1.7.4
See "What Is New" section of readme for more info or for complete list of changes -changelog.txt in source directory. (Pre-release)
This commit is contained in:
hfiref0x
parent
bded20a4f0
commit
9561e1005a
Binary file not shown.
|
|
@ -1,20 +1,26 @@
|
|||
v1.7.4
|
||||
added software licensing cache view (extras)
|
||||
resolve apisets while viewing shadow table in Windows 10 20H1 >= 18890 builds
|
||||
fix displaying sid user/domain information for private namespaces
|
||||
added refresh (f5) for private namespace dialog
|
||||
|
||||
v1.7.3
|
||||
+ threads list in processes dialog
|
||||
+ view file properties for KisServiceTable/W32pServiceTable dialogs
|
||||
+ process/thread/token object properties dialogs
|
||||
+ bugfixes
|
||||
threads list in processes dialog
|
||||
view file properties for KisServiceTable/W32pServiceTable dialogs
|
||||
process/thread/token object properties dialogs
|
||||
bugfixes
|
||||
|
||||
v1.7.2
|
||||
+ symbolic link object dump
|
||||
+ internal fixes after profiling
|
||||
+ support for 19H1 SeCiCallbacks scan
|
||||
+ added and updated more object type descriptions
|
||||
symbolic link object dump
|
||||
internal fixes after profiling
|
||||
support for 19H1 SeCiCallbacks scan
|
||||
added and updated more object type descriptions
|
||||
|
||||
v1.7.1
|
||||
+ SeCiCallbacks/g_CiCallbacks, DbgkLmdCallbacks added to the callbacks viewer
|
||||
+ Session object view and access rights, merge pull request #8 #9
|
||||
+ fixed regression added in 1.7.0
|
||||
+ treelist updated
|
||||
SeCiCallbacks/g_CiCallbacks, DbgkLmdCallbacks added to the callbacks viewer
|
||||
Session object view and access rights, merge pull request #8 #9
|
||||
fixed regression added in 1.7.0
|
||||
treelist updated
|
||||
|
||||
v1.7.0
|
||||
code can now be compiled as C++
|
||||
|
|
|
|||
|
|
@ -31,6 +31,9 @@ extrasPN.h
|
|||
extrasPSList.c - process list
|
||||
extrasPSList.h
|
||||
|
||||
extrasSL.c - Software Licensing Cache dialog
|
||||
extrasSL.h
|
||||
|
||||
extrasUSD.c - UserSharedData dialog
|
||||
extrasUSD.h
|
||||
|
||||
|
|
@ -105,5 +108,8 @@ wine.c
|
|||
global.h - global include file
|
||||
ntos.h - os internals related definitions and prototypes
|
||||
ntalpc.h - alpc port dedicated header file
|
||||
ntldr.h - nt pe loader related declarations
|
||||
ntldr.c - nt pe loader related declarations and routines
|
||||
apisetx.h - apisetschema dedicated header file
|
||||
resource.h - studio generated resource header
|
||||
ui.h - user interface global constant
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -118,7 +118,7 @@
|
|||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseNotSignedWithDriver|x64'">
|
||||
<OutDir>.\output\$(Platform)\$(Configuration)\bin\</OutDir>
|
||||
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
|
||||
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
|
||||
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
|
||||
<PostBuildEventUseInBuild>
|
||||
</PostBuildEventUseInBuild>
|
||||
<RunCodeAnalysis>true</RunCodeAnalysis>
|
||||
|
|
@ -376,6 +376,7 @@
|
|||
<ClCompile Include="extras\extrasIPC.c" />
|
||||
<ClCompile Include="extras\extrasPN.c" />
|
||||
<ClCompile Include="extras\extrasPSList.c" />
|
||||
<ClCompile Include="extras\extrasSL.c" />
|
||||
<ClCompile Include="extras\extrasSSDT.c" />
|
||||
<ClCompile Include="extras\extrasUSD.c" />
|
||||
<ClCompile Include="findDlg.c" />
|
||||
|
|
@ -408,6 +409,7 @@
|
|||
<ClCompile Include="minirtl\_strncpy.c" />
|
||||
<ClCompile Include="minirtl\_strstr.c" />
|
||||
<ClCompile Include="minirtl\_strstri.c" />
|
||||
<ClCompile Include="ntos\ntldr.c" />
|
||||
<ClCompile Include="objects.c" />
|
||||
<ClCompile Include="props\propBasic.c" />
|
||||
<ClCompile Include="props\propDesktop.c" />
|
||||
|
|
@ -437,6 +439,7 @@
|
|||
<ClInclude Include="extras\extrasIPC.h" />
|
||||
<ClInclude Include="extras\extrasPN.h" />
|
||||
<ClInclude Include="extras\extrasPSList.h" />
|
||||
<ClInclude Include="extras\extrasSL.h" />
|
||||
<ClInclude Include="extras\extrasSSDT.h" />
|
||||
<ClInclude Include="extras\extrasUSD.h" />
|
||||
<ClInclude Include="findDlg.h" />
|
||||
|
|
@ -450,7 +453,9 @@
|
|||
<ClInclude Include="minirtl\minirtl.h" />
|
||||
<ClInclude Include="minirtl\rtltypes.h" />
|
||||
<ClInclude Include="msvcver.h" />
|
||||
<ClInclude Include="ntos\apisetx.h" />
|
||||
<ClInclude Include="ntos\ntalpc.h" />
|
||||
<ClInclude Include="ntos\ntldr.h" />
|
||||
<ClInclude Include="ntos\ntos.h" />
|
||||
<ClInclude Include="objects.h" />
|
||||
<ClInclude Include="kldbg_patterns.h" />
|
||||
|
|
|
|||
|
|
@ -207,6 +207,12 @@
|
|||
<ClCompile Include="wine.c">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="ntos\ntldr.c">
|
||||
<Filter>ntos</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="extras\extrasSL.c">
|
||||
<Filter>Source Files\extras</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ResourceCompile Include="Resource.rc">
|
||||
|
|
@ -358,6 +364,15 @@
|
|||
<ClInclude Include="extdef.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="ntos\apisetx.h">
|
||||
<Filter>ntos</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="ntos\ntldr.h">
|
||||
<Filter>ntos</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="extras\extrasSL.h">
|
||||
<Filter>Source Files\extras</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<Image Include="rsrc\pipe.ico">
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: ABOUTDLG.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 30 Mar 2019
|
||||
* DATE: 18 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -19,7 +19,6 @@
|
|||
#include "msvcver.h"
|
||||
|
||||
HWND g_hwndGlobals;
|
||||
HFONT _hFontGlobalsDlg;
|
||||
WNDPROC g_GlobalsEditOriginalWndProc;
|
||||
|
||||
/*
|
||||
|
|
@ -266,13 +265,15 @@ LRESULT CALLBACK GlobalsCustomWindowProc(
|
|||
_In_ LPARAM lParam
|
||||
)
|
||||
{
|
||||
HFONT hFont;
|
||||
|
||||
switch (uMsg) {
|
||||
case WM_DESTROY:
|
||||
if (_hFontGlobalsDlg) {
|
||||
DeleteObject(_hFontGlobalsDlg);
|
||||
}
|
||||
break;
|
||||
case WM_CLOSE:
|
||||
hFont = (HFONT)GetProp(hwnd, T_PROP_FONT);
|
||||
if (hFont) {
|
||||
DeleteObject(hFont);
|
||||
}
|
||||
RemoveProp(hwnd, T_PROP_FONT);
|
||||
g_hwndGlobals = NULL;
|
||||
break;
|
||||
default:
|
||||
|
|
@ -294,20 +295,9 @@ INT_PTR AboutDialogShowGlobals(
|
|||
{
|
||||
HWND hwnd;
|
||||
LPWSTR lpGlobalInfo;
|
||||
NONCLIENTMETRICS ncm;
|
||||
HFONT hFont = NULL;
|
||||
|
||||
if (g_hwndGlobals == NULL) {
|
||||
|
||||
ncm.cbSize = sizeof(NONCLIENTMETRICS);
|
||||
if (SystemParametersInfo(SPI_GETNONCLIENTMETRICS, sizeof(ncm), &ncm, 0)) {
|
||||
ncm.lfCaptionFont.lfHeight += ncm.lfSmCaptionFont.lfHeight / 4;
|
||||
ncm.lfCaptionFont.lfWeight = FW_NORMAL;
|
||||
ncm.lfCaptionFont.lfQuality = CLEARTYPE_QUALITY;
|
||||
ncm.lfCaptionFont.lfPitchAndFamily = FIXED_PITCH | FF_MODERN;
|
||||
_strcpy(ncm.lfCaptionFont.lfFaceName, TEXT("Courier New"));
|
||||
|
||||
_hFontGlobalsDlg = CreateFontIndirect(&ncm.lfCaptionFont);
|
||||
}
|
||||
if (g_hwndGlobals == NULL) {
|
||||
|
||||
hwnd = CreateWindowEx(
|
||||
0,
|
||||
|
|
@ -324,7 +314,11 @@ INT_PTR AboutDialogShowGlobals(
|
|||
NULL);
|
||||
|
||||
if (hwnd) {
|
||||
SendMessage(hwnd, WM_SETFONT, (WPARAM)_hFontGlobalsDlg, 0);
|
||||
hFont = supCreateFontIndirect(T_DEFAULT_AUX_FONT);
|
||||
if (hFont) {
|
||||
SendMessage(hwnd, WM_SETFONT, (WPARAM)hFont, 0);
|
||||
SetProp(hwnd, T_PROP_FONT, hFont);
|
||||
}
|
||||
g_GlobalsEditOriginalWndProc = (WNDPROC)GetWindowLongPtr(hwnd, GWLP_WNDPROC);
|
||||
if (g_GlobalsEditOriginalWndProc) {
|
||||
SetWindowLongPtr(hwnd, GWLP_WNDPROC, (LONG_PTR)&GlobalsCustomWindowProc);
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: EXTRAS.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 02 Mar 2019
|
||||
* DATE: 14 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -23,6 +23,7 @@
|
|||
#include "extrasIPC.h"
|
||||
#include "extrasPSList.h"
|
||||
#include "extrasCallbacks.h"
|
||||
#include "extrasSL.h"
|
||||
|
||||
/*
|
||||
* extrasSimpleListResize
|
||||
|
|
@ -132,114 +133,83 @@ VOID extrasSetDlgIcon(
|
|||
}
|
||||
|
||||
/*
|
||||
* extrasShowIPCDialog
|
||||
* extrasShowDialogById
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Display Pipe/Mailslots Properties Dialog.
|
||||
* Display dialog by it identifier.
|
||||
*
|
||||
*/
|
||||
VOID extrasShowIPCDialog(
|
||||
_In_ HWND hwndParent,
|
||||
_In_ ULONG CallerId
|
||||
)
|
||||
VOID extrasShowDialogById(
|
||||
_In_ HWND ParentWindow,
|
||||
_In_ WORD DialogId)
|
||||
{
|
||||
if (CallerId == ID_EXTRAS_MAILSLOTS)
|
||||
extrasCreateIpcDialog(hwndParent, IpcModeMailSlots);
|
||||
else if (CallerId == ID_EXTRAS_PIPES)
|
||||
extrasCreateIpcDialog(hwndParent, IpcModeNamedPipes);
|
||||
}
|
||||
switch (DialogId) {
|
||||
|
||||
/*
|
||||
* extrasShowUserSharedDataDialog
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Display KUserSharedData dump dialog.
|
||||
*
|
||||
*/
|
||||
VOID extrasShowUserSharedDataDialog(
|
||||
_In_ HWND hwndParent
|
||||
)
|
||||
{
|
||||
extrasCreateUsdDialog(hwndParent);
|
||||
}
|
||||
case ID_EXTRAS_PIPES:
|
||||
case ID_EXTRAS_MAILSLOTS:
|
||||
if (DialogId == ID_EXTRAS_MAILSLOTS)
|
||||
extrasCreateIpcDialog(ParentWindow, IpcModeMailSlots);
|
||||
else
|
||||
extrasCreateIpcDialog(ParentWindow, IpcModeNamedPipes);
|
||||
break;
|
||||
|
||||
/*
|
||||
* extrasShowPrivateNamespacesDialog
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Display PrivateNamespaces dialog.
|
||||
*
|
||||
*/
|
||||
VOID extrasShowPrivateNamespacesDialog(
|
||||
_In_ HWND hwndParent
|
||||
)
|
||||
{
|
||||
extrasCreatePNDialog(hwndParent);
|
||||
}
|
||||
case ID_EXTRAS_USERSHAREDDATA:
|
||||
extrasCreateUsdDialog(ParentWindow);
|
||||
break;
|
||||
|
||||
/*
|
||||
* extrasShowSSDTDialog
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Display KiServiceTable (SSDT) dialog.
|
||||
*
|
||||
*/
|
||||
VOID extrasShowSSDTDialog(
|
||||
_In_ HWND hwndParent,
|
||||
_In_ ULONG CallerId
|
||||
)
|
||||
{
|
||||
if (CallerId == ID_EXTRAS_SSDT)
|
||||
extrasCreateSSDTDialog(hwndParent, SST_Ntos);
|
||||
else if (CallerId == ID_EXTRAS_W32PSERVICETABLE)
|
||||
extrasCreateSSDTDialog(hwndParent, SST_Win32k);
|
||||
}
|
||||
case ID_EXTRAS_PRIVATENAMESPACES:
|
||||
//
|
||||
// Feature require driver usage and not supported in 10586.
|
||||
//
|
||||
if (g_NtBuildNumber != 10586) {
|
||||
if (kdConnectDriver()) {
|
||||
extrasCreatePNDialog(ParentWindow);
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
/*
|
||||
* extrasShowDriversDialog
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Display Drivers list dialog.
|
||||
*
|
||||
*/
|
||||
VOID extrasShowDriversDialog(
|
||||
_In_ HWND hwndParent
|
||||
)
|
||||
{
|
||||
extrasCreateDriversDialog(hwndParent);
|
||||
}
|
||||
case ID_EXTRAS_SSDT:
|
||||
case ID_EXTRAS_W32PSERVICETABLE:
|
||||
//
|
||||
// This feature require driver usage.
|
||||
//
|
||||
#ifndef _DEBUG
|
||||
if (kdConnectDriver()) {
|
||||
#endif
|
||||
if (DialogId == ID_EXTRAS_SSDT)
|
||||
extrasCreateSSDTDialog(ParentWindow, SST_Ntos);
|
||||
else
|
||||
extrasCreateSSDTDialog(ParentWindow, SST_Win32k);
|
||||
|
||||
/*
|
||||
* extrasShowPsListDialog
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Display Process list dialog.
|
||||
*
|
||||
*/
|
||||
VOID extrasShowPsListDialog(
|
||||
_In_ HWND hwndParent
|
||||
)
|
||||
{
|
||||
extrasCreatePsListDialog(hwndParent);
|
||||
}
|
||||
#ifndef _DEBUG
|
||||
}
|
||||
#endif
|
||||
break;
|
||||
|
||||
/*
|
||||
* extrasShowCallbacksDialog
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Display Callbacks dialog.
|
||||
*
|
||||
*/
|
||||
VOID extrasShowCallbacksDialog(
|
||||
_In_ HWND hwndParent
|
||||
)
|
||||
{
|
||||
extrasCreateCallbacksDialog(hwndParent);
|
||||
case ID_EXTRAS_DRIVERS:
|
||||
//
|
||||
// Unsupported in Wine.
|
||||
//
|
||||
if (g_WinObj.IsWine == FALSE) {
|
||||
extrasCreateDriversDialog(ParentWindow);
|
||||
}
|
||||
break;
|
||||
|
||||
case ID_EXTRAS_PROCESSLIST:
|
||||
extrasCreatePsListDialog(ParentWindow);
|
||||
break;
|
||||
|
||||
case ID_EXTRAS_CALLBACKS:
|
||||
extrasCreateCallbacksDialog(ParentWindow);
|
||||
break;
|
||||
|
||||
case ID_EXTRAS_SOFTWARELICENSECACHE:
|
||||
extrasCreateSLCacheDialog(ParentWindow);
|
||||
break;
|
||||
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: EXTRAS.H
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 02 Mar 2019
|
||||
* DATE: 12 May 2019
|
||||
*
|
||||
* Common header file for Extras dialogs.
|
||||
*
|
||||
|
|
@ -63,25 +63,6 @@ VOID extrasSimpleListResize(
|
|||
VOID extrasSetDlgIcon(
|
||||
_In_ HWND hwndDlg);
|
||||
|
||||
VOID extrasShowIPCDialog(
|
||||
_In_ HWND hwndParent,
|
||||
_In_ ULONG CallerId);
|
||||
|
||||
VOID extrasShowUserSharedDataDialog(
|
||||
_In_ HWND hwndParent);
|
||||
|
||||
VOID extrasShowPrivateNamespacesDialog(
|
||||
_In_ HWND hwndParent);
|
||||
|
||||
VOID extrasShowSSDTDialog(
|
||||
_In_ HWND hwndParent,
|
||||
_In_ ULONG CallerId);
|
||||
|
||||
VOID extrasShowDriversDialog(
|
||||
_In_ HWND hwndParent);
|
||||
|
||||
VOID extrasShowPsListDialog(
|
||||
_In_ HWND hwndParent);
|
||||
|
||||
VOID extrasShowCallbacksDialog(
|
||||
_In_ HWND hwndParent);
|
||||
VOID extrasShowDialogById(
|
||||
_In_ HWND ParentWindow,
|
||||
_In_ WORD DialogId);
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: EXTRASDRIVERS.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 30 Mar 2019
|
||||
* DATE: 17 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -59,7 +59,7 @@ VOID DrvDumpDriver(
|
|||
VOID
|
||||
)
|
||||
{
|
||||
BOOL bCond = FALSE, bSuccess = FALSE;
|
||||
BOOL bSuccess = FALSE;
|
||||
INT iPos;
|
||||
ULONG ImageSize;
|
||||
SIZE_T sz;
|
||||
|
|
@ -156,7 +156,7 @@ VOID DrvDumpDriver(
|
|||
MessageBox(DrvDlgContext.hwndDlg, szBuffer, PROGRAM_NAME, MB_ICONINFORMATION);
|
||||
}
|
||||
|
||||
} while (bCond);
|
||||
} while (FALSE);
|
||||
|
||||
if (lpDriverName) supHeapFree(lpDriverName);
|
||||
}
|
||||
|
|
@ -221,7 +221,6 @@ VOID DrvListDrivers(
|
|||
_In_ BOOL bRefresh
|
||||
)
|
||||
{
|
||||
BOOL bCond = FALSE;
|
||||
INT index, iImage;
|
||||
ULONG i, c;
|
||||
LVITEM lvitem;
|
||||
|
|
@ -312,7 +311,7 @@ VOID DrvListDrivers(
|
|||
ultostr(c, _strend(szBuffer));
|
||||
SetWindowText(DrvDlgContext.StatusBar, szBuffer);
|
||||
|
||||
} while (bCond);
|
||||
} while (FALSE);
|
||||
|
||||
if (pModulesList) supHeapFree(pModulesList);
|
||||
|
||||
|
|
@ -345,7 +344,10 @@ VOID CALLBACK DriversHandleNotify(
|
|||
if (nhdr->hdr.idFrom != ID_EXTRASLIST)
|
||||
return;
|
||||
|
||||
#pragma warning(push)
|
||||
#pragma warning(disable: 26454)
|
||||
if (nhdr->hdr.code == NM_DBLCLK) {
|
||||
#pragma warning(pop)
|
||||
mark = ListView_GetSelectionMark(Context->ListView);
|
||||
if (mark >= 0) {
|
||||
lpItem = supGetItemText(Context->ListView, mark, 4, NULL);
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: EXTRASIPC.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 14 Mar 2019
|
||||
* DATE: 03 May 2019
|
||||
*
|
||||
* IPC supported: Pipes, Mailslots
|
||||
*
|
||||
|
|
@ -594,7 +594,6 @@ VOID IpcDlgQueryInfo(
|
|||
_In_ HWND ListView
|
||||
)
|
||||
{
|
||||
BOOL cond = TRUE;
|
||||
BOOLEAN bRestartScan;
|
||||
ULONG QuerySize;
|
||||
HANDLE hObject = NULL;
|
||||
|
|
@ -622,7 +621,7 @@ VOID IpcDlgQueryInfo(
|
|||
|
||||
c = 0;
|
||||
bRestartScan = TRUE;
|
||||
while (cond) {
|
||||
while (TRUE) {
|
||||
|
||||
RtlSecureZeroMemory(&iost, sizeof(iost));
|
||||
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: EXTRASPN.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 15 Mar 2019
|
||||
* DATE: 15 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -267,6 +267,8 @@ BOOL PNDlgQueryInfo(
|
|||
return bResult;
|
||||
}
|
||||
|
||||
#define MAX_LOOKUP_NAME 256
|
||||
|
||||
/*
|
||||
* PNDlgOutputSelectedSidInformation
|
||||
*
|
||||
|
|
@ -283,35 +285,44 @@ VOID PNDlgOutputSelectedSidInformation(
|
|||
BOOL bNeedFree = FALSE;
|
||||
HWND hComboBox;
|
||||
LRESULT nSelected;
|
||||
PSID pSid;
|
||||
PWSTR stype;
|
||||
PSID pSid = NULL;
|
||||
LPWSTR SidType, SidValue;
|
||||
SIZE_T SidLength;
|
||||
|
||||
DWORD cAccountName = 0, cReferencedDomainName = 0;
|
||||
|
||||
WCHAR szName[256];
|
||||
WCHAR szDomain[256];
|
||||
WCHAR szName[MAX_LOOKUP_NAME];
|
||||
WCHAR szDomain[MAX_LOOKUP_NAME];
|
||||
WCHAR szAccountInfo[MAX_PATH * 3];
|
||||
|
||||
EXT_SID_NAME_USE peUse;
|
||||
|
||||
WCHAR szSid[MAX_PATH * 2];
|
||||
|
||||
//
|
||||
// Not SID specified, get current selection in combobox and use it as SID.
|
||||
// No SID specified, get current selection in combobox and use it as SID.
|
||||
//
|
||||
if (Sid == NULL) {
|
||||
hComboBox = GetDlgItem(hwndDlg, ID_BDESCRIPTOR_SID);
|
||||
|
||||
nSelected = SendMessage(hComboBox, CB_GETCURSEL, (WPARAM)0, (LPARAM)0);
|
||||
if (nSelected != CB_ERR) {
|
||||
|
||||
RtlSecureZeroMemory(szSid, sizeof(szSid));
|
||||
SendMessage(hComboBox, CB_GETLBTEXT, nSelected, (LPARAM)&szSid);
|
||||
SidLength = SendMessage(hComboBox, CB_GETLBTEXTLEN, (WPARAM)nSelected, 0);
|
||||
if (SidLength) {
|
||||
|
||||
if (ConvertStringSidToSid(szSid, &pSid)) {
|
||||
bNeedFree = TRUE;
|
||||
}
|
||||
else {
|
||||
return;
|
||||
SidValue = (LPWSTR)supHeapAlloc((1 + SidLength) * sizeof(WCHAR));
|
||||
if (SidValue) {
|
||||
|
||||
if (CB_ERR != SendMessage(hComboBox, CB_GETLBTEXT, nSelected, (LPARAM)SidValue)) {
|
||||
|
||||
if (ConvertStringSidToSid(SidValue, &pSid)) {
|
||||
bNeedFree = TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
supHeapFree(SidValue);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
|
@ -320,8 +331,19 @@ VOID PNDlgOutputSelectedSidInformation(
|
|||
}
|
||||
|
||||
//
|
||||
// SID account domain\name (type).
|
||||
//
|
||||
// Convertion failure.
|
||||
//
|
||||
if (pSid == NULL)
|
||||
return;
|
||||
|
||||
//
|
||||
// SID account domain\name (type).
|
||||
//
|
||||
RtlSecureZeroMemory(szName, sizeof(szName));
|
||||
RtlSecureZeroMemory(szDomain, sizeof(szDomain));
|
||||
cAccountName = MAX_LOOKUP_NAME;
|
||||
cReferencedDomainName = MAX_LOOKUP_NAME;
|
||||
|
||||
if (LookupAccountSid(
|
||||
NULL,
|
||||
pSid,
|
||||
|
|
@ -343,42 +365,42 @@ VOID PNDlgOutputSelectedSidInformation(
|
|||
//
|
||||
switch (peUse) {
|
||||
case ExtSidTypeUser:
|
||||
stype = TEXT(" (SidUserType)");
|
||||
SidType = TEXT(" (SidUserType)");
|
||||
break;
|
||||
case ExtSidTypeGroup:
|
||||
stype = TEXT(" (SidTypeGroup)");
|
||||
SidType = TEXT(" (SidTypeGroup)");
|
||||
break;
|
||||
case ExtSidTypeDomain:
|
||||
stype = TEXT(" (SidTypeDomain)");
|
||||
SidType = TEXT(" (SidTypeDomain)");
|
||||
break;
|
||||
case ExtSidTypeAlias:
|
||||
stype = TEXT(" (SidTypeAlias)");
|
||||
SidType = TEXT(" (SidTypeAlias)");
|
||||
break;
|
||||
case ExtSidTypeWellKnownGroup:
|
||||
stype = TEXT(" (SidTypeWellKnownGroup)");
|
||||
SidType = TEXT(" (SidTypeWellKnownGroup)");
|
||||
break;
|
||||
case ExtSidTypeDeletedAccount:
|
||||
stype = TEXT(" (SidTypeDeletedAccount)");
|
||||
SidType = TEXT(" (SidTypeDeletedAccount)");
|
||||
break;
|
||||
case ExtSidTypeInvalid:
|
||||
stype = TEXT(" (SidTypeInvalid)");
|
||||
SidType = TEXT(" (SidTypeInvalid)");
|
||||
break;
|
||||
case ExtSidTypeComputer:
|
||||
stype = TEXT(" (SidTypeComputer)");
|
||||
SidType = TEXT(" (SidTypeComputer)");
|
||||
break;
|
||||
case ExtSidTypeLabel:
|
||||
stype = TEXT(" (SidTypeLabel)");
|
||||
SidType = TEXT(" (SidTypeLabel)");
|
||||
break;
|
||||
case ExtSidTypeLogonSession:
|
||||
stype = TEXT(" (SidTypeLogonSession)");
|
||||
SidType = TEXT(" (SidTypeLogonSession)");
|
||||
break;
|
||||
case ExtSidTypeUnknown:
|
||||
default:
|
||||
stype = TEXT(" (SidTypeUnknown)");
|
||||
SidType = TEXT(" (SidTypeUnknown)");
|
||||
break;
|
||||
}
|
||||
|
||||
_strcat(szAccountInfo, stype);
|
||||
_strcat(szAccountInfo, SidType);
|
||||
}
|
||||
else {
|
||||
_strcpy(szAccountInfo, T_CannotQuery);
|
||||
|
|
@ -542,7 +564,7 @@ VOID PNDlgShowNamespaceInfo(
|
|||
SetDlgItemText(hwndDlg, ID_BDESCRIPTOR_SID_ACCOUNT, T_CannotQuery);
|
||||
SetDlgItemText(hwndDlg, ID_INTEGRITYLABEL, T_CannotQuery);
|
||||
SetDlgItemText(hwndDlg, ID_BDESCRIPTOR_ENTRIES, TEXT("0"));
|
||||
SendMessage(GetDlgItem(hwndDlg, ID_BDESCRIPTOR_SID), CB_RESETCONTENT, (WPARAM)0, (LPARAM)0);
|
||||
SendDlgItemMessage(hwndDlg, ID_BDESCRIPTOR_SID, CB_RESETCONTENT, (WPARAM)0, (LPARAM)0);
|
||||
EnableWindow(GetDlgItem(hwndDlg, ID_BDESCRIPTOR_SID_COPY), FALSE);
|
||||
|
||||
//
|
||||
|
|
@ -668,6 +690,57 @@ VOID PNDlgCopySelectedSid(
|
|||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* PNDialogShowInfo
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Display information about private namespaces or message if there is none or error.
