServiceStatusHandle;
 33 | 	PH_QUEUED_LOCK ScannerLock;
 34 | 	PHS_SCANNER Scanner;
 35 | } ServiceData;
 36 | 
 37 | UCHAR ScanRoutine(
 38 | 	_In_ LONGLONG ScanId,
 39 | 	_In_ PPH_STRING FileName)
 40 | {
 41 | 	HS_FILE_DATA fileData;
 42 | 	cl_error_t result;
 43 | 	PPH_BYTES virusName;
 44 | 
 45 | 	// Skip scanning files protected by Windows.
 46 | 
 47 | 	if (SfcIsFileProtected(NULL, FileName->Buffer))
 48 | 	{
 49 | 		return HS_RESPONSE_FLAG_CLEAN;
 50 | 	}
 51 | 
 52 | 	if (!NT_SUCCESS(KhsReadFile(ScanId, &fileData)))
 53 | 	{
 54 | 		wprintf(L"KhsReadFile failed for %s\n", FileName->Buffer);
 55 | 
 56 | 		return HS_RESPONSE_FLAG_CLEAN;
 57 | 	}
 58 | 
 59 | 	wprintf(L"Scanning %s\n", FileName->Buffer);
 60 | 
 61 | 	// Acquire scanner lock in shared access. This is done
 62 | 	// so the database can be updated without having to
 63 | 	// stop filtering.
 64 | 
 65 | 	PhAcquireQueuedLockShared(&ServiceData.ScannerLock);
 66 | 
 67 | 	result = HsScanBuffer(
 68 | 		ServiceData.Scanner,
 69 | 		fileData.BaseAddress,
 70 | 		fileData.Size,
 71 | 		CL_SCAN_STDOPT,
 72 | 		&virusName);
 73 | 
 74 | 	PhReleaseQueuedLockShared(&ServiceData.ScannerLock);
 75 | 
 76 | 	KhsCloseFile(&fileData);
 77 | 
 78 | 	if (result == CL_VIRUS)
 79 | 	{
 80 | 		printf("Found virus: %s\n", virusName->Buffer);
 81 | 
 82 | 		PhDereferenceObject(virusName);
 83 | 
 84 | 		return HS_RESPONSE_FLAG_INFECTED;
 85 | 	}
 86 | 
 87 | 	return HS_RESPONSE_FLAG_CLEAN;
 88 | }
 89 | 
 90 | cl_error_t HspLoadClamAV()
 91 | {
 92 | 	cl_error_t result;
 93 | 	PPH_BYTES databaseDirectory;
 94 | 
 95 | 	if (!HsCreateScanner(&ServiceData.Scanner))
 96 | 		return CL_EMEM;
 97 | 
 98 | 	if (!(databaseDirectory = HspGetClamAvDatabaseDirectory()))
 99 | 		return CL_EMEM;
100 | 
101 | 	result = HsLoadClamAvDatabase(
102 | 		ServiceData.Scanner,
103 | 		databaseDirectory->Buffer,
104 | 		CL_DB_BYTECODE);
105 | 
106 | 	if (result == CL_SUCCESS)
107 | 	{
108 | 		result = HsCompileClamAvDatabase(ServiceData.Scanner);
109 | 	}
110 | 	else
111 | 		printf("HsLoadClamAvDatabase failed %d\n", result);
112 | 
113 | 	PhDereferenceObject(databaseDirectory);
114 | 
115 | 	return result;
116 | }
117 | 
118 | VOID HspServiceInit()
119 | {
120 | 	HRESULT result = KhsConnect(KHS_PORT_NAME);
121 | 
122 | 	if (SUCCEEDED(result))
123 | 	{
124 | 		HsInit();
125 | 		HspLoadClamAV();
126 | 
127 | 		printf("Sigs loaded: %u\n", ServiceData.Scanner->Signatures);
128 | 
129 | 		PhInitializeQueuedLock(&ServiceData.ScannerLock);
130 | 
131 | 		// Finished service initialization. Start listening
132 | 		// for messages from the driver.
133 | 
134 | 		KhsStartFiltering(HsGetProcessorCount(), ScanRoutine);
135 | 	}
136 | 	else
137 | 		printf("KhsConnect failed %X\n", result);
138 | }
139 | 
140 | VOID HspServiceCleanup()
141 | {
142 | 	KhsDisconnect();
143 | 
144 | 	HsDeleteScanner(ServiceData.Scanner);
145 | }
146 | 
147 | PPH_BYTES HspGetClamAvDatabaseDirectory()
148 | {
149 | 	static PH_STRINGREF path = PH_STRINGREF_INIT(CLAMAV_DATABASE_PATH);
150 | 
151 | 	PPH_STRING expandedPathUnicode;
152 | 	PPH_BYTES expandedPathUtf8 = NULL;
153 | 
154 | 	expandedPathUnicode = PhExpandEnvironmentStrings(&path);
155 | 
156 | 	if (expandedPathUnicode)
157 | 	{
158 | 		// cl_load expects UTF-8 format.
159 | 		expandedPathUtf8 = PhConvertUtf16ToUtf8(expandedPathUnicode->Buffer);
160 | 
161 | 		PhDereferenceObject(expandedPathUnicode);
162 | 	}
163 | 
164 | 	return expandedPathUtf8;
165 | }
166 | 
167 | VOID WINAPI HsServiceMain(
168 | 	_In_ DWORD dwArgc,
169 | 	_In_ LPTSTR *lpszArgv)
170 | {
171 | 	ServiceData.ServiceStatusHandle = RegisterServiceCtrlHandlerExW(
172 | 		HS_SERVICE_NAME,
173 | 		HsServiceHandlerEx,
174 | 		NULL);
175 | 
176 | 	ServiceData.ServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
177 | 	ServiceData.ServiceStatus.dwCurrentState = SERVICE_START_PENDING;
178 | 	ServiceData.ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
179 | 	SetServiceStatus(ServiceData.ServiceStatusHandle, &ServiceData.ServiceStatus);
180 | 
181 | 	HspServiceInit();
182 | 
183 | 	ServiceData.ServiceStatus.dwCurrentState = SERVICE_RUNNING;
184 | 	SetServiceStatus(ServiceData.ServiceStatusHandle, &ServiceData.ServiceStatus);
185 | }
186 | 
187 | DWORD WINAPI HsServiceHandlerEx(
188 | 	_In_ DWORD dwControl,
189 | 	_In_ DWORD dwEventType,
190 | 	_In_ LPVOID lpEventData,
191 | 	_In_ LPVOID lpContext)
192 | {
193 | 	switch (dwControl)
194 | 	{
195 | 	case SERVICE_CONTROL_STOP:
196 | 	{
197 | 		ServiceData.ServiceStatus.dwCurrentState = SERVICE_STOP_PENDING;
198 | 		SetServiceStatus(ServiceData.ServiceStatusHandle, &ServiceData.ServiceStatus);
199 | 
200 | 		HspServiceCleanup();
201 | 
202 | 		ServiceData.ServiceStatus.dwCurrentState = SERVICE_STOPPED;
203 | 		SetServiceStatus(ServiceData.ServiceStatusHandle, &ServiceData.ServiceStatus);
204 | 
205 | 		return NO_ERROR;
206 | 	}
207 | 
208 | 	case SERVICE_CONTROL_INTERROGATE:
209 | 		return NO_ERROR;
210 | 	}
211 | 
212 | 	return ERROR_CALL_NOT_IMPLEMENTED;
213 | }
214 | 
215 | //void __cdecl main()
216 | //{
217 | //	HspServiceInit();
218 | //	getchar();
219 | //}


--------------------------------------------------------------------------------
/HsCore/HsService/Service.h:
--------------------------------------------------------------------------------
 1 | /*
 2 | *  Copyright (C) 2015 Orbitech
 3 | *
 4 | *  Authors: xqrzd
 5 | *
 6 | *  This program is free software; you can redistribute it and/or modify
 7 | *  it under the terms of the GNU General Public License version 2 as
 8 | *  published by the Free Software Foundation.
 9 | *
10 | *  This program is distributed in the hope that it will be useful,
11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 | *  GNU General Public License for more details.
14 | *
15 | *  You should have received a copy of the GNU General Public License
16 | *  along with this program; if not, write to the Free Software
17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 | *  MA 02110-1301, USA.
19 | */
20 | 
21 | #pragma once
22 | 
23 | #include "ph.h"
24 | 
25 | #define HS_SERVICE_NAME L"HsService"
26 | 
27 | #define CLAMAV_DATABASE_PATH L"%AllUsersProfile%\\Hazard Shield"
28 | 
29 | VOID WINAPI HsServiceMain(
30 | 	_In_ DWORD dwArgc,
31 | 	_In_ LPTSTR *lpszArgv
32 | 	);
33 | 
34 | DWORD WINAPI HsServiceHandlerEx(
35 | 	_In_ DWORD dwControl,
36 | 	_In_ DWORD dwEventType,
37 | 	_In_ LPVOID lpEventData,
38 | 	_In_ LPVOID lpContext
39 | 	);


--------------------------------------------------------------------------------
/HsCore/HsService/Utility.c:
--------------------------------------------------------------------------------
 1 | /*
 2 | *  Copyright (C) 2015 Orbitech
 3 | *
 4 | *  Authors: xqrzd
 5 | *
 6 | *  This program is free software; you can redistribute it and/or modify
 7 | *  it under the terms of the GNU General Public License version 2 as
 8 | *  published by the Free Software Foundation.
 9 | *
10 | *  This program is distributed in the hope that it will be useful,
11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 | *  GNU General Public License for more details.
14 | *
15 | *  You should have received a copy of the GNU General Public License
16 | *  along with this program; if not, write to the Free Software
17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 | *  MA 02110-1301, USA.
19 | */
20 | 
21 | #include "Utility.h"
22 | 
23 | DWORD HsGetProcessorCount()
24 | {
25 | 	SYSTEM_INFO systemInfo;
26 | 
27 | 	GetSystemInfo(&systemInfo);
28 | 
29 | 	return systemInfo.dwNumberOfProcessors;
30 | }


--------------------------------------------------------------------------------
/HsCore/HsService/Utility.h:
--------------------------------------------------------------------------------
 1 | /*
 2 | *  Copyright (C) 2015 Orbitech
 3 | *
 4 | *  Authors: xqrzd
 5 | *
 6 | *  This program is free software; you can redistribute it and/or modify
 7 | *  it under the terms of the GNU General Public License version 2 as
 8 | *  published by the Free Software Foundation.
 9 | *
10 | *  This program is distributed in the hope that it will be useful,
11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 | *  GNU General Public License for more details.
14 | *
15 | *  You should have received a copy of the GNU General Public License
16 | *  along with this program; if not, write to the Free Software
17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 | *  MA 02110-1301, USA.
19 | */
20 | 
21 | #pragma once
22 | 
23 | #include "ph.h"
24 | 
25 | DWORD HsGetProcessorCount(
26 | 	);


--------------------------------------------------------------------------------
/HsCore/HsService/main.c:
--------------------------------------------------------------------------------
 1 | /*
 2 | *  Copyright (C) 2015 Orbitech
 3 | *
 4 | *  Authors: xqrzd
 5 | *
 6 | *  This program is free software; you can redistribute it and/or modify
 7 | *  it under the terms of the GNU General Public License version 2 as
 8 | *  published by the Free Software Foundation.
 9 | *
10 | *  This program is distributed in the hope that it will be useful,
11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 | *  GNU General Public License for more details.
14 | *
15 | *  You should have received a copy of the GNU General Public License
16 | *  along with this program; if not, write to the Free Software
17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 | *  MA 02110-1301, USA.
19 | */
20 | 
21 | #include "Service.h"
22 | 
23 | int __cdecl main()
24 | {
25 | 	SERVICE_TABLE_ENTRY serviceEntry[] =
26 | 	{
27 | 		{ HS_SERVICE_NAME, HsServiceMain },
28 | 		{ NULL, NULL }
29 | 	};
30 | 
31 | 	if (!StartServiceCtrlDispatcherW(serviceEntry))
32 | 		return GetLastError();
33 | 
34 | 	return 0;
35 | }


--------------------------------------------------------------------------------
/HsCore/HsService/resource.h:
--------------------------------------------------------------------------------
 1 | //{{NO_DEPENDENCIES}}
 2 | // Microsoft Visual C++ generated include file.
 3 | // Used by HsService.rc
 4 | 
 5 | // Next default values for new objects
 6 | // 
 7 | #ifdef APSTUDIO_INVOKED
 8 | #ifndef APSTUDIO_READONLY_SYMBOLS
 9 | #define _APS_NEXT_RESOURCE_VALUE        101
10 | #define _APS_NEXT_COMMAND_VALUE         40001
11 | #define _APS_NEXT_CONTROL_VALUE         1001
12 | #define _APS_NEXT_SYMED_VALUE           101
13 | #endif
14 | #endif
15 | 


--------------------------------------------------------------------------------
/HsCore/phlib/apiimport.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Process Hacker -
 3 |  *   procedure import module
 4 |  *
 5 |  * Copyright (C) 2015 wj32
 6 |  *
 7 |  * This file is part of Process Hacker.
 8 |  *
 9 |  * Process Hacker is free software; you can redistribute it and/or modify
10 |  * it under the terms of the GNU General Public License as published by
11 |  * the Free Software Foundation, either version 3 of the License, or
12 |  * (at your option) any later version.
13 |  *
14 |  * Process Hacker is distributed in the hope that it will be useful,
15 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 |  * GNU General Public License for more details.
18 |  *
19 |  * You should have received a copy of the GNU General Public License
20 |  * along with Process Hacker.  If not, see <http://www.gnu.org/licenses/>.
21 |  */
22 | 
23 | #include <ph.h>
24 | #include <apiimport.h>
25 | 
26 | PVOID PhpImportProcedure(
27 |     _Inout_ PVOID *Cache,
28 |     _Inout_ PBOOLEAN CacheValid,
29 |     _In_ PWSTR ModuleName,
30 |     _In_ PSTR ProcedureName
31 |     )
32 | {
33 |     HMODULE module;
34 |     PVOID procedure;
35 | 
36 |     if (*CacheValid)
37 |         return *Cache;
38 | 
39 |     module = GetModuleHandle(ModuleName);
40 | 
41 |     if (!module)
42 |         return NULL;
43 | 
44 |     procedure = GetProcAddress(module, ProcedureName);
45 |     *Cache = procedure;
46 |     MemoryBarrier();
47 |     *CacheValid = TRUE;
48 | 
49 |     return procedure;
50 | }
51 | 
52 | #define PH_DEFINE_IMPORT(Module, Name) \
53 | _##Name Name##_Import(VOID) \
54 | { \
55 |     static PVOID cache = NULL; \
56 |     static BOOLEAN cacheValid = FALSE; \
57 | \
58 |     return (_##Name)PhpImportProcedure(&cache, &cacheValid, Module, #Name); \
59 | }
60 | 
61 | PH_DEFINE_IMPORT(L"ntdll.dll", NtQueryInformationEnlistment);
62 | PH_DEFINE_IMPORT(L"ntdll.dll", NtQueryInformationResourceManager);
63 | PH_DEFINE_IMPORT(L"ntdll.dll", NtQueryInformationTransaction);
64 | PH_DEFINE_IMPORT(L"ntdll.dll", NtQueryInformationTransactionManager);
65 | 


--------------------------------------------------------------------------------
/HsCore/phlib/basesupa.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Process Hacker -
  3 |  *   base support functions (auto-dereference enabled)
  4 |  *
  5 |  * Copyright (C) 2010 wj32
  6 |  *
  7 |  * This file is part of Process Hacker.
  8 |  *
  9 |  * Process Hacker is free software; you can redistribute it and/or modify
 10 |  * it under the terms of the GNU General Public License as published by
 11 |  * the Free Software Foundation, either version 3 of the License, or
 12 |  * (at your option) any later version.
 13 |  *
 14 |  * Process Hacker is distributed in the hope that it will be useful,
 15 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 16 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 17 |  * GNU General Public License for more details.
 18 |  *
 19 |  * You should have received a copy of the GNU General Public License
 20 |  * along with Process Hacker.  If not, see <http://www.gnu.org/licenses/>.
 21 |  */
 22 | 
 23 | #include <phbase.h>
 24 | 
 25 | PPH_STRING PhaCreateString(
 26 |     _In_ PWSTR Buffer
 27 |     )
 28 | {
 29 |     return PhAutoDereferenceObject(PhCreateString(Buffer));
 30 | }
 31 | 
 32 | PPH_STRING PhaCreateStringEx(
 33 |     _In_opt_ PWSTR Buffer,
 34 |     _In_ SIZE_T Length
 35 |     )
 36 | {
 37 |     return PhAutoDereferenceObject(PhCreateStringEx(Buffer, Length));
 38 | }
 39 | 
 40 | PPH_STRING PhaDuplicateString(
 41 |     _In_ PPH_STRING String
 42 |     )
 43 | {
 44 |     return PhAutoDereferenceObject(PhDuplicateString(String));
 45 | }
 46 | 
 47 | PPH_STRING PhaConcatStrings(
 48 |     _In_ ULONG Count,
 49 |     ...
 50 |     )
 51 | {
 52 |     va_list argptr;
 53 | 
 54 |     va_start(argptr, Count);
 55 | 
 56 |     return PhAutoDereferenceObject(PhConcatStrings_V(Count, argptr));
 57 | }
 58 | 
 59 | PPH_STRING PhaConcatStrings2(
 60 |     _In_ PWSTR String1,
 61 |     _In_ PWSTR String2
 62 |     )
 63 | {
 64 |     return PhAutoDereferenceObject(PhConcatStrings2(String1, String2));
 65 | }
 66 | 
 67 | PPH_STRING PhaFormatString(
 68 |     _In_ _Printf_format_string_ PWSTR Format,
 69 |     ...
 70 |     )
 71 | {
 72 |     va_list argptr;
 73 | 
 74 |     va_start(argptr, Format);
 75 | 
 76 |     return PhAutoDereferenceObject(PhFormatString_V(Format, argptr));
 77 | }
 78 | 
 79 | PPH_STRING PhaLowerString(
 80 |     _In_ PPH_STRING String
 81 |     )
 82 | {
 83 |     PPH_STRING newString;
 84 | 
 85 |     newString = PhaDuplicateString(String);
 86 |     PhLowerString(newString);
 87 | 
 88 |     return newString;
 89 | }
 90 | 
 91 | PPH_STRING PhaUpperString(
 92 |     _In_ PPH_STRING String
 93 |     )
 94 | {
 95 |     PPH_STRING newString;
 96 | 
 97 |     newString = PhaDuplicateString(String);
 98 |     PhUpperString(newString);
 99 | 
100 |     return newString;
101 | }
102 | 
103 | PPH_STRING PhaSubstring(
104 |     _In_ PPH_STRING String,
105 |     _In_ SIZE_T StartIndex,
106 |     _In_ SIZE_T Count
107 |     )
108 | {
109 |     return PhAutoDereferenceObject(PhSubstring(String, StartIndex, Count));
110 | }
111 | 


--------------------------------------------------------------------------------
/HsCore/phlib/circbuf.c:
--------------------------------------------------------------------------------
 1 | #include <phbase.h>
 2 | #include <circbuf.h>
 3 | 
 4 | #undef T
 5 | #define T ULONG
 6 | #include "circbuf_i.h"
 7 | 
 8 | #undef T
 9 | #define T ULONG64
10 | #include "circbuf_i.h"
11 | 
12 | #undef T
13 | #define T PVOID
14 | #include "circbuf_i.h"
15 | 
16 | #undef T
17 | #define T SIZE_T
18 | #include "circbuf_i.h"
19 | 
20 | #undef T
21 | #define T FLOAT
22 | #include "circbuf_i.h"
23 | 


--------------------------------------------------------------------------------
/HsCore/phlib/circbuf_i.h:
--------------------------------------------------------------------------------
  1 | #ifdef T
  2 | 
  3 | #include <templ.h>
  4 | 
  5 | VOID T___(PhInitializeCircularBuffer, T)(
  6 |     _Out_ T___(PPH_CIRCULAR_BUFFER, T) Buffer,
  7 |     _In_ ULONG Size
  8 |     )
  9 | {
 10 | #ifdef PH_CIRCULAR_BUFFER_POWER_OF_TWO_SIZE
 11 |     Buffer->Size = PhRoundUpToPowerOfTwo(Size);
 12 |     Buffer->SizeMinusOne = Buffer->Size - 1;
 13 | #else
 14 |     Buffer->Size = Size;
 15 | #endif
 16 | 
 17 |     Buffer->Count = 0;
 18 |     Buffer->Index = 0;
 19 |     Buffer->Data = PhAllocate(sizeof(T) * Buffer->Size);
 20 | }
 21 | 
 22 | VOID T___(PhDeleteCircularBuffer, T)(
 23 |     _Inout_ T___(PPH_CIRCULAR_BUFFER, T) Buffer
 24 |     )
 25 | {
 26 |     PhFree(Buffer->Data);
 27 | }
 28 | 
 29 | VOID T___(PhResizeCircularBuffer, T)(
 30 |     _Inout_ T___(PPH_CIRCULAR_BUFFER, T) Buffer,
 31 |     _In_ ULONG NewSize
 32 |     )
 33 | {
 34 |     T *newData;
 35 |     ULONG tailSize;
 36 |     ULONG headSize;
 37 | 
 38 | #ifdef PH_CIRCULAR_BUFFER_POWER_OF_TWO_SIZE
 39 |     NewSize = PhRoundUpToPowerOfTwo(NewSize);
 40 | #endif
 41 | 
 42 |     // If we're not actually resizing it, return.
 43 |     if (NewSize == Buffer->Size)
 44 |         return;
 45 | 
 46 |     newData = PhAllocate(sizeof(T) * NewSize);
 47 |     tailSize = (ULONG)(Buffer->Size - Buffer->Index);
 48 |     headSize = Buffer->Count - tailSize;
 49 | 
 50 |     if (NewSize > Buffer->Size)
 51 |     {
 52 |         // Copy the tail, then the head.
 53 |         memcpy(newData, &Buffer->Data[Buffer->Index], sizeof(T) * tailSize);
 54 |         memcpy(&newData[tailSize], Buffer->Data, sizeof(T) * headSize);
 55 |         Buffer->Index = 0;
 56 |     }
 57 |     else
 58 |     {
 59 |         if (tailSize >= NewSize)
 60 |         {
 61 |             // Copy only a part of the tail.
 62 |             memcpy(newData, &Buffer->Data[Buffer->Index], sizeof(T) * NewSize);
 63 |             Buffer->Index = 0;
 64 |         }
 65 |         else
 66 |         {
 67 |             // Copy the tail, then only part of the head.
 68 |             memcpy(newData, &Buffer->Data[Buffer->Index], sizeof(T) * tailSize);
 69 |             memcpy(&newData[tailSize], Buffer->Data, sizeof(T) * (NewSize - tailSize));
 70 |             Buffer->Index = 0;
 71 |         }
 72 | 
 73 |         // Since we're making the circular buffer smaller, limit the count.
 74 |         if (Buffer->Count > NewSize)
 75 |             Buffer->Count = NewSize;
 76 |     }
 77 | 
 78 |     Buffer->Data = newData;
 79 |     Buffer->Size = NewSize;
 80 | #ifdef PH_CIRCULAR_BUFFER_POWER_OF_TWO_SIZE
 81 |     Buffer->SizeMinusOne = NewSize - 1;
 82 | #endif
 83 | }
 84 | 
 85 | VOID T___(PhClearCircularBuffer, T)(
 86 |     _Inout_ T___(PPH_CIRCULAR_BUFFER, T) Buffer
 87 |     )
 88 | {
 89 |     Buffer->Count = 0;
 90 |     Buffer->Index = 0;
 91 | }
 92 | 
 93 | VOID T___(PhCopyCircularBuffer, T)(
 94 |     _Inout_ T___(PPH_CIRCULAR_BUFFER, T) Buffer,
 95 |     _Out_writes_(Count) T *Destination,
 96 |     _In_ ULONG Count
 97 |     )
 98 | {
 99 |     ULONG tailSize;
100 |     ULONG headSize;
101 | 
102 |     tailSize = (ULONG)(Buffer->Size - Buffer->Index);
103 |     headSize = Buffer->Count - tailSize;
104 | 
105 |     if (Count > Buffer->Count)
106 |         Count = Buffer->Count;
107 | 
108 |     if (tailSize >= Count)
109 |     {
110 |         // Copy only a part of the tail.
111 |         memcpy(Destination, &Buffer->Data[Buffer->Index], sizeof(T) * Count);
112 |     }
113 |     else
114 |     {
115 |         // Copy the tail, then only part of the head.
116 |         memcpy(Destination, &Buffer->Data[Buffer->Index], sizeof(T) * tailSize);
117 |         memcpy(&Destination[tailSize], Buffer->Data, sizeof(T) * (Count - tailSize));
118 |     }
119 | }
120 | 
121 | #endif
122 | 


--------------------------------------------------------------------------------
/HsCore/phlib/colorbox.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Process Hacker -
  3 |  *   color picker
  4 |  *
  5 |  * Copyright (C) 2010 wj32
  6 |  *
  7 |  * This file is part of Process Hacker.
  8 |  *
  9 |  * Process Hacker is free software; you can redistribute it and/or modify
 10 |  * it under the terms of the GNU General Public License as published by
 11 |  * the Free Software Foundation, either version 3 of the License, or
 12 |  * (at your option) any later version.
 13 |  *
 14 |  * Process Hacker is distributed in the hope that it will be useful,
 15 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 16 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 17 |  * GNU General Public License for more details.
 18 |  *
 19 |  * You should have received a copy of the GNU General Public License
 20 |  * along with Process Hacker.  If not, see <http://www.gnu.org/licenses/>.
 21 |  */
 22 | 
 23 | #include <phgui.h>
 24 | #include <colorbox.h>
 25 | 
 26 | typedef struct _PHP_COLORBOX_CONTEXT
 27 | {
 28 |     COLORREF SelectedColor;
 29 |     BOOLEAN Hot;
 30 |     BOOLEAN HasFocus;
 31 | } PHP_COLORBOX_CONTEXT, *PPHP_COLORBOX_CONTEXT;
 32 | 
 33 | LRESULT CALLBACK PhpColorBoxWndProc(
 34 |     _In_ HWND hwnd,
 35 |     _In_ UINT uMsg,
 36 |     _In_ WPARAM wParam,
 37 |     _In_ LPARAM lParam
 38 |     );
 39 | 
 40 | BOOLEAN PhColorBoxInitialization(
 41 |     VOID
 42 |     )
 43 | {
 44 |     WNDCLASSEX c = { sizeof(c) };
 45 | 
 46 |     c.style = CS_GLOBALCLASS;
 47 |     c.lpfnWndProc = PhpColorBoxWndProc;
 48 |     c.cbClsExtra = 0;
 49 |     c.cbWndExtra = sizeof(PVOID);
 50 |     c.hInstance = PhLibImageBase;
 51 |     c.hIcon = NULL;
 52 |     c.hCursor = LoadCursor(NULL, IDC_ARROW);
 53 |     c.hbrBackground = NULL;
 54 |     c.lpszMenuName = NULL;
 55 |     c.lpszClassName = PH_COLORBOX_CLASSNAME;
 56 |     c.hIconSm = NULL;
 57 | 
 58 |     if (!RegisterClassEx(&c))
 59 |         return FALSE;
 60 | 
 61 |     return TRUE;
 62 | }
 63 | 
 64 | VOID PhpCreateColorBoxContext(
 65 |     _Out_ PPHP_COLORBOX_CONTEXT *Context
 66 |     )
 67 | {
 68 |     PPHP_COLORBOX_CONTEXT context;
 69 | 
 70 |     context = PhAllocate(sizeof(PHP_COLORBOX_CONTEXT));
 71 |     memset(context, 0, sizeof(PHP_COLORBOX_CONTEXT));
 72 |     *Context = context;
 73 | }
 74 | 
 75 | VOID PhpFreeColorBoxContext(
 76 |     _In_ _Post_invalid_ PPHP_COLORBOX_CONTEXT Context
 77 |     )
 78 | {
 79 |     PhFree(Context);
 80 | }
 81 | 
 82 | VOID PhpChooseColor(
 83 |     _In_ HWND hwnd,
 84 |     _In_ PPHP_COLORBOX_CONTEXT Context
 85 |     )
 86 | {
 87 |     CHOOSECOLOR chooseColor = { sizeof(chooseColor) };
 88 |     COLORREF customColors[16] = { 0 };
 89 | 
 90 |     chooseColor.hwndOwner = hwnd;
 91 |     chooseColor.rgbResult = Context->SelectedColor;
 92 |     chooseColor.lpCustColors = customColors;
 93 |     chooseColor.Flags = CC_ANYCOLOR | CC_FULLOPEN | CC_RGBINIT;
 94 | 
 95 |     if (ChooseColor(&chooseColor))
 96 |     {
 97 |         Context->SelectedColor = chooseColor.rgbResult;
 98 |         InvalidateRect(hwnd, NULL, TRUE);
 99 |     }
100 | }
101 | 
102 | LRESULT CALLBACK PhpColorBoxWndProc(
103 |     _In_ HWND hwnd,
104 |     _In_ UINT uMsg,
105 |     _In_ WPARAM wParam,
106 |     _In_ LPARAM lParam
107 |     )
108 | {
109 |     PPHP_COLORBOX_CONTEXT context;
110 | 
111 |     context = (PPHP_COLORBOX_CONTEXT)GetWindowLongPtr(hwnd, 0);
112 | 
113 |     if (uMsg == WM_CREATE)
114 |     {
115 |         PhpCreateColorBoxContext(&context);
116 |         SetWindowLongPtr(hwnd, 0, (LONG_PTR)context);
117 |     }
118 | 
119 |     if (!context)
120 |         return DefWindowProc(hwnd, uMsg, wParam, lParam);
121 | 
122 |     switch (uMsg)
123 |     {
124 |     case WM_CREATE:
125 |         {
126 |             // Nothing
127 |         }
128 |         break;
129 |     case WM_DESTROY:
130 |         {
131 |             PhpFreeColorBoxContext(context);
132 |             SetWindowLongPtr(hwnd, 0, (LONG_PTR)NULL);
133 |         }
134 |         break;
135 |     case WM_PAINT:
136 |         {
137 |             PAINTSTRUCT paintStruct;
138 |             RECT clientRect;
139 |             HDC hdc;
140 | 
141 |             if (hdc = BeginPaint(hwnd, &paintStruct))
142 |             {
143 |                 GetClientRect(hwnd, &clientRect);
144 | 
145 |                 // Border color
146 |                 SetDCPenColor(hdc, RGB(0x44, 0x44, 0x44));
147 | 
148 |                 // Fill color
149 |                 if (!context->Hot && !context->HasFocus)
150 |                     SetDCBrushColor(hdc, context->SelectedColor);
151 |                 else
152 |                     SetDCBrushColor(hdc, PhMakeColorBrighter(context->SelectedColor, 64));
153 | 
154 |                 // Draw the rectangle.
155 |                 SelectObject(hdc, GetStockObject(DC_PEN));
156 |                 SelectObject(hdc, GetStockObject(DC_BRUSH));
157 |                 Rectangle(hdc, clientRect.left, clientRect.top, clientRect.right, clientRect.bottom);
158 | 
159 |                 EndPaint(hwnd, &paintStruct);
160 |             }
161 |         }
162 |         return 0;
163 |     case WM_ERASEBKGND:
164 |         return 1;
165 |     case WM_MOUSEMOVE:
166 |         {
167 |             if (!context->Hot)
168 |             {
169 |                 TRACKMOUSEEVENT trackMouseEvent = { sizeof(trackMouseEvent) };
170 | 
171 |                 context->Hot = TRUE;
172 |                 InvalidateRect(hwnd, NULL, TRUE);
173 | 
174 |                 trackMouseEvent.dwFlags = TME_LEAVE;
175 |                 trackMouseEvent.hwndTrack = hwnd;
176 |                 TrackMouseEvent(&trackMouseEvent);
177 |             }
178 |         }
179 |         break;
180 |     case WM_MOUSELEAVE:
181 |         {
182 |             context->Hot = FALSE;
183 |             InvalidateRect(hwnd, NULL, TRUE);
184 |         }
185 |         break;
186 |     case WM_LBUTTONDOWN:
187 |         {
188 |             PhpChooseColor(hwnd, context);
189 |         }
190 |         break;
191 |     case WM_SETFOCUS:
192 |         {
193 |             context->HasFocus = TRUE;
194 |             InvalidateRect(hwnd, NULL, TRUE);
195 |         }
196 |         return 0;
197 |     case WM_KILLFOCUS:
198 |         {
199 |             context->HasFocus = FALSE;
200 |             InvalidateRect(hwnd, NULL, TRUE);
201 |         }
202 |         return 0;
203 |     case WM_GETDLGCODE:
204 |         if (wParam == VK_RETURN)
205 |             return DLGC_WANTMESSAGE;
206 |         return 0;
207 |     case WM_KEYDOWN:
208 |         {
209 |             switch (wParam)
210 |             {
211 |             case VK_SPACE:
212 |             case VK_RETURN:
213 |                 PhpChooseColor(hwnd, context);
214 |                 break;
215 |             }
216 |         }
217 |         break;
218 |     case CBCM_SETCOLOR:
219 |         context->SelectedColor = (COLORREF)wParam;
220 |         return TRUE;
221 |     case CBCM_GETCOLOR:
222 |         return (LRESULT)context->SelectedColor;
223 |     }
224 | 
225 |     return DefWindowProc(hwnd, uMsg, wParam, lParam);
226 | }
227 | 


