coderiderlin
diff --git a/‎contrib/VersionHelpers.h
Lines changed: 27 additions & 27 deletions b/‎contrib/VersionHelpers.h
Lines changed: 27 additions & 27 deletions
diff --git a/‎src/BlackBone/ManualMap/Native/NtLoader.cpp
Lines changed: 66 additions & 1 deletion b/‎src/BlackBone/ManualMap/Native/NtLoader.cpp
Lines changed: 66 additions & 1 deletion
@@ -59,22 +59,8 @@
 typedef NTSTATUS( NTAPI* fnRtlGetVersion )(PRTL_OSVERSIONINFOW lpVersionInformation);
 
 VERSIONHELPERAPI
-IsWindowsVersionOrGreater(WORD wMajorVersion, WORD wMinorVersion, WORD wServicePackMajor)
+IsWindowsVersionOrGreater( WORD wMajorVersion, WORD wMinorVersion, WORD wServicePackMajor, DWORD dwBuild )
 {
-    /*OSVERSIONINFOEXW osvi = { sizeof(osvi), 0, 0, 0, 0, {0}, 0, 0 };
-    DWORDLONG        const dwlConditionMask = VerSetConditionMask(
-    VerSetConditionMask(
-    VerSetConditionMask(
-    0, VER_MAJORVERSION, VER_GREATER_EQUAL),
-    VER_MINORVERSION, VER_GREATER_EQUAL),
-    VER_SERVICEPACKMAJOR, VER_GREATER_EQUAL);
-
-    osvi.dwMajorVersion = wMajorVersion;
-    osvi.dwMinorVersion = wMinorVersion;
-    osvi.wServicePackMajor = wServicePackMajor;
-
-    return VerifyVersionInfoW(&osvi, VER_MAJORVERSION | VER_MINORVERSION | VER_SERVICEPACKMAJOR, dwlConditionMask) != FALSE;*/
-
     RTL_OSVERSIONINFOEXW verInfo = { 0 };
     verInfo.dwOSVersionInfoSize = sizeof( verInfo );
 
@@ -94,6 +80,9 @@ IsWindowsVersionOrGreater(WORD wMajorVersion, WORD wMinorVersion, WORD wServiceP
 
         if (verInfo.wServicePackMajor >= wServicePackMajor)
             return true;
+
+        if (verInfo.dwBuildNumber >= dwBuild)
+            return true;
     }
 
     return false;
@@ -102,75 +91,86 @@ IsWindowsVersionOrGreater(WORD wMajorVersion, WORD wMinorVersion, WORD wServiceP
 VERSIONHELPERAPI
 IsWindowsXPOrGreater()
 {
-    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 0 );
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 0, 0 );
 }
 
 VERSIONHELPERAPI
 IsWindowsXPSP1OrGreater()
 {
-    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 1 );
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 1, 0 );
 }
 
 VERSIONHELPERAPI
 IsWindowsXPSP2OrGreater()
 {
-    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 2 );
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 2, 0 );
 }
 
 VERSIONHELPERAPI
 IsWindowsXPSP3OrGreater()
 {
-    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 3 );
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 3, 0 );
 }
 
 VERSIONHELPERAPI
 IsWindowsVistaOrGreater()
 {
-    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_VISTA ), LOBYTE( _WIN32_WINNT_VISTA ), 0 );
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_VISTA ), LOBYTE( _WIN32_WINNT_VISTA ), 0, 0 );
 }
 
 VERSIONHELPERAPI
 IsWindowsVistaSP1OrGreater()
 {
-    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_VISTA ), LOBYTE( _WIN32_WINNT_VISTA ), 1 );
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_VISTA ), LOBYTE( _WIN32_WINNT_VISTA ), 1, 0 );
 }
 
 VERSIONHELPERAPI
 IsWindowsVistaSP2OrGreater()
 {
-    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_VISTA ), LOBYTE( _WIN32_WINNT_VISTA ), 2 );
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_VISTA ), LOBYTE( _WIN32_WINNT_VISTA ), 2, 0 );
 }
 
 VERSIONHELPERAPI
 IsWindows7OrGreater()
 {
-    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN7 ), LOBYTE( _WIN32_WINNT_WIN7 ), 0 );
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN7 ), LOBYTE( _WIN32_WINNT_WIN7 ), 0, 0 );
 }
 
