[
  {
    "path": ".gitattributes",
    "content": "###############################################################################\n# Set default behavior to automatically normalize line endings.\n###############################################################################\n* text=auto\n\n###############################################################################\n# Set default behavior for command prompt diff.\n#\n# This is need for earlier builds of msysgit that does not have it on by\n# default for csharp files.\n# Note: This is only used by command line\n###############################################################################\n#*.cs     diff=csharp\n\n###############################################################################\n# Set the merge driver for project and solution files\n#\n# Merging from the command prompt will add diff markers to the files if there\n# are conflicts (Merging from VS is not affected by the settings below, in VS\n# the diff markers are never inserted). Diff markers may cause the following \n# file extensions to fail to load in VS. An alternative would be to treat\n# these files as binary and thus will always conflict and require user\n# intervention with every merge. To do so, just uncomment the entries below\n###############################################################################\n#*.sln       merge=binary\n#*.csproj    merge=binary\n#*.vbproj    merge=binary\n#*.vcxproj   merge=binary\n#*.vcproj    merge=binary\n#*.dbproj    merge=binary\n#*.fsproj    merge=binary\n#*.lsproj    merge=binary\n#*.wixproj   merge=binary\n#*.modelproj merge=binary\n#*.sqlproj   merge=binary\n#*.wwaproj   merge=binary\n\n###############################################################################\n# behavior for image files\n#\n# image files are treated as binary by default.\n###############################################################################\n#*.jpg   binary\n#*.png   binary\n#*.gif   binary\n\n###############################################################################\n# diff behavior for common document formats\n# \n# Convert binary document formats to text before diffing them. This feature\n# is only available from the command line. Turn it on by uncommenting the \n# entries below.\n###############################################################################\n#*.doc   diff=astextplain\n#*.DOC   diff=astextplain\n#*.docx  diff=astextplain\n#*.DOCX  diff=astextplain\n#*.dot   diff=astextplain\n#*.DOT   diff=astextplain\n#*.pdf   diff=astextplain\n#*.PDF   diff=astextplain\n#*.rtf   diff=astextplain\n#*.RTF   diff=astextplain\n"
  },
  {
    "path": ".gitignore",
    "content": "## Ignore Visual Studio temporary files, build results, and\n## files generated by popular Visual Studio add-ons.\n##\n## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore\n\n# User-specific files\n*.rsuser\n*.suo\n*.user\n*.userosscache\n*.sln.docstates\n\n# User-specific files (MonoDevelop/Xamarin Studio)\n*.userprefs\n\n# Mono auto generated files\nmono_crash.*\n\n# Build results\n[Dd]ebug/\n[Dd]ebugPublic/\n[Rr]elease/\n[Rr]eleases/\nx64/\nx86/\n[Ww][Ii][Nn]32/\n[Aa][Rr][Mm]/\n[Aa][Rr][Mm]64/\nbld/\n[Bb]in/\n[Oo]bj/\n[Oo]ut/\n[Ll]og/\n[Ll]ogs/\n\n# Visual Studio 2015/2017 cache/options directory\n.vs/\n# Uncomment if you have tasks that create the project's static files in wwwroot\n#wwwroot/\n\n# Visual Studio 2017 auto generated files\nGenerated\\ Files/\n\n# MSTest test Results\n[Tt]est[Rr]esult*/\n[Bb]uild[Ll]og.*\n\n# NUnit\n*.VisualState.xml\nTestResult.xml\nnunit-*.xml\n\n# Build Results of an ATL Project\n[Dd]ebugPS/\n[Rr]eleasePS/\ndlldata.c\n\n# Benchmark Results\nBenchmarkDotNet.Artifacts/\n\n# .NET Core\nproject.lock.json\nproject.fragment.lock.json\nartifacts/\n\n# ASP.NET Scaffolding\nScaffoldingReadMe.txt\n\n# StyleCop\nStyleCopReport.xml\n\n# Files built by Visual Studio\n*_i.c\n*_p.c\n*_h.h\n*.ilk\n*.meta\n*.obj\n*.iobj\n*.pch\n*.pdb\n*.ipdb\n*.pgc\n*.pgd\n*.rsp\n*.sbr\n*.tlb\n*.tli\n*.tlh\n*.tmp\n*.tmp_proj\n*_wpftmp.csproj\n*.log\n*.vspscc\n*.vssscc\n.builds\n*.pidb\n*.svclog\n*.scc\n\n# Chutzpah Test files\n_Chutzpah*\n\n# Visual C++ cache files\nipch/\n*.aps\n*.ncb\n*.opendb\n*.opensdf\n*.sdf\n*.cachefile\n*.VC.db\n*.VC.VC.opendb\n\n# Visual Studio profiler\n*.psess\n*.vsp\n*.vspx\n*.sap\n\n# Visual Studio Trace Files\n*.e2e\n\n# TFS 2012 Local Workspace\n$tf/\n\n# Guidance Automation Toolkit\n*.gpState\n\n# ReSharper is a .NET coding add-in\n_ReSharper*/\n*.[Rr]e[Ss]harper\n*.DotSettings.user\n\n# TeamCity is a build add-in\n_TeamCity*\n\n# DotCover is a Code Coverage Tool\n*.dotCover\n\n# AxoCover is a Code Coverage Tool\n.axoCover/*\n!.axoCover/settings.json\n\n# Coverlet is a free, cross platform Code Coverage Tool\ncoverage*.json\ncoverage*.xml\ncoverage*.info\n\n# Visual Studio code coverage results\n*.coverage\n*.coveragexml\n\n# NCrunch\n_NCrunch_*\n.