WinDurango-project/WinDurango
1
0
Fork 0
mirror of https://github.com/WinDurango-project/WinDurango.git synced 2024-11-23 03:09:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'main' into main

Browse Source
This commit is contained in:
jlallas384 2024-09-06 03:58:22 +04:00 committed by GitHub
commit c33ff08d19
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 358 additions and 242 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

414
dlls/kernelx/Exports.def
View File

@ -1,210 +1,208 @@
LIBRARY kernelx
EXPORTS
AcquireSRWLockExclusive = AcquireSRWLockExclusive_X @1
AcquireSRWLockShared = AcquireSRWLockShared_X @2
CloseHandle = CloseHandle_X @14
CreateDirectoryW = CreateDirectoryW_X @34
CreateEventExW = CreateEventExW_X @37
CreateEventW = CreateEventW_X @38
CreateFileW = CreateFileW_X @44
CreateThread = CreateThread_X @60
DebugBreak = DebugBreak_X @71
DeleteFileW = DeleteFileW_X @77
DeviceIoControl = DeviceIoControl_X @80
DisableThreadLibraryCalls = DisableThreadLibraryCalls_X @81
EnterCriticalSection = EnterCriticalSection_X @87
ExitProcess = ExitProcess_X @102
FileTimeToSystemTime = FileTimeToSystemTime_X @107
FindClose = FindClose_X @109
FindFirstFileW = FindFirstFileW_X @113
FindNextFileW = FindNextFileW_X @117
GetConsoleType = GetConsoleType_X @140
GetCurrentProcess = GetCurrentProcess_X @144
GetCurrentProcessId = GetCurrentProcessId_X @145
GetCurrentThread = GetCurrentThread_X @148
GetCurrentThreadId = GetCurrentThreadId_X @149
GetExitCodeThread = GetExitCodeThread_X @163
GetFileAttributesExW = GetFileAttributesExW_X @166
GetFileAttributesW = GetFileAttributesW_X @167
GetFileSizeEx = GetFileSizeEx_X @171
GetLastError = GetLastError_X @178
GetLocalTime = GetLocalTime_X @179
GetModuleHandleA = GetModuleHandleA_X @186
GetModuleHandleW = GetModuleHandleW_X @189
GetProcessHeap = GetProcessHeap_X @199
GetProcessId = GetProcessId_X @201
GetStartupInfoW = GetStartupInfoW_X @208
GetSystemTime = GetSystemTime_X @216
GetSystemTimeAsFileTime = GetSystemTimeAsFileTime_X @218
GetTickCount = GetTickCount_X @231
GetUserDefaultLocaleName = GetUserDefaultLocaleName_X @242
GetUserGeoID = GetUserGeoID_X @243
HeapFree = HeapFree_X @256
InitializeCriticalSectionAndSpinCount = InitializeCriticalSectionAndSpinCount_X @272
InitializeCriticalSectionEx = InitializeCriticalSectionEx_X @273
IsDebuggerPresent = IsDebuggerPresent_X @283
IsProcessorFeaturePresent = IsProcessorFeaturePresent_X @284
LoadLibraryExW = LoadLibraryExW_X @296
MultiByteToWideChar = MultiByteToWideChar_X @313
OutputDebugStringA = OutputDebugStringA_X @327
OutputDebugStringW = OutputDebugStringW_X @328
PeekNamedPipe = PeekNamedPipe_X @330
QueryPerformanceCounter = QueryPerformanceCounter_X @333
QueryPerformanceFrequency = QueryPerformanceFrequency_X @334
RaiseException = RaiseException_X @339
ReadFile = ReadFile_X @344
ResetEvent = ResetEvent_X @374
ResumeThread = ResumeThread_X @377
RtlCaptureContext = RtlCaptureContext_X @378
RtlLookupFunctionEntry = RtlLookupFunctionEntry @380
RtlUnwindEx = RtlUnwindEx_X @385
SetEvent = SetEvent_X @399
SetFilePointer = SetFilePointer_X @404
SetThreadAffinityMask = SetThreadAffinityMask_X @418