|
||||
*
|
||||
*/
|
||||
VOID PNDialogShowInfo(
|
||||
_In_ BOOLEAN bRefresh)
|
||||
{
|
||||
ENUMCHILDWNDDATA ChildWndData;
|
||||
|
||||
if (bRefresh) {
|
||||
ListView_DeleteAllItems(PnDlgContext.ListView);
|
||||
ObCollectionDestroy(&PNSCollection);
|
||||
|
||||
//
|
||||
// Reset output related controls.
|
||||
//
|
||||
SetDlgItemText(PnDlgContext.hwndDlg, ID_NAMESPACE_ROOT, TEXT(""));
|
||||
SetDlgItemText(PnDlgContext.hwndDlg, ID_OBJECT_ADDR, TEXT(""));
|
||||
SetDlgItemText(PnDlgContext.hwndDlg, ID_SIZEOFBOUNDARYINFO, TEXT(""));
|
||||
SetDlgItemText(PnDlgContext.hwndDlg, ID_BDESCRIPTOR_ADDRESS, TEXT(""));
|
||||
SetDlgItemText(PnDlgContext.hwndDlg, ID_BDESCRIPTOR_NAME, TEXT(""));
|
||||
SetDlgItemText(PnDlgContext.hwndDlg, ID_BDESCRIPTOR_SID_ACCOUNT, T_CannotQuery);
|
||||
SetDlgItemText(PnDlgContext.hwndDlg, ID_INTEGRITYLABEL, T_CannotQuery);
|
||||
SetDlgItemText(PnDlgContext.hwndDlg, ID_BDESCRIPTOR_ENTRIES, TEXT("0"));
|
||||
SendDlgItemMessage(PnDlgContext.hwndDlg, ID_BDESCRIPTOR_SID, CB_RESETCONTENT, (WPARAM)0, (LPARAM)0);
|
||||
EnableWindow(GetDlgItem(PnDlgContext.hwndDlg, ID_BDESCRIPTOR_SID_COPY), FALSE);
|
||||
}
|
||||
|
||||
if (PNDlgQueryInfo(PnDlgContext.hwndDlg)) {
|
||||
ListView_SortItemsEx(PnDlgContext.ListView, &PNListCompareFunc, 0);
|
||||
}
|
||||
else {
|
||||
if (GetWindowRect(PnDlgContext.hwndDlg, &ChildWndData.Rect)) {
|
||||
ChildWndData.nCmdShow = SW_HIDE;
|
||||
EnumChildWindows(PnDlgContext.hwndDlg, supCallbackShowChildWindow, (LPARAM)&ChildWndData);
|
||||
}
|
||||
ShowWindow(GetDlgItem(PnDlgContext.hwndDlg, ID_PNAMESPACESINFO), SW_SHOW);
|
||||
|
||||
if (PNSNumberOfObjects == 0) {
|
||||
SetDlgItemText(PnDlgContext.hwndDlg, ID_PNAMESPACESINFO, T_NAMESPACENOTHING);
|
||||
}
|
||||
else {
|
||||
SetDlgItemText(PnDlgContext.hwndDlg, ID_PNAMESPACESINFO, T_NAMESPACEQUERYFAILED);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* PNDialogProc
|
||||
*
|
||||
|
|
@ -708,6 +781,10 @@ INT_PTR CALLBACK PNDialogProc(
|
|||
SendMessage(hwndDlg, WM_CLOSE, 0, 0);
|
||||
return TRUE;
|
||||
|
||||
case ID_VIEW_REFRESH:
|
||||
PNDialogShowInfo(TRUE);
|
||||
break;
|
||||
|
||||
case ID_BDESCRIPTOR_SID:
|
||||
if (HIWORD(wParam) == CBN_SELCHANGE) {
|
||||
PNDlgOutputSelectedSidInformation(hwndDlg, NULL);
|
||||
|
|
@ -741,7 +818,6 @@ VOID extrasCreatePNDialog(
|
|||
)
|
||||
{
|
||||
LVCOLUMN col;
|
||||
ENUMCHILDWNDDATA ChildWndData;
|
||||
|
||||
//allow only one dialog
|
||||
if (g_WinObj.AuxDialogs[wobjPNSDlgId]) {
|
||||
|
|
@ -803,22 +879,7 @@ VOID extrasCreatePNDialog(
|
|||
//remember columns count
|
||||
PnDlgContext.lvColumnCount = col.iSubItem;
|
||||
|
||||
if (PNDlgQueryInfo(PnDlgContext.hwndDlg)) {
|
||||
ListView_SortItemsEx(PnDlgContext.ListView, &PNListCompareFunc, 0);
|
||||
}
|
||||
else {
|
||||
if (GetWindowRect(PnDlgContext.hwndDlg, &ChildWndData.Rect)) {
|
||||
ChildWndData.nCmdShow = SW_HIDE;
|
||||
EnumChildWindows(PnDlgContext.hwndDlg, supCallbackShowChildWindow, (LPARAM)&ChildWndData);
|
||||
}
|
||||
ShowWindow(GetDlgItem(PnDlgContext.hwndDlg, ID_PNAMESPACESINFO), SW_SHOW);
|
||||
|
||||
if (PNSNumberOfObjects == 0) {
|
||||
SetDlgItemText(PnDlgContext.hwndDlg, ID_PNAMESPACESINFO, T_NAMESPACENOTHING);
|
||||
}
|
||||
else {
|
||||
SetDlgItemText(PnDlgContext.hwndDlg, ID_PNAMESPACESINFO, T_NAMESPACEQUERYFAILED);
|
||||
}
|
||||
}
|
||||
//initial call, nothing to refresh
|
||||
PNDialogShowInfo(FALSE);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1235,7 +1235,10 @@ INT_PTR PsListHandleNotify(
|
|||
switch (hdrcode) {
|
||||
|
||||
case NM_DBLCLK:
|
||||
#pragma warning(push)
|
||||
#pragma warning(disable: 26454)
|
||||
nhdr->code = NM_RETURN;
|
||||
#pragma warning(pop)
|
||||
return PostMessage(hwndDlg, WM_NOTIFY, wParam, lParam);
|
||||
break;
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,619 @@
|
|||
/*******************************************************************************
|
||||
*
|
||||
* (C) COPYRIGHT AUTHORS, 2019
|
||||
*
|
||||
* TITLE: EXTRASSL.C
|
||||
*
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 18 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
|
||||
* PARTICULAR PURPOSE.
|
||||
*
|
||||
*******************************************************************************/
|
||||
#include "global.h"
|
||||
#include "extras.h"
|
||||
|
||||
UINT g_SLCacheImageIndex;
|
||||
|
||||
/*
|
||||
* SLCacheListCompareFunc
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Listview comparer function.
|
||||
*
|
||||
*/
|
||||
INT CALLBACK SLCacheListCompareFunc(
|
||||
_In_ LPARAM lParam1,
|
||||
_In_ LPARAM lParam2,
|
||||
_In_ LPARAM lParamSort
|
||||
)
|
||||
{
|
||||
LPWSTR lpItem1 = NULL, lpItem2 = NULL;
|
||||
INT nResult = 0;
|
||||
|
||||
EXTRASCONTEXT* pDlgContext = (EXTRASCONTEXT*)lParamSort;
|
||||
|
||||
lpItem1 = supGetItemText(pDlgContext->ListView,
|
||||
(INT)lParam1,
|
||||
(INT)pDlgContext->lvColumnToSort,
|
||||
NULL);
|
||||
|
||||
lpItem2 = supGetItemText(pDlgContext->ListView,
|
||||
(INT)lParam2,
|
||||
(INT)pDlgContext->lvColumnToSort,
|
||||
NULL);
|
||||
|
||||
if ((lpItem1 == NULL) && (lpItem2 == NULL)) {
|
||||
nResult = 0;
|
||||
goto Done;
|
||||
}
|
||||
if ((lpItem1 == NULL) && (lpItem2 != NULL)) {
|
||||
nResult = (pDlgContext->bInverseSort) ? 1 : -1;
|
||||
goto Done;
|
||||
}
|
||||
if ((lpItem2 == NULL) && (lpItem1 != NULL)) {
|
||||
nResult = (pDlgContext->bInverseSort) ? -1 : 1;
|
||||
goto Done;
|
||||
}
|
||||
|
||||
if (pDlgContext->bInverseSort)
|
||||
nResult = _strcmpi(lpItem2, lpItem1);
|
||||
else
|
||||
nResult = _strcmpi(lpItem1, lpItem2);
|
||||
|
||||
Done:
|
||||
if (lpItem1) supHeapFree(lpItem1);
|
||||
if (lpItem2) supHeapFree(lpItem2);
|
||||
|
||||
return nResult;
|
||||
}
|
||||
|
||||
/*
|
||||
* xxxSLCacheGetSelectedDescriptor
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Query selected listview item associated data.
|
||||
*
|
||||
*/
|
||||
SL_KMEM_CACHE_VALUE_DESCRIPTOR* xxxSLCacheGetSelectedDescriptor(
|
||||
_In_ HWND hwndListView)
|
||||
{
|
||||
INT nSelected;
|
||||
SL_KMEM_CACHE_VALUE_DESCRIPTOR *CacheDescriptor = NULL;
|
||||
|
||||
//
|
||||
// Leave if nothing selected.
|
||||
//
|
||||
if (ListView_GetSelectedCount(hwndListView) == 0) {
|
||||
return NULL;
|
||||
}
|
||||
nSelected = ListView_GetSelectionMark(hwndListView);
|
||||
if (nSelected == -1) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
//
|
||||
// Query associated data.
|
||||
//
|
||||
if (!supGetListViewItemParam(hwndListView, nSelected, (PVOID*)&CacheDescriptor)) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return CacheDescriptor;
|
||||
}
|
||||
|
||||
/*
|
||||
* xxxSLCacheGetDescriptorDataType
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Return data type as string constant.
|
||||
*
|
||||
*/
|
||||
LPWSTR xxxSLCacheGetDescriptorDataType(
|
||||
_In_ SL_KMEM_CACHE_VALUE_DESCRIPTOR *CacheDescriptor
|
||||
)
|
||||
{
|
||||
LPWSTR DataType;
|
||||
|
||||
switch (CacheDescriptor->Type) {
|
||||
case SL_DATA_SZ:
|
||||
DataType = TEXT("SL_DATA_SZ");
|
||||
break;
|
||||
case SL_DATA_DWORD:
|
||||
DataType = TEXT("SL_DATA_DWORD");
|
||||
break;
|
||||
case SL_DATA_BINARY:
|
||||
DataType = TEXT("SL_DATA_BINARY");
|
||||
break;
|
||||
case SL_DATA_MULTI_SZ:
|
||||
DataType = TEXT("SL_DATA_MULTI_SZ");
|
||||
break;
|
||||
case SL_DATA_SUM:
|
||||
DataType = TEXT("SL_DATA_SUM");
|
||||
break;
|
||||
|
||||
default:
|
||||
DataType = NULL;
|
||||
break;
|
||||
}
|
||||
return DataType;
|
||||
}
|
||||
|
||||
/*
|
||||
* SLCacheDialogDisplayDescriptorData
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Output descriptor data to controls.
|
||||
*
|
||||
*/
|
||||
VOID SLCacheDialogDisplayDescriptorData(
|
||||
_In_ HWND hwndDlg,
|
||||
_In_ HWND hwndListView
|
||||
)
|
||||
{
|
||||
SL_KMEM_CACHE_VALUE_DESCRIPTOR *CacheDescriptor;
|
||||
|
||||
LPWSTR lpText, DataType;
|
||||
PCHAR DataPtr;
|
||||
WCHAR szBuffer[32];
|
||||
|
||||
//
|
||||
// Reset output controls.
|
||||
//
|
||||
SetDlgItemText(hwndDlg, IDC_SLVALUE, TEXT(""));
|
||||
SetDlgItemText(hwndDlg, ID_SLDESCRIPTOR_SIZE, TEXT("0"));
|
||||
SetDlgItemText(hwndDlg, ID_SLDESCRIPTOR_DATALENGTH, TEXT("0"));
|
||||
SetDlgItemText(hwndDlg, ID_SLDESCRIPTOR_ATTRIBUTES, TEXT("0"));
|
||||
SetDlgItemText(hwndDlg, ID_SLDESCRIPTOR_TYPE, T_CannotQuery);
|
||||
SetDlgItemText(hwndDlg, IDC_SLVALUE_NAME, TEXT(""));
|
||||
|
||||
EnableWindow(GetDlgItem(hwndDlg, IDC_SLVALUE_VIEWWITH), FALSE);
|
||||
|
||||
CacheDescriptor = xxxSLCacheGetSelectedDescriptor(hwndListView);
|
||||
if (CacheDescriptor == NULL)
|
||||
return;
|
||||
|
||||
//
|
||||
// Attributes.
|
||||
//
|
||||
RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
|
||||
ultostr(CacheDescriptor->Attributes, szBuffer);
|
||||
SetDlgItemText(hwndDlg, ID_SLDESCRIPTOR_ATTRIBUTES, szBuffer);
|
||||
|
||||
//
|
||||
// Size and DataLength.
|
||||
//
|
||||
szBuffer[0] = 0;
|
||||
ultostr(CacheDescriptor->Size, szBuffer);
|
||||
SetDlgItemText(hwndDlg, ID_SLDESCRIPTOR_SIZE, szBuffer);
|
||||
|
||||
szBuffer[0] = 0;
|
||||
ultostr(CacheDescriptor->DataLength, szBuffer);
|
||||
SetDlgItemText(hwndDlg, ID_SLDESCRIPTOR_DATALENGTH, szBuffer);
|
||||
|
||||
//
|
||||
// Data type.
|
||||
//
|
||||
DataType = xxxSLCacheGetDescriptorDataType(CacheDescriptor);
|
||||
if (DataType == NULL) DataType = T_CannotQuery;
|
||||
SetDlgItemText(hwndDlg, ID_SLDESCRIPTOR_TYPE, DataType);
|
||||
|
||||
//
|
||||
// Name.
|
||||
//
|
||||
lpText = (LPWSTR)supHeapAlloc(CacheDescriptor->NameLength + sizeof(WCHAR));
|
||||
if (lpText) {
|
||||
RtlCopyMemory(lpText, CacheDescriptor->Name, CacheDescriptor->NameLength);
|
||||
SetDlgItemText(hwndDlg, IDC_SLVALUE_NAME, lpText);
|
||||
supHeapFree(lpText);
|
||||
}
|
||||
|
||||
//
|
||||
// Display Data.
|
||||
//
|
||||
switch (CacheDescriptor->Type) {
|
||||
|
||||
case SL_DATA_DWORD:
|
||||
|
||||
DataPtr = RtlOffsetToPointer(CacheDescriptor,
|
||||
(ULONG_PTR)FIELD_OFFSET(SL_KMEM_CACHE_VALUE_DESCRIPTOR, Name) + CacheDescriptor->NameLength);
|
||||
|
||||
szBuffer[0] = 0;
|
||||
ultostr((ULONG)*DataPtr, szBuffer);
|
||||
SetDlgItemText(hwndDlg, IDC_SLVALUE, szBuffer);
|
||||
|
||||
break;
|
||||
|
||||
case SL_DATA_SZ:
|
||||
lpText = (LPWSTR)supHeapAlloc(CacheDescriptor->DataLength + sizeof(WCHAR));
|
||||
if (lpText) {
|
||||
|
||||
DataPtr = RtlOffsetToPointer(CacheDescriptor,
|
||||
(ULONG_PTR)FIELD_OFFSET(SL_KMEM_CACHE_VALUE_DESCRIPTOR, Name) + CacheDescriptor->NameLength);
|
||||
|
||||
RtlCopyMemory(lpText, DataPtr, CacheDescriptor->DataLength);
|
||||
|
||||
SetDlgItemText(hwndDlg, IDC_SLVALUE, lpText);
|
||||
|
||||
supHeapFree(lpText);
|
||||
}
|
||||
break;
|
||||
|
||||
case SL_DATA_BINARY:
|
||||
SetDlgItemText(hwndDlg, IDC_SLVALUE, TEXT("Binary data, use \"View\" button to open an external viewer"));
|
||||
EnableWindow(GetDlgItem(hwndDlg, IDC_SLVALUE_VIEWWITH), TRUE);
|
||||
break;
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
* SLCacheDialogViewBinaryData
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Save selected binary data to disk and open it with external viewer (or spawn OpenWith dialog).
|
||||
*
|
||||
*/
|
||||
VOID SLCacheDialogViewBinaryData(
|
||||
_In_ HWND hwndListView
|
||||
)
|
||||
{
|
||||
SL_KMEM_CACHE_VALUE_DESCRIPTOR *CacheDescriptor;
|
||||
PCHAR DataPtr;
|
||||
|
||||
WCHAR szFileName[MAX_PATH * 2];
|
||||
|
||||
CacheDescriptor = xxxSLCacheGetSelectedDescriptor(hwndListView);
|
||||
if (CacheDescriptor == NULL)
|
||||
return;
|
||||
|
||||
//
|
||||
// Only for SL_DATA_BINARY.
|
||||
//
|
||||
if (CacheDescriptor->Type != SL_DATA_BINARY)
|
||||
return;
|
||||
|
||||
DataPtr = RtlOffsetToPointer(CacheDescriptor,
|
||||
(ULONG_PTR)FIELD_OFFSET(SL_KMEM_CACHE_VALUE_DESCRIPTOR, Name) + CacheDescriptor->NameLength);
|
||||
|
||||
_strcpy(szFileName, g_WinObj.szTempDirectory);
|
||||
_strcat(szFileName, TEXT("\\SLData"));
|
||||
u64tohex((ULONG_PTR)CacheDescriptor, _strend(szFileName));
|
||||
_strcat(szFileName, TEXT(".bin"));
|
||||
|
||||
if (CacheDescriptor->DataLength == supWriteBufferToFile(szFileName,
|
||||
(PVOID)DataPtr,
|
||||
(SIZE_T)CacheDescriptor->DataLength,
|
||||
TRUE,
|
||||
FALSE))
|
||||
{
|
||||
supShellExecInExplorerProcess(szFileName);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
* SLCacheDialogHandleNotify
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* WM_NOTIFY processing for listview.
|
||||
*
|
||||
*/
|
||||
VOID SLCacheDialogHandleNotify(
|
||||
_In_ HWND hwndDlg,
|
||||
_In_ LPNMLISTVIEW nhdr
|
||||
)
|
||||
{
|
||||
INT nImageIndex;
|
||||
EXTRASCONTEXT *pDlgContext;
|
||||
|
||||
if (nhdr == NULL)
|
||||
return;
|
||||
|
||||
if (nhdr->hdr.idFrom == ID_SLCACHELIST) {
|
||||
|
||||
switch (nhdr->hdr.code) {
|
||||
|
||||
case LVN_COLUMNCLICK:
|
||||
|
||||
pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
|
||||
if (pDlgContext) {
|
||||
|
||||
pDlgContext->bInverseSort = !pDlgContext->bInverseSort;
|
||||
pDlgContext->lvColumnToSort = ((NMLISTVIEW *)nhdr)->iSubItem;
|
||||
ListView_SortItemsEx(pDlgContext->ListView, &SLCacheListCompareFunc, pDlgContext);
|
||||
|
||||
nImageIndex = ImageList_GetImageCount(g_ListViewImages);
|
||||
if (pDlgContext->bInverseSort)
|
||||
nImageIndex -= 2;
|
||||
else
|
||||
nImageIndex -= 1;
|
||||
|
||||
supUpdateLvColumnHeaderImage(
|
||||
pDlgContext->ListView,
|
||||
pDlgContext->lvColumnCount,
|
||||
pDlgContext->lvColumnToSort,
|
||||
nImageIndex);
|
||||
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
case LVN_ITEMCHANGED:
|
||||
case NM_CLICK:
|
||||
pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
|
||||
if (pDlgContext) {
|
||||
SLCacheDialogDisplayDescriptorData(pDlgContext->hwndDlg, pDlgContext->ListView);
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* SLCacheDialogProc
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* SoftwareLicensingCache Dialog window procedure.
|
||||
*
|
||||
*/
|
||||
INT_PTR CALLBACK SLCacheDialogProc(
|
||||
_In_ HWND hwndDlg,
|
||||
_In_ UINT uMsg,
|
||||
_In_ WPARAM wParam,
|
||||
_In_ LPARAM lParam
|
||||
)
|
||||
{
|
||||
EXTRASCONTEXT *pDlgContext;
|
||||
LPNMLISTVIEW nhdr = (LPNMLISTVIEW)lParam;
|
||||
|
||||
switch (uMsg) {
|
||||
|
||||
case WM_NOTIFY:
|
||||
SLCacheDialogHandleNotify(hwndDlg, nhdr);
|
||||
break;
|
||||
|
||||
case WM_INITDIALOG:
|
||||
SetProp(hwndDlg, T_DLGCONTEXT, (HANDLE)lParam);
|
||||
supCenterWindow(hwndDlg);
|
||||
break;
|
||||
|
||||
case WM_CLOSE:
|
||||
pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
|
||||
if (pDlgContext) {
|
||||
g_WinObj.AuxDialogs[wobjSLCacheDlgId] = NULL;
|
||||
|
||||
//
|
||||
// Free SL cache data
|
||||
//
|
||||
if (pDlgContext->Reserved) {
|
||||
supHeapFree((PVOID)pDlgContext->Reserved);
|
||||
}
|
||||
|
||||
supHeapFree(pDlgContext);
|
||||
}
|
||||
RemoveProp(hwndDlg, T_DLGCONTEXT);
|
||||
return DestroyWindow(hwndDlg);
|
||||
|
||||
case WM_COMMAND:
|
||||
|
||||
switch (LOWORD(wParam)) {
|
||||
|
||||
case IDCANCEL:
|
||||
SendMessage(hwndDlg, WM_CLOSE, 0, 0);
|
||||
return TRUE;
|
||||
|
||||
case IDC_SLVALUE_VIEWWITH:
|
||||
pDlgContext = (EXTRASCONTEXT*)GetProp(hwndDlg, T_DLGCONTEXT);
|
||||
if (pDlgContext) {
|
||||
SLCacheDialogViewBinaryData(pDlgContext->ListView);
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
break;
|
||||
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* SLCacheEnumerateCallback
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Callback used to output cache descriptor.
|
||||
*
|
||||
*/
|
||||
BOOL CALLBACK SLCacheEnumerateCallback(
|
||||
_In_ SL_KMEM_CACHE_VALUE_DESCRIPTOR *CacheDescriptor,
|
||||
_In_opt_ PVOID Context
|
||||
)
|
||||
{
|
||||
INT itemIndex;
|
||||
LPWSTR EntryName, EntryType;
|
||||
EXTRASCONTEXT *pDlgContext = (EXTRASCONTEXT*)Context;
|
||||
LVITEM lvItem;
|
||||
|
||||
WCHAR szBuffer[100];
|
||||
|
||||
if (pDlgContext == NULL)
|
||||
return FALSE;
|
||||
|
||||
EntryName = (LPWSTR)supHeapAlloc(CacheDescriptor->NameLength + sizeof(WCHAR));
|
||||
if (EntryName) {
|
||||
|
||||
RtlCopyMemory(EntryName, CacheDescriptor->Name, CacheDescriptor->NameLength);
|
||||
|
||||
//Name
|
||||
RtlSecureZeroMemory(&lvItem, sizeof(lvItem));
|
||||
lvItem.mask = LVIF_TEXT | LVIF_IMAGE | LVIF_PARAM;
|
||||
lvItem.iSubItem = 0;
|
||||
lvItem.iItem = MAXINT;
|
||||
lvItem.iImage = g_SLCacheImageIndex;
|
||||
lvItem.pszText = EntryName;
|
||||
lvItem.lParam = (LPARAM)CacheDescriptor;
|
||||
itemIndex = ListView_InsertItem(pDlgContext->ListView, &lvItem);
|
||||
|
||||
EntryType = xxxSLCacheGetDescriptorDataType(CacheDescriptor);
|
||||
if (EntryType == NULL) {
|
||||
szBuffer[0] = 0;
|
||||
ultostr(CacheDescriptor->Type, szBuffer);
|
||||
EntryType = (LPWSTR)&szBuffer;
|
||||
}
|
||||
|
||||
//Type
|
||||
lvItem.mask = LVIF_TEXT;
|
||||
lvItem.iSubItem = 1;
|
||||
lvItem.pszText = EntryType;
|
||||
lvItem.iItem = itemIndex;
|
||||
ListView_SetItem(pDlgContext->ListView, &lvItem);
|
||||
|
||||
supHeapFree(EntryName);
|
||||
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/*
|
||||
* extrasCreateSLCacheDialog
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Create and initialize SoftwareLicensingCache Dialog.
|
||||
*
|
||||
*/
|
||||
VOID extrasCreateSLCacheDialog(
|
||||
_In_ HWND hwndParent
|
||||
)
|
||||
{
|
||||
INT nCount;
|
||||
PVOID SLCacheData;
|
||||
|
||||
HWND hwndDlg;
|
||||
LVCOLUMN col;
|
||||
EXTRASCONTEXT *pDlgContext;
|
||||
|
||||
ENUMCHILDWNDDATA ChildWndData;
|
||||
WCHAR szBuffer[100];
|
||||
|
||||
//
|
||||
// Allow only one dialog, if it already open - activate it.
|
||||
//
|
||||
if (g_WinObj.AuxDialogs[wobjSLCacheDlgId]) {
|
||||
if (IsIconic(g_WinObj.AuxDialogs[wobjSLCacheDlgId]))
|
||||
ShowWindow(g_WinObj.AuxDialogs[wobjSLCacheDlgId], SW_RESTORE);
|
||||
else
|
||||
SetActiveWindow(g_WinObj.AuxDialogs[wobjSLCacheDlgId]);
|
||||
return;
|
||||
}
|
||||
|
||||
pDlgContext = (EXTRASCONTEXT*)supHeapAlloc(sizeof(EXTRASCONTEXT));
|
||||
if (pDlgContext == NULL)
|
||||
return;
|
||||
|
||||
hwndDlg = CreateDialogParam(
|
||||
g_WinObj.hInstance,
|
||||
MAKEINTRESOURCE(IDD_DIALOG_SLCACHE),
|
||||
hwndParent,
|
||||
&SLCacheDialogProc,
|
||||
(LPARAM)pDlgContext);
|
||||
|
||||
if (hwndDlg == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
pDlgContext->hwndDlg = hwndDlg;
|
||||
g_WinObj.AuxDialogs[wobjSLCacheDlgId] = hwndDlg;
|
||||
|
||||
extrasSetDlgIcon(hwndDlg);
|
||||
|
||||
//
|
||||
// Read and enumerate cache.
|
||||
//
|
||||
SLCacheData = supSLCacheRead();
|
||||
if (SLCacheData) {
|
||||
|
||||
//
|
||||
// Initialize main listview.
|
||||
//
|
||||
pDlgContext->ListView = GetDlgItem(pDlgContext->hwndDlg, ID_SLCACHELIST);
|
||||
if (pDlgContext->ListView) {
|
||||
|
||||
//
|
||||
// Set listview imagelist, style flags and theme.
|
||||
//
|
||||
ListView_SetImageList(pDlgContext->ListView, g_ListViewImages, LVSIL_SMALL);
|
||||
ListView_SetExtendedListViewStyle(
|
||||
pDlgContext->ListView,
|
||||
LVS_EX_FULLROWSELECT | LVS_EX_DOUBLEBUFFER | LVS_EX_GRIDLINES | LVS_EX_LABELTIP);
|
||||
|
||||
SetWindowTheme(pDlgContext->ListView, TEXT("Explorer"), NULL);
|
||||
|
||||
//
|
||||
// Create ListView columns.
|
||||
//
|
||||
RtlSecureZeroMemory(&col, sizeof(col));
|
||||
col.mask = LVCF_TEXT | LVCF_SUBITEM | LVCF_FMT | LVCF_WIDTH | LVCF_ORDER | LVCF_IMAGE;
|
||||
col.iSubItem++;
|
||||
col.pszText = TEXT("Name");
|
||||
col.fmt = LVCFMT_LEFT | LVCFMT_BITMAP_ON_RIGHT;
|
||||
col.iImage = ImageList_GetImageCount(g_ListViewImages) - 1;
|
||||
col.cx = 450;
|
||||
ListView_InsertColumn(pDlgContext->ListView, col.iSubItem, &col);
|
||||
|
||||
col.iImage = I_IMAGENONE;
|
||||
|
||||
col.iSubItem++;
|
||||
col.pszText = TEXT("Type");
|
||||
col.iOrder = 1;
|
||||
col.cx = 120;
|
||||
ListView_InsertColumn(pDlgContext->ListView, col.iSubItem, &col);
|
||||
|
||||
//remember columns count
|
||||
pDlgContext->lvColumnCount = col.iSubItem;
|
||||
|
||||
//
|
||||
// Remember image index.
|
||||
//
|
||||
g_SLCacheImageIndex = ObManagerGetImageIndexByTypeIndex(ObjectTypeToken);
|
||||
|
||||
pDlgContext->Reserved = (ULONG_PTR)SLCacheData;
|
||||
supSLCacheEnumerate(SLCacheData, SLCacheEnumerateCallback, pDlgContext);
|
||||
|
||||
nCount = ListView_GetItemCount(pDlgContext->ListView);
|
||||
_strcpy(szBuffer, TEXT("SLCache, number of descriptors = "));
|
||||
itostr(nCount, _strend(szBuffer));
|
||||
SetWindowText(pDlgContext->hwndDlg, szBuffer);
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
||||
//
|
||||
// Hide all controls in case of error and display warning.
|
||||
//
|
||||
if (GetWindowRect(pDlgContext->hwndDlg, &ChildWndData.Rect)) {
|
||||
ChildWndData.nCmdShow = SW_HIDE;
|
||||
EnumChildWindows(pDlgContext->hwndDlg, supCallbackShowChildWindow, (LPARAM)&ChildWndData);
|
||||
}
|
||||
ShowWindow(GetDlgItem(pDlgContext->hwndDlg, ID_SLCACHEINFO), SW_SHOW);
|
||||
SetDlgItemText(pDlgContext->hwndDlg, ID_SLCACHEINFO, TEXT("Unable to read SL cache!"));
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
/*******************************************************************************
|
||||
*
|
||||
* (C) COPYRIGHT AUTHORS, 2019
|
||||
*
|
||||
* TITLE: EXTRASSL.H
|
||||
*
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 12 May 2019
|
||||
*
|
||||
* Common header file for Software Licensing Cache dialog.
