Rooba
/
WinObjEx64
mirror of https://github.com/hfiref0x/WinObjEx64.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

1.5.2 

Fix for running with Wine Staging
This commit is contained in:
hfiref0x 2018-02-12 17:12:05 +07:00
parent 58332ada88
commit 433574f444
8 changed files with 266 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Compiled/WinObjEx64.exe
View File

Binary file not shown.

BIN
Source/WinObjEx64/Resource.rc
View File

Binary file not shown.

9
Source/WinObjEx64/main.c
View File

@ -6,7 +6,7 @@
*
* VERSION: 1.52
*
* DATE: 08 Jan 2018
* DATE: 10 Feb 2018
*
* Program entry point and main window handler.
*
@ -872,11 +872,14 @@ void WinObjExMain()
if (IsWine != FALSE) {
IsFullAdmin = FALSE;
}
supInit(IsFullAdmin);
supInit(IsFullAdmin, IsWine);
// do not move anywhere
g_kdctx.IsFullAdmin = IsFullAdmin;
// g_kdctx variable initialized BEFORE this.
// if you move these lines anywhere above they will be zeroed during kdInit
g_kdctx.IsWine = IsWine;
g_kdctx.IsFullAdmin = IsFullAdmin;
#ifdef _DEBUG
TestStart();

