Windows 11 22H2 and 23H2 signature request

.gitignore

@@ -81,7 +81,7 @@ GeneratedFiles*/
 *.opendb
 *.db
 *.sqlite
-/.vs
+*.vs
 *.db-shm
 *.db-wal
 *.json

src/3rd_party/rewolf-wow64ext/src/wow64ext.cpp

@@ -83,7 +83,7 @@ extern "C" DWORD64 __cdecl X64Call(DWORD64 func, int argC, ...)
     reg64 _rdx = { (argC > 0) ? argC--, va_arg(args, DWORD64) : 0 };
     reg64 _r8 = { (argC > 0) ? argC--, va_arg(args, DWORD64) : 0 };
     reg64 _r9 = { (argC > 0) ? argC--, va_arg(args, DWORD64) : 0 };
-    reg64 _rax = { 0 };
+    reg64 _rax = { };
 
     reg64 restArgs = { (DWORD64)&va_arg(args, DWORD64) };
 
@@ -423,7 +423,7 @@ extern "C" DWORD64 __cdecl GetProcAddress64(DWORD64 hModule, const char* funcNam
             return 0;
     }
 
-    _UNICODE_STRING_T<DWORD64> fName = { 0 };
+    _UNICODE_STRING_T<DWORD64> fName = { };
     fName.Buffer = (DWORD64)funcName;
     fName.Length = (WORD)strlen(funcName);
     fName.MaximumLength = fName.Length + 1;

src/BlackBone/Asm/AsmHelper32.cpp

@@ -201,6 +201,7 @@ void AsmHelper32::PushArg( const AsmVariant& arg, eArgType regidx /*= AT_stack*/
         break;
 
     case AsmVariant::dataPtr:
+    case AsmVariant::dataPtrConst:
         PushArgp( arg.new_imm_val != 0 ? arg.new_imm_val : arg.imm_val, regidx );
         break;
 

src/BlackBone/Asm/AsmHelper64.cpp

@@ -186,6 +186,7 @@ void AsmHelper64::PushArg( const AsmVariant& arg, int32_t index )
         break;
 
     case AsmVariant::dataPtr:
+    case AsmVariant::dataPtrConst:
     case AsmVariant::dataStruct:
         // Use new_imm_val when available. It's populated by remote call engine.
         PushArgp( arg.new_imm_val != 0 ? arg.new_imm_val : arg.imm_val64, index );

src/BlackBone/Asm/AsmVariant.hpp

@@ -36,6 +36,7 @@ struct AsmVariant
         imm_double,     // double or long double
         imm_float,      // float
         dataPtr,        // pointer to local data (e.g. string or pointer to structure)
+        dataPtrConst,   // pointer to constant local data
         dataStruct,     // structure passed by value
         structRet,      // pointer to space into which return value is copied (used when returning structures by value)
         mem,            // stack variable
@@ -102,6 +103,10 @@ struct AsmVariant
             set( dataStruct, argSize, reinterpret_cast<uint64_t>(buf.data()) );
             memcpy( buf.data(), &arg, argSize );
         }
+
+        // Mark as constant to prevent reading data back
+        if (type == dataPtr && std::is_const_v<std::remove_pointer_t<RAW_T>>)
+            type = dataPtrConst;
     }
 
     // Custom size pointer

src/BlackBone/BlackBone.vcxproj

@@ -703,6 +703,7 @@ xcopy "$(ProjectDir)..\..\DIA\$(Platform)\symsrv.dll" "$(TargetDir)" /Y</Command
       </ExcludedFromBuild>
     </ClCompile>
     <ClCompile Include="DriverControl\DriverControl.cpp" />
+    <ClCompile Include="Include\ScopeExit.h" />
     <ClCompile Include="LocalHook\LocalHookBase.cpp" />
     <ClCompile Include="LocalHook\TraceHook.cpp" />
     <ClCompile Include="ManualMap\MExcept.cpp" />
@@ -783,7 +784,7 @@ xcopy "$(ProjectDir)..\..\DIA\$(Platform)\symsrv.dll" "$(TargetDir)" /Y</Command
     <ClInclude Include="DriverControl\DriverControl.h" />
     <None Include="Exports.def" />
     <ClInclude Include="Include\ApiSet.h" />
-    <ClInclude Include="Include\CallResult.h" />
+    <ClInclude Include="Include\Exception.h" />
     <ClInclude Include="Include\FunctionTypes.h" />
     <ClInclude Include="Include\HandleGuard.h" />
     <ClInclude Include="Include\Macro.h" />
@@ -809,6 +810,7 @@ xcopy "$(ProjectDir)..\..\DIA\$(Platform)\symsrv.dll" "$(TargetDir)" /Y</Command
     <ClInclude Include="Misc\DynImport.h" />
     <ClInclude Include="Misc\InitOnce.h" />
     <ClInclude Include="Misc\NameResolve.h" />
+    <ClInclude Include="Misc\StackTrace.h" />
     <ClInclude Include="Misc\Thunk.hpp" />
     <ClInclude Include="Misc\Trace.hpp" />
     <ClInclude Include="Misc\Utils.h" />