SetThreadPriority = SetThreadPriority_X @424
SetUnhandledExceptionFilter = SetUnhandledExceptionFilter_X @433
Sleep = Sleep_X @440
SleepConditionVariableCS = API-MS-WIN-CORE-SYNCH-L1-2-0.SleepConditionVariableCS @441
SystemTimeToFileTime = SystemTimeToFileTime_X @449
TerminateProcess = TerminateProcess_X @451
TlsAlloc = TlsAlloc_X @454
TlsGetValue = TlsGetValue_X @456
TlsSetValue = TlsSetValue_X @457
UnhandledExceptionFilter = UnhandledExceptionFilter_X @467
VirtualAlloc = VirtualAlloc_X @474
VirtualFree = VirtualFree_X @476
WaitForMultipleObjects = WaitForMultipleObjects_X @482
WaitForSingleObject = WaitForSingleObject_X @484
WaitForSingleObjectEx = WaitForSingleObjectEx_X @485
WriteFile = WriteFile_X @500
XMemAlloc = XMemAlloc_X @501
XMemAllocDefault = XMemAllocDefault_X @505
XMemFreeDefault = XMemFreeDefault_X @508
XMemFree = XMemFree_X @507
WriteConsoleW = WriteConsoleW_X @499
FreeLibrary = FreeLibrary_X @129
GetProcAddress = GetProcAddress_X @196
GetDiskFreeSpaceExW = GetDiskFreeSpaceExW_X @154
GetDriveTypeW = GetDriveTypeW_X @157
RegCloseKey = RegCloseKey_X @348
RegCreateKeyExW = RegCreateKeyExW_X @349
RegCreateKeyW = RegCreateKeyW_X @350
RegDeleteKeyExW = RegDeleteKeyExW_X @351
RegDeleteKeyW = RegDeleteKeyW_X @352
RegDeleteValueW = RegDeleteValueW_X @353
RegEnumKeyExW = RegEnumKeyExW_X @354
RegEnumKeyW = RegEnumKeyW_X @355
RegEnumValueW = RegEnumValueW_X @356
RegOpenKeyExW = RegOpenKeyExW_X @357
RegOpenKeyW = RegOpenKeyW_X @358
RegQueryInfoKeyW = RegQueryInfoKeyW_X @359
RegQueryValueExW = RegQueryValueExW_X @360
RegSetValueExW = RegSetValueExW_X @361
DecodePointer = NTDLL.RtlDecodePointer @72
WakeAllConditionVariable = NTDLL.RtlWakeAllConditionVariable @492
AcquireSRWLockExclusive = NTDLL.RtlAcquireSRWLockExclusive @1
AcquireSRWLockShared = NTDLL.RtlAcquireSRWLockShared @2
AddVectoredContinueHandler = NTDLL.RtlAddVectoredContinueHandler @3
AddVectoredExceptionHandler = NTDLL.RtlAddVectoredExceptionHandler @4
CancelThreadpoolIo = NTDLL.TpCancelAsyncIoOperation
CloseThreadpool = NTDLL.TpReleasePool
CloseThreadpoolCleanupGroup = NTDLL.TpReleaseCleanupGroup
CloseThreadpoolCleanupGroupMembers = NTDLL.TpReleaseCleanupGroupMembers
CloseThreadpoolIo = NTDLL.TpReleaseIoCompletion
CloseThreadpoolTimer = NTDLL.TpReleaseTimer
CloseThreadpoolWait = NTDLL.TpReleaseWait
CloseThreadpoolWork = NTDLL.TpReleaseWork
CopyMemoryNonTemporal = NTDLL.RtlCopyMemoryNonTemporal
DecodeSystemPointer = NTDLL.RtlDecodeSystemPointer
DeleteCriticalSection = NTDLL.RtlDeleteCriticalSection @74
DeleteSynchronizationBarrier = NTDLL.RtlDeleteBarrier
DisassociateCurrentThreadFromCallback = NTDLL.TpDisassociateCallback
EncodePointer = NTDLL.RtlEncodePointer @85
EncodeSystemPointer = NTDLL.RtlEncodeSystemPointer
EnterCriticalSection = NTDLL.RtlEnterCriticalSection
EventActivityIdControl = NTDLL.EtwEventActivityIdControl
EventEnabled = NTDLL.EtwEventEnabled
EventProviderEnabled = NTDLL.EtwEventProviderEnabled
EventRegister = NTDLL.EtwEventRegister @95
EventSetInformation = NTDLL.EtwEventSetInformation @96
EventUnregister = NTDLL.EtwEventUnregister @97
EventWrite = NTDLL.EtwEventWrite @98
