1.5.0

Combined all previous changes from 1.4.x

README.md

@@ -11,7 +11,7 @@ WinObjEx64 is an advanced utility that lets you explore the Windows Object Manag
 WinObjEx64 does not require administrative privileges. However administrative privilege is required to view much of the namespace and to edit object-related security information.
 
 
-WinObjEx64 works only on the following x64 Windows: Windows 7, Windows 8, Windows 8.1 and Windows 10 (TH1, TH2, RS1, RS2), including Server variants.
+WinObjEx64 works only on the following x64 Windows: Windows 7, Windows 8, Windows 8.1 and Windows 10 (TH1/TH2/RS1/RS2/RS3), including Server variants.
 
 
 WinObjEx64 does not work on Windows XP, Windows Vista is partially supported. We have no plans of their full support.

Source/CHANGELOG.txt

@@ -1,20 +1,12 @@
-v1.4.7
-corrections
-
-v1.4.6
-Parition, DxghCurrentDxgProcessObject objects description added
+v1.5.0
+added Partition, DxghCurrentDxgProcessObject objects description
 added mailslots viewer dialog
-some code revision and bugfixes
-
-v1.4.5 hotfix
-fixed wine behavior along with some bugs
-
-v1.4.5
-added file properties for drivers (menu -> extras -> Drivers) 
-added FltConnectionPort object dump 
-switched to hde instead of ldasm 
-rtls updated, switched to VS2015 U3 
-note: Windows 10 RS1 (14393 release) supported as well as TH1(10240)/TH2(10586) 
+added file properties for drivers (menu -> extras -> Drivers)
+added FltConnectionPort object dump
+switched to hde instead of ldasm
+fixed Wine behavior along with some bugs
+rtls updated, switched to VS2015 U3
+note: Windows 10 RS2 (15063), RS1 (14393) supported as well as TH1(10240)/TH2(10586), RS3 supported (16288+ build)
 
 v 1.4.0
 drivers list and dump (menu -> extras)

Source/TypesWithNoDesc.txt

@@ -1,7 +1,7 @@
 DmaAdapter
 DmaDomain
 IoCompletionReserve - same as IoCompletion except using reserve process allocated memory
-RawInputManager - DirectX Kernel Subsystem object, Window Manager for phones
+RawInputManager - DirectX Kernel Subsystem object
 UserApcReserve - same as NtQueueApc except using reserve process allocated memory
 WaitCompletionPacket
 Silo (r3 interface removed in 10240 release, object removed in TH2 builds)

Source/WinObjEx64.sln

@@ -10,6 +10,7 @@ Global
 		Debug|x64 = Debug|x64
 		Release|x64 = Release|x64
 		ReleaseSigned|x64 = ReleaseSigned|x64
+		ReleaseSignedWithDriver|x64 = ReleaseSignedWithDriver|x64
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.Debug|x64.ActiveCfg = Debug|x64
@@ -18,6 +19,8 @@ Global
 		{A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.Release|x64.Build.0 = Release|x64
 		{A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.ReleaseSigned|x64.ActiveCfg = ReleaseSigned|x64
 		{A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.ReleaseSigned|x64.Build.0 = ReleaseSigned|x64
+		{A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.ReleaseSignedWithDriver|x64.ActiveCfg = ReleaseSignedWithDriver|x64
+		{A68B0947-9415-4ACA-BC0A-8558A4F4FBE3}.ReleaseSignedWithDriver|x64.Build.0 = ReleaseSignedWithDriver|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

Source/WinObjEx64/WinObjEx64.vcxproj

@@ -1,6 +1,10 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="ReleaseSignedWithDriver|x64">
+      <Configuration>ReleaseSignedWithDriver</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="ReleaseSigned|x64">
       <Configuration>ReleaseSigned</Configuration>
       <Platform>x64</Platform>
@@ -41,6 +45,13 @@
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseSignedWithDriver|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v140</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -55,6 +66,9 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseSigned|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseSignedWithDriver|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
@@ -73,6 +87,12 @@
     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
     <PostBuildEventUseInBuild>true</PostBuildEventUseInBuild>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseSignedWithDriver|x64'">
+    <OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
+    <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
+    <PostBuildEventUseInBuild>true</PostBuildEventUseInBuild>
+  </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <PrecompiledHeader>
@@ -201,9 +221,62 @@
       </Command>
     </CustomBuildStep>
     <PostBuildEvent>
-      <Command>\Certs\SignWinObjEx64.cmd .\output\$(Platform)\$(Configuration)\WinObjEx64.exe</Command>
+      <Command>$(ProjectDir)..\signing\signapp.cmd .\output\$(Platform)\$(Configuration)\$(ProjectName).exe</Command>
     </PostBuildEvent>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseSignedWithDriver|x64'">
+    <ClCompile>
+      <WarningLevel>Level4</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>Full</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>NDEBUG;_WINDOWS;_USE_OWN_DRIVER;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <MultiProcessorCompilation>true</MultiProcessorCompilation>
+      <FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
+      <StringPooling>true</StringPooling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <ControlFlowGuard>Guard</ControlFlowGuard>
+      <ExpandAttributedSource>true</ExpandAttributedSource>
+      <AssemblerOutput>All</AssemblerOutput>
+      <CompileAs>CompileAsC</CompileAs>
+      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)\treelist;$(ProjectDir)\props;$(ProjectDir)\extras;$(ProjectDir)\ntos</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>No</GenerateDebugInformation>
+      <Version>6.0</Version>
+      <SuppressStartupBanner>false</SuppressStartupBanner>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapExports>true</MapExports>
+      <EntryPointSymbol>main</EntryPointSymbol>
+      <SetChecksum>true</SetChecksum>
+      <AdditionalOptions>/INTEGRITYCHECK %(AdditionalOptions)</AdditionalOptions>
+    </Link>
+    <Manifest>
+      <SuppressStartupBanner>false</SuppressStartupBanner>
+      <AdditionalManifestFiles>rsrc\obex.manifest</AdditionalManifestFiles>
+      <EnableDpiAwareness>true</EnableDpiAwareness>
+    </Manifest>
+    <Bscmake>
+      <SuppressStartupBanner>false</SuppressStartupBanner>
+    </Bscmake>
+    <CustomBuildStep>
+      <Command>
+      </Command>
+    </CustomBuildStep>
+    <PostBuildEvent>
+      <Command>$(ProjectDir)..\signing\signapp.cmd .\output\$(Platform)\$(Configuration)\$(ProjectName).exe</Command>
+    </PostBuildEvent>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_UseOwnDriver;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ShowProgress>true</ShowProgress>
+    </ResourceCompile>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="aboutDlg.c" />
     <ClCompile Include="excepth.c" />
@@ -360,9 +433,6 @@
     <Image Include="rsrc\mailslot.ico" />
     <Image Include="rsrc\pipe.ico" />
   </ItemGroup>
-  <ItemGroup>
-    <None Include="rsrc\kldbgdrv.sys" />
-  </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>

