KNSoft
diff --git a/‎Source/AlleyWind/3rdParty/bin/NTAssassin/NAC/NAC.dll‎
0 Bytes b/‎Source/AlleyWind/3rdParty/bin/NTAssassin/NAC/NAC.dll‎
0 Bytes
diff --git a/‎Source/AlleyWind/3rdParty/bin/NTAssassin/NAC/NAC.exe‎
-512 Bytes b/‎Source/AlleyWind/3rdParty/bin/NTAssassin/NAC/NAC.exe‎
-512 Bytes
diff --git a/‎Source/AlleyWind/3rdParty/bin/NTAssassin/NAC/NAC.pdb‎
0 Bytes b/‎Source/AlleyWind/3rdParty/bin/NTAssassin/NAC/NAC.pdb‎
0 Bytes
diff --git a/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTACtl.h‎
Lines changed: 2 additions & 2 deletions b/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTACtl.h‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTAFile.h‎
Lines changed: 7 additions & 0 deletions b/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTAFile.h‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTAHijack.h‎
Lines changed: 1 addition & 8 deletions b/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTAHijack.h‎
Lines changed: 1 addition & 8 deletions
diff --git a/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTAHook.h‎
Lines changed: 9 additions & 0 deletions b/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTAHook.h‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTAMath.h‎
Lines changed: 3 additions & 1 deletion b/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTAMath.h‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTANT.h‎
Lines changed: 15 additions & 6 deletions b/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTANT.h‎
Lines changed: 15 additions & 6 deletions
diff --git a/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTAPE.h‎
Lines changed: 10 additions & 2 deletions b/‎Source/AlleyWind/3rdParty/include/NTAssassin/NTAPE.h‎
Lines changed: 10 additions & 2 deletions
@@ -117,10 +117,10 @@ NTA_API VOID NTAPI Ctl_InitComboBoxEx(HWND ComboBox, PCTL_COMBOBOXCTL_ITEM Items
   * @param[in] Param User defined value passed to the callback
   * @return Returns handle to the last enumerated item if the callback stops the enumeration, or NULL if enumeration finished successfully
   */
-HTREEITEM NTAPI Ctl_EnumTreeViewItems(HWND TreeView, BOOL BFS, CTL_TREEVIEWITEMENUMPROC TreeItemEnumProc, LPARAM Param);
+NTA_API HTREEITEM NTAPI Ctl_EnumTreeViewItems(HWND TreeView, BOOL BFS, CTL_TREEVIEWITEMENUMPROC TreeItemEnumProc, LPARAM Param);
 
 /**
   * @see "CB_SETCURSEL"
   * @note This function will notify parent window by sending "WM_COMMAND"
   */
-LRESULT NTAPI Ctl_ComboBoxSetSelect(HWND ComboBox, INT ItemIndex);
+NTA_API LRESULT NTAPI Ctl_ComboBoxSetSelect(HWND ComboBox, INT ItemIndex);
@@ -18,6 +18,13 @@ typedef struct _FILE_MAP {
   */
 NTA_API NTSTATUS NTAPI File_Create(PHANDLE FileHandle, PWSTR FileName, HANDLE RootDirectory, ACCESS_MASK DesiredAccess, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions);
 
+/**
+  * @brief Read a file
+  * @return Returns NTSTATUS
+  * @see "ReadFile"
+  */
+NTA_API NTSTATUS NTAPI File_Read(HANDLE FileHandle, PVOID Buffer, ULONG Length, PLARGE_INTEGER ByteOffset, PULONG BytesRead);
+
 /**
   * @brief Verifies that a path is a valid directory
   * @param[in] FilePath Path to be Verified
 
@@ -25,18 +25,11 @@ typedef struct _HIJACK_INJECTTHREAD {
     DWORD                   ExceptionCode;
 } HIJACK_INJECTTHREAD, * PHIJACK_INJECTTHREAD;
 
-#define HCPC_X86_STDCALL 0
-#define HCPC_X86_FASTCALL 0x1
-#define HCPC_X86_CDECL 0x2
-#define HCPC_X86_VECTORCALL 0x4
-#define HCPC_X64_MS 0
-#define HCPC_X64_GCC 0x100
-
 #pragma pack(push)
 #pragma pack(4)
 typedef struct _HIJACK_CALLPROCHEADER {
     QWORD       Procedure;
-    DWORD       CallConvention;
+    CALLCONV    CallConvention;
     QWORD       RetValue;
     DWORD       LastError;
     NTSTATUS    LastStatus;
 
