added SMSW x86 instruction demo

Author: winterknife

EVENSTAR.sln

@@ -5,13 +5,17 @@ VisualStudioVersion = 17.11.35312.102
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ReadCRDbgExt", "ReadCRDbgExt\ReadCRDbgExt.vcxproj", "{78BD9103-3B0A-46DF-9261-148EA8F34DF0}"
 EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ReadMSW", "ReadMSW\ReadMSW.vcxproj", "{F9AB9899-9F93-4252-B634-740F19CCC1DC}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Release|x64 = Release|x64
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{78BD9103-3B0A-46DF-9261-148EA8F34DF0}.Release|x64.ActiveCfg = Release|x64
 		{78BD9103-3B0A-46DF-9261-148EA8F34DF0}.Release|x64.Build.0 = Release|x64
+		{F9AB9899-9F93-4252-B634-740F19CCC1DC}.Release|x64.ActiveCfg = Release|x64
+		{F9AB9899-9F93-4252-B634-740F19CCC1DC}.Release|x64.Build.0 = Release|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

ReadMSW/Inc/BaseDataTypes.h

@@ -0,0 +1,74 @@
+// ========================================================================
+// File: BaseDataTypes.h
+//
+// Author: winterknife
+//
+// Description: Type definitions for common Windows base data types made
+// for maintaining uniformity across all User Mode and Kernel Mode code
+//
+// Modifications:
+//  2021-07-31	Created
+//  2022-08-13	Updated
+// ========================================================================
+
+// ========================================================================
+// Pragmas
+// ========================================================================
+
+#pragma once
+
+// ========================================================================
+// Type definitions
+// ========================================================================
+
+#pragma region TYPEDEFS
+
+// 8-bit unsigned integer, range = 0 - 255, unsigned char
+typedef unsigned __int8 BYTE, *PBYTE;
+
+// 16-bit unsigned integer, range = 0 - 65535, unsigned short
+typedef unsigned __int16 WORD, *PWORD;
+
+// 32-bit unsigned integer, range = 0 - 4294967295, unsigned int or unsigned long
+typedef unsigned long DWORD, *PDWORD;
+
+// 64-bit unsigned integer, range = 0 - 18446744073709551615, unsigned long long
+typedef unsigned __int64 QWORD, *PQWORD;
+
+// Should be TRUE(1) or FALSE(0), unsigned char or bool
+typedef unsigned __int8 BOOLEAN, *PBOOLEAN;
+
+// 8-bit UTF-8/Multibyte/ANSI character, char
+typedef __int8 CHAR, *PCHAR;
+
+// 16-bit UTF-16/Wide/UNICODE character, unsigned short
+typedef wchar_t WCHAR, *PWCHAR;
+
+// Pointer to any type, size = 4 bytes or 8 bytes depending on code bitness
+typedef void* PVOID;
+
+// Pointer to a constant of any type
+typedef const void* PCVOID;
+
+// Pointer to constant null-terminated string of ANSI characters
+typedef _Null_terminated_ const __int8* PCSTR;
+
+// Pointer to constant null-terminated string of UNICODE characters
+typedef _Null_terminated_ const wchar_t* PCWSTR;
+
+// Pointer to constant null-terminated string of ANSI or UNICODE characters depending on character encoding scheme
+#if defined(UNICODE)
+typedef const __wchar_t* PCTSTR;
+#else
+typedef const __int8* PCTSTR;
+#endif
+
+// 32-bit or 64-bit unsigned integer, range = 0 - 4294967295 or 18446744073709551615 depending on compiler bitness
+// Used for casting pointers
+#if defined(_WIN64)
+typedef unsigned __int64 DWORD_PTR, *PDWORD_PTR;
+#else
+typedef unsigned long DWORD_PTR, *PDWORD_PTR;
+#endif
+
+#pragma endregion

