wacked
/
syscall64
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
1 Commit
1 Branch
Tag: 2129994ceb
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 2129994ceb
${ noResults }
syscall64/wow64ext.h

410 linhas
9.3KB
Original Anotar Histórico 

  1. /**

  2.  *

  3.  * WOW64Ext Library

  4.  *

  5.  * Copyright (c) 2014 ReWolf

  6.  * http://blog.rewolf.pl/

  7.  *

  8.  * This program is free software: you can redistribute it and/or modify

  9.  * it under the terms of the GNU Lesser General Public License as published

  10.  * by the Free Software Foundation, either version 3 of the License, or

  11.  * (at your option) any later version.

  12.  *

  13.  * This program is distributed in the hope that it will be useful,

  14.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  15.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  16.  * GNU Lesser General Public License for more details.

  17.  *

  18.  * You should have received a copy of the GNU Lesser General Public License

  19.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.

  20.  *

  21.  */

  22. #pragma once

  23. 

  24. #ifndef STATUS_SUCCESS

  25. #   define STATUS_SUCCESS 0

  26. #endif

  27. 

  28. #pragma pack(push)

  29. #pragma pack(1)

  30. template <class T>

  31. struct _LIST_ENTRY_T

  32. {

  33.     T Flink;

  34.     T Blink;

  35. };

  36. 

  37. template <class T>

  38. struct _UNICODE_STRING_T

  39. {

  40.     union

  41.     {

  42.         struct

  43.         {

  44.             WORD Length;

  45.             WORD MaximumLength;

  46.         };

  47.         T dummy;

  48.     };

  49.     T Buffer;

  50. };

  51. 

  52. template <class T>

  53. struct _NT_TIB_T

  54. {

  55.     T ExceptionList;

  56.     T StackBase;

  57.     T StackLimit;

  58.     T SubSystemTib;

  59.     T FiberData;

  60.     T ArbitraryUserPointer;

  61.     T Self;

  62. };

  63. 

  64. template <class T>

  65. struct _CLIENT_ID_T

  66. {

  67.     T UniqueProcess;

  68.     T UniqueThread;

  69. };

  70. 

  71. template <class T>

  72. struct _TEB_T_

  73. {

  74.     _NT_TIB_T<T> NtTib;

  75.     T EnvironmentPointer;

  76.     _CLIENT_ID_T<T> ClientId;

  77.     T ActiveRpcHandle;

  78.     T ThreadLocalStoragePointer;

  79.     T ProcessEnvironmentBlock;

  80.     DWORD LastErrorValue;

  81.     DWORD CountOfOwnedCriticalSections;

  82.     T CsrClientThread;

  83.     T Win32ThreadInfo;

  84.     DWORD User32Reserved[26];

  85.     //rest of the structure is not defined for now, as it is not needed

  86. };

  87. 

  88. template <class T>

  89. struct _LDR_DATA_TABLE_ENTRY_T

  90. {

  91.     _LIST_ENTRY_T<T> InLoadOrderLinks;

  92.     _LIST_ENTRY_T<T> InMemoryOrderLinks;

  93.     _LIST_ENTRY_T<T> InInitializationOrderLinks;

  94.     T DllBase;

  95.     T EntryPoint;

  96.     union

  97.     {

  98.         DWORD SizeOfImage;

  99.         T dummy01;

  100.     };

  101.     _UNICODE_STRING_T<T> FullDllName;

  102.     _UNICODE_STRING_T<T> BaseDllName;

  103.     DWORD Flags;

  104.     WORD LoadCount;

  105.     WORD TlsIndex;

  106.     union

  107.     {

  108.         _LIST_ENTRY_T<T> HashLinks;

  109.         struct 

  110.         {

  111.             T SectionPointer;

  112.             T CheckSum;

  113.         };

  114.     };

  115.     union

  116.     {

  117.         T LoadedImports;

  118.         DWORD TimeDateStamp;

  119.     };

  120.     T EntryPointActivationContext;

  121.     T PatchInformation;

  122.     _LIST_ENTRY_T<T> ForwarderLinks;

  123.     _LIST_ENTRY_T<T> ServiceTagLinks;

  124.     _LIST_ENTRY_T<T> StaticLinks;

  125.     T ContextInformation;

  126.     T OriginalBase;

  127.     _LARGE_INTEGER LoadTime;

  128. };

  129. 

