delete this demo

delete this demo

KiFastCallEntry/HookKiFastCallEntry.h

@@ -1,505 +0,0 @@
-#pragma once
-
-#include "Monitor.h"
-#include <ntimage.h>
-typedef unsigned char  BYTE, *PBYTE;
-#define  LOBYTE(w) ((BYTE)(SHORT)(w))
-#define  HIBYTE(w) ((BYTE)((SHORT)(w)>>8))
-#define HIWORD(w) ((SHORT)((ULONG)(w))>>16)
-#define HIDWORD(w) ((ULONG)(((LONGLONG)(w)>>32)&0xFFFFFFFF))
-
-
-typedef HANDLE HWND;
-
-
-typedef struct _KSERVICE_TABLE_DESCRIPTOR {
-	PULONG_PTR Base;
-	PULONG Count;
-	ULONG Limit;
-	PUCHAR Number;
-} KSERVICE_TABLE_DESCRIPTOR, *PKSERVICE_TABLE_DESCRIPTOR;
-
-int (__stdcall *OriZwDisplayStringAddress)(int);
-
-NTSTATUS _KisInstallKiFastCallEntryHook();
-NTSTATUS _HookZwDisplayString();
-ULONG __stdcall _FakeZwDisplayString(PCUNICODE_STRING StringTest);
-ULONG __stdcall _GetKiFastCallEntryRetuanAddress(PVOID VirtualAddress);
-
-
-NTSTATUS __stdcall _KisGetKiFastCallEntryMoveEbxAddress(ULONG StartAddress, ULONG Size, ULONG *MoveEbxAddress);
-ULONG __stdcall _KisGetKiFastCallEntryHookAddress(ULONG StartAddress, ULONG Length, ULONG *MmUserProbeAddress1);
-NTSTATUS __stdcall _KisHookKiFastCallEntryPoint(ULONG HookAddress);
-
-VOID _KifakeFastCallEntry();
-
-ULONG __stdcall HookKiFastCallEntry(signed __int64 *a1, signed __int64 a2);
-
-NTSTATUS _KisHookKiFastCallEntry();
-ULONG __stdcall _KisSyscallFilter(ULONG FuncAddress,ULONG edx  ,ULONG Index ,ULONG Argc, PVOID SSDTBase);
-//VOID __stdcall Filter(ULONG ServiceId, ULONG TableBase, ULONG Argc, ULONG StackAddr)
-
-VOID SetFakeFunction();
-
-
-NTSYSAPI
-	PIMAGE_NT_HEADERS
-	NTAPI
-	RtlImageNtHeader(PVOID Base);
-
-NTSTATUS FuncMonitorDeviceControl(ULONG_PTR  uIoControlCode,PVOID InputBuffer,ULONG_PTR uInSize,PVOID OutputBuffer,ULONG_PTR uOutSize);
-
-PVOID 
-	GetFunctionAddressByNameFromNtosExport(WCHAR *wzFunctionName);
-PVOID GetKeShadowServiceDescriptorTable32();
-PVOID GetKeShadowServiceDescriptorTable64();
-
-typedef struct _XBoxData_ {
-	ULONG pid;
-	ULONG tid;
-	ULONG sid;
-	UCHAR argc;
-	UCHAR bFromUser;
-	UCHAR bFromSSDT;
-	ULONG args[16];
-	LARGE_INTEGER time;
-	LIST_ENTRY ListEntry;
-} XBoxData, *PXBoxData, **PPXBoxData;
-
-NTSTATUS FuncEventToKernelEvent(PULONG_PTR InputBuffer,ULONG_PTR InSize);
-
-
-#define SDOW_MAX_NUM 850
-#define SSDT_MAX_NUM 500
-#define FSD_MAX_NUM 56
-#define KBD_MAX_NUM 28
-#define IDT_MAX_NUM 256
-#define MAX_REASON 350
-#define OPCODE_LEN 10
-#define SYSMODULE_MAX 256
-
-#define SSDT_MAX_HOOK_INDEX 30
-
-enum _SSDT_HOOK_INDEX
-{
-	SSDT_NTOPENPROCESS_INDEX = 0,
-	SSDT_NTCREATETHREAD_INDEX = 1,
-	SSDT_NTOPENTHREAD_INDEX = 2,
-	SSDT_NTWRITEVIRTUALMEMORY_INDEX = 3,
