format

mrexodia · mrexodia · commit 7e6fb237ade8 · 2016-06-27T00:39:17.000+02:00
diff --git a/DeviceNameResolver.cpp b/DeviceNameResolver.cpp
@@ -6,26 +6,26 @@
 extern "C" __declspec(dllexport) bool DevicePathToPathW(const wchar_t* szDevicePath, wchar_t* szPath, size_t nSize)
 {
     DeviceNameResolver deviceNameResolver;
-    wchar_t targetPath[MAX_PATH]=L"";
+    wchar_t targetPath[MAX_PATH] = L"";
     if(!deviceNameResolver.resolveDeviceLongNameToShort(szDevicePath, targetPath))
         return false;
-    wcscpy_s(szPath, nSize/sizeof(wchar_t), targetPath);
+    wcscpy_s(szPath, nSize / sizeof(wchar_t), targetPath);
     return true;
 }
 
 extern "C" __declspec(dllexport) bool DevicePathToPathA(const char* szDevicePath, char* szPath, size_t nSize)
 {
     size_t len = strlen(szDevicePath);
-    DynBuf newDevicePathBuf((len+1)*sizeof(wchar_t));
+    DynBuf newDevicePathBuf((len + 1)*sizeof(wchar_t));
     wchar_t* newDevicePath = (wchar_t*)newDevicePathBuf.GetPtr();
-    *newDevicePath=L'\0';
-    if(MultiByteToWideChar(CP_ACP, NULL, szDevicePath, -1, newDevicePath, (int)len+1))
+    *newDevicePath = L'\0';
+    if(MultiByteToWideChar(CP_ACP, NULL, szDevicePath, -1, newDevicePath, (int)len + 1))
     {
-        DynBuf newPathBuf(nSize*sizeof(wchar_t));
+        DynBuf newPathBuf(nSize * sizeof(wchar_t));
         wchar_t* newPath = (wchar_t*)newPathBuf.GetPtr();
-        if(!DevicePathToPathW(newDevicePath, newPath, nSize*sizeof(wchar_t)))
+        if(!DevicePathToPathW(newDevicePath, newPath, nSize * sizeof(wchar_t)))
             return false;
-        if(!WideCharToMultiByte(CP_ACP, NULL, newPath, -1, szPath, (int)wcslen(newPath)+1, NULL, NULL))
+        if(!WideCharToMultiByte(CP_ACP, NULL, newPath, -1, szPath, (int)wcslen(newPath) + 1, NULL, NULL))
             return false;
     }
     return true;
@@ -35,18 +35,18 @@ __declspec(dllexport) bool DevicePathFromFileHandleW(HANDLE hFile, wchar_t* szDe
 {
     NativeWinApi::initialize();
     ULONG ReturnLength;
-    bool bRet=false;
-    if(NativeWinApi::NtQueryObject(hFile, ObjectNameInformation, 0, 0, &ReturnLength)==STATUS_INFO_LENGTH_MISMATCH)
+    bool bRet = false;
+    if(NativeWinApi::NtQueryObject(hFile, ObjectNameInformation, 0, 0, &ReturnLength) == STATUS_INFO_LENGTH_MISMATCH)
     {
-        ReturnLength+=0x2000; //on Windows XP SP3 ReturnLength will not be set just add some buffer space to fix this
-        POBJECT_NAME_INFORMATION NameInformation=(POBJECT_NAME_INFORMATION)GlobalAlloc(0, ReturnLength);
-        if(NativeWinApi::NtQueryObject(hFile, ObjectNameInformation, NameInformation, ReturnLength, 0)==STATUS_SUCCESS)
+        ReturnLength += 0x2000; //on Windows XP SP3 ReturnLength will not be set just add some buffer space to fix this
+        POBJECT_NAME_INFORMATION NameInformation = (POBJECT_NAME_INFORMATION)GlobalAlloc(0, ReturnLength);
+        if(NativeWinApi::NtQueryObject(hFile, ObjectNameInformation, NameInformation, ReturnLength, 0) == STATUS_SUCCESS)
         {
-            NameInformation->Name.Buffer[NameInformation->Name.Length/2]=L'\0'; //null-terminate the UNICODE_STRING
-            if(wcslen(NameInformation->Name.Buffer)<nSize)
+            NameInformation->Name.Buffer[NameInformation->Name.Length / 2] = L'\0'; //null-terminate the UNICODE_STRING
+            if(wcslen(NameInformation->Name.Buffer) < nSize)
             {
-                wcscpy_s(szDevicePath, nSize/sizeof(wchar_t), NameInformation->Name.Buffer);
-                bRet=true;
+                wcscpy_s(szDevicePath, nSize / sizeof(wchar_t), NameInformation->Name.Buffer);
+                bRet = true;
             }
         }
         GlobalFree(NameInformation);
@@ -66,52 +66,52 @@ __declspec(dllexport) bool DevicePathFromFileHandleW(HANDLE hFile, wchar_t* szDe
 
