1.9.1

For a complete list of changes see changelog.txt in the sources directory. Release candidate 1.

Source/CHANGELOG.txt

@@ -1,3 +1,7 @@
+v1.9.1
+21h2 compatibility improvements
+rtls updated
+
 v1.9.0
 added Section object structured dump
 added ALPC port connections list (similar to !alpc /lpc windbg command)

Source/Plugins/ImageScope/main.c

@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2020
+*  (C) COPYRIGHT AUTHORS, 2020 - 2021
 *
 *  TITLE:       MAIN.C
 *
 *  VERSION:     1.00
 *
-*  DATE:        11 July 2020
+*  DATE:        27 July 2021
 *
 *  WinObjEx64 ImageScope plugin.
 *
@@ -18,7 +18,6 @@
 *******************************************************************************/
 
 #include "global.h"
-#include <intrin.h>
 
 //
 // Dll instance.

Source/Plugins/Sonar/global.h

@@ -6,7 +6,7 @@
 *
 *  VERSION:     1.03
 *
-*  DATE:        11 Jan 2021
+*  DATE:        27 July 2021
 *
 *  Common header file for the Windows Object Explorer Sonar plugin.
 *
@@ -43,6 +43,7 @@
 #include "treelist/treelist.h"
 #include "minirtl/minirtl.h"
 #include "ntos/ntsup.h"
+#include "ntos/ntbuilds.h"
 #include "plugin_def.h"
 #include "sup.h"
 #include "ui.h"

Source/Plugins/Sonar/main.c

@@ -524,7 +524,7 @@ VOID xxxDumpProtocolBlock(
 VOID DumpHandlers(
     _In_ PVOID* Handlers,
     _In_ UINT Count,
-    _In_ LPWSTR* Names,
+    _In_ LPCWSTR* Names,
     RTL_PROCESS_MODULES* pModulesList
 )
 {
@@ -563,7 +563,7 @@ VOID DumpHandlers(
                 pAssociatedModule = TEXT("");//could be any garbage pointer.
             }
 
-            xxxDumpProtocolBlock(Names[i], szBuffer, pAssociatedModule);
+            xxxDumpProtocolBlock((LPWSTR)Names[i], szBuffer, pAssociatedModule);
 
             if (ConvertNeedFree) {
                 RtlFreeUnicodeString(&usConvert);

Source/Plugins/Sonar/query.h

@@ -6,7 +6,7 @@
 *
 *  VERSION:     1.03
 *
-*  DATE:        11 Jan 2021
+*  DATE:        26 July 2021
 * 
 *  Sonar plugin query information definitions.
 *
@@ -19,61 +19,6 @@
 
 #pragma once
 
-//
-// Defines for Major Windows NT release builds
-//
-
-// Windows 7 RTM
-#define NT_WIN7_RTM             7600
-
-// Windows 7 SP1
-#define NT_WIN7_SP1             7601
-
-// Windows 8 RTM
-#define NT_WIN8_RTM             9200
-
-// Windows 8.1
-#define NT_WIN8_BLUE            9600
-
-// Windows 10 TH1
-#define NT_WIN10_THRESHOLD1     10240
-
-// Windows 10 TH2
-#define NT_WIN10_THRESHOLD2     10586
-
-// Windows 10 RS1
-#define NT_WIN10_REDSTONE1      14393
-
-// Windows 10 RS2
-#define NT_WIN10_REDSTONE2      15063
-
-// Windows 10 RS3
-#define NT_WIN10_REDSTONE3      16299
-
-// Windows 10 RS4
-#define NT_WIN10_REDSTONE4      17134
-
-// Windows 10 RS5
-#define NT_WIN10_REDSTONE5      17763
-
-// Windows 10 19H1
-#define NT_WIN10_19H1           18362
-
-// Windows 10 19H2
-#define NT_WIN10_19H2           18363
-
-// Windows 10 20H1
-#define NT_WIN10_20H1           19041
-
-// Windows 10 20H2
-#define NT_WIN10_20H2           19042
-
-// Windows 10 21H1
-#define NT_WIN10_21H1           19043
-
-// Windows 10 Active Develepment Branch (21XX)
-#define NTX_WIN10_ADB           21286
-
 typedef struct _PROTOCOL_BLOCK_VERSIONS {
     union {
         union {
@@ -278,7 +223,7 @@ typedef struct _NDIS_PROTOCOL_BLOCK_COMPATIBLE {
 
 } NDIS_PROTOCOL_BLOCK_COMPATIBLE, *PNDIS_PROTOCOL_BLOCK_COMPATIBLE;
 
-static LPWSTR g_lpszOpenBlockHandlers[] = {
+static LPCWSTR g_lpszOpenBlockHandlers[] = {
     TEXT("NextSendHandler"),
     TEXT("NextReturnNetBufferListsHandler"),
     TEXT("SendHandler"),
@@ -349,7 +294,7 @@ static LPWSTR g_lpszOpenBlockHandlers[] = {
     TEXT("CoOidRequestHandler")
 };
 
-static LPWSTR g_lpszProtocolBlockHandlers[] = {
+static LPCWSTR g_lpszProtocolBlockHandlers[] = {
     TEXT("BindAdapterHandlerEx"),
     TEXT("UnbindAdapterHandlerEx"),
     TEXT("OpenAdapterCompleteHandlerEx"),

Source/Shared/ntos/ntbuilds.h

@@ -0,0 +1,77 @@
+/*******************************************************************************
+*
+*  (C) COPYRIGHT AUTHORS, 2021
+*
+*  TITLE:       NTBUILDS.H
+*
+*  VERSION:     1.00
+*
+*  DATE:        26 July 2021
+*
+*  Windows NT builds definition file.
+*
+* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
+* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
+* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
+* PARTICULAR PURPOSE.
+*
+*******************************************************************************/
+#pragma once
+
+//
+// Defines for Major Windows NT release builds
+//
+
+// Windows 7 RTM
+#define NT_WIN7_RTM             7600
+
+// Windows 7 SP1
+#define NT_WIN7_SP1             7601
+
+// Windows 8 RTM
+#define NT_WIN8_RTM             9200
+
+// Windows 8.1
+#define NT_WIN8_BLUE            9600
+
+// Windows 10 TH1
+#define NT_WIN10_THRESHOLD1     10240
+
+// Windows 10 TH2
+#define NT_WIN10_THRESHOLD2     10586
+
+// Windows 10 RS1
+#define NT_WIN10_REDSTONE1      14393
+
+// Windows 10 RS2
+#define NT_WIN10_REDSTONE2      15063
+
+// Windows 10 RS3
+#define NT_WIN10_REDSTONE3      16299
+
+// Windows 10 RS4
+#define NT_WIN10_REDSTONE4      17134
+
+// Windows 10 RS5
+#define NT_WIN10_REDSTONE5      17763
+
+// Windows 10 19H1
+#define NT_WIN10_19H1           18362
+
+// Windows 10 19H2
+#define NT_WIN10_19H2           18363
+
+// Windows 10 20H1
+#define NT_WIN10_20H1           19041
+
+// Windows 10 20H2
+#define NT_WIN10_20H2           19042
+
+// Windows 10 21H1
+#define NT_WIN10_21H1           19043
+
+// Windows 10 21H2
+#define NT_WIN10_21H2           19044
+
+// Windows 11 Active Develepment Branch (21XX)
+#define NTX_WIN11_ADB           22000

Source/Shared/ntos/ntos.h

@@ -5,9 +5,9 @@
 *
 *  TITLE:       NTOS.H
 *
-*  VERSION:     1.172
+*  VERSION:     1.175
 *
-*  DATE:        03 June 2021
+*  DATE:        26 Aug 2021
 *
 *  Common header file for the ntos API functions and definitions.
 *
@@ -4621,11 +4621,16 @@ typedef struct _MMVAD_SHORT {
 typedef struct _MI_VAD_SEQUENTIAL_INFO {
 
     struct {
+#if defined(_AMD64_)
         ULONG_PTR Length : 12; /* bit position: 0 */
         ULONG_PTR Vpn : 52; /* bit position: 12 */
+#else
+        ULONG Length : 11; /* bit position: 0 */
+        ULONG Vpn : 21; /* bit position: 11 */
+#endif
     };
 
-} MI_VAD_SEQUENTIAL_INFO, * PMI_VAD_SEQUENTIAL_INFO; /* size: 0x0008 */
+} MI_VAD_SEQUENTIAL_INFO, * PMI_VAD_SEQUENTIAL_INFO;
 
 //
 // N.B. 
@@ -7385,14 +7390,16 @@ LdrProcessRelocationBlock(
     _In_ PUSHORT NextOffset,
     _In_ LONG_PTR Diff);
 
