Created by: woodruffw
In progress.
Key changes:
- 1809 adds a new syscall:
NtCreateSectionEx. Like with 1803 and earlier releases, we use its presence to detect whether we're on 1809. - Based on the
NtCreateSectionExdocumentation, it's a strict superset of the existingNtCreateSectionsyscall. So I refactored the existing pre- and post-hooks to accommodate it. - As with every recent Windows 10 release, the syscall numbers have changed a bit. I've updated them based on https://github.com/hfiref0x/SyscallTables/blob/master/Binary/Tables/ntos/17763.txt. I couldn't find any documentation online for the x86 syscall numbers, so I've marked them as
UNKinsyscallx.h.