From f17d1bb03e27971dd423a6cebb8b413ec83a2b56 Mon Sep 17 00:00:00 2001
From: Johnny Shaw <johnny.shaw@live.com>
Date: Fri, 11 Oct 2024 19:50:50 -0600
Subject: [PATCH 1/3] kph update dyndata

---
 kphlib/kphdyn.c   | 26 +++++++++++++++++++++++++-
 kphlib/kphdyn.xml | 12 ++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/kphlib/kphdyn.c b/kphlib/kphdyn.c
index 7ff1b4b2bdb5..a7f11e1b0d01 100644
--- a/kphlib/kphdyn.c
+++ b/kphlib/kphdyn.c
@@ -79,7 +79,7 @@ CONST BYTE KphDynConfig[] =
     0x79, 0x20, 0x8c, 0xcb, 0xa3, 0xe3, 0x53, 0x4e,
     0x8b, 0x2e, 0xc1, 0x9c, 0x0a, 0x53, 0x1a, 0x14,
     0x65, 0x71, 0xc4, 0x66, 0x4a, 0x82, 0x8a, 0xf3,
-    0x67, 0x50, 0xfa, 0xb7, 0x3a, 0x25, 0x61, 0x13,
+    0x67, 0x50, 0xfa, 0xb7, 0x3a, 0x25, 0x61, 0x1f,
     0x07, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x1a,
     0x3c, 0x9f, 0x55, 0x00, 0x20, 0x85, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x7c,
@@ -502,6 +502,8 @@ CONST BYTE KphDynConfig[] =
     0x6f, 0xac, 0x66, 0x00, 0xf0, 0x81, 0x00, 0xba,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x43,
     0xd3, 0xba, 0x66, 0x00, 0xf0, 0x81, 0x00, 0xba,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0xc7,
+    0x01, 0xf6, 0x66, 0x00, 0xf0, 0x81, 0x00, 0xba,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x4c,
     0xba, 0xcc, 0x58, 0x00, 0x90, 0x88, 0x00, 0x7c,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x7d,
@@ -1912,6 +1914,10 @@ CONST BYTE KphDynConfig[] =
     0x46, 0x4f, 0x2a, 0x00, 0x70, 0x04, 0x01, 0x76,
     0x02, 0x00, 0x00, 0x01, 0x00, 0x64, 0x86, 0xad,
     0x40, 0xc5, 0x4a, 0x00, 0x20, 0x04, 0x01, 0xf2,
+    0x02, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0xee,
+    0xd9, 0xba, 0x58, 0x00, 0x70, 0x04, 0x01, 0x76,
+    0x02, 0x00, 0x00, 0x01, 0x00, 0x64, 0x86, 0x3d,
+    0x32, 0xba, 0x5c, 0x00, 0x20, 0x04, 0x01, 0xf2,
     0x02, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0xf2,
     0xf7, 0xe5, 0xc2, 0x00, 0x70, 0x04, 0x01, 0x76,
     0x02, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x07,
@@ -2446,6 +2452,10 @@ CONST BYTE KphDynConfig[] =
     0xa9, 0x0f, 0xcb, 0x00, 0xf0, 0x44, 0x01, 0x30,
     0x03, 0x00, 0x00, 0x01, 0x00, 0x64, 0x86, 0x2c,
     0xa9, 0xfb, 0x1d, 0x00, 0x90, 0x24, 0x01, 0x6e,
+    0x03, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0xec,
+    0xac, 0x5a, 0x14, 0x00, 0xf0, 0x44, 0x01, 0x30,
+    0x03, 0x00, 0x00, 0x01, 0x00, 0x64, 0x86, 0xb3,
+    0x6f, 0xa3, 0x3e, 0x00, 0x90, 0x24, 0x01, 0x6e,
     0x03, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x63,
     0x7d, 0x94, 0x0f, 0x00, 0xe0, 0x44, 0x01, 0x30,
     0x03, 0x00, 0x00, 0x01, 0x00, 0x64, 0x86, 0xbc,
@@ -2528,6 +2538,12 @@ CONST BYTE KphDynConfig[] =
     0xc7, 0x00, 0x59, 0x00, 0x90, 0x24, 0x01, 0x6e,
     0x03, 0x00, 0x00, 0x02, 0x00, 0x64, 0x86, 0x92,
     0xe3, 0xf1, 0xbb, 0x00, 0x00, 0x11, 0x00, 0xf8,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x7d,
+    0xd0, 0x09, 0x42, 0x00, 0xf0, 0x44, 0x01, 0x30,
+    0x03, 0x00, 0x00, 0x01, 0x00, 0x64, 0x86, 0x16,
+    0xea, 0xb8, 0x88, 0x00, 0x90, 0x24, 0x01, 0x6e,
+    0x03, 0x00, 0x00, 0x02, 0x00, 0x64, 0x86, 0x54,
+    0x18, 0x42, 0x22, 0x00, 0x00, 0x11, 0x00, 0xf8,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0x2a,
     0x00, 0xf0, 0x59, 0x00, 0xb0, 0x8c, 0x00, 0xac,
     0x03, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0x9a,
@@ -3570,6 +3586,8 @@ CONST BYTE KphDynConfig[] =
     0x46, 0x4c, 0x17, 0x00, 0xd0, 0x03, 0x01, 0x9c,
     0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0xb4,
     0x46, 0x4b, 0x2f, 0x00, 0xd0, 0x03, 0x01, 0x9c,
+    0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0xaa,
+    0xa5, 0x0d, 0x0f, 0x00, 0xd0, 0x03, 0x01, 0x9c,
     0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0xe8,
     0xdd, 0xf4, 0xad, 0x00, 0xd0, 0x03, 0x01, 0x9c,
     0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0x14,
