starting commit

+# ppsspp.pri
+# 12/26/2014 jichi
+
+DEPENDPATH  += $$PWD
+
+HEADERS += \
+  $$PWD/funcinfo.h
+
+# EOF

+# ith.pro
+# 10/13/2011 jichi
+
+TEMPLATE = subdirs
+
+# The order is important!
+SUBDIRS += \
+  sys \
+  hook hookxp \
+  host
+
+OTHER_FILES += dllconfig.pri
+
+include(common/common.pri)  # not used
+include(import/mono/mono.pri)  # not used
+include(import/ppsspp/ppsspp.pri)  # not used
+
+# EOF

+# sys.pro
+# CONFIG += noqt noeh staticlib
+
+# CONFIG(noeh) {
+#   message(CONFIG noeh)
+#   QMAKE_CXXFLAGS          += /GR-
+#   QMAKE_CXXFLAGS_RTTI_ON  -= /GR
+#   QMAKE_CXXFLAGS_STL_ON        -= /EHsc
+#   QMAKE_CXXFLAGS_EXCEPTIONS_ON -= /EHsc
+#   CONFIG(dll) {
+#     QMAKE_LFLAGS +=  /ENTRY:"DllMain"
+#   }
+# }
+
+set(vnrsys_src
+  sys.h
+  sys.cc
+)
+
+add_library(vnrsys STATIC ${vnrsys_src})
+
+target_compile_options(vnrsys PRIVATE
+  # http://msdn.microsoft.com/library/we6hfdy0.aspx
+  /GR- # disable RTTI
+  # http://msdn.microsoft.com/library/1deeycx5.aspx
+  # /EHs-c- # disable exception handling # CMake bug 15243: http://www.cmake.org/Bug/view.php?id=15243
+  $<$<CONFIG:Release>:>
+  $<$<CONFIG:Debug>:>
+)
+
+STRING(REPLACE "/EHsc" "" CMAKE_CXX_FLAGS ${CMAKE_CXX_FLAGS})
+
+target_link_libraries(vnrsys comctl32.lib)
+
+target_compile_definitions(vnrsys
+  PRIVATE
+)

