1.
//
2.
// syscall c-style generator
3.
//
4.
5.
#include <windows.h>
6.
#include <stdio.h>
7.
8.
enum GENERATION_TYPE { G_DEFINES, G_NAME_ARRAY, G_BOTH };
9.
10.
#define DEFINE_PREFIX "Sdt_"
11.
#define ORDINAL_TYPE "0x%03x"
12.
#define GENERATE_NT 1
13.
#define GENERATE_ZW 1
14.
15.
#define ARRAY_NAME "SdtFunctions"
16.
17.
//GENERATION_TYPE GenType = G_NAME_ARRAY;
18.
GENERATION_TYPE GenType = G_BOTH;
19.
20.
char *GetWinNameByVer (ULONG Major, ULONG Minor)
21.
{
22.
switch (Major)
23.
{
24.
case 4:
25.
26.
return "NT 4";
27.
28.
case 5:
29.
30.
switch (Minor)
31.
{
32.
case 0: return "2000";
33.
case 1: return "XP";
34.
case 2: return "2003 Server";
35.
}
36.
37.
case 6:
38.
39.
switch (Minor)
40.
{
41.
case 0: return "Vista";
42.
}
43.
44.
}
45.
46.
return "(unk)";
47.
}
48.
49.
int _main();
50.
51.
int main()
52.
{
53.
OSVERSIONINFOEX ver = {sizeof(ver)};
54.
55.
if (!GetVersionEx ( (OSVERSIONINFO*)&ver ))
56.
return printf("Cannot ger version\n");
57.
58.
printf("//\n// syscall info\n// generated for Windows %s (NT %d.%d) Build %d %s\n//\n\n",
59.
GetWinNameByVer (ver.dwMajorVersion, ver.dwMinorVersion),
60.
ver.dwMajorVersion, ver.dwMinorVersion, ver.dwBuildNumber, ver.szCSDVersion);
61.
62.
63.
switch (GenType)
64.
{
65.
case G_DEFINES:
66.
case G_NAME_ARRAY:
67.
return _main();
68.
69.
case G_BOTH:
70.
GenType = G_NAME_ARRAY;
71.
_main();
72.
73.
GenType = G_DEFINES;
74.
_main();
75.
}
76.
77.
return 0;
78.
}
79.
80.
int _main()
81.
{
82.
HMODULE Base = GetModuleHandle ("ntdll.dll");
83.
if (!Base)
84.
return printf("Cannot get handle of ntdll\n");
85.
86.
PIMAGE_DOS_HEADER mz;
87.
PIMAGE_FILE_HEADER pfh;
88.
PIMAGE_OPTIONAL_HEADER poh;
89.
PIMAGE_EXPORT_DIRECTORY pexd;
90.
PDWORD AddressOfFunctions;
91.
PDWORD AddressOfNames;
92.
PWORD AddressOfNameOrdinals;
93.
int i;
94.
95.
// Get headers
96.
*(PBYTE*)&mz = (PBYTE)Base;
97.
*(PBYTE*)&pfh = (PBYTE)Base + mz->e_lfanew + sizeof(IMAGE_NT_SIGNATURE);
98.
*(PIMAGE_FILE_HEADER*)&poh = pfh + 1;
99.
100.
// Get export
101.
*(PBYTE*)&pexd = (PBYTE)Base + poh->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
102.
103.
*(PBYTE*)&AddressOfFunctions = (PBYTE)Base + pexd->AddressOfFunctions;
104.
*(PBYTE*)&AddressOfNames = (PBYTE)Base + pexd->AddressOfNames;
105.
*(PBYTE*)&AddressOfNameOrdinals = (PBYTE)Base + pexd->AddressOfNameOrdinals;
106.
107.
PCHAR SdtFunctions [0x400] = {0};
108.
ULONG Number = 0;
109.
110.
for( i=0; i<pexd->NumberOfNames; i++ )
111.
{
112.
PCHAR Name = ((char*)Base + AddressOfNames[i]);
113.
PVOID Addr = (PVOID*)((DWORD)Base + AddressOfFunctions[AddressOfNameOrdinals[i]]);
114.
115.
if ( *(USHORT*)Name == 'tN' ) // Nt**
116.
{
117.
if ( *(UCHAR*)Addr == 0xB8 ) // MOV EAX, XXXXXXXX
118.
{
119.
Number = *(ULONG*)( (UCHAR*)Addr + 1 );
120.
121.
switch (GenType)
122.
{
123.
case G_DEFINES:
124.
125.
#if GENERATE_NT
126.
printf ("#define " DEFINE_PREFIX "%-52s" ORDINAL_TYPE "\n", Name, Number);
127.
#endif
128.
129.
#if GENERATE_ZW
130.
printf ("#define " DEFINE_PREFIX "Zw%-50s" ORDINAL_TYPE "\n", Name+2, Number);
131.
#endif
132.
133.
break;
134.
135.
case G_NAME_ARRAY:
136.
137.
SdtFunctions [Number] = Name;
138.
break;
139.
}
140.
}
141.
}
142.
}
143.
144.
if (GenType == G_DEFINES)
145.
return printf("\n");
146.
147.
printf("char* " ARRAY_NAME " [%d] = {\n", Number);
148.
149.
// Name array
150.
for (i=0; i<=Number; i++)
151.
{
152.
char end_char = (i == Number ? ' ' : ',');
153.
154.
if (SdtFunctions[i] == NULL)
155.
printf (" NULL%c\n", end_char);
156.
else
157.
printf(" \"%s\"%c\n", SdtFunctions[i], end_char);
158.
}
159.
160.
printf("};\n\n");
161.
162.
return 0;
163.
}
не моё