Merge branch 'main' into main

dlls/kernelx/Exports.def

@@ -9,15 +9,10 @@ EXPORTS
 	CreateFileW				= CreateFileW_X					@44
 	CreateThread			= CreateThread_X				@60
 	DebugBreak				= DebugBreak_X					@71
-	DecodePointer			= NTDLL.RtlDecodePointer		@72
-	DeleteCriticalSection	= NTDLL.RtlDeleteCriticalSection @74
 	DeleteFileW				= DeleteFileW_X					@77
 	DeviceIoControl			= DeviceIoControl_X				@80
 	DisableThreadLibraryCalls = DisableThreadLibraryCalls_X	@81
-	EventRegister			= NTDLL.EtwEventRegister		@95
 	EnterCriticalSection	= EnterCriticalSection_X		@87
-	EventUnregister			= NTDLL.EtwEventUnregister		@97
-	EventWrite				= NTDLL.EtwEventWrite			@98
 	ExitProcess				= ExitProcess_X					@102
 	FileTimeToSystemTime	= FileTimeToSystemTime_X		@107
 	FindClose				= FindClose_X					@109
@@ -44,17 +39,11 @@ EXPORTS
 	GetTickCount			= GetTickCount_X				@231
 	GetUserDefaultLocaleName = GetUserDefaultLocaleName_X	@242
 	GetUserGeoID			= GetUserGeoID_X				@243
-	HeapAlloc				= NTDLL.RtlAllocateHeap			@252
 	HeapFree				= HeapFree_X					@256
-	InitializeConditionVariable	= NTDLL.RtlInitializeConditionVariable @269
-	InitializeCriticalSection = NTDLL.RtlInitializeCriticalSection	@271
 	InitializeCriticalSectionAndSpinCount = InitializeCriticalSectionAndSpinCount_X @272
 	InitializeCriticalSectionEx = InitializeCriticalSectionEx_X @273
-	InitializeSListHead		= NTDLL.RtlInitializeSListHead	@275
-	InitializeSRWLock		= NTDLL.RtlInitializeSRWLock				@276
 	IsDebuggerPresent		= IsDebuggerPresent_X			@283
 	IsProcessorFeaturePresent = IsProcessorFeaturePresent_X @284
-	LeaveCriticalSection	= NTDLL.RtlLeaveCriticalSection @293
 	LoadLibraryExW			= LoadLibraryExW_X				@296
 	MultiByteToWideChar		= MultiByteToWideChar_X			@313
 	OutputDebugStringA		= OutputDebugStringA_X			@327
@@ -84,10 +73,8 @@ EXPORTS
 	RtlCaptureContext		= RtlCaptureContext_X			@378
 	RtlLookupFunctionEntry	= RtlLookupFunctionEntry		@380
 	RtlUnwindEx				= RtlUnwindEx_X					@385
-	RtlVirtualUnwind		= NTDLL.RtlVirtualUnwind		@386
 	SetEvent				= SetEvent_X					@399
 	SetFilePointer			= SetFilePointer_X				@404
-	SetLastError			= NTDLL.RtlSetLastWin32Error	@409
 	SetThreadAffinityMask	= SetThreadAffinityMask_X		@418
 	SetThreadPriority		= SetThreadPriority_X			@424
 	SetUnhandledExceptionFilter	= SetUnhandledExceptionFilter_X @433
@@ -98,16 +85,127 @@ EXPORTS
 	TlsAlloc				= TlsAlloc_X					@454
 	TlsGetValue				= TlsGetValue_X					@456
 	TlsSetValue				= TlsSetValue_X					@457
-	TryEnterCriticalSection	= NTDLL.RtlTryEnterCriticalSection @464
 	UnhandledExceptionFilter = UnhandledExceptionFilter_X	@467
 	VirtualAlloc			= VirtualAlloc_X				@474
 	VirtualFree				= VirtualFree_X					@476
 	WaitForMultipleObjects	= WaitForMultipleObjects_X		@482
 	WaitForSingleObject		= WaitForSingleObject_X			@484
 	WaitForSingleObjectEx	= WaitForSingleObjectEx_X		@485
-	WakeAllConditionVariable = NTDLL.RtlWakeAllConditionVariable @492
 	WriteFile				= WriteFile_X					@500
 	XMemAlloc				= XMemAlloc_X					@501
