From c01b961423df69f8de4c2e740399b7ee5dd6d6cf Mon Sep 17 00:00:00 2001
From: Yasser Tahiri <yasserth19@gmail.com>
Date: Sat, 12 Dec 2020 23:02:14 +0100
Subject: [PATCH] Summary
---
watermark WIN10/.gitignore | 32 ++++
watermark WIN10/README.md | 50 +++++
watermark WIN10/watermark_disabler.sln | 51 +++++
watermark WIN10/watermark_disabler/main.cpp | 68 +++++++
.../watermark_disabler/mem_defs.hpp | 55 ++++++
.../watermark_disabler/mem_iter.hpp | 79 ++++++++
.../watermark_disabler/mem_scan.hpp | 77 ++++++++
.../watermark_disabler/mem_util.hpp | 74 ++++++++
.../watermark_disabler/util_raii.hpp | 29 +++
.../watermark_disabler.vcxproj | 178 ++++++++++++++++++
.../watermark_disabler.vcxproj.filters | 35 ++++
.../watermark_disabler.vcxproj.user | 6 +
12 files changed, 734 insertions(+)
create mode 100644 watermark WIN10/.gitignore
create mode 100644 watermark WIN10/README.md
create mode 100644 watermark WIN10/watermark_disabler.sln
create mode 100644 watermark WIN10/watermark_disabler/main.cpp
create mode 100644 watermark WIN10/watermark_disabler/mem_defs.hpp
create mode 100644 watermark WIN10/watermark_disabler/mem_iter.hpp
create mode 100644 watermark WIN10/watermark_disabler/mem_scan.hpp
create mode 100644 watermark WIN10/watermark_disabler/mem_util.hpp
create mode 100644 watermark WIN10/watermark_disabler/util_raii.hpp
create mode 100644 watermark WIN10/watermark_disabler/watermark_disabler.vcxproj
create mode 100644 watermark WIN10/watermark_disabler/watermark_disabler.vcxproj.filters
create mode 100644 watermark WIN10/watermark_disabler/watermark_disabler.vcxproj.user
diff --git a/watermark WIN10/.gitignore b/watermark WIN10/.gitignore
new file mode 100644
index 0000000..259148f
--- /dev/null
+++ b/watermark WIN10/.gitignore
@@ -0,0 +1,32 @@
+# Prerequisites
+*.d
+
+# Compiled Object files
+*.slo
+*.lo
+*.o
+*.obj
+
+# Precompiled Headers
+*.gch
+*.pch
+
+# Compiled Dynamic libraries
+*.so
+*.dylib
+*.dll
+
+# Fortran module files
+*.mod
+*.smod
+
+# Compiled Static libraries
+*.lai
+*.la
+*.a
+*.lib
+
+# Executables
+*.exe
+*.out
+*.app
diff --git a/watermark WIN10/README.md b/watermark WIN10/README.md
new file mode 100644
index 0000000..32ff86c
--- /dev/null
+++ b/watermark WIN10/README.md
@@ -0,0 +1,50 @@
+<p align="center"> <img src="https://i.imgur.com/lp2W37e.gif">
+
+## watermark_disabler
+Disabling "Activate Windows" watermark made simple, the code in this repository is a PoC, and has not been tested above Windows 10 1803.
+
+## how does this work?
+The function responsible for drawing whole desktop including the watermark is xxxDesktopPaintCallback located in win32kfull.sys.
+Both of the approaches used by this project were found while analyzing functions further down in the callstack.
+
+### approach #1
+As you can see from the snippets below, forcing gpsi->unk874h to be zero the checks will fail and the watermark won't be drawn.
+```cpp
+// global tagSERVERINFO* gpsi;
+// global _THREADINFO* gptiCurrent;
+if ( gpsi->unk874h != 0 )
+{
+ /* gptiCurrent + 0x1c0 = tagDESKTOP** */
+ const auto desktop = gptiCurrent->desktops[1]; /* type: tagDESKTOP**, this is checked if it's grpdeskLogon, which is a global pointer to the lock screen */
+
+ HWND desktop_window = nullptr;
+
+ /* tagDESKTOP + 0xa8 = tagWnd* */
+ if ( desktop )
+ desktop_window = desktop->wnd; /* type: tagWnd*, I believe this is a pointer to the lock window? */
+
+ should_draw_watermark = ( desktop_window == nullptr );
+}
+
+if ( should_draw_watermark )
+ PaintWatermark(device_context, &desktop_rect);
+```
+
+### approach #2
+PaintWatermark calls GreExtTextOutWInternal (which is the internal function for ExtTextOutW/NtGdiExtTextOutW in wingdi.h).