@@ -3650,6 +3668,8 @@ CONST BYTE KphDynConfig[] =
     0xc2, 0x7d, 0xc2, 0x00, 0x90, 0x24, 0x01, 0xda,
     0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0x07,
     0x7c, 0x31, 0x14, 0x00, 0x90, 0x24, 0x01, 0xda,
+    0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0xfe,
+    0xe7, 0x4b, 0x87, 0x00, 0x90, 0x24, 0x01, 0xda,
     0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0x74,
     0xe6, 0x6b, 0x4b, 0x00, 0x90, 0x24, 0x01, 0xda,
     0x05, 0x00, 0x00, 0x02, 0x00, 0x64, 0xaa, 0x27,
@@ -3702,6 +3722,10 @@ CONST BYTE KphDynConfig[] =
     0x3c, 0x82, 0xbe, 0x00, 0x90, 0x24, 0x01, 0xda,
     0x05, 0x00, 0x00, 0x02, 0x00, 0x64, 0xaa, 0x1a,
     0x8e, 0xb9, 0xd2, 0x00, 0xe0, 0x10, 0x00, 0xf8,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0x97,
+    0x09, 0xda, 0x43, 0x00, 0x90, 0x24, 0x01, 0xda,
+    0x05, 0x00, 0x00, 0x02, 0x00, 0x64, 0xaa, 0x08,
+    0xf0, 0x92, 0xf3, 0x00, 0xe0, 0x10, 0x00, 0xf8,
     0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x04, 0x20,
     0x00, 0x30, 0x00, 0x10, 0x00, 0x28, 0x00, 0x14,
     0x00, 0x11, 0x00, 0x10, 0x00, 0x18, 0x00, 0x00,
diff --git a/kphlib/kphdyn.xml b/kphlib/kphdyn.xml
index 0d47628b31d0..19370768c078 100644
--- a/kphlib/kphdyn.xml
+++ b/kphlib/kphdyn.xml
@@ -218,6 +218,7 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
     <data arch="amd64" version="10.0.14393.7155" file="ntoskrnl.exe" hash="dfd0308f3f936b5420933cde7fb5ffb3e9c0fabe507fae48c980457d8d32408c" timestamp="0x667a37ec" size="0x0081f000">10</data>
     <data arch="amd64" version="10.0.14393.7254" file="ntoskrnl.exe" hash="0552cfc3a14f5f1da40df3e0279e18f9a2ac9ae4805f6b4b939125c6700e13ee" timestamp="0x66ac6f9d" size="0x0081f000">10</data>
     <data arch="amd64" version="10.0.14393.7330" file="ntoskrnl.exe" hash="47b594c9cff6a9988dfaee89420bb8dc157258605bde21319169b5c3a3cae055" timestamp="0x66bad343" size="0x0081f000">10</data>
+    <data arch="amd64" version="10.0.14393.7426" file="ntoskrnl.exe" hash="7409692355f37e9c2e80680e3044836bfba02235816509b67ff08314340b8654" timestamp="0x66f601c7" size="0x0081f000">10</data>
     <data arch="amd64" version="10.0.15063.0" file="ntoskrnl.exe" hash="8373267ef4dceb7999ccfa9c3c47e75c2623f5aa16a5e46baf2a394faaf5d77f" timestamp="0x58ccba4c" size="0x00889000">2</data>
     <data arch="amd64" version="10.0.15063.13" file="ntoskrnl.exe" hash="fc859fabda7455b5057721a9872e77d348520a9693e3164b2826c026aff55f35" timestamp="0x58dc8f7d" size="0x00889000">2</data>
     <data arch="amd64" version="10.0.15063.296" file="ntoskrnl.exe" hash="3fd464b08e01baf92e91b17d4003d638f5ff52b8d9be5fe6db7277c9c616e8ca" timestamp="0x5902843e" size="0x00889000">2</data>
@@ -923,6 +924,8 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
     <data arch="amd64" version="10.0.22000.3147" file="ntkrla57.exe" hash="164e0923dbcf06355b21c75651b16029d602d91ff76862731a70555329307ece" timestamp="0x3d23d9c4" size="0x01042000">13</data>
     <data arch="amd64" version="10.0.22000.3197" file="ntoskrnl.exe" hash="4b6593143155e1a1314ab73bf9d0622180764268d54984541627b5041bb46de8" timestamp="0x2a4f46b3" size="0x01047000">8</data>
     <data arch="amd64" version="10.0.22000.3197" file="ntkrla57.exe" hash="d4d7f0599857b29bbc5e0aa61df5413ed34a805b9fde967f6d1642f68c68cad3" timestamp="0x4ac540ad" size="0x01042000">13</data>
+    <data arch="amd64" version="10.0.22000.3260" file="ntoskrnl.exe" hash="913bc1ae4f89554145e75968e8de1084bca5682d00fcf77415097fe5f713f50a" timestamp="0x58bad9ee" size="0x01047000">8</data>
+    <data arch="amd64" version="10.0.22000.3260" file="ntkrla57.exe" hash="8687fc3d2f74eb98f1690c83fd5015e992e62397531d5beb1c9dadf8ffcec260" timestamp="0x5cba323d" size="0x01042000">13</data>
     <data arch="amd64" version="10.0.22567.200" file="ntoskrnl.exe" hash="8e719872fcc04d041c874101946214b31a12de9039937395e693b536ed681455" timestamp="0xc2e5f7f2" size="0x01047000">8</data>