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
|
||||
* PARTICULAR PURPOSE.
|
||||
*
|
||||
*******************************************************************************/
|
||||
#pragma once
|
||||
|
||||
VOID extrasCreateSLCacheDialog(
|
||||
_In_ HWND hwndParent);
|
||||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: EXTRASSSDT.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 12 Mar 2019
|
||||
* DATE: 08 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -15,9 +15,10 @@
|
|||
*
|
||||
*******************************************************************************/
|
||||
#include "global.h"
|
||||
#include "hde\hde64.h"
|
||||
#include "hde/hde64.h"
|
||||
#include "extras.h"
|
||||
#include "extrasSSDT.h"
|
||||
#include "ntos/ntldr.h"
|
||||
|
||||
PSERVICETABLEENTRY g_pSDT = NULL;
|
||||
ULONG g_SDTLimit = 0;
|
||||
|
|
@ -41,7 +42,7 @@ INT CALLBACK SdtDlgCompareFunc(
|
|||
_In_ LPARAM lParamSort //pointer to EXTRASCALLBACK
|
||||
)
|
||||
{
|
||||
INT nResult = 0;
|
||||
INT nResult = 0;
|
||||
|
||||
EXTRASCONTEXT *pDlgContext;
|
||||
EXTRASCALLBACK *CallbackParam = (EXTRASCALLBACK*)lParamSort;
|
||||
|
|
@ -605,259 +606,6 @@ VOID SdtListTable(
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
*
|
||||
* W32pServiceTable query related structures and definitions.
|
||||
*
|
||||
*/
|
||||
|
||||
typedef struct _LOAD_MODULE_ENTRY {
|
||||
HMODULE hModule;
|
||||
struct _LOAD_MODULE_ENTRY *Next;
|
||||
} LOAD_MODULE_ENTRY, *PLOAD_MODULE_ENTRY;
|
||||
|
||||
typedef struct _WIN32_SHADOWTABLE {
|
||||
ULONG Index;
|
||||
CHAR Name[256];
|
||||
ULONG_PTR KernelStubAddress;
|
||||
ULONG_PTR KernelStubTargetAddress;
|
||||
struct _WIN32_SHADOWTABLE *NextService;
|
||||
} WIN32_SHADOWTABLE, *PWIN32_SHADOWTABLE;
|
||||
|
||||
typedef enum _RESOLVE_POINTER_TYPE {
|
||||
ForwarderString = 0,
|
||||
FunctionCode = 1
|
||||
} RESOLVE_POINTER_TYPE;
|
||||
|
||||
typedef struct _RESOLVE_INFO {
|
||||
RESOLVE_POINTER_TYPE ResultType;
|
||||
union {
|
||||
LPCSTR ForwarderName;
|
||||
LPVOID Function;
|
||||
};
|
||||
} RESOLVE_INFO, *PRESOLVE_INFO;
|
||||
|
||||
/*
|
||||
* NtRawGetProcAddress
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Custom GPA.
|
||||
*
|
||||
*/
|
||||
NTSTATUS NtRawGetProcAddress(
|
||||
_In_ LPVOID Module,
|
||||
_In_ LPCSTR ProcName,
|
||||
_In_ PRESOLVE_INFO Pointer
|
||||
)
|
||||
{
|
||||
PIMAGE_NT_HEADERS NtHeaders;
|
||||
PIMAGE_EXPORT_DIRECTORY exp;
|
||||
PDWORD fntable, nametable;
|
||||
PWORD ordtable;
|
||||
ULONG mid, high, low;
|
||||
ULONG_PTR fnptr, exprva, expsize;
|
||||
int r;
|
||||
|
||||
NtHeaders = RtlImageNtHeader(Module);
|
||||
if (NtHeaders->OptionalHeader.NumberOfRvaAndSizes <= IMAGE_DIRECTORY_ENTRY_EXPORT)
|
||||
return STATUS_OBJECT_NAME_NOT_FOUND;
|
||||
|
||||
exprva = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
|
||||
expsize = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
|
||||
|
||||
exp = (PIMAGE_EXPORT_DIRECTORY)((ULONG_PTR)Module + exprva);
|
||||
fntable = (PDWORD)((ULONG_PTR)Module + exp->AddressOfFunctions);
|
||||
|
||||
if ((ULONG_PTR)ProcName < 0x10000) {
|
||||
// ProcName is ordinal
|
||||
if (
|
||||
((ULONG_PTR)ProcName < (ULONG_PTR)exp->Base) ||
|
||||
((ULONG_PTR)ProcName >= (ULONG_PTR)exp->Base + exp->NumberOfFunctions))
|
||||
return STATUS_OBJECT_NAME_NOT_FOUND;
|
||||
|
||||
fnptr = fntable[(ULONG_PTR)ProcName - exp->Base];
|
||||
|
||||
}
|
||||
else {
|
||||
// ProcName is ANSI string
|
||||
nametable = (PDWORD)((ULONG_PTR)Module + exp->AddressOfNames);
|
||||
ordtable = (PWORD)((ULONG_PTR)Module + exp->AddressOfNameOrdinals);
|
||||
|
||||
if (exp->NumberOfNames == 0)
|
||||
return STATUS_OBJECT_NAME_NOT_FOUND;
|
||||
|
||||
low = 0;
|
||||
high = exp->NumberOfNames;
|
||||
|
||||
do {
|
||||
mid = low + (high - low) / 2;
|
||||
r = _strcmp_a(ProcName, (LPCSTR)((ULONG_PTR)Module + nametable[mid]));
|
||||
|
||||
if (r > 0)
|
||||
{
|
||||
low = mid + 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (r < 0)
|
||||
high = mid;
|
||||
else
|
||||
break;
|
||||
}
|
||||
} while (low < high);
|
||||
|
||||
if (r == 0)
|
||||
fnptr = fntable[ordtable[mid]];
|
||||
else
|
||||
return STATUS_OBJECT_NAME_NOT_FOUND;
|
||||
}
|
||||
|
||||
if ((fnptr >= exprva) && (fnptr < exprva + expsize))
|
||||
Pointer->ResultType = ForwarderString;
|
||||
else
|
||||
Pointer->ResultType = FunctionCode;
|
||||
|
||||
Pointer->Function = (LPVOID)((ULONG_PTR)Module + fnptr);
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* NtRawEnumExports
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Enumerate module exports to the table.
|
||||
*
|
||||
*/
|
||||
_Success_(return != 0)
|
||||
ULONG NtRawEnumExports(
|
||||
_In_ HANDLE HeapHandle,
|
||||
_In_ LPVOID Module,
|
||||
_Out_ PWIN32_SHADOWTABLE* Table
|
||||
)
|
||||
{
|
||||
PIMAGE_NT_HEADERS NtHeaders;
|
||||
PIMAGE_EXPORT_DIRECTORY exp;
|
||||
PDWORD FnPtrTable, NameTable;
|
||||
PWORD NameOrdTable;
|
||||
ULONG_PTR fnptr, exprva, expsize;
|
||||
ULONG c, n, result;
|
||||
PWIN32_SHADOWTABLE NewEntry;
|
||||
|
||||
NtHeaders = RtlImageNtHeader(Module);
|
||||
if (NtHeaders->OptionalHeader.NumberOfRvaAndSizes <= IMAGE_DIRECTORY_ENTRY_EXPORT)
|
||||
return 0;
|
||||
|
||||
exprva = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
|
||||
if (exprva == 0)
|
||||
return 0;
|
||||
|
||||
expsize = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
|
||||
|
||||
exp = (PIMAGE_EXPORT_DIRECTORY)((ULONG_PTR)Module + exprva);
|
||||
FnPtrTable = (PDWORD)((ULONG_PTR)Module + exp->AddressOfFunctions);
|
||||
NameTable = (PDWORD)((ULONG_PTR)Module + exp->AddressOfNames);
|
||||
NameOrdTable = (PWORD)((ULONG_PTR)Module + exp->AddressOfNameOrdinals);
|
||||
|
||||
result = 0;
|
||||
|
||||
for (c = 0; c < exp->NumberOfFunctions; ++c)
|
||||
{
|
||||
fnptr = (ULONG_PTR)Module + FnPtrTable[c];
|
||||
if (*(PDWORD)fnptr != 0xb8d18b4c)
|
||||
continue;
|
||||
|
||||
NewEntry = (PWIN32_SHADOWTABLE)RtlAllocateHeap(HeapHandle,
|
||||
HEAP_ZERO_MEMORY, sizeof(WIN32_SHADOWTABLE));
|
||||
|
||||
if (NewEntry == NULL)
|
||||
break;
|
||||
|
||||
NewEntry->Index = *(PDWORD)(fnptr + 4);
|
||||
|
||||
for (n = 0; n < exp->NumberOfNames; ++n)
|
||||
{
|
||||
if (NameOrdTable[n] == c)
|
||||
{
|
||||
_strncpy_a(&NewEntry->Name[0],
|
||||
sizeof(NewEntry->Name),
|
||||
(LPCSTR)((ULONG_PTR)Module + NameTable[n]),
|
||||
sizeof(NewEntry->Name));
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
++result;
|
||||
|
||||
*Table = NewEntry;
|
||||
Table = &NewEntry->NextService;
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/*
|
||||
* IATEntryToImport
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Resolve function name.
|
||||
*
|
||||
*/
|
||||
_Success_(return != NULL)
|
||||
LPCSTR IATEntryToImport(
|
||||
_In_ LPVOID Module,
|
||||
_In_ LPVOID IATEntry,
|
||||
_Out_ LPCSTR *ImportModuleName
|
||||
)
|
||||
{
|
||||
PIMAGE_NT_HEADERS NtHeaders;
|
||||
PIMAGE_IMPORT_DESCRIPTOR impd;
|
||||
ULONG_PTR *rname, imprva;
|
||||
LPVOID *raddr;
|
||||
|
||||
if (ImportModuleName == NULL)
|
||||
return NULL;
|
||||
|
||||
NtHeaders = RtlImageNtHeader(Module);
|
||||
if (NtHeaders->OptionalHeader.NumberOfRvaAndSizes <= IMAGE_DIRECTORY_ENTRY_IMPORT)
|
||||
return NULL;
|
||||
|
||||
imprva = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
||||
if (imprva == 0)
|
||||
return NULL;
|
||||
|
||||
impd = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)Module + imprva);
|
||||
|
||||
while (impd->Name != 0) {
|
||||
raddr = (LPVOID *)((ULONG_PTR)Module + impd->FirstThunk);
|
||||
if (impd->OriginalFirstThunk == 0)
|
||||
rname = (ULONG_PTR *)raddr;
|
||||
else
|
||||
rname = (ULONG_PTR *)((ULONG_PTR)Module + impd->OriginalFirstThunk);
|
||||
|
||||
while (*rname != 0) {
|
||||
if (IATEntry == raddr)
|
||||
{
|
||||
if (((*rname) & IMAGE_ORDINAL_FLAG) == 0)
|
||||
{
|
||||
*ImportModuleName = (LPCSTR)((ULONG_PTR)Module + impd->Name);
|
||||
return (LPCSTR)&((PIMAGE_IMPORT_BY_NAME)((ULONG_PTR)Module + *rname))->Name;
|
||||
}
|
||||
}
|
||||
|
||||
++rname;
|
||||
++raddr;
|
||||
}
|
||||
++impd;
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* SdtListTableShadow
|
||||
*
|
||||
|
|
@ -872,6 +620,7 @@ VOID SdtListTableShadow(
|
|||
_In_ HWND hwndDlg
|
||||
)
|
||||
{
|
||||
BOOLEAN NeedApiSetResolve = (g_NtBuildNumber > 18885);
|
||||
ULONG w32u_limit, w32k_limit, c;
|
||||
LONG32 jmpaddr;
|
||||
HMODULE w32u = NULL, w32k = NULL, impdll, forwdll;
|
||||
|
|
@ -884,6 +633,13 @@ VOID SdtListTableShadow(
|
|||
PWIN32_SHADOWTABLE table, itable;
|
||||
RESOLVE_INFO rfn;
|
||||
|
||||
BOOL ResolvedResult;
|
||||
ANSI_STRING ResolvedModuleAnsi;
|
||||
UNICODE_STRING ResolvedModule, usModuleName;
|
||||
PVOID ApiSetMap = NULL;
|
||||
ULONG ApiSetSchemaVersion = 0;
|
||||
|
||||
BOOLEAN ModuleNameAllocated = FALSE;
|
||||
PRTL_PROCESS_MODULE_INFORMATION Module, ForwardModule;
|
||||
PRTL_PROCESS_MODULES pModules = NULL;
|
||||
|
||||
|
|
@ -989,6 +745,25 @@ VOID SdtListTableShadow(
|
|||
__leave;
|
||||
}
|
||||
|
||||
//
|
||||
// Query ApiSetMap
|
||||
//
|
||||
if (NeedApiSetResolve) {
|
||||
|
||||
if (!NtLdrApiSetLoadFromPeb(&ApiSetSchemaVersion, (PVOID*)&ApiSetMap)) {
|
||||
MessageBox(hwndDlg, TEXT("ApiSetSchema map not found"), NULL, MB_ICONERROR);
|
||||
__leave;
|
||||
}
|
||||
|
||||
//
|
||||
// Windows 10+ uses modern ApiSetSchema version, everything else not supported.
|
||||
//
|
||||
if (ApiSetSchemaVersion != 6) {
|
||||
MessageBox(hwndDlg, TEXT("ApiSetSchema version is unknown"), NULL, MB_ICONERROR);
|
||||
__leave;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Set global variables.
|
||||
//
|
||||
|
|
@ -1029,13 +804,70 @@ VOID SdtListTableShadow(
|
|||
jmpaddr = *(PLONG32)(fptr + (hs.len - 4)); // retrieve the offset
|
||||
fptr = fptr + hs.len + jmpaddr; // hs.len -> length of jmp instruction
|
||||
|
||||
FunctionName = IATEntryToImport(w32k, fptr, &ModuleName);
|
||||
FunctionName = NtRawIATEntryToImport(w32k, fptr, &ModuleName);
|
||||
if (FunctionName == NULL) {
|
||||
OutputDebugString(TEXT("SdtListTableShadow, could not resolve function name\r\n"));
|
||||
break;
|
||||
}
|
||||
|
||||
impdll = LoadLibraryExA(ModuleName, NULL, DONT_RESOLVE_DLL_REFERENCES);
|
||||
impdll = NULL;
|
||||
ModuleNameAllocated = FALSE;
|
||||
|
||||
//
|
||||
// Convert module name to UNICODE.
|
||||
//
|
||||
if (RtlCreateUnicodeStringFromAsciiz(&usModuleName, (PSTR)ModuleName)) {
|
||||
|
||||
//
|
||||
// Check whatever ApiSet resolving required.
|
||||
//
|
||||
if (NeedApiSetResolve) {
|
||||
|
||||
ResolvedResult = FALSE;
|
||||
RtlInitEmptyUnicodeString(&ResolvedModule, NULL, 0);
|
||||
|
||||
//
|
||||
// Resolve ApiSet.
|
||||
//
|
||||
if (NT_SUCCESS(NtLdrApiSetResolveLibrary(ApiSetMap,
|
||||
&usModuleName,
|
||||
NULL,
|
||||
&ResolvedResult,
|
||||
&ResolvedModule)))
|
||||
{
|
||||
if (ResolvedResult) {
|
||||
|
||||
//
|
||||
// ApiSet resolved, load result library.
|
||||
//
|
||||
impdll = LoadLibraryEx(ResolvedModule.Buffer, NULL, DONT_RESOLVE_DLL_REFERENCES);
|
||||
|
||||
//
|
||||
// Convert resolved name back to ANSI for module query.
|
||||
//
|
||||
if (NT_SUCCESS(RtlUnicodeStringToAnsiString(&ResolvedModuleAnsi,
|
||||
&ResolvedModule,
|
||||
TRUE)))
|
||||
{
|
||||
ModuleNameAllocated = TRUE;
|
||||
ModuleName = ResolvedModuleAnsi.Buffer;
|
||||
}
|
||||
}
|
||||
else {
|
||||
DbgPrint("Could not resolve apiset %wZ\r\n", usModuleName);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
else {
|
||||
//
|
||||
// No ApiSet resolve required, load as usual.
|
||||
//
|
||||
impdll = LoadLibraryEx(usModuleName.Buffer, NULL, DONT_RESOLVE_DLL_REFERENCES);
|
||||
}
|
||||
RtlFreeUnicodeString(&usModuleName);
|
||||
}
|
||||
|
||||
if (impdll == NULL) {
|
||||
OutputDebugString(TEXT("SdtListTableShadow, could not load import dll\r\n"));
|
||||
break;
|
||||
|
|
@ -1124,6 +956,13 @@ VOID SdtListTableShadow(
|
|||
itable->KernelStubTargetAddress =
|
||||
(ULONG_PTR)Module->ImageBase + ((ULONG_PTR)rfn.Function - (ULONG_PTR)impdll);
|
||||
}
|
||||
|
||||
//
|
||||
// In case if ApiSet resolving was used and module name allocated from resolved name - free used memory.
|
||||
//
|
||||
if (ModuleNameAllocated)
|
||||
RtlFreeAnsiString(&ResolvedModuleAnsi);
|
||||
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: EXTRASUSD.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 31 Mar 2019
|
||||
* DATE: 03 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -36,7 +36,7 @@ VOID UsdDumpSharedRegion(
|
|||
_In_ HWND hwndParent
|
||||
)
|
||||
{
|
||||
BOOL bCond = FALSE, bAny = FALSE;
|
||||
BOOL bAny = FALSE;
|
||||
UINT i;
|
||||
DWORD mask;
|
||||
|
||||
|
|
@ -468,7 +468,7 @@ VOID UsdDumpSharedRegion(
|
|||
|
||||
}
|
||||
|
||||
} while (bCond);
|
||||
} while (FALSE);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: GLOBAL.H
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 30 Mar 2019
|
||||
* DATE: 17 May 2019
|
||||
*
|
||||
* Common header file for the Windows Object Explorer.
|
||||
*
|
||||
|
|
@ -33,6 +33,7 @@
|
|||
#pragma warning(disable: 4201) // nameless struct/union
|
||||
#pragma warning(disable: 6255 6263) // alloca
|
||||
#pragma warning(disable: 6320) // Exception-filter expression is the constant EXCEPTION_EXECUTE_HANDLER.
|
||||
#pragma warning(disable: 6258) // Using TerminateThread does not allow proper thread clean up.
|
||||
|
||||
//
|
||||
// Included lib files used by program.
|
||||
|
|
@ -41,6 +42,7 @@
|
|||
#pragma comment(lib, "Aclui.lib")
|
||||
#pragma comment(lib, "comctl32.lib")
|
||||
#pragma comment(lib, "Setupapi.lib")
|
||||
#pragma comment(lib, "shlwapi.lib")
|
||||
#pragma comment(lib, "Version.lib")
|
||||
|
||||
#if defined (_MSC_VER)
|
||||
|
|
@ -61,6 +63,7 @@
|
|||
#include <ShlObj.h>
|
||||
#include <ntstatus.h>
|
||||
#include <sddl.h>
|
||||
#include <slpublic.h>
|
||||
#include "resource.h"
|
||||
#include "extdef.h"
|
||||
#include "wine.h"
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: KLDBG.C, based on KDSubmarine by Evilcry
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 01 Apr 2019
|
||||
* DATE: 13 May 2019
|
||||
*
|
||||
* MINIMUM SUPPORTED OS WINDOWS 7
|
||||
*
|
||||
|
|
@ -373,54 +373,68 @@ NTSTATUS ObEnumerateBoundaryDescriptorEntries(
|
|||
)
|
||||
{
|
||||
ULONG EntrySize, TotalItems = 0, NameEntries = 0, IntegrityLabelEntries = 0;
|
||||
ULONG BoundaryDescriptorItems = 0;
|
||||
ULONG_PTR DataEnd;
|
||||
OBJECT_BOUNDARY_ENTRY *CurrentEntry, *NextEntry;
|
||||
|
||||
if (BoundaryDescriptor->TotalSize < sizeof(OBJECT_BOUNDARY_DESCRIPTOR))
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
__try {
|
||||
|
||||
if (BoundaryDescriptor->Version != 1)
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
if (BoundaryDescriptor->TotalSize < sizeof(OBJECT_BOUNDARY_DESCRIPTOR))
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
DataEnd = (ULONG_PTR)BoundaryDescriptor + BoundaryDescriptor->TotalSize;
|
||||
if (DataEnd < (ULONG_PTR)BoundaryDescriptor)
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
if (BoundaryDescriptor->Version != 1)
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
CurrentEntry = (OBJECT_BOUNDARY_ENTRY*)((PBYTE)BoundaryDescriptor +
|
||||
sizeof(OBJECT_BOUNDARY_DESCRIPTOR));
|
||||
DataEnd = (ULONG_PTR)RtlOffsetToPointer(BoundaryDescriptor, BoundaryDescriptor->TotalSize);
|
||||
if (DataEnd < (ULONG_PTR)BoundaryDescriptor)
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
CurrentEntry = (OBJECT_BOUNDARY_ENTRY*)RtlOffsetToPointer(BoundaryDescriptor,
|
||||
sizeof(OBJECT_BOUNDARY_DESCRIPTOR));
|
||||
|
||||
BoundaryDescriptorItems = BoundaryDescriptor->Items;
|
||||
|
||||
}
|
||||
__except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
return GetExceptionCode();
|
||||
}
|
||||
|
||||
do {
|
||||
__try {
|
||||
EntrySize = CurrentEntry->EntrySize;
|
||||
if (EntrySize < sizeof(OBJECT_BOUNDARY_ENTRY))
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
EntrySize = CurrentEntry->EntrySize;
|
||||
if (EntrySize < sizeof(OBJECT_BOUNDARY_ENTRY))
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
TotalItems++;
|
||||
|
||||
TotalItems++;
|
||||
NextEntry = (OBJECT_BOUNDARY_ENTRY*)ALIGN_UP(((PBYTE)CurrentEntry + EntrySize), ULONG_PTR);
|
||||
|
||||
NextEntry = (OBJECT_BOUNDARY_ENTRY*)ALIGN_UP(((PBYTE)CurrentEntry + EntrySize), ULONG_PTR);
|
||||
if ((NextEntry < CurrentEntry) || ((ULONG_PTR)NextEntry > DataEnd))
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
if ((NextEntry < CurrentEntry) || ((ULONG_PTR)NextEntry > DataEnd))
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
if (CurrentEntry->EntryType == OBNS_Name) {
|
||||
if (++NameEntries > 1)
|
||||
return STATUS_DUPLICATE_NAME;
|
||||
}
|
||||
else
|
||||
|
||||
if (CurrentEntry->EntryType == OBNS_SID) {
|
||||
if (!ObpValidateSidBuffer(
|
||||
(PSID)((PBYTE)CurrentEntry + sizeof(OBJECT_BOUNDARY_ENTRY)),
|
||||
EntrySize - sizeof(OBJECT_BOUNDARY_ENTRY)))
|
||||
{
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
if (CurrentEntry->EntryType == OBNS_Name) {
|
||||
if (++NameEntries > 1)
|
||||
return STATUS_DUPLICATE_NAME;
|
||||
}
|
||||
else
|
||||
if (CurrentEntry->EntryType == OBNS_IntegrityLabel) {
|
||||
if (++IntegrityLabelEntries > 1)
|
||||
return STATUS_DUPLICATE_OBJECTID;
|
||||
|
||||
if (CurrentEntry->EntryType == OBNS_SID) {
|
||||
if (!ObpValidateSidBuffer(
|
||||
(PSID)((PBYTE)CurrentEntry + sizeof(OBJECT_BOUNDARY_ENTRY)),
|
||||
EntrySize - sizeof(OBJECT_BOUNDARY_ENTRY)))
|
||||
{
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
}
|
||||
else
|
||||
if (CurrentEntry->EntryType == OBNS_IntegrityLabel) {
|
||||
if (++IntegrityLabelEntries > 1)
|
||||
return STATUS_DUPLICATE_OBJECTID;
|
||||
}
|
||||
}
|
||||
__except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
return GetExceptionCode();
|
||||
}
|
||||
|
||||
if (Callback) {
|
||||
if (Callback(CurrentEntry, Context))
|
||||
|
|
@ -431,7 +445,7 @@ NTSTATUS ObEnumerateBoundaryDescriptorEntries(
|
|||
|
||||
} while ((ULONG_PTR)CurrentEntry < (ULONG_PTR)DataEnd);
|
||||
|
||||
return (TotalItems != BoundaryDescriptor->Items) ? STATUS_INVALID_PARAMETER : STATUS_SUCCESS;
|
||||
return (TotalItems != BoundaryDescriptorItems) ? STATUS_INVALID_PARAMETER : STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -734,7 +748,6 @@ UCHAR ObpFindHeaderCookie(
|
|||
_In_ PKLDBGCONTEXT Context
|
||||
)
|
||||
{
|
||||
BOOL cond = FALSE;
|
||||
UCHAR ObHeaderCookie = 0;
|
||||
PBYTE ptrCode;
|
||||
ULONG Index;
|
||||
|
|
@ -799,7 +812,7 @@ UCHAR ObpFindHeaderCookie(
|
|||
break;
|
||||
}
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
}
|
||||
__except (exceptFilter(GetExceptionCode(), GetExceptionInformation())) {
|
||||
|
|
@ -825,8 +838,6 @@ PVOID ObFindPrivateNamespaceLookupTable2(
|
|||
_In_ PKLDBGCONTEXT Context
|
||||
)
|
||||
{
|
||||
BOOL cond = FALSE;
|
||||
|
||||
ULONG_PTR Address = 0;
|
||||
|
||||
PVOID SectionBase;
|
||||
|
|
@ -960,7 +971,7 @@ PVOID ObFindPrivateNamespaceLookupTable2(
|
|||
//
|
||||
Address += FIELD_OFFSET(OBP_SILODRIVERSTATE, PrivateNamespaceLookupTable);
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
return (PVOID)Address;
|
||||
}
|
||||
|
|
@ -977,7 +988,6 @@ PVOID ObFindPrivateNamespaceLookupTable(
|
|||
_In_ PKLDBGCONTEXT Context
|
||||
)
|
||||
{
|
||||
BOOL cond = FALSE;
|
||||
ULONG Index;
|
||||
PBYTE Signature, MatchingPattern;
|
||||
ULONG SignatureSize;
|
||||
|
|
@ -1072,7 +1082,7 @@ PVOID ObFindPrivateNamespaceLookupTable(
|
|||
if (!kdAddressInNtOsImage((PVOID)Address))
|
||||
break;
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
return (PVOID)Address;
|
||||
}
|
||||
|
|
@ -1123,7 +1133,7 @@ BOOL kdFindKiServiceTables(
|
|||
_Out_opt_ ULONG *W32pServiceLimit
|
||||
)
|
||||
{
|
||||
BOOL cond = FALSE, bResult = FALSE, bS1, bS2;
|
||||
BOOL bResult = FALSE, bS1, bS2;
|
||||
ULONG Index, SignatureSize;
|
||||
LONG Rel = 0;
|
||||
ULONG SectionSize;
|
||||
|
|
@ -1265,7 +1275,7 @@ BOOL kdFindKiServiceTables(
|
|||
|
||||
bResult = (bS1) && (bS2);
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
}
|
||||
__except (exceptFilter(GetExceptionCode(), GetExceptionInformation())) {
|
||||
|
|
@ -1447,8 +1457,7 @@ POBJINFO ObpCopyObjectBasicInfo(
|
|||
NULL))
|
||||
{
|
||||
#ifdef _DEBUG
|
||||
OutputDebugStringA(__FUNCTION__);
|
||||
OutputDebugStringA("kdReadSystemMemoryEx(ObjectHeaderAddress) failed");
|
||||
DbgPrint("%s kdReadSystemMemoryEx(ObjectHeaderAddress) failed\r\n", __FUNCTION__);
|
||||
#endif
|
||||
|
||||
return NULL;
|
||||
|
|
@ -1544,8 +1553,7 @@ POBJINFO ObpWalkDirectory(
|
|||
{
|
||||
|
||||
#ifdef _DEBUG
|
||||
OutputDebugStringA(__FUNCTION__);
|
||||
OutputDebugStringA("kdReadSystemMemoryEx(DirectoryAddress) failed");
|
||||
DbgPrint("%s kdReadSystemMemoryEx(DirectoryAddress) failed\r\n", __FUNCTION__);
|
||||
#endif
|
||||
return NULL;
|
||||
}
|
||||
|
|
@ -1589,8 +1597,7 @@ POBJINFO ObpWalkDirectory(
|
|||
NULL))
|
||||
{
|
||||
#ifdef _DEBUG
|
||||
OutputDebugStringA(__FUNCTION__);
|
||||
OutputDebugStringA("kdReadSystemMemoryEx(OBJECT_DIRECTORY_ENTRY(HashEntry)) failed");
|
||||
DbgPrint("%s kdReadSystemMemoryEx(OBJECT_DIRECTORY_ENTRY(HashEntry)) failed\r\n", __FUNCTION__);
|
||||
#endif
|
||||
break;
|
||||
}
|
||||
|
|
@ -1608,8 +1615,7 @@ POBJINFO ObpWalkDirectory(
|
|||
NULL))
|
||||
{
|
||||
#ifdef _DEBUG
|
||||
OutputDebugStringA(__FUNCTION__);
|
||||
OutputDebugStringA("kdReadSystemMemoryEx(ObjectHeaderAddress(Entry.Object)) failed");
|
||||
DbgPrint("%s kdReadSystemMemoryEx(ObjectHeaderAddress(Entry.Object)) failed\r\n", __FUNCTION__);
|
||||
#endif
|
||||
goto NextItem;
|
||||
}
|
||||
|
|
@ -1703,8 +1709,7 @@ POBJINFO ObQueryObjectByAddress(
|
|||
NULL))
|
||||
{
|
||||
#ifdef _DEBUG
|
||||
OutputDebugStringA(__FUNCTION__);
|
||||
OutputDebugStringA("\r\nkdReadSystemMemoryEx(ObjectHeaderAddress(ObjectAddress)) failed");
|
||||
DbgPrint("%s kdReadSystemMemoryEx(ObjectHeaderAddress(ObjectAddress)) failed\r\n", __FUNCTION__);
|
||||
#endif
|
||||
return NULL;
|
||||
}
|
||||
|
|
@ -1857,8 +1862,7 @@ VOID ObpWalkDirectoryRecursive(
|
|||
NULL))
|
||||
{
|
||||
#ifdef _DEBUG
|
||||
OutputDebugStringA(__FUNCTION__);
|
||||
OutputDebugStringA("kdReadSystemMemoryEx(DirectoryAddress) failed");
|
||||
DbgPrint("%s kdReadSystemMemoryEx(DirectoryAddress) failed\r\n", __FUNCTION__);
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
|
|
@ -2438,7 +2442,7 @@ POBJREF ObCollectionFindByAddress(
|
|||
*
|
||||
* Acquire handle of helper driver device if possible.