-	SSDT_NTDUPLICATEOBJECT_INDEX = 4,
-	SSDT_NTSETSYSTEMINFORMATION_INDEX = 5,
-	SSDT_NTQUEUEAPCTHREAD_INDEX  = 6 ,
-	SSDT_NTDEBUGACTIVEPROCESS_INDEX = 7,
-	SSDT_NTREMOVEPROCESSDEBUG_INDEX = 8
-
-}SSDT_HOOK_INDEX;
-
-enum _SHADOW_SSDT_HOOK_INDEX
-{
-	SHADOWSSDT_NTUSERFINDWINDOWSEX_INDEX = 0,
-	SHADOWSSDT_NTUSERQUERYWINDOW_INDEX = 1 ,
-	SHADOWSSDT_NTUSERSETWINDOWSHOOKEX_INDEX =  2,
-	SHADOWSSDT_NTUSERBUILDHWNDLIST_INDEX = 3,
-	SHADOWSSDT_NTUSERWINDOWFROMPOINT_INDEX = 4,
-	SHADOWSSDT_NTUSERSETPARENT_INDEX = 5,
-	SHADOWSSDT_NTUSERPOSTMESSAGE_INDEX = 6,
-	SHADOWSSDT_NTUSERMESSAGECALL_INDEX = 7,
-	SHADOWSSDT_NTUSERDESTROYWINDOW_INDEX = 8,
-	SHADOWSSDT_NTUSERSHOWWINDOW_INDEX = 9,
-	SHADOWSSDT_NTUSERSETWINDOWLONG_INDEX = 10 ,
-	SHADOWSSDT_NTUSERINTERNALGETWINDOWTEXT_INDEX = 11,
-	SHADOWSSDT_NTUSERSETWINDOWPOS_INDEX = 12 ,
-	SHADOWSSDT_NTUSERGETCLASSNAME_INDEX = 13 ,
-	SHADOWSSDT_NTUSERGETWINDOWPLACEMENT_INDEX = 14,
-	SHADOWSSDT_NTUSERGETFOREGROUNDWINDOW_INDEX    = 15
-
-}SHADOW_SSDT_HOOK_INDEX;
-
-#define SSDT_FILTER_NUM 500
-#define SHADOWSSDT_FILTER_NUM 850
-
-#define SECTIONOBJECT 0x138 //_EPROCESS中SectionObject的offset
-#define SEGMENT 0x014 //_SECTION_OBJECT中Segment的//
-#define CONTROLAREA 0x000 //_SEGMENT中ControlArea的offset
-#define FILEPOINTER 0x024 //_CONTROL_AREA中FilePointer的offset
-
-
-
-//TEB初始化
-typedef struct _INITIAL_TEB {
-	struct {
-		PVOID OldStackBase;
-		PVOID OldStackLimit;
-	} OldInitialTeb;
-	PVOID StackBase;
-	PVOID StackLimit;
-	PVOID StackAllocationBase;
-} INITIAL_TEB, *PINITIAL_TEB;
-
-
-
-typedef struct _SYSCALL_FILTER_INFO_TABLE
-{
-	ULONG ulKiFastCallEntry;
-	ULONG ulNewRetKiFastCallEntry;
-
-	UCHAR HookCode[13];
-	ULONG ulCopyLength;
-
-	ULONG ulSSDTAddr;
-	ULONG ulSHADOWSSDTAddr;
-
-	ULONG ulSSDTNum;
-	ULONG ulSHADOWSSDTNum;
-
-	ULONG FastCallType;
-
-	ULONG SavedSSDTTable[SSDT_FILTER_NUM];                  //SSDT原始函数地址表
-	ULONG ProxySSDTTable[SSDT_FILTER_NUM];            //SSDT代理函数地址表
-	ULONG SSDTServiceIndex[SSDT_MAX_HOOK_INDEX];
-	ULONG SSDTSwitchTable[SSDT_FILTER_NUM];              //SSDT Hook开关表
-
-	ULONG SavedShadowSSDTTable[SHADOWSSDT_FILTER_NUM];            //ShadowSSDT原始函数地址表
-	ULONG ProxyShadowSSDTTable[SHADOWSSDT_FILTER_NUM];      //ShadowSSDT代理函数地址表
-	ULONG ShadowSSDTServiceIndex[SSDT_MAX_HOOK_INDEX];
-	ULONG ShadowSSDTSwitchTable[SHADOWSSDT_FILTER_NUM];  //ShadowSSDT Hook开关表
-
-
-	ULONG ulEPROCESSPidOffset;	
-
-}SYSCALL_FILTER_INFO_TABLE,*PSYSCALL_FILTER_INFO_TABLE;
-
-
-typedef BOOL (*NTUSERPOSTTHREADMESSAGE)
-	(
-	DWORD idThread, 
-	UINT Msg, 
-	WPARAM wParam, 
-	LPARAM lParam
-	);
-
-
-
-typedef NTSTATUS (*NTDUPLICATEOBJECT)