     <data arch="amd64" version="10.0.22621.1" file="ntoskrnl.exe" hash="8da58257e42b4716cd873fb2a6244daf769fb13c7585d078dd281513bd1c6f7d" timestamp="0x9182ea07" size="0x01047000">8</data>
     <data arch="amd64" version="10.0.22621.1" file="ntkrla57.exe" hash="6b7be416aa884bf653f41da20adec1b592b1b868982c40c2d2e6237b9c9fb024" timestamp="0xd29420fe" size="0x01041000">13</data>
@@ -1190,6 +1193,8 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
     <data arch="amd64" version="10.0.26100.1930" file="ntkrla57.exe" hash="fa3d3e11a94216b2b8d4ca32ccbf61ee55580e8ca2fd3d2128034d3e902b504d" timestamp="0x8ca25742" size="0x01249000">26</data>
     <data arch="amd64" version="10.0.26100.2033" file="ntoskrnl.exe" hash="80eb4c09526b97be23f6daa4ccd2bc97c467d2f3f5b278127693ccbcc17c8369" timestamp="0xcb0fa9da" size="0x0144f000">25</data>
     <data arch="amd64" version="10.0.26100.2033" file="ntkrla57.exe" hash="2ac9e0f99b57c0391d640db624cf06beb273631e8038e1c9d5dcc241f43879fd" timestamp="0x1dfba92c" size="0x01249000">26</data>
+    <data arch="amd64" version="10.0.26100.2122" file="ntoskrnl.exe" hash="25a34f36d2d332e223e875ac89c6e256c993ca869b864737401e80d3f1735ada" timestamp="0x145aacec" size="0x0144f000">25</data>
+    <data arch="amd64" version="10.0.26100.2122" file="ntkrla57.exe" hash="d6fab8b9c68bdd88e5a6205aeacf3393d0352b508d05c6ed3c05933b250325dd" timestamp="0x3ea36fb3" size="0x01249000">26</data>
     <data arch="amd64" version="10.0.26200.5001" file="ntoskrnl.exe" hash="2b5c8f42ce4fb4e3bfda5ee55f3a0c44f1f4b938321829c8e261060397c66c29" timestamp="0x0f947d63" size="0x0144e000">25</data>
     <data arch="amd64" version="10.0.26200.5001" file="ntkrla57.exe" hash="23552d1b0ca1821d43f5014099cae904806549d779ab7d741c9ce302d3cbc864" timestamp="0x051c88bc" size="0x01249000">26</data>
     <data arch="amd64" version="10.0.26200.5001" file="lxcore.sys" hash="da992e4f19764b4a34640f2332964c762bf7b9c8a8158a267d9ee236958596e0" timestamp="0xf5a37402" size="0x00110000">14</data>
@@ -1231,6 +1236,9 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
     <data arch="amd64" version="10.0.27718.1000" file="ntoskrnl.exe" hash="b8b771a0f587f9bb8be536c1701ef0771aaf71dbbdf9b8eabb154eb9671939da" timestamp="0x72d4cda6" size="0x0144f000">25</data>
     <data arch="amd64" version="10.0.27718.1000" file="ntkrla57.exe" hash="ef8dc7fdaeaa04bd26b6a1d99907e64e5f0d6c75e4fb9fa30c9558842b43c30a" timestamp="0x5900c7dd" size="0x01249000">26</data>
     <data arch="amd64" version="10.0.27718.1000" file="lxcore.sys" hash="9835a33b6fe3cc486bdbe2740a438a11396a7776180ad057d9d914093019e172" timestamp="0xbbf1e392" size="0x00110000">14</data>
+    <data arch="amd64" version="10.0.27723.1000" file="ntoskrnl.exe" hash="783b037d73c62865a5a49855cafc2962428de1083ab173600b4951f2db90db97" timestamp="0x4209d07d" size="0x0144f000">25</data>
+    <data arch="amd64" version="10.0.27723.1000" file="ntkrla57.exe" hash="3ad0ea661737d5f42c17762ad935186f380298c68752e12ddf27b9082164a6ae" timestamp="0x88b8ea16" size="0x01249000">26</data>
+    <data arch="amd64" version="10.0.27723.1000" file="lxcore.sys" hash="bb1cf7e042b96f429ca6a8182a9e9b19e6ec309f5b8c04cc3092d5b82f7c92a3" timestamp="0x22421854" size="0x00110000">14</data>
     <data arch="arm64" version="10.0.16299.64" file="ntoskrnl.exe" hash="b69c45a5f36a89b328f8c33206827aa9a20aab9b6de82072746ebb90d4fddc2e" timestamp="0x59f0002a" size="0x008cb000">15</data>
     <data arch="arm64" version="10.0.16299.334" file="ntoskrnl.exe" hash="5d1636205b61338320fd841a183a2c517434051181d04f6c326f070433d63422" timestamp="0x5aa74f9a" size="0x0089e000">15</data>
     <data arch="arm64" version="10.0.16299.371" file="ntoskrnl.exe" hash="4d53a27c0701a195f4d8e7cc9baccd25a5eefd7b499b76e7291bb4a3c6e42b78" timestamp="0x5abdad3e" size="0x0089d000">15</data>
@@ -1752,6 +1760,7 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
