Header inclusion feng-shui (each file only includes what it needs)

EDRSandblast/Includes/CredGuard.h

@@ -1,11 +1,5 @@
 #pragma once
 
 #include <Windows.h>
-#include <stdio.h>
-
-#include <Psapi.h>
-#include <tlhelp32.h>
-
-#include "WdigestOffsets.h"
 
 DWORD WINAPI disableCredGuardByPatchingLSASS(void);

EDRSandblast/Includes/DriverOps.h

@@ -6,13 +6,7 @@
 */
 
 #pragma once
-
 #include <Windows.h>
-#include <aclapi.h>
-#include <Tchar.h>
-#include <stdio.h>
-#include <time.h>
-
 
 #if !defined(PRINT_ERROR_AUTO)
 #define PRINT_ERROR_AUTO(func) (_tprintf(TEXT("[!] ERROR ") TEXT(__FUNCTION__) TEXT(" ; ") func TEXT(" (0x%08x)\n"), GetLastError()))

EDRSandblast/Includes/ETWThreatIntel.h

@@ -8,11 +8,6 @@
 #pragma once
 
 #include <Windows.h>
-#include <Tchar.h>
-#include <stdio.h>
-
-#include "KernelMemoryPrimitives.h"
-#include "NtoskrnlOffsets.h"
 
 #define DISABLE_PROVIDER 0x0
 #define ENABLE_PROVIDER 0x1

EDRSandblast/Includes/FileVersion.h

@@ -1,8 +1,6 @@
 #pragma once
 
 #include <Windows.h>
-#include <Tchar.h>
-#include <stdio.h>
 
 void GetFileVersion(TCHAR* buffer, SIZE_T bufferLen, TCHAR* filename);
 

EDRSandblast/Includes/KernelCallbacks.h

@@ -8,12 +8,7 @@
 #pragma once
 
 #include <Windows.h>
-#include <Tchar.h>
-#include <stdio.h>
 
-#include "DriverOps.h"
-#include "KernelMemoryPrimitives.h"
-#include "NtoskrnlOffsets.h"
 
 /*
 * PspCreateProcessNotifyRoutine / PspCreateThreadNotifyRoutine max: 64 callbacks

EDRSandblast/Includes/KernelMemoryPrimitives.h

@@ -8,9 +8,6 @@
 #pragma once
 
 #include <Windows.h>
-#include <Psapi.h>
-#include <Tchar.h>
-#include <stdio.h>
 
 
 struct RTCORE64_MSR_READ {

EDRSandblast/Includes/KernelPatternSearch.h

@@ -8,10 +8,6 @@
 #pragma once
 
 #include <Windows.h>
-#include <Tchar.h>
-#include <stdio.h>
-
-#include "KernelMemoryPrimitives.h"
 
 DWORD64 PatternSearchStartingFromAddress(HANDLE Device, DWORD64 startAddress, DWORD bytesToScan, DWORD64 pattern, DWORD64 mask);
 

EDRSandblast/Includes/LSASSDump.h

@@ -7,9 +7,6 @@
 #pragma once
 
 #include <Windows.h>
-#include <Dbghelp.h>
-#include <Tchar.h>
-#include <stdio.h>
-#include <tlhelp32.h>
+
 
 DWORD WINAPI dumpLSASSProcess(void* data);

EDRSandblast/Includes/NtoskrnlOffsets.h

@@ -8,9 +8,7 @@
 #pragma once
 
 #include <Windows.h>
-#include <Tchar.h>
 
-#include "FileVersion.h"
 
 enum NtoskrnlOffsetType {
     CREATE_PROCESS_ROUTINE = 0,

EDRSandblast/Includes/RunAsPPL.h

@@ -9,11 +9,7 @@
 #pragma once
 
 #include <Windows.h>
-#include <Tchar.h>
-#include <stdio.h>
 
-#include "KernelMemoryPrimitives.h"
-#include "NtoskrnlOffsets.h"
 
 //extern union NtoskrnlOffsets ntoskrnlOffsets;
 

EDRSandblast/Includes/UserlandHooks.h

@@ -1,12 +1,5 @@
 #pragma once
-#include <Windows.h>
-#include "Undoc.h"
 #include "PEParser.h"
-#include "PEBBrowse.h"
-#include <stdio.h>
-#include <TlHelp32.h>
-#include <DbgHelp.h>
-#include <pathcch.h>
 
 typedef struct diff_t {
 	PVOID disk_ptr;

EDRSandblast/Includes/WdigestOffsets.h

@@ -9,9 +9,7 @@
 #pragma once
 
 #include <Windows.h>
-#include <Tchar.h>
 
-#include "FileVersion.h"
 
 enum WdigestOffsetType {
     g_fParameter_UseLogonCredential = 0,