Petr Beneš wbenny

## NtGenericCall.h
#include <ntdll_windows.h>
#include <ntdll.h>

// extern "C"
// UINT_PTR
// NTAPI
// MwGenericCall(
//   ULONG SyscallNumber,
//   ULONG ArgumentCount,
//   va_list ArgumentList

## versioninfo.cpp
#define _CRT_SECURE_NO_WARNINGS
#define _SILENCE_CXX17_CODECVT_HEADER_DEPRECATION_WARNING
#define _SILENCE_CXX20_CODECVT_FACETS_DEPRECATION_WARNING
#define NOMINMAX
#include <cassert>
#include <cstddef>
#include <cstdlib>

#include <algorithm>
#include <codecvt>

## user32_undoc.txt
AlignRects
AllowForegroundActivation
BroadcastSystemMessage
BuildReasonArray
CalcMenuBar
CallMsgFilter
CascadeChildWindows
CheckDBCSEnabledExt
CheckProcessForClipboardAccess
CheckProcessSession

## wordpad_startup_callstack.txt
USER32!GetWindowRect+0x7
wordpad!CAppletZoomControl::CenterControl+0x44
wordpad!CAppletZoomControl::OnSize+0x15
MFC42u!CWnd::OnWndMsg+0x6a1
MFC42u!CWnd::WindowProc+0x51
MFC42u!AfxCallWndProc+0x149
MFC42u!AfxWndProcBase+0x150
USER32!UserCallWinProcCheckWow+0x266
USER32!DispatchClientMessage+0x9c
USER32!_fnDWORD+0x33

## intel-sdm-201805-201811.diff
diff --git a/2018may.txt b/2018nov.txt
index f007f17..4270c98 100644
--- a/2018may.txt
+++ b/2018nov.txt
@@ -8,8 +8,8 @@ Developer's Manual: Basic Architecture, Order Number 253665; Instruction Set Ref
 Number 325383; System Programming Guide, Order Number 325384; Model-Specific Registers, Order
 Number 335592. Refer to all four volumes when evaluating your design needs.

-Order Number: 325462-067US
-May 2018

## 2_NtWow64CallFunction64_Wow64FunctionTurboThunkControl.h
#define WOW64_TURBO_THUNK_DISABLE 0
#define WOW64_TURBO_THUNK_ENABLE  1   // STATUS_NOT_SUPPORTED :(

    ThunkInput = WOW64_TURBO_THUNK_DISABLE;
    Status = NtWow64CallFunction64(Wow64FunctionTurboThunkControl,
                                   0,
                                   sizeof(ThunkInput),
                                   &ThunkInput,
                                   0,
                                   NULL,

## 2_NtWow64CallFunction64.h
typedef enum _WOW64_FUNCTION {
    Wow64Function64Nop,
    Wow64FunctionQueryProcessDebugInfo,
    Wow64FunctionTurboThunkControl,
    Wow64FunctionCfgDispatchControl,
    Wow64FunctionOptimizeChpeImportThunks,
} WOW64_FUNCTION;

NTSYSCALLAPI
NTSTATUS

## 2_WOW64_SYSTEM_SERVICE_2.h
typedef struct _WOW64_SYSTEM_SERVICE
{
    ULONG SystemCallNumber  : 12;
    ULONG ServiceTableIndex :  4;
    ULONG TurboThunkNumber  :  5; // Can hold values 0 - 31
    ULONG AlwaysZero        : 11;
} WOW64_SYSTEM_SERVICE, *PWOW64_SYSTEM_SERVICE;

## 2_WOW64_SYSTEM_SERVICE_1.h
typedef struct _WOW64_SYSTEM_SERVICE
{
    USHORT SystemCallNumber  : 12;
    USHORT ServiceTableIndex :  4;
} WOW64_SYSTEM_SERVICE, *PWOW64_SYSTEM_SERVICE;

