diff --git a/Include/Defs.h b/Include/Defs.h index 26a5c6c..d6994e5 100644 --- a/Include/Defs.h +++ b/Include/Defs.h @@ -25,8 +25,9 @@ #define _WIN32_WINNT 0x0500 -#include #include +#include +#include #ifdef __cplusplus /* Assume byte packing throughout */ @@ -122,7 +123,7 @@ extern "C" { (((status)exp) >= 0) ? \ TRUE : \ (vDbgPrint( \ - _T("[Shark] %hs[%d] %hs failed < %08x >\n"), \ + _T("[FRK] %hs[%d] %hs failed < %08x >\n"), \ __FILE__, \ __LINE__, \ __FUNCDNAME__, \ @@ -132,7 +133,7 @@ extern "C" { (((status)exp) >= 0) ? \ TRUE : \ (vDbgPrint( \ - "[Shark] %hs[%d] %hs failed < %08x >\n", \ + "[FRK] %hs[%d] %hs failed < %08x >\n", \ __FILE__, \ __LINE__, \ __FUNCDNAME__, \ diff --git a/Include/DeviceDefs.h b/Include/DeviceDefs.h index 22d88da..f83f78c 100644 --- a/Include/DeviceDefs.h +++ b/Include/DeviceDefs.h @@ -31,6 +31,39 @@ extern "C" { #define DEVICE_STRING L"\\Device\\{94A4D943-9D91-4DFA-AA05-5486E61BF500}" #define SYMBOLIC_STRING L"\\DosDevices\\{00081140-C743-454D-917B-C3F437C770DC}" + FORCEINLINE + u + NTAPI + GuardCall( + __in_opt PGKERNEL_ROUTINE KernelRoutine, + __in_opt PGSYSTEM_ROUTINE SystemRoutine, + __in_opt PGRUNDOWN_ROUTINE RundownRoutine, + __in_opt PGNORMAL_ROUTINE NormalRoutine + ) + { + u Result = 0; + + __try { + if (NULL != KernelRoutine) { + Result = KernelRoutine(SystemRoutine, RundownRoutine, NormalRoutine); + } + else if (NULL != SystemRoutine) { + Result = SystemRoutine(RundownRoutine, NormalRoutine); + } + else if (NULL != RundownRoutine) { + Result = RundownRoutine(NormalRoutine); + } + else if (NULL != NormalRoutine) { + Result = NormalRoutine(); + } + } + __except (EXCEPTION_EXECUTE_HANDLER) { + NOTHING; + } + + return Result; + } + #ifdef __cplusplus } #endif /* __cplusplus */ diff --git a/Include/listdefs.h b/Include/listdefs.h new file mode 100644 index 0000000..38572b4 --- /dev/null +++ b/Include/listdefs.h @@ -0,0 +1,137 @@ +/* +* +* Copyright (c) 2015 - 2021 by blindtiger. All rights reserved. +* +* The contents of this file are subject to the Mozilla Public License Version +* 2.0 (the "License"); you may not use this file except in compliance with +* the License. You may obtain a copy of the License at +* http://www.mozilla.org/MPL/ +* +* Software distributed under the License is distributed on an "AS IS" basis, +* WITHOUT WARRANTY OF ANY KIND, either express or implied. SEe the License +* for the specific language governing rights and limitations under the +* License. +* +* The Initial Developer of the Original e is blindtiger. +* +*/ + +#ifndef _LISTDEFS_H_ +#define _LISTDEFS_H_ + +#include + +#ifdef __cplusplus +/* Assume byte packing throughout */ +extern "C" { +#endif /* __cplusplus */ + + typedef struct _list { + struct _list * front; + struct _list * back; + } list; + +#define __is_list_empty(head) \ + ((head)->front == (head)) + + __inline + void + __empty_list( + list * head + ) + { + head->front = head->back = head; + } + + __inline + u8 + __remove_node( + list * node + ) + { + list * back; + list * front; + + front = node->front; + back = node->back; + back->front = front; + front->back = back; + + return (u8)(front == back); + } + + __inline + void + __insert_head( + list * head, + list * node + ) + { + list * front; + + front = head->front; + + node->front = front; + node->back = head; + + head->front = node; + front->back = node; + } + + __inline + list * + __remove_head( + list * head + ) + { + list * front; + list * node; + + node = head->front; + front = node->front; + head->front = front; + front->back = head; + + return node; + } + + __inline + void + __insert_tail( + list * head, + list * node + ) + { + list * back; + + back = head->back; + + node->front = head; + node->back = back; + + back->front = node; + head->back = node; + } + + __inline + list * + __remove_tail( + list * head + ) + { + list * back; + list * node; + + node = head->back; + back = node->back; + head->back = back; + back->front = head; + + return node; + } + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif // !_LISTDEFS_H_ diff --git a/Projects/Shark/AMD64/PatchGuardAMD64.c b/Projects/Shark/AMD64/PatchGuardAMD64.c index da12139..4f123fb 100644 --- a/Projects/Shark/AMD64/PatchGuardAMD64.c +++ b/Projects/Shark/AMD64/PatchGuardAMD64.c @@ -368,7 +368,7 @@ InitializePgBlock( s8 ReservedCrossThreadFlags[] = "89 83 ?? ?? F0 83 0C 24 00 80 3D ?? ?? ?? ?? ?? 0F"; - u64 Btc64[] = { 0xC3C18B48D1BB0F48 }; + u64 Btc64[] = { 0xC3C3C0BB0F489148 }; u64 Rol64[] = { 0xC3C0D348CA869148 }; u64 Ror64[] = { 0xC3C8D348CA869148 }; @@ -1314,21 +1314,6 @@ PgCompareFields( if (FALSE != Chance) { if (PgPoolBigPage == VaType) { - PointerPde = GetPdeAddress(BaseAddress); - - if (0 == PointerPde->u.Hard.LargePage) { - PointerPte = GetPteAddress(BaseAddress); - - if (1 == PointerPte->u.Hard.NoExecute) { - Chance = FALSE; - } - } - else if (1 == PointerPde->u.Hard.NoExecute) { - Chance = FALSE; - } - else { - __debugbreak(); - } } else { if (ROUND_TO_PAGES(*(u64ptr)BaseAddress) != RegionSize) { @@ -2079,7 +2064,7 @@ PgClearAll( GetGpBlock(PgBlock)->BugCheckHandle = SafeGuardAttach( (ptr *)&GetGpBlock(PgBlock)->KeBugCheckEx, PgBlock->ClearCallback, - NULL, + PgBlock->CaptureContext, NULL, PgBlock); } diff --git a/Projects/Shark/Guard.c b/Projects/Shark/Guard.c index ac6627c..860f33d 100644 --- a/Projects/Shark/Guard.c +++ b/Projects/Shark/Guard.c @@ -31,9 +31,7 @@ GuardAllocateTrampoline( { ptr Result = NULL; - Result = ExAllocatePool( - NonPagedPool, - NumberOfBytes); + Result = __malloc(NumberOfBytes); if (NULL != Result) { RtlZeroMemory(Result, NumberOfBytes); @@ -49,7 +47,7 @@ GuardFreeTrampoline( __in u8 NumberOfBytes ) { - ExFreePool(BaseAddress); + __free(BaseAddress); } void @@ -353,7 +351,7 @@ HotpatchDetach( sizeof(ptr)); GuardFreeTrampoline(HotpatchObjct, HotpatchObjct->Header.Length); - } +} #endif // !