Yxel janoglezcampos
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #![allow(non_snake_case)] | |
| /* | |
| [dependencies] | |
| winapi = {version = "0.3.9", features = ["ntdef", "winnt"]} | |
| ntapi = "0.3.7" | |
| */ | |
| use std::arch::{global_asm, asm}; | |
| use std::ptr::addr_of; |
janoglezcampos
/ direct_syscall.rs
Last active
September 2, 2022 13:26
Simplest rust direct syscall example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #![allow(non_snake_case)] | |
| use std::arch::global_asm; | |
| use std::mem::size_of; | |
| use winapi::shared::ntdef::{OBJECT_ATTRIBUTES, HANDLE, NULL, PHANDLE, NTSTATUS}; | |
| use winapi::um::winnt::{ACCESS_MASK, PROCESS_VM_WRITE, PROCESS_VM_READ}; | |
| #[cfg(not(target_arch = "x86_64"))] | |
| compile_error!("Only x86_64 machines"); |
janoglezcampos
/ find_function.cpp
Last active
August 29, 2022 09:24
Find non exported functions in a module using masks.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <psapi.h> | |
| typedef char * (*ParseHeaders)(LPCSTR, int *); | |
| BOOL bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask) | |
| { | |
| for (; *szMask; ++szMask, ++pData, ++bMask) | |
| if (*szMask == 'x' && *pData != *bMask) |
janoglezcampos
/ find_function_call.rs
Last active
May 22, 2022 10:28
Simple function to find the address of a call to a function, in a specified function inside a loaded module.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #[cfg(windows)] | |
| extern crate winapi; | |
| use std::{ptr, mem::size_of,ffi::CString,}; | |
| use libc; | |
| use winapi::{ | |
| um::{ | |
| psapi::{ | |
| GetModuleFileNameExW, | |
| EnumProcessModules | |
| }, |