214
Source/WinObjEx64/ntos/ntos.h
View File

@ -4,9 +4,9 @@
*
* TITLE: NTOS.H
*
* VERSION: 1.81
* VERSION: 1.83
*
* DATE: 08 Jan 2018
* DATE: 16 Jan 2018
*
* Common header file for the ntos API functions and definitions.
*
@ -23,7 +23,8 @@
#pragma warning(disable: 4214) // nonstandard extension used : bit field types other than int
#ifndef IN_REGION
#define IN_REGION(x, Base, Size) (((ULONG_PTR)x >= (ULONG_PTR)Base) && ((ULONG_PTR)x <= (ULONG_PTR)Base + (ULONG_PTR)Size))
#define IN_REGION(x, Base, Size) (((ULONG_PTR)(x) >= (ULONG_PTR)(Base)) && \
((ULONG_PTR)(x) <= (ULONG_PTR)(Base) + (ULONG_PTR)(Size)))
#endif
#ifndef ALIGN_DOWN
@ -71,7 +72,6 @@ typedef SIZE_T SYSINF_PAGE_COUNT;
#define OBJ_FORCE_ACCESS_CHECK 0x00000400L
#define OBJ_VALID_ATTRIBUTES 0x000007F2L
//
// Callback Object Rights
//
@ -219,7 +219,6 @@ typedef SIZE_T SYSINF_PAGE_COUNT;
MEMORY_PARTITION_QUERY_ACCESS | \
MEMORY_PARTITION_MODIFY_ACCESS)
//
// NtCreateProcessEx specific flags.
//
@ -235,14 +234,12 @@ typedef SIZE_T SYSINF_PAGE_COUNT;
//
// Define special ByteOffset parameters for read and write operations
//
#define FILE_WRITE_TO_END_OF_FILE 0xffffffff
#define FILE_USE_FILE_POINTER_POSITION 0xfffffffe
//
// This is the maximum MaximumLength for a UNICODE_STRING.
//
#define MAXUSHORT 0xffff
#define MAX_USTRING ( sizeof(WCHAR) * (MAXUSHORT/sizeof(WCHAR)) )
@ -2313,11 +2310,11 @@ typedef struct _SYSTEM_HANDLE_INFORMATION_EX {
// InfoMask values
//
#define OB_INFOMASK_PROCESS_INFO 0x10
#define OB_INFOMASK_QUOTA 0x08
#define OB_INFOMASK_HANDLE 0x04
#define OB_INFOMASK_NAME 0x02
#define OB_INFOMASK_CREATOR_INFO 0x01
#define OB_INFOMASK_PROCESS_INFO 0x10
#define OB_INFOMASK_QUOTA 0x08
#define OB_INFOMASK_HANDLE 0x04
#define OB_INFOMASK_NAME 0x02
#define OB_INFOMASK_CREATOR_INFO 0x01
typedef struct _OBJECT_DIRECTORY_ENTRY {
PVOID ChainLink;
@ -3328,7 +3325,41 @@ typedef struct _LDR_DATA_TABLE_ENTRY_COMPATIBLE {
ULONG SizeOfImage;
UNICODE_STRING FullDllName;
UNICODE_STRING BaseDllName;
ULONG Flags;
union
{
ULONG Flags;
struct
{
ULONG PackagedBinary : 1; // Size=4 Offset=104 BitOffset=0 BitCount=1
ULONG MarkedForRemoval : 1; // Size=4 Offset=104 BitOffset=1 BitCount=1
ULONG ImageDll : 1; // Size=4 Offset=104 BitOffset=2 BitCount=1
ULONG LoadNotificationsSent : 1; // Size=4 Offset=104 BitOffset=3 BitCount=1
ULONG TelemetryEntryProcessed : 1; // Size=4 Offset=104 BitOffset=4 BitCount=1
ULONG ProcessStaticImport : 1; // Size=4 Offset=104 BitOffset=5 BitCount=1
ULONG InLegacyLists : 1; // Size=4 Offset=104 BitOffset=6 BitCount=1
ULONG InIndexes : 1; // Size=4 Offset=104 BitOffset=7 BitCount=1
ULONG ShimDll : 1; // Size=4 Offset=104 BitOffset=8 BitCount=1
ULONG InExceptionTable : 1; // Size=4 Offset=104 BitOffset=9 BitCount=1
ULONG ReservedFlags1 : 2; // Size=4 Offset=104 BitOffset=10 BitCount=2
ULONG LoadInProgress : 1; // Size=4 Offset=104 BitOffset=12 BitCount=1
ULONG LoadConfigProcessed : 1; // Size=4 Offset=104 BitOffset=13 BitCount=1
ULONG EntryProcessed : 1; // Size=4 Offset=104 BitOffset=14 BitCount=1
ULONG ProtectDelayLoad : 1; // Size=4 Offset=104 BitOffset=15 BitCount=1
ULONG ReservedFlags3 : 2; // Size=4 Offset=104 BitOffset=16 BitCount=2
ULONG DontCallForThreads : 1; // Size=4 Offset=104 BitOffset=18 BitCount=1
ULONG ProcessAttachCalled : 1; // Size=4 Offset=104 BitOffset=19 BitCount=1