src/BlackBone/BlackBone.vcxproj.filters

@@ -211,6 +211,9 @@
     <ClCompile Include="Symbols\SymbolData.cpp">
       <Filter>Symbols</Filter>
     </ClCompile>
+    <ClCompile Include="Include\ScopeExit.h">
+      <Filter>Include</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="Config.h" />
@@ -457,9 +460,6 @@
     <ClInclude Include="..\3rd_party\rewolf-wow64ext\src\wow64ext.h">
       <Filter>Subsystem</Filter>
     </ClInclude>
-    <ClInclude Include="Include\CallResult.h">
-      <Filter>Include</Filter>
-    </ClInclude>
     <ClInclude Include="Asm\IAsmHelper.h">
       <Filter>AsmJit\Helpers</Filter>
     </ClInclude>
@@ -487,6 +487,12 @@
     <ClInclude Include="Syscalls\Syscall.h">
       <Filter>Syscalls</Filter>
     </ClInclude>
+    <ClInclude Include="Include\Exception.h">
+      <Filter>Include</Filter>
+    </ClInclude>
+    <ClInclude Include="Misc\StackTrace.h">
+      <Filter>Misc</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <MASM Include="Syscalls\Syscall64.asm">

src/BlackBone/DriverControl/DriverControl.cpp

@@ -124,7 +124,7 @@ NTSTATUS DriverControl::Unload()
 /// <returns>Status code </returns>
 NTSTATUS DriverControl::MapMemory( DWORD pid, const std::wstring& pipeName, bool mapSections, MapMemoryResult& result )
 {
-    MAP_MEMORY data = { 0 };
+    MAP_MEMORY data = { };
     DWORD bytes = 0;
     ULONG sizeRequired = 0;
     data.pid = pid;
@@ -169,8 +169,8 @@ NTSTATUS DriverControl::MapMemory( DWORD pid, const std::wstring& pipeName, bool
 /// <returns>Status code</returns>
 NTSTATUS DriverControl::MapMemoryRegion( DWORD pid, ptr_t base, uint32_t size, MapMemoryRegionResult& result )
 {
-    MAP_MEMORY_REGION data = { 0 };
-    MAP_MEMORY_REGION_RESULT mapResult = { 0 };
+    MAP_MEMORY_REGION data = { };
+    MAP_MEMORY_REGION_RESULT mapResult = { };
     DWORD bytes = 0;
 
     // Not loaded
@@ -227,7 +227,7 @@ NTSTATUS DriverControl::UnmapMemory( DWORD pid )
 /// <returns>Status code</returns>
 NTSTATUS DriverControl::UnmapMemoryRegion( DWORD pid, ptr_t base, uint32_t size )
 {
-    UNMAP_MEMORY_REGION data = { 0 };
+    UNMAP_MEMORY_REGION data = { };
     DWORD bytes = 0;
 
     data.pid = pid;
@@ -304,7 +304,7 @@ NTSTATUS DriverControl::ProtectProcess(
 NTSTATUS DriverControl::PromoteHandle( DWORD pid, HANDLE handle, DWORD access )
 {
     DWORD bytes = 0;
-    HANDLE_GRANT_ACCESS grantAccess = { 0 };
+    HANDLE_GRANT_ACCESS grantAccess = { };
 