+
+The argument passed for size (c) is a global called "gSafeModeStrLen", by setting the size (c) to 0, the string won't be rendered. The pattern for the aforementioned global inside win32kfull is 44 8B C8 44 89 0D + 7
+
+
+<p align="center">
+ Follow Me On
+</p>
+<p align="center">
+ <a href="https://www.youtube.com/channel/UC5ba_E8pgMV0ETCRn7PQzUg?view_as=subscriber">
+ <img src="https://www.iconsdb.com/icons/preview/black/youtube-4-xxl.png" width="40" height="40">
+ </a>
+ <a href="https://instagram.com/froggy__19">
+ <img src="http://clipart-library.com/images_k/instagram-png-transparent/instagram-png-transparent-16.png" width="40" height="40">
+ </a>
+</p>
+<p align="center"> <a href="https://www.buymeacoffee.com/tahiri" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/lato-orange.png" alt="Buy Me A Coffee" style="height: 51px !important;width: 217px !important;" ></a> <p>
diff --git a/watermark WIN10/watermark_disabler.sln b/watermark WIN10/watermark_disabler.sln
new file mode 100644
index 0000000..8504e2e
--- /dev/null
+++ b/watermark WIN10/watermark_disabler.sln
@@ -0,0 +1,51 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29613.14
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "watermark_disabler", "watermark_disabler\watermark_disabler.vcxproj", "{99ADE163-A416-41D2-991E-99E598476DB8}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|ARM = Debug|ARM
+ Debug|ARM64 = Debug|ARM64
+ Debug|x64 = Debug|x64
+ Debug|x86 = Debug|x86
+ Release|ARM = Release|ARM
+ Release|ARM64 = Release|ARM64
+ Release|x64 = Release|x64
+ Release|x86 = Release|x86
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Debug|ARM.ActiveCfg = Debug|ARM
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Debug|ARM.Build.0 = Debug|ARM
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Debug|ARM.Deploy.0 = Debug|ARM
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Debug|ARM64.ActiveCfg = Debug|ARM64
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Debug|ARM64.Build.0 = Debug|ARM64
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Debug|ARM64.Deploy.0 = Debug|ARM64
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Debug|x64.ActiveCfg = Debug|x64
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Debug|x64.Build.0 = Debug|x64
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Debug|x64.Deploy.0 = Debug|x64
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Debug|x86.ActiveCfg = Debug|Win32
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Debug|x86.Build.0 = Debug|Win32
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Debug|x86.Deploy.0 = Debug|Win32
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Release|ARM.ActiveCfg = Release|ARM
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Release|ARM.Build.0 = Release|ARM
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Release|ARM.Deploy.0 = Release|ARM
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Release|ARM64.ActiveCfg = Release|ARM64
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Release|ARM64.Build.0 = Release|ARM64
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Release|ARM64.Deploy.0 = Release|ARM64
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Release|x64.ActiveCfg = Release|x64
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Release|x64.Build.0 = Release|x64
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Release|x64.Deploy.0 = Release|x64
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Release|x86.ActiveCfg = Release|Win32
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Release|x86.Build.0 = Release|Win32