 __declspec(dllexport) bool DevicePathFromFileHandleA(HANDLE hFile, char* szDevicePath, size_t nSize)
 {
-    DynBuf newDevicePathBuf(nSize*sizeof(wchar_t));
+    DynBuf newDevicePathBuf(nSize * sizeof(wchar_t));
     wchar_t* newDevicePath = (wchar_t*)newDevicePathBuf.GetPtr();
-    if(!DevicePathFromFileHandleW(hFile, newDevicePath, nSize*sizeof(wchar_t)))
+    if(!DevicePathFromFileHandleW(hFile, newDevicePath, nSize * sizeof(wchar_t)))
         return false;
-    if(!WideCharToMultiByte(CP_ACP, NULL, newDevicePath, -1, szDevicePath, (int)wcslen(newDevicePath)+1, NULL, NULL))
+    if(!WideCharToMultiByte(CP_ACP, NULL, newDevicePath, -1, szDevicePath, (int)wcslen(newDevicePath) + 1, NULL, NULL))
         return false;
     return true;
 }
 
 __declspec(dllexport) bool PathFromFileHandleW(HANDLE hFile, wchar_t* szPath, size_t nSize)
 {
-    typedef DWORD (WINAPI* GETFINALPATHNAMEBYHANDLEW) (
+    typedef DWORD (WINAPI * GETFINALPATHNAMEBYHANDLEW)(
         IN HANDLE hFile,
         OUT wchar_t* lpszFilePath,
         IN DWORD cchFilePath,
         IN DWORD dwFlags
-        );
-    static GETFINALPATHNAMEBYHANDLEW GetFPNBHW=(GETFINALPATHNAMEBYHANDLEW)GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetFinalPathNameByHandleW");
-    if(GetFPNBHW && GetFPNBHW(hFile, szPath, (DWORD)(nSize/sizeof(wchar_t)), 0))
+    );
+    static GETFINALPATHNAMEBYHANDLEW GetFPNBHW = (GETFINALPATHNAMEBYHANDLEW)GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetFinalPathNameByHandleW");
+    if(GetFPNBHW && GetFPNBHW(hFile, szPath, (DWORD)(nSize / sizeof(wchar_t)), 0))
     {
         if(_wcsnicmp(szPath, L"\\\\?\\UNC\\", 8) == 0) // Server path
         {
             wcscpy_s(szPath, nSize / sizeof(wchar_t), L"\\\\");
             wcscat_s(szPath, nSize / sizeof(wchar_t), &szPath[8]);
         }
-        else if(_wcsnicmp(szPath, L"\\\\?\\", 4) == 0 && szPath[5]==L':') // Drive path
+        else if(_wcsnicmp(szPath, L"\\\\?\\", 4) == 0 && szPath[5] == L':') // Drive path
         {
-            wcscpy_s(szPath, nSize/sizeof(wchar_t), &szPath[4]);
+            wcscpy_s(szPath, nSize / sizeof(wchar_t), &szPath[4]);
         }
         return true;
     }
     if(!DevicePathFromFileHandleW(hFile, szPath, nSize))
         return false;
     std::wstring oldPath(szPath);
-    if (!DevicePathToPathW(szPath, szPath, nSize))
+    if(!DevicePathToPathW(szPath, szPath, nSize))
         wcscpy_s(szPath, nSize / sizeof(wchar_t), oldPath.c_str());
     return true;
 }
 