     grantAccess.pid = pid;
     grantAccess.handle = (ULONGLONG)handle;
@@ -323,7 +323,7 @@ NTSTATUS DriverControl::PromoteHandle( DWORD pid, HANDLE handle, DWORD access )
 /// <summary>
 /// Allocate virtual memory
 /// </summary>
-/// <param name="pid">Tarhet PID</param>
+/// <param name="pid">Target PID</param>
 /// <param name="base">Desired base. If 0 address is chosed by the system</param>
 /// <param name="size">Region size</param>
 /// <param name="type">Allocation type - MEM_RESERVE/MEM_COMMIT</param>
@@ -332,8 +332,8 @@ NTSTATUS DriverControl::PromoteHandle( DWORD pid, HANDLE handle, DWORD access )
 NTSTATUS DriverControl::AllocateMem( DWORD pid, ptr_t& base, ptr_t& size, DWORD type, DWORD protection, bool physical /*= false*/ )
 {
     DWORD bytes = 0;
-    ALLOCATE_FREE_MEMORY allocMem = { 0 };
-    ALLOCATE_FREE_MEMORY_RESULT result = { 0 };
+    ALLOCATE_FREE_MEMORY allocMem = { };
+    ALLOCATE_FREE_MEMORY_RESULT result = { };
 
     allocMem.pid = pid;
     allocMem.base = base;
@@ -366,16 +366,16 @@ NTSTATUS DriverControl::AllocateMem( DWORD pid, ptr_t& base, ptr_t& size, DWORD
 /// <summary>
 /// Free virtual memory
 /// </summary>
-/// <param name="pid">Tarhet PID</param>
+/// <param name="pid">Target PID</param>
 /// <param name="base">Desired base. If 0 address is chosed by the system</param>
 /// <param name="size">Region size</param>
 /// <param name="type">Free type - MEM_RELEASE/MEM_DECOMMIT</param>
 /// <returns>Status code</returns>
 NTSTATUS DriverControl::FreeMem( DWORD pid, ptr_t base, ptr_t size, DWORD type )
 {
     DWORD bytes = 0;
-    ALLOCATE_FREE_MEMORY freeMem = { 0 };
-    ALLOCATE_FREE_MEMORY_RESULT result = { 0 };
+    ALLOCATE_FREE_MEMORY freeMem = { };
+    ALLOCATE_FREE_MEMORY_RESULT result = { };
 
     freeMem.pid = pid;
     freeMem.base = base;
@@ -411,7 +411,7 @@ NTSTATUS DriverControl::FreeMem( DWORD pid, ptr_t base, ptr_t size, DWORD type )
 NTSTATUS DriverControl::ReadMem( DWORD pid, ptr_t base, ptr_t size, PVOID buffer )
 {
     DWORD bytes = 0;
-    COPY_MEMORY copyMem = { 0 };
+    COPY_MEMORY copyMem = { };
 
     copyMem.pid = pid;
     copyMem.targetPtr = base;
@@ -440,7 +440,7 @@ NTSTATUS DriverControl::ReadMem( DWORD pid, ptr_t base, ptr_t size, PVOID buffer
 NTSTATUS DriverControl::WriteMem( DWORD pid, ptr_t base, ptr_t size, PVOID buffer )
 {
     DWORD bytes = 0;
-    COPY_MEMORY copyMem = { 0 };
+    COPY_MEMORY copyMem = { };
 
     copyMem.pid = pid;
     copyMem.targetPtr = base;
@@ -462,14 +462,14 @@ NTSTATUS DriverControl::WriteMem( DWORD pid, ptr_t base, ptr_t size, PVOID buffe
 /// Change memory protection
 /// </summary>
 /// <param name="pid">Target PID.</param>
-/// <param name="base">Regiod base address</param>
+/// <param name="base">Region base address</param>
 /// <param name="size">Region size</param>
 /// <param name="protection">New protection</param>
 /// <returns>Status code</returns>
 NTSTATUS DriverControl::ProtectMem( DWORD pid, ptr_t base, ptr_t size, DWORD protection )
 {
     DWORD bytes = 0;
-    PROTECT_MEMORY protectMem = { 0 };
+    PROTECT_MEMORY protectMem = { };
 
     protectMem.pid = pid;
     protectMem.base = base;
@@ -550,7 +550,7 @@ NTSTATUS DriverControl::MmapDll(
 {
     DWORD bytes = 0;
     INJECT_DLL data = { IT_MMap };
-    UNICODE_STRING ustr = { 0 };
+    UNICODE_STRING ustr = { };
 
