1.9.3
For a complete list of changes see changelog.txt in the sources directory.
This commit is contained in:
hfiref0x
parent
143f0823f9
commit
5a41727510
Binary file not shown.
Binary file not shown.
|
|
@ -1,7 +1,8 @@
|
|||
v1.9.3
|
||||
updated SeCiCallbacks search for newest Windows versions
|
||||
fixed win32k ApiSet resolving for Win10 21H2
|
||||
fixed ObCallbacks enumeration issues
|
||||
added Windows Server 2022 support
|
||||
fix win32k ApiSet resolving for Win10 21H2
|
||||
fix ObCallbacks enumeration issues
|
||||
support for various kernel driver helpers
|
||||
ported to msvc 2022 (with backward compatibility to 2019)
|
||||
bugfixes
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: NTBUILDS.H
|
||||
*
|
||||
* VERSION: 1.10
|
||||
* VERSION: 1.11
|
||||
*
|
||||
* DATE: 13 May 2022
|
||||
* DATE: 15 May 2022
|
||||
*
|
||||
* Windows NT builds definition file.
|
||||
*
|
||||
|
|
@ -73,6 +73,9 @@
|
|||
// Windows 10 21H2
|
||||
#define NT_WIN10_21H2 19044
|
||||
|
||||
// Windows Server 2022
|
||||
#define NT_WINSRV_21H1 20348
|
||||
|
||||
// Windows 11 21H2
|
||||
#define NT_WIN11_21H2 22000
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@
|
|||
#define CBT_SIZE_19HX 0xD0
|
||||
#define CBT_SIZE_VB_V1 0xD0
|
||||
#define CBT_SIZE_VB_V2 0xE8
|
||||
#define CBT_SIZE_FE_V1 0xF8
|
||||
#define CBT_SIZE_CO_V1 0x100
|
||||
#define CBT_SIZE_NI_V1 0xF8
|
||||
#define CBT_SIZE_CU_V1 0xF8
|
||||
|
|
@ -59,6 +60,8 @@ CBT_MAPPING g_CbtMapping[] = {
|
|||
{ NT_WIN10_21H2, NTDDI_WIN10_VB, CBT_SIZE_VB_V1 },
|
||||
{ NT_WIN10_21H2, NTDDI_WIN10_VB, CBT_SIZE_VB_V2 },
|
||||
|
||||
{ NT_WINSRV_21H1, NTDDI_WIN10_FE, CBT_SIZE_FE_V1 },
|
||||
|
||||
{ NT_WIN11_21H2, NTDDI_WIN10_CO, CBT_SIZE_CO_V1 },
|
||||
{ NT_WIN11_22H2, NTDDI_WIN10_NI, CBT_SIZE_NI_V1 },
|
||||
{ NTX_WIN11_ADB, NTDDI_WIN10_CU, CBT_SIZE_CU_V1 }
|
||||
|
|
@ -564,6 +567,41 @@ static const BYTE CiCallbackIndexes_Win1021H2_V2[] = {
|
|||
Id_CiDeleteCodeIntegrityOriginClaimForFileObject
|
||||
};
|
||||
|
||||
//
|
||||
// Windows Server 2022
|
||||
//
|
||||
static const BYTE CiCallbacksIndexes_WinSrv21H2[] = {
|
||||
Id_CiSetFileCache,
|
||||
Id_CiGetFileCache,
|
||||
Id_CiQueryInformation,
|
||||
Id_CiValidateImageHeader,
|
||||
Id_CiValidateImageData,
|
||||
Id_CiHashMemory,
|
||||
Id_KappxIsPackageFile,
|
||||
Id_CiCompareSigningLevels,
|
||||
Id_CiValidateFileAsImageType,
|
||||
Id_CiRegisterSigningInformation,
|
||||
Id_CiUnregisterSigningInformation,
|
||||
Id_CiInitializePolicy,
|
||||
Id_CiReleaseContext,
|
||||
Id_XciUnknownCallback,
|
||||
Id_CiGetStrongImageReference,
|
||||
Id_CiHvciSetImageBaseAddress,
|
||||
Id_CipQueryPolicyInformation,
|
||||
Id_CiValidateDynamicCodePages,
|
||||