*crunch*.local.xml\nnCrunchTemp_*\n\n# MightyMoose\n*.mm.*\nAutoTest.Net/\n\n# Web workbench (sass)\n.sass-cache/\n\n# Installshield output folder\n[Ee]xpress/\n\n# DocProject is a documentation generator add-in\nDocProject/buildhelp/\nDocProject/Help/*.HxT\nDocProject/Help/*.HxC\nDocProject/Help/*.hhc\nDocProject/Help/*.hhk\nDocProject/Help/*.hhp\nDocProject/Help/Html2\nDocProject/Help/html\n\n# Click-Once directory\npublish/\n\n# Publish Web Output\n*.[Pp]ublish.xml\n*.azurePubxml\n# Note: Comment the next line if you want to checkin your web deploy settings,\n# but database connection strings (with potential passwords) will be unencrypted\n*.pubxml\n*.publishproj\n\n# Microsoft Azure Web App publish settings. Comment the next line if you want to\n# checkin your Azure Web App publish settings, but sensitive information contained\n# in these scripts will be unencrypted\nPublishScripts/\n\n# NuGet Packages\n*.nupkg\n# NuGet Symbol Packages\n*.snupkg\n# The packages folder can be ignored because of Package Restore\n**/[Pp]ackages/*\n# except build/, which is used as an MSBuild target.\n!**/[Pp]ackages/build/\n# Uncomment if necessary however generally it will be regenerated when needed\n#!**/[Pp]ackages/repositories.config\n# NuGet v3's project.json files produces more ignorable files\n*.nuget.props\n*.nuget.targets\n\n# Microsoft Azure Build Output\ncsx/\n*.build.csdef\n\n# Microsoft Azure Emulator\necf/\nrcf/\n\n# Windows Store app package directories and files\nAppPackages/\nBundleArtifacts/\nPackage.StoreAssociation.xml\n_pkginfo.txt\n*.appx\n*.appxbundle\n*.appxupload\n\n# Visual Studio cache files\n# files ending in .cache can be ignored\n*.[Cc]ache\n# but keep track of directories ending in .cache\n!?*.[Cc]ache/\n\n# Others\nClientBin/\n~$*\n*~\n*.dbmdl\n*.dbproj.schemaview\n*.jfm\n*.pfx\n*.publishsettings\norleans.codegen.cs\n\n# Including strong name files can present a security risk\n# (https://github.com/github/gitignore/pull/2483#issue-259490424)\n#*.snk\n\n# Since there are multiple workflows, uncomment next line to ignore bower_components\n# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)\n#bower_components/\n\n# RIA/Silverlight projects\nGenerated_Code/\n\n# Backup & report files from converting an old project file\n# to a newer Visual Studio version. Backup files are not needed,\n# because we have git ;-)\n_UpgradeReport_Files/\nBackup*/\nUpgradeLog*.XML\nUpgradeLog*.htm\nServiceFabricBackup/\n*.rptproj.bak\n\n# SQL Server files\n*.mdf\n*.ldf\n*.ndf\n\n# Business Intelligence projects\n*.rdl.data\n*.bim.layout\n*.bim_*.settings\n*.rptproj.rsuser\n*- [Bb]ackup.rdl\n*- [Bb]ackup ([0-9]).rdl\n*- [Bb]ackup ([0-9][0-9]).rdl\n\n# Microsoft Fakes\nFakesAssemblies/\n\n# GhostDoc plugin setting file\n*.GhostDoc.xml\n\n# Node.js Tools for Visual Studio\n.ntvs_analysis.dat\nnode_modules/\n\n# Visual Studio 6 build log\n*.plg\n\n# Visual Studio 6 workspace options file\n*.opt\n\n# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)\n*.vbw\n\n# Visual Studio LightSwitch build output\n**/*.HTMLClient/GeneratedArtifacts\n**/*.DesktopClient/GeneratedArtifacts\n**/*.DesktopClient/ModelManifest.xml\n**/*.Server/GeneratedArtifacts\n**/*.Server/ModelManifest.xml\n_Pvt_Extensions\n\n# Paket dependency manager\n.paket/paket.exe\npaket-files/\n\n# FAKE - F# Make\n.fake/\n\n# CodeRush personal settings\n.cr/personal\n\n# Python Tools for Visual Studio (PTVS)\n__pycache__/\n*.pyc\n\n# Cake - Uncomment if you are using it\n# tools/**\n# !tools/packages.config\n\n# Tabs Studio\n*.tss\n\n# Telerik's JustMock configuration file\n*.jmconfig\n\n# BizTalk build output\n*.btp.cs\n*.btm.cs\n*.odx.cs\n*.xsd.cs\n\n# OpenCover UI analysis results\nOpenCover/\n\n# Azure Stream Analytics local run output\nASALocalRun/\n\n# MSBuild Binary and Structured Log\n*.binlog\n\n# NVidia Nsight GPU debugger configuration file\n*.nvuser\n\n# MFractors (Xamarin productivity tool) working folder\n.mfractor/\n\n# Local History for Visual Studio\n.localhistory/\n\n# BeatPulse healthcheck temp database\nhealthchecksdb\n\n# Backup folder for Package Reference Convert tool in Visual Studio 2017\nMigrationBackup/\n\n# Ionide (cross platform F# VS Code tools) working folder\n.ionide/\n\n# Fody - auto-generated XML schema\nFodyWeavers.xsd"
  },
  {
    "path": "LICENSE",
    "content": "MIT License\n\nCopyright (c) 2023 zer0condition\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
  },
  {
    "path": "README.md",