+ {99ADE163-A416-41D2-991E-99E598476DB8}.Release|x86.Deploy.0 = Release|Win32
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {F6ECE478-6ED3-4B08-8434-8629DF60A65D}
+ EndGlobalSection
+EndGlobal
diff --git a/watermark WIN10/watermark_disabler/main.cpp b/watermark WIN10/watermark_disabler/main.cpp
new file mode 100644
index 0000000..68d28eb
--- /dev/null
+++ b/watermark WIN10/watermark_disabler/main.cpp
@@ -0,0 +1,68 @@
+#include <utility>
+#include "mem_scan.hpp"
+#include "mem_iter.hpp"
+#include "mem_util.hpp"
+
+
+template <typename ...Args>
+__forceinline void output_to_console( const char* str, Args&&... args )
+{
+ DbgPrintEx( 77, 0, str, std::forward<Args>( args )... );
+}
+
+__forceinline void output_appended( const char* str )
+{
+ output_to_console( "[!] watermark_disabler: %s\n", str );
+}
+
+NTSTATUS driver_entry( )
+{
+ output_appended( "loaded" );
+
+ /* we have to attach to csrss, or any process with win32k mapped into it, because win32k is not mapped in system modules */
+ const auto csrss_process = impl::search_for_process( "csrss.exe" );
+
+ if ( !csrss_process )
+ {
+ output_appended( "failed to find csrss.exe" );
+ return STATUS_UNSUCCESSFUL;
+ }
+
+ impl::unique_attachment csrss_attach( csrss_process );
+
+ output_appended( "attached to csrss" );
+
+ const auto win32kfull_info = impl::search_for_module( "win32kfull.sys" );
+
+ if ( !win32kfull_info )
+ {
+ output_appended( "failed to find the win32kfull.sys module" );
+ return STATUS_UNSUCCESSFUL;
+ }
+
+ output_to_console( "[!] watermark_disabler: win32kfull.sys $ 0x%p\n", win32kfull_info->image_base );
+
+ const auto gpsi_instruction = impl::search_for_signature( win32kfull_info, "\x48\x8b\x0d\x00\x00\x00\x00\x48\x8b\x05\x00\x00\x00\x00\x0f\xba\x30\x0c", "xxx????xxx????xxxx" );
+
+ if ( !gpsi_instruction )
+ {
+ output_appended( "failed to find gpsi, signature outdated?" );
+ return STATUS_UNSUCCESSFUL;
+ }
+
+ const auto gpsi = *reinterpret_cast< std::uint64_t* >( impl::resolve_mov( gpsi_instruction ) );
+
+ if ( !gpsi )
+ {
+ output_appended( "gpsi is somehow nullptr" );
+ return STATUS_UNSUCCESSFUL;
+ }
+
+ output_to_console( "[!] watermark_disabler: gpsi $ 0x%p\n", gpsi );
+
+ *reinterpret_cast< std::uint32_t* >( gpsi + 0x874 ) = 0;
+
+ output_appended( "watermark disabled" );
+
+ return STATUS_UNSUCCESSFUL;
+}
diff --git a/watermark WIN10/watermark_disabler/mem_defs.hpp b/watermark WIN10/watermark_disabler/mem_defs.hpp
new file mode 100644
index 0000000..a49adbc
--- /dev/null
+++ b/watermark WIN10/watermark_disabler/mem_defs.hpp
@@ -0,0 +1,55 @@
+#pragma once
+#include <cstdint>
+#include <ntifs.h>
+#include <stdlib.h>
+
+namespace nt
+{
+ struct rtl_module_info
+ {
+ char pad_0[ 0x10 ];
+ PVOID image_base;
+ ULONG image_size;
+ char pad_1[ 0xa ];
+ USHORT file_name_offset;
+ UCHAR full_path[ _MAX_PATH - 4 ];
+ };
+
+ struct rtl_modules
+ {
+ ULONG count;
+ rtl_module_info modules[ 1 ];
+ };
+
+ struct image_file_header
+ {
+ USHORT machine;
+ USHORT number_of_sections;
+ };
+
+ struct image_section_header
+ {
+ std::uint8_t name[ 8 ];
+
+ union
+ {
+ std::uint32_t physical_address;
+ std::uint32_t virtual_size;
+ } misc;
+
+ std::uint32_t virtual_address;
+ std::uint32_t size_of_raw_data;
+ std::uint32_t pointer_to_raw_data;
+ std::uint32_t pointer_to_relocations;
+ std::uint32_t pointer_to_line_numbers;
+ std::uint16_t number_of_relocations;
+ std::uint16_t number_of_line_numbers;
+ std::uint32_t characteristics;
+ };
+
+ struct image_nt_headers
+ {
+ std::uint32_t signature;
+ image_file_header file_header;
+ };
+}
\ No newline at end of file
