diff --git a/src/Thunks/DllMainCRTStartup.hpp b/src/Thunks/DllMainCRTStartup.hpp index 10a5faa..f6f9b38 100644 --- a/src/Thunks/DllMainCRTStartup.hpp +++ b/src/Thunks/DllMainCRTStartup.hpp @@ -115,9 +115,11 @@ namespace YY::Thunks::internal static SYSTEM_PROCESS_INFORMATION* __fastcall GetCurrentProcessInfo(StringBuffer& _szBuffer) { - const auto _pfnNtQuerySystemInformation = try_get_NtQuerySystemInformation(); - if (!_pfnNtQuerySystemInformation) +#if !defined(__USING_NTDLL_LIB) + const auto NtQuerySystemInformation = try_get_NtQuerySystemInformation(); + if (!NtQuerySystemInformation) return nullptr; +#endif auto _cbBuffer = max(4096, _szBuffer.uBufferLength); ULONG _cbRet = 0; @@ -127,7 +129,7 @@ namespace YY::Thunks::internal if (!_pBuffer) return nullptr; - LONG _Status = _pfnNtQuerySystemInformation(SystemProcessInformation, _pBuffer, _cbBuffer, &_cbRet); + LONG _Status = NtQuerySystemInformation(SystemProcessInformation, _pBuffer, _cbBuffer, &_cbRet); if (_Status >= 0) break; @@ -283,9 +285,11 @@ namespace YY::Thunks::internal // 同时给所有历史的线程追加新DLL产生的Tls内存 do { - const auto _pfnNtQueryInformationThread = try_get_NtQueryInformationThread(); - if (!_pfnNtQueryInformationThread) +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryInformationThread = try_get_NtQueryInformationThread(); + if (!NtQueryInformationThread) break; +#endif StringBuffer _Buffer; auto _pProcessInfo = GetCurrentProcessInfo(_Buffer); @@ -310,7 +314,7 @@ namespace YY::Thunks::internal } THREAD_BASIC_INFORMATION _ThreadBasicInfo = {}; - LONG _Status = _pfnNtQueryInformationThread(_hThread, ThreadBasicInformation, &_ThreadBasicInfo, sizeof(_ThreadBasicInfo), nullptr); + LONG _Status = NtQueryInformationThread(_hThread, ThreadBasicInformation, &_ThreadBasicInfo, sizeof(_ThreadBasicInfo), nullptr); if (_Status >= 0 && _ThreadBasicInfo.TebBaseAddress) { AllocTlsData((TEB*)_ThreadBasicInfo.TebBaseAddress); diff --git a/src/Thunks/YY_Thunks.cpp b/src/Thunks/YY_Thunks.cpp index e91aeee..14e4b3b 100644 --- a/src/Thunks/YY_Thunks.cpp +++ b/src/Thunks/YY_Thunks.cpp @@ -403,16 +403,16 @@ namespace YY::Thunks::internal */ return ERROR_TIMEOUT; } - else if (auto pRtlNtStatusToDosError = try_get_RtlNtStatusToDosError()) - { - return pRtlNtStatusToDosError(Status); - } - else + +#if !defined(__USING_NTDLL_LIB) + const auto RtlNtStatusToDosError = try_get_RtlNtStatusToDosError(); + if (!RtlNtStatusToDosError) { //如果没有RtlNtStatusToDosError就直接设置Status代码吧,反正至少比没有错误代码强 return Status; } - +#endif + return RtlNtStatusToDosError(Status); } static DWORD __fastcall BaseSetLastNTError( diff --git a/src/Thunks/YY_Thunks.h b/src/Thunks/YY_Thunks.h index 0f20a13..03a6b67 100644 --- a/src/Thunks/YY_Thunks.h +++ b/src/Thunks/YY_Thunks.h @@ -578,9 +578,11 @@ static void __cdecl __YY_uninitialize_winapi_thunks() if (__YY_Thunks_Process_Terminating) return; } - if (auto pRtlDllShutdownInProgress = (decltype(RtlDllShutdownInProgress)*)GetProcAddress(try_get_module_ntdll(), "RtlDllShutdownInProgress")) +#if (YY_Thunks_Target < __WindowsNT5_1) || !defined(__USING_NTDLL_LIB) + if (const auto RtlDllShutdownInProgress = (decltype(::RtlDllShutdownInProgress)*)GetProcAddress(try_get_module_ntdll(), "RtlDllShutdownInProgress")) +#endif { - if(pRtlDllShutdownInProgress()) + if (RtlDllShutdownInProgress()) return; } diff --git a/src/Thunks/api-ms-win-core-errorhandling.hpp b/src/Thunks/api-ms-win-core-errorhandling.hpp index d7780da..0a21609 100644 --- a/src/Thunks/api-ms-win-core-errorhandling.hpp +++ b/src/Thunks/api-ms-win-core-errorhandling.hpp @@ -96,33 +96,33 @@ namespace YY::Thunks { return pGetErrorMode(); } - else if (auto pNtQueryInformationProcess = try_get_NtQueryInformationProcess()) + +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryInformationProcess = try_get_NtQueryInformationProcess(); + if (!NtQueryInformationProcess) { - DWORD dwDefaultHardErrorMode; + SetLastError(ERROR_CALL_NOT_IMPLEMENTED); + return 0; + } +#endif + DWORD dwDefaultHardErrorMode; - auto Status = pNtQueryInformationProcess(NtCurrentProcess(), ProcessDefaultHardErrorMode, &dwDefaultHardErrorMode, sizeof(dwDefaultHardErrorMode), nullptr); + LONG Status = NtQueryInformationProcess(NtCurrentProcess(), ProcessDefaultHardErrorMode, &dwDefaultHardErrorMode, sizeof(dwDefaultHardErrorMode), nullptr); - if (Status >= 0) + if (Status >= 0) + { + if (dwDefaultHardErrorMode & 0x00000001) { - if (dwDefaultHardErrorMode & 0x00000001) - { - return dwDefaultHardErrorMode & 0xFFFFFFFE; - } - else - { - return dwDefaultHardErrorMode | 0x00000001; - } + return dwDefaultHardErrorMode & 0xFFFFFFFE; + } + else + { + return dwDefaultHardErrorMode | 0x00000001; } - - internal::BaseSetLastNTError(Status); - - return 0; - } - else - { - SetLastError(ERROR_CALL_NOT_IMPLEMENTED); - return 0; } + + internal::BaseSetLastNTError(Status); + return 0; } #endif } //namespace YY::Thunks diff --git a/src/Thunks/api-ms-win-core-file.hpp b/src/Thunks/api-ms-win-core-file.hpp index dba6f40..7311134 100644 --- a/src/Thunks/api-ms-win-core-file.hpp +++ b/src/Thunks/api-ms-win-core-file.hpp @@ -110,14 +110,16 @@ namespace YY::Thunks if (bNtQueryDirectoryFile) { - auto pNtQueryDirectoryFile = try_get_NtQueryDirectoryFile(); - if (!pNtQueryDirectoryFile) +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryDirectoryFile = try_get_NtQueryDirectoryFile(); + if (!NtQueryDirectoryFile) { SetLastError(ERROR_INVALID_FUNCTION); return FALSE; } +#endif - Status = pNtQueryDirectoryFile( + Status = NtQueryDirectoryFile( hFile, nullptr, nullptr, @@ -144,15 +146,16 @@ namespace YY::Thunks } else { - auto pNtQueryInformationFile = try_get_NtQueryInformationFile(); - - if (!pNtQueryInformationFile) +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryInformationFile = try_get_NtQueryInformationFile(); + if (!NtQueryInformationFile) { SetLastError(ERROR_INVALID_FUNCTION); return FALSE; } +#endif - Status = pNtQueryInformationFile(hFile, &IoStatusBlock, lpFileInformation, dwBufferSize, NtFileInformationClass); + Status = NtQueryInformationFile(hFile, &IoStatusBlock, lpFileInformation, dwBufferSize, NtFileInformationClass); } if (Status >= STATUS_SUCCESS) @@ -170,7 +173,6 @@ namespace YY::Thunks else { internal::BaseSetLastNTError(Status); - return FALSE; } } @@ -197,13 +199,14 @@ namespace YY::Thunks return pSetFileInformationByHandle(hFile, FileInformationClass, lpFileInformation, dwBufferSize); } - - auto pNtSetInformationFile = try_get_NtSetInformationFile(); - if (!pNtSetInformationFile) +#if !defined(__USING_NTDLL_LIB) + const auto NtSetInformationFile = try_get_NtSetInformationFile(); + if (!NtSetInformationFile) { SetLastError(ERROR_INVALID_FUNCTION); return FALSE; } +#endif const auto ProcessHeap = ((TEB*)NtCurrentTeb())->ProcessEnvironmentBlock->ProcessHeap; FILE_INFORMATION_CLASS NtFileInformationClass; @@ -237,19 +240,21 @@ namespace YY::Thunks if (pRenameInfo->FileNameLength < sizeof(wchar_t) || pRenameInfo->FileName[0] != L':') { - auto pRtlDosPathNameToNtPathName_U = try_get_RtlDosPathNameToNtPathName_U(); - auto pRtlFreeUnicodeString = try_get_RtlFreeUnicodeString(); +#if !defined(__USING_NTDLL_LIB) + const auto RtlDosPathNameToNtPathName_U = try_get_RtlDosPathNameToNtPathName_U(); + const auto RtlFreeUnicodeString = try_get_RtlFreeUnicodeString(); - if (pRtlDosPathNameToNtPathName_U == nullptr || pRtlFreeUnicodeString ==nullptr) + if (RtlDosPathNameToNtPathName_U == nullptr || RtlFreeUnicodeString == nullptr) { SetLastError(ERROR_INVALID_FUNCTION); return FALSE; } +#endif UNICODE_STRING NtName = {}; - if (!pRtlDosPathNameToNtPathName_U(pRenameInfo->FileName, &NtName, nullptr, nullptr)) + if (!RtlDosPathNameToNtPathName_U(pRenameInfo->FileName, &NtName, nullptr, nullptr)) { SetLastError(ERROR_INVALID_PARAMETER); @@ -263,7 +268,7 @@ namespace YY::Thunks { auto lStatus = GetLastError(); - pRtlFreeUnicodeString(&NtName); + RtlFreeUnicodeString(&NtName); SetLastError(lStatus); return FALSE; @@ -283,7 +288,7 @@ namespace YY::Thunks lpFileInformation = NewRenameInfo; dwBufferSize = dwNewBufferSize; - pRtlFreeUnicodeString(&NtName); + RtlFreeUnicodeString(&NtName); } } break; @@ -336,7 +341,7 @@ namespace YY::Thunks IO_STATUS_BLOCK IoStatusBlock; - auto Status = pNtSetInformationFile(hFile, &IoStatusBlock, lpFileInformation, dwBufferSize, NtFileInformationClass); + LONG Status = NtSetInformationFile(hFile, &IoStatusBlock, lpFileInformation, dwBufferSize, NtFileInformationClass); if (bFreeFileInformation) { @@ -345,11 +350,8 @@ namespace YY::Thunks if (Status >= STATUS_SUCCESS) return TRUE; - - internal::BaseSetLastNTError(Status); - return FALSE; } #endif @@ -399,16 +401,17 @@ namespace YY::Thunks break; } +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryObject = try_get_NtQueryObject(); + const auto NtQueryInformationFile = try_get_NtQueryInformationFile(); - auto pNtQueryObject = try_get_NtQueryObject(); - auto pNtQueryInformationFile = try_get_NtQueryInformationFile(); - - if (nullptr == pNtQueryObject - || nullptr == pNtQueryInformationFile) + if (nullptr == NtQueryObject + || nullptr == NtQueryInformationFile) { SetLastError(ERROR_INVALID_FUNCTION); return 0; } +#endif UNICODE_STRING VolumeNtName = {}; @@ -458,7 +461,7 @@ namespace YY::Thunks } } - auto Status = pNtQueryObject(hFile, ObjectNameInformation, pObjectName, cbObjectName, &cbObjectName); + LONG Status = NtQueryObject(hFile, ObjectNameInformation, pObjectName, cbObjectName, &cbObjectName); if (STATUS_BUFFER_OVERFLOW == Status) { @@ -503,7 +506,7 @@ namespace YY::Thunks IO_STATUS_BLOCK IoStatusBlock; - auto Status = pNtQueryInformationFile(hFile, &IoStatusBlock, pFileNameInfo, cbFileNameInfo, FileNameInformation); + LONG Status = NtQueryInformationFile(hFile, &IoStatusBlock, pFileNameInfo, cbFileNameInfo, FileNameInformation); if (STATUS_BUFFER_OVERFLOW == Status) { @@ -906,12 +909,14 @@ namespace YY::Thunks return INVALID_HANDLE_VALUE; } - const auto pNtCreateFile = try_get_NtCreateFile(); - if (!pNtCreateFile) +#if !defined(__USING_NTDLL_LIB) + const auto NtCreateFile = try_get_NtCreateFile(); + if (!NtCreateFile) { SetLastError(ERROR_FUNCTION_FAILED); return INVALID_HANDLE_VALUE; } +#endif dwDesiredAccess |= SYNCHRONIZE | FILE_READ_ATTRIBUTES; @@ -982,7 +987,7 @@ namespace YY::Thunks IO_STATUS_BLOCK IoStatusBlock; - auto Status = pNtCreateFile(&hFile, dwDesiredAccess, &ObjectAttributes, &IoStatusBlock, nullptr, 0, dwShareMode, FILE_OPEN, CreateOptions, nullptr, 0); + auto Status = NtCreateFile(&hFile, dwDesiredAccess, &ObjectAttributes, &IoStatusBlock, nullptr, 0, dwShareMode, FILE_OPEN, CreateOptions, nullptr, 0); if (Status < 0) { @@ -1074,13 +1079,14 @@ namespace YY::Thunks do { - const auto pNtCreateFile = try_get_NtCreateFile(); - if (!pNtCreateFile) +#if !defined(__USING_NTDLL_LIB) + const auto NtCreateFile = try_get_NtCreateFile(); + if (!NtCreateFile) { Status = STATUS_INVALID_INFO_CLASS; break; } - +#endif if ((size_t(hOriginalFile) & 0x10000003) == 3) { @@ -1194,7 +1200,7 @@ namespace YY::Thunks HANDLE hFile; - Status = pNtCreateFile( + Status = NtCreateFile( &hFile, dwDesiredAccess, &ObjectAttributes, diff --git a/src/Thunks/api-ms-win-core-handle.hpp b/src/Thunks/api-ms-win-core-handle.hpp index 68f79da..234527d 100644 --- a/src/Thunks/api-ms-win-core-handle.hpp +++ b/src/Thunks/api-ms-win-core-handle.hpp @@ -39,9 +39,11 @@ namespace YY::Thunks bool __fastcall CompareObjectRef(HANDLE _hFirstObjectHandle, ObjectStaticBuffer& _FirstObjectBuffer, HANDLE _hSecondObjectHandle, ObjectStaticBuffer& _SecondObjectBuffer) noexcept { - const auto _pfnNtQueryObject = try_get_NtQueryObject(); - if (!_pfnNtQueryObject) +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryObject = try_get_NtQueryObject(); + if (!NtQueryObject) return false; +#endif const auto _pfnDuplicateHandle = try_get_DuplicateHandle(); const auto _pfnCloseHandle = try_get_CloseHandle(); @@ -60,7 +62,7 @@ namespace YY::Thunks break; } - LONG _Status = _pfnNtQueryObject(_hFirstObjectHandle, ObjectBasicInformation, &_FirstObjectBuffer, sizeof(_FirstObjectBuffer.BaseInfo), nullptr); + LONG _Status = NtQueryObject(_hFirstObjectHandle, ObjectBasicInformation, &_FirstObjectBuffer, sizeof(_FirstObjectBuffer.BaseInfo), nullptr); // 实际测试,ObjectBasicInformation 只出现无效句柄错误 if (_Status < 0) @@ -74,7 +76,7 @@ namespace YY::Thunks break; } - _Status = _pfnNtQueryObject(_hSecondObjectHandle, ObjectBasicInformation, &_SecondObjectBuffer, sizeof(_SecondObjectBuffer.BaseInfo), nullptr); + _Status = NtQueryObject(_hSecondObjectHandle, ObjectBasicInformation, &_SecondObjectBuffer, sizeof(_SecondObjectBuffer.BaseInfo), nullptr); if (_Status < 0) { break; @@ -89,7 +91,7 @@ namespace YY::Thunks _pfnCloseHandle(_hFirstTmp); _hFirstTmp = NULL; - _Status = _pfnNtQueryObject(_hFirstObjectHandle, ObjectBasicInformation, &_FirstObjectBuffer, sizeof(_FirstObjectBuffer.BaseInfo), nullptr); + _Status = NtQueryObject(_hFirstObjectHandle, ObjectBasicInformation, &_FirstObjectBuffer, sizeof(_FirstObjectBuffer.BaseInfo), nullptr); // 实际测试,ObjectBasicInformation 只出现无效句柄错误 if (_Status < 0) @@ -103,7 +105,7 @@ namespace YY::Thunks break; } - _Status = _pfnNtQueryObject(_hSecondObjectHandle, ObjectBasicInformation, &_SecondObjectBuffer, sizeof(_SecondObjectBuffer.BaseInfo), nullptr); + _Status = NtQueryObject(_hSecondObjectHandle, ObjectBasicInformation, &_SecondObjectBuffer, sizeof(_SecondObjectBuffer.BaseInfo), nullptr); if (_Status < 0) { break; @@ -129,15 +131,17 @@ namespace YY::Thunks bool __fastcall CompareObjectName(HANDLE _hLeft, ObjectStaticBuffer& _LeftBuffer, HANDLE _hRigth, ObjectStaticBuffer& _RightBuffer) noexcept { - const auto _pfnNtQueryObject = try_get_NtQueryObject(); - if (!