 VERSIONHELPERAPI
 IsWindows7SP1OrGreater()
 {
-    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN7 ), LOBYTE( _WIN32_WINNT_WIN7 ), 1 );
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN7 ), LOBYTE( _WIN32_WINNT_WIN7 ), 1, 0 );
 }
 
 VERSIONHELPERAPI
 IsWindows8OrGreater()
 {
-    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN8 ), LOBYTE( _WIN32_WINNT_WIN8 ), 0 );
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN8 ), LOBYTE( _WIN32_WINNT_WIN8 ), 0, 0 );
 }
 
 VERSIONHELPERAPI
 IsWindows8Point1OrGreater()
 {
-    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINBLUE ), LOBYTE( _WIN32_WINNT_WINBLUE ), 0 );
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINBLUE ), LOBYTE( _WIN32_WINNT_WINBLUE ), 0, 0 );
 }
 
 VERSIONHELPERAPI
 IsWindows10OrGreater()
 {
-    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN10 ), LOBYTE( _WIN32_WINNT_WIN10 ), 0 );
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN10 ), LOBYTE( _WIN32_WINNT_WIN10 ), 0, 0 );
+}
+
+VERSIONHELPERAPI
+IsWindows10AnniversaryOrGreater()
+{
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN10 ), LOBYTE( _WIN32_WINNT_WIN10 ), 0, 14393 );
 }
 
+VERSIONHELPERAPI
+IsWindows10CreatorsOrGreater()
+{
+    return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN10 ), LOBYTE( _WIN32_WINNT_WIN10 ), 0, 15063 );
+}
 
 VERSIONHELPERAPI
 IsWindowsServer()
 
@@ -831,8 +831,73 @@ bool NtLdr::ScanPatterns( )
     if(pStart == nullptr)
         return false;
 
