hfiref0x

## ci.asm
16299

PAGE:00000001C0026144 4C 8B CB                                                        mov     r9, rbx
PAGE:00000001C0026147 4C 8B C7                                                        mov     r8, rdi
PAGE:00000001C002614A 48 8B D6                                                        mov     rdx, rsi
PAGE:00000001C002614D 8B CD                                                           mov     ecx, ebp
PAGE:00000001C002614F E8 A0 07 00 00                                                  call    CipInitialize

17134.1
PAGE:00000001C0027144 4C 8B CB                                                        mov     r9, rbx

## directio.c
typedef struct _MAP_PARAMS {
   HANDLE SectionHandle;
   PVOID MapBaseAddressIoSpace;
   PMDL AllocatedMdl;
   DWORD MapSize;
   LARGE_INTEGER Offset;
   PVOID MapBaseAddress;
   BOOLEAN Writeable;
} MAP_PARAMS, *PMAP_PARAMS; //sizeof 45 bytes

## passmarkdrv.cpp
#include "global.h"


#define EPROCESS_UniqueProcessId_1809 0x2E0
#define EPROCESS_ActiveProcessLinks_1809 EPROCESS_UniqueProcessId_1809 + sizeof(HANDLE)
#define EPROCESS_Token_1809 0x358

#define EPROCESS_UniqueProcessId_1903 0x02E8
#define EPROCESS_ActiveProcessLinks_1903 EPROCESS_UniqueProcessId_1903 + sizeof(HANDLE)
#define EPROCESS_Token_1903 0x360

## NtUserSetWindowsHookEx.cpp
#include <Windows.h>
#include <cstdio>

typedef NTSTATUS(NTAPI* pfnNtUserSetWindowsHookEx)(
    ULONG_PTR Param1,
    ULONG_PTR Param2,
    ULONG_PTR Param3,
    ULONG_PTR Param4,
    ULONG_PTR Param5,
    ULONG_PTR Param6);

## NtCreateIoRing.cpp
#include <Windows.h>
#include <cstdio>

typedef NTSTATUS(NTAPI* pfnNtCreateIoRing)(
    ULONG_PTR Param1,
    ULONG_PTR Param2,
    ULONG_PTR Param3,
    ULONG_PTR Param4
    );

## fusion.c
#include <fusion.h>

typedef HRESULT(WINAPI* pfnCreateAssemblyEnum)(
    _Out_ IAssemblyEnum** pEnum,
    _In_opt_  IUnknown* pUnkReserved,
    _In_opt_  IAssemblyName* pName,
    _In_  DWORD dwFlags,
    _Reserved_  LPVOID pvReserved);

typedef HRESULT(WINAPI* pfnCreateAssemblyCache)(

## enetech_new.c
#include <windows.h>
#include <cstdio>
#include "ntos.h"

#define WINIO_DEVICE_TYPE    (DWORD)0x8010

#define WINIO_MAP_FUNCID     (DWORD)0x810
#define WINIO_UNMAP_FUNCID   (DWORD)0x811

#define IOCTL_WINIO_MAP_USER_PHYSICAL_MEMORY     \

## gist:720e2caf58a770117caa1d51d2745491
#pragma warning(disable: 4005)

#include <windows.h>
#include <cstdio>
#include <ntstatus.h>

typedef NTSTATUS (NTAPI *pfnNtCreateEnclave)(
    _In_ HANDLE ProcessHandle,
    _Inout_ PVOID* BaseAddress,
    _In_ ULONG_PTR ZeroBits,

## SecureAPlus.c
#pragma warning(disable: 4005)

#include <windows.h>
#include <strsafe.h>
#include <ntstatus.h>
#include "ntos.h"

NTSTATUS CallDriver(
    _In_ HANDLE DeviceHandle,
    _In_ ULONG IoControlCode,

## imf.c
#pragma warning(disable: 4005)

#include <windows.h>
#include <strsafe.h>
#include <ntstatus.h>
#include "ntos.h"

NTSTATUS CallDriver(
    _In_ HANDLE DeviceHandle,
    _In_ ULONG IoControlCode,
	16299

	PAGE:00000001C0026144 4C 8B CB mov r9, rbx
	PAGE:00000001C0026147 4C 8B C7 mov r8, rdi
	PAGE:00000001C002614A 48 8B D6 mov rdx, rsi
	PAGE:00000001C002614D 8B CD mov ecx, ebp
	PAGE:00000001C002614F E8 A0 07 00 00 call CipInitialize

	17134.1
	PAGE:00000001C0027144 4C 8B CB mov r9, rbx
	typedef struct _MAP_PARAMS {
	HANDLE SectionHandle;
	PVOID MapBaseAddressIoSpace;
	PMDL AllocatedMdl;
	DWORD MapSize;
	LARGE_INTEGER Offset;
	PVOID MapBaseAddress;
	BOOLEAN Writeable;
	} MAP_PARAMS, *PMAP_PARAMS; //sizeof 45 bytes
	#include "global.h"


	#define EPROCESS_UniqueProcessId_1809 0x2E0
	#define EPROCESS_ActiveProcessLinks_1809 EPROCESS_UniqueProcessId_1809 + sizeof(HANDLE)
	#define EPROCESS_Token_1809 0x358

	#define EPROCESS_UniqueProcessId_1903 0x02E8
	#define EPROCESS_ActiveProcessLinks_1903 EPROCESS_UniqueProcessId_1903 + sizeof(HANDLE)
	#define EPROCESS_Token_1903 0x360
	#include <Windows.h>
	#include <cstdio>

	typedef NTSTATUS(NTAPI* pfnNtUserSetWindowsHookEx)(
	ULONG_PTR Param1,
	ULONG_PTR Param2,
	ULONG_PTR Param3,
	ULONG_PTR Param4,
	ULONG_PTR Param5,
	ULONG_PTR Param6);
	#include <Windows.h>
	#include <cstdio>

	typedef NTSTATUS(NTAPI* pfnNtCreateIoRing)(
	ULONG_PTR Param1,
	ULONG_PTR Param2,
	ULONG_PTR Param3,
	ULONG_PTR Param4
	);
	#include <fusion.h>

	typedef HRESULT(WINAPI* pfnCreateAssemblyEnum)(
	_Out_ IAssemblyEnum** pEnum,
	_In_opt_ IUnknown* pUnkReserved,
	_In_opt_ IAssemblyName* pName,
	_In_ DWORD dwFlags,
	_Reserved_ LPVOID pvReserved);

	typedef HRESULT(WINAPI* pfnCreateAssemblyCache)(
	#include <windows.h>
	#include <cstdio>
	#include "ntos.h"

	#define WINIO_DEVICE_TYPE (DWORD)0x8010

	#define WINIO_MAP_FUNCID (DWORD)0x810
	#define WINIO_UNMAP_FUNCID (DWORD)0x811

	#define IOCTL_WINIO_MAP_USER_PHYSICAL_MEMORY \
	#pragma warning(disable: 4005)

	#include <windows.h>
	#include <cstdio>
	#include <ntstatus.h>

	typedef NTSTATUS (NTAPI *pfnNtCreateEnclave)(
	_In_ HANDLE ProcessHandle,
	_Inout_ PVOID* BaseAddress,
	_In_ ULONG_PTR ZeroBits,
	#pragma warning(disable: 4005)

	#include <windows.h>
	#include <strsafe.h>
	#include <ntstatus.h>
	#include "ntos.h"

	NTSTATUS CallDriver(
	_In_ HANDLE DeviceHandle,
	_In_ ULONG IoControlCode,