 	XMemAllocDefault		= XMemAllocDefault_X			@505
 	XMemFreeDefault			= XMemFreeDefault_X				@508
 	XMemFree				= XMemFree_X					@507
+	WriteConsoleW           = WriteConsoleW_X               @499
+	FreeLibrary             = FreeLibrary_X                 @129
+	GetProcAddress          = GetProcAddress_X              @196
+	GetDiskFreeSpaceExW     = GetDiskFreeSpaceExW_X         @154
+	GetDriveTypeW           = GetDriveTypeW_X	            @157
+
+
+	DecodePointer			                     = NTDLL.RtlDecodePointer		@72
+	WakeAllConditionVariable                     = NTDLL.RtlWakeAllConditionVariable @492 
+	AcquireSRWLockExclusive                      = NTDLL.RtlAcquireSRWLockExclusive @1
+	AcquireSRWLockShared                         = NTDLL.RtlAcquireSRWLockShared @2
+	AddVectoredContinueHandler                   = NTDLL.RtlAddVectoredContinueHandler @3
+	AddVectoredExceptionHandler                  = NTDLL.RtlAddVectoredExceptionHandler @4
+    CancelThreadpoolIo                           = NTDLL.TpCancelAsyncIoOperation
+    CloseThreadpool                              = NTDLL.TpReleasePool
+    CloseThreadpoolCleanupGroup                  = NTDLL.TpReleaseCleanupGroup
+    CloseThreadpoolCleanupGroupMembers           = NTDLL.TpReleaseCleanupGroupMembers
+    CloseThreadpoolIo                            = NTDLL.TpReleaseIoCompletion
+    CloseThreadpoolTimer                         = NTDLL.TpReleaseTimer
+    CloseThreadpoolWait                          = NTDLL.TpReleaseWait
+    CloseThreadpoolWork                          = NTDLL.TpReleaseWork
+    CopyMemoryNonTemporal                        = NTDLL.RtlCopyMemoryNonTemporal
+    DecodeSystemPointer                          = NTDLL.RtlDecodeSystemPointer
+	DeleteCriticalSection                  	     = NTDLL.RtlDeleteCriticalSection @74
+    DeleteSynchronizationBarrier                 = NTDLL.RtlDeleteBarrier
+    DisassociateCurrentThreadFromCallback        = NTDLL.TpDisassociateCallback
+    EncodePointer                                = NTDLL.RtlEncodePointer @85
+    EncodeSystemPointer                          = NTDLL.RtlEncodeSystemPointer
+    EnterCriticalSection                         = NTDLL.RtlEnterCriticalSection
+    EventActivityIdControl                       = NTDLL.EtwEventActivityIdControl
+    EventEnabled                                 = NTDLL.EtwEventEnabled
+    EventProviderEnabled                         = NTDLL.EtwEventProviderEnabled
+	EventRegister			                     = NTDLL.EtwEventRegister		@95
+	EventSetInformation                          = NTDLL.EtwEventSetInformation  @96
+	EventUnregister		                       	 = NTDLL.EtwEventUnregister		@97
+	EventWrite	                       			 = NTDLL.EtwEventWrite			@98
+    EventWriteEx                                 = NTDLL.EtwEventWriteEx
+    EventWriteString                             = NTDLL.EtwEventWriteString
+	EventWriteTransfer                           = NTDLL.EtwEventWriteTransfer   @101
