daax daaximus

## valorant_gamer_capture3000.cpp
#include <windows.h>
#include <gdiplus.h>
#include <string>
#include <iostream>
#include <fstream>

using namespace Gdiplus;
#pragma comment (lib,"Gdiplus.lib")

int get_encoder_clsid( const WCHAR* format, CLSID* clsid )

## dump_exports_ntoskrnl_example.py
import idautils
import idaapi
import idc

def get_func_prototype(ea):
    tinfo = idaapi.tinfo_t()
    if idaapi.get_tinfo(tinfo, ea):
        return idaapi.print_tinfo("", 0, 0, idaapi.PRTYPE_1LINE, tinfo, "", "")
    else:
        return None

## nop_flush_rsb.py
import idaapi
import idc
import idautils
import ida_auto
import ida_bytes

def is_call_instruction(ea):
    return 'call' in idc.generate_disasm_line(ea, idc.GENDSM_FORCE_CODE)

def is_rsp_add_instruction(ea):

## usb.extended.ids
0000:0000=Device
0000:0002=USB Implementer Forum Mass Storage
0000:3825=USB Mouse
0000:7777=USB Flash Drive
0001:0001=Gaming Optical Mouse5
0001:142b=Arbiter Systems, Inc.
0001:7778=Fry's Electronics Counterfeit flash drive [Kingston]
0002:0002=Ingram passport00
0002:7007=Ingram HPRT XT300

## winobjidx.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              4 stars
            
          
                daaximus
                / winobjidx.md
            
            
              Last active
              February 24, 2023 04:12
            
              
                Windows 10/11 Object Type Names & Indexes
              
          
    [WINDOWS 11 22621.1105]

"Type", 0x2
"Directory", 0x3
"SymbolicLink", 0x4
"Token", 0x5  
"Job", 0x6  
"Process", 0x7  
"Thread", 0x8  


## idapython_ctree.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                daaximus
                / idapython_ctree.md
            
            
              Created
              October 20, 2022 19:20
                — forked from trietptm/idapython_ctree.md
            
              
                Notes on CTREE usage with IDAPython
              
          
    IDAPython CTREE

Important links


Hex-Rays Decompiler Primer
hexrays.hpp

Description

The CTREE is built from the optimized microcode (maturity at CMAT_FINAL), it represents an AST-like tree with C statements and expressions. It can be printed as C code.

  
## create_iso.cpp
#include <string>
#include <atlbase.h>
#include <imapi2fs.h>

void create_iso( std::wstring_view src, std::wstring_view iso_path )
{
    HRESULT hr;
    IFileSystemImage* fsimg;
    IFsiDirectoryItem* fsdir;
    IFileSystemImageResult* fsresult;

## ioctl_names.cpp
typedef struct _ioctl_t
{
	const char* ioctl_name;
	uint64_t ctl_code;
} ioctl_t;

// This would likely be better used in some unordered map. This is just a temporary data structure for testing resolution.
//
// Results from NtDeviceIoControlFile hook:
// utweb.exe (14916)   ::  NtDeviceIoControlFile( 0x65c (\Device\Afd), 0x694, 0x0000000000000000, 0x0000000000000000, 0x00000000044DEE90, 0x12024 (IOCTL_AFD_SELECT), 0x0000000004A3FC18, 0x34, 0x0000000004A3FC18, 0x34 )
	#include <windows.h>
	#include <gdiplus.h>
	#include <string>
	#include <iostream>
	#include <fstream>

	using namespace Gdiplus;
	#pragma comment (lib,"Gdiplus.lib")

	int get_encoder_clsid( const WCHAR* format, CLSID* clsid )
	import idautils
	import idaapi
	import idc

	def get_func_prototype(ea):
	tinfo = idaapi.tinfo_t()
	if idaapi.get_tinfo(tinfo, ea):
	return idaapi.print_tinfo("", 0, 0, idaapi.PRTYPE_1LINE, tinfo, "", "")
	else:
	return None
	0000:0000=Device
	0000:0002=USB Implementer Forum Mass Storage
	0000:3825=USB Mouse
	0000:7777=USB Flash Drive
	0001:0001=Gaming Optical Mouse5
	0001:142b=Arbiter Systems, Inc.
	0001:7778=Fry's Electronics Counterfeit flash drive [Kingston]
	0002:0002=Ingram passport00
	0002:7007=Ingram HPRT XT300
	#include <string>
	#include <atlbase.h>
	#include <imapi2fs.h>

	void create_iso( std::wstring_view src, std::wstring_view iso_path )
	{
	HRESULT hr;
	IFileSystemImage* fsimg;
	IFsiDirectoryItem* fsdir;
	IFileSystemImageResult* fsresult;
	typedef struct _ioctl_t
	{
	const char* ioctl_name;
	uint64_t ctl_code;
	} ioctl_t;

	// This would likely be better used in some unordered map. This is just a temporary data structure for testing resolution.
	//
	// Results from NtDeviceIoControlFile hook:
	// utweb.exe (14916) :: NtDeviceIoControlFile( 0x65c (\Device\Afd), 0x694, 0x0000000000000000, 0x0000000000000000, 0x00000000044DEE90, 0x12024 (IOCTL_AFD_SELECT), 0x0000000004A3FC18, 0x34, 0x0000000004A3FC18, 0x34 )