Source/WinObjEx64/WinObjEx64.vcxproj.filters

@@ -493,9 +493,4 @@
       <Filter>Resource Files</Filter>
     </Image>
   </ItemGroup>
-  <ItemGroup>
-    <None Include="rsrc\kldbgdrv.sys">
-      <Filter>Resource Files</Filter>
-    </None>
-  </ItemGroup>
 </Project>

Source/WinObjEx64/aboutDlg.c

@@ -4,9 +4,9 @@
 *
 *  TITLE:       ABOUTDLG.C
 *
-*  VERSION:     1.45
+*  VERSION:     1.50
 *
-*  DATE:        11 Jan 2017
+*  DATE:        10 Apr 2017
 *
 * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
 * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED

Source/WinObjEx64/driver.rc

@@ -0,0 +1,8 @@
+#include "resource.h"
+#include "winres.h"
+LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
+#ifndef _UseOwnDriver
+IDR_KDBGDRV SYS "..\\drvstore\\kldbgdrv.sys"
+#else
+IDR_KDBGDRV SYS "..\\drvstore\\wodbgdrv.sys"
+#endif

Source/WinObjEx64/extras/extrasDrivers.c

@@ -4,9 +4,9 @@
 *
 *  TITLE:       EXTRASDRIVERS.C
 *
-*  VERSION:     1.46
+*  VERSION:     1.50
 *
-*  DATE:        04 Mar 2017
+*  DATE:        10 Aug 2017
 *
 * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
 * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -244,9 +244,23 @@ INT CALLBACK DrvDlgCompareFunc(
     INT       nResult = 0;
     ULONG     id1, id2;
     ULONG_PTR ad1, ad2;
+    SIZE_T    ItemLength1 = 0, ItemLength2 = 0;
 
-    lpItem1 = supGetItemText(DlgContext.ListView, (INT)lParam1, (INT)lParamSort, NULL);
-    lpItem2 = supGetItemText(DlgContext.ListView, (INT)lParam2, (INT)lParamSort, NULL);
+    lpItem1 = supGetItemText(
+        DlgContext.ListView, 
+        (INT)lParam1, 
+        (INT)lParamSort, 
+        &ItemLength1);
+
+    ItemLength1 /= sizeof(WCHAR);
+
+    lpItem2 = supGetItemText(
+        DlgContext.ListView, 
+        (INT)lParam2, 
+        (INT)lParamSort, 
+        &ItemLength2);
+
+    ItemLength2 /= sizeof(WCHAR);
 
     if ((lpItem1 == NULL) && (lpItem2 == NULL)) {
         nResult = 0;
@@ -260,13 +274,12 @@ INT CALLBACK DrvDlgCompareFunc(
     if ((lpItem2 == NULL) && (lpItem1 != NULL)) {
         nResult = (DlgContext.bInverseSort) ? -1 : 1;
         goto Done;
-    }
+    }  
 
     switch (lParamSort) {
 
-        //sort Load Order, Size
-    case 0:
-    case 3:
+    case 0: //sort Load Order
+    case 3: //sort Size
         id1 = strtoul(lpItem1);
         id2 = strtoul(lpItem2);
 
@@ -276,23 +289,27 @@ INT CALLBACK DrvDlgCompareFunc(
             nResult = id1 > id2;
 
         break;
+
+    case 2:  //sort Address
 
-        //sort Address
-    case 2:
+        if ((ItemLength1 > 1) && (ItemLength2 > 1)) {
 
-        ad1 = hextou64(&lpItem1[2]);
-        ad2 = hextou64(&lpItem2[2]);
+            ad1 = hextou64(&lpItem1[2]);
+            ad2 = hextou64(&lpItem2[2]);
 
-        if (DlgContext.bInverseSort)
-            nResult = ad1 < ad2;
+            if (DlgContext.bInverseSort)
+                nResult = ad1 < ad2;
+            else
+                nResult = ad1 > ad2;
+
+        }
         else
-            nResult = ad1 > ad2;
+            nResult = 0;
 
         break;
 
-        //sort Name, Module
-    case 1:
-    case 4:
+    case 1:  //sort Name
+    case 4:  //sort Module
     default:
         if (DlgContext.bInverseSort)
             nResult = _strcmpi(lpItem2, lpItem1);