Warning
MiCore is still in development stage ...
MiCore is a derivative of the underlying API implementation of MiUCRT (formerly ucxxrt).
It is mainly the implementation of user-level functions in the kernel on the Windows platform. Recommended for use with Veil.
- Thanks: The scheme to export ZwRoutines is provided by @xiaobfly.
- References: systeminformer/phnt
- References: Windows_OS_Internals_Curriculum_Resource_Kit-ACADEMIC
-
All ZwRoutines supported by the current system can be used directly.
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) { UNREFERENCED_PARAMETER(DriverObject); UNREFERENCED_PARAMETER(RegistryPath); NTSTATUS Status; do { DriverObject->DriverUnload = DriverUnload; Status = MiCoreStartup(DriverObject, RegistryPath); if (!NT_SUCCESS(Status)) { break; } LARGE_INTEGER SystemTime{}; Status = ZwQuerySystemTime(&SystemTime); if (!NT_SUCCESS(Status)) { break; } Status = RtlSystemTimeToLocalTime(&SystemTime, &SystemTime); if (!NT_SUCCESS(Status)) { break; } TIME_FIELDS Time{}; RtlTimeToTimeFields(&SystemTime, &Time); MiLOG("Loading time is %04d/%02d/%02d %02d:%02d:%02d", Time.Year, Time.Month, Time.Day, Time.Hour, Time.Minute, Time.Second); } while (false); if (!NT_SUCCESS(Status)) { DriverUnload(DriverObject); } return Status; }
-
Support part of RtlXxxx API.
-
Support part of KernelBase API.
-
Support part of Advapi32 API.
See Project