+#pragma once
+
+// ith/sys.h
+// 8/23/2013 jichi
+// Branch: ITH/IHF_SYS.h, rev 111
+
+#ifdef _MSC_VER
+# pragma warning(disable:4800) // C4800: forcing value to bool
+#endif // _MSC_VER
+
+#include "ntdll/ntdll.h"
+
+// jichi 8/24/2013: Why extern "C"? Any specific reason to use C instead of C++ naming?
+extern "C" {
+//int disasm(BYTE *opcode0);  // jichi 8/15/2013: move disasm to separate file
+extern WORD *NlsAnsiCodePage;
+int FillRange(LPCWSTR name,DWORD *lower, DWORD *upper);
+int MB_WC(char *mb, wchar_t *wc);
+//int MB_WC_count(char *mb, int mb_length);
+int WC_MB(wchar_t *wc, char *mb);
+
+// jichi 10/1/2013: Return 0 if failed. So, it is ambiguous if the search pattern starts at 0
+DWORD SearchPattern(DWORD base, DWORD base_length, LPCVOID search, DWORD search_length); // KMP
+
+// jichi 2/5/2014: The same as SearchPattern except it uses 0xff to match everything
+// According to @Andys, 0xff seldom appear in the source code: http://sakuradite.com/topic/124
+enum : BYTE { SP_ANY = 0xff };
+#define SP_ANY_2 SP_ANY,SP_ANY
+#define SP_ANY_3 SP_ANY,SP_ANY,SP_ANY
+#define SP_ANY_4 SP_ANY,SP_ANY,SP_ANY,SP_ANY
+DWORD SearchPatternEx(DWORD base, DWORD base_length, LPCVOID search, DWORD search_length, BYTE wildcard=SP_ANY);
+
+BOOL IthInitSystemService();
+void IthCloseSystemService();
+DWORD IthGetMemoryRange(LPCVOID mem, DWORD *base, DWORD *size);
+BOOL IthCheckFile(LPCWSTR file);
+BOOL IthFindFile(LPCWSTR file);
+BOOL IthGetFileInfo(LPCWSTR file, LPVOID info, DWORD size = 0x1000);
+BOOL IthCheckFileFullPath(LPCWSTR file);
+HANDLE IthCreateFile(LPCWSTR name, DWORD option, DWORD share, DWORD disposition);
+HANDLE IthCreateFileInDirectory(LPCWSTR name, HANDLE dir, DWORD option, DWORD share, DWORD disposition);
+HANDLE IthCreateDirectory(LPCWSTR name);
+HANDLE IthCreateFileFullPath(LPCWSTR fullpath, DWORD option, DWORD share, DWORD disposition);
+HANDLE IthPromptCreateFile(DWORD option, DWORD share, DWORD disposition);
+HANDLE IthCreateSection(LPCWSTR name, DWORD size, DWORD right);
+HANDLE IthCreateEvent(LPCWSTR name, DWORD auto_reset=0, DWORD init_state=0);
+HANDLE IthOpenEvent(LPCWSTR name);
+void IthSetEvent(HANDLE hEvent);
+void IthResetEvent(HANDLE hEvent);
+HANDLE IthCreateMutex(LPCWSTR name, BOOL InitialOwner, DWORD *exist=0);
+HANDLE IthOpenMutex(LPCWSTR name);
+BOOL IthReleaseMutex(HANDLE hMutex);
+//DWORD IthWaitForSingleObject(HANDLE hObject, DWORD dwTime);
+HANDLE IthCreateThread(LPCVOID start_addr, DWORD param, HANDLE hProc=(HANDLE)-1);
+DWORD GetExportAddress(DWORD hModule,DWORD hash);
+void IthSleep(int time); // jichi 9/28/2013: in ms
+void IthSystemTimeToLocalTime(LARGE_INTEGER *ptime);
+void FreeThreadStart(HANDLE hProc);
+void CheckThreadStart();
+} // extern "C"
+
+#ifdef ITH_HAS_HEAP
+extern HANDLE hHeap; // used in ith/common/memory.h
+#endif // ITH_HAS_HEAP
+
+extern DWORD current_process_id;
+extern DWORD debug;
+extern BYTE LeadByteTable[];
+extern LPVOID page;
+extern BYTE launch_time[];
+
+inline DWORD GetHash(LPSTR str)
+{
+  DWORD hash = 0;
+  //for (; *str; str++)
+  while (*str)
+    hash = ((hash>>7) | (hash<<25)) + *str++;
+  return hash;
+}
+
+inline DWORD GetHash(LPCWSTR str)
+{
+  DWORD hash = 0;
+  //for (; *str; str++)
+  while (*str)
+    hash = ((hash>>7) | (hash<<25)) + *str++;
+  return hash;
+}
+
+inline void IthBreak()
+{ if (debug) __debugbreak(); }
+
+inline LPCWSTR GetMainModulePath()
+{
+  __asm
+  {
+    mov eax, fs:[0x30]
+    mov eax, [eax + 0xC]
+    mov eax, [eax + 0xC]
+    mov eax, [eax + 0x28]
+  }
+}
+
+// jichi 9/28/2013: Add this to lock NtWriteFile in wine
+class IthMutexLocker
+{
+  HANDLE m;
+public:
+  explicit IthMutexLocker(HANDLE mutex) : m(mutex)
+  { NtWaitForSingleObject(m, 0, 0); }
+
+  ~IthMutexLocker() { if (m != INVALID_HANDLE_VALUE) IthReleaseMutex(m); }
+
+  bool locked() const  { return m != INVALID_HANDLE_VALUE; }
+
+  void unlock()  { if (m != INVALID_HANDLE_VALUE) { IthReleaseMutex(m); m = INVALID_HANDLE_VALUE; } }
+};
+
+void IthCoolDown();
+
+BOOL IthIsWine();
+BOOL IthIsWindowsXp();
+//BOOL IthIsWindows8OrGreater(); // not public
+
+/** Get current dll path.
+ *  @param  buf
+ *  @param  len
+ *  @return  length of the path excluding \0
+ */
+size_t IthGetCurrentModulePath(wchar_t *buf, size_t len);
+
+// EOF

