wbenny/NTDLL_EXPORTS.h

## NTDLL_EXPORTS.h
typedef struct _PS_NTDLL_EXPORT_ITEM {
    PCSTR RoutineName;
    PVOID RoutineAddress;
} PS_NTDLL_EXPORT_ITEM, *PPS_NTDLL_EXPORT_ITEM;

PS_NTDLL_EXPORT_ITEM NtdllExports[] = {
    //
    // 19 exports on x64
    // 14 exports on ARM64
    //
};

PVOID PsWowX86SharedInformation[Wow64SharedPageEntriesCount];

PS_NTDLL_EXPORT_ITEM NtdllWowX86Exports[] = {
    { "LdrInitializeThunk",
       &PsWowX86SharedInformation[SharedNtdll32LdrInitializeThunk] },
    { "KiUserExceptionDispatcher",
       &PsWowX86SharedInformation[SharedNtdll32KiUserExceptionDispatcher] },
    { "KiUserApcDispatcher",
       &PsWowX86SharedInformation[SharedNtdll32KiUserApcDispatcher] },
    { "KiUserCallbackDispatcher",
       &PsWowX86SharedInformation[SharedNtdll32KiUserCallbackDispatcher] },
    { "RtlUserThreadStart",
       &PsWowX86SharedInformation[SharedNtdll32RtlUserThreadStart] },
    { "RtlpQueryProcessDebugInformationRemote",
       &PsWowX86SharedInformation[SharedNtdll32pQueryProcessDebugInformationRemote] },
    { "LdrSystemDllInitBlock",
       &PsWowX86SharedInformation[SharedNtdll32LdrSystemDllInitBlock] },
    { "RtlpFreezeTimeBias",
       &PsWowX86SharedInformation[SharedNtdll32RtlpFreezeTimeBias] },
};

#ifdef _M_ARM64

PVOID PsWowArm32SharedInformation[Wow64SharedPageEntriesCount];
PS_NTDLL_EXPORT_ITEM NtdllWowArm32Exports[] = {
    //
    // ...
    //
};

PVOID PsWowAmd64SharedInformation[Wow64SharedPageEntriesCount];
PS_NTDLL_EXPORT_ITEM NtdllWowAmd64Exports[] = {
    //
    // ...
    //
};

PVOID PsWowChpeX86SharedInformation[Wow64SharedPageEntriesCount];
PS_NTDLL_EXPORT_ITEM NtdllWowChpeX86Exports[] = {
    //
    // ...
    //
};

#endif // _M_ARM64

//
// ...
//

typedef struct _PS_NTDLL_EXPORT_INFORMATION {
    PPS_NTDLL_EXPORT_ITEM NtdllExports;
    SIZE_T                Count;
} PS_NTDLL_EXPORT_INFORMATION, *PPS_NTDLL_EXPORT_INFORMATION;

//
// RTL_NUMBER_OF(NtdllExportInformation)
//     == 6
//     == (SYSTEM_DLL_TYPE)PsSystemDllTotalTypes
//

PS_NTDLL_EXPORT_INFORMATION NtdllExportInformation[PsSystemDllTotalTypes] = {
    { NtdllExports,           RTL_NUMBER_OF(NtdllExports) },
    { NtdllWowX86Exports,     RTL_NUMBER_OF(NtdllWowX86Exports) },
#ifdef _M_ARM64
    { NtdllWowArm32Exports,   RTL_NUMBER_OF(NtdllWowArm32Exports) },
    { NtdllWowAmd64Exports,   RTL_NUMBER_OF(NtdllWowAmd64Exports) },
    { NtdllWowChpeX86Exports, RTL_NUMBER_OF(NtdllWowChpeX86Exports) },
#endif // _M_ARM64

    //
    // { NULL, 0 } for the rest...
    //
};
	typedef struct _PS_NTDLL_EXPORT_ITEM {
	PCSTR RoutineName;
	PVOID RoutineAddress;
	} PS_NTDLL_EXPORT_ITEM, *PPS_NTDLL_EXPORT_ITEM;

	PS_NTDLL_EXPORT_ITEM NtdllExports[] = {
	//
	// 19 exports on x64
	// 14 exports on ARM64
	//
	};

	PVOID PsWowX86SharedInformation[Wow64SharedPageEntriesCount];

	PS_NTDLL_EXPORT_ITEM NtdllWowX86Exports[] = {
	{ "LdrInitializeThunk",
	&PsWowX86SharedInformation[SharedNtdll32LdrInitializeThunk] },
	{ "KiUserExceptionDispatcher",
	&PsWowX86SharedInformation[SharedNtdll32KiUserExceptionDispatcher] },
	{ "KiUserApcDispatcher",
	&PsWowX86SharedInformation[SharedNtdll32KiUserApcDispatcher] },
	{ "KiUserCallbackDispatcher",
	&PsWowX86SharedInformation[SharedNtdll32KiUserCallbackDispatcher] },
	{ "RtlUserThreadStart",
	&PsWowX86SharedInformation[SharedNtdll32RtlUserThreadStart] },
	{ "RtlpQueryProcessDebugInformationRemote",
	&PsWowX86SharedInformation[SharedNtdll32pQueryProcessDebugInformationRemote] },
	{ "LdrSystemDllInitBlock",
	&PsWowX86SharedInformation[SharedNtdll32LdrSystemDllInitBlock] },
	{ "RtlpFreezeTimeBias",
	&PsWowX86SharedInformation[SharedNtdll32RtlpFreezeTimeBias] },
	};

	#ifdef _M_ARM64

	PVOID PsWowArm32SharedInformation[Wow64SharedPageEntriesCount];
	PS_NTDLL_EXPORT_ITEM NtdllWowArm32Exports[] = {
	//
	// ...
	//
	};

	PVOID PsWowAmd64SharedInformation[Wow64SharedPageEntriesCount];
	PS_NTDLL_EXPORT_ITEM NtdllWowAmd64Exports[] = {
	//
	// ...
	//
	};

	PVOID PsWowChpeX86SharedInformation[Wow64SharedPageEntriesCount];
	PS_NTDLL_EXPORT_ITEM NtdllWowChpeX86Exports[] = {
	//
	// ...
	//
	};

	#endif // _M_ARM64

	//
	// ...
	//

	typedef struct _PS_NTDLL_EXPORT_INFORMATION {
	PPS_NTDLL_EXPORT_ITEM NtdllExports;
	SIZE_T Count;
	} PS_NTDLL_EXPORT_INFORMATION, *PPS_NTDLL_EXPORT_INFORMATION;

	//
	// RTL_NUMBER_OF(NtdllExportInformation)
	// == 6
	// == (SYSTEM_DLL_TYPE)PsSystemDllTotalTypes
	//

	PS_NTDLL_EXPORT_INFORMATION NtdllExportInformation[PsSystemDllTotalTypes] = {
	{ NtdllExports, RTL_NUMBER_OF(NtdllExports) },
	{ NtdllWowX86Exports, RTL_NUMBER_OF(NtdllWowX86Exports) },
	#ifdef _M_ARM64
	{ NtdllWowArm32Exports, RTL_NUMBER_OF(NtdllWowArm32Exports) },
	{ NtdllWowAmd64Exports, RTL_NUMBER_OF(NtdllWowAmd64Exports) },
	{ NtdllWowChpeX86Exports, RTL_NUMBER_OF(NtdllWowChpeX86Exports) },
	#endif // _M_ARM64

	//
	// { NULL, 0 } for the rest...
	//
	};