+DECLSPEC_NORETURN
 NTSYSAPI
-NTSTATUS
+VOID
 NTAPI
 LdrShutdownProcess(
     VOID);
 
+DECLSPEC_NORETURN
 NTSYSAPI
-NTSTATUS
+VOID
 NTAPI
 LdrShutdownThread(
     VOID);
@@ -7522,7 +7529,7 @@ NTSTATUS
 NTAPI
 RtlInitUnicodeStringEx(
     _Out_ PUNICODE_STRING DestinationString,
-    _In_opt_ PWSTR SourceString);
+    _In_opt_ PCWSTR SourceString);
 
 NTSYSAPI
 BOOLEAN
@@ -9315,6 +9322,26 @@ NTAPI
 RtlGetSystemTimePrecise(
     VOID);
 
+NTSYSAPI
+LARGE_INTEGER
+NTAPI
+RtlGetInterruptTimePrecise(
+    _Out_ PLARGE_INTEGER PerformanceCounter);
+
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlQueryUnbiasedInterruptTime(
+    _Out_ PLARGE_INTEGER InterruptTime);
+
+NTSYSAPI
+KSYSTEM_TIME
+NTAPI
+RtlGetSystemTimeAndBias(
+    _Out_ KSYSTEM_TIME TimeZoneBias,
+    _Out_opt_ PLARGE_INTEGER TimeZoneBiasEffectiveStart,
+    _Out_opt_ PLARGE_INTEGER TimeZoneBiasEffectiveEnd);
+
 /************************************************************************************
 *
 * RTL Debug Support API.
@@ -9808,15 +9835,13 @@ NTSYSAPI UNICODE_STRING RtlNtPathSeperatorString;
 *
 ************************************************************************************/
 
-struct _EVENT_FILTER_DESCRIPTOR;
-
-typedef VOID(NTAPI *PENABLECALLBACK)(
+typedef VOID(NTAPI *PETWENABLECALLBACK)(
     _In_ LPCGUID SourceId,
     _In_ ULONG IsEnabled,
     _In_ UCHAR Level,
     _In_ ULONGLONG MatchAnyKeyword,
     _In_ ULONGLONG MatchAllKeyword,
-    _In_opt_ struct _EVENT_FILTER_DESCRIPTOR *FilterData,
+    _In_opt_ /*EVENT_FILTER_DESCRIPTOR*/ PVOID FilterData,
     _Inout_opt_ PVOID CallbackContext
     );
 
@@ -9825,10 +9850,20 @@ NTSTATUS
 NTAPI
 EtwEventRegister(
     _In_ LPCGUID ProviderId,
-    _In_opt_ PENABLECALLBACK EnableCallback,
+    _In_opt_ PETWENABLECALLBACK EnableCallback,
     _In_opt_ PVOID CallbackContext,
     _Out_ PREGHANDLE RegHandle);
 
+NTSYSAPI
+ULONG
+NTAPI
+EtwEventWriteNoRegistration(
+    _In_ LPCGUID ProviderId,
+    _In_ /*PCEVENT_DESCRIPTOR*/ PVOID EventDescriptor,
+    _In_ ULONG UserDataCount,
+    _In_reads_opt_(UserDataCount) /*PEVENT_DATA_DESCRIPTOR*/PVOID UserData);
+
+
 /*
 ** Runtime Library API END
 */
@@ -10804,7 +10839,7 @@ NtQueryDirectoryFile(
     _In_opt_ PUNICODE_STRING FileName,
     _In_ BOOLEAN RestartScan);
 
-NTSYSCALLAPI
+NTSYSAPI
 NTSTATUS
 NTAPI
 NtQueryDirectoryFileEx(
@@ -12367,6 +12402,32 @@ NTAPI
 NtTestAlert(
     VOID);
 
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtAlertThread(
+    _In_ HANDLE ThreadHandle);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtAlertResumeThread(
+    _In_ HANDLE ThreadHandle,
+    _Out_opt_ PULONG PreviousSuspendCount);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtAlertThreadByThreadId(
+    _In_ HANDLE ThreadId);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtWaitForAlertByThreadId(
+    _In_ PVOID Address,
+    _In_opt_ PLARGE_INTEGER Timeout);
+
 NTSYSAPI
 NTSTATUS
 NTAPI