|
|
|
#pragma once
|
|
|
|
#define WINUSERAPI
|
|
|
|
#define _KERNEL32_
|
|
|
|
#define _ACRTIMP
|
|
|
|
#define NTKERNELAPI
|
|
|
|
|
|
|
|
#define THEO_OBFUSCATE(...) \
|
|
|
|
_Pragma("code_seg(\".theo\")") \
|
|
|
|
__VA_ARGS__ \
|
|
|
|
_Pragma("code_seg()")
|
|
|
|
|
|
|
|
#define THEO_MUTATE(...) \
|
|
|
|
_Pragma("code_seg(\".theo1\")") \
|
|
|
|
__VA_ARGS__ \
|
|
|
|
_Pragma("code_seg()")
|
|
|
|
|
|
|
|
#define LLVM_BCF __attribute((__annotate__(("bcf"))))
|
|
|
|
#define LLVM_SUB __attribute((__annotate__(("sub"))))
|
|
|
|
#define LLVM_FLA __attribute((__annotate__(("fla"))))
|
|
|
|
|
|
|
|
#define CR3_OFFSET 0x28
|
|
|
|
#define NT_SUCCESS(x) ((x) >= 0)
|
|
|
|
#define STATUS_INFO_LENGTH_MISMATCH 0xc0000004
|
|
|
|
|
|
|
|
using NTSTATUS = unsigned long;
|
|
|
|
using PVOID = void*;
|
|
|
|
|
|
|
|
using HANDLE = unsigned long;
|
|
|
|
using UCHAR = unsigned char;
|
|
|
|
using USHORT = unsigned short;
|
|
|
|
using ULONG = unsigned long;
|
|
|
|
using PULONG = unsigned long*;
|
|
|
|
typedef unsigned long long ULONG_PTR;
|
|
|
|
|
|
|
|
// this is a demo of resolving non-exported symbols...
|
|
|
|
// win32kfull.sys export example...
|
|
|
|
extern "C" void NtUserRegisterShellPTPListener();
|
|
|
|
extern "C" void* PiDDBCacheTable;
|
|
|
|
|
|
|
|
extern "C" unsigned char* IoGetCurrentProcess();
|
|
|
|
extern "C" unsigned long DbgPrint(const char* format, ...);
|
|
|
|
extern "C" PVOID ExAllocatePool(ULONG, ULONG);
|
|
|
|
extern "C" void ExFreePool(PVOID);
|