Id_CiQuerySecurityPolicy,
|
||||
Id_CiRevalidateImage,
|
||||
Id_CiSetInformation,
|
||||
Id_CiSetInformationProcess,
|
||||
Id_CiGetBuildExpiryTime,
|
||||
Id_CiCheckProcessDebugAccessPolicy,
|
||||
Id_CiGetCodeIntegrityOriginClaimForFileObject,
|
||||
Id_CiDeleteCodeIntegrityOriginClaimMembers,
|
||||
Id_CiDeleteCodeIntegrityOriginClaimForFileObject,
|
||||
Id_CiHvciReportMmIncompatibility,
|
||||
Id_CiCompareExistingSePool
|
||||
};
|
||||
|
||||
//
|
||||
// Windows 11 21H2
|
||||
//
|
||||
|
|
@ -716,10 +754,16 @@ LPWSTR GetCiRoutineNameFromIndex(
|
|||
}
|
||||
break;
|
||||
|
||||
case NT_WINSRV_21H1:
|
||||
Indexes = CiCallbacksIndexes_WinSrv21H2;
|
||||
ArrayCount = RTL_NUMBER_OF(CiCallbacksIndexes_WinSrv21H2);
|
||||
break;
|
||||
|
||||
case NT_WIN11_21H2:
|
||||
Indexes = CiCallbackIndexes_Win11;
|
||||
ArrayCount = RTL_NUMBER_OF(CiCallbackIndexes_Win11);
|
||||
break;
|
||||
|
||||
case NT_WIN11_22H2:
|
||||
case NTX_WIN11_ADB:
|
||||
default:
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
*
|
||||
* VERSION: 1.93
|
||||
*
|
||||
* DATE: 11 May 2022
|
||||
* DATE: 15 May 2022
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -1110,7 +1110,7 @@ NTSTATUS SdtResolveServiceEntryModule(
|
|||
ApiSetReference = ApiSetExtractReferenceFromAdapter(FunctionPtr);
|
||||
if (ApiSetReference) {
|
||||
|
||||
if (g_NtBuildNumber >= NT_WIN11_21H2)
|
||||
if (g_NtBuildNumber >= NT_WINSRV_21H1)
|
||||
ApiSetTableEntrySize = sizeof(W32K_API_SET_TABLE_ENTRY_V2);
|
||||
else
|
||||
ApiSetTableEntrySize = sizeof(W32K_API_SET_TABLE_ENTRY);
|
||||
|
|
|
|||
|
|
@ -821,6 +821,7 @@ PVOID ObDumpSymbolicLinkObjectVersionAware(
|
|||
objectSize = sizeof(OBJECT_SYMBOLIC_LINK_V4);
|
||||
objectVersion = OBVERSION_OBJECT_SYMBOLIC_LINK_V4;
|
||||
break;
|
||||
case NT_WINSRV_21H1:
|
||||
case NT_WIN11_21H2:
|
||||
case NT_WIN11_22H2:
|
||||
default:
|
||||
|
|
@ -961,7 +962,7 @@ PVOID ObDumpFltFilterObjectVersionAware(
|
|||
objectVersion = OBVERSION_FLT_FILTER_V2;
|
||||
}
|
||||
else if (g_NtBuildNumber >= NT_WIN10_THRESHOLD1 &&
|
||||
g_NtBuildNumber < NT_WIN11_21H2)
|
||||
g_NtBuildNumber < NT_WINSRV_21H1)
|
||||
{
|
||||
objectSize = sizeof(FLT_FILTER_V3);
|
||||
objectVersion = OBVERSION_FLT_FILTER_V3;
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@ e192abb83dded0fe227f3fe69cb0ac7aaa197941917afd497b4cf8796a03e041 *Compiled\WHATS
|
|||
fa001b1ac9bbbb6c954d5dd609de60fa2b0277a6cfe35f6428591e4b4b1e8453 *Compiled\WHATSNEW_180.md
|
||||
764927e79e6226e9a5185b0672b5b6422c27f6c4955afa45b6e3032a766797e4 *Compiled\WHATSNEW_187.md
|
||||
d3c54e144f4ea198d761a0c89764d6cd39da19c0aa51661a9f37135e4f842a85 *Compiled\WHATSNEW_190.md
|
||||
5e4e1ffe4b44b198d8941e1d633ec7095a12aacbedc78c2d5474eadb69b05de0 *Compiled\WinObjEx64.chm
