Feature: Moving some functions to Musa.Core

Fixed: KeGetCurrentIrql, LNK1169: multiply defined symbols
MiroKaku · Aug 2, 2024 · d7e2f57 · d7e2f57
1 parent a8b6e93
commit d7e2f57
Show file tree

Hide file tree

Showing 6 changed files with 71 additions and 466 deletions.
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 [![Actions Status](https://github.com/MiroKaku/Veil/workflows/Build/badge.svg)](https://github.com/MiroKaku/Veil/actions)
 [![LICENSE](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/MiroKaku/Veil/blob/main/LICENSE)
-[![nuget](https://img.shields.io/nuget/v/Musa.Veil)](https://www.nuget.org/packages/Musa.Veil/)
+[![Downloads](https://img.shields.io/nuget/dt/Musa.Veil?logo=NuGet&logoColor=blue)](https://www.nuget.org/packages/Musa.Veil/)
 
 * [简体中文](https://github.com/MiroKaku/Veil/blob/main/README.zh-CN.md)
 

diff --git a/README.zh-CN.md b/README.zh-CN.md
@@ -2,7 +2,7 @@
 
 [![Actions Status](https://github.com/MiroKaku/Veil/workflows/Build/badge.svg)](https://github.com/MiroKaku/Veil/actions)
 [![LICENSE](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/MiroKaku/Veil/blob/main/LICENSE)
-[![nuget](https://img.shields.io/nuget/v/Musa.Veil)](https://www.nuget.org/packages/Musa.Veil/)
+[![Downloads](https://img.shields.io/nuget/dt/Musa.Veil?logo=NuGet&logoColor=blue)](https://www.nuget.org/packages/Musa.Veil/)
 
 * [English](https://github.com/MiroKaku/Veil/blob/main/README.md)
 

diff --git a/Veil.h b/Veil.h
@@ -72,21 +72,6 @@
         _VEIL_DECLARE_ALTERNATE_NAME_PREFIX_DATA #alternate_name    \
         ))
 
-// Fix: __imp_ is optimized away
-#ifdef __cplusplus
-#define _VEIL_FORCE_INCLUDE(name) \
-    extern"C" __declspec(selectany) void const* const _VEIL_CONCATENATE(__forceinclude_, name) = reinterpret_cast<void const*>(&name)
-
-#define _VEIL_FORCE_INCLUDE_RAW_SYMBOLS(name) \
-    extern"C" __declspec(selectany) void const* const __identifier(_VEIL_STRINGIZE(_VEIL_CONCATENATE(__forceinclude_, name))) \
-        = reinterpret_cast<void const*>(&__identifier(_VEIL_STRINGIZE(name)))
-#else
-#define _VEIL_FORCE_INCLUDE(name) \
-    extern __declspec(selectany) void const* const _VEIL_CONCATENATE(__forceinclude_, name) = (void const*)(&name)
-
-#define _VEIL_FORCE_INCLUDE_RAW_SYMBOLS(name)
-#endif
-
 // The _VEIL_DEFINE_IAT_SYMBOL macro provides an architecture-neutral way of
 // defining IAT symbols (__imp_- or _imp__-prefixed symbols).
 #ifdef _M_IX86
@@ -98,19 +83,16 @@
 #ifdef __cplusplus
 #define _VEIL_DEFINE_IAT_SYMBOL(sym, fun) \
     extern "C" __declspec(selectany) void const* const _VEIL_DEFINE_IAT_SYMBOL_MAKE_NAME(sym) \
-        = reinterpret_cast<void const*>(fun); \
-    _VEIL_FORCE_INCLUDE(_VEIL_DEFINE_IAT_SYMBOL_MAKE_NAME(sym))
+        = reinterpret_cast<void const*>(fun);
 
