• 简体中文

Warning

MiCore is still in development stage ...

MiCore is a derivative of the underlying API implementation of MiUCRT (formerly ucxxrt).

It is mainly the implementation of user-level functions in the kernel on the Windows platform. Recommended for use with Veil.

• Thanks: The scheme to export ZwRoutines is provided by @xiaobfly.
• References: systeminformer/phnt
• References: Windows_OS_Internals_Curriculum_Resource_Kit-ACADEMIC

• All ZwRoutines supported by the current system can be used directly.

  NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
  {
      UNREFERENCED_PARAMETER(RegistryPath);
  
      DriverObject->DriverUnload = [](PDRIVER_OBJECT)
      {
          (void)MiCoreShutdown();
      };
  
      NTSTATUS Status = MiCoreStartup();
      if (NT_SUCCESS(Status)) {
          // ...
  
          // This function is not exported, it can be called directly after using micore
          ZwResumeThread(TheradHandle);
  
          // ...
      }
  
      return Status;
  }

• Support part of RtlXxxx API.

• Support part of KernelBase API.

• Support part of Advapi32 API.

See Project