2.0.1

Add more details about kernel shim (Extras->Drivers)
Add offset display for IRP handlers (Extras->Drivers)

Source/Shared/ntos/ntsup.c

@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2011 - 2022 UGN/HE
+*  (C) COPYRIGHT AUTHORS, 2011 - 2023 UGN/HE
 *
 *  TITLE:       NTSUP.C
 *
-*  VERSION:     2.16
+*  VERSION:     2.17
 *
-*  DATE:        01 Dec 2022
+*  DATE:        06 Feb 2023
 *
 *  Native API support functions.
 *
@@ -341,7 +341,7 @@ BOOL ntsupFindModuleEntryByAddress(
 * Find Module Name for given Address.
 *
 */
-BOOL ntsupFindModuleNameByAddress(
+PVOID ntsupFindModuleNameByAddress(
     _In_ PRTL_PROCESS_MODULES pModulesList,
     _In_ PVOID Address,
     _Inout_	LPWSTR Buffer,
@@ -356,7 +356,7 @@ BOOL ntsupFindModuleNameByAddress(
     if ((Buffer == NULL) ||
         (ccBuffer == 0))
     {
-        return FALSE;
+        return NULL;
     }
 
     modulesCount = pModulesList->NumberOfModules;
@@ -383,14 +383,14 @@ BOOL ntsupFindModuleNameByAddress(
 
                 RtlFreeUnicodeString(&usConvertedName);
 
-                return TRUE;
+                return &pModulesList->Modules[i];
             }
             else {
-                return FALSE;
+                return NULL;
             }
         }
     }
-    return FALSE;
+    return NULL;
 }
 
 /*

Source/Shared/ntos/ntsup.h

@@ -1,12 +1,12 @@
 /************************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2011 - 2022 UGN/HE
+*  (C) COPYRIGHT AUTHORS, 2011 - 2023 UGN/HE
 *
 *  TITLE:       NTSUP.H
 *
-*  VERSION:     2.16
+*  VERSION:     2.17
 *
-*  DATE:        01 Dec 2022
+*  DATE:        06 Feb 2023
 *
 *  Common header file for the NT API support functions and definitions.
 *
@@ -141,7 +141,7 @@ BOOL ntsupFindModuleEntryByAddress(
     _In_ PVOID Address,
     _Out_ PULONG ModuleIndex);
 
-BOOL ntsupFindModuleNameByAddress(
+PVOID ntsupFindModuleNameByAddress(
     _In_ PRTL_PROCESS_MODULES pModulesList,
     _In_ PVOID Address,
     _Inout_	LPWSTR Buffer,

Source/WinObjEx64/extras/extrasDrivers.c

@@ -1029,11 +1029,13 @@ VOID DrvListDrivers(
 */
 BOOL CALLBACK DrvDlgHandleNotify(
     _In_ LPNMLISTVIEW NMListView,
-    _In_ EXTRASCONTEXT* Context
+    _In_ EXTRASCONTEXT* Context,
+    _In_ LPARAM lParam
 )
 {
     INT nImageIndex;
 
+    UNREFERENCED_PARAMETER(lParam);
 
     if (NMListView->hdr.idFrom != ID_EXTRASLIST)
         return FALSE;
@@ -1262,7 +1264,7 @@ VOID DrvDlgOnInit(
         // Set listview imagelist, style flags and theme.
         //
         supSetListViewSettings(pDlgContext->ListView,
-            LVS_EX_FULLROWSELECT | LVS_EX_DOUBLEBUFFER | LVS_EX_LABELTIP,
+            LVS_EX_FULLROWSELECT | LVS_EX_DOUBLEBUFFER | LVS_EX_INFOTIP | LVS_EX_LABELTIP,
             FALSE,
             TRUE,
             g_ListViewImages,
@@ -1360,7 +1362,8 @@ INT_PTR CALLBACK DrvDlgProc(
         if (pDlgContext) {
             DrvDlgHandleNotify(
                 (LPNMLISTVIEW)lParam,
-                pDlgContext);
+                pDlgContext,
+                lParam);
         }
         break;
 