_WIN64 PPATCH_HEADER diff --git a/Projects/Shark/I386/I386.asm b/Projects/Shark/I386/I386.asm index 1cc6958..076674f 100644 --- a/Projects/Shark/I386/I386.asm +++ b/Projects/Shark/I386/I386.asm @@ -22,7 +22,7 @@ include ks386.inc include callconv.inc .list - + _TEXT$00 SEGMENT PAGE 'CODE' cPublicProc __FlushSingleTb, 1 @@ -78,118 +78,41 @@ _TEXT$00 SEGMENT PAGE 'CODE' stdENDP __GetPteAddressPae - cPublicProc __GetVirtualAddressMappedByPte, 1 + cPublicProc __GetVaMappedByPte, 1 mov eax, [esp + 4] shl eax, 0ah - stdRET __GetVirtualAddressMappedByPte + stdRET __GetVaMappedByPte - stdENDP __GetVirtualAddressMappedByPte + stdENDP __GetVaMappedByPte - cPublicProc __GetVirtualAddressMappedByPtePae, 1 + cPublicProc __GetVaMappedByPtePae, 1 mov eax, [esp + 4] shl eax, 9 - stdRET __GetVirtualAddressMappedByPtePae + stdRET __GetVaMappedByPtePae - stdENDP __GetVirtualAddressMappedByPtePae + stdENDP __GetVaMappedByPtePae - cPublicProc __GetVirtualAddressMappedByPde, 1 + cPublicProc __GetVaMappedByPde, 1 mov eax, [esp + 4] shl eax, 14h - stdRET __GetVirtualAddressMappedByPde + stdRET __GetVaMappedByPde - stdENDP __GetVirtualAddressMappedByPde + stdENDP __GetVaMappedByPde - cPublicProc __GetVirtualAddressMappedByPdePae, 1 + cPublicProc __GetVaMappedByPdePae, 1 mov eax, [esp + 4] shl eax, 12h - stdRET __GetVirtualAddressMappedByPdePae - - stdENDP __GetVirtualAddressMappedByPdePae - - cPublicProc __GuardCall, 4 - - mov edi, edi - - push ebp - mov ebp, esp - - mov eax, [ebp + 8] - - test eax, eax - jz @f - - push [ebp + 14h] - push [ebp + 10h] - push [ebp + 0ch] - - call eax - - mov esp, ebp - pop ebp - - stdRET __GuardCall - -@@ : - mov eax, [ebp + 0ch] - - test eax, eax - jz @f - - push [ebp + 14h] - push [ebp + 10h] - - call eax - - mov esp, ebp - pop ebp - - stdRET __GuardCall - -@@ : - mov eax, [ebp + 10h] - - test eax, eax - jz @f - - push [ebp + 14h] - - call eax - - mov esp, ebp - pop ebp - - stdRET __GuardCall - -@@ : - mov eax, [ebp + 14h] - - test eax, eax - jz error - - call eax - - mov esp, ebp - pop ebp - - stdRET __GuardCall - -error : - xor eax, eax - - mov esp, ebp - pop ebp - - stdRET __GuardCall + stdRET __GetVaMappedByPdePae - stdENDP __GuardCall + stdENDP __GetVaMappedByPdePae _TEXT$00 ends diff --git a/Projects/Shark/I386/SpaceI386.c b/Projects/Shark/I386/SpaceI386.c index c4a66d6..95f838e 100644 --- a/Projects/Shark/I386/SpaceI386.c +++ b/Projects/Shark/I386/SpaceI386.c @@ -50,9 +50,9 @@ GetPdeAddress( __in ptr VirtualAddress ) { - return (PMMPTE)(0 != GpBlock.DebuggerDataBlock.PaeEnabled ? - _GetPdeAddressPae(VirtualAddress, GpBlock.PdeBase) : - _GetPdeAddress(VirtualAddress, GpBlock.PdeBase)); + return (PMMPTE)(0 != GpBlock->DebuggerDataBlock.PaeEnabled ? + _GetPdeAddressPae(VirtualAddress, GpBlock->PdeBase) : + _GetPdeAddress(VirtualAddress, GpBlock->PdeBase)); } PMMPTE @@ -61,9 +61,9 @@ GetPteAddress( __in ptr VirtualAddress ) { - return (PMMPTE)(0 != GpBlock.DebuggerDataBlock.PaeEnabled ? - _GetPteAddressPae(VirtualAddress, GpBlock.PteBase) : - _GetPteAddress(VirtualAddress, GpBlock.PteBase)); + return (PMMPTE)(0 != GpBlock->DebuggerDataBlock.PaeEnabled ? + _GetPteAddressPae(VirtualAddress, GpBlock->PteBase) : + _GetPteAddress(VirtualAddress, GpBlock->PteBase)); } ptr @@ -72,7 +72,7 @@ GetVaMappedByPte( __in PMMPTE Pte ) { - return (ptr)(0 != GpBlock.DebuggerDataBlock.PaeEnabled ? + return (ptr)(0 != GpBlock->DebuggerDataBlock.PaeEnabled ? _GetVaMappedByPtePae(Pte) : _GetVaMappedByPte(Pte)); } @@ -83,7 +83,7 @@ GetVaMappedByPde( __in PMMPTE Pde ) { - return (ptr)(0 != GpBlock.DebuggerDataBlock.PaeEnabled ? + return (ptr)(0 != GpBlock->DebuggerDataBlock.PaeEnabled ? _GetVaMappedByPdePae(Pde) : _GetVaMappedByPde(Pde)); } diff --git a/Projects/Shark/PatchGuard.h b/Projects/Shark/PatchGuard.h index 1ce839d..58fb207 100644 --- a/Projects/Shark/PatchGuard.h +++ b/Projects/Shark/PatchGuard.h @@ -221,7 +221,7 @@ extern "C" { __in u8 Count ); -#define ROR64(p, x, n) (p)->Ror64((x), (n)) +#define ROR64(pgb, x, n) (pgb)->Ror64((x), (n)) u (NTAPI * Rol64)( @@ -229,7 +229,7 @@ extern "C" { __in u8 Count ); -#define ROL64(p, x, n) (p)->Rol64((x), (n)) +#define ROL64(pgb, x, n) (pgb)->Rol64((x), (n)) void (NTAPI * CaptureContext)( diff --git a/Projects/Shark/Reload.h b/Projects/Shark/Reload.h index 435e51f..51ed140 100644 --- a/Projects/Shark/Reload.h +++ b/Projects/Shark/Reload.h @@ -118,14 +118,14 @@ extern "C" { #ifndef _WIN64 status (NTAPI * DbgkpSendApiMessageLpc)( - __inout PAPI_MESSAGE ApiMsg, + __inout ptr ApiMsg, __in ptr Port, __in b SuspendProcess ); status (FASTCALL * FastDbgkpSendApiMessageLpc)( - __inout PAPI_MESSAGE ApiMsg, + __inout ptr ApiMsg, __in ptr Port, __in b SuspendProcess ); diff --git a/Projects/Shark/Rtx.c b/Projects/Shark/Rtx.c index 630a24f..eb40cc8 100644 --- a/Projects/Shark/Rtx.c +++ b/Projects/Shark/Rtx.c @@ -24,14 +24,14 @@ #include "Guard.h" #include "Scan.h" -VOID +void NTAPI AsyncDispatcher( __in PKAPC Apc, __in PKNORMAL_ROUTINE * NormalRoutine, - __in PVOID * NormalContext, - __in PVOID * SystemArgument1, - __in PVOID * SystemArgument2 + __in ptr * NormalContext, + __in ptr * SystemArgument1, + __in ptr * SystemArgument2 ) { PATX Atx = NULL; @@ -39,25 +39,25 @@ AsyncDispatcher( Atx = CONTAINING_RECORD(Apc, ATX, Apc); Atx->Rtx.Routines.Result = GuardCall( - Atx->Rtx.Routines.ApcRoutine, + Atx->Rtx.Routines.KernelRoutine, Atx->Rtx.Routines.SystemRoutine, - Atx->Rtx.Routines.StartRoutine, - Atx->Rtx.Routines.StartContext); + Atx->Rtx.Routines.RundownRoutine, + Atx->Rtx.Routines.NormalRoutine); KeSetEvent(&Atx->Rtx.Notify, LOW_PRIORITY, FALSE); } -NTSTATUS +status NTAPI AsyncCall( - __in HANDLE UniqueThread, - __in_opt PPS_APC_ROUTINE ApcRoutine, - __in_opt PKSYSTEM_ROUTINE SystemRoutine, - __in_opt PUSER_THREAD_START_ROUTINE StartRoutine, - __in_opt PVOID StartContext + __in ptr UniqueThread, + __in_opt PGKERNEL_ROUTINE KernelRoutine, + __in_opt PGSYSTEM_ROUTINE SystemRoutine, + __in_opt PGRUNDOWN_ROUTINE RundownRoutine, + __in_opt PGNORMAL_ROUTINE NormalRoutine ) { - NTSTATUS Status = STATUS_SUCCESS; + status Status = STATUS_SUCCESS; PETHREAD Thread = NULL; ATX Atx = { 0 }; LARGE_INTEGER Timeout = { 0 }; @@ -66,18 +66,18 @@ AsyncCall( UniqueThread, &Thread); - if (NT_SUCCESS(Status)) { - Atx.Rtx.Routines.ApcRoutine = ApcRoutine; + if (TRACE(Status)) { + Atx.Rtx.Routines.KernelRoutine = KernelRoutine; Atx.Rtx.Routines.SystemRoutine = SystemRoutine; - Atx.Rtx.Routines.StartRoutine = StartRoutine; - Atx.Rtx.Routines.StartContext = StartContext; + Atx.Rtx.Routines.RundownRoutine = RundownRoutine; + Atx.Rtx.Routines.NormalRoutine = NormalRoutine; KeInitializeEvent( &Atx.Rtx.Notify, SynchronizationEvent, FALSE); - if ((ULONG_PTR)KeGetCurrentThread() != (ULONG_PTR)Thread) { + if ((u)KeGetCurrentThread() != (u)Thread) { KeInitializeApc( &Atx.Apc, Thread, @@ -122,7 +122,7 @@ AsyncCall( return Status; } -VOID +void NTAPI IpiDispatcher( __in PRTX Rtx @@ -130,69 +130,69 @@ IpiDispatcher( { if (-1 == Rtx->Processor) { GuardCall( - Rtx->Routines.ApcRoutine, + Rtx->Routines.KernelRoutine, Rtx->Routines.SystemRoutine, - Rtx->Routines.StartRoutine, - Rtx->Routines.StartContext); + Rtx->Routines.RundownRoutine, + Rtx->Routines.NormalRoutine); } else { if (KeGetCurrentProcessorNumber() == Rtx->Processor) { Rtx->Routines.Result = GuardCall( - Rtx->Routines.ApcRoutine, + Rtx->Routines.KernelRoutine, Rtx->Routines.SystemRoutine, - Rtx->Routines.StartRoutine, - Rtx->Routines.StartContext); + Rtx->Routines.RundownRoutine, + Rtx->Routines.NormalRoutine); } } } -ULONG_PTR +u NTAPI IpiSingleCall( - __in_opt PPS_APC_ROUTINE ApcRoutine, - __in_opt PKSYSTEM_ROUTINE SystemRoutine, - __in_opt PUSER_THREAD_START_ROUTINE StartRoutine, - __in_opt PVOID StartContext + __in_opt PGKERNEL_ROUTINE KernelRoutine, + __in_opt PGSYSTEM_ROUTINE SystemRoutine, + __in_opt PGRUNDOWN_ROUTINE RundownRoutine, + __in_opt PGNORMAL_ROUTINE NormalRoutine ) { - ULONG_PTR