ULONG ProcessAttachFailed : 1; // Size=4 Offset=104 BitOffset=20 BitCount=1
ULONG CorDeferredValidate : 1; // Size=4 Offset=104 BitOffset=21 BitCount=1
ULONG CorImage : 1; // Size=4 Offset=104 BitOffset=22 BitCount=1
ULONG DontRelocate : 1; // Size=4 Offset=104 BitOffset=23 BitCount=1
ULONG CorILOnly : 1; // Size=4 Offset=104 BitOffset=24 BitCount=1
ULONG ChpeImage : 1; // Size=4 Offset=104 BitOffset=25 BitCount=1
ULONG ReservedFlags5 : 2; // Size=4 Offset=104 BitOffset=26 BitCount=2
ULONG Redirected : 1; // Size=4 Offset=104 BitOffset=28 BitCount=1
ULONG ReservedFlags6 : 2; // Size=4 Offset=104 BitOffset=29 BitCount=2
ULONG CompatDatabaseProcessed : 1; // Size=4 Offset=104 BitOffset=31 BitCount=1
};
} ENTRYFLAGSUNION;
WORD ObsoleteLoadCount;
WORD TlsIndex;
union
@ -3670,7 +3701,9 @@ typedef struct _PEB32 {
ULONG ProcessUsingVEH : 1;
ULONG ProcessUsingVCH : 1;
ULONG ProcessUsingFTH : 1;
ULONG ReservedBits0 : 27;
ULONG ProcessPreviouslyThrottled : 1;
ULONG ProcessCurrentlyThrottled : 1;
ULONG ReservedBits0 : 25;
};
ULONG EnvironmentUpdateCount;
};
@ -3960,7 +3993,9 @@ typedef struct _PEB {
ULONG ProcessUsingVEH : 1;
ULONG ProcessUsingVCH : 1;
ULONG ProcessUsingFTH : 1;
ULONG ReservedBits0 : 27;
ULONG ProcessPreviouslyThrottled : 1;
ULONG ProcessCurrentlyThrottled : 1;
ULONG ReservedBits0 : 25;
};
ULONG EnvironmentUpdateCount;
};
@ -4695,6 +4730,13 @@ NTSTATUS NTAPI CsrClientConnectToServer(
*
************************************************************************************/
#ifndef RtlInitEmptyUnicodeString
#define RtlInitEmptyUnicodeString(_ucStr,_buf,_bufSize) \
((_ucStr)->Buffer = (_buf), \
(_ucStr)->Length = 0, \
(_ucStr)->MaximumLength = (USHORT)(_bufSize))
#endif
BOOLEAN NTAPI RtlCreateUnicodeString(
_Out_ PUNICODE_STRING DestinationString,
_In_ PCWSTR SourceString);
@ -4829,6 +4871,27 @@ NTSTATUS NTAPI RtlHashUnicodeString(
_In_ ULONG HashAlgorithm,
_Out_ PULONG HashValue);
NTSTATUS NTAPI RtlAppendUnicodeStringToString(
_In_ PUNICODE_STRING Destination,
_In_ PUNICODE_STRING Source);
NTSTATUS NTAPI RtlAppendUnicodeToString(
_In_ PUNICODE_STRING Destination,
_In_opt_ PWSTR Source);
NTSTATUS NTAPI RtlUpcaseUnicodeString(
_Inout_ PUNICODE_STRING DestinationString,
_In_ PUNICODE_STRING SourceString,
_In_ BOOLEAN AllocateDestinationString);
NTSTATUS NTAPI RtlDowncaseUnicodeString(
_Inout_ PUNICODE_STRING DestinationString,
_In_ PUNICODE_STRING SourceString,
_In_ BOOLEAN AllocateDestinationString);
VOID NTAPI RtlEraseUnicodeString(
_Inout_ PUNICODE_STRING String);
/************************************************************************************
*
* RTL Process/Thread API.
@ -5249,6 +5312,19 @@ BOOLEAN NTAPI RtlFreeHeap(
_In_ ULONG Flags,
_In_ PVOID BaseAddress);
NTSTATUS NTAPI RtlZeroHeap(
_In_ PVOID HeapHandle,
_In_ ULONG Flags);
SIZE_T NTAPI RtlSizeHeap(
_In_ PVOID HeapHandle,
_In_ ULONG Flags,
_In_ PVOID BaseAddress);
VOID NTAPI RtlProtectHeap(
_In_ PVOID HeapHandle,
_In_ BOOLEAN MakeReadOnly);
/************************************************************************************
*
* RTL Compression API.
@ -5588,6 +5664,14 @@ VOID NTAPI RtlUpdateClonedSRWLock(
NTSTATUS NTAPI RtlQueryElevationFlags(
_Inout_ ULONG *ElevationFlags);
/************************************************************************************
*
* RTL Misc Support API.
*