|
||||
2978e252bd179ab1c579053aee623922bdbdb80b293423f9e443a9d79c98618c *Compiled\WinObjEx64.exe
|
||||
85ea539802640fce924ee0dda14d9a0ed3e786f5ca131c4ae0815f7beeba69f8 *Compiled\WinObjEx64.chm
|
||||
6f5110d724a0b88251003f2845a8dec2dfd73cc68e9506c2c07ea14049cfbca0 *Compiled\WinObjEx64.exe
|
||||
ed5cef250f9734689aa07c111ca1b2a639d307c27925ce6a45d3c3ca7b050782 *Compiled\plugins\ApiSetView.dll
|
||||
57267abde07d6f1a47633cc7b8a4f4b17ec902f16db1358b218f38e7e0e020de *Compiled\plugins\ExamplePlugin.dll
|
||||
98bfaf17e411c56e3192467c506024ae25a60e304fd595fcdd12f3208bddf1c2 *Compiled\plugins\ImageScope.dll
|
||||
|
|
@ -38,7 +38,7 @@ cb66fca90766db12474ce057436364dabaf3e948f6ffa7e9651f869656f0b33c *Screenshots\Vi
|
|||
ef65a909e8d9bc7ec94ecbc0f465f24a7968d6675eadf7f25f6414c66d6b28be *Screenshots\ViewingTypeInformation.png
|
||||
db0ab26d20a62ba7c9c844e916e88168b72a7e52932d3483eb2d0a2e535b75a8 *Screenshots\ViewingUserSharedData.png
|
||||
9e2b64f390c609172c5791dd138a748d31bf4d2cc839f01dbd514afe1cdfd083 *Screenshots\W32pServiceTableView.png
|
||||
748027fa2c6d886cb1ee739f9f643b19aa2b667b3bdf9e9642bb93601d40ef11 *Source\CHANGELOG.txt
|
||||
fee4d907e7334c03234ce4a359185d9030d626195bcb36a607de0b1ca185da27 *Source\CHANGELOG.txt
|
||||
a44ef414ebf68889488938116fa7e51dc484b038b9c0a247d2b872d5b00e4692 *Source\FILELIST.txt
|
||||
fb5db833eb13f6c7812cf9b8ca2b2e4f60b9133b700edd2065c3431c41509911 *Source\TypesWithNoDesc.txt
|
||||
89f58de2ad50d5abba574acb90cc06454322a83bf0f4cc0da7e77201fde10d18 *Source\WinObjEx64.sln
|
||||
|
|
@ -122,7 +122,7 @@ c902616e5949b38a2700741c775417f9a52270a469864d9ef033664682bdc458 *Source\Shared\
|
|||
7a58407999eb9aa3713de75b58a5d7ac6b8a08edbcc78322c26186ad138b8f79 *Source\Shared\ntos\apisetx.h
|
||||
8acab5c8b8b339bdaf8e7b7d06f2cd6b10d24f889ef92462e4e53abbc5dc5341 *Source\Shared\ntos\halamd64.h
|
||||
ffac2569a1dd61c400cda45839c7314bdd99cfcb5c17d503807db34c168628d2 *Source\Shared\ntos\ntalpc.h
|
||||
baf7ca110fcdf8d039b8d81f86db8b9682d6525c3169766d59518d8237fcc0f7 *Source\Shared\ntos\ntbuilds.h
|
||||
5466a593ef80249a2517395e666b6cf35e21d4b8c05ec6dc9abb544746301651 *Source\Shared\ntos\ntbuilds.h
|
||||
69a2ac18f7ae51f231ff70195e914fdf1331564d7e109d052d8c0e6f2c6760a4 *Source\Shared\ntos\ntldr.c
|
||||
083d71cbe45e72854cfc45e20b85ec805c8dd66f18c3a111236195a980c44333 *Source\Shared\ntos\ntldr.h
|
||||
e5d1529d60c32c706a138054683ab83836d46f53ddaac6f628556dcc5c34dc52 *Source\Shared\ntos\ntos.h
|
||||
|
|
@ -151,7 +151,7 @@ b99d842f28687ed582aa3e3f64931367a2c5af5c09f25c08d4c76b804ea3609f *Source\WinObjE
|
|||
73cf303d356bdb84cd7725fe31a11d4822500f86cb529220fb278e764652350d *Source\WinObjEx64\global.h
|
||||