-	(
-	IN HANDLE SourceProcessHandle,
-	IN HANDLE SourceHandle,
-	IN HANDLE TargetProcessHandle,
-	OUT PHANDLE TargetHandle OPTIONAL,
-	IN ACCESS_MASK DesiredAccess,
-	IN ULONG Attributes,
-	IN ULONG Options
-	);
-
-typedef NTSTATUS (*NTCREATEDEBUGOBJECT)
-	(
-	OUT PHANDLE  DebugObjectHandle,  
-	IN ACCESS_MASK  DesiredAccess,  
-	IN POBJECT_ATTRIBUTES  ObjectAttributes,  
-	IN ULONG  Flags   
-	);
-
-typedef NTSTATUS (*NTQUEUEAPCTHREAD)
-	(
-	IN HANDLE ThreadHandle,
-	IN PKNORMAL_ROUTINE ApcRoutine,
-	IN PVOID ApcContext OPTIONAL,
-	IN PVOID Argument1 OPTIONAL,
-	IN PVOID Argument2 OPTIONAL
-	);
-
-typedef NTSTATUS (*NTSETTHREADCONTEXT)
-	(
-	IN HANDLE hThread,
-	IN PCONTEXT pContext
-	);
-
-
-
-typedef NTSTATUS (*HOOKPROC)(int code, WPARAM wParam, LPARAM lParam);
-
-
-typedef NTSTATUS (*NTSETSYSTEMINFORMATION)(
-	__in SYSTEM_INFORMATION_CLASS SystemInformationClass,
-	__inout PVOID SystemInformation,
-	__in ULONG SystemInformationLength);
-
-
-NTSTATUS FakeNtSetSystemInformation(
-	__in SYSTEM_INFORMATION_CLASS SystemInformationClass,
-	__inout PVOID SystemInformation,
-	__in ULONG SystemInformationLength);
-
-typedef NTSTATUS (*NTOPENPROCESS) (
-	__out PHANDLE ProcessHandle,
-	__in ACCESS_MASK DesiredAccess,
-	__in POBJECT_ATTRIBUTES ObjectAttributes,
-	__in_opt PCLIENT_ID ClientId);
-
-
-NTSTATUS FakeNtOpenProcess (
-	__out PHANDLE ProcessHandle,
-	__in ACCESS_MASK DesiredAccess,
-	__in POBJECT_ATTRIBUTES ObjectAttributes,
-	__in_opt PCLIENT_ID ClientId
-	);
-
-
-NTSTATUS FakeNtCreateThread(
-	__out PHANDLE ThreadHandle,
-	__in ACCESS_MASK DesiredAccess,
-	__in_opt POBJECT_ATTRIBUTES ObjectAttributes,
-	__in HANDLE ProcessHandle,
-	__out PCLIENT_ID ClientId,
-	__in PCONTEXT ThreadContext,
-	__in PINITIAL_TEB InitialTeb,
-	__in BOOLEAN CreateSuspended
-	);
-
-typedef NTSTATUS (*NTCREATETHREAD)(
-	__out PHANDLE ThreadHandle,
-	__in ACCESS_MASK DesiredAccess,
-	__in_opt POBJECT_ATTRIBUTES ObjectAttributes,
-	__in HANDLE ProcessHandle,
-	__out PCLIENT_ID ClientId,
-	__in PCONTEXT ThreadContext,
-	__in PINITIAL_TEB InitialTeb,
-	__in BOOLEAN CreateSuspended);
-
-typedef NTSTATUS (*NTOPENTHREAD) (
-	__out PHANDLE ThreadHandle,
-	__in ACCESS_MASK DesiredAccess,
-	__in POBJECT_ATTRIBUTES ObjectAttributes,
-	__in_opt PCLIENT_ID ClientId);
-
-NTSTATUS FakeNtOpenThread (
-	__out PHANDLE ThreadHandle,
-	__in ACCESS_MASK DesiredAccess,
-	__in POBJECT_ATTRIBUTES ObjectAttributes,
-	__in_opt PCLIENT_ID ClientId
-	);
-
-
-typedef NTSTATUS (*NTWRITEVIRTUALMEMORY)(
-	__in HANDLE ProcessHandle,
-	__in_opt PVOID BaseAddress,
-	__in_bcount(BufferSize) CONST VOID *Buffer,
