Skip to content

Instantly share code, notes, and snippets.

Avatar

Ilja van Sprundel iljavs

View GitHub Profile
View rand.rs
/*
* Rust has no APIs for random numbers. At all! If you want that you have
* to rely on 3rd party libraries. This is simply ridiculous. Relying on
* 3rd party libraries for cryptographically strong random numbers is one
* thing, however, there are many instances where you need a random number
* that doesn't have to be cryptographically strong, and any modern
* programming environment (or even not so modern) should offer this,
* Without having to rely on a 3rd party library!!!
*
* Because rust doesn't offer it, we'll just have to build our own. We'll
View Protect.cpp
#include <windows.h>
#include <stdio.h>
#define IOCTL_PROCESS_PROTECT_BY_PID CTL_CODE(FILE_DEVICE_UNKNOWN , 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_PROCESS_UNPROTECT_BY_PID CTL_CODE(FILE_DEVICE_UNKNOWN , 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_PROCESS_PROTECT_CLEAR CTL_CODE(FILE_DEVICE_UNKNOWN , 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
int main(int argc, char **argv) {
if (argc < 2) {
View ProcProt.c
#include <ntddk.h>
#include <windef.h>
#define DEVNAME L"\\Device\\ProcProt"
#define LINKNAME L"\\??\\ProcProt"
PVOID regHandle;
#define IOCTL_PROCESS_PROTECT_BY_PID CTL_CODE(FILE_DEVICE_UNKNOWN , 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_PROCESS_UNPROTECT_BY_PID CTL_CODE(FILE_DEVICE_UNKNOWN , 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
View beep.cpp
#include <Windows.h>
#include <stdio.h>
#include <winternl.h>
#include <ntstatus.h>
#define BEEPDEV L"\\Device\\Beep"
#define IOCTLCODE 0x10000
typedef NTSTATUS(CALLBACK* NTOPENFILE)(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, ULONG, ULONG);
View ZeroRead.cpp
// ZeroRead.cpp : This file contains the 'main' function. Program execution begins and ends there.
//
#include <Windows.h>
#include <stdio.h>
void hexdump(unsigned char* p, DWORD len) {
DWORD i;
for (i = 0; i < len; i++) {
View ZeroDriver.c
#include <ntddk.h>
#include <windef.h>
#define DEVNAME L"\\Device\\Zero"
#define LINKNAME L"\\??\\Zero"
void PrUnload(PDRIVER_OBJECT DriverObject) {
NTSTATUS status;
UNICODE_STRING sLinkName;
PDEVICE_OBJECT DevObj, t;
View simple.c
#include <ntddk.h>
#define SIMPLE_TAG 'pmis'
void* p;
void SimpleUnload(PDRIVER_OBJECT DriverObject) {
UNREFERENCED_PARAMETER(DriverObject);
DbgPrint("SimpleUnload called \n");
View ProcGet.cpp
// ProcGet.cpp : This file contains the 'main' function. Program execution begins and ends there.
//
#include <Windows.h>
#include <stdio.h>
#include <psapi.h>
#define IOCTL_OPEN_PROCESS CTL_CODE(FILE_DEVICE_UNKNOWN , 1, METHOD_NEITHER, FILE_ANY_ACCESS)
int main(int argc, char **argv) {
View ProcReveal.c
#include <ntddk.h>
#include <windef.h>
#define DEVNAME L"\\Device\\ProcReveal"
#define LINKNAME L"\\??\\ProcReveal"
#define IOCTL_OPEN_PROCESS CTL_CODE(FILE_DEVICE_UNKNOWN , 1, METHOD_NEITHER, FILE_ANY_ACCESS)
void PrUnload(PDRIVER_OBJECT DriverObject) {
NTSTATUS status;
View hexdump.c
void hexdump(unsigned char *data, size_t size) {
char ascii[17] = {0};
size_t i;
for (i = 0; i < size; ++i) {
unsigned char c = data[i];
size_t next = i+1;
printf("%02X ", c);
ascii[i % 16] = isprint(c) ? c : '.';
if (next % 8 == 0 || next == size) {