EventWriteEx = NTDLL.EtwEventWriteEx
EventWriteString = NTDLL.EtwEventWriteString
EventWriteTransfer = NTDLL.EtwEventWriteTransfer @101
ExitProcess = NTDLL.RtlExitUserProcess
ExitThread = NTDLL.RtlExitUserThread
FillMemoryNonTemporal = NTDLL.RtlFillMemoryNonTemporal
FlushProcessWriteBuffers = NTDLL.NtFlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns = NTDLL.TpCallbackUnloadDllOnCompletion
GetCurrentProcessorNumber = NTDLL.RtlGetCurrentProcessorNumber
GetCurrentProcessorNumberEx = NTDLL.RtlGetCurrentProcessorNumberEx
GetProcessHeaps = NTDLL.RtlGetProcessHeaps
GetTraceEnableFlags = NTDLL.EtwGetTraceEnableFlags
GetTraceEnableLevel = NTDLL.EtwGetTraceEnableLevel
GetTraceLoggerHandle = NTDLL.EtwGetTraceLoggerHandle
HeapAlloc = NTDLL.RtlAllocateHeap @252
HeapCompact = NTDLL.RtlCompactHeap
HeapFree = NTDLL.RtlFreeHeap
HeapLock = NTDLL.RtlLockHeap
HeapReAlloc = NTDLL.RtlReAllocateHeap
HeapSize = NTDLL.RtlSizeHeap
HeapUnlock = NTDLL.RtlUnlockHeap
HeapValidate = NTDLL.RtlValidateHeap
InitOnceInitialize = NTDLL.RtlRunOnceInitialize
InitializeConditionVariable = NTDLL.RtlInitializeConditionVariable @269
InitializeCriticalSection = NTDLL.RtlInitializeCriticalSection @271
InitializeSListHead = NTDLL.RtlInitializeSListHead @275
InitializeSRWLock = NTDLL.RtlInitializeSRWLock @276
InterlockedFlushSList = NTDLL.RtlInterlockedFlushSList
InterlockedPopEntrySList = NTDLL.RtlInterlockedPopEntrySList
InterlockedPushEntrySList = NTDLL.RtlInterlockedPushEntrySList
InterlockedPushListSList = NTDLL.RtlInterlockedPushListSList
InterlockedPushListSListEx = NTDLL.RtlInterlockedPushListSListEx
IsThreadpoolTimerSet = NTDLL.TpIsTimerSet
LeaveCriticalSection = NTDLL.RtlLeaveCriticalSection @293
LeaveCriticalSectionWhenCallbackReturns = NTDLL.TpCallbackLeaveCriticalSectionOnCompletion
QueryDepthSList = NTDLL.RtlQueryDepthSList
QueryPerformanceCounter = NTDLL.RtlQueryPerformanceCounter
QueryPerformanceFrequency = NTDLL.RtlQueryPerformanceFrequency
RegisterTraceGuidsW = NTDLL.EtwRegisterTraceGuidsW
ReleaseMutexWhenCallbackReturns = NTDLL.TpCallbackReleaseMutexOnCompletion
ReleaseSRWLockExclusive = NTDLL.RtlReleaseSRWLockExclusive @366
ReleaseSRWLockShared = NTDLL.RtlReleaseSRWLockShared
ReleaseSemaphoreWhenCallbackReturns = NTDLL.TpCallbackReleaseSemaphoreOnCompletion
RemoveVectoredContinueHandler = NTDLL.RtlRemoveVectoredContinueHandler
RemoveVectoredExceptionHandler = NTDLL.RtlRemoveVectoredExceptionHandler
RestoreLastError = NTDLL.RtlRestoreLastWin32Error
RtlCaptureContext = NTDLL.RtlCaptureContext
RtlCaptureStackBackTrace = NTDLL.RtlCaptureStackBackTrace
RtlLookupFunctionEntry = NTDLL.RtlLookupFunctionEntry
RtlPcToFileHeader = NTDLL.RtlPcToFileHeader
RtlRaiseException = NTDLL.RtlRaiseException
RtlRestoreContext = NTDLL.RtlRestoreContext
RtlUnwind = NTDLL.RtlUnwind
RtlUnwindEx = NTDLL.RtlUnwindEx
RtlVirtualUnwind = NTDLL.RtlVirtualUnwind @386
SetCriticalSectionSpinCount = NTDLL.RtlSetCriticalSectionSpinCount
SetEventWhenCallbackReturns = NTDLL.TpCallbackSetEventOnCompletion
SetLastError = NTDLL.RtlSetLastWin32Error @409
SetThreadpoolThreadMaximum = NTDLL.TpSetPoolMaxThreads
SetThreadpoolTimer = NTDLL.TpSetTimer