Source/WinObjEx64/extras/extrasPSList.c

@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2019 - 2022
+*  (C) COPYRIGHT AUTHORS, 2019 - 2023
 *
 *  TITLE:       EXTRASPSLIST.C
 *
-*  VERSION:     2.00
+*  VERSION:     2.01
 *
-*  DATE:        19 Jun 2022
+*  DATE:        06 Feb 2023
 *
 * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
 * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -1110,7 +1110,7 @@ DWORD WINAPI CreateThreadListProc(
                 //
                 szBuffer[0] = 0;
                 if (startAddress > g_kdctx.SystemRangeStart && pModules) {
-                    if (!ntsupFindModuleNameByAddress(
+                    if (NULL == ntsupFindModuleNameByAddress(
                         pModules,
                         (PVOID)startAddress,
                         szBuffer,

Source/WinObjEx64/props/propObjectDump.c

@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2015 - 2022
+*  (C) COPYRIGHT AUTHORS, 2015 - 2023
 *
 *  TITLE:       PROPOBJECTDUMP.C
 *
-*  VERSION:     2.00
+*  VERSION:     2.01
 *
-*  DATE:        19 Jun 2022
+*  DATE:        06 Feb 2023
 *
 * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
 * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -141,25 +141,28 @@ HTREEITEM propObDumpAddress(
 }
 
 /*
-* propObDumpAddressWithModule
+* propObDumpAddressWithModuleEx
 *
 * Purpose:
 *
-* Dump given Address to the treelist with module check.
+* Dump given Address to the treelist with module check, add offset to output if required.
 *
 */
-VOID propObDumpAddressWithModule(
+VOID propObDumpAddressWithModuleEx(
     _In_ HWND TreeList,
     _In_ HTREEITEM hParent,
     _In_ LPWSTR Name,
     _In_opt_ PVOID Address,
     _In_ PRTL_PROCESS_MODULES pModules,
     _In_opt_ PVOID SelfDriverBase,
-    _In_ ULONG SelfDriverSize
+    _In_ ULONG SelfDriverSize,
+    _In_ BOOL AddOffset
 )
 {
     TL_SUBITEMS_FIXED subitems;
-    WCHAR szValue[32], szModuleName[MAX_PATH * 2];
+    WCHAR szValue[32], szOffset[64], szModuleName[MAX_PATH * 2];
+    PRTL_PROCESS_MODULE_INFORMATION moduleEntry;
+    ULONG_PTR offset;
 
     RtlSecureZeroMemory(&subitems, sizeof(subitems));
     subitems.Count = 2;
@@ -184,7 +187,18 @@ VOID propObDumpAddressWithModule(
                 subitems.BgColor = CLR_HOOK;
             }
         }
-        if (ntsupFindModuleNameByAddress(pModules, Address, _strend(szModuleName), MAX_PATH)) {
+
+        moduleEntry = (PRTL_PROCESS_MODULE_INFORMATION)ntsupFindModuleNameByAddress(pModules, 
+            Address, 
+            _strend(szModuleName), 
+            MAX_PATH);
+
+        if (NULL != moduleEntry) {
+            if (AddOffset) {
+                offset = (ULONG_PTR)Address - (ULONG_PTR)moduleEntry->ImageBase;
+                RtlStringCchPrintfSecure(szOffset, RTL_NUMBER_OF(szOffset), L"+0x%lX", offset);
+                _strcat(szModuleName, szOffset);
+            }
             subitems.Text[1] = szModuleName;
         }
         else {
@@ -205,6 +219,9 @@ VOID propObDumpAddressWithModule(
         &subitems);
 }
 
+#define propObDumpAddressWithModule(TreeList, hParent, Name, Address, pModules, SelfDriverBase, SelfDriverSize) \
+    propObDumpAddressWithModuleEx(TreeList, hParent, Name, Address, pModules, SelfDriverBase, SelfDriverSize, FALSE)
+
 /*
 * propObDumpPushLock
 *
@@ -1551,13 +1568,14 @@ PROP_OBJECT_DUMP_ROUTINE(propObDumpDriverObject)
         }
 