    "content": "<h1>ZeroThreadKernel</h1>\n<p>ZeroThreadKernel allows you to execute arbitrary code recursively at kernel-level without a system thread creation.</p>\n<h2>How It Works</h2>\n<p>It works by hooking a non-KPP protected function exported by the DirectX graphics kernel subsystem (dxgkrnl). The function is called in our user-mode program using the export from win32u.dll, which serves as a thread for recursive code execution.</p>\n<h2>Detection</h2>\n<p>One way to detect is by integrity checking the .text section of the specified module. Writing our shellcode in the function modifies the original hash of the module. <br> \n\nPossible circumvention: Hide the hooked driver from the LDR/LoadedModuleList?</p>\n<h2>Contributing</h2>\n<p>Contributions are always welcome!</p>\n<h2>Demo</h2>\n\n![Demo](demo.gif)\n\n---\n\n## Disclaimer\n\nFor educational and authorized security research only. Don't use on systems you don't own or have explicit permission to test. I'm not responsible for misuse. Use at your own risk.\n"
  },
  {
    "path": "ZeroThreadCaller/ZeroThreadCaller.cpp",
    "content": "#include <Windows.h>\n#include <iostream>\n\n/* Keep this running, it serves as a \"system thread\" for the loop in the hook */\n#define STARTZEROTHREAD 0x1337\n\ntypedef __int64(*NtCreateCompositionSurfaceHandle_t)(__int64 a1, unsigned int a2, unsigned __int64 a3);\nNtCreateCompositionSurfaceHandle_t oNtCreateCompositionSurfaceHandle;\n\nint main()\n{\n    HMODULE hModule = LoadLibraryA(\"win32u.dll\");\n\n    if (hModule) {\n        oNtCreateCompositionSurfaceHandle = (NtCreateCompositionSurfaceHandle_t)GetProcAddress(hModule, \"NtCreateCompositionSurfaceHandle\");\n        printf(\"NtCreateCompositionSurfaceHandle: %p\\n\", oNtCreateCompositionSurfaceHandle);\n\n        oNtCreateCompositionSurfaceHandle((int)STARTZEROTHREAD, NULL, NULL);\n\n        getchar();\n    }\n    return 0;\n}"
  },
  {
    "path": "ZeroThreadCaller/ZeroThreadCaller.vcxproj",
    "content": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project DefaultTargets=\"Build\" xmlns=\"http://schemas.microsoft.com/developer/msbuild/2003\">\n  <ItemGroup Label=\"ProjectConfigurations\">\n    <ProjectConfiguration Include=\"Debug|Win32\">\n      <Configuration>Debug</Configuration>\n      <Platform>Win32</Platform>\n    </ProjectConfiguration>\n    <ProjectConfiguration Include=\"Release|Win32\">\n      <Configuration>Release</Configuration>\n      <Platform>Win32</Platform>\n    </ProjectConfiguration>\n    <ProjectConfiguration Include=\"Debug|x64\">\n      <Configuration>Debug</Configuration>\n      <Platform>x64</Platform>\n    </ProjectConfiguration>\n    <ProjectConfiguration Include=\"Release|x64\">\n      <Configuration>Release</Configuration>\n      <Platform>x64</Platform>\n    </ProjectConfiguration>\n  </ItemGroup>\n  <PropertyGroup Label=\"Globals\">\n    <VCProjectVersion>16.0</VCProjectVersion>\n    <Keyword>Win32Proj</Keyword>\n    <ProjectGuid>{b1a4c64e-4ffd-485a-ad7a-90672c9aaa9a}</ProjectGuid>\n    <RootNamespace>ZeroThreadCaller</RootNamespace>\n    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>\n  </PropertyGroup>\n  <Import Project=\"$(VCTargetsPath)\\Microsoft.Cpp.Default.props\" />\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|Win32'\" Label=\"Configuration\">\n    <ConfigurationType>Application</ConfigurationType>\n    <UseDebugLibraries>true</UseDebugLibraries>\n    <PlatformToolset>v142</PlatformToolset>\n    <CharacterSet>Unicode</CharacterSet>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|Win32'\" Label=\"Configuration\">\n    <ConfigurationType>Application</ConfigurationType>\n    <UseDebugLibraries>false</UseDebugLibraries>\n    <PlatformToolset>v142</PlatformToolset>\n    <WholeProgramOptimization>true</WholeProgramOptimization>\n    <CharacterSet>Unicode</CharacterSet>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|x64'\" Label=\"Configuration\">\n    <ConfigurationType>Application</ConfigurationType>\n    <UseDebugLibraries>true</UseDebugLibraries>\n    <PlatformToolset>v142</PlatformToolset>\n    <CharacterSet>Unicode</CharacterSet>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|x64'\" Label=\"Configuration\">\n    <ConfigurationType>Application</ConfigurationType>\n    <UseDebugLibraries>false</UseDebugLibraries>\n    <PlatformToolset>v142</PlatformToolset>\n    <WholeProgramOptimization>true</WholeProgramOptimization>\n    <CharacterSet>Unicode</CharacterSet>\n  </PropertyGroup>\n  <Import Project=\"$(VCTargetsPath)\\Microsoft.Cpp.props\" />\n  <ImportGroup Label=\"ExtensionSettings\">\n  </ImportGroup>\n  <ImportGroup Label=\"Shared\">\n  </ImportGroup>\n  <ImportGroup Label=\"PropertySheets\" Condition=\"'$(Configuration)|$(Platform)'=='Debug|Win32'\">\n    <Import Project=\"$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props\" Condition=\"exists('$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props')\" Label=\"LocalAppDataPlatform\" />\n  </ImportGroup>\n  <ImportGroup Label=\"PropertySheets\" Condition=\"'$(Configuration)|$(Platform)'=='Release|Win32'\">\n    <Import