--------------------------------------------------------------------------------
/HsCore/phlib/error.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Process Hacker -
 3 |  *   error codes
 4 |  *
 5 |  * Copyright (C) 2010-2011 wj32
 6 |  *
 7 |  * This file is part of Process Hacker.
 8 |  *
 9 |  * Process Hacker is free software; you can redistribute it and/or modify
10 |  * it under the terms of the GNU General Public License as published by
11 |  * the Free Software Foundation, either version 3 of the License, or
12 |  * (at your option) any later version.
13 |  *
14 |  * Process Hacker is distributed in the hope that it will be useful,
15 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 |  * GNU General Public License for more details.
18 |  *
19 |  * You should have received a copy of the GNU General Public License
20 |  * along with Process Hacker.  If not, see <http://www.gnu.org/licenses/>.
21 |  */
22 | 
23 | #include <phbase.h>
24 | 
25 | /**
26 |  * Converts a NTSTATUS value to a Win32 error code.
27 |  *
28 |  * \remarks This function handles FACILITY_NTWIN32 status values
29 |  * properly, unlike RtlNtStatusToDosError.
30 |  */
31 | ULONG PhNtStatusToDosError(
32 |     _In_ NTSTATUS Status
33 |     )
34 | {
35 |     if (NT_NTWIN32(Status)) // RtlNtStatusToDosError doesn't seem to handle these cases correctly
36 |         return WIN32_FROM_NTSTATUS(Status);
37 |     else
38 |         return RtlNtStatusToDosError(Status);
39 | }
40 | 
41 | /**
42 |  * Converts a Win32 error code to a NTSTATUS value.
43 |  *
44 |  * \remarks Only a small number of cases are currently supported.
45 |  * Other status values are wrapped using FACILITY_NTWIN32.
46 |  */
47 | NTSTATUS PhDosErrorToNtStatus(
48 |     _In_ ULONG DosError
49 |     )
50 | {
51 |     switch (DosError)
52 |     {
53 |     case ERROR_INVALID_FUNCTION: return STATUS_ILLEGAL_FUNCTION;
54 |     case ERROR_FILE_NOT_FOUND: return STATUS_NO_SUCH_FILE;
55 |     case ERROR_ACCESS_DENIED: return STATUS_ACCESS_DENIED;
56 |     case ERROR_INVALID_HANDLE: return STATUS_INVALID_HANDLE;
57 |     case ERROR_HANDLE_EOF: return STATUS_END_OF_FILE;
58 |     case ERROR_NOT_SUPPORTED: return STATUS_NOT_SUPPORTED;
59 |     case ERROR_INVALID_PARAMETER: return STATUS_INVALID_PARAMETER;
60 |     case ERROR_NOT_LOCKED: return STATUS_NOT_LOCKED;
61 |     case ERROR_MORE_DATA: return STATUS_MORE_ENTRIES;
62 |     case ERROR_NOACCESS: return STATUS_ACCESS_VIOLATION;
63 |     case ERROR_STACK_OVERFLOW: return STATUS_STACK_OVERFLOW;
64 |     case ERROR_INTERNAL_ERROR: return STATUS_INTERNAL_ERROR;
65 |     default: return NTSTATUS_FROM_WIN32(DosError);
66 |     }
67 | }
68 | 
69 | /**
70 |  * Determines whether a NTSTATUS value indicates that a file
71 |  * cannot be not found.
72 |  */
73 | BOOLEAN PhNtStatusFileNotFound(
74 |     _In_ NTSTATUS Status
75 |     )
76 | {
77 |     switch (Status)
78 |     {
79 |     case STATUS_NO_SUCH_FILE:
80 |         return TRUE;
81 |     case STATUS_OBJECT_NAME_INVALID:
82 |         return TRUE;
83 |     case STATUS_OBJECT_NAME_NOT_FOUND:
84 |         return TRUE;
85 |     case STATUS_OBJECT_NO_LONGER_EXISTS:
86 |         return TRUE;
87 |     case STATUS_OBJECT_PATH_INVALID:
88 |         return TRUE;
89 |     case STATUS_OBJECT_PATH_NOT_FOUND:
90 |         return TRUE;
91 |     default: return FALSE;
92 |     }
93 | }
94 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/apiimport.h:
--------------------------------------------------------------------------------
 1 | #ifndef _PH_APIIMPORT_H
 2 | #define _PH_APIIMPORT_H
 3 | 
 4 | typedef NTSTATUS (NTAPI *_NtQueryInformationEnlistment)(
 5 |     _In_ HANDLE EnlistmentHandle,
 6 |     _In_ ENLISTMENT_INFORMATION_CLASS EnlistmentInformationClass,
 7 |     _Out_writes_bytes_(EnlistmentInformationLength) PVOID EnlistmentInformation,
 8 |     _In_ ULONG EnlistmentInformationLength,
 9 |     _Out_opt_ PULONG ReturnLength
10 |     );
11 | 
12 | typedef NTSTATUS (NTAPI *_NtQueryInformationResourceManager)(
13 |     _In_ HANDLE ResourceManagerHandle,
14 |     _In_ RESOURCEMANAGER_INFORMATION_CLASS ResourceManagerInformationClass,
15 |     _Out_writes_bytes_(ResourceManagerInformationLength) PVOID ResourceManagerInformation,
16 |     _In_ ULONG ResourceManagerInformationLength,
17 |     _Out_opt_ PULONG ReturnLength
18 |     );
19 | 
20 | typedef NTSTATUS (NTAPI *_NtQueryInformationTransaction)(
21 |     _In_ HANDLE TransactionHandle,
22 |     _In_ TRANSACTION_INFORMATION_CLASS TransactionInformationClass,
23 |     _Out_writes_bytes_(TransactionInformationLength) PVOID TransactionInformation,
24 |     _In_ ULONG TransactionInformationLength,
25 |     _Out_opt_ PULONG ReturnLength
26 |     );
27 | 
28 | typedef NTSTATUS (NTAPI *_NtQueryInformationTransactionManager)(
29 |     _In_ HANDLE TransactionManagerHandle,
30 |     _In_ TRANSACTIONMANAGER_INFORMATION_CLASS TransactionManagerInformationClass,
31 |     _Out_writes_bytes_(TransactionManagerInformationLength) PVOID TransactionManagerInformation,
32 |     _In_ ULONG TransactionManagerInformationLength,
33 |     _Out_opt_ PULONG ReturnLength
34 |     );
35 | 
36 | #define PH_DECLARE_IMPORT(Name) _##Name Name##_Import(VOID)
37 | 
38 | PH_DECLARE_IMPORT(NtQueryInformationEnlistment);
39 | PH_DECLARE_IMPORT(NtQueryInformationResourceManager);
40 | PH_DECLARE_IMPORT(NtQueryInformationTransaction);
41 | PH_DECLARE_IMPORT(NtQueryInformationTransactionManager);
42 | 
43 | #endif
44 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/circbuf.h:
--------------------------------------------------------------------------------
 1 | #ifndef _PH_CIRCBUF_H
 2 | #define _PH_CIRCBUF_H
 3 | 
 4 | #define PH_CIRCULAR_BUFFER_POWER_OF_TWO_SIZE
 5 | 
 6 | #undef T
 7 | #define T ULONG
 8 | #include "circbuf_h.h"
 9 | 
10 | #undef T
11 | #define T ULONG64
12 | #include "circbuf_h.h"
13 | 
14 | #undef T
15 | #define T PVOID
16 | #include "circbuf_h.h"
17 | 
18 | #undef T
19 | #define T SIZE_T
20 | #include "circbuf_h.h"
21 | 
22 | #undef T
23 | #define T FLOAT
24 | #include "circbuf_h.h"
25 | 
26 | #endif
27 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/circbuf_h.h:
--------------------------------------------------------------------------------
  1 | #ifdef T
  2 | 
  3 | #include <templ.h>
  4 | 
  5 | typedef struct T___(_PH_CIRCULAR_BUFFER, T)
  6 | {
  7 |     ULONG Size;
  8 | #ifdef PH_CIRCULAR_BUFFER_POWER_OF_TWO_SIZE
  9 |     ULONG SizeMinusOne;
 10 | #endif
 11 |     ULONG Count;
 12 |     LONG Index;
 13 |     T *Data;
 14 | } T___(PH_CIRCULAR_BUFFER, T), *T___(PPH_CIRCULAR_BUFFER, T);
 15 | 
 16 | PHLIBAPI
 17 | VOID
 18 | NTAPI
 19 | T___(PhInitializeCircularBuffer, T)(
 20 |     _Out_ T___(PPH_CIRCULAR_BUFFER, T) Buffer,
 21 |     _In_ ULONG Size
 22 |     );
 23 | 
 24 | PHLIBAPI
 25 | VOID
 26 | NTAPI
 27 | T___(PhDeleteCircularBuffer, T)(
 28 |     _Inout_ T___(PPH_CIRCULAR_BUFFER, T) Buffer
 29 |     );
 30 | 
 31 | PHLIBAPI
 32 | VOID
 33 | NTAPI
 34 | T___(PhResizeCircularBuffer, T)(
 35 |     _Inout_ T___(PPH_CIRCULAR_BUFFER, T) Buffer,
 36 |     _In_ ULONG NewSize
 37 |     );
 38 | 
 39 | PHLIBAPI
 40 | VOID
 41 | NTAPI
 42 | T___(PhClearCircularBuffer, T)(
 43 |     _Inout_ T___(PPH_CIRCULAR_BUFFER, T) Buffer
 44 |     );
 45 | 
 46 | PHLIBAPI
 47 | VOID
 48 | NTAPI
 49 | T___(PhCopyCircularBuffer, T)(
 50 |     _Inout_ T___(PPH_CIRCULAR_BUFFER, T) Buffer,
 51 |     _Out_writes_(Count) T *Destination,
 52 |     _In_ ULONG Count
 53 |     );
 54 | 
 55 | FORCEINLINE T T___(PhGetItemCircularBuffer, T)(
 56 |     _In_ T___(PPH_CIRCULAR_BUFFER, T) Buffer,
 57 |     _In_ LONG Index
 58 |     )
 59 | {
 60 | #ifdef PH_CIRCULAR_BUFFER_POWER_OF_TWO_SIZE
 61 |     return Buffer->Data[(Buffer->Index + Index) & Buffer->SizeMinusOne];
 62 | #else
 63 |     ULONG size;
 64 | 
 65 |     size = Buffer->Size;
 66 |     // Modulo is dividend-based.
 67 |     return Buffer->Data[(((Buffer->Index + Index) % size) + size) % size];
 68 | #endif
 69 | }
 70 | 
 71 | FORCEINLINE VOID T___(PhSetItemCircularBuffer, T)(
 72 |     _Inout_ T___(PPH_CIRCULAR_BUFFER, T) Buffer,
 73 |     _In_ LONG Index,
 74 |     _In_ T Value
 75 |     )
 76 | {
 77 | #ifdef PH_CIRCULAR_BUFFER_POWER_OF_TWO_SIZE
 78 |     Buffer->Data[(Buffer->Index + Index) & Buffer->SizeMinusOne] = Value;
 79 | #else
 80 |     ULONG size;
 81 | 
 82 |     size = Buffer->Size;
 83 |     Buffer->Data[(((Buffer->Index + Index) % size) + size) % size] = Value;
 84 | #endif
 85 | }
 86 | 
 87 | FORCEINLINE VOID T___(PhAddItemCircularBuffer, T)(
 88 |     _Inout_ T___(PPH_CIRCULAR_BUFFER, T) Buffer,
 89 |     _In_ T Value
 90 |     )
 91 | {
 92 | #ifdef PH_CIRCULAR_BUFFER_POWER_OF_TWO_SIZE
 93 |     Buffer->Data[Buffer->Index = ((Buffer->Index - 1) & Buffer->SizeMinusOne)] = Value;
 94 | #else
 95 |     ULONG size;
 96 | 
 97 |     size = Buffer->Size;
 98 |     Buffer->Data[Buffer->Index = (((Buffer->Index - 1) % size) + size) % size] = Value;
 99 | #endif
100 | 
101 |     if (Buffer->Count < Buffer->Size)
102 |         Buffer->Count++;
103 | }
104 | 
105 | FORCEINLINE T T___(PhAddItemCircularBuffer2, T)(
106 |     _Inout_ T___(PPH_CIRCULAR_BUFFER, T) Buffer,
107 |     _In_ T Value
108 |     )
109 | {
110 |     LONG index;
111 |     T oldValue;
112 | 
113 | #ifdef PH_CIRCULAR_BUFFER_POWER_OF_TWO_SIZE
114 |     index = ((Buffer->Index - 1) & Buffer->SizeMinusOne);
115 | #else
116 |     ULONG size;
117 | 
118 |     size = Buffer->Size;
119 |     index = (((Buffer->Index - 1) % size) + size) % size;
120 | #endif
121 | 
122 |     Buffer->Index = index;
123 |     oldValue = Buffer->Data[index];
124 |     Buffer->Data[index] = Value;
125 | 
126 |     if (Buffer->Count < Buffer->Size)
127 |         Buffer->Count++;
128 | 
129 |     return oldValue;
130 | }
131 | 
132 | #endif
133 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/colorbox.h:
--------------------------------------------------------------------------------
 1 | #ifndef _PH_COLORBOX_H
 2 | #define _PH_COLORBOX_H
 3 | 
 4 | #define PH_COLORBOX_CLASSNAME L"PhColorBox"
 5 | 
 6 | BOOLEAN PhColorBoxInitialization(
 7 |     VOID
 8 |     );
 9 | 
10 | #define CBCM_SETCOLOR (WM_APP + 1501)
11 | #define CBCM_GETCOLOR (WM_APP + 1502)
12 | 
13 | #define ColorBox_SetColor(hWnd, Color) \
14 |     SendMessage((hWnd), CBCM_SETCOLOR, (WPARAM)(Color), 0)
15 | 
16 | #define ColorBox_GetColor(hWnd) \
17 |     ((COLORREF)SendMessage((hWnd), CBCM_GETCOLOR, 0, 0))
18 | 
19 | #endif
20 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/cpysave.h:
--------------------------------------------------------------------------------
 1 | #ifndef _PH_CPYSAVE_H
 2 | #define _PH_CPYSAVE_H
 3 | 
 4 | #define PH_EXPORT_MODE_TABS 0
 5 | #define PH_EXPORT_MODE_SPACES 1
 6 | #define PH_EXPORT_MODE_CSV 2
 7 | 
 8 | VOID PhaCreateTextTable(
 9 |     _Out_ PPH_STRING ***Table,
10 |     _In_ ULONG Rows,
11 |     _In_ ULONG Columns
12 |     );
13 | 
14 | PPH_LIST PhaFormatTextTable(
15 |     _In_ PPH_STRING **Table,
16 |     _In_ ULONG Rows,
17 |     _In_ ULONG Columns,
18 |     _In_ ULONG Mode
19 |     );
20 | 
21 | VOID PhMapDisplayIndexTreeNew(
22 |     _In_ HWND TreeNewHandle,
23 |     _Out_opt_ PULONG *DisplayToId,
24 |     _Out_opt_ PWSTR **DisplayToText,
25 |     _Out_ PULONG NumberOfColumns
26 |     );
27 | 
28 | PHLIBAPI
29 | PPH_STRING PhGetTreeNewText(
30 |     _In_ HWND TreeNewHandle,
31 |     _Reserved_ ULONG Reserved
32 |     );
33 | 
34 | PHLIBAPI
35 | PPH_LIST PhGetGenericTreeNewLines(
36 |     _In_ HWND TreeNewHandle,
37 |     _In_ ULONG Mode
38 |     );
39 | 
40 | VOID PhaMapDisplayIndexListView(
41 |     _In_ HWND ListViewHandle,
42 |     _Out_writes_(Count) PULONG DisplayToId,
43 |     _Out_writes_opt_(Count) PPH_STRING *DisplayToText,
44 |     _In_ ULONG Count,
45 |     _Out_ PULONG NumberOfColumns
46 |     );
47 | 
48 | PPH_STRING PhaGetListViewItemText(
49 |     _In_ HWND ListViewHandle,
50 |     _In_ INT Index,
51 |     _In_ INT SubItemIndex
52 |     );
53 | 
54 | PPH_STRING PhGetListViewText(
55 |     _In_ HWND ListViewHandle
56 |     );
57 | 
58 | PPH_LIST PhGetListViewLines(
59 |     _In_ HWND ListViewHandle,
60 |     _In_ ULONG Mode
61 |     );
62 | 
63 | #endif
64 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/dltmgr.h:
--------------------------------------------------------------------------------
 1 | #ifndef _PH_DLTMGR_H
 2 | #define _PH_DLTMGR_H
 3 | 
 4 | typedef struct _PH_SINGLE_DELTA
 5 | {
 6 |     FLOAT Value;
 7 |     FLOAT Delta;
 8 | } PH_SINGLE_DELTA, *PPH_SINGLE_DELTA;
 9 | 
10 | typedef struct _PH_UINT32_DELTA
11 | {
12 |     ULONG Value;
13 |     ULONG Delta;
14 | } PH_UINT32_DELTA, *PPH_UINT32_DELTA;
15 | 
16 | typedef struct _PH_UINT64_DELTA
17 | {
18 |     ULONG64 Value;
19 |     ULONG64 Delta;
20 | } PH_UINT64_DELTA, *PPH_UINT64_DELTA;
21 | 
22 | typedef struct _PH_UINTPTR_DELTA
23 | {
24 |     ULONG_PTR Value;
25 |     ULONG_PTR Delta;
26 | } PH_UINTPTR_DELTA, *PPH_UINTPTR_DELTA;
27 | 
28 | #define PhInitializeDelta(DltMgr) \
29 |     ((DltMgr)->Value = 0, (DltMgr)->Delta = 0)
30 | 
31 | #define PhUpdateDelta(DltMgr, NewValue) \
32 |     ((DltMgr)->Delta = (NewValue) - (DltMgr)->Value, \
33 |     (DltMgr)->Value = (NewValue), (DltMgr)->Delta)
34 | 
35 | #endif
36 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/dspick.h:
--------------------------------------------------------------------------------
 1 | #ifndef _PH_DSPICK_H
 2 | #define _PH_DSPICK_H
 3 | 
 4 | #define PH_DSPICK_MULTISELECT 0x1
 5 | 
 6 | typedef struct _PH_DSPICK_OBJECT
 7 | {
 8 |     PPH_STRING Name;
 9 |     PSID Sid;
10 | } PH_DSPICK_OBJECT, *PPH_DSPICK_OBJECT;
11 | 
12 | typedef struct _PH_DSPICK_OBJECTS
13 | {
14 |     ULONG NumberOfObjects;
15 |     PH_DSPICK_OBJECT Objects[1];
16 | } PH_DSPICK_OBJECTS, *PPH_DSPICK_OBJECTS;
17 | 
18 | PHLIBAPI
19 | VOID PhFreeDsObjectPickerDialog(
20 |     _In_ PVOID PickerDialog
21 |     );
22 | 
23 | PHLIBAPI
24 | PVOID PhCreateDsObjectPickerDialog(
25 |     _In_ ULONG Flags
26 |     );
27 | 
28 | PHLIBAPI
29 | BOOLEAN PhShowDsObjectPickerDialog(
30 |     _In_ HWND hWnd,
31 |     _In_ PVOID PickerDialog,
32 |     _Out_ PPH_DSPICK_OBJECTS *Objects
33 |     );
34 | 
35 | PHLIBAPI
36 | VOID PhFreeDsObjectPickerObjects(
37 |     _In_ PPH_DSPICK_OBJECTS Objects
38 |     );
39 | 
40 | #endif
41 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/emenu.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PH_EMENU_H
  2 | #define _PH_EMENU_H
  3 | 
  4 | #define PH_EMENU_DISABLED 0x1
  5 | #define PH_EMENU_CHECKED 0x2
  6 | #define PH_EMENU_HIGHLIGHT 0x4
  7 | #define PH_EMENU_MENUBARBREAK 0x8
  8 | #define PH_EMENU_MENUBREAK 0x10
  9 | #define PH_EMENU_DEFAULT 0x20
 10 | #define PH_EMENU_MOUSESELECT 0x40
 11 | #define PH_EMENU_RADIOCHECK 0x80
 12 | 
 13 | #define PH_EMENU_SEPARATECHECKSPACE 0x100000
 14 | #define PH_EMENU_SEPARATOR 0x200000
 15 | 
 16 | #define PH_EMENU_TEXT_OWNED 0x80000000
 17 | #define PH_EMENU_BITMAP_OWNED 0x40000000
 18 | 
 19 | struct _PH_EMENU_ITEM;
 20 | 
 21 | typedef VOID (NTAPI *PPH_EMENU_ITEM_DELETE_FUNCTION)(
 22 |     _In_ struct _PH_EMENU_ITEM *Item
 23 |     );
 24 | 
 25 | typedef struct _PH_EMENU_ITEM
 26 | {
 27 |     ULONG Flags;
 28 |     ULONG Id;
 29 |     PWSTR Text;
 30 |     HBITMAP Bitmap;
 31 | 
 32 |     PVOID Parameter;
 33 |     PVOID Context;
 34 |     PPH_EMENU_ITEM_DELETE_FUNCTION DeleteFunction;
 35 |     PVOID Reserved;
 36 | 
 37 |     struct _PH_EMENU_ITEM *Parent;
 38 |     PPH_LIST Items;
 39 | } PH_EMENU_ITEM, *PPH_EMENU_ITEM;
 40 | 
 41 | typedef struct _PH_EMENU_ITEM PH_EMENU, *PPH_EMENU;
 42 | 
 43 | PHLIBAPI
 44 | PPH_EMENU_ITEM PhCreateEMenuItem(
 45 |     _In_ ULONG Flags,
 46 |     _In_ ULONG Id,
 47 |     _In_ PWSTR Text,
 48 |     _In_opt_ HBITMAP Bitmap,
 49 |     _In_opt_ PVOID Context
 50 |     );
 51 | 
 52 | PHLIBAPI
 53 | VOID PhDestroyEMenuItem(
 54 |     _In_ PPH_EMENU_ITEM Item
 55 |     );
 56 | 
 57 | #define PH_EMENU_FIND_DESCEND 0x1
 58 | #define PH_EMENU_FIND_STARTSWITH 0x2
 59 | #define PH_EMENU_FIND_LITERAL 0x4
 60 | 
 61 | PHLIBAPI
 62 | PPH_EMENU_ITEM PhFindEMenuItem(
 63 |     _In_ PPH_EMENU_ITEM Item,
 64 |     _In_ ULONG Flags,
 65 |     _In_opt_ PWSTR Text,
 66 |     _In_opt_ ULONG Id
 67 |     );
 68 | 
 69 | PPH_EMENU_ITEM PhFindEMenuItemEx(
 70 |     _In_ PPH_EMENU_ITEM Item,
 71 |     _In_ ULONG Flags,
 72 |     _In_opt_ PWSTR Text,
 73 |     _In_opt_ ULONG Id,
 74 |     _Out_opt_ PPH_EMENU_ITEM *FoundParent,
 75 |     _Out_opt_ PULONG FoundIndex
 76 |     );
 77 | 
 78 | PHLIBAPI
 79 | ULONG PhIndexOfEMenuItem(
 80 |     _In_ PPH_EMENU_ITEM Parent,
 81 |     _In_ PPH_EMENU_ITEM Item
 82 |     );
 83 | 
 84 | PHLIBAPI
 85 | VOID PhInsertEMenuItem(
 86 |     _Inout_ PPH_EMENU_ITEM Parent,
 87 |     _Inout_ PPH_EMENU_ITEM Item,
 88 |     _In_ ULONG Index
 89 |     );
 90 | 
 91 | PHLIBAPI
 92 | BOOLEAN PhRemoveEMenuItem(
 93 |     _Inout_opt_ PPH_EMENU_ITEM Parent,
 94 |     _In_opt_ PPH_EMENU_ITEM Item,
 95 |     _In_opt_ ULONG Index
 96 |     );
 97 | 
 98 | PHLIBAPI
 99 | VOID PhRemoveAllEMenuItems(
100 |     _Inout_ PPH_EMENU_ITEM Parent
101 |     );
102 | 
103 | PHLIBAPI
104 | PPH_EMENU PhCreateEMenu(
105 |     VOID
106 |     );
107 | 
108 | PHLIBAPI
109 | VOID PhDestroyEMenu(
110 |     _In_ PPH_EMENU Menu
111 |     );
112 | 
113 | #define PH_EMENU_CONVERT_ID 0x1
114 | 
115 | typedef struct _PH_EMENU_DATA
116 | {
117 |     PPH_LIST IdToItem;
118 | } PH_EMENU_DATA, *PPH_EMENU_DATA;
119 | 
120 | VOID PhInitializeEMenuData(
121 |     _Out_ PPH_EMENU_DATA Data
122 |     );
123 | 
124 | VOID PhDeleteEMenuData(
125 |     _Inout_ PPH_EMENU_DATA Data
126 |     );
127 | 
128 | HMENU PhEMenuToHMenu(
129 |     _In_ PPH_EMENU_ITEM Menu,
130 |     _In_ ULONG Flags,
131 |     _Inout_opt_ PPH_EMENU_DATA Data
132 |     );
133 | 
134 | VOID PhEMenuToHMenu2(
135 |     _In_ HMENU MenuHandle,
136 |     _In_ PPH_EMENU_ITEM Menu,
137 |     _In_ ULONG Flags,
138 |     _Inout_opt_ PPH_EMENU_DATA Data
139 |     );
140 | 
141 | VOID PhHMenuToEMenuItem(
142 |     _Inout_ PPH_EMENU_ITEM MenuItem,
143 |     _In_ HMENU MenuHandle
144 |     );
145 | 
146 | PHLIBAPI
147 | VOID PhLoadResourceEMenuItem(
148 |     _Inout_ PPH_EMENU_ITEM MenuItem,
149 |     _In_ HINSTANCE InstanceHandle,
150 |     _In_ PWSTR Resource,
151 |     _In_ ULONG SubMenuIndex
152 |     );
153 | 
154 | #define PH_EMENU_SHOW_SEND_COMMAND 0x1
155 | #define PH_EMENU_SHOW_LEFTRIGHT 0x2
156 | 
157 | PHLIBAPI
158 | PPH_EMENU_ITEM PhShowEMenu(
159 |     _In_ PPH_EMENU Menu,
160 |     _In_ HWND WindowHandle,
161 |     _In_ ULONG Flags,
162 |     _In_ ULONG Align,
163 |     _In_ ULONG X,
164 |     _In_ ULONG Y
165 |     );
166 | 
167 | // Convenience functions
168 | 
169 | PHLIBAPI
170 | BOOLEAN PhSetFlagsEMenuItem(
171 |     _Inout_ PPH_EMENU_ITEM Item,
172 |     _In_ ULONG Id,
173 |     _In_ ULONG Mask,
174 |     _In_ ULONG Value
175 |     );
176 | 
177 | FORCEINLINE BOOLEAN PhEnableEMenuItem(
178 |     _Inout_ PPH_EMENU_ITEM Item,
179 |     _In_ ULONG Id,
180 |     _In_ BOOLEAN Enable
181 |     )
182 | {
183 |     return PhSetFlagsEMenuItem(Item, Id, PH_EMENU_DISABLED, Enable ? 0 : PH_EMENU_DISABLED);
184 | }
185 | 
186 | PHLIBAPI
187 | VOID PhSetFlagsAllEMenuItems(
188 |     _In_ PPH_EMENU_ITEM Item,
189 |     _In_ ULONG Mask,
190 |     _In_ ULONG Value
191 |     );
192 | 
193 | #define PH_EMENU_MODIFY_TEXT 0x1
194 | #define PH_EMENU_MODIFY_BITMAP 0x2
195 | 
196 | PHLIBAPI
197 | VOID PhModifyEMenuItem(
198 |     _Inout_ PPH_EMENU_ITEM Item,
199 |     _In_ ULONG ModifyFlags,
200 |     _In_ ULONG OwnedFlags,
201 |     _In_opt_ PWSTR Text,
202 |     _In_opt_ HBITMAP Bitmap
203 |     );
204 | 
205 | #endif
206 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/fastlock.h:
--------------------------------------------------------------------------------
 1 | #ifndef _PH_FASTLOCK_H
 2 | #define _PH_FASTLOCK_H
 3 | 
 4 | // FastLock is a port of FastResourceLock from PH 1.x.
 5 | 
 6 | #ifdef __cplusplus
 7 | extern "C" {
 8 | #endif
 9 | 
10 | typedef struct _PH_FAST_LOCK
11 | {
12 |     ULONG Value;
13 |     HANDLE ExclusiveWakeEvent;
14 |     HANDLE SharedWakeEvent;
15 | } PH_FAST_LOCK, *PPH_FAST_LOCK;
16 | 
17 | #define PH_FAST_LOCK_INIT { 0, NULL, NULL }
18 | 
19 | PHLIBAPI
20 | VOID
21 | NTAPI
22 | PhInitializeFastLock(
23 |     _Out_ PPH_FAST_LOCK FastLock
24 |     );
25 | 
26 | PHLIBAPI
27 | VOID
28 | NTAPI
29 | PhDeleteFastLock(
30 |     _Inout_ PPH_FAST_LOCK FastLock
31 |     );
32 | 
33 | #define PhAcquireFastLockExclusive PhfAcquireFastLockExclusive
34 | _May_raise_
35 | _Acquires_exclusive_lock_(*FastLock)
36 | PHLIBAPI
37 | VOID
38 | FASTCALL
39 | PhfAcquireFastLockExclusive(
40 |     _Inout_ PPH_FAST_LOCK FastLock
41 |     );
42 | 
43 | #define PhAcquireFastLockShared PhfAcquireFastLockShared
44 | _May_raise_
45 | _Acquires_shared_lock_(*FastLock)
46 | PHLIBAPI
47 | VOID
48 | FASTCALL
49 | PhfAcquireFastLockShared(
50 |     _Inout_ PPH_FAST_LOCK FastLock
51 |     );
52 | 
53 | #define PhReleaseFastLockExclusive PhfReleaseFastLockExclusive
54 | _Releases_exclusive_lock_(*FastLock)
55 | PHLIBAPI
56 | VOID
57 | FASTCALL
58 | PhfReleaseFastLockExclusive(
59 |     _Inout_ PPH_FAST_LOCK FastLock
60 |     );
61 | 
62 | #define PhReleaseFastLockShared PhfReleaseFastLockShared
63 | _Releases_shared_lock_(*FastLock)
64 | PHLIBAPI
65 | VOID
66 | FASTCALL
67 | PhfReleaseFastLockShared(
68 |     _Inout_ PPH_FAST_LOCK FastLock
69 |     );
70 | 
71 | #define PhTryAcquireFastLockExclusive PhfTryAcquireFastLockExclusive
72 | _When_(return != 0, _Acquires_exclusive_lock_(*FastLock))
73 | PHLIBAPI
74 | BOOLEAN
75 | FASTCALL
76 | PhfTryAcquireFastLockExclusive(
77 |     _Inout_ PPH_FAST_LOCK FastLock
78 |     );
79 | 
80 | #define PhTryAcquireFastLockShared PhfTryAcquireFastLockShared
81 | _When_(return != 0, _Acquires_shared_lock_(*FastLock))
82 | PHLIBAPI
83 | BOOLEAN
84 | FASTCALL
85 | PhfTryAcquireFastLockShared(
86 |     _Inout_ PPH_FAST_LOCK FastLock
87 |     );
88 | 
89 | #ifdef __cplusplus
90 | }
91 | #endif
92 | 
93 | #endif
94 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/filepool.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PH_FILEPOOL_H
  2 | #define _PH_FILEPOOL_H
  3 | 
  4 | // On-disk structures
  5 | 
  6 | // Each file has at least one segment.
  7 | // Each segment has a number of blocks, which are allocated
  8 | // from a bitmap. The segment header is always in the first block
  9 | // of each segment, except for the first segment. In the first segment,
 10 | // the file header is in the first few blocks, followed by the segment header.
 11 | //
 12 | // The segments are placed in a particular free list depending on how many
 13 | // blocks they have free; this allows allocators to simply skip the segments
 14 | // which don't have enough segments free, and allocate new segments if necessary.
 15 | // The free list does not however guarantee that a particular segment has
 16 | // a particular number of contiguous blocks free; low performance can still
 17 | // occur when there is fragmentation.
 18 | 
 19 | /** The number of 32-bit integers used for each allocation bitmap. */
 20 | #define PH_FP_BITMAP_SIZE 64
 21 | /** The power-of-two index of the bitmap size. */
 22 | #define PH_FP_BITMAP_SIZE_SHIFT 6
 23 | /** The number of blocks that are available in each segment. */
 24 | #define PH_FP_BLOCK_COUNT (PH_FP_BITMAP_SIZE * 32)
 25 | /** The power-of-two index of the block count. */
 26 | #define PH_FP_BLOCK_COUNT_SHIFT (PH_FP_BITMAP_SIZE_SHIFT + 5)
 27 | /** The number of free lists for segments. */
 28 | #define PH_FP_FREE_LIST_COUNT 8
 29 | 
 30 | // Block flags
 31 | /** The block is the beginning of a large allocation (one that spans several segments). */
 32 | #define PH_FP_BLOCK_LARGE_ALLOCATION 0x1
 33 | 
 34 | typedef struct _PH_FP_BLOCK_HEADER
 35 | {
 36 |     ULONG Flags; // PH_FP_BLOCK_*
 37 |     /** The number of blocks in the entire logical block, or the number
 38 |      * of segments in a large allocation. */
 39 |     ULONG Span;
 40 |     ULONGLONG Body;
 41 | } PH_FP_BLOCK_HEADER, *PPH_FP_BLOCK_HEADER;
 42 | 
 43 | typedef struct _PH_FP_SEGMENT_HEADER
 44 | {
 45 |     ULONG Bitmap[PH_FP_BITMAP_SIZE];
 46 |     ULONG FreeBlocks;
 47 |     ULONG FreeFlink;
 48 |     ULONG FreeBlink;
 49 |     ULONG Reserved[13];
 50 | } PH_FP_SEGMENT_HEADER, *PPH_FP_SEGMENT_HEADER;
 51 | 
 52 | #define PH_FP_MAGIC ('loPF')
 53 | 
 54 | typedef struct _PH_FP_FILE_HEADER
 55 | {
 56 |     ULONG Magic;
 57 |     ULONG SegmentShift;
 58 |     ULONG SegmentCount;
 59 |     ULONGLONG UserContext;
 60 |     ULONG FreeLists[PH_FP_FREE_LIST_COUNT];
 61 | } PH_FP_FILE_HEADER, *PPH_FP_FILE_HEADER;
 62 | 
 63 | // Runtime
 64 | 
 65 | typedef struct _PH_FILE_POOL_PARAMETERS
 66 | {
 67 |     // File options
 68 | 
 69 |     /** The base-2 logarithm of the size of each segment. This value
 70 |      * must be between 16 and 28, inclusive. */
 71 |     ULONG SegmentShift;
 72 | 
 73 |     // Runtime options
 74 | 
 75 |     /** The maximum number of inactive segments to keep mapped. */
 76 |     ULONG MaximumInactiveViews;
 77 | } PH_FILE_POOL_PARAMETERS, *PPH_FILE_POOL_PARAMETERS;
 78 | 
 79 | typedef struct _PH_FILE_POOL
 80 | {
 81 |     HANDLE FileHandle;
 82 |     HANDLE SectionHandle;
 83 |     BOOLEAN ReadOnly;
 84 | 
 85 |     PH_FREE_LIST ViewFreeList;
 86 |     PLIST_ENTRY *ByIndexBuckets;
 87 |     ULONG ByIndexSize;
 88 |     PH_AVL_TREE ByBaseSet;
 89 | 
 90 |     ULONG MaximumInactiveViews;
 91 |     ULONG NumberOfInactiveViews;
 92 |     LIST_ENTRY InactiveViewsListHead;
 93 | 
 94 |     PPH_FP_BLOCK_HEADER FirstBlockOfFirstSegment;
 95 |     PPH_FP_FILE_HEADER Header;
 96 |     ULONG SegmentShift; // The power-of-two size of each segment
 97 |     ULONG SegmentSize; // The size of each segment
 98 |     ULONG BlockShift; // The power-of-two size of each block in each segment
 99 |     ULONG BlockSize; // The size of each block in each segment
100 |     ULONG FileHeaderBlockSpan; // The number of blocks needed to store a file header
101 |     ULONG SegmentHeaderBlockSpan; // The number of blocks needed to store a segment header
102 | } PH_FILE_POOL, *PPH_FILE_POOL;
103 | 
104 | NTSTATUS PhCreateFilePool(
105 |     _Out_ PPH_FILE_POOL *Pool,
106 |     _In_ HANDLE FileHandle,
107 |     _In_ BOOLEAN ReadOnly,
108 |     _In_opt_ PPH_FILE_POOL_PARAMETERS Parameters
109 |     );
110 | 
111 | NTSTATUS PhCreateFilePool2(
112 |     _Out_ PPH_FILE_POOL *Pool,
113 |     _In_ PWSTR FileName,
114 |     _In_ BOOLEAN ReadOnly,
115 |     _In_ ULONG ShareAccess,
116 |     _In_ ULONG CreateDisposition,
117 |     _In_opt_ PPH_FILE_POOL_PARAMETERS Parameters
118 |     );
119 | 
120 | VOID PhDestroyFilePool(
121 |     _In_ _Post_invalid_ PPH_FILE_POOL Pool
122 |     );
123 | 
124 | PVOID PhAllocateFilePool(
125 |     _Inout_ PPH_FILE_POOL Pool,
126 |     _In_ ULONG Size,
127 |     _Out_opt_ PULONG Rva
128 |     );
129 | 
130 | VOID PhFreeFilePool(
131 |     _Inout_ PPH_FILE_POOL Pool,
132 |     _In_ PVOID Block
133 |     );
134 | 
135 | BOOLEAN PhFreeFilePoolByRva(
136 |     _Inout_ PPH_FILE_POOL Pool,
137 |     _In_ ULONG Rva
138 |     );
139 | 
140 | VOID PhReferenceFilePool(
141 |     _Inout_ PPH_FILE_POOL Pool,
142 |     _In_ PVOID Address
143 |     );
144 | 
145 | VOID PhDereferenceFilePool(
146 |     _Inout_ PPH_FILE_POOL Pool,
147 |     _In_ PVOID Address
148 |     );
149 | 
150 | PVOID PhReferenceFilePoolByRva(
151 |     _Inout_ PPH_FILE_POOL Pool,
152 |     _In_ ULONG Rva
153 |     );
154 | 
155 | BOOLEAN PhDereferenceFilePoolByRva(
156 |     _Inout_ PPH_FILE_POOL Pool,
157 |     _In_ ULONG Rva
158 |     );
159 | 
160 | ULONG PhEncodeRvaFilePool(
161 |     _In_ PPH_FILE_POOL Pool,
162 |     _In_ PVOID Address
163 |     );
164 | 
165 | VOID PhGetUserContextFilePool(
166 |     _In_ PPH_FILE_POOL Pool,
167 |     _Out_ PULONGLONG Context
168 |     );
169 | 
170 | VOID PhSetUserContextFilePool(
171 |     _Inout_ PPH_FILE_POOL Pool,
172 |     _In_ PULONGLONG Context
173 |     );
174 | 
175 | #endif
176 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/filepoolp.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PH_FILEPOOLP_H
  2 | #define _PH_FILEPOOLP_H
  3 | 
  4 | typedef struct _PH_FILE_POOL_VIEW
  5 | {
  6 |     LIST_ENTRY ByIndexListEntry;
  7 |     PH_AVL_LINKS ByBaseLinks;
  8 |     LIST_ENTRY InactiveViewsListEntry;
  9 | 
 10 |     ULONG RefCount;
 11 |     ULONG SegmentIndex;
 12 |     PVOID Base;
 13 | } PH_FILE_POOL_VIEW, *PPH_FILE_POOL_VIEW;
 14 | 
 15 | NTSTATUS PhpValidateFilePoolParameters(
 16 |     _Inout_ PPH_FILE_POOL_PARAMETERS Parameters
 17 |     );
 18 | 
 19 | VOID PhpSetDefaultFilePoolParameters(
 20 |     _Out_ PPH_FILE_POOL_PARAMETERS Parameters
 21 |     );
 22 | 
 23 | // Range mapping
 24 | 
 25 | NTSTATUS PhFppExtendRange(
 26 |     _Inout_ PPH_FILE_POOL Pool,
 27 |     _In_ ULONG NewSize
 28 |     );
 29 | 
 30 | NTSTATUS PhFppMapRange(
 31 |     _Inout_ PPH_FILE_POOL Pool,
 32 |     _In_ ULONG Offset,
 33 |     _In_ ULONG Size,
 34 |     _Out_ PVOID *Base
 35 |     );
 36 | 
 37 | NTSTATUS PhFppUnmapRange(
 38 |     _Inout_ PPH_FILE_POOL Pool,
 39 |     _In_ PVOID Base
 40 |     );
 41 | 
 42 | // Segments
 43 | 
 44 | VOID PhFppInitializeSegment(
 45 |     _Inout_ PPH_FILE_POOL Pool,
 46 |     _Out_ PPH_FP_BLOCK_HEADER BlockOfSegmentHeader,
 47 |     _In_ ULONG AdditionalBlocksUsed
 48 |     );
 49 | 
 50 | PPH_FP_BLOCK_HEADER PhFppAllocateSegment(
 51 |     _Inout_ PPH_FILE_POOL Pool,
 52 |     _Out_ PULONG NewSegmentIndex
 53 |     );
 54 | 
 55 | PPH_FP_SEGMENT_HEADER PhFppGetHeaderSegment(
 56 |     _Inout_ PPH_FILE_POOL Pool,
 57 |     _In_ PPH_FP_BLOCK_HEADER FirstBlock
 58 |     );
 59 | 
 60 | // Views
 61 | 
 62 | VOID PhFppAddViewByIndex(
 63 |     _Inout_ PPH_FILE_POOL Pool,
 64 |     _Inout_ PPH_FILE_POOL_VIEW View
 65 |     );
 66 | 
 67 | VOID PhFppRemoveViewByIndex(
 68 |     _Inout_ PPH_FILE_POOL Pool,
 69 |     _Inout_ PPH_FILE_POOL_VIEW View
 70 |     );
 71 | 
 72 | PPH_FILE_POOL_VIEW PhFppFindViewByIndex(
 73 |     _Inout_ PPH_FILE_POOL Pool,
 74 |     _In_ ULONG SegmentIndex
 75 |     );
 76 | 
 77 | LONG NTAPI PhpFilePoolViewByBaseCompareFunction(
 78 |     _In_ PPH_AVL_LINKS Links1,
 79 |     _In_ PPH_AVL_LINKS Links2
 80 |     );
 81 | 
 82 | VOID PhFppAddViewByBase(
 83 |     _Inout_ PPH_FILE_POOL Pool,
 84 |     _Inout_ PPH_FILE_POOL_VIEW View
 85 |     );
 86 | 
 87 | VOID PhFppRemoveViewByBase(
 88 |     _Inout_ PPH_FILE_POOL Pool,
 89 |     _Inout_ PPH_FILE_POOL_VIEW View
 90 |     );
 91 | 
 92 | PPH_FILE_POOL_VIEW PhFppFindViewByBase(
 93 |     _Inout_ PPH_FILE_POOL Pool,
 94 |     _In_ PVOID Base
 95 |     );
 96 | 
 97 | PPH_FILE_POOL_VIEW PhFppCreateView(
 98 |     _Inout_ PPH_FILE_POOL Pool,
 99 |     _In_ ULONG SegmentIndex
100 |     );
101 | 
102 | VOID PhFppDestroyView(
103 |     _Inout_ PPH_FILE_POOL Pool,
104 |     _Inout_ PPH_FILE_POOL_VIEW View
105 |     );
106 | 
107 | VOID PhFppActivateView(
108 |     _Inout_ PPH_FILE_POOL Pool,
109 |     _Inout_ PPH_FILE_POOL_VIEW View
110 |     );
111 | 
112 | VOID PhFppDeactivateView(
113 |     _Inout_ PPH_FILE_POOL Pool,
114 |     _Inout_ PPH_FILE_POOL_VIEW View
115 |     );
116 | 
117 | VOID PhFppReferenceView(
118 |     _Inout_ PPH_FILE_POOL Pool,
119 |     _Inout_ PPH_FILE_POOL_VIEW View
120 |     );
121 | 
122 | VOID PhFppDereferenceView(
123 |     _Inout_ PPH_FILE_POOL Pool,
124 |     _Inout_ PPH_FILE_POOL_VIEW View
125 |     );
126 | 
127 | PPH_FP_BLOCK_HEADER PhFppReferenceSegment(
128 |     _Inout_ PPH_FILE_POOL Pool,
129 |     _In_ ULONG SegmentIndex
130 |     );
131 | 
132 | VOID PhFppDereferenceSegment(
133 |     _Inout_ PPH_FILE_POOL Pool,
134 |     _In_ ULONG SegmentIndex
135 |     );
136 | 
137 | VOID PhFppReferenceSegmentByBase(
138 |     _Inout_ PPH_FILE_POOL Pool,
139 |     _In_ PVOID Base
140 |     );
141 | 
142 | VOID PhFppDereferenceSegmentByBase(
143 |     _Inout_ PPH_FILE_POOL Pool,
144 |     _In_ PVOID Base
145 |     );
146 | 
147 | // Bitmap allocation
148 | 
149 | PPH_FP_BLOCK_HEADER PhFppAllocateBlocks(
150 |     _Inout_ PPH_FILE_POOL Pool,
151 |     _In_ PPH_FP_BLOCK_HEADER FirstBlock,
152 |     _Inout_ PPH_FP_SEGMENT_HEADER SegmentHeader,
153 |     _In_ ULONG NumberOfBlocks
154 |     );
155 | 
156 | VOID PhFppFreeBlocks(
157 |     _Inout_ PPH_FILE_POOL Pool,
158 |     _In_ PPH_FP_BLOCK_HEADER FirstBlock,
159 |     _Inout_ PPH_FP_SEGMENT_HEADER SegmentHeader,
160 |     _In_ PPH_FP_BLOCK_HEADER BlockHeader
161 |     );
162 | 
163 | // Free list
164 | 
165 | ULONG PhFppComputeFreeListIndex(
166 |     _In_ PPH_FILE_POOL Pool,
167 |     _In_ ULONG NumberOfBlocks
168 |     );
169 | 
170 | BOOLEAN PhFppInsertFreeList(
171 |     _Inout_ PPH_FILE_POOL Pool,
172 |     _In_ ULONG FreeListIndex,
173 |     _In_ ULONG SegmentIndex,
174 |     _In_ PPH_FP_SEGMENT_HEADER SegmentHeader
175 |     );
176 | 
177 | BOOLEAN PhFppRemoveFreeList(
178 |     _Inout_ PPH_FILE_POOL Pool,
179 |     _In_ ULONG FreeListIndex,
180 |     _In_ ULONG SegmentIndex,
181 |     _In_ PPH_FP_SEGMENT_HEADER SegmentHeader
182 |     );
183 | 
184 | // Misc.
185 | 
186 | PPH_FP_BLOCK_HEADER PhFppGetHeaderBlock(
187 |     _In_ PPH_FILE_POOL Pool,
188 |     _In_ PVOID Block
189 |     );
190 | 
191 | ULONG PhFppEncodeRva(
192 |     _In_ PPH_FILE_POOL Pool,
193 |     _In_ ULONG SegmentIndex,
194 |     _In_ PPH_FP_BLOCK_HEADER FirstBlock,
195 |     _In_ PVOID Address
196 |     );
197 | 
198 | ULONG PhFppDecodeRva(
199 |     _In_ PPH_FILE_POOL Pool,
200 |     _In_ ULONG Rva,
201 |     _Out_ PULONG SegmentIndex
202 |     );
203 | 
204 | #endif
205 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/graph.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PH_GRAPH_H
  2 | #define _PH_GRAPH_H
  3 | 
  4 | // Graph drawing
  5 | 
  6 | #ifndef _PH_GRAPH_PRIVATE
  7 | extern RECT PhNormalGraphTextMargin;
  8 | extern RECT PhNormalGraphTextPadding;
  9 | #endif
 10 | 
 11 | #define PH_GRAPH_USE_GRID 0x1
 12 | #define PH_GRAPH_USE_LINE_2 0x10
 13 | #define PH_GRAPH_OVERLAY_LINE_2 0x20
 14 | 
 15 | typedef struct _PH_GRAPH_DRAW_INFO
 16 | {
 17 |     // Basic
 18 |     ULONG Width;
 19 |     ULONG Height;
 20 |     ULONG Flags;
 21 |     ULONG Step;
 22 |     COLORREF BackColor;
 23 | 
 24 |     // Data/lines
 25 |     ULONG LineDataCount;
 26 |     PFLOAT LineData1;
 27 |     PFLOAT LineData2;
 28 |     COLORREF LineColor1;
 29 |     COLORREF LineColor2;
 30 |     COLORREF LineBackColor1;
 31 |     COLORREF LineBackColor2;
 32 | 
 33 |     // Grid
 34 |     COLORREF GridColor;
 35 |     ULONG GridWidth;
 36 |     ULONG GridHeight;
 37 |     ULONG GridStart;
 38 | 
 39 |     // Text
 40 |     PH_STRINGREF Text;
 41 |     RECT TextRect;
 42 |     RECT TextBoxRect;
 43 |     COLORREF TextColor;
 44 |     COLORREF TextBoxColor;
 45 | } PH_GRAPH_DRAW_INFO, *PPH_GRAPH_DRAW_INFO;
 46 | 
 47 | // Graph control
 48 | 
 49 | #define PH_GRAPH_CLASSNAME L"PhGraph"
 50 | 
 51 | BOOLEAN PhGraphControlInitialization(
 52 |     VOID
 53 |     );
 54 | 
 55 | PHLIBAPI
 56 | VOID PhDrawGraph(
 57 |     _In_ HDC hdc,
 58 |     _In_ PPH_GRAPH_DRAW_INFO DrawInfo
 59 |     );
 60 | 
 61 | PHLIBAPI
 62 | VOID PhDrawGraphDirect(
 63 |     _In_ HDC hdc,
 64 |     _In_ PVOID Bits,
 65 |     _In_ PPH_GRAPH_DRAW_INFO DrawInfo
 66 |     );
 67 | 
 68 | PHLIBAPI
 69 | VOID PhSetGraphText(
 70 |     _In_ HDC hdc,
 71 |     _Inout_ PPH_GRAPH_DRAW_INFO DrawInfo,
 72 |     _In_ PPH_STRINGREF Text,
 73 |     _In_ PRECT Margin,
 74 |     _In_ PRECT Padding,
 75 |     _In_ ULONG Align
 76 |     );
 77 | 
 78 | // Configuration
 79 | 
 80 | typedef struct _PH_GRAPH_OPTIONS
 81 | {
 82 |     COLORREF FadeOutBackColor;
 83 |     ULONG FadeOutWidth;
 84 |     HCURSOR DefaultCursor;
 85 | } PH_GRAPH_OPTIONS, *PPH_GRAPH_OPTIONS;
 86 | 
 87 | // Styles
 88 | 
 89 | #define GC_STYLE_FADEOUT 0x1
 90 | #define GC_STYLE_DRAW_PANEL 0x2
 91 | 
 92 | // Messages
 93 | 
 94 | #define GCM_GETDRAWINFO (WM_USER + 1301)
 95 | #define GCM_SETDRAWINFO (WM_USER + 1302)
 96 | #define GCM_DRAW (WM_USER + 1303)
 97 | #define GCM_MOVEGRID (WM_USER + 1304)
 98 | #define GCM_GETBUFFEREDCONTEXT (WM_USER + 1305)
 99 | #define GCM_SETTOOLTIP (WM_USER + 1306)
100 | #define GCM_UPDATETOOLTIP (WM_USER + 1307)
101 | #define GCM_GETOPTIONS (WM_USER + 1308)
102 | #define GCM_SETOPTIONS (WM_USER + 1309)
103 | 
104 | #define Graph_GetDrawInfo(hWnd, DrawInfo) \
105 |     SendMessage((hWnd), GCM_GETDRAWINFO, 0, (LPARAM)(DrawInfo))
106 | #define Graph_SetDrawInfo(hWnd, DrawInfo) \
107 |     SendMessage((hWnd), GCM_SETDRAWINFO, 0, (LPARAM)(DrawInfo))
108 | #define Graph_Draw(hWnd) \
109 |     SendMessage((hWnd), GCM_DRAW, 0, 0)
110 | #define Graph_MoveGrid(hWnd, Increment) \
111 |     SendMessage((hWnd), GCM_MOVEGRID, (WPARAM)(Increment), 0)
112 | #define Graph_GetBufferedContext(hWnd) \
113 |     ((HDC)SendMessage((hWnd), GCM_GETBUFFEREDCONTEXT, 0, 0))
114 | #define Graph_SetTooltip(hWnd, Enable) \
115 |     ((HDC)SendMessage((hWnd), GCM_SETTOOLTIP, (WPARAM)(Enable), 0))
116 | #define Graph_UpdateTooltip(hWnd) \
117 |     ((HDC)SendMessage((hWnd), GCM_UPDATETOOLTIP, 0, 0))
118 | #define Graph_GetOptions(hWnd, Options) \
119 |     SendMessage((hWnd), GCM_GETOPTIONS, 0, (LPARAM)(Options))
120 | #define Graph_SetOptions(hWnd, Options) \
121 |     SendMessage((hWnd), GCM_SETOPTIONS, 0, (LPARAM)(Options))
122 | 
123 | // Notifications
124 | 
125 | #define GCN_GETDRAWINFO (WM_USER + 1351)
126 | #define GCN_GETTOOLTIPTEXT (WM_USER + 1352)
127 | #define GCN_MOUSEEVENT (WM_USER + 1353)
128 | #define GCN_DRAWPANEL (WM_USER + 1354)
129 | 
130 | typedef struct _PH_GRAPH_GETDRAWINFO
131 | {
132 |     NMHDR Header;
133 |     PPH_GRAPH_DRAW_INFO DrawInfo;
134 | } PH_GRAPH_GETDRAWINFO, *PPH_GRAPH_GETDRAWINFO;
135 | 
136 | typedef struct _PH_GRAPH_GETTOOLTIPTEXT
137 | {
138 |     NMHDR Header;
139 |     ULONG Index;
140 |     ULONG TotalCount;
141 | 
142 |     PH_STRINGREF Text; // must be null-terminated
143 | } PH_GRAPH_GETTOOLTIPTEXT, *PPH_GRAPH_GETTOOLTIPTEXT;
144 | 
145 | typedef struct _PH_GRAPH_MOUSEEVENT
146 | {
147 |     NMHDR Header;
148 |     ULONG Index;
149 |     ULONG TotalCount;
150 | 
151 |     ULONG Message;
152 |     ULONG Keys;
153 |     POINT Point;
154 | } PH_GRAPH_MOUSEEVENT, *PPH_GRAPH_MOUSEEVENT;
155 | 
156 | typedef struct _PH_GRAPH_DRAWPANEL
157 | {
158 |     NMHDR Header;
159 |     HDC hdc;
160 |     RECT Rect;
161 | } PH_GRAPH_DRAWPANEL, *PPH_GRAPH_DRAWPANEL;
162 | 
163 | // Graph buffer management
164 | 
165 | #define PH_GRAPH_DATA_COUNT(Width, Step) (((Width) + (Step) - 1) / (Step) + 1) // round up in division
166 | 
167 | typedef struct _PH_GRAPH_BUFFERS
168 | {
169 |     PFLOAT Data1; // invalidate by setting Valid to FALSE
170 |     PFLOAT Data2; // invalidate by setting Valid to FALSE
171 |     ULONG AllocatedCount;
172 |     BOOLEAN Valid; // indicates the data is valid
173 | } PH_GRAPH_BUFFERS, *PPH_GRAPH_BUFFERS;
174 | 
175 | VOID PhInitializeGraphBuffers(
176 |     _Out_ PPH_GRAPH_BUFFERS Buffers
177 |     );
178 | 
179 | VOID PhDeleteGraphBuffers(
180 |     _Inout_ PPH_GRAPH_BUFFERS Buffers
181 |     );
182 | 
183 | PHLIBAPI
184 | VOID PhGetDrawInfoGraphBuffers(
185 |     _Inout_ PPH_GRAPH_BUFFERS Buffers,
186 |     _Inout_ PPH_GRAPH_DRAW_INFO DrawInfo,
187 |     _In_ ULONG DataCount
188 |     );
189 | 
190 | // Graph control state
191 | 
192 | // The basic buffer management structure was moved out of this section because
193 | // the text management is not needed for most cases.
194 | 
195 | typedef struct _PH_GRAPH_STATE
196 | {
197 |     // Union for compatibility
198 |     union
199 |     {
200 |         struct
201 |         {
202 |             PFLOAT Data1; // invalidate by setting Valid to FALSE
203 |             PFLOAT Data2; // invalidate by setting Valid to FALSE
204 |             ULONG AllocatedCount;
205 |             BOOLEAN Valid; // indicates the data is valid
206 |         };
207 |         PH_GRAPH_BUFFERS Buffers;
208 |     };
209 | 
210 |     PPH_STRING Text;
211 |     PPH_STRING TooltipText; // invalidate by setting TooltipIndex to -1
212 |     ULONG TooltipIndex; // indicates the tooltip text is valid for this index
213 | } PH_GRAPH_STATE, *PPH_GRAPH_STATE;
214 | 
215 | PHLIBAPI
216 | VOID PhInitializeGraphState(
217 |     _Out_ PPH_GRAPH_STATE State
218 |     );
219 | 
220 | PHLIBAPI
221 | VOID PhDeleteGraphState(
222 |     _Inout_ PPH_GRAPH_STATE State
223 |     );
224 | 
225 | PHLIBAPI
226 | VOID PhGraphStateGetDrawInfo(
227 |     _Inout_ PPH_GRAPH_STATE State,
228 |     _In_ PPH_GRAPH_GETDRAWINFO GetDrawInfo,
229 |     _In_ ULONG DataCount
230 |     );
231 | 
232 | #endif
233 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/guisupp.h:
--------------------------------------------------------------------------------
 1 | #ifndef _PH_GUISUPP_H
 2 | #define _PH_GUISUPP_H
 3 | 
 4 | #define CINTERFACE
 5 | #define COBJMACROS
 6 | #include <shlobj.h>
 7 | #undef CINTERFACE
 8 | #undef COBJMACROS
 9 | 
10 | typedef HRESULT (WINAPI *_SetWindowTheme)(
11 |     _In_ HWND hwnd,
12 |     _In_ LPCWSTR pszSubAppName,
13 |     _In_ LPCWSTR pszSubIdList
14 |     );
15 | 
16 | typedef HRESULT (WINAPI *_SHCreateShellItem)(
17 |     _In_opt_ PCIDLIST_ABSOLUTE pidlParent,
18 |     _In_opt_ IShellFolder *psfParent,
19 |     _In_ PCUITEMID_CHILD pidl,
20 |     _Out_ IShellItem **ppsi
21 |     );
22 | 
23 | typedef HRESULT (WINAPI *_SHOpenFolderAndSelectItems)(
24 |     _In_ PCIDLIST_ABSOLUTE pidlFolder,
25 |     _In_ UINT cidl,
26 |     _In_reads_opt_(cidl) PCUITEMID_CHILD_ARRAY *apidl,
27 |     _In_ DWORD dwFlags
28 |     );
29 | 
30 | typedef HRESULT (WINAPI *_SHParseDisplayName)(
31 |     _In_ LPCWSTR pszName,
32 |     _In_opt_ IBindCtx *pbc,
33 |     _Out_ PIDLIST_ABSOLUTE *ppidl,
34 |     _In_ SFGAOF sfgaoIn,
35 |     _Out_ SFGAOF *psfgaoOut
36 |     );
37 | 
38 | #ifndef _PH_GUISUP_PRIVATE
39 | extern _SetWindowTheme SetWindowTheme_I;
40 | extern _SHCreateShellItem SHCreateShellItem_I;
41 | extern _SHOpenFolderAndSelectItems SHOpenFolderAndSelectItems_I;
42 | extern _SHParseDisplayName SHParseDisplayName_I;
43 | #endif
44 | 
45 | #endif
46 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/handlep.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PH_HANDLEP_H
  2 | #define _PH_HANDLEP_H
  3 | 
  4 | #define PH_HANDLE_TABLE_ENTRY_TYPE 0x1
  5 | #define PH_HANDLE_TABLE_ENTRY_IN_USE 0x0
  6 | #define PH_HANDLE_TABLE_ENTRY_FREE 0x1
  7 | 
  8 | // Locked actually means Not Locked. This means
  9 | // that an in use, locked handle table entry can
 10 | // be used as-is.
 11 | #define PH_HANDLE_TABLE_ENTRY_LOCKED 0x2
 12 | #define PH_HANDLE_TABLE_ENTRY_LOCKED_SHIFT 1
 13 | 
 14 | // There is initially one handle table level, with
 15 | // 256 entries. When the handle table is expanded,
 16 | // the table is replaced with a level 1 table, which
 17 | // contains 256 pointers to level 0 tables (the first
 18 | // entry already points to the initial level 0 table).
 19 | // Similarly, when the handle table is expanded a
 20 | // second time, the table is replaced with a level 2
 21 | // table, which contains 256 pointers to level 1 tables.
 22 | //
 23 | // This provides a maximum of 16,777,216 handles.
 24 | 
 25 | #define PH_HANDLE_TABLE_LEVEL_ENTRIES 256
 26 | #define PH_HANDLE_TABLE_LEVEL_MASK 0x3
 27 | 
 28 | #define PH_HANDLE_TABLE_LOCKS 8
 29 | #define PH_HANDLE_TABLE_LOCK_INDEX(HandleValue) ((HandleValue) % PH_HANDLE_TABLE_LOCKS)
 30 | 
 31 | typedef struct _PH_HANDLE_TABLE
 32 | {
 33 |     PH_QUEUED_LOCK Lock;
 34 |     PH_QUEUED_LOCK HandleWakeEvent;
 35 | 
 36 |     ULONG Count;
 37 |     ULONG_PTR TableValue;
 38 |     ULONG FreeValue;
 39 |     ULONG NextValue;
 40 |     ULONG FreeValueAlt;
 41 | 
 42 |     ULONG Flags;
 43 | 
 44 |     PH_QUEUED_LOCK Locks[PH_HANDLE_TABLE_LOCKS];
 45 | } PH_HANDLE_TABLE, *PPH_HANDLE_TABLE;
 46 | 
 47 | FORCEINLINE VOID PhpLockHandleTableShared(
 48 |     _Inout_ PPH_HANDLE_TABLE HandleTable,
 49 |     _In_ ULONG Index
 50 |     )
 51 | {
 52 |     PhAcquireQueuedLockShared(&HandleTable->Locks[Index]);
 53 | }
 54 | 
 55 | FORCEINLINE VOID PhpUnlockHandleTableShared(
 56 |     _Inout_ PPH_HANDLE_TABLE HandleTable,
 57 |     _In_ ULONG Index
 58 |     )
 59 | {
 60 |     PhReleaseQueuedLockShared(&HandleTable->Locks[Index]);
 61 | }
 62 | 
 63 | // Handle values work by specifying indicies into each
 64 | // level.
 65 | //
 66 | // Bits 0-7: level 0
 67 | // Bits 8-15: level 1
 68 | // Bits 16-23: level 2
 69 | // Bits 24-31: reserved
 70 | 
 71 | #define PH_HANDLE_VALUE_INVALID ((ULONG)-1)
 72 | #define PH_HANDLE_VALUE_SHIFT 2
 73 | #define PH_HANDLE_VALUE_BIAS 4
 74 | 
 75 | #define PH_HANDLE_VALUE_LEVEL0(HandleValue) ((HandleValue) & 0xff)
 76 | #define PH_HANDLE_VALUE_LEVEL1_U(HandleValue) ((HandleValue) >> 8)
 77 | #define PH_HANDLE_VALUE_LEVEL1(HandleValue) (PH_HANDLE_VALUE_LEVEL1_U(HandleValue) & 0xff)
 78 | #define PH_HANDLE_VALUE_LEVEL2_U(HandleValue) ((HandleValue) >> 16)
 79 | #define PH_HANDLE_VALUE_LEVEL2(HandleValue) (PH_HANDLE_VALUE_LEVEL2_U(HandleValue) & 0xff)
 80 | #define PH_HANDLE_VALUE_IS_INVALID(HandleValue) (((HandleValue) >> 24) != 0)
 81 | 
 82 | FORCEINLINE HANDLE PhpEncodeHandle(
 83 |     _In_ ULONG HandleValue
 84 |     )
 85 | {
 86 |     return (HANDLE)((HandleValue << PH_HANDLE_VALUE_SHIFT) + PH_HANDLE_VALUE_BIAS);
 87 | }
 88 | 
 89 | FORCEINLINE ULONG PhpDecodeHandle(
 90 |     _In_ HANDLE Handle
 91 |     )
 92 | {
 93 |     return ((ULONG)Handle - PH_HANDLE_VALUE_BIAS) >> PH_HANDLE_VALUE_SHIFT;
 94 | }
 95 | 
 96 | VOID PhpBlockOnLockedHandleTableEntry(
 97 |     _Inout_ PPH_HANDLE_TABLE HandleTable,
 98 |     _In_ PPH_HANDLE_TABLE_ENTRY HandleTableEntry
 99 |     );
100 | 
101 | PPH_HANDLE_TABLE_ENTRY PhpAllocateHandleTableEntry(
102 |     _Inout_ PPH_HANDLE_TABLE HandleTable,
103 |     _Out_ PULONG HandleValue
104 |     );
105 | 
106 | VOID PhpFreeHandleTableEntry(
107 |     _Inout_ PPH_HANDLE_TABLE HandleTable,
108 |     _In_ ULONG HandleValue,
109 |     _Inout_ PPH_HANDLE_TABLE_ENTRY HandleTableEntry
110 |     );
111 | 
112 | BOOLEAN PhpAllocateMoreHandleTableEntries(
113 |     _In_ PPH_HANDLE_TABLE HandleTable,
114 |     _In_ BOOLEAN Initialize
115 |     );
116 | 
117 | PPH_HANDLE_TABLE_ENTRY PhpLookupHandleTableEntry(
118 |     _In_ PPH_HANDLE_TABLE HandleTable,
119 |     _In_ ULONG HandleValue
120 |     );
121 | 
122 | ULONG PhpMoveFreeHandleTableEntries(
123 |     _Inout_ PPH_HANDLE_TABLE HandleTable
124 |     );
125 | 
126 | PPH_HANDLE_TABLE_ENTRY PhpCreateHandleTableLevel0(
127 |     _In_ PPH_HANDLE_TABLE HandleTable,
128 |     _In_ BOOLEAN Initialize
129 |     );
130 | 
131 | VOID PhpFreeHandleTableLevel0(
132 |     _In_ PPH_HANDLE_TABLE_ENTRY Table
133 |     );
134 | 
135 | PPH_HANDLE_TABLE_ENTRY *PhpCreateHandleTableLevel1(
136 |     _In_ PPH_HANDLE_TABLE HandleTable
137 |     );
138 | 
139 | VOID PhpFreeHandleTableLevel1(
140 |     _In_ PPH_HANDLE_TABLE_ENTRY *Table
141 |     );
142 | 
143 | PPH_HANDLE_TABLE_ENTRY **PhpCreateHandleTableLevel2(
144 |     _In_ PPH_HANDLE_TABLE HandleTable
145 |     );
146 | 
147 | VOID PhpFreeHandleTableLevel2(
148 |     _In_ PPH_HANDLE_TABLE_ENTRY **Table
149 |     );
150 | 
151 | #endif
152 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/hexedit.h:
--------------------------------------------------------------------------------
 1 | #ifndef _PH_HEXEDIT_H
 2 | #define _PH_HEXEDIT_H
 3 | 
 4 | #define PH_HEXEDIT_CLASSNAME L"PhHexEdit"
 5 | 
 6 | #define EDIT_NONE 0
 7 | #define EDIT_ASCII 1
 8 | #define EDIT_HIGH 2
 9 | #define EDIT_LOW 3
10 | 
11 | BOOLEAN PhHexEditInitialization(
12 |     VOID
13 |     );
14 | 
15 | #define HEM_SETBUFFER (WM_USER + 1)
16 | #define HEM_SETDATA (WM_USER + 2)
17 | #define HEM_GETBUFFER (WM_USER + 3)
18 | #define HEM_SETSEL (WM_USER + 4)
19 | #define HEM_SETEDITMODE (WM_USER + 5)
20 | #define HEM_SETBYTESPERROW (WM_USER + 6)
21 | 
22 | #define HexEdit_SetBuffer(hWnd, Buffer, Length) \
23 |     SendMessage((hWnd), HEM_SETBUFFER, (WPARAM)(Length), (LPARAM)(Buffer))
24 | 
25 | #define HexEdit_SetData(hWnd, Buffer, Length) \
26 |     SendMessage((hWnd), HEM_SETDATA, (WPARAM)(Length), (LPARAM)(Buffer))
27 | 
28 | #define HexEdit_GetBuffer(hWnd, Length) \
29 |     ((PUCHAR)SendMessage((hWnd), HEM_GETBUFFER, (WPARAM)(Length), 0))
30 | 
31 | #define HexEdit_SetSel(hWnd, Start, End) \
32 |     SendMessage((hWnd), HEM_SETSEL, (WPARAM)(Start), (LPARAM)(End))
33 | 
34 | #define HexEdit_SetEditMode(hWnd, Mode) \
35 |     SendMessage((hWnd), HEM_SETEDITMODE, (WPARAM)(Mode), 0)
36 | 
37 | #define HexEdit_SetBytesPerRow(hWnd, BytesPerRow) \
38 |     SendMessage((hWnd), HEM_SETBYTESPERROW, (WPARAM)(BytesPerRow), 0)
39 | 
40 | #endif
41 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/hexeditp.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PH_HEXEDITP_H
  2 | #define _PH_HEXEDITP_H
  3 | 
  4 | typedef struct _PHP_HEXEDIT_CONTEXT
  5 | {
  6 |     PUCHAR Data;
  7 |     LONG Length;
  8 |     BOOLEAN UserBuffer;
  9 |     LONG TopIndex; // index of first visible byte on screen
 10 | 
 11 |     LONG CurrentAddress;
 12 |     LONG CurrentMode;
 13 |     LONG SelStart;
 14 |     LONG SelEnd;
 15 | 
 16 |     LONG BytesPerRow;
 17 |     LONG LinesPerPage;
 18 |     BOOLEAN ShowAddress;
 19 |     BOOLEAN ShowAscii;
 20 |     BOOLEAN ShowHex;
 21 |     BOOLEAN AddressIsWide;
 22 |     BOOLEAN AllowLengthChange;
 23 | 
 24 |     BOOLEAN NoAddressChange;
 25 |     BOOLEAN HalfPage;
 26 | 
 27 |     HFONT Font;
 28 |     LONG LineHeight;
 29 |     LONG NullWidth;
 30 |     PWCHAR CharBuffer;
 31 |     ULONG CharBufferLength;
 32 |     BOOLEAN Update;
 33 | 
 34 |     LONG HexOffset;
 35 |     LONG AsciiOffset;
 36 |     LONG AddressOffset;
 37 | 
 38 |     BOOLEAN HasCapture;
 39 |     POINT EditPosition;
 40 | } PHP_HEXEDIT_CONTEXT, *PPHP_HEXEDIT_CONTEXT;
 41 | 
 42 | #define IS_PRINTABLE(Byte) ((ULONG)((Byte) - ' ') <= (ULONG)('~' - ' '))
 43 | 
 44 | #define TO_HEX(Buffer, Byte) \
 45 | { \
 46 |     *(Buffer)++ = PhIntegerToChar[(Byte) >> 4]; \
 47 |     *(Buffer)++ = PhIntegerToChar[(Byte) & 0xf]; \
 48 | }
 49 | 
 50 | #define REDRAW_WINDOW(hwnd) \
 51 |     RedrawWindow((hwnd), NULL, NULL, RDW_INVALIDATE | RDW_UPDATENOW | RDW_ERASE)
 52 | 
 53 | VOID PhpCreateHexEditContext(
 54 |     _Out_ PPHP_HEXEDIT_CONTEXT *Context
 55 |     );
 56 | 
 57 | VOID PhpFreeHexEditContext(
 58 |     _In_ _Post_invalid_ PPHP_HEXEDIT_CONTEXT Context
 59 |     );
 60 | 
 61 | LRESULT CALLBACK PhpHexEditWndProc(
 62 |     _In_ HWND hwnd,
 63 |     _In_ UINT uMsg,
 64 |     _In_ WPARAM wParam,
 65 |     _In_ LPARAM lParam
 66 |     );
 67 | 
 68 | VOID PhpHexEditUpdateMetrics(
 69 |     _In_ HWND hwnd,
 70 |     _In_ PPHP_HEXEDIT_CONTEXT Context,
 71 |     _In_opt_ HDC hdc
 72 |     );
 73 | 
 74 | VOID PhpHexEditOnPaint(
 75 |     _In_ HWND hwnd,
 76 |     _In_ PPHP_HEXEDIT_CONTEXT Context,
 77 |     _In_ PAINTSTRUCT *PaintStruct,
 78 |     _In_ HDC hdc
 79 |     );
 80 | 
 81 | VOID PhpHexEditUpdateScrollbars(
 82 |     _In_ HWND hwnd,
 83 |     _In_ PPHP_HEXEDIT_CONTEXT Context
 84 |     );
 85 | 
 86 | FORCEINLINE BOOLEAN PhpHexEditHasSelected(
 87 |     _In_ PPHP_HEXEDIT_CONTEXT Context
 88 |     )
 89 | {
 90 |     return Context->SelStart != -1;
 91 | }
 92 | 
 93 | VOID PhpHexEditCreateAddressCaret(
 94 |     _In_ HWND hwnd,
 95 |     _In_ PPHP_HEXEDIT_CONTEXT Context
 96 |     );
 97 | 
 98 | VOID PhpHexEditCreateEditCaret(
 99 |     _In_ HWND hwnd,
100 |     _In_ PPHP_HEXEDIT_CONTEXT Context
101 |     );
102 | 
103 | VOID PhpHexEditRepositionCaret(
104 |     _In_ HWND hwnd,
105 |     _In_ PPHP_HEXEDIT_CONTEXT Context,
106 |     _In_ LONG Position
107 |     );
108 | 
109 | VOID PhpHexEditCalculatePosition(
110 |     _In_ HWND hwnd,
111 |     _In_ PPHP_HEXEDIT_CONTEXT Context,
112 |     _In_ LONG X,
113 |     _In_ LONG Y,
114 |     _Out_ POINT *Point
115 |     );
116 | 
117 | VOID PhpHexEditMove(
118 |     _In_ HWND hwnd,
119 |     _In_ PPHP_HEXEDIT_CONTEXT Context,
120 |     _In_ LONG X,
121 |     _In_ LONG Y
122 |     );
123 | 
124 | VOID PhpHexEditSetSel(
125 |     _In_ HWND hwnd,
126 |     _In_ PPHP_HEXEDIT_CONTEXT Context,
127 |     _In_ LONG S,
128 |     _In_ LONG E
129 |     );
130 | 
131 | VOID PhpHexEditScrollTo(
132 |     _In_ HWND hwnd,
133 |     _In_ PPHP_HEXEDIT_CONTEXT Context,
134 |     _In_ LONG Position
135 |     );
136 | 
137 | VOID PhpHexEditClearEdit(
138 |     _In_ HWND hwnd,
139 |     _In_ PPHP_HEXEDIT_CONTEXT Context
140 |     );
141 | 
142 | VOID PhpHexEditCopyEdit(
143 |     _In_ HWND hwnd,
144 |     _In_ PPHP_HEXEDIT_CONTEXT Context
145 |     );
146 | 
147 | VOID PhpHexEditCutEdit(
148 |     _In_ HWND hwnd,
149 |     _In_ PPHP_HEXEDIT_CONTEXT Context
150 |     );
151 | 
152 | VOID PhpHexEditPasteEdit(
153 |     _In_ HWND hwnd,
154 |     _In_ PPHP_HEXEDIT_CONTEXT Context
155 |     );
156 | 
157 | VOID PhpHexEditSelectAll(
158 |     _In_ HWND hwnd,
159 |     _In_ PPHP_HEXEDIT_CONTEXT Context
160 |     );
161 | 
162 | VOID PhpHexEditUndoEdit(
163 |     _In_ HWND hwnd,
164 |     _In_ PPHP_HEXEDIT_CONTEXT Context
165 |     );
166 | 
167 | VOID PhpHexEditNormalizeSel(
168 |     _In_ HWND hwnd,
169 |     _In_ PPHP_HEXEDIT_CONTEXT Context
170 |     );
171 | 
172 | VOID PhpHexEditSelDelete(
173 |     _In_ HWND hwnd,
174 |     _In_ PPHP_HEXEDIT_CONTEXT Context,
175 |     _In_ LONG S,
176 |     _In_ LONG E
177 |     );
178 | 
179 | VOID PhpHexEditSelInsert(
180 |     _In_ HWND hwnd,
181 |     _In_ PPHP_HEXEDIT_CONTEXT Context,
182 |     _In_ LONG S,
183 |     _In_ LONG L
184 |     );
185 | 
186 | VOID PhpHexEditSetBuffer(
187 |     _In_ HWND hwnd,
188 |     _In_ PPHP_HEXEDIT_CONTEXT Context,
189 |     _In_ PUCHAR Data,
190 |     _In_ ULONG Length
191 |     );
192 | 
193 | VOID PhpHexEditSetData(
194 |     _In_ HWND hwnd,
195 |     _In_ PPHP_HEXEDIT_CONTEXT Context,
196 |     _In_ PUCHAR Data,
197 |     _In_ ULONG Length
198 |     );
199 | 
200 | #endif
201 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/iosupp.h:
--------------------------------------------------------------------------------
 1 | #ifndef _PH_IOSUPP_H
 2 | #define _PH_IOSUPP_H
 3 | 
 4 | VOID NTAPI PhpFileStreamDeleteProcedure(
 5 |     _In_ PVOID Object,
 6 |     _In_ ULONG Flags
 7 |     );
 8 | 
 9 | NTSTATUS PhpAllocateBufferFileStream(
10 |     _Inout_ PPH_FILE_STREAM FileStream
11 |     );
12 | 
13 | NTSTATUS PhpReadFileStream(
14 |     _Inout_ PPH_FILE_STREAM FileStream,
15 |     _Out_writes_bytes_(Length) PVOID Buffer,
16 |     _In_ ULONG Length,
17 |     _Out_opt_ PULONG ReadLength
18 |     );
19 | 
20 | NTSTATUS PhpWriteFileStream(
21 |     _Inout_ PPH_FILE_STREAM FileStream,
22 |     _In_reads_bytes_(Length) PVOID Buffer,
23 |     _In_ ULONG Length
24 |     );
25 | 
26 | NTSTATUS PhpFlushReadFileStream(
27 |     _Inout_ PPH_FILE_STREAM FileStream
28 |     );
29 | 
30 | NTSTATUS PhpFlushWriteFileStream(
31 |     _Inout_ PPH_FILE_STREAM FileStream
32 |     );
33 | 
34 | NTSTATUS PhpSeekFileStream(
35 |     _Inout_ PPH_FILE_STREAM FileStream,
36 |     _In_ PLARGE_INTEGER Offset,
37 |     _In_ PH_SEEK_ORIGIN Origin
38 |     );
39 | 
40 | #endif
41 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/kphapi.h:
--------------------------------------------------------------------------------
  1 | #ifndef _KPHAPI_H
  2 | #define _KPHAPI_H
  3 | 
  4 | // This file contains KProcessHacker definitions shared across
  5 | // kernel-mode and user-mode.
  6 | 
  7 | // Process information
  8 | 
  9 | typedef enum _KPH_PROCESS_INFORMATION_CLASS
 10 | {
 11 |     KphProcessProtectionInformation = 1, // q: KPH_PROCESS_PROTECTION_INFORMATION
 12 |     KphProcessExecuteFlags = 2, // s: ULONG
 13 |     KphProcessIoPriority = 3, // qs: ULONG
 14 |     MaxKphProcessInfoClass
 15 | } KPH_PROCESS_INFORMATION_CLASS;
 16 | 
 17 | typedef struct _KPH_PROCESS_PROTECTION_INFORMATION
 18 | {
 19 |     BOOLEAN IsProtectedProcess;
 20 | } KPH_PROCESS_PROTECTION_INFORMATION, *PKPH_PROCESS_PROTECTION_INFORMATION;
 21 | 
 22 | // Thread information
 23 | 
 24 | typedef enum _KPH_THREAD_INFORMATION_CLASS
 25 | {
 26 |     KphThreadWin32Thread = 1, // q: PVOID
 27 |     KphThreadImpersonationToken = 2, // s: HANDLE
 28 |     KphThreadIoPriority = 3, // qs: ULONG
 29 |     MaxKphThreadInfoClass
 30 | } KPH_THREAD_INFORMATION_CLASS;
 31 | 
 32 | // Process handle information
 33 | 
 34 | typedef struct _KPH_PROCESS_HANDLE
 35 | {
 36 |     HANDLE Handle;
 37 |     PVOID Object;
 38 |     ACCESS_MASK GrantedAccess;
 39 |     USHORT ObjectTypeIndex;
 40 |     USHORT Reserved1;
 41 |     ULONG HandleAttributes;
 42 |     ULONG Reserved2;
 43 | } KPH_PROCESS_HANDLE, *PKPH_PROCESS_HANDLE;
 44 | 
 45 | typedef struct _KPH_PROCESS_HANDLE_INFORMATION
 46 | {
 47 |     ULONG HandleCount;
 48 |     KPH_PROCESS_HANDLE Handles[1];
 49 | } KPH_PROCESS_HANDLE_INFORMATION, *PKPH_PROCESS_HANDLE_INFORMATION;
 50 | 
 51 | // Object information
 52 | 
 53 | typedef enum _KPH_OBJECT_INFORMATION_CLASS
 54 | {
 55 |     KphObjectBasicInformation, // q: OBJECT_BASIC_INFORMATION
 56 |     KphObjectNameInformation, // q: OBJECT_NAME_INFORMATION
 57 |     KphObjectTypeInformation, // q: OBJECT_TYPE_INFORMATION
 58 |     KphObjectHandleFlagInformation, // qs: OBJECT_HANDLE_FLAG_INFORMATION
 59 |     KphObjectProcessBasicInformation, // q: PROCESS_BASIC_INFORMATION
 60 |     KphObjectThreadBasicInformation, // q: THREAD_BASIC_INFORMATION
 61 |     KphObjectEtwRegBasicInformation, // q: ETWREG_BASIC_INFORMATION
 62 |     KphObjectFileObjectInformation, // q: KPH_FILE_OBJECT_INFORMATION
 63 |     KphObjectFileObjectDriver, // q: KPH_FILE_OBJECT_DRIVER
 64 |     MaxKphObjectInfoClass
 65 | } KPH_OBJECT_INFORMATION_CLASS;
 66 | 
 67 | typedef struct _KPH_FILE_OBJECT_INFORMATION
 68 | {
 69 |     BOOLEAN LockOperation;
 70 |     BOOLEAN DeletePending;
 71 |     BOOLEAN ReadAccess;
 72 |     BOOLEAN WriteAccess;
 73 |     BOOLEAN DeleteAccess;
 74 |     BOOLEAN SharedRead;
 75 |     BOOLEAN SharedWrite;
 76 |     BOOLEAN SharedDelete;
 77 |     LARGE_INTEGER CurrentByteOffset;
 78 |     ULONG Flags;
 79 | } KPH_FILE_OBJECT_INFORMATION, *PKPH_FILE_OBJECT_INFORMATION;
 80 | 
 81 | typedef struct _KPH_FILE_OBJECT_DRIVER
 82 | {
 83 |     HANDLE DriverHandle;
 84 | } KPH_FILE_OBJECT_DRIVER, *PKPH_FILE_OBJECT_DRIVER;
 85 | 
 86 | // Driver information
 87 | 
 88 | typedef enum _DRIVER_INFORMATION_CLASS
 89 | {
 90 |     DriverBasicInformation,
 91 |     DriverNameInformation,
 92 |     DriverServiceKeyNameInformation,
 93 |     MaxDriverInfoClass
 94 | } DRIVER_INFORMATION_CLASS;
 95 | 
 96 | typedef struct _DRIVER_BASIC_INFORMATION
 97 | {
 98 |     ULONG Flags;
 99 |     PVOID DriverStart;
100 |     ULONG DriverSize;
101 | } DRIVER_BASIC_INFORMATION, *PDRIVER_BASIC_INFORMATION;
102 | 
103 | typedef struct _DRIVER_NAME_INFORMATION
104 | {
105 |     UNICODE_STRING DriverName;
106 | } DRIVER_NAME_INFORMATION, *PDRIVER_NAME_INFORMATION;
107 | 
108 | typedef struct _DRIVER_SERVICE_KEY_NAME_INFORMATION
109 | {
110 |     UNICODE_STRING ServiceKeyName;
111 | } DRIVER_SERVICE_KEY_NAME_INFORMATION, *PDRIVER_SERVICE_KEY_NAME_INFORMATION;
112 | 
113 | // ETW registration object information
114 | 
115 | typedef struct _ETWREG_BASIC_INFORMATION
116 | {
117 |     GUID Guid;
118 |     ULONG_PTR SessionId;
119 | } ETWREG_BASIC_INFORMATION, *PETWREG_BASIC_INFORMATION;
120 | 
121 | // Device
122 | 
123 | #define KPH_DEVICE_SHORT_NAME L"KProcessHacker2"
124 | #define KPH_DEVICE_TYPE 0x9999
125 | #define KPH_DEVICE_NAME (L"\\Device\\" KPH_DEVICE_SHORT_NAME)
126 | 
127 | // Parameters
128 | 
129 | typedef enum _KPH_SECURITY_LEVEL
130 | {
131 |     KphSecurityNone = 0, // all clients are allowed
132 |     KphSecurityPrivilegeCheck = 1, // require SeDebugPrivilege
133 |     KphMaxSecurityLevel
134 | } KPH_SECURITY_LEVEL, *PKPH_SECURITY_LEVEL;
135 | 
136 | typedef struct _KPH_DYN_STRUCT_DATA
137 | {
138 |     SHORT EgeGuid;
139 |     SHORT EpObjectTable;
140 |     SHORT Reserved0;
141 |     SHORT Reserved1;
142 |     SHORT EpRundownProtect;
143 |     SHORT EreGuidEntry;
144 |     SHORT HtHandleContentionEvent;
145 |     SHORT OtName;
146 |     SHORT OtIndex;
147 |     SHORT ObDecodeShift;
148 |     SHORT ObAttributesShift;
149 | } KPH_DYN_STRUCT_DATA, *PKPH_DYN_STRUCT_DATA;
150 | 
151 | typedef struct _KPH_DYN_PACKAGE
152 | {
153 |     USHORT MajorVersion;
154 |     USHORT MinorVersion;
155 |     USHORT ServicePackMajor; // -1 to ignore
156 |     USHORT BuildNumber; // -1 to ignore
157 |     ULONG ResultingNtVersion; // PHNT_*
158 |     KPH_DYN_STRUCT_DATA StructData;
159 | } KPH_DYN_PACKAGE, *PKPH_DYN_PACKAGE;
160 | 
161 | #define KPH_DYN_CONFIGURATION_VERSION 2
162 | #define KPH_DYN_MAXIMUM_PACKAGES 64
163 | 
164 | typedef struct _KPH_DYN_CONFIGURATION
165 | {
166 |     ULONG Version;
167 |     ULONG NumberOfPackages;
168 |     KPH_DYN_PACKAGE Packages[1];
169 | } KPH_DYN_CONFIGURATION, *PKPH_DYN_CONFIGURATION;
170 | 
171 | // Features
172 | 
173 | // No features defined.
174 | 
175 | // Control codes
176 | 
177 | #define KPH_CTL_CODE(x) CTL_CODE(KPH_DEVICE_TYPE, 0x800 + x, METHOD_NEITHER, FILE_ANY_ACCESS)
178 | 
179 | // General
180 | #define KPH_GETFEATURES KPH_CTL_CODE(0)
181 | 
182 | // Processes
183 | #define KPH_OPENPROCESS KPH_CTL_CODE(50)
184 | #define KPH_OPENPROCESSTOKEN KPH_CTL_CODE(51)
185 | #define KPH_OPENPROCESSJOB KPH_CTL_CODE(52)
186 | #define KPH_SUSPENDPROCESS KPH_CTL_CODE(53)
187 | #define KPH_RESUMEPROCESS KPH_CTL_CODE(54)
188 | #define KPH_TERMINATEPROCESS KPH_CTL_CODE(55)
189 | #define KPH_READVIRTUALMEMORY KPH_CTL_CODE(56)
190 | #define KPH_WRITEVIRTUALMEMORY KPH_CTL_CODE(57)
191 | #define KPH_READVIRTUALMEMORYUNSAFE KPH_CTL_CODE(58)
192 | #define KPH_QUERYINFORMATIONPROCESS KPH_CTL_CODE(59)
193 | #define KPH_SETINFORMATIONPROCESS KPH_CTL_CODE(60)
194 | 
195 | // Threads
196 | #define KPH_OPENTHREAD KPH_CTL_CODE(100)
197 | #define KPH_OPENTHREADPROCESS KPH_CTL_CODE(101)
198 | #define KPH_TERMINATETHREAD KPH_CTL_CODE(102)
199 | #define KPH_TERMINATETHREADUNSAFE KPH_CTL_CODE(103)
200 | #define KPH_GETCONTEXTTHREAD KPH_CTL_CODE(104)
201 | #define KPH_SETCONTEXTTHREAD KPH_CTL_CODE(105)
202 | #define KPH_CAPTURESTACKBACKTRACETHREAD KPH_CTL_CODE(106)
203 | #define KPH_QUERYINFORMATIONTHREAD KPH_CTL_CODE(107)
204 | #define KPH_SETINFORMATIONTHREAD KPH_CTL_CODE(108)
205 | 
206 | // Handles
207 | #define KPH_ENUMERATEPROCESSHANDLES KPH_CTL_CODE(150)
208 | #define KPH_QUERYINFORMATIONOBJECT KPH_CTL_CODE(151)
209 | #define KPH_SETINFORMATIONOBJECT KPH_CTL_CODE(152)
210 | #define KPH_DUPLICATEOBJECT KPH_CTL_CODE(153)
211 | 
212 | // Misc.
213 | #define KPH_OPENDRIVER KPH_CTL_CODE(200)
214 | #define KPH_QUERYINFORMATIONDRIVER KPH_CTL_CODE(201)
215 | 
216 | #endif


