KiFilterFiberContext
/ NtPssCaptureVaSpaceBulk.cpp
Last active
April 1, 2021 00:43
Example usage of NtPssCaptureVaSpaceBulk - undocumented syscall introduced in 20H1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // NtPssCaptureVaSpaceBulk 0x013c | |
| // Used for process snapshotting (i.e. PssCaptureSnapshot) | |
| // Returns an array of MEMORY_BASIC_INFORMATION structures representing a process' virtual address space | |
| // | |
| #include <iostream> | |
| #include <windows.h> | |
| // not official name |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use crate::*; | |
| use winapi::shared::{ | |
| ntdef::{NTSTATUS, ULONG, PUNICODE_STRING, PVOID, PULONG, BOOLEAN, PBOOLEAN, TRUE, FALSE}, | |
| ntstatus::STATUS_ASSERTION_FAILURE | |
| }; | |
| #[link(name = "ntdll")] | |
| extern "stdcall" { | |
| fn RtlAdjustPrivilege( |
KiFilterFiberContext
/ very_bad_bootloader.asm
Created
July 18, 2019 03:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; bootloader which can only print hello world to the screen, I used qemu for emulation | |
| ; I might come back to this in the future, maybe | |
| ; Code is almost a year old so yeah I don't expect to understand it because it's poorly commented | |
| [org 0x7c00] | |
| call START | |
| START: |