@@ -0,0 +1,9 @@
+#pragma once
+
+#include "NTAssassin.h"
+
+NTA_API BOOL NTAPI Hook_Begin();
+NTA_API BOOL NTAPI Hook_Set(BOOL Enable, PVOID* Address, PVOID HookAddress);
+NTA_API BOOL NTAPI Hook_Attach(PVOID* Address, PVOID HookAddress);
+NTA_API BOOL NTAPI Hook_Detach(PVOID* Address, PVOID HookAddress);
+NTA_API BOOL NTAPI Hook_Commit();
@@ -29,4 +29,6 @@ NTA_API ULONG NTAPI Math_RangedRandom(ULONG Min, ULONG Max);
 /**
   * @brief Checks the number is a power of 2
   */
-#define Math_IsPowerOf2(n) ((n != 0) && ((n & (n - 1)) == 0))
+#define Math_IsPowerOf2(n) ((n != 0) && ((n & (n - 1)) == 0))
+
+#define Math_Abs(v1, v2) ((v1) > (v2) ? (v1) - (v2) : (v2) - (v1))
@@ -11,8 +11,15 @@
   */
 #if defined(_M_AMD64)
 #define NT_GetTEBMember(m) ((RTL_FIELD_SIZE(TEB, m) == sizeof(DWORD64) ? __readgsqword(FIELD_OFFSET(TEB, m)) : (RTL_FIELD_SIZE(TEB, m) == sizeof(DWORD) ? __readgsdword(FIELD_OFFSET(TEB, m)) : (RTL_FIELD_SIZE(TEB, m) == sizeof(WORD) ? __readgsword(FIELD_OFFSET(TEB, m)) : __readgsbyte(FIELD_OFFSET(TEB, m))))))
+#define NT_GetTEBMemberQWORD(m) __readgsqword(FIELD_OFFSET(TEB, m))
+#define NT_GetTEBMemberDWORD(m) __readgsdword(FIELD_OFFSET(TEB, m))
+#define NT_GetTEBMemberWORD(m) __readgsword(FIELD_OFFSET(TEB, m))
+#define NT_GetTEBMemberBYTE(m) __readgsbyte(FIELD_OFFSET(TEB, m))
 #elif defined(_M_IX86)
 #define NT_GetTEBMember(m) ((RTL_FIELD_SIZE(TEB, m) == sizeof(DWORD) ? __readfsdword(FIELD_OFFSET(TEB, m)) : (RTL_FIELD_SIZE(TEB, m) == sizeof(WORD) ? __readfsword(FIELD_OFFSET(TEB, m)) : __readfsbyte(FIELD_OFFSET(TEB, m)))))
+#define NT_GetTEBMemberDWORD(m) __readfsdword(FIELD_OFFSET(TEB, m))
+#define NT_GetTEBMemberWORD(m) __readfsword(FIELD_OFFSET(TEB, m))
+#define NT_GetTEBMemberBYTE(m) __readfsbyte(FIELD_OFFSET(TEB, m))
 #endif
 
 /**
@@ -55,16 +62,18 @@
 #define NT_GetKUSD() ((CONST PKUSER_SHARED_DATA)MM_SHARED_USER_DATA_VA)
 
 // Last Win32 Error value
-#define NT_ClearLastError() NT_SetTEBMember(LastErrorValue, ERROR_SUCCESS)
-#define NT_GetLastError() NT_GetTEBMember(LastErrorValue)
+#define NT_ClearLastError() NT_SetTEBMemberDWORD(LastErrorValue, ERROR_SUCCESS)
+#define NT_GetLastError() NT_GetTEBMemberDWORD(LastErrorValue)
 #define NT_SetLastError(dwError) NT_SetTEBMemberDWORD(LastErrorValue, dwError)
-#define NT_LastErrorSucceed() (NT_GetTEBMember(LastErrorValue) == ERROR_SUCCESS)
+#define NT_LastErrorSucceed() (NT_GetTEBMemberDWORD(LastErrorValue) == ERROR_SUCCESS)
 
 // Last NT Status value
-#define NT_ClearLastStatus() NT_SetTEBMember(LastStatusValue, STATUS_SUCCESS)
-#define NT_GetLastStatus() NT_GetTEBMember(LastStatusValue)
+#define NT_ClearLastStatus() NT_SetTEBMemberDWORD(LastStatusValue, STATUS_SUCCESS)
+#define NT_GetLastStatus() NT_GetTEBMemberDWORD(LastStatusValue)
 #define NT_SetLastStatus(lStatus) NT_SetTEBMemberDWORD(LastStatusValue, lStatus)
-#define NT_LastStatusSucceed() (NT_GetTEBMember(LastStatusValue) == ERROR_SUCCESS)
+#define NT_LastStatusSucceed() (NT_GetTEBMemberDWORD(LastStatusValue) == STATUS_SUCCESS)
+
+NTA_API DWORD NTAPI NT_SetLastNTError(NTSTATUS Status);
 
 /**
   * @brief Initializes OBJECT_ATTRIBUTES structure
 
@@ -14,12 +14,20 @@ typedef struct _PE_STRUCT {
     };
     PIMAGE_SECTION_HEADER           SectionHeader;
     PVOID                           OverlayData;
-} PE_STRUCT, * PPE_STRUCT;
+} PE_STRUCT, *PPE_STRUCT;
 
 NTA_API BOOL NTAPI PE_Resolve(PPE_STRUCT PEStruct, PVOID Image, BOOL OfflineMap);
 
 NTA_API PIMAGE_DATA_DIRECTORY NTAPI PE_GetDataDirectory(PPE_STRUCT PEStruct, UINT Index);
 
 NTA_API PIMAGE_SECTION_HEADER NTAPI PE_GetSectionByRVA(PPE_STRUCT PEStruct, DWORD RVA);
 
-NTA_API PVOID NTAPI PE_RVA2Ptr(PPE_STRUCT PEStruct, DWORD RVA);
+NTA_API PIMAGE_SECTION_HEADER NTAPI PE_GetSectionByOffset(PPE_STRUCT PEStruct, DWORD Offset);
+
+NTA_API PVOID NTAPI PE_RVA2Ptr(PPE_STRUCT PEStruct, DWORD RVA);
+
+NTA_API BOOL NTAPI PE_Ptr2RVA(PPE_STRUCT PEStruct, PVOID Ptr, PDWORD RVA);
+
+NTA_API BOOL NTAPI PE_Ptr2Offset(PPE_STRUCT PEStruct, PVOID Ptr, PDWORD Offset);
+
+NTA_API BOOL NTAPI PE_GetExportedName(PPE_STRUCT PEStruct, PVOID Function, PZPCSTR Name);