-	__in SIZE_T BufferSize,
-	__out_opt PSIZE_T NumberOfBytesWritten);
-
-NTSTATUS FakeNtWriteVirtualMemory(
-	__in HANDLE ProcessHandle,
-	__in_opt PVOID BaseAddress,
-	__in_bcount(BufferSize) CONST VOID *Buffer,
-	__in SIZE_T BufferSize,
-	__out_opt PSIZE_T NumberOfBytesWritten
-	);
-
-
-typedef NTSTATUS (*NTDUPLICATEOBJECT)(
-	__in HANDLE SourceProcessHandle,
-	__in HANDLE SourceHandle,
-	__in_opt HANDLE TargetProcessHandle,
-	__out_opt PHANDLE TargetHandle,
-	__in ACCESS_MASK DesiredAccess,
-	__in ULONG HandleAttributes,
-	__in ULONG Options);
-
-NTSTATUS FakeNtDuplicateObject (
-	__in HANDLE SourceProcessHandle,
-	__in HANDLE SourceHandle,
-	__in_opt HANDLE TargetProcessHandle,
-	__out_opt PHANDLE TargetHandle,
-	__in ACCESS_MASK DesiredAccess,
-	__in ULONG HandleAttributes,
-	__in ULONG Options);
-
-typedef NTSTATUS (*NTDEBUGACTIVEPROCESS)  ( IN HANDLE  ProcessHandle,  
-	IN HANDLE  DebugObjectHandle   
-	);
-
-NTSTATUS FakeNtDebugActiveProcess  (IN HANDLE  ProcessHandle,  
-	IN HANDLE  DebugObjectHandle   
-	);
-
-typedef NTSTATUS (*NTREMOVEPROCESSDEBUG)  ( IN HANDLE  ProcessHandle,  
-	IN HANDLE  DebugObjectHandle   
-	);
-
-NTSTATUS FakeNtRemoveProcessDebug  ( IN HANDLE  ProcessHandle,  
-	IN HANDLE  DebugObjectHandle   
-	) ;
-
-/************************窗口过滤相关函数********************************/
-
-typedef HWND (*NTUSERFINDWINDOWEX)(
-	__in HWND hwndParent, 
-	__in HWND hwndChild, 
-	__in PUNICODE_STRING pstrClassName OPTIONAL, 
-	__in PUNICODE_STRING pstrWindowName OPTIONAL, 
-	__in DWORD dwType);
-
-HWND FakeNtUserFindWindowEx(
-	__in HWND hwndParent, 
-	__in HWND hwndChild, 
-	__in PUNICODE_STRING pstrClassName OPTIONAL, 
-	__in PUNICODE_STRING pstrWindowName OPTIONAL, 
-	__in DWORD dwType);
-
-
-typedef UINT_PTR (*NTUSERQUERYWINDOW)(
-	IN ULONG WindowHandle,
-	IN ULONG TypeInformation);
-
-UINT_PTR FakeNtUserQueryWindow(
-	IN ULONG WindowHandle,
-	IN ULONG TypeInformation);
-
-
-
-typedef
-	NTSTATUS (*NtQUEUEAPCTHREAD)(
-	IN HANDLE ThreadHandle,
-	IN PKNORMAL_ROUTINE ApcRoutine,
-	IN PVOID ApcContext OPTIONAL,
-	IN PVOID Argument1 OPTIONAL,
-	IN PVOID Argument2 OPTIONAL
-	);
-
-NTSTATUS
-	NTAPI FakeNtQueueApcThread(
-	IN HANDLE ThreadHandle,
-	IN PKNORMAL_ROUTINE ApcRoutine,
-	IN PVOID ApcContext OPTIONAL,
-	IN PVOID Argument1 OPTIONAL,
-	IN PVOID Argument2 OPTIONAL
-	);
-
-
-typedef HANDLE (*NTUSERSETWINDOWSHOOKEX)(IN HANDLE Mod,
-	IN PUNICODE_STRING UnsafeModuleName,
-	IN DWORD ThreadId,
-	IN INT HookId,
-	IN HOOKPROC HookProc,
-	IN BOOL Ansi);
-
-
-HANDLE  FakeNtUserSetWindowsHookEx(HANDLE Mod,
-	PUNICODE_STRING UnsafeModuleName,