  130. template <class T>

  131. struct _PEB_LDR_DATA_T

  132. {

  133.     DWORD Length;

  134.     DWORD Initialized;

  135.     T SsHandle;

  136.     _LIST_ENTRY_T<T> InLoadOrderModuleList;

  137.     _LIST_ENTRY_T<T> InMemoryOrderModuleList;

  138.     _LIST_ENTRY_T<T> InInitializationOrderModuleList;

  139.     T EntryInProgress;

  140.     DWORD ShutdownInProgress;

  141.     T ShutdownThreadId;

  142. 

  143. };

  144. 

  145. template <class T, class NGF, int A>

  146. struct _PEB_T

  147. {

  148.     union

  149.     {

  150.         struct

  151.         {

  152.             BYTE InheritedAddressSpace;

  153.             BYTE ReadImageFileExecOptions;

  154.             BYTE BeingDebugged;

  155.             BYTE BitField;

  156.         };

  157.         T dummy01;

  158.     };

  159.     T Mutant;

  160.     T ImageBaseAddress;

  161.     T Ldr;

  162.     T ProcessParameters;

  163.     T SubSystemData;

  164.     T ProcessHeap;

  165.     T FastPebLock;

  166.     T AtlThunkSListPtr;

  167.     T IFEOKey;

  168.     T CrossProcessFlags;

  169.     T UserSharedInfoPtr;

  170.     DWORD SystemReserved;

  171.     DWORD AtlThunkSListPtr32;

  172.     T ApiSetMap;

  173.     T TlsExpansionCounter;

  174.     T TlsBitmap;

  175.     DWORD TlsBitmapBits[2];

  176.     T ReadOnlySharedMemoryBase;

  177.     T HotpatchInformation;

  178.     T ReadOnlyStaticServerData;

  179.     T AnsiCodePageData;

  180.     T OemCodePageData;

  181.     T UnicodeCaseTableData;

  182.     DWORD NumberOfProcessors;

  183.     union

  184.     {

  185.         DWORD NtGlobalFlag;

  186.         NGF dummy02;

  187.     };

  188.     LARGE_INTEGER CriticalSectionTimeout;

  189.     T HeapSegmentReserve;

  190.     T HeapSegmentCommit;

  191.     T HeapDeCommitTotalFreeThreshold;

  192.     T HeapDeCommitFreeBlockThreshold;

  193.     DWORD NumberOfHeaps;

  194.     DWORD MaximumNumberOfHeaps;

  195.     T ProcessHeaps;

  196.     T GdiSharedHandleTable;

  197.     T ProcessStarterHelper;

  198.     T GdiDCAttributeList;

  199.     T LoaderLock;

  200.     DWORD OSMajorVersion;

  201.     DWORD OSMinorVersion;

  202.     WORD OSBuildNumber;

  203.     WORD OSCSDVersion;

  204.     DWORD OSPlatformId;

  205.     DWORD ImageSubsystem;

  206.     DWORD ImageSubsystemMajorVersion;

  207.     T ImageSubsystemMinorVersion;

  208.     T ActiveProcessAffinityMask;

  209.     T GdiHandleBuffer[A];

  210.     T PostProcessInitRoutine; 

  211.     T TlsExpansionBitmap; 

  212.     DWORD TlsExpansionBitmapBits[32];

  213.     T SessionId;

  214.     ULARGE_INTEGER AppCompatFlags;

  215.     ULARGE_INTEGER AppCompatFlagsUser;

  216.     T pShimData;

  217.     T AppCompatInfo;

  218.     _UNICODE_STRING_T<T> CSDVersion;

  219.     T ActivationContextData;

  220.     T ProcessAssemblyStorageMap;

  221.     T SystemDefaultActivationContextData;

  222.     T SystemAssemblyStorageMap;

  223.     T MinimumStackCommit;

  224.     T FlsCallback;

  225.     _LIST_ENTRY_T<T> FlsListHead;

  226.     T FlsBitmap;

  227.     DWORD FlsBitmapBits[4];

  228.     T FlsHighIndex;

  229.     T WerRegistrationData;

  230.     T WerShipAssertPtr;

  231.     T pContextData;

  232.     T pImageHeaderHash;

  233.     T TracingFlags;

  234. };

  235. 

