Mi Core

• 简体中文

Introduction

Warning

MiCore is still in development stage ...

MiCore is a derivative of the underlying API implementation of MiUCRT (formerly ucxxrt).

It is mainly the implementation of user-level functions in the kernel on the Windows platform. Recommended for use with Veil.

Thanks & References

• Thanks: The scheme to export ZwRoutines is provided by @xiaobfly.
• References: systeminformer/phnt
• References: Windows_OS_Internals_Curriculum_Resource_Kit-ACADEMIC

Feature

• All ZwRoutines supported by the current system can be used directly.

  NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
  {
      UNREFERENCED_PARAMETER(DriverObject);
      UNREFERENCED_PARAMETER(RegistryPath);
  
      NTSTATUS Status;
  
      do {
          DriverObject->DriverUnload = DriverUnload;
  
          Status = MiCoreStartup(DriverObject, RegistryPath);
          if (!NT_SUCCESS(Status)) {
              break;
          }
  
          LARGE_INTEGER SystemTime{};
          Status = ZwQuerySystemTime(&SystemTime);
          if (!NT_SUCCESS(Status)) {
              break;
          }
  
          Status = RtlSystemTimeToLocalTime(&SystemTime, &SystemTime);
          if (!NT_SUCCESS(Status)) {
              break;
          }
  
          TIME_FIELDS Time{};
          RtlTimeToTimeFields(&SystemTime, &Time);
  
          MiLOG("Loading time is %04d/%02d/%02d %02d:%02d:%02d",
              Time.Year, Time.Month, Time.Day,
              Time.Hour, Time.Minute, Time.Second);
  
      } while (false);
  
      if (!NT_SUCCESS(Status)) {
          DriverUnload(DriverObject);
      }
  
      return Status;
  }

• Support part of RtlXxxx API.

• Support part of KernelBase API.

• Support part of Advapi32 API.

Progress

See Project