From 4d304d24836aab75786db66f3adf5a552ecf2417 Mon Sep 17 00:00:00 2001
From: Berserker <noemail@noemail.com>
Date: Sat, 1 Jun 2019 22:55:37 +0300
Subject: [PATCH] v1.0.3. Added support for NtQueryDirectoryFileEx, used in
 Win10 v1709+

---
 .gitignore      |   1 +
 Vfs.dproj       |   6 +++++-
 Vfs.res         | Bin 5160 -> 0 bytes
 VfsHooks.pas    |  39 ++++++++++++++++++++++++++++++++++++---
 _update_dll.bat |   2 +-
 5 files changed, 43 insertions(+), 5 deletions(-)
 delete mode 100644 Vfs.res

diff --git a/.gitignore b/.gitignore
index 21ac699..1498465 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,5 +4,6 @@
 *.ini
 *.identcache
 *.map
+*.res
 _LOG_.txt
 __history/
\ No newline at end of file
diff --git a/Vfs.dproj b/Vfs.dproj
index e6e9842..e89a8aa 100644
--- a/Vfs.dproj
+++ b/Vfs.dproj
@@ -30,7 +30,11 @@
     <Borland.Personality>Delphi.Personality</Borland.Personality>
     <Borland.ProjectType>VCLApplication</Borland.ProjectType>
     <BorlandProject>
-<BorlandProject><Delphi.Personality><Parameters><Parameters Name="UseLauncher">False</Parameters><Parameters Name="LoadAllSymbols">True</Parameters><Parameters Name="LoadUnspecifiedSymbols">False</Parameters></Parameters><VersionInfo><VersionInfo Name="IncludeVerInfo">True</VersionInfo><VersionInfo Name="AutoIncBuild">True</VersionInfo><VersionInfo Name="MajorVer">1</VersionInfo><VersionInfo Name="MinorVer">0</VersionInfo><VersionInfo Name="Release">2</VersionInfo><VersionInfo Name="Build">4</VersionInfo><VersionInfo Name="Debug">False</VersionInfo><VersionInfo Name="PreRelease">False</VersionInfo><VersionInfo Name="Special">False</VersionInfo><VersionInfo Name="Private">False</VersionInfo><VersionInfo Name="DLL">False</VersionInfo><VersionInfo Name="Locale">1049</VersionInfo><VersionInfo Name="CodePage">1251</VersionInfo></VersionInfo><VersionInfoKeys><VersionInfoKeys Name="CompanyName">Alexander Shostak (aka EtherniDee)</VersionInfoKeys><VersionInfoKeys Name="FileDescription">Virtual File System</VersionInfoKeys><VersionInfoKeys Name="FileVersion">1.0.2.4</VersionInfoKeys><VersionInfoKeys Name="InternalName"></VersionInfoKeys><VersionInfoKeys Name="LegalCopyright"></VersionInfoKeys><VersionInfoKeys Name="LegalTrademarks"></VersionInfoKeys><VersionInfoKeys Name="OriginalFilename"></VersionInfoKeys><VersionInfoKeys Name="ProductName"></VersionInfoKeys><VersionInfoKeys Name="ProductVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="Comments"></VersionInfoKeys></VersionInfoKeys><Source><Source Name="MainSource">Vfs.dpr</Source></Source><Excluded_Packages>
+<BorlandProject><Delphi.Personality><Parameters><Parameters Name="UseLauncher">False</Parameters><Parameters Name="LoadAllSymbols">True</Parameters><Parameters Name="LoadUnspecifiedSymbols">False</Parameters></Parameters><VersionInfo><VersionInfo Name="IncludeVerInfo">True</VersionInfo><VersionInfo Name="AutoIncBuild">True</VersionInfo><VersionInfo Name="MajorVer">1</VersionInfo><VersionInfo Name="MinorVer">0</VersionInfo><VersionInfo Name="Release">3</VersionInfo><VersionInfo Name="Build">2</VersionInfo><VersionInfo Name="Debug">False</VersionInfo><VersionInfo Name="PreRelease">False</VersionInfo><VersionInfo Name="Special">False</VersionInfo><VersionInfo Name="Private">False</VersionInfo><VersionInfo Name="DLL">False</VersionInfo><VersionInfo Name="Locale">1049</VersionInfo><VersionInfo Name="CodePage">1251</VersionInfo></VersionInfo><VersionInfoKeys><VersionInfoKeys Name="CompanyName">Alexander Shostak (aka EtherniDee)</VersionInfoKeys><VersionInfoKeys Name="FileDescription">Virtual File System</VersionInfoKeys><VersionInfoKeys Name="FileVersion">1.0.3.2</VersionInfoKeys><VersionInfoKeys Name="InternalName"></VersionInfoKeys><VersionInfoKeys Name="LegalCopyright"></VersionInfoKeys><VersionInfoKeys Name="LegalTrademarks"></VersionInfoKeys><VersionInfoKeys Name="OriginalFilename"></VersionInfoKeys><VersionInfoKeys Name="ProductName"></VersionInfoKeys><VersionInfoKeys Name="ProductVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="Comments"></VersionInfoKeys></VersionInfoKeys><Source><Source Name="MainSource">Vfs.dpr</Source></Source><Excluded_Packages>
+      
+      
+      
+      
       