     <data arch="arm64" version="10.0.22621.4225" file="ntoskrnl.exe" hash="ac30640e6258bc5b3e7c349d59fc77160a9c39f17b2bcf05e7e149c65cc68316" timestamp="0x6c9d8f69" size="0x0103d000">22</data>
     <data arch="arm64" version="10.0.22621.4249" file="ntoskrnl.exe" hash="8fca5b9619f3c9ab3ec5af0c1b1fe8d888bc7417200d6b0889f820444ac77400" timestamp="0x174c4629" size="0x0103d000">22</data>
     <data arch="arm64" version="10.0.22621.4291" file="ntoskrnl.exe" hash="016c6cfd7d4ee14d2441a0b0d0c55feb56b371813751b2a286cfd134a6b3ff3c" timestamp="0x2f4b46b4" size="0x0103d000">22</data>
+    <data arch="arm64" version="10.0.22621.4300" file="ntoskrnl.exe" hash="3677bd379d833c512522da00aecb355aa32fa0c1350176378a37cf5e6b00ff8e" timestamp="0x0f0da5aa" size="0x0103d000">22</data>
     <data arch="arm64" version="10.0.22621.4317" file="ntoskrnl.exe" hash="558c0b04e4f8b56081a6111beea2bee5bcfa4edc6f86ba84c900b76567e28edd" timestamp="0xadf4dde8" size="0x0103d000">22</data>
     <data arch="arm64" version="10.0.26080.1" file="ntoskrnl.exe" hash="94616fa03a4b1de6825f84dd042a933dd8c8eaf58b259cd658dc98a0fa23926a" timestamp="0xfa6c3714" size="0x01249000">24</data>
     <data arch="arm64" version="10.0.26080.1" file="lxcore.sys" hash="acdf7e697cf2a3cd56ffe3546d25b029a579af29ce0bac49ad02ae6de2252243" timestamp="0x076e2176" size="0x0010e000">14</data>
@@ -1792,6 +1801,7 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
     <data arch="arm64" version="10.0.26100.1843" file="ntoskrnl.exe" hash="a1c9871b50c0aeaa96717e0527b13ea26b5af77350a65bddea9882ea50984290" timestamp="0xf3cdb593" size="0x01249000">24</data>
     <data arch="arm64" version="10.0.26100.1882" file="ntoskrnl.exe" hash="b76d4382edae9264307c3c999b25bc76995813e2295259dd751235338e00d622" timestamp="0xc27dc2f8" size="0x01249000">24</data>
     <data arch="arm64" version="10.0.26100.1912" file="ntoskrnl.exe" hash="45f9df49d337b9eb423e7c5371b9000c4ea1541c32c372bff810515c74430880" timestamp="0x14317c07" size="0x01249000">24</data>
+    <data arch="arm64" version="10.0.26100.1930" file="ntoskrnl.exe" hash="8fb69ffa4cd84d4382b537d810b133e6a3b2f87b45f981a5c4914f682ab40dcc" timestamp="0x874be7fe" size="0x01249000">24</data>
     <data arch="arm64" version="10.0.26100.2033" file="ntoskrnl.exe" hash="d6098a5d92e1bd38567a24d52f6c2f326e69a5af89e25e832d9595a7e17ea9db" timestamp="0x4b6be674" size="0x01249000">24</data>
     <data arch="arm64" version="10.0.26100.2033" file="lxcore.sys" hash="fc057d818c9b72bd5064fadf280e7d21adadee31ac06f0c674c0a59f229e916f" timestamp="0xf8f16c27" size="0x0010e000">14</data>
     <data arch="arm64" version="10.0.26200.5001" file="ntoskrnl.exe" hash="b3715d49cec1d1f4deb765973334c876d1c71ce3ec1d42a1232fcb9f380ac429" timestamp="0xcea2a8b9" size="0x01249000">24</data>
@@ -1818,6 +1828,8 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
     <data arch="arm64" version="10.0.27686.1000" file="lxcore.sys" hash="6c2234e0bab4177a7a139347c984b7bb568a60459c136bbfe7bdeb7f05c405b8" timestamp="0x8c01ed6c" size="0x0010e000">14</data>
     <data arch="arm64" version="10.0.27695.1000" file="ntoskrnl.exe" hash="8b040bacd3657556929d650117ff4b5604427fa8e09f5f0297b26b10e5c27e8a" timestamp="0xbe823cd0" size="0x01249000">24</data>
     <data arch="arm64" version="10.0.27695.1000" file="lxcore.sys" hash="3c84d631512cc36ed70180746f6b4982e9636fc55465e60aa158259c3d156387" timestamp="0xd2b98e1a" size="0x0010e000">14</data>
+    <data arch="arm64" version="10.0.27718.1000" file="ntoskrnl.exe" hash="937931e938128ba9daadda8c2607f121859520db6346a87f5b13ef07dff4959f" timestamp="0x43da0997" size="0x01249000">24</data>
+    <data arch="arm64" version="10.0.27718.1000" file="lxcore.sys" hash="e411d16b248e0fe9352d1dc7c370a3865648be8ad87a0752dcb250c62d2ecfc9" timestamp="0xf392f008" size="0x0010e000">14</data>
     <fields id="15">
         <field value="0x0018" name="EgeGuid"/>
         <field value="0x03c0" name="EpObjectTable"/>

From 749be5882841d31b52f3c0d85baa316432ecc34a Mon Sep 17 00:00:00 2001
From: Johnny Shaw <johnny.shaw@live.com>
Date: Fri, 11 Oct 2024 20:00:56 -0600
Subject: [PATCH 2/3] setup silent exec app

---
 tools/CustomSetupTool/main.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tools/CustomSetupTool/main.c b/tools/CustomSetupTool/main.c
index 70d8597d85ac..0e7cf55da1b6 100644
--- a/tools/CustomSetupTool/main.c
+++ b/tools/CustomSetupTool/main.c
@@ -244,19 +244,27 @@ VOID SetupSilent(
 
     if (PhGetOwnTokenAttributes().Elevated)
     {
+        BOOLEAN start;
+
         switch (Context->SetupMode)
         {
         default:
         case SetupCommandInstall:
             status = SetupProgressThread(Context);
+            start = TRUE;
             break;
         case SetupCommandUninstall:
             status = SetupUninstallBuild(Context);
+            start = FALSE;
             break;
         case SetupCommandUpdate:
             status = SetupUpdateBuild(Context);
+            start = TRUE;
             break;
         }
+
+        if (start && NT_SUCCESS(status) && Context->ErrorCode == ERROR_SUCCESS)
+            SetupExecuteApplication(Context);
     }
     else
     {

From 508bccc2015b9dbcc2f4b153cd9f1ca8bdbc5954 Mon Sep 17 00:00:00 2001
From: Johnny Shaw <johnny.shaw@live.com>
Date: Fri, 11 Oct 2024 20:34:56 -0600
Subject: [PATCH 3/3] module enum fix load count restore hashtable

---
 phlib/native.c | 95 ++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 77 insertions(+), 18 deletions(-)

diff --git a/phlib/native.c b/phlib/native.c
index 37ff64b23b16..f455d381fe29 100644
--- a/phlib/native.c
+++ b/phlib/native.c
@@ -10279,6 +10279,7 @@ typedef struct _ENUM_GENERIC_PROCESS_MODULES_CONTEXT
     PVOID Context;
     ULONG Type;
     ULONG LoadOrderIndex;
+    PPH_HASHTABLE BaseAddressHashtable;
 } ENUM_GENERIC_PROCESS_MODULES_CONTEXT, *PENUM_GENERIC_PROCESS_MODULES_CONTEXT;
 
 static BOOLEAN EnumGenericProcessModulesCallback(
@@ -10295,6 +10296,11 @@ static BOOLEAN EnumGenericProcessModulesCallback(
         Module->DllBase = (PVOID)(ULONG64_MAX - Context->LoadOrderIndex);
     }
 
+    if (PhFindEntryHashtable(Context->BaseAddressHashtable, &Module->DllBase))
+        return TRUE;
+
+    PhAddEntryHashtable(Context->BaseAddressHashtable, &Module->DllBase);
+
     RtlZeroMemory(&moduleInfo, sizeof(PH_MODULE_INFO));
     moduleInfo.Type = Context->Type;
     moduleInfo.BaseAddress = Module->DllBase;
@@ -10332,7 +10338,8 @@ static BOOLEAN EnumGenericProcessModulesCallback(
 VOID PhpRtlModulesToGenericModules(
     _In_ PRTL_PROCESS_MODULES Modules,
     _In_ PPH_ENUM_GENERIC_MODULES_CALLBACK Callback,
-    _In_opt_ PVOID Context
+    _In_opt_ PVOID Context,
+    _In_ PPH_HASHTABLE BaseAddressHashtable
     )
 {
     PRTL_PROCESS_MODULE_INFORMATION module;
@@ -10350,6 +10357,11 @@ VOID PhpRtlModulesToGenericModules(
             module->ImageBase = (PVOID)(ULONG64_MAX - i);
         }
 
+        if (PhFindEntryHashtable(BaseAddressHashtable, &module->ImageBase))
+            continue;
+
+        PhAddEntryHashtable(BaseAddressHashtable, &module->ImageBase);
+
         RtlZeroMemory(&moduleInfo, sizeof(PH_MODULE_INFO));
 
         if ((ULONG_PTR)module->ImageBase <= PhSystemBasicInformation.MaximumUserModeAddress)
@@ -10398,7 +10410,8 @@ VOID PhpRtlModulesToGenericModules(
 VOID PhpRtlModulesExToGenericModules(
     _In_ PRTL_PROCESS_MODULE_INFORMATION_EX Modules,
     _In_ PPH_ENUM_GENERIC_MODULES_CALLBACK Callback,
-    _In_opt_ PVOID Context
+    _In_opt_ PVOID Context,
+    _In_ PPH_HASHTABLE BaseAddressHashtable
     )
 {
     PRTL_PROCESS_MODULE_INFORMATION_EX module = Modules;
@@ -10407,14 +10420,19 @@ VOID PhpRtlModulesExToGenericModules(
 
     while (module->NextOffset != 0)
     {
-        RtlZeroMemory(&moduleInfo, sizeof(PH_MODULE_INFO));
-
         if (WindowsVersion >= WINDOWS_11_24H2 && !module->ImageBase)
         {
             // Assign pseudo address on 24H2 (dmex)
             module->ImageBase = (PVOID)(ULONG64_MAX - module->LoadOrderIndex);
         }
 
+        if (PhFindEntryHashtable(BaseAddressHashtable, &module->ImageBase))
+            continue;
+
+        PhAddEntryHashtable(BaseAddressHashtable, &module->ImageBase);
+
+        RtlZeroMemory(&moduleInfo, sizeof(PH_MODULE_INFO));
+
         if ((ULONG_PTR)module->ImageBase <= PhSystemBasicInformation.MaximumUserModeAddress)
             moduleInfo.Type = PH_MODULE_TYPE_MODULE;
         else
@@ -10502,6 +10520,7 @@ typedef struct _PH_ENUM_MAPPED_MODULES_PARAMETERS
     BOOLEAN TrackingAllocationBase;
     PVOID LastAllocationBase;
     SIZE_T AllocationSize;
+    PPH_HASHTABLE BaseAddressHashtable;
 } PH_ENUM_MAPPED_MODULES_PARAMETERS, *PPH_ENUM_MAPPED_MODULES_PARAMETERS;
 
 NTSTATUS NTAPI PhpEnumGenericMappedFilesAndImagesBulk(
@@ -10540,18 +10559,23 @@ NTSTATUS NTAPI PhpEnumGenericMappedFilesAndImagesBulk(
                 {
                     Parameters->TrackingAllocationBase = FALSE;
 
-                    if (NT_SUCCESS(PhGetProcessMappedFileName(ProcessHandle, Parameters->LastAllocationBase, &fileName)))
+                    if (!PhFindEntryHashtable(Parameters->BaseAddressHashtable, &Parameters->LastAllocationBase))
                     {
-                        if (!PhpCallbackMappedFileOrImage(
-                            Parameters->LastAllocationBase,
-                            Parameters->AllocationSize,
-                            type,
-                            fileName,
-                            Parameters->Callback,
-                            Parameters->Context
-                            ))
+                        PhAddEntryHashtable(Parameters->BaseAddressHashtable, &Parameters->LastAllocationBase);
+
+                        if (NT_SUCCESS(PhGetProcessMappedFileName(ProcessHandle, Parameters->LastAllocationBase, &fileName)))
                         {
-                            break;
+                            if (!PhpCallbackMappedFileOrImage(
+                                Parameters->LastAllocationBase,
+                                Parameters->AllocationSize,
+                                type,
+                                fileName,
+                                Parameters->Callback,
+                                Parameters->Context
+                                ))
+                            {
+                                break;
+                            }
                         }
                     }
                 }
@@ -10569,7 +10593,8 @@ VOID PhpEnumGenericMappedFilesAndImages(
     _In_ HANDLE ProcessHandle,
     _In_ ULONG Flags,
     _In_ PPH_ENUM_GENERIC_MODULES_CALLBACK Callback,
-    _In_opt_ PVOID Context
+    _In_opt_ PVOID Context,
+    _In_ PPH_HASHTABLE BaseAddressHashtable
     )
 {
     BOOLEAN querySucceeded;
@@ -10580,6 +10605,7 @@ VOID PhpEnumGenericMappedFilesAndImages(
     memset(&enumParameters, 0, sizeof(PH_ENUM_MAPPED_MODULES_PARAMETERS));
     enumParameters.Callback = Callback;
     enumParameters.Context = Context;
+    enumParameters.BaseAddressHashtable = BaseAddressHashtable;
 