Result = 0; + u Result = 0; RTX Rtx = { 0 }; Rtx.Processor = KeGetCurrentProcessorNumber(); - Rtx.Routines.ApcRoutine = ApcRoutine; + Rtx.Routines.KernelRoutine = KernelRoutine; Rtx.Routines.SystemRoutine = SystemRoutine; - Rtx.Routines.StartRoutine = StartRoutine; - Rtx.Routines.StartContext = StartContext; + Rtx.Routines.RundownRoutine = RundownRoutine; + Rtx.Routines.NormalRoutine = NormalRoutine; KeIpiGenericCall( (PKIPI_BROADCAST_WORKER)IpiDispatcher, - (ULONG_PTR)&Rtx); + (u)&Rtx); Result = Rtx.Routines.Result; return Result; } -VOID +void NTAPI IpiGenericCall( - __in_opt PPS_APC_ROUTINE ApcRoutine, - __in_opt PKSYSTEM_ROUTINE SystemRoutine, - __in_opt PUSER_THREAD_START_ROUTINE StartRoutine, - __in_opt PVOID StartContext + __in_opt PGKERNEL_ROUTINE KernelRoutine, + __in_opt PGSYSTEM_ROUTINE SystemRoutine, + __in_opt PGRUNDOWN_ROUTINE RundownRoutine, + __in_opt PGNORMAL_ROUTINE NormalRoutine ) { RTX Rtx = { 0 }; Rtx.Processor = -1; - Rtx.Routines.ApcRoutine = ApcRoutine; + Rtx.Routines.KernelRoutine = KernelRoutine; Rtx.Routines.SystemRoutine = SystemRoutine; - Rtx.Routines.StartRoutine = StartRoutine; - Rtx.Routines.StartContext = StartContext; + Rtx.Routines.RundownRoutine = RundownRoutine; + Rtx.Routines.NormalRoutine = NormalRoutine; KeIpiGenericCall( (PKIPI_BROADCAST_WORKER)IpiDispatcher, - (ULONG_PTR)&Rtx); + (u)&Rtx); } diff --git a/Projects/Shark/Rtx.h b/Projects/Shark/Rtx.h index 3363393..98fc82a 100644 --- a/Projects/Shark/Rtx.h +++ b/Projects/Shark/Rtx.h @@ -29,27 +29,27 @@ extern "C" { typedef struct _OBJECT *POBJECT; typedef struct _ROUTINES32 { - ULONG ApcRoutine; - ULONG SystemRoutine; - ULONG StartRoutine; - ULONG StartContext; - ULONG Result; + u32 KernelRoutine; + u32 SystemRoutine; + u32 RundownRoutine; + u32 NormalRoutine; + u32 Result; }ROUTINES32, *PROUTINES32; typedef struct _ROUTINES64 { - ULONG64 ApcRoutine; - ULONG64 SystemRoutine; - ULONG64 StartRoutine; - ULONG64 StartContext; - ULONG64 Result; + u64 KernelRoutine; + u64 SystemRoutine; + u64 RundownRoutine; + u64 NormalRoutine; + u64 Result; }ROUTINES64, *PROUTINES64; typedef struct _ROUTINES { - PPS_APC_ROUTINE ApcRoutine; - PKSYSTEM_ROUTINE SystemRoutine; - PUSER_THREAD_START_ROUTINE StartRoutine; - PVOID StartContext; - ULONG_PTR Result; + PGKERNEL_ROUTINE KernelRoutine; + PGSYSTEM_ROUTINE SystemRoutine; + PGRUNDOWN_ROUTINE RundownRoutine; + PGNORMAL_ROUTINE NormalRoutine; + u Result; }ROUTINES, *PROUTINES; typedef struct _WORKER_OBJECT { @@ -60,11 +60,11 @@ extern "C" { typedef struct _RTX { POBJECT Object; POBJECT Target; - PVOID ApiMessage; + ptr ApiMessage; KEVENT Notify; - USHORT Platform; - ULONG Processor; + u16 Platform; + u32 Processor; union { ROUTINES Routines; @@ -82,67 +82,32 @@ extern "C" { #define