From 8bb7ed968db64e9b12a6447e2eec3586ef9e935c Mon Sep 17 00:00:00 2001 From: Dirk Date: Tue, 10 Jun 2014 14:19:40 +0200 Subject: Windows system name changer during bootup. --- windows/bootpgm/native/MAKEFILE | 7 + windows/bootpgm/native/SOURCES | 16 ++ windows/bootpgm/native/native.cpp | 427 +++++++++++++++++++++++++++++++++++++ windows/bootpgm/native/newnative.h | 322 ++++++++++++++++++++++++++++ 4 files changed, 772 insertions(+) create mode 100644 windows/bootpgm/native/MAKEFILE create mode 100644 windows/bootpgm/native/SOURCES create mode 100644 windows/bootpgm/native/native.cpp create mode 100644 windows/bootpgm/native/newnative.h (limited to 'windows/bootpgm/native') diff --git a/windows/bootpgm/native/MAKEFILE b/windows/bootpgm/native/MAKEFILE new file mode 100644 index 00000000..9c985f57 --- /dev/null +++ b/windows/bootpgm/native/MAKEFILE @@ -0,0 +1,7 @@ +# +# DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source +# file to this component. This file merely indirects to the real make file +# that is shared by all the driver components of the Windows NT DDK +# + +!INCLUDE $(NTMAKEENV)\makefile.def diff --git a/windows/bootpgm/native/SOURCES b/windows/bootpgm/native/SOURCES new file mode 100644 index 00000000..f0c287c1 --- /dev/null +++ b/windows/bootpgm/native/SOURCES @@ -0,0 +1,16 @@ +TARGETNAME=bootpgm +TARGETPATH=..\obj +TARGETTYPE=PROGRAM + +TARGETLIBS=\ + ..\obj\i386\common.lib\ + $(DDK_LIB_PATH)\ntdll.lib\ + $(DDK_LIB_PATH)\nt.lib +# $(DDK_LIB_PATH)\libcmt.lib +# $(DDK_LIB_PATH)\ntoskrnl.lib + + +INCLUDES=$(SDK_INC_PATH);$(DDK_INC_PATH);..\win32 + +SOURCES= native.cpp +#UMTYPE=nt \ No newline at end of file diff --git a/windows/bootpgm/native/native.cpp b/windows/bootpgm/native/native.cpp new file mode 100644 index 00000000..e595d7a9 --- /dev/null +++ b/windows/bootpgm/native/native.cpp @@ -0,0 +1,427 @@ +/* The contents of this file are subject to the Mozilla Public License + * Version 1.1 (the "License"); you may not use this file except in + * compliance with the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" + * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the + * License for the specific language governing rights and limitations + * under the License. + * + * The Initial Developer of the Original Code is Johannes Rudolph. + * Portions created by the Initial Developer are Copyright (C) 2006 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Johannes Rudolph + */ + +#include "stdafx.h" +#include "io.h" +#include "main.h" + +#include "newnative.h" + +#include "registrybrowser.h" + +#include +#include + +char keys[]={0,0,'1','2','3','4','5','6','7','8','9','0','ß','´',8/*Backspace*/ //0-14 + ,0/*tab*/,'q','w','e','r','t','z','u','i','o','p','ü','+','\n'/*return*/ //15-28 + ,0/*strg*/,'a','s','d','f','g','h','j','k','l','ö','ä','^',0/*left shift*/,'#' //29-43 + ,'y','x','c','v','b','n','m',',','.','-',0/*right shift*/ //44-54 + ,'*'/*num*/,0/*left alt*/,' ',0/*caps lock*/}; //55-58 + +char shiftkeys[]={0,0,'!','\"','§','$','%','&','/','(',')','=','?','`',0/*Backspace*/ //0-14 + ,0/*tab*/,'Q','W','E','R','T','Z','U','I','O','P','Ü','*','\n'/*return*/ //15-28 + ,0/*strg*/,'A','S','D','F','G','H','J','K','L','Ö','Ä','°',0/*left shift*/,'\'' //29-43 + ,'Y','X','C','V','B','N','M',';',':','_',0/*right shift*/ //44-54 + ,'*'/*num*/,0/*left alt*/,' ',0/*caps lock*/}; +IO *myIO=0; + +void fatal(char *msg) +{ + if (myIO!