 __declspec(dllexport) bool PathFromFileHandleA(HANDLE hFile, char* szPath, size_t nSize)
 {
-    DynBuf newDevicePathBuf(nSize*sizeof(wchar_t));
+    DynBuf newDevicePathBuf(nSize * sizeof(wchar_t));
     wchar_t* newDevicePath = (wchar_t*)newDevicePathBuf.GetPtr();
-    if (!PathFromFileHandleW(hFile, newDevicePath, nSize*sizeof(wchar_t)))
+    if(!PathFromFileHandleW(hFile, newDevicePath, nSize * sizeof(wchar_t)))
         return false;
-    if (!WideCharToMultiByte(CP_ACP, NULL, newDevicePath, -1, szPath, (int)wcslen(newDevicePath) + 1, NULL, NULL))
+    if(!WideCharToMultiByte(CP_ACP, NULL, newDevicePath, -1, szPath, (int)wcslen(newDevicePath) + 1, NULL, NULL))
         return false;
     return true;
 }
diff --git a/DeviceNameResolverInternal.cpp b/DeviceNameResolverInternal.cpp
@@ -22,10 +22,10 @@ void DeviceNameResolver::initDeviceNameList()
 
     deviceNameList.reserve(3);
 
-    for ( TCHAR shortD = TEXT('a'); shortD <= TEXT('z'); shortD++ )
+    for(TCHAR shortD = TEXT('a'); shortD <= TEXT('z'); shortD++)
     {
         shortName[0] = shortD;
-        if (QueryDosDevice( shortName, longName, MAX_PATH ) > 0)
+        if(QueryDosDevice(shortName, longName, MAX_PATH) > 0)
         {
             hardDisk.shortName[0] = _totupper(shortD);
             hardDisk.shortName[1] = TEXT(':');
@@ -41,11 +41,11 @@ void DeviceNameResolver::initDeviceNameList()
     fixVirtualDevices();
 }
 
-bool DeviceNameResolver::resolveDeviceLongNameToShort(const TCHAR * sourcePath, TCHAR * targetPath)
+bool DeviceNameResolver::resolveDeviceLongNameToShort(const TCHAR* sourcePath, TCHAR* targetPath)
 {
-    for (unsigned int i = 0; i < deviceNameList.size(); i++)
+    for(unsigned int i = 0; i < deviceNameList.size(); i++)
     {
-        if (!_tcsnicmp(deviceNameList.at(i).longName, sourcePath, deviceNameList.at(i).longNameLength) && sourcePath[deviceNameList.at(i).longNameLength]==TEXT('\\'))
+        if(!_tcsnicmp(deviceNameList.at(i).longName, sourcePath, deviceNameList.at(i).longNameLength) && sourcePath[deviceNameList.at(i).longNameLength] == TEXT('\\'))
         {
             _tcscpy_s(targetPath, MAX_PATH, deviceNameList.at(i).shortName);
             _tcscat_s(targetPath, MAX_PATH, sourcePath + deviceNameList.at(i).longNameLength);
@@ -67,10 +67,10 @@ void DeviceNameResolver::fixVirtualDevices()
     HardDisk hardDisk;
 
     unicodeOutput.Buffer = (PWSTR)malloc(BufferSize);
-    if (!unicodeOutput.Buffer)
+    if(!unicodeOutput.Buffer)
         return;
 
-    for (unsigned int i = 0; i < deviceNameList.size(); i++)
+    for(unsigned int i = 0; i < deviceNameList.size(); i++)
     {
         wcscpy_s(longCopy, deviceNameList.at(i).longName);
 
@@ -83,7 +83,7 @@ void DeviceNameResolver::fixVirtualDevices()
             unicodeOutput.MaximumLength = unicodeOutput.Length;
             ZeroMemory(unicodeOutput.Buffer, unicodeOutput.Length);
 
