Execute Native Application in Windows 10 and 8.1

I’m trying to run Windows native application (i.e subsystem: NATIVE) on Windows 10 and 8.1. The application signed with a test certificate and test sign mode was set on Windows. I’ve created the application based on “Enpty WDM Driver” template in Visual Studio with the latest WDK. I’ve compiled an exe file. Except ntdll.lib no default libs had been used. The test certificate of the application was placed in trusted Root Certification Authorities storage.

The executable of the application was placed in C:\Windows\System32 directory and the approipriate value (application name) was added to the registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute. So, the application must be executed on a boot time. But the BSOD is occured with the error code 0xC0000145. This NTSTATUS value has a name STATUS_APP_INIT_FAILURE. But when I try to start this application on Windows 7 application is correctly executed.
I assume something is wrong with a certificate. Maybe I had placed it into inappropriate storage. How can I start a native application in Windows 10 and 8.1?

The code of the application:

#include <ntifs.h>
#include <ntdef.h>

NTSYSCALLAPI NTSTATUS NTAPI NtDisplayString(PUNICODE_STRING DisplayString);
NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE ProcessHandle, NTSTATUS ExitStatus);

VOID NtProcessStartup(PVOID StartupArgument)
{
    UNICODE_STRING str;
    RtlInitUnicodeString(&str, L"Hello, world!\n");
    NtDisplayString(&str);
    NtTerminateProcess((HANDLE)(-1), 0);
}

I’ve never dealt with that kind of software but I believe anything that runs early boot must have a valid certificate and secure boot disabled if not.

anything that runs early boot must have a valid certificate and secure boot disabled if not.
The test certificate had been added to the System storage.
Secure Boot is not present in virtual machine with windows 8.1 and is not enabled in virtual machine with Windows 10.

As I remember, boot drivers must have additional security attributes such as integritychecks. Maybe same approaches are required to native applications. So, I’ve added /INTEGRITYCHECK parameter to linker options. It sets the IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY in DllCharactersitic field.
But nothing has changed.

Maybe, some additional options required?

hook up a debugger and see where it fails?

I’ve attached WinDBG to Windows 8.1 virtual machine.
NativeApp.exe is the name of the compiled native application, discussed above.
Here is the output:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Unknown bugcheck code (c0000145)
Unknown bugcheck description
Arguments:
Arg1: ffffffffc000007b
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------

KEY_VALUES_STRING: 1

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

DUMP_CLASS: 1

DUMP_QUALIFIER: 0

BUILD_VERSION_STRING:  9600.16384.amd64fre.winblue_rtm.130821-1623

BUGCHECK_STR:  0xc0000145

ERROR_CODE: (NTSTATUS) 0xc0000145 - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xc0000145 - <Unable to get error code text>