 #define _VEIL_DEFINE_IAT_RAW_SYMBOL(sym, fun) \
     __pragma(warning(suppress:4483)) \
     extern "C" __declspec(selectany) void const* const __identifier(_VEIL_STRINGIZE(_VEIL_DEFINE_IAT_SYMBOL_MAKE_NAME(sym))) \
-        = reinterpret_cast<void const*>(fun); \
-    _VEIL_FORCE_INCLUDE_RAW_SYMBOLS(_VEIL_DEFINE_IAT_SYMBOL_MAKE_NAME(sym))
+        = reinterpret_cast<void const*>(fun);
 
 #else
 #define _VEIL_DEFINE_IAT_SYMBOL(sym, fun) \
-    extern __declspec(selectany) void const* const _VEIL_DEFINE_IAT_SYMBOL_MAKE_NAME(sym) = (void const*)(fun); \
-    _VEIL_FORCE_INCLUDE(_VEIL_DEFINE_IAT_SYMBOL_MAKE_NAME(sym))
+    extern __declspec(selectany) void const* const _VEIL_DEFINE_IAT_SYMBOL_MAKE_NAME(sym) = (void const*)(fun);
 
 // C don't support __identifier keyword
 #define _VEIL_DEFINE_IAT_RAW_SYMBOL(sym, fun)
@@ -253,8 +235,6 @@ struct IUnknown;
 // Kernel-Mode
 //
 
-#define NT_INLINE_GET_CURRENT_IRQL
-
 #ifndef UNICODE
 #define UNICODE 1
 #endif

diff --git a/Veil/Veil.System.KernelCore.h b/Veil/Veil.System.KernelCore.h
@@ -374,6 +374,51 @@ _VEIL_DEFINE_IAT_SYMBOL(KeInitializeSpinLock, _VEIL_IMPL_KeInitializeSpinLock);
 #endif // KeInitializeSpinLock
 #endif
 
+#if defined(_AMD64_) && !defined(MIDL_PASS)
+
+// Fix: unresolved external symbol 'KeGetCurrentIrql'
+_IRQL_requires_max_(HIGH_LEVEL)
+_IRQL_saves_
+inline
+KIRQL
+_VEIL_IMPL_KeGetCurrentIrql(
+    VOID
+)
+
+/*++
+
+Routine Description:
+
+    This function return the current IRQL.
+
+Arguments:
+
+    None.
+
+Return Value:
+
+    The current IRQL is returned as the function value.
+
+--*/
+
+{
+
+#if !defined(_ARM64EC_)
+
+    return (KIRQL)ReadCR8();
+
+#else
+
+    return 0;  // ARM64EC_STUB
+
+#endif // !defined(_ARM64EC_)
+
+}
+
+_VEIL_DEFINE_IAT_SYMBOL(KeGetCurrentIrql, _VEIL_IMPL_KeGetCurrentIrql);
+#endif // if defined(_AMD64_) && !defined(MIDL_PASS)
+
+
 #endif // _KERNEL_MODE
 
 VEIL_END()

diff --git a/Veil/Veil.System.Loader.h b/Veil/Veil.System.Loader.h
@@ -913,6 +913,7 @@ typedef struct _VS_FILEINFO_LANG_CODEPAGE
 
 }VS_FILEINFO_LANG_CODEPAGE, *PVS_FILEINFO_LANG_CODEPAGE;
 
+_IRQL_requires_max_(PASSIVE_LEVEL)
 NTSYSAPI
 NTSTATUS
 NTAPI
@@ -1052,131 +1053,25 @@ LdrUnloadAlternateResourceModuleEx(
 
 #ifdef _KERNEL_MODE
 
+// Only used in Musa.Core
+_IRQL_requires_max_(PASSIVE_LEVEL)
 NTSYSAPI
 NTSTATUS
 NTAPI
 LdrLoadDataFile(
-    _In_  PCUNICODE_STRING FileName,
-    _Out_ PVOID* ModBase,
-    _Out_ SIZE_T* ModSize
+    _In_  PCWSTR DllName,
+    _Out_ PVOID* DllHandle
 );
 