=0) + myIO->println(msg); + + NtTerminateProcess( NtCurrentProcess(), 0 ); +} + +struct KeyboardState +{ + bool shiftDown; + bool altDown; + bool altGrDown; + KeyboardState():shiftDown(false),altDown(false),altGrDown(false) + {} +}; + +class NativeBootIO:public IO{ + HANDLE Heap; + HANDLE Keyboard; + HANDLE KeyboardEvent; + KeyboardState keyboardState; +private: + void createHeap() + { + RTL_HEAP_DEFINITION heapParams; + memset( &heapParams, 0, sizeof( RTL_HEAP_DEFINITION )); + heapParams.Length = sizeof( RTL_HEAP_DEFINITION ); + Heap = RtlCreateHeap( 2, 0, 0x100000, 0x1000, 0, &heapParams ); + } + void openKeyboard() + { + UNICODE_STRING UnicodeFilespec; + OBJECT_ATTRIBUTES ObjectAttributes; + NTSTATUS Status; + IO_STATUS_BLOCK Iosb; + + RtlInitUnicodeString(&UnicodeFilespec, L"\\device\\KeyboardClass0"); + InitializeObjectAttributes(&ObjectAttributes, // ptr to structure + &UnicodeFilespec, // ptr to file spec + OBJ_CASE_INSENSITIVE, // attributes + NULL, // root directory handle + NULL ); // ptr to security descriptor + + Status = ZwCreateFile(&Keyboard, // returned file handle + (GENERIC_READ|SYNCHRONIZE|FILE_READ_ATTRIBUTES), // desired access + &ObjectAttributes, // ptr to object attributes + &Iosb, // ptr to I/O status block + 0, // allocation size + FILE_ATTRIBUTE_NORMAL, // file attributes + 0, // share access + FILE_OPEN, // create disposition + 1, // create options + NULL, // ptr to extended attributes + 0); // length of ea buffer + + if (Status!=STATUS_SUCCESS) + fatal("Fehler: Keyboardhandle konnte nicht geöffnet werden"); + + InitializeObjectAttributes(&ObjectAttributes, // ptr to structure + NULL, // ptr to file spec + 0, // attributes + NULL, // root directory handle + NULL ); // ptr to security descriptor + Status=NtCreateEvent(&KeyboardEvent,EVENT_ALL_ACCESS,&ObjectAttributes,SynchronizationEvent,FALSE); + + if (Status!=STATUS_SUCCESS) + fatal("Fehler: Keyboardevent konnte nicht erstellt werden"); + } + void updateKeyboardStatus(KEYBOARD_INPUT_DATA &kid) + { + if (((kid.MakeCode==42)||(kid.MakeCode==54))&&(kid.Flags&KEY_E0)==0&&(kid.Flags&KEY_E1)==0) + keyboardState.shiftDown=!(kid.Flags&KEY_BREAK); + } + void printkid(KEYBOARD_INPUT_DATA &kid) + { + static char *buffer=(char*)malloc(100); + + int keyMake=kid.Flags&KEY_MAKE; + int keyBreak=kid.Flags&KEY_BREAK; + int e0=kid.Flags&KEY_E0; + int e1=kid.Flags&KEY_E1; + _snprintf(buffer,99,"Key: Code: %d\tMake: %d\tBreak: %d\te0: %d\te1: %d",kid.MakeCode,keyMake,keyBreak,e0,e1); + println(buffer); + } + +public: + NativeBootIO() + { + createHeap(); + openKeyboard(); + } + ~NativeBootIO() + { + //RtlDestroyHeap() + } + void handleCharEcho(char ch,char *buffer,unsigned int length) + { + char b[2]; + b[0]=ch; + b[1]=0; + if (ch==8) + { + println(""); + buffer[length]=0; + print("> "); + print(buffer); + } + else + print(b); + } + char getChar() + { + debugout("getChar startet"); + KEYBOARD_INPUT_DATA kid; + + int chr=0; + + do + { + NTSTATUS Status=waitForKeyboardInput(0,&kid); + if (Status!