_pfnNtQueryObject) +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryObject = try_get_NtQueryObject(); + if (!NtQueryObject) return false; +#endif - LONG _Status = _pfnNtQueryObject(_hLeft, ObjectNameInformation, &_LeftBuffer, sizeof(_LeftBuffer), nullptr); + LONG _Status = NtQueryObject(_hLeft, ObjectNameInformation, &_LeftBuffer, sizeof(_LeftBuffer), nullptr); if (_Status < 0) return false; - _Status = _pfnNtQueryObject(_hRigth, ObjectNameInformation, &_RightBuffer, sizeof(_RightBuffer), nullptr); + _Status = NtQueryObject(_hRigth, ObjectNameInformation, &_RightBuffer, sizeof(_RightBuffer), nullptr); if (_Status < 0) return false; @@ -465,12 +469,14 @@ namespace YY::Thunks return TRUE; } - const auto _pfnNtQueryObject = try_get_NtQueryObject(); - if (!_pfnNtQueryObject) +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryObject = try_get_NtQueryObject(); + if (!NtQueryObject) return FALSE; +#endif // 用来检测句柄是否合法 - LONG _Status = _pfnNtQueryObject(_hFirstObjectHandle, ObjectBasicInformation, &_FirstObjectBuffer, sizeof(_FirstObjectBuffer.BaseInfo), nullptr); + LONG _Status = NtQueryObject(_hFirstObjectHandle, ObjectBasicInformation, &_FirstObjectBuffer, sizeof(_FirstObjectBuffer.BaseInfo), nullptr); if (_Status < 0) { return FALSE; @@ -478,12 +484,13 @@ namespace YY::Thunks return TRUE; } - const auto _pfnNtQueryObject = try_get_NtQueryObject(); - if (!_pfnNtQueryObject) +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryObject = try_get_NtQueryObject(); + if (!NtQueryObject) return FALSE; +#endif - - LONG _Status = _pfnNtQueryObject(_hFirstObjectHandle, ObjectBasicInformation, &_FirstObjectBuffer, sizeof(_FirstObjectBuffer.BaseInfo), nullptr); + LONG _Status = NtQueryObject(_hFirstObjectHandle, ObjectBasicInformation, &_FirstObjectBuffer, sizeof(_FirstObjectBuffer.BaseInfo), nullptr); // 实际测试,ObjectBasicInformation 只出现无效句柄错误 if (_Status < 0) @@ -497,7 +504,7 @@ namespace YY::Thunks return FALSE; } - _Status = _pfnNtQueryObject(_hSecondObjectHandle, ObjectBasicInformation, &_SecondObjectBuffer, sizeof(_SecondObjectBuffer.BaseInfo), nullptr); + _Status = NtQueryObject(_hSecondObjectHandle, ObjectBasicInformation, &_SecondObjectBuffer, sizeof(_SecondObjectBuffer.BaseInfo), nullptr); if (_Status < 0) { return FALSE; @@ -515,12 +522,12 @@ namespace YY::Thunks return FALSE; } - _Status = _pfnNtQueryObject(_hFirstObjectHandle, ObjectTypeInformation, &_FirstObjectBuffer, sizeof(_FirstObjectBuffer), nullptr); + _Status = NtQueryObject(_hFirstObjectHandle, ObjectTypeInformation, &_FirstObjectBuffer, sizeof(_FirstObjectBuffer), nullptr); if (_Status < 0) { return FALSE; } - _Status = _pfnNtQueryObject(_hSecondObjectHandle, ObjectTypeInformation, &_SecondObjectBuffer, sizeof(_SecondObjectBuffer), nullptr); + _Status = NtQueryObject(_hSecondObjectHandle, ObjectTypeInformation, &_SecondObjectBuffer, sizeof(_SecondObjectBuffer), nullptr); if (_Status < 0) { return FALSE; diff --git a/src/Thunks/api-ms-win-core-libraryloader.hpp b/src/Thunks/api-ms-win-core-libraryloader.hpp index 90cec93..2a742b1 100644 --- a/src/Thunks/api-ms-win-core-libraryloader.hpp +++ b/src/Thunks/api-ms-win-core-libraryloader.hpp @@ -166,14 +166,16 @@ namespace YY::Thunks if (dwFlags & GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS) { - auto pRtlPcToFileHeader = try_get_RtlPcToFileHeader(); - if (!pRtlPcToFileHeader) +#if !defined(__USING_NTDLL_LIB) + const auto RtlPcToFileHeader = try_get_RtlPcToFileHeader(); + if (!RtlPcToFileHeader) { lStatus = ERROR_NOT_SUPPORTED; break; } +#endif - hModule = (HMODULE)pRtlPcToFileHeader((PVOID)lpModuleName, (PVOID*)&hModule); + hModule = (HMODULE)RtlPcToFileHeader((PVOID)lpModuleName, (PVOID*)&hModule); } else { @@ -192,14 +194,16 @@ namespace YY::Thunks } else { - const auto pLdrAddRefDll = try_get_LdrAddRefDll(); - if (!pLdrAddRefDll) +#if !defined(__USING_NTDLL_LIB) + const auto LdrAddRefDll = try_get_LdrAddRefDll(); + if (!LdrAddRefDll) { lStatus = ERROR_NOT_SUPPORTED; break; } +#endif - auto Status = pLdrAddRefDll(dwFlags& GET_MODULE_HANDLE_EX_FLAG_PIN, hModule); + LONG Status = LdrAddRefDll(dwFlags& GET_MODULE_HANDLE_EX_FLAG_PIN, hModule); if (Status < 0) { lStatus = internal::BaseSetLastNTError(Status); @@ -265,14 +269,16 @@ namespace YY::Thunks if (dwFlags & GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS) { - const auto pRtlPcToFileHeader = try_get_RtlPcToFileHeader(); - if (!pRtlPcToFileHeader) +#if !defined(__USING_NTDLL_LIB) + const auto RtlPcToFileHeader = try_get_RtlPcToFileHeader(); + if (!RtlPcToFileHeader) { lStatus = ERROR_NOT_SUPPORTED; break; } +#endif - hModule = (HMODULE)pRtlPcToFileHeader((PVOID)lpModuleName, (PVOID*)&hModule); + hModule = (HMODULE)RtlPcToFileHeader((PVOID)lpModuleName, (PVOID*)&hModule); } else { @@ -291,14 +297,16 @@ namespace YY::Thunks } else { - const auto pLdrAddRefDll = try_get_LdrAddRefDll(); - if (!pLdrAddRefDll) +#if !defined(__USING_NTDLL_LIB) + const auto LdrAddRefDll = try_get_LdrAddRefDll(); + if (!LdrAddRefDll) { lStatus = ERROR_NOT_SUPPORTED; break; } +#endif - auto Status = pLdrAddRefDll(dwFlags & GET_MODULE_HANDLE_EX_FLAG_PIN, hModule); + LONG Status = LdrAddRefDll(dwFlags & GET_MODULE_HANDLE_EX_FLAG_PIN, hModule); if (Status < 0) { lStatus = internal::BaseSetLastNTError(Status); @@ -413,10 +421,12 @@ namespace YY::Thunks break; } - - const auto pRtlDetermineDosPathNameType_U = try_get_RtlDetermineDosPathNameType_U(); - - const auto PathType = pRtlDetermineDosPathNameType_U ? pRtlDetermineDosPathNameType_U(lpLibFileName) : RtlPathTypeUnknown; +#if defined(__USING_NTDLL_LIB) + const auto PathType = RtlDetermineDosPathNameType_U(lpLibFileName); +#else + const auto RtlDetermineDosPathNameType_U = try_get_RtlDetermineDosPathNameType_U(); + const auto PathType = RtlDetermineDosPathNameType_U ? RtlDetermineDosPathNameType_U(lpLibFileName) : RtlPathTypeUnknown; +#endif if (dwLoadLibrarySearchFlags & LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR) { @@ -554,13 +564,14 @@ namespace YY::Thunks //以模块方式加载 - - const auto pLdrLoadDll = try_get_LdrLoadDll(); - if (!pLdrLoadDll) +#if !defined(__USING_NTDLL_LIB) + const auto LdrLoadDll = try_get_LdrLoadDll(); + if (!LdrLoadDll) { SetLastError(ERROR_FUNCTION_FAILED); return nullptr; } +#endif DWORD nSize = 0; @@ -691,7 +702,7 @@ namespace YY::Thunks dwLdrLoadDllFlags |= 0x800000; } -#if defined(_X86_) || defined(_M_IX86) +#if defined(_M_IX86) && YY_Thunks_Target < __WindowsNT6_1_SP1 //我们先关闭重定向,再加载DLL,Windows 7 SP1以前的系统不会关闭重定向,而导致某些线程关闭重定向后DLL加载问题。 PVOID OldFsRedirectionLevel; @@ -699,9 +710,9 @@ namespace YY::Thunks auto StatusFsRedir = pRtlWow64EnableFsRedirectionEx ? pRtlWow64EnableFsRedirectionEx(nullptr, &OldFsRedirectionLevel) : 0; #endif - auto Status = pLdrLoadDll(szFilePathBuffer, &dwLdrLoadDllFlags, &ModuleFileName, &hModule); + LONG Status = LdrLoadDll(szFilePathBuffer, &dwLdrLoadDllFlags, &ModuleFileName, &hModule); -#if defined(_X86_) || defined(_M_IX86) +#if defined(_M_IX86) && YY_Thunks_Target < __WindowsNT6_1_SP1 if (StatusFsRedir >= 0 && pRtlWow64EnableFsRedirectionEx) pRtlWow64EnableFsRedirectionEx(OldFsRedirectionLevel, &OldFsRedirectionLevel); #endif @@ -716,7 +727,7 @@ namespace YY::Thunks return Fallback::ForwardDll(lpLibFileName); } while (false); -#if defined(_X86_) || defined(_M_IX86) +#if defined(_M_IX86) && YY_Thunks_Target < __WindowsNT6_1_SP1 //我们先关闭重定向,再加载DLL,Windows 7 SP1以前的系统不会关闭重定向,而导致某些线程关闭重定向后DLL加载问题。 