+# sys.pri
+# 8/21/2013 jichi
+
+DEFINES     += WITH_LIB_ITH_SYS
+LIBS        += -lvnrsys
+DEPENDPATH  += $$PWD
+HEADERS     += $$PWD/sys.h
+#SOURCES     += $$PWD/sys.cc
+
+#include($$LIBDIR/winddk/winddk.pri)
+#LIBS    += -L$$WDK/lib/wxp/i386
+
+# EOF

+# sys.pro
+# 8/21/2013 jichi
+# Build vnrsys.lib
+
+CONFIG += noqt noeh staticlib
+
+include(../../../../config.pri)
+include($$LIBDIR/ntdll/ntdll.pri)
+
+#include($$LIBDIR/winddk/winddk.pri)
+#LIBS    += -L$$WDK/lib/wxp/i386
+
+# jichi 9/22/2013: When ITH is on wine, certain NT functions are replaced
+#DEFINES += ITH_WINE
+
+# jichi 9/14/2013: Windows XP's msvnrt does not have except handler
+DEFINES -= ITH_HAS_SEH
+
+# jichi 11/24/2013: Disable manual heap
+DEFINES -= ITH_HAS_HEAP
+
+## Libraries
+
+#INCLUDEPATH += $$ITH_HOME/include
+#INCLUDEPATH += $$WDK7_HOME/inc/ddk
+
+#LIBS        += -lgdi32 -luser32 -lkernel32
+#LIBS        += -L$$WDK7_HOME/lib/wxp/i386 -lntdll
+#LIBS        += $$WDK7_HOME/lib/crt/i386/msvcrt.lib   # Override msvcrt10
+
+#DEFINES += ITH_HAS_CXX
+
+#LIBS    += -lith_sys -lntdll
+#LIBS    += -lith_tls -lntdll
+#LIBS    += -lntoskrnl
+
+DEFINES += _CRT_NON_CONFORMING_SWPRINTFS
+
+## Sources
+
+TEMPLATE = lib
+TARGET  = vnrsys
+
+HEADERS += sys.h
+SOURCES += sys.cc
+
+OTHER_FILES += sys.pri
+
+# EOF

+12/16/2013
+
+Differences between xp.dll and non-xp.dll for vnrhook.
+
+non-xp:
+  CONFIG += eh
+
+xp:
+  CONFIG += noeh
+  CONFIG -= embed_manifest_dll # Pure dynamic determined. The manifest would break Windows XP support
+  include($$LIBDIR/winseh/winseh_safe.pri)

+#ifndef _MEMDBG_H
+#define _MEMDBG_H
+
+// memdbg.h
+// 4/20/2014 jichi
+
+#ifndef MEMDBG_BEGIN_NAMESPACE
+# define MEMDBG_BEGIN_NAMESPACE namespace MemDbg {
+#endif
+#ifndef MEMDBG_END_NAMESPACE
+# define MEMDBG_END_NAMESPACE   } // MemDbg
+#endif
+
+MEMDBG_BEGIN_NAMESPACE
+
+typedef unsigned char byte_t;
+typedef unsigned long dword_t;
+
+//typedef void *address_t; // LPVOID
+//typedef const void *const_address_t; // LPCVOID
+
+MEMDBG_END_NAMESPACE
+
+
+#endif // _MEMDBG_H