-	DWORD ThreadId,
-	INT HookId,
-	HOOKPROC HookProc,
-	BOOL Ansi);
-
-
-typedef NTSTATUS (*NTUSERBUILDHWNDLIST)(
-	IN HDESK hdesk, 
-	IN HWND hwndNext, 
-	IN ULONG fEnumChildren, 
-	IN DWORD idThread, 
-	IN UINT cHwndMax, 
-	OUT HWND *phwndFirst, 
-	OUT ULONG* pcHwndNeeded);
-
-
-
-NTSTATUS FakeNtUserBuildHwndList(
-	IN HDESK hdesk, 
-	IN HWND hwndNext, 
-	IN ULONG fEnumChildren, 
-	IN DWORD idThread, 
-	IN UINT cHwndMax, 
-	OUT HWND *phwndFirst, 
-	OUT ULONG* pcHwndNeeded);
-
-typedef ULONG (*NTUSERWINDOWFROMPOINT)(LONG x, LONG y);
-
-ULONG FakeNtUserWindowFromPoint(LONG x, LONG y);
-
-typedef HWND (*NTUSERSETPARENT)(HWND hWndChild,HWND hWndNewParent);
-
-HWND FakeNtUserSetParent(HWND hWndChild,HWND hWndNewParent);
-
-typedef BOOL (*NTUSERPOSTMESSAGE)(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam);
-
-
-BOOL FakeNtUserPostMessage(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam);
-
-typedef ULONG (*NTUSERMESSAGECALL)(
-	HWND hwnd, 
-	UINT msg,
-	WPARAM wParam,
-	LPARAM lParam,
-	PULONG xParam,
-	ULONG xpfnProc,
-	BOOL bAnsi
-	);
-
-ULONG FakeNtUserMessageCall(
-	HWND hwnd, 
-	UINT msg,
-	WPARAM wParam,
-	LPARAM lParam,
-	PULONG xParam,
-	ULONG xpfnProc,
-	BOOL bAnsi
-	);
-
-typedef BOOL (*NTUSERDESTROYWINDOW)(HWND hWnd);
-
-BOOL FakeNtUserDestroyWindow( HWND hWnd );
-
-typedef BOOL (*NTUSERSHOWWINDOW)(HWND hWnd,long nCmdShow);
-
-BOOL FakeNtUserShowWindow(HWND hWnd,long nCmdShow);
-
-typedef long (*NTUSERSETWINDOWLONG)(HWND hWnd, ULONG Index, long NewValue, BOOL Ansi);
-
-long FakeNtUserSetWindowLong(HWND hWnd, ULONG Index, long NewValue, BOOL Ansi);
-
-typedef INT (*NTUSERINTERNALGETWINDOWTEXT)(HWND hWnd, LPWSTR lpString, INT nMaxCount);
-
-INT CALLBACK FakeNtUserInternalGetWindowText(HWND hWnd, LPWSTR lpString, INT nMaxCount);
-
-
-typedef BOOL (*NTUSERSETWINDOWPOS)(
-	HWND hWnd,
-	HWND hWndInsertAfter,
-	int X,
-	int Y,
-	int cx,
-	int cy,
-	UINT uFlags);
-
-BOOL CALLBACK
-	FakeNtUserSetWindowPos(
-	HWND hWnd,
-	HWND hWndInsertAfter,
-	int X,
-	int Y,
-	int cx,
-	int cy,
-	UINT uFlags);
-
-typedef (*NTUSERGETCLASSNAME)(IN HWND hWnd,
-	OUT PUNICODE_STRING ClassName,
-	IN BOOL Ansi);
-
-INT CALLBACK
-	FakeNtUserGetClassName (IN HWND hWnd,
-	OUT PUNICODE_STRING ClassName,
-	IN BOOL Ansi);
-
-typedef BOOL (*NTUSERGETWINDOWPLACEMENT)(HWND hWnd,
-	void* lpwndpl);
-
-
-BOOL CALLBACK
-	FakeNtUserGetWindowPlacement(HWND hWnd,
-	void* lpwndpl);
-
-typedef ULONG (*NTUSERGETFOREGROUNDWINDOW)(VOID);
-
-
-ULONG FakeNtUserGetForegroundWindow(VOID);
-/*****************************************************************************************************/