         //DRIVER_OBJECT->MajorFunction[i]
-        propObDumpAddressWithModule(hwndTreeList,
+        propObDumpAddressWithModuleEx(hwndTreeList,
             h_tviSubItem,
             T_IRP_MJ_FUNCTION[i],
             drvObject.MajorFunction[i],
             pModules,
             ldrEntry.DllBase,
-            ldrEntry.SizeOfImage);
+            ldrEntry.SizeOfImage,
+            TRUE);
     }
 
     //

Source/WinObjEx64/sup/sup.c

@@ -6,7 +6,7 @@
 *
 *  VERSION:     2.01
 *
-*  DATE:        01 Mar 2023
+*  DATE:        10 Mar 2023
 *
 * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
 * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -41,6 +41,7 @@ OBEX_DEFINE_GUID(ShimATADeviceId, 0x26665D57, 0x2158, 0x4E4B, 0xA9, 0x59, 0xC9,
 OBEX_DEFINE_GUID(ShimBluetoothFilterPower, 0x6AD90DAD, 0xC144, 0x4E9D, 0xA0, 0xCF, 0xAE, 0x9F, 0xCB, 0x90, 0x1E, 0xBD);
 OBEX_DEFINE_GUID(ShimUsbConexant, 0xFD8FD62E, 0x4D94, 0x4FC7, 0x8A, 0x68, 0xBF, 0xF7, 0x86, 0x5A, 0x70, 0x6B);
 OBEX_DEFINE_GUID(ShimNokiaPCSuite, 0x7DD60997, 0x651F, 0x4ECB, 0xB8, 0x93, 0xBE, 0xC8, 0x05, 0x0F, 0x3B, 0xD7);
+OBEX_DEFINE_GUID(ShimCetCompat, 0x31971B07, 0x71A4, 0x480A, 0x87, 0xA9, 0xD9, 0xD2, 0x76, 0x99, 0xA0, 0x7E);
 
 SUP_SHIM_INFO KsepShimInformation[] = {
     { L"DriverScope", (GUID*)&ShimDriverScope, L"ETW event logger", L"ntos" },
@@ -59,7 +60,8 @@ SUP_SHIM_INFO KsepShimInformation[] = {
     { L"ATADeviceIdShim", (GUID*)&ShimATADeviceId, L"SATA compatibility shim", L"storport" },
     { L"BluetoothFilterPowerShim", (GUID*)&ShimBluetoothFilterPower, L"Bluetooth filter driver compatibility shim", L"bthport" },
     { L"UsbConexantShim", (GUID*)&ShimUsbConexant, L"USB modem compatibility shim", L"usbd" },
-    { L"NokiaShim", (GUID*)&ShimNokiaPCSuite, L"Nokia PC Suite compatibility shim", L"usbd" }
+    { L"NokiaShim", (GUID*)&ShimNokiaPCSuite, L"Nokia PC Suite compatibility shim", L"usbd" },
+    { L"UserCetBasicModeAllowRetTargetNotCetCompat", (GUID*)&ShimCetCompat, L"CET compatibility shim", L"ntos"}
 };
 
 LIST_ENTRY supShutdownListHead;