       
       <Excluded_Packages Name="$(BDS)\bin\dcloffice2k100.bpl">Microsoft Office 2000 Sample Automation Server Wrapper Components</Excluded_Packages>
diff --git a/Vfs.res b/Vfs.res
deleted file mode 100644
index 43bf0487c0b3a2f6ad7693cb9d46b94c16fe8cce..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 5160
zcmbW5OK%)i5QWQ$C0KzM5mMNU1qcN%q6EBw&4BWdA_0jA<88|V=OGdk*^We3?SC>^
zAcXoqp!OPhnPntL;s=l=3q*6is#`NXlX0+Vsiy9uZk==L-o7&$GqY7$*M+G$^ZdG!
z^Jf*a<Z~-4=a)0+f*Px`&t*&AQbTM0?=z}Kw!gn`O<lXEo%Zw7r#2dnjF|9iy>@>*
z=coR^_<)hv=^0BN&A9RTPQ03WWQ{oV&H1#?Y((5x#iZSK(O2woPhyNpUh*WDrm8K*
zqZaT2n>x&J(3s<cT{mV&!ahn4YAffW2OO*!PiyV96%ONp7aY14{k3CvitlT0sx^-d
z?a!oLy3r4ZvApulKjg>2rpA*xtDPL&tM75-Qy#Csuc7{H6CP;vJyH!C#lpdP9KEWa
znv&CX5KlhOIjw_ZYHlR{<m)<Vs)!Q@)`&~roNKGvD<0hqxC``0-oRrYgG1ES=V~xz
z#fPTgFsjQwORM9hr~b6FU%d6kvi_l)8r2hQ^e`U#SFkH-8P>AM+n}pb8$VWU2Z|f2
z&NBAIG}pAOB}S(FBl>Nu2OkVHhwjEY#biJ5mAjS+_u%<~$D_Zg8}CzZtF;frRA46u
ze8HW;76<y8OMJAF8}B^YqMe)?8&#p(W7-&l1AX@2vB$z5z*D}GAFwX;Tiw?VzKpq=
zJ&!yufBz*ow86pO*;;vIR)McGcGyiY>BH6W$BH4gk{^aqAJ?yZu6GOvwOe6hTA#J=
zj<jFxGfNI|0yD75TksXfxd)ST5N&E)cn;);T2}=JG=ky#pSW$|p!3O`*R<;l4&K)L
z!8kQ^4q#)0*nh_qcR108tJgqSeip?oJpJR^s=d~M!#g~|R=(KNqCYtdr~0Y6DKGk|
z5ASsFnDS3v?xhC|*QWg7#@#}F^}d1MH|2{nTy$53%Rro!%lEwK&pq;eqRxs12VK7R