--------------------------------------------------------------------------------
/HsCore/phlib/include/md5.h:
--------------------------------------------------------------------------------
 1 | #ifndef _MD5_H
 2 | #define _MD5_H
 3 | 
 4 | typedef struct
 5 | {
 6 |     ULONG i[2];
 7 |     ULONG buf[4];
 8 |     UCHAR in[64];
 9 |     UCHAR digest[16];
10 | } MD5_CTX;
11 | 
12 | VOID MD5Init(
13 |     _Out_ MD5_CTX *Context
14 |     );
15 | 
16 | VOID MD5Update(
17 |     _Inout_ MD5_CTX *Context,
18 |     _In_reads_bytes_(Length) UCHAR *Input,
19 |     _In_ ULONG Length
20 |     );
21 | 
22 | VOID MD5Final(
23 |     _Inout_ MD5_CTX *Context
24 |     );
25 | 
26 | #endif
27 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/ntcm.h:
--------------------------------------------------------------------------------
 1 | #ifndef _NTCM_H
 2 | #define _NTCM_H
 3 | 
 4 | typedef enum _PNP_VETO_TYPE
 5 | {
 6 |     PNP_VetoTypeUnknown, // unspecified
 7 |     PNP_VetoLegacyDevice, // instance path
 8 |     PNP_VetoPendingClose, // instance path
 9 |     PNP_VetoWindowsApp, // module
10 |     PNP_VetoWindowsService, // service
11 |     PNP_VetoOutstandingOpen, // instance path
12 |     PNP_VetoDevice, // instance path
13 |     PNP_VetoDriver, // driver service name
14 |     PNP_VetoIllegalDeviceRequest, // instance path
15 |     PNP_VetoInsufficientPower, // unspecified
16 |     PNP_VetoNonDisableable, // instance path
17 |     PNP_VetoLegacyDriver, // service
18 |     PNP_VetoInsufficientRights  // unspecified
19 | } PNP_VETO_TYPE, *PPNP_VETO_TYPE;
20 | 
21 | #endif
22 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/ntdbg.h:
--------------------------------------------------------------------------------
  1 | #ifndef _NTDBG_H
  2 | #define _NTDBG_H
  3 | 
  4 | // Definitions
  5 | 
  6 | typedef struct _DBGKM_EXCEPTION
  7 | {
  8 |     EXCEPTION_RECORD ExceptionRecord;
  9 |     ULONG FirstChance;
 10 | } DBGKM_EXCEPTION, *PDBGKM_EXCEPTION;
 11 | 
 12 | typedef struct _DBGKM_CREATE_THREAD
 13 | {
 14 |     ULONG SubSystemKey;
 15 |     PVOID StartAddress;
 16 | } DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD;
 17 | 
 18 | typedef struct _DBGKM_CREATE_PROCESS
 19 | {
 20 |     ULONG SubSystemKey;
 21 |     HANDLE FileHandle;
 22 |     PVOID BaseOfImage;
 23 |     ULONG DebugInfoFileOffset;
 24 |     ULONG DebugInfoSize;
 25 |     DBGKM_CREATE_THREAD InitialThread;
 26 | } DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS;
 27 | 
 28 | typedef struct _DBGKM_EXIT_THREAD
 29 | {
 30 |     NTSTATUS ExitStatus;
 31 | } DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD;
 32 | 
 33 | typedef struct _DBGKM_EXIT_PROCESS
 34 | {
 35 |     NTSTATUS ExitStatus;
 36 | } DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS;
 37 | 
 38 | typedef struct _DBGKM_LOAD_DLL
 39 | {
 40 |     HANDLE FileHandle;
 41 |     PVOID BaseOfDll;
 42 |     ULONG DebugInfoFileOffset;
 43 |     ULONG DebugInfoSize;
 44 |     PVOID NamePointer;
 45 | } DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL;
 46 | 
 47 | typedef struct _DBGKM_UNLOAD_DLL
 48 | {
 49 |     PVOID BaseAddress;
 50 | } DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL;
 51 | 
 52 | typedef enum _DBG_STATE
 53 | {
 54 |     DbgIdle,
 55 |     DbgReplyPending,
 56 |     DbgCreateThreadStateChange,
 57 |     DbgCreateProcessStateChange,
 58 |     DbgExitThreadStateChange,
 59 |     DbgExitProcessStateChange,
 60 |     DbgExceptionStateChange,
 61 |     DbgBreakpointStateChange,
 62 |     DbgSingleStepStateChange,
 63 |     DbgLoadDllStateChange,
 64 |     DbgUnloadDllStateChange
 65 | } DBG_STATE, *PDBG_STATE;
 66 | 
 67 | typedef struct _DBGUI_CREATE_THREAD
 68 | {
 69 |     HANDLE HandleToThread;
 70 |     DBGKM_CREATE_THREAD NewThread;
 71 | } DBGUI_CREATE_THREAD, *PDBGUI_CREATE_THREAD;
 72 | 
 73 | typedef struct _DBGUI_CREATE_PROCESS
 74 | {
 75 |     HANDLE HandleToProcess;
 76 |     HANDLE HandleToThread;
 77 |     DBGKM_CREATE_PROCESS NewProcess;
 78 | } DBGUI_CREATE_PROCESS, *PDBGUI_CREATE_PROCESS;
 79 | 
 80 | typedef struct _DBGUI_WAIT_STATE_CHANGE
 81 | {
 82 |     DBG_STATE NewState;
 83 |     CLIENT_ID AppClientId;
 84 |     union
 85 |     {
 86 |         DBGKM_EXCEPTION Exception;
 87 |         DBGUI_CREATE_THREAD CreateThread;
 88 |         DBGUI_CREATE_PROCESS CreateProcessInfo;
 89 |         DBGKM_EXIT_THREAD ExitThread;
 90 |         DBGKM_EXIT_PROCESS ExitProcess;
 91 |         DBGKM_LOAD_DLL LoadDll;
 92 |         DBGKM_UNLOAD_DLL UnloadDll;
 93 |     } StateInfo;
 94 | } DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE;
 95 | 
 96 | // System calls
 97 | 
 98 | #define DEBUG_READ_EVENT 0x0001
 99 | #define DEBUG_PROCESS_ASSIGN 0x0002
100 | #define DEBUG_SET_INFORMATION 0x0004
101 | #define DEBUG_QUERY_INFORMATION 0x0008
102 | #define DEBUG_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
103 |     DEBUG_READ_EVENT | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | \
104 |     DEBUG_QUERY_INFORMATION)
105 | 
106 | #define DEBUG_KILL_ON_CLOSE 0x1
107 | 
108 | typedef enum _DEBUGOBJECTINFOCLASS
109 | {
110 |     DebugObjectFlags = 1,
111 |     MaxDebugObjectInfoClass
112 | } DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;
113 | 
114 | NTSYSCALLAPI
115 | NTSTATUS
116 | NTAPI
117 | NtCreateDebugObject(
118 |     _Out_ PHANDLE DebugObjectHandle,
119 |     _In_ ACCESS_MASK DesiredAccess,
120 |     _In_ POBJECT_ATTRIBUTES ObjectAttributes,
121 |     _In_ ULONG Flags
122 |     );
123 | 
124 | NTSYSCALLAPI
125 | NTSTATUS
126 | NTAPI
127 | NtDebugActiveProcess(
128 |     _In_ HANDLE ProcessHandle,
129 |     _In_ HANDLE DebugObjectHandle
130 |     );
131 | 
132 | NTSYSCALLAPI
133 | NTSTATUS
134 | NTAPI
135 | NtDebugContinue(
136 |     _In_ HANDLE DebugObjectHandle,
137 |     _In_ PCLIENT_ID ClientId,
138 |     _In_ NTSTATUS ContinueStatus
139 |     );
140 | 
141 | NTSYSCALLAPI
142 | NTSTATUS
143 | NTAPI
144 | NtRemoveProcessDebug(
145 |     _In_ HANDLE ProcessHandle,
146 |     _In_ HANDLE DebugObjectHandle
147 |     );
148 | 
149 | NTSYSCALLAPI
150 | NTSTATUS
151 | NTAPI
152 | NtSetInformationDebugObject(
153 |     _In_ HANDLE DebugObjectHandle,
154 |     _In_ DEBUGOBJECTINFOCLASS DebugObjectInformationClass,
155 |     _In_ PVOID DebugInformation,
156 |     _In_ ULONG DebugInformationLength,
157 |     _Out_opt_ PULONG ReturnLength
158 |     );
159 | 
160 | NTSYSCALLAPI
161 | NTSTATUS
162 | NTAPI
163 | NtWaitForDebugEvent(
164 |     _In_ HANDLE DebugObjectHandle,
165 |     _In_ BOOLEAN Alertable,
166 |     _In_opt_ PLARGE_INTEGER Timeout,
167 |     _Out_ PVOID WaitStateChange
168 |     );
169 | 
170 | // Debugging UI
171 | 
172 | NTSYSAPI
173 | NTSTATUS
174 | NTAPI
175 | DbgUiConnectToDbg(
176 |     VOID
177 |     );
178 | 
179 | NTSYSAPI
180 | HANDLE
181 | NTAPI
182 | DbgUiGetThreadDebugObject(
183 |     VOID
184 |     );
185 | 
186 | NTSYSAPI
187 | VOID
188 | NTAPI
189 | DbgUiSetThreadDebugObject(
190 |     _In_ HANDLE DebugObject
191 |     );
192 | 
193 | NTSYSAPI
194 | NTSTATUS
195 | NTAPI
196 | DbgUiWaitStateChange(
197 |     _Out_ PDBGUI_WAIT_STATE_CHANGE StateChange,
198 |     _In_opt_ PLARGE_INTEGER Timeout
199 |     );
200 | 
201 | NTSYSAPI
202 | NTSTATUS
203 | NTAPI
204 | DbgUiContinue(
205 |     _In_ PCLIENT_ID AppClientId,
206 |     _In_ NTSTATUS ContinueStatus
207 |     );
208 | 
209 | NTSYSAPI
210 | NTSTATUS
211 | NTAPI
212 | DbgUiStopDebugging(
213 |     _In_ HANDLE Process
214 |     );
215 | 
216 | NTSYSAPI
217 | NTSTATUS
218 | NTAPI
219 | DbgUiDebugActiveProcess(
220 |     _In_ HANDLE Process
221 |     );
222 | 
223 | NTSYSAPI
224 | VOID
225 | NTAPI
226 | DbgUiRemoteBreakin(
227 |     _In_ PVOID Context
228 |     );
229 | 
230 | NTSYSAPI
231 | NTSTATUS
232 | NTAPI
233 | DbgUiIssueRemoteBreakin(
234 |     _In_ HANDLE Process
235 |     );
236 | 
237 | struct _DEBUG_EVENT;
238 | 
239 | NTSYSAPI
240 | NTSTATUS
241 | NTAPI
242 | DbgUiConvertStateChangeStructure(
243 |     _In_ PDBGUI_WAIT_STATE_CHANGE StateChange,
244 |     _Out_ struct _DEBUG_EVENT *DebugEvent
245 |     );
246 | 
247 | #endif
248 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/ntgdi.h:
--------------------------------------------------------------------------------
  1 | #ifndef _NTGDI_H
  2 | #define _NTGDI_H
  3 | 
  4 | #define GDI_MAX_HANDLE_COUNT 0x4000
  5 | 
  6 | #define GDI_HANDLE_INDEX_SHIFT 0
  7 | #define GDI_HANDLE_INDEX_BITS 16
  8 | #define GDI_HANDLE_INDEX_MASK 0xffff
  9 | 
 10 | #define GDI_HANDLE_TYPE_SHIFT 16
 11 | #define GDI_HANDLE_TYPE_BITS 5
 12 | #define GDI_HANDLE_TYPE_MASK 0x1f
 13 | 
 14 | #define GDI_HANDLE_ALTTYPE_SHIFT 21
 15 | #define GDI_HANDLE_ALTTYPE_BITS 2
 16 | #define GDI_HANDLE_ALTTYPE_MASK 0x3
 17 | 
 18 | #define GDI_HANDLE_STOCK_SHIFT 23
 19 | #define GDI_HANDLE_STOCK_BITS 1
 20 | #define GDI_HANDLE_STOCK_MASK 0x1
 21 | 
 22 | #define GDI_HANDLE_UNIQUE_SHIFT 24
 23 | #define GDI_HANDLE_UNIQUE_BITS 8
 24 | #define GDI_HANDLE_UNIQUE_MASK 0xff
 25 | 
 26 | #define GDI_HANDLE_INDEX(Handle) ((ULONG)(Handle) & GDI_HANDLE_INDEX_MASK)
 27 | #define GDI_HANDLE_TYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_TYPE_SHIFT) & GDI_HANDLE_TYPE_MASK)
 28 | #define GDI_HANDLE_ALTTYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_ALTTYPE_SHIFT) & GDI_HANDLE_ALTTYPE_MASK)
 29 | #define GDI_HANDLE_STOCK(Handle) (((ULONG)(Handle) >> GDI_HANDLE_STOCK_SHIFT)) & GDI_HANDLE_STOCK_MASK)
 30 | 
 31 | #define GDI_MAKE_HANDLE(Index, Unique) ((ULONG)(((ULONG)(Unique) << GDI_HANDLE_INDEX_BITS) | (ULONG)(Index)))
 32 | 
 33 | // GDI server-side types
 34 | 
 35 | #define GDI_DEF_TYPE 0 // invalid handle
 36 | #define GDI_DC_TYPE 1
 37 | #define GDI_DD_DIRECTDRAW_TYPE 2
 38 | #define GDI_DD_SURFACE_TYPE 3
 39 | #define GDI_RGN_TYPE 4
 40 | #define GDI_SURF_TYPE 5
 41 | #define GDI_CLIENTOBJ_TYPE 6
 42 | #define GDI_PATH_TYPE 7
 43 | #define GDI_PAL_TYPE 8
 44 | #define GDI_ICMLCS_TYPE 9
 45 | #define GDI_LFONT_TYPE 10
 46 | #define GDI_RFONT_TYPE 11
 47 | #define GDI_PFE_TYPE 12
 48 | #define GDI_PFT_TYPE 13
 49 | #define GDI_ICMCXF_TYPE 14
 50 | #define GDI_ICMDLL_TYPE 15
 51 | #define GDI_BRUSH_TYPE 16
 52 | #define GDI_PFF_TYPE 17 // unused
 53 | #define GDI_CACHE_TYPE 18 // unused
 54 | #define GDI_SPACE_TYPE 19
 55 | #define GDI_DBRUSH_TYPE 20 // unused
 56 | #define GDI_META_TYPE 21
 57 | #define GDI_EFSTATE_TYPE 22
 58 | #define GDI_BMFD_TYPE 23 // unused
 59 | #define GDI_VTFD_TYPE 24 // unused
 60 | #define GDI_TTFD_TYPE 25 // unused
 61 | #define GDI_RC_TYPE 26 // unused
 62 | #define GDI_TEMP_TYPE 27 // unused
 63 | #define GDI_DRVOBJ_TYPE 28
 64 | #define GDI_DCIOBJ_TYPE 29 // unused
 65 | #define GDI_SPOOL_TYPE 30
 66 | 
 67 | // GDI client-side types
 68 | 
 69 | #define GDI_CLIENT_TYPE_FROM_HANDLE(Handle) ((ULONG)(Handle) & ((GDI_HANDLE_ALTTYPE_MASK << GDI_HANDLE_ALTTYPE_SHIFT) | \
 70 |     (GDI_HANDLE_TYPE_MASK << GDI_HANDLE_TYPE_SHIFT)))
 71 | #define GDI_CLIENT_TYPE_FROM_UNIQUE(Unique) GDI_CLIENT_TYPE_FROM_HANDLE((ULONG)(Unique) << 16)
 72 | 
 73 | #define GDI_ALTTYPE_1 (1 << GDI_HANDLE_ALTTYPE_SHIFT)
 74 | #define GDI_ALTTYPE_2 (2 << GDI_HANDLE_ALTTYPE_SHIFT)
 75 | #define GDI_ALTTYPE_3 (3 << GDI_HANDLE_ALTTYPE_SHIFT)
 76 | 
 77 | #define GDI_CLIENT_BITMAP_TYPE (GDI_SURF_TYPE << GDI_HANDLE_TYPE_SHIFT)
 78 | #define GDI_CLIENT_BRUSH_TYPE (GDI_BRUSH_TYPE << GDI_HANDLE_TYPE_SHIFT)
 79 | #define GDI_CLIENT_CLIENTOBJ_TYPE (GDI_CLIENTOBJ_TYPE << GDI_HANDLE_TYPE_SHIFT)
 80 | #define GDI_CLIENT_DC_TYPE (GDI_DC_TYPE << GDI_HANDLE_TYPE_SHIFT)
 81 | #define GDI_CLIENT_FONT_TYPE (GDI_LFONT_TYPE << GDI_HANDLE_TYPE_SHIFT)
 82 | #define GDI_CLIENT_PALETTE_TYPE (GDI_PAL_TYPE << GDI_HANDLE_TYPE_SHIFT)
 83 | #define GDI_CLIENT_REGION_TYPE (GDI_RGN_TYPE << GDI_HANDLE_TYPE_SHIFT)
 84 | 
 85 | #define GDI_CLIENT_ALTDC_TYPE (GDI_CLIENT_DC_TYPE | GDI_ALTTYPE_1)
 86 | #define GDI_CLIENT_DIBSECTION_TYPE (GDI_CLIENT_BITMAP_TYPE | GDI_ALTTYPE_1)
 87 | #define GDI_CLIENT_EXTPEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_2)
 88 | #define GDI_CLIENT_METADC16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_3)
 89 | #define GDI_CLIENT_METAFILE_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_2)
 90 | #define GDI_CLIENT_METAFILE16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_1)
 91 | #define GDI_CLIENT_PEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_1)
 92 | 
 93 | typedef struct _GDI_HANDLE_ENTRY
 94 | {
 95 |     union
 96 |     {
 97 |         PVOID Object;
 98 |         PVOID NextFree;
 99 |     };
100 |     union
101 |     {
102 |         struct
103 |         {
104 |             USHORT ProcessId;
105 |             USHORT Lock : 1;
106 |             USHORT Count : 15;
107 |         };
108 |         ULONG Value;
109 |     } Owner;
110 |     USHORT Unique;
111 |     UCHAR Type;
112 |     UCHAR Flags;
113 |     PVOID UserPointer;
114 | } GDI_HANDLE_ENTRY, *PGDI_HANDLE_ENTRY;
115 | 
116 | typedef struct _GDI_SHARED_MEMORY
117 | {
118 |     GDI_HANDLE_ENTRY Handles[GDI_MAX_HANDLE_COUNT];
119 | } GDI_SHARED_MEMORY, *PGDI_SHARED_MEMORY;
120 | 
121 | #endif
122 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/ntkeapi.h:
--------------------------------------------------------------------------------
  1 | #ifndef _NTKEAPI_H
  2 | #define _NTKEAPI_H
  3 | 
  4 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
  5 | #define LOW_PRIORITY 0 // Lowest thread priority level
  6 | #define LOW_REALTIME_PRIORITY 16 // Lowest realtime priority level
  7 | #define HIGH_PRIORITY 31 // Highest thread priority level
  8 | #define MAXIMUM_PRIORITY 32 // Number of thread priority levels
  9 | #endif
 10 | 
 11 | typedef enum _KTHREAD_STATE
 12 | {
 13 |     Initialized,
 14 |     Ready,
 15 |     Running,
 16 |     Standby,
 17 |     Terminated,
 18 |     Waiting,
 19 |     Transition,
 20 |     DeferredReady,
 21 |     GateWaitObsolete,
 22 |     WaitingForProcessInSwap,
 23 |     MaximumThreadState
 24 | } KTHREAD_STATE, *PKTHREAD_STATE;
 25 | 
 26 | // private
 27 | typedef enum _KHETERO_CPU_POLICY
 28 | {
 29 |     KHeteroCpuPolicyAll,
 30 |     KHeteroCpuPolicyLarge,
 31 |     KHeteroCpuPolicyLargeOrIdle,
 32 |     KHeteroCpuPolicySmall,
 33 |     KHeteroCpuPolicySmallOrIdle,
 34 |     KHeteroCpuPolicyDynamic,
 35 |     KHeteroCpuPolicyStaticMax,
 36 |     KHeteroCpuPolicyBiasedSmall,
 37 |     KHeteroCpuPolicyBiasedLarge,
 38 |     KHeteroCpuPolicyDefault,
 39 |     KHeteroCpuPolicyMax
 40 | } KHETERO_CPU_POLICY, *PKHETERO_CPU_POLICY;
 41 | 
 42 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
 43 | 
 44 | typedef enum _KWAIT_REASON
 45 | {
 46 |     Executive,
 47 |     FreePage,
 48 |     PageIn,
 49 |     PoolAllocation,
 50 |     DelayExecution,
 51 |     Suspended,
 52 |     UserRequest,
 53 |     WrExecutive,
 54 |     WrFreePage,
 55 |     WrPageIn,
 56 |     WrPoolAllocation,
 57 |     WrDelayExecution,
 58 |     WrSuspended,
 59 |     WrUserRequest,
 60 |     WrEventPair,
 61 |     WrQueue,
 62 |     WrLpcReceive,
 63 |     WrLpcReply,
 64 |     WrVirtualMemory,
 65 |     WrPageOut,
 66 |     WrRendezvous,
 67 |     WrKeyedEvent,
 68 |     WrTerminated,
 69 |     WrProcessInSwap,
 70 |     WrCpuRateControl,
 71 |     WrCalloutStack,
 72 |     WrKernel,
 73 |     WrResource,
 74 |     WrPushLock,
 75 |     WrMutex,
 76 |     WrQuantumEnd,
 77 |     WrDispatchInt,
 78 |     WrPreempted,
 79 |     WrYieldExecution,
 80 |     WrFastMutex,
 81 |     WrGuardedMutex,
 82 |     WrRundown,
 83 |     WrAlertByThreadId,
 84 |     WrDeferredPreempt,
 85 |     MaximumWaitReason
 86 | } KWAIT_REASON, *PKWAIT_REASON;
 87 | 
 88 | typedef enum _KPROFILE_SOURCE
 89 | {
 90 |     ProfileTime,
 91 |     ProfileAlignmentFixup,
 92 |     ProfileTotalIssues,
 93 |     ProfilePipelineDry,
 94 |     ProfileLoadInstructions,
 95 |     ProfilePipelineFrozen,
 96 |     ProfileBranchInstructions,
 97 |     ProfileTotalNonissues,
 98 |     ProfileDcacheMisses,
 99 |     ProfileIcacheMisses,
100 |     ProfileCacheMisses,
101 |     ProfileBranchMispredictions,
102 |     ProfileStoreInstructions,
103 |     ProfileFpInstructions,
104 |     ProfileIntegerInstructions,
105 |     Profile2Issue,
106 |     Profile3Issue,
107 |     Profile4Issue,
108 |     ProfileSpecialInstructions,
109 |     ProfileTotalCycles,
110 |     ProfileIcacheIssues,
111 |     ProfileDcacheAccesses,
112 |     ProfileMemoryBarrierCycles,
113 |     ProfileLoadLinkedIssues,
114 |     ProfileMaximum
115 | } KPROFILE_SOURCE;
116 | 
117 | #endif
118 | 
119 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
120 | 
121 | NTSYSCALLAPI
122 | NTSTATUS
123 | NTAPI
124 | NtCallbackReturn(
125 |     _In_reads_bytes_opt_(OutputLength) PVOID OutputBuffer,
126 |     _In_ ULONG OutputLength,
127 |     _In_ NTSTATUS Status
128 |     );
129 | 
130 | #if (PHNT_VERSION >= PHNT_VISTA)
131 | NTSYSCALLAPI
132 | VOID
133 | NTAPI
134 | NtFlushProcessWriteBuffers(
135 |     VOID
136 |     );
137 | #endif
138 | 
139 | NTSYSCALLAPI
140 | NTSTATUS
141 | NTAPI
142 | NtQueryDebugFilterState(
143 |     _In_ ULONG ComponentId,
144 |     _In_ ULONG Level
145 |     );
146 | 
147 | NTSYSCALLAPI
148 | NTSTATUS
149 | NTAPI
150 | NtSetDebugFilterState(
151 |     _In_ ULONG ComponentId,
152 |     _In_ ULONG Level,
153 |     _In_ BOOLEAN State
154 |     );
155 | 
156 | NTSYSCALLAPI
157 | NTSTATUS
158 | NTAPI
159 | NtYieldExecution(
160 |     VOID
161 |     );
162 | 
163 | #endif
164 | 
165 | #endif
166 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/ntmisc.h:
--------------------------------------------------------------------------------
 1 | #ifndef _NTMISC_H
 2 | #define _NTMISC_H
 3 | 
 4 | // Boot graphics
 5 | 
 6 | #if (PHNT_VERSION >= PHNT_WIN7)
 7 | // rev
 8 | NTSYSCALLAPI
 9 | NTSTATUS
10 | NTAPI
11 | NtDrawText(
12 |     _In_ PUNICODE_STRING Text
13 |     );
14 | #endif
15 | 
16 | // Filter manager
17 | 
18 | #define FLT_PORT_CONNECT 0x0001
19 | #define FLT_PORT_ALL_ACCESS (FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL)
20 | 
21 | // VDM
22 | 
23 | typedef enum _VDMSERVICECLASS
24 | {
25 |     VdmStartExecution,
26 |     VdmQueueInterrupt,
27 |     VdmDelayInterrupt,
28 |     VdmInitialize,
29 |     VdmFeatures,
30 |     VdmSetInt21Handler,
31 |     VdmQueryDir,
32 |     VdmPrinterDirectIoOpen,
33 |     VdmPrinterDirectIoClose,
34 |     VdmPrinterInitialize,
35 |     VdmSetLdtEntries,
36 |     VdmSetProcessLdtInfo,
37 |     VdmAdlibEmulation,
38 |     VdmPMCliControl,
39 |     VdmQueryVdmProcess
40 | } VDMSERVICECLASS, *PVDMSERVICECLASS;
41 | 
42 | NTSYSCALLAPI
43 | NTSTATUS
44 | NTAPI
45 | NtVdmControl(
46 |     _In_ VDMSERVICECLASS Service,
47 |     _Inout_ PVOID ServiceData
48 |     );
49 | 
50 | // WMI/ETW
51 | 
52 | NTSYSCALLAPI
53 | NTSTATUS
54 | NTAPI
55 | NtTraceEvent(
56 |     _In_ HANDLE TraceHandle,
57 |     _In_ ULONG Flags,
58 |     _In_ ULONG FieldSize,
59 |     _In_ PVOID Fields
60 |     );
61 | 
62 | #if (PHNT_VERSION >= PHNT_VISTA)
63 | // private
64 | NTSYSCALLAPI
65 | NTSTATUS
66 | NTAPI
67 | NtTraceControl(
68 |     _In_ ULONG FunctionCode,
69 |     _In_reads_bytes_opt_(InBufferLen) PVOID InBuffer,
70 |     _In_ ULONG InBufferLen,
71 |     _Out_writes_bytes_opt_(OutBufferLen) PVOID OutBuffer,
72 |     _In_ ULONG OutBufferLen,
73 |     _Out_ PULONG ReturnLength
74 |     );
75 | #endif
76 | 
77 | #endif
78 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/ntnls.h:
--------------------------------------------------------------------------------
 1 | #ifndef _NTNLS_H
 2 | #define _NTNLS_H
 3 | 
 4 | #define MAXIMUM_LEADBYTES 12
 5 | 
 6 | typedef struct _CPTABLEINFO
 7 | {
 8 |     USHORT CodePage;
 9 |     USHORT MaximumCharacterSize;
10 |     USHORT DefaultChar;
11 |     USHORT UniDefaultChar;
12 |     USHORT TransDefaultChar;
13 |     USHORT TransUniDefaultChar;
14 |     USHORT DBCSCodePage;
15 |     UCHAR LeadByte[MAXIMUM_LEADBYTES];
16 |     PUSHORT MultiByteTable;
17 |     PVOID WideCharTable;
18 |     PUSHORT DBCSRanges;
19 |     PUSHORT DBCSOffsets;
20 | } CPTABLEINFO, *PCPTABLEINFO;
21 | 
22 | typedef struct _NLSTABLEINFO
23 | {
24 |     CPTABLEINFO OemTableInfo;
25 |     CPTABLEINFO AnsiTableInfo;
26 |     PUSHORT UpperCaseTable;
27 |     PUSHORT LowerCaseTable;
28 | } NLSTABLEINFO, *PNLSTABLEINFO;
29 | 
30 | #endif
31 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/ntpnpapi.h:
--------------------------------------------------------------------------------
  1 | #ifndef _NTPNPAPI_H
  2 | #define _NTPNPAPI_H
  3 | 
  4 | typedef enum _PLUGPLAY_EVENT_CATEGORY
  5 | {
  6 |     HardwareProfileChangeEvent,
  7 |     TargetDeviceChangeEvent,
  8 |     DeviceClassChangeEvent,
  9 |     CustomDeviceEvent,
 10 |     DeviceInstallEvent,
 11 |     DeviceArrivalEvent,
 12 |     PowerEvent,
 13 |     VetoEvent,
 14 |     BlockedDriverEvent,
 15 |     InvalidIDEvent,
 16 |     MaxPlugEventCategory
 17 | } PLUGPLAY_EVENT_CATEGORY, *PPLUGPLAY_EVENT_CATEGORY;
 18 | 
 19 | typedef struct _PLUGPLAY_EVENT_BLOCK
 20 | {
 21 |     GUID EventGuid;
 22 |     PLUGPLAY_EVENT_CATEGORY EventCategory;
 23 |     PULONG Result;
 24 |     ULONG Flags;
 25 |     ULONG TotalSize;
 26 |     PVOID DeviceObject;
 27 | 
 28 |     union
 29 |     {
 30 |         struct
 31 |         {
 32 |             GUID ClassGuid;
 33 |             WCHAR SymbolicLinkName[1];
 34 |         } DeviceClass;
 35 |         struct
 36 |         {
 37 |             WCHAR DeviceIds[1];
 38 |         } TargetDevice;
 39 |         struct
 40 |         {
 41 |             WCHAR DeviceId[1];
 42 |         } InstallDevice;
 43 |         struct
 44 |         {
 45 |             PVOID NotificationStructure;
 46 |             WCHAR DeviceIds[1];
 47 |         } CustomNotification;
 48 |         struct
 49 |         {
 50 |             PVOID Notification;
 51 |         } ProfileNotification;
 52 |         struct
 53 |         {
 54 |             ULONG NotificationCode;
 55 |             ULONG NotificationData;
 56 |         } PowerNotification;
 57 |         struct
 58 |         {
 59 |             PNP_VETO_TYPE VetoType;
 60 |             WCHAR DeviceIdVetoNameBuffer[1]; // DeviceId<null>VetoName<null><null>
 61 |         } VetoNotification;
 62 |         struct
 63 |         {
 64 |             GUID BlockedDriverGuid;
 65 |         } BlockedDriverNotification;
 66 |         struct
 67 |         {
 68 |             WCHAR ParentId[1];
 69 |         } InvalidIDNotification;
 70 |     } u;
 71 | } PLUGPLAY_EVENT_BLOCK, *PPLUGPLAY_EVENT_BLOCK;
 72 | 
 73 | typedef enum _PLUGPLAY_CONTROL_CLASS
 74 | {
 75 |     PlugPlayControlEnumerateDevice,
 76 |     PlugPlayControlRegisterNewDevice,
 77 |     PlugPlayControlDeregisterDevice,
 78 |     PlugPlayControlInitializeDevice,
 79 |     PlugPlayControlStartDevice,
 80 |     PlugPlayControlUnlockDevice,
 81 |     PlugPlayControlQueryAndRemoveDevice,
 82 |     PlugPlayControlUserResponse,
 83 |     PlugPlayControlGenerateLegacyDevice,
 84 |     PlugPlayControlGetInterfaceDeviceList,
 85 |     PlugPlayControlProperty,
 86 |     PlugPlayControlDeviceClassAssociation,
 87 |     PlugPlayControlGetRelatedDevice,
 88 |     PlugPlayControlGetInterfaceDeviceAlias,
 89 |     PlugPlayControlDeviceStatus,
 90 |     PlugPlayControlGetDeviceDepth,
 91 |     PlugPlayControlQueryDeviceRelations,
 92 |     PlugPlayControlTargetDeviceRelation,
 93 |     PlugPlayControlQueryConflictList,
 94 |     PlugPlayControlRetrieveDock,
 95 |     PlugPlayControlResetDevice,
 96 |     PlugPlayControlHaltDevice,
 97 |     PlugPlayControlGetBlockedDriverList,
 98 |     MaxPlugPlayControl
 99 | } PLUGPLAY_CONTROL_CLASS, *PPLUGPLAY_CONTROL_CLASS;
100 | 
101 | #if (PHNT_VERSION < PHNT_WIN8)
102 | NTSYSCALLAPI
103 | NTSTATUS
104 | NTAPI
105 | NtGetPlugPlayEvent(
106 |     _In_ HANDLE EventHandle,
107 |     _In_opt_ PVOID Context,
108 |     _Out_writes_bytes_(EventBufferSize) PPLUGPLAY_EVENT_BLOCK EventBlock,
109 |     _In_ ULONG EventBufferSize
110 |     );
111 | #endif
112 | 
113 | NTSYSCALLAPI
114 | NTSTATUS
115 | NTAPI
116 | NtPlugPlayControl(
117 |     _In_ PLUGPLAY_CONTROL_CLASS PnPControlClass,
118 |     _Inout_updates_bytes_(PnPControlDataLength) PVOID PnPControlData,
119 |     _In_ ULONG PnPControlDataLength
120 |     );
121 | 
122 | #if (PHNT_VERSION >= PHNT_WIN7)
123 | 
124 | NTSYSCALLAPI
125 | NTSTATUS
126 | NTAPI
127 | NtSerializeBoot(
128 |     VOID
129 |     );
130 | 
131 | NTSYSCALLAPI
132 | NTSTATUS
133 | NTAPI
134 | NtEnableLastKnownGood(
135 |     VOID
136 |     );
137 | 
138 | NTSYSCALLAPI
139 | NTSTATUS
140 | NTAPI
141 | NtDisableLastKnownGood(
142 |     VOID
143 |     );
144 | 
145 | #endif
146 | 
147 | #if (PHNT_VERSION >= PHNT_VISTA)
148 | NTSYSCALLAPI
149 | NTSTATUS
150 | NTAPI
151 | NtReplacePartitionUnit(
152 |     _In_ PUNICODE_STRING TargetInstancePath,
153 |     _In_ PUNICODE_STRING SpareInstancePath,
154 |     _In_ ULONG Flags
155 |     );
156 | #endif
157 | 
158 | #endif
159 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/ntpoapi.h:
--------------------------------------------------------------------------------
  1 | #ifndef _NTPOAPI_H
  2 | #define _NTPOAPI_H
  3 | 
  4 | typedef union _POWER_STATE
  5 | {
  6 |     SYSTEM_POWER_STATE SystemState;
  7 |     DEVICE_POWER_STATE DeviceState;
  8 | } POWER_STATE, *PPOWER_STATE;
  9 | 
 10 | typedef enum _POWER_STATE_TYPE
 11 | {
 12 |     SystemPowerState = 0,
 13 |     DevicePowerState
 14 | } POWER_STATE_TYPE, *PPOWER_STATE_TYPE;
 15 | 
 16 | #if (PHNT_VERSION >= PHNT_VISTA)
 17 | // wdm
 18 | typedef struct _SYSTEM_POWER_STATE_CONTEXT
 19 | {
 20 |     union
 21 |     {
 22 |         struct
 23 |         {
 24 |             ULONG Reserved1 : 8;
 25 |             ULONG TargetSystemState : 4;
 26 |             ULONG EffectiveSystemState : 4;
 27 |             ULONG CurrentSystemState : 4;
 28 |             ULONG IgnoreHibernationPath : 1;
 29 |             ULONG PseudoTransition : 1;
 30 |             ULONG Reserved2 : 10;
 31 |         };
 32 |         ULONG ContextAsUlong;
 33 |     };
 34 | } SYSTEM_POWER_STATE_CONTEXT, *PSYSTEM_POWER_STATE_CONTEXT;
 35 | #endif
 36 | 
 37 | #if (PHNT_VERSION >= PHNT_WIN7)
 38 | /** \cond NEVER */ // disable doxygen warning
 39 | // wdm
 40 | typedef struct _COUNTED_REASON_CONTEXT
 41 | {
 42 |     ULONG Version;
 43 |     ULONG Flags;
 44 |     union
 45 |     {
 46 |         struct
 47 |         {
 48 |             UNICODE_STRING ResourceFileName;
 49 |             USHORT ResourceReasonId;
 50 |             ULONG StringCount;
 51 |             PUNICODE_STRING _Field_size_(StringCount) ReasonStrings;
 52 |         };
 53 |         UNICODE_STRING SimpleString;
 54 |     };
 55 | } COUNTED_REASON_CONTEXT, *PCOUNTED_REASON_CONTEXT;
 56 | /** \endcond */
 57 | #endif
 58 | 
 59 | typedef enum
 60 | {
 61 |     PowerStateSleeping1 = 0,
 62 |     PowerStateSleeping2 = 1,
 63 |     PowerStateSleeping3 = 2,
 64 |     PowerStateSleeping4 = 3,
 65 |     PowerStateSleeping4Firmware = 4,
 66 |     PowerStateShutdownReset = 5,
 67 |     PowerStateShutdownOff = 6,
 68 |     PowerStateMaximum = 7
 69 | } POWER_STATE_HANDLER_TYPE, *PPOWER_STATE_HANDLER_TYPE;
 70 | 
 71 | typedef NTSTATUS (NTAPI *PENTER_STATE_SYSTEM_HANDLER)(
 72 |     _In_ PVOID SystemContext
 73 |     );
 74 | 
 75 | typedef NTSTATUS (NTAPI *PENTER_STATE_HANDLER)(
 76 |     _In_ PVOID Context,
 77 |     _In_opt_ PENTER_STATE_SYSTEM_HANDLER SystemHandler,
 78 |     _In_ PVOID SystemContext,
 79 |     _In_ LONG NumberProcessors,
 80 |     _In_ volatile PLONG Number
 81 |     );
 82 | 
 83 | typedef struct _POWER_STATE_HANDLER
 84 | {
 85 |     POWER_STATE_HANDLER_TYPE Type;
 86 |     BOOLEAN RtcWake;
 87 |     UCHAR Spare[3];
 88 |     PENTER_STATE_HANDLER Handler;
 89 |     PVOID Context;
 90 | } POWER_STATE_HANDLER, *PPOWER_STATE_HANDLER;
 91 | 
 92 | typedef NTSTATUS (NTAPI *PENTER_STATE_NOTIFY_HANDLER)(
 93 |     _In_ POWER_STATE_HANDLER_TYPE State,
 94 |     _In_ PVOID Context,
 95 |     _In_ BOOLEAN Entering
 96 |     );
 97 | 
 98 | typedef struct _POWER_STATE_NOTIFY_HANDLER
 99 | {
100 |     PENTER_STATE_NOTIFY_HANDLER Handler;
101 |     PVOID Context;
102 | } POWER_STATE_NOTIFY_HANDLER, *PPOWER_STATE_NOTIFY_HANDLER;
103 | 
104 | typedef struct _PROCESSOR_POWER_INFORMATION
105 | {
106 |     ULONG Number;
107 |     ULONG MaxMhz;
108 |     ULONG CurrentMhz;
109 |     ULONG MhzLimit;
110 |     ULONG MaxIdleState;
111 |     ULONG CurrentIdleState;
112 | } PROCESSOR_POWER_INFORMATION, *PPROCESSOR_POWER_INFORMATION;
113 | 
114 | typedef struct _SYSTEM_POWER_INFORMATION
115 | {
116 |     ULONG MaxIdlenessAllowed;
117 |     ULONG Idleness;
118 |     ULONG TimeRemaining;
119 |     UCHAR CoolingMode;
120 | } SYSTEM_POWER_INFORMATION, *PSYSTEM_POWER_INFORMATION;
121 | 
122 | NTSYSCALLAPI
123 | NTSTATUS
124 | NTAPI
125 | NtPowerInformation(
126 |     _In_ POWER_INFORMATION_LEVEL InformationLevel,
127 |     _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
128 |     _In_ ULONG InputBufferLength,
129 |     _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
130 |     _In_ ULONG OutputBufferLength
131 |     );
132 | 
133 | NTSYSCALLAPI
134 | NTSTATUS
135 | NTAPI
136 | NtSetThreadExecutionState(
137 |     _In_ EXECUTION_STATE NewFlags, // ES_* flags
138 |     _Out_ EXECUTION_STATE *PreviousFlags
139 |     );
140 | 
141 | NTSYSCALLAPI
142 | NTSTATUS
143 | NTAPI
144 | NtRequestWakeupLatency(
145 |     _In_ LATENCY_TIME latency
146 |     );
147 | 
148 | NTSYSCALLAPI
149 | NTSTATUS
150 | NTAPI
151 | NtInitiatePowerAction(
152 |     _In_ POWER_ACTION SystemAction,
153 |     _In_ SYSTEM_POWER_STATE LightestSystemState,
154 |     _In_ ULONG Flags, // POWER_ACTION_* flags
155 |     _In_ BOOLEAN Asynchronous
156 |     );
157 | 
158 | NTSYSCALLAPI
159 | NTSTATUS
160 | NTAPI
161 | NtSetSystemPowerState(
162 |     _In_ POWER_ACTION SystemAction,
163 |     _In_ SYSTEM_POWER_STATE LightestSystemState,
164 |     _In_ ULONG Flags // POWER_ACTION_* flags
165 |     );
166 | 
167 | NTSYSCALLAPI
168 | NTSTATUS
169 | NTAPI
170 | NtGetDevicePowerState(
171 |     _In_ HANDLE Device,
172 |     _Out_ PDEVICE_POWER_STATE State
173 |     );
174 | 
175 | NTSYSCALLAPI
176 | BOOLEAN
177 | NTAPI
178 | NtIsSystemResumeAutomatic(
179 |     VOID
180 |     );
181 | 
182 | #endif
183 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/ntwin.h:
--------------------------------------------------------------------------------
 1 | #ifndef _NTWIN_H
 2 | #define _NTWIN_H
 3 | 
 4 | // This header file provides access to Win32, plus NTSTATUS values.
 5 | 
 6 | #define WIN32_LEAN_AND_MEAN
 7 | #define WIN32_NO_STATUS
 8 | #include <windows.h>
 9 | #undef WIN32_NO_STATUS
10 | #include <ntstatus.h>
11 | 
12 | #include <winioctl.h>
13 | #include <shellapi.h>
14 | #include <ole2.h>
15 | #include <commdlg.h>
16 | #include <wmistr.h>
17 | 
18 | typedef GUID *PGUID;
19 | 
20 | // Desktop access rights
21 | #define DESKTOP_ALL_ACCESS \
22 |     (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | \
23 |     DESKTOP_HOOKCONTROL | DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | \
24 |     DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS | \
25 |     STANDARD_RIGHTS_REQUIRED)
26 | #define DESKTOP_GENERIC_READ \
27 |     (DESKTOP_ENUMERATE | DESKTOP_READOBJECTS | STANDARD_RIGHTS_READ)
28 | #define DESKTOP_GENERIC_WRITE \
29 |     (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_HOOKCONTROL | \
30 |     DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | DESKTOP_WRITEOBJECTS | \
31 |     STANDARD_RIGHTS_WRITE)
32 | #define DESKTOP_GENERIC_EXECUTE \
33 |     (DESKTOP_SWITCHDESKTOP | STANDARD_RIGHTS_EXECUTE)
34 | 
35 | // Window station access rights
36 | #define WINSTA_GENERIC_READ \
37 |     (WINSTA_ENUMDESKTOPS | WINSTA_ENUMERATE | WINSTA_READATTRIBUTES | \
38 |     WINSTA_READSCREEN | STANDARD_RIGHTS_READ)
39 | #define WINSTA_GENERIC_WRITE \
40 |     (WINSTA_ACCESSCLIPBOARD | WINSTA_CREATEDESKTOP | WINSTA_WRITEATTRIBUTES | \
41 |     STANDARD_RIGHTS_WRITE)
42 | #define WINSTA_GENERIC_EXECUTE \
43 |     (WINSTA_ACCESSGLOBALATOMS | WINSTA_EXITWINDOWS | STANDARD_RIGHTS_EXECUTE)
44 | 
45 | // WMI access rights
46 | #define WMIGUID_GENERIC_READ \
47 |     (WMIGUID_QUERY | WMIGUID_NOTIFICATION | WMIGUID_READ_DESCRIPTION | \
48 |     STANDARD_RIGHTS_READ)
49 | #define WMIGUID_GENERIC_WRITE \
50 |     (WMIGUID_SET | TRACELOG_CREATE_REALTIME | TRACELOG_CREATE_ONDISK | \
51 |     STANDARD_RIGHTS_WRITE)
52 | #define WMIGUID_GENERIC_EXECUTE \
53 |     (WMIGUID_EXECUTE | TRACELOG_GUID_ENABLE | TRACELOG_LOG_EVENT | \
54 |     TRACELOG_ACCESS_REALTIME | TRACELOG_REGISTER_GUIDS | \
55 |     STANDARD_RIGHTS_EXECUTE)
56 | 
57 | #endif
58 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/ntxcapi.h:
--------------------------------------------------------------------------------
 1 | #ifndef _NTXCAPI_H
 2 | #define _NTXCAPI_H
 3 | 
 4 | NTSYSAPI
 5 | BOOLEAN
 6 | NTAPI
 7 | RtlDispatchException(
 8 |     _In_ PEXCEPTION_RECORD ExceptionRecord,
 9 |     _In_ PCONTEXT ContextRecord
10 |     );
11 | 
12 | NTSYSAPI
13 | DECLSPEC_NORETURN
14 | VOID
15 | NTAPI
16 | RtlRaiseStatus(
17 |     _In_ NTSTATUS Status
18 |     );
19 | 
20 | NTSYSAPI
21 | VOID
22 | NTAPI
23 | RtlRaiseException(
24 |     _In_ PEXCEPTION_RECORD ExceptionRecord
25 |     );
26 | 
27 | NTSYSCALLAPI
28 | NTSTATUS
29 | NTAPI
30 | NtContinue(
31 |     _In_ PCONTEXT ContextRecord,
32 |     _In_ BOOLEAN TestAlert
33 |     );
34 | 
35 | NTSYSCALLAPI
36 | NTSTATUS
37 | NTAPI
38 | NtRaiseException(
39 |     _In_ PEXCEPTION_RECORD ExceptionRecord,
40 |     _In_ PCONTEXT ContextRecord,
41 |     _In_ BOOLEAN FirstChance
42 |     );
43 | 
44 | #endif
45 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/phintrnl.h:
--------------------------------------------------------------------------------
 1 | #ifndef _PH_PHINTRNL_H
 2 | #define _PH_PHINTRNL_H
 3 | 
 4 | typedef struct _PHLIB_STATISTICS_BLOCK
 5 | {
 6 |     // basesup
 7 |     ULONG BaseThreadsCreated;
 8 |     ULONG BaseThreadsCreateFailed;
 9 |     ULONG BaseStringBuildersCreated;
10 |     ULONG BaseStringBuildersResized;
11 | 
12 |     // ref
13 |     ULONG RefObjectsCreated;
14 |     ULONG RefObjectsDestroyed;
15 |     ULONG RefObjectsAllocated;
16 |     ULONG RefObjectsFreed;
17 |     ULONG RefObjectsAllocatedFromSmallFreeList;
18 |     ULONG RefObjectsFreedToSmallFreeList;
19 |     ULONG RefObjectsAllocatedFromTypeFreeList;
20 |     ULONG RefObjectsFreedToTypeFreeList;
21 |     ULONG RefObjectsDeleteDeferred;
22 |     ULONG RefAutoPoolsCreated;
23 |     ULONG RefAutoPoolsDestroyed;
24 |     ULONG RefAutoPoolsDynamicAllocated;
25 |     ULONG RefAutoPoolsDynamicResized;
26 | 
27 |     // queuedlock
28 |     ULONG QlBlockSpins;
29 |     ULONG QlBlockWaits;
30 |     ULONG QlAcquireExclusiveBlocks;
31 |     ULONG QlAcquireSharedBlocks;
32 | 
33 |     // workqueue
34 |     ULONG WqWorkQueueThreadsCreated;
35 |     ULONG WqWorkQueueThreadsCreateFailed;
36 |     ULONG WqWorkItemsQueued;
37 | } PHLIB_STATISTICS_BLOCK;
38 | 
39 | #ifdef DEBUG
40 | extern PHLIB_STATISTICS_BLOCK PhLibStatisticsBlock;
41 | #endif
42 | 
43 | #ifdef DEBUG
44 | #define PHLIB_INC_STATISTIC(Name) (_InterlockedIncrement(&PhLibStatisticsBlock.Name))
45 | #else
46 | #define PHLIB_INC_STATISTIC(Name)
47 | #endif
48 | 
49 | #endif
50 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/phnet.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PH_PHNET_H
  2 | #define _PH_PHNET_H
  3 | 
  4 | #include <inaddr.h>
  5 | #include <in6addr.h>
  6 | 
  7 | #define PH_IPV4_NETWORK_TYPE 0x1
  8 | #define PH_IPV6_NETWORK_TYPE 0x2
  9 | #define PH_NETWORK_TYPE_MASK 0x3
 10 | 
 11 | #define PH_TCP_PROTOCOL_TYPE 0x10
 12 | #define PH_UDP_PROTOCOL_TYPE 0x20
 13 | #define PH_PROTOCOL_TYPE_MASK 0x30
 14 | 
 15 | #define PH_NO_NETWORK_PROTOCOL 0x0
 16 | #define PH_TCP4_NETWORK_PROTOCOL (PH_IPV4_NETWORK_TYPE | PH_TCP_PROTOCOL_TYPE)
 17 | #define PH_TCP6_NETWORK_PROTOCOL (PH_IPV6_NETWORK_TYPE | PH_TCP_PROTOCOL_TYPE)
 18 | #define PH_UDP4_NETWORK_PROTOCOL (PH_IPV4_NETWORK_TYPE | PH_UDP_PROTOCOL_TYPE)
 19 | #define PH_UDP6_NETWORK_PROTOCOL (PH_IPV6_NETWORK_TYPE | PH_UDP_PROTOCOL_TYPE)
 20 | 
 21 | typedef struct _PH_IP_ADDRESS
 22 | {
 23 |     ULONG Type;
 24 |     union
 25 |     {
 26 |         ULONG Ipv4;
 27 |         struct in_addr InAddr;
 28 |         UCHAR Ipv6[16];
 29 |         struct in6_addr In6Addr;
 30 |     };
 31 | } PH_IP_ADDRESS, *PPH_IP_ADDRESS;
 32 | 
 33 | FORCEINLINE BOOLEAN PhEqualIpAddress(
 34 |     _In_ PPH_IP_ADDRESS Address1,
 35 |     _In_ PPH_IP_ADDRESS Address2
 36 |     )
 37 | {
 38 |     if ((Address1->Type | Address2->Type) == 0) // don't check addresses if both are invalid
 39 |         return TRUE;
 40 |     if (Address1->Type != Address2->Type)
 41 |         return FALSE;
 42 | 
 43 |     if (Address1->Type == PH_IPV4_NETWORK_TYPE)
 44 |     {
 45 |         return Address1->Ipv4 == Address2->Ipv4;
 46 |     }
 47 |     else
 48 |     {
 49 | #ifdef _WIN64
 50 |         return
 51 |             *(PULONG64)(Address1->Ipv6) == *(PULONG64)(Address2->Ipv6) &&
 52 |             *(PULONG64)(Address1->Ipv6 + 8) == *(PULONG64)(Address2->Ipv6 + 8);
 53 | #else
 54 |         return
 55 |             *(PULONG)(Address1->Ipv6) == *(PULONG)(Address2->Ipv6) &&
 56 |             *(PULONG)(Address1->Ipv6 + 4) == *(PULONG)(Address2->Ipv6 + 4) &&
 57 |             *(PULONG)(Address1->Ipv6 + 8) == *(PULONG)(Address2->Ipv6 + 8) &&
 58 |             *(PULONG)(Address1->Ipv6 + 12) == *(PULONG)(Address2->Ipv6 + 12);
 59 | #endif
 60 |     }
 61 | }
 62 | 
 63 | FORCEINLINE ULONG PhHashIpAddress(
 64 |     _In_ PPH_IP_ADDRESS Address
 65 |     )
 66 | {
 67 |     ULONG hash = 0;
 68 | 
 69 |     if (Address->Type == 0)
 70 |         return 0;
 71 | 
 72 |     hash = Address->Type | (Address->Type << 16);
 73 | 
 74 |     if (Address->Type == PH_IPV4_NETWORK_TYPE)
 75 |     {
 76 |         hash ^= Address->Ipv4;
 77 |     }
 78 |     else
 79 |     {
 80 |         hash += *(PULONG)(Address->Ipv6);
 81 |         hash ^= *(PULONG)(Address->Ipv6 + 4);
 82 |         hash += *(PULONG)(Address->Ipv6 + 8);
 83 |         hash ^= *(PULONG)(Address->Ipv6 + 12);
 84 |     }
 85 | 
 86 |     return hash;
 87 | }
 88 | 
 89 | FORCEINLINE BOOLEAN PhIsNullIpAddress(
 90 |     _In_ PPH_IP_ADDRESS Address
 91 |     )
 92 | {
 93 |     if (Address->Type == 0)
 94 |     {
 95 |         return TRUE;
 96 |     }
 97 |     else if (Address->Type == PH_IPV4_NETWORK_TYPE)
 98 |     {
 99 |         return Address->Ipv4 == 0;
100 |     }
101 |     else if (Address->Type == PH_IPV6_NETWORK_TYPE)
102 |     {
103 | #ifdef _WIN64
104 |         return (*(PULONG64)(Address->Ipv6) | *(PULONG64)(Address->Ipv6 + 8)) == 0;
105 | #else
106 |         return (*(PULONG)(Address->Ipv6) | *(PULONG)(Address->Ipv6 + 4) |
107 |             *(PULONG)(Address->Ipv6 + 8) | *(PULONG)(Address->Ipv6 + 12)) == 0;
108 | #endif
109 |     }
110 |     else
111 |     {
112 |         return TRUE;
113 |     }
114 | }
115 | 
116 | typedef struct _PH_IP_ENDPOINT
117 | {
118 |     PH_IP_ADDRESS Address;
119 |     ULONG Port;
120 | } PH_IP_ENDPOINT, *PPH_IP_ENDPOINT;
121 | 
122 | FORCEINLINE BOOLEAN PhEqualIpEndpoint(
123 |     _In_ PPH_IP_ENDPOINT Endpoint1,
124 |     _In_ PPH_IP_ENDPOINT Endpoint2
125 |     )
126 | {
127 |     return
128 |         PhEqualIpAddress(&Endpoint1->Address, &Endpoint2->Address) &&
129 |         Endpoint1->Port == Endpoint2->Port;
130 | }
131 | 
132 | FORCEINLINE ULONG PhHashIpEndpoint(
133 |     _In_ PPH_IP_ENDPOINT Endpoint
134 |     )
135 | {
136 |     return PhHashIpAddress(&Endpoint->Address) ^ Endpoint->Port;
137 | }
138 | 
139 | #endif
140 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/phnt.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PH_PHNT_H
  2 | #define _PH_PHNT_H
  3 | 
  4 | // This header file provides access to NT APIs.
  5 | 
  6 | // Definitions are annotated to indicate their source.
  7 | // If a definition is not annotated, it has been retrieved
  8 | // from an official Microsoft source (NT headers, DDK headers, winnt.h).
  9 | 
 10 | // "winbase" indicates that a definition has been reconstructed from
 11 | // a Win32-ized NT definition in winbase.h.
 12 | // "rev" indicates that a definition has been reverse-engineered.
 13 | // "dbg" indicates that a definition has been obtained from a debug
 14 | // message or assertion in a checked build of the kernel or file.
 15 | 
 16 | // Reliability:
 17 | // 1. No annotation.
 18 | // 2. dbg.
 19 | // 3. symbols, private. Types may be incorrect.
 20 | // 4. winbase. Names and types may be incorrect.
 21 | // 5. rev.
 22 | 
 23 | // Mode
 24 | #define PHNT_MODE_KERNEL 0
 25 | #define PHNT_MODE_USER 1
 26 | 
 27 | // Version
 28 | #define PHNT_WIN2K 50
 29 | #define PHNT_WINXP 51
 30 | #define PHNT_WS03 52
 31 | #define PHNT_VISTA 60
 32 | #define PHNT_WIN7 61
 33 | #define PHNT_WIN8 62
 34 | #define PHNT_WINBLUE 63
 35 | #define PHNT_THRESHOLD 100
 36 | 
 37 | #ifndef PHNT_MODE
 38 | #define PHNT_MODE PHNT_MODE_USER
 39 | #endif
 40 | 
 41 | #ifndef PHNT_VERSION
 42 | #define PHNT_VERSION PHNT_WINXP
 43 | #endif
 44 | 
 45 | // Options
 46 | 
 47 | //#define PHNT_NO_INLINE_INIT_STRING
 48 | 
 49 | #ifdef __cplusplus
 50 | extern "C" {
 51 | #endif
 52 | 
 53 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
 54 | #include <ntbasic.h>
 55 | #include <ntnls.h>
 56 | #include <ntkeapi.h>
 57 | #endif
 58 | 
 59 | #include <ntldr.h>
 60 | #include <ntexapi.h>
 61 | 
 62 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
 63 | #include <ntmmapi.h>
 64 | #endif
 65 | 
 66 | #include <ntobapi.h>
 67 | #include <ntpsapi.h>
 68 | 
 69 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
 70 | #include <ntcm.h>
 71 | #include <ntdbg.h>
 72 | #include <ntioapi.h>
 73 | #include <ntlpcapi.h>
 74 | #include <ntpfapi.h>
 75 | #include <ntpnpapi.h>
 76 | #include <ntpoapi.h>
 77 | #include <ntregapi.h>
 78 | #include <ntrtl.h>
 79 | #endif
 80 | 
 81 | #if (PHNT_MODE != PHNT_MODE_KERNEL)
 82 | 
 83 | #include <ntseapi.h>
 84 | #include <nttmapi.h>
 85 | #include <nttp.h>
 86 | #include <ntxcapi.h>
 87 | 
 88 | #include <ntwow64.h>
 89 | 
 90 | #include <ntlsa.h>
 91 | #include <ntsam.h>
 92 | 
 93 | #include <ntmisc.h>
 94 | 
 95 | #include <ntzwapi.h>
 96 | 
 97 | #endif
 98 | 
 99 | #ifdef __cplusplus
100 | }
101 | #endif
102 | 
103 | #endif
104 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/refp.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Process Hacker -
  3 |  *   internal object manager
  4 |  *
  5 |  * Copyright (C) 2009-2015 wj32
  6 |  *
  7 |  * This file is part of Process Hacker.
  8 |  *
  9 |  * Process Hacker is free software; you can redistribute it and/or modify
 10 |  * it under the terms of the GNU General Public License as published by
 11 |  * the Free Software Foundation, either version 3 of the License, or
 12 |  * (at your option) any later version.
 13 |  *
 14 |  * Process Hacker is distributed in the hope that it will be useful,
 15 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 16 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 17 |  * GNU General Public License for more details.
 18 |  *
 19 |  * You should have received a copy of the GNU General Public License
 20 |  * along with Process Hacker.  If not, see <http://www.gnu.org/licenses/>.
 21 |  */
 22 | 
 23 | #ifndef _PH_REFP_H
 24 | #define _PH_REFP_H
 25 | 
 26 | #define PH_OBJECT_TYPE_TABLE_SIZE 256
 27 | 
 28 | /** The object was allocated from the small free list. */
 29 | #define PH_OBJECT_FROM_SMALL_FREE_LIST 0x1
 30 | /** The object was allocated from the type free list. */
 31 | #define PH_OBJECT_FROM_TYPE_FREE_LIST 0x2
 32 | 
 33 | /**
 34 |  * The object header contains object manager information
 35 |  * including the reference count of an object and its type.
 36 |  */
 37 | typedef struct _PH_OBJECT_HEADER
 38 | {
 39 |     union
 40 |     {
 41 |         struct
 42 |         {
 43 |             union
 44 |             {
 45 |                 LONG RefCount;
 46 |                 PVOID PaddingDoNotUse; // Corresponds to DeferDeleteListEntry
 47 |             };
 48 |             USHORT TypeIndex;
 49 |             UCHAR Flags;
 50 |             UCHAR Reserved1;
 51 | #ifdef _WIN64
 52 |             ULONG Reserved2;
 53 | #endif
 54 |         };
 55 |         SLIST_ENTRY DeferDeleteListEntry;
 56 |     };
 57 | 
 58 | #ifdef DEBUG
 59 |     PVOID StackBackTrace[16];
 60 |     LIST_ENTRY ObjectListEntry;
 61 | #endif
 62 | 
 63 |     /** The body of the object. For use by the \ref PhObjectToObjectHeader
 64 |      * and \ref PhObjectHeaderToObject macros. */
 65 |     QUAD_PTR Body;
 66 | } PH_OBJECT_HEADER, *PPH_OBJECT_HEADER;
 67 | 
 68 | #ifndef DEBUG
 69 | #ifdef _WIN64
 70 | C_ASSERT(FIELD_OFFSET(PH_OBJECT_HEADER, RefCount) == 0x0);
 71 | C_ASSERT(FIELD_OFFSET(PH_OBJECT_HEADER, DeferDeleteListEntry) == 0x0);
 72 | C_ASSERT(FIELD_OFFSET(PH_OBJECT_HEADER, TypeIndex) == 0x8);
 73 | C_ASSERT(FIELD_OFFSET(PH_OBJECT_HEADER, Flags) == 0xa);
 74 | C_ASSERT(FIELD_OFFSET(PH_OBJECT_HEADER, Reserved1) == 0xb);
 75 | C_ASSERT(FIELD_OFFSET(PH_OBJECT_HEADER, Reserved2) == 0xc);
 76 | C_ASSERT(FIELD_OFFSET(PH_OBJECT_HEADER, Body) == 0x10);
 77 | #else
 78 | C_ASSERT(FIELD_OFFSET(PH_OBJECT_HEADER, RefCount) == 0x0);
 79 | C_ASSERT(FIELD_OFFSET(PH_OBJECT_HEADER, DeferDeleteListEntry) == 0x0);
 80 | C_ASSERT(FIELD_OFFSET(PH_OBJECT_HEADER, TypeIndex) == 0x4);
 81 | C_ASSERT(FIELD_OFFSET(PH_OBJECT_HEADER, Flags) == 0x6);
 82 | C_ASSERT(FIELD_OFFSET(PH_OBJECT_HEADER, Reserved1) == 0x7);
 83 | C_ASSERT(FIELD_OFFSET(PH_OBJECT_HEADER, Body) == 0x8);
 84 | #endif
 85 | #endif
 86 | 
 87 | /**
 88 |  * Gets a pointer to the object header for an object.
 89 |  *
 90 |  * \param Object A pointer to an object.
 91 |  *
 92 |  * \return A pointer to the object header of the object.
 93 |  */
 94 | #define PhObjectToObjectHeader(Object) ((PPH_OBJECT_HEADER)CONTAINING_RECORD((PCHAR)(Object), PH_OBJECT_HEADER, Body))
 95 | 
 96 | /**
 97 |  * Gets a pointer to an object from an object header.
 98 |  *
 99 |  * \param ObjectHeader A pointer to an object header.
100 |  *
101 |  * \return A pointer to an object.
102 |  */
103 | #define PhObjectHeaderToObject(ObjectHeader) ((PVOID)&((PPH_OBJECT_HEADER)(ObjectHeader))->Body)
104 | 
105 | /**
106 |  * Calculates the total size to allocate for an object.
107 |  *
108 |  * \param Size The size of the object to allocate.
109 |  *
110 |  * \return The new size, including space for the object header.
111 |  */
112 | #define PhAddObjectHeaderSize(Size) ((Size) + FIELD_OFFSET(PH_OBJECT_HEADER, Body))
113 | 
114 | /**
115 |  * An object type specifies a kind of object and
116 |  * its delete procedure.
117 |  */
118 | typedef struct _PH_OBJECT_TYPE
119 | {
120 |     /** The flags that were used to create the object type. */
121 |     USHORT Flags;
122 |     UCHAR TypeIndex;
123 |     UCHAR Reserved;
124 |     /** The total number of objects of this type that are alive. */
125 |     ULONG NumberOfObjects;
126 |     /** An optional procedure called when objects of this type are freed. */
127 |     PPH_TYPE_DELETE_PROCEDURE DeleteProcedure;
128 |     /** The name of the type. */
129 |     PWSTR Name;
130 |     /** A free list to use when allocating for this type. */
131 |     PH_FREE_LIST FreeList;
132 | } PH_OBJECT_TYPE, *PPH_OBJECT_TYPE;
133 | 
134 | /**
135 |  * Increments a reference count, but will never increment
136 |  * from 0 to 1.
137 |  *
138 |  * \param RefCount A pointer to a reference count.
139 |  */
140 | FORCEINLINE
141 | BOOLEAN
142 | PhpInterlockedIncrementSafe(
143 |     _Inout_ PLONG RefCount
144 |     )
145 | {
146 |     /* Here we will attempt to increment the reference count,
147 |      * making sure that it is not 0.
148 |      */
149 |     return _InterlockedIncrementNoZero(RefCount);
150 | }
151 | 
152 | PPH_OBJECT_HEADER PhpAllocateObject(
153 |     _In_ PPH_OBJECT_TYPE ObjectType,
154 |     _In_ SIZE_T ObjectSize
155 |     );
156 | 
157 | VOID PhpFreeObject(
158 |     _In_ PPH_OBJECT_HEADER ObjectHeader
159 |     );
160 | 
161 | VOID PhpDeferDeleteObject(
162 |     _In_ PPH_OBJECT_HEADER ObjectHeader
163 |     );
164 | 
165 | NTSTATUS PhpDeferDeleteObjectRoutine(
166 |     _In_ PVOID Parameter
167 |     );
168 | 
169 | #endif
170 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/secedit.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PH_SECEDIT_H
  2 | #define _PH_SECEDIT_H
  3 | 
  4 | // secedit
  5 | 
  6 | typedef struct _PH_ACCESS_ENTRY
  7 | {
  8 |     PWSTR Name;
  9 |     ACCESS_MASK Access;
 10 |     BOOLEAN General;
 11 |     BOOLEAN Specific;
 12 |     PWSTR ShortName;
 13 | } PH_ACCESS_ENTRY, *PPH_ACCESS_ENTRY;
 14 | 
 15 | PHLIBAPI
 16 | HPROPSHEETPAGE
 17 | NTAPI
 18 | PhCreateSecurityPage(
 19 |     _In_ PWSTR ObjectName,
 20 |     _In_ PPH_GET_OBJECT_SECURITY GetObjectSecurity,
 21 |     _In_ PPH_SET_OBJECT_SECURITY SetObjectSecurity,
 22 |     _In_opt_ PVOID Context,
 23 |     _In_ PPH_ACCESS_ENTRY AccessEntries,
 24 |     _In_ ULONG NumberOfAccessEntries
 25 |     );
 26 | 
 27 | PHLIBAPI
 28 | VOID
 29 | NTAPI
 30 | PhEditSecurity(
 31 |     _In_ HWND hWnd,
 32 |     _In_ PWSTR ObjectName,
 33 |     _In_ PPH_GET_OBJECT_SECURITY GetObjectSecurity,
 34 |     _In_ PPH_SET_OBJECT_SECURITY SetObjectSecurity,
 35 |     _In_opt_ PVOID Context,
 36 |     _In_ PPH_ACCESS_ENTRY AccessEntries,
 37 |     _In_ ULONG NumberOfAccessEntries
 38 |     );
 39 | 
 40 | typedef struct _PH_STD_OBJECT_SECURITY
 41 | {
 42 |     PPH_OPEN_OBJECT OpenObject;
 43 |     PWSTR ObjectType;
 44 |     PVOID Context;
 45 | } PH_STD_OBJECT_SECURITY, *PPH_STD_OBJECT_SECURITY;
 46 | 
 47 | FORCEINLINE ACCESS_MASK PhGetAccessForGetSecurity(
 48 |     _In_ SECURITY_INFORMATION SecurityInformation
 49 |     )
 50 | {
 51 |     ACCESS_MASK access = 0;
 52 | 
 53 |     if (
 54 |         (SecurityInformation & OWNER_SECURITY_INFORMATION) ||
 55 |         (SecurityInformation & GROUP_SECURITY_INFORMATION) ||
 56 |         (SecurityInformation & DACL_SECURITY_INFORMATION)
 57 |         )
 58 |     {
 59 |         access |= READ_CONTROL;
 60 |     }
 61 | 
 62 |     if (SecurityInformation & SACL_SECURITY_INFORMATION)
 63 |     {
 64 |         access |= ACCESS_SYSTEM_SECURITY;
 65 |     }
 66 | 
 67 |     return access;
 68 | }
 69 | 
 70 | FORCEINLINE ACCESS_MASK PhGetAccessForSetSecurity(
 71 |     _In_ SECURITY_INFORMATION SecurityInformation
 72 |     )
 73 | {
 74 |     ACCESS_MASK access = 0;
 75 | 
 76 |     if (
 77 |         (SecurityInformation & OWNER_SECURITY_INFORMATION) ||
 78 |         (SecurityInformation & GROUP_SECURITY_INFORMATION)
 79 |         )
 80 |     {
 81 |         access |= WRITE_OWNER;
 82 |     }
 83 | 
 84 |     if (SecurityInformation & DACL_SECURITY_INFORMATION)
 85 |     {
 86 |         access |= WRITE_DAC;
 87 |     }
 88 | 
 89 |     if (SecurityInformation & SACL_SECURITY_INFORMATION)
 90 |     {
 91 |         access |= ACCESS_SYSTEM_SECURITY;
 92 |     }
 93 | 
 94 |     return access;
 95 | }
 96 | 
 97 | PHLIBAPI
 98 | _Callback_ NTSTATUS
 99 | NTAPI
100 | PhStdGetObjectSecurity(
101 |     _Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor,
102 |     _In_ SECURITY_INFORMATION SecurityInformation,
103 |     _In_opt_ PVOID Context
104 |     );
105 | 
106 | PHLIBAPI
107 | _Callback_ NTSTATUS
108 | NTAPI
109 | PhStdSetObjectSecurity(
110 |     _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
111 |     _In_ SECURITY_INFORMATION SecurityInformation,
112 |     _In_opt_ PVOID Context
113 |     );
114 | 
115 | PHLIBAPI
116 | NTSTATUS
117 | NTAPI
118 | PhGetSeObjectSecurity(
119 |     _In_ HANDLE Handle,
120 |     _In_ ULONG ObjectType,
121 |     _In_ SECURITY_INFORMATION SecurityInformation,
122 |     _Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor
123 |     );
124 | 
125 | PHLIBAPI
126 | NTSTATUS
127 | NTAPI
128 | PhSetSeObjectSecurity(
129 |     _In_ HANDLE Handle,
130 |     _In_ ULONG ObjectType,
131 |     _In_ SECURITY_INFORMATION SecurityInformation,
132 |     _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
133 |     );
134 | 
135 | // secdata
136 | 
137 | PHLIBAPI
138 | BOOLEAN
139 | NTAPI
140 | PhGetAccessEntries(
141 |     _In_ PWSTR Type,
142 |     _Out_ PPH_ACCESS_ENTRY *AccessEntries,
143 |     _Out_ PULONG NumberOfAccessEntries
144 |     );
145 | 
146 | PHLIBAPI
147 | PPH_STRING
148 | NTAPI
149 | PhGetAccessString(
150 |     _In_ ACCESS_MASK Access,
151 |     _In_ PPH_ACCESS_ENTRY AccessEntries,
152 |     _In_ ULONG NumberOfAccessEntries
153 |     );
154 | 
155 | #endif