WinObjEx64.sha256

@@ -5,7 +5,7 @@ fa001b1ac9bbbb6c954d5dd609de60fa2b0277a6cfe35f6428591e4b4b1e8453 *Compiled\WHATS
 d3c54e144f4ea198d761a0c89764d6cd39da19c0aa51661a9f37135e4f842a85 *Compiled\WHATSNEW_190.md
 c4205a94f6ed7ff8e26b318712acaab2d2d849fa97e7d92325d25cae49200c01 *Compiled\WHATSNEW_200.md
 6cf95bbc0628a71ea8374cfdc114cdee6ad02f05178f4da60c6874436a9a956b *Compiled\WinObjEx64.chm
-09cd3767b137b45ed322d27139f2bf8fa970d712c9b4b10cc4b65475821781d2 *Compiled\WinObjEx64.exe
+3fdd519ab2eca8501a1fc41af20a212b2a211ad94167f595218adaec6c927b3c *Compiled\WinObjEx64.exe
 b7d674453e9734472f85bd4ca3c53651e0702f32b5a801fce014a74b4d255bae *Compiled\plugins\ApiSetView.dll
 24a64aa290d1c21deae5029db957df728041006ef69087ad947eee8d4482881c *Compiled\plugins\ExamplePlugin.dll
 50b4c0ad3b58ac10fb0e2d386ce92287f9e30e0580d9f5b4b99a191f08d5b8ef *Compiled\plugins\ImageScope.dll
@@ -128,8 +128,8 @@ b8b228021a6f3ae2c364a433db66617b93e8e38fbfb0de5235d2b1b3c6612892 *Source\Shared\
 69a2ac18f7ae51f231ff70195e914fdf1331564d7e109d052d8c0e6f2c6760a4 *Source\Shared\ntos\ntldr.c
 083d71cbe45e72854cfc45e20b85ec805c8dd66f18c3a111236195a980c44333 *Source\Shared\ntos\ntldr.h
 54e70129964d3055b02d59d9145074a75d68453e10044018a217851302e0e00e *Source\Shared\ntos\ntos.h
-c3f59dbf186639273c178bbdc4abcb1e6ec57548878bba1f3a2f5c1e5b51cc37 *Source\Shared\ntos\ntsup.c
-d13b52d213b3ce13d75214e1aa42f3058f5da449dc60412e48cbf9f8a4c6c3ce *Source\Shared\ntos\ntsup.h
+23e915c7dac2ff0e6786f09f5efd19080e3411f14fdb89567222baae404e21e7 *Source\Shared\ntos\ntsup.c
+f6aff637e024941c8f41c3e4f9ff3449377ab7ba7a28ec28ffe4bc736acc81ef *Source\Shared\ntos\ntsup.h
 9988958033a3019273cadc83bfcdc8246d171df91fb6d6628ad933f03e58c1c6 *Source\Shared\ntuser\ntuser.h
 1ec471eaeaec9402fb4a71f25ea7aa44de3a169f346ccaf873001dfbc59987c4 *Source\Shared\sdk\extdef.h
 07da31bbf0fbb8e3fbf06f5b1557cb4415f267008834684617dfdadb93a4b25f *Source\Shared\tabs\tabsctrl.c
@@ -191,11 +191,11 @@ a22fd439c6839ff2e323882131a1245d9a195f4b34d78721386607f597d36634 *Source\WinObjE
 84c5fc8bd44f3f2ebc7dd30dbe7539140dc9a3061c247093b95c094ddf20aad5 *Source\WinObjEx64\extras\extrasCallbacks.c
 b33ada355b61038982d48a33fcd96fc7caa482d2b8930cb72413f4136829c402 *Source\WinObjEx64\extras\extrasCallbacksPatterns.h
 c8b4e586ecc57676fec72f22e581e8e08a255c1842be2bdf741d8a224f1d880f *Source\WinObjEx64\extras\extrasCmOpt.c
-09cd3f0d01126541849539f7d106ebbbcd60a54adac65a8b0a546cc8013ff33d *Source\WinObjEx64\extras\extrasDrivers.c
+f5cbead3cff12e48d6752527b495fce492516254574a3a5b314a00909589cff9 *Source\WinObjEx64\extras\extrasDrivers.c