+    ExitProcess                                  = NTDLL.RtlExitUserProcess
+    ExitThread                                   = NTDLL.RtlExitUserThread
+    FillMemoryNonTemporal                        = NTDLL.RtlFillMemoryNonTemporal
+    FlushProcessWriteBuffers                     = NTDLL.NtFlushProcessWriteBuffers
+    FreeLibraryWhenCallbackReturns               = NTDLL.TpCallbackUnloadDllOnCompletion
+    GetCurrentProcessorNumber                    = NTDLL.RtlGetCurrentProcessorNumber
+    GetCurrentProcessorNumberEx                  = NTDLL.RtlGetCurrentProcessorNumberEx
+    GetProcessHeaps                              = NTDLL.RtlGetProcessHeaps
+    GetTraceEnableFlags                          = NTDLL.EtwGetTraceEnableFlags
+    GetTraceEnableLevel                          = NTDLL.EtwGetTraceEnableLevel
+    GetTraceLoggerHandle                         = NTDLL.EtwGetTraceLoggerHandle
+	HeapAlloc		                     		 = NTDLL.RtlAllocateHeap			@252
+    HeapCompact                                  = NTDLL.RtlCompactHeap
+    HeapFree                                     = NTDLL.RtlFreeHeap
+    HeapLock                                     = NTDLL.RtlLockHeap
+    HeapReAlloc                                  = NTDLL.RtlReAllocateHeap
+    HeapSize                                     = NTDLL.RtlSizeHeap
+    HeapUnlock                                   = NTDLL.RtlUnlockHeap
+    HeapValidate                                 = NTDLL.RtlValidateHeap
+    InitOnceInitialize                           = NTDLL.RtlRunOnceInitialize
+	InitializeConditionVariable	                 = NTDLL.RtlInitializeConditionVariable @269
+	InitializeCriticalSection                    = NTDLL.RtlInitializeCriticalSection	@271
+	InitializeSListHead	                         = NTDLL.RtlInitializeSListHead	@275
+	InitializeSRWLock		                     = NTDLL.RtlInitializeSRWLock				@276
+    InterlockedFlushSList                        = NTDLL.RtlInterlockedFlushSList
+    InterlockedPopEntrySList                     = NTDLL.RtlInterlockedPopEntrySList
+    InterlockedPushEntrySList                    = NTDLL.RtlInterlockedPushEntrySList
+    InterlockedPushListSList                     = NTDLL.RtlInterlockedPushListSList
+    InterlockedPushListSListEx                   = NTDLL.RtlInterlockedPushListSListEx
+    IsThreadpoolTimerSet                         = NTDLL.TpIsTimerSet
+	LeaveCriticalSection	                     = NTDLL.RtlLeaveCriticalSection @293
+    LeaveCriticalSectionWhenCallbackReturns      = NTDLL.TpCallbackLeaveCriticalSectionOnCompletion
+    QueryDepthSList                              = NTDLL.RtlQueryDepthSList
+    QueryPerformanceCounter                      = NTDLL.RtlQueryPerformanceCounter
+    QueryPerformanceFrequency                    = NTDLL.RtlQueryPerformanceFrequency
+    RegisterTraceGuidsW                          = NTDLL.EtwRegisterTraceGuidsW
+    ReleaseMutexWhenCallbackReturns              = NTDLL.TpCallbackReleaseMutexOnCompletion