--------------------------------------------------------------------------------
/HsCore/phlib/include/seceditp.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PH_SECEDITP_H
  2 | #define _PH_SECEDITP_H
  3 | 
  4 | #include <aclui.h>
  5 | #include <aclapi.h>
  6 | 
  7 | typedef struct
  8 | {
  9 |     ISecurityInformationVtbl *VTable;
 10 | 
 11 |     ULONG RefCount;
 12 | 
 13 |     PPH_STRING ObjectName;
 14 |     PPH_GET_OBJECT_SECURITY GetObjectSecurity;
 15 |     PPH_SET_OBJECT_SECURITY SetObjectSecurity;
 16 |     PVOID Context;
 17 |     PSI_ACCESS AccessEntries;
 18 |     ULONG NumberOfAccessEntries;
 19 | } PhSecurityInformation;
 20 | 
 21 | ISecurityInformation *PhSecurityInformation_Create(
 22 |     _In_ PWSTR ObjectName,
 23 |     _In_ PPH_GET_OBJECT_SECURITY GetObjectSecurity,
 24 |     _In_ PPH_SET_OBJECT_SECURITY SetObjectSecurity,
 25 |     _In_opt_ PVOID Context,
 26 |     _In_ PPH_ACCESS_ENTRY AccessEntries,
 27 |     _In_ ULONG NumberOfAccessEntries
 28 |     );
 29 | 
 30 | HRESULT STDMETHODCALLTYPE PhSecurityInformation_QueryInterface(
 31 |     _In_ ISecurityInformation *This,
 32 |     _In_ REFIID Riid,
 33 |     _Out_ PVOID *Object
 34 |     );
 35 | 
 36 | ULONG STDMETHODCALLTYPE PhSecurityInformation_AddRef(
 37 |     _In_ ISecurityInformation *This
 38 |     );
 39 | 
 40 | ULONG STDMETHODCALLTYPE PhSecurityInformation_Release(
 41 |     _In_ ISecurityInformation *This
 42 |     );
 43 | 
 44 | HRESULT STDMETHODCALLTYPE PhSecurityInformation_GetObjectInformation(
 45 |     _In_ ISecurityInformation *This,
 46 |     _Out_ PSI_OBJECT_INFO ObjectInfo
 47 |     );
 48 | 
 49 | HRESULT STDMETHODCALLTYPE PhSecurityInformation_GetSecurity(
 50 |     _In_ ISecurityInformation *This,
 51 |     _In_ SECURITY_INFORMATION RequestedInformation,
 52 |     _Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor,
 53 |     _In_ BOOL Default
 54 |     );
 55 | 
 56 | HRESULT STDMETHODCALLTYPE PhSecurityInformation_SetSecurity(
 57 |     _In_ ISecurityInformation *This,
 58 |     _In_ SECURITY_INFORMATION SecurityInformation,
 59 |     _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 60 |     );
 61 | 
 62 | HRESULT STDMETHODCALLTYPE PhSecurityInformation_GetAccessRights(
 63 |     _In_ ISecurityInformation *This,
 64 |     _In_ const GUID *ObjectType,
 65 |     _In_ ULONG Flags,
 66 |     _Out_ PSI_ACCESS *Access,
 67 |     _Out_ PULONG Accesses,
 68 |     _Out_ PULONG DefaultAccess
 69 |     );
 70 | 
 71 | HRESULT STDMETHODCALLTYPE PhSecurityInformation_MapGeneric(
 72 |     _In_ ISecurityInformation *This,
 73 |     _In_ const GUID *ObjectType,
 74 |     _In_ PUCHAR AceFlags,
 75 |     _Inout_ PACCESS_MASK Mask
 76 |     );
 77 | 
 78 | HRESULT STDMETHODCALLTYPE PhSecurityInformation_GetInheritTypes(
 79 |     _In_ ISecurityInformation *This,
 80 |     _Out_ PSI_INHERIT_TYPE *InheritTypes,
 81 |     _Out_ PULONG InheritTypesCount
 82 |     );
 83 | 
 84 | HRESULT STDMETHODCALLTYPE PhSecurityInformation_PropertySheetPageCallback(
 85 |     _In_ ISecurityInformation *This,
 86 |     _In_ HWND hwnd,
 87 |     _In_ UINT uMsg,
 88 |     _In_ SI_PAGE_TYPE uPage
 89 |     );
 90 | 
 91 | typedef HPROPSHEETPAGE (WINAPI *_CreateSecurityPage)(
 92 |     _In_ LPSECURITYINFO psi
 93 |     );
 94 | 
 95 | typedef BOOL (WINAPI *_EditSecurity)(
 96 |     _In_ HWND hwndOwner,
 97 |     _In_ LPSECURITYINFO psi
 98 |     );
 99 | 
100 | #endif
101 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/sha.h:
--------------------------------------------------------------------------------
 1 | #ifndef _SHA_H
 2 | #define _SHA_H
 3 | 
 4 | typedef struct
 5 | {
 6 |     ULONG flag;
 7 |     UCHAR hash[20];
 8 |     ULONG state[5];
 9 |     ULONG count[2];
10 |     UCHAR buffer[64];
11 | } A_SHA_CTX;
12 | 
13 | VOID A_SHAInit(
14 |     _Out_ A_SHA_CTX *Context
15 |     );
16 | 
17 | VOID A_SHAUpdate(
18 |     _Inout_ A_SHA_CTX *Context,
19 |     _In_reads_bytes_(Length) UCHAR *Input,
20 |     _In_ ULONG Length
21 |     );
22 | 
23 | VOID A_SHAFinal(
24 |     _Inout_ A_SHA_CTX *Context,
25 |     _Out_writes_bytes_(20) UCHAR *Hash
26 |     );
27 | 
28 | #endif
29 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/symprvp.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PH_SYMPRVP_H
  2 | #define _PH_SYMPRVP_H
  3 | 
  4 | typedef BOOL (WINAPI *_SymInitialize)(
  5 |     _In_ HANDLE hProcess,
  6 |     _In_opt_ PCSTR UserSearchPath,
  7 |     _In_ BOOL fInvadeProcess
  8 |     );
  9 | 
 10 | typedef BOOL (WINAPI *_SymCleanup)(
 11 |     _In_ HANDLE hProcess
 12 |     );
 13 | 
 14 | typedef BOOL (WINAPI *_SymEnumSymbols)(
 15 |     _In_ HANDLE hProcess,
 16 |     _In_ ULONG64 BaseOfDll,
 17 |     _In_opt_ PCSTR Mask,
 18 |     _In_ PSYM_ENUMERATESYMBOLS_CALLBACK EnumSymbolsCallback,
 19 |     _In_opt_ const PVOID UserContext
 20 |     );
 21 | 
 22 | typedef BOOL (WINAPI *_SymEnumSymbolsW)(
 23 |     _In_ HANDLE hProcess,
 24 |     _In_ ULONG64 BaseOfDll,
 25 |     _In_opt_ PCWSTR Mask,
 26 |     _In_ PSYM_ENUMERATESYMBOLS_CALLBACKW EnumSymbolsCallback,
 27 |     _In_opt_ const PVOID UserContext
 28 |     );
 29 | 
 30 | typedef BOOL (WINAPI *_SymFromAddr)(
 31 |     _In_ HANDLE hProcess,
 32 |     _In_ DWORD64 Address,
 33 |     _Out_opt_ PDWORD64 Displacement,
 34 |     _Inout_ PSYMBOL_INFO Symbol
 35 |     );
 36 | 
 37 | typedef BOOL (WINAPI *_SymFromAddrW)(
 38 |     _In_ HANDLE hProcess,
 39 |     _In_ DWORD64 Address,
 40 |     _Out_opt_ PDWORD64 Displacement,
 41 |     _Inout_ PSYMBOL_INFOW Symbol
 42 |     );
 43 | 
 44 | typedef BOOL (WINAPI *_SymFromName)(
 45 |     _In_ HANDLE hProcess,
 46 |     _In_ PCSTR Name,
 47 |     _Inout_ PSYMBOL_INFO Symbol
 48 |     );
 49 | 
 50 | typedef BOOL (WINAPI *_SymFromNameW)(
 51 |     _In_ HANDLE hProcess,
 52 |     _In_ PCWSTR Name,
 53 |     _Inout_ PSYMBOL_INFOW Symbol
 54 |     );
 55 | 
 56 | typedef BOOL (WINAPI *_SymGetLineFromAddr64)(
 57 |     _In_ HANDLE hProcess,
 58 |     _In_ DWORD64 dwAddr,
 59 |     _Out_ PDWORD pdwDisplacement,
 60 |     _Out_ PIMAGEHLP_LINE64 Line
 61 |     );
 62 | 
 63 | typedef BOOL (WINAPI *_SymGetLineFromAddrW64)(
 64 |     _In_ HANDLE hProcess,
 65 |     _In_ DWORD64 dwAddr,
 66 |     _Out_ PDWORD pdwDisplacement,
 67 |     _Out_ PIMAGEHLP_LINEW64 Line
 68 |     );
 69 | 
 70 | typedef DWORD64 (WINAPI *_SymLoadModule64)(
 71 |     _In_ HANDLE hProcess,
 72 |     _In_opt_ HANDLE hFile,
 73 |     _In_opt_ PCSTR ImageName,
 74 |     _In_opt_ PCSTR ModuleName,
 75 |     _In_ DWORD64 BaseOfDll,
 76 |     _In_ DWORD SizeOfDll
 77 |     );
 78 | 
 79 | typedef DWORD64 (WINAPI *_SymLoadModuleExW)(
 80 |     _In_ HANDLE hProcess,
 81 |     _In_ HANDLE hFile,
 82 |     _In_ PCWSTR ImageName,
 83 |     _In_ PCWSTR ModuleName,
 84 |     _In_ DWORD64 BaseOfDll,
 85 |     _In_ DWORD DllSize,
 86 |     _In_ PMODLOAD_DATA Data,
 87 |     _In_ DWORD Flags
 88 |     );
 89 | 
 90 | typedef DWORD (WINAPI *_SymGetOptions)();
 91 | 
 92 | typedef DWORD (WINAPI *_SymSetOptions)(
 93 |     _In_ DWORD SymOptions
 94 |     );
 95 | 
 96 | typedef BOOL (WINAPI *_SymGetSearchPath)(
 97 |     _In_ HANDLE hProcess,
 98 |     _Out_ PSTR SearchPath,
 99 |     _In_ DWORD SearchPathLength
100 |     );
101 | 
102 | typedef BOOL (WINAPI *_SymGetSearchPathW)(
103 |     _In_ HANDLE hProcess,
104 |     _Out_ PWSTR SearchPath,
105 |     _In_ DWORD SearchPathLength
106 |     );
107 | 
108 | typedef BOOL (WINAPI *_SymSetSearchPath)(
109 |     _In_ HANDLE hProcess,
110 |     _In_opt_ PCSTR SearchPath
111 |     );
112 | 
113 | typedef BOOL (WINAPI *_SymSetSearchPathW)(
114 |     _In_ HANDLE hProcess,
115 |     _In_opt_ PCWSTR SearchPath
116 |     );
117 | 
118 | typedef BOOL (WINAPI *_SymUnloadModule64)(
119 |     _In_ HANDLE hProcess,
120 |     _In_ DWORD64 BaseOfDll
121 |     );
122 | 
123 | typedef PVOID (WINAPI *_SymFunctionTableAccess64)(
124 |     _In_ HANDLE hProcess,
125 |     _In_ DWORD64 AddrBase
126 |     );
127 | 
128 | typedef DWORD64 (WINAPI *_SymGetModuleBase64)(
129 |     _In_ HANDLE hProcess,
130 |     _In_ DWORD64 dwAddr
131 |     );
132 | 
133 | typedef BOOL (WINAPI *_SymRegisterCallbackW64)(
134 |     _In_ HANDLE hProcess,
135 |     _In_ PSYMBOL_REGISTERED_CALLBACK64 CallbackFunction,
136 |     _In_ ULONG64 UserContext
137 |     );
138 | 
139 | typedef BOOL (WINAPI *_StackWalk64)(
140 |     _In_ DWORD MachineType,
141 |     _In_ HANDLE hProcess,
142 |     _In_ HANDLE hThread,
143 |     _Inout_ LPSTACKFRAME64 StackFrame,
144 |     _Inout_ PVOID ContextRecord,
145 |     _In_opt_ PREAD_PROCESS_MEMORY_ROUTINE64 ReadMemoryRoutine,
146 |     _In_opt_ PFUNCTION_TABLE_ACCESS_ROUTINE64 FunctionTableAccessRoutine,
147 |     _In_opt_ PGET_MODULE_BASE_ROUTINE64 GetModuleBaseRoutine,
148 |     _In_opt_ PTRANSLATE_ADDRESS_ROUTINE64 TranslateAddress
149 |     );
150 | 
151 | typedef BOOL (WINAPI *_MiniDumpWriteDump)(
152 |     _In_ HANDLE hProcess,
153 |     _In_ DWORD ProcessId,
154 |     _In_ HANDLE hFile,
155 |     _In_ MINIDUMP_TYPE DumpType,
156 |     _In_ PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam,
157 |     _In_ PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam,
158 |     _In_ PMINIDUMP_CALLBACK_INFORMATION CallbackParam
159 |     );
160 | 
161 | typedef UINT_PTR (CALLBACK *_SymbolServerGetOptions)(
162 |     VOID
163 |     );
164 | 
165 | typedef BOOL (CALLBACK *_SymbolServerSetOptions)(
166 |     _In_ UINT_PTR options,
167 |     _In_ ULONG64 data
168 |     );
169 | 
170 | #endif