z;>Vrq@2PMZ2b&z;UVzVfulG>=WN-=7`4czZ=ePqxzn=|os7F=yXiSXiU!%2fP&@I%
zFV^q%S1!k_*xN9Ze&+Jd@fv9^&b_>_Q$J@v_D5^Mmw}naJZ;{;ncA0qh;zsN1;@xm
zKJ@$ktBqc-Q>FZhW8QPNf#vgBn|C8~`99G0e!Un!&NRBq-jQGW6W?<e{J@U+rY`4K
zd87W~rm@7r^BV!5M$Y*f_#TYQ{f35uAN5yXduzr!nze~{ZL&Xb8!Ap~eShTrJXYnM
z6o>q7XU#mm_jT9#cSm9jruUzpKlP~z20!jEa-j?D&Q02>VQS5LA$~(m>#z`CXCdx2
z^h=L$$R8Tx{GgBDK)mNZu0HqF<ZOx;G2n9t@?Ax)<f9^bo3)ELyrQ4;d8GX+-vhMs
zuJJP=j(+Zin`aj+zi$d|o<XpAlFK4|#yE>!@8PuGS@#(~M0aS<cbE4J><NcD+SH=|
zFwcASIu4UFKL7(ReLss$ji>i4?I{Pa<{!qeMejm#VvmUNduEt;Qy<@Z1xM#0e@CXz
z^X@t338>FFmUzedqxdf2Y@m_4aVOG;qn{;>_kYXz{+AjofSwFZIB>=|YbP<qI;PGf
zzaKET`0ru&Q4?~X<Vg;%I}fk$g71XKVR<Lva60VdmmKh}?F4o3xVF?ny4jn|lX*|;
zb3LAVyq3%1q0bYS>rRVzTzuv`sXs2y{CIa@)@kr>*<Z4kvKO+0V*B#gX`g-l?SLJa
zoyA_5y`kK13u7Rxp)kAd;B0r!%r42g?k)SuzOWniwd{)Bl+UOCzXtzi=>Lq>RsUCm
ze?gY)`5E(nIJ#~{d6s-xf6enV>l)jz+g9oGnth|z4M(UP@4DJNzb*gy5BacVQ_|vx
zOzK&dMRxD{$7h5o-=6K*ecQIXc3u8~Z7K7%-LW4v`;Nz4vUR&`pGxhzIDDe<JNCZv
zT~W+Kdt{r6e<IbJ>TQu!)gaGLKJ&d=J5qVu?kRp(c$@Zv`WM`9s&!3c_dIG_46drR
zWgmH-TXs%3$%~m?`_B13(wh6qx9xEoYVT;|v2s38##{mF6UW>VH}>nzUcL>--0kJL
zY!?-C(LR<@`S%pP<n`F|*lo|>S8Dd5$9$>zyFN=*9toAI-j%LBXK1!I7x%3qHjU~$
zl;2TJc1vW&-YhxT9dxBCdRgh@cuTQAD%)e#XK!XNNV@L2XJh8or*`ynuHSXOvB#io
jD{nHq>P$DBce0wE8nX}l#D&6bt$Luy{(hZb{$u%H-w%yi