EXCEPTION_CODE_STR:  c0000145

EXCEPTION_PARAMETER1:  ffffffffc000007b

EXCEPTION_PARAMETER2:  0000000000000000

EXCEPTION_PARAMETER3:  0000000000000000

EXCEPTION_PARAMETER4: 0

DUMP_TYPE:  0

BUGCHECK_P1: ffffffffc000007b

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

CPU_COUNT: 1

CPU_MHZ: fb3

CPU_VENDOR:  AuthenticAMD

CPU_FAMILY: 15

CPU_MODEL: 2

CPU_STEPPING: 0

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

PROCESS_NAME:  NativeApp.exe

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  MY-PC

ANALYSIS_SESSION_TIME:  01-15-2021 19:18:18.0891

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

LAST_CONTROL_TRANSFER:  from fffff800be5f37c6 to fffff800be570c90

STACK_TEXT:  
ffffd000`20667f08 fffff800`be5f37c6 : ffffe000`01e93f90 00000000`00000000 ffffd000`20668070 fffff800`be518654 : nt!DbgBreakPointWithStatus
ffffd000`20667f10 fffff800`be5f30d7 : 00000000`00000003 00000000`c0000145 ffffe000`01e93f90 00000000`00000000 : nt!KiBugCheckDebugBreak+0x12
ffffd000`20667f70 fffff800`be56a1a4 : ffffe000`0053bc00 00000000`00000002 ffffe000`00000048 00000000`00000000 : nt!KeBugCheck2+0x8ab
ffffd000`20668680 fffff800`be792da5 : 00000000`0000004c 00000000`c0000145 ffffd000`213463f8 ffffe000`01e97060 : nt!KeBugCheckEx+0x104
ffffd000`206686c0 fffff800`be78b320 : ffffe000`0053bc00 ffffd000`206687d9 00000000`00000000 00000000`00000002 : nt!PopGracefulShutdown+0x2c9
ffffd000`20668700 fffff800`be5758b3 : ffffe000`0053b880 00000000`00000000 00000000`c0000004 ffffd000`20668900 : nt! ?? ::OKHAJAOM::`string'+0xe30
ffffd000`20668840 fffff800`be56dd00 : fffff800`be9b407f 00000000`00000001 ffffd000`20668a58 00000000`c0000004 : nt!KiSystemServiceCopyEnd+0x13
ffffd000`206689d8 fffff800`be9b407f : 00000000`00000001 ffffd000`20668a58 00000000`c0000004 00300039`00630030 : nt!KiServiceLinkage
ffffd000`206689e0 fffff800`be8e856f : ffffd000`21347000 ffff2fa7`3077a629 ffffe000`0053b9c0 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x6d47f
ffffd000`20668aa0 fffff800`be4fc14e : fffff800`be4fc094 00000000`00000000 00000000`00000002 ffffe000`0053b880 : nt!PopPolicyWorkerAction+0x63
ffffd000`20668b10 fffff800`be4563cd : fffff800`00000002 ffffd000`20668bd0 00000000`80000000 ffffe000`0053b880 : nt!PopPolicyWorkerThread+0xba
ffffd000`20668b50 fffff800`be501664 : c110ebc1`d08bd98b ffffe000`0053b880 ffffe000`0053b880 ffffe000`00078040 : nt!ExpWorkerThread+0x2b5
ffffd000`20668c00 fffff800`be5706c6 : fffff800`be70b180 ffffe000`0053b880 ffffe000`00161040 89c0b60f`10e8c1c2 : nt!PspSystemThreadStartup+0x58
ffffd000`20668c60 00000000`00000000 : ffffd000`20669000 ffffd000`20663000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16

THREAD_SHA1_HASH_MOD_FUNC:  d7f444b71e491dcfdd8b3266714c4b6897af456b

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  e6132901e8a12b2b476db61a013524cabc9aa059

THREAD_SHA1_HASH_MOD:  7f608ac2fbce9034a3386b1d51652e4911d30234

FOLLOWUP_IP: 
nt! ?? ::OKHAJAOM::`string'+e30
fffff800`be78b320 cc              int     3

FAULT_INSTR_CODE:  cf0a40cc

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  nt! ?? ::OKHAJAOM::`string'+e30

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  5215d156

IMAGE_VERSION:  6.3.9600.16384

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  e30

FAILURE_BUCKET_ID:  0xc0000145_nt!_??_::OKHAJAOM::_string_

BUCKET_ID:  0xc0000145_nt!_??_::OKHAJAOM::_string_

PRIMARY_PROBLEM_CLASS:  0xc0000145_nt!_??_::OKHAJAOM::_string_

TARGET_TIME:  2021-01-15T16:17:29.000Z

OSBUILD:  9600

OSSERVICEPACK:  16384

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  784

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 8.1

OSEDITION:  Windows 8.1 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2013-08-22 12:52:38

BUILDDATESTAMP_STR:  130821-1623

BUILDLAB_STR:  winblue_rtm

BUILDOSVER_STR:  6.3.9600.16384.amd64fre.winblue_rtm.130821-1623

ANALYSIS_SESSION_ELAPSED_TIME:  1d4c

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xc0000145_nt!_??_::okhajaom::_string_

FAILURE_ID_HASH:  {5e85bcb5-48b0-448f-d0d7-e7da59707767}

Followup:     MachineOwner
---------

Arg1 is 0xC000007B, which is STATUS_INVALID_IMAGE_FORMAT. Are you quite sure you compiled this as a 64-bit application? Did you compile it to target 8.1? Unlike user-mode, the native loader checks all of those obscure PE headers.

Hmmmm… I haven’t done this for a very, very, long time.

Let’s start at the beginning, shall we? It seems you’ve managed to create an executable that’s not properly formatted to run on Win 8 or Win 10.

So, I think we should ask: How, exactly, are you building this?