Project=\"$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props\" Condition=\"exists('$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props')\" Label=\"LocalAppDataPlatform\" />\n  </ImportGroup>\n  <ImportGroup Label=\"PropertySheets\" Condition=\"'$(Configuration)|$(Platform)'=='Debug|x64'\">\n    <Import Project=\"$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props\" Condition=\"exists('$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props')\" Label=\"LocalAppDataPlatform\" />\n  </ImportGroup>\n  <ImportGroup Label=\"PropertySheets\" Condition=\"'$(Configuration)|$(Platform)'=='Release|x64'\">\n    <Import Project=\"$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props\" Condition=\"exists('$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props')\" Label=\"LocalAppDataPlatform\" />\n  </ImportGroup>\n  <PropertyGroup Label=\"UserMacros\" />\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|Win32'\">\n    <LinkIncremental>true</LinkIncremental>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|Win32'\">\n    <LinkIncremental>false</LinkIncremental>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|x64'\">\n    <LinkIncremental>true</LinkIncremental>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|x64'\">\n    <LinkIncremental>false</LinkIncremental>\n    <OutDir>$(SolutionDir)$(Platform)</OutDir>\n  </PropertyGroup>\n  <ItemDefinitionGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|Win32'\">\n    <ClCompile>\n      <WarningLevel>Level3</WarningLevel>\n      <SDLCheck>true</SDLCheck>\n      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>\n      <ConformanceMode>true</ConformanceMode>\n    </ClCompile>\n    <Link>\n      <SubSystem>Console</SubSystem>\n      <GenerateDebugInformation>true</GenerateDebugInformation>\n    </Link>\n  </ItemDefinitionGroup>\n  <ItemDefinitionGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|Win32'\">\n    <ClCompile>\n      <WarningLevel>Level3</WarningLevel>\n      <FunctionLevelLinking>true</FunctionLevelLinking>\n      <IntrinsicFunctions>true</IntrinsicFunctions>\n      <SDLCheck>true</SDLCheck>\n      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>\n      <ConformanceMode>true</ConformanceMode>\n    </ClCompile>\n    <Link>\n      <SubSystem>Console</SubSystem>\n      <EnableCOMDATFolding>true</EnableCOMDATFolding>\n      <OptimizeReferences>true</OptimizeReferences>\n      <GenerateDebugInformation>true</GenerateDebugInformation>\n    </Link>\n  </ItemDefinitionGroup>\n  <ItemDefinitionGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|x64'\">\n    <ClCompile>\n      <WarningLevel>Level3</WarningLevel>\n      <SDLCheck>true</SDLCheck>\n      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>\n      <ConformanceMode>true</ConformanceMode>\n    </ClCompile>\n    <Link>\n      <SubSystem>Console</SubSystem>\n      <GenerateDebugInformation>true</GenerateDebugInformation>\n    </Link>\n  </ItemDefinitionGroup>\n  <ItemDefinitionGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|x64'\">\n    <ClCompile>\n      <WarningLevel>Level3</WarningLevel>\n      <FunctionLevelLinking>true</FunctionLevelLinking>\n      <IntrinsicFunctions>true</IntrinsicFunctions>\n      <SDLCheck>true</SDLCheck>\n      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>\n      <ConformanceMode>true</ConformanceMode>\n    </ClCompile>\n    <Link>\n      <SubSystem>Console</SubSystem>\n      <EnableCOMDATFolding>true</EnableCOMDATFolding>\n      <OptimizeReferences>true</OptimizeReferences>\n      <GenerateDebugInformation>true</GenerateDebugInformation>\n      <UACExecutionLevel>HighestAvailable</UACExecutionLevel>\n    </Link>\n  </ItemDefinitionGroup>\n  <ItemGroup>\n    <ClCompile Include=\"ZeroThreadCaller.cpp\" />\n  </ItemGroup>\n  <Import Project=\"$(VCTargetsPath)\\Microsoft.Cpp.targets\" />\n  <ImportGroup Label=\"ExtensionTargets\">\n  </ImportGroup>\n</Project>"
  },
  {
    "path": "ZeroThreadCaller/ZeroThreadCaller.vcxproj.filters",
    "content": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbuild/2003\">\n  <ItemGroup>\n    <Filter Include=\"Source Files\">\n      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>\n      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>\n    </Filter>\n  </ItemGroup>\n  <ItemGroup>\n    <ClCompile Include=\"ZeroThreadCaller.cpp\">\n      <Filter>Source Files</Filter>\n    </ClCompile>\n  </ItemGroup>\n</Project>"
  },
  {
    "path": "ZeroThreadKernel/Includes.h",
    "content": "#pragma once\n#include <ntifs.h>\n#include <stdarg.h>\n#include <windef.h>\n\nextern \"C\" NTKERNELAPI PVOID NTAPI RtlFindExportedRoutineByName(PVOID ImageBase, PCCH RoutineName);\nextern \"C\" NTKERNELAPI NTSTATUS ZwQuerySystemInformation(ULONG InfoClass, PVOID Buffer, ULONG Length, PULONG ReturnLength);\n\n#include \"ZeroUtils/ZeroUtils.h\"\n#include \"ZeroHook/ZeroHook.h\""
  },
  {
    "path": "ZeroThreadKernel/ZeroHook/ZeroHook.cpp",