|
||||
*
|
||||
* N.B.
|
||||
* N.B.
|
||||
*
|
||||
* If device handle is already present function immediately return TRUE.
|
||||
* If current token is not elevated admin token function immediately return FALSE.
|
||||
|
|
@ -2748,7 +2752,7 @@ DWORD WINAPI kdQuerySystemInformation(
|
|||
_In_ PVOID lpParameter
|
||||
)
|
||||
{
|
||||
BOOL cond = FALSE, bResult = FALSE;
|
||||
BOOL bResult = FALSE;
|
||||
PKLDBGCONTEXT Context = (PKLDBGCONTEXT)lpParameter;
|
||||
PVOID MappedKernel = NULL;
|
||||
PRTL_PROCESS_MODULES miSpace = NULL;
|
||||
|
|
@ -2799,7 +2803,7 @@ DWORD WINAPI kdQuerySystemInformation(
|
|||
|
||||
bResult = TRUE;
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
if (miSpace != NULL) {
|
||||
supHeapFree(miSpace);
|
||||
|
|
@ -2960,8 +2964,6 @@ ULONG_PTR kdFindCiCallbacks(
|
|||
_In_ PKLDBGCONTEXT Context
|
||||
)
|
||||
{
|
||||
BOOL bCond = FALSE;
|
||||
|
||||
ULONG_PTR Address = 0, Result = 0;
|
||||
|
||||
PBYTE Signature = NULL, ptrCode = NULL, InstructionMatchPattern = NULL;
|
||||
|
|
@ -3108,7 +3110,7 @@ ULONG_PTR kdFindCiCallbacks(
|
|||
|
||||
Result = Address;
|
||||
|
||||
} while (bCond);
|
||||
} while (FALSE);
|
||||
|
||||
return Result;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: LIST.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 30 Mar 2019
|
||||
* DATE: 03 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -211,7 +211,6 @@ VOID ListObjectDirectoryTree(
|
|||
_In_opt_ HTREEITEM ViewRootHandle
|
||||
)
|
||||
{
|
||||
BOOL cond = TRUE;
|
||||
NTSTATUS status;
|
||||
ULONG ctx, rlen;
|
||||
HANDLE hDirectory = NULL;
|
||||
|
|
@ -276,7 +275,7 @@ VOID ListObjectDirectoryTree(
|
|||
|
||||
supHeapFree(objinf);
|
||||
|
||||
} while (cond);
|
||||
} while (TRUE);
|
||||
|
||||
NtClose(hDirectory);
|
||||
}
|
||||
|
|
@ -409,7 +408,6 @@ VOID ListObjectsInDirectory(
|
|||
_In_ LPWSTR lpObjectDirectory
|
||||
)
|
||||
{
|
||||
BOOL cond = TRUE;
|
||||
NTSTATUS status;
|
||||
ULONG ctx, rlen;
|
||||
HANDLE hDirectory = NULL;
|
||||
|
|
@ -456,7 +454,7 @@ VOID ListObjectsInDirectory(
|
|||
|
||||
supHeapFree(objinf);
|
||||
|
||||
} while (cond);
|
||||
} while (TRUE);
|
||||
|
||||
NtClose(hDirectory);
|
||||
}
|
||||
|
|
@ -476,7 +474,6 @@ VOID FindObject(
|
|||
_In_ PFO_LIST_ITEM *List
|
||||
)
|
||||
{
|
||||
BOOL cond = TRUE;
|
||||
NTSTATUS status;
|
||||
ULONG ctx, rlen;
|
||||
HANDLE hDirectory = NULL;
|
||||
|
|
@ -572,7 +569,7 @@ VOID FindObject(
|
|||
|
||||
supHeapFree(objinf);
|
||||
|
||||
} while (cond);
|
||||
} while (TRUE);
|
||||
|
||||
NtClose(hDirectory);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: MAIN.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 30 Mar 2019
|
||||
* DATE: 19 May 2019
|
||||
*
|
||||
* Program entry point and main window handler.
|
||||
*
|
||||
|
|
@ -95,6 +95,7 @@ VOID MainWindowExtrasDisableAdminFeatures(
|
|||
//
|
||||
if (g_WinObj.IsWine) {
|
||||
SetMenuItemInfo(hExtrasSubMenu, ID_EXTRAS_DRIVERS, FALSE, &mii);
|
||||
SetMenuItemInfo(hExtrasSubMenu, ID_EXTRAS_SOFTWARELICENSECACHE, FALSE, &mii);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -298,10 +299,11 @@ LRESULT MainWindowHandleWMCommand(
|
|||
{
|
||||
LPWSTR lpItemText;
|
||||
HWND hwndFocus;
|
||||
WORD ControlId = LOWORD(wParam);
|
||||
|
||||
UNREFERENCED_PARAMETER(lParam);
|
||||
|
||||
switch (LOWORD(wParam)) {
|
||||
switch (ControlId) {
|
||||
|
||||
case ID_FILE_RUNASADMIN:
|
||||
if (g_kdctx.IsFullAdmin) {
|
||||
|
|
@ -358,64 +360,29 @@ LRESULT MainWindowHandleWMCommand(
|
|||
MainWindowOnRefresh(hwnd);
|
||||
break;
|
||||
|
||||
//Extras -> Pipes
|
||||
//Extras -> Mailslots
|
||||
case ID_EXTRAS_PIPES:
|
||||
case ID_EXTRAS_MAILSLOTS:
|
||||
extrasShowIPCDialog(hwnd, LOWORD(wParam));
|
||||
break;
|
||||
|
||||
//Extras -> UserSharedData
|
||||
case ID_EXTRAS_USERSHAREDDATA:
|
||||
extrasShowUserSharedDataDialog(hwnd);
|
||||
break;
|
||||
|
||||
//Extras -> Private Namespaces
|
||||
case ID_EXTRAS_PRIVATENAMESPACES:
|
||||
//
|
||||
// Feature require driver usage and not supported in 10586.
|
||||
//
|
||||
if (g_NtBuildNumber != 10586) {
|
||||
if (kdConnectDriver()) {
|
||||
extrasShowPrivateNamespacesDialog(hwnd);
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
//Extras -> KiServiceTable
|
||||
//Extras -> W32pServiceTable
|
||||
case ID_EXTRAS_PRIVATENAMESPACES:
|
||||
case ID_EXTRAS_SSDT:
|
||||
case ID_EXTRAS_W32PSERVICETABLE:
|
||||
//
|
||||
// This feature require driver usage.
|
||||
//
|
||||
#ifndef _DEBUG
|
||||
if (kdConnectDriver()) {
|
||||
#endif
|
||||
extrasShowSSDTDialog(hwnd, LOWORD(wParam));
|
||||
#ifndef _DEBUG
|
||||
}
|
||||
#endif
|
||||
break;
|
||||
|
||||
//Extras -> Drivers
|
||||
case ID_EXTRAS_DRIVERS:
|
||||
//
|
||||
// Unsupported in Wine.
|
||||
//
|
||||
if (g_WinObj.IsWine == FALSE) {
|
||||
extrasShowDriversDialog(hwnd);
|
||||
}
|
||||
break;
|
||||
|
||||
// Extras -> Process List
|
||||
case ID_EXTRAS_PROCESSLIST:
|
||||
extrasShowPsListDialog(hwnd);
|
||||
break;
|
||||
|
||||
// Extras -> Callbacks
|
||||
case ID_EXTRAS_CALLBACKS:
|
||||
extrasShowCallbacksDialog(hwnd);
|
||||
case ID_EXTRAS_SOFTWARELICENSECACHE:
|
||||
//
|
||||
// Extras -> Pipes
|
||||
// Mailslots
|
||||
// UserSharedData
|
||||
// Private Namespaces
|
||||
// KiServiceTable
|
||||
// W32pServiceTable
|
||||
// Drivers
|
||||
// Process List
|
||||
// Callbacks
|
||||
// Software Licensing Cache
|
||||
//
|
||||
extrasShowDialogById(hwnd, ControlId);
|
||||
break;
|
||||
|
||||
case ID_HELP_ABOUT:
|
||||
|
|
@ -727,7 +694,10 @@ LRESULT MainWindowHandleWMNotify(
|
|||
}
|
||||
|
||||
//handle tooltip
|
||||
#pragma warning(push)
|
||||
#pragma warning(disable: 26454)
|
||||
if (hdr->code == TTN_GETDISPINFO) {
|
||||
#pragma warning(pop)
|
||||
lpttt = (LPTOOLTIPTEXT)lParam;
|
||||
|
||||
switch (lpttt->hdr.idFrom) {
|
||||
|
|
@ -947,7 +917,7 @@ BOOL WinObjInitGlobals(
|
|||
_In_ BOOLEAN IsWine)
|
||||
{
|
||||
SIZE_T cch;
|
||||
BOOL bResult = FALSE, bCond = FALSE;
|
||||
BOOL bResult = FALSE;
|
||||
LPWSTR *szArglist;
|
||||
INT nArgs = 0;
|
||||
|
||||
|
|
@ -1014,7 +984,7 @@ BOOL WinObjInitGlobals(
|
|||
|
||||
bResult = TRUE;
|
||||
|
||||
} while (bCond);
|
||||
} while (FALSE);
|
||||
|
||||
if (bResult == FALSE) {
|
||||
if (g_WinObj.Heap)
|
||||
|
|
@ -1037,7 +1007,7 @@ UINT WinObjExMain()
|
|||
BOOLEAN IsWine = FALSE;
|
||||
MSG msg1;
|
||||
WNDCLASSEX wincls;
|
||||
BOOL IsFullAdmin = FALSE, rv = TRUE, cond = FALSE, bLocalSystem = FALSE;
|
||||
BOOL IsFullAdmin = FALSE, rv = TRUE, bLocalSystem = FALSE;
|
||||
ATOM class_atom = 0;
|
||||
INITCOMMONCONTROLSEX icc;
|
||||
LVCOLUMN col;
|
||||
|
|
@ -1478,7 +1448,7 @@ UINT WinObjExMain()
|
|||
DispatchMessage(&msg1);
|
||||
} while (rv != 0);
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
if (class_atom != 0)
|
||||
UnregisterClass(MAKEINTATOM(class_atom), g_WinObj.hInstance);
|
||||
|
|
|
|||
|
|
@ -0,0 +1,190 @@
|
|||
/************************************************************************************
|
||||
*
|
||||
* (C) COPYRIGHT AUTHORS, 2017 - 2019, translated from Microsoft sources/debugger
|
||||
*
|
||||
* TITLE: APISETX.H
|
||||
*
|
||||
* VERSION: 1.06
|
||||
*
|
||||
* DATE: 11 May 2019
|
||||
*
|
||||
* Common header file for the ApiSetSchema definitions.
|
||||
*
|
||||
* Depends on: ntos.h
|
||||
*
|
||||
* Include: ntos.h
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
|
||||
* PARTICULAR PURPOSE.
|
||||
*
|
||||
************************************************************************************/
|
||||
|
||||
#pragma once
|
||||
|
||||
#ifndef APISETX
|
||||
#define APISETX
|
||||
|
||||
//
|
||||
// Copy-pasted from MS headers.
|
||||
//
|
||||
|
||||
#define API_SET_SECTION_NAME ".apiset"
|
||||
#define API_SET_SCHEMA_SUFFIX L".sys"
|
||||
|
||||
#define API_SET_PREFIX_API 0x2d004900500041
|
||||
#define API_SET_PREFIX_EXT 0x2d005400580045
|
||||
|
||||
#define API_SET_PREFIX_NAME_A "API-"
|
||||
#define API_SET_PREFIX_NAME_A_SIZE (sizeof(API_SET_PREFIX_NAME_A) - sizeof(CHAR))
|
||||
#define API_SET_PREFIX_NAME_U TEXT(API_SET_PREFIX_NAME_A)
|
||||
#define API_SET_PREFIX_NAME_U_SIZE (sizeof(API_SET_PREFIX_NAME_U) - sizeof(WCHAR))
|
||||
#define API_SET_PREFIX_NAME_LENGTH (RTL_NUMBER_OF(API_SET_PREFIX_NAME_U) - 1)
|
||||
|
||||
#define API_SET_EXTENSION_NAME_A "EXT-"
|
||||
#define API_SET_EXTENSION_NAME_A_SIZE (sizeof(API_SET_EXTENSION_NAME_A) - sizeof(CHAR))
|
||||
#define API_SET_EXTENSION_NAME_U TEXT(API_SET_EXTENSION_NAME_A)
|
||||
#define API_SET_EXTENSION_NAME_U_SIZE (sizeof(API_SET_EXTENSION_NAME_U) - sizeof(WCHAR))
|
||||
#define API_SET_EXTENSION_NAME_LENGTH (RTL_NUMBER_OF(API_SET_EXTENSION_NAME_U) - 1)
|
||||
|
||||
#define API_SET_SCHEMA_FLAGS_SEALED 0x00000001UL
|
||||
#define API_SET_SCHEMA_FLAGS_HOST_EXTENSION 0x00000002UL
|
||||
|
||||
#define API_SET_SCHEMA_ENTRY_FLAGS_SEALED 0x00000001UL
|
||||
#define API_SET_SCHEMA_ENTRY_FLAGS_EXTENSION 0x00000002UL
|
||||
|
||||
#define API_SET_SCHEMA_VERSION_V2 2
|
||||
#define API_SET_SCHEMA_VERSION_V3 3 //private
|
||||
#define API_SET_SCHEMA_VERSION_V4 4
|
||||
#define API_SET_SCHEMA_VERSION_V6 6
|
||||
|
||||
#define API_SET_EMPTY_NAMESPACE_VALUE(ValueEntry) \
|
||||
((ValueEntry->ValueOffset == 0) && (ValueEntry->ValueLength == 0) && \
|
||||
(ValueEntry->NameOffset == 0) && (ValueEntry->NameLength == 0))
|
||||
|
||||
#define APISET_TO_UPPER_PREFIX(x) ((x) & 0xFFFFFFDFFFDFFFDFULL)
|
||||
|
||||
//
|
||||
// Macro for APISET structures.
|
||||
//
|
||||
#define API_SET_TO_VALUE_ENTRY(Namespace, Entry, Index) \
|
||||
((API_SET_VALUE_ENTRY_V6 *)RtlOffsetToPointer(Namespace, (Index) * sizeof(API_SET_VALUE_ENTRY_V6) + Entry->DataOffset))
|
||||
|
||||
#define API_SET_TO_VALUE_NAME(Namespace, Entry) \
|
||||
((PWCHAR)RtlOffsetToPointer(Namespace, Entry->NameOffset))
|
||||
|
||||
#define API_SET_TO_HASH_ENTRY(Namespace, HashIndex) \
|
||||
((API_SET_HASH_ENTRY_V6*)RtlOffsetToPointer(Namespace, Namespace->NamespaceHashesOffset + sizeof(ULONG_PTR) * (HashIndex)))
|
||||
|
||||
#define API_SET_TO_NAMESPACE_ENTRY(Namespace, LookupHashEntry) \
|
||||
((PAPI_SET_NAMESPACE_ENTRY_V6)RtlOffsetToPointer(Namespace, LookupHashEntry->NamespaceIndex * sizeof(API_SET_NAMESPACE_ENTRY_V6) + Namespace->NamespaceEntryOffset))
|
||||
|
||||
#define API_SET_TO_NAMESPACE_ENTRY_NAME(Namespace, NamespaceEntry) \
|
||||
((PWCHAR)RtlOffsetToPointer(Namespace, NamespaceEntry->NameOffset))
|
||||
|
||||
// V2
|
||||
|
||||
typedef struct _API_SET_VALUE_ENTRY_V2 {
|
||||
ULONG NameOffset;
|
||||
ULONG NameLength;
|
||||
ULONG ValueOffset;
|
||||
ULONG ValueLength;
|
||||
} API_SET_VALUE_ENTRY_V2, *PAPI_SET_VALUE_ENTRY_V2;
|
||||
|
||||
typedef struct _API_SET_VALUE_ARRAY_V2 {
|
||||
ULONG Count;
|
||||
API_SET_VALUE_ENTRY_V2 Array[ANYSIZE_ARRAY];
|
||||
} API_SET_VALUE_ARRAY_V2, *PAPI_SET_VALUE_ARRAY_V2;
|
||||
|
||||
typedef struct _API_SET_NAMESPACE_ENTRY_V2 {
|
||||
ULONG NameOffset;
|
||||
ULONG NameLength;
|
||||
ULONG DataOffset; // API_SET_VALUE_ARRAY
|
||||
} API_SET_NAMESPACE_ENTRY_V2, *PAPI_SET_NAMESPACE_ENTRY_V2;
|
||||
|
||||
typedef struct _API_SET_NAMESPACE_ARRAY_V2 {
|
||||
ULONG Version;
|
||||
ULONG Count;
|
||||
_Field_size_full_(Count) API_SET_NAMESPACE_ENTRY_V2 Array[ANYSIZE_ARRAY];
|
||||
} API_SET_NAMESPACE_ARRAY_V2, *PAPI_SET_NAMESPACE_ARRAY_V2;
|
||||
|
||||
// V4
|
||||
|
||||
typedef struct _API_SET_VALUE_ENTRY_V4 {
|
||||
ULONG Flags;
|
||||
ULONG NameOffset;
|
||||
_Field_range_(0, UNICODE_STRING_MAX_BYTES) ULONG NameLength;
|
||||
ULONG ValueOffset;
|
||||
_Field_range_(0, UNICODE_STRING_MAX_BYTES) ULONG ValueLength;
|
||||
} API_SET_VALUE_ENTRY_V4, *PAPI_SET_VALUE_ENTRY_V4;
|
||||
|
||||
_Struct_size_bytes_(FIELD_OFFSET(API_SET_VALUE_ARRAY_V4, Array) + (sizeof(API_SET_VALUE_ENTRY_V4) * Count))
|
||||
typedef struct _API_SET_VALUE_ARRAY_V4 {
|
||||
ULONG Flags;
|
||||
ULONG Count;
|
||||
_Field_size_full_(Count) API_SET_VALUE_ENTRY_V4 Array[ANYSIZE_ARRAY];
|
||||
} API_SET_VALUE_ARRAY_V4, *PAPI_SET_VALUE_ARRAY_V4;
|
||||
|
||||
typedef struct _API_SET_NAMESPACE_ENTRY_V4 {
|
||||
ULONG Flags;
|
||||
ULONG NameOffset;
|
||||
_Field_range_(0, UNICODE_STRING_MAX_BYTES) ULONG NameLength;
|
||||
ULONG AliasOffset;
|
||||
_Field_range_(0, UNICODE_STRING_MAX_BYTES) ULONG AliasLength;
|
||||
ULONG DataOffset; // API_SET_VALUE_ARRAY_V4
|
||||
} API_SET_NAMESPACE_ENTRY_V4, *PAPI_SET_NAMESPACE_ENTRY_V4;
|
||||
|
||||
_Struct_size_bytes_(Size)
|
||||
typedef struct _API_SET_NAMESPACE_ARRAY_V4 {
|
||||
ULONG Version;
|
||||
ULONG Size;
|
||||
ULONG Flags;
|
||||
ULONG Count;
|
||||
_Field_size_full_(Count) API_SET_NAMESPACE_ENTRY_V4 Array[ANYSIZE_ARRAY];
|
||||
} API_SET_NAMESPACE_ARRAY_V4, *PAPI_SET_NAMESPACE_ARRAY_V4;
|
||||
|
||||
// V6
|
||||
|
||||
typedef struct _API_SET_HASH_ENTRY_V6 {
|
||||
ULONG Hash;
|
||||
ULONG NamespaceIndex;
|
||||
} API_SET_HASH_ENTRY_V6, *PAPI_SET_HASH_ENTRY_V6;
|
||||
|
||||
typedef struct _API_SET_NAMESPACE_ENTRY_V6 {
|
||||
ULONG Flags;
|
||||
ULONG NameOffset;
|
||||
ULONG NameLength;
|
||||
ULONG HashNameLength; //size of name up to the last hyphen
|
||||
ULONG DataOffset; //API_SET_VALUE_ENTRY_V6
|
||||
ULONG Count; //number of API_SET_VALUE_ENTRY_V6 at DataOffset
|
||||
} API_SET_NAMESPACE_ENTRY_V6, *PAPI_SET_NAMESPACE_ENTRY_V6;
|
||||
|
||||
typedef struct _API_SET_VALUE_ENTRY_V6 {
|
||||
ULONG Flags;
|
||||
ULONG NameOffset;
|
||||
ULONG NameLength;
|
||||
ULONG ValueOffset;
|
||||
ULONG ValueLength;
|
||||
} API_SET_VALUE_ENTRY_V6, *PAPI_SET_VALUE_ENTRY_V6;
|
||||
|
||||
_Struct_size_bytes_(Size)
|
||||
typedef struct _API_SET_NAMESPACE_ARRAY_V6 {
|
||||
ULONG Version;
|
||||
ULONG Size;
|
||||
ULONG Flags;
|
||||
ULONG Count;
|
||||
ULONG NamespaceEntryOffset; //API_SET_NAMESPACE_ENTRY_V6
|
||||
ULONG NamespaceHashesOffset; //_API_SET_HASH_ENTRY_V6
|
||||
ULONG HashMultiplier;
|
||||
} API_SET_NAMESPACE_ARRAY_V6, *PAPI_SET_NAMESPACE_ARRAY_V6;
|
||||
|
||||
typedef struct _API_SET_NAMESPACE {
|
||||
union {
|
||||
API_SET_NAMESPACE_ARRAY_V2 *v2;
|
||||
API_SET_NAMESPACE_ARRAY_V4 *v4;
|
||||
API_SET_NAMESPACE_ARRAY_V6 *v6;
|
||||
} Namespace;
|
||||
} API_SET_NAMESPACE, *PAPI_SET_NAMESPACE;
|
||||
|
||||
#endif /* APISETX */
|
||||
|
|
@ -0,0 +1,561 @@
|
|||
/************************************************************************************
|
||||
*
|
||||
* (C) COPYRIGHT AUTHORS, 2014 - 2019
|
||||
*
|
||||
* TITLE: NTLDR.C
|
||||
*
|
||||
* VERSION: 1.14
|
||||
*
|
||||
* DATE: 15 May 2019
|
||||
*
|
||||
* NT loader related code.
|
||||
*
|
||||
* Depends on: ntos.h
|
||||
* apisetx.h
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
|
||||
* PARTICULAR PURPOSE.