************************************************************************************/
BOOLEAN NTAPI RtlDoesFileExists_U(
_In_ PCWSTR FileName);
/************************************************************************************
*
@ -7618,4 +7702,104 @@ NTSTATUS NTAPI NtSystemDebugControl(
_In_ ULONG OutputBufferLength,
_Out_opt_ PULONG ReturnLength);
/************************************************************************************
*
* Application Verifier API and definitions.
*
************************************************************************************/
#ifndef DLL_PROCESS_VERIFIER
#define DLL_PROCESS_VERIFIER 4
#endif
typedef VOID(NTAPI *RTL_VERIFIER_DLL_LOAD_CALLBACK)(
PWSTR DllName,
PVOID DllBase,
SIZE_T DllSize,
PVOID Reserved);
typedef VOID(NTAPI *RTL_VERIFIER_DLL_UNLOAD_CALLBACK)(
PWSTR DllName,
PVOID DllBase,
SIZE_T DllSize,
PVOID Reserved);
typedef VOID(NTAPI *RTL_VERIFIER_NTDLLHEAPFREE_CALLBACK)(
PVOID AllocationBase,
SIZE_T AllocationSize);
typedef struct _RTL_VERIFIER_THUNK_DESCRIPTOR {
PCHAR ThunkName;
PVOID ThunkOldAddress;
PVOID ThunkNewAddress;
} RTL_VERIFIER_THUNK_DESCRIPTOR, *PRTL_VERIFIER_THUNK_DESCRIPTOR;
typedef struct _RTL_VERIFIER_DLL_DESCRIPTOR {
PWCHAR DllName;
DWORD DllFlags;
PVOID DllAddress;
PRTL_VERIFIER_THUNK_DESCRIPTOR DllThunks;
} RTL_VERIFIER_DLL_DESCRIPTOR, *PRTL_VERIFIER_DLL_DESCRIPTOR;
typedef struct _RTL_VERIFIER_PROVIDER_DESCRIPTOR {
DWORD Length;
PRTL_VERIFIER_DLL_DESCRIPTOR ProviderDlls;
RTL_VERIFIER_DLL_LOAD_CALLBACK ProviderDllLoadCallback;
RTL_VERIFIER_DLL_UNLOAD_CALLBACK ProviderDllUnloadCallback;
PWSTR VerifierImage;
DWORD VerifierFlags;
DWORD VerifierDebug;
PVOID RtlpGetStackTraceAddress;
PVOID RtlpDebugPageHeapCreate;
PVOID RtlpDebugPageHeapDestroy;
RTL_VERIFIER_NTDLLHEAPFREE_CALLBACK ProviderNtdllHeapFreeCallback;
} RTL_VERIFIER_PROVIDER_DESCRIPTOR, *PRTL_VERIFIER_PROVIDER_DESCRIPTOR;
//
// Application verifier standard flags.
//
#define RTL_VRF_FLG_FULL_PAGE_HEAP 0x00000001
#define RTL_VRF_FLG_RESERVED_DONOTUSE 0x00000002
#define RTL_VRF_FLG_HANDLE_CHECKS 0x00000004
#define RTL_VRF_FLG_STACK_CHECKS 0x00000008
#define RTL_VRF_FLG_APPCOMPAT_CHECKS 0x00000010
#define RTL_VRF_FLG_TLS_CHECKS 0x00000020
#define RTL_VRF_FLG_DIRTY_STACKS 0x00000040
#define RTL_VRF_FLG_RPC_CHECKS 0x00000080
#define RTL_VRF_FLG_COM_CHECKS 0x00000100
#define RTL_VRF_FLG_DANGEROUS_APIS 0x00000200
#define RTL_VRF_FLG_RACE_CHECKS 0x00000400
#define RTL_VRF_FLG_DEADLOCK_CHECKS 0x00000800
#define RTL_VRF_FLG_FIRST_CHANCE_EXCEPTION_CHECKS 0x00001000
#define RTL_VRF_FLG_VIRTUAL_MEM_CHECKS 0x00002000
#define RTL_VRF_FLG_ENABLE_LOGGING 0x00004000
#define RTL_VRF_FLG_FAST_FILL_HEAP 0x00008000
#define RTL_VRF_FLG_VIRTUAL_SPACE_TRACKING 0x00010000
#define RTL_VRF_FLG_ENABLED_SYSTEM_WIDE 0x00020000
#define RTL_VRF_FLG_MISCELLANEOUS_CHECKS 0x00020000
#define RTL_VRF_FLG_LOCK_CHECKS 0x00040000
VOID NTAPI RtlApplicationVerifierStop(
_In_ ULONG_PTR Code,
_In_ PSTR Message,
_In_ ULONG_PTR Param1,
_In_ PSTR Description1,
_In_ ULONG_PTR Param2,
_In_ PSTR Description2,
_In_ ULONG_PTR Param3,
_In_ PSTR Description3,
_In_ ULONG_PTR Param4,
_In_ PSTR Description4);
#ifndef VERIFIER_STOP
#define VERIFIER_STOP(Code, Msg, P1, S1, P2, S2, P3, S3, P4, S4) { \
RtlApplicationVerifierStop ((Code), \
(Msg), \
(ULONG_PTR)(P1),(S1), \
(ULONG_PTR)(P2),(S2), \
(ULONG_PTR)(P3),(S3), \
(ULONG_PTR)(P4),(S4)); \
}
#endif
#pragma warning(pop)

