Sheng-Hao Ma aaaddress1

## rename.c
#define _UNICODE
#define UNICODE

#include <windows.h>

#ifdef __cplusplus
#include <cstdio>
#else
#include <stdio.h>
#endif

## fuck.js
function sleep( sleepDuration ){
    var now = new Date().getTime();
    while(new Date().getTime() < now + sleepDuration){ /* do nothing */ }
}
function gc() {
    for (let i = 0; i < 0x10; i++) {
            new ArrayBuffer(0x1000000);
        }
}
let data_view = new DataView(new ArrayBuffer(8));

## chrome-v8-issue-1126249.js
class Helpers {

 constructor() {
  this.cvt_buf = new ArrayBuffer(8);
  this.cvt_f64a = new Float64Array(this.cvt_buf);
  this.cvt_u64a = new BigUint64Array(this.cvt_buf);
  this.cvt_u32a = new Uint32Array(this.cvt_buf);
 }

 ftoi(f) {

## m1racles-poc.c
/*
 * m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
 *
 * This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
 *
 * Please visit m1racles.com for more information.
 *
 * Licensed under the MIT license.
 */

## How to use a function pointer in VBA.md

      
              1 file
            
          
              6 forks
            
          
              0 comments
            
          
              9 stars
            
          
                sancarn
                / How to use a function pointer in VBA.md
            
            
              Created
              December 30, 2020 12:14
            
              
                How to use a function pointer in VBA by Akihito Yamashiro
              
          
    VB6 and VBA come with no support for function pointers.
Also, when you wish to execute a function in a dll using the Declare function, you can only call functions created by the Steadcall calling conversation.
These constraints can be avoided by using the DispCallFunc API.
The DispCallFunc is widely used in VB6 when erasing the history of IE.
Although the DispCallFunc is known as API for calling the IUnknown interface, in fact, you can also perform other functions other than COM by passing the NULL to the first argument.
As explained in the http://msdn.microsoft.com/en-us/library/ms221473(v=vs.85).aspx , the DispCallFunc argument is as follows.

  
## x64FunctionPointer1.vba
Declare PtrSafe Function DispCallFunc Lib "OleAut32.dll" (ByVal pvInstance As LongPtr, ByVal offsetinVft As LongPtr, ByVal CallConv As Long, ByVal retTYP As Integer, ByVal paCNT As Long, ByRef paTypes As Integer, ByRef paValues As LongPtr, ByRef retVAR As Variant) As Long
Declare PtrSafe Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As LongPtr
Declare PtrSafe Function GetProcAddress Lib "kernel32" (ByVal hModule As LongPtr, ByVal lpProcName As String) As LongPtr

Const CC_STDCALL = 4

Private VType(0 To 63) As Integer, VPtr(0 To 63) As LongPtr

Sub SayHello()


## x64FunctionPointer.vba
Declare PtrSafe Function DispCallFunc Lib "OleAut32.dll" (ByVal pvInstance As LongPtr, ByVal offsetinVft As LongPtr, ByVal CallConv As Long, ByVal retTYP As Integer, ByVal paCNT As Long, ByRef paTypes As Integer, ByRef paValues As LongPtr, ByRef retVAR As Variant) As Long
Declare PtrSafe Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As LongPtr
Declare PtrSafe Function GetProcAddress Lib "kernel32" (ByVal hModule As LongPtr, ByVal lpProcName As String) As LongPtr

Const CC_STDCALL = 4

Private VType(0 To 63) As Integer, VPtr(0 To 63) As LongPtr

Sub SayHello()


## Simple_Rev_Shell.cs
using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.ComponentModel;
using System.Linq;
using System.Net;
using System.Net.Sockets;

## uacbypasstokenmanipulation.py
# -*- coding: utf-8 -*-
# All credits go to CIA: https://gist.github.com/hfiref0x/59c689a14f1fc2302d858ae0aa3f6b86 (please don't hack me <3 :))
# This is trully a Always Notify UAC Bypass,cause it uses process enumeration to find elevated processes. Since you need administrative privileges to get TOKEN_ELEVATION,we look for processes with manifests that have <autoElevate></autoElevate> set to True.
from ctypes.wintypes import *
from ctypes import *
from enum import IntEnum

kernel32 = WinDLL('kernel32', use_last_error=True)
advapi32 = WinDLL('advapi32', use_last_error=True)
shell32  = WinDLL('shell32' , use_last_error=True)

## anonymous
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00]
@="AtomicRedTeam"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00\CLSID]
@="{00000001-0000-0000-0000-0000FEEDACDC}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam]
@="AtomicRedTeam"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam\CLSID]
@="{00000001-0000-0000-0000-0000FEEDACDC}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}]
	#define _UNICODE
	#define UNICODE

	#include <windows.h>

	#ifdef __cplusplus
	#include <cstdio>
	#else
	#include <stdio.h>
	#endif
	function sleep( sleepDuration ){
	var now = new Date().getTime();
	while(new Date().getTime() < now + sleepDuration){ /* do nothing */ }
	}
	function gc() {
	for (let i = 0; i < 0x10; i++) {
	new ArrayBuffer(0x1000000);
	}
	}
	let data_view = new DataView(new ArrayBuffer(8));
	class Helpers {

	constructor() {
	this.cvt_buf = new ArrayBuffer(8);
	this.cvt_f64a = new Float64Array(this.cvt_buf);
	this.cvt_u64a = new BigUint64Array(this.cvt_buf);
	this.cvt_u32a = new Uint32Array(this.cvt_buf);
	}

	ftoi(f) {
	/*
	* m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
	*
	* This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
	*
	* Please visit m1racles.com for more information.
	*
	* Licensed under the MIT license.
	*/
	Declare PtrSafe Function DispCallFunc Lib "OleAut32.dll" (ByVal pvInstance As LongPtr, ByVal offsetinVft As LongPtr, ByVal CallConv As Long, ByVal retTYP As Integer, ByVal paCNT As Long, ByRef paTypes As Integer, ByRef paValues As LongPtr, ByRef retVAR As Variant) As Long
	Declare PtrSafe Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As LongPtr
	Declare PtrSafe Function GetProcAddress Lib "kernel32" (ByVal hModule As LongPtr, ByVal lpProcName As String) As LongPtr

	Const CC_STDCALL = 4

	Private VType(0 To 63) As Integer, VPtr(0 To 63) As LongPtr

	Sub SayHello()
	using System;
	using System.Text;
	using System.IO;
	using System.Diagnostics;
	using System.ComponentModel;
	using System.Linq;
	using System.Net;
	using System.Net.Sockets;
	# -- coding: utf-8 --
	# All credits go to CIA: https://gist.github.com/hfiref0x/59c689a14f1fc2302d858ae0aa3f6b86 (please don't hack me <3 :))
	# This is trully a Always Notify UAC Bypass,cause it uses process enumeration to find elevated processes. Since you need administrative privileges to get TOKEN_ELEVATION,we look for processes with manifests that have <autoElevate></autoElevate> set to True.
	from ctypes.wintypes import *
	from ctypes import *
	from enum import IntEnum

	kernel32 = WinDLL('kernel32', use_last_error=True)
	advapi32 = WinDLL('advapi32', use_last_error=True)
	shell32 = WinDLL('shell32' , use_last_error=True)
	Windows Registry Editor Version 5.00
	[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00]
	@="AtomicRedTeam"
	[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00\CLSID]
	@="{00000001-0000-0000-0000-0000FEEDACDC}"
	[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam]
	@="AtomicRedTeam"
	[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam\CLSID]
	@="{00000001-0000-0000-0000-0000FEEDACDC}"
	[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}]