update Capstone submodule

DdiMon.sln

@@ -5,7 +5,7 @@ VisualStudioVersion = 14.0.25123.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DdiMon", "DdiMon\DdiMon.vcxproj", "{B20D17DD-453E-4420-B691-4EB4B9AE3A15}"
  ProjectSection(ProjectDependencies) = postProject
- {5B01D900-2359-44CA-9914-6B0C6AFB7BE7} = {5B01D900-2359-44CA-9914-6B0C6AFB7BE7}
+ {4789478F-9738-40BB-9CD0-D2034A2AC35B} = {4789478F-9738-40BB-9CD0-D2034A2AC35B}
  EndProjectSection
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{3F4B87F6-9967-4C6F-B1A4-010B6C19ED8D}"
@@ -17,7 +17,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
  README.md = README.md
  EndProjectSection
 EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "capstone_static", "capstone\msvc\capstone_static\capstone_static.vcxproj", "{5B01D900-2359-44CA-9914-6B0C6AFB7BE7}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "capstone_static_driver", "capstone\msvc\capstone_static\capstone_static_driver.vcxproj", "{4789478F-9738-40BB-9CD0-D2034A2AC35B}"
 EndProject
 Global
  GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -39,14 +39,14 @@ Global
  {B20D17DD-453E-4420-B691-4EB4B9AE3A15}.Release|x86.ActiveCfg = Release|Win32
  {B20D17DD-453E-4420-B691-4EB4B9AE3A15}.Release|x86.Build.0 = Release|Win32
  {B20D17DD-453E-4420-B691-4EB4B9AE3A15}.Release|x86.Deploy.0 = Release|Win32
- {5B01D900-2359-44CA-9914-6B0C6AFB7BE7}.Debug|x64.ActiveCfg = Debug_WDK|x64
- {5B01D900-2359-44CA-9914-6B0C6AFB7BE7}.Debug|x64.Build.0 = Debug_WDK|x64
- {5B01D900-2359-44CA-9914-6B0C6AFB7BE7}.Debug|x86.ActiveCfg = Debug_WDK|Win32
- {5B01D900-2359-44CA-9914-6B0C6AFB7BE7}.Debug|x86.Build.0 = Debug_WDK|Win32
- {5B01D900-2359-44CA-9914-6B0C6AFB7BE7}.Release|x64.ActiveCfg = Release_WDK|x64
- {5B01D900-2359-44CA-9914-6B0C6AFB7BE7}.Release|x64.Build.0 = Release_WDK|x64
- {5B01D900-2359-44CA-9914-6B0C6AFB7BE7}.Release|x86.ActiveCfg = Release_WDK|Win32
- {5B01D900-2359-44CA-9914-6B0C6AFB7BE7}.Release|x86.Build.0 = Release_WDK|Win32
+ {4789478F-9738-40BB-9CD0-D2034A2AC35B}.Debug|x64.ActiveCfg = Debug_WDK|x64
+ {4789478F-9738-40BB-9CD0-D2034A2AC35B}.Debug|x64.Build.0 = Debug_WDK|x64
+ {4789478F-9738-40BB-9CD0-D2034A2AC35B}.Debug|x86.ActiveCfg = Debug_WDK|Win32
+ {4789478F-9738-40BB-9CD0-D2034A2AC35B}.Debug|x86.Build.0 = Debug_WDK|Win32
+ {4789478F-9738-40BB-9CD0-D2034A2AC35B}.Release|x64.ActiveCfg = Release_WDK|x64
+ {4789478F-9738-40BB-9CD0-D2034A2AC35B}.Release|x64.Build.0 = Release_WDK|x64
+ {4789478F-9738-40BB-9CD0-D2034A2AC35B}.Release|x86.ActiveCfg = Release_WDK|Win32
+ {4789478F-9738-40BB-9CD0-D2034A2AC35B}.Release|x86.Build.0 = Release_WDK|Win32
  EndGlobalSection
  GlobalSection(SolutionProperties) = preSolution
  HideSolutionNode = FALSE