-            if (NT_SUCCESS(NativeWinApi::NtQuerySymbolicLinkObject(hFile, &unicodeOutput, &retLen)))
+            if(NT_SUCCESS(NativeWinApi::NtQuerySymbolicLinkObject(hFile, &unicodeOutput, &retLen)))
             {
                 hardDisk.longNameLength = wcslen(unicodeOutput.Buffer);
                 wcscpy_s(hardDisk.shortName, deviceNameList.at(i).shortName);
diff --git a/DeviceNameResolverInternal.h b/DeviceNameResolverInternal.h
@@ -20,7 +20,7 @@ class DeviceNameResolver
 public:
     DeviceNameResolver();
     ~DeviceNameResolver();
-    bool resolveDeviceLongNameToShort(const TCHAR * sourcePath, TCHAR * targetPath);
+    bool resolveDeviceLongNameToShort(const TCHAR* sourcePath, TCHAR* targetPath);
 private:
     std::vector<HardDisk> deviceNameList;
 
diff --git a/DynBuf.h b/DynBuf.h
@@ -9,15 +9,15 @@ A basic dynamic buffer, exception free.
 class DynBuf
 {
 public:
-    DynBuf(size_t sz=0)
+    DynBuf(size_t sz = 0)
     {
         Allocate(sz);
     }
     typedef std::vector<char> DynBufVec;
 
     void* Allocate(size_t sz)
     {
-        void* r=NULL;
+        void* r = NULL;
         try
         {
             if(Size() < sz)
@@ -43,11 +43,11 @@ class DynBuf
     {
         mem.clear();
     }
-    DynBufVec& GetVector()
+    DynBufVec & GetVector()
     {
         return mem;
     }
-    const DynBufVec& GetVector() const
+    const DynBufVec & GetVector() const
     {
         return mem;
     }
@@ -58,11 +58,11 @@ class DynBuf
 
 
 protected:
-    char& operator[](std::size_t idx)
+    char & operator[](std::size_t idx)
     {
         return mem[idx];
     };
-    const char& operator[](std::size_t idx) const
+    const char & operator[](std::size_t idx) const
     {
         return mem[idx];
     };
diff --git a/NativeWinApi.cpp b/NativeWinApi.cpp
@@ -24,14 +24,14 @@ def_NtClose NativeWinApi::NtClose = 0;
 
 void NativeWinApi::initialize()
 {
-    if (RtlNtStatusToDosError)
+    if(RtlNtStatusToDosError)
     {
         return;
     }
 
     HMODULE hModuleNtdll = GetModuleHandle(L"ntdll.dll");
 
-    if (!hModuleNtdll)
+    if(!hModuleNtdll)
     {
         return;
     }
@@ -69,7 +69,7 @@ PPEB NativeWinApi::getProcessEnvironmentBlockAddress(HANDLE processHandle)
     ULONG lReturnLength = 0;
     PROCESS_BASIC_INFORMATION processBasicInformation;
 
-    if ((NtQueryInformationProcess(processHandle,ProcessBasicInformation,&processBasicInformation,sizeof(PROCESS_BASIC_INFORMATION),&lReturnLength) >= 0) && (lReturnLength == sizeof(PROCESS_BASIC_INFORMATION)))
+    if((NtQueryInformationProcess(processHandle, ProcessBasicInformation, &processBasicInformation, sizeof(PROCESS_BASIC_INFORMATION), &lReturnLength) >= 0) && (lReturnLength == sizeof(PROCESS_BASIC_INFORMATION)))
     {
         //printf("NtQueryInformationProcess success %d\n",sizeof(PROCESS_BASIC_INFORMATION));
 
diff --git a/NativeWinApi.h b/NativeWinApi.h
@@ -78,7 +78,7 @@ typedef struct _FILE_NAME_INFORMATION   // Information Classes 9 and 21
 
 typedef enum _FILE_INFORMATION_CLASS
 {
-    FileNameInformation=9,
+    FileNameInformation = 9,
 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
 
 typedef struct _UNICODE_STRING
@@ -96,12 +96,12 @@ typedef struct _CLIENT_ID
 
 #define InitializeObjectAttributes(p,n,a,r,s) \
 { \
-	(p)->Length = sizeof(OBJECT_ATTRIBUTES); \
-	(p)->ObjectName = n; \
-	(p)->Attributes = a; \
-	(p)->RootDirectory = r; \
-	(p)->SecurityDescriptor = s; \
-	(p)->SecurityQualityOfService = NULL; \
+    (p)->Length = sizeof(OBJECT_ATTRIBUTES); \
+    (p)->ObjectName = n; \
+    (p)->Attributes = a; \
+    (p)->RootDirectory = r; \
+    (p)->SecurityDescriptor = s; \
+    (p)->SecurityQualityOfService = NULL; \
 }
 