Peter

I’ve attached WinDBG to Windows 8.1 virtual machine.
NativeApp.exe is the name of the compiled native application, discussed above.
Here is the output:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Unknown bugcheck code (c0000145)
Unknown bugcheck description
Arguments:
Arg1: ffffffffc000007b
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------

KEY_VALUES_STRING: 1

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

DUMP_CLASS: 1

DUMP_QUALIFIER: 0

BUILD_VERSION_STRING:  9600.16384.amd64fre.winblue_rtm.130821-1623

BUGCHECK_STR:  0xc0000145

ERROR_CODE: (NTSTATUS) 0xc0000145 - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xc0000145 - <Unable to get error code text>

EXCEPTION_CODE_STR:  c0000145

EXCEPTION_PARAMETER1:  ffffffffc000007b

EXCEPTION_PARAMETER2:  0000000000000000

EXCEPTION_PARAMETER3:  0000000000000000

EXCEPTION_PARAMETER4: 0

DUMP_TYPE:  0

BUGCHECK_P1: ffffffffc000007b

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

CPU_COUNT: 1

CPU_MHZ: fb3

CPU_VENDOR:  AuthenticAMD

CPU_FAMILY: 15

CPU_MODEL: 2

CPU_STEPPING: 0

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

PROCESS_NAME:  NativeApp.exe

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  MY-PC

ANALYSIS_SESSION_TIME:  01-15-2021 19:18:18.0891

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

LAST_CONTROL_TRANSFER:  from fffff800be5f37c6 to fffff800be570c90

STACK_TEXT:  
ffffd000`20667f08 fffff800`be5f37c6 : ffffe000`01e93f90 00000000`00000000 ffffd000`20668070 fffff800`be518654 : nt!DbgBreakPointWithStatus
ffffd000`20667f10 fffff800`be5f30d7 : 00000000`00000003 00000000`c0000145 ffffe000`01e93f90 00000000`00000000 : nt!KiBugCheckDebugBreak+0x12
ffffd000`20667f70 fffff800`be56a1a4 : ffffe000`0053bc00 00000000`00000002 ffffe000`00000048 00000000`00000000 : nt!KeBugCheck2+0x8ab
ffffd000`20668680 fffff800`be792da5 : 00000000`0000004c 00000000`c0000145 ffffd000`213463f8 ffffe000`01e97060 : nt!KeBugCheckEx+0x104
ffffd000`206686c0 fffff800`be78b320 : ffffe000`0053bc00 ffffd000`206687d9 00000000`00000000 00000000`00000002 : nt!PopGracefulShutdown+0x2c9
ffffd000`20668700 fffff800`be5758b3 : ffffe000`0053b880 00000000`00000000 00000000`c0000004 ffffd000`20668900 : nt! ?? ::OKHAJAOM::`string'+0xe30
ffffd000`20668840 fffff800`be56dd00 : fffff800`be9b407f 00000000`00000001 ffffd000`20668a58 00000000`c0000004 : nt!KiSystemServiceCopyEnd+0x13
ffffd000`206689d8 fffff800`be9b407f : 00000000`00000001 ffffd000`20668a58 00000000`c0000004 00300039`00630030 : nt!KiServiceLinkage
ffffd000`206689e0 fffff800`be8e856f : ffffd000`21347000 ffff2fa7`3077a629 ffffe000`0053b9c0 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x6d47f
ffffd000`20668aa0 fffff800`be4fc14e : fffff800`be4fc094 00000000`00000000 00000000`00000002 ffffe000`0053b880 : nt!PopPolicyWorkerAction+0x63
ffffd000`20668b10 fffff800`be4563cd : fffff800`00000002 ffffd000`20668bd0 00000000`80000000 ffffe000`0053b880 : nt!PopPolicyWorkerThread+0xba
ffffd000`20668b50 fffff800`be501664 : c110ebc1`d08bd98b ffffe000`0053b880 ffffe000`0053b880 ffffe000`00078040 : nt!ExpWorkerThread+0x2b5
ffffd000`20668c00 fffff800`be5706c6 : fffff800`be70b180 ffffe000`0053b880 ffffe000`00161040 89c0b60f`10e8c1c2 : nt!PspSystemThreadStartup+0x58
ffffd000`20668c60 00000000`00000000 : ffffd000`20669000 ffffd000`20663000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16

THREAD_SHA1_HASH_MOD_FUNC:  d7f444b71e491dcfdd8b3266714c4b6897af456b

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  e6132901e8a12b2b476db61a013524cabc9aa059

THREAD_SHA1_HASH_MOD:  7f608ac2fbce9034a3386b1d51652e4911d30234

FOLLOWUP_IP: 
nt! ?? ::OKHAJAOM::`string'+e30
fffff800`be78b320 cc              int     3

