Skip to content

Instantly share code, notes, and snippets.

@kozera2137

kozera2137/lol.d Secret

Created August 19, 2019 14:58
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kozera2137/0903a832af98686b24c26abd1ff698db to your computer and use it in GitHub Desktop.
Save kozera2137/0903a832af98686b24c26abd1ff698db to your computer and use it in GitHub Desktop.
Download ZIP
Raw
lol.d
typedef unsigned short wchar_t ;
struct _UNICODE_STRING {
unsigned short Length;
unsigned short MaximumLength;
wchar_t *Buffer;
};
struct _RTL_USER_PROCESS_PARAMETERS {
long Reserved[12];
struct _UNICODE_STRING ImagePathName;
};
syscall::NtCreateUserProcess:entry {
ProcessParameters = (struct _RTL_USER_PROCESS_PARAMETERS*)copyin(arg8, sizeof(struct _RTL_USER_PROCESS_PARAMETERS));
printf("%.*ws", ProcessParameters->ImagePathName.Length, ProcessParameters->ImagePathName.Buffer);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment