init commit

.gitignore

@@ -0,0 +1,388 @@
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+##
+## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
+
+# User-specific files
+*.rsuser
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Mono auto generated files
+mono_crash.*
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+[Ww][Ii][Nn]32/
+[Aa][Rr][Mm]/
+[Aa][Rr][Mm]64/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+[Ll]ogs/
+
+# Visual Studio 2015/2017 cache/options directory
+.vs/
+# Uncomment if you have tasks that create the project's static files in wwwroot
+#wwwroot/
+
+# Visual Studio 2017 auto generated files
+Generated\ Files/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUnit
+*.VisualState.xml
+TestResult.xml
+nunit-*.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+# Benchmark Results
+BenchmarkDotNet.Artifacts/
+
+# .NET Core
+project.lock.json
+project.fragment.lock.json
+artifacts/
+
+# ASP.NET Scaffolding
+ScaffoldingReadMe.txt
+
+# StyleCop
+StyleCopReport.xml
+
+# Files built by Visual Studio
+*_i.c
+*_p.c
+*_h.h
+*.ilk
+*.meta
+*.obj
+*.iobj
+*.pch
+*.pdb
+*.ipdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*_wpftmp.csproj
+*.log
+*.tlog
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+*.sap
+
+# Visual Studio Trace Files
+*.e2e
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# AxoCover is a Code Coverage Tool
+.axoCover/*
+!.axoCover/settings.json
+
+# Coverlet is a free, cross platform Code Coverage Tool
+coverage*.json
+coverage*.xml
+coverage*.info
+
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+nCrunchTemp_*
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+# Note: Comment the next line if you want to checkin your web deploy settings,
+# but database connection strings (with potential passwords) will be unencrypted
+*.pubxml
+*.publishproj
+
+# Microsoft Azure Web App publish settings. Comment the next line if you want to
+# checkin your Azure Web App publish settings, but sensitive information contained
+# in these scripts will be unencrypted
+PublishScripts/
+
+# NuGet Packages
+*.nupkg
+# NuGet Symbol Packages
+*.snupkg
+# The packages folder can be ignored because of Package Restore
+**/[Pp]ackages/*
+# except build/, which is used as an MSBuild target.
+!**/[Pp]ackages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/[Pp]ackages/repositories.config
+# NuGet v3's project.json files produces more ignorable files
+*.nuget.props
+*.nuget.targets
+
+# Nuget personal access tokens and Credentials
+nuget.config
+
+# Microsoft Azure Build Output
+csx/
+*.build.csdef
+
+# Microsoft Azure Emulator
+ecf/
+rcf/
+
+# Windows Store app package directories and files
+AppPackages/
+BundleArtifacts/
+Package.StoreAssociation.xml
+_pkginfo.txt
+*.appx
+*.appxbundle
+*.appxupload
+
+# Visual Studio cache files
+# files ending in .cache can be ignored
+*.[Cc]ache
+# but keep track of directories ending in .cache
+!?*.[Cc]ache/
+
+# Others
+ClientBin/
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.jfm
+*.pfx
+*.publishsettings
+orleans.codegen.cs
+
+# Including strong name files can present a security risk
+# (https://github.com/github/gitignore/pull/2483#issue-259490424)
+#*.snk
+
+# Since there are multiple workflows, uncomment next line to ignore bower_components
+# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
+#bower_components/
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+ServiceFabricBackup/
+*.rptproj.bak
+
+# SQL Server files
+*.mdf
+*.ldf
+*.ndf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+*.rptproj.rsuser
+*- [Bb]ackup.rdl
+*- [Bb]ackup ([0-9]).rdl
+*- [Bb]ackup ([0-9][0-9]).rdl
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# GhostDoc plugin setting file
+*.GhostDoc.xml
+
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+node_modules/
+
+# Visual Studio 6 build log
+*.plg
+
+# Visual Studio 6 workspace options file
+*.opt
+
+# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
+*.vbw
+
+# Visual Studio LightSwitch build output
+**/*.HTMLClient/GeneratedArtifacts
+**/*.DesktopClient/GeneratedArtifacts
+**/*.DesktopClient/ModelManifest.xml
+**/*.Server/GeneratedArtifacts
+**/*.Server/ModelManifest.xml
+_Pvt_Extensions
+
+# Paket dependency manager
+.paket/paket.exe
+paket-files/
+
+# FAKE - F# Make
+.fake/
+
+# CodeRush personal settings
+.cr/personal
+
+# Python Tools for Visual Studio (PTVS)
+__pycache__/
+*.pyc
+
+# Cake - Uncomment if you are using it
+# tools/**
+# !tools/packages.config
+
+# Tabs Studio
+*.tss
+
+# Telerik's JustMock configuration file
+*.jmconfig
+
+# BizTalk build output
+*.btp.cs
+*.btm.cs
+*.odx.cs
+*.xsd.cs
+
+# OpenCover UI analysis results
+OpenCover/
+
+# Azure Stream Analytics local run output
+ASALocalRun/
+
+# MSBuild Binary and Structured Log
+*.binlog
+
+# NVidia Nsight GPU debugger configuration file
+*.nvuser
+
+# MFractors (Xamarin productivity tool) working folder
+.mfractor/
+
+# Local History for Visual Studio
+.localhistory/
+
+# BeatPulse healthcheck temp database
+healthchecksdb
+
+# Backup folder for Package Reference Convert tool in Visual Studio 2017
+MigrationBackup/
+
+# Ionide (cross platform F# VS Code tools) working folder
+.ionide/
+
+# Fody - auto-generated XML schema
+FodyWeavers.xsd
+
+# VS Code files for those working on multiple tools
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+*.code-workspace
+
+# Local History for Visual Studio Code
+.history/
+
+# Windows Installer files from build outputs
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# JetBrains Rider
+.idea/
+*.sln.iml

.gitmodules

@@ -0,0 +1,6 @@
+[submodule "dependencies/vmhook"]
+	path = dependencies/vmhook
+	url = https://githacks.org/vmp2/vmhook.git
+[submodule "dependencies/ZwSwapCert"]
+	path = dependencies/ZwSwapCert
+	url = https://githacks.org/_xeroxz/zwswapcert.git

dependencies/ZwSwapCert

@@ -0,0 +1 @@
+Subproject commit bf5f30c360f7e9d87a0cdba82d70008fd64c5c1c

dependencies/vmhook

@@ -0,0 +1 @@
+Subproject commit aec227a091e0a2a5a591d0e77df5243270d99672

drv_entry.cpp

@@ -0,0 +1,189 @@
+//
+// Registers on image load callback then applies vmhook to EAC
+// 
+//
+
+#include <ntifs.h>
+#include <intrin.h>
+#include <vmhook.hpp>
+
+//
+// game cheat offset flash backs...
+//
+
+#define EAC_VM_HANDLE_OFFSET 0xE93D
+#define EAC_IMAGE_BASE 0x140000000
+
+//
+// vm handler indexes for READQ...
+//
+
+u8 readq_idxs[] = { 247, 215, 169, 159, 71, 60, 55, 43, 23 };
+
+//
+// vm handler indexes for READDW
+//
+
+u8 readdw_idxs[] = { 218, 180, 179, 178, 163, 137, 92, 22, 12 };
+
+vm::hook_t* g_vmhook = nullptr;
+vm::handler::table_t* g_vm_table = nullptr;
+
+void*
+operator new(
+	u64 size
+)
+{
+	//
+	// Could have also used ExAllocatePoolZero...
+	//
+
+	return RtlZeroMemory(ExAllocatePool(NonPagedPool, size), size);
+}
+
+void
+operator delete
+(
+	void* ptr, 
+	u64 size
+)
+{
+	UNREFERENCED_PARAMETER(size);
+	ExFreePool(ptr);
+}
+
+void
+image_loaded(
+	PUNICODE_STRING image_name,
+	HANDLE pid,
+	PIMAGE_INFO image_info
+)
+{
+	// 
+	// PID is zero when the module being loaded is going into the kernel...
+	//
+
+	if (!pid && wcsstr(image_name->Buffer, L"EasyAntiCheat.sys"))
+	{
+		if (g_vmhook && g_vm_table)
+			delete g_vmhook, delete g_vm_table;
+
+		//
+		// allocate memory for a g_vmhook, g_vm_table and then zero it...
+		//
+
+		// > 0x00007FF77A233736 mov rcx, [r12+rax*8]
+		// > 0x00007FF77A23373D ror rcx, 0x30 <--- decrypt vm handler entry...
+		// > 0x00007FF77A233747 add rcx, r13
+		// > 0x00007FF77A23374A jmp rcx
+		vm::decrypt_handler_t _decrypt_handler =
+			[](u64 val) -> u64
+		{
+			return _rotl64(val, 0x30);
+		};
+
+		// > 0x00007FF77A233736 mov rcx, [r12+rax*8]
+		// > 0x00007FF77A23373D ror rcx, 0x30 <--- inverse to encrypt vm handler entry...
+		// > 0x00007FF77A233747 add rcx, r13
+		// > 0x00007FF77A23374A jmp rcx
+		vm::encrypt_handler_t _encrypt_handler =
+			[](u64 val) -> u64
+		{
+			return _rotr64(val, 0x30);
+		};
+
+		vm::handler::edit_entry_t _edit_entry =
+			[](u64* entry_ptr, u64 val) -> void
+		{
+			//
+			// disable write protect bit in cr0...
+			//
+
+			{
+				auto cr0 = __readcr0();
+				cr0 &= 0xfffffffffffeffff;
+				__writecr0(cr0);
+				_disable();
+			}
+
+			*entry_ptr = val;
+
+			//
+			// enable write protect bit in cr0...
+			//
+
+			{
+				auto cr0 = __readcr0();
+				cr0 |= 0x10000;
+				_enable();
+				__writecr0(cr0);
+			}
+		};
+
+		auto image_base = reinterpret_cast<u64>(image_info->ImageBase);
+		auto handler_table_ptr = reinterpret_cast<u64*>(image_base + EAC_VM_HANDLE_OFFSET);
+
+		g_vm_table = new vm::handler::table_t(handler_table_ptr, _edit_entry);
+		g_vmhook = new vm::hook_t(image_base, EAC_IMAGE_BASE, _decrypt_handler, _encrypt_handler, g_vm_table);
+
+		// install hooks on READQ virtual machine handlers...
+		for (auto idx = 0u; idx < sizeof readq_idxs; ++idx)
+		{
+			g_vm_table->set_callback(readq_idxs[idx],
+				[](vm::registers* regs, u8 handler_idx)
+				{
+					DbgPrint("> READQ, reading address = 0x%p\n", reinterpret_cast<u64*>(regs->rbp)[0]);
+				}
+			);
+		}
+
+		for (auto idx = 0u; idx < sizeof readdw_idxs; ++idx)
+		{
+			g_vm_table->set_callback(readdw_idxs[idx],
+				[](vm::registers* regs, u8 handler_idx)
+				{
+					DbgPrint("> READDW, reading address = 0x%p\n", reinterpret_cast<u64*>(regs->rbp)[0]);
+				}
+			);
+		}
+
+		//
+		// hooks all vm handlers and starts callbacks...
+		//
+		g_vmhook->start();
+	}
+}
+
+/*++
+
+Routine Description:
+	This is the entry routine for the vmhook-eac driver.
+
+Arguments:
+	drv_object - Pointer to driver object created by the system.
+	reg_path - Receives the full registry path to the SERVICES
+			node of the current control set.
+
+Return Value:
+	An NTSTATUS code.
+
+--*/
+
+extern "C"
+NTSTATUS
+DriverEntry( // entry called from ZwSwapCert...
+	PDRIVER_OBJECT drv_object,
+	PUNICODE_STRING reg_path
+)
+{
+	UNREFERENCED_PARAMETER(drv_object);
+	UNREFERENCED_PARAMETER(reg_path);
+
+	//
+	// This kernel driver cannot be unloaded so there is no unload routine...
+	// This is because ZwSwapCert will cause the system to crash...
+	//
+
+	DbgPrint("> Registering ImageLoad Callbacks...\n");
+	return PsSetLoadImageNotifyRoutine(&image_loaded);
+}

vmhook-eac.sln

@@ -0,0 +1,35 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.31321.278
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vmhook-eac", "vmhook-eac.vcxproj", "{42442E7D-1DEC-455C-BD69-931D908F83A8}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ZwSwapCert", "dependencies\ZwSwapCert\ZwSwapCert\ZwSwapCert.vcxproj", "{475EA8A7-C1BA-4847-B9C3-198C9738E0C0}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Release|x64 = Release|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{42442E7D-1DEC-455C-BD69-931D908F83A8}.Debug|x64.ActiveCfg = Debug|x64
+		{42442E7D-1DEC-455C-BD69-931D908F83A8}.Debug|x64.Build.0 = Debug|x64
+		{42442E7D-1DEC-455C-BD69-931D908F83A8}.Debug|x64.Deploy.0 = Debug|x64
+		{42442E7D-1DEC-455C-BD69-931D908F83A8}.Release|x64.ActiveCfg = Release|x64
+		{42442E7D-1DEC-455C-BD69-931D908F83A8}.Release|x64.Build.0 = Release|x64
+		{42442E7D-1DEC-455C-BD69-931D908F83A8}.Release|x64.Deploy.0 = Release|x64
+		{475EA8A7-C1BA-4847-B9C3-198C9738E0C0}.Debug|x64.ActiveCfg = Release|x64
+		{475EA8A7-C1BA-4847-B9C3-198C9738E0C0}.Debug|x64.Build.0 = Release|x64
+		{475EA8A7-C1BA-4847-B9C3-198C9738E0C0}.Debug|x64.Deploy.0 = Release|x64
+		{475EA8A7-C1BA-4847-B9C3-198C9738E0C0}.Release|x64.ActiveCfg = Release|x64
+		{475EA8A7-C1BA-4847-B9C3-198C9738E0C0}.Release|x64.Build.0 = Release|x64
+		{475EA8A7-C1BA-4847-B9C3-198C9738E0C0}.Release|x64.Deploy.0 = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {E153699F-009A-44FB-B4D0-C2D97CC204E7}
+	EndGlobalSection
+EndGlobal

vmhook-eac.vcxproj

@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{42442E7D-1DEC-455C-BD69-931D908F83A8}</ProjectGuid>
+    <TemplateGuid>{1bc93793-694f-48fe-9372-81e2b05556fd}</TemplateGuid>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
+    <Configuration>Debug</Configuration>
+    <Platform Condition="'$(Platform)' == ''">Win32</Platform>
+    <RootNamespace>vmhook_eac</RootNamespace>
+    <WindowsTargetPlatformVersion>$(LatestTargetPlatformVersion)</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <TargetVersion>Windows10</TargetVersion>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>KMDF</DriverType>
+    <DriverTargetPlatform>Universal</DriverTargetPlatform>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <TargetVersion>Windows10</TargetVersion>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>KMDF</DriverType>
+    <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <Driver_SpectreMitigation>false</Driver_SpectreMitigation>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+    <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+    <EnableInf2cat>false</EnableInf2cat>
+    <IncludePath>$(ProjectDir)dependencies\vmhook\include\;$(IncludePath)</IncludePath>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <LanguageStandard>stdcpp17</LanguageStandard>
+      <TreatWarningAsError>false</TreatWarningAsError>
+    </ClCompile>
+    <Link>
+      <EntryPointSymbol>ScDriverEntry</EntryPointSymbol>
+      <AdditionalOptions>/SECTION:.text,RWE %(AdditionalOptions)</AdditionalOptions>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <FilesToPackage Include="$(TargetPath)" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dependencies\vmhook\src\vmhook.cpp" />
+    <ClCompile Include="drv_entry.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="dependencies\vmhook\include\vmhook.hpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <MASM Include="dependencies\vmhook\src\vtrap.asm" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="dependencies\ZwSwapCert\ZwSwapCert\ZwSwapCert.vcxproj">
+      <Project>{475ea8a7-c1ba-4847-b9c3-198c9738e0c0}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+    <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" />
+  </ImportGroup>
+</Project>