diff --git a/watermark WIN10/watermark_disabler/mem_iter.hpp b/watermark WIN10/watermark_disabler/mem_iter.hpp
new file mode 100644
index 0000000..4244a24
--- /dev/null
+++ b/watermark WIN10/watermark_disabler/mem_iter.hpp
@@ -0,0 +1,79 @@
+#pragma once
+#include "mem_defs.hpp"
+#include "util_raii.hpp"
+
+namespace impl
+{
+ extern "C" NTSYSAPI NTSTATUS NTAPI ZwQuerySystemInformation( ULONG, PVOID, ULONG, PULONG );
+ extern "C" NTSYSAPI PIMAGE_NT_HEADERS NTAPI RtlImageNtHeader( PVOID );
+
+ nt::rtl_module_info* search_for_module( const char* module_name )
+ {
+ /* allocate a pool with 0x2000 bytes because we don't know how big the module list is */
+ auto needed_bytes = 8192ul;
+ impl::pool buffer_pool( ExAllocatePoolWithTag( PagedPool, needed_bytes, 'udoM' ) );
+
+ if ( !buffer_pool.get( ) )
+ return nullptr;
+
+ auto current_status = ZwQuerySystemInformation( 11, buffer_pool.get( ), needed_bytes, &needed_bytes );
+
+ /* keep allocating until the function returns STATUS_SUCCESS */
+ while ( current_status == STATUS_INFO_LENGTH_MISMATCH )
+ {
+ buffer_pool.reset( ExAllocatePoolWithTag( PagedPool, needed_bytes, 'udoM' ) );
+
+ if ( !buffer_pool )
+ return nullptr;
+
+ current_status = ZwQuerySystemInformation( 11, buffer_pool.get( ), needed_bytes, &needed_bytes );
+ }
+
+ if ( !NT_SUCCESS( current_status ) )
+ return nullptr;
+
+ const auto current_modules = static_cast< nt::rtl_modules* >( buffer_pool.get( ) );
+
+ if ( !current_modules )
+ return nullptr;
+
+ /* loop the module list, and find the needed module */
+ for ( auto i = 0u; i < current_modules->count; i++ )
+ {
+ const auto current_module = ¤t_modules->modules[ i ];
+
+ if ( !current_module )
+ continue;
+
+ /* file_name_offset is the offset from full_path to the actual file's name, instead of file path */
+ const auto file_name = reinterpret_cast< const char* >( current_module->file_name_offset + current_module->full_path );
+
+ if ( std::strcmp( file_name, module_name ) != 0 )
+ continue;
+
+ return current_module;
+ }
+
+ return nullptr;
+ }
+
+ nt::image_section_header* search_for_section( const nt::rtl_module_info* module, const char* section_name )
+ {
+ if ( !module )
+ return nullptr;
+
+ const auto nt_header = reinterpret_cast< nt::image_nt_headers* >( RtlImageNtHeader( module->image_base ) );
+ const auto section_header = reinterpret_cast< nt::image_section_header* >( nt_header + 1 );
+
+ for ( auto i = 0u; i < nt_header->file_header.number_of_sections; i++ )
+ {
+ const auto current_section = §ion_header[ i ];
+ const auto current_section_name = reinterpret_cast< const char* >( current_section->name );
+
+ if ( !std::strcmp( current_section_name, section_name ) )
+ return current_section;
+ }
+
+ return nullptr;
+ }
+}
\ No newline at end of file
diff --git a/watermark WIN10/watermark_disabler/mem_scan.hpp b/watermark WIN10/watermark_disabler/mem_scan.hpp
new file mode 100644
index 0000000..940832a
--- /dev/null
+++ b/watermark WIN10/watermark_disabler/mem_scan.hpp
@@ -0,0 +1,77 @@
+#pragma once
+#include "mem_util.hpp"
+#include "mem_iter.hpp"
+#include "util_raii.hpp"
+
+namespace impl
+{
+ inline bool search_for_signature_helper( const std::uint8_t* data, const std::uint8_t* signature, const char* mask )
+ {
+ // check if page is correct & readable (this internally checks PTE, PDE, ...)
+ if ( !MmIsAddressValid( const_cast< std::uint8_t* >( data ) ) )
+ return false;
+
+ // iterate through validity of the mask (mask & signature are equal
+ for ( ; *mask; ++mask, ++data, ++signature )
+ if ( *mask == 'x' && *data != *signature ) // if mask is 'x' (a match), and the current byte is not equal to the byte in the signature, then return false.
