msmania/Makefile

## main.cpp
#include <windows.h>
#include <stdio.h>
#include <cstdint>

NTSTATUS NTAPI WnfCallback(uint64_t, void*, void*, void*, void*, void*);
extern "C" {
  NTSTATUS NTAPI RtlQueryWnfStateData(uint32_t*,
                                      uint64_t,
                                      decltype(WnfCallback),
                                      size_t,
                                      size_t);
  NTSTATUS NTAPI
  RtlSubscribeWnfStateChangeNotification(void*,
                                         uint64_t,
                                         uint32_t,
                                         decltype(WnfCallback),
                                         size_t,
                                         size_t,
                                         size_t,
                                         size_t);
}

constexpr uint64_t WNF_EDGE_LAST_NAVIGATED_HOST = 0x04810a28a3bc08f5;

NTSTATUS NTAPI WnfCallback(uint64_t p1,
                           void *p2,
                           void *p3,
                           void *p4,
                           void *p5,
                           void *p6) {
  if (p1 == WNF_EDGE_LAST_NAVIGATED_HOST && p5) {
    printf("[%04x] %p %p %p %p %ws\n",
           GetCurrentThreadId(),
           p2,
           p3,
           p4,
           p6,
           reinterpret_cast<LPCWSTR>(p5));
  }
  return 0;
}

int main() {
  uint32_t buf1{};
  NTSTATUS status = RtlQueryWnfStateData(&buf1,
                                         WNF_EDGE_LAST_NAVIGATED_HOST,
                                         WnfCallback,
                                         0, 0);
  if (status == 0) {
    size_t buf2{};
    status = RtlSubscribeWnfStateChangeNotification(
                &buf2,
                WNF_EDGE_LAST_NAVIGATED_HOST,
                buf1,
                WnfCallback,
                0, 0, 0, 1);
    if (status == 0) {
      printf("Successfully subscribed: %08x %zx\n", buf1, buf2);
      for (;;) Sleep(100);
    }
    else {
      printf("RtlSubscribeWnfStateChangeNotification failed - %08x\n", status);
    }
  }
  else {
    printf("NtQueryWnfStateData failed - %08x\n", status);
  }
  return 0;
}

## Makefile
!IF "$(PLATFORM)"=="X64" || "$(PLATFORM)"=="x64"
ARCH=amd64
!ELSE
ARCH=x86
!ENDIF

OUTDIR=bin\$(ARCH)
OBJDIR=obj\$(ARCH)
SRCDIR=.

CC=cl
RD=rd /s /q
RM=del /q
LINKER=link
TARGET=t.exe

OBJS=\
	$(OBJDIR)\main.obj\

LIBS=\
	ntdll.lib\

CFLAGS=\
	/nologo\
	/c\
	/Od\
	/W4\
	/Zi\
	/EHsc\
	/DUNICODE\
	/Fo"$(OBJDIR)\\"\
	/Fd"$(OBJDIR)\\"\

LFLAGS=\
	/NOLOGO\
	/DEBUG\
	/SUBSYSTEM:CONSOLE\

all: $(OUTDIR)\$(TARGET)

$(OUTDIR)\$(TARGET): $(OBJS)
	@if not exist $(OUTDIR) mkdir $(OUTDIR)
	$(LINKER) $(LFLAGS) $(LIBS) /PDB:"$(@R).pdb" /OUT:$@ $**

{$(SRCDIR)}.cpp{$(OBJDIR)}.obj:
	@if not exist $(OBJDIR) mkdir $(OBJDIR)
	$(CC) $(CFLAGS) $<

clean:
	@if exist $(OBJDIR) $(RD) $(OBJDIR)
	@if exist $(OUTDIR)\$(TARGET) $(RM) $(OUTDIR)\$(TARGET)
	@if exist $(OUTDIR)\$(TARGET:exe=ilk) $(RM) $(OUTDIR)\$(TARGET:exe=ilk)
	@if exist $(OUTDIR)\$(TARGET:exe=pdb) $(RM) $(OUTDIR)\$(TARGET:exe=pdb)
	#include <windows.h>
	#include <stdio.h>
	#include <cstdint>