+# ntinspect.pri
+# 4/20/2014 jichi
+win32 {
+
+DEFINES += WITH_LIB_MEMDBG
+
+DEPENDPATH += $$PWD
+
+HEADERS += \
+  $$PWD/memdbg.h \
+  $$PWD/memsearch.h
+
+SOURCES += \
+  $$PWD/memsearch.cc
+}
+
+# EOF

+#ifndef _MEMDBG_MEMSEARCH_H
+#define _MEMDBG_MEMSEARCH_H
+
+// memsearch.h
+// 4/20/2014 jichi
+
+#include "memdbg/memdbg.h"
+
+MEMDBG_BEGIN_NAMESPACE
+
+/// Estimated maximum size of the caller function, the same as ITH FindCallAndEntryAbs
+enum { MaximumFunctionSize = 0x800 };
+
+/**
+ *  Return the absolute address of the caller function
+ *  The same as ITH FindCallAndEntryAbs().
+ *
+ *  @param  funcAddr  callee function address
+ *  @param  funcInst  the machine code where the caller function starts
+ *  @param  lowerBound  the lower memory address to search
+ *  @param  upperBound  the upper memory address to search
+ *  @param* callerSearchSize  the maximum size of caller
+ *  @return  the caller absolute address if succeed or 0 if fail
+ *
+ *  Example funcInst:
+ *  0x55: push ebp
+ *  0x81,0xec: sub esp XXOO (0xec81)
+ *  0x83,0xec: sub esp XXOO (0xec83)
+ */
+dword_t findCallerAddress(dword_t funcAddr, dword_t funcInst, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize);
+dword_t findCallerAddressAfterInt3(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize);
+dword_t findLastCallerAddress(dword_t funcAddr, dword_t funcInst, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize);
+dword_t findLastCallerAddressAfterInt3(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize);
+
+dword_t findMultiCallerAddress(dword_t funcAddr, const dword_t funcInsts[], dword_t funcInstCount, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize);
+
+/**
+ *  Return the absolute address of the long jump (not short jump) instruction address.
+ *  The same as ITH FindCallOrJmpAbs(false).
+ *
+ *  @param  funcAddr  callee function address
+ *  @param  lowerBound  the lower memory address to search
+ *  @param  upperBound  the upper memory address to search
+ *  @return  the call instruction address if succeed or 0 if fail
+ */
+dword_t findJumpAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound);
+
+/**
+ *  Return the absolute address of the far call (inter-module) instruction address.
+ *  The same as ITH FindCallOrJmpAbs(true).
+ *
+ *  @param  funcAddr  callee function address
+ *  @param  lowerBound  the lower memory address to search
+ *  @param  upperBound  the upper memory address to search
+ *  @return  the call instruction address if succeed or 0 if fail
+ */
+dword_t findFarCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound);
+
+///  Near call (intra-module)
+dword_t findNearCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound);
+
+///  Default to far call
+inline dword_t findCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound)
+{ return findFarCallAddress(funcAddr, lowerBound, upperBound); }
+
+///  Push value >= 0xff
+dword_t findPushDwordAddress(dword_t value, dword_t lowerBound, dword_t upperBound);
+
+///  Push value <= 0xff
+dword_t findPushByteAddress(byte_t value, dword_t lowerBound, dword_t upperBound);
+
+///  Default to push DWORD
+inline dword_t findPushAddress(dword_t value, dword_t lowerBound, dword_t upperBound)
+{ return findPushDwordAddress(value, lowerBound, upperBound); }
+
+/**
+ *  Return the enclosing function address outside the given address.
+ *  The same as ITH FindEntryAligned().
+ *  "Aligned" here means the function must be after in3 (0xcc) or nop (0x90).
+ *
