I hereby claim:
- I am osandamalith on github.
- I am osandamalith (https://keybase.io/osandamalith) on keybase.
- I have a public key whose fingerprint is 8453 4D6F 99AD F536 5A6E 3CD8 E165 7DA4 C6A1 DEDD
To claim this, I am signing this object:
Osanda Malith Jayathissa OsandaMalith
OsandaMalith
/ ppid.c
Last active
February 22, 2016 13:33
This will find the PPID - Parent Process ID of the give PID
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include "tlhelp32.h" | |
| /* Title: This will find the PPID - Parent Process ID of the give PID | |
| * Author: Osanda Malith Jayathissa (@OsandaMalith) | |
| * Example: ppid.exe 1620 | |
| * PID: 1620 | PPID: 776 | Name: calc.exe | |
| */ | |
| int main(int argc, char *argv[]) { | |
| int pid = 0; |
OsandaMalith
/ PPD_AntiDebug.c
Last active
February 22, 2016 18:08
Determining debugger present using the Parent Process detection.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <tchar.h> | |
| #include "tlhelp32.h" | |
| /* Title: Determining debugger present using the Parent Process detection. | |
| * Author: Osanda Malith Jayathissa (@OsandaMalith) | |
| * Website: http://osandamalith.wordpress.com | |
| */ | |
| int main(int argc, char *argv[]) { | |
| int pid = 0; |
OsandaMalith
/ isDebuggerPresent.asm
Created
March 8, 2016 11:11
Checking if the process is being debugged by a ring3 debugger using the PEB's BeingDebugged bit.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| format pe gui 4.0 | |
| entry start | |
| ; »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» | |
| ; Title: Checking if the process is being debugged by a ring3 debugger | |
| ; using the PEB's BeingDebugged bit. | |
| ; | |
| ; Website: http://osandamalith.wordpress.com | |
| ; Author: Osanda Malith Jayathissa (@OsandaMalith) | |
| ; ««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««« |
OsandaMalith
/ BeingDebugged.c
Created
March 8, 2016 14:00
Using ZwQueryInformationProcess we get the PEB Address and then we check the BeingDebugged bit to determine the process is being debugged or not.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Winternl.h> | |
| #include <Windows.h> | |
| #include <tchar.h> | |
| /* | |
| * Author: Osanda Malith Jayathissa (@OsandaMalith) | |
| * Website: http://OsandaMalith.wordpress.com | |
| * Using ZwQueryInformationProcess we get the PEB Address and | |
| * then we check the BeingDebugged bit to determine the process is being debugged or not. | |
| */ |
OsandaMalith
/ keybase.md
Created
March 15, 2016 23:13
OsandaMalith
/ NtGlobalFlag.asm
Created
April 23, 2016 05:16
Checking if the process is being debugged by a ring3 debugger using the PEB's NtGlobalFlag.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| format pe gui 4.0 | |
| entry start | |
| ; »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» | |
| ; Title: Checking if the process is being debugged by a ring3 debugger | |
| ; using the PEB's BeingDebugged bit. | |
| ; | |
| ; Website: http://osandamalith.wordpress.com | |
| ; Author: Osanda Malith Jayathissa (@OsandaMalith) | |
| ; ««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««« |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Coded by @OsandaMalith | |
| */ | |
| error_reporting(0); | |
| class Osanda { const lovely = 'rootbear'; } | |
| ${'r'.str_repeat('o', 2).@false.'tbear'}= "I Love You ♥"; |
OsandaMalith
/ ppid.asm
Last active
May 28, 2016 14:01
Test if process is being debugged if PPID != explorer.exe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .586 | |
| .model flat, stdcall | |
| option casemap :none | |
| ; ¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤ | |
| ; Author : Osanda Malith Jayathissa (@OsandaMalith) | |
| ; Title: Test if process is being debugged if PPID != explorer.exe | |
| ; Website: http://osandamalith.wordpress.com | |
| ; ¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤=÷=¤ |
OsandaMalith
/ password.cpp
Last active
June 14, 2016 14:32
Solution 1 for hasharazade's birthday crackme :)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #include <string> | |
| #include <iostream> | |
| #include <fstream> | |
| /* | |
| * Author : Osanda Malith Jayathissa (@OsandaMalith) | |
| */ | |
| using namespace std; | |
| int valid( char *str) { |
OsandaMalith
/ birthdayp1.cpp
Last active
June 15, 2016 20:51
Solution for my birthday crackme part 1 ;)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #include <string> | |
| #include <iostream> | |
| #include <fstream> | |
| using namespace std; | |
| unsigned int checksum(unsigned char string[]) { | |
| unsigned int var; |