	NTSTATUS NTAPI WnfCallback(uint64_t, void, void, void, void, void*);
	extern "C" {
	NTSTATUS NTAPI RtlQueryWnfStateData(uint32_t*,
	uint64_t,
	decltype(WnfCallback),
	size_t,
	size_t);
	NTSTATUS NTAPI
	RtlSubscribeWnfStateChangeNotification(void*,
	uint64_t,
	uint32_t,
	decltype(WnfCallback),
	size_t,
	size_t,
	size_t,
	size_t);
	}

	constexpr uint64_t WNF_EDGE_LAST_NAVIGATED_HOST = 0x04810a28a3bc08f5;

	NTSTATUS NTAPI WnfCallback(uint64_t p1,
	void *p2,
	void *p3,
	void *p4,
	void *p5,
	void *p6) {
	if (p1 == WNF_EDGE_LAST_NAVIGATED_HOST && p5) {
	printf("[%04x] %p %p %p %p %ws\n",
	GetCurrentThreadId(),
	p2,
	p3,
	p4,
	p6,
	reinterpret_cast<LPCWSTR>(p5));
	}
	return 0;
	}

	int main() {
	uint32_t buf1{};
	NTSTATUS status = RtlQueryWnfStateData(&buf1,
	WNF_EDGE_LAST_NAVIGATED_HOST,
	WnfCallback,
	0, 0);
	if (status == 0) {
	size_t buf2{};
	status = RtlSubscribeWnfStateChangeNotification(
	&buf2,
	WNF_EDGE_LAST_NAVIGATED_HOST,
	buf1,
	WnfCallback,
	0, 0, 0, 1);
	if (status == 0) {
	printf("Successfully subscribed: %08x %zx\n", buf1, buf2);
	for (;;) Sleep(100);
	}
	else {
	printf("RtlSubscribeWnfStateChangeNotification failed - %08x\n", status);
	}
	}
	else {
	printf("NtQueryWnfStateData failed - %08x\n", status);
	}
	return 0;
	}
	!IF "$(PLATFORM)"=="X64" \|\| "$(PLATFORM)"=="x64"
	ARCH=amd64
	!ELSE
	ARCH=x86
	!ENDIF

	OUTDIR=bin\$(ARCH)
	OBJDIR=obj\$(ARCH)
	SRCDIR=.

	CC=cl
	RD=rd /s /q
	RM=del /q
	LINKER=link
	TARGET=t.exe

	OBJS=\
	$(OBJDIR)\main.obj\

	LIBS=\
	ntdll.lib\

	CFLAGS=\
	/nologo\
	/c\
	/Od\
	/W4\
	/Zi\
	/EHsc\
	/DUNICODE\
	/Fo"$(OBJDIR)\\"\
	/Fd"$(OBJDIR)\\"\

	LFLAGS=\
	/NOLOGO\
	/DEBUG\
	/SUBSYSTEM:CONSOLE\

	all: $(OUTDIR)\$(TARGET)

	$(OUTDIR)\$(TARGET): $(OBJS)
	@if not exist $(OUTDIR) mkdir $(OUTDIR)
	$(LINKER) $(LFLAGS) $(LIBS) /PDB:"$(@R).pdb" /OUT:$@ $**

	{$(SRCDIR)}.cpp{$(OBJDIR)}.obj:
	@if not exist $(OBJDIR) mkdir $(OBJDIR)
	$(CC) $(CFLAGS) $<

	clean:
	@if exist $(OBJDIR) $(RD) $(OBJDIR)
	@if exist $(OUTDIR)\$(TARGET) $(RM) $(OUTDIR)\$(TARGET)
	@if exist $(OUTDIR)\$(TARGET:exe=ilk) $(RM) $(OUTDIR)\$(TARGET:exe=ilk)
	@if exist $(OUTDIR)\$(TARGET:exe=pdb) $(RM) $(OUTDIR)\$(TARGET:exe=pdb)