=STATUS_SUCCESS) + { + //_snprintf(buffer,99,"Fehler beim Tastaturlesen: 0x%x",Status); + println("Fehler beim Tastaturlesen"); + debugout("Fehler beim Tastatur lesen"); + } + else + { + debugout("Taste empfangen"); + + updateKeyboardStatus(kid); + + if (((kid.Flags&KEY_BREAK)==0)&&kid.MakeCode<58&&kid.MakeCode>0) + if (keyboardState.shiftDown) + chr=shiftkeys[kid.MakeCode]; + else + chr=keys[kid.MakeCode]; + else + chr=0; + } + } + while(chr==0); + debugout("getChar Ende"); + + return (char)chr; + } + void *malloc(unsigned int size) + { + return RtlAllocateHeap( Heap, 0, size); + } + void free(void *buffer) + { + RtlFreeHeap(Heap,0,buffer); + } + void internalPrint(char *buffer) + { + UNICODE_STRING UnicodeFilespec=getUnicodeString(buffer); + + NtDisplayString(&UnicodeFilespec); + } + char *getVersion() + { + return "Native Boot IO Revision: $Rev$"; + } + + NTSTATUS waitForKeyboardInput(__int64 time,KEYBOARD_INPUT_DATA *kid) + { + LARGE_INTEGER bo; + LARGE_INTEGER litime; + NTSTATUS Status; + IO_STATUS_BLOCK Iosb; + + bo.HighPart=0; + bo.LowPart=0; + + debugout("wFKI: vor ZwReadFile"); + + Status=ZwReadFile(Keyboard, + KeyboardEvent,0,0,&Iosb,kid,sizeof(KEYBOARD_INPUT_DATA),&bo,NULL); + + debugout("wFKI: nach ZwReadFile"); + + PLARGE_INTEGER pli=NULL; + + if (time!=0) + pli=(PLARGE_INTEGER)&time; + + if (Status==STATUS_PENDING) + { + debugout("wFKI: vor WaitFor..."); + + Status=NtWaitForMultipleObjects(1,&KeyboardEvent,1,1,pli); + + debugout("wFKI: nach WaitFor..."); + + if (Status!=STATUS_SUCCESS) + { + NtCancelIoFile(Keyboard,&Iosb); + return Status; + } + } + return STATUS_SUCCESS; + } + void printKeyboardData(KEYBOARD_INPUT_DATA kid) + { + char buffer[100]; + int keyMake=kid.Flags&KEY_MAKE; + int keyBreak=kid.Flags&KEY_BREAK; + int e0=kid.Flags&KEY_E0; + int e1=kid.Flags&KEY_E1; + _snprintf(buffer,99,"Key: Code: %d\tMake: %d\tBreak: %d\te0: %d\te1: %d\n",kid.MakeCode,keyMake,keyBreak,e0,e1); + debugout(buffer); + } + void testKeyboard() + { + KEYBOARD_INPUT_DATA kid; + kid.MakeCode=0; + char buffer[100]; + while(kid.MakeCode!=1) + { + NTSTATUS Status=waitForKeyboardInput(0,&kid); + if (Status!=STATUS_SUCCESS) + { + _snprintf(buffer,99,"Fehler beim Tastaturlesen: 0x%x",Status); + println(buffer); + } + else + { + printKeyboardData(kid); + } + } + println("Keyboardtest beendet"); + } + void resetKeyboard() + { + debugout("Clearing Event"); + NtClearEvent(KeyboardEvent); + } +}; + +extern "C" +int __cdecl _purecall() +{ + DbgBreakPoint(); + return 0; +} + +void debugBreak(IO &io,char *args) +{ + DbgBreakPoint(); +} + +void setCompnameFromFile(IO &io,char *args); +void setComputerNameCmd(IO &io,char *args); + +void myitoa(int i,char *buffer) +{ + int length=0; + if (i==0) + { + buffer[0]='0'; + length=1; + } + else + { + char buffer2[20]; + while (i>0) + { + buffer2[length]='0'+i%10; + i/=10; + length++; + } + for (i=0;i0) + if (keys[kid.MakeCode]==key) + { + io.debugout("Key pressed !!!"); + return true; + } + else + io.debugout("Wrong key pressed"); + else + io.printKeyboardData(kid); + + return false; +} + +bool startupWithKeyInner(NativeBootIO &io,int maxtime,char key) //maxtime in seconds +{ + io.print("System starting up: "); + + for (int i=maxtime;i>=0;i--) + { + char buffer[2]; + myitoa(i,buffer); + io.print(buffer); + io.print(" "); + + if (keyPressedInTime(io,-3333000,key)) + return true; + else + io.print("."); + + if (keyPressedInTime(io,-3333000,key)) + return true; + else + io.print("."); + + if (keyPressedInTime(io,-3333000,key)) + return true; + else + io.print(" "); + } + return false; +} +void clearKeyboardPipe(NativeBootIO &io) +{ + io.debugout("Starting