+    // Win10 update 2
+    if (IsWindows10CreatorsOrGreater())
+    {
+#ifdef USE64
+        // LdrpHandleTlsData
+        // 74 33 44 8D 43 09
+        PatternSearch ps( "\x74\x33\x44\x8d\x43\x09" );
+        ps.Search( pStart, scanSize, foundData );
+
+        if (!foundData.empty())
+        {
+            _LdrpHandleTlsData = static_cast<uintptr_t>(foundData.front() - 0x43);
+            foundData.clear();
+        }
+
+        // RtlInsertInvertedFunctionTable
+        // 8B FA 49 8D 43 20
+        PatternSearch ps2( "\x8b\xfa\x49\x8d\x43\x20" );
+        ps2.Search( pStart, scanSize, foundData );
+
+        if (!foundData.empty())
+        {
+            _RtlInsertInvertedFunctionTable = static_cast<uintptr_t>(foundData.front() - 0x10);
+            foundData.clear();
+        }
+
+        // RtlpInsertInvertedFunctionTableEntry
+        // 49 8B E8 48 8B FA 0F 84
+        PatternSearch ps3( "\x49\x8b\xe8\x48\x8b\xfa\x0f\x84" );
+        ps3.Search( pStart, scanSize, foundData );
+        if (!foundData.empty())
+            _LdrpInvertedFunctionTable = *reinterpret_cast<int32_t*>(foundData.front() - 0xF + 2) + (foundData.front() - 0xF + 6);
+#else
+        // RtlInsertInvertedFunctionTable
+        // 8D 45 F0 89 55 F8 50 8D 55 F4
+        PatternSearch ps1( "\x8d\x45\xf0\x89\x55\xf8\x50\x8d\x55\xf4" );
+        ps1.Search( pStart, scanSize, foundData );
+
+        if (!foundData.empty())
+        {
+            _RtlInsertInvertedFunctionTable = static_cast<size_t>(foundData.front() - 0xB);
+            _LdrpInvertedFunctionTable = *reinterpret_cast<uintptr_t*>(foundData.front() + 0x4C);
+            foundData.clear();
+        }
+
+        // LdrpHandleTlsData
+        // 8B C1 8D 4D BC 51
+        PatternSearch ps2( "\x8b\xc1\x8d\x4d\xbc\x51" );
+        ps2.Search( pStart, scanSize, foundData );
+
+        if (!foundData.empty())
+        {
+            _LdrpHandleTlsData = static_cast<uintptr_t>(foundData.front() - 0x18);
+            foundData.clear();
+        }
+
+        // LdrProtectMrdata
+        // 75 24 85 F6 75 08 
+        PatternSearch ps3( "\x75\x24\x85\xf6\x75\x08" );
+        ps3.Search( pStart, scanSize, foundData );
+
+        if (!foundData.empty())
+            _LdrProtectMrdata = static_cast<uintptr_t>(foundData.front() - 0x1C);
+#endif
+    }
     // Win 8.1 and later
-    if (IsWindows8Point1OrGreater())
+    else if (IsWindows8Point1OrGreater())
     {
     #ifdef USE64
         // LdrpHandleTlsData
Original file line number	Diff line number	Diff line change
`@@ -59,22 +59,8 @@`
`59`	`59`	`typedef NTSTATUS( NTAPI* fnRtlGetVersion )(PRTL_OSVERSIONINFOW lpVersionInformation);`
`60`	`60`
`61`	`61`	`VERSIONHELPERAPI`
`62`		`-IsWindowsVersionOrGreater(WORD wMajorVersion, WORD wMinorVersion, WORD wServicePackMajor)`
	`62`	`+IsWindowsVersionOrGreater( WORD wMajorVersion, WORD wMinorVersion, WORD wServicePackMajor, DWORD dwBuild )`
`63`	`63`	`{`
`64`		`- /*OSVERSIONINFOEXW osvi = { sizeof(osvi), 0, 0, 0, 0, {0}, 0, 0 };`
`65`		`- DWORDLONG const dwlConditionMask = VerSetConditionMask(`
`66`		`- VerSetConditionMask(`
`67`		`- VerSetConditionMask(`
`68`		`- 0, VER_MAJORVERSION, VER_GREATER_EQUAL),`
`69`		`- VER_MINORVERSION, VER_GREATER_EQUAL),`
`70`		`- VER_SERVICEPACKMAJOR, VER_GREATER_EQUAL);`
`71`		`-`
`72`		`- osvi.dwMajorVersion = wMajorVersion;`
`73`		`- osvi.dwMinorVersion = wMinorVersion;`
`74`		`- osvi.wServicePackMajor = wServicePackMajor;`
`75`		`-`
`76`		`- return VerifyVersionInfoW(&osvi, VER_MAJORVERSION \| VER_MINORVERSION \| VER_SERVICEPACKMAJOR, dwlConditionMask) != FALSE;*/`
`77`		`-`
`78`	`64`	`RTL_OSVERSIONINFOEXW verInfo = { 0 };`
`79`	`65`	`verInfo.dwOSVersionInfoSize = sizeof( verInfo );`
`80`	`66`
`@@ -94,6 +80,9 @@ IsWindowsVersionOrGreater(WORD wMajorVersion, WORD wMinorVersion, WORD wServiceP`
`94`	`80`
`95`	`81`	`if (verInfo.wServicePackMajor >= wServicePackMajor)`
`96`	`82`	`return true;`
	`83`	`+`
	`84`	`+ if (verInfo.dwBuildNumber >= dwBuild)`
	`85`	`+ return true;`
`97`	`86`	`}`
`98`	`87`
`99`	`88`	`return false;`
`@@ -102,75 +91,86 @@ IsWindowsVersionOrGreater(WORD wMajorVersion, WORD wMinorVersion, WORD wServiceP`
`102`	`91`	`VERSIONHELPERAPI`
