Musa.Core

• 简体中文

Introduction

Warning

Musa.Core is in beta testing...

Musa.Core is a derivative of the underlying API implementation of Musa.Runtime (formerly ucxxrt).

Use ntdll/ntoskrnl to implement Kernel32, Advapi32 and other APIs. It includes user-mode and kernel-mode.

How to use

Right click on the project, select "Manage NuGet Packages". Search for Musa.Core, choose the version that suits you, and then click "Install".

NuGet package depends on Musa.Veil, you can directly include <Veil.h>

Or

If your project template uses Mile.Project.Windows, you can add the following code directly to your .vcxproj file:

  <ItemGroup>
    <PackageReference Include="Musa.Core">
      <!-- Expected version -->
      <Version>0.1.0</Version>
    </PackageReference>
  </ItemGroup>

Header-only mode

Add the following code to your .vcxproj file:

  <PropertyGroup>
    <MusaCoreOnlyHeader>true</MusaCoreOnlyHeader>
  </PropertyGroup>

This mode will not automatically import lib files.

Feature

• All ZwRoutines supported by the current system can be used directly.

  NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
  {
      UNREFERENCED_PARAMETER(DriverObject);
      UNREFERENCED_PARAMETER(RegistryPath);
  
      NTSTATUS Status;
  
      do {
          DriverObject->DriverUnload = DriverUnload;
  
          Status = MusaCoreStartup(DriverObject, RegistryPath);
          if (!NT_SUCCESS(Status)) {
              break;
          }
  
          LARGE_INTEGER SystemTime{};
          Status = ZwQuerySystemTime(&SystemTime);
          if (!NT_SUCCESS(Status)) {
              break;
          }
  
          Status = RtlSystemTimeToLocalTime(&SystemTime, &SystemTime);
          if (!NT_SUCCESS(Status)) {
              break;
          }
  
          TIME_FIELDS Time{};
          RtlTimeToTimeFields(&SystemTime, &Time);
  
          MusaLOG("Loading time is %04d/%02d/%02d %02d:%02d:%02d",
              Time.Year, Time.Month, Time.Day,
              Time.Hour, Time.Minute, Time.Second);
  
      } while (false);
  
      if (!NT_SUCCESS(Status)) {
          DriverUnload(DriverObject);
      }
  
      return Status;
  }

• Support part of RtlXxxx API.

• Support part of KernelBase API.

• Support part of Advapi32 API.

Progress

See Project

Acknowledgements

Thanks to JetBrains for providing free licenses such as Resharper C++ for my open-source projects.

Thanks & References

• Thanks: The scheme to export ZwRoutines is provided by @xiaobfly.
• References: systeminformer/phnt
• References: Windows_OS_Internals_Curriculum_Resource_Kit-ACADEMIC