PVOID OldFsRedirectionLevel; @@ -726,7 +737,7 @@ namespace YY::Thunks auto hModule = pLoadLibraryExW(lpLibFileName, hFile, dwFlags); -#if defined(_X86_) || defined(_M_IX86) +#if defined(_M_IX86) && YY_Thunks_Target < __WindowsNT6_1_SP1 if (StatusFsRedir >= 0 && pRtlWow64EnableFsRedirectionEx) { LSTATUS lStatus = GetLastError(); diff --git a/src/Thunks/api-ms-win-core-processthreads.hpp b/src/Thunks/api-ms-win-core-processthreads.hpp index 1fca496..93c642a 100644 --- a/src/Thunks/api-ms-win-core-processthreads.hpp +++ b/src/Thunks/api-ms-win-core-processthreads.hpp @@ -141,30 +141,32 @@ namespace YY ::Thunks _In_ HANDLE Thread ) { - if (auto pGetThreadId = try_get_GetThreadId()) + if (const auto _pfnGetThreadId = try_get_GetThreadId()) { - return pGetThreadId(Thread); + return _pfnGetThreadId(Thread); } - else if (auto pNtQueryInformationThread = try_get_NtQueryInformationThread()) + +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryInformationThread = try_get_NtQueryInformationThread(); + if(!NtQueryInformationThread) { - THREAD_BASIC_INFORMATION ThreadBasicInfo; + SetLastError(ERROR_CALL_NOT_IMPLEMENTED); + return 0; + } +#endif - auto Status = pNtQueryInformationThread(Thread, ThreadBasicInformation, &ThreadBasicInfo, sizeof(ThreadBasicInfo), nullptr); + THREAD_BASIC_INFORMATION ThreadBasicInfo; - if (Status < 0) - { - internal::BaseSetLastNTError(Status); - return 0; - } - else - { - return (DWORD)ThreadBasicInfo.ClientId.UniqueThread; - } + LONG Status = NtQueryInformationThread(Thread, ThreadBasicInformation, &ThreadBasicInfo, sizeof(ThreadBasicInfo), nullptr); + + if (Status < 0) + { + internal::BaseSetLastNTError(Status); + return 0; } else { - SetLastError(ERROR_CALL_NOT_IMPLEMENTED); - return 0; + return (DWORD)ThreadBasicInfo.ClientId.UniqueThread; } } #endif @@ -183,30 +185,30 @@ namespace YY ::Thunks _In_ HANDLE Thread ) { - if (auto pGetProcessIdOfThread = try_get_GetProcessIdOfThread()) + if (const auto _pfnGetProcessIdOfThread = try_get_GetProcessIdOfThread()) + return _pfnGetProcessIdOfThread(Thread); + +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryInformationThread = try_get_NtQueryInformationThread(); + if (!NtQueryInformationThread) { - return pGetProcessIdOfThread(Thread); + SetLastError(ERROR_CALL_NOT_IMPLEMENTED); + return 0; } - else if (auto pNtQueryInformationThread = try_get_NtQueryInformationThread()) - { - THREAD_BASIC_INFORMATION ThreadBasicInfo; +#endif - auto Status = pNtQueryInformationThread(Thread, ThreadBasicInformation, &ThreadBasicInfo, sizeof(ThreadBasicInfo), nullptr); + THREAD_BASIC_INFORMATION ThreadBasicInfo; - if (Status < 0) - { - internal::BaseSetLastNTError(Status); - return 0; - } - else - { - return (DWORD)ThreadBasicInfo.ClientId.UniqueProcess; - } + LONG Status = NtQueryInformationThread(Thread, ThreadBasicInformation, &ThreadBasicInfo, sizeof(ThreadBasicInfo), nullptr); + + if (Status < 0) + { + internal::BaseSetLastNTError(Status); + return 0; } else { - SetLastError(ERROR_CALL_NOT_IMPLEMENTED); - return 0; + return (DWORD)ThreadBasicInfo.ClientId.UniqueProcess; } } #endif @@ -229,26 +231,27 @@ namespace YY ::Thunks { return pGetProcessId(Process); } - else if (auto pNtQueryInformationProcess = try_get_NtQueryInformationProcess()) +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryInformationProcess = try_get_NtQueryInformationProcess(); + if (!NtQueryInformationProcess) { - PROCESS_BASIC_INFORMATION ProcessBasicInfo; + SetLastError(ERROR_CALL_NOT_IMPLEMENTED); + return 0; + } +#endif - auto Status = pNtQueryInformationProcess(Process, ProcessBasicInformation, &ProcessBasicInfo, sizeof(ProcessBasicInfo), nullptr); + PROCESS_BASIC_INFORMATION ProcessBasicInfo; - if (Status < 0) - { - internal::BaseSetLastNTError(Status); - return 0; - } - else - { - return (DWORD)ProcessBasicInfo.UniqueProcessId; - } + LONG Status = NtQueryInformationProcess(Process, ProcessBasicInformation, &ProcessBasicInfo, sizeof(ProcessBasicInfo), nullptr); + + if (Status < 0) + { + internal::BaseSetLastNTError(Status); + return 0; } else { - SetLastError(ERROR_CALL_NOT_IMPLEMENTED); - return 0; + return (DWORD)ProcessBasicInfo.UniqueProcessId; } } #endif @@ -744,12 +747,14 @@ namespace YY ::Thunks SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } - const auto _pfnNtQueryInformationProcess = try_get_NtQueryInformationProcess(); - if (!_pfnNtQueryInformationProcess) +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryInformationProcess = try_get_NtQueryInformationProcess(); + if (!NtQueryInformationProcess) { SetLastError(ERROR_NOT_SUPPORTED); return FALSE; } +#endif if (_eMitigationPolicy == ProcessDEPPolicy) { @@ -759,7 +764,7 @@ namespace YY ::Thunks return FALSE; } KEXECUTE_OPTIONS _DepOptions = {}; - NTSTATUS _Status = _pfnNtQueryInformationProcess(_hProcess, ProcessExecuteFlags, &_DepOptions, sizeof(_DepOptions), nullptr); + NTSTATUS _Status = NtQueryInformationProcess(_hProcess, ProcessExecuteFlags, &_DepOptions, sizeof(_DepOptions), nullptr); if (_Status >= 0) { auto _pDepPolicy = (PROCESS_MITIGATION_DEP_POLICY*)_pBuffer; @@ -800,7 +805,7 @@ namespace YY ::Thunks } YY_ProcessPolicyInfo _Info = { static_cast(_eMitigationPolicy) }; - NTSTATUS _Status = _pfnNtQueryInformationProcess(_hProcess, YY_ProcessPolicy, &_Info, sizeof(_Info), nullptr); + NTSTATUS _Status = NtQueryInformationProcess(_hProcess, YY_ProcessPolicy, &_Info, sizeof(_Info), nullptr); if (_Status >= 0) { *(DWORD*)_pBuffer = _Info.Flags; @@ -855,12 +860,14 @@ namespace YY ::Thunks SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } - const auto _pfnNtSetInformationProcess = try_get_NtSetInformationProcess(); - if (!_pfnNtSetInformationProcess) +#if !defined(__USING_NTDLL_LIB) + const auto NtSetInformationProcess = try_get_NtSetInformationProcess(); + if (!NtSetInformationProcess) { SetLastError(ERROR_NOT_SUPPORTED); return FALSE; } +#endif NTSTATUS _Status; if (_eMitigationPolicy == ProcessDEPPolicy) @@ -885,7 +892,7 @@ namespace YY ::Thunks _DepOptions.DisableThunkEmulation = _DepPolicy.DisableAtlThunkEmulation; _DepOptions.Permanent = _DepPolicy.Permanent; - _Status = _pfnNtSetInformationProcess(NtCurrentProcess(), YY_ProcessPolicy, &_DepOptions, sizeof(_DepOptions)); + _Status = NtSetInformationProcess(NtCurrentProcess(), YY_ProcessPolicy, &_DepOptions, sizeof(_DepOptions)); } else @@ -897,7 +904,7 @@ namespace YY ::Thunks } YY_ProcessPolicyInfo _Info = { static_cast(_eMitigationPolicy), *(DWORD*)_pBuffer }; - _Status = _pfnNtSetInformationProcess(NtCurrentProcess(), YY_ProcessPolicy, &_Info, sizeof(_Info)); + _Status = NtSetInformationProcess(NtCurrentProcess(), YY_ProcessPolicy, &_Info, sizeof(_Info)); } if (_Status >= 0) @@ -939,12 +946,14 @@ namespace YY ::Thunks return FALSE; } - const auto _pfnNtSetInformationProcess = try_get_NtSetInformationProcess(); - if (!