This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
akagi (uacme) | |
akatsuki (uacme) | |
aoba (dsefix) | |
fubuki (uacme) | |
furutaka (tdl) | |
harasume (zeroaccess) | |
hibiki (uacme) | |
ikazuchi (uacme) | |
inazuma (uacme) | |
isonami (sxsexp) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define BITLOCKER_SIGNATURE "-FVE-FS-" | |
#define BITLOCKER_SIGNATURE_SIZE sizeof(BITLOCKER_SIGNATURE) | |
#pragma pack(push,1) | |
typedef struct _FVEFS_BOOT_RECORD { | |
BYTE JumpCode[3]; //+0x0 | |
BYTE Signature[8]; //+0x3 | |
WORD SectorSize; //+0xB | |
BYTE SectorsPerCluster; //+0xD | |
WORD ReservedClusters; //+0xE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DWORD Error, bytesIO; | |
NTSTATUS Status; | |
HANDLE hProcessToken = NULL, hNewToken = NULL, hTest; | |
BOOL bCond = FALSE; | |
SHELLEXECUTEINFO shinfo; | |
SID_IDENTIFIER_AUTHORITY MLAuthority = SECURITY_MANDATORY_LABEL_AUTHORITY; | |
TOKEN_MANDATORY_LABEL tml, *ptml; | |
PSID pIntegritySid = NULL; | |
STARTUPINFO si; | |
PROCESS_INFORMATION pi; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Original source link https://twitter.com/hFireF0X/status/887930221466443776 | |
// If you are here from any other link - do know that they just steal original info without giving any credit to source | |
// This bug has been fixed in 16273 public build. | |
#include "global.h" | |
HINSTANCE g_hInstance; | |
HANDLE g_ConOut = NULL; | |
BOOL g_ConsoleOutput = FALSE; | |
WCHAR g_BE = 0xFEFF; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
typedef interface ICMLuaUtil ICMLuaUtil; | |
typedef struct ICMLuaUtilVtbl { | |
BEGIN_INTERFACE | |
HRESULT(STDMETHODCALLTYPE *QueryInterface)( | |
__RPC__in ICMLuaUtil * This, | |
__RPC__in REFIID riid, | |
_COM_Outptr_ void **ppvObject); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
typedef interface IFwCplLua IFwCplLua; | |
typedef struct IFwCplLuaInterfaceVtbl { | |
BEGIN_INTERFACE | |
HRESULT(STDMETHODCALLTYPE *QueryInterface)( | |
__RPC__in IFwCplLua * This, | |
__RPC__in REFIID riid, | |
_COM_Outptr_ void **ppvObject); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Win32k NtUserOpenDesktop->OpenDesktop Denial Of Service feature. | |
Working range: x64 Windows 8 (9200) up to Windows 10 RS4 (17046). | |
x86 versions not tested. | |
Feature: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// Ref = src | |
// https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf | |
// | |
// Credits: | |
// Vyacheslav Rusakov @swwwolf | |
// Tom Bonner @thomas_bonner | |
// | |
#include <Windows.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <Windows.h> | |
#include <msdelta.h> | |
#pragma comment(lib, "msdelta.lib") | |
BOOL load_file(LPCTSTR FileName, LPDWORD BytesRead, LPVOID *AllocatedBuffer) | |
{ | |
HANDLE f; | |
LARGE_INTEGER fsz; | |
LPVOID buffer = NULL; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
typedef struct tagCREATELINKDATA { | |
ULONG dwFlags; | |
WCHAR szLinkName[MAX_PATH]; // + 0x20C | |
WCHAR szExeName[MAX_PATH]; // + 0x414 | |
WCHAR szParams[MAX_PATH]; // + 0x61C | |
WCHAR szWorkingDir[MAX_PATH]; // + 0x824 | |
WCHAR szOriginalName[MAX_PATH]; // + 0xA2C | |
WCHAR szExpExeName[MAX_PATH]; // + 0xC34 | |
WCHAR szProgDesc[MAX_PATH]; // + 0xE3C | |
WCHAR szFolder[MAX_PATH]; // + 0x1044 |
OlderNewer