KiFastCallEntry/Monitor.h

@@ -1,64 +0,0 @@
-/***************************************************************************************
-* AUTHOR : MZ
-* DATE   : 2016-2-12
-* MODULE : Monitor.H
-*
-* IOCTRL Sample Driver
-*
-* Description:
-*		Demonstrates communications between USER and KERNEL.
-*
-****************************************************************************************
-* Copyright (C) 2010 MZ.
-****************************************************************************************/
-
-#ifndef CXX_MONITOR_H
-#define CXX_MONITOR_H
-
-#include <ntifs.h>
-#include <devioctl.h>
-#include "Common.h"
-
-
-#define DEVICE_NAME   L"\\Device\\MonitorDeviceName"
-#define LINK_NAME       L"\\DosDevices\\MonitorLinkName"
-
-NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING pRegistryString);
-VOID DriverUnload(IN PDRIVER_OBJECT DriverObject);
-NTSTATUS DispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject, IN PIRP pIrp);
-NTSTATUS
-	DefaultPassThrough(PDEVICE_OBJECT  DeviceObject,PIRP Irp);
-
-
-VOID GetFirstModuleInformation(PDRIVER_OBJECT DriverObject);
-typedef struct _LDR_DATA_TABLE_ENTRY
-{
-	LIST_ENTRY InLoadOrderLinks;
-	LIST_ENTRY InMemoryOrderLinks;
-	LIST_ENTRY InInitializationOrderLinks;
-	PVOID DllBase;
-	PVOID EntryPoint;
-	ULONG SizeOfImage;
-	UNICODE_STRING FullDllName;
-	UNICODE_STRING BaseDllName;
-	ULONG Flags;
-	USHORT LoadCount;
-	USHORT TlsIndex;
-	union
-	{
-		LIST_ENTRY HashLinks;
-		struct
-		{
-			PVOID SectionPointer;
-			ULONG CheckSum;
-		};
-	};
-	union
-	{
-		ULONG TimeDateStamp;
-		PVOID LoadedImports;
-	};
-	PVOID EntryPointActivationContext;
-	PVOID PatchInformation;
-} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
-#endif	

KiFastCallEntry/Monitor.sln

@@ -1,16 +0,0 @@
-Microsoft Visual Studio Solution File, Format Version 11.00
-# Visual Studio 2010
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Monitor", "Monitor.vcxproj", "{4EE67C57-BE79-4CD7-B3B0-94AECE62DB41}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		WinDDK|Win32 = WinDDK|Win32
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{4EE67C57-BE79-4CD7-B3B0-94AECE62DB41}.WinDDK|Win32.ActiveCfg = WinDDK|Win32
-		{4EE67C57-BE79-4CD7-B3B0-94AECE62DB41}.WinDDK|Win32.Build.0 = WinDDK|Win32
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-EndGlobal