    "content": "#include \"ZeroHook.h\"\n\nBYTE JMPShell[] = {\n    /*\n    * jmp RIP        ; JMP to RIP\n    * dq 0           ; ABS Address\n    * dq 0           ; ABS Address\n    */\n\n    0xFF, 0x25, 0x00, 0x00, 0x00, 0x00,\n    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00\n};\n\nSIZE_T ZeroHook::GetHookSize(PVOID Function)\n{\n    SIZE_T Length = sizeof(JMPShell);\n    while (true) {\n        if (*(BYTE*)((PBYTE)Function + Length) == 0x45) break; // 0x45 (MOV)\n        if (*(BYTE*)((PBYTE)Function + Length) == 0x48) break; // 0x48 (MOV)\n        if (*(BYTE*)((PBYTE)Function + Length) == 0xC3) break; // 0xC3 (RET)\n        Length++;\n    };\n    return Length;\n}\n\nPVOID ZeroHook::HookFunction(PVOID OriginalFunction, PVOID HookFunction, SIZE_T* HookLength)\n{\n    if (!OriginalFunction) {\n        Print(\"[HookFunction] Failed to get function\");\n        return NULL;\n    }\n\n    *HookLength = GetHookSize(OriginalFunction);\n\n    PVOID Trampoline = ExAllocatePool(NonPagedPoolExecute, *HookLength + sizeof(JMPShell));\n    if (!Trampoline) {\n        Print(\"[HookFunction] Failed to allocate trampoline\");\n        return NULL;\n    }\n\n    if (!NT_SUCCESS(ZeroUtils::MdlRtlCopyMemory(Trampoline, OriginalFunction, *HookLength))) {\n        Print(\"[HookFunction] Failed to copy function to trampoline\");\n        ExFreePoolWithTag(Trampoline, 0);\n        return NULL;\n    }\n\n    *(PBYTE*)&JMPShell[6] = (PBYTE)OriginalFunction + *HookLength;\n    if (!NT_SUCCESS(ZeroUtils::MdlRtlCopyMemory((PBYTE)Trampoline + *HookLength, &JMPShell[0], sizeof(JMPShell)))) {\n        Print(\"[HookFunction] Failed to write JMPShell on trampoline\");\n        ExFreePoolWithTag(Trampoline, 0);\n        return NULL;\n    }\n\n    *(PBYTE*)&JMPShell[6] = (PBYTE)HookFunction;\n    if (!NT_SUCCESS(ZeroUtils::MdlRtlCopyMemory(OriginalFunction, &JMPShell[0], sizeof(JMPShell)))) {\n        Print(\"[HookFunction] Failed to write JMPShell\");\n        ExFreePoolWithTag(Trampoline, 0);\n        return NULL;\n    }\n\n    if (sizeof(JMPShell) > *HookLength) { /* NOP the remaining bytes */\n        if (!NT_SUCCESS(ZeroUtils::MdlRtlFillMemory((PBYTE)OriginalFunction + sizeof(JMPShell), 0x90 /* (NOP) */, *HookLength - sizeof(JMPShell)))) {\n            Print(\"[HookFunction] Failed to NOP the remaining bytes\");\n        }\n    }\n\n    Print(\"[HookFunction] Function Hooked\");\n\n    return Trampoline;\n}\n\nNTSTATUS ZeroHook::UnhookFunction(PVOID Trampoline, PVOID OriginalFunction, SIZE_T HookLength)\n{\n    if (!NT_SUCCESS(ZeroUtils::MdlRtlCopyMemory(OriginalFunction, Trampoline, HookLength))) {\n        Print(\"[UnhookFunction] Failed to restore original bytes\");\n        return STATUS_UNSUCCESSFUL;\n    }\n\n    ExFreePoolWithTag(Trampoline, 0);\n\n    Print(\"[UnhookFunction] Function Unhooked\");\n}"
  },
  {
    "path": "ZeroThreadKernel/ZeroHook/ZeroHook.h",
    "content": "#include \"../ZeroUtils/ZeroUtils.h\"\n\nnamespace ZeroHook\n{\n    SIZE_T GetHookSize(PVOID Function);\n    PVOID HookFunction(PVOID OriginalFunction, PVOID HookFunction, SIZE_T* HookLength);\n    NTSTATUS UnhookFunction(PVOID Trampoline, PVOID OriginalFunction, SIZE_T HookLength);\n}"
  },
  {
    "path": "ZeroThreadKernel/ZeroThreadKernel.cpp",
    "content": "#include \"Includes.h\"\n\n#define STARTZEROTHREAD 0x1337\n\ntypedef __int64(*NtCreateCompositionSurfaceHandle_t)(__int64 a1, unsigned int a2, unsigned __int64 a3);\nNtCreateCompositionSurfaceHandle_t oNtCreateCompositionSurfaceHandle;\nNtCreateCompositionSurfaceHandle_t TrampolineNtCreateCompositionSurfaceHandle;\nSIZE_T oNtCreateCompositionSurfaceHandleBytes;\n\nint Times = 0;\n\n__int64 __fastcall hkNtCreateCompositionSurfaceHandle(__int64 a1, unsigned int a2, unsigned __int64 a3)\n{\n\tPrint(\"[ZeroThreadKernel] hkNtCreateCompositionSurfaceHandle!\");\n\n\tif ((int)a1 == (int)STARTZEROTHREAD) /* Sanity check. */\n\t{\n\t\twhile (true) {\n\t\t\tPrint(\"[ZeroThreadKernel] %i\", Times);\n\t\t\tTimes++;\n\n\t\t}\n\t}\n\n\treturn TrampolineNtCreateCompositionSurfaceHandle(a1, a2, a3);\n}\n\nVOID DriverUnload(PDRIVER_OBJECT DriverObject)\n{\n\tZeroHook::UnhookFunction((PVOID)TrampolineNtCreateCompositionSurfaceHandle, (PVOID)oNtCreateCompositionSurfaceHandle, oNtCreateCompositionSurfaceHandleBytes);\n}\n\nNTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING DriverName) \n{\n\tDriverObject->DriverUnload = DriverUnload;\n\n\t/* Store the original  */\n\toNtCreateCompositionSurfaceHandle = (NtCreateCompositionSurfaceHandle_t)ZeroUtils::GetKernelModuleExport(\"dxgkrnl.sys\", \"NtCreateCompositionSurfaceHandle\");\n\tPrint(\"NtCreateCompositionSurfaceHandle: %p\", oNtCreateCompositionSurfaceHandle);\n\n\tTrampolineNtCreateCompositionSurfaceHandle = (NtCreateCompositionSurfaceHandle_t)ZeroHook::HookFunction((PVOID)oNtCreateCompositionSurfaceHandle, (PVOID)hkNtCreateCompositionSurfaceHandle, &oNtCreateCompositionSurfaceHandleBytes);\n\n\treturn STATUS_SUCCESS;\n}"