clearKeyboardPipe"); + io.resetKeyboard(); + KEYBOARD_INPUT_DATA kid; + while (io.waitForKeyboardInput(-1,&kid)==STATUS_SUCCESS); + io.resetKeyboard(); + io.debugout("Ending clearKeyboardPipe"); + + +} +bool startupWithKey(NativeBootIO &io,int maxtime,char key) //maxtime in seconds +{ + bool res=startupWithKeyInner(io,maxtime,key); + io.println(" "); + clearKeyboardPipe(io); + return res; +} + +void register_experimental_cmds(Main &main); + +extern "C" void NtProcessStartup(::PPEB peb ) +{ + NativeBootIO io; + myIO=&io; + + UNICODE_STRING &cmdLine = peb->ProcessParameters->CommandLine; + + char **arguments; + int argc; + arguments=split_args(io,cmdLine.Buffer,cmdLine.Length/2,&argc); + + Main main(io,argc,arguments); + RegistryBrowser reg(main); + + main.addCommand("break",debugBreak); + main.addCommand("setComputerNameFromFile",setCompnameFromFile); + main.addCommand("setComputerName",setComputerNameCmd); + + register_experimental_cmds(main); + + main.showSplashScreen(); + +#ifdef INTERACTIVE + if (startupWithKey(io,2,'v')) + main.rpl(); + else +#endif + setCompnameFromFile(io,0); + + NtTerminateProcess( NtCurrentProcess(), 0 ); +} \ No newline at end of file diff --git a/windows/bootpgm/native/newnative.h b/windows/bootpgm/native/newnative.h new file mode 100644 index 00000000..59f1067d --- /dev/null +++ b/windows/bootpgm/native/newnative.h @@ -0,0 +1,322 @@ +/* The contents of this file are subject to the Mozilla Public License + * Version 1.1 (the "License"); you may not use this file except in + * compliance with the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" + * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the + * License for the specific language governing rights and limitations + * under the License. + * + * The Initial Developer of the Original Code is Johannes Rudolph. + * Portions created by the Initial Developer are Copyright (C) 2006 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Johannes Rudolph + * Tomasz Nowak + * + * Most of this content comes from http://undocumented.ntinternals.net/ + * This page and the information used is written by + * Tomasz Nowak + * There is an .chm version in ../doc/ntundoc.chm + * The license presented on the page sounds: + * + * + * LICENSE CONDITIONS + * This software and / or documentation is provided at no cost + * and can be redistributed freely, in its entirety or in parts, + * as long as the Copyright notice and author's name are included. + * You are hereby permited to use, view, read, copy, print, publish, + * redistribute and modify this software and / or documentation, + * under conditions described herein. + * This software / documentation is provided to you "as is" without + * warranty of any kind. By using this material you accept all of the + * related risks and all direct and indirect consequences, including + * potential data loss and hardware damage. + * If you do not agree to these license conditions, please do not use + * our software and / or documentation. + * + */ + + + +#pragma once + +extern "C"{ +#define PPVOID void** +#define BYTE char + + /* I mostly copied this structures from the source above. + * I removed parts which would introduce spurious dependencies. + * + */ + typedef struct _RTL_DRIVE_LETTER_CURDIR { + USHORT Flags; + USHORT Length; + ULONG TimeStamp; + UNICODE_STRING