This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <iostream> | |
#include <Windows.h> | |
char* decode_string(const char *a1) | |
{ | |
const BYTE *enc_str = (BYTE*)a1; | |
signed int enc_len = strlen(a1); | |
BYTE *v4; | |
int v5; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 : 1\ | |
2 : 1 | |
3 : DIAL | |
4 : NAT status | |
5 : failed | |
6 : client is behind NAT | |
7 : client is not behind NAT | |
8 : DNSBL | |
9 : listed | |
10 : not listed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Sample "Hello World" driver | |
// creates a HelloDev, that expects one IOCTL | |
#include <ntddk.h> | |
#define HELLO_DRV_IOCTL CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_NEITHER, FILE_ANY_ACCESS) | |
#define DOS_DEV_NAME L"\\DosDevices\\HelloDev" | |
#define DEV_NAME L"\\Device\\HelloDev" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Region Addr: 00A50000 | |
Full Size : 00007000 | |
--- | |
---ALLOC AND INFO--- | |
nextAddr: 00A50000 | |
info: | |
AllocBase: 00A50000 | |
BaseAddress: 00A50000 | |
RegionSize: 1000 | |
RegionState: 1000 : MEM_COMMIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
The role of this snippet is to enforce a user to elevate a process, | |
simply by flooding them with repeatitive requests till they agree. | |
I do NOT recommend it as a UAC bypass technique as it is very noisy! | |
*/ | |
#include <stdio.h> | |
#include <Windows.h> | |
char mutex_name[] = "elev_mutex"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <windows.h> | |
#pragma comment(lib,"Ws2_32.lib") | |
#include "peconv.h" | |
#include "resource.h" | |
signed int (__cdecl *setup_flags)(BYTE *buffer) = nullptr; //0x7897 | |
signed int (__cdecl *scan_all_network)() = nullptr; //77D1 - scan all |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <windows.h> | |
#include "peconv.h" | |
/* | |
Requires a path to the original trick bot module: 0a7da84873f2a4fe0fcc58c88bbbe39d | |
*/ | |
#define OFFSET_DECODE_LIST 0x10ab0 //decode_from_the_list |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <windows.h> | |
#include "peconv.h" | |
// for the sample: bd47776c0d1dae57c0c3e5e2832f13870a38d5fd | |
// from: "Unpacking Pykspa Malware With Python and IDA Pro - Subscriber Request Part 1" | |
// https://www.youtube.com/watch?v=HfSQlC76_s4 | |
int (__cdecl *unpack_func)(BYTE* blob, DWORD blob_size, LPCSTR lpFileName, char r_val) = nullptr; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <windows.h> | |
#include <psapi.h> | |
#include <iostream> | |
#include <string> | |
#include <vector> | |
#include "pe_sieve_api.h" | |
#pragma comment(lib, "pe-sieve.lib") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <Windows.h> | |
#include <iostream> | |
#include "ntdll_undoc.h" | |
PPEB get_default_peb() | |
{ | |
#if defined(_WIN64) | |
return (PPEB)__readgsqword(0x60); | |
#else |