 typedef struct _OBJECT_ATTRIBUTES
@@ -241,7 +241,7 @@ typedef struct _PEB
     PRTL_USER_PROCESS_PARAMETERS  ProcessParameters;
     BYTE                          Reserved4[104];
     PVOID                         Reserved5[52];
-    PVOID						  PostProcessInitRoutine;
+    PVOID                         PostProcessInitRoutine;
     BYTE                          Reserved6[128];
     PVOID                         Reserved7[1];
     ULONG                         SessionId;
@@ -259,13 +259,13 @@ typedef struct _PROCESS_BASIC_INFORMATION
 
 typedef struct _MEMORY_WORKING_SET_LIST
 {
-    ULONG	NumberOfPages;
-    ULONG	WorkingSetList[1];
+    ULONG   NumberOfPages;
+    ULONG   WorkingSetList[1];
 } MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
 
 typedef struct _MEMORY_SECTION_NAME
 {
-    UNICODE_STRING	SectionFileName;
+    UNICODE_STRING  SectionFileName;
 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
 
 typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
@@ -439,27 +439,27 @@ typedef PEB32 PEB_CURRENT;
 #pragma pack(pop)
 
 
-typedef NTSTATUS (WINAPI *def_NtTerminateProcess)(HANDLE ProcessHandle, NTSTATUS ExitStatus);
-typedef NTSTATUS (WINAPI *def_NtQueryObject)(HANDLE Handle,OBJECT_INFORMATION_CLASS ObjectInformationClass,PVOID ObjectInformation,ULONG ObjectInformationLength,PULONG ReturnLength);
-typedef NTSTATUS (WINAPI *def_NtDuplicateObject)(HANDLE SourceProcessHandle, HANDLE SourceHandle, HANDLE TargetProcessHandle, PHANDLE TargetHandle, ACCESS_MASK DesiredAccess, BOOLEAN InheritHandle, ULONG Options );
-typedef NTSTATUS (WINAPI *def_NtQueryInformationFile)(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass);
-typedef NTSTATUS (WINAPI *def_NtQueryInformationThread)(HANDLE ThreadHandle,THREADINFOCLASS ThreadInformationClass,PVOID ThreadInformation,ULONG ThreadInformationLength,PULONG ReturnLength);
-typedef NTSTATUS (WINAPI *def_NtQueryInformationProcess)(HANDLE ProcessHandle,PROCESSINFOCLASS ProcessInformationClass,PVOID ProcessInformation,ULONG ProcessInformationLength,PULONG ReturnLength);
-typedef NTSTATUS (WINAPI *def_NtQuerySystemInformation)(SYSTEM_INFORMATION_CLASS SystemInformationClass,PVOID SystemInformation,ULONG SystemInformationLength, PULONG ReturnLength);
-typedef NTSTATUS (WINAPI *def_NtQueryVirtualMemory)(HANDLE ProcessHandle, PVOID BaseAddress, MEMORY_INFORMATION_CLASS MemoryInformationClass, PVOID Buffer, SIZE_T MemoryInformationLength, PSIZE_T ReturnLength);
-typedef NTSTATUS (WINAPI *def_NtOpenProcess)(PHANDLE ProcessHandle, ACCESS_MASK AccessMask, PVOID ObjectAttributes, PCLIENT_ID ClientId );
-typedef NTSTATUS (WINAPI *def_NtOpenThread)(PHANDLE ThreadHandle,ACCESS_MASK DesiredAccess,POBJECT_ATTRIBUTES ObjectAttributes,PCLIENT_ID ClientId);
-typedef NTSTATUS (WINAPI *def_NtResumeThread)(HANDLE ThreadHandle, PULONG SuspendCount);
-typedef NTSTATUS (WINAPI *def_NtSetInformationThread)(HANDLE ThreadHandle,THREADINFOCLASS ThreadInformationClass,PVOID ThreadInformation,ULONG ThreadInformationLength);
-typedef NTSTATUS (WINAPI *def_NtCreateThreadEx)(PHANDLE hThread,ACCESS_MASK DesiredAccess,LPVOID ObjectAttributes,HANDLE ProcessHandle,LPTHREAD_START_ROUTINE lpStartAddress,LPVOID lpParameter,int CreateFlags,ULONG StackZeroBits,LPVOID SizeOfStackCommit,LPVOID SizeOfStackReserve,LPVOID lpBytesBuffer);
-typedef NTSTATUS (WINAPI *def_NtSuspendProcess)(HANDLE ProcessHandle);
-typedef NTSTATUS (WINAPI *def_NtResumeProcess)(HANDLE ProcessHandle);
-
-typedef NTSTATUS (WINAPI *def_NtOpenSymbolicLinkObject)(PHANDLE LinkHandle,ACCESS_MASK DesiredAccess,POBJECT_ATTRIBUTES ObjectAttributes);
-typedef NTSTATUS (WINAPI *def_NtQuerySymbolicLinkObject)(HANDLE LinkHandle,PUNICODE_STRING LinkTarget,PULONG ReturnedLength);
-
-typedef ULONG (WINAPI *def_RtlNtStatusToDosError)(NTSTATUS Status);
-typedef NTSTATUS (WINAPI *def_NtClose)(HANDLE Handle);
+typedef NTSTATUS(WINAPI* def_NtTerminateProcess)(HANDLE ProcessHandle, NTSTATUS ExitStatus);
+typedef NTSTATUS(WINAPI* def_NtQueryObject)(HANDLE Handle, OBJECT_INFORMATION_CLASS ObjectInformationClass, PVOID ObjectInformation, ULONG ObjectInformationLength, PULONG ReturnLength);
+typedef NTSTATUS(WINAPI* def_NtDuplicateObject)(HANDLE SourceProcessHandle, HANDLE SourceHandle, HANDLE TargetProcessHandle, PHANDLE TargetHandle, ACCESS_MASK DesiredAccess, BOOLEAN InheritHandle, ULONG Options);
+typedef NTSTATUS(WINAPI* def_NtQueryInformationFile)(HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PVOID FileInformation, ULONG Length, FILE_INFORMATION_CLASS FileInformationClass);
+typedef NTSTATUS(WINAPI* def_NtQueryInformationThread)(HANDLE ThreadHandle, THREADINFOCLASS ThreadInformationClass, PVOID ThreadInformation, ULONG ThreadInformationLength, PULONG ReturnLength);
+typedef NTSTATUS(WINAPI* def_NtQueryInformationProcess)(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength);
+typedef NTSTATUS(WINAPI* def_NtQuerySystemInformation)(SYSTEM_INFORMATION_CLASS SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength);
+typedef NTSTATUS(WINAPI* def_NtQueryVirtualMemory)(HANDLE ProcessHandle, PVOID BaseAddress, MEMORY_INFORMATION_CLASS MemoryInformationClass, PVOID Buffer, SIZE_T MemoryInformationLength, PSIZE_T ReturnLength);
+typedef NTSTATUS(WINAPI* def_NtOpenProcess)(PHANDLE ProcessHandle, ACCESS_MASK AccessMask, PVOID ObjectAttributes, PCLIENT_ID ClientId);
+typedef NTSTATUS(WINAPI* def_NtOpenThread)(PHANDLE ThreadHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PCLIENT_ID ClientId);
+typedef NTSTATUS(WINAPI* def_NtResumeThread)(HANDLE ThreadHandle, PULONG SuspendCount);
+typedef NTSTATUS(WINAPI* def_NtSetInformationThread)(HANDLE ThreadHandle, THREADINFOCLASS ThreadInformationClass, PVOID ThreadInformation, ULONG ThreadInformationLength);
+typedef NTSTATUS(WINAPI* def_NtCreateThreadEx)(PHANDLE hThread, ACCESS_MASK DesiredAccess, LPVOID ObjectAttributes, HANDLE ProcessHandle, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, int CreateFlags, ULONG StackZeroBits, LPVOID SizeOfStackCommit, LPVOID SizeOfStackReserve, LPVOID lpBytesBuffer);
+typedef NTSTATUS(WINAPI* def_NtSuspendProcess)(HANDLE ProcessHandle);
+typedef NTSTATUS(WINAPI* def_NtResumeProcess)(HANDLE ProcessHandle);
+
+typedef NTSTATUS(WINAPI* def_NtOpenSymbolicLinkObject)(PHANDLE LinkHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes);
+typedef NTSTATUS(WINAPI* def_NtQuerySymbolicLinkObject)(HANDLE LinkHandle, PUNICODE_STRING LinkTarget, PULONG ReturnedLength);
+
+typedef ULONG(WINAPI* def_RtlNtStatusToDosError)(NTSTATUS Status);
+typedef NTSTATUS(WINAPI* def_NtClose)(HANDLE Handle);
 