KiFastCallEntry/Monitor.vcxproj.filters

@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <ClCompile Include=".\Monitor.c" />
-    <ClCompile Include=".\Monitor.h" />
-    <ClCompile Include="Common.c">
-      <Filter>公共</Filter>
-    </ClCompile>
-    <ClCompile Include="HookKiFastCallEntry.c">
-      <Filter>KiFastCallEntry</Filter>
-    </ClCompile>
-    <ClCompile Include="MonitorProcess.c">
-      <Filter>监控进程</Filter>
-    </ClCompile>
-  </ItemGroup>
-  <ItemGroup>
-    <Filter Include="监控进程">
-      <UniqueIdentifier>{34b07019-c15d-4da9-9329-db715de7b412}</UniqueIdentifier>
-    </Filter>
-    <Filter Include="公共">
-      <UniqueIdentifier>{aebc1b79-2de6-4b1a-a158-4cf360c32b96}</UniqueIdentifier>
-    </Filter>
-    <Filter Include="KiFastCallEntry">
-      <UniqueIdentifier>{eaf33335-dc2f-4d24-b0e6-0021734f6aab}</UniqueIdentifier>
-    </Filter>
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="Common.h">
-      <Filter>公共</Filter>
-    </ClInclude>
-    <ClInclude Include="HookKiFastCallEntry.h">
-      <Filter>KiFastCallEntry</Filter>
-    </ClInclude>
-    <ClInclude Include="MonitorProcess.h">
-      <Filter>监控进程</Filter>
-    </ClInclude>
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="sources" />
-  </ItemGroup>
-</Project>

KiFastCallEntry/Monitor.vcxproj.user

@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-</Project>

KiFastCallEntry/ReadMe.txt

@@ -1,3 +0,0 @@
-Hook KiFastCallEntry to monitor ssdt&sssdt function
-
-delete.

KiFastCallEntry/clean.bat

@@ -1,28 +0,0 @@
-rem /////////////////
-rem / Add by ChiChou
-rem / 
-rem / FileName:Clean.bat
-rem / Description:Clean
-rem /
-rem ////////////////
-rd .\bin /s /q
-rd .\WinDDK /s /q
-rd .\objchk_w2k_x86 /s /q
-rd .\objchk_wxp_x86 /s /q
-rd .\objchk_wnet_x86 /s /q
-rd .\objchk_wlh_x86 /s /q
-rd .\objfre_w2k_x86 /s /q
-rd .\objfre_wxp_x86 /s /q
-rd .\objfre_wnet_x86 /s /q
-rd .\objfre_wlh_x86 /s /q
-del .\*.log
-del .\*.err
-del .\*.xml
-rem ***** del VS2005 file *****
-del .\*.ncb
-del .\*.user
-del .\*.suo /A:H
-rem ***** del VS6.0 file *****
-del .\*.plg
-del .\*.opt
-exit

KiFastCallEntry/fff

@@ -1 +0,0 @@
-sssasa

KiFastCallEntry/makefile

@@ -1,6 +0,0 @@
-#
-# DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
-# file to this component.  This file merely indirects to the real make file
-# that is shared by all the components of NT OS/2
-#
-!INCLUDE $(NTMAKEENV)\makefile.def

KiFastCallEntry/mybuild.bat

@@ -1,3 +0,0 @@
-set WLHBASE=C:\WINDDK\6001.18002
-set WDF_ROOT=C:\WINDDK\6001.18002
-ddkbuild.cmd -WLHXP chk . -cZ -WDF

KiFastCallEntry/sources

@@ -1,12 +0,0 @@
-TARGETNAME=Monitor
-#TARGETPATH=$(BASEDIR)\lib
-TARGETPATH=obj
-TARGETTYPE=DRIVER
-LINKER_FLAGS=/integritycheck
-INCLUDES=.\
-
-SOURCES= \
- Monitor.c \
- Common.c \
- HookKiFastCallEntry.c
-