|
||||
*
|
||||
************************************************************************************/
|
||||
|
||||
#include "global.h"
|
||||
#include "ntldr.h"
|
||||
#include "apisetx.h"
|
||||
|
||||
/*
|
||||
* NtRawGetProcAddress
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Custom GPA.
|
||||
*
|
||||
*/
|
||||
NTSTATUS NtRawGetProcAddress(
|
||||
_In_ LPVOID Module,
|
||||
_In_ LPCSTR ProcName,
|
||||
_In_ PRESOLVE_INFO Pointer
|
||||
)
|
||||
{
|
||||
PIMAGE_NT_HEADERS NtHeaders;
|
||||
PIMAGE_EXPORT_DIRECTORY exp;
|
||||
PDWORD fntable, nametable;
|
||||
PWORD ordtable;
|
||||
ULONG mid, high, low;
|
||||
ULONG_PTR fnptr, exprva, expsize;
|
||||
int r;
|
||||
|
||||
NtHeaders = RtlImageNtHeader(Module);
|
||||
if (NtHeaders->OptionalHeader.NumberOfRvaAndSizes <= IMAGE_DIRECTORY_ENTRY_EXPORT)
|
||||
return STATUS_OBJECT_NAME_NOT_FOUND;
|
||||
|
||||
exprva = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
|
||||
expsize = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
|
||||
|
||||
exp = (PIMAGE_EXPORT_DIRECTORY)((ULONG_PTR)Module + exprva);
|
||||
fntable = (PDWORD)((ULONG_PTR)Module + exp->AddressOfFunctions);
|
||||
|
||||
if ((ULONG_PTR)ProcName < 0x10000) {
|
||||
// ProcName is ordinal
|
||||
if (
|
||||
((ULONG_PTR)ProcName < (ULONG_PTR)exp->Base) ||
|
||||
((ULONG_PTR)ProcName >= (ULONG_PTR)exp->Base + exp->NumberOfFunctions))
|
||||
return STATUS_OBJECT_NAME_NOT_FOUND;
|
||||
|
||||
fnptr = fntable[(ULONG_PTR)ProcName - exp->Base];
|
||||
|
||||
}
|
||||
else {
|
||||
// ProcName is ANSI string
|
||||
nametable = (PDWORD)((ULONG_PTR)Module + exp->AddressOfNames);
|
||||
ordtable = (PWORD)((ULONG_PTR)Module + exp->AddressOfNameOrdinals);
|
||||
|
||||
if (exp->NumberOfNames == 0)
|
||||
return STATUS_OBJECT_NAME_NOT_FOUND;
|
||||
|
||||
low = 0;
|
||||
high = exp->NumberOfNames;
|
||||
|
||||
do {
|
||||
mid = low + (high - low) / 2;
|
||||
r = _strcmp_a(ProcName, (LPCSTR)((ULONG_PTR)Module + nametable[mid]));
|
||||
|
||||
if (r > 0)
|
||||
{
|
||||
low = mid + 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (r < 0)
|
||||
high = mid;
|
||||
else
|
||||
break;
|
||||
}
|
||||
} while (low < high);
|
||||
|
||||
if (r == 0)
|
||||
fnptr = fntable[ordtable[mid]];
|
||||
else
|
||||
return STATUS_OBJECT_NAME_NOT_FOUND;
|
||||
}
|
||||
|
||||
if ((fnptr >= exprva) && (fnptr < exprva + expsize))
|
||||
Pointer->ResultType = ForwarderString;
|
||||
else
|
||||
Pointer->ResultType = FunctionCode;
|
||||
|
||||
Pointer->Function = (LPVOID)((ULONG_PTR)Module + fnptr);
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* NtRawEnumExports
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Enumerate win32k module exports to the table.
|
||||
*
|
||||
*/
|
||||
_Success_(return != 0)
|
||||
ULONG NtRawEnumExports(
|
||||
_In_ HANDLE HeapHandle,
|
||||
_In_ LPVOID Module,
|
||||
_Out_ PWIN32_SHADOWTABLE* Table
|
||||
)
|
||||
{
|
||||
PIMAGE_NT_HEADERS NtHeaders;
|
||||
PIMAGE_EXPORT_DIRECTORY exp;
|
||||
PDWORD FnPtrTable, NameTable;
|
||||
PWORD NameOrdTable;
|
||||
ULONG_PTR fnptr, exprva, expsize;
|
||||
ULONG c, n, result;
|
||||
PWIN32_SHADOWTABLE NewEntry;
|
||||
|
||||
NtHeaders = RtlImageNtHeader(Module);
|
||||
if (NtHeaders->OptionalHeader.NumberOfRvaAndSizes <= IMAGE_DIRECTORY_ENTRY_EXPORT)
|
||||
return 0;
|
||||
|
||||
exprva = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
|
||||
if (exprva == 0)
|
||||
return 0;
|
||||
|
||||
expsize = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
|
||||
|
||||
exp = (PIMAGE_EXPORT_DIRECTORY)((ULONG_PTR)Module + exprva);
|
||||
FnPtrTable = (PDWORD)((ULONG_PTR)Module + exp->AddressOfFunctions);
|
||||
NameTable = (PDWORD)((ULONG_PTR)Module + exp->AddressOfNames);
|
||||
NameOrdTable = (PWORD)((ULONG_PTR)Module + exp->AddressOfNameOrdinals);
|
||||
|
||||
result = 0;
|
||||
|
||||
for (c = 0; c < exp->NumberOfFunctions; ++c)
|
||||
{
|
||||
fnptr = (ULONG_PTR)Module + FnPtrTable[c];
|
||||
if (*(PDWORD)fnptr != 0xb8d18b4c) //mov r10, rcx; mov eax
|
||||
continue;
|
||||
|
||||
NewEntry = (PWIN32_SHADOWTABLE)RtlAllocateHeap(HeapHandle,
|
||||
HEAP_ZERO_MEMORY, sizeof(WIN32_SHADOWTABLE));
|
||||
|
||||
if (NewEntry == NULL)
|
||||
break;
|
||||
|
||||
NewEntry->Index = *(PDWORD)(fnptr + 4);
|
||||
|
||||
for (n = 0; n < exp->NumberOfNames; ++n)
|
||||
{
|
||||
if (NameOrdTable[n] == c)
|
||||
{
|
||||
_strncpy_a(&NewEntry->Name[0],
|
||||
sizeof(NewEntry->Name),
|
||||
(LPCSTR)((ULONG_PTR)Module + NameTable[n]),
|
||||
sizeof(NewEntry->Name));
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
++result;
|
||||
|
||||
*Table = NewEntry;
|
||||
Table = &NewEntry->NextService;
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/*
|
||||
* NtRawIATEntryToImport
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Resolve function name.
|
||||
*
|
||||
*/
|
||||
_Success_(return != NULL)
|
||||
LPCSTR NtRawIATEntryToImport(
|
||||
_In_ LPVOID Module,
|
||||
_In_ LPVOID IATEntry,
|
||||
_Out_opt_ LPCSTR *ImportModuleName
|
||||
)
|
||||
{
|
||||
PIMAGE_NT_HEADERS NtHeaders;
|
||||
PIMAGE_IMPORT_DESCRIPTOR impd;
|
||||
ULONG_PTR *rname, imprva;
|
||||
LPVOID *raddr;
|
||||
|
||||
if (ImportModuleName)
|
||||
*ImportModuleName = NULL;
|
||||
|
||||
NtHeaders = RtlImageNtHeader(Module);
|
||||
if (NtHeaders->OptionalHeader.NumberOfRvaAndSizes <= IMAGE_DIRECTORY_ENTRY_IMPORT)
|
||||
return NULL;
|
||||
|
||||
imprva = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
|
||||
if (imprva == 0)
|
||||
return NULL;
|
||||
|
||||
impd = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)Module + imprva);
|
||||
|
||||
while (impd->Name != 0) {
|
||||
raddr = (LPVOID *)((ULONG_PTR)Module + impd->FirstThunk);
|
||||
if (impd->OriginalFirstThunk == 0)
|
||||
rname = (ULONG_PTR *)raddr;
|
||||
else
|
||||
rname = (ULONG_PTR *)((ULONG_PTR)Module + impd->OriginalFirstThunk);
|
||||
|
||||
while (*rname != 0) {
|
||||
if (IATEntry == raddr)
|
||||
{
|
||||
if (((*rname) & IMAGE_ORDINAL_FLAG) == 0)
|
||||
{
|
||||
if (ImportModuleName) {
|
||||
*ImportModuleName = (LPCSTR)((ULONG_PTR)Module + impd->Name);
|
||||
}
|
||||
return (LPCSTR)&((PIMAGE_IMPORT_BY_NAME)((ULONG_PTR)Module + *rname))->Name;
|
||||
}
|
||||
}
|
||||
|
||||
++rname;
|
||||
++raddr;
|
||||
}
|
||||
++impd;
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* ApiSetpSearchForApiSetHost
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Resolve alias name if present.
|
||||
* Directly ripped from ntdll!ApiSetpSearchForApiSetHost.
|
||||
*
|
||||
*/
|
||||
PAPI_SET_VALUE_ENTRY_V6 ApiSetpSearchForApiSetHost(
|
||||
_In_ PAPI_SET_NAMESPACE_ENTRY_V6 Entry,
|
||||
_In_ PWCHAR ApiSetToResolve,
|
||||
_In_ USHORT ApiSetToResolveLength,
|
||||
_In_ PVOID Namespace)
|
||||
{
|
||||
API_SET_VALUE_ENTRY_V6 *ValueEntry;
|
||||
API_SET_VALUE_ENTRY_V6 *AliasValueEntry, *Result = NULL;
|
||||
ULONG AliasCount, i, AliasIndex;
|
||||
PWCHAR AliasName;
|
||||
LONG CompareResult;
|
||||
|
||||
ValueEntry = API_SET_TO_VALUE_ENTRY(Namespace, Entry, 0);
|
||||
AliasCount = Entry->Count;
|
||||
|
||||
if (AliasCount >= 1) {
|
||||
|
||||
i = 1;
|
||||
|
||||
do {
|
||||
AliasIndex = (AliasCount + i) >> 1;
|
||||
AliasValueEntry = API_SET_TO_VALUE_ENTRY(Namespace, Entry, AliasIndex);
|
||||
AliasName = API_SET_TO_VALUE_NAME(Namespace, AliasValueEntry);
|
||||
|
||||
CompareResult = RtlCompareUnicodeStrings(ApiSetToResolve,
|
||||
ApiSetToResolveLength,
|
||||
AliasName,
|
||||
AliasValueEntry->NameLength >> 1,
|
||||
TRUE);
|
||||
|
||||
if (CompareResult < 0) {
|
||||
AliasCount = AliasIndex - 1;
|
||||
}
|
||||
else {
|
||||
if (CompareResult == 0) {
|
||||
|
||||
Result = API_SET_TO_VALUE_ENTRY(Namespace,
|
||||
Entry,
|
||||
((AliasCount + i) >> 1));
|
||||
|
||||
break;
|
||||
}
|
||||
i = (AliasCount + 1);
|
||||
}
|
||||
|
||||
} while (i <= AliasCount);
|
||||
|
||||
}
|
||||
else {
|
||||
Result = ValueEntry;
|
||||
}
|
||||
|
||||
return Result;
|
||||
}
|
||||
|
||||
/*
|
||||
* ApiSetpSearchForApiSet
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Find apiset entry by hash from it name.
|
||||
*
|
||||
*/
|
||||
PAPI_SET_NAMESPACE_ENTRY_V6 ApiSetpSearchForApiSet(
|
||||
_In_ PVOID Namespace,
|
||||
_In_ PWCHAR ResolveName,
|
||||
_In_ USHORT ResolveNameEffectiveLength)
|
||||
{
|
||||
ULONG LookupHash = 0, i, c, HashIndex, EntryCount, EntryHash;
|
||||
WCHAR ch;
|
||||
|
||||
PWCHAR NamespaceEntryName;
|
||||
API_SET_HASH_ENTRY_V6 *LookupHashEntry;
|
||||
PAPI_SET_NAMESPACE_ENTRY_V6 NamespaceEntry = NULL;
|
||||
PAPI_SET_NAMESPACE_ARRAY_V6 ApiSetNamespace = (PAPI_SET_NAMESPACE_ARRAY_V6)Namespace;
|
||||
|
||||
if ((ApiSetNamespace->Count == 0) || (ResolveNameEffectiveLength == 0))
|
||||
return NULL;
|
||||
|
||||
//
|
||||
// Calculate lookup hash.
|
||||
//
|
||||
for (i = 0; i < ResolveNameEffectiveLength; i++) {
|
||||
ch = locase_w(ResolveName[i]);
|
||||
LookupHash = LookupHash * ApiSetNamespace->HashMultiplier + ch;
|
||||
}
|
||||
|
||||
//
|
||||
// Search for hash.
|
||||
//
|
||||
c = 0;
|
||||
EntryCount = ApiSetNamespace->Count - 1;
|
||||
do {
|
||||
|
||||
HashIndex = (EntryCount + c) >> 1;
|
||||
|
||||
LookupHashEntry = API_SET_TO_HASH_ENTRY(ApiSetNamespace, HashIndex);
|
||||
EntryHash = LookupHashEntry->Hash;
|
||||
|
||||
if (LookupHash < EntryHash) {
|
||||
EntryCount = HashIndex - 1;
|
||||
if (c > EntryCount)
|
||||
return NULL;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (EntryHash == LookupHash) {
|
||||
//
|
||||
// Hash found, query namespace entry and break.
|
||||
//
|
||||
NamespaceEntry = API_SET_TO_NAMESPACE_ENTRY(ApiSetNamespace, LookupHashEntry);
|
||||
break;
|
||||
}
|
||||
|
||||
c = HashIndex + 1;
|
||||
|
||||
if (c > EntryCount)
|
||||
return NULL;
|
||||
|
||||
} while (1);
|
||||
|
||||
if (NamespaceEntry == NULL)
|
||||
return NULL;
|
||||
|
||||
//
|
||||
// Verify entry name.
|
||||
//
|
||||
NamespaceEntryName = API_SET_TO_NAMESPACE_ENTRY_NAME(ApiSetNamespace, NamespaceEntry);
|
||||
|
||||
if (RtlCompareUnicodeStrings(ResolveName,
|
||||
ResolveNameEffectiveLength,
|
||||
NamespaceEntryName,
|
||||
(NamespaceEntry->HashNameLength >> 1),
|
||||
TRUE) == 0)
|
||||
{
|
||||
return NamespaceEntry;
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* NtLdrApiSetResolveLibrary
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Resolve apiset library name.
|
||||
*
|
||||
*/
|
||||
_Success_(return == STATUS_SUCCESS)
|
||||
NTSTATUS NtLdrApiSetResolveLibrary(
|
||||
_In_ PVOID Namespace,
|
||||
_In_ PUNICODE_STRING ApiSetToResolve,
|
||||
_In_opt_ PUNICODE_STRING ApiSetParentName,
|
||||
_Out_ PBOOL Resolved,
|
||||
_Out_ PUNICODE_STRING ResolvedHostLibraryName
|
||||
)
|
||||
{
|
||||
BOOL IsResolved = FALSE;
|
||||
NTSTATUS Status = STATUS_UNSUCCESSFUL;
|
||||
PWCHAR BufferPtr;
|
||||
USHORT Length;
|
||||
ULONG Code;
|
||||
ULONG64 SchemaPrefix;
|
||||
API_SET_NAMESPACE_ENTRY_V6 *ResolvedEntry;
|
||||
API_SET_VALUE_ENTRY_V6 *HostLibraryEntry = NULL;
|
||||
PAPI_SET_NAMESPACE_ARRAY_V6 ApiSetNamespace = (PAPI_SET_NAMESPACE_ARRAY_V6)Namespace;
|
||||
|
||||
__try {
|
||||
|
||||
*Resolved = FALSE;
|
||||
|
||||
//
|
||||
// Only Win10+ version supported.
|
||||
//
|
||||
if (ApiSetNamespace->Version != 6)
|
||||
return STATUS_UNKNOWN_REVISION;
|
||||
|
||||
if (ApiSetToResolve->Length < 8)
|
||||
return STATUS_INVALID_PARAMETER_2;
|
||||
|
||||
//
|
||||
// Check prefix.
|
||||
//
|
||||
SchemaPrefix = APISET_TO_UPPER_PREFIX(((ULONG64*)ApiSetToResolve->Buffer)[0]);
|
||||
if ((SchemaPrefix != API_SET_PREFIX_API) && (SchemaPrefix != API_SET_PREFIX_EXT)) //API- or EXT- only
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
//
|
||||
// Calculate length without everything after last hyphen including dll suffix.
|
||||
//
|
||||
BufferPtr = (PWCHAR)RtlOffsetToPointer(ApiSetToResolve->Buffer, ApiSetToResolve->Length);
|
||||
|
||||
Length = ApiSetToResolve->Length;
|
||||
|
||||
do {
|
||||
if (Length <= 1)
|
||||
break;
|
||||
|
||||
Length -= sizeof(WCHAR);
|
||||
--BufferPtr;
|
||||
|
||||
} while (*BufferPtr != L'-');
|
||||
|
||||
Length = (USHORT)Length >> 1;
|
||||
|
||||
//
|
||||
// Resolve apiset entry.
|
||||
//
|
||||
ResolvedEntry = ApiSetpSearchForApiSet(
|
||||
Namespace,
|
||||
ApiSetToResolve->Buffer,
|
||||
Length);
|
||||
|
||||
if (ResolvedEntry == NULL)
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
//
|
||||
// If parent name specified and resolved entry has more than 1 value entry check it out.
|
||||
//
|
||||
if (ApiSetParentName && ResolvedEntry->Count > 1) {
|
||||
|
||||
HostLibraryEntry = ApiSetpSearchForApiSetHost(ResolvedEntry,
|
||||
ApiSetParentName->Buffer,
|
||||
ApiSetParentName->Length >> 1,
|
||||
Namespace);
|
||||
|
||||
}
|
||||
else {
|
||||
|
||||
//
|
||||
// If resolved apiset entry has value check it out.
|
||||
//
|
||||
if (ResolvedEntry->Count > 0) {
|
||||
HostLibraryEntry = API_SET_TO_VALUE_ENTRY(Namespace, ResolvedEntry, 0);
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Set output parameter if host library resolved.
|
||||
//
|
||||
if (HostLibraryEntry) {
|
||||
if (!API_SET_EMPTY_NAMESPACE_VALUE(HostLibraryEntry)) {
|
||||
|
||||
IsResolved = TRUE;
|
||||
|
||||
//
|
||||
// Host library name is not null terminated, handle that.
|
||||
//
|
||||
BufferPtr = (PWSTR)RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY,
|
||||
HostLibraryEntry->ValueLength + sizeof(WCHAR));
|
||||
|
||||
if (BufferPtr) {
|
||||
|
||||
RtlCopyMemory(BufferPtr,
|
||||
(PWSTR)RtlOffsetToPointer(Namespace, HostLibraryEntry->ValueOffset),
|
||||
(SIZE_T)HostLibraryEntry->ValueLength);
|
||||
|
||||
ResolvedHostLibraryName->Length = (USHORT)HostLibraryEntry->ValueLength;
|
||||
ResolvedHostLibraryName->MaximumLength = (USHORT)HostLibraryEntry->ValueLength;
|
||||
ResolvedHostLibraryName->Buffer = BufferPtr;
|
||||
Status = STATUS_SUCCESS;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
__except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
Code = GetExceptionCode();
|
||||
DbgPrint("NtLdrApiSetResolveLibrary exception %lx", Code);
|
||||
return Code;
|
||||
}
|
||||
|
||||
*Resolved = IsResolved;
|
||||
return Status;
|
||||
}
|
||||
|
||||
/*
|
||||
* NtLdrApiSetLoadFromPeb
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Load ApiSetSchema map from PEB.
|
||||
*
|
||||
*/
|
||||
BOOLEAN NtLdrApiSetLoadFromPeb(
|
||||
_Out_ PULONG SchemaVersion,
|
||||
_Out_ PVOID* DataPointer)
|
||||
{
|
||||
PBYTE DataPtr = NULL;
|
||||
|
||||
__try {
|
||||
*SchemaVersion = 0;
|
||||
*DataPointer = 0;
|
||||
|
||||
DataPtr = (PBYTE)NtCurrentPeb()->ApiSetMap;
|
||||
*SchemaVersion = *(ULONG*)DataPtr;
|
||||
*DataPointer = DataPtr;
|
||||
}
|
||||
__except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
return FALSE;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,82 @@
|
|||
/************************************************************************************
|
||||
*
|
||||
* (C) COPYRIGHT AUTHORS, 2014 - 2019
|
||||
*
|
||||
* TITLE: NTLDR.H
|
||||
*
|
||||
* VERSION: 1.12
|
||||
*
|
||||
* DATE: 08 May 2019
|
||||
*
|
||||
* Common header file for the NTLDR definitions.
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
|
||||
* PARTICULAR PURPOSE.
|
||||
*
|
||||
************************************************************************************/
|
||||
|
||||
#pragma once
|
||||
|
||||
/*
|
||||
*
|
||||
* W32pServiceTable query related structures and definitions.
|
||||
*
|
||||
*/
|
||||
|
||||
typedef enum _RESOLVE_POINTER_TYPE {
|
||||
ForwarderString = 0,
|
||||
FunctionCode = 1
|
||||
} RESOLVE_POINTER_TYPE;
|
||||
|
||||
typedef struct _RESOLVE_INFO {
|
||||
RESOLVE_POINTER_TYPE ResultType;
|
||||
union {
|
||||
LPCSTR ForwarderName;
|
||||
LPVOID Function;
|
||||
};
|
||||
} RESOLVE_INFO, *PRESOLVE_INFO;
|
||||
|
||||
typedef struct _LOAD_MODULE_ENTRY {
|
||||
HMODULE hModule;
|
||||
struct _LOAD_MODULE_ENTRY *Next;
|
||||
} LOAD_MODULE_ENTRY, *PLOAD_MODULE_ENTRY;
|
||||
|
||||
typedef struct _WIN32_SHADOWTABLE {
|
||||
ULONG Index;
|
||||
CHAR Name[256];
|
||||
ULONG_PTR KernelStubAddress;
|
||||
ULONG_PTR KernelStubTargetAddress;
|
||||
struct _WIN32_SHADOWTABLE *NextService;
|
||||
} WIN32_SHADOWTABLE, *PWIN32_SHADOWTABLE;
|
||||
|
||||
|
||||
_Success_(return != NULL)
|
||||
LPCSTR NtRawIATEntryToImport(
|
||||
_In_ LPVOID Module,
|
||||
_In_ LPVOID IATEntry,
|
||||
_Out_opt_ LPCSTR *ImportModuleName);
|
||||
|
||||
_Success_(return != 0)
|
||||
ULONG NtRawEnumExports(
|
||||
_In_ HANDLE HeapHandle,
|
||||
_In_ LPVOID Module,
|
||||
_Out_ PWIN32_SHADOWTABLE* Table);
|
||||
|
||||
NTSTATUS NtRawGetProcAddress(
|
||||
_In_ LPVOID Module,
|
||||
_In_ LPCSTR ProcName,
|
||||
_In_ PRESOLVE_INFO Pointer);
|
||||
|
||||
BOOLEAN NtLdrApiSetLoadFromPeb(
|
||||
_Out_ PULONG SchemaVersion,
|
||||
_Out_ PVOID* DataPointer);
|
||||
|
||||
_Success_(return == STATUS_SUCCESS)
|
||||
NTSTATUS NtLdrApiSetResolveLibrary(
|
||||
_In_ PVOID Namespace,
|
||||
_In_ PUNICODE_STRING ApiSetToResolve,
|
||||
_In_opt_ PUNICODE_STRING ApiSetParentName,
|
||||
_Out_ PBOOL Resolved,
|
||||
_Out_ PUNICODE_STRING ResolvedHostLibraryName);
|
||||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: NTOS.H
|
||||
*
|
||||
* VERSION: 1.111
|
||||
* VERSION: 1.115
|
||||
*
|
||||
* DATE: 30 Mar 2019
|
||||
* DATE: 18 May 2019
|
||||
*
|
||||
* Common header file for the ntos API functions and definitions.