 //Flags from waliedassar
 #define NtCreateThreadExFlagCreateSuspended  0x1

Original file line number	Diff line number	Diff line change
`@@ -22,10 +22,10 @@ void DeviceNameResolver::initDeviceNameList()`
`22`	`22`
`23`	`23`	`deviceNameList.reserve(3);`
`24`	`24`
`25`		`- for ( TCHAR shortD = TEXT('a'); shortD <= TEXT('z'); shortD++ )`
	`25`	`+ for(TCHAR shortD = TEXT('a'); shortD <= TEXT('z'); shortD++)`
`26`	`26`	`{`
`27`	`27`	`shortName[0] = shortD;`
`28`		`- if (QueryDosDevice( shortName, longName, MAX_PATH ) > 0)`
	`28`	`+ if(QueryDosDevice(shortName, longName, MAX_PATH) > 0)`
`29`	`29`	`{`
`30`	`30`	`hardDisk.shortName[0] = _totupper(shortD);`
`31`	`31`	`hardDisk.shortName[1] = TEXT(':');`
`@@ -41,11 +41,11 @@ void DeviceNameResolver::initDeviceNameList()`
`41`	`41`	`fixVirtualDevices();`
`42`	`42`	`}`
`43`	`43`
`44`		`-bool DeviceNameResolver::resolveDeviceLongNameToShort(const TCHAR * sourcePath, TCHAR * targetPath)`
	`44`	`+bool DeviceNameResolver::resolveDeviceLongNameToShort(const TCHAR* sourcePath, TCHAR* targetPath)`
`45`	`45`	`{`
`46`		`- for (unsigned int i = 0; i < deviceNameList.size(); i++)`
	`46`	`+ for(unsigned int i = 0; i < deviceNameList.size(); i++)`
`47`	`47`	`{`
`48`		`- if (!_tcsnicmp(deviceNameList.at(i).longName, sourcePath, deviceNameList.at(i).longNameLength) && sourcePath[deviceNameList.at(i).longNameLength]==TEXT('\\'))`
	`48`	`+ if(!_tcsnicmp(deviceNameList.at(i).longName, sourcePath, deviceNameList.at(i).longNameLength) && sourcePath[deviceNameList.at(i).longNameLength] == TEXT('\\'))`
`49`	`49`	`{`
`50`	`50`	`_tcscpy_s(targetPath, MAX_PATH, deviceNameList.at(i).shortName);`
`51`	`51`	`_tcscat_s(targetPath, MAX_PATH, sourcePath + deviceNameList.at(i).longNameLength);`
`@@ -67,10 +67,10 @@ void DeviceNameResolver::fixVirtualDevices()`
`67`	`67`	`HardDisk hardDisk;`
`68`	`68`
`69`	`69`	`unicodeOutput.Buffer = (PWSTR)malloc(BufferSize);`
`70`		`- if (!unicodeOutput.Buffer)`
	`70`	`+ if(!unicodeOutput.Buffer)`
`71`	`71`	`return;`
`72`	`72`
`73`		`- for (unsigned int i = 0; i < deviceNameList.size(); i++)`
	`73`	`+ for(unsigned int i = 0; i < deviceNameList.size(); i++)`
`74`	`74`	`{`
`75`	`75`	`wcscpy_s(longCopy, deviceNameList.at(i).longName);`
`76`	`76`
`@@ -83,7 +83,7 @@ void DeviceNameResolver::fixVirtualDevices()`
`83`	`83`	`unicodeOutput.MaximumLength = unicodeOutput.Length;`
`84`	`84`	`ZeroMemory(unicodeOutput.Buffer, unicodeOutput.Length);`
`85`	`85`
`86`		`- if (NT_SUCCESS(NativeWinApi::NtQuerySymbolicLinkObject(hFile, &unicodeOutput, &retLen)))`
	`86`	`+ if(NT_SUCCESS(NativeWinApi::NtQuerySymbolicLinkObject(hFile, &unicodeOutput, &retLen)))`
`87`	`87`	`{`