     // Convert path to native format
     SAFE_NATIVE_CALL( RtlDosPathNameToNtPathName_U, path.c_str(), &ustr, nullptr, nullptr );
@@ -622,13 +622,13 @@ NTSTATUS DriverControl::MmapDll(
 /// <summary>
 /// Manually map another system driver into system space
 /// </summary>
-/// <param name="path">Fully quialified path to the drver</param>
+/// <param name="path">Fully qualified path to the driver</param>
 /// <returns>Status code</returns>
 NTSTATUS DriverControl::MMapDriver( const std::wstring& path )
 {
     DWORD bytes = 0;
-    MMAP_DRIVER data = { { 0 } };
-    UNICODE_STRING ustr = { 0 };
+    MMAP_DRIVER data = { };
+    UNICODE_STRING ustr = { };
 
     // Not loaded
     if (_hDriver == INVALID_HANDLE_VALUE)
@@ -656,7 +656,7 @@ NTSTATUS DriverControl::MMapDriver( const std::wstring& path )
 NTSTATUS DriverControl::ConcealVAD( DWORD pid, ptr_t base, uint32_t size )
 {
     DWORD bytes = 0;
-    HIDE_VAD hideVAD = { 0 };
+    HIDE_VAD hideVAD = { };
 
     hideVAD.base = base;
     hideVAD.size = size;
@@ -707,7 +707,7 @@ NTSTATUS DriverControl::EnumMemoryRegions( DWORD pid, std::vector<MEMORY_BASIC_I
     }
 
     DWORD bytes = 0;
-    ENUM_REGIONS data = { 0 };
+    ENUM_REGIONS data = { };
     DWORD size = sizeof( ENUM_REGIONS_RESULT );
     auto result = reinterpret_cast<PENUM_REGIONS_RESULT>(malloc( size ));
 
@@ -773,7 +773,7 @@ NTSTATUS DriverControl::LoadDriver( const std::wstring& svcName, const std::wstr
 /// <returns>Status</returns>
 NTSTATUS DriverControl::UnloadDriver( const std::wstring& svcName )
 {
-    UNICODE_STRING Ustr = { 0 };
+    UNICODE_STRING Ustr = { };
 
     std::wstring regPath = L"\\registry\\machine\\SYSTEM\\CurrentControlSet\\Services\\" + svcName;
     SAFE_CALL( RtlInitUnicodeString, &Ustr, regPath.c_str() );
@@ -796,7 +796,7 @@ LSTATUS DriverControl::PrepareDriverRegEntry( const std::wstring& svcName, const
     RegHandle svcRoot, svcKey;
     DWORD dwType = 1;
     LSTATUS status = 0;
-    WCHAR wszLocalPath[MAX_PATH] = { 0 };
+    WCHAR wszLocalPath[MAX_PATH] = { };
 
     swprintf_s( wszLocalPath, ARRAYSIZE( wszLocalPath ), L"\\??\\%s", path.c_str() );
 

src/BlackBone/DriverControl/DriverControl.h

@@ -99,7 +99,7 @@ class DriverControl
     /// <summary>
     /// Allocate virtual memory
     /// </summary>
-    /// <param name="pid">Tarhet PID</param>
+    /// <param name="pid">Target PID</param>
     /// <param name="base">Desired base. If 0 address is chosed by the system</param>
     /// <param name="size">Region size</param>
     /// <param name="type">Allocation type - MEM_RESERVE/MEM_COMMIT</param>
@@ -110,7 +110,7 @@ class DriverControl
     /// <summary>
     /// Free virtual memory
     /// </summary>
-    /// <param name="pid">Tarhet PID</param>
+    /// <param name="pid">Target PID</param>
     /// <param name="base">Desired base. If 0 address is chosed by the system</param>
     /// <param name="size">Region size</param>
     /// <param name="type">Free type - MEM_RELEASE/MEM_DECOMMIT</param>
@@ -250,7 +250,7 @@ class DriverControl
     /// <summary>
     /// Manually map another system driver into system space
     /// </summary>
-    /// <param name="path">Fully quialified path to the drver</param>
+    /// <param name="path">Fully qualified path to the driver</param>
     /// <returns>Status code</returns>
     BLACKBONE_API NTSTATUS MMapDriver( const std::wstring& path );