vmhook-eac.vcxproj.filters

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="drv_entry.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="dependencies\vmhook\src\vmhook.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="dependencies\vmhook\include\vmhook.hpp">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <MASM Include="dependencies\vmhook\src\vtrap.asm">
+      <Filter>Source Files</Filter>
+    </MASM>
+  </ItemGroup>
+</Project>

x64/Release/vmhook-eac.log

@@ -0,0 +1,16 @@
+D:\vmhook-eac\vmhook-eac.vcxproj(43,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.props" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.Shared.props (352,3)". This is most likely a build authoring error. This subsequent import will be ignored. 
+D:\vmhook-eac\vmhook-eac.vcxproj(88,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.targets" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets (1878,3)". This is most likely a build authoring error. This subsequent import will be ignored. 
+  Building 'vmhook-eac' with toolset 'WindowsKernelModeDriver10.0' and the 'Universal' target platform.
+  Building 'ZwSwapCert' with toolset 'WindowsKernelModeDriver10.0' and the 'Universal' target platform.
+  drv_entry.cpp
+D:\vmhook-eac\drv_entry.cpp(136,5): warning C4100: 'handler_idx': unreferenced formal parameter
+D:\vmhook-eac\drv_entry.cpp(146,5): warning C4100: 'handler_idx': unreferenced formal parameter
+  vmhook-eac.vcxproj -> D:\vmhook-eac\x64\Release\vmhook-eac.sys
+D:\vmhook-eac\vmhook-eac.vcxproj(43,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.props" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.Shared.props (352,3)". This is most likely a build authoring error. This subsequent import will be ignored. 
+D:\vmhook-eac\vmhook-eac.vcxproj(88,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.targets" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets (1878,3)". This is most likely a build authoring error. This subsequent import will be ignored. 
+  Done Adding Additional Store
+  Successfully signed: D:\vmhook-eac\x64\Release\vmhook-eac.sys
+  
+  Driver is 'Universal'.
+D:\vmhook-eac\vmhook-eac.vcxproj(43,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.props" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.Shared.props (352,3)". This is most likely a build authoring error. This subsequent import will be ignored. 
+D:\vmhook-eac\vmhook-eac.vcxproj(88,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.targets" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets (1878,3)". This is most likely a build authoring error. This subsequent import will be ignored. 

x64/Release/vmhook-eac.sys.recipe

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project>
+  <ProjectOutputs>
+    <ProjectOutput>
+      <FullPath>D:\vmhook-eac\x64\Release\vmhook-eac.sys</FullPath>
+    </ProjectOutput>
+  </ProjectOutputs>
+  <ContentFiles />
+  <SatelliteDlls />
+  <NonRecipeFileRefs />
+</Project>

x64/Release/vmhook-eac.tlog/signtool.timestamp.1.tlog

@@ -0,0 +1,2 @@
+D:\EACLOG\X64\RELEASE\VMHOOK-EAC.SYS|637605507578183380
+D:\VMHOOK-EAC\X64\RELEASE\VMHOOK-EAC.SYS|637605525713265269

x64/Release/vmhook-eac.tlog/vmhook-eac.lastbuildstate

@@ -0,0 +1,2 @@
+PlatformToolSet=WindowsKernelModeDriver10.0:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30037:TargetPlatformVersion=10.0.19041.0:
+Release|x64|D:\vmhook-eac\|

x64/Release/vmhook-eac.vcxproj.FileListAbsolute.txt

@@ -0,0 +1 @@
+D:\vmhook-eac\x64\Release\vmhook-eac.sys