|
||||
*
|
||||
|
|
@ -796,9 +796,11 @@ typedef struct _SYSTEM_ISOLATED_USER_MODE_INFORMATION {
|
|||
BOOLEAN HvciStrictMode : 1;
|
||||
BOOLEAN DebugEnabled : 1;
|
||||
BOOLEAN FirmwarePageProtection : 1;
|
||||
BOOLEAN SpareFlags : 1;
|
||||
BOOLEAN EncryptionKeyAvailable : 1;
|
||||
BOOLEAN SpareFlags : 2;
|
||||
BOOLEAN TrustletRunning : 1;
|
||||
BOOLEAN SpareFlags2 : 1;
|
||||
BOOLEAN HvciDisableAllowed : 1;
|
||||
BOOLEAN SpareFlags2 : 6;
|
||||
BOOLEAN Spare0[6];
|
||||
ULONGLONG Spare1;
|
||||
} SYSTEM_ISOLATED_USER_MODE_INFORMATION, *PSYSTEM_ISOLATED_USER_MODE_INFORMATION;
|
||||
|
|
@ -898,10 +900,12 @@ typedef enum _PROCESSINFOCLASS {
|
|||
ProcessSystemResourceManagement = 91,
|
||||
ProcessSequenceNumber = 92,
|
||||
ProcessLoaderDetour = 93,
|
||||
ProcessSecurityDomainInformation = 93,
|
||||
ProcessCombineSecurityDomainsInformation = 94,
|
||||
ProcessEnableLogging = 95,
|
||||
ProcessLeapSecondInformation = 96,
|
||||
ProcessSecurityDomainInformation = 94,
|
||||
ProcessCombineSecurityDomainsInformation = 95,
|
||||
ProcessEnableLogging = 96,
|
||||
ProcessLeapSecondInformation = 97,
|
||||
ProcessFiberShadowStackAllocation = 98,
|
||||
ProcessFreeFiberShadowStackAllocation = 99,
|
||||
MaxProcessInfoClass
|
||||
} PROCESSINFOCLASS;
|
||||
|
||||
|
|
@ -1520,6 +1524,8 @@ typedef enum _SYSTEM_INFORMATION_CLASS {
|
|||
SystemCodeIntegrityUnlockModeInformation = 205,
|
||||
SystemLeapSecondInformation = 206,
|
||||
SystemFlags2Information = 207,
|
||||
SystemSecurityModelInformation = 208,
|
||||
SystemCodeIntegritySyntheticCacheInformation = 209,
|
||||
MaxSystemInfoClass
|
||||
} SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;
|
||||
|
||||
|
|
@ -1542,7 +1548,15 @@ typedef struct _SYSTEM_SPECULATION_CONTROL_INFORMATION {
|
|||
ULONG BpbDisabledKernelToUser : 1;
|
||||
ULONG SpecCtrlRetpolineEnabled : 1;
|
||||
ULONG SpecCtrlImportOptimizationEnabled : 1;
|
||||
ULONG Reserved : 16;
|
||||
ULONG EnhancedIbrs : 1;
|
||||
ULONG HvL1tfStatusAvailable : 1;
|
||||
ULONG HvL1tfProcessorNotAffected : 1;
|
||||
ULONG HvL1tfMigitationEnabled : 1;
|
||||
ULONG HvL1tfMigitationNotEnabled_Hardware : 1;
|
||||
ULONG HvL1tfMigitationNotEnabled_LoadOption : 1;
|
||||
ULONG HvL1tfMigitationNotEnabled_CoreScheduler : 1;
|
||||
ULONG EnhancedIbrsReported : 1;
|
||||
ULONG Reserved : 8;
|
||||
} SpeculationControlFlags;
|
||||
} SYSTEM_SPECULATION_CONTROL_INFORMATION, *PSYSTEM_SPECULATION_CONTROL_INFORMATION;
|
||||
|
||||
|
|
@ -1780,6 +1794,10 @@ typedef enum _FILE_INFORMATION_CLASS {
|
|||
FileMemoryPartitionInformation,
|
||||
FileStatLxInformation,
|
||||
FileCaseSensitiveInformation,
|
||||
FileLinkInformationEx,
|
||||
FileLinkInformationExBypassAccessCheck,
|
||||
FileStorageReserveIdInformation,
|
||||
FileCaseSensitiveInformationForceAccessCheck,
|
||||
FileMaximumInformation
|
||||
} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
|
||||
|
||||
|
|
@ -1797,6 +1815,7 @@ typedef enum _FSINFOCLASS {
|
|||
FileFsSectorSizeInformation,
|
||||
FileFsDataCopyInformation,
|
||||
FileFsMetadataSizeInformation,
|
||||
FileFsFullSizeInformationEx,
|
||||
FileFsMaximumInformation
|
||||
} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
|
||||
|
||||
|
|
@ -2683,7 +2702,8 @@ typedef struct _SYSTEM_HANDLE_INFORMATION_EX {
|
|||
#define SE_INC_WORKING_SET_PRIVILEGE (33L)
|
||||
#define SE_TIME_ZONE_PRIVILEGE (34L)
|
||||
#define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE (35L)
|
||||
#define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
|
||||
#define SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE (36L)
|
||||
#define SE_MAX_WELL_KNOWN_PRIVILEGE SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE
|
||||
|
||||
//
|
||||
// Generic test for success on any status value (non-negative numbers
|
||||
|
|
@ -5583,6 +5603,53 @@ typedef struct _ESERVERSILO_GLOBALS {
|
|||
** SILO END
|
||||
*/
|
||||
|
||||
/*
|
||||
** SOFTWARE LICENSING START
|
||||
*/
|
||||
#pragma pack(push, 1)
|
||||
typedef struct _SL_CACHE_VALUE_DESCRIPTOR {
|
||||
USHORT Size;
|
||||
USHORT NameLength;
|
||||
USHORT Type;
|
||||
USHORT DataLength;
|
||||
ULONG Attributes;
|
||||
ULONG Reserved;
|
||||
WCHAR Name[ANYSIZE_ARRAY];
|
||||
} SL_CACHE_VALUE_DESCRIPTOR, *PSL_CACHE_VALUE_DESCRIPTOR;
|
||||
typedef SL_CACHE_VALUE_DESCRIPTOR SL_KMEM_CACHE_VALUE_DESCRIPTOR;
|
||||
#pragma pack(pop)
|
||||
|
||||
typedef struct _SL_CACHE {
|
||||
ULONG TotalSize;
|
||||
ULONG SizeOfData;
|
||||
ULONG SignatureSize;
|
||||
ULONG Flags;
|
||||
ULONG Version;
|
||||
SL_KMEM_CACHE_VALUE_DESCRIPTOR Descriptors[ANYSIZE_ARRAY];
|
||||
} SL_CACHE, *PSL_CACHE;
|
||||
typedef SL_CACHE SL_KMEM_CACHE;
|
||||
|
||||
typedef struct _SL_APPX_CACHE_VALUE_DESCRIPTOR {
|
||||
UCHAR HashedName[32];
|
||||
ULONGLONG Expiration;
|
||||
ULONG DataSize;
|
||||
WCHAR Name[ANYSIZE_ARRAY];
|
||||
} SL_APPX_CACHE_VALUE_DESCRIPTOR, *PSL_APPX_CACHE_VALUE_DESCRIPTOR;
|
||||
|
||||
typedef struct _SL_APPX_CACHE {
|
||||
ULONG Version;
|
||||
ULONG Flags;
|
||||
ULONG DataSize;
|
||||
ULONGLONG DataCheckSum;
|
||||
SL_APPX_CACHE_VALUE_DESCRIPTOR Descriptors[ANYSIZE_ARRAY];
|
||||
} SL_APPX_CACHE, *PSL_APPX_CACHE;
|
||||
|
||||
|
||||
/*
|
||||
** SOFTWARE LICENSING END
|
||||
*/
|
||||
|
||||
|
||||
/*
|
||||
** LDR START
|
||||
*/
|
||||
|
|
@ -5824,6 +5891,12 @@ LdrQueryImageFileExecutionOptions(
|
|||
_In_ ULONG BufferSize,
|
||||
_Out_opt_ PULONG ResultSize);
|
||||
|
||||
NTSYSAPI
|
||||
BOOLEAN
|
||||
NTAPI
|
||||
LdrIsModuleSxsRedirected( //LdrEntry->Flags->Redirected
|
||||
_In_ PVOID DllHandle);
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
|
@ -6137,6 +6210,14 @@ RtlAnsiStringToUnicodeString(
|
|||
_In_ PCANSI_STRING SourceString,
|
||||
_In_ BOOLEAN AllocateDestinationString);
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
RtlUnicodeStringToAnsiString(
|
||||
_Inout_ PANSI_STRING DestinationString,
|
||||
_In_ PUNICODE_STRING SourceString,
|
||||
_In_ BOOLEAN AllocateDestinationString);
|
||||
|
||||
NTSYSAPI
|
||||
WCHAR
|
||||
NTAPI
|
||||
|
|
@ -7516,6 +7597,15 @@ DbgPrint(
|
|||
_In_z_ _Printf_format_string_ PCH Format,
|
||||
...);
|
||||
|
||||
NTSYSAPI
|
||||
ULONG
|
||||
STDAPIVCALLTYPE
|
||||
DbgPrintEx(
|
||||
_In_ ULONG ComponentId,
|
||||
_In_ ULONG Level,
|
||||
_In_z_ _Printf_format_string_ PSTR Format,
|
||||
...);
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
|
|
@ -10940,6 +11030,26 @@ NtTraceControl(
|
|||
_In_ ULONG OutBufferLen,
|
||||
_Out_ PULONG ReturnLength);
|
||||
|
||||
/************************************************************************************
|
||||
*
|
||||
* Enclave API.
|
||||
*
|
||||
************************************************************************************/
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
NtLoadEnclaveData(
|
||||
_In_ HANDLE ProcessHandle,
|
||||
_In_ PVOID BaseAddress,
|
||||
_In_reads_bytes_(BufferSize) PVOID Buffer,
|
||||
_In_ SIZE_T BufferSize,
|
||||
_In_ ULONG Protect,
|
||||
_In_reads_bytes_(PageInformationLength) PVOID PageInformation,
|
||||
_In_ ULONG PageInformationLength,
|
||||
_Out_opt_ PSIZE_T NumberOfBytesWritten,
|
||||
_Out_opt_ PULONG EnclaveError);
|
||||
|
||||
/************************************************************************************
|
||||
*
|
||||
* Kernel Debugger API.
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: PROPBASIC.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 30 Mar 2019
|
||||
* DATE: 03 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -552,7 +552,6 @@ VOID propSetDefaultInfo(
|
|||
_In_ HANDLE hObject
|
||||
)
|
||||
{
|
||||
BOOL cond = FALSE;
|
||||
INT i;
|
||||
HWND hwndCB;
|
||||
NTSTATUS status;
|
||||
|
|
@ -639,7 +638,7 @@ VOID propSetDefaultInfo(
|
|||
SetLastError(RtlNtStatusToDosError(status));
|
||||
}
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
if (TypeInfo) {
|
||||
supHeapFree(TypeInfo);
|
||||
|
|
@ -2073,7 +2072,6 @@ VOID propBasicQueryJob(
|
|||
_In_ BOOL ExtendedInfoAvailable
|
||||
)
|
||||
{
|
||||
BOOL cond = FALSE;
|
||||
DWORD i;
|
||||
HWND hwndCB;
|
||||
HANDLE hObject;
|
||||
|
|
@ -2229,7 +2227,7 @@ VOID propBasicQueryJob(
|
|||
supHeapFree(ProcessList);
|
||||
}
|
||||
}
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
if (pJobProcList != NULL) {
|
||||
supVirtualFree(pJobProcList);
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: PROPDRIVER.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 07 Mar 2019
|
||||
* DATE: 03 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -49,7 +49,7 @@ VOID DriverSetInfo(
|
|||
_In_ HWND hwndDlg
|
||||
)
|
||||
{
|
||||
BOOL cond = FALSE, bResult = FALSE, fGroup, bRet;
|
||||
BOOL bResult = FALSE, fGroup, bRet;
|
||||
INT nEndOfList, nEnd, nStart;
|
||||
DWORD i, bytesNeeded, dwServices, dwGroups;
|
||||
LPWSTR lpType;
|
||||
|
|
@ -397,7 +397,7 @@ VOID DriverSetInfo(
|
|||
|
||||
CloseServiceHandle(schService);
|
||||
schService = NULL;
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
if (psci != NULL)
|
||||
supHeapFree(psci);
|
||||
|
|
@ -436,7 +436,6 @@ VOID DriverJumpToKey(
|
|||
_In_ PROP_OBJECT_INFO *Context
|
||||
)
|
||||
{
|
||||
BOOL cond = FALSE;
|
||||
DWORD dwProcessId;
|
||||
WCHAR *ch;
|
||||
HWND regeditHwnd, regeditMainHwnd;
|
||||
|
|
@ -565,7 +564,7 @@ VOID DriverJumpToKey(
|
|||
SetForegroundWindow(regeditMainHwnd);
|
||||
SetFocus(regeditMainHwnd);
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
if (lpRegPath) {
|
||||
supHeapFree(lpRegPath);
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: PROPOBJECTDUMP.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 19 Mar 2019
|
||||
* DATE: 03 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -904,7 +904,7 @@ VOID propObDumpDriverObject(
|
|||
_In_ HWND hwndDlg
|
||||
)
|
||||
{
|
||||
BOOL cond, bOkay;
|
||||
BOOL bOkay;
|
||||
INT i, j;
|
||||
HTREEITEM h_tviRootItem, h_tviSubItem;
|
||||
PRTL_PROCESS_MODULES pModules;
|
||||
|
|
@ -924,7 +924,6 @@ VOID propObDumpDriverObject(
|
|||
}
|
||||
|
||||
bOkay = FALSE;
|
||||
cond = FALSE;
|
||||
|
||||
__try {
|
||||
|
||||
|
|
@ -957,7 +956,7 @@ VOID propObDumpDriverObject(
|
|||
break;
|
||||
}
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
//any errors - abort
|
||||
if (!bOkay) {
|
||||
|
|
@ -2426,7 +2425,7 @@ VOID propObDumpObjectType(
|
|||
_In_ HWND hwndDlg
|
||||
)
|
||||
{
|
||||
BOOL bCond = FALSE, bOkay;
|
||||
BOOL bOkay;
|
||||
HTREEITEM h_tviRootItem, h_tviSubItem, h_tviGenericMapping;
|
||||
UINT i;
|
||||
LPWSTR lpType = NULL;
|
||||
|
|
@ -2724,7 +2723,7 @@ VOID propObDumpObjectType(
|
|||
|
||||
bOkay = TRUE;
|
||||
|
||||
} while (bCond);
|
||||
} while (FALSE);
|
||||
|
||||
//
|
||||
// Cleanup.
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: PROPPROCESS.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 18 Mar 2019
|
||||
* DATE: 03 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -452,7 +452,6 @@ VOID ProcessListSetInfo(
|
|||
_In_ EXTRASCONTEXT *pDlgContext
|
||||
)
|
||||
{
|
||||
BOOL cond = FALSE;
|
||||
USHORT ObjectTypeIndex = 0;
|
||||
ULONG i;
|
||||
DWORD CurrentProcessId = GetCurrentProcessId();
|
||||
|
|
@ -597,7 +596,7 @@ VOID ProcessListSetInfo(
|
|||
}
|
||||
}
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
//cleanup
|
||||
if (pHandles) {
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: PROPSECURITY.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 14 Mar 2019
|
||||
* DATE: 03 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -464,7 +464,6 @@ HRESULT propSecurityConstructor(
|
|||
_In_ ULONG psiFlags
|
||||
)
|
||||
{
|
||||
BOOL cond = FALSE;
|
||||
ULONG bytesNeeded = 0L;
|
||||
NTSTATUS status;
|
||||
SIZE_T Size;
|
||||
|
|
@ -560,7 +559,7 @@ HRESULT propSecurityConstructor(
|
|||
}
|
||||
hResult = S_OK;
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
//cleanup
|
||||
This->CloseObjectMethod(Context, hObject);
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: PROPTYPE.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 30 Mar 2019
|
||||
* DATE: 03 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -528,7 +528,7 @@ BOOL propQueryTypeInfo(
|
|||
_Out_ POBJECT_TYPE_COMPATIBLE pObjectTypeDump
|
||||
)
|
||||
{
|
||||
BOOL bResult = FALSE, cond = FALSE;
|
||||
BOOL bResult = FALSE;
|
||||
ULONG i;
|
||||
SIZE_T sz;
|
||||
LPWSTR lpType;
|
||||
|
|
@ -595,7 +595,7 @@ BOOL propQueryTypeInfo(
|
|||
}
|
||||
pObject = OBJECT_TYPES_NEXT_ENTRY(pObject);
|
||||
}
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
if (pObjectTypes) {
|
||||
supHeapFree(pObjectTypes);
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: SUP.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 31 Mar 2019
|
||||
* DATE: 19 May 2019
|
||||
*
|
||||
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
||||
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||
|
|
@ -19,6 +19,7 @@
|
|||
#include "extras\extrasSSDT.h"
|
||||
#include <cfgmgr32.h>
|
||||
#include <setupapi.h>
|
||||
#include <shlwapi.h>
|
||||
|
||||
//
|
||||
// Setup info database.
|
||||
|
|
@ -834,7 +835,7 @@ PVOID supGetSystemInfo(
|
|||
{
|
||||
INT c = 0;
|
||||
PVOID Buffer = NULL;
|
||||
ULONG Size = 0x1000;
|
||||
ULONG Size = PAGE_SIZE;
|
||||
NTSTATUS status;
|
||||
ULONG memIO = 0;
|
||||
|
||||
|
|
@ -988,8 +989,8 @@ LPWSTR supGetItemText2(
|
|||
_In_ HWND ListView,
|
||||
_In_ INT nItem,
|
||||
_In_ INT nSubItem,
|
||||
_In_ LPWSTR pszText,
|
||||
_In_ UINT cbText
|
||||
_In_ WCHAR *pszText,
|
||||
_In_ UINT cchText
|
||||
)
|
||||
{
|
||||
LV_ITEM item;
|
||||
|
|
@ -999,7 +1000,7 @@ LPWSTR supGetItemText2(
|
|||
item.iItem = nItem;
|
||||
item.iSubItem = nSubItem;
|
||||
item.pszText = pszText;
|
||||
item.cchTextMax = (SIZE_T)cbText;
|
||||
item.cchTextMax = (SIZE_T)cchText;
|
||||
SendMessage(ListView, LVM_GETITEMTEXT, (WPARAM)item.iItem, (LPARAM)&item);
|
||||
|
||||
return item.pszText;
|
||||
|
|
@ -1200,7 +1201,7 @@ BOOL supUserIsFullAdmin(
|
|||
VOID
|
||||
)
|
||||
{
|
||||
BOOL bResult = FALSE, cond = FALSE;
|
||||
BOOL bResult = FALSE;
|
||||
HANDLE hToken = NULL;
|
||||
NTSTATUS status;
|
||||
DWORD i, Attributes;
|
||||
|
|
@ -1253,7 +1254,7 @@ BOOL supUserIsFullAdmin(
|
|||
}
|
||||
supHeapFree(pTkGroups);
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
if (AdministratorsGroup != NULL) {
|
||||
RtlFreeSid(AdministratorsGroup);
|
||||
|
|
@ -1305,8 +1306,10 @@ VOID supSetGotoLinkTargetToolButtonState(
|
|||
uEnable &= ~MF_GRAYED;
|
||||
}
|
||||
else {
|
||||
if (supIsSymlink(hwndlv, iItem)) {
|
||||
uEnable &= ~MF_GRAYED;
|
||||
if (hwndlv) {
|
||||
if (supIsSymlink(hwndlv, iItem)) {
|
||||
uEnable &= ~MF_GRAYED;
|
||||
}
|
||||
}
|
||||
}
|
||||
EnableMenuItem(GetSubMenu(GetMenu(hwnd), 2), ID_OBJECT_GOTOLINKTARGET, uEnable);
|
||||
|
|
@ -1400,7 +1403,7 @@ BOOL supxQueryKnownDllsLink(
|
|||
_In_ PVOID *lpKnownDllsBuffer
|
||||
)
|
||||
{
|
||||
BOOL bResult = FALSE, cond = FALSE;
|
||||
BOOL bResult = FALSE;
|
||||
HANDLE hLink = NULL;
|
||||
SIZE_T memIO;
|
||||
ULONG bytesNeeded;
|
||||
|
|
@ -1439,7 +1442,7 @@ BOOL supxQueryKnownDllsLink(
|
|||
}
|
||||
}
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
if (hLink != NULL) NtClose(hLink);
|
||||
return bResult;
|
||||
}
|
||||
|
|
@ -1858,7 +1861,7 @@ BOOL supCreateSCMSnapshot(
|
|||
_Out_opt_ SCMDB *Snapshot
|
||||
)
|
||||
{
|
||||
BOOL cond = FALSE, bResult = FALSE;
|
||||
BOOL bResult = FALSE;
|
||||
SC_HANDLE schSCManager;
|
||||
DWORD dwBytesNeeded = 0, dwServicesReturned = 0, dwSize;
|
||||
PVOID Services = NULL;
|
||||
|
|
@ -1926,7 +1929,7 @@ BOOL supCreateSCMSnapshot(
|
|||
|
||||
CloseServiceHandle(schSCManager);
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
if (Snapshot) {
|
||||
Snapshot->Entries = Services;
|
||||
|
|
@ -2537,7 +2540,7 @@ BOOL supQueryDriverDescription(
|
|||
_In_ DWORD ccBuffer //size of buffer in chars
|
||||
)
|
||||
{
|
||||
BOOL bResult, cond = FALSE;
|
||||
BOOL bResult;
|
||||
LPWSTR lpServiceName = NULL;
|
||||
LPWSTR lpDisplayName = NULL;
|
||||
LPWSTR lpRegKey = NULL;
|
||||
|
|
@ -2664,7 +2667,7 @@ BOOL supQueryDriverDescription(
|
|||
|
||||
}
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
if (vinfo) {
|
||||
supHeapFree(vinfo);
|
||||
|
|
@ -2693,7 +2696,7 @@ BOOL supQuerySectionFileInfo(
|
|||
_In_ DWORD ccBuffer //size of buffer in chars
|
||||
)
|
||||
{
|
||||
BOOL bResult, cond = FALSE;
|
||||
BOOL bResult;
|
||||
HANDLE hSection;
|
||||
PVOID vinfo;
|
||||
LPWSTR pcValue, lpszFileName, lpszKnownDlls;
|
||||
|
|
@ -2803,7 +2806,7 @@ BOOL supQuerySectionFileInfo(
|
|||
_strncpy(Buffer, ccBuffer, pcValue, dwInfoSize);
|
||||
}
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
if (hSection) NtClose(hSection);
|
||||
if (vinfo) supHeapFree(vinfo);
|
||||
|
|
@ -3166,7 +3169,7 @@ BOOL supGetWin32FileName(
|
|||
_In_ SIZE_T ccWin32FileName
|
||||
)
|
||||
{
|
||||
BOOL bCond = FALSE, bResult = FALSE;
|
||||
BOOL bResult = FALSE;
|
||||
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
||||
HANDLE hFile = NULL;
|
||||
UNICODE_STRING NtFileName;
|
||||
|
|
@ -3210,7 +3213,7 @@ BOOL supGetWin32FileName(
|
|||
|
||||
bResult = TRUE;
|
||||
|
||||
} while (bCond);
|
||||
} while (FALSE);
|
||||
|
||||
if (hFile)
|
||||
NtClose(hFile);
|
||||
|
|
@ -3454,7 +3457,7 @@ BOOL supQueryObjectTrustLabel(
|
|||
_Out_ PULONG ProtectionType,
|
||||
_Out_ PULONG ProtectionLevel)
|
||||
{
|
||||
BOOL bCond = FALSE, bResult = FALSE;
|
||||
BOOL bResult = FALSE;
|
||||
BOOLEAN saclPresent = FALSE, saclDefaulted = FALSE;
|
||||
ULONG i, Length = 0, returnLength = 0;
|
||||
|
||||
|
|
@ -3535,7 +3538,7 @@ BOOL supQueryObjectTrustLabel(
|
|||
}
|
||||
}
|
||||
|
||||
} while (bCond);
|
||||
} while (FALSE);
|
||||
|
||||
if (pSD) supHeapFree(pSD);
|
||||
|
||||
|
|
@ -3736,7 +3739,7 @@ HANDLE supxGetSystemToken(
|
|||
BOOL supRunAsLocalSystem(
|
||||
_In_ HWND hwndParent)
|
||||
{
|
||||
BOOL bCond = FALSE, bSuccess = FALSE;
|
||||
BOOL bSuccess = FALSE;
|
||||
PVOID ProcessList;
|
||||
ULONG SessionId = NtCurrentPeb()->SessionId, dummy;
|
||||
|
||||
|
|
@ -3896,7 +3899,7 @@ BOOL supRunAsLocalSystem(
|
|||
CloseHandle(pi.hThread);
|
||||
}
|
||||
|
||||
} while (bCond);
|
||||
} while (FALSE);
|
||||
|
||||
if (hImpersonationToken) {
|
||||
NtClose(hImpersonationToken);
|
||||
|
|
@ -4493,10 +4496,15 @@ VOID supShowLastError(
|
|||
LPWSTR lpMsgBuf = NULL;
|
||||
|
||||
if (FormatMessage(
|
||||
FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
|
||||
NULL, LastError,
|
||||
FORMAT_MESSAGE_ALLOCATE_BUFFER |
|
||||
FORMAT_MESSAGE_FROM_SYSTEM |
|
||||
FORMAT_MESSAGE_IGNORE_INSERTS,
|
||||
NULL,
|
||||
LastError,
|
||||
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
|
||||
(LPWSTR)&lpMsgBuf, 0, NULL))
|
||||
(LPWSTR)&lpMsgBuf,
|
||||
0,
|
||||
NULL))
|
||||
{
|
||||
MessageBox(hWnd, lpMsgBuf, Source, MB_TOPMOST | MB_ICONERROR);
|
||||
LocalFree(lpMsgBuf);
|
||||
|
|
@ -4892,14 +4900,14 @@ NTSTATUS supOpenThread(
|
|||
*/
|
||||
BOOL supPrintTimeConverted(
|
||||
_In_ PLARGE_INTEGER Time,
|
||||
_In_ LPWSTR lpBuffer,
|
||||
_In_ WCHAR *lpszBuffer,
|
||||
_In_ SIZE_T cchBuffer
|
||||
)
|
||||
{
|
||||
FILETIME ConvertedTime;
|
||||
TIME_FIELDS TimeFields;
|
||||
|
||||
if ((Time == NULL) || (lpBuffer == NULL)) return 0;
|
||||
if ((Time == NULL) || (lpszBuffer == NULL)) return 0;
|
||||
if (cchBuffer == 0) return 0;
|
||||
|
||||
RtlSecureZeroMemory(&ConvertedTime, sizeof(ConvertedTime));
|
||||
|
|
@ -4911,7 +4919,7 @@ BOOL supPrintTimeConverted(
|
|||
if (TimeFields.Month > 12) TimeFields.Month = 12;
|
||||
|
||||
rtl_swprintf_s(
|
||||
lpBuffer,
|
||||
lpszBuffer,
|
||||
cchBuffer,
|
||||
FORMATTED_TIME_DATE_VALUE,
|
||||
TimeFields.Hour,
|
||||
|
|
@ -5449,3 +5457,399 @@ BOOL supPHLCreate(
|
|||
|
||||
return ((numberOfProcesses > 0) && (numberOfThreads > 0));
|
||||
}
|
||||
|
||||
/*
|
||||
* supxEnumerateSLCacheValueDescriptors
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Walk each SL cache value descriptor entry, validate it and run optional callback.
|
||||
*
|
||||
*/
|
||||
NTSTATUS supxEnumerateSLCacheValueDescriptors(
|
||||
_In_ SL_KMEM_CACHE *Cache,
|
||||
_In_opt_ PENUMERATE_SL_CACHE_VALUE_DESCRIPTORS_CALLBACK Callback,
|
||||
_In_opt_ PVOID Context
|
||||
)
|
||||
{
|
||||
ULONG_PTR CurrentPosition, MaxPosition;
|
||||
SL_KMEM_CACHE_VALUE_DESCRIPTOR *CacheDescriptor;
|
||||
|
||||
__try {
|
||||
|
||||
if (Cache->TotalSize < sizeof(SL_KMEM_CACHE))
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
if (Cache->Version != 1)
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
MaxPosition = (ULONG_PTR)RtlOffsetToPointer(Cache, Cache->TotalSize);
|
||||
if (MaxPosition < (ULONG_PTR)Cache)
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
CacheDescriptor = (SL_KMEM_CACHE_VALUE_DESCRIPTOR*)&Cache->Descriptors;
|
||||
CurrentPosition = (ULONG_PTR)CacheDescriptor;
|
||||
MaxPosition = (ULONG_PTR)RtlOffsetToPointer(CacheDescriptor, Cache->SizeOfData);
|
||||
|
||||
}
|
||||
__except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
return GetExceptionCode();
|
||||
}
|
||||
|
||||
do {
|
||||
__try {
|
||||
if ((CacheDescriptor->NameLength >= CacheDescriptor->Size) ||
|
||||
(CacheDescriptor->DataLength >= CacheDescriptor->Size))
|
||||
{
|
||||
return STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
}
|
||||
__except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
return GetExceptionCode();
|
||||
}
|
||||
|
||||
|
||||
if (Callback) {
|
||||
if (Callback(CacheDescriptor, Context))
|
||||
break;
|
||||
}
|
||||
|
||||
__try {
|
||||
|
||||
CurrentPosition += CacheDescriptor->Size;
|
||||
if (CurrentPosition >= MaxPosition)
|
||||
break;
|
||||
|
||||
CacheDescriptor = (SL_KMEM_CACHE_VALUE_DESCRIPTOR*)RtlOffsetToPointer(CacheDescriptor, CacheDescriptor->Size);
|
||||
}
|
||||
__except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
return GetExceptionCode();
|
||||
}
|
||||
|
||||
} while (TRUE);
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* supSLCacheRead
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Read software licensing cache.
|
||||
*
|
||||
* N.B.
|
||||
*
|
||||
* Use supHeapFree to release allocated memory.
|
||||
*
|
||||
*/
|
||||
PVOID supSLCacheRead(
|
||||
VOID)
|
||||
{
|
||||
NTSTATUS Status;
|
||||
ULONG DataLength = 0;
|
||||
PVOID ReturnData = NULL;
|
||||
HANDLE KeyHandle = NULL;
|
||||
UNICODE_STRING ProductPolicyValue = RTL_CONSTANT_STRING(L"ProductPolicy");
|
||||
UNICODE_STRING ProductOptionsKey = RTL_CONSTANT_STRING(L"\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Control\\ProductOptions");
|
||||
OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
|
||||
KEY_VALUE_PARTIAL_INFORMATION *PolicyData;
|
||||
|
||||
__try {
|
||||
|
||||
InitializeObjectAttributes(&ObjectAttributes, &ProductOptionsKey, OBJ_CASE_INSENSITIVE, NULL, NULL);
|
||||
Status = NtOpenKey(&KeyHandle, KEY_READ, &ObjectAttributes);
|
||||
if (!NT_SUCCESS(Status))
|
||||
return NULL;
|
||||
|
||||
Status = NtQueryValueKey(KeyHandle, &ProductPolicyValue,
|
||||
KeyValuePartialInformation, NULL, 0, &DataLength);
|
||||
|
||||
if (Status == STATUS_BUFFER_TOO_SMALL) {
|
||||
PolicyData = (KEY_VALUE_PARTIAL_INFORMATION*)supHeapAlloc(DataLength);
|
||||
if (PolicyData) {
|
||||
|
||||
Status = NtQueryValueKey(KeyHandle, &ProductPolicyValue,
|
||||
KeyValuePartialInformation, PolicyData, DataLength, &DataLength);
|
||||
|
||||
if (NT_SUCCESS(Status) && (PolicyData->Type == REG_BINARY)) {
|
||||
ReturnData = PolicyData;
|
||||
}
|
||||
else {
|
||||
supHeapFree(PolicyData);
|
||||
}
|
||||
}
|
||||
}
|
||||
NtClose(KeyHandle);
|
||||
}
|
||||
__except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return ReturnData;
|
||||
}
|
||||
|
||||
/*
|
||||
* supSLCacheEnumerate
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Enumerate SL value descriptors and run optional callback.