_pfnNtSetInformationProcess) +#if !defined(__USING_NTDLL_LIB) + const auto NtSetInformationProcess = try_get_NtSetInformationProcess(); + if (!NtSetInformationProcess) { SetLastError(ERROR_NOT_SUPPORTED); return FALSE; } +#endif NTSTATUS _Status; if (_eProcessInformationClass == ProcessMemoryPriority) @@ -955,7 +964,7 @@ namespace YY ::Thunks return FALSE; } // PAGE_PRIORITY_INFORMATION - _Status = _pfnNtSetInformationProcess(_hProcess, ProcessPagePriority, _pProcessInformation, sizeof(DWORD)); + _Status = NtSetInformationProcess(_hProcess, ProcessPagePriority, _pProcessInformation, sizeof(DWORD)); } else { @@ -997,13 +1006,14 @@ namespace YY ::Thunks SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } - - const auto _pfnNtSetInformationThread = try_get_NtSetInformationThread(); - if (!_pfnNtSetInformationThread) +#if !defined(__USING_NTDLL_LIB) + const auto NtSetInformationThread = try_get_NtSetInformationThread(); + if (!NtSetInformationThread) { SetLastError(ERROR_NOT_SUPPORTED); return FALSE; } +#endif NTSTATUS _Status; if (_eThreadInformationClass == ThreadMemoryPriority) @@ -1013,7 +1023,7 @@ namespace YY ::Thunks SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } - _Status = _pfnNtSetInformationThread(_hThread, ThreadPagePriority, _pThreadInformation, sizeof(DWORD)); + _Status = NtSetInformationThread(_hThread, ThreadPagePriority, _pThreadInformation, sizeof(DWORD)); } else if (_eThreadInformationClass == ThreadAbsoluteCpuPriority) { @@ -1022,7 +1032,7 @@ namespace YY ::Thunks SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } - _Status = _pfnNtSetInformationThread(_hThread, ThreadActualBasePriority, _pThreadInformation, sizeof(DWORD)); + _Status = NtSetInformationThread(_hThread, ThreadActualBasePriority, _pThreadInformation, sizeof(DWORD)); } else { @@ -1060,21 +1070,23 @@ namespace YY ::Thunks return _pfnGetThreadInformation(_hThread, _eThreadInformationClass, _pThreadInformation, _cbThreadInformationSize); } - const auto _pfnNtQueryInformationThread = try_get_NtQueryInformationThread(); - if (!_pfnNtQueryInformationThread) +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryInformationThread = try_get_NtQueryInformationThread(); + if (!NtQueryInformationThread) { SetLastError(ERROR_NOT_SUPPORTED); return FALSE; } +#endif long _Status; if (_eThreadInformationClass == ThreadMemoryPriority) { - _Status = _pfnNtQueryInformationThread(_hThread, ThreadPagePriority, _pThreadInformation, _cbThreadInformationSize, nullptr); + _Status = NtQueryInformationThread(_hThread, ThreadPagePriority, _pThreadInformation, _cbThreadInformationSize, nullptr); } else if (_eThreadInformationClass == ThreadAbsoluteCpuPriority) { - _Status = _pfnNtQueryInformationThread(_hThread, ThreadActualBasePriority, _pThreadInformation, _cbThreadInformationSize, nullptr); + _Status = NtQueryInformationThread(_hThread, ThreadActualBasePriority, _pThreadInformation, _cbThreadInformationSize, nullptr); } else { diff --git a/src/Thunks/api-ms-win-core-synch.hpp b/src/Thunks/api-ms-win-core-synch.hpp index b1239b5..fd68dc9 100644 --- a/src/Thunks/api-ms-win-core-synch.hpp +++ b/src/Thunks/api-ms-win-core-synch.hpp @@ -122,19 +122,19 @@ namespace YY::Thunks::internal { if (_GlobalKeyedEventHandle == nullptr) { - auto pNtOpenKeyedEvent = try_get_NtOpenKeyedEvent(); +#if !defined(__USING_NTDLL_LIB) + auto NtOpenKeyedEvent = try_get_NtOpenKeyedEvent(); - if(pNtOpenKeyedEvent == nullptr) + if(!NtOpenKeyedEvent) RaiseStatus(STATUS_RESOURCE_NOT_OWNED); +#endif - constexpr const wchar_t Name[] = L"\\KernelObjects\\CritSecOutOfMemoryEvent"; - - UNICODE_STRING ObjectName = {sizeof(Name) - sizeof(wchar_t),sizeof(Name) - sizeof(wchar_t) ,(PWSTR)Name }; - OBJECT_ATTRIBUTES attr = { sizeof(attr),nullptr,&ObjectName }; + UNICODE_STRING ObjectName = internal::MakeNtString(L"\\KernelObjects\\CritSecOutOfMemoryEvent"); + OBJECT_ATTRIBUTES attr = { sizeof(attr), nullptr, &ObjectName }; HANDLE KeyedEventHandle; - if (pNtOpenKeyedEvent(&KeyedEventHandle, MAXIMUM_ALLOWED, &attr) < 0) + if (NtOpenKeyedEvent(&KeyedEventHandle, MAXIMUM_ALLOWED, &attr) < 0) { RaiseStatus(STATUS_RESOURCE_NOT_OWNED); } @@ -157,12 +157,13 @@ namespace YY::Thunks::internal static void __fastcall RtlpWakeSRWLock(SRWLOCK* SRWLock, size_t Status) { auto GlobalKeyedEventHandle = GetGlobalKeyedEventHandle(); - auto pNtReleaseKeyedEvent = try_get_NtReleaseKeyedEvent(); - - if (!pNtReleaseKeyedEvent) +#if !defined(__USING_NTDLL_LIB) + const auto NtReleaseKeyedEvent = try_get_NtReleaseKeyedEvent(); + if (!NtReleaseKeyedEvent) { RaiseStatus(STATUS_RESOURCE_NOT_OWNED); } +#endif for (;;) { @@ -202,7 +203,7 @@ namespace YY::Thunks::internal //if(!RtlpWaitCouldDeadlock()) - pNtReleaseKeyedEvent(GlobalKeyedEventHandle, notify, 0, nullptr); + NtReleaseKeyedEvent(GlobalKeyedEventHandle, notify, 0, nullptr); } return; @@ -226,7 +227,7 @@ namespace YY::Thunks::internal //if(!RtlpWaitCouldDeadlock()) - pNtReleaseKeyedEvent(GlobalKeyedEventHandle, notify, 0, nullptr); + NtReleaseKeyedEvent(GlobalKeyedEventHandle, notify, 0, nullptr); } notify = next; @@ -345,13 +346,13 @@ namespace YY::Thunks::internal static void __fastcall RtlpWakeConditionVariable(PCONDITION_VARIABLE ConditionVariable, size_t ConditionVariableStatus, size_t WakeCount) { auto GlobalKeyedEventHandle = GetGlobalKeyedEventHandle(); - auto pNtReleaseKeyedEvent = try_get_NtReleaseKeyedEvent(); - - if (!pNtReleaseKeyedEvent) +#if !defined(__USING_NTDLL_LIB) + const auto NtReleaseKeyedEvent = try_get_NtReleaseKeyedEvent(); + if (!NtReleaseKeyedEvent) { RaiseStatus(STATUS_RESOURCE_NOT_OWNED); } - +#endif //v16 YY_CV_WAIT_BLOCK* notify = nullptr; @@ -454,7 +455,7 @@ namespace YY::Thunks::internal { if (pWake->SRWLock == nullptr || RtlpQueueWaitBlockToSRWLock(pWake, pWake->SRWLock, (pWake->flag >> 2) & 0x1) == FALSE) { - pNtReleaseKeyedEvent(GlobalKeyedEventHandle, pWake, 0, nullptr); + NtReleaseKeyedEvent(GlobalKeyedEventHandle, pWake, 0, nullptr); } } @@ -599,9 +600,11 @@ namespace YY::Thunks::internal ) { auto GlobalKeyedEventHandle = internal::GetGlobalKeyedEventHandle(); - auto pNtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); - if (!pNtWaitForKeyedEvent) +#if !defined(__USING_NTDLL_LIB) + const auto NtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); + if (!NtWaitForKeyedEvent) internal::RaiseStatus(STATUS_RESOURCE_NOT_OWNED); +#endif do { @@ -614,7 +617,7 @@ namespace YY::Thunks::internal if (Last == Old) { //WinXP等老系统不支持空句柄传入,此行为不能照搬Windows 7 - pNtWaitForKeyedEvent(GlobalKeyedEventHandle, &Current, 0, nullptr); + NtWaitForKeyedEvent(GlobalKeyedEventHandle, &Current, 0, nullptr); Current = *(volatile size_t*)lpInitOnce; } @@ -699,9 +702,11 @@ namespace YY::Thunks::internal static void __fastcall RtlpRunOnceWakeAll(size_t* pWake) { auto GlobalKeyedEventHandle = internal::GetGlobalKeyedEventHandle(); - auto pNtReleaseKeyedEvent = try_get_NtReleaseKeyedEvent(); - if (!pNtReleaseKeyedEvent) +#if !defined(__USING_NTDLL_LIB) + const auto NtReleaseKeyedEvent = try_get_NtReleaseKeyedEvent(); + if (!NtReleaseKeyedEvent) internal::RaiseStatus(STATUS_RESOURCE_NOT_OWNED); +#endif for (auto WakeAddress = (LPVOID)(*pWake & ~size_t(RTL_RUN_ONCE_CHECK_ONLY | RTL_RUN_ONCE_ASYNC)); WakeAddress; ) { @@ -709,7 +714,7 @@ namespace YY::Thunks::internal auto NextWakeAddress = *(LPVOID*)WakeAddress; //WinXP等老系统不支持空句柄传入,此行为不能照搬Windows 7 - pNtReleaseKeyedEvent(GlobalKeyedEventHandle, WakeAddress, 0, nullptr); + NtReleaseKeyedEvent(GlobalKeyedEventHandle, WakeAddress, 0, nullptr); WakeAddress = NextWakeAddress; } @@ -795,9 +800,11 @@ namespace YY::Thunks::internal static void __fastcall RtlpWaitOnAddressWakeEntireList(YY_ADDRESS_WAIT_BLOCK* pBlock) { auto GlobalKeyedEventHandle = GetGlobalKeyedEventHandle(); - auto pNtReleaseKeyedEvent = try_get_NtReleaseKeyedEvent(); - if (!pNtReleaseKeyedEvent) +#if !defined(__USING_NTDLL_LIB) + const auto NtReleaseKeyedEvent = try_get_NtReleaseKeyedEvent(); + if (!NtReleaseKeyedEvent) internal::RaiseStatus(STATUS_NOT_FOUND); +#endif for (; pBlock;) { @@ -805,7 +812,7 @@ namespace YY::Thunks::internal if (InterlockedExchange(&pBlock->flag, 2) == 0) { - pNtReleaseKeyedEvent(GlobalKeyedEventHandle, pBlock, 0, nullptr); + NtReleaseKeyedEvent(GlobalKeyedEventHandle, pBlock, 0, nullptr); } @@ -897,9 +904,11 @@ namespace YY::Thunks::internal static void __fastcall RtlpWaitOnAddressRemoveWaitBlock(YY_ADDRESS_WAIT_BLOCK* pWaitBlock) { auto GlobalKeyedEventHandle = GetGlobalKeyedEventHandle(); - auto pNtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); - if (!pNtWaitForKeyedEvent) +#if !defined(__USING_NTDLL_LIB) + const auto NtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); + if (!NtWaitForKeyedEvent) internal::RaiseStatus(STATUS_NOT_FOUND); +#endif auto ppFirstBlock = GetBlockByWaitOnAddressHashTable((LPVOID)pWaitBlock->Address); @@ -997,7 +1006,7 @@ namespace YY::Thunks::internal if (bFind == false && InterlockedExchange(&pWaitBlock->flag, 0) != 2) { - pNtWaitForKeyedEvent(GlobalKeyedEventHandle, pWaitBlock, 0, nullptr); + NtWaitForKeyedEvent(GlobalKeyedEventHandle, pWaitBlock, 0, nullptr); } Tmp->next = pNotify; @@ -1051,17 +1060,19 @@ namespace YY::Thunks::internal } auto GlobalKeyedEventHandle = GetGlobalKeyedEventHandle(); - auto pNtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); - if (!pNtWaitForKeyedEvent) +#if !defined(__USING_NTDLL_LIB) + auto NtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); + if (!NtWaitForKeyedEvent) internal::RaiseStatus(STATUS_NOT_FOUND); +#endif - auto Status = pNtWaitForKeyedEvent(GlobalKeyedEventHandle, pWaitBlock, 0, TimeOut); + auto Status = NtWaitForKeyedEvent(GlobalKeyedEventHandle, pWaitBlock, 0, TimeOut); if (Status == STATUS_TIMEOUT) { if (InterlockedExchange(&pWaitBlock->flag, 4) == 2) { - Status = pNtWaitForKeyedEvent(GlobalKeyedEventHandle, pWaitBlock, 0, nullptr); + Status = NtWaitForKeyedEvent(GlobalKeyedEventHandle, pWaitBlock, 0, nullptr); } else { @@ -1192,9 +1203,11 @@ namespace YY::Thunks::internal } auto GlobalKeyedEventHandle = GetGlobalKeyedEventHandle(); - auto pNtReleaseKeyedEvent = try_get_NtReleaseKeyedEvent(); - if (!pNtReleaseKeyedEvent) +#if !defined(__USING_NTDLL_LIB) + const auto NtReleaseKeyedEvent = try_get_NtReleaseKeyedEvent(); + if (!NtReleaseKeyedEvent) internal::RaiseStatus(STATUS_NOT_FOUND); +#endif for (auto pItem = LastWake; pItem;) { @@ -1202,7 +1215,7 @@ namespace YY::Thunks::internal auto Tmp = pItem->back; //唤醒等待的Key - pNtReleaseKeyedEvent(GlobalKeyedEventHandle, pItem, FALSE, nullptr); + NtReleaseKeyedEvent(GlobalKeyedEventHandle, pItem, FALSE, nullptr); pItem = Tmp; } @@ -1699,11 +1712,13 @@ namespace YY::Thunks } auto GlobalKeyedEventHandle = internal::GetGlobalKeyedEventHandle(); - auto pNtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); - if (!pNtWaitForKeyedEvent) +#if !defined(__USING_NTDLL_LIB) + const auto NtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); + if (!NtWaitForKeyedEvent) { internal::RaiseStatus(STATUS_RESOURCE_NOT_OWNED); } +#endif //自旋 for (DWORD SpinCount = SRWLockSpinCount; SpinCount; --SpinCount) @@ -1716,7 +1731,7 @@ namespace YY::Thunks if (InterlockedBitTestAndReset((volatile LONG*)&StackWaitBlock.flag, 1)) { - pNtWaitForKeyedEvent(GlobalKeyedEventHandle, (PVOID)&StackWaitBlock, 0, nullptr); + NtWaitForKeyedEvent(GlobalKeyedEventHandle, (PVOID)&StackWaitBlock, 0, nullptr); } } else @@ -1878,11 +1893,13 @@ namespace YY::Thunks } auto GlobalKeyedEventHandle = internal::GetGlobalKeyedEventHandle(); - auto pNtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); - if (!pNtWaitForKeyedEvent) +#if !defined(__USING_NTDLL_LIB) + const auto NtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); + if (!NtWaitForKeyedEvent) { internal::RaiseStatus(STATUS_RESOURCE_NOT_OWNED); } +#endif //自旋 for (DWORD SpinCount = SRWLockSpinCount; SpinCount; --SpinCount) @@ -1895,7 +1912,7 @@ namespace YY::Thunks if (InterlockedBitTestAndReset((volatile LONG*)&StackWaitBlock.flag, 1)) { - pNtWaitForKeyedEvent(GlobalKeyedEventHandle, (PVOID)&StackWaitBlock, 0, nullptr); + NtWaitForKeyedEvent(GlobalKeyedEventHandle, (PVOID)&StackWaitBlock, 0, nullptr); } continue; @@ -2161,13 +2178,14 @@ namespace YY::Thunks internal::RtlpOptimizeConditionVariableWaitList(ConditionVariable, NewConditionVariable); } - auto GlobalKeyedEventHandle = internal::GetGlobalKeyedEventHandle(); - auto pNtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); - if (!pNtWaitForKeyedEvent) +#if !defined(__USING_NTDLL_LIB) + const auto NtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); + if (!NtWaitForKeyedEvent) { internal::RaiseStatus(STATUS_RESOURCE_NOT_OWNED); } +#endif //自旋 for (auto SpinCount = ConditionVariableSpinCount; SpinCount; --SpinCount) @@ -2184,11 +2202,11 @@ namespace YY::Thunks { LARGE_INTEGER TimeOut; - Status = pNtWaitForKeyedEvent(GlobalKeyedEventHandle, (PVOID)&StackWaitBlock, 0, internal::BaseFormatTimeOut(&TimeOut, dwMilliseconds)); + Status = NtWaitForKeyedEvent(GlobalKeyedEventHandle, (PVOID)&StackWaitBlock, 0, internal::BaseFormatTimeOut(&TimeOut, dwMilliseconds)); if (Status == STATUS_TIMEOUT && internal::RtlpWakeSingle(ConditionVariable, &StackWaitBlock) == FALSE) { - pNtWaitForKeyedEvent(GlobalKeyedEventHandle, (PVOID)&StackWaitBlock, 0, nullptr); + NtWaitForKeyedEvent(GlobalKeyedEventHandle, (PVOID)&StackWaitBlock, 0, nullptr); Status = 0; } } @@ -2285,11 +2303,13 @@ namespace YY::Thunks } auto GlobalKeyedEventHandle = internal::GetGlobalKeyedEventHandle(); - auto pNtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); - if (!pNtWaitForKeyedEvent) +#if !defined(__USING_NTDLL_LIB) + const auto NtWaitForKeyedEvent = try_get_NtWaitForKeyedEvent(); + if (!NtWaitForKeyedEvent) { internal::RaiseStatus(STATUS_RESOURCE_NOT_OWNED); } +#endif //自旋 for (auto SpinCount = ConditionVariableSpinCount; SpinCount; --SpinCount) @@ -2304,11 +2324,11 @@ namespace YY::Thunks { LARGE_INTEGER TimeOut; - Status = pNtWaitForKeyedEvent(GlobalKeyedEventHandle, (PVOID)&StackWaitBlock, 0, internal::BaseFormatTimeOut(&TimeOut, dwMilliseconds)); + Status = NtWaitForKeyedEvent(GlobalKeyedEventHandle, (PVOID)&StackWaitBlock, 0, internal::BaseFormatTimeOut(&TimeOut, dwMilliseconds)); if (Status == STATUS_TIMEOUT && internal::RtlpWakeSingle(ConditionVariable, &StackWaitBlock) == FALSE) { - pNtWaitForKeyedEvent(GlobalKeyedEventHandle, (PVOID)&StackWaitBlock, 0, nullptr); + NtWaitForKeyedEvent(GlobalKeyedEventHandle, (PVOID)&StackWaitBlock, 0, nullptr); Status = 0; } } @@ -2412,12 +2432,13 @@ namespace YY::Thunks if (Last == Current) { auto GlobalKeyedEventHandle = internal::GetGlobalKeyedEventHandle(); - auto pNtReleaseKeyedEvent = try_get_NtReleaseKeyedEvent(); - - if (!pNtReleaseKeyedEvent) +#if !defined(__USING_NTDLL_LIB) + const auto NtReleaseKeyedEvent = try_get_NtReleaseKeyedEvent(); + if (!NtReleaseKeyedEvent) { internal::RaiseStatus(STATUS_RESOURCE_NOT_OWNED); } +#endif for (auto pBlock = YY_CV_GET_BLOCK(Current); pBlock;) { @@ -2425,7 +2446,7 @@ namespace YY::Thunks if (!InterlockedBitTestAndReset((volatile LONG*)&pBlock->flag, 1)) { - pNtReleaseKeyedEvent(GlobalKeyedEventHandle, pBlock, FALSE, nullptr); + NtReleaseKeyedEvent(GlobalKeyedEventHandle, pBlock, FALSE, nullptr); } pBlock = Tmp; diff --git a/src/Thunks/api-ms-win-core-systemtopology.hpp b/src/Thunks/api-ms-win-core-systemtopology.hpp index 0b2ba38..5a39a33 100644 --- a/src/Thunks/api-ms-win-core-systemtopology.hpp +++ b/src/Thunks/api-ms-win-core-systemtopology.hpp @@ -110,15 +110,17 @@ namespace YY::Thunks return FALSE; } - const auto _pfnNtQueryInformationThread = try_get_NtQueryInformationThread(); - if (!_pfnNtQueryInformationThread) +#if !defined(__USING_NTDLL_LIB) + const auto NtQueryInformationThread = try_get_NtQueryInformationThread(); + if (!NtQueryInformationThread) { SetLastError(ERROR_INVALID_FUNCTION); return FALSE; } +#endif THREAD_BASIC_INFORMATION _ThreadBasicInfo; - long _Status = _pfnNtQueryInformationThread(_hThread, ThreadBasicInformation, &_ThreadBasicInfo, sizeof(_ThreadBasicInfo), nullptr); + long _Status = NtQueryInformationThread(_hThread, ThreadBasicInformation, &_ThreadBasicInfo, sizeof(_ThreadBasicInfo), nullptr); if (_Status < 0) { diff --git a/src/Thunks/api-ms-win-core-timezone.hpp b/src/Thunks/api-ms-win-core-timezone.hpp index 5e8c1e1..6eae53e 100644 --- a/src/Thunks/api-ms-win-core-timezone.hpp +++ b/src/Thunks/api-ms-win-core-timezone.hpp @@ -159,13 +159,14 @@ namespace YY::Thunks } // 下面实现来自XP系统。 - +#if !defined(__USING_NTDLL_LIB) // Win2K存在此函数 - const auto _pfnRtlCutoverTimeToSystemTime = try_get_RtlCutoverTimeToSystemTime(); - if (!_pfnRtlCutoverTimeToSystemTime) + const auto RtlCutoverTimeToSystemTime = try_get_RtlCutoverTimeToSystemTime(); + if (!RtlCutoverTimeToSystemTime) { internal::RaiseStatus(STATUS_NOT_FOUND); } +#endif // Get the timezone information into a useful format TIME_ZONE_INFORMATION _TmpTimeZoneInformation; @@ -207,7 +208,7 @@ namespace YY::Thunks // We have timezone cutover information. Compute the // cutover dates and compute what our current bias // is - if (!_pfnRtlCutoverTimeToSystemTime(&_StandardStart, &_StandardTime, &_CurrentLocalTime, TRUE)) + if (!RtlCutoverTimeToSystemTime(&_StandardStart, &_StandardTime, &_CurrentLocalTime, TRUE)) { SetLastError(ERROR_INVALID_PARAMETER); return FALSE; @@ -224,7 +225,7 @@ namespace YY::Thunks _DaylightStart.Second = _pTimeZoneInformation->DaylightDate.wSecond; _DaylightStart.Milliseconds = _pTimeZoneInformation->DaylightDate.wMilliseconds; - if (!_pfnRtlCutoverTimeToSystemTime(&_DaylightStart, &_DaylightTime, &_CurrentLocalTime, TRUE)) + if (!RtlCutoverTimeToSystemTime(&_DaylightStart, &_DaylightTime, &_CurrentLocalTime, TRUE)) { SetLastError(ERROR_INVALID_PARAMETER); return FALSE; diff --git a/src/Thunks/api-ms-win-core-winrt-string.hpp b/src/Thunks/api-ms-win-core-winrt-string.hpp index 6419d77..1584623 100644 --- a/src/Thunks/api-ms-win-core-winrt-string.hpp +++ b/src/Thunks/api-ms-win-core-winrt-string.hpp @@ -50,7 +50,7 @@ namespace YY::Thunks return MEM_E_INVALID_SIZE; } - auto _pStringInternal = reinterpret_cast(internal::Alloc(_cbRequiredSize, HEAP_ZERO_MEMORY)); + auto _pStringInternal = reinterpret_cast(internal::Alloc((size_t)_cbRequiredSize, HEAP_ZERO_MEMORY)); if (!_pStringInternal) { return E_OUTOFMEMORY; diff --git a/src/Thunks/api-ms-win-security-base.hpp b/src/Thunks/api-ms-win-security-base.hpp index cf1da4d..4a85b96 100644 --- a/src/Thunks/api-ms-win-security-base.hpp +++ b/src/Thunks/api-ms-win-security-base.hpp @@ -31,17 +31,19 @@ return FALSE; } - const auto _pfnRtlValidSid = try_get_RtlValidSid(); - const auto _pfnRtlValidAcl = try_get_RtlValidAcl(); - const auto _pfnRtlFirstFreeAce = try_get_RtlFirstFreeAce(); - const auto _pfnRtlCopySid = try_get_RtlCopySid(); - if (_pfnRtlValidSid == nullptr || _pfnRtlValidAcl == nullptr || _pfnRtlFirstFreeAce == nullptr || _pfnRtlCopySid == nullptr) +#if !defined(__USING_NTDLL_LIB) + const auto RtlValidSid = try_get_RtlValidSid(); + const auto RtlValidAcl = try_get_RtlValidAcl(); + const auto RtlFirstFreeAce = try_get_RtlFirstFreeAce(); + const auto RtlCopySid = try_get_RtlCopySid(); + if (RtlValidSid == nullptr || RtlValidAcl == nullptr || RtlFirstFreeAce == nullptr || RtlCopySid == nullptr) { SetLastError(ERROR_FUNCTION_FAILED); return FALSE; } +#endif - if (!_pfnRtlValidSid(_pLabelSid)) + if (!RtlValidSid(_pLabelSid)) { // internal::BaseSetLastNTError(0xC0000078); SetLastError(ERROR_INVALID_SID); @@ -75,7 +77,7 @@ } _SYSTEM_MANDATORY_LABEL_ACE* _pFirstFree = nullptr; - if (_pfnRtlValidAcl(_pAcl) == FALSE || _pfnRtlFirstFreeAce(_pAcl,(PVOID*)& _pFirstFree) == FALSE) + if (RtlValidAcl(_pAcl) == FALSE || RtlFirstFreeAce(_pAcl,(PVOID*)& _pFirstFree) == FALSE) { // internal::BaseSetLastNTError(0xC0000077); SetLastError(ERROR_INVALID_ACL); @@ -94,7 +96,7 @@ _pFirstFree->Header.AceFlags = (BYTE)_fAceFlags; _pFirstFree->Header.AceSize = _cbData; _pFirstFree->Mask = _uMandatoryPolicy; - _pfnRtlCopySid(sizeof(DWORD) * _pLabelSid->SubAuthorityCount + 8, &_pFirstFree->SidStart, _pLabelSid); + RtlCopySid(sizeof(DWORD) * _pLabelSid->SubAuthorityCount + 8, &_pFirstFree->SidStart, _pLabelSid); _pAcl->AceCount++; _pAcl->AclRevision = (BYTE)_uAceRevision; diff --git a/src/Thunks/kernel32.hpp b/src/Thunks/kernel32.hpp index 4e09c70..93213e2 100644 --- a/src/Thunks/kernel32.hpp +++ b/src/Thunks/kernel32.hpp @@ -293,31 +293,36 @@ namespace YY::Thunks return FALSE; } - if (auto _pfnNtQuerySystemInformation = try_get_NtQuerySystemInformation()) +#if !defined(__USING_NTDLL_LIB) + const auto NtQuerySystemInformation = try_get_NtQuerySystemInformation(); + if (!NtQuerySystemInformation) { - SYSTEM_BOOT_ENVIRONMENT_INFORMATION _Information; - const auto _Status = (long)_pfnNtQuerySystemInformation(SystemBootEnvironmentInformation, &_Information, sizeof(_Information), nullptr); - - if (_Status >= 0) - { - *_peFirmwareType = _Information.FirmwareType; - return TRUE; - } - else if (_Status != STATUS_INVALID_INFO_CLASS && _Status != STATUS_NOT_IMPLEMENTED) - { - internal::BaseSetLastNTError(_Status); - return FALSE; - } - else - { - // 当前系统不支持 SystemBootEnvironmentInformation,应该是 Windows 2000。 - } + // 理论上不可能走到这里,最大的可能就是Windows 2000或者更早的系统了。 + // 所以我们这里兜底返回 FirmwareTypeBios,因为以前的系统只能是这个了。 + *_peFirmwareType = FIRMWARE_TYPE::FirmwareTypeBios; + return TRUE; } +#endif - // 理论上不可能走到这里,最大的可能就是Windows 2000或者更早的系统了。 - // 所以我们这里兜底返回 FirmwareTypeBios,因为以前的系统只能是这个了。 - *_peFirmwareType = FIRMWARE_TYPE::FirmwareTypeBios; - return TRUE; + SYSTEM_BOOT_ENVIRONMENT_INFORMATION _Information; + const LONG _Status = NtQuerySystemInformation(SystemBootEnvironmentInformation, &_Information, sizeof(_Information), nullptr); + + if (_Status >= 0) + { + *_peFirmwareType = _Information.FirmwareType; + return TRUE; + } + else if (_Status != STATUS_INVALID_INFO_CLASS && _Status != STATUS_NOT_IMPLEMENTED) + { + internal::BaseSetLastNTError(_Status); + return FALSE; + } + else + { + // 当前系统不支持 SystemBootEnvironmentInformation,应该是 Windows 2000。 + *_peFirmwareType = FIRMWARE_TYPE::FirmwareTypeBios; + return TRUE; + } } #endif @@ -346,59 +351,61 @@ namespace YY::Thunks return FALSE; } +#if !defined(__USING_NTDLL_LIB) + const auto NtQuerySystemInformation = try_get_NtQuerySystemInformation(); + if (!NtQuerySystemInformation) + { + // 兜底处理,现在是早期不支持VHD启动的系统。 + *_pbNativeVhdBoot = FALSE; + return TRUE; + } +#endif // Windows 7支持VHD启动,但是没有这个接口,直接调用 NtQuerySystemInformation 兼容一下。 - if (const auto _pfnNtQuerySystemInformation = try_get_NtQuerySystemInformation()) + ULONG _uReturnLength = 0; + LONG _Status = NtQuerySystemInformation(SystemVhdBootInformation, nullptr, 0, &_uReturnLength); + if (_Status == STATUS_BUFFER_TOO_SMALL) { - ULONG _uReturnLength = 0; - auto _Status = (long)_pfnNtQuerySystemInformation(SystemVhdBootInformation, nullptr, 0, &_uReturnLength); - if (_Status == STATUS_BUFFER_TOO_SMALL) + union { - union - { - char Buffer[1024]; - SYSTEM_VHD_BOOT_INFORMATION Info; - } _StaticBuffer; + char Buffer[1024]; + SYSTEM_VHD_BOOT_INFORMATION Info; + } _StaticBuffer; - if (_uReturnLength > sizeof(_StaticBuffer)) - { - const auto _hProcessHeap = ((TEB*)NtCurrentTeb())->ProcessEnvironmentBlock->ProcessHeap; - auto _pInformation = (SYSTEM_VHD_BOOT_INFORMATION*)HeapAlloc(_hProcessHeap, 0, _uReturnLength); - if (!_pInformation) - { - SetLastError(ERROR_NOT_ENOUGH_MEMORY); - return FALSE; - } - - _Status = (long)_pfnNtQuerySystemInformation(SystemVhdBootInformation, _pInformation, _uReturnLength, &_uReturnLength); - _StaticBuffer.Info.OsDiskIsVhd = _pInformation->OsDiskIsVhd; - HeapFree(_hProcessHeap, 0, _pInformation); - } - else + if (_uReturnLength > sizeof(_StaticBuffer)) + { + const auto _hProcessHeap = ((TEB*)NtCurrentTeb())->ProcessEnvironmentBlock->ProcessHeap; + auto _pInformation = (SYSTEM_VHD_BOOT_INFORMATION*)HeapAlloc(_hProcessHeap, 0, _uReturnLength); + if (!_pInformation) { - _Status = (long)_pfnNtQuerySystemInformation(SystemVhdBootInformation, &_StaticBuffer.Info, _uReturnLength, &_uReturnLength); + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return FALSE; } - if (_Status >= 0) - { - *_pbNativeVhdBoot = _StaticBuffer.Info.OsDiskIsVhd; - } + _Status = NtQuerySystemInformation(SystemVhdBootInformation, _pInformation, _uReturnLength, &_uReturnLength); + _StaticBuffer.Info.OsDiskIsVhd = _pInformation->OsDiskIsVhd; + HeapFree(_hProcessHeap, 0, _pInformation); } - else if (_Status != STATUS_INVALID_INFO_CLASS && _Status != STATUS_NOT_IMPLEMENTED) + else { - internal::BaseSetLastNTError(_Status); - return FALSE; + _Status = NtQuerySystemInformation(SystemVhdBootInformation, &_StaticBuffer.Info, _uReturnLength, &_uReturnLength); } - else + + if (_Status >= 0) { - // 当前系统不支持VHD,兜底处理。 + *_pbNativeVhdBoot = _StaticBuffer.Info.OsDiskIsVhd; + return TRUE; } } + + if (_Status != STATUS_INVALID_INFO_CLASS && _Status != STATUS_NOT_IMPLEMENTED) + { + internal::BaseSetLastNTError(_Status); + return FALSE; + } - // 兜底处理,现在是早期不支持VHD启动的系统。 - // 注意:这里故意设置 ERROR_INVALID_PARAMETER,因为从微软的行为看 - // 未使用VHD时,它将返回这个错误代码。 - SetLastError(ERROR_INVALID_PARAMETER); - return FALSE; + // 当前系统不支持VHD,兜底处理。 + *_pbNativeVhdBoot = FALSE; + return TRUE; } #endif @@ -448,14 +455,16 @@ namespace YY::Thunks return FALSE; } - const auto _pfnNtSetInformationProcess = try_get_NtSetInformationProcess(); - if (!_pfnNtSetInformationProcess) +#if !defined(__USING_NTDLL_LIB) + const auto NtSetInformationProcess = try_get_NtSetInformationProcess(); + if (!NtSetInformationProcess) { SetLastError(ERROR_NOT_SUPPORTED); return FALSE; } +#endif - LONG _Status = _pfnNtSetInformationProcess(NtCurrentProcess(), PROCESSINFOCLASS::ProcessExecuteFlags, &_uInfo, sizeof(_uInfo)); + LONG _Status = NtSetInformationProcess(NtCurrentProcess(), PROCESSINFOCLASS::ProcessExecuteFlags, &_uInfo, sizeof(_uInfo)); if (_Status >=0 || STATUS_INVALID_INFO_CLASS == _Status || STATUS_NOT_SUPPORTED == _Status) { // 如果不支持这个接口,那么也认为是成功的。反正不支持DEP。 diff --git a/src/YY-Thunks.UnitTest/api-ms-win-core-handle.UnitTest.cpp b/src/YY-Thunks.UnitTest/api-ms-win-core-handle.UnitTest.cpp index e6d8804..fc70db6 100644 --- a/src/YY-Thunks.UnitTest/api-ms-win-core-handle.UnitTest.cpp +++ b/src/YY-Thunks.UnitTest/api-ms-win-core-handle.UnitTest.cpp @@ -2,6 +2,7 @@ #include "Thunks/api-ms-win-core-handle.hpp" #pragma comment(lib, "KtmW32.lib") +#pragma comment(lib, "ntdll.lib") namespace api_ms_win_core_handle { @@ -99,16 +100,14 @@ namespace api_ms_win_core_handle { constexpr const wchar_t Name[] = L"\\KernelObjects\\CritSecOutOfMemoryEvent"; - auto pNtOpenKeyedEvent = (decltype(NtOpenKeyedEvent)*) GetProcAddress(GetModuleHandleW(L"ntdll"), "NtOpenKeyedEvent"); - UNICODE_STRING ObjectName = { sizeof(Name) - sizeof(wchar_t),sizeof(Name) - sizeof(wchar_t) ,(PWSTR)Name }; OBJECT_ATTRIBUTES attr = { sizeof(attr),nullptr,&ObjectName }; HANDLE _hHandle1; - pNtOpenKeyedEvent(&_hHandle1, MAXIMUM_ALLOWED, &attr); + NtOpenKeyedEvent(&_hHandle1, MAXIMUM_ALLOWED, &attr); HANDLE _hHandle2; - pNtOpenKeyedEvent(&_hHandle2, MAXIMUM_ALLOWED, &attr); + NtOpenKeyedEvent(&_hHandle2, MAXIMUM_ALLOWED, &attr); Assert::IsTrue(::CompareObjectHandles(_hHandle1, _hHandle2));