MAXIMUM_COMPARE_INSTRUCTION_COUNT 8 - ULONG_PTR - NTAPI - _GuardCall( - __in_opt PPS_APC_ROUTINE ApcRoutine, - __in_opt PKSYSTEM_ROUTINE SystemRoutine, - __in_opt PUSER_THREAD_START_ROUTINE StartRoutine, - __in_opt PVOID StartContext - ); - - FORCEINLINE - ULONG_PTR - NTAPI - GuardCall( - __in_opt PPS_APC_ROUTINE ApcRoutine, - __in_opt PKSYSTEM_ROUTINE SystemRoutine, - __in_opt PUSER_THREAD_START_ROUTINE StartRoutine, - __in_opt PVOID StartContext - ) - { - ULONG_PTR Result = 0; - - __try { - Result = _GuardCall( - ApcRoutine, - SystemRoutine, - StartRoutine, - StartContext); - } - __except (EXCEPTION_EXECUTE_HANDLER) { - NOTHING; - } - - return Result; - } - - NTSTATUS + status NTAPI AsyncCall( - __in HANDLE UniqueThread, - __in_opt PPS_APC_ROUTINE ApcRoutine, - __in_opt PKSYSTEM_ROUTINE SystemRoutine, - __in_opt PUSER_THREAD_START_ROUTINE StartRoutine, - __in_opt PVOID StartContext + __in ptr UniqueThread, + __in_opt PGKERNEL_ROUTINE KernelRoutine, + __in_opt PGSYSTEM_ROUTINE SystemRoutine, + __in_opt PGRUNDOWN_ROUTINE RundownRoutine, + __in_opt PGNORMAL_ROUTINE NormalRoutine ); - ULONG_PTR + u NTAPI IpiSingleCall( - __in_opt PPS_APC_ROUTINE ApcRoutine, - __in_opt PKSYSTEM_ROUTINE SystemRoutine, - __in_opt PUSER_THREAD_START_ROUTINE StartRoutine, - __in_opt PVOID StartContext + __in_opt PGKERNEL_ROUTINE KernelRoutine, + __in_opt PGSYSTEM_ROUTINE SystemRoutine, + __in_opt PGRUNDOWN_ROUTINE RundownRoutine, + __in_opt PGNORMAL_ROUTINE NormalRoutine ); - VOID + void NTAPI IpiGenericCall( - __in_opt PPS_APC_ROUTINE ApcRoutine, - __in_opt PKSYSTEM_ROUTINE SystemRoutine, - __in_opt PUSER_THREAD_START_ROUTINE StartRoutine, - __in_opt PVOID StartContext + __in_opt PGKERNEL_ROUTINE KernelRoutine, + __in_opt PGSYSTEM_ROUTINE SystemRoutine, + __in_opt PGRUNDOWN_ROUTINE RundownRoutine, + __in_opt PGNORMAL_ROUTINE NormalRoutine ); #ifdef __cplusplus diff --git a/Projects/Shark/Shark.c b/Projects/Shark/Shark.c index a888d6f..9378b8e 100644 --- a/Projects/Shark/Shark.c +++ b/Projects/Shark/Shark.c @@ -114,9 +114,7 @@ DriverEntry( DbgPrint("[Shark] load\n"); #endif // !PUBLIC - GpBlock = ExAllocatePool( - NonPagedPool, - sizeof(GPBLOCK) + sizeof(PGBLOCK)); + GpBlock = __malloc(sizeof(GPBLOCK) + sizeof(PGBLOCK)); if (NULL != GpBlock) { RtlZeroMemory( diff --git a/Shark.sln b/Shark.sln index ba69461..75cd712 100644 --- a/Shark.sln +++ b/Shark.sln @@ -11,6 +11,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Include", "Include", "{2655 Include\devicedefs.h = Include\devicedefs.h Include\dump.h = Include\dump.h Include\guarddefs.h = Include\guarddefs.h + Include\listdefs.h = Include\listdefs.h Include\statusdefs.h = Include\statusdefs.h Include\typesdefs.h = Include\typesdefs.h Include\ver.h = Include\ver.h