SetThreadpoolWait = NTDLL.TpSetWait
StartThreadpoolIo = NTDLL.TpStartAsyncIoOperation
SubmitThreadpoolWork = NTDLL.TpPostWork
LogTraceEvent = NTDLL.EtwLogTraceEvent
TraceMessage = NTDLL.EtwTraceMessage
TraceMessageVa = NTDLL.EtwTraceMessageVa
TryAcquireSRWLockExclusive = NTDLL.RtlTryAcquireSRWLockExclusive
TryAcquireSRWLockShared = NTDLL.RtlTryAcquireSRWLockShared
TryEnterCriticalSection = NTDLL.RtlTryEnterCriticalSection @464
UnregisterTraceGuids = NTDLL.EtwUnregisterTraceGuids
WaitForThreadpoolIoCallbacks = NTDLL.TpWaitForIoCompletion
WaitForThreadpoolTimerCallbacks = NTDLL.TpWaitForTimer
WaitForThreadpoolWaitCallbacks = NTDLL.TpWaitForWait
WaitForThreadpoolWorkCallbacks = NTDLL.TpWaitForWork
WakeByAddressAll = NTDLL.RtlWakeAddressAll @493
WakeByAddressSingle = NTDLL.RtlWakeAddressSingle @494
WakeConditionVariable = NTDLL.RtlWakeConditionVariable @495
AcquireSRWLockExclusive = AcquireSRWLockExclusive_X @1
AcquireSRWLockShared = AcquireSRWLockShared_X @2
CloseHandle = CloseHandle_X @14
CreateDirectoryW = CreateDirectoryW_X @34
CreateEventExW = CreateEventExW_X @37
CreateEventW = CreateEventW_X @38
CreateFileW = CreateFileW_X @44
CreateThread = CreateThread_X @60
DebugBreak = DebugBreak_X @71
DeleteFileW = DeleteFileW_X @77
DeviceIoControl = DeviceIoControl_X @80
DisableThreadLibraryCalls = DisableThreadLibraryCalls_X @81
EnterCriticalSection = EnterCriticalSection_X @87
ExitProcess = ExitProcess_X @102
FileTimeToSystemTime = FileTimeToSystemTime_X @107
FindClose = FindClose_X @109
FindFirstFileW = FindFirstFileW_X @113
FindNextFileW = FindNextFileW_X @117
GetConsoleType = GetConsoleType_X @140
GetCurrentProcess = GetCurrentProcess_X @144
GetCurrentProcessId = GetCurrentProcessId_X @145
GetCurrentThread = GetCurrentThread_X @148
GetCurrentThreadId = GetCurrentThreadId_X @149
GetExitCodeThread = GetExitCodeThread_X @163
GetFileAttributesExW = GetFileAttributesExW_X @166
GetFileAttributesW = GetFileAttributesW_X @167
GetFileSizeEx = GetFileSizeEx_X @171
GetLastError = GetLastError_X @178
GetLocalTime = GetLocalTime_X @179
GetModuleHandleA = GetModuleHandleA_X @186
GetModuleHandleW = GetModuleHandleW_X @189
GetProcessHeap = GetProcessHeap_X @199
GetProcessId = GetProcessId_X @201
GetStartupInfoW = GetStartupInfoW_X @208
GetSystemTime = GetSystemTime_X @216
GetSystemTimeAsFileTime = GetSystemTimeAsFileTime_X @218
GetTickCount = GetTickCount_X @231
GetUserDefaultLocaleName = GetUserDefaultLocaleName_X @242
GetUserGeoID = GetUserGeoID_X @243
HeapFree = HeapFree_X @256
InitializeCriticalSectionAndSpinCount = InitializeCriticalSectionAndSpinCount_X @272
InitializeCriticalSectionEx = InitializeCriticalSectionEx_X @273
IsDebuggerPresent = IsDebuggerPresent_X @283
IsProcessorFeaturePresent = IsProcessorFeaturePresent_X @284
LoadLibraryExW = LoadLibraryExW_X @296
MultiByteToWideChar = MultiByteToWideChar_X @313
OutputDebugStringA = OutputDebugStringA_X @327
OutputDebugStringW = OutputDebugStringW_X @328
PeekNamedPipe = PeekNamedPipe_X @330
QueryPerformanceCounter = QueryPerformanceCounter_X @333
QueryPerformanceFrequency = QueryPerformanceFrequency_X @334