diff --git a/VfsHooks.pas b/VfsHooks.pas
index 2c47110..061822d 100644
--- a/VfsHooks.pas
+++ b/VfsHooks.pas
@@ -31,6 +31,8 @@ var
   NativeNtCreateFile:              WinNative.TNtCreateFile;
   NativeNtClose:                   WinNative.TNtClose;
   NativeNtQueryDirectoryFile:      WinNative.TNtQueryDirectoryFile;
+  NativeNtQueryDirectoryFileEx:    WinNative.TNtQueryDirectoryFileEx;
+
 
   NtQueryAttributesFilePatch:     VfsPatching.TAppliedPatch;
   NtQueryFullAttributesFilePatch: VfsPatching.TAppliedPatch;
@@ -38,6 +40,7 @@ var
   NtCreateFilePatch:              VfsPatching.TAppliedPatch;
   NtClosePatch:                   VfsPatching.TAppliedPatch;
   NtQueryDirectoryFilePatch:      VfsPatching.TAppliedPatch;
+  NtQueryDirectoryFileExPatch:    VfsPatching.TAppliedPatch;
 
 
 (* There is no 100% portable and reliable way to get file path by handle, unless file creation/opening
@@ -543,11 +546,28 @@ begin
   end;
 end; // .function Hook_NtQueryDirectoryFile
 
+function Hook_NtQueryDirectoryFileEx (OrigFunc: WinNative.TNtQueryDirectoryFileEx; FileHandle: HANDLE; Event: HANDLE; ApcRoutine: pointer; ApcContext: PVOID; Io: PIO_STATUS_BLOCK;
+                                      Buffer: PVOID; BufLength: ULONG; InfoClass: integer (* FILE_INFORMATION_CLASS *); QueryFlags: integer; Mask: PUNICODE_STRING): NTSTATUS; stdcall;
+var
+  SingleEntry: LONGBOOL;
+  RestartScan: LONGBOOL;
+
+begin
+  if VfsDebug.LoggingEnabled then begin
+    WriteLog('NtQueryDirectoryFileEx', Format('Handle: %x. QueryFlags: %x', [FileHandle, QueryFlags]));
+  end;
+
+  RestartScan := Utils.Flags(QueryFlags).Have(WinNative.SL_RESTART_SCAN);
+  SingleEntry := Utils.Flags(QueryFlags).Have(WinNative.SL_RETURN_SINGLE_ENTRY);
+  result      := WinNative.NtQueryDirectoryFile(FileHandle, Event, ApcRoutine, ApcContext, Io, Buffer, BufLength, InfoClass, SingleEntry, Mask, RestartScan);
+end;
+
 procedure InstallHooks;
 var
-  SetProcessDEPPolicy: function (dwFlags: integer): LONGBOOL; stdcall;
-  hDll:                Windows.THandle;
-  NtdllHandle:         integer;
+  SetProcessDEPPolicy:        function (dwFlags: integer): LONGBOOL; stdcall;
+  hDll:                       Windows.THandle;
+  NtdllHandle:                integer;
+  NtQueryDirectoryFileExAddr: WinNative.TNtQueryDirectoryFileEx;
 
 begin
   with HooksCritSection do begin
@@ -622,6 +642,18 @@ begin
         @Hook_NtQueryDirectoryFile,
         @NtQueryDirectoryFilePatch
       );
+
+      NtQueryDirectoryFileExAddr := VfsApiDigger.GetRealProcAddress(NtdllHandle, 'NtQueryDirectoryFileEx');
+
+      if @NtQueryDirectoryFileExAddr <> nil then begin
+        WriteLog('InstallHook', 'Installing NtQueryDirectoryFileEx hook');
+        NativeNtQueryDirectoryFileEx := VfsPatching.SpliceWinApi
+        (
+          @NtQueryDirectoryFileExAddr,
+          @Hook_NtQueryDirectoryFileEx,
+          @NtQueryDirectoryFileExPatch
+        );
+      end;
     end; // .if
 
     Leave;
@@ -639,6 +671,7 @@ begin
     NtCreateFilePatch.Rollback;
     NtClosePatch.Rollback;
     NtQueryDirectoryFilePatch.Rollback;
+    NtQueryDirectoryFileExPatch.Rollback;
 
     Leave;
   end;
diff --git a/_update_dll.bat b/_update_dll.bat
index 42c1beb..c715557 100644
--- a/_update_dll.bat
+++ b/_update_dll.bat
@@ -4,7 +4,7 @@ cls
 set h3dir=D:\Heroes 3
 copy /Y Vfs.dll "%h3dir%\vfs.dll"
 copy /Y Vfs.map "%h3dir%\Vfs.map"
-php "%h3dir%\Tools\ExeMapCompiler\compile.phc" "vfs.map" "./DebugMaps"
+php "%h3dir%\Tools\ExeMapCompiler\compile.phc" "vfs.map" "%h3dir%/DebugMaps"
 echo.
 echo.
 echo %date% %time%