  },
  {
    "path": "ZeroThreadKernel/ZeroThreadKernel.vcxproj",
    "content": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project DefaultTargets=\"Build\" ToolsVersion=\"12.0\" xmlns=\"http://schemas.microsoft.com/developer/msbuild/2003\">\n  <ItemGroup Label=\"ProjectConfigurations\">\n    <ProjectConfiguration Include=\"Debug|Win32\">\n      <Configuration>Debug</Configuration>\n      <Platform>Win32</Platform>\n    </ProjectConfiguration>\n    <ProjectConfiguration Include=\"Release|Win32\">\n      <Configuration>Release</Configuration>\n      <Platform>Win32</Platform>\n    </ProjectConfiguration>\n    <ProjectConfiguration Include=\"Debug|x64\">\n      <Configuration>Debug</Configuration>\n      <Platform>x64</Platform>\n    </ProjectConfiguration>\n    <ProjectConfiguration Include=\"Release|x64\">\n      <Configuration>Release</Configuration>\n      <Platform>x64</Platform>\n    </ProjectConfiguration>\n    <ProjectConfiguration Include=\"Debug|ARM\">\n      <Configuration>Debug</Configuration>\n      <Platform>ARM</Platform>\n    </ProjectConfiguration>\n    <ProjectConfiguration Include=\"Release|ARM\">\n      <Configuration>Release</Configuration>\n      <Platform>ARM</Platform>\n    </ProjectConfiguration>\n    <ProjectConfiguration Include=\"Debug|ARM64\">\n      <Configuration>Debug</Configuration>\n      <Platform>ARM64</Platform>\n    </ProjectConfiguration>\n    <ProjectConfiguration Include=\"Release|ARM64\">\n      <Configuration>Release</Configuration>\n      <Platform>ARM64</Platform>\n    </ProjectConfiguration>\n  </ItemGroup>\n  <PropertyGroup Label=\"Globals\">\n    <ProjectGuid>{6E9B50E8-5EDC-45BE-B9D2-46B6552347B4}</ProjectGuid>\n    <TemplateGuid>{1bc93793-694f-48fe-9372-81e2b05556fd}</TemplateGuid>\n    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>\n    <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>\n    <Configuration>Debug</Configuration>\n    <Platform Condition=\"'$(Platform)' == ''\">Win32</Platform>\n    <RootNamespace>KeHook64</RootNamespace>\n    <WindowsTargetPlatformVersion>$(LatestTargetPlatformVersion)</WindowsTargetPlatformVersion>\n  </PropertyGroup>\n  <Import Project=\"$(VCTargetsPath)\\Microsoft.Cpp.Default.props\" />\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|Win32'\" Label=\"Configuration\">\n    <TargetVersion>Windows10</TargetVersion>\n    <UseDebugLibraries>true</UseDebugLibraries>\n    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>\n    <ConfigurationType>Driver</ConfigurationType>\n    <DriverType>KMDF</DriverType>\n    <DriverTargetPlatform>Universal</DriverTargetPlatform>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|Win32'\" Label=\"Configuration\">\n    <TargetVersion>Windows10</TargetVersion>\n    <UseDebugLibraries>false</UseDebugLibraries>\n    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>\n    <ConfigurationType>Driver</ConfigurationType>\n    <DriverType>KMDF</DriverType>\n    <DriverTargetPlatform>Universal</DriverTargetPlatform>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|x64'\" Label=\"Configuration\">\n    <TargetVersion>Windows10</TargetVersion>\n    <UseDebugLibraries>true</UseDebugLibraries>\n    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>\n    <ConfigurationType>Driver</ConfigurationType>\n    <DriverType>KMDF</DriverType>\n    <DriverTargetPlatform>Universal</DriverTargetPlatform>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|x64'\" Label=\"Configuration\">\n    <TargetVersion>Windows10</TargetVersion>\n    <UseDebugLibraries>false</UseDebugLibraries>\n    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>\n    <ConfigurationType>Driver</ConfigurationType>\n    <DriverType>KMDF</DriverType>\n    <DriverTargetPlatform>Universal</DriverTargetPlatform>\n    <Driver_SpectreMitigation>false</Driver_SpectreMitigation>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|ARM'\" Label=\"Configuration\">\n    <TargetVersion>Windows10</TargetVersion>\n    <UseDebugLibraries>true</UseDebugLibraries>\n    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>\n    <ConfigurationType>Driver</ConfigurationType>\n    <DriverType>KMDF</DriverType>\n    <DriverTargetPlatform>Universal</DriverTargetPlatform>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|ARM'\" Label=\"Configuration\">\n    <TargetVersion>Windows10</TargetVersion>\n    <UseDebugLibraries>false</UseDebugLibraries>\n    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>\n    <ConfigurationType>Driver</ConfigurationType>\n    <DriverType>KMDF</DriverType>\n    <DriverTargetPlatform>Universal</DriverTargetPlatform>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|ARM64'\" Label=\"Configuration\">\n    <TargetVersion>Windows10</TargetVersion>\n    <UseDebugLibraries>true</UseDebugLibraries>\n    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>\n    <ConfigurationType>Driver</ConfigurationType>\n    <DriverType>KMDF</DriverType>\n    <DriverTargetPlatform>Universal</DriverTargetPlatform>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|ARM64'\" Label=\"Configuration\">\n    <TargetVersion>Windows10</TargetVersion>\n    <UseDebugLibraries>false</UseDebugLibraries>\n    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>\n    <ConfigurationType>Driver</ConfigurationType>\n    <DriverType>KMDF</DriverType>\n    <DriverTargetPlatform>Universal</DriverTargetPlatform>\n  </PropertyGroup>\n  <Import Project=\"$(VCTargetsPath)\\Microsoft.Cpp.props\" />\n  <ImportGroup Label=\"ExtensionSettings\">\n  </ImportGroup>\n  <ImportGroup Label=\"PropertySheets\">\n    <Import Project=\"$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props\" Condition=\"exists('$(UserRootDir)\\Microsoft.Cpp.$(Platform).user.props')\" Label=\"LocalAppDataPlatform\" />\n  </ImportGroup>\n  <PropertyGroup Label=\"UserMacros\" />\n  <PropertyGroup />\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|Win32'\">\n    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|Win32'\">\n    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|x64'\">\n    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|x64'\">\n    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>\n    <IntDir>$(Platform)\\$(Configuration)\\</IntDir>\n    <TargetName>$(ProjectName)</TargetName>\n    <OutDir>$(SolutionDir)$(Platform)</OutDir>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|ARM'\">\n    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|ARM'\">\n    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Debug|ARM64'\">\n    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>\n  </PropertyGroup>\n  <PropertyGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|ARM64'\">\n    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>\n  </PropertyGroup>\n  <ItemDefinitionGroup Condition=\"'$(Configuration)|$(Platform)'=='Release|x64'\">\n    <ClCompile>\n      <LanguageStandard>stdcpp17</LanguageStandard>\n      <TreatWarningAsError>false</TreatWarningAsError>\n    </ClCompile>\n    <Link>\n      <TreatLinkerWarningAsErrors>false</TreatLinkerWarningAsErrors>\n      <EntryPointSymbol>DriverEntry</EntryPointSymbol>\n    </Link>\n  </ItemDefinitionGroup>\n  <ItemGroup>\n    <FilesToPackage Include=\"$(TargetPath)\" />\n  </ItemGroup>\n  <ItemGroup>\n    <ClCompile Include=\"ZeroHook\\ZeroHook.cpp\" />\n    <ClCompile Include=\"ZeroThreadKernel.cpp\" />\n    <ClCompile Include=\"ZeroUtils\\ZeroUtils.cpp\" />\n  </ItemGroup>\n  <ItemGroup>\n    <ClInclude Include=\"Includes.h\" />\n    <ClInclude Include=\"ZeroHook\\ZeroHook.h\" />\n    <ClInclude Include=\"ZeroUtils\\ZeroUtils.h\" />\n  </ItemGroup>\n  <Import Project=\"$(VCTargetsPath)\\Microsoft.Cpp.targets\" />\n  <ImportGroup Label=\"ExtensionTargets\">\n  </ImportGroup>\n</Project>"
  },
  {
    "path": "ZeroThreadKernel/ZeroThreadKernel.vcxproj.filters",
    "content": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbuild/2003\">\n  <ItemGroup>\n    <Filter Include=\"ZeroHook\">\n      <UniqueIdentifier>{a073fe2c-66fe-433a-9201-5bd34f65ef0c}</UniqueIdentifier>\n    </Filter>\n    <Filter Include=\"ZeroUtils\">\n      <UniqueIdentifier>{d23680e8-b4b4-445c-96e5-3fb79fa51945}</UniqueIdentifier>\n    </Filter>\n  </ItemGroup>\n  <ItemGroup>\n    <ClCompile Include=\"ZeroUtils\\ZeroUtils.cpp\">\n      <Filter>ZeroUtils</Filter>\n    </ClCompile>\n    <ClCompile Include=\"ZeroThreadKernel.cpp\" />\n    <ClCompile Include=\"ZeroHook\\ZeroHook.cpp\">\n      <Filter>ZeroHook</Filter>\n    </ClCompile>\n  </ItemGroup>\n  <ItemGroup>\n    <ClInclude Include=\"ZeroHook\\ZeroHook.h\">\n      <Filter>ZeroHook</Filter>\n    </ClInclude>\n    <ClInclude Include=\"ZeroUtils\\ZeroUtils.h\">\n      <Filter>ZeroUtils</Filter>\n    </ClInclude>\n    <ClInclude Include=\"Includes.h\" />\n  </ItemGroup>\n</Project>"
  },
  {
    "path": "ZeroThreadKernel/ZeroUtils/ZeroUtils.cpp",