RaiseException = RaiseException_X @339
ReadFile = ReadFile_X @344
RegCloseKey = RegCloseKey_X @348
RegCreateKeyExW = RegCreateKeyExW_X @349
RegCreateKeyW = RegCreateKeyW_X @350
RegDeleteKeyExW = RegDeleteKeyExW_X @351
RegDeleteKeyW = RegDeleteKeyW_X @352
RegDeleteValueW = RegDeleteValueW_X @353
RegEnumKeyExW = RegEnumKeyExW_X @354
RegEnumKeyW = RegEnumKeyW_X @355
RegEnumValueW = RegEnumValueW_X @356
RegOpenKeyExW = RegOpenKeyExW_X @357
RegOpenKeyW = RegOpenKeyW_X @358
RegQueryInfoKeyW = RegQueryInfoKeyW_X @359
RegQueryValueExW = RegQueryValueExW_X @360
RegSetValueExW = RegSetValueExW_X @361
ResetEvent = ResetEvent_X @374
ResumeThread = ResumeThread_X @377
RtlCaptureContext = RtlCaptureContext_X @378
RtlLookupFunctionEntry = RtlLookupFunctionEntry @380
RtlUnwindEx = RtlUnwindEx_X @385
SetEvent = SetEvent_X @399
SetFilePointer = SetFilePointer_X @404
SetThreadAffinityMask = SetThreadAffinityMask_X @418
SetThreadPriority = SetThreadPriority_X @424
SetUnhandledExceptionFilter = SetUnhandledExceptionFilter_X @433
Sleep = Sleep_X @440
SleepConditionVariableCS = API-MS-WIN-CORE-SYNCH-L1-2-0.SleepConditionVariableCS @441
SystemTimeToFileTime = SystemTimeToFileTime_X @449
TerminateProcess = TerminateProcess_X @451
TlsAlloc = TlsAlloc_X @454
TlsGetValue = TlsGetValue_X @456
TlsSetValue = TlsSetValue_X @457
UnhandledExceptionFilter = UnhandledExceptionFilter_X @467
VirtualAlloc = VirtualAlloc_X @474
VirtualFree = VirtualFree_X @476
WaitForMultipleObjects = WaitForMultipleObjects_X @482
WaitForSingleObject = WaitForSingleObject_X @484
WaitForSingleObjectEx = WaitForSingleObjectEx_X @485
WriteFile = WriteFile_X @500
XMemAlloc = XMemAlloc_X @501
XMemAllocDefault = XMemAllocDefault_X @505
XMemFreeDefault = XMemFreeDefault_X @508
XMemFree = XMemFree_X @507
WriteConsoleW = WriteConsoleW_X @499
FreeLibrary = FreeLibrary_X @129
GetProcAddress = GetProcAddress_X @196
GetDiskFreeSpaceExW = GetDiskFreeSpaceExW_X @154
GetDriveTypeW = GetDriveTypeW_X @157
DecodePointer = NTDLL.RtlDecodePointer @72
WakeAllConditionVariable = NTDLL.RtlWakeAllConditionVariable @492
AcquireSRWLockExclusive = NTDLL.RtlAcquireSRWLockExclusive @1
AcquireSRWLockShared = NTDLL.RtlAcquireSRWLockShared @2
AddVectoredContinueHandler = NTDLL.RtlAddVectoredContinueHandler @3
AddVectoredExceptionHandler = NTDLL.RtlAddVectoredExceptionHandler @4
CancelThreadpoolIo = NTDLL.TpCancelAsyncIoOperation
CloseThreadpool = NTDLL.TpReleasePool
CloseThreadpoolCleanupGroup = NTDLL.TpReleaseCleanupGroup
CloseThreadpoolCleanupGroupMembers = NTDLL.TpReleaseCleanupGroupMembers
CloseThreadpoolIo = NTDLL.TpReleaseIoCompletion
CloseThreadpoolTimer = NTDLL.TpReleaseTimer
CloseThreadpoolWait = NTDLL.TpReleaseWait
CloseThreadpoolWork = NTDLL.TpReleaseWork
CopyMemoryNonTemporal = NTDLL.RtlCopyMemoryNonTemporal
DecodeSystemPointer = NTDLL.RtlDecodeSystemPointer
DeleteCriticalSection = NTDLL.RtlDeleteCriticalSection @74
DeleteSynchronizationBarrier = NTDLL.RtlDeleteBarrier
DisassociateCurrentThreadFromCallback = NTDLL.TpDisassociateCallback
EncodePointer = NTDLL.RtlEncodePointer @85
EncodeSystemPointer = NTDLL.RtlEncodeSystemPointer
EnterCriticalSection = NTDLL.RtlEnterCriticalSection
