Awesome
Musa.Core
Introduction
Warning
Musa.Core is in beta testing...
Musa.Core is a derivative of the underlying API implementation of Musa.Runtime (formerly ucxxrt).
Use ntdll/ntoskrnl to implement Kernel32, Advapi32 and other APIs. It includes user-mode and kernel-mode.
How to use
Right click on the project, select "Manage NuGet Packages".
Search for Musa.Core
, choose the version that suits you, and then click "Install".
NuGet package depends on Musa.Veil, you can directly include
<Veil.h>
Or
If your project template uses Mile.Project.Windows, you can add the following code directly to your .vcxproj
file:
<ItemGroup>
<PackageReference Include="Musa.Core">
<!-- Expected version -->
<Version>0.1.0</Version>
</PackageReference>
</ItemGroup>
Header-only mode
Add the following code to your .vcxproj
file:
<PropertyGroup>
<MusaCoreOnlyHeader>true</MusaCoreOnlyHeader>
</PropertyGroup>
This mode will not automatically import lib files.
Feature
-
All ZwRoutines supported by the current system can be used directly.
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) { UNREFERENCED_PARAMETER(DriverObject); UNREFERENCED_PARAMETER(RegistryPath); NTSTATUS Status; do { DriverObject->DriverUnload = DriverUnload; Status = MusaCoreStartup(DriverObject, RegistryPath); if (!NT_SUCCESS(Status)) { break; } LARGE_INTEGER SystemTime{}; Status = ZwQuerySystemTime(&SystemTime); if (!NT_SUCCESS(Status)) { break; } Status = RtlSystemTimeToLocalTime(&SystemTime, &SystemTime); if (!NT_SUCCESS(Status)) { break; } TIME_FIELDS Time{}; RtlTimeToTimeFields(&SystemTime, &Time); MusaLOG("Loading time is %04d/%02d/%02d %02d:%02d:%02d", Time.Year, Time.Month, Time.Day, Time.Hour, Time.Minute, Time.Second); } while (false); if (!NT_SUCCESS(Status)) { DriverUnload(DriverObject); } return Status; }
-
Support part of RtlXxxx API.
-
Support part of KernelBase API.
-
Support part of Advapi32 API.
Progress
See Project
Acknowledgements
Thanks to JetBrains for providing free licenses such as Resharper C++ for my open-source projects.
Thanks & References
- Thanks: The scheme to export ZwRoutines is provided by @xiaobfly.
- References: systeminformer/phnt
- References: Windows_OS_Internals_Curriculum_Resource_Kit-ACADEMIC