+ return false;
+
+ return true;
+ }
+
+ std::uint8_t* search_for_signature( const nt::rtl_module_info* module, const char* signature, const char* signature_mask )
+ {
+ if ( !module )
+ return nullptr;
+
+ const auto module_start = reinterpret_cast< std::uint8_t* >( module->image_base );
+ const auto module_size = module_start + module->image_size;
+
+ /* iterate the entire module */
+ for ( auto segment = module_start; segment < module_size; segment++ )
+ {
+ if ( search_for_signature_helper( segment, reinterpret_cast< std::uint8_t* >( const_cast< char* >( signature ) ), signature_mask ) )
+ return segment;
+ }
+
+ return nullptr;
+ }
+
+ extern "C" NTSYSAPI PCHAR NTAPI PsGetProcessImageFileName( PEPROCESS );
+
+ PEPROCESS search_for_process( const char* process_name )
+ {
+ const auto kernel_module_info = search_for_module( "ntoskrnl.exe" );
+
+ if ( !kernel_module_info )
+ return nullptr;
+
+ /* we are scanning for a conditional jump, that jumps to a call to the unexported function that we want, so we follow the jump, then follow the call to get to the function. */
+ const auto conditional_instruction = search_for_signature( kernel_module_info, "\x79\xdc\xe9", "xxx" );
+
+ if ( !conditional_instruction )
+ return nullptr;
+
+ const auto call_instruction = follow_conditional_jump( conditional_instruction );
+
+ if ( !call_instruction )
+ return nullptr;
+
+ const auto PsGetNextProcess = follow_call< PEPROCESS( __stdcall* )( PEPROCESS ) >( call_instruction );
+
+ if ( !PsGetNextProcess )
+ return nullptr;
+
+ PEPROCESS previous_process = PsGetNextProcess( nullptr );
+
+ while ( previous_process )
+ {
+ if ( !std::strcmp( PsGetProcessImageFileName( previous_process ), process_name ) )
+ return previous_process;
+
+ previous_process = PsGetNextProcess( previous_process );
+ }
+
+ return nullptr;
+ }
+}
diff --git a/watermark WIN10/watermark_disabler/mem_util.hpp b/watermark WIN10/watermark_disabler/mem_util.hpp
new file mode 100644
index 0000000..8320458
--- /dev/null
+++ b/watermark WIN10/watermark_disabler/mem_util.hpp
@@ -0,0 +1,74 @@
+#pragma once
+#include <string>
+#include <memory>
+#include "mem_defs.hpp"
+
+namespace impl
+{
+ class unique_attachment
+ {
+ private:
+ KAPC_STATE apc_state{};
+ PEPROCESS process{};
+ public:
+ explicit unique_attachment( PEPROCESS process )
+ {
+ if ( !process )
+ return;
+
+ KeStackAttachProcess( process, &apc_state );
+ }
+
+ ~unique_attachment( )
+ {
+ KeUnstackDetachProcess( &apc_state );
+ ObfDereferenceObject( process );
+ }
+ };
+
+ bool write_to_read_only( void* destination, void* source, std::size_t size )
+ {
+ const std::unique_ptr<MDL, decltype( &IoFreeMdl )> mdl( IoAllocateMdl( destination, static_cast< ULONG >( size ), FALSE, FALSE, nullptr ), &IoFreeMdl );
+
+ if ( !mdl )
+ return false;
+
+ MmProbeAndLockPages( mdl.get( ), KernelMode, IoReadAccess );
+
+ const auto mapped_page = MmMapLockedPagesSpecifyCache( mdl.get( ), KernelMode, MmNonCached, nullptr, FALSE, NormalPagePriority );
+
+ if ( !mapped_page )
+ return false;
+
+ if ( !NT_SUCCESS( MmProtectMdlSystemAddress( mdl.get( ), PAGE_EXECUTE_READWRITE ) ) )
+ return false;
+
+ std::memcpy( mapped_page, source, size );
+
+ MmUnmapLockedPages( mapped_page, mdl.get( ) );
+ MmUnlockPages( mdl.get( ) );
+
+ return true;
+ }
+
+ template <typename T = std::uint8_t*>
+ __forceinline T follow_call( std::uint8_t* address )
+ {
+ /* + 1 is the address of the calle, + 5 is the size of a call instruction */
+ return ( T )( address + *reinterpret_cast< std::int32_t* >( address + 1 ) + 5 );
+ }
+
+ template <typename T = std::uint8_t*>
+ __forceinline T follow_conditional_jump( std::uint8_t* address )
+ {
+ /* + 1 is the offset of the jump, + 2 is the size of a conditional jump */
+ return ( T )( address + *reinterpret_cast< std::int8_t* >( address + 1 ) + 2 );
+ }
+
+ template <typename T = std::uint8_t*>
+ __forceinline T resolve_mov( std::uint8_t* address )
+ {