EventActivityIdControl = NTDLL.EtwEventActivityIdControl
EventEnabled = NTDLL.EtwEventEnabled
EventProviderEnabled = NTDLL.EtwEventProviderEnabled
EventRegister = NTDLL.EtwEventRegister @95
EventSetInformation = NTDLL.EtwEventSetInformation @96
EventUnregister = NTDLL.EtwEventUnregister @97
EventWrite = NTDLL.EtwEventWrite @98
EventWriteEx = NTDLL.EtwEventWriteEx
EventWriteString = NTDLL.EtwEventWriteString
EventWriteTransfer = NTDLL.EtwEventWriteTransfer @101
ExitProcess = NTDLL.RtlExitUserProcess
ExitThread = NTDLL.RtlExitUserThread
FillMemoryNonTemporal = NTDLL.RtlFillMemoryNonTemporal
FlushProcessWriteBuffers = NTDLL.NtFlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns = NTDLL.TpCallbackUnloadDllOnCompletion
GetCurrentProcessorNumber = NTDLL.RtlGetCurrentProcessorNumber
GetCurrentProcessorNumberEx = NTDLL.RtlGetCurrentProcessorNumberEx
GetProcessHeaps = NTDLL.RtlGetProcessHeaps
GetTraceEnableFlags = NTDLL.EtwGetTraceEnableFlags
GetTraceEnableLevel = NTDLL.EtwGetTraceEnableLevel
GetTraceLoggerHandle = NTDLL.EtwGetTraceLoggerHandle
HeapAlloc = NTDLL.RtlAllocateHeap @252
HeapCompact = NTDLL.RtlCompactHeap
HeapFree = NTDLL.RtlFreeHeap
HeapLock = NTDLL.RtlLockHeap
HeapReAlloc = NTDLL.RtlReAllocateHeap
HeapSize = NTDLL.RtlSizeHeap
HeapUnlock = NTDLL.RtlUnlockHeap
HeapValidate = NTDLL.RtlValidateHeap
InitOnceInitialize = NTDLL.RtlRunOnceInitialize
InitializeConditionVariable = NTDLL.RtlInitializeConditionVariable @269
InitializeCriticalSection = NTDLL.RtlInitializeCriticalSection @271
InitializeSListHead = NTDLL.RtlInitializeSListHead @275
InitializeSRWLock = NTDLL.RtlInitializeSRWLock @276
InterlockedFlushSList = NTDLL.RtlInterlockedFlushSList
InterlockedPopEntrySList = NTDLL.RtlInterlockedPopEntrySList
InterlockedPushEntrySList = NTDLL.RtlInterlockedPushEntrySList
InterlockedPushListSList = NTDLL.RtlInterlockedPushListSList
InterlockedPushListSListEx = NTDLL.RtlInterlockedPushListSListEx
IsThreadpoolTimerSet = NTDLL.TpIsTimerSet
LeaveCriticalSection = NTDLL.RtlLeaveCriticalSection @293
LeaveCriticalSectionWhenCallbackReturns = NTDLL.TpCallbackLeaveCriticalSectionOnCompletion
QueryDepthSList = NTDLL.RtlQueryDepthSList
QueryPerformanceCounter = NTDLL.RtlQueryPerformanceCounter
QueryPerformanceFrequency = NTDLL.RtlQueryPerformanceFrequency
RegisterTraceGuidsW = NTDLL.EtwRegisterTraceGuidsW
ReleaseMutexWhenCallbackReturns = NTDLL.TpCallbackReleaseMutexOnCompletion
ReleaseSRWLockExclusive = NTDLL.RtlReleaseSRWLockExclusive @366
ReleaseSRWLockShared = NTDLL.RtlReleaseSRWLockShared
ReleaseSemaphoreWhenCallbackReturns = NTDLL.TpCallbackReleaseSemaphoreOnCompletion
RemoveVectoredContinueHandler = NTDLL.RtlRemoveVectoredContinueHandler
RemoveVectoredExceptionHandler = NTDLL.RtlRemoveVectoredExceptionHandler
RestoreLastError = NTDLL.RtlRestoreLastWin32Error
RtlCaptureContext = NTDLL.RtlCaptureContext
RtlCaptureStackBackTrace = NTDLL.RtlCaptureStackBackTrace
RtlLookupFunctionEntry = NTDLL.RtlLookupFunctionEntry
RtlPcToFileHeader = NTDLL.RtlPcToFileHeader
RtlRaiseException = NTDLL.RtlRaiseException
RtlRestoreContext = NTDLL.RtlRestoreContext
RtlUnwind = NTDLL.RtlUnwind