4
Source/WinObjEx64/props/propObjectDump.c
View File

@ -6,7 +6,7 @@
*
* VERSION: 1.52
*
* DATE: 08 Jan 2018
* DATE: 13 Jan 2018
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@ -825,7 +825,7 @@ VOID ObDumpDriverObject(
ObDumpUnicodeString(h_tviRootItem, L"BaseDllName", &ldrEntry.BaseDllName, FALSE);
//Flags
ObDumpUlong(g_TreeList, h_tviRootItem, T_FLAGS, NULL, ldrEntry.Flags, TRUE, FALSE, 0, 0);
ObDumpUlong(g_TreeList, h_tviRootItem, T_FLAGS, NULL, ldrEntry.ENTRYFLAGSUNION.Flags, TRUE, FALSE, 0, 0);
//LoadCount
lpType = L"ObsoleteLoadCount";

79
Source/WinObjEx64/sup.c
View File

@ -6,7 +6,7 @@
*
* VERSION: 1.52
*
* DATE: 08 Jan 2018
* DATE: 10 Feb 2018
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@ -294,7 +294,6 @@ BOOL supQueryObjectFromHandle(
ULONG i;
DWORD CurrentProcessId = GetCurrentProcessId();
//PSYSTEM_HANDLE_INFORMATION pHandles;
PSYSTEM_HANDLE_INFORMATION_EX pHandles;
if (Address == NULL) {
@ -816,11 +815,11 @@ UINT supGetObjectNameIndexByTypeIndex(
POBJECT_TYPE_INFORMATION pObject;
POBJECT_TYPE_INFORMATION_8 pObject8;
__try {
if (Object == NULL) {
return TYPE_UNKNOWN;
}
if (Object == NULL) {
return TYPE_UNKNOWN;
}
__try {
Index = ObDecodeTypeIndex(Object, TypeIndex);
@ -848,7 +847,7 @@ UINT supGetObjectNameIndexByTypeIndex(
}
}
__except (exceptFilter(GetExceptionCode(), GetExceptionInformation())) {
__except (EXCEPTION_EXECUTE_HANDLER) {
return TYPE_UNKNOWN;
}
return TYPE_UNKNOWN;
@ -1316,7 +1315,8 @@ VOID supxMapNtdllCopy(
*
*/
VOID supInit(
_In_ BOOL IsFullAdmin
_In_ BOOL IsFullAdmin,
_In_ BOOL IsWine
)
{
supQueryKnownDlls();
@ -1329,7 +1329,19 @@ VOID supInit(
sapiCreateSetupDBSnapshot();
g_pObjectTypesInfo = supGetObjectTypesInfo();
//
// Quick Wine Staging fix.
// Under usual Wine NtQueryObject(ObjectTypesInformation) is not implemented.
// We are okay with that.
// But under Wine Staging this piece of code is implemented and it is broken.
// So generally ban this call from Wine.
//
if (IsWine) {
g_pObjectTypesInfo = NULL;
}
else {
g_pObjectTypesInfo = supGetObjectTypesInfo();
}
ExApiSetInit();
}
@ -2044,33 +2056,40 @@ BOOL supQueryTypeInfo(
return bResult;
}
pObject = (POBJECT_TYPE_INFORMATION)&g_pObjectTypesInfo->TypeInformation;
for (i = 0; i < g_pObjectTypesInfo->NumberOfTypes; i++) {
__try {
if (_strncmpi(pObject->TypeName.Buffer,
lpTypeName,
pObject->TypeName.Length / sizeof(WCHAR)) == 0)
{
for (nPool = 0; nPool < MAX_KNOWN_POOL_TYPES; nPool++) {
if ((POOL_TYPE)pObject->PoolType == (POOL_TYPE)a_PoolTypes[nPool].dwValue) {
pObject = (POBJECT_TYPE_INFORMATION)&g_pObjectTypesInfo->TypeInformation;
for (i = 0; i < g_pObjectTypesInfo->NumberOfTypes; i++) {
_strncpy(
Buffer, ccBuffer,
a_PoolTypes[nPool].lpDescription,
_strlen(a_PoolTypes[nPool].lpDescription)
);
if (_strncmpi(pObject->TypeName.Buffer,
lpTypeName,
pObject->TypeName.Length / sizeof(WCHAR)) == 0)
{
for (nPool = 0; nPool < MAX_KNOWN_POOL_TYPES; nPool++) {
if ((POOL_TYPE)pObject->PoolType == (POOL_TYPE)a_PoolTypes[nPool].dwValue) {
break;
_strncpy(
Buffer, ccBuffer,
a_PoolTypes[nPool].lpDescription,
_strlen(a_PoolTypes[nPool].lpDescription)
);
break;
}
}
bResult = TRUE;
}
bResult = TRUE;
if (bResult) {
break;
}
//next entry located after the aligned type name buffer
pObject = (POBJECT_TYPE_INFORMATION)((PCHAR)(pObject + 1) +
ALIGN_UP(pObject->TypeName.MaximumLength, sizeof(ULONG_PTR)));
}
if (bResult) {
break;
}
//next entry located after the aligned type name buffer
pObject = (POBJECT_TYPE_INFORMATION)((PCHAR)(pObject + 1) +
ALIGN_UP(pObject->TypeName.MaximumLength, sizeof(ULONG_PTR)));
}
__except (EXCEPTION_EXECUTE_HANDLER) {
return FALSE;
}
return bResult;
}