  236. typedef _LDR_DATA_TABLE_ENTRY_T<DWORD> LDR_DATA_TABLE_ENTRY32;

  237. typedef _LDR_DATA_TABLE_ENTRY_T<DWORD64> LDR_DATA_TABLE_ENTRY64;

  238. 

  239. typedef _TEB_T_<DWORD> TEB32;

  240. typedef _TEB_T_<DWORD64> TEB64;

  241. 

  242. typedef _PEB_LDR_DATA_T<DWORD> PEB_LDR_DATA32;

  243. typedef _PEB_LDR_DATA_T<DWORD64> PEB_LDR_DATA64;

  244. 

  245. typedef _PEB_T<DWORD, DWORD64, 34> PEB32;

  246. //typedef _PEB_T<DWORD64, DWORD, 30> PEB64;

  247. 

  248. struct _XSAVE_FORMAT64

  249. {

  250.     WORD ControlWord;

  251.     WORD StatusWord;

  252.     BYTE TagWord;

  253.     BYTE Reserved1;

  254.     WORD ErrorOpcode;

  255.     DWORD ErrorOffset;

  256.     WORD ErrorSelector;

  257.     WORD Reserved2;

  258.     DWORD DataOffset;

  259.     WORD DataSelector;

  260.     WORD Reserved3;

  261.     DWORD MxCsr;

  262.     DWORD MxCsr_Mask;

  263.     _M128A FloatRegisters[8];

  264.     _M128A XmmRegisters[16];

  265.     BYTE Reserved4[96];

  266. };

  267. 

  268. struct _CONTEXT64

  269. {

  270.     DWORD64 P1Home;

  271.     DWORD64 P2Home;

  272.     DWORD64 P3Home;

  273.     DWORD64 P4Home;

  274.     DWORD64 P5Home;

  275.     DWORD64 P6Home;

  276.     DWORD ContextFlags;

  277.     DWORD MxCsr;

  278.     WORD SegCs;

  279.     WORD SegDs;

  280.     WORD SegEs;

  281.     WORD SegFs;

  282.     WORD SegGs;

  283.     WORD SegSs;

  284.     DWORD EFlags;

  285.     DWORD64 Dr0;

  286.     DWORD64 Dr1;

  287.     DWORD64 Dr2;

  288.     DWORD64 Dr3;

  289.     DWORD64 Dr6;

  290.     DWORD64 Dr7;

  291.     DWORD64 Rax;

  292.     DWORD64 Rcx;

  293.     DWORD64 Rdx;

  294.     DWORD64 Rbx;

  295.     DWORD64 Rsp;

  296.     DWORD64 Rbp;

  297.     DWORD64 Rsi;

  298.     DWORD64 Rdi;

  299.     DWORD64 R8;

  300.     DWORD64 R9;

  301.     DWORD64 R10;

  302.     DWORD64 R11;

  303.     DWORD64 R12;

  304.     DWORD64 R13;

  305.     DWORD64 R14;

  306.     DWORD64 R15;

  307.     DWORD64 Rip;

  308.     _XSAVE_FORMAT64 FltSave;

  309.     _M128A Header[2];

  310.     _M128A Legacy[8];

  311.     _M128A Xmm0;

  312.     _M128A Xmm1;

  313.     _M128A Xmm2;

  314.     _M128A Xmm3;

  315.     _M128A Xmm4;

  316.     _M128A Xmm5;

  317.     _M128A Xmm6;

  318.     _M128A Xmm7;

  319.     _M128A Xmm8;