 3a3c13c29c978ff4c093b9bba5eca9118601ebf5a90386371ddec6b5576ff419 *Source\WinObjEx64\extras\extrasHandlers.h
 313c4a71e7641fcc9205516e7f0352dd0dbf1ea5c7631ee5e0104668a08ab74b *Source\WinObjEx64\extras\extrasIPC.c
 0d9082b4fad1ec1fbf5def9be3b0f15ad3739383634afa933ae3b75dfa90873a *Source\WinObjEx64\extras\extrasPN.c
-4bf45285d57585e2e25c19b9bc69c1404d22c041273ccc5186dfa9dcf4e3255b *Source\WinObjEx64\extras\extrasPSList.c
+e42a6f89618694e90e8cbe87241b2ae91847c4f73443f34cdaea79417ef022c9 *Source\WinObjEx64\extras\extrasPSList.c
 f9bed7da6da06ed76c944aa1513694f23e967782b25f9dffe29edf33458733c9 *Source\WinObjEx64\extras\extrasSL.c
 5d2a9becc036204d533dbc0962fda5bab1efa6697173ab58a839abfe8eb279b2 *Source\WinObjEx64\extras\extrasSSDT.c
 a16e474e86b4bf5dbf3f238ee29587352c45ec0499902f15f2ca706d4c9fc050 *Source\WinObjEx64\extras\extrasUSD.c
@@ -213,7 +213,7 @@ c3e517ef7a11a350890fe77aaba8760444f3d28ab9c872780f374a71d8f87333 *Source\WinObjE
 921dbe5ceed4f5a3d185227ee401291067b477ee2f14615b3e6753627ee65167 *Source\WinObjEx64\props\propDlg.c
 11dbe7d95c1cdf63650c87b8d8fbc059fa812e9b2982041aa20eb3812cd460c7 *Source\WinObjEx64\props\propDlg.h
 24a93fbf8a3b305cce6cf0a44ff2e2eb73450dca784bd7648ea7ce3c553fa801 *Source\WinObjEx64\props\propDriver.c
-5189fbc7e0582818850ea839f9da5d66d6b0d582589e54b79d199eb9b17e6e33 *Source\WinObjEx64\props\propObjectDump.c
+186d00c7c31876251b13397255a18bb595ac583abd25b39dc44cb98784b916fb *Source\WinObjEx64\props\propObjectDump.c
 c272693b113ab89cf47a299f253dac2c91db4d0870bb4e11e47d936b9145400b *Source\WinObjEx64\props\propObjectDumpConsts.h
 925149939d9b7bb94cbb0daf7683b7b13575c9d9e9499ebfec7751e8219864bf *Source\WinObjEx64\props\propProcess.c
 b8d3fc4cb86b5d9d7d3bc5cb94b3e58fa33002c3f1160d8e874b3878aa6e8e99 *Source\WinObjEx64\props\props.h
@@ -282,7 +282,7 @@ d4876437f5ea4c307b3894ff6a4ccd10922a366167104bb78b1103ebadd4f483 *Source\WinObjE
 0a0782e65543df1fb04f4f747cf375f109d5c673b7d0641e4bb61025ffdb9044 *Source\WinObjEx64\rsrc\obex.manifest
 9c908e205f42861f5ce840cf07886009fe7fad09352820508757ae8d8f6a34ae *Source\WinObjEx64\rsrc\pipe.ico
 92dc90794153274f263de95bad0a7ffb9539c38755f5cd46d45ee1e988a6411e *Source\WinObjEx64\rsrc\security.ico
-d46a2e5c61d62a192fd8193ae2a10ec3fc577a2419b161bd73a26c78dfa7e87d *Source\WinObjEx64\sup\sup.c
+713091870b581d40bdb4b7564f2e60aea1d7f23ffd1a7c7d4a726b9807cb273f *Source\WinObjEx64\sup\sup.c
 8115f38f1f1ba91df5f99cab3892ec150c3f2ad698da53f420b04a678d96c664 *Source\WinObjEx64\sup\sup.h
 ccc88a804d4694e9ba3f97a5678d9595465e6f9afe0ec9b9613cf7c9808703a5 *Source\WinObjEx64\sup\sync.c
 11af5dbe0036bb3e36607e5446cf9ec07895e49fd5137b23933bbe3830293587 *Source\WinObjEx64\sup\wine.c