5
Source/WinObjEx64/sup.h
View File

@ -6,7 +6,7 @@
*
* VERSION: 1.52
*
* DATE: 08 Jan 2018
* DATE: 10 Feb 2018
*
* Common header file for the program support routines.
*
@ -158,7 +158,8 @@ VOID supCreateToolbarButtons(
_In_ HWND hWndToolbar);
VOID supInit(
_In_ BOOL IsFullAdmin);
_In_ BOOL IsFullAdmin,
_In_ BOOL IsWine);
VOID supShutdown(
VOID);

14
WinObjEx64.sha256
View File

@ -1,5 +1,5 @@
0a821bc39180e43dc27e9aa0683c7a1dc1a648c5d0a055261af022f50aae32fe *Compiled\WinObjEx64.chm
1a237e152c7dfeb2adeaa0db296aea9c1b3e191690c315dd4daf5fa9e5010904 *Compiled\WinObjEx64.exe
234638d24289e6caaa50b8cbd54a751ce45fc9b3bdb48cc5bcb4d01fde57091b *Compiled\WinObjEx64.exe
bb230ab7c5ee7c6bee73250fcc57f7291a8d62d347fe4d19ad58763b529efed4 *Source\CHANGELOG.txt
d78a70cd4977daed9abce48d3c137d9a199b5154eeba41b1c9bf7cd2cf88051f *Source\FileList.txt
72346b8a97a5ee2f8fc7ffc83ba05ea43cc2f81c34952a6777bb4c456f114d1b *Source\TypesWithNoDesc.txt
@ -21,13 +21,13 @@ ba272b1faf6cd3a8d8e554dd7dfff35abd1a8ffebb0280e8459112e855db9f83 *Source\WinObjE
f351015b6497ca4ae9b348a34a64ff4cbcc3b759c2e637d99e643c04b0a2ccae *Source\WinObjEx64\kldbg.h
13f06cdd6ee7b2e6ce203329f81f96588ead571e287edf844ecbbeeaa0bc8da9 *Source\WinObjEx64\list.c
b311dfa9882435a609a965066b7e4e607c3723b6be3e134cf0d120913dc1b225 *Source\WinObjEx64\list.h
c70745fb7ff53c3d9044cfe91288661ce9902ff9035b31352ca14e913488c219 *Source\WinObjEx64\main.c
14113bc6bd500a38fe4b4a54de13437c22ea7fb8e38adff71ca2ffaa691ecb92 *Source\WinObjEx64\main.c
f0ff77342a614f4ef0f39d67451014761643bed9cd904177d8ca09b0f8b7f994 *Source\WinObjEx64\objects.c
01a948f28d76e693f93c03ab64a06d572c3b547374a522ce65d95a8105c434c4 *Source\WinObjEx64\objects.h
c241d7e25de6446fd6d51f1b37c9dcb614ed286fef926b853ff60da5dc2f67ae *Source\WinObjEx64\resource.h
bdfb909f4b444195f8db3e2180293235e620ba992299bd3f8b2e225dd9f94bfa *Source\WinObjEx64\Resource.rc
13d3661c95ca6ec4d69cd20d82b0c80bdb24d11dc543be82db7c4cf0403dc5d5 *Source\WinObjEx64\sup.c
89e97917a5f9f3a9f7000e77b3c2540c0530eb9aab99d9faecb22fa89553468e *Source\WinObjEx64\sup.h
db1f721a165d7466653852dccdd633c7d83c92d7865a84748d07f2271843d17d *Source\WinObjEx64\Resource.rc
68ad186a83f647de9e347a507bfe71958efd3c44547a967cd6ff0c924cefc4e5 *Source\WinObjEx64\sup.c