  320.     _M128A Xmm9;

  321.     _M128A Xmm10;

  322.     _M128A Xmm11;

  323.     _M128A Xmm12;

  324.     _M128A Xmm13;

  325.     _M128A Xmm14;

  326.     _M128A Xmm15;

  327.     _M128A VectorRegister[26];

  328.     DWORD64 VectorControl;

  329.     DWORD64 DebugControl;

  330.     DWORD64 LastBranchToRip;

  331.     DWORD64 LastBranchFromRip;

  332.     DWORD64 LastExceptionToRip;

  333.     DWORD64 LastExceptionFromRip;

  334. };

  335. 

  336. // Below defines for .ContextFlags field are taken from WinNT.h

  337. #ifndef CONTEXT_AMD64

  338. #define CONTEXT_AMD64 0x100000

  339. #endif

  340. 

  341. #define CONTEXT64_CONTROL (CONTEXT_AMD64 | 0x1L)

  342. #define CONTEXT64_INTEGER (CONTEXT_AMD64 | 0x2L)

  343. #define CONTEXT64_SEGMENTS (CONTEXT_AMD64 | 0x4L)

  344. #define CONTEXT64_FLOATING_POINT  (CONTEXT_AMD64 | 0x8L)

  345. #define CONTEXT64_DEBUG_REGISTERS (CONTEXT_AMD64 | 0x10L)

  346. #define CONTEXT64_FULL (CONTEXT64_CONTROL | CONTEXT64_INTEGER | CONTEXT64_FLOATING_POINT)

  347. #define CONTEXT64_ALL (CONTEXT64_CONTROL | CONTEXT64_INTEGER | CONTEXT64_SEGMENTS | CONTEXT64_FLOATING_POINT | CONTEXT64_DEBUG_REGISTERS)

  348. #define CONTEXT64_XSTATE (CONTEXT_AMD64 | 0x20L)

  349. 

  350. // My changes

  351. template <class T>

  352. struct _OBJECT_ATTRIBUTES_T

  353. {

  354. 	union

  355. 	{

  356. 		ULONG	uLength;

  357. 		T dummy;

  358. 	}; 

  359. 	T		hRootDirectory;

  360. 	T		pObjectName;

  361. 	union

  362. 	{

  363. 		ULONG	uAttributes;

  364. 		T dummy2;

  365. 	};

  366. 	T	pSecurityDescriptor;

  367. 	T	pSecurityQualityOfService;

  368. };

  369. 

  370. template <class T>

  371. struct _HANDLE_T

  372. {

  373. 	T h;

  374. };

  375. 

  376. /* Extremly weird. sizeof(IO_STATUS_BLOCK) == 8 on x86 & x64. 

  377. However NtCreateFile doesn't seem to agree

  378. 

  379. UNICODE_STRING filename = {0};

  380. RtlInitUnicodeString(&filename, L"\\??\\D:\\abc.txt");

  381. 

  382. OBJECT_ATTRIBUTES obja = {0};

  383. IO_STATUS_BLOCK iostatusblock = {0};

  384. InitializeObjectAttributes(&obja, &filename, OBJ_CASE_INSENSITIVE, NULL, NULL);

  385. 

  386. HANDLE h = INVALID_HANDLE_VALUE;

  387. NTSTATUS stat = NtCreateFile(&h, FILE_READ_DATA | FILE_WRITE_DATA | SYNCHRONIZE,

  388. &obja, &iostatusblock,

  389. NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ, FILE_OVERWRITE_IF,

  390. FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);

  391. 

  392. Run in Debug mode and see Run-Time Check Failure #2 - Stack around the variable 'iostatusblock' was corrupted.

  393. */

  394. template <class T>

  395. struct _IO_STATUS_BLOCK_T

  396. {

  397. 	union

  398. 	{

  399. 		NTSTATUS	Status;

  400. 		T dummy;

  401. 	};

  402. 	union

  403. 	{

  404. 		ULONG		uInformation;

  405. 		T dummy;

  406. 	};

  407. };

  408. 

  409. #pragma pack(pop)