mrexodia / phnt-single-header Goto Github PK

Single header version of System Informer's phnt library.

License: MIT License

Python 16.87% CMake 65.62% C 5.06% C++ 12.45%

native processhacker sdk system-informer systeminformer wdk windows windows-internals hacktoberfest

phnt-single-header's Introduction

phnt-single-header

This repository automatically generates a single-header version of System Informer's phnt library. This repository was created because the original library is separated in many headers and can be annoying to integrate into your project.

Usage

This is a simple example of using phnt

#define PHNT_VERSION PHNT_WIN11
#include "phnt.h" // Instead of Windows.h

// Imports for ntdll.dll
#pragma comment(lib, "ntdll.lib")

static char message[] = "Hello, phnt!\r\n";

int main()
{
    IO_STATUS_BLOCK IoStatusBlock = { 0, 0 };
    NtWriteFile(
        NtCurrentPeb()->ProcessParameters->StandardOutput,
        NULL,
        NULL,
        NULL,
        &IoStatusBlock,
        message,
        strlen(message) - 1,
        NULL,
        NULL
    );
    return 0;
}

Download

phnt.h (direct link to the latest release).

CMake

To quickly use this library from CMake, use FetchContent:

cmake_minimum_required(VERSION 3.24)
cmake_policy(SET CMP0135 NEW)
project(phnt-example)

include(FetchContent)
set(phnt_TAG "v1.2-4d1b102f")
message(STATUS "Fetching phnt (${phnt_TAG})...")
FetchContent_Declare(phnt
    URL "https://github.com/mrexodia/phnt-single-header/releases/download/${phnt_TAG}/phnt.zip"
    URL_HASH "SHA256=ccd3cbc27c83b2870f6c8d2b72d47cc75a38fc7bb57b11fc9677a9ec46710e10"
)
FetchContent_MakeAvailable(phnt)

add_executable(example main.cpp)
target_link_libraries(example PRIVATE phnt::phnt)

Instead of FetchContent you can also extract phnt.zip to third_party/phnt in your project and do:

add_subdirectory(third_party/phnt)

The target phnt::phnt also links to ntdll.lib. If you want to avoid this you can link to phnt::headers instead.

_{Note: The CMake project in phnt.zip also works as a CMake package. After configuring and installing it, you can do find_package(phnt REQUIRED) and everything should work out of the box.}

Older SDKs

To use phnt with older SDK versions, change the PHNT_VERSION to one of the following:

#define PHNT_VERSION PHNT_WIN2K
#define PHNT_VERSION PHNT_WINXP
#define PHNT_VERSION PHNT_WS03
#define PHNT_VERSION PHNT_VISTA
#define PHNT_VERSION PHNT_WIN7
#define PHNT_VERSION PHNT_WIN8
#define PHNT_VERSION PHNT_WINBLUE
#define PHNT_VERSION PHNT_THRESHOLD
#define PHNT_VERSION PHNT_THRESHOLD2
#define PHNT_VERSION PHNT_REDSTONE
#define PHNT_VERSION PHNT_REDSTONE2
#define PHNT_VERSION PHNT_REDSTONE3
#define PHNT_VERSION PHNT_REDSTONE4
#define PHNT_VERSION PHNT_REDSTONE5
#define PHNT_VERSION PHNT_19H1
#define PHNT_VERSION PHNT_19H2
#define PHNT_VERSION PHNT_20H1
#define PHNT_VERSION PHNT_20H2
#define PHNT_VERSION PHNT_21H1
#define PHNT_VERSION PHNT_WIN10_21H2
#define PHNT_VERSION PHNT_WIN10_22H2
#define PHNT_VERSION PHNT_WIN11
#define PHNT_VERSION PHNT_WIN11_22H2

phnt-single-header's People

Contributors

Stargazers

Watchers

Forkers

0xtriboulet gmh5225 shantanu561993 layerfsd ellacrity jabra- tempaccountnull rocker9527 gavz

phnt-single-header's Issues

Automatically generate CMake instruction in release notes

Automatically detect phnt updates in system informer

Could be implemented with a GH actions cron job:

Diff the phnt subfolder of the system informer project with the current submodule
Automatically create a PR that bumps the submodule
Automatically create a release once the PR is merged

Add kernel support

Currently phnt_windows.h is hardcoded. We can wrap this header in an ifdef with the _KERNEL_MODE define and additionally define the appropriate PHNT_MODE macro. This would also need to build a kernel driver as part of the tests (see https://github.com/build-cpp/wdk_template).

This feature should be implemented by modifying phnt_amalgamate.h

Automatically generate a FOSS `ntdll.lib` and include it in the release

This should be possible with a simple python script that loads ntdll.dll, iterates the exports and generates ntdll.def. A (potentially) better idea could be to reuse parse_phnt.py from dumpulator and generate the DEF file from the imports actually exposed with that OS version.

Add `CMakeLists.txt` in the release

The idea would be that you can use the releases of this repository with FetchContent directly. Additionally an example in the README is needed. The file would be in out/CMakeLists.txt and provide a phnt::phnt target (potentially also linking to ntdll.lib for user-mode, maybe a split with a phnt::headers target?)

IDA/Ghidra Type libraries

Would be nice to create IDA/Ghidra type libraries from the latest phnt version and include those in the release as well.

There's some issues:

IDA SDK is non-free and it's difficult to use it on GH Actions
Their parser is absolutely horrible and unlikely to parse the headers correctly

Detect and error when including `Winternl.h`

#ifdef _WINTERNL_
#error Do not mix Winternl.h and phnt.h
#endif // _WINTERNL_
#define _WINTERNL_ // Pretend the header was included

Error when someone tries to directly include this repository in their project

This can be done by creating a dummy CMakeLists.txt that just does:

message(FATAL_ERROR "Include phnt.zip from the release instead")