rad9800
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdint.h> //for int8_t | |
| #include <string.h> //for memcmp | |
| #include <wmmintrin.h> //for intrinsics for AES-NI | |
| //compile using gcc and following arguments: -g;-O0;-Wall;-msse2;-msse;-march=native;-maes | |
| //internal stuff | |
| //macros | |
| #define DO_ENC_BLOCK(m,k) \ | |
| do{\ |
mattifestation
/ TLGMetadataParser.psm1
Last active
January 18, 2024 17:21
Retrieves TraceLogging metadata from a file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -version 5 | |
| <# | |
| The things you find on Google searching for specific GUIDs... | |
| Known Keyword friendly names: | |
| "UTC:::CATEGORYDEFINITION.MS.CRITICALDATA":"140737488355328" | |
| "UTC:::CATEGORYDEFINITION.MS.MEASURES":"70368744177664" | |
| "UTC:::CATEGORYDEFINITION.MS.TELEMETRY":"35184372088832" | |
| "UTC:::CATEGORYDEFINITION.MSWLAN.CRITICALDATA":"2147483648" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <cstdio> | |
| #include <cstdint> | |
| #include <Windows.h> | |
| constexpr auto instruction_bytes_to_skip {1z}; // sizeof(int 3) | |
| constexpr auto first_magic_value {1234z}, second_magic_value {5678z}, magic_return_value {0xABCDz}; | |
| using HashType = std::uint64_t; | |
| [[gnu::always_inline, gnu::pure, nodiscard]] std::uint64_t resolve_api(const HashType module_hash, const HashType api_hash) { | |
| std::uint64_t first_register {}, second_register {}, return_value {}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // How to locate the WOW64 Callback Table in ntdll.dll | |
| // | |
| // @modexpblog | |
| // | |
| #define PHNT_VERSION PHNT_VISTA | |
| #include <phnt_windows.h> | |
| #include <phnt.h> |