RtlUnwindEx = NTDLL.RtlUnwindEx
RtlVirtualUnwind = NTDLL.RtlVirtualUnwind @386
SetCriticalSectionSpinCount = NTDLL.RtlSetCriticalSectionSpinCount
SetEventWhenCallbackReturns = NTDLL.TpCallbackSetEventOnCompletion
SetLastError = NTDLL.RtlSetLastWin32Error @409
SetThreadpoolThreadMaximum = NTDLL.TpSetPoolMaxThreads
SetThreadpoolTimer = NTDLL.TpSetTimer
SetThreadpoolWait = NTDLL.TpSetWait
StartThreadpoolIo = NTDLL.TpStartAsyncIoOperation
SubmitThreadpoolWork = NTDLL.TpPostWork
LogTraceEvent = NTDLL.EtwLogTraceEvent
TraceMessage = NTDLL.EtwTraceMessage
TraceMessageVa = NTDLL.EtwTraceMessageVa
TryAcquireSRWLockExclusive = NTDLL.RtlTryAcquireSRWLockExclusive
TryAcquireSRWLockShared = NTDLL.RtlTryAcquireSRWLockShared
TryEnterCriticalSection = NTDLL.RtlTryEnterCriticalSection @464
UnregisterTraceGuids = NTDLL.EtwUnregisterTraceGuids
WaitForThreadpoolIoCallbacks = NTDLL.TpWaitForIoCompletion
WaitForThreadpoolTimerCallbacks = NTDLL.TpWaitForTimer
WaitForThreadpoolWaitCallbacks = NTDLL.TpWaitForWait
WaitForThreadpoolWorkCallbacks = NTDLL.TpWaitForWork
WakeByAddressAll = NTDLL.RtlWakeAddressAll @493
WakeByAddressSingle = NTDLL.RtlWakeAddressSingle @494
WakeConditionVariable = NTDLL.RtlWakeConditionVariable @495

168
dlls/kernelx/kernelx.cpp
View File

@ -6,8 +6,10 @@
#include "pch.h"
#include "framework.h"
#include "kernelx.h"
#include <cstdint>
NtAllocateVirtualMemory_t NtAllocateVirtualMemory;
NtFreeVirtualMemory_t NtFreeVirtualMemory;
void AcquireSRWLockExclusive_X(PSRWLOCK SRWLock)
@ -30,42 +32,131 @@ HANDLE GetProcessHeap_X()
return GetProcessHeap();
}
// TODO: Need to figure out this function.
PVOID XMemAllocDefault_X(ULONG_PTR a1, UINT64 a2)
{
uint32_t dword_180021AA0[16];
uint32_t dword_180021A60[16];
int64_t qword_18002C7E0[34];
HANDLE HeapHandle;
bool XMemFreeDefault_X(PVOID P, unsigned __int64 a2) {
if (!P) return FALSE;
uint64_t v3 = a2 >> 29;
uint32_t v2 = static_cast<uint32_t>(a2);
if (!dword_180021A60[v3 & 0xF] && (v2 & 0x1F000000) <= 0x4000000 && (v2 & 0xC000) == 0) {
return HeapFree(HeapHandle, 0, P) ? TRUE : FALSE;
}
uint64_t v6 = v3 & 0xF;
int64_t v7 = qword_18002C7E0[v6];
// Check if the memory can be freed using sub_18000EA08
if (!v7 || !*reinterpret_cast<uint64_t*>(v7 + 48) ||
*reinterpret_cast<uint64_t*>(v7 + 48) > reinterpret_cast<uint64_t>(P) ||
*reinterpret_cast<uint64_t*>(v7 + 56) < reinterpret_cast<uint64_t>(P)) {
v7 = qword_18002C7E0[static_cast<unsigned int>(v6 + 16)];
if (!v7 || !*reinterpret_cast<uint64_t*>(v7 + 48) ||
*reinterpret_cast<uint64_t*>(v7 + 48) > reinterpret_cast<uint64_t>(P) ||
*reinterpret_cast<uint64_t*>(v7 + 56) < reinterpret_cast<uint64_t>(P)) {
v7 = 0;
}
}
if (v7) {
//Bored to implement
//return sub_18000EA08() ? TRUE : FALSE;
}
SIZE_T RegionSize = 0;
return NtFreeVirtualMemory(
reinterpret_cast<HANDLE>(0xFFFFFFFFFFFFFFFF),
&P,
&RegionSize,
MEM_RELEASE
) >= 0 ? TRUE : FALSE;
}
__int64 XMemFree_X(PVOID P, __int64 a2) {
return XMemFreeDefault_X(P, a2);
}
PVOID XMemAllocDefault_X(uint64_t size, uint64_t flags) {
if (size == 0) return nullptr;
int64_t v8;
uint32_t v7 = dword_180021A60[(flags >> 29) & 0xF];