+	ReleaseSRWLockExclusive	                     = NTDLL.RtlReleaseSRWLockExclusive @366 
+    ReleaseSRWLockShared                         = NTDLL.RtlReleaseSRWLockShared
+    ReleaseSemaphoreWhenCallbackReturns          = NTDLL.TpCallbackReleaseSemaphoreOnCompletion
+    RemoveVectoredContinueHandler                = NTDLL.RtlRemoveVectoredContinueHandler
+    RemoveVectoredExceptionHandler               = NTDLL.RtlRemoveVectoredExceptionHandler
+    RestoreLastError                             = NTDLL.RtlRestoreLastWin32Error
+    RtlCaptureContext                            = NTDLL.RtlCaptureContext
+    RtlCaptureStackBackTrace                     = NTDLL.RtlCaptureStackBackTrace
+    RtlLookupFunctionEntry                       = NTDLL.RtlLookupFunctionEntry
+    RtlPcToFileHeader                            = NTDLL.RtlPcToFileHeader
+    RtlRaiseException                            = NTDLL.RtlRaiseException
+    RtlRestoreContext                            = NTDLL.RtlRestoreContext
+    RtlUnwind                                    = NTDLL.RtlUnwind
+    RtlUnwindEx                                  = NTDLL.RtlUnwindEx
+	RtlVirtualUnwind		                     = NTDLL.RtlVirtualUnwind		@386
+    SetCriticalSectionSpinCount                  = NTDLL.RtlSetCriticalSectionSpinCount
+    SetEventWhenCallbackReturns                  = NTDLL.TpCallbackSetEventOnCompletion
+	SetLastError			                     = NTDLL.RtlSetLastWin32Error	@409
+    SetThreadpoolThreadMaximum                   = NTDLL.TpSetPoolMaxThreads
+    SetThreadpoolTimer                           = NTDLL.TpSetTimer
+    SetThreadpoolWait                            = NTDLL.TpSetWait
+    StartThreadpoolIo                            = NTDLL.TpStartAsyncIoOperation
+    SubmitThreadpoolWork                         = NTDLL.TpPostWork
+    LogTraceEvent                                = NTDLL.EtwLogTraceEvent
+    TraceMessage                                 = NTDLL.EtwTraceMessage
+    TraceMessageVa                               = NTDLL.EtwTraceMessageVa
+    TryAcquireSRWLockExclusive                   = NTDLL.RtlTryAcquireSRWLockExclusive
+    TryAcquireSRWLockShared                      = NTDLL.RtlTryAcquireSRWLockShared
+	TryEnterCriticalSection	                     = NTDLL.RtlTryEnterCriticalSection @464
+    UnregisterTraceGuids                         = NTDLL.EtwUnregisterTraceGuids
+    WaitForThreadpoolIoCallbacks                 = NTDLL.TpWaitForIoCompletion
+    WaitForThreadpoolTimerCallbacks              = NTDLL.TpWaitForTimer
+    WaitForThreadpoolWaitCallbacks               = NTDLL.TpWaitForWait
+    WaitForThreadpoolWorkCallbacks               = NTDLL.TpWaitForWork
+    WakeByAddressAll                             = NTDLL.RtlWakeAddressAll @493
+	WakeByAddressSingle                          = NTDLL.RtlWakeAddressSingle @494
+	WakeConditionVariable                        = NTDLL.RtlWakeConditionVariable @495

