gmh gmh5225
🙃
gmh5225
/ KiSetupForInstrumentationReturn
Last active
May 16, 2022 10:52
KiSetupForInstrumentationReturn
gmh5225
/ PsCallImageNotifyRoutines.c
Created
May 27, 2022 06:52
— forked from swwwolf/PsCallImageNotifyRoutines.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NTSTATUS | |
| MmLoadSystemImage(IN PUNICODE_STRING ImageFileName, | |
| IN PUNICODE_STRING NamePrefix OPTIONAL, | |
| IN PUNICODE_STRING LoadedBaseName OPTIONAL, | |
| IN ULONG LoadFlags, | |
| OUT PVOID *ImageHandle, | |
| OUT PVOID *ImageBaseAddress) { | |
| // ... | |
| if ( PsImageNotifyEnabled ) { | |
| IMAGE_INFO ImageInfo; |
gmh5225
/ Remove Windows Defender
Created
June 13, 2022 16:34
— forked from hung1001/Remove Windows Defender
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: Made by Hoang Hung | |
| @echo off | |
| >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system" | |
| if "%errorlevel%" NEQ "0" ( | |
| echo: Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs" | |
| echo: UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs" | |
| "%temp%\getadmin.vbs" & exit | |
| ) | |
| if exist "%temp%\getadmin.vbs" del /f /q "%temp%\getadmin.vbs" |
gmh5225
/ create_iso.cpp
Created
July 1, 2022 18:15
— forked from daaximus/create_iso.cpp
create iso using imapi
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <string> | |
| #include <atlbase.h> | |
| #include <imapi2fs.h> | |
| void create_iso( std::wstring_view src, std::wstring_view iso_path ) | |
| { | |
| HRESULT hr; | |
| IFileSystemImage* fsimg; | |
| IFsiDirectoryItem* fsdir; | |
| IFileSystemImageResult* fsresult; |
gmh5225
/ hash_fnv1a.h
Created
July 10, 2022 01:00
— forked from ruby0x1/hash_fnv1a.h
FNV1a c++11 constexpr compile time hash functions, 32 and 64 bit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #pragma once | |
| #include <stdint.h> | |
| //fnv1a 32 and 64 bit hash functions | |
| // key is the data to hash, len is the size of the data (or how much of it to hash against) | |
| // code license: public domain or equivalent | |
| // post: https://notes.underscorediscovery.com/constexpr-fnv1a/ | |
| inline const uint32_t hash_32_fnv1a(const void* key, const uint32_t len) { |
gmh5225
/ dump.js
Created
August 31, 2022 12:41
— forked from DoranekoSystems/dump.js
Generate windows syscall csv with Frida
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const outputPath = "C::\\put_your_path\\syscall.csv"; | |
| var module = Process.getModuleByName("ntdll.dll"); | |
| var symbols = module.enumerateExports(); | |
| var csvString = "Name,Number\n"; | |
| for (var i = 0; i < symbols.length; i++) { | |
| const sysName = symbols[i].name; | |
| if (sysName.indexOf("Nt") == 0 && sysName.indexOf("Ntdll") == -1) { | |
| const symAddr = symbols[i].address; |
gmh5225
/ encrypting-strings-at-compile-time.md
Created
August 31, 2022 22:01
— forked from EvanMcBroom/encrypting-strings-at-compile-time.md
Encrypting Strings at Compile Time
Thank you to SpecterOps for supporting this research and to Duane and Matt for proofreading and editing! Crossposted on the SpecterOps Blog.
TLDR: You may use this header file for reliable compile time string encryption without needing any additional dependencies.
Programmers of DRM software, security products, or other sensitive code bases are commonly required to minimize the amount of human readable strings in binary output files. The goal of the minimization is to hinder others from reverse engineering their proprietary technology.
Common approaches that are taken to meet this requirement often add an additional maintenance burden to the developer and are prone to error. These approaches will be presented along with t
gmh5225
/ no_strings.hpp
Created
August 31, 2022 22:03
— forked from EvanMcBroom/no_strings.hpp
Encrypt Strings at Compile Time
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Copyright (C) 2022 Evan McBroom | |
| // If you are using Visual Studio, you will need to disable the "Edit and Continue" feature. | |
| // Prng based off of Parker Miller's | |
| // "Multiplicative Linear Congruential Generator" | |
| // https://en.wikipedia.org/wiki/Lehmer_random_number_generator | |
| namespace mlcg { | |
| constexpr uint32_t modulus() { | |
| return 0x7fffffff; | |
| } |
gmh5225
/ drvscan.cpp
Created
September 8, 2022 15:06
— forked from adrianyy/drvscan.cpp
vulnerable driver scanner
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <string> | |
| #include <vector> | |
| #include <fstream> | |
| #include <iostream> | |
| #include <filesystem> | |
| #include <Windows.h> | |
| #include <winternl.h> | |
| static_assert( sizeof( void* ) == 8 ); |
OlderNewer