ReadMSW/Inc/Common.h

@@ -0,0 +1,144 @@
+// ========================================================================
+// File: Common.h
+//
+// Author: winterknife
+//
+// Description: Contains the common stuff for this project
+//
+// Modifications:
+//  2021-08-21	Created
+//  2025-01-09	Updated
+// ========================================================================
+
+// ========================================================================
+// Pragmas
+// ========================================================================
+
+#pragma once
+
+// Specify program entry point
+#pragma comment(linker, "/ENTRY:ExeInit")
+
+// Merge sections
+#if defined (_MSC_VER)
+#if (_MSC_VER >= 1920)
+#pragma comment(linker, "/MERGE:_RDATA=.rdata")
+#endif
+#endif
+
+// Emit error message at compile time if trying to build for 32-bit x86 target
+#if !defined(_WIN64)
+#error x86 build target is unsupported!
+#endif
+
+// ========================================================================
+// Includes
+// ========================================================================
+
+#define WIN32_LEAN_AND_MEAN
+#include <Windows.h>
+#include <intrin.h>
+#include "BaseDataTypes.h"
+
+#pragma intrinsic(__stosb)
+#pragma intrinsic(__movsb)
+#pragma intrinsic(strlen)
+#pragma intrinsic(strcmp)
+
+// ========================================================================
+// Macros
+// ========================================================================
+
+#pragma region MACROS
+
+// Module name
+#define __MODULE__ "ReadMSW"
+
+// Comment out for final build
+//#define DEBUG_BUILD
+
+// Stringizing operator macro
+#ifndef _CRT_STRINGIZE
+#define _CRT_STRINGIZE_(x) #x
+#define _CRT_STRINGIZE(x) _CRT_STRINGIZE_(x)
+#endif
+
+// Get mangled name of a function
+#define GET_MANGLED_FUNCTION_NAME __pragma(message(__FILE__ _CRT_STRINGIZE((__LINE__): \nfunction:\t) __FUNCSIG__ " is mangled to: " __FUNCDNAME__))
+
+// To set alternate name of decorated x86 IAT global function pointer
+#ifdef _X86_
+// Uses undocumented /ALTERNATENAME linker flag
+#define ALT_NAME(name, n) __pragma(comment(linker, _CRT_STRINGIZE(/ALTERNATENAME:__imp__##name##@##n####=___imp_##name)))
+#else
+#define ALT_NAME(name, n)
+#endif
+
+// To declare/initialize global IAT function pointers for run-time dynamic linking, use on global scope
+#define IMP_FUNC(name, n) EXTERN_C_START PVOID __imp_##name = NULL; EXTERN_C_END ALT_NAME(name, n)
+
+// To declare/initialize local function pointers for run-time dynamic linking, use on local scope
+// Warning: will ignore SAL annotations
+#define IMP_FUNC_PIC(name) typedef decltype(name) __type_##name; __type_##name* ##name = NULL;
+
+// Check if a function is in a delay loaded module, use on a global scope
+#define CHECK_DELAY_LOAD(f) extern "C" extern void* __imp_load_ ##f; void test_delay_load ##f(){ (__imp_load_ ##f) ? 1 : 0; }
+
+// Macro to indicate a specific function to the linker as the first in the link order
+#define CODE_BEGIN code_seg(push, ".text")
+
+// Macro to indicate the end of the specific function to the linker
+#define CODE_END code_seg(pop)
+
+// Macro to disable all compiler optimizations for a specific function
+#define OPTIMIZATION_OFF optimize("", off)
+
+// Macro to re-enable/reset compiler optimizations for a specific function
+#define OPTIMIZATION_ON optimize("", on)
+
+// Macro to enable compiler optimizations for generating short sequences of machine code for a specific function
+#if defined(_M_IX86)
+#define OPTIMIZATION_SIZE optimize("gsy", on)
+#else
+#define OPTIMIZATION_SIZE optimize("gs", on)
+#endif
+
+// Macro to enable compiler optimizations for generating fast sequences of machine code for a specific function
+#if defined(_M_IX86)
+#define OPTIMIZATION_SPEED optimize("gty", on)
+#else
+#define OPTIMIZATION_SPEED optimize("gt", on)
+#endif
+
+// Macro to fill a block of memory with zeroes given it's address and length in bytes by generating store string instruction(rep stosb)
+// Enhanced REP STOSB/MOVSB(ERMSB) are only available since Ivy Bridge Intel microarchitecture(2012/2013)
+// Processors that provide support for enhanced MOVSB/STOSB operations are enumerated by the CPUID feature flag: CPUID:(EAX=7H, ECX=0H):EBX.ERMSB[bit 9] = 1
+#define ZERO_MEMORY(Destination, Length) __stosb((PBYTE)Destination, 0, Length)
+
+// Macro to copy a block of memory given it's source address, destination address and the number of bytes to copy by generating move string instruction(rep movsb)
+#define COPY_MEMORY(Destination, Source, Count) __movsb((PBYTE)Destination, (const PBYTE)Source, Count)
+
+#pragma endregion
+
+// ========================================================================
+// C inline routines
+// ========================================================================
+
+#pragma region INLINES
+
+// Brief: To compare two blocks of memory and return the number of bytes that match
+// Parameter1: pcSource1 = Pointer to the first block of memory
+// Parameter2: pcSource2 = Pointer to the second block of memory
+// Parameter3: dwptrLength = The number of bytes to compare
+// Return: Number of bytes in the two blocks that match, if all bytes match up to the specified Length value, the Length value is returned
+extern "C" __forceinline DWORD_PTR __stdcall compare_memory(_In_ const PVOID pcSource1, _In_ const PVOID pcSource2, _In_ DWORD_PTR dwptrLength) {
+	// Init local variables
+	DWORD_PTR dwptrIndex = 0;
+
+	// Start comparing the two blocks of memory
+	for (dwptrIndex = 0; (dwptrIndex < dwptrLength) && (((PBYTE)pcSource1)[dwptrIndex] == ((PBYTE)pcSource2)[dwptrIndex]); dwptrIndex++);
+
+	return dwptrIndex;
+}
+
+#pragma endregion

ReadMSW/Inc/ReadMsw.h

@@ -0,0 +1,39 @@
+// ========================================================================
+// File: ReadMsw.h
+//
+// Author: winterknife
+//
+// Description: Header file for ReadMsw32/64.asm source file
+//
+// Modifications:
+//  2025-01-09	Created
+//  2025-01-09  Updated
+// ========================================================================
+
+// ========================================================================
+// Pragmas
+// ========================================================================
+
+#pragma once
+
+// ========================================================================
+// Includes
+// ========================================================================
+
+#include "Common.h"
+
+// ========================================================================
+// Assembly routine declarations
+// ========================================================================
+
+#pragma region DECLARATIONS
+
+/// @brief Check if segment-level protection is enabled
+/// @param None
+/// @return Returns TRUE if protected mode is enabled or FALSE if real-address mode is enabled
+_Success_(return != 0) _Must_inspect_result_ _IRQL_requires_max_(DISPATCH_LEVEL)
+extern "C" __declspec(noinline) BOOLEAN __fastcall is_protected_mode_enabled(
+	VOID
+);
+
+#pragma endregion

ReadMSW/Lib/msvcrt_x64.lib

@@ -0,0 +1,34 @@
+# EVENSTAR - ReadMSW
+
+## Version
+- `v1.0.0`
+
+## Brief
+- `ISA: x86`
+- `Mode: Real, Protected, Long`
+- `Bitness: 16-bit, 32-bit, 64-bit`
+- `CPL: 0, 3`
+- `OS: Windows`
+- `Language: C`
+- Sample code that demonstrates the usage of the `SMSW` instruction to fetch the the `Machine Status Word` (bits 0 through 15 of control register `CR0`) and check if the processor is running in `Protected` mode.
+
+## Usage
+- There aren't a lot of useful bits in the `MSW`
+- One notable exception: `PE (Protection Enable)` bit (0)
+- This flag enables Segmentation
+- Under normal circumstances, the sample code will always inform that `CR0.PE` bit is set
+- Only useful for low-level code such as `OS` and `Hypervisors`
+- Another possible use might be for `VM` detection but more testing is needed
+```shell
+C:\Users\winterknife\Desktop\ACED\EVENSTAR\ReadMSW\Bin\x64>ReadMSW.exe
+[*] ReadMSW Built Jan 14 2025 14:12:25
+Press any key to continue . . .
+Processor Execution Mode == Protected Mode
+Press any key to continue . . .
+```
+
+## Tested OS Versions
+- `Windows 11 24H2 Build 26100 Revision 1882 64-bit`
+
+## References
+1. [SMSW—Store Machine Status Word](https://namazso.github.io/x86/html/SMSW.html)