`88`	`88`	`hardDisk.longNameLength = wcslen(unicodeOutput.Buffer);`
`89`	`89`	`wcscpy_s(hardDisk.shortName, deviceNameList.at(i).shortName);`
Original file line number	Diff line number	Diff line change
`@@ -9,15 +9,15 @@ A basic dynamic buffer, exception free.`
`9`	`9`	`class DynBuf`
`10`	`10`	`{`
`11`	`11`	`public:`
`12`		`- DynBuf(size_t sz=0)`
	`12`	`+ DynBuf(size_t sz = 0)`
`13`	`13`	`{`
`14`	`14`	`Allocate(sz);`
`15`	`15`	`}`
`16`	`16`	`typedef std::vector<char> DynBufVec;`
`17`	`17`
`18`	`18`	`void* Allocate(size_t sz)`
`19`	`19`	`{`
`20`		`- void* r=NULL;`
	`20`	`+ void* r = NULL;`
`21`	`21`	`try`
`22`	`22`	`{`
`23`	`23`	`if(Size() < sz)`
`@@ -43,11 +43,11 @@ class DynBuf`
`43`	`43`	`{`
`44`	`44`	`mem.clear();`
`45`	`45`	`}`
`46`		`- DynBufVec& GetVector()`
	`46`	`+ DynBufVec & GetVector()`
`47`	`47`	`{`
`48`	`48`	`return mem;`
`49`	`49`	`}`
`50`		`- const DynBufVec& GetVector() const`
	`50`	`+ const DynBufVec & GetVector() const`
`51`	`51`	`{`
`52`	`52`	`return mem;`
`53`	`53`	`}`
`@@ -58,11 +58,11 @@ class DynBuf`
`58`	`58`
`59`	`59`
`60`	`60`	`protected:`
`61`		`- char& operator[](std::size_t idx)`
	`61`	`+ char & operator[](std::size_t idx)`
`62`	`62`	`{`
`63`	`63`	`return mem[idx];`
`64`	`64`	`};`
`65`		`- const char& operator[](std::size_t idx) const`
	`65`	`+ const char & operator[](std::size_t idx) const`
`66`	`66`	`{`
`67`	`67`	`return mem[idx];`
`68`	`68`	`};`
Original file line number	Diff line number	Diff line change
`@@ -24,14 +24,14 @@ def_NtClose NativeWinApi::NtClose = 0;`
`24`	`24`
`25`	`25`	`void NativeWinApi::initialize()`
`26`	`26`	`{`
`27`		`- if (RtlNtStatusToDosError)`
	`27`	`+ if(RtlNtStatusToDosError)`
`28`	`28`	`{`
`29`	`29`	`return;`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`HMODULE hModuleNtdll = GetModuleHandle(L"ntdll.dll");`
`33`	`33`
`34`		`- if (!hModuleNtdll)`
	`34`	`+ if(!hModuleNtdll)`
`35`	`35`	`{`
`36`	`36`	`return;`
`37`	`37`	`}`
`@@ -69,7 +69,7 @@ PPEB NativeWinApi::getProcessEnvironmentBlockAddress(HANDLE processHandle)`
`69`	`69`	`ULONG lReturnLength = 0;`
`70`	`70`	`PROCESS_BASIC_INFORMATION processBasicInformation;`
`71`	`71`
`72`		`- if ((NtQueryInformationProcess(processHandle,ProcessBasicInformation,&processBasicInformation,sizeof(PROCESS_BASIC_INFORMATION),&lReturnLength) >= 0) && (lReturnLength == sizeof(PROCESS_BASIC_INFORMATION)))`
	`72`	`+ if((NtQueryInformationProcess(processHandle, ProcessBasicInformation, &processBasicInformation, sizeof(PROCESS_BASIC_INFORMATION), &lReturnLength) >= 0) && (lReturnLength == sizeof(PROCESS_BASIC_INFORMATION)))`
`73`	`73`	`{`
`74`	`74`	`//printf("NtQueryInformationProcess success %d\n",sizeof(PROCESS_BASIC_INFORMATION));`
`75`	`75`