mimikatz/mimidrv/globals.h

/*	Benjamin DELPY `gentilkiwi`
	https://blog.gentilkiwi.com
	benjamin@gentilkiwi.com
	Licence : https://creativecommons.org/licenses/by/4.0/
*/
#pragma once
#include <ntifs.h>
#include <fltkernel.h>
#include <ntddk.h>
#include <aux_klib.h>
#include <ntstrsafe.h>
#include <string.h>
#include "ioctl.h"

#define POOL_TAG	'kiwi'
#define MIMIDRV		L"mimidrv"

#define kprintf(KiwiBuffer, Format, ...) (RtlStringCbPrintfExW(*(KiwiBuffer)->Buffer, *(KiwiBuffer)->szBuffer, (KiwiBuffer)->Buffer, (KiwiBuffer)->szBuffer, STRSAFE_NO_TRUNCATION, Format, __VA_ARGS__))

extern char * PsGetProcessImageFileName(PEPROCESS monProcess);
extern NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess (__in HANDLE ProcessHandle, __in PROCESSINFOCLASS ProcessInformationClass, __in_bcount(ProcessInformationLength) PVOID ProcessInformation, __in ULONG ProcessInformationLength);
extern NTSYSAPI NTSTATUS NTAPI ZwUnloadKey(IN POBJECT_ATTRIBUTES DestinationKeyName); 

typedef struct _KIWI_BUFFER {
	size_t * szBuffer;
	PWSTR * Buffer;
} KIWI_BUFFER, *PKIWI_BUFFER;

typedef enum _KIWI_OS_INDEX {
	KiwiOsIndex_UNK		= 0,
	KiwiOsIndex_XP		= 1,
	KiwiOsIndex_2K3		= 2,
	KiwiOsIndex_VISTA	= 3,
	KiwiOsIndex_7		= 4,
	KiwiOsIndex_8		= 5,
	KiwiOsIndex_BLUE	= 6,
	KiwiOsIndex_10_1507	= 7,
	KiwiOsIndex_10_1511	= 8,
	KiwiOsIndex_10_1607	= 9,
	KiwiOsIndex_10_1703	= 10,
	KiwiOsIndex_10_1709	= 11,
	KiwiOsIndex_10_1803	= 12,
	KiwiOsIndex_10_1809	= 13,
	KiwiOsIndex_10_1903	= 14,
	KiwiOsIndex_10_1909	= 15,
	KiwiOsIndex_10_2004	= 16,
	KiwiOsIndex_MAX		= 17,
} KIWI_OS_INDEX, *PKIWI_OS_INDEX;

#if defined(_M_X64) || defined(_M_ARM64) // TODO:ARM64
#define EX_FAST_REF_MASK	0x0f
#elif defined(_M_IX86)
#define EX_FAST_REF_MASK	0x07
#endif

#define KIWI_mask3bits(addr)	 (((ULONG_PTR) (addr)) & ~7)

KIWI_OS_INDEX KiwiOsIndex;
Initial upload 2014-04-06 18:31:53 +00:00			/* Benjamin DELPY `gentilkiwi`
[new] mimikatz lsadump::postzerologon, to reinit DC password both in local store and AD [change] https instead of http for blog :) 2020-09-17 01:17:11 +00:00			`https://blog.gentilkiwi.com`
Initial upload 2014-04-06 18:31:53 +00:00			`benjamin@gentilkiwi.com`
Global licence update, credits to Vincent LE TOUX for DCSync, and lsadump::hash moved to crypto::hash 2015-08-25 09:19:01 +00:00			`Licence : https://creativecommons.org/licenses/by/4.0/`
Initial upload 2014-04-06 18:31:53 +00:00			`*/`
			`#pragma once`
			`#include <ntifs.h>`
			`#include <fltkernel.h>`
			`#include <ntddk.h>`
			`#include <aux_klib.h>`
			`#include <ntstrsafe.h>`
mimidrv is now a Makefile project 2014-04-12 19:43:49 +00:00			`#include <string.h>`
Initial upload 2014-04-06 18:31:53 +00:00			`#include "ioctl.h"`

			`#define POOL_TAG 'kiwi'`
			`#define MIMIDRV L"mimidrv"`

mimidrv is now a Makefile project 2014-04-12 19:43:49 +00:00			`#define kprintf(KiwiBuffer, Format, ...) (RtlStringCbPrintfExW((KiwiBuffer)->Buffer, (KiwiBuffer)->szBuffer, (KiwiBuffer)->Buffer, (KiwiBuffer)->szBuffer, STRSAFE_NO_TRUNCATION, Format, __VA_ARGS__))`
Initial upload 2014-04-06 18:31:53 +00:00
			`extern char * PsGetProcessImageFileName(PEPROCESS monProcess);`
			`extern NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess (__in HANDLE ProcessHandle, __in PROCESSINFOCLASS ProcessInformationClass, __in_bcount(ProcessInformationLength) PVOID ProcessInformation, __in ULONG ProcessInformationLength);`
			`extern NTSYSAPI NTSTATUS NTAPI ZwUnloadKey(IN POBJECT_ATTRIBUTES DestinationKeyName);`

			`typedef struct _KIWI_BUFFER {`
mimidrv is now a Makefile project 2014-04-12 19:43:49 +00:00			`size_t * szBuffer;`
			`PWSTR * Buffer;`
Initial upload 2014-04-06 18:31:53 +00:00			`} KIWI_BUFFER, *PKIWI_BUFFER;`

			`typedef enum _KIWI_OS_INDEX {`
			`KiwiOsIndex_UNK = 0,`
			`KiwiOsIndex_XP = 1,`
			`KiwiOsIndex_2K3 = 2,`
			`KiwiOsIndex_VISTA = 3,`
			`KiwiOsIndex_7 = 4,`
			`KiwiOsIndex_8 = 5,`
			`KiwiOsIndex_BLUE = 6,`
Welcom to Windows 10 LTSB & current [remove] mimidrv & mimikatz kernel module: Process & Object callbacks remover are not anymore in the program [internal] Windows 10 is now splitted in 1507 (LTSB) and 1511 (current) [internal] mimidrv: Windows 10 support added [internal] mimilib WinDBG module & mimikatz::sekurlsa: Windows 10 MSV / Kerberos Tickets are not specific anymore (offsets table) [internal] Using KULL_M_MEMORY_GLOBAL_OWN_HANDLE instead of local variable in each function 2016-03-27 17:22:36 +00:00			`KiwiOsIndex_10_1507 = 7,`
			`KiwiOsIndex_10_1511 = 8,`
[new] mimikatz, mimilib & mimidrv Windows Server 2016 support [fix] mimidrv kkll_m_process_fullprivileges buffer size check 2016-10-25 00:25:34 +00:00			`KiwiOsIndex_10_1607 = 9,`
[new] misc::easyntlmchall [typo] Windows version 1707 -> 1703 [internal] kull_m_net_getComputerName [internal] _ReturnAddress() 2017-12-03 20:16:28 +00:00			`KiwiOsIndex_10_1703 = 10,`
[new] mimidrv for Windows 10 version 1709 2017-12-18 02:30:40 +00:00			`KiwiOsIndex_10_1709 = 11,`
[new] mimikatz & mimidrv support for Windows 10 build 1803 (17623) x64 [internal] structures for SAM cache 2018-03-22 02:56:19 +00:00			`KiwiOsIndex_10_1803 = 12,`
[new] mimikatz & mimidrv full support for Windows 1809 2018-12-03 01:06:10 +00:00			`KiwiOsIndex_10_1809 = 13,`
[new] mimikatz Windows 10 1903 (build 18362) support 2019-05-12 23:17:31 +00:00			`KiwiOsIndex_10_1903 = 14,`
[new] mimikatz & mimidrv support for Windows 10 2004 (build 19041) 2020-05-18 22:56:24 +00:00			`KiwiOsIndex_10_1909 = 15,`
			`KiwiOsIndex_10_2004 = 16,`
			`KiwiOsIndex_MAX = 17,`
Initial upload 2014-04-06 18:31:53 +00:00			`} KIWI_OS_INDEX, *PKIWI_OS_INDEX;`

Big update :) [new] mimikatz & mimilib very experimental support for ARM64 [better] code for Mifare protocol [better] code for sekurlsa WinDBG plugin (credential keys, still not good enough) [new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password [new] mimikatz: unmarshalling usernames when marshalled [fix] mimikatz SR98/RDM/Busylight could previously crash [fix #184] again and again ;) [fix #172] swscanf_s VS ARRAYSIZE macro [fix #127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon) [code] refactor for defined / !defined 2019-03-25 00:57:56 +00:00			`#if defined(_M_X64) \|\| defined(_M_ARM64) // TODO:ARM64`
Initial upload 2014-04-06 18:31:53 +00:00			`#define EX_FAST_REF_MASK 0x0f`
Big update :) [new] mimikatz & mimilib very experimental support for ARM64 [better] code for Mifare protocol [better] code for sekurlsa WinDBG plugin (credential keys, still not good enough) [new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password [new] mimikatz: unmarshalling usernames when marshalled [fix] mimikatz SR98/RDM/Busylight could previously crash [fix #184] again and again ;) [fix #172] swscanf_s VS ARRAYSIZE macro [fix #127] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon) [code] refactor for defined / !defined 2019-03-25 00:57:56 +00:00			`#elif defined(_M_IX86)`
			`#define EX_FAST_REF_MASK 0x07`
Initial upload 2014-04-06 18:31:53 +00:00			`#endif`

			`#define KIWI_mask3bits(addr) (((ULONG_PTR) (addr)) & ~7)`

			`KIWI_OS_INDEX KiwiOsIndex;`