dlls/kernelx/kernelx.cpp

@@ -625,8 +625,27 @@ __int64 sub_18001BB8C()
     return v0;*/
     return 0;
 }
+BOOL __stdcall WriteConsoleW_X(HANDLE hConsoleOutput, const void* lpBuffer, DWORD nNumberOfCharsToWrite, LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved)
+{
+    return WriteConsoleW(hConsoleOutput, lpBuffer, nNumberOfCharsToWrite, lpNumberOfCharsWritten, lpReserved);
+}
 
-
+BOOL __stdcall GetDiskFreeSpaceExW_X(LPCWSTR lpDirectoryName, PULARGE_INTEGER lpFreeBytesAvailableToCaller, PULARGE_INTEGER lpTotalNumberOfBytes, PULARGE_INTEGER lpTotalNumberOfFreeBytes)
+{
+    return GetDiskFreeSpaceExW(lpDirectoryName,lpFreeBytesAvailableToCaller, lpTotalNumberOfBytes, lpTotalNumberOfFreeBytes);
+}
+UINT __stdcall GetDriveTypeW_X(LPCWSTR lpRootPathName)
+{
+    return GetDriveTypeW(lpRootPathName);
+}
+FARPROC __stdcall GetProcAddress_X(HMODULE hModule, LPCSTR lpProcName)
+{
+    return GetProcAddress(hModule, lpProcName);
+}
+BOOL __stdcall FreeLibrary_X(HMODULE hLibModule)
+{
+    return FreeLibrary(hLibModule);
+}
 // absolutely temporary implementation I just want to make it work
 // decompilation from ghidra (it looks horrible lol)
 NTSTATUS sub_18001BCA0(HINSTANCE hInstance, DWORD forwardReason, LPVOID lpvReserved)

dlls/kernelx/kernelx.h

@@ -13,6 +13,9 @@ extern "C"
 
 	HANDLE GetProcessHeap_X();
 
+	BOOL __stdcall GetDiskFreeSpaceExW_X(LPCWSTR lpDirectoryName, PULARGE_INTEGER lpFreeBytesAvailableToCaller, PULARGE_INTEGER lpTotalNumberOfBytes, PULARGE_INTEGER lpTotalNumberOfFreeBytes);
+
+	FARPROC __stdcall GetProcAddress_X(HMODULE hModule, LPCSTR lpProcName);
 	// TODO: Need to figure out this function.
 	PVOID XMemAllocDefault_X(ULONG_PTR a1, UINT64 a2);
 
@@ -20,6 +23,8 @@ extern "C"
 
   	BOOL XMemFree_X(PVOID P, UINT64 a2);
 
+	BOOL __stdcall WriteConsoleW_X(HANDLE hConsoleOutput, const void* lpBuffer, DWORD nNumberOfCharsToWrite, LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved);
+
   	LPTOP_LEVEL_EXCEPTION_FILTER SetUnhandledExceptionFilter_X(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelExceptionFilter);
 
 	BOOL TerminateProcess_X(HANDLE hProcess, UINT uExitCode);

dlls/ntdll/ntdll.cpp

@@ -5,4 +5,24 @@
 
 __int64 TpSetPoolAffinityMask_X(PTP_POOL ptpp, DWORD_PTR dwThreadPoolAffinityMask) {
     return 0;
-}
+}
+//__int64 __fastcall LdrUnloadDll(__int64 moduleHandle)
+//{
+//    int status; // Status of the unload operation
+//    __int64 referenceData; // Additional module reference data
+//
+//    if (byte_18009ED28)
+//        return 0i64; // No operation if module unloading is globally disabled
+//
+//    if (!moduleHandle)
+//        return (unsigned int)-1073741515; // Invalid handle error
+//
+//    // Attempt to prepare the module for unloading
+//    status = sub_18000D3C4(moduleHandle, 0i64, &unusedVar, &referenceData);
+//    if (status >= 0) {
+//        sub_180012A80(referenceData); // Decrement reference count
+//        sub_180012BCC(referenceData); // Final cleanup if needed
+//    }
+//
+//    return (unsigned int)status; // Return status of the operation
+//}

dlls/ntdll/ntdll.vcxproj

@@ -22,8 +22,6 @@
     <Text Include="Exports.txt" />
   </ItemGroup>
   <ItemGroup>
-    <ClCompile Include="..\..\..\dllmain.cpp" />
-    <ClCompile Include="..\kernelx\dllmain.cpp" />
     <ClCompile Include="ntdll.cpp" />
     <ClCompile Include="pch.cpp" />
   </ItemGroup>

dlls/ntdll/ntdll.vcxproj.filters

@@ -6,8 +6,6 @@
   <ItemGroup>
     <ClCompile Include="pch.cpp" />
     <ClCompile Include="ntdll.cpp" />
-    <ClCompile Include="..\kernelx\dllmain.cpp" />
-    <ClCompile Include="..\..\..\dllmain.cpp" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="framework.h" />