FAULT_INSTR_CODE:  cf0a40cc

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  nt! ?? ::OKHAJAOM::`string'+e30

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  5215d156

IMAGE_VERSION:  6.3.9600.16384

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  e30

FAILURE_BUCKET_ID:  0xc0000145_nt!_??_::OKHAJAOM::_string_

BUCKET_ID:  0xc0000145_nt!_??_::OKHAJAOM::_string_

PRIMARY_PROBLEM_CLASS:  0xc0000145_nt!_??_::OKHAJAOM::_string_

TARGET_TIME:  2021-01-15T16:17:29.000Z

OSBUILD:  9600

OSSERVICEPACK:  16384

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  784

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 8.1

OSEDITION:  Windows 8.1 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2013-08-22 12:52:38

BUILDDATESTAMP_STR:  130821-1623

BUILDLAB_STR:  winblue_rtm

BUILDOSVER_STR:  6.3.9600.16384.amd64fre.winblue_rtm.130821-1623

ANALYSIS_SESSION_ELAPSED_TIME:  1d4c

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0xc0000145_nt!_??_::okhajaom::_string_

FAILURE_ID_HASH:  {5e85bcb5-48b0-448f-d0d7-e7da59707767}

Followup:     MachineOwner
---------

You know… once would have been enough. And answering my questions would be helpful. Peter

Perhaps you are compiling it as a driver, not a native app. Inspect your link command line and it should be clear what type of PE you are creating.

Do a “link /dump /headers xxx.exe” and post the output.

Sorry for multiposting. The problem was on my side. The web-page was not responded in my browser. I updated it and a draft was sent.

2Tim_Roberts:
Yes, application compiled for x64.
Target OS Version: Windows 8.1
_NT_TARGET_VERSION: Windows 8.1

The output of link /dump /headers:

Microsoft (R) COFF/PE Dumper Version 14.24.28314.0
Copyright (C) Microsoft Corporation.  All rights reserved.

Dump of file NativeApp.exe

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
            8664 machine (x64)
               3 number of sections
        600324DB time date stamp Sat Jan 16 21:39:39 2021
               0 file pointer to symbol table
               0 number of symbols
              F0 size of optional header
              22 characteristics
                   Executable
                   Application can handle large (>2GB) addresses

OPTIONAL HEADER VALUES
             20B magic # (PE32+)
           14.24 linker version
             200 size of code
             600 size of initialized data
               0 size of uninitialized data
            1000 entry point (0000000140001000) NtProcessStartup
            1000 base of code
       140000000 image base (0000000140000000 to 0000000140003FFF)
            1000 section alignment
             200 file alignment
           10.00 operating system version
           10.00 image version
            6.03 subsystem version
               0 Win32 version
            4000 size of image
             400 size of headers
            34E4 checksum
               1 subsystem (Native)
            41E0 DLL characteristics
                   High Entropy Virtual Addresses
                   Dynamic base
                   Check integrity
                   NX compatible
                   Control Flow Guard
          100000 size of stack reserve
            1000 size of stack commit
          100000 size of heap reserve
            1000 size of heap commit
               0 loader flags
              10 number of directories
               0 [       0] RVA [size] of Export Directory
            21B4 [      28] RVA [size] of Import Directory
               0 [       0] RVA [size] of Resource Directory
            3000 [       C] RVA [size] of Exception Directory
             C00 [     618] RVA [size] of Certificates Directory
               0 [       0] RVA [size] of Base Relocation Directory
            2030 [      38] RVA [size] of Debug Directory
               0 [       0] RVA [size] of Architecture Directory
               0 [       0] RVA [size] of Global Pointer Directory
               0 [       0] RVA [size] of Thread Storage Directory
               0 [       0] RVA [size] of Load Configuration Directory
               0 [       0] RVA [size] of Bound Import Directory
            2000 [      20] RVA [size] of Import Address Table Directory
               0 [       0] RVA [size] of Delay Import Directory
               0 [       0] RVA [size] of COM Descriptor Directory
               0 [       0] RVA [size] of Reserved Directory

SECTION HEADER #1
   .text name
      5E virtual size
    1000 virtual address (0000000140001000 to 000000014000105D)
     200 size of raw data
     400 file pointer to raw data (00000400 to 000005FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
60000020 flags
         Code
         Execute Read