## 2_NtWaitForSingleObject.h
NTSTATUS
NTAPI
NtWaitForSingleObject(
    _In_ HANDLE         Handle,
    _In_ BOOLEAN        Alertable,
    _In_ PLARGE_INTEGER Timeout
    );
	#include <ntdll_windows.h>
	#include <ntdll.h>

	// extern "C"
	// UINT_PTR
	// NTAPI
	// MwGenericCall(
	// ULONG SyscallNumber,
	// ULONG ArgumentCount,
	// va_list ArgumentList
	#define _CRT_SECURE_NO_WARNINGS
	#define _SILENCE_CXX17_CODECVT_HEADER_DEPRECATION_WARNING
	#define _SILENCE_CXX20_CODECVT_FACETS_DEPRECATION_WARNING
	#define NOMINMAX
	#include <cassert>
	#include <cstddef>
	#include <cstdlib>

	#include <algorithm>
	#include <codecvt>
	AlignRects
	AllowForegroundActivation
	BroadcastSystemMessage
	BuildReasonArray
	CalcMenuBar
	CallMsgFilter
	CascadeChildWindows
	CheckDBCSEnabledExt
	CheckProcessForClipboardAccess
	CheckProcessSession
	USER32!GetWindowRect+0x7
	wordpad!CAppletZoomControl::CenterControl+0x44
	wordpad!CAppletZoomControl::OnSize+0x15
	MFC42u!CWnd::OnWndMsg+0x6a1
	MFC42u!CWnd::WindowProc+0x51
	MFC42u!AfxCallWndProc+0x149
	MFC42u!AfxWndProcBase+0x150
	USER32!UserCallWinProcCheckWow+0x266
	USER32!DispatchClientMessage+0x9c
	USER32!_fnDWORD+0x33
	diff --git a/2018may.txt b/2018nov.txt
	index f007f17..4270c98 100644
	--- a/2018may.txt
	+++ b/2018nov.txt
	@@ -8,8 +8,8 @@ Developer's Manual: Basic Architecture, Order Number 253665; Instruction Set Ref
	Number 325383; System Programming Guide, Order Number 325384; Model-Specific Registers, Order
	Number 335592. Refer to all four volumes when evaluating your design needs.

	-Order Number: 325462-067US
	-May 2018
	#define WOW64_TURBO_THUNK_DISABLE 0
	#define WOW64_TURBO_THUNK_ENABLE 1 // STATUS_NOT_SUPPORTED :(

	ThunkInput = WOW64_TURBO_THUNK_DISABLE;
	Status = NtWow64CallFunction64(Wow64FunctionTurboThunkControl,
	0,
	sizeof(ThunkInput),
	&ThunkInput,
	0,
	NULL,
	typedef enum _WOW64_FUNCTION {
	Wow64Function64Nop,
	Wow64FunctionQueryProcessDebugInfo,
	Wow64FunctionTurboThunkControl,
	Wow64FunctionCfgDispatchControl,
	Wow64FunctionOptimizeChpeImportThunks,
	} WOW64_FUNCTION;

	NTSYSCALLAPI
	NTSTATUS
	typedef struct _WOW64_SYSTEM_SERVICE
	{
	ULONG SystemCallNumber : 12;
	ULONG ServiceTableIndex : 4;
	ULONG TurboThunkNumber : 5; // Can hold values 0 - 31
	ULONG AlwaysZero : 11;
	} WOW64_SYSTEM_SERVICE, *PWOW64_SYSTEM_SERVICE;
	typedef struct _WOW64_SYSTEM_SERVICE
	{
	USHORT SystemCallNumber : 12;
	USHORT ServiceTableIndex : 4;
	} WOW64_SYSTEM_SERVICE, *PWOW64_SYSTEM_SERVICE;
	NTSTATUS
	NTAPI
	NtWaitForSingleObject(
	_In_ HANDLE Handle,
	_In_ BOOLEAN Alertable,
	_In_ PLARGE_INTEGER Timeout
	);