--------------------------------------------------------------------------------
/HsCore/phlib/include/templ.h:
--------------------------------------------------------------------------------
1 | #ifndef _PH_TEMPL_H
2 | #define _PH_TEMPL_H
3 | 
4 | #define TEMPLATE_(f,T) f##_##T
5 | #define T___(f,T) TEMPLATE_(f,T)
6 | 
7 | #endif
8 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/verify.h:
--------------------------------------------------------------------------------
 1 | #ifndef _PH_VERIFY_H
 2 | #define _PH_VERIFY_H
 3 | 
 4 | #include <wintrust.h>
 5 | #include <softpub.h>
 6 | 
 7 | #define PH_VERIFY_DEFAULT_SIZE_LIMIT (32 * 1024 * 1024)
 8 | 
 9 | typedef enum _VERIFY_RESULT
10 | {
11 |     VrUnknown = 0,
12 |     VrNoSignature,
13 |     VrTrusted,
14 |     VrExpired,
15 |     VrRevoked,
16 |     VrDistrust,
17 |     VrSecuritySettings,
18 |     VrBadSignature
19 | } VERIFY_RESULT, *PVERIFY_RESULT;
20 | 
21 | #define PH_VERIFY_PREVENT_NETWORK_ACCESS 0x1
22 | #define PH_VERIFY_VIEW_PROPERTIES 0x2
23 | 
24 | typedef struct _PH_VERIFY_FILE_INFO
25 | {
26 |     PWSTR FileName;
27 |     ULONG Flags; // PH_VERIFY_*
28 | 
29 |     ULONG FileSizeLimitForHash; // 0 for PH_VERIFY_DEFAULT_SIZE_LIMIT, -1 for unlimited
30 |     ULONG NumberOfCatalogFileNames;
31 |     PWSTR *CatalogFileNames;
32 | 
33 |     HWND hWnd; // for PH_VERIFY_VIEW_PROPERTIES
34 | } PH_VERIFY_FILE_INFO, *PPH_VERIFY_FILE_INFO;
35 | 
36 | PHLIBAPI
37 | VERIFY_RESULT PhVerifyFile(
38 |     _In_ PWSTR FileName,
39 |     _Out_opt_ PPH_STRING *SignerName
40 |     );
41 | 
42 | NTSTATUS PhVerifyFileEx(
43 |     _In_ PPH_VERIFY_FILE_INFO Information,
44 |     _Out_ VERIFY_RESULT *VerifyResult,
45 |     _Out_opt_ PCERT_CONTEXT **Signatures,
46 |     _Out_opt_ PULONG NumberOfSignatures
47 |     );
48 | 
49 | VOID PhFreeVerifySignatures(
50 |     _In_ PCERT_CONTEXT *Signatures,
51 |     _In_ ULONG NumberOfSignatures
52 |     );
53 | 
54 | PPH_STRING PhGetSignerNameFromCertificate(
55 |     _In_ PCERT_CONTEXT Certificate
56 |     );
57 | 
58 | #endif
59 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/verifyp.h:
--------------------------------------------------------------------------------
  1 | #ifndef _PH_VERIFYP_H
  2 | #define _PH_VERIFYP_H
  3 | 
  4 | typedef struct _CATALOG_INFO
  5 | {
  6 |     DWORD cbStruct;
  7 |     WCHAR wszCatalogFile[MAX_PATH];
  8 | } CATALOG_INFO, *PCATALOG_INFO;
  9 | 
 10 | typedef struct tagCRYPTUI_VIEWSIGNERINFO_STRUCT {
 11 |     DWORD dwSize;
 12 |     HWND hwndParent;
 13 |     DWORD dwFlags;
 14 |     LPCTSTR szTitle;
 15 |     CMSG_SIGNER_INFO *pSignerInfo;
 16 |     HCRYPTMSG hMsg;
 17 |     LPCSTR pszOID;
 18 |     DWORD_PTR dwReserved;
 19 |     DWORD cStores;
 20 |     HCERTSTORE *rghStores;
 21 |     DWORD cPropSheetPages;
 22 |     LPCPROPSHEETPAGE rgPropSheetPages;
 23 | } CRYPTUI_VIEWSIGNERINFO_STRUCT, *PCRYPTUI_VIEWSIGNERINFO_STRUCT;
 24 | 
 25 | typedef BOOL (WINAPI *_CryptCATAdminCalcHashFromFileHandle)(
 26 |     HANDLE hFile,
 27 |     DWORD *pcbHash,
 28 |     BYTE *pbHash,
 29 |     DWORD dwFlags
 30 |     );
 31 | 
 32 | typedef BOOL (WINAPI *_CryptCATAdminCalcHashFromFileHandle2)(
 33 |     HCATADMIN hCatAdmin,
 34 |     HANDLE hFile,
 35 |     DWORD *pcbHash,
 36 |     BYTE *pbHash,
 37 |     DWORD dwFlags
 38 |     );
 39 | 
 40 | typedef BOOL (WINAPI *_CryptCATAdminAcquireContext)(
 41 |     HANDLE *phCatAdmin,
 42 |     GUID *pgSubsystem,
 43 |     DWORD dwFlags
 44 |     );
 45 | 
 46 | typedef BOOL (WINAPI *_CryptCATAdminAcquireContext2)(
 47 |     HCATADMIN *phCatAdmin,
 48 |     const GUID *pgSubsystem,
 49 |     PCWSTR pwszHashAlgorithm,
 50 |     PCCERT_STRONG_SIGN_PARA pStrongHashPolicy,
 51 |     DWORD dwFlags
 52 |     );
 53 | 
 54 | typedef HANDLE (WINAPI *_CryptCATAdminEnumCatalogFromHash)(
 55 |     HANDLE hCatAdmin,
 56 |     BYTE *pbHash,
 57 |     DWORD cbHash,
 58 |     DWORD dwFlags,
 59 |     HANDLE *phPrevCatInfo
 60 |     );
 61 | 
 62 | typedef BOOL (WINAPI *_CryptCATCatalogInfoFromContext)(
 63 |     HANDLE hCatInfo,
 64 |     CATALOG_INFO *psCatInfo,
 65 |     DWORD dwFlags
 66 |     );
 67 | 
 68 | typedef BOOL (WINAPI *_CryptCATAdminReleaseCatalogContext)(
 69 |     HANDLE hCatAdmin,
 70 |     HANDLE hCatInfo,
 71 |     DWORD dwFlags
 72 |     );
 73 | 
 74 | typedef BOOL (WINAPI *_CryptCATAdminReleaseContext)(
 75 |     HANDLE hCatAdmin,
 76 |     DWORD dwFlags
 77 |     );
 78 | 
 79 | typedef PCRYPT_PROVIDER_DATA (WINAPI *_WTHelperProvDataFromStateData)(
 80 |     HANDLE hStateData
 81 |     );
 82 | 
 83 | typedef PCRYPT_PROVIDER_SGNR (WINAPI *_WTHelperGetProvSignerFromChain)(
 84 |     CRYPT_PROVIDER_DATA *pProvData,
 85 |     DWORD idxSigner,
 86 |     BOOL fCounterSigner,
 87 |     DWORD idxCounterSigner
 88 |     );
 89 | 
 90 | typedef LONG (WINAPI *_WinVerifyTrust)(
 91 |     HWND hWnd,
 92 |     GUID *pgActionID,
 93 |     LPVOID pWVTData
 94 |     );
 95 | 
 96 | typedef DWORD (WINAPI *_CertNameToStr)(
 97 |     DWORD dwCertEncodingType,
 98 |     PCERT_NAME_BLOB pName,
 99 |     DWORD dwStrType,
100 |     LPTSTR psz,
101 |     DWORD csz
102 |     );
103 | 
104 | typedef PCCERT_CONTEXT (WINAPI *_CertDuplicateCertificateContext)(
105 |     _In_ PCCERT_CONTEXT pCertContext
106 |     );
107 | 
108 | typedef BOOL (WINAPI *_CertFreeCertificateContext)(
109 |     _In_ PCCERT_CONTEXT pCertContext
110 |     );
111 | 
112 | typedef BOOL (WINAPI *_CryptUIDlgViewSignerInfo)(
113 |     _In_ CRYPTUI_VIEWSIGNERINFO_STRUCT *pcvsi
114 |     );
115 | 
116 | #endif
117 | 


