Rottweiler Rottweiler
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| detour = detour or {} | |
| local detours = detour.detours or {} | |
| detour.detours = detours | |
| function detour.AddDetour(tbl, key, func) | |
| detours[tbl] = detours[tbl] or {} | |
| local original = tbl[key] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Text; | |
| using System.Reflection; | |
| using System.Linq; | |
| class Program | |
| { | |
| public static void Main(string[] argv) | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.CompilerServices; | |
| using System.Runtime.InteropServices; | |
| using System.Security; | |
| using System.Security.Permissions; | |
| using System.IO; | |
| using System.Reflection; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Raw sockets _CAN_ be used in Windows 10. Set compability mode to Windows 7 on executable, and run it as administrator | |
| Why raw sockets? Well there's not many reasons I can think of other than to create spoofed DoS-attacks where it looks like the packet is comming from | |
| another source |
Rottweiler
/ Win32ResourceManager.cs
Last active
June 13, 2020 09:10
Win32ResourceManager - A native resource manager in a managed flavor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.ComponentModel; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| /// <summary> | |
| /// Win32ResourceManager - A native resource manager in a managed flavor | |
| /// </summary> | |
| internal class Win32ResourceManager | |
| { |
Rottweiler
/ ThreadQueue.cs
Created
January 18, 2017 20:21
— forked from pigeonhands/ThreadQueue.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Threading; | |
| using System.Threading.Tasks; | |
| public delegate void ThreadQueueWorkDelegate<T>(T task); | |
| /// <summary> | |
| /// ThreadQueue | |
| /// Made by BahNahNah |
Rottweiler
/ Fake .NET Framework warning.cs
Created
January 15, 2017 07:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private static void FakeFrameworkWarning() | |
| { | |
| StringBuilder sb = new StringBuilder(); | |
| sb.AppendLine("This application requires one of the following versions of the .NET Framework:"); | |
| sb.AppendLine(".NETFramework,Version=v4.5.2"); | |
| sb.AppendLine(); | |
| sb.AppendLine("Do you want to install this .NET Framework version now?"); | |
| DialogResult res = MessageBox.Show(sb.ToString(), Process.GetCurrentProcess().MainModule.ModuleName + " - This application could not be started.", MessageBoxButtons.YesNo, MessageBoxIcon.Error); | |
| if (res == DialogResult.Yes) | |
| { |
Rottweiler
/ UAC bypass
Last active
June 13, 2018 12:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /// <summary> | |
| /// Start elevated process with UAC bypass. | |
| /// Credits: Rottweiler | |
| /// </summary> | |
| /// <param name="filename"></param> | |
| static void UACStart(string filename) | |
| { | |
| if (Environment.OSVersion.Version.Major >= 6) | |
| { | |
| string filename_safe = Path.GetFullPath(filename); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| WORD = 2 bytes, ushort, UInt16 | |
| DWORD = 4 bytes, uint, UInt32 | |
| QWORD = 8 bytes, ulong, UInt64 | |
| LPVOID = (4, or 8 bytes), IntPtr | |
| LPCVOID = (4, or 8 bytes), IntPtr | |
| SIZE_T = 4 bytes, uint, UInt32 | |
| The goal of this is to simplify conversion between c/c++ and c# |
Rottweiler
/ gist:44fe4461a4552acf303a
Last active
January 18, 2023 10:49
Heavily obfuscated UnConfuserEx tool
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| UnConfuserEx https://mega.nz/#!U1hxwQKb!7WFBSjrZgg8ieFp15K0RJW8rWuyMHZTO9bpCekhBQfY | |
| ConfuserExDupPopPatcher https://mega.nz/#!IkhHzZDS!vPYABdYJtuDIGJBHdKzwIqLajxugJaNlENWr5CWjNlo | |
| ConfuserExStringDecryptor https://mega.nz/#!plhxRJyY!Vq9eRS-gixC__q75860gDD8Tcm_ncOfCCCP_HQKguUM | |
| ConfuserExCallFixer https://mega.nz/#!0gZFlbwC!KFka_Kxe-GuU-d8COni91xmGPbiRnbX6lBLYAomn7No | |
| I'm not responsible for what you do with these -- they may very well be backdoored |