|
||||
*
|
||||
*/
|
||||
BOOLEAN supSLCacheEnumerate(
|
||||
_In_ PVOID CacheData,
|
||||
_In_opt_ PENUMERATE_SL_CACHE_VALUE_DESCRIPTORS_CALLBACK Callback,
|
||||
_In_opt_ PVOID Context)
|
||||
{
|
||||
SL_KMEM_CACHE *Cache;
|
||||
|
||||
Cache = (SL_KMEM_CACHE*)((KEY_VALUE_PARTIAL_INFORMATION*)(CacheData))->Data;
|
||||
return NT_SUCCESS(supxEnumerateSLCacheValueDescriptors(Cache, Callback, Context));
|
||||
}
|
||||
|
||||
/*
|
||||
* supCreateFontIndirect
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Create font object.
|
||||
*
|
||||
*/
|
||||
HFONT supCreateFontIndirect(
|
||||
_In_ LPWSTR FaceName)
|
||||
{
|
||||
NONCLIENTMETRICS ncm;
|
||||
HFONT hFont = NULL;
|
||||
|
||||
ncm.cbSize = sizeof(NONCLIENTMETRICS);
|
||||
if (SystemParametersInfo(SPI_GETNONCLIENTMETRICS, sizeof(ncm), &ncm, 0)) {
|
||||
ncm.lfCaptionFont.lfHeight += ncm.lfSmCaptionFont.lfHeight / 4;
|
||||
ncm.lfCaptionFont.lfWeight = FW_NORMAL;
|
||||
ncm.lfCaptionFont.lfQuality = CLEARTYPE_QUALITY;
|
||||
ncm.lfCaptionFont.lfPitchAndFamily = FIXED_PITCH | FF_MODERN;
|
||||
_strncpy(ncm.lfCaptionFont.lfFaceName, LF_FACESIZE, FaceName, LF_FACESIZE);
|
||||
|
||||
hFont = CreateFontIndirect(&ncm.lfCaptionFont);
|
||||
}
|
||||
|
||||
return hFont;
|
||||
}
|
||||
|
||||
/*
|
||||
* supxGetShellViewForDesktop
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Use the shell view for the desktop using the shell windows automation to find the
|
||||
* desktop web browser and then grabs its view.
|
||||
*
|
||||
* N.B. Taken entirely from Windows SDK sample.
|
||||
*
|
||||
*/
|
||||
HRESULT supxGetShellViewForDesktop(
|
||||
REFIID riid,
|
||||
void **ppv
|
||||
)
|
||||
{
|
||||
IShellWindows *psw;
|
||||
HRESULT hr;
|
||||
HWND hwnd;
|
||||
IDispatch* pdisp;
|
||||
IShellBrowser *psb;
|
||||
VARIANT vtEmpty;
|
||||
IShellView *psv;
|
||||
|
||||
*ppv = NULL;
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
vtEmpty = {};
|
||||
hr = CoCreateInstance(CLSID_ShellWindows, NULL, CLSCTX_LOCAL_SERVER, IID_PPV_ARGS(&psw));
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
if (S_OK == psw->FindWindowSW(&vtEmpty, &vtEmpty, SWC_DESKTOP, (long*)&hwnd, SWFO_NEEDDISPATCH, &pdisp))
|
||||
{
|
||||
hr = IUnknown_QueryService(pdisp, SID_STopLevelBrowser, IID_PPV_ARGS(&psb));
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
|
||||
hr = psb->QueryActiveShellView(&psv);
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
hr = psv->QueryInterface(riid, ppv);
|
||||
psv->Release();
|
||||
}
|
||||
psb->Release();
|
||||
}
|
||||
pdisp->Release();
|
||||
}
|
||||
else
|
||||
{
|
||||
hr = E_FAIL;
|
||||
}
|
||||
psw->Release();
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
vtEmpty.vt = VT_EMPTY;
|
||||
hr = CoCreateInstance(&CLSID_ShellWindows, NULL, CLSCTX_LOCAL_SERVER, &IID_IShellWindows, &psw);
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
if (S_OK == psw->lpVtbl->FindWindowSW(psw, &vtEmpty, &vtEmpty, SWC_DESKTOP, (long*)&hwnd, SWFO_NEEDDISPATCH, &pdisp))
|
||||
{
|
||||
hr = IUnknown_QueryService((IUnknown*)pdisp, &SID_STopLevelBrowser, &IID_IShellBrowser, &psb);
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
hr = psb->lpVtbl->QueryActiveShellView(psb, &psv);
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
hr = psv->lpVtbl->QueryInterface(psv, riid, ppv);
|
||||
psv->lpVtbl->Release(psv);
|
||||
}
|
||||
psb->lpVtbl->Release(psb);
|
||||
}
|
||||
pdisp->lpVtbl->Release(pdisp);
|
||||
}
|
||||
else
|
||||
{
|
||||
hr = E_FAIL;
|
||||
}
|
||||
psw->lpVtbl->Release(psw);
|
||||
}
|
||||
|
||||
#endif
|
||||
return hr;
|
||||
}
|
||||
|
||||
/*
|
||||
* supxGetShellDispatchFromView
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* From a shell view object gets its automation interface and from that gets the shell
|
||||
* application object that implements IShellDispatch2 and related interfaces.
|
||||
*
|
||||
* N.B. Taken entirely from Windows SDK sample.
|
||||
*
|
||||
*/
|
||||
HRESULT supxGetShellDispatchFromView(IShellView *psv, REFIID riid, void **ppv)
|
||||
{
|
||||
HRESULT hr;
|
||||
IDispatch *pdispBackground;
|
||||
IShellFolderViewDual *psfvd;
|
||||
IDispatch *pdisp;
|
||||
|
||||
*ppv = NULL;
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
hr = psv->GetItemObject(SVGIO_BACKGROUND, IID_PPV_ARGS(&pdispBackground));
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
hr = pdispBackground->QueryInterface(IID_PPV_ARGS(&psfvd));
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
hr = psfvd->get_Application(&pdisp);
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
hr = pdisp->QueryInterface(riid, ppv);
|
||||
pdisp->Release();
|
||||
}
|
||||
psfvd->Release();
|
||||
}
|
||||
pdispBackground->Release();
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
hr = psv->lpVtbl->GetItemObject(psv, SVGIO_BACKGROUND, &IID_IDispatch, &pdispBackground);
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
hr = pdispBackground->lpVtbl->QueryInterface(pdispBackground, &IID_IShellFolderViewDual, &psfvd);
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
hr = psfvd->lpVtbl->get_Application(psfvd, &pdisp);
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
hr = pdisp->lpVtbl->QueryInterface(pdisp, riid, ppv);
|
||||
pdisp->lpVtbl->Release(pdisp);
|
||||
}
|
||||
psfvd->lpVtbl->Release(psfvd);
|
||||
}
|
||||
pdispBackground->lpVtbl->Release(pdispBackground);
|
||||
}
|
||||
|
||||
#endif
|
||||
return hr;
|
||||
}
|
||||
|
||||
/*
|
||||
* supShellExecInExplorerProcess
|
||||
*
|
||||
* Purpose:
|
||||
*
|
||||
* Run ShellExecute from Windows Explorer process through shell interfaces
|
||||
* making it run with IL of Windows Explorer and not WinObjEx64.
|
||||
*
|
||||
* N.B. Taken entirely from Windows SDK sample.
|
||||
*
|
||||
*/
|
||||
HRESULT WINAPI supShellExecInExplorerProcess(
|
||||
_In_ PCWSTR pszFile)
|
||||
{
|
||||
HRESULT hr = CoInitializeEx(NULL, COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE);
|
||||
IShellView *psv;
|
||||
IShellDispatch2 *psd;
|
||||
BSTR bstrFile;
|
||||
VARIANT vtEmpty;
|
||||
|
||||
if (SUCCEEDED(hr)) {
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
hr = supxGetShellViewForDesktop(IID_PPV_ARGS(&psv));
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
hr = supxGetShellDispatchFromView(psv, IID_PPV_ARGS(&psd));
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
bstrFile = SysAllocString(pszFile);
|
||||
hr = bstrFile ? S_OK : E_OUTOFMEMORY;
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
vtEmpty = {};
|
||||
hr = psd->ShellExecuteW(bstrFile, vtEmpty, vtEmpty, vtEmpty, vtEmpty);
|
||||
SysFreeString(bstrFile);
|
||||
}
|
||||
psd->Release();
|
||||
}
|
||||
psv->Release();
|
||||
}
|
||||
|
||||
#else
|
||||
hr = supxGetShellViewForDesktop(&IID_IShellView, &psv);
|
||||
if (SUCCEEDED(hr)) {
|
||||
hr = supxGetShellDispatchFromView(psv, &IID_IShellDispatch2, &psd);
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
bstrFile = SysAllocString(pszFile);
|
||||
hr = bstrFile ? S_OK : E_OUTOFMEMORY;
|
||||
if (SUCCEEDED(hr))
|
||||
{
|
||||
vtEmpty.vt = VT_EMPTY;
|
||||
hr = psd->lpVtbl->ShellExecuteW(psd, bstrFile, vtEmpty, vtEmpty, vtEmpty, vtEmpty);
|
||||
SysFreeString(bstrFile);
|
||||
}
|
||||
|
||||
psd->lpVtbl->Release(psd);
|
||||
}
|
||||
psv->lpVtbl->Release(psv);
|
||||
}
|
||||
#endif
|
||||
CoUninitialize();
|
||||
}
|
||||
return hr;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: SUP.H
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 30 Mar 2019
|
||||
* DATE: 18 May 2019
|
||||
*
|
||||
* Common header file for the program support routines.
|
||||
*
|
||||
|
|
@ -64,6 +64,12 @@ typedef struct _OBEX_THREAD_LOOKUP_ENTRY {
|
|||
PVOID EntryPtr;
|
||||
} OBEX_THREAD_LOOKUP_ENTRY, *POBEX_THREAD_LOOKUP_ENTRY;
|
||||
|
||||
// return true to stop enumeration
|
||||
typedef BOOL(CALLBACK *PENUMERATE_SL_CACHE_VALUE_DESCRIPTORS_CALLBACK)(
|
||||
_In_ SL_KMEM_CACHE_VALUE_DESCRIPTOR *CacheDescriptor,
|
||||
_In_opt_ PVOID Context
|
||||
);
|
||||
|
||||
typedef struct _PROCESS_MITIGATION_POLICIES_ALL {
|
||||
PROCESS_MITIGATION_DEP_POLICY DEPPolicy;
|
||||
PROCESS_MITIGATION_ASLR_POLICY ASLRPolicy;
|
||||
|
|
@ -249,8 +255,8 @@ LPWSTR supGetItemText2(
|
|||
_In_ HWND ListView,
|
||||
_In_ INT nItem,
|
||||
_In_ INT nSubItem,
|
||||
_In_ LPWSTR pszText,
|
||||
_In_ UINT cbText);
|
||||
_In_ WCHAR *pszText,
|
||||
_In_ UINT cchText);
|
||||
|
||||
BOOL supQueryLinkTarget(
|
||||
_In_opt_ HANDLE hRootDirectory,
|
||||
|
|
@ -525,7 +531,7 @@ NTSTATUS supOpenThread(
|
|||
|
||||
BOOL supPrintTimeConverted(
|
||||
_In_ PLARGE_INTEGER Time,
|
||||
_In_ LPWSTR lpBuffer,
|
||||
_In_ WCHAR *lpszBuffer,
|
||||
_In_ SIZE_T cchBuffer);
|
||||
|
||||
BOOL supGetListViewItemParam(
|
||||
|
|
@ -577,3 +583,17 @@ BOOL supPHLCreate(
|
|||
_In_ PBYTE ProcessList,
|
||||
_Out_ PULONG NumberOfProcesses,
|
||||
_Out_ PULONG NumberOfThreads);
|
||||
|
||||
PVOID supSLCacheRead(
|
||||
VOID);
|
||||
|
||||
BOOLEAN supSLCacheEnumerate(
|
||||
_In_ PVOID CacheData,
|
||||
_In_opt_ PENUMERATE_SL_CACHE_VALUE_DESCRIPTORS_CALLBACK Callback,
|
||||
_In_opt_ PVOID Context);
|
||||
|
||||
HFONT supCreateFontIndirect(
|
||||
_In_ LPWSTR FaceName);
|
||||
|
||||
HRESULT WINAPI supShellExecInExplorerProcess(
|
||||
_In_ PCWSTR pszFile);
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: TESTUNIT.C
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 20 Mar 2019
|
||||
* DATE: 12 May 2019
|
||||
*
|
||||
* Test code used while debug.
|
||||
*
|
||||
|
|
@ -17,10 +17,10 @@
|
|||
*
|
||||
*******************************************************************************/
|
||||
#include "global.h"
|
||||
#include "ntldr.h"
|
||||
#include <intrin.h>
|
||||
#include <aclapi.h>
|
||||
|
||||
|
||||
HANDLE g_TestIoCompletion = NULL, g_TestTransaction = NULL;
|
||||
HANDLE g_TestNamespace = NULL, g_TestMutex = NULL;
|
||||
HANDLE g_TestMailslot = NULL;
|
||||
|
|
@ -28,12 +28,97 @@ HANDLE g_DebugObject = NULL;
|
|||
HANDLE g_TestJob = NULL;
|
||||
HDESK g_TestDesktop = NULL;
|
||||
HANDLE g_TestThread = NULL;
|
||||
HANDLE g_TestPortThread = NULL;
|
||||
HANDLE g_PortHandle;
|
||||
|
||||
typedef struct _LPC_USER_MESSAGE {
|
||||
PORT_MESSAGE Header;
|
||||
BYTE Data[128];
|
||||
} LPC_USER_MESSAGE, *PLPC_USER_MESSAGE;
|
||||
|
||||
typedef struct _QUERY_REQUEST {
|
||||
ULONG Data;
|
||||
} QUERY_REQUEST, *PQUERY_REQUEST;
|
||||
|
||||
#define WOBJEX_TEST_PORT L"\\Rpc Control\\WinObjEx_ServiceTestPort48429"
|
||||
|
||||
DWORD WINAPI LPCListener(LPVOID lpThreadParameter)
|
||||
{
|
||||
NTSTATUS Status;
|
||||
LPC_USER_MESSAGE UserMessage;
|
||||
PQUERY_REQUEST QueryRequest;
|
||||
|
||||
UNICODE_STRING PortName = RTL_CONSTANT_STRING(WOBJEX_TEST_PORT);
|
||||
OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
|
||||
HANDLE ConnectPort;
|
||||
|
||||
UNREFERENCED_PARAMETER(lpThreadParameter);
|
||||
|
||||
InitializeObjectAttributes(&ObjectAttributes, &PortName, OBJ_CASE_INSENSITIVE, NULL, NULL);
|
||||
|
||||
Status = NtCreatePort(&g_PortHandle,
|
||||
&ObjectAttributes,
|
||||
0,
|
||||
sizeof(LPC_USER_MESSAGE),
|
||||
0);
|
||||
|
||||
if (!NT_SUCCESS(Status)) {
|
||||
ExitThread(0);
|
||||
}
|
||||
|
||||
do {
|
||||
|
||||
RtlSecureZeroMemory(&UserMessage, sizeof(UserMessage));
|
||||
if (!NT_SUCCESS(NtListenPort(g_PortHandle, &UserMessage.Header)))
|
||||
break;
|
||||
|
||||
ConnectPort = NULL;
|
||||
if (!NT_SUCCESS(NtAcceptConnectPort(&ConnectPort,
|
||||
NULL,
|
||||
&UserMessage.Header,
|
||||
TRUE,
|
||||
NULL,
|
||||
NULL)))
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
if (NT_SUCCESS(NtCompleteConnectPort(ConnectPort))) {
|
||||
|
||||
__try {
|
||||
|
||||
RtlSecureZeroMemory(&UserMessage, sizeof(UserMessage));
|
||||
NtReplyWaitReceivePort(ConnectPort, NULL, NULL, &UserMessage.Header);
|
||||
|
||||
QueryRequest = (PQUERY_REQUEST)&UserMessage.Data;
|
||||
DbgPrint("Data=%lx", QueryRequest->Data);
|
||||
if (QueryRequest->Data == 1)
|
||||
break;
|
||||
|
||||
}
|
||||
__except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
DbgPrint("ListenerException%lx", GetExceptionCode());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
NtClose(ConnectPort);
|
||||
|
||||
} while (TRUE);
|
||||
|
||||
NtClose(g_PortHandle);
|
||||
|
||||
ExitThread(0);
|
||||
}
|
||||
|
||||
VOID TestApiPort(
|
||||
VOID
|
||||
)
|
||||
{
|
||||
DWORD tid;
|
||||
g_TestPortThread = CreateThread(NULL, 0,
|
||||
(LPTHREAD_START_ROUTINE)LPCListener, NULL, 0, &tid);
|
||||
}
|
||||
|
||||
VOID TestDebugObject(
|
||||
|
|
@ -55,7 +140,6 @@ VOID TestMailslot(
|
|||
VOID
|
||||
)
|
||||
{
|
||||
BOOL bCond = FALSE;
|
||||
NTSTATUS status;
|
||||
OBJECT_ATTRIBUTES obja;
|
||||
UNICODE_STRING ustr = RTL_CONSTANT_STRING(L"\\Device\\Mailslot\\TestMailslot");
|
||||
|
|
@ -112,7 +196,7 @@ VOID TestMailslot(
|
|||
pSD,
|
||||
TRUE,
|
||||
pACL,
|
||||
FALSE))
|
||||
FALSE))
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
|
@ -133,7 +217,7 @@ VOID TestMailslot(
|
|||
__nop();
|
||||
}
|
||||
|
||||
} while (bCond);
|
||||
} while (FALSE);
|
||||
|
||||
if (pAdminSID) FreeSid(pAdminSID);
|
||||
if (pEveryoneSID) FreeSid(pEveryoneSID);
|
||||
|
|
@ -204,7 +288,6 @@ VOID TestPrivateNamespace(
|
|||
VOID
|
||||
)
|
||||
{
|
||||
BOOL cond = FALSE;
|
||||
DWORD LastError = 0;
|
||||
HANDLE hBoundaryDescriptor = NULL, hBoundaryDescriptor2 = NULL;
|
||||
BYTE localSID[SECURITY_MAX_SID_SIZE];
|
||||
|
|
@ -257,9 +340,9 @@ VOID TestPrivateNamespace(
|
|||
sa.bInheritHandle = FALSE;
|
||||
if (!ConvertStringSecurityDescriptorToSecurityDescriptor(
|
||||
TEXT("D:(A;;GA;;;BA)"),
|
||||
SDDL_REVISION_1,
|
||||
&sa.lpSecurityDescriptor,
|
||||
NULL))
|
||||
SDDL_REVISION_1,
|
||||
&sa.lpSecurityDescriptor,
|
||||
NULL))
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
|
@ -275,9 +358,9 @@ VOID TestPrivateNamespace(
|
|||
}
|
||||
g_TestMutex = CreateMutex(NULL, FALSE, TEXT("NamespaceAlias\\TestMutex"));
|
||||
|
||||
// hMutex = OpenMutex(MUTEX_ALL_ACCESS, FALSE, TEXT("NamespaceAlias\\TestMutex"));
|
||||
// if (hMutex)
|
||||
// CloseHandle(hMutex);
|
||||
// hMutex = OpenMutex(MUTEX_ALL_ACCESS, FALSE, TEXT("NamespaceAlias\\TestMutex"));
|
||||
// if (hMutex)
|
||||
// CloseHandle(hMutex);
|
||||
|
||||
|
||||
RtlInitUnicodeString(&MutexName, TEXT("TestMutex"));
|
||||
|
|
@ -300,9 +383,9 @@ VOID TestPrivateNamespace(
|
|||
if (!CreateWellKnownSid(WinWorldSid, NULL, pLocalAdminSID, &cbSID)) {
|
||||
break;
|
||||
}
|
||||
/* if (!NT_SUCCESS(RtlAddSIDToBoundaryDescriptor(&hBoundaryDescriptor2, pLocalAdminSID))) {
|
||||
break;
|
||||
}*/
|
||||
/* if (!NT_SUCCESS(RtlAddSIDToBoundaryDescriptor(&hBoundaryDescriptor2, pLocalAdminSID))) {
|
||||
break;
|
||||
}*/
|
||||
|
||||
RtlSecureZeroMemory(&sa, sizeof(sa));
|
||||
sa.nLength = sizeof(sa);
|
||||
|
|
@ -339,7 +422,7 @@ VOID TestPrivateNamespace(
|
|||
hMutex2 = OpenMutex(MUTEX_ALL_ACCESS, FALSE, L"NamespaceAlias\\TestMutex");
|
||||
if (hMutex2) CloseHandle(hMutex2);
|
||||
|
||||
} while (cond);
|
||||
} while (FALSE);
|
||||
|
||||
if (hBoundaryDescriptor) RtlDeleteBoundaryDescriptor(hBoundaryDescriptor);
|
||||
}
|
||||
|
|
@ -414,7 +497,7 @@ VOID TestJob()
|
|||
NULL,
|
||||
NULL,
|
||||
&si,
|
||||
&pi))
|
||||
&pi))
|
||||
{
|
||||
AssignProcessToJobObject(g_TestJob, pi.hProcess);
|
||||
CloseHandle(pi.hThread);
|
||||
|
|
@ -430,7 +513,7 @@ VOID TestPsObjectSecurity(
|
|||
DWORD dwErr;
|
||||
PACL EmptyDacl;
|
||||
HANDLE hObject;
|
||||
|
||||
|
||||
if (bThread)
|
||||
hObject = GetCurrentThread();
|
||||
else
|
||||
|
|
@ -440,20 +523,20 @@ VOID TestPsObjectSecurity(
|
|||
if (EmptyDacl) {
|
||||
|
||||
if (!InitializeAcl(
|
||||
EmptyDacl,
|
||||
sizeof(ACL),
|
||||
ACL_REVISION))
|
||||
EmptyDacl,
|
||||
sizeof(ACL),
|
||||
ACL_REVISION))
|
||||
{
|
||||
dwErr = GetLastError();
|
||||
}
|
||||
else {
|
||||
|
||||
|
||||
dwErr = SetSecurityInfo(hObject,
|
||||
SE_KERNEL_OBJECT,
|
||||
DACL_SECURITY_INFORMATION,
|
||||
NULL,
|
||||
NULL,
|
||||
EmptyDacl,
|
||||
DACL_SECURITY_INFORMATION,
|
||||
NULL,
|
||||
NULL,
|
||||
EmptyDacl,
|
||||
NULL);
|
||||
}
|
||||
|
||||
|
|
@ -511,9 +594,136 @@ VOID TestThread()
|
|||
g_TestThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)TokenImpersonationThreadProc, NULL, 0, &tid);
|
||||
}
|
||||
|
||||
VOID TestApiSetResolve()
|
||||
{
|
||||
ULONG i, Version;
|
||||
PVOID Data;
|
||||
BOOL Resolved;
|
||||
|
||||
NTSTATUS Status;
|
||||
|
||||
UNICODE_STRING ApiSetLibrary;
|
||||
UNICODE_STRING ParentLibrary;
|
||||
UNICODE_STRING ResolvedHostLibrary;
|
||||
|
||||
NtLdrApiSetLoadFromPeb(&Version, &Data);
|
||||
|
||||
LPWSTR ToResolve[12] = {
|
||||
L"hui-ms-win-core-app-l1-2-3.dll",
|
||||
L"api-ms-win-nevedomaya-ebanaya-hyinua-l1-1-3.dll",
|
||||
L"api-ms-win-core-appinit-l1-1-0.dll",
|
||||
L"api-ms-win-core-com-private-l1-2-0",
|
||||
L"ext-ms-win-fs-clfs-l1-1-0.dll",
|
||||
L"ext-ms-win-core-app-package-registration-l1-1-1",
|
||||
L"ext-ms-win-shell-ntshrui-l1-1-0.dll",
|
||||
NULL,
|
||||
L"api-ms-win-core-psapi-l1-1-0.dll",
|
||||
L"api-ms-win-core-enclave-l1-1-1.dll",
|
||||
L"api-ms-onecoreuap-print-render-l1-1-0.dll",
|
||||
L"api-ms-win-deprecated-apis-advapi-l1-1-0.dll"
|
||||
};
|
||||
|
||||
|
||||
for (i = 0; i < 12; i++) {
|
||||
RtlInitUnicodeString(&ApiSetLibrary, ToResolve[i]);
|
||||
|
||||
Status = NtLdrApiSetResolveLibrary(Data,
|
||||
&ApiSetLibrary,
|
||||
NULL,
|
||||
&Resolved,
|
||||
&ResolvedHostLibrary);
|
||||
|
||||
if (NT_SUCCESS(Status)) {
|
||||
if (Resolved) {
|
||||
DbgPrint("%wZ\r\n", ResolvedHostLibrary);
|
||||
RtlFreeUnicodeString(&ResolvedHostLibrary);
|
||||
}
|
||||
else {
|
||||
DbgPrint("Could not resolve apiset %wZ\r\n", ApiSetLibrary);
|
||||
}
|
||||
}
|
||||
else {
|
||||
DbgPrint("NtLdrApiSetResolveLibrary failed 0x%lx\r\n", Status);
|
||||
}
|
||||
}
|
||||
|
||||
RtlInitUnicodeString(&ParentLibrary, L"kernel32.dll");
|
||||
RtlInitUnicodeString(&ApiSetLibrary, L"api-ms-win-core-processsecurity-l1-1-0.dll");
|
||||
|
||||
Status = NtLdrApiSetResolveLibrary(Data,
|
||||
&ApiSetLibrary,
|
||||
&ParentLibrary,
|
||||
&Resolved,
|
||||
&ResolvedHostLibrary);
|
||||
|
||||
if (NT_SUCCESS(Status)) {
|
||||
if (Resolved) {
|
||||
DbgPrint("Resolved apiset %wZ\r\n", ResolvedHostLibrary);
|
||||
RtlFreeUnicodeString(&ResolvedHostLibrary);
|
||||
}
|
||||
else {
|
||||
DbgPrint("Could not resolve apiset %wZ\r\n", ApiSetLibrary);
|
||||
}
|
||||
}
|
||||
else {
|
||||
DbgPrint("NtLdrApiSetResolveLibrary failed 0x%lx\r\n", Status);
|
||||
}
|
||||
}
|
||||
|
||||
BOOL CALLBACK EnumerateSLValueDescriptorCallback(
|
||||
_In_ SL_KMEM_CACHE_VALUE_DESCRIPTOR *CacheDescriptor,
|
||||
_In_opt_ PVOID Context
|
||||
)
|
||||
{
|
||||
WCHAR *EntryName;
|
||||
CHAR *EntryType;
|
||||
|
||||
UNREFERENCED_PARAMETER(Context);
|
||||
|
||||
EntryName = (PWCHAR)supHeapAlloc(CacheDescriptor->NameLength + sizeof(WCHAR));
|
||||
if (EntryName) {
|
||||
|
||||
RtlCopyMemory(EntryName, CacheDescriptor->Name, CacheDescriptor->NameLength);
|
||||
|
||||
switch (CacheDescriptor->Type) {
|
||||
case SL_DATA_SZ:
|
||||
EntryType = "SL_DATA_SZ";
|
||||
break;
|
||||
case SL_DATA_DWORD:
|
||||
EntryType = "SL_DATA_DWORD";
|
||||
break;
|
||||
case SL_DATA_BINARY:
|
||||
EntryType = "SL_DATA_BINARY";
|
||||
break;
|
||||
case SL_DATA_MULTI_SZ:
|
||||
EntryType = "SL_DATA_MULTI_SZ";
|
||||
break;
|
||||
case SL_DATA_SUM:
|
||||
EntryType = "SL_DATA_SUM";
|
||||
break;
|
||||
|
||||
default:
|
||||
EntryType = "Unknown";
|
||||
}
|
||||
|
||||
DbgPrint("%ws, %s\r\n", EntryName, EntryType);
|
||||
supHeapFree(EntryName);
|
||||
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
VOID TestLicenseCache()
|
||||
{
|
||||
PVOID CacheData = supSLCacheRead();
|
||||
if (CacheData) {
|
||||
supSLCacheEnumerate(CacheData, EnumerateSLValueDescriptorCallback, NULL);
|
||||
supHeapFree(CacheData);
|
||||
}
|
||||
}
|
||||
|
||||
VOID TestCall()
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
VOID TestStart(
|
||||
|
|
@ -521,6 +731,8 @@ VOID TestStart(
|
|||
)
|
||||
{
|
||||
//TestPsObjectSecurity();
|
||||
TestLicenseCache();
|
||||
TestApiSetResolve();
|
||||
TestDesktop();
|
||||
TestCall();
|
||||
TestApiPort();
|
||||
|
|
@ -564,4 +776,8 @@ VOID TestStop(
|
|||
TerminateThread(g_TestThread, 0);
|
||||
CloseHandle(g_TestThread);
|
||||
}
|
||||
if (g_TestPortThread) {
|
||||
TerminateThread(g_TestPortThread, 0);
|
||||
CloseHandle(g_TestPortThread);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
/*******************************************************************************
|
||||
*
|
||||
* (C) COPYRIGHT AUTHORS, 2015 - 2018
|
||||
* (C) COPYRIGHT AUTHORS, 2015 - 2019
|
||||
*
|
||||
* TITLE: TREELIST.C
|
||||
*
|
||||
* VERSION: 1.27
|
||||
* VERSION: 1.28
|
||||
*
|
||||
* DATE: 31 Mar 2018
|
||||
* DATE: 15 May 2019
|
||||
*
|
||||
* TreeList control.
