Petr Beneš wbenny
- Brno, Czech Republic
- Sign in to view email
- https://twitter.com/PetrBenes
wbenny
/ KCONTINUE.h
Last active Dec 16, 2019
View KCONTINUE.h
| // | |
| // NtContinueEx is now used by ntdll!KiUserApcDispatcher. | |
| // The KCONTINUE_ARGUMENT structure is built in the KiInitializeUserApc | |
| // function. | |
| // | |
| typedef enum _KCONTINUE_TYPE | |
| { | |
| KCONTINUE_UNWIND, | |
| KCONTINUE_RESUME, |
wbenny
/ wordpad_startup_callstack.txt
Created Feb 1, 2019
View wordpad_startup_callstack.txt
| USER32!GetWindowRect+0x7 | |
| wordpad!CAppletZoomControl::CenterControl+0x44 | |
| wordpad!CAppletZoomControl::OnSize+0x15 | |
| MFC42u!CWnd::OnWndMsg+0x6a1 | |
| MFC42u!CWnd::WindowProc+0x51 | |
| MFC42u!AfxCallWndProc+0x149 | |
| MFC42u!AfxWndProcBase+0x150 | |
| USER32!UserCallWinProcCheckWow+0x266 | |
| USER32!DispatchClientMessage+0x9c | |
| USER32!_fnDWORD+0x33 |
wbenny
/ user32_undoc.txt
Created Dec 11, 2018
View user32_undoc.txt
| AlignRects | |
| AllowForegroundActivation | |
| BroadcastSystemMessage | |
| BuildReasonArray | |
| CalcMenuBar | |
| CallMsgFilter | |
| CascadeChildWindows | |
| CheckDBCSEnabledExt | |
| CheckProcessForClipboardAccess | |
| CheckProcessSession |
wbenny
/ kernel32_undoc.txt
Created Dec 11, 2018
View kernel32_undoc.txt
| ActivateActCtxWorker | |
| AddLocalAlternateComputerNameA | |
| AddLocalAlternateComputerNameW | |
| AddRefActCtxWorker | |
| AdjustCalendarDate | |
| AppXGetOSMaxVersionTested | |
| BaseCheckAppcompatCache | |
| BaseCheckAppcompatCacheEx | |
| BaseCheckAppcompatCacheExWorker | |
| BaseCheckAppcompatCacheWorker |
wbenny
/ intel-sdm-201805-201811.diff
Created Nov 23, 2018
View intel-sdm-201805-201811.diff
This file has been truncated, but you can view the full file.
| diff --git a/2018may.txt b/2018nov.txt | |
| index f007f17..4270c98 100644 | |
| --- a/2018may.txt | |
| +++ b/2018nov.txt | |
| @@ -8,8 +8,8 @@ Developer's Manual: Basic Architecture, Order Number 253665; Instruction Set Ref | |
| Number 325383; System Programming Guide, Order Number 325384; Model-Specific Registers, Order | |
| Number 335592. Refer to all four volumes when evaluating your design needs. | |
| -Order Number: 325462-067US |
wbenny
/ NtGenericCall.h
Last active Dec 17, 2019
View NtGenericCall.h
| #include <ntdll_windows.h> | |
| #include <ntdll.h> | |
| // extern "C" | |
| // UINT_PTR | |
| // NTAPI | |
| // MwGenericCall( | |
| // ULONG SyscallNumber, | |
| // ULONG ArgumentCount, | |
| // va_list ArgumentList |
wbenny
/ 2_NtWow64CallFunction64_Wow64FunctionTurboThunkControl.h
Created Nov 4, 2018
View 2_NtWow64CallFunction64_Wow64FunctionTurboThunkControl.h
| #define WOW64_TURBO_THUNK_DISABLE 0 | |
| #define WOW64_TURBO_THUNK_ENABLE 1 // STATUS_NOT_SUPPORTED :( | |
| ThunkInput = WOW64_TURBO_THUNK_DISABLE; | |
| Status = NtWow64CallFunction64(Wow64FunctionTurboThunkControl, | |
| 0, | |
| sizeof(ThunkInput), | |
| &ThunkInput, | |
| 0, | |
| NULL, |
wbenny
/ 2_NtWow64CallFunction64.h
Created Nov 4, 2018
View 2_NtWow64CallFunction64.h
| typedef enum _WOW64_FUNCTION { | |
| Wow64Function64Nop, | |
| Wow64FunctionQueryProcessDebugInfo, | |
| Wow64FunctionTurboThunkControl, | |
| Wow64FunctionCfgDispatchControl, | |
| Wow64FunctionOptimizeChpeImportThunks, | |
| } WOW64_FUNCTION; | |
| NTSYSCALLAPI | |
| NTSTATUS |
wbenny
/ 2_WOW64_SERVICE_TABLE_DESCRIPTOR.h
Created Nov 4, 2018
View 2_WOW64_SERVICE_TABLE_DESCRIPTOR.h
| typedef struct _WOW64_ERROR_CASE { | |
| ULONG Case; | |
| NTSTATUS TransformedStatus; | |
| } WOW64_ERROR_CASE, *PWOW64_ERROR_CASE; | |
| typedef struct _WOW64_SERVICE_TABLE_DESCRIPTOR { | |
| KSERVICE_TABLE_DESCRIPTOR Descriptor; |
wbenny
/ 2_WOW64_SYSTEM_SERVICE_2.h
Created Nov 4, 2018
View 2_WOW64_SYSTEM_SERVICE_2.h
| typedef struct _WOW64_SYSTEM_SERVICE | |
| { | |
| ULONG SystemCallNumber : 12; | |
| ULONG ServiceTableIndex : 4; | |
| ULONG TurboThunkNumber : 5; // Can hold values 0 - 31 | |
| ULONG AlwaysZero : 11; | |
| } WOW64_SYSTEM_SERVICE, *PWOW64_SYSTEM_SERVICE; |
NewerOlder