--------------------------------------------------------------------------------
/HsCore/phlib/include/winmisc.h:
--------------------------------------------------------------------------------
 1 | #ifndef _WINMISC_H
 2 | #define _WINMISC_H
 3 | 
 4 | // Subprocess tag information
 5 | 
 6 | typedef enum _TAG_INFO_LEVEL
 7 | {
 8 |     eTagInfoLevelNameFromTag = 1, // TAG_INFO_NAME_FROM_TAG
 9 |     eTagInfoLevelNamesReferencingModule, // TAG_INFO_NAMES_REFERENCING_MODULE
10 |     eTagInfoLevelNameTagMapping, // TAG_INFO_NAME_TAG_MAPPING
11 |     eTagInfoLevelMax
12 | } TAG_INFO_LEVEL;
13 | 
14 | typedef enum _TAG_TYPE
15 | {
16 |     eTagTypeService = 1,
17 |     eTagTypeMax
18 | } TAG_TYPE;
19 | 
20 | typedef struct _TAG_INFO_NAME_FROM_TAG_IN_PARAMS
21 | {
22 |     DWORD dwPid;
23 |     DWORD dwTag;
24 | } TAG_INFO_NAME_FROM_TAG_IN_PARAMS, *PTAG_INFO_NAME_FROM_TAG_IN_PARAMS;
25 | 
26 | typedef struct _TAG_INFO_NAME_FROM_TAG_OUT_PARAMS
27 | {
28 |     DWORD eTagType;
29 |     LPWSTR pszName;
30 | } TAG_INFO_NAME_FROM_TAG_OUT_PARAMS, *PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS;
31 | 
32 | typedef struct _TAG_INFO_NAME_FROM_TAG
33 | {
34 |     TAG_INFO_NAME_FROM_TAG_IN_PARAMS InParams;
35 |     TAG_INFO_NAME_FROM_TAG_OUT_PARAMS OutParams;
36 | } TAG_INFO_NAME_FROM_TAG, *PTAG_INFO_NAME_FROM_TAG;
37 | 
38 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS
39 | {
40 |     DWORD dwPid;
41 |     LPWSTR pszModule;
42 | } TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS;
43 | 
44 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS
45 | {
46 |     DWORD eTagType;
47 |     LPWSTR pmszNames;
48 | } TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS;
49 | 
50 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE
51 | {
52 |     TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS InParams;
53 |     TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS OutParams;
54 | } TAG_INFO_NAMES_REFERENCING_MODULE, *PTAG_INFO_NAMES_REFERENCING_MODULE;
55 | 
56 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS
57 | {
58 |     DWORD dwPid;
59 | } TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_IN_PARAMS;
60 | 
61 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_ELEMENT
62 | {
63 |     DWORD eTagType;
64 |     DWORD dwTag;
65 |     LPWSTR pszName;
66 |     LPWSTR pszGroupName;
67 | } TAG_INFO_NAME_TAG_MAPPING_ELEMENT, *PTAG_INFO_NAME_TAG_MAPPING_ELEMENT;
68 | 
69 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS
70 | {
71 |     DWORD cElements;
72 |     PTAG_INFO_NAME_TAG_MAPPING_ELEMENT pNameTagMappingElements;
73 | } TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS;
74 | 
75 | typedef struct _TAG_INFO_NAME_TAG_MAPPING
76 | {
77 |     TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS InParams;
78 |     PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS pOutParams;
79 | } TAG_INFO_NAME_TAG_MAPPING, *PTAG_INFO_NAME_TAG_MAPPING;
80 | 
81 | _Must_inspect_result_
82 | DWORD
83 | WINAPI
84 | I_QueryTagInformation(
85 |     _In_opt_ LPCWSTR pszMachineName,
86 |     _In_ TAG_INFO_LEVEL eInfoLevel,
87 |     _Inout_ PVOID pTagInfo
88 |     );
89 | 
90 | typedef DWORD (WINAPI *PQUERY_TAG_INFORMATION)(
91 |     _In_opt_ LPCWSTR pszMachineName,
92 |     _In_ TAG_INFO_LEVEL eInfoLevel,
93 |     _Inout_ PVOID pTagInfo
94 |     );
95 | 
96 | #endif
97 | 


