odzhan

## regexp.cpp

//
// Simple regexp example using IRegExp interface.
//

/**
 # Found 4 matches.

 > test@gmail.com
 > spam@yahoo.com

## mask.cpp

//
// Simple obfuscation using byte substitution
//

#include <cstdio>
#include <cstdint>
#include <cstdlib>
#include <cstring>
#include <cmath>

## sbox.cpp
//
// @modexpblog
//
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <cstdint>
#include <ctime>
#include <cmath>
#include <fcntl.h>

## ntdelegate.cpp
//
// How to locate the NT Delegate Callback Table in x86 builds of ntdll.dll
//
// @modexpblog
//

#define PHNT_VERSION PHNT_THRESHOLD
#include <phnt_windows.h>
#include <phnt.h>

## proc_env_exit.cpp

//
// Resolve dynamic address of Process.Environment.Exit in CLR host process using C++
//
// Based on :
// https://www.mdsec.co.uk/2020/08/massaging-your-clr-preventing-environment-exit-in-in-process-net-assemblies/
// https://github.com/yamakadi/clroxide/blob/214222d578bf62b4c7fc860125268f4eecb9f331/examples/patch_exit.rs
// https://github.com/kyleavery/inject-assembly/blob/8db977c0fd1da039df920f9dd4840d4a3ec2aa2c/src/scmain.c
// https://github.com/TheWover/donut/blob/master/loader/test/rdt.cpp ;)

## rdp_pack.cpp

/**
    Compression using undocumented API in rdpbase.dll

    RDPCompressEx supports four algorithms : MPPC-8K, MPPC-64K, NCRUSH and XCRUSH.

    This code supports all except NCRUSH.
    The MPPC compression ratio is very similar to LZSS, so this could be quite useful for shellcode trying to evade detection.

    NCRUSH compression appears to work but fails for decompression.

## szdd.c
// LZ77 compression / decompression algorithm
// this is the compression Microsoft used in Windows *.HLP and *.MRB files

// It is also used with Install Shield files.  These files are
// recognizable by the letters SZDD in the first 4 bytes.  The file
// names for files compressed in this way are usually the name of the
// file as it would be installed but with the last character replaced
// by '_'

// This program is a complete hack.  I am not responsible for the

## base64.cpp

/**

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 0A, 0B, 0C, 0D, 0E, 0F,
10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 1A, 1B, 1C, 1D, 1E, 1F,
20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 2A, 2B, 2C, 2D, 2E, 2F,
30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 3A, 3B, 3C, 3D, 3E, 3F,

## ecdlp.c
/****************************************************************
  jB's ECDLP Solver v0.02

  ECDLP solver over F(p) using Pollard's Rho algorithm,
  as described in Guide to Elliptic Curve Cryptography,
  by Darrel Hankerson, Alfred Menezes and Scott Vanstone.

  You will need MIRACL to compile it.

  If you find bugs, have ideas to improve it, or simply want

## curl_libuv_example.c
#include <stdio.h>
#include <stdlib.h>
#include <uv.h>
#include <curl/curl.h>

uv_loop_t *loop;
CURLM *curl_handle;
uv_timer_t timeout;

typedef struct curl_context_s {

	//
	// Simple regexp example using IRegExp interface.
	//

	/**
	# Found 4 matches.

	> test@gmail.com
	> spam@yahoo.com

	//
	// Simple obfuscation using byte substitution
	//

	#include <cstdio>
	#include <cstdint>
	#include <cstdlib>
	#include <cstring>
	#include <cmath>
	//
	// @modexpblog
	//
	#include <cstdio>
	#include <cstdlib>
	#include <cstring>
	#include <cstdint>
	#include <ctime>
	#include <cmath>
	#include <fcntl.h>
	//
	// How to locate the NT Delegate Callback Table in x86 builds of ntdll.dll
	//
	// @modexpblog
	//

	#define PHNT_VERSION PHNT_THRESHOLD
	#include <phnt_windows.h>
	#include <phnt.h>

	//
	// Resolve dynamic address of Process.Environment.Exit in CLR host process using C++
	//
	// Based on :
	// https://www.mdsec.co.uk/2020/08/massaging-your-clr-preventing-environment-exit-in-in-process-net-assemblies/
	// https://github.com/yamakadi/clroxide/blob/214222d578bf62b4c7fc860125268f4eecb9f331/examples/patch_exit.rs
	// https://github.com/kyleavery/inject-assembly/blob/8db977c0fd1da039df920f9dd4840d4a3ec2aa2c/src/scmain.c
	// https://github.com/TheWover/donut/blob/master/loader/test/rdt.cpp ;)

	/**
	Compression using undocumented API in rdpbase.dll

	RDPCompressEx supports four algorithms : MPPC-8K, MPPC-64K, NCRUSH and XCRUSH.

	This code supports all except NCRUSH.
	The MPPC compression ratio is very similar to LZSS, so this could be quite useful for shellcode trying to evade detection.

	NCRUSH compression appears to work but fails for decompression.
	// LZ77 compression / decompression algorithm
	// this is the compression Microsoft used in Windows .HLP and .MRB files

	// It is also used with Install Shield files. These files are
	// recognizable by the letters SZDD in the first 4 bytes. The file
	// names for files compressed in this way are usually the name of the
	// file as it would be installed but with the last character replaced
	// by '_'

	// This program is a complete hack. I am not responsible for the

	/**

	ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

	00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 0A, 0B, 0C, 0D, 0E, 0F,
	10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 1A, 1B, 1C, 1D, 1E, 1F,
	20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 2A, 2B, 2C, 2D, 2E, 2F,
	30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 3A, 3B, 3C, 3D, 3E, 3F,
	/****************************************************************
	jB's ECDLP Solver v0.02

	ECDLP solver over F(p) using Pollard's Rho algorithm,
	as described in Guide to Elliptic Curve Cryptography,
	by Darrel Hankerson, Alfred Menezes and Scott Vanstone.

	You will need MIRACL to compile it.

	If you find bugs, have ideas to improve it, or simply want
	#include <stdio.h>
	#include <stdlib.h>
	#include <uv.h>
	#include <curl/curl.h>

	uv_loop_t *loop;
	CURLM *curl_handle;
	uv_timer_t timeout;

	typedef struct curl_context_s {