w10tp kernel mode RPC

From the time of windows 8 there are yet new several drivers using kernel-mode rpc:

• CEA.sys - "Event Aggregation Kernel Mode Library". Use interface D09BDEB5-6171-4A34-BFE2-06FA82652568 from BrokerLib.dll
• fastfat.sys - use interface 04EEB297-CBF4-466B-8A2A-BFD6A2F10BBA from efssvc.dll
• wfplwfs.sys - "WFP NDIS 6.30 Lightweight Filter Driver". Use interface C605F9FB-F0A3-4E2A-A073-73560F8D9E3E from bisrv.dll

WdfFunctions.idc for windows 10 Technical Preview 64bit

since w8.1 only pfnWdfDeviceStopIdleActual & pfnWdfDeviceResumeIdleActual was added

windows 10 Technical Preview ntoskrnl.exe exports

I see that MmLoadSystemImage & MmUnloadSystemImage now exported, he-he

W32pServiceTable from windows 10 Technical Preview 64bit

W32pServiceLimit .eq. 0x443

KiServiceTable from windows 10 Technical Preview 64bit

KiServiceLimit .eq. 0x1B1

KiServiceTable from windows 10 Technical Preview

KiServiceLimit eq 0x1B1

CmControlVector from windows 10 Technical Preview

just to compare with w8.1 rtm

windows 10 Technical Preview W32pServiceTable

W32pServiceLimit .eq. 0x441 and now available via exported function win32k!SysEntryGetW32pServiceLimit

apisetschema.dll from windows 10 Technical Preview

no big changes at first glance

wincheck rc8.51

Download mirror
Changelog:

• add checking of some callbacks in MS crt modules (like purecall_handler, pInvalidArgHandler etc)
• add MiFlags dumping
• some bugs were fixed