--------------------------------------------------------------------------------
/HsCore/phlib/kphdata.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Process Hacker -
  3 |  *   KProcessHacker dynamic data definitions
  4 |  *
  5 |  * Copyright (C) 2011-2013 wj32
  6 |  *
  7 |  * This file is part of Process Hacker.
  8 |  *
  9 |  * Process Hacker is free software; you can redistribute it and/or modify
 10 |  * it under the terms of the GNU General Public License as published by
 11 |  * the Free Software Foundation, either version 3 of the License, or
 12 |  * (at your option) any later version.
 13 |  *
 14 |  * Process Hacker is distributed in the hope that it will be useful,
 15 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 16 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 17 |  * GNU General Public License for more details.
 18 |  *
 19 |  * You should have received a copy of the GNU General Public License
 20 |  * along with Process Hacker.  If not, see <http://www.gnu.org/licenses/>.
 21 |  */
 22 | 
 23 | #include <ph.h>
 24 | #include <kphuser.h>
 25 | 
 26 | #ifdef _WIN64
 27 | 
 28 | ULONG KphpGetKernelRevisionNumber(
 29 |     VOID
 30 |     )
 31 | {
 32 |     ULONG result;
 33 |     PPH_STRING kernelFileName;
 34 |     PVOID versionInfo;
 35 |     VS_FIXEDFILEINFO *rootBlock;
 36 |     ULONG rootBlockLength;
 37 | 
 38 |     result = 0;
 39 |     kernelFileName = PhGetKernelFileName();
 40 |     PhMoveReference(&kernelFileName, PhGetFileName(kernelFileName));
 41 |     versionInfo = PhGetFileVersionInfo(kernelFileName->Buffer);
 42 |     PhDereferenceObject(kernelFileName);
 43 | 
 44 |     if (versionInfo && VerQueryValue(versionInfo, L"\\", &rootBlock, &rootBlockLength) && rootBlockLength != 0)
 45 |         result = rootBlock->dwFileVersionLS & 0xffff;
 46 | 
 47 |     PhFree(versionInfo);
 48 | 
 49 |     return result;
 50 | }
 51 | 
 52 | NTSTATUS KphInitializeDynamicPackage(
 53 |     _Out_ PKPH_DYN_PACKAGE Package
 54 |     )
 55 | {
 56 |     ULONG majorVersion, minorVersion, servicePack, buildNumber;
 57 | 
 58 |     majorVersion = PhOsVersion.dwMajorVersion;
 59 |     minorVersion = PhOsVersion.dwMinorVersion;
 60 |     servicePack = PhOsVersion.wServicePackMajor;
 61 |     buildNumber = PhOsVersion.dwBuildNumber;
 62 | 
 63 |     memset(&Package->StructData, -1, sizeof(KPH_DYN_STRUCT_DATA));
 64 | 
 65 |     Package->MajorVersion = (USHORT)majorVersion;
 66 |     Package->MinorVersion = (USHORT)minorVersion;
 67 |     Package->ServicePackMajor = (USHORT)servicePack;
 68 |     Package->BuildNumber = -1;
 69 | 
 70 |     // Windows Vista, Windows Server 2008
 71 |     if (majorVersion == 6 && minorVersion == 0)
 72 |     {
 73 |         Package->ResultingNtVersion = PHNT_VISTA;
 74 | 
 75 |         if (servicePack == 0)
 76 |         {
 77 |             Package->StructData.OtName = 0x78;
 78 |             Package->StructData.OtIndex = 0x90;
 79 |         }
 80 |         else if (servicePack == 1)
 81 |         {
 82 |             Package->StructData.OtName = 0x10;
 83 |             Package->StructData.OtIndex = 0x28;
 84 |         }
 85 |         else if (servicePack == 2)
 86 |         {
 87 |             Package->StructData.OtName = 0x10;
 88 |             Package->StructData.OtIndex = 0x28;
 89 |         }
 90 |         else
 91 |         {
 92 |             return STATUS_NOT_SUPPORTED;
 93 |         }
 94 | 
 95 |         Package->StructData.EgeGuid = 0x14;
 96 |         Package->StructData.EpObjectTable = 0x160;
 97 |         Package->StructData.EpRundownProtect = 0xd8;
 98 |         Package->StructData.EreGuidEntry = 0x10;
 99 |     }
100 |     // Windows 7, Windows Server 2008 R2
101 |     else if (majorVersion == 6 && minorVersion == 1)
102 |     {
103 |         Package->ResultingNtVersion = PHNT_WIN7;
104 | 
105 |         if (servicePack == 0)
106 |         {
107 |         }
108 |         else if (servicePack == 1)
109 |         {
110 |         }
111 |         else
112 |         {
113 |             return STATUS_NOT_SUPPORTED;
114 |         }
115 | 
116 |         Package->StructData.EgeGuid = 0x14;
117 |         Package->StructData.EpObjectTable = 0x200;
118 |         Package->StructData.EpRundownProtect = 0x178;
119 |         Package->StructData.EreGuidEntry = 0x10;
120 |         Package->StructData.OtName = 0x10;
121 |         Package->StructData.OtIndex = 0x28; // now only a UCHAR, not a ULONG
122 |     }
123 |     // Windows 8, Windows Server 2012
124 |     else if (majorVersion == 6 && minorVersion == 2 && buildNumber == 9200)
125 |     {
126 |         Package->BuildNumber = 9200;
127 |         Package->ResultingNtVersion = PHNT_WIN8;
128 | 
129 |         Package->StructData.EgeGuid = 0x14;
130 |         Package->StructData.EpObjectTable = 0x408;
131 |         Package->StructData.EpRundownProtect = 0x2d8;
132 |         Package->StructData.EreGuidEntry = 0x10;
133 |         Package->StructData.HtHandleContentionEvent = 0x30;
134 |         Package->StructData.OtName = 0x10;
135 |         Package->StructData.OtIndex = 0x28;
136 |         Package->StructData.ObDecodeShift = 19;
137 |         Package->StructData.ObAttributesShift = 20;
138 |     }
139 |     // Windows 8.1, Windows Server 2012 R2
140 |     else if (majorVersion == 6 && minorVersion == 3 && buildNumber == 9600)
141 |     {
142 |         ULONG revisionNumber = KphpGetKernelRevisionNumber();
143 | 
144 |         Package->BuildNumber = 9600;
145 |         Package->ResultingNtVersion = PHNT_WINBLUE;
146 | 
147 |         Package->StructData.EgeGuid = 0x18;
148 |         Package->StructData.EpObjectTable = 0x408;
149 |         Package->StructData.EpRundownProtect = 0x2d8;
150 |         Package->StructData.EreGuidEntry = revisionNumber >= 17736 ? 0x20 : 0x10;
151 |         Package->StructData.HtHandleContentionEvent = 0x30;
152 |         Package->StructData.OtName = 0x10;
153 |         Package->StructData.OtIndex = 0x28;
154 |         Package->StructData.ObDecodeShift = 16;
155 |         Package->StructData.ObAttributesShift = 17;
156 |     }
157 |     else
158 |     {
159 |         return STATUS_NOT_SUPPORTED;
160 |     }
161 | 
162 |     return STATUS_SUCCESS;
163 | }
164 | 
165 | #else
166 | 
167 | NTSTATUS KphInitializeDynamicPackage(
168 |     _Out_ PKPH_DYN_PACKAGE Package
169 |     )
170 | {
171 |     ULONG majorVersion, minorVersion, servicePack, buildNumber;
172 | 
173 |     majorVersion = PhOsVersion.dwMajorVersion;
174 |     minorVersion = PhOsVersion.dwMinorVersion;
175 |     servicePack = PhOsVersion.wServicePackMajor;
176 |     buildNumber = PhOsVersion.dwBuildNumber;
177 | 
178 |     memset(&Package->StructData, -1, sizeof(KPH_DYN_STRUCT_DATA));
179 | 
180 |     Package->MajorVersion = (USHORT)majorVersion;
181 |     Package->MinorVersion = (USHORT)minorVersion;
182 |     Package->ServicePackMajor = (USHORT)servicePack;
183 |     Package->BuildNumber = -1;
184 | 
185 |     // Nothing here yet
186 |     {
187 |         return STATUS_NOT_SUPPORTED;
188 |     }
189 | 
190 |     return STATUS_SUCCESS;
191 | }
192 | 
193 | #endif
194 | 


--------------------------------------------------------------------------------
/HsCore/phlib/sha.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright 2004 Filip Navara
  3 |  * Based on public domain SHA code by Steve Reid <steve@edmweb.com>
  4 |  *
  5 |  * This library is free software; you can redistribute it and/or
  6 |  * modify it under the terms of the GNU Lesser General Public
  7 |  * License as published by the Free Software Foundation; either
  8 |  * version 2.1 of the License, or (at your option) any later version.
  9 |  *
 10 |  * This library is distributed in the hope that it will be useful,
 11 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 12 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 13 |  * Lesser General Public License for more details.
 14 |  *
 15 |  * You should have received a copy of the GNU Lesser General Public
 16 |  * License along with this library; if not, write to the Free Software
 17 |  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
 18 |  */
 19 | 
 20 | /* This code was modified for Process Hacker. */
 21 | 
 22 | #include <phbase.h>
 23 | #include <sha.h>
 24 | 
 25 | /* SHA1 Helper Macros */
 26 | 
 27 | //#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
 28 | #define rol(value, bits) (_rotl((value), (bits)))
 29 | #define DWORD2BE(x) (((x) >> 24) & 0xff) | (((x) >> 8) & 0xff00) | (((x) << 8) & 0xff0000) | (((x) << 24) & 0xff000000);
 30 | #define blk0(i) (Block[i] = (rol(Block[i],24)&0xFF00FF00)|(rol(Block[i],8)&0x00FF00FF))
 31 | #define blk1(i) (Block[i&15] = rol(Block[(i+13)&15]^Block[(i+8)&15]^Block[(i+2)&15]^Block[i&15],1))
 32 | #define f1(x,y,z) (z^(x&(y^z)))
 33 | #define f2(x,y,z) (x^y^z)
 34 | #define f3(x,y,z) ((x&y)|(z&(x|y)))
 35 | #define f4(x,y,z) (x^y^z)
 36 | /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
 37 | #define R0(v,w,x,y,z,i) z+=f1(w,x,y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
 38 | #define R1(v,w,x,y,z,i) z+=f1(w,x,y)+blk1(i)+0x5A827999+rol(v,5);w=rol(w,30);
 39 | #define R2(v,w,x,y,z,i) z+=f2(w,x,y)+blk1(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
 40 | #define R3(v,w,x,y,z,i) z+=f3(w,x,y)+blk1(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
 41 | #define R4(v,w,x,y,z,i) z+=f4(w,x,y)+blk1(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
 42 | 
 43 | /* Hash a single 512-bit block. This is the core of the algorithm. */
 44 | static void SHATransform(ULONG State[5], UCHAR Buffer[64])
 45 | {
 46 |    ULONG a, b, c, d, e;
 47 |    ULONG *Block;
 48 | 
 49 |    Block = (ULONG*)Buffer;
 50 | 
 51 |    /* Copy Context->State[] to working variables */
 52 |    a = State[0];
 53 |    b = State[1];
 54 |    c = State[2];
 55 |    d = State[3];
 56 |    e = State[4];
 57 | 
 58 |    /* 4 rounds of 20 operations each. Loop unrolled. */
 59 |    R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
 60 |    R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
 61 |    R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
 62 |    R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
 63 |    R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
 64 |    R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
 65 |    R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
 66 |    R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
 67 |    R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
 68 |    R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
 69 |    R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
 70 |    R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
 71 |    R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
 72 |    R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
 73 |    R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
 74 |    R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
 75 |    R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
 76 |    R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
 77 |    R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
 78 |    R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
 79 | 
 80 |    /* Add the working variables back into Context->State[] */
 81 |    State[0] += a;
 82 |    State[1] += b;
 83 |    State[2] += c;
 84 |    State[3] += d;
 85 |    State[4] += e;
 86 | 
 87 |    /* Wipe variables */
 88 |    a = b = c = d = e = 0;
 89 | }
 90 | 
 91 | VOID A_SHAInit(
 92 |     _Out_ A_SHA_CTX *Context
 93 |     )
 94 | {
 95 |    /* SHA1 initialization constants */
 96 |    Context->state[0] = 0x67452301;
 97 |    Context->state[1] = 0xEFCDAB89;
 98 |    Context->state[2] = 0x98BADCFE;
 99 |    Context->state[3] = 0x10325476;
100 |    Context->state[4] = 0xC3D2E1F0;
101 |    Context->count[0] = 0;
102 |    Context->count[1] = 0;
103 | }
104 | 
105 | VOID A_SHAUpdate(
106 |     _Inout_ A_SHA_CTX *Context,
107 |     _In_reads_bytes_(Length) UCHAR *Input,
108 |     _In_ ULONG Length
109 |     )
110 | {
111 |    ULONG InputContentSize;
112 | 
113 |    InputContentSize = Context->count[1] & 63;
114 |    Context->count[1] += Length;
115 |    if (Context->count[1] < Length)
116 |       Context->count[0]++;
117 |    Context->count[0] += (Length >> 29);
118 | 
119 |    if (InputContentSize + Length < 64)
120 |    {
121 |       RtlCopyMemory(&Context->buffer[InputContentSize], Input,
122 |                     Length);
123 |    }
124 |    else
125 |    {
126 |       while (InputContentSize + Length >= 64)
127 |       {
128 |          RtlCopyMemory(Context->buffer + InputContentSize, Input,
129 |                        64 - InputContentSize);
130 |          Input += 64 - InputContentSize;
131 |          Length -= 64 - InputContentSize;
132 |          SHATransform(Context->state, Context->buffer);
133 |          InputContentSize = 0;
134 |       }
135 |       RtlCopyMemory(Context->buffer + InputContentSize, Input, Length);
136 |    }
137 | }
138 | 
139 | VOID A_SHAFinal(
140 |     _Inout_ A_SHA_CTX *Context,
141 |     _Out_writes_bytes_(20) UCHAR *Hash
142 |     )
143 | {
144 |    INT Pad, Index;
145 |    UCHAR Buffer[72];
146 |    ULONG *Count;
147 |    ULONG BufferContentSize, LengthHi, LengthLo;
148 |    ULONG *Result;
149 | 
150 |    BufferContentSize = Context->count[1] & 63;
151 |    if (BufferContentSize >= 56)
152 |       Pad = 56 + 64 - BufferContentSize;
153 |    else
154 |       Pad = 56 - BufferContentSize;
155 | 
156 |    LengthHi = (Context->count[0] << 3) | (Context->count[1] >> (32 - 3));
157 |    LengthLo = (Context->count[1] << 3);
158 | 
159 |    RtlZeroMemory(Buffer + 1, Pad - 1);
160 |    Buffer[0] = 0x80;
161 |    Count = (ULONG*)(Buffer + Pad);
162 |    Count[0] = DWORD2BE(LengthHi);
163 |    Count[1] = DWORD2BE(LengthLo);
164 |    A_SHAUpdate(Context, Buffer, Pad + 8);
165 | 
166 |    Result = (ULONG *)Hash;
167 | 
168 |    for (Index = 0; Index < 5; Index++)
169 |       Result[Index] = DWORD2BE(Context->state[Index]);
170 | 
171 |    A_SHAInit(Context);
172 | }
173 | 


--------------------------------------------------------------------------------
/HzrFilter/Context.c:
--------------------------------------------------------------------------------
  1 | /*
  2 | *  Copyright (C) 2015 Orbitech
  3 | *
  4 | *  Authors: xqrzd
  5 | *
  6 | *  This program is free software; you can redistribute it and/or modify
  7 | *  it under the terms of the GNU General Public License version 2 as
  8 | *  published by the Free Software Foundation.
  9 | *
 10 | *  This program is distributed in the hope that it will be useful,
 11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 13 | *  GNU General Public License for more details.
 14 | *
 15 | *  You should have received a copy of the GNU General Public License
 16 | *  along with this program; if not, write to the Free Software
 17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 18 | *  MA 02110-1301, USA.
 19 | */
 20 | 
 21 | #include "Context.h"
 22 | #include "Utility.h"
 23 | 
 24 | #define HS_CTX_INSTANCE_TAG 'iCzH'
 25 | #define HS_CTX_STREAM_TAG 'sCzH'
 26 | #define HS_CTX_STREAMHANDLE_TAG 'hCzH'
 27 | #define HS_CTX_SECTION_TAG 'nCzH'
 28 | 
 29 | VOID HspInstanceContextCleanup(
 30 | 	_In_ PFLT_CONTEXT Context,
 31 | 	_In_ FLT_CONTEXT_TYPE ContextType
 32 | 	);
 33 | 
 34 | VOID HspStreamContextCleanup(
 35 | 	_In_ PFLT_CONTEXT Context,
 36 | 	_In_ FLT_CONTEXT_TYPE ContextType
 37 | 	);
 38 | 
 39 | VOID HspSectionContextCleanup(
 40 | 	_In_ PFLT_CONTEXT Context,
 41 | 	_In_ FLT_CONTEXT_TYPE ContextType
 42 | 	);
 43 | 
 44 | const FLT_CONTEXT_REGISTRATION ContextRegistration[] = {
 45 | 	{
 46 | 		FLT_INSTANCE_CONTEXT,
 47 | 		0,
 48 | 		HspInstanceContextCleanup,
 49 | 		sizeof(HS_INSTANCE_CONTEXT),
 50 | 		HS_CTX_INSTANCE_TAG
 51 | 	},
 52 | 	{
 53 | 		FLT_STREAM_CONTEXT,
 54 | 		0,
 55 | 		HspStreamContextCleanup,
 56 | 		sizeof(HS_STREAM_CONTEXT),
 57 | 		HS_CTX_STREAM_TAG
 58 | 	},
 59 | 	{
 60 | 		FLT_STREAMHANDLE_CONTEXT,
 61 | 		0,
 62 | 		NULL,
 63 | 		sizeof(HS_STREAMHANDLE_CONTEXT),
 64 | 		HS_CTX_STREAMHANDLE_TAG
 65 | 	},
 66 | #if WINVER >= _WIN32_WINNT_WIN8
 67 | 	{
 68 | 		FLT_SECTION_CONTEXT,
 69 | 		0,
 70 | 		HspSectionContextCleanup,
 71 | 		sizeof(HS_SECTION_CONTEXT),
 72 | 		HS_CTX_SECTION_TAG
 73 | 	},
 74 | #endif
 75 | 
 76 | 	{ FLT_CONTEXT_END }
 77 | };
 78 | 
 79 | VOID HspInstanceContextCleanup(
 80 | 	_In_ PFLT_CONTEXT Context,
 81 | 	_In_ FLT_CONTEXT_TYPE ContextType)
 82 | {
 83 | 	PHS_INSTANCE_CONTEXT context = Context;
 84 | 
 85 | 	UNREFERENCED_PARAMETER(ContextType);
 86 | 
 87 | 	if (context->CacheSupported)
 88 | 	{
 89 | 		FltAcquirePushLockExclusive(&context->CacheLock);
 90 | 		HsAvlDeleteAllElements(&context->CacheTable);
 91 | 		FltReleasePushLock(&context->CacheLock);
 92 | 		FltDeletePushLock(&context->CacheLock);
 93 | 	}
 94 | }
 95 | 
 96 | VOID HspStreamContextCleanup(
 97 | 	_In_ PFLT_CONTEXT Context,
 98 | 	_In_ FLT_CONTEXT_TYPE ContextType)
 99 | {
100 | 	PHS_STREAM_CONTEXT context = Context;
101 | 
102 | 	UNREFERENCED_PARAMETER(ContextType);
103 | 
104 | 	FltDeletePushLock(&context->ScanLock);
105 | }
106 | 
107 | VOID HspSectionContextCleanup(
108 | 	_In_ PFLT_CONTEXT Context,
109 | 	_In_ FLT_CONTEXT_TYPE ContextType)
110 | {
111 | 	PHS_SECTION_CONTEXT sectionContext = Context;
112 | 
113 | 	UNREFERENCED_PARAMETER(ContextType);
114 | 
115 | 	ObDereferenceObject(sectionContext->SectionObject);
116 | }
117 | 
118 | /// <summary>
119 | /// Returns TRUE if the given file is owned by the prefetcher.
120 | /// </summary>
121 | /// <param name="Instance">Opaque instance pointer for the caller.</param>
122 | /// <param name="FileObject">File object pointer for the file.</param>
123 | BOOLEAN HsIsPrefetchContextPresent(
124 | 	_In_ PFLT_INSTANCE Instance,
125 | 	_In_ PFILE_OBJECT FileObject)
126 | {
127 | 	NTSTATUS status;
128 | 	PHS_STREAMHANDLE_CONTEXT context;
129 | 	BOOLEAN prefetchOpen = FALSE;
130 | 
131 | 	status = FltGetStreamHandleContext(
132 | 		Instance,
133 | 		FileObject,
134 | 		&context);
135 | 
136 | 	if (NT_SUCCESS(status))
137 | 	{
138 | 		prefetchOpen = context->PrefetchOpen;
139 | 		FltReleaseContext(context);
140 | 	}
141 | 
142 | 	return prefetchOpen;
143 | }
144 | 
145 | /// <summary>
146 | /// Releases a section context. Note that this does
147 | /// not close the section handle.
148 | /// </summary>
149 | /// <param name="SectionContext">Pointer to the context.</param>
150 | NTSTATUS HsReleaseSectionContext(
151 | 	_In_ PHS_SECTION_CONTEXT SectionContext)
152 | {
153 | 	NTSTATUS status;
154 | 
155 | #if WINVER >= _WIN32_WINNT_WIN8
156 | 	status = FltCloseSectionForDataScan(SectionContext);
157 | 
158 | 	if (!NT_SUCCESS(status))
159 | 		DbgPrint("FltCloseSectionForDataScan failed %X", status);
160 | 
161 | 	// The user-mode application is responsible for closing SectionHandle.
162 | 	// The section cleanup routine will dereference SectionObject.
163 | 
164 | 	FltReleaseContext(SectionContext);
165 | #else
166 | 	ObDereferenceObject(SectionContext->SectionObject);
167 | 	ExFreePoolWithTag(SectionContext, HS_CTX_SECTION_TAG);
168 | 
169 | 	status = STATUS_SUCCESS;
170 | #endif
171 | 
172 | 	return status;
173 | }


--------------------------------------------------------------------------------
/HzrFilter/Context.h:
--------------------------------------------------------------------------------
 1 | /*
 2 | *  Copyright (C) 2015 Orbitech
 3 | *
 4 | *  Authors: xqrzd
 5 | *
 6 | *  This program is free software; you can redistribute it and/or modify
 7 | *  it under the terms of the GNU General Public License version 2 as
 8 | *  published by the Free Software Foundation.
 9 | *
10 | *  This program is distributed in the hope that it will be useful,
11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 | *  GNU General Public License for more details.
14 | *
15 | *  You should have received a copy of the GNU General Public License
16 | *  along with this program; if not, write to the Free Software
17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 | *  MA 02110-1301, USA.
19 | */
20 | 
21 | #ifndef HZRFILTER_CONTEXT_H
22 | #define HZRFILTER_CONTEXT_H
23 | 
24 | #include <fltKernel.h>
25 | 
26 | extern const FLT_CONTEXT_REGISTRATION ContextRegistration[];
27 | 
28 | typedef struct _HS_INSTANCE_CONTEXT {
29 | 	RTL_AVL_TABLE  CacheTable;
30 | 	EX_PUSH_LOCK CacheLock;
31 | 	BOOLEAN CacheSupported;
32 | } HS_INSTANCE_CONTEXT, *PHS_INSTANCE_CONTEXT;
33 | 
34 | #define HS_STREAM_FLAG_INFECTED 0x1
35 | #define HS_STREAM_FLAG_DELETE 0x2
36 | #define HS_STREAM_FLAG_MODIFIED 0x4
37 | #define HS_STREAM_FLAG_SCANNED 0x8
38 | 
39 | typedef struct _HS_STREAM_CONTEXT {
40 | 	ULONG Flags;
41 | 	EX_PUSH_LOCK ScanLock;
42 | } HS_STREAM_CONTEXT, *PHS_STREAM_CONTEXT;
43 | 
44 | typedef struct _HS_STREAMHANDLE_CONTEXT {
45 | 	BOOLEAN PrefetchOpen;
46 | } HS_STREAMHANDLE_CONTEXT, *PHS_STREAMHANDLE_CONTEXT;
47 | 
48 | typedef struct _HS_SECTION_CONTEXT {
49 | 	HANDLE SectionHandle;
50 | 	PVOID SectionObject;
51 | } HS_SECTION_CONTEXT, *PHS_SECTION_CONTEXT;
52 | 
53 | /// <summary>
54 | /// Returns TRUE if the given file is owned by the prefetcher.
55 | /// </summary>
56 | /// <param name="Instance">Opaque instance pointer for the caller.</param>
57 | /// <param name="FileObject">File object pointer for the file.</param>
58 | BOOLEAN HsIsPrefetchContextPresent(
59 | 	_In_ PFLT_INSTANCE Instance,
60 | 	_In_ PFILE_OBJECT FileObject
61 | 	);
62 | 
63 | /// <summary>
64 | /// Releases a section context. Note that this does
65 | /// not close the section handle.
66 | /// </summary>
67 | /// <param name="SectionContext">Pointer to the context.</param>
68 | NTSTATUS HsReleaseSectionContext(
69 | 	_In_ PHS_SECTION_CONTEXT SectionContext
70 | 	);
71 | 
72 | #endif