if (v7 == 0 || (flags & 0x1F000000) > 0x4000000 || (flags & 0xC000) != 0) {
if (v7 == 0x400000) {
v8 = 33;
}
else {
uint64_t v9 = (flags >> 24) & 0x1F;
if (v9 > 0x10 || size > 0x20000) {
v8 = 33;
}
else if (v9 > 0xC || size > 0xF00) {
v8 = (flags >> 29) & 0xF | 0x10;
}
else {
v8 = 32;
}
}
}
else {
v8 = 32;
}
if (v8 == 32) {
return nullptr;
}
if (v8 == 33) {
uint32_t AllocationType = 1073754112;
if ((flags & 0x1F000000) == 285212672) {
AllocationType = -1073729536;
}
else if ((flags >> 14) & 0xFFFF == 1) {
AllocationType = 1610625024;
}
else if ((flags >> 14) & 0xFFFF == 2) {
AllocationType = -1073729536;
}
uint32_t Protect = dword_180021AA0[(flags >> 29) & 0xF];
if (AllocationType & (1 << 22)) {
AllocationType &= 0xFFBFFFFF;
if ((flags & 0xC000) == 0) {
AllocationType |= 0x20000000;
}
}
void* baseAddress = nullptr;
SIZE_T regionSize = size;
if (NtAllocateVirtualMemory(
INVALID_HANDLE_VALUE,
&baseAddress,
0,
&regionSize,
AllocationType,
Protect) >= 0) {
return baseAddress;
}
return nullptr;
}
HeapHandle = HeapCreate(v8, 0, 0);
if (HeapHandle) {
return HeapAlloc(HeapHandle, 0, size);
}
return nullptr;
}
//TODO
PVOID XMemAlloc_X(SIZE_T dwSize, ULONGLONG dwAttributes)
PVOID XMemAlloc_X(ULONG64 a1, __int64 a2)
{
return XMemAllocDefault_X(dwSize, dwAttributes);
}
//TODO
BOOL XMemFreeDefault_X(PVOID P, UINT64 a2)
{
//STUB
return 0;
}
//TODO
BOOL XMemFree_X(PVOID P, UINT64 a2)
{
return 0;
/*struct _EVENT_TRACE_HEADER v5; // [rsp+20h] [rbp-48h] BYREF
unsigned __int64 v6; // [rsp+50h] [rbp-18h]
if (MEMORY[0x7FFE0390])
{
v5.Class.Version = 3105;
v5.ProcessorTime = 0LL;
v6 = a2;
*(&v5.GuidPtr + 1) = (ULONGLONG)P;
NtTraceEvent(MEMORY[0x7FFE0390], 0x10402u, 0x18u, &v5);
}
return off_18002B1B0(P, a2);*/
return XMemAllocDefault_X(a1, a2);
}
BOOL InitializeCriticalSectionEx_X(LPCRITICAL_SECTION lpCriticalSection, DWORD dwSpinCount, DWORD Flags)
@ -573,6 +664,17 @@ int sub_18001D96C(int v2, unsigned short* codePageData, unsigned int p, bool t,l
__int64 sub_18001BB8C()
{
// I know this should be done inside dllmain.cpp entrypoint but this is litreally the same (as this is called always at attachment
HMODULE ntdll = LoadLibraryA("ntdll.dll");
if (ntdll) {
NtAllocateVirtualMemory =
(NtAllocateVirtualMemory_t)GetProcAddress(ntdll, "NtAllocateVirtualMemory");
NtFreeVirtualMemory =
(NtFreeVirtualMemory_t)GetProcAddress(ntdll, "NtFreeVirtualMemory");
FreeLibrary(ntdll);
}
/*unsigned int v0; // ebx
unsigned __int16* AnsiCodePageData; // rdx
int v2; // ecx

18
dlls/kernelx/kernelx.h
View File

@ -2,6 +2,22 @@
#include "framework.h"
typedef NTSTATUS(NTAPI* NtAllocateVirtualMemory_t)(
HANDLE ProcessHandle,
PVOID* BaseAddress,
ULONG_PTR ZeroBits,
PSIZE_T RegionSize,
ULONG AllocationType,
ULONG Protect
);
typedef NTSTATUS(NTAPI* NtFreeVirtualMemory_t)(
HANDLE ProcessHandle,
PVOID* BaseAddress,
PSIZE_T RegionSize,
ULONG FreeType
);
// EXE EXPORTS
extern "C"
{
@ -59,7 +75,7 @@ extern "C"
LPVOID VirtualAlloc_X(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
BOOL XMemFreeDefault_X(PVOID P, UINT64 a2);
bool XMemFreeDefault_X(PVOID P, unsigned __int64 a2);
BOOL WriteFile_X(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped);