127 OUT
PVOID SystemInformation,
128 IN
ULONG SystemInformationLength,
129 OUT PULONG ReturnLength OPTIONAL);
131NTSTATUS(*g_NtCreateFileOrig)
153static WORD g_TransparentGenuineVendorStringIndex = 0;
164#if ActivateHyperEvadeProject == TRUE
171static const PCHAR TRANSPARENT_WIN_PROCESS_IGNORE[] = {
183static const PWCHAR TRANSPARENT_LEGIT_DEVICE_ID_VENDOR_STRINGS_WCHAR[] = {
195static const PWCHAR TRANSPARENT_LEGIT_VENDOR_STRINGS_WCHAR[] = {
197 L
"ASUSTeK Computer INC.",
199 L
"ASUSTEK COMPUTER INC.",
202 L
"Micro-Star International Co., Ltd.",
204 L
"MICRO-STAR INTERNATIONAL CO., LTD",
207 L
"Gigabyte Technology Co., Ltd.",
209 L
"Gigabyte Technology",
213 L
"ASRock Incorporation",
219 L
"Dell Computer Corporation",
229 L
"Lenovo Group Limited",
232 L
"Intel Corporation",
244static const PWCH HV_PROCESSES[] = {
250 L
"VGAuthService.exe",
257 L
"VGAuthService.exe",
264 L
"ProcessHacker.exe",
274 L
"ImmunityDebugger.exe",
282 L
"proc_analyzer.exe",
286 L
"joeboxcontrol.exe",
288 L
"ResourceHacker.exe",
293 L
"cheatengine-i386.exe",
294 L
"cheatengine-x86_64.exe",
295 L
"cheatengine-x86_64-SSE4-AVX2.exe",
296 L
"frida-helper-32.exe",
297 L
"frida-helper-64.exe",
305static const PCHAR HV_DRIVER[] = {
359static const PWCH HV_FILES[] = {
378 L
"VmGuestLibJava.dll",
385 L
"vm3dum64_loader.dll",
407 L
"vboxoglpackspu.dll",
408 L
"vboxoglpassthroughspu.dll",
410 L
"vboxoglcrutil.dll",
417 L
"vboxoglerrorspu.dll",
418 L
"vboxoglfeedbackspu.dll",
419 L
"vboxoglarrayspu.dll",
421 L
"virtualbox guest additions",
448 L
"SPICE Guest Tools",
455static const PWCH HV_DIRS[] = {
460 L
"SPICE Guest Tools",
463 L
"virtualbox guest additions",
464 L
"VirtualBox Guest Additions",
471static const PWCH HV_REGKEYS[] = {
516 L
"VirtualBox Guest Additions",
533 L
"SPICE Guest Tools",
545 L
"GOOGLE COMPUTE ENGINE",
554 L
"VirtIO-FS Service",
568static const PWCH TRANSPARENT_DETECTABLE_REGISTRY_KEYS[] = {
572 L
"SystemBiosVersion",
575 L
"SystemManufacturer",
576 L
"SystemProductName",
581 L
"Device Description",
597static const PCHAR HV_FIRM_NAMES[] = {
598 "440BX Desktop Reference Platform",
struct _UNICODE_STRING UNICODE_STRING
SSDT structure.
Definition SyscallFootprints.h:85
PVOID CounterTable
Definition SyscallFootprints.h:87
PCHAR ArgumentTable
Definition SyscallFootprints.h:93
ULONG NumberOfServices
Definition SyscallFootprints.h:91
LONG * ServiceTable
Definition SyscallFootprints.h:86
System Information for Code Integrity.
Definition SyscallFootprints.h:43
ULONG Length
Definition SyscallFootprints.h:44
ULONG CodeIntegrityOptions
Definition SyscallFootprints.h:45
Module entry.
Definition SyscallFootprints.h:101
UINT16 InitOrderIndex
Definition SyscallFootprints.h:108
UINT16 LoadOrderIndex
Definition SyscallFootprints.h:107
UINT16 LoadCount
Definition SyscallFootprints.h:109
ULONG ImageSize
Definition SyscallFootprints.h:105
PVOID MappedBase
Definition SyscallFootprints.h:103
HANDLE Section
Definition SyscallFootprints.h:102
UCHAR FullPathName[256]
Definition SyscallFootprints.h:111
PVOID ImageBase
Definition SyscallFootprints.h:104
ULONG Flags
Definition SyscallFootprints.h:106
UINT16 OffsetToFileName
Definition SyscallFootprints.h:110
System Information for modules.
Definition SyscallFootprints.h:119
ULONG Count
Definition SyscallFootprints.h:120
SYSTEM_MODULE_ENTRY Module[1]
Definition SyscallFootprints.h:121
System Information for running processes.
Definition SyscallFootprints.h:54
PVOID Reserved5
Definition SyscallFootprints.h:70
SIZE_T PagefileUsage
Definition SyscallFootprints.h:74
PVOID Reserved6
Definition SyscallFootprints.h:72
ULONG Reserved4
Definition SyscallFootprints.h:67
SIZE_T PeakVirtualSize
Definition SyscallFootprints.h:65
SIZE_T WorkingSetSize
Definition SyscallFootprints.h:69
SIZE_T VirtualSize
Definition SyscallFootprints.h:66
UNICODE_STRING ImageName
Definition SyscallFootprints.h:58
HANDLE UniqueProcessId
Definition SyscallFootprints.h:60
SIZE_T QuotaPagedPoolUsage
Definition SyscallFootprints.h:71
SIZE_T PeakPagefileUsage
Definition SyscallFootprints.h:75
SIZE_T PeakWorkingSetSize
Definition SyscallFootprints.h:68
BYTE Reserved1[48]
Definition SyscallFootprints.h:57
ULONG NumberOfThreads
Definition SyscallFootprints.h:56
PVOID Reserved3
Definition SyscallFootprints.h:64
SIZE_T PrivatePageCount
Definition SyscallFootprints.h:76
SIZE_T QuotaNonPagedPoolUsage
Definition SyscallFootprints.h:73
KPRIORITY BasePriority
Definition SyscallFootprints.h:59
ULONG NextEntryOffset
Definition SyscallFootprints.h:55
ULONG SessionId
Definition SyscallFootprints.h:63
PVOID Reserved2
Definition SyscallFootprints.h:61
LARGE_INTEGER Reserved7[6]
Definition SyscallFootprints.h:77
ULONG HandleCount
Definition SyscallFootprints.h:62
Definition BasicTypes.h:136