DdiMon/shadow_hook.cpp

@@ -83,7 +83,7 @@ struct ShadowHookData {
 struct TrampolineCode {
  UCHAR nop;
  UCHAR jmp[6];
- void* FunctionAddress;
+ void* address;
 };
 static_assert(sizeof(TrampolineCode) == 15, "Size check");
 
@@ -92,7 +92,7 @@ static_assert(sizeof(TrampolineCode) == 15, "Size check");
 struct TrampolineCode {
  UCHAR nop;
  UCHAR push;
- void* FunctionAddress;
+ void* address;
  UCHAR ret;
 };
 static_assert(sizeof(TrampolineCode) == 7, "Size check");
@@ -140,12 +140,13 @@ static void ShpSetMonitorTrapFlag(_In_ ShadowHookData* sh_data,
  _In_ bool enable);
 
 static void ShpSaveLastHookInfo(_In_ ShadowHookData* sh_data,
-  _In_ const HookInformation& info);
+ _In_ const HookInformation& info);
 
 static const HookInformation* ShpRestoreLastHookInfo(
  _In_ ShadowHookData* sh_data);
 
-static bool ShpIsShadowHookActive(_In_ const SharedShadowHookData* shared_sh_data);
+static bool ShpIsShadowHookActive(
+ _In_ const SharedShadowHookData* shared_sh_data);
 
 #if defined(ALLOC_PRAGMA)
 #pragma alloc_text(INIT, ShAllocateShadowHookData)
@@ -210,7 +211,7 @@ _Use_decl_annotations_ EXTERN_C NTSTATUS ShEnableHooks() {
 
  return UtilForEachProcessor(
  [](void*) {
- return UtilVmCall(HypercallNumber::kSbpEnablePageShadowing, nullptr);
+ return UtilVmCall(HypercallNumber::kShEnablePageShadowing, nullptr);
  },
  nullptr);
 }
@@ -221,7 +222,7 @@ _Use_decl_annotations_ EXTERN_C NTSTATUS ShDisableHooks() {
 
  return UtilForEachProcessor(
  [](void*) {
- return UtilVmCall(HypercallNumber::kSbpDisablePageShadowing, nullptr);
+ return UtilVmCall(HypercallNumber::kShDisablePageShadowing, nullptr);
  },
  nullptr);
 }
@@ -342,7 +343,7 @@ ShpCreateHookInformation(SharedShadowHookData* shared_sh_data, void* address,
  info->shadow_page_base_for_rw = reusable_info->shadow_page_base_for_rw;
  info->shadow_page_base_for_exec = reusable_info->shadow_page_base_for_exec;
  } else {
- // This hook is for a page that is not currently have any hooks (ie not 
+ // This hook is for a page that is not currently have any hooks (ie not
  // shadowed). Creates shadow pages.
  info->shadow_page_base_for_rw = std::make_shared<Page>();
  info->shadow_page_base_for_exec = std::make_shared<Page>();
@@ -429,8 +430,9 @@ _Use_decl_annotations_ EXTERN_C static SIZE_T ShpGetInstructionSize(
 
  static const auto kLongestInstSize = 15;
  cs_insn* instructions = nullptr;
- const auto count = cs_disasm(handle, reinterpret_cast<uint8_t*>(address), kLongestInstSize,
- reinterpret_cast<uint64_t>(address), 1, &instructions);
+ const auto count =
+ cs_disasm(handle, reinterpret_cast<uint8_t*>(address), kLongestInstSize,
+ reinterpret_cast<uint64_t>(address), 1, &instructions);
  if (count == 0) {
  cs_close(&handle);
  KeRestoreFloatingPointState(&float_save);
@@ -577,7 +579,7 @@ _Use_decl_annotations_ static void ShpSaveLastHookInfo(
  sh_data->last_hook_info = &info;
 }
 
-// Retrieves the last HookInformation 
+// Retrieves the last HookInformation
 _Use_decl_annotations_ static const HookInformation* ShpRestoreLastHookInfo(
  ShadowHookData* sh_data) {
  NT_ASSERT(sh_data->last_hook_info);