+ *  If the function does NOT exist, this function might raise without admin privilege.
+ *  It is safer to wrap this function within SEH.
+ *
+ *  @param  addr  address within th function
+ *  @param  searchSize  max backward search size
+ *  @return  beginning address of the function
+ *  @exception  illegal memory access
+ */
+dword_t findEnclosingAlignedFunction(dword_t addr, dword_t searchSize = MaximumFunctionSize);
+
+/**
+ *  Return the address of the first matched pattern.
+ *  Return 0 if failed. The return result is ambiguous if the pattern address is 0.
+ *  This function simpily traverse all bytes in memory range and would raise
+ *  if no access to the region.
+ *
+ *  @param  pattern  array of bytes to match
+ *  @param  patternSize  size of the pattern array
+ *  @param  lowerBound  search start address
+ *  @param  upperBound  search stop address
+ *  @return  absolute address
+ *  @exception  illegal memory access
+ */
+dword_t findBytes(const void *pattern, dword_t patternSize, dword_t lowerBound, dword_t upperBound);
+
+/**
+ *  jichi 2/5/2014: The same as findBytes except it uses widecard to match everything.
+ *  The widecard should use the byte seldom appears in the pattern.
+ *  See: http://sakuradite.com/topic/124
+ *
+ *  @param  pattern  array of bytes to match
+ *  @param  patternSize  size of the pattern array
+ *  @param  lowerBound  search start address
+ *  @param  upperBound  search stop address
+ *  @param* widecard  the character to match everything
+ *  @return  absolute address
+ *  @exception  illegal memory access
+ */
+enum : byte_t { WidecardByte = 0x11 }; // jichi 7/17/2014: 0x11 seldom appear in PSP code pattern
+//enum : WORD { WidecardWord = 0xffff };
+dword_t matchBytes(const void *pattern, dword_t patternSize, dword_t lowerBound, dword_t upperBound,
+                   byte_t wildcard = WidecardByte);
+
+// User space: 0 - 2G (0 - 0x7ffeffff)
+// Kernel space: 2G - 4G  (0x80000000 - 0xffffffff)
+//
+// http://msdn.microsoft.com/en-us/library/windows/hardware/ff560042%28v=vs.85%29.aspx
+// http://codesequoia.wordpress.com/2008/11/28/understand-process-address-space-usage/
+// http://stackoverflow.com/questions/17244912/open-process-with-debug-privileges-and-read-write-memory
+enum MemoryRange : dword_t {
+  UserMemoryStartAddress = 0, UserMemoryStopAddress = 0x7ffeffff
+  , KernelMemoryStartAddress = 0x80000000, KernelMemoryStopAddress = 0xffffffff
+  , MappedMemoryStartAddress = 0x01000000
+
+  , MemoryStartAddress = UserMemoryStartAddress, MemoryStopAddress = UserMemoryStopAddress
+};
+
+#if 0 // not used
+/**
+ *  Traverse memory continues pages and return the address of the first matched pattern.
+ *
+ *  @param  pattern  array of bytes to match
+ *  @param  patternSize  size of the pattern array
+ *  @param  lowerBound  search start address
+ *  @param  upperBound  search stop address
+ *  @param* search  search all pages (SearchAll) or stop on first illegal access (SearchFirst)
+ *  @return  absolute address
+ */
+enum SearchType : byte_t { SearchAll = 0 , SearchFirst };
+
+dword_t findBytesInPages(const void *pattern, dword_t patternSize,
+    dword_t lowerBound = MemoryStartAddress, dword_t upperBound = MemoryStopAddress,
+    SearchType search = SearchAll);
+dword_t matchBytesInPages(const void *pattern, dword_t patternSize,
+    dword_t lowerBound = MemoryStartAddress, dword_t upperBound = MemoryStopAddress,
+    byte_t wildcard = WidecardByte, SearchType search = SearchAll);
+
+#endif // 0
+
+MEMDBG_END_NAMESPACE
+
+#endif // _MEMDBG_MEMSEARCH_H