SECTION HEADER #2
  .rdata name
     24A virtual size
    2000 virtual address (0000000140002000 to 0000000140002249)
     400 size of raw data
     600 file pointer to raw data (00000600 to 000009FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40000040 flags
         Initialized Data
         Read Only

  Debug Directories

        Time Type        Size      RVA  Pointer
    -------- ------- -------- -------- --------
    600324DB cv            5B 00002068      668    Format: RSDS, {6CB0426F-AF4C-4E18-BB4B-B4FF967E51D0}, 1, D:\Developing\Current Projects\NativeApp\x64\Release\NativeApp.pdb
    600324DB coffgrp       E4 000020C4      6C4

SECTION HEADER #3
  .pdata name
       C virtual size
    3000 virtual address (0000000140003000 to 000000014000300B)
     200 size of raw data
     A00 file pointer to raw data (00000A00 to 00000BFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40000040 flags
         Initialized Data
         Read Only

  Summary

        1000 .pdata
        1000 .rdata
        1000 .text

2Peter_Viscarola_(OSR):
I’ve created project with a type “Empty WDM Driver” in Visual Studio 2019.
Then I 've changed Configuration Properties->Configuration Type from sys to Application (.exe)
Then Linker->Input->Additional Dependencies set only ntdll.lib
Then Linker->Advanced->Entry Point set to NtProcessStartup

Here is a link to this project:
https://github.com/KrnlDeveloper/NativeApp

The only odd thing is that the operating system version in the header is 10.00. The user mode loader cares about that, so I wouldn’t be surprised if the kernel was at least as picky. Have you checked the linker properties in your Visual Studio project to make sure it’s not set to Windows 10?

What happens when you try to run the app from the command line? In other words, without having it auto run.

Peter

This is an application not a driver so you don’t want a WDM project…I got this to work:

#include <Windows.h>
#include <winternl.h>

NTSYSCALLAPI NTSTATUS NTAPI NtDisplayString(PUNICODE_STRING DisplayString);
NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE ProcessHandle, NTSTATUS ExitStatus);

VOID NtProcessStartup(PVOID StartupArgument)
{
    UNICODE_STRING str;
    RtlInitUnicodeString(&str, L"Hello, world!\n");
    NtDisplayString(&str);
    NtTerminateProcess((HANDLE)(-1), 0);
}

With the following vcxproj file that I hacked together…Note that I don’t claim this to be definitive (haven’t had the need for a production native app in a very long time) but should put you on the right path:

<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <ItemGroup Label="ProjectConfigurations">
    <ProjectConfiguration Include="Debug|Win32">
      <Configuration>Debug</Configuration>
      <Platform>Win32</Platform>
    </ProjectConfiguration>
    <ProjectConfiguration Include="Release|Win32">
      <Configuration>Release</Configuration>
      <Platform>Win32</Platform>
    </ProjectConfiguration>
    <ProjectConfiguration Include="Debug|x64">
      <Configuration>Debug</Configuration>
      <Platform>x64</Platform>
    </ProjectConfiguration>
    <ProjectConfiguration Include="Release|x64">
      <Configuration>Release</Configuration>
      <Platform>x64</Platform>
    </ProjectConfiguration>
  </ItemGroup>
  <PropertyGroup Label="Globals">
    <VCProjectVersion>16.0</VCProjectVersion>
    <Keyword>Win32Proj</Keyword>
    <ProjectGuid>{528ca95a-561b-4343-bd8a-205b5d808828}</ProjectGuid>
    <RootNamespace>NativeApp</RootNamespace>
    <WindowsTargetPlatformVersion>$(LatestTargetPlatformVersion)</WindowsTargetPlatformVersion>
  </PropertyGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
    <ConfigurationType>Application</ConfigurationType>
    <UseDebugLibraries>true</UseDebugLibraries>
    <PlatformToolset>v142</PlatformToolset>
    <CharacterSet>Unicode</CharacterSet>
    <Driver_SpectreMitigation>false</Driver_SpectreMitigation>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
    <ConfigurationType>Application</ConfigurationType>
    <UseDebugLibraries>false</UseDebugLibraries>
    <PlatformToolset>v142</PlatformToolset>
    <WholeProgramOptimization>true</WholeProgramOptimization>
    <CharacterSet>Unicode</CharacterSet>
    <Driver_SpectreMitigation>false</Driver_SpectreMitigation>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
    <ConfigurationType>Application</ConfigurationType>
    <UseDebugLibraries>true</UseDebugLibraries>
    <PlatformToolset>v142</PlatformToolset>
    <CharacterSet>Unicode</CharacterSet>
    <Driver_SpectreMitigation>false</Driver_SpectreMitigation>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
    <ConfigurationType>Application</ConfigurationType>
    <UseDebugLibraries>false</UseDebugLibraries>
    <PlatformToolset>v142</PlatformToolset>
    <WholeProgramOptimization>true</WholeProgramOptimization>
    <CharacterSet>Unicode</CharacterSet>
    <Driver_SpectreMitigation>false</Driver_SpectreMitigation>
  </PropertyGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
  <ImportGroup Label="ExtensionSettings">
  </ImportGroup>
  <ImportGroup Label="Shared">
  </ImportGroup>
  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
  </ImportGroup>
  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
  </ImportGroup>
  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
  </ImportGroup>
  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
  </ImportGroup>
  <PropertyGroup Label="UserMacros" />
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
    <LinkIncremental>false</LinkIncremental>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <LinkIncremental>false</LinkIncremental>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
    <LinkIncremental>false</LinkIncremental>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
    <LinkIncremental>false</LinkIncremental>
  </PropertyGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
    <ClCompile>
      <WarningLevel>Level3</WarningLevel>
      <SDLCheck>true</SDLCheck>
      <PreprocessorDefinitions>_DEBUG%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <ConformanceMode>true</ConformanceMode>
      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
      <SupportJustMyCode>false</SupportJustMyCode>
      <BufferSecurityCheck>false</BufferSecurityCheck>
      <ExceptionHandling>false</ExceptionHandling>
      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
    </ClCompile>
    <Link>
      <SubSystem>Native</SubSystem>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <AdditionalDependencies>ntdll.lib</AdditionalDependencies>
      <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
    </Link>
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <ClCompile>
      <WarningLevel>Level3</WarningLevel>
      <FunctionLevelLinking>true</FunctionLevelLinking>
      <IntrinsicFunctions>true</IntrinsicFunctions>
      <SDLCheck>true</SDLCheck>
      <PreprocessorDefinitions>NDEBUG%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <ConformanceMode>true</ConformanceMode>
      <BufferSecurityCheck>false</BufferSecurityCheck>
      <ExceptionHandling>false</ExceptionHandling>
    </ClCompile>
    <Link>
      <SubSystem>Native</SubSystem>
      <EnableCOMDATFolding>true</EnableCOMDATFolding>
      <OptimizeReferences>true</OptimizeReferences>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <AdditionalDependencies>ntdll.lib</AdditionalDependencies>
      <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
    </Link>
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
    <ClCompile>
      <WarningLevel>Level3</WarningLevel>
      <SDLCheck>true</SDLCheck>
      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <ConformanceMode>true</ConformanceMode>
      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
      <SupportJustMyCode>false</SupportJustMyCode>
      <BufferSecurityCheck>false</BufferSecurityCheck>
      <ExceptionHandling>false</ExceptionHandling>
      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
    </ClCompile>
    <Link>
      <SubSystem>Native</SubSystem>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <AdditionalDependencies>ntdll.lib</AdditionalDependencies>
      <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
    </Link>
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
    <ClCompile>
      <WarningLevel>Level3</WarningLevel>
      <FunctionLevelLinking>true</FunctionLevelLinking>
      <IntrinsicFunctions>true</IntrinsicFunctions>
      <SDLCheck>true</SDLCheck>
      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <ConformanceMode>true</ConformanceMode>
      <BufferSecurityCheck>false</BufferSecurityCheck>
      <ExceptionHandling>false</ExceptionHandling>
    </ClCompile>
    <Link>
      <SubSystem>Native</SubSystem>
      <EnableCOMDATFolding>true</EnableCOMDATFolding>
      <OptimizeReferences>true</OptimizeReferences>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <AdditionalDependencies>ntdll.lib</AdditionalDependencies>
      <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
    </Link>
  </ItemDefinitionGroup>
  <ItemGroup>
    <ClCompile Include="NativeApp.c" />
  </ItemGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
  <ImportGroup Label="ExtensionTargets">
  </ImportGroup>
</Project>
1 Like

Scott_Noone_(OSR), thanks a lot! It works.
I used incorrect headers ntifs.h and ntdef.h.

The good news is that the application does not have to be signed with a certificate.
Thanks again!