IgorYunusov

unit HookAPI;

interface

uses
  Windows, TlHelp32, MicroDAsm;

const
  SE_DEBUG_NAME            = 'SeDebugPrivilege';
  THREAD_SUSPEND_RESUME    = $0002;

IgorYunusov

unit MicroDAsm;

interface

type
  TREXStruct = record
    B: Boolean; // Extension of the ModR/M r/m field, SIB base field, or Opcode reg field
    X: Boolean; // Extension of the SIB index field
    R: Boolean; // Extension of the ModR/M reg field
    W: Boolean; // 0 = Operand size determined by CS.D; 1 = 64 Bit Operand Size

IgorYunusov

// Creating a node graph editor for ImGui
// Quick demo, not production code! This is more of a demo of how to use ImGui to create custom stuff.
// Better version by @daniel_collin here https://gist.github.com/emoon/b8ff4b4ce4f1b43e79f2
// See https://github.com/ocornut/imgui/issues/306
// v0.02
// Animated gif: https://cloud.githubusercontent.com/assets/8225057/9472357/c0263c04-4b4c-11e5-9fdf-2cd4f33f6582.gif

// NB: You can use math functions/operators on ImVec2 if you #define IMGUI_DEFINE_MATH_OPERATORS and #include "imgui_internal.h"
// Here we only declare simple +/- operators so others don't leak into the demo code.
static inline ImVec2 operator+(const ImVec2& lhs, const ImVec2& rhs) { return ImVec2(lhs.x+rhs.x, lhs.y+rhs.y); }

IgorYunusov

/*
The MIT License (MIT)

Copyright (c) 2014 Tanay PrabhuDesai

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is

IgorYunusov

#include <Windows.h>
#include <Psapi.h>
#include <ntstatus.h>
#include <cstdint>
#include <functional>
#include <Shlwapi.h>
#include <winternl.h>

#pragma comment(lib, "ntdll.lib")
#pragma comment(lib, "Shlwapi.lib")

IgorYunusov

HANDLE get_handle_to_process(LPWSTR process)
{
    HANDLE hProcess = NULL;

    enumerate_handles([&](PSYSTEM_HANDLE_TABLE_ENTRY_INFO handle) {

        if(GetCurrentProcessId() != handle->UniqueProcessId) return STATUS_UNSUCCESSFUL;

        BOOL        found = FALSE;
        PVOID       buffer = NULL;

IgorYunusov

NTSTATUS enumerate_handles(ENUM_HANDLE_CALLBACK callback)
{
    NTSTATUS                    status = STATUS_UNSUCCESSFUL;
    PVOID                       buffer = NULL;
    ULONG                       bufferSize = 0;

    do {
        status = NtQuerySystemInformation((SYSTEM_INFORMATION_CLASS)16/*SystemHandleInformation*/, buffer, bufferSize, &bufferSize);
        if(!NT_SUCCESS(status)) {
            if(status == STATUS_INFO_LENGTH_MISMATCH) {

IgorYunusov

#include "stdafx.h"
#include "HideModule.h"

std::vector<UNLINKED_MODULE> UnlinkedModules;

void RelinkModuleToPEB(HMODULE hModule)
{
	std::vector<UNLINKED_MODULE>::iterator it = std::find_if(UnlinkedModules.begin(), UnlinkedModules.end(), FindModuleHandle(hModule));

	if (it == UnlinkedModules.end())

IgorYunusov

#include <windows.h>
#include <subauth.h>
#include <stdio.h>

/* Windows structures */
typedef struct _PEB_LDR_DATA {
  BYTE       Reserved1[8];
  PVOID      Reserved2[3];
  LIST_ENTRY InMemoryOrderModuleList;
} PEB_LDR_DATA, *PPEB_LDR_DATA;

IgorYunusov

struct OBJECT{ // The object to be serialized / deserialized
public:
  // Members are serialized / deserialized in the order they are declared. Can use bitpacking as well.
	DATATYPE member1;
	DATATYPE member2;
	DATATYPE member3;
	DATATYPE member4;
};

void write(const std::string& file_name, OBJECT& data) // Writes the given OBJECT data to the given file name.