--------------------------------------------------------------------------------
/HzrFilter/HzrFilter.h:
--------------------------------------------------------------------------------
  1 | /*
  2 | *  Copyright (C) 2015 Orbitech
  3 | *
  4 | *  Authors: xqrzd
  5 | *
  6 | *  This program is free software; you can redistribute it and/or modify
  7 | *  it under the terms of the GNU General Public License version 2 as
  8 | *  published by the Free Software Foundation.
  9 | *
 10 | *  This program is distributed in the hope that it will be useful,
 11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 13 | *  GNU General Public License for more details.
 14 | *
 15 | *  You should have received a copy of the GNU General Public License
 16 | *  along with this program; if not, write to the Free Software
 17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 18 | *  MA 02110-1301, USA.
 19 | */
 20 | 
 21 | #ifndef HZRFILTER_H
 22 | #define HZRFILTER_H
 23 | 
 24 | // Warning C4201: nonstandard extension used : nameless struct/union
 25 | #pragma warning (disable: 4201)
 26 | 
 27 | #include <fltKernel.h>
 28 | #include "Context.h"
 29 | #include "Protect.h"
 30 | #include "Utility.h"
 31 | 
 32 | #define HS_MIN_FILE_SCAN_SIZE 64
 33 | #define HS_MAX_FILE_SCAN_SIZE 52428800 // 50 MB
 34 | 
 35 | #define HS_RESPONSE_FLAG_INFECTED 0x1
 36 | #define HS_RESPONSE_FLAG_DELETE 0x2
 37 | 
 38 | typedef struct _HS_FILTER_GLOBAL_DATA {
 39 | 	PFLT_FILTER Filter;
 40 | 
 41 | 	PFLT_PORT ServerPort;
 42 | 	PFLT_PORT ClientPort;
 43 | 	PEPROCESS ClientProcess;
 44 | 
 45 | 	LONGLONG NextScanContextId;
 46 | 	EX_PUSH_LOCK ScanContextListLock;
 47 | 	LIST_ENTRY ScanContextList;
 48 | 
 49 | 	BOOLEAN AllowUnload;
 50 | 	BOOLEAN RegisteredObCallback;
 51 | 	BOOLEAN RegisteredProcessCallback;
 52 | } HS_FILTER_GLOBAL_DATA, *PHS_FILTER_GLOBAL_DATA;
 53 | 
 54 | typedef struct _HS_SCAN_CONTEXT {
 55 | 	PFLT_INSTANCE Instance;
 56 | 	PFILE_OBJECT FileObject;
 57 | 	PHS_SECTION_CONTEXT SectionContext;
 58 | 	POBJECT_NAME_INFORMATION FileName;
 59 | 
 60 | 	LONGLONG ScanId;
 61 | 	LIST_ENTRY List;
 62 | } HS_SCAN_CONTEXT, *PHS_SCAN_CONTEXT;
 63 | 
 64 | typedef enum _HS_SCAN_REASON {
 65 | 	HsScanOnPeOpen
 66 | } HS_SCAN_REASON;
 67 | 
 68 | typedef struct _HS_SCANNER_NOTIFICATION {
 69 | 	HS_SCAN_REASON ScanReason;
 70 | 	USHORT FileNameLength;
 71 | 	LONGLONG ScanId;
 72 | } HS_SCANNER_NOTIFICATION, *PHS_SCANNER_NOTIFICATION;
 73 | 
 74 | typedef enum _HS_COMMAND {
 75 | 	HsCmdCreateSectionForDataScan,
 76 | 	HsCmdQueryFileName
 77 | } HS_COMMAND;
 78 | 
 79 | typedef struct _HS_SERVICE_COMMAND {
 80 | 	HS_COMMAND Command;
 81 | 
 82 | 	union
 83 | 	{
 84 | 		struct {
 85 | 			LONGLONG ScanId;
 86 | 		} CreateSectionForDataScan;
 87 | 
 88 | 		struct {
 89 | 			LONGLONG ScanId;
 90 | 		} QueryFileName;
 91 | 
 92 | 	};
 93 | } HS_SERVICE_COMMAND, *PHS_SERVICE_COMMAND;
 94 | 
 95 | extern HS_FILTER_GLOBAL_DATA GlobalData;
 96 | 
 97 | ULONG PsGetCurrentProcessSessionId(
 98 | 	);
 99 | 
100 | DRIVER_INITIALIZE DriverEntry;
101 | NTSTATUS DriverEntry(
102 | 	_In_ PDRIVER_OBJECT DriverObject,
103 | 	_In_ PUNICODE_STRING RegistryPath
104 | 	);
105 | 
106 | NTSTATUS HsFilterUnload(
107 | 	_In_ FLT_FILTER_UNLOAD_FLAGS Flags
108 | 	);
109 | 
110 | NTSTATUS HsInstanceSetup(
111 | 	_In_ PCFLT_RELATED_OBJECTS FltObjects,
112 | 	_In_ FLT_INSTANCE_SETUP_FLAGS Flags,
113 | 	_In_ DEVICE_TYPE VolumeDeviceType,
114 | 	_In_ FLT_FILESYSTEM_TYPE VolumeFilesystemType
115 | 	);
116 | 
117 | NTSTATUS HsInstanceQueryTeardown(
118 | 	_In_ PCFLT_RELATED_OBJECTS FltObjects,
119 | 	_In_ FLT_INSTANCE_QUERY_TEARDOWN_FLAGS Flags
120 | 	);
121 | 
122 | FLT_POSTOP_CALLBACK_STATUS HsPostCreate(
123 | 	_Inout_ PFLT_CALLBACK_DATA Data,
124 | 	_In_ PCFLT_RELATED_OBJECTS FltObjects,
125 | 	_In_opt_ PVOID CompletionContext,
126 | 	_In_ FLT_POST_OPERATION_FLAGS Flags
127 | 	);
128 | 
129 | FLT_PREOP_CALLBACK_STATUS HsPreWrite(
130 | 	_Inout_ PFLT_CALLBACK_DATA Data,
131 | 	_In_ PCFLT_RELATED_OBJECTS FltObjects,
132 | 	_Flt_CompletionContext_Outptr_ PVOID* CompletionContext
133 | 	);
134 | 
135 | FLT_PREOP_CALLBACK_STATUS HsPreSetInformation(
136 | 	_Inout_ PFLT_CALLBACK_DATA Data,
137 | 	_In_ PCFLT_RELATED_OBJECTS FltObjects,
138 | 	_Flt_CompletionContext_Outptr_ PVOID* CompletionContext
139 | 	);
140 | 
141 | FLT_PREOP_CALLBACK_STATUS HsPreFsControl(
142 | 	_Inout_ PFLT_CALLBACK_DATA Data,
143 | 	_In_ PCFLT_RELATED_OBJECTS FltObjects,
144 | 	_Flt_CompletionContext_Outptr_ PVOID* CompletionContext
145 | 	);
146 | 
147 | FLT_PREOP_CALLBACK_STATUS HsPreAcquireForSectionSynchronization(
148 | 	_Inout_ PFLT_CALLBACK_DATA Data,
149 | 	_In_ PCFLT_RELATED_OBJECTS FltObjects,
150 | 	_Flt_CompletionContext_Outptr_ PVOID* CompletionContext
151 | 	);
152 | 
153 | FLT_PREOP_CALLBACK_STATUS HsPreCleanup(
154 | 	_Inout_ PFLT_CALLBACK_DATA Data,
155 | 	_In_ PCFLT_RELATED_OBJECTS FltObjects,
156 | 	_Flt_CompletionContext_Outptr_ PVOID* CompletionContext
157 | 	);
158 | 
159 | NTSTATUS HsFilterScanFile(
160 | 	_In_ PFLT_INSTANCE Instance,
161 | 	_In_ PFILE_OBJECT FileObject,
162 | 	_In_ HS_SCAN_REASON ScanReason,
163 | 	_Out_ PUCHAR ResponseFlags
164 | 	);
165 | 
166 | NTSTATUS HsFilterScanStream(
167 | 	_In_ PFLT_INSTANCE Instance,
168 | 	_In_ PFILE_OBJECT FileObject,
169 | 	_In_ PHS_STREAM_CONTEXT StreamContext,
170 | 	_In_ HS_SCAN_REASON ScanReason,
171 | 	_Out_ PBOOLEAN Infected
172 | 	);
173 | 
174 | NTSTATUS HsDeleteFile(
175 | 	_In_ PFLT_INSTANCE Instance,
176 | 	_In_ PFILE_OBJECT FileObject
177 | 	);
178 | 
179 | NTSTATUS HsSetStreamContextFlags(
180 | 	_In_ PFLT_INSTANCE Instance,
181 | 	_In_ PFILE_OBJECT FileObject,
182 | 	_In_ LONG FlagsToSet
183 | 	);
184 | 
185 | NTSTATUS HsGetFileCacheStatus(
186 | 	_In_ PFLT_INSTANCE Instance,
187 | 	_In_ PFILE_OBJECT FileObject,
188 | 	_Out_ PBOOLEAN Infected
189 | 	);
190 | 
191 | NTSTATUS HsSyncCache(
192 | 	_In_ PFLT_INSTANCE Instance,
193 | 	_In_ PFILE_OBJECT FileObject,
194 | 	_In_ PHS_STREAM_CONTEXT StreamContext
195 | 	);
196 | 
197 | VOID HsCreateProcessNotifyEx(
198 | 	_Inout_ PEPROCESS Process,
199 | 	_In_ HANDLE ProcessId,
200 | 	_Inout_opt_ PPS_CREATE_NOTIFY_INFO CreateInfo
201 | 	);
202 | 
203 | // Communication
204 | 
205 | NTSTATUS HsFilterCreateCommunicationPort(
206 | 	);
207 | 
208 | #endif


--------------------------------------------------------------------------------
/HzrFilter/HzrFilter.inf:
--------------------------------------------------------------------------------
 1 | ;;;
 2 | ;;; HzrFilter
 3 | ;;;
 4 | 
 5 | [Version]
 6 | Signature   = "$Windows NT$"
 7 | Class = "Anti-Virus"
 8 | ClassGuid = {b1d1a169-c54f-4379-81db-be17d88d7454}
 9 | Provider    = %ManufacturerName%
10 | DriverVer   = 
11 | CatalogFile = HzrFilter.cat
12 | 
13 | [DestinationDirs]
14 | DefaultDestDir          = 12
15 | MiniFilter.DriverFiles  = 12            ;%windir%\system32\drivers
16 | 
17 | ;;
18 | ;; Default install sections
19 | ;;
20 | 
21 | [DefaultInstall]
22 | OptionDesc          = %ServiceDescription%
23 | CopyFiles           = MiniFilter.DriverFiles
24 | 
25 | [DefaultInstall.Services]
26 | AddService          = %ServiceName%,,MiniFilter.Service
27 | 
28 | ;;
29 | ;; Default uninstall sections
30 | ;;
31 | 
32 | [DefaultUninstall]
33 | DelFiles   = MiniFilter.DriverFiles
34 | 
35 | [DefaultUninstall.Services]
36 | DelService = %ServiceName%,0x200      ;Ensure service is stopped before deleting
37 | 
38 | ;
39 | ; Services Section
40 | ;
41 | 
42 | [MiniFilter.Service]
43 | DisplayName      = %ServiceName%
44 | Description      = %ServiceDescription%
45 | ServiceBinary    = %12%\%DriverName%.sys        ;%windir%\system32\drivers\
46 | Dependencies     = "FltMgr"
47 | ServiceType      = 2                            ;SERVICE_FILE_SYSTEM_DRIVER
48 | StartType        = 3                            ;SERVICE_DEMAND_START
49 | ErrorControl     = 1                            ;SERVICE_ERROR_NORMAL
50 | LoadOrderGroup = "FSFilter Anti-Virus"
51 | AddReg           = MiniFilter.AddRegistry
52 | 
53 | ;
54 | ; Registry Modifications
55 | ;
56 | 
57 | [MiniFilter.AddRegistry]
58 | HKR,,"DebugFlags",0x00010001 ,0x0
59 | HKR,,"SupportedFeatures",0x00010001,0x3
60 | HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
61 | HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
62 | HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
63 | 
64 | ;
65 | ; Copy Files
66 | ;
67 | 
68 | [MiniFilter.DriverFiles]
69 | %DriverName%.sys
70 | 
71 | [SourceDisksFiles]
72 | HzrFilter.sys = 1,,
73 | 
74 | [SourceDisksNames]
75 | 1 = %DiskId1%,,,
76 | 
77 | ;;
78 | ;; String Section
79 | ;;
80 | 
81 | [Strings]
82 | ManufacturerName        = "Orbitech"
83 | ServiceDescription      = "HzrFilter Mini-Filter Driver"
84 | ServiceName             = "HzrFilter"
85 | DriverName              = "HzrFilter"
86 | DiskId1                 = "HzrFilter Device Installation Disk"
87 | 
88 | ;Instances specific information.
89 | DefaultInstance         = "HzrFilter Instance"
90 | Instance1.Name          = "HzrFilter Instance"
91 | Instance1.Altitude       = "320400.3"
92 | Instance1.Flags         = 0x0              ; Allow all attachments
93 | 


--------------------------------------------------------------------------------
/HzrFilter/HzrFilter.rc:
--------------------------------------------------------------------------------
 1 | // Microsoft Visual C++ generated resource script.
 2 | //
 3 | #include "resource.h"
 4 | /////////////////////////////////////////////////////////////////////////////
 5 | // English (United States) resources
 6 | 
 7 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
 8 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
 9 | #pragma code_page(1252)
10 | 
11 | /////////////////////////////////////////////////////////////////////////////
12 | //
13 | // Version
14 | //
15 | 
16 | VS_VERSION_INFO VERSIONINFO
17 |  FILEVERSION 3,0,0,29
18 |  PRODUCTVERSION 3,0,0,29
19 |  FILEFLAGSMASK 0x3fL
20 | #ifdef _DEBUG
21 |  FILEFLAGS 0x9L
22 | #else
23 |  FILEFLAGS 0x8L
24 | #endif
25 |  FILEOS 0x40004L
26 |  FILETYPE 0x3L
27 |  FILESUBTYPE 0x7L
28 | BEGIN
29 |     BLOCK "StringFileInfo"
30 |     BEGIN
31 |         BLOCK "040904b0"
32 |         BEGIN
33 |             VALUE "CompanyName", "Orbitech"
34 |             VALUE "FileDescription", "Hazard Shield Filter Driver"
35 |             VALUE "FileVersion", "3.0.0.29"
36 |             VALUE "InternalName", "HzrFilter"
37 |             VALUE "LegalCopyright", "Copyright (C) Orbitech 2015"
38 |             VALUE "LegalTrademarks", "License: GNU GPL, Version 2"
39 |             VALUE "OriginalFilename", "HzrFilter.sys"
40 |             VALUE "ProductName", "Hazard Shield"
41 |             VALUE "ProductVersion", "3.0.0.29"
42 |         END
43 |     END
44 |     BLOCK "VarFileInfo"
45 |     BEGIN
46 |         VALUE "Translation", 0x409, 1200
47 |     END
48 | END
49 | 
50 | 
51 | #ifdef APSTUDIO_INVOKED
52 | /////////////////////////////////////////////////////////////////////////////
53 | //
54 | // TEXTINCLUDE
55 | //
56 | 
57 | 1 TEXTINCLUDE 
58 | BEGIN
59 |     "resource.h\0"
60 | END
61 | 
62 | 2 TEXTINCLUDE 
63 | BEGIN
64 |     "\0"
65 | END
66 | 
67 | 3 TEXTINCLUDE 
68 | BEGIN
69 |     "\r\n"
70 |     "\0"
71 | END
72 | 
73 | #endif    // APSTUDIO_INVOKED
74 | 
75 | #endif    // English (United States) resources
76 | /////////////////////////////////////////////////////////////////////////////
77 | 
78 | 
79 | 
80 | #ifndef APSTUDIO_INVOKED
81 | /////////////////////////////////////////////////////////////////////////////
82 | //
83 | // Generated from the TEXTINCLUDE 3 resource.
84 | //
85 | 
86 | 
87 | /////////////////////////////////////////////////////////////////////////////
88 | #endif    // not APSTUDIO_INVOKED
89 | 
90 | 


--------------------------------------------------------------------------------
/HzrFilter/HzrFilter.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 2013
 4 | VisualStudioVersion = 12.0.31101.0
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HzrFilter", "HzrFilter.vcxproj", "{11B70C42-C782-483B-BD5E-313F24926054}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Win7 Debug|Win32 = Win7 Debug|Win32
11 | 		Win7 Debug|x64 = Win7 Debug|x64
12 | 		Win7 Release|Win32 = Win7 Release|Win32
13 | 		Win7 Release|x64 = Win7 Release|x64
14 | 		Win8 Debug|Win32 = Win8 Debug|Win32
15 | 		Win8 Debug|x64 = Win8 Debug|x64
16 | 		Win8 Release|Win32 = Win8 Release|Win32
17 | 		Win8 Release|x64 = Win8 Release|x64
18 | 		Win8.1 Debug|Win32 = Win8.1 Debug|Win32
19 | 		Win8.1 Debug|x64 = Win8.1 Debug|x64
20 | 		Win8.1 Release|Win32 = Win8.1 Release|Win32
21 | 		Win8.1 Release|x64 = Win8.1 Release|x64
22 | 	EndGlobalSection
23 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
24 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win7 Debug|Win32.ActiveCfg = Win7 Debug|Win32
25 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win7 Debug|Win32.Build.0 = Win7 Debug|Win32
26 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win7 Debug|Win32.Deploy.0 = Win7 Debug|Win32
27 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win7 Debug|x64.ActiveCfg = Win7 Debug|x64
28 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win7 Debug|x64.Build.0 = Win7 Debug|x64
29 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win7 Debug|x64.Deploy.0 = Win7 Debug|x64
30 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win7 Release|Win32.ActiveCfg = Win7 Release|Win32
31 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win7 Release|Win32.Build.0 = Win7 Release|Win32
32 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win7 Release|Win32.Deploy.0 = Win7 Release|Win32
33 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win7 Release|x64.ActiveCfg = Win7 Release|x64
34 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win7 Release|x64.Build.0 = Win7 Release|x64
35 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win7 Release|x64.Deploy.0 = Win7 Release|x64
36 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8 Debug|Win32.ActiveCfg = Win8 Debug|Win32
37 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8 Debug|Win32.Build.0 = Win8 Debug|Win32
38 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8 Debug|Win32.Deploy.0 = Win8 Debug|Win32
39 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8 Debug|x64.ActiveCfg = Win8 Debug|x64
40 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8 Debug|x64.Build.0 = Win8 Debug|x64
41 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8 Debug|x64.Deploy.0 = Win8 Debug|x64
42 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8 Release|Win32.ActiveCfg = Win8 Release|Win32
43 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8 Release|Win32.Build.0 = Win8 Release|Win32
44 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8 Release|Win32.Deploy.0 = Win8 Release|Win32
45 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8 Release|x64.ActiveCfg = Win8 Release|x64
46 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8 Release|x64.Build.0 = Win8 Release|x64
47 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8 Release|x64.Deploy.0 = Win8 Release|x64
48 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8.1 Debug|Win32.ActiveCfg = Win8.1 Debug|Win32
49 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8.1 Debug|Win32.Build.0 = Win8.1 Debug|Win32
50 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8.1 Debug|Win32.Deploy.0 = Win8.1 Debug|Win32
51 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8.1 Debug|x64.ActiveCfg = Win8.1 Debug|x64
52 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8.1 Debug|x64.Build.0 = Win8.1 Debug|x64
53 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8.1 Debug|x64.Deploy.0 = Win8.1 Debug|x64
54 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8.1 Release|Win32.ActiveCfg = Win8.1 Release|Win32
55 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8.1 Release|Win32.Build.0 = Win8.1 Release|Win32
56 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8.1 Release|Win32.Deploy.0 = Win8.1 Release|Win32
57 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8.1 Release|x64.ActiveCfg = Win8.1 Release|x64
58 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8.1 Release|x64.Build.0 = Win8.1 Release|x64
59 | 		{11B70C42-C782-483B-BD5E-313F24926054}.Win8.1 Release|x64.Deploy.0 = Win8.1 Release|x64
60 | 	EndGlobalSection
61 | 	GlobalSection(SolutionProperties) = preSolution
62 | 		HideSolutionNode = FALSE
63 | 	EndGlobalSection
64 | EndGlobal
65 | 


--------------------------------------------------------------------------------
/HzrFilter/HzrFilter.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |     <Filter Include="Driver Files">
17 |       <UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
18 |       <Extensions>inf;inv;inx;mof;mc;</Extensions>
19 |     </Filter>
20 |   </ItemGroup>
21 |   <ItemGroup>
22 |     <Inf Include="HzrFilter.inf">
23 |       <Filter>Driver Files</Filter>
24 |     </Inf>
25 |   </ItemGroup>
26 |   <ItemGroup>
27 |     <ClCompile Include="HzrFilter.c">
28 |       <Filter>Source Files</Filter>
29 |     </ClCompile>
30 |     <ClCompile Include="Context.c">
31 |       <Filter>Source Files</Filter>
32 |     </ClCompile>
33 |     <ClCompile Include="Utility.c">
34 |       <Filter>Source Files</Filter>
35 |     </ClCompile>
36 |     <ClCompile Include="Protect.c">
37 |       <Filter>Source Files</Filter>
38 |     </ClCompile>
39 |     <ClCompile Include="Communication.c">
40 |       <Filter>Source Files</Filter>
41 |     </ClCompile>
42 |   </ItemGroup>
43 |   <ItemGroup>
44 |     <ResourceCompile Include="HzrFilter.rc">
45 |       <Filter>Resource Files</Filter>
46 |     </ResourceCompile>
47 |   </ItemGroup>
48 |   <ItemGroup>
49 |     <ClInclude Include="resource.h">
50 |       <Filter>Header Files</Filter>
51 |     </ClInclude>
52 |     <ClInclude Include="Context.h">
53 |       <Filter>Header Files</Filter>
54 |     </ClInclude>
55 |     <ClInclude Include="HzrFilter.h">
56 |       <Filter>Header Files</Filter>
57 |     </ClInclude>
58 |     <ClInclude Include="Utility.h">
59 |       <Filter>Header Files</Filter>
60 |     </ClInclude>
61 |     <ClInclude Include="Protect.h">
62 |       <Filter>Header Files</Filter>
63 |     </ClInclude>
64 |   </ItemGroup>
65 | </Project>


--------------------------------------------------------------------------------
/HzrFilter/Protect.h:
--------------------------------------------------------------------------------
 1 | /*
 2 | *  Copyright (C) 2015 Orbitech
 3 | *
 4 | *  Authors: xqrzd
 5 | *
 6 | *  This program is free software; you can redistribute it and/or modify
 7 | *  it under the terms of the GNU General Public License version 2 as
 8 | *  published by the Free Software Foundation.
 9 | *
10 | *  This program is distributed in the hope that it will be useful,
11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 | *  GNU General Public License for more details.
14 | *
15 | *  You should have received a copy of the GNU General Public License
16 | *  along with this program; if not, write to the Free Software
17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 | *  MA 02110-1301, USA.
19 | */
20 | 
21 | #ifndef HZRFILTER_PROTECT_H
22 | #define HZRFILTER_PROTECT_H
23 | 
24 | #include <fltKernel.h>
25 | 
26 | /// <summary>
27 | /// Starts filtering process and thread access rights.
28 | /// </summary>
29 | NTSTATUS HsRegisterProtector(
30 | 	);
31 | 
32 | /// <summary>
33 | /// Stops process and thread access rights filtering.
34 | /// </summary>
35 | VOID HsUnRegisterProtector(
36 | 	);
37 | 
38 | /// <summary>
39 | /// Marks a process as protected. When this process or its threads are opened, the
40 | /// given access rights will be stripped. Call HsUnProtectProcess when the process
41 | /// no longer needs protection, or when it exits.
42 | /// </summary>
43 | /// <param name="Process">Pointer to the process object to protect.</param>
44 | /// <param name="ProcessAccessBitsToClear">Process access rights to clear.</param>
45 | /// <param name="ThreadAccessBitsToClear">Thread access rights to clear.</param>
46 | VOID HsProtectProcess(
47 | 	_In_ PEPROCESS Process,
48 | 	_In_ ACCESS_MASK ProcessAccessBitsToClear,
49 | 	_In_ ACCESS_MASK ThreadAccessBitsToClear
50 | 	);
51 | 
52 | /// <summary>
53 | /// Removes a process from the list of protected processes.
54 | /// </summary>
55 | /// <param name="Process">Pointer to the process object to unprotect.</param>
56 | VOID HsUnProtectProcess(
57 | 	_In_ PEPROCESS Process
58 | 	);
59 | 
60 | /// <summary>
61 | /// Returns TRUE if the given process is protected, otherwise FALSE.
62 | /// </summary>
63 | /// <param name="Process">Pointer to a process object.</param>
64 | /// <param name="ProcessAccessBitsToClear">Process access rights to clear.</param>
65 | /// <param name="ThreadAccessBitsToClear">Thread access rights to clear.</param>
66 | BOOLEAN HsIsProcessProtected(
67 | 	_In_ PEPROCESS Process,
68 | 	_Out_ PACCESS_MASK ProcessAccessBitsToClear,
69 | 	_Out_ PACCESS_MASK ThreadAccessBitsToClear
70 | 	);
71 | 
72 | #endif


--------------------------------------------------------------------------------
/HzrFilter/Utility.c:
--------------------------------------------------------------------------------
  1 | /*
  2 | *  Copyright (C) 2015 Orbitech
  3 | *
  4 | *  Authors: xqrzd
  5 | *
  6 | *  This program is free software; you can redistribute it and/or modify
  7 | *  it under the terms of the GNU General Public License version 2 as
  8 | *  published by the Free Software Foundation.
  9 | *
 10 | *  This program is distributed in the hope that it will be useful,
 11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 13 | *  GNU General Public License for more details.
 14 | *
 15 | *  You should have received a copy of the GNU General Public License
 16 | *  along with this program; if not, write to the Free Software
 17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 18 | *  MA 02110-1301, USA.
 19 | */
 20 | 
 21 | #include <initguid.h>
 22 | #include "Utility.h"
 23 | 
 24 | #define HS_AVL_ENTRY_TAG 'vAzH'
 25 | 
 26 | /// <summary>
 27 | /// Gets an 8-byte file reference number for the file. This number
 28 | /// is assigned by the file system and is file-system-specific.
 29 | /// https://msdn.microsoft.com/en-us/library/windows/hardware/ff540318.aspx
 30 | /// </summary>
 31 | /// <param name="Instance">Opaque instance pointer for the caller.</param>
 32 | /// <param name="FileObject">File object pointer for the file.</param>
 33 | /// <param name="FileId">An 8-byte file reference number for the file.</param>
 34 | NTSTATUS HsGetFileId64(
 35 | 	_In_ PFLT_INSTANCE Instance,
 36 | 	_In_ PFILE_OBJECT FileObject,
 37 | 	_Out_ PFILE_INTERNAL_INFORMATION FileId)
 38 | {
 39 | 	return FltQueryInformationFile(
 40 | 		Instance,
 41 | 		FileObject,
 42 | 		FileId,
 43 | 		sizeof(FILE_INTERNAL_INFORMATION),
 44 | 		FileInternalInformation,
 45 | 		NULL);
 46 | }
 47 | 
 48 | /// <summary>
 49 | /// Gets the size of a file in bytes.
 50 | /// </summary>
 51 | /// <param name="Instance">Opaque instance pointer for the caller.</param>
 52 | /// <param name="FileObject">File object pointer for the file.</param>
 53 | /// <param name="FileSize">The size of the file in bytes.</param>
 54 | NTSTATUS HsGetFileSize(
 55 | 	_In_ PFLT_INSTANCE Instance,
 56 | 	_In_ PFILE_OBJECT FileObject,
 57 | 	_Out_ PLONGLONG FileSize)
 58 | {
 59 | 	NTSTATUS status;
 60 | 	FILE_STANDARD_INFORMATION standardInfo;
 61 | 
 62 | 	status = FltQueryInformationFile(
 63 | 		Instance,
 64 | 		FileObject,
 65 | 		&standardInfo,
 66 | 		sizeof(FILE_STANDARD_INFORMATION),
 67 | 		FileStandardInformation,
 68 | 		NULL);
 69 | 
 70 | 	if (NT_SUCCESS(status))
 71 | 		*FileSize = standardInfo.EndOfFile.QuadPart;
 72 | 
 73 | 	return status;
 74 | }
 75 | 
 76 | /// <summary>
 77 | /// Returns TRUE if the prefetcher performed the open request.
 78 | /// https://msdn.microsoft.com/en-us/library/windows/hardware/ff551843.aspx
 79 | /// </summary>
 80 | /// <param name="Filter">An opaque filter pointer to the minifilter driver.</param>
 81 | /// <param name="Data">
 82 | /// A pointer to a callback-data object of type FLT_CALLBACK_DATA,
 83 | /// which represents the create operation.
 84 | /// </param>
 85 | BOOLEAN HsIsPrefetchEcpPresent(
 86 | 	_In_ PFLT_FILTER Filter,
 87 | 	_In_ PFLT_CALLBACK_DATA Data)
 88 | {
 89 | 	NTSTATUS status;
 90 | 	PECP_LIST ecpList;
 91 | 	PVOID ecpContext;
 92 | 
 93 | 	status = FltGetEcpListFromCallbackData(Filter, Data, &ecpList);
 94 | 
 95 | 	if (NT_SUCCESS(status) && (ecpList != NULL))
 96 | 	{
 97 | 		status = FltFindExtraCreateParameter(
 98 | 			Filter,
 99 | 			ecpList,
100 | 			&GUID_ECP_PREFETCH_OPEN,
101 | 			&ecpContext,
102 | 			NULL);
103 | 
104 | 		if (NT_SUCCESS(status))
105 | 		{
106 | 			if (!FltIsEcpFromUserMode(Filter, ecpContext))
107 | 				return TRUE;
108 | 		}
109 | 	}
110 | 
111 | 	return FALSE;
112 | }
113 | 
114 | PVOID HsAvlAllocate(
115 | 	_In_ PRTL_AVL_TABLE Table,
116 | 	_In_ CLONG ByteSize)
117 | {
118 | 	UNREFERENCED_PARAMETER(Table);
119 | 
120 | 	return ExAllocatePoolWithTag(PagedPool, ByteSize, HS_AVL_ENTRY_TAG);
121 | }
122 | 
123 | VOID HsAvlFree(
124 | 	_In_ PRTL_AVL_TABLE Table,
125 | 	_In_ __drv_freesMem(Mem) _Post_invalid_ PVOID Buffer)
126 | {
127 | 	UNREFERENCED_PARAMETER(Table);
128 | 
129 | 	ExFreePoolWithTag(Buffer, HS_AVL_ENTRY_TAG);
130 | }
131 | 
132 | RTL_GENERIC_COMPARE_RESULTS HsAvlCompareNtfsEntry(
133 | 	_In_ PRTL_AVL_TABLE Table,
134 | 	_In_ PVOID Lhs,
135 | 	_In_ PVOID Rhs)
136 | {
137 | 	PHS_NTFS_CACHE_ENTRY lhs = Lhs;
138 | 	PHS_NTFS_CACHE_ENTRY rhs = Rhs;
139 | 
140 | 	UNREFERENCED_PARAMETER(Table);
141 | 
142 | 	if (lhs->FileId.IndexNumber.QuadPart < rhs->FileId.IndexNumber.QuadPart)
143 | 		return GenericLessThan;
144 | 	else if (lhs->FileId.IndexNumber.QuadPart > rhs->FileId.IndexNumber.QuadPart)
145 | 		return GenericGreaterThan;
146 | 	else
147 | 		return GenericEqual;
148 | }
149 | 
150 | /// <summary>
151 | /// Deletes all elements in the given AVL tree.
152 | /// </summary>
153 | /// <param name="Table">The table to clear.</param>
154 | VOID HsAvlDeleteAllElements(
155 | 	_In_ PRTL_AVL_TABLE Table)
156 | {
157 | 	PVOID entry;
158 | 
159 | 	while (!RtlIsGenericTableEmptyAvl(Table))
160 | 	{
161 | 		entry = RtlGetElementGenericTableAvl(Table, 0);
162 | 		RtlDeleteElementGenericTableAvl(Table, entry);
163 | 	}
164 | }


--------------------------------------------------------------------------------
/HzrFilter/Utility.h:
--------------------------------------------------------------------------------
 1 | /*
 2 | *  Copyright (C) 2015 Orbitech
 3 | *
 4 | *  Authors: xqrzd
 5 | *
 6 | *  This program is free software; you can redistribute it and/or modify
 7 | *  it under the terms of the GNU General Public License version 2 as
 8 | *  published by the Free Software Foundation.
 9 | *
10 | *  This program is distributed in the hope that it will be useful,
11 | *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 | *  GNU General Public License for more details.
14 | *
15 | *  You should have received a copy of the GNU General Public License
16 | *  along with this program; if not, write to the Free Software
17 | *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 | *  MA 02110-1301, USA.
19 | */
20 | 
21 | #ifndef HZRFILTER_UTILITY_H
22 | #define HZRFILTER_UTILITY_H
23 | 
24 | #include <fltKernel.h>
25 | 
26 | #define LIST_FOR_EACH_SAFE(Current, Next, Head) for (Current = (Head)->Flink, Next = Current->Flink; Current != (Head); Current = Next, Next = Current->Flink)
27 | 
28 | typedef struct _HS_NTFS_CACHE_ENTRY {
29 | 	FILE_INTERNAL_INFORMATION FileId;
30 | 	BOOLEAN Infected;
31 | } HS_NTFS_CACHE_ENTRY, *PHS_NTFS_CACHE_ENTRY;
32 | 
33 | /// <summary>
34 | /// Gets an 8-byte file reference number for the file. This number
35 | /// is assigned by the file system and is file-system-specific.
36 | /// https://msdn.microsoft.com/en-us/library/windows/hardware/ff540318.aspx
37 | /// </summary>
38 | /// <param name="Instance">Opaque instance pointer for the caller.</param>
39 | /// <param name="FileObject">File object pointer for the file.</param>
40 | /// <param name="FileId">An 8-byte file reference number for the file.</param>
41 | NTSTATUS HsGetFileId64(
42 | 	_In_ PFLT_INSTANCE Instance,
43 | 	_In_ PFILE_OBJECT FileObject,
44 | 	_Out_ PFILE_INTERNAL_INFORMATION FileId
45 | 	);
46 | 
47 | /// <summary>
48 | /// Gets the size of a file in bytes.
49 | /// </summary>
50 | /// <param name="Instance">Opaque instance pointer for the caller.</param>
51 | /// <param name="FileObject">File object pointer for the file.</param>
52 | /// <param name="FileSize">The size of the file in bytes.</param>
53 | NTSTATUS HsGetFileSize(
54 | 	_In_ PFLT_INSTANCE Instance,
55 | 	_In_ PFILE_OBJECT FileObject,
56 | 	_Out_ PLONGLONG FileSize
57 | 	);
58 | 
59 | /// <summary>
60 | /// Returns TRUE if the prefetcher performed the open request.
61 | /// https://msdn.microsoft.com/en-us/library/windows/hardware/ff551843.aspx
62 | /// </summary>
63 | /// <param name="Filter">An opaque filter pointer to the minifilter driver.</param>
64 | /// <param name="Data">
65 | /// A pointer to a callback-data object of type FLT_CALLBACK_DATA,
66 | /// which represents the create operation.
67 | /// </param>
68 | BOOLEAN HsIsPrefetchEcpPresent(
69 | 	_In_ PFLT_FILTER Filter,
70 | 	_In_ PFLT_CALLBACK_DATA Data
71 | 	);
72 | 
73 | PVOID HsAvlAllocate(
74 | 	_In_ PRTL_AVL_TABLE Table,
75 | 	_In_ CLONG ByteSize
76 | 	);
77 | 
78 | VOID HsAvlFree(
79 | 	_In_ PRTL_AVL_TABLE Table,
80 | 	_In_ __drv_freesMem(Mem) _Post_invalid_ PVOID Buffer
81 | 	);
82 | 
83 | RTL_GENERIC_COMPARE_RESULTS HsAvlCompareNtfsEntry(
84 | 	_In_ PRTL_AVL_TABLE Table,
85 | 	_In_ PVOID Lhs,
86 | 	_In_ PVOID Rhs
87 | 	);
88 | 
89 | /// <summary>
90 | /// Deletes all elements in the given AVL tree.
91 | /// </summary>
92 | /// <param name="Table">The table to clear.</param>
93 | VOID HsAvlDeleteAllElements(
94 | 	_In_ PRTL_AVL_TABLE Table
95 | 	);
96 | 
97 | #endif


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | Hazard Shield
2 | ============
3 | 


--------------------------------------------------------------------------------