|
||||
*
|
||||
|
|
@ -681,7 +681,7 @@ LRESULT CALLBACK TreeListWindowProc(
|
|||
}
|
||||
|
||||
result = SendMessage((HWND)GetWindowLongPtr(hwnd, TL_TREECONTROL_SLOT), TVM_SETITEM, 0, (LPARAM)&item);
|
||||
HeapFree(hheap, 0, subitems);
|
||||
if (subitems) HeapFree(hheap, 0, subitems);
|
||||
return result;
|
||||
|
||||
case TVM_INSERTITEM:
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@
|
|||
*
|
||||
* TITLE: UI.H
|
||||
*
|
||||
* VERSION: 1.73
|
||||
* VERSION: 1.74
|
||||
*
|
||||
* DATE: 31 Mar 2019
|
||||
* DATE: 12 May 2019
|
||||
*
|
||||
* Common header file for the user interface.
|
||||
*
|
||||
|
|
@ -33,7 +33,7 @@ typedef HWND(WINAPI *pfnHtmlHelpW)(
|
|||
_In_ DWORD_PTR dwData
|
||||
);
|
||||
|
||||
#define PROGRAM_VERSION L"1.7.3"
|
||||
#define PROGRAM_VERSION L"1.7.4"
|
||||
#ifdef _USE_OWN_DRIVER
|
||||
#define PROGRAM_NAME L"Windows Object Explorer 64-bit (Non-public version)"
|
||||
#else
|
||||
|
|
@ -69,6 +69,7 @@ typedef enum _WOBJ_DIALOGS_ID {
|
|||
wobjPsListDlgId,
|
||||
wobjDriversDlgId,
|
||||
wobjCallbacksDlgId,
|
||||
wobjSLCacheDlgId,
|
||||
wobjMaxDlgId
|
||||
} WOBJ_DIALOGS_ID;
|
||||
|
||||
|
|
@ -166,6 +167,11 @@ typedef struct _VALUE_DESC {
|
|||
//props used by ipc dialogs
|
||||
#define T_IPCDLGCONTEXT TEXT("IpcDlgContext")
|
||||
|
||||
//prop for font
|
||||
#define T_PROP_FONT TEXT("propFont")
|
||||
|
||||
#define T_DEFAULT_AUX_FONT TEXT("Courier New")
|
||||
|
||||
//Calendar
|
||||
static LPCWSTR g_szMonths[12] = {
|
||||
L"Jan",
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
8e1c7d83f179b6bbf4b58f8197bd818b8a2306e6b3ecd901e9f51eae024277c9 *Compiled\WHATSNEW_170.md
|
||||
e192abb83dded0fe227f3fe69cb0ac7aaa197941917afd497b4cf8796a03e041 *Compiled\WHATSNEW_173.md
|
||||
4c791da520a9e3a1322dea6d1eb9ec95117eda3c240a62ee2d8ec1deee688e51 *Compiled\WinObjEx64.chm
|
||||
6b09854a124dced9502c55436845f352e7653d946636e911b630b00202891eb4 *Compiled\WinObjEx64.exe
|
||||
caccb67d70daa44afea194da6bc8b8e5d0903c36da19ee62fd42ca286f8a23d4 *Compiled\WinObjEx64.exe
|
||||
0505a450a13d5b742df2395c90af4e3029b05ce2157ee68f0c9e18a580c88091 *Docs\Callbacks.pdf
|
||||
7e2b0bcb3a2f0947f1effed2306d0178e4ad28da6427d5d7735017630bfb960a *Screenshots\CallbackObjectView.png
|
||||
88def410b5810caf649aa5402fed789e9be0c4bd2d18019ea3db25110b510acf *Screenshots\CallbacksView.png
|
||||
|
|
@ -21,12 +21,12 @@ cb66fca90766db12474ce057436364dabaf3e948f6ffa7e9651f869656f0b33c *Screenshots\Vi
|
|||
ef65a909e8d9bc7ec94ecbc0f465f24a7968d6675eadf7f25f6414c66d6b28be *Screenshots\ViewingTypeInformation.png
|
||||
db0ab26d20a62ba7c9c844e916e88168b72a7e52932d3483eb2d0a2e535b75a8 *Screenshots\ViewingUserSharedData.png
|
||||
9e2b64f390c609172c5791dd138a748d31bf4d2cc839f01dbd514afe1cdfd083 *Screenshots\W32pServiceTableView.png
|
||||
0efb645bca20ab7d8d4e587787c6f191586b9bfe11566ce086edc949bfa28b9b *Source\CHANGELOG.txt
|
||||
01bbc188cd5b4a6b29b5c8455453e2389a90d73faad3753d66f60e22fa1dfa2f *Source\FILELIST.txt
|
||||
525867ba7c6ef674a00828b0c6b056f4a1ac2aa61cf53a52c4f96cd2374bbdd9 *Source\CHANGELOG.txt
|
||||
13cab2ba792ab2f38004542a03d1d16a73d4436f34650b896426fb96ffcaed57 *Source\FILELIST.txt
|
||||
55eed414926c47b0bfc5000eeabb882d77d78e17b5be94ca229e681f009b0740 *Source\TypesWithNoDesc.txt
|
||||
c9f95efd2433985838f6a45acc77464e0e79ea088b6ccbc267fd76bfb87029a2 *Source\WinObjEx64.sln
|
||||
39a976ac4e1b76c2058815c5017bd3acceb69950286cfdf8c5704b7e31b8cca0 *Source\drvstore\kldbgdrv.sys
|
||||
df09f9af0a46cbcd43ef17552626a1d97a3c210f2249cbbad48839962704ae2a *Source\WinObjEx64\aboutDlg.c
|
||||
fbda1418476c3e01b8c0fe6739d420ea8f199f058d3eb4b3ddea61816c317bcc *Source\WinObjEx64\aboutDlg.c
|
||||
dc5ad976533a91292022a15f741a95d04663849c34fced1432a830726341d51d *Source\WinObjEx64\aboutDlg.h
|
||||
4ec2d4d3e73a5472aa235fe7032d5e5e04065ff87d9d8c2fe9df81b9815feb55 *Source\WinObjEx64\driver.rc
|
||||
a86fac462675734800d4768acff7b83825e5445feae06f2a574deff2a91fda66 *Source\WinObjEx64\excepth.c
|
||||
|
|
@ -36,44 +36,46 @@ a86fac462675734800d4768acff7b83825e5445feae06f2a574deff2a91fda66 *Source\WinObjE
|
|||
084b94239564ece50143f87dad3b4a45a67c9e354134afcf99a2b7fa8331526b *Source\WinObjEx64\extdef.h
|
||||
a04f374a0c23701ced8095fa2edc1a5ee773338a25c65635d3b02bfb633007e8 *Source\WinObjEx64\findDlg.c
|
||||
8cc5a4ba98d74221405a13cde0f357db970500a4b44c711b5fd97d30cce904e8 *Source\WinObjEx64\findDlg.h
|
||||
9e214a3f38c408e27a6aaa4ab8d5473d77350bb5214ee5bc7d2d0976404d462e *Source\WinObjEx64\global.h
|
||||
9c3e336a34d15f8c753ae828a0f350bab607ceb5dc312314253174b639c64cf6 *Source\WinObjEx64\global.h
|
||||
83c13c78fad06bc6a6d726cf73136aa98dce5bb59875e49d01e8e253d07f6ca6 *Source\WinObjEx64\instdrv.c
|
||||
9fdf8d26ea566d84e8907d7363f418263a2b9f3d5aa4df2f1211a28c29e0646b *Source\WinObjEx64\instdrv.h
|
||||
cf16c44d49094ef948fe151fd459ef4e556830d0007c57765a52bb2e64632d84 *Source\WinObjEx64\kldbg.c
|
||||
7739d168329061916ec7e276d43765251888817bb9ef5f26c6a6c3d9fc6086a3 *Source\WinObjEx64\kldbg.c
|
||||
8c9974e70aa7e55b58c492f911860c63b5ba2fcd92e9cb4b75f0d25f6378ac19 *Source\WinObjEx64\kldbg.h
|
||||
d8bf76d9d920f6ae72379ce7823d1dd7e0696af2cb238da84b5543eff9ab188a *Source\WinObjEx64\kldbg_patterns.h
|
||||
1f67ecc6cf5e9b6c286e9766ccece4a8388d6aabfc91575dca4c90986af2c76b *Source\WinObjEx64\list.c
|
||||
39b38d78239a0d20aaad823241f1bb4b659810b0d1fdb7d4eb3826f6113f0e06 *Source\WinObjEx64\list.c
|
||||
6e82d0f095bdcf1676445ae46f9fb455164108a3ea242f83793e964158e47f4a *Source\WinObjEx64\list.h
|
||||
d1a9b69aeafab18f3dfbc2166cf2f839cffffd757d6629f8a002d171d489ca05 *Source\WinObjEx64\main.c
|
||||
4139ca0d2f669ad650b914725147068c8fac513cc6a9e80f3fa46ea70d92c010 *Source\WinObjEx64\main.c
|
||||
5d2b9be96b42044e0f09a6a901c194934a1dc2d2e7cf14d65e6414b22ec89765 *Source\WinObjEx64\msvcver.h
|
||||
113f65321f288dc8800af816e568c72f108d41579a500802549b95c8d23a6f6d *Source\WinObjEx64\objects.c
|
||||
82c8fcbfddc43873aaf702ec7a140ad46b1708eb9d0c5d32ee190482dc851124 *Source\WinObjEx64\objects.h
|
||||
f71074543359da538935a77bca9fb5be9d358dd4c296f8917b50eb0ff3a2841b *Source\WinObjEx64\resource.h
|
||||
7aadd1a8365266b2cad59d9431950429f468bd39f207a8957de34a83fe3b1bf5 *Source\WinObjEx64\Resource.rc
|
||||
73ee555bfb10d32fd3850e5ba8fb1084aceb76ff2073bac3d7117a198b1daa4e *Source\WinObjEx64\sup.c
|
||||
6d242c6ecb98cbe180759d1164706ef151f4aeb4f28293370a09cff35fc1e9d8 *Source\WinObjEx64\sup.h
|
||||
78a5f47a689e1cd996cf60381c307b1d093505ea9a829b46c719864e0c097855 *Source\WinObjEx64\resource.h
|
||||
bb3772859ce4632e563da4c51d0f01d72db92df448610630a16d73bebe5d31f9 *Source\WinObjEx64\Resource.rc
|
||||
e0e6fc06adc600250872dfdc7f469580f40bf0de6cc2544d59f9e37eeccde83c *Source\WinObjEx64\sup.c
|
||||
93aa490969bb3c88470dfb94e628fd85135e6a1746547b3fafc65034860e0383 *Source\WinObjEx64\sup.h
|
||||
33d3b8fb0ea05c6fa998ea9527353a8d617a9411257098a40a4a39972527a711 *Source\WinObjEx64\supConsts.h
|
||||
7db89a3a4f3b659a3114f02c0b8660967d5c97f65bc73d12b6cda841c0e05566 *Source\WinObjEx64\ui.h
|
||||
36df754bea67837d0466a62bf47aa86b775d0b64e7ac20f7ebaeb3e62c5ae9aa *Source\WinObjEx64\ui.h
|
||||
67af937cc90b2da92997dbf4d411808357c784cad03445a1359c5b42e7fd0581 *Source\WinObjEx64\wine.c
|
||||
3d81ad5d6123ea2a980c53ceb59525dbbafd7f42a2438b1ba2de80b777df555d *Source\WinObjEx64\wine.h
|
||||
e0699b4e0e034a1495a9c9273cecf9dd155be4ff3924ae32db88a0145f8e1980 *Source\WinObjEx64\WinObjEx64.vcxproj
|
||||
c15fba52767e6f1cad903cfef0d7a9ba5d7bd0836f98602cb2628fc962690528 *Source\WinObjEx64\WinObjEx64.vcxproj.filters
|
||||
498037043c76d344e17c362faebc5521f0cf35685c173bf7e12cd2e23e0026ab *Source\WinObjEx64\WinObjEx64.vcxproj
|
||||
0ddc5c23a4a8eb4b2d4222b7129ebb237539fa86d3ec99d4d7eae0f8d0d96632 *Source\WinObjEx64\WinObjEx64.vcxproj.filters
|
||||
01518a6e531dc66d7287f664f7c67241fb4de1fb6f9d11d60a04ce02712b20dd *Source\WinObjEx64\WinObjEx64.vcxproj.user
|
||||
7beb688a42e174c5d6000188e45595dd7107c19aa9b37dd96511cfcdc108f66c *Source\WinObjEx64\extras\extras.c
|
||||
ee45ca34fa0c668b12c18c5e0e5a86d0466cd1fce187174b1fc800b49e82dafd *Source\WinObjEx64\extras\extras.h
|
||||
16c50eac5b40383b8311ac3e6592ca8cc944c8ffed57d2813960c3150a86ff31 *Source\WinObjEx64\extras\extras.c
|
||||
4c4db75e6f0a3dd2b76ef9c45f5820983fd4376eb4ac42d896b5134e0865c60a *Source\WinObjEx64\extras\extras.h
|
||||
d2b0c1cc7601c51f9e3af49a4bbb318b69f9a8a4af112127442d2e93fc83170c *Source\WinObjEx64\extras\extrasCallbacks.c
|
||||
28618459665591661138fbceee04deb7b15349cf502d994ecebd2a8846d89589 *Source\WinObjEx64\extras\extrasCallbacks.h
|
||||
9f69736281332b7c751218c7717e0e2af7edc15626e0115bbb50e62a6603f65f *Source\WinObjEx64\extras\extrasDrivers.c
|
||||
90f1ba08cd30fceca050b1e813f7c62d6d04a7c236dafcc8ed78e28b7aebd05c *Source\WinObjEx64\extras\extrasDrivers.c
|
||||
48c930afb73678d4614bf2dbf0df9295b08a9af80a5f9c878eeb2bf9f53c6c95 *Source\WinObjEx64\extras\extrasDrivers.h
|
||||
cea046103d7eb4dd0e342c9022c1d2d3c1aee325f9b7fe71b1d87108c2e268e6 *Source\WinObjEx64\extras\extrasIPC.c
|
||||
9a56b169dcc8372f8afc2dba1082621f846a6e68129996b8350d8ed44ee345c1 *Source\WinObjEx64\extras\extrasIPC.c
|
||||
d21e27bf35c5add1eedec3234fb358fbbc4c585c3de22326ac9581b59a8983d0 *Source\WinObjEx64\extras\extrasIPC.h
|
||||
51e6cbfb64d2f714e818bd24bbf2f50549eae72afe43bb793035adecd977fbbe *Source\WinObjEx64\extras\extrasPN.c
|
||||
b282167c08dd4b443dd52220082698fa28d633c986360f48544188f022c537f7 *Source\WinObjEx64\extras\extrasPN.c
|
||||
64e75cbaa0ce129f674a9a441a3045f37e74f853f34fd93caac5533bb174a019 *Source\WinObjEx64\extras\extrasPN.h
|
||||
7add3dda3cce5a3216a6c748a090905f2f2bbffd66c2212e73966ce6f8a1e516 *Source\WinObjEx64\extras\extrasPSList.c
|
||||
864e0330af5c7b383698318b4aaed16322982f9dcac2e0bd4410a4c876037f07 *Source\WinObjEx64\extras\extrasPSList.c
|
||||
b7aa665c89b297d329f45e2a8b61fd379f778dcf01ae50c339f87da06bb0ff46 *Source\WinObjEx64\extras\extrasPSList.h
|
||||
1866f2c3aa84fa3ce213c9194b2dbe705d09b4f528410836bf598d5bf88607cd *Source\WinObjEx64\extras\extrasSSDT.c
|
||||
8e7230165593cebcc21762cd7927535ce7218edc0802b97d83d8f970610076c0 *Source\WinObjEx64\extras\extrasSL.c
|
||||
4244c8135ae3737d421d0cca525b786dbc3305670178cc2da5c56613248e7875 *Source\WinObjEx64\extras\extrasSL.h
|
||||
a5050c200fc4eea10d8b6a6232402c76770c64135543a71ec20b96ef2628895d *Source\WinObjEx64\extras\extrasSSDT.c
|
||||
cb534bcebbee49f4f9178e5e291bb43edae6af77b15919532539eb19d3ee23ac *Source\WinObjEx64\extras\extrasSSDT.h
|
||||
d378ffb7d2ffb7a6ae172cbf5d60a091f9861df9dd8267f541cda41ded2746e7 *Source\WinObjEx64\extras\extrasUSD.c
|
||||
4c663de5b0c9892fe691422de67fb56f1ae447984e1259919b78104d3c3b299c *Source\WinObjEx64\extras\extrasUSD.c
|
||||
fea8d9645bac11c7521f91a122947716b459a335cb25f0d649a0d201f661f78b *Source\WinObjEx64\extras\extrasUSD.h
|
||||
16726c4330d7db5d56a5a11503314533b170783441c3f8282b66f126295a289e *Source\WinObjEx64\hde\hde64.c
|
||||
e99aa4997bda14b534c614c3d8cb78a72c4aca91a1212c8b03ec605d1d75e36e *Source\WinObjEx64\hde\hde64.h
|
||||
|
|
@ -106,30 +108,33 @@ ef1b18997ea473ac8d516ef60efc64b9175418b8f078e088d783fdaef2544969 *Source\WinObjE
|
|||
0434d69daa20fbf87d829ffc17e43dcc2db3386aff434af888011fdec2f645a4 *Source\WinObjEx64\minirtl\_strncpy.c
|
||||
52e3d39c69c43264b2f8d9bcdfce0f763a5e92d091eef59ea2a0294b4b19641c *Source\WinObjEx64\minirtl\_strstr.c
|
||||
52a696ae714eb81033c477d1ec6c01389eef56c847609e89d360c2fb6899b4b6 *Source\WinObjEx64\minirtl\_strstri.c
|
||||
dfa2b16aa3246a8aca662ea525770a4585618de35550aeb2dca40abd52d2afd9 *Source\WinObjEx64\ntos\apisetx.h
|
||||
0cd425ef96247657ab55443c9b3bc9a90f0c18f634979942693553d0f764c601 *Source\WinObjEx64\ntos\ntalpc.h
|
||||
5b0b4376df8fb5b43d8a0d4130ad3523d4325718ea4991d11498961f33e7e38d *Source\WinObjEx64\ntos\ntos.h
|
||||
e817fd4b8e6ecf4187a4eb244d7a8ddeab87c4c4c63ff5ebaefc609641a8ad3b *Source\WinObjEx64\ntos\ntldr.c
|
||||
0fae1fd715397ad69281975bf56289119884a4d31b3dde9f7aeec5ea50d3ae47 *Source\WinObjEx64\ntos\ntldr.h
|
||||
de158764cd056df87dc778d684b4ec45f7e4cf99101dddb734dcc52de48964e1 *Source\WinObjEx64\ntos\ntos.h
|
||||
14b0a442647904db5476d14a1d9710bd83587f168b4b182465e5902d24676870 *Source\WinObjEx64\ntuser\StubNtUserOpenWindowStation.asm
|
||||
543f3b31b07e050422be2e64ca04770667ff6f9906bc6bbcfc43e1dc5a9ed75c *Source\WinObjEx64\props\propBasic.c
|
||||
fb7a31f85af55295a819050719e1ae0997510ef9548194b54d569107c8c4f02e *Source\WinObjEx64\props\propBasic.c
|
||||
45e2088b0320c02cca2559f6e5183a4eb2a289021f5488d65ba6230e208557e9 *Source\WinObjEx64\props\propBasic.h
|
||||
c80fef0889ac36a4d1488a10840f70cb2e19e1a660d18da918956066d86f79a9 *Source\WinObjEx64\props\propBasicConsts.h
|
||||
292381a2878ddd1fe877e03a6354f1960798a0e402c221d51258f3815f54ad1c *Source\WinObjEx64\props\propDesktop.c
|
||||
047e4d17c76908889af6e7e80da91b04a3707a190acc0f7d2b26e98bcf80e3b2 *Source\WinObjEx64\props\propDesktop.h
|
||||
b17cb35805d44b63009dec2091df52b41740f68a3523b4b0c75f3e5655ea8772 *Source\WinObjEx64\props\propDlg.c
|
||||
8472332bffb5600c3cae07a8cc4c75f627e06c5ab60797b5309753953a0f64d6 *Source\WinObjEx64\props\propDlg.h
|
||||
43c6e96e2fd5120d34a56a845f28a8c27299a0f93ac3adcc1f4dd86433c54959 *Source\WinObjEx64\props\propDriver.c
|
||||
236b3c39f83c9faf412ca8a6817039d62a923c6638302bd4e5e19b6a77a3977c *Source\WinObjEx64\props\propDriver.c
|
||||
8dd63e57115728cdea4c326e5cde9acfe6015b2b088ec36022cd9f81e216e179 *Source\WinObjEx64\props\propDriver.h
|
||||
721bf384ee6ba44cb118a4bfde7ffba669024059e3120b8cae40e98228eba6df *Source\WinObjEx64\props\propDriverConsts.h
|
||||
9893754ba73c15d7b182305ef370da4959fba2c4ee3570d05ac88656468f20c5 *Source\WinObjEx64\props\propObjectDump.c
|
||||
748df61a6fc667850d4aa5c384ee7a9eae61786adb1876619008c7b6a4bf1caa *Source\WinObjEx64\props\propObjectDump.c
|
||||
da1cf96a7d85faec3db810f5c4061a6322c252fcead01cbf8ac728e7deffee23 *Source\WinObjEx64\props\propObjectDump.h
|
||||
896108f8a954aea82ec214ba17395a52de73b5cfb3f8540b61b26a11a688a29a *Source\WinObjEx64\props\propObjectDumpConsts.h
|
||||
7b6f4831518b18e8e759720fb9fe73148586926d0b310a408c743a35025f628a *Source\WinObjEx64\props\propProcess.c
|
||||
87f8628ec8ba9020d37d929bebef6cc8caab6446b3ef05710c939ccc20a8b736 *Source\WinObjEx64\props\propProcess.c
|
||||
7ce4c79b1d7a93691cc457d01836209b51f25addc07a0875888e01a6c9a77358 *Source\WinObjEx64\props\propProcess.h
|
||||
ae796694c63536d7299d81c9dc3a6381cb5bea65d727d3613b9b0516d60526d4 *Source\WinObjEx64\props\propSecurity.c
|
||||
a3ca46cc9010538a7e54569c7ee2562e5b0d0d7e0d5dafd8c72f86b1a53ef684 *Source\WinObjEx64\props\propSecurity.c
|
||||
04a1b78030155ec6d59560472c09219e71ea98f79a4f3193016e6395876d8953 *Source\WinObjEx64\props\propSecurity.h
|
||||
b432f5045154d1bfaf27ab2255380d86db8e561cbf6f15cc5cf06ba87fab294c *Source\WinObjEx64\props\propSecurityConsts.h
|
||||
2ea3233e3fcb4ba2f7baffb1d29fa4e4d453bbc69b49d543d8e4aff1f4e607f8 *Source\WinObjEx64\props\propToken.c
|
||||
7d6c82d695a7f863d32aa87e23756a3fa38f56b5201c79ea2679e88728c2df3c *Source\WinObjEx64\props\propToken.h
|
||||
12112b1db9da2650d1168fb43cf4aef1572b3ceefe0be5978c30560d160020e0 *Source\WinObjEx64\props\propType.c
|
||||
91548081c529debefde403233c86cbb2fa963113b0de2c653a1e510cee2be846 *Source\WinObjEx64\props\propType.c
|
||||
5e4fb7e44a7970c4ac6c29aefcc9aefc807444eefdd0cc1c9c9357693dfd64fd *Source\WinObjEx64\props\propType.h
|
||||
74f6500dec478be0919045ddec9475491f5f6dd7e81923650136543ed98ea69c *Source\WinObjEx64\props\propTypeConsts.h
|
||||
51f0d1a560dd77a7f3164ae2c8f9801d6a2902bd5cfd367db522199aca35b1ff *Source\WinObjEx64\rsrc\100.ico
|
||||
|
|
@ -189,7 +194,7 @@ bf3105d704464eb6fdb0f722e0d9baec7f7951337826c9e774330ad8070a971b *Source\WinObjE
|
|||
d4876437f5ea4c307b3894ff6a4ccd10922a366167104bb78b1103ebadd4f483 *Source\WinObjEx64\rsrc\mailslot.ico
|
||||
4af9d3481fbe6423bb5b0187a3d5ea165b962aa0f53ce32502a85788c2575f94 *Source\WinObjEx64\rsrc\obex.manifest
|
||||
9c908e205f42861f5ce840cf07886009fe7fad09352820508757ae8d8f6a34ae *Source\WinObjEx64\rsrc\pipe.ico
|
||||
c27e8bfd53c84a76a04a2062ab60dfe74d45b7d60aa188efb8bca8de88fd9a06 *Source\WinObjEx64\tests\testunit.c
|
||||
20749129a8d94946f68694ef5d04369978bd68038282c0bcd861ea66cd7df02f *Source\WinObjEx64\tests\testunit.c
|
||||
beab05a004abdea360ac6d90512984eeb9a7be93c71ec539ccbcbd623dd8aa1e *Source\WinObjEx64\tests\testunit.h
|
||||
136f730944783ddd00cbd8ceef0b464d49d0031db32a33d9bb1882df84afdde0 *Source\WinObjEx64\treelist\treelist.c
|
||||
971c5152e70713462c2ba523b8418a1c1d132a7787f446e6be2959b14c93d3aa *Source\WinObjEx64\treelist\treelist.c
|
||||
c5569b768244e86e1c961c28e6f11831f219953093c9e4cd35414e4008b3de80 *Source\WinObjEx64\treelist\treelist.h
|
||||
|
|
|
|||
Loading…
Reference in New Issue