     if (NT_SUCCESS(PhEnumVirtualMemoryBulk(
         ProcessHandle,
@@ -10654,6 +10680,9 @@ VOID PhpEnumGenericMappedFilesAndImages(
                 continue;
             }
 
+            if (PhFindEntryHashtable(BaseAddressHashtable, &allocationBase))
+                continue;
+
             if (!NT_SUCCESS(PhGetProcessMappedFileName(
                 ProcessHandle,
                 allocationBase,
@@ -10695,6 +10724,21 @@ VOID PhpEnumGenericMappedFilesAndImages(
     }
 }
 
+BOOLEAN NTAPI PhpBaseAddressHashtableEqualFunction(
+    _In_ PVOID Entry1,
+    _In_ PVOID Entry2
+    )
+{
+    return *(PVOID*)Entry1 == *(PVOID*)Entry2;
+}
+
+ULONG NTAPI PhpBaseAddressHashtableHashFunction(
+    _In_ PVOID Entry
+    )
+{
+    return PhHashIntPtr((ULONG_PTR)*(PVOID*)Entry);
+}
+
 /**
  * Enumerates the modules loaded by a process.
  *
@@ -10717,6 +10761,14 @@ NTSTATUS PhEnumGenericModules(
     )
 {
     NTSTATUS status;
+    PPH_HASHTABLE baseAddressHashtable;
+
+    baseAddressHashtable = PhCreateHashtable(
+        sizeof(PVOID),
+        PhpBaseAddressHashtableEqualFunction,
+        PhpBaseAddressHashtableHashFunction,
+        100
+        );
 
     if (ProcessId == SYSTEM_PROCESS_ID)
     {
@@ -10731,7 +10783,8 @@ NTSTATUS PhEnumGenericModules(
             PhpRtlModulesExToGenericModules(
                 modules,
                 Callback,
-                Context
+                Context,
+                baseAddressHashtable
                 );
             PhFree(modules);
         }
@@ -10744,7 +10797,8 @@ NTSTATUS PhEnumGenericModules(
                 PhpRtlModulesToGenericModules(
                     modules,
                     Callback,
-                    Context
+                    Context,
+                    baseAddressHashtable
                     );
                 PhFree(modules);
             }
@@ -10785,6 +10839,7 @@ NTSTATUS PhEnumGenericModules(
         context.Callback = Callback;
         context.Context = Context;
         context.Type = PH_MODULE_TYPE_MODULE;
+        context.BaseAddressHashtable = baseAddressHashtable;
         context.LoadOrderIndex = 0;
 
         parameters.Callback = EnumGenericProcessModulesCallback;
@@ -10805,6 +10860,7 @@ NTSTATUS PhEnumGenericModules(
             context.Callback = Callback;
             context.Context = Context;
             context.Type = PH_MODULE_TYPE_WOW64_MODULE;
+            context.BaseAddressHashtable = baseAddressHashtable;
             context.LoadOrderIndex = 0;
 
             status = PhEnumProcessModules32Ex(
@@ -10823,7 +10879,8 @@ NTSTATUS PhEnumGenericModules(
                 ProcessHandle,
                 Flags,
                 Callback,
-                Context
+                Context,
+                baseAddressHashtable
                 );
         }
 
@@ -10833,6 +10890,8 @@ NTSTATUS PhEnumGenericModules(
 
 CleanupExit:
 
+    PhDereferenceObject(baseAddressHashtable);
+
     return status;
 }