small cleanup in header files

2026-06-09 17:07:17 +00:00 · 2023-10-06 16:12:52 +02:00
parent 7be844b518
commit 43cea1f08b
41 changed files with 91 additions and 78 deletions
@@ -9,9 +9,9 @@
 #include <tchar.h>
 #include <stdio.h>

-#include "../EDRSandblast.h"
 #include "FileVersion.h"
 #include "PdbSymbols.h"
+#include "PrintFunctions.h"

 #include "CiOffsets.h"

@@ -12,7 +12,7 @@

 #include "DriverOps.h"

-#include "../EDRSandblast.h"
+#include "PrintFunctions.h"
 #include "StringUtils.h"
 #include "WindowsServiceOps.h"
 /*
@@ -6,7 +6,7 @@
 #include <Tchar.h>
 #include <stdio.h>

-#include "../EDRSandblast.h"
+#include "PrintFunctions.h"

 #include "FileVersion.h"

@@ -1,5 +1,5 @@
 extern "C" {
-#include "../EDRSandblast.h"
+#include "PrintFunctions.h"
 #include "FirewallOps.h"
 }

@@ -4,7 +4,8 @@
 #include <windef.h>
 #include <winhttp.h>

-#include "../EDRSandblast.h"
+#include "PrintFunctions.h"
+
 #include "HttpClient.h"


@@ -1,4 +1,5 @@
-#include "../EDRSandblast.h"
+#include "PrintFunctions.h"
+
 #include "IsEDRChecks.h"

 /*
@@ -7,7 +7,6 @@
 #include "DriverDBUtil.h"
 #include "DriverGDRV.h"
 #include "KernelUtils.h"
-#include "../EDRSandblast.h"

 #include "KernelMemoryPrimitives.h"

@@ -6,9 +6,10 @@
 */
 #include <Windows.h>
 #include <Tchar.h>
+
 #include "KernelMemoryPrimitives.h"
 #include "KernelUtils.h"
-#include "../EDRSandblast.h"
+#include "PrintFunctions.h"

 DWORD64 PatternSearchStartingFromAddress(DWORD64 startAddress, DWORD bytesToScan, DWORD64 pattern, DWORD64 mask) {
    for (DWORD i = 0; i < bytesToScan; i++) {
@@ -8,8 +8,8 @@
 #include <stdio.h>

 #include "FileVersion.h"
+#include "PrintFunctions.h"
 #include "PdbSymbols.h"
-#include "../EDRSandblast.h"

 #include "NtoskrnlOffsets.h"

@@ -2,9 +2,9 @@
 * Functions that browse the PEB structure instead of relying on GetModuleHandle
 */

-#include "../EDRSandblast.h"
 #include "Undoc.h"
 #include "PEBBrowse.h"
+#include "PrintFunctions.h"
 #include <stdio.h>

 /*
@@ -3,11 +3,13 @@
 * Among other things, reimplements GetProcAddress and the PE relocation process
 */

-#include "../EDRSandblast.h"
 #include "PEParser.h"
 #include <stdio.h>
 #include <assert.h>

+#include "PrintFunctions.h"
+
+
 IMAGE_SECTION_HEADER* PE_sectionHeader_fromRVA(PE* pe, DWORD rva) {
 	IMAGE_SECTION_HEADER* sectionHeaders = pe->sectionHeaders;
 	for (DWORD sectionIndex = 0; sectionIndex < pe->ntHeader->FileHeader.NumberOfSections; sectionIndex++) {
@@ -3,10 +3,10 @@
 #include <dbghelp.h>
 #include <stdio.h>

-#include "../EDRSandblast.h"
 #include "FileUtils.h"
 #include "HttpClient.h"
 #include "PEParser.h"
+#include "PrintFunctions.h"

 #include "PdbSymbols.h"

@@ -8,8 +8,8 @@
 #include <minidumpapiset.h>
 #include <tchar.h>

-#include "../EDRSandblast.h"
 #include "PEParser.h"
+#include "PrintFunctions.h"
 #include "ProcessDump.h"

 BOOL SetPrivilege(HANDLE hToken, LPCTSTR lpszPrivilege, BOOL bEnablePrivilege) {
@@ -1,3 +1,4 @@
+#include "PrintFunctions.h"
 #include "RemotePEBBrowser.h"
 #include "SW2_Syscalls.h"

@@ -1,5 +1,5 @@
 #include "SignatureOps.h"
-#include "../EDRSandblast.h"
+#include "PrintFunctions.h"

 // Concat in pSigners output the list of Signer(s) signing the specified file on disk.
 SignatureOpsError GetFileSigners(TCHAR* pFilePath, TCHAR* outSigners, size_t* szOutSigners) {
@@ -1,3 +1,9 @@
+#include <Windows.h>
+#include <tchar.h>
+
+#include "SW2_Syscalls.h"
+#include "PrintFunctions.h"
+
 #include "SyscallProcessUtils.h"

 // Retrieve a given process PID.
@@ -9,9 +9,9 @@
 #include <tchar.h>
 #include <stdio.h>

-#include "../EDRSandblast.h"
 #include "FileVersion.h"
 #include "PdbSymbols.h"
+#include "PrintFunctions.h"

 #include "WdigestOffsets.h"

@@ -1,4 +1,11 @@
-#include "../EDRSandblast.h"
+#include <Windows.h>
+#include <aclapi.h>
+#include <Tchar.h>
+#include <stdio.h>
+#include <time.h>
+
+#include "PrintFunctions.h"
+
 #include "WindowsServiceOps.h"

 BOOL ServiceAddEveryoneAccess(SC_HANDLE serviceHandle) {