+ /* + 3 is the address of the source, + 7 is the size of a mov instruction */
+ return ( T )( address + *reinterpret_cast<std::int32_t*>( address + 3 ) + 7 );
+ }
+}
\ No newline at end of file
diff --git a/watermark WIN10/watermark_disabler/util_raii.hpp b/watermark WIN10/watermark_disabler/util_raii.hpp
new file mode 100644
index 0000000..6873322
--- /dev/null
+++ b/watermark WIN10/watermark_disabler/util_raii.hpp
@@ -0,0 +1,29 @@
+#pragma once
+#include <memory>
+#include <ntifs.h>
+
+namespace impl
+{
+ struct unique_pool
+ {
+ void operator( )( void* pool )
+ {
+ if ( pool )
+ ExFreePoolWithTag( pool, 0 );
+ }
+ };
+
+ using pool = std::unique_ptr<void, unique_pool>;
+
+ struct unique_object
+ {
+ void operator( )( void* object )
+ {
+ if ( object )
+ ObfDereferenceObject( object );
+ }
+ };
+
+ template <typename T>
+ using object = std::unique_ptr<std::remove_pointer_t<T>, unique_object>;
+}
diff --git a/watermark WIN10/watermark_disabler/watermark_disabler.vcxproj b/watermark WIN10/watermark_disabler/watermark_disabler.vcxproj
new file mode 100644
index 0000000..5a89436
--- /dev/null
+++ b/watermark WIN10/watermark_disabler/watermark_disabler.vcxproj
@@ -0,0 +1,178 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug|Win32">
+ <Configuration>Debug</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|Win32">
+ <Configuration>Release</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug|x64">
+ <Configuration>Debug</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|x64">
+ <Configuration>Release</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug|ARM">
+ <Configuration>Debug</Configuration>
+ <Platform>ARM</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|ARM">
+ <Configuration>Release</Configuration>
+ <Platform>ARM</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug|ARM64">
+ <Configuration>Debug</Configuration>
+ <Platform>ARM64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|ARM64">
+ <Configuration>Release</Configuration>
+ <Platform>ARM64</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{99ADE163-A416-41D2-991E-99E598476DB8}</ProjectGuid>
+ <TemplateGuid>{1bc93793-694f-48fe-9372-81e2b05556fd}</TemplateGuid>
+ <TargetFrameworkVersion>
+ </TargetFrameworkVersion>
+ <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
+ <Configuration>Debug</Configuration>
+ <Platform Condition="'$(Platform)' == ''">Win32</Platform>
+ <RootNamespace>watermark_disabler</RootNamespace>
+ <WindowsTargetPlatformVersion>10.0.18362.0</WindowsTargetPlatformVersion>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+ <TargetVersion>Windows10</TargetVersion>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+ <ConfigurationType>Driver</ConfigurationType>
+ <DriverType>KMDF</DriverType>
+ <DriverTargetPlatform>Universal</DriverTargetPlatform>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+ <TargetVersion>Windows10</TargetVersion>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+ <ConfigurationType>Driver</ConfigurationType>
+ <DriverType>KMDF</DriverType>
+ <DriverTargetPlatform>Universal</DriverTargetPlatform>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+ <TargetVersion>Windows10</TargetVersion>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+ <ConfigurationType>Driver</ConfigurationType>
+ <DriverType>KMDF</DriverType>
+ <DriverTargetPlatform>Universal</DriverTargetPlatform>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+ <TargetVersion>Windows10</TargetVersion>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+ <ConfigurationType>Driver</ConfigurationType>
+ <DriverType>KMDF</DriverType>
+ <DriverTargetPlatform>Universal</DriverTargetPlatform>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
+ <TargetVersion>Windows10</TargetVersion>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+ <ConfigurationType>Driver</ConfigurationType>
+ <DriverType>KMDF</DriverType>
+ <DriverTargetPlatform>Universal</DriverTargetPlatform>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