`103`	`92`	`IsWindowsXPOrGreater()`
`104`	`93`	`{`
`105`		`- return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 0 );`
	`94`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 0, 0 );`
`106`	`95`	`}`
`107`	`96`
`108`	`97`	`VERSIONHELPERAPI`
`109`	`98`	`IsWindowsXPSP1OrGreater()`
`110`	`99`	`{`
`111`		`- return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 1 );`
	`100`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 1, 0 );`
`112`	`101`	`}`
`113`	`102`
`114`	`103`	`VERSIONHELPERAPI`
`115`	`104`	`IsWindowsXPSP2OrGreater()`
`116`	`105`	`{`
`117`		`- return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 2 );`
	`106`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 2, 0 );`
`118`	`107`	`}`
`119`	`108`
`120`	`109`	`VERSIONHELPERAPI`
`121`	`110`	`IsWindowsXPSP3OrGreater()`
`122`	`111`	`{`
`123`		`- return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 3 );`
	`112`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINXP ), LOBYTE( _WIN32_WINNT_WINXP ), 3, 0 );`
`124`	`113`	`}`
`125`	`114`
`126`	`115`	`VERSIONHELPERAPI`
`127`	`116`	`IsWindowsVistaOrGreater()`
`128`	`117`	`{`
`129`		`- return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_VISTA ), LOBYTE( _WIN32_WINNT_VISTA ), 0 );`
	`118`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_VISTA ), LOBYTE( _WIN32_WINNT_VISTA ), 0, 0 );`
`130`	`119`	`}`
`131`	`120`
`132`	`121`	`VERSIONHELPERAPI`
`133`	`122`	`IsWindowsVistaSP1OrGreater()`
`134`	`123`	`{`
`135`		`- return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_VISTA ), LOBYTE( _WIN32_WINNT_VISTA ), 1 );`
	`124`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_VISTA ), LOBYTE( _WIN32_WINNT_VISTA ), 1, 0 );`
`136`	`125`	`}`
`137`	`126`
`138`	`127`	`VERSIONHELPERAPI`
`139`	`128`	`IsWindowsVistaSP2OrGreater()`
`140`	`129`	`{`
`141`		`- return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_VISTA ), LOBYTE( _WIN32_WINNT_VISTA ), 2 );`
	`130`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_VISTA ), LOBYTE( _WIN32_WINNT_VISTA ), 2, 0 );`
`142`	`131`	`}`
`143`	`132`
`144`	`133`	`VERSIONHELPERAPI`
`145`	`134`	`IsWindows7OrGreater()`
`146`	`135`	`{`
`147`		`- return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN7 ), LOBYTE( _WIN32_WINNT_WIN7 ), 0 );`
	`136`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN7 ), LOBYTE( _WIN32_WINNT_WIN7 ), 0, 0 );`
`148`	`137`	`}`
`149`	`138`
`150`	`139`	`VERSIONHELPERAPI`
`151`	`140`	`IsWindows7SP1OrGreater()`
`152`	`141`	`{`
`153`		`- return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN7 ), LOBYTE( _WIN32_WINNT_WIN7 ), 1 );`
	`142`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN7 ), LOBYTE( _WIN32_WINNT_WIN7 ), 1, 0 );`
`154`	`143`	`}`
`155`	`144`
`156`	`145`	`VERSIONHELPERAPI`
`157`	`146`	`IsWindows8OrGreater()`
`158`	`147`	`{`
`159`		`- return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN8 ), LOBYTE( _WIN32_WINNT_WIN8 ), 0 );`
	`148`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN8 ), LOBYTE( _WIN32_WINNT_WIN8 ), 0, 0 );`
`160`	`149`	`}`
`161`	`150`
`162`	`151`	`VERSIONHELPERAPI`
`163`	`152`	`IsWindows8Point1OrGreater()`
`164`	`153`	`{`
`165`		`- return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINBLUE ), LOBYTE( _WIN32_WINNT_WINBLUE ), 0 );`
	`154`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WINBLUE ), LOBYTE( _WIN32_WINNT_WINBLUE ), 0, 0 );`
`166`	`155`	`}`
`167`	`156`
`168`	`157`	`VERSIONHELPERAPI`
`169`	`158`	`IsWindows10OrGreater()`
`170`	`159`	`{`
`171`		`- return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN10 ), LOBYTE( _WIN32_WINNT_WIN10 ), 0 );`
	`160`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN10 ), LOBYTE( _WIN32_WINNT_WIN10 ), 0, 0 );`
	`161`	`+}`
	`162`	`+`
	`163`	`+VERSIONHELPERAPI`
	`164`	`+IsWindows10AnniversaryOrGreater()`
	`165`	`+{`
	`166`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN10 ), LOBYTE( _WIN32_WINNT_WIN10 ), 0, 14393 );`
`172`	`167`	`}`
`173`	`168`
	`169`	`+VERSIONHELPERAPI`
	`170`	`+IsWindows10CreatorsOrGreater()`
	`171`	`+{`
	`172`	`+ return IsWindowsVersionOrGreater( HIBYTE( _WIN32_WINNT_WIN10 ), LOBYTE( _WIN32_WINNT_WIN10 ), 0, 15063 );`
	`173`	`+}`
`174`	`174`
`175`	`175`	`VERSIONHELPERAPI`
`176`	`176`	`IsWindowsServer()`