DosPath; + } RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR; + + typedef struct _RTL_USER_PROCESS_PARAMETERS { + ULONG MaximumLength; + ULONG Length; + ULONG Flags; + ULONG DebugFlags; + PVOID ConsoleHandle; + ULONG ConsoleFlags; + HANDLE StdInputHandle; + HANDLE StdOutputHandle; + HANDLE StdErrorHandle; + UNICODE_STRING CurrentDirectoryPath; + HANDLE CurrentDirectoryHandle; + UNICODE_STRING DllPath; + UNICODE_STRING ImagePathName; + UNICODE_STRING CommandLine; + PVOID Environment; + ULONG StartingPositionLeft; + ULONG StartingPositionTop; + ULONG Width; + ULONG Height; + ULONG CharWidth; + ULONG CharHeight; + ULONG ConsoleTextAttributes; + ULONG WindowFlags; + ULONG ShowWindowFlags; + UNICODE_STRING WindowTitle; + UNICODE_STRING DesktopName; + UNICODE_STRING ShellInfo; + UNICODE_STRING RuntimeData; + RTL_DRIVE_LETTER_CURDIR DLCurrentDirectory[0x20]; + } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; + + typedef struct _PEB { + BOOLEAN InheritedAddressSpace; + BOOLEAN ReadImageFileExecOptions; + BOOLEAN BeingDebugged; + BOOLEAN Spare; + HANDLE Mutant; + PVOID ImageBaseAddress; + PVOID/*PPEB_LDR_DATA*/ LoaderData; + PRTL_USER_PROCESS_PARAMETERS ProcessParameters; + PVOID SubSystemData; + PVOID ProcessHeap; + PVOID FastPebLock; + PVOID/*PPEBLOCKROUTINE*/FastPebLockRoutine; + PVOID/*PPEBLOCKROUTINE*/FastPebUnlockRoutine; + ULONG EnvironmentUpdateCount; + PPVOID KernelCallbackTable; + PVOID EventLogSection; + PVOID EventLog; + PVOID/*PPEB_FREE_BLOCK*/FreeList; + ULONG TlsExpansionCounter; + PVOID TlsBitmap; + ULONG TlsBitmapBits[0x2]; + PVOID ReadOnlySharedMemoryBase; + PVOID ReadOnlySharedMemoryHeap; + PPVOID ReadOnlyStaticServerData; + PVOID AnsiCodePageData; + PVOID OemCodePageData; + PVOID UnicodeCaseTableData; + ULONG NumberOfProcessors; + ULONG NtGlobalFlag; + BYTE Spare2[0x4]; + LARGE_INTEGER CriticalSectionTimeout; + ULONG HeapSegmentReserve; + ULONG HeapSegmentCommit; + ULONG HeapDeCommitTotalFreeThreshold; + ULONG HeapDeCommitFreeBlockThreshold; + ULONG NumberOfHeaps; + ULONG MaximumNumberOfHeaps; + PPVOID *ProcessHeaps; + PVOID GdiSharedHandleTable; + PVOID ProcessStarterHelper; + PVOID GdiDCAttributeList; + PVOID LoaderLock; + ULONG OSMajorVersion; + ULONG OSMinorVersion; + ULONG OSBuildNumber; + ULONG OSPlatformId; + ULONG ImageSubSystem; + ULONG ImageSubSystemMajorVersion; + ULONG ImageSubSystemMinorVersion; + ULONG GdiHandleBuffer[0x22]; + ULONG PostProcessInitRoutine; + ULONG TlsExpansionBitmap; + BYTE TlsExpansionBitmapBits[0x80]; + ULONG SessionId; + } PEB, *PPEB; + + typedef struct _RTL_HEAP_DEFINITION { + ULONG Length; + ULONG Unknown[12]; + } RTL_HEAP_DEFINITION, *PRTL_HEAP_DEFINITION; + + NTSYSAPI + NTSTATUS + NTAPI + NtTerminateProcess( + /*IN*/ HANDLE ProcessHandle /*OPTIONAL*/, + /*IN*/ NTSTATUS ExitStatus ); + + NTSYSAPI + NTSTATUS + NTAPI + NtDisplayString( + /*IN*/ PUNICODE_STRING String ); + + NTSYSAPI + PVOID + NTAPI + RtlCreateHeap( + /*IN*/ ULONG Flags, + /*IN*/ PVOID Base /*OPTIONAL*/, + /*IN*/ ULONG Reserve /*OPTIONAL*/, + /*IN*/ ULONG Commit, + /*IN*/ BOOLEAN Lock /*OPTIONAL*/, + /*IN*/ PRTL_HEAP_DEFINITION RtlHeapParams /*OPTIONAL*/ ); + + NTSYSAPI + PVOID + NTAPI + RtlAllocateHeap( + /*IN*/ PVOID HeapHandle, + /*IN*/ ULONG Flags, + /*IN*/ ULONG Size ); + + NTSYSAPI + BOOLEAN + NTAPI + RtlFreeHeap( + /*IN*/ PVOID HeapHandle, + /*IN*/ ULONG Flags /*OPTIONAL*/, + /*IN*/ PVOID MemoryPointer ); + + NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,EVENT_TYPE,BOOLEAN); + NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG handlecount,PHANDLE handles,int wait_type,BOOLEAN alertable,PLARGE_INTEGER timeout); + NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE Eventhandle); + NTSYSAPI NTSTATUS NTAPI NtCancelIoFile(HANDLE Filehandle, PIO_STATUS_BLOCK IoStatusBlock); + + typedef enum _OBJECT_INFORMATION_CLASS + { + ObjectBasicInformation, // Result is OBJECT_BASIC_INFORMATION structure + ObjectNameInformation, // Result is OBJECT_NAME_INFORMATION structure + ObjectTypeInformation, // Result is OBJECT_TYPE_INFORMATION structure + ObjectAllInformation, // Result is OBJECT_ALL_INFORMATION structure + ObjectDataInformation // Result is OBJECT_DATA_INFORMATION structure + + } OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS; + + NTSYSAPI + NTSTATUS + NTAPI + NtQueryObject( + HANDLE ObjectHandle, + OBJECT_INFORMATION_CLASS ObjectInformationClass, + PVOID ObjectInformation, + ULONG Length, + PULONG ResultLength ); + + typedef struct _OBJECT_BASIC_INFORMATION { + ULONG Attributes; + ACCESS_MASK GrantedAccess; + ULONG HandleCount; + ULONG ReferenceCount; + ULONG PagedPoolQuota; + ULONG NonPagedPoolQuota; + ULONG Unknown[3]; + ULONG NameInformationLength; + ULONG TypeInformationLength; + ULONG SecurityDescriptorLength; + LARGE_INTEGER CreateTime; + } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; + + NTSYSAPI + NTSTATUS + NTAPI + NtLoadKey( + POBJECT_ATTRIBUTES DestinationKeyName, + POBJECT_ATTRIBUTES HiveFileName ); + + NTSYSAPI + NTSTATUS + NTAPI + NtOpenProcessToken( + HANDLE ProcessHandle, + ACCESS_MASK DesiredAccess, + PHANDLE TokenHandle ); + + typedef struct _TOKEN_PRIVILEGES + { + ULONG count; + LUID_AND_ATTRIBUTES Privileges[1]; + } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES; + + NTSYSAPI + NTSTATUS + NTAPI + NtAdjustPrivilegesToken( + HANDLE TokenHandle, + BOOLEAN DisableAllPrivileges, + PTOKEN_PRIVILEGES TokenPrivileges, + ULONG PreviousPrivilegesLength, + PTOKEN_PRIVILEGES PreviousPrivileges, + PULONG RequiredLength); + + NTSYSAPI + NTSTATUS + NTAPI + NtUnloadKey( + POBJECT_ATTRIBUTES DestinationKeyName ); + + NTSYSAPI + NTSTATUS + NTAPI + NtFlushKey( + HANDLE KeyHandle ); + + NTSYSAPI + NTSTATUS + NTAPI + NtSaveKey( + HANDLE KeyHandle, + HANDLE FileHandle ); + + NTSYSAPI + NTSTATUS + NTAPI + NtInitializeRegistry( + int flag); + + typedef enum _DEBUG_CONTROL_CODE { + DebugSysReadIoSpace = 14, + DebugSysWriteIoSpace = 15, + DebugSysReadMsr = 16, + DebugSysWriteMsr = 17, + DebugSysReadBusData = 18, + DebugSysWriteBusData = 19, + } DEBUG_CONTROL_CODE; + + NTSYSAPI + NTSTATUS + NTAPI + ZwSystemDebugControl( + DEBUG_CONTROL_CODE ControlCode, + PVOID InputBuffer, + ULONG InputBufferLength, + PVOID OutputBuffer, + ULONG OutputBufferLength, + PULONG ReturnLength + ); + + typedef struct _IO_STRUCT { + int IoAddr; // IN: Aligned to NumBytes,I/O address + int Reserved1; // Never accessed by the kernel + PVOID pBuffer; // IN (write) or OUT (read): Ptr to buffer + int NumBytes; // IN: # bytes to read/write. Only use 1, 2, or 4. + int Reserved4; // Must be 1 + int Reserved5; // Must be 0 + int Reserved6; // Must be 1 + int Reserved7; // Never accessed by the kernel + } IO_STRUCT; +} \ No newline at end of file -- cgit v1.2.3-55-g7522