+ <TargetVersion>Windows10</TargetVersion>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+ <ConfigurationType>Driver</ConfigurationType>
+ <DriverType>KMDF</DriverType>
+ <DriverTargetPlatform>Universal</DriverTargetPlatform>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+ <TargetVersion>Windows10</TargetVersion>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+ <ConfigurationType>Driver</ConfigurationType>
+ <DriverType>KMDF</DriverType>
+ <DriverTargetPlatform>Universal</DriverTargetPlatform>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+ <TargetVersion>Windows10</TargetVersion>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+ <ConfigurationType>Driver</ConfigurationType>
+ <DriverType>KMDF</DriverType>
+ <DriverTargetPlatform>Universal</DriverTargetPlatform>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+ <IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(IncludePath)</IncludePath>
+ <EnableInf2cat>false</EnableInf2cat>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+ <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+ <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+ <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+ <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+ </PropertyGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <ClCompile>
+ <LanguageStandard>stdcpplatest</LanguageStandard>
+ <Optimization>MaxSpeed</Optimization>
+ <InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
+ <FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
+ <TreatWarningAsError>false</TreatWarningAsError>
+ <TreatWChar_tAsBuiltInType>true</TreatWChar_tAsBuiltInType>
+ <BufferSecurityCheck>false</BufferSecurityCheck>
+ <ControlFlowGuard>false</ControlFlowGuard>
+ </ClCompile>
+ <Link>
+ <EntryPointSymbol>driver_entry</EntryPointSymbol>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemGroup>
+ <FilesToPackage Include="$(TargetPath)" />
+ </ItemGroup>
+ <ItemGroup>
+ <ClCompile Include="main.cpp" />
+ </ItemGroup>
+ <ItemGroup>
+ <ClInclude Include="mem_defs.hpp" />
+ <ClInclude Include="mem_iter.hpp" />
+ <ClInclude Include="mem_scan.hpp" />
+ <ClInclude Include="mem_util.hpp" />
+ <ClInclude Include="util_raii.hpp" />
+ </ItemGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/watermark WIN10/watermark_disabler/watermark_disabler.vcxproj.filters b/watermark WIN10/watermark_disabler/watermark_disabler.vcxproj.filters
new file mode 100644
index 0000000..55069ea
--- /dev/null
+++ b/watermark WIN10/watermark_disabler/watermark_disabler.vcxproj.filters
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup>
+ <Filter Include="header">
+ <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+ <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+ </Filter>
+ <Filter Include="source">
+ <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+ <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+ </Filter>
+ </ItemGroup>
+ <ItemGroup>
+ <ClCompile Include="main.cpp">
+ <Filter>source</Filter>
+ </ClCompile>
+ </ItemGroup>
+ <ItemGroup>
+ <ClInclude Include="mem_defs.hpp">
+ <Filter>header</Filter>
+ </ClInclude>
+ <ClInclude Include="mem_scan.hpp">
+ <Filter>header</Filter>
+ </ClInclude>
+ <ClInclude Include="mem_iter.hpp">
+ <Filter>header</Filter>
+ </ClInclude>
+ <ClInclude Include="util_raii.hpp">
+ <Filter>header</Filter>
+ </ClInclude>
+ <ClInclude Include="mem_util.hpp">
+ <Filter>header</Filter>
+ </ClInclude>
+ </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/watermark WIN10/watermark_disabler/watermark_disabler.vcxproj.user b/watermark WIN10/watermark_disabler/watermark_disabler.vcxproj.user
new file mode 100644
index 0000000..b2a2bcc
--- /dev/null
+++ b/watermark WIN10/watermark_disabler/watermark_disabler.vcxproj.user
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <SignMode>Off</SignMode>
+ </PropertyGroup>
+</Project>
\ No newline at end of file