685f65d7f9ee7398e0ed1746de942e9df090354be8f025fc4d6388b4a760aca3 *Source\WinObjEx64\sup.h
43234dad977900114521a5e28b2228bb5967f877bceb9b0d461ed64135d7789f *Source\WinObjEx64\supConsts.h
4a5b1b7f56ddbfe956248a2aed344402cdd2c09f1d1c49d65655180b5e933db6 *Source\WinObjEx64\treelist.c
55b18a4fa9c2fbe08817cfc8dca0fa30f1a8537690af883bbd2478b03368eebf *Source\WinObjEx64\treelist.h
@ -77,7 +77,7 @@ ef1b18997ea473ac8d516ef60efc64b9175418b8f078e088d783fdaef2544969 *Source\WinObjE
52e3d39c69c43264b2f8d9bcdfce0f763a5e92d091eef59ea2a0294b4b19641c *Source\WinObjEx64\minirtl\_strstr.c
52a696ae714eb81033c477d1ec6c01389eef56c847609e89d360c2fb6899b4b6 *Source\WinObjEx64\minirtl\_strstri.c
9e6c2ba41fb78426c38d466e3baf5fc5645bb4f6b1b533a3af52e1e93cd3ce01 *Source\WinObjEx64\ntos\ntalpc.h
759bed3cac43084086a3d7257f34672f56b751e0ea0202e88ade74551ce55b31 *Source\WinObjEx64\ntos\ntos.h
2906a46fbf5373e7c5904cafa9a2ddf808a40e0e70a76ac51e709226544979aa *Source\WinObjEx64\ntos\ntos.h
08b145a0edab4e66ea3da2ca770792b0248ced8371486606ae497734ccaaec0b *Source\WinObjEx64\props\propBasic.c
45e2088b0320c02cca2559f6e5183a4eb2a289021f5488d65ba6230e208557e9 *Source\WinObjEx64\props\propBasic.h
0a03eec3ef69740af7e000447e9467bc102af73754d1837dbcc732f421ba1587 *Source\WinObjEx64\props\propBasicConsts.h
@ -88,7 +88,7 @@ e2e24faf15ec4b0cb26d30f2c17ab3e23d17e0d1fb16447ab921e0b4aa42421a *Source\WinObjE
9771e96a5fd491a50e94e9f04cc82058459de8bf27ea801f0785fe6a2f4e6961 *Source\WinObjEx64\props\propDriver.c
8dd63e57115728cdea4c326e5cde9acfe6015b2b088ec36022cd9f81e216e179 *Source\WinObjEx64\props\propDriver.h
721bf384ee6ba44cb118a4bfde7ffba669024059e3120b8cae40e98228eba6df *Source\WinObjEx64\props\propDriverConsts.h
5b8456e91def12d7b466570b00993e84ec364548c4c600330dde9014e837665c *Source\WinObjEx64\props\propObjectDump.c
c528af8fd80d53b1c700f40756dbf2efec547910d3ab5bbd2f87d6de858ddf00 *Source\WinObjEx64\props\propObjectDump.c
d081bd9af04ae0d0df85a500ae50b4526cbcd4ae707e0ae5da38d37447785c78 *Source\WinObjEx64\props\propObjectDump.h
205836108ebeff7f2ea324643c8a735a6b714667c6fb2a8296074789709ece87 *Source\WinObjEx64\props\propObjectDumpConsts.h
5095cece621254f7d6b393b424f2e45c10b0dec8bf1fed56261663a4f2af654d *Source\WinObjEx64\props\propProcess.c