efae658152f746d41a6e03d13b9035410cf90cd859140ecc744d2dfa3b773c2a *Source\WinObjEx64\hash.c
|
||||
e79c1a5016f2d227be91eb345f08f515902144c63e3b09403a2d99dc8e8e771a *Source\WinObjEx64\hash.h
|
||||
26e0f43194e6df10a17899fce011cecd3a681e3ce49abf4db07620d46d272738 *Source\WinObjEx64\kldbg.c
|
||||
5d6ce74c927dd5c83453a3e4b3afe445cea0f2166f685ca9e4a63b781962cfde *Source\WinObjEx64\kldbg.c
|
||||
9334002538cbb1acbc69bdec5699c7e6526e9ca51094518c2c1a2ba277b37396 *Source\WinObjEx64\kldbg.h
|
||||
1f0d722b6cd9b6d5c5f3ec1a7e110ce579c5d025a34a46a373a9d63cc9d85bbb *Source\WinObjEx64\kldbg_patterns.h
|
||||
27123a22007dd66a9dc7fc43428cfbe511d4ea5f7386319db151f3428ad4cc28 *Source\WinObjEx64\ksymbols.h
|
||||
|
|
@ -187,7 +187,7 @@ d519634f47890a27dfe69452e5b8d875d37f16f0b90ac17395d2de439114bc11 *Source\WinObjE
|
|||
7ab886ac9e571d7a2f6abc1739caca3083deed2b7b43e0555d06b075f1ae6d3d *Source\WinObjEx64\drivers\winio.h
|
||||
09658136195c72f423380fbe0067a71d96dc37f44575f61359d8697b5f0bf290 *Source\WinObjEx64\extras\extras.c
|
||||
78b3b28fe2d97bba5c26c886eb21bb40a25a3ce6dbb74fc56a3ea88be3e4d80b *Source\WinObjEx64\extras\extras.h
|
||||
a36d47ac587c25163c72cd5616a6ae48177c36424c414c9fbe778a8b51010124 *Source\WinObjEx64\extras\extrasCallbacks.c
|
||||
8025021b48ed415862ce75cff7857bbb985230022a7e351ca606b5709c6fe4c7 *Source\WinObjEx64\extras\extrasCallbacks.c
|
||||
8ad8cd16888a2104a4062c02671cb72c31d28bb644357d720238254507b291ea *Source\WinObjEx64\extras\extrasCallbacks.h
|
||||
ee85df23ea5d5a15e6f066113e923555283c1f78be2c62ed47a9ed4e1384c49a *Source\WinObjEx64\extras\extrasCallbacksPatterns.h
|
||||
855b538887257b2b74b05106aa00e29002665177579a60de14fb5d1cdfb9491d *Source\WinObjEx64\extras\extrasDrivers.c
|
||||
|
|
@ -200,7 +200,7 @@ bc729f15f0c144d62f203f48e2f2b1f5025a00dec320435486caffc355936006 *Source\WinObjE
|
|||
f13067275674be1c09101fc4fc83aaebd645cd5941f9b684eca456b233ab43e3 *Source\WinObjEx64\extras\extrasPSList.h
|
||||
9eedb67973d123b2f653d48eb0e4821379566b6d63cad232b87f15a95ce78745 *Source\WinObjEx64\extras\extrasSL.c
|
||||
cc193609496cab4b684e4d1b35ac2833a2da61cfaf7c87345e0a5b1f519cbbee *Source\WinObjEx64\extras\extrasSL.h
|
||||
96d1f096c2a04b5ab9b66f9e8b361037b86725728e9a78cf9a9a3e15acfd4a5b *Source\WinObjEx64\extras\extrasSSDT.c
|
||||
337ca24957169048f91cfa9ef317136071142738600ba536006723181a3ecc7c *Source\WinObjEx64\extras\extrasSSDT.c
|
||||
224c6c7075a98ea440834fc0e9743d0131fdcccdf2bb3eec941a92c20ddb7906 *Source\WinObjEx64\extras\extrasSSDT.h
|
||||
38373e28340e915afe34b7cea2bdc2c05704a0dd019728d7bbf5b3b51abfd0de *Source\WinObjEx64\extras\extrasUSD.c
|
||||
8cfdcc5659dd647e197dc77f37b4fc5ae7c2b7f6245e6249d3bf600f9afb1b5e *Source\WinObjEx64\extras\extrasUSD.h
|
||||
|
|
|
|||
Loading…
Reference in New Issue