hfiref0x · hfiref0x · Jun 9, 2024 · Jun 9, 2024 · Jun 9, 2024
diff --git a/Compiled/WinObjEx64.exe b/Compiled/WinObjEx64.exe
diff --git a/Source/Shared/ntos/ntos.h b/Source/Shared/ntos/ntos.h
@@ -5,9 +5,9 @@
 *
 *  TITLE:       NTOS.H
 *
-*  VERSION:     1.224
+*  VERSION:     1.225
 *
-*  DATE:        01 May 2024
+*  DATE:        05 Jun 2024
 *
 *  Common header file for the ntos API functions and definitions.
 *
@@ -896,7 +896,12 @@ typedef struct _SYSTEM_ISOLATED_USER_MODE_INFORMATION {
     BOOLEAN SpareFlags : 2;
     BOOLEAN TrustletRunning : 1;
     BOOLEAN HvciDisableAllowed : 1;
-    BOOLEAN SpareFlags2 : 6;
+    BOOLEAN HardwareEnforcedVbs : 1;
+    BOOLEAN NoSecrets : 1;
+    BOOLEAN EncryptionKeyPersistent : 1;
+    BOOLEAN HardwareEnforcedHvpt : 1;
+    BOOLEAN HardwareHvptAvailable : 1;
+    BOOLEAN SpareFlags2 : 1;
     BOOLEAN Spare0[6];
     ULONGLONG Spare1;
 } SYSTEM_ISOLATED_USER_MODE_INFORMATION, *PSYSTEM_ISOLATED_USER_MODE_INFORMATION;
@@ -1103,6 +1108,10 @@ typedef enum _PROCESSINFOCLASS {
     ProcessMembershipInformation = 109,
     ProcessEffectiveIoPriority = 110,
     ProcessEffectivePagePriority = 111,
+    ProcessSchedulerSharedData = 112,
+    ProcessSlistRollbackInformation = 113,
+    ProcessNetworkIoCounters = 114,
+    ProcessFindFirstThreadByTebValue = 115,
     MaxProcessInfoClass
 } PROCESSINFOCLASS;
 
@@ -1163,6 +1172,10 @@ typedef enum _THREADINFOCLASS {
     ThreadStrongerBadHandleChecks,
     ThreadEffectiveIoPriority,
     ThreadEffectivePagePriority,
+    ThreadUpdateLockOwnership,
+    ThreadSchedulerSharedDataSlot,
+    ThreadTebInformationAtomic,
+    ThreadIndexInformation,
     MaxThreadInfoClass
 } THREADINFOCLASS;
 
@@ -1303,7 +1316,9 @@ typedef enum _PS_MITIGATION_OPTION {
     PS_MITIGATION_OPTION_USER_CET_SET_CONTEXT_IP_VALIDATION,
     PS_MITIGATION_OPTION_BLOCK_NON_CET_BINARIES,
     PS_MITIGATION_OPTION_CET_DYNAMIC_APIS_OUT_OF_PROC_ONLY,
-    PS_MITIGATION_OPTION_REDIRECTION_TRUST
+    PS_MITIGATION_OPTION_REDIRECTION_TRUST,
+    PS_MITIGATION_OPTION_RESTRICT_CORE_SHARING,
+    PS_MITIGATION_OPTION_FSCTL_SYSTEM_CALL_DISABLE
 } PS_MITIGATION_OPTION;
 
 typedef enum _PS_CREATE_STATE {
@@ -1491,6 +1506,8 @@ typedef enum _PS_ATTRIBUTE_NUM {
     PsAttributeMachineType,
     PsAttributeComponentFilter,
     PsAttributeEnableOptionalXStateFeatures,
+    PsAttributeSupportedMachines,
+    PsAttributeSveVectorLength,
     PsAttributeMax
 } PS_ATTRIBUTE_NUM;
 
@@ -1875,6 +1892,7 @@ typedef enum _SYSTEM_INFORMATION_CLASS {
     SystemBadPageInformationEx = 244,
     SystemResourceDeadlockTimeout = 245,
     SystemBreakOnContextUnwindFailureInformation = 246,
+    SystemOslRamdiskInformation = 247,
     MaxSystemInfoClass
 } SYSTEM_INFORMATION_CLASS, * PSYSTEM_INFORMATION_CLASS;
 
@@ -1970,7 +1988,19 @@ typedef struct _SYSTEM_SPECULATION_CONTROL_INFORMATION_V2 {
             ULONG PsdpHardwareProtected : 1;
             ULONG FbClearEnabled : 1;
             ULONG FbClearReported : 1;
-            ULONG Reserved : 27;
+            ULONG BhbEnabled : 1;
+            ULONG BhbDisabledSystemPolicy : 1;
+            ULONG BhbDisabledNoHardwareSupport : 1;
+            ULONG BranchConfusionStatus : 2;
+            ULONG BranchConfusionReported : 1;
+            ULONG RdclHardwareProtectedReported : 1;
+            ULONG RdclHardwareProtected : 1;
+            ULONG Reserved3 : 4;
+            ULONG Reserved4 : 3;
+            ULONG DivideByZeroReported : 1;
+            ULONG DivideByZeroStatus : 1;
+            ULONG Reserved5 : 3;
+            ULONG Reserved : 7;
         } SpeculationControlFlags2;
     };
 } SYSTEM_SPECULATION_CONTROL_INFORMATION_V2, * PSYSTEM_SPECULATION_CONTROL_INFORMATION_V2;
@@ -5767,7 +5797,8 @@ typedef struct _MEMORY_IMAGE_INFORMATION {
             ULONG ImagePartialMap : 1;
             ULONG ImageNotExecutable : 1;
             ULONG ImageSigningLevel : 4; // RS3
-            ULONG Reserved : 26;
+            ULONG ImageExtensionPresent : 1; // 24H2
+            ULONG Reserved : 25;
         };
     };
 } MEMORY_IMAGE_INFORMATION, * PMEMORY_IMAGE_INFORMATION;
@@ -7212,6 +7243,8 @@ typedef struct _KUSER_SHARED_DATA {
 
     ULONG64 UserPointerAuthMask;
 
+    ULONG InternsReserved[210];
+
 } KUSER_SHARED_DATA, *PKUSER_SHARED_DATA;
 #include <poppack.h>
 
@@ -12336,6 +12369,7 @@ typedef enum _MEMORY_PARTITION_INFORMATION_CLASS {
     SystemMemoryPartitionMemoryChargeAttributes,
     SystemMemoryPartitionClearAttributes,
     SystemMemoryPartitionSetMemoryThresholds,
+    SystemMemoryPartitionMemoryListCommand,
     SystemMemoryPartitionMax
 } MEMORY_PARTITION_INFORMATION_CLASS;
 

diff --git a/Source/WinObjEx64/Resource.rc b/Source/WinObjEx64/Resource.rc
diff --git a/Source/WinObjEx64/aboutDlg.c b/Source/WinObjEx64/aboutDlg.c
@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2015 - 2023
+*  (C) COPYRIGHT AUTHORS, 2015 - 2024
 *
 *  TITLE:       ABOUTDLG.C
 *
-*  VERSION:     2.03
+*  VERSION:     2.05
 *
-*  DATE:        21 Jul 2023
+*  DATE:        25 May 2024
 *
 * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
 * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -90,9 +90,12 @@ VOID AboutDialogInit(
     // Set build date and time.
     //
     RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
-    MultiByteToWideChar(CP_ACP, 0, __DATE__, (INT)_strlen_a(__DATE__), szBuffer, 40);
-    _strcat(szBuffer, TEXT(" "));
-    MultiByteToWideChar(CP_ACP, 0, __TIME__, (INT)_strlen_a(__TIME__), _strend(szBuffer), 40);
+    RtlStringCchPrintfSecure(szBuffer,
+        ARRAYSIZE(szBuffer),
+        TEXT("%ws %ws"),
+        TEXT(__DATE__),
+        TEXT(__TIME__));
+
     SetDlgItemText(hwndDlg, ID_ABOUT_BUILDDATE, szBuffer);
 
     //

diff --git a/Source/WinObjEx64/global.h b/Source/WinObjEx64/global.h
@@ -4,9 +4,9 @@
 *
 *  TITLE:       GLOBAL.H
 *
-*  VERSION:     2.04
+*  VERSION:     2.05
 *
-*  DATE:        16 Jan 2024
+*  DATE:        05 Jun 2024
 *
 *  Common header file for the Windows Object Explorer.
 *
@@ -134,10 +134,11 @@
 #include <malloc.h>
 #endif
 
+_Success_(return >= 0)
 typedef int(__cdecl *pswprintf_s)(
-    wchar_t *buffer,
-    size_t sizeOfBuffer,
-    const wchar_t *format,
+    _Out_writes_opt_(sizeOfBuffer) _Always_(_Post_z_) wchar_t *buffer,
+    _In_ size_t sizeOfBuffer,
+    _In_z_ _Printf_format_string_params_(1) const wchar_t *format,
     ...);
 
 typedef void(__cdecl *pqsort)(

diff --git a/Source/WinObjEx64/kldbg.c b/Source/WinObjEx64/kldbg.c
@@ -2392,13 +2392,13 @@ SIZE_T ObpDumpObjectName(
         sizeof(nameInfo)))
     {
         ObpDumpNameElementSpecial(ListHead, OBP_ERROR_NAME_LITERAL, OBP_ERROR_NAME_LITERAL_SIZE);
-        return OBP_ERROR_NAME_LITERAL_SIZE + sizeof(OBJ_NAME_PATH_SEPARATOR);
+        return OBP_ERROR_NAME_LITERAL_SIZE + OBJ_NAME_PATH_SEPARATOR_SIZE;
     }
 
     *NextObject = (ULONG_PTR)nameInfo.Directory;
 
     if (ObpDumpNameElement(ListHead, &nameInfo, &pathLength))
-        return pathLength + sizeof(OBJ_NAME_PATH_SEPARATOR);
+        return pathLength + OBJ_NAME_PATH_SEPARATOR_SIZE;
 
     return 0;
 }
@@ -2468,7 +2468,7 @@ BOOL ObQueryFullNamespacePath(
                 pathElement = CONTAINING_RECORD(Next, OB_NAME_ELEMENT, ListEntry);
 
                 *string++ = OBJ_NAME_PATH_SEPARATOR; 
-                length += sizeof(OBJ_NAME_PATH_SEPARATOR);
+                length += OBJ_NAME_PATH_SEPARATOR_SIZE;
 
                 RtlCopyMemory(string, pathElement->Name.Buffer, pathElement->Name.Length);
                 string = (PWSTR)RtlOffsetToPointer(string, pathElement->Name.Length);

diff --git a/Source/WinObjEx64/kldbg.h b/Source/WinObjEx64/kldbg.h
@@ -6,7 +6,7 @@
 *
 *  VERSION:     2.05
 *
-*  DATE:        12 Mar 2024
+*  DATE:        07 Jun 2024
 *
 *  Common header file for the Kernel Debugger Driver support.
 *
@@ -105,6 +105,7 @@
 
 #define KM_OBJECTS_ROOT_DIRECTORY  L"\\"
 #define OBJ_NAME_PATH_SEPARATOR L'\\'
+#define OBJ_NAME_PATH_SEPARATOR_SIZE sizeof(WCHAR)
 
 #define OBJ_NAME_NORMALIZATION_SYMBOL L'?'
 

diff --git a/Source/WinObjEx64/list.c b/Source/WinObjEx64/list.c
@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2015 - 2022
+*  (C) COPYRIGHT AUTHORS, 2015 - 2024
 *
 *  TITLE:       LIST.C
 *
-*  VERSION:     2.00
+*  VERSION:     2.05
 *
-*  DATE:        07 Aug 2022
+*  DATE:        07 Jun 2024
 * 
 *  Program main object listing and search logic.
 *
@@ -655,7 +655,7 @@ PFO_LIST_ITEM AllocateFoundItem(
         InfoBuffer->Name.Length +
         InfoBuffer->TypeName.Length +
         DirectoryName->Length +
-        sizeof(OBJ_NAME_PATH_SEPARATOR) +
+        OBJ_NAME_PATH_SEPARATOR_SIZE +
         2 * sizeof(UNICODE_NULL);
 
     Item = (PFO_LIST_ITEM)supHeapAlloc(BufferLength);
@@ -669,7 +669,7 @@ PFO_LIST_ITEM AllocateFoundItem(
 
     TypeNameOffset = (SIZE_T)DirectoryName->Length +
         (SIZE_T)InfoBuffer->Name.Length +
-        sizeof(OBJ_NAME_PATH_SEPARATOR) +
+        OBJ_NAME_PATH_SEPARATOR_SIZE +
         sizeof(UNICODE_NULL);
 
     //
@@ -829,7 +829,7 @@ VOID FindObject(
         {
             NameSize = (SIZE_T)InfoBuffer->Name.Length +
                 (SIZE_T)DirectoryName->Length +
-                sizeof(OBJ_NAME_PATH_SEPARATOR) +
+                OBJ_NAME_PATH_SEPARATOR_SIZE +
                 sizeof(UNICODE_NULL);
 
             ObjectName = (PWCH)supHeapAlloc(NameSize);

diff --git a/Source/WinObjEx64/plugmngr.c b/Source/WinObjEx64/plugmngr.c
@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2019 - 2022
+*  (C) COPYRIGHT AUTHORS, 2019 - 2024
 *
 *  TITLE:       PLUGMNGR.C
 *
-*  VERSION:     2.00
+*  VERSION:     2.05
 *
-*  DATE:        07 Aug 2022
+*  DATE:        25 May 2024
 *
 *  Plugin manager.
 *
@@ -139,7 +139,7 @@ BOOL PmpIsValidPlugin(
 
                     RtlStringCchPrintfSecure(
                         szBuffer,
-                        MAX_PATH,
+                        RTL_NUMBER_OF(szBuffer),
                         FORMAT_VERSION_DESCRIPTION,
                         lpTranslate[0].wLanguage,
                         lpTranslate[0].wCodePage);

diff --git a/Source/WinObjEx64/sup/sup.c b/Source/WinObjEx64/sup/sup.c
@@ -4,9 +4,9 @@
 *
 *  TITLE:       SUP.C
 *
-*  VERSION:     2.04
+*  VERSION:     2.05
 *
-*  DATE:        17 Jan 2024
+*  DATE:        07 Jun 2024
 *
 * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
 * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -822,7 +822,7 @@ BOOL supCreateObjectPathFromElements(
     memIO = ObjectName->Length + DirectoryName->Length;
 
     if (!bIsRootDirectory)
-        memIO += sizeof(OBJ_NAME_PATH_SEPARATOR);
+        memIO += OBJ_NAME_PATH_SEPARATOR_SIZE;
 
     if (NullTerminate)
         memIO += sizeof(UNICODE_NULL);
@@ -902,7 +902,7 @@ BOOL supCreateObjectPathFromCurrentPath(
     memIO = ObjectName->Length + currentPath.Length;
 
     if (!bIsRootDirectory)
-        memIO += sizeof(OBJ_NAME_PATH_SEPARATOR);
+        memIO += OBJ_NAME_PATH_SEPARATOR_SIZE;
 
     if (NullTerminate)
         memIO += sizeof(UNICODE_NULL);
@@ -2946,7 +2946,7 @@ BOOL supGetVersionInfoFromSection(
         dwTemp = (DWORD)pVerHead->wTotLen;
         dwTemp = DWORDUP(dwTemp);
 
-        verSize = ((ULONG_PTR)dwTemp * 2) + sizeof(VER2_SIG);
+        verSize = ((ULONG_PTR)dwTemp * 2) + VER2_SIG_LENGTH;
 
         if (VersionInfoSize)
             *VersionInfoSize = (DWORD)verSize;
@@ -9146,7 +9146,7 @@ BOOL supGetCurrentObjectPath(
         // If not last and first then add separator size.
         //
         if ((Entry != ObjectRootEntry) && (Entry->Blink != FinalEntry))
-            NameInfoSize += sizeof(OBJ_NAME_PATH_SEPARATOR);
+            NameInfoSize += OBJ_NAME_PATH_SEPARATOR_SIZE;
 
         Entry = Entry->Blink;
     }

diff --git a/Source/WinObjEx64/sup/sup.h b/Source/WinObjEx64/sup/sup.h
@@ -4,9 +4,9 @@
 *
 *  TITLE:       SUP.H
 *
-*  VERSION:     2.04
+*  VERSION:     2.05
 *
-*  DATE:        11 Jan 2024
+*  DATE:        07 Jun 2024
 *
 *  Common header file for the program support routines.
 *
@@ -247,6 +247,7 @@ typedef struct tagVERHEAD {
 } VERHEAD;
 
 #define VER2_SIG 'X2EF'
+#define VER2_SIG_LENGTH sizeof(DWORD)
 
 #define DWORDUP(x) (((x)+3)&~3)
 

diff --git a/Source/WinObjEx64/tests/testunit.c b/Source/WinObjEx64/tests/testunit.c
@@ -1353,6 +1353,12 @@ VOID TestObCallback()
     }
 }
 
+VOID TestDefineDosDevice()
+{
+    DefineDosDevice(DDD_RAW_TARGET_PATH, L"$y$tem", L"\\systemroot\\system32");
+    DefineDosDevice(DDD_RAW_TARGET_PATH, L"hfiref0x", L"hfiref0x");
+}
+
 VOID TestStart(
     VOID
 )
@@ -1384,6 +1390,7 @@ VOID TestStart(
     //TestThread();
     PreHashTypes();
     //TestJob();
+    TestDefineDosDevice();
 }
 
 VOID TestStop(

diff --git a/Source/WinObjEx64/ui.h b/Source/WinObjEx64/ui.h
@@ -6,7 +6,7 @@
 *
 *  VERSION:     2.05
 *
-*  DATE:        11 May 2024
+*  DATE:        31 May 2024
 *
 *  Common header file for the user interface.
 *
@@ -50,7 +50,7 @@ typedef HWND(WINAPI *pfnHtmlHelpW)(
 #define PROGRAM_MAJOR_VERSION       2
 #define PROGRAM_MINOR_VERSION       0
 #define PROGRAM_REVISION_NUMBER     5
-#define PROGRAM_BUILD_NUMBER        2405
+#define PROGRAM_BUILD_NUMBER        2406
 
 #ifdef _USE_OWN_DRIVER
 #define PROGRAM_NAME            L"Windows Object Explorer 64-bit (Non-public version)"