    "content": "#include \"ZeroUtils.h\"\n\nNTSTATUS ZeroUtils::MdlRtlCopyMemory(PVOID Destination, const VOID * Source, SIZE_T Length) {\n    PMDL Mdl = IoAllocateMdl(Destination, (ULONG)Length, 0, 0, 0);\n    if (!Mdl) return STATUS_UNSUCCESSFUL;\n\n    MmBuildMdlForNonPagedPool(Mdl);\n    PVOID Mapped = MmMapLockedPages(Mdl, KernelMode);\n    if (!Mapped) {\n        IoFreeMdl(Mdl);\n        return STATUS_UNSUCCESSFUL;\n    }\n\n    KIRQL OldIrql = KeRaiseIrqlToDpcLevel();\n    RtlCopyMemory(Mapped, Source, Length);\n    KeLowerIrql(OldIrql);\n\n    MmUnmapLockedPages(Mapped, Mdl);\n    IoFreeMdl(Mdl);\n\n    return STATUS_SUCCESS;\n}\n\nNTSTATUS ZeroUtils::MdlRtlFillMemory(PVOID Destination, BYTE Value, SIZE_T Length) {\n    PMDL Mdl = IoAllocateMdl(Destination, Length, 0, 0, 0);\n    if (!Mdl) return STATUS_UNSUCCESSFUL;\n\n    MmBuildMdlForNonPagedPool(Mdl);\n    PVOID Mapped = (PVOID)MmMapLockedPages(Mdl, KernelMode);\n    if (!Mapped) {\n        IoFreeMdl(Mdl);\n        return STATUS_UNSUCCESSFUL;\n    }\n\n    KIRQL OldIrql = KeRaiseIrqlToDpcLevel();\n    RtlFillMemory(Mapped, Length, Value);\n    KeLowerIrql(OldIrql);\n\n    MmUnmapLockedPages(Mapped, Mdl);\n    IoFreeMdl(Mdl);\n\n    return STATUS_SUCCESS;\n}\n\nPVOID ZeroUtils::GetKernelModuleExport(const char* ModuleName, const char* FunctionName)\n{\n    PVOID ModuleBase = 0;\n\n    ULONG Bytes = 0;\n    NTSTATUS Status = ZwQuerySystemInformation(SystemModuleInformation, NULL, Bytes, &Bytes);\n\n    if (Bytes == 0) {\n        Print(\"[GetKernelModuleExport] ZwQuerySystemInformation[1] failed\");\n        return NULL;\n    }\n\n    PRTL_PROCESS_MODULES Modules = (PRTL_PROCESS_MODULES)ExAllocatePoolWithTag(NonPagedPool, Bytes, 'NeiH');\n\n    Status = ZwQuerySystemInformation(SystemModuleInformation, Modules, Bytes, &Bytes);\n\n    if (!NT_SUCCESS(Status)) {\n        Print(\"[GetKernelModuleExport] ZwQuerySystemInformation[2] failed\");\n        return NULL;\n    }\n\n    PRTL_PROCESS_MODULE_INFORMATION Module = Modules->Modules;\n\n    for (ULONG i = 0; i < Modules->NumberOfModules; i++)\n    {\n        if (strcmp((char*)(Module[i].OffsetToFileName + Module[i].FullPathName), ModuleName) == 0)\n        {\n            ModuleBase = Module[i].ImageBase;\n            break;\n        }\n    }\n\n    if (Modules) {\n        ExFreePoolWithTag(Modules, 'NeiH');\n    }\n\n    if (ModuleBase == 0) {\n        Print(\"[GetKernelModuleExport] Failed to get module base\");\n        return NULL;\n    }\n\n    return RtlFindExportedRoutineByName(ModuleBase, FunctionName);\n}"
  },
  {
    "path": "ZeroThreadKernel/ZeroUtils/ZeroUtils.h",
    "content": "#pragma once\n#include \"../Includes.h\"\n\n#define Print( content, ... ) DbgPrintEx( 0, 0, \"[>] \" content, __VA_ARGS__ )\n\nnamespace ZeroUtils \n{\n    NTSTATUS MdlRtlCopyMemory(PVOID Destination, const VOID* Source, SIZE_T Length);\n    NTSTATUS MdlRtlFillMemory(PVOID Destination, BYTE Value, SIZE_T Length);\n    PVOID GetKernelModuleExport(const char* ModuleName, const char* FunctionName);\n}\n\ntypedef enum _SYSTEM_INFORMATION_CLASS\n{\n    SystemBasicInformation,\n    SystemProcessorInformation,\n    SystemPerformanceInformation,\n    SystemTimeOfDayInformation,\n    SystemPathInformation,\n    SystemProcessInformation,\n    SystemCallCountInformation,\n    SystemDeviceInformation,\n    SystemProcessorPerformanceInformation,\n    SystemFlagsInformation,\n    SystemCallTimeInformation,\n    SystemModuleInformation,\n} SYSTEM_INFORMATION_CLASS, * PSYSTEM_INFORMATION_CLASS;\n\ntypedef struct _RTL_PROCESS_MODULE_INFORMATION\n{\n    HANDLE Section;\n    PVOID MappedBase;\n    PVOID ImageBase;\n    ULONG ImageSize;\n    ULONG Flags;\n    USHORT LoadOrderIndex;\n    USHORT InitOrderIndex;\n    USHORT LoadCount;\n    USHORT OffsetToFileName;\n    UCHAR FullPathName[256];\n} RTL_PROCESS_MODULE_INFORMATION, * PRTL_PROCESS_MODULE_INFORMATION;\n\ntypedef struct _RTL_PROCESS_MODULES\n{\n    ULONG NumberOfModules;\n    RTL_PROCESS_MODULE_INFORMATION Modules[1];\n} RTL_PROCESS_MODULES, * PRTL_PROCESS_MODULES;\n"
  },
  {
    "path": "ZeroThreadKernel.sln",
    "content": "\nMicrosoft Visual Studio Solution File, Format Version 12.00\n# Visual Studio Version 16\nVisualStudioVersion = 16.0.30503.244\nMinimumVisualStudioVersion = 10.0.40219.1\nProject(\"{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}\") = \"ZeroThreadKernel\", \"ZeroThreadKernel\\ZeroThreadKernel.vcxproj\", \"{6E9B50E8-5EDC-45BE-B9D2-46B6552347B4}\"\nEndProject\nProject(\"{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}\") = \"ZeroThreadCaller\", \"ZeroThreadCaller\\ZeroThreadCaller.vcxproj\", \"{B1A4C64E-4FFD-485A-AD7A-90672C9AAA9A}\"\nEndProject\nGlobal\n\tGlobalSection(SolutionConfigurationPlatforms) = preSolution\n\t\tRelease|x64 = Release|x64\n\tEndGlobalSection\n\tGlobalSection(ProjectConfigurationPlatforms) = postSolution\n\t\t{6E9B50E8-5EDC-45BE-B9D2-46B6552347B4}.Release|x64.ActiveCfg = Release|x64\n\t\t{6E9B50E8-5EDC-45BE-B9D2-46B6552347B4}.Release|x64.Build.0 = Release|x64\n\t\t{6E9B50E8-5EDC-45BE-B9D2-46B6552347B4}.Release|x64.Deploy.0 = Release|x64\n\t\t{B1A4C64E-4FFD-485A-AD7A-90672C9AAA9A}.Release|x64.ActiveCfg = Release|x64\n\t\t{B1A4C64E-4FFD-485A-AD7A-90672C9AAA9A}.Release|x64.Build.0 = Release|x64\n\tEndGlobalSection\n\tGlobalSection(SolutionProperties) = preSolution\n\t\tHideSolutionNode = FALSE\n\tEndGlobalSection\n\tGlobalSection(ExtensibilityGlobals) = postSolution\n\t\tSolutionGuid = {A6F2B95C-BF8F-4ADE-8739-872BE439CA61}\n\tEndGlobalSection\nEndGlobal\n"
  }
]