+// Only used in Musa.Core
+_IRQL_requires_max_(APC_LEVEL)
 NTSYSAPI
 NTSTATUS
 NTAPI
 LdrUnloadDataFile(
-    _In_ PVOID ModBase
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-MmCreateSection(
-    _Deref_out_ PVOID* SectionObject,
-    _In_ ACCESS_MASK DesiredAccess,
-    _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
-    _In_ PLARGE_INTEGER InputMaximumSize,
-    _In_ ULONG SectionPageProtection,
-    _In_ ULONG AllocationAttributes,
-    _In_opt_ HANDLE FileHandle,
-    _In_opt_ PFILE_OBJECT FileObject
+    _In_ PVOID DllHandle
 );
 
-inline
-NTSTATUS
-NTAPI
-_VEIL_IMPL_LdrLoadDataFile(
-    _In_  PCUNICODE_STRING FileName,
-    _Out_ PVOID* ModBase,
-    _Out_ SIZE_T* ModSize
-)
-{
-    NTSTATUS Status        = STATUS_SUCCESS;
-    HANDLE   FileHandle    = NULL;
-    PVOID    SectionObject = NULL;
-
-    do
-    {
-        *ModBase = NULL;
-        *ModSize = 0;
-
-        OBJECT_ATTRIBUTES ObjectAttributes = { 0 };
-        InitializeObjectAttributes(
-            &ObjectAttributes,
-            (PUNICODE_STRING)FileName,
-            OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
-            NULL, NULL);
-
-        IO_STATUS_BLOCK IoStatusBlock = { 0 };
-
-        Status = ZwOpenFile(
-            &FileHandle,
-            FILE_GENERIC_READ,
-            &ObjectAttributes,
-            &IoStatusBlock,
-            FILE_SHARE_READ | FILE_SHARE_DELETE,
-            FILE_NON_DIRECTORY_FILE);
-        if (!NT_SUCCESS(Status))
-        {
-            break;
-        }
-
-        LARGE_INTEGER MaximumSize = { 0 };
-
-        Status = MmCreateSection(&SectionObject, SECTION_MAP_READ, NULL,
-            &MaximumSize, PAGE_READONLY, SEC_IMAGE | SEC_NOCACHE, FileHandle, NULL);
-        if (!NT_SUCCESS(Status))
-        {
-            break;
-        }
-
-        Status = MmMapViewInSystemSpace(SectionObject, ModBase, ModSize);
-        if (!NT_SUCCESS(Status))
-        {
-            break;
-        }
-
-    } while (FALSE);
-
-    if (SectionObject)
-    {
-        ObDereferenceObject(SectionObject);
-    }
-    if (FileHandle)
-    {
-        ZwClose(FileHandle);
-    }
-
-    return Status;
-}
-
-inline
-NTSTATUS
-NTAPI
-_VEIL_IMPL_LdrUnloadDataFile(
-    _In_ PVOID ModBase
-)
-{
-    if (ModBase)
-    {
-        return MmUnmapViewInSystemSpace(ModBase);
-    }
-
-    return STATUS_SUCCESS;
-}
-
-#if defined _M_IX86
-
-_VEIL_DEFINE_IAT_RAW_SYMBOL(LdrLoadDataFile@12, _VEIL_IMPL_LdrLoadDataFile);
-_VEIL_DEFINE_IAT_RAW_SYMBOL(LdrUnloadDataFile@4, _VEIL_IMPL_LdrUnloadDataFile);
-
-#elif defined _M_X64 || defined _M_ARM || defined _M_ARM64
-
-_VEIL_DEFINE_IAT_SYMBOL(LdrLoadDataFile, _VEIL_IMPL_LdrLoadDataFile);
-_VEIL_DEFINE_IAT_SYMBOL(LdrUnloadDataFile, _VEIL_IMPL_LdrUnloadDataFile);
-
-#endif
-
 #endif // if _KERNEL_MODE
 
 //