Skip to content

Instantly share code, notes, and snippets.

View rbmm's full-sized avatar

rbmm rbmm

143 followers · 0 following
View GitHub Profile
@rbmm
rbmm / gist:f1312c9013865e7d080116917c94c94e
Created May 3, 2024 20:09
typedef struct PROCESS_DISK_COUNTERS
{
ULONGLONG BytesRead;
ULONGLONG BytesWritten;
ULONGLONG ReadOperationCount;
ULONGLONG WriteOperationCount;
ULONGLONG FlushOperationCount;
} *PPROCESS_DISK_COUNTERS;
typedef union ENERGY_STATE_DURATION
@rbmm
rbmm / gist:5d90a2cc4d716825c12f57475993450b
Last active April 29, 2024 21:37
PVOID AccessResource(_In_ PVOID hmod, _In_ PCWSTR pri[], _In_ DWORD level, _Out_opt_ PDWORD pcb)
{
if (pcb) *pcb = 0;
if (!level) return 0;
DWORD size;
PVOID resBase = RtlImageDirectoryEntryToData(hmod, FALSE, IMAGE_DIRECTORY_ENTRY_RESOURCE, &size);
PIMAGE_RESOURCE_DIRECTORY pird = (PIMAGE_RESOURCE_DIRECTORY)resBase;
@rbmm
rbmm / gist:9f539b6a50142df04188ee59d171ffc7
Created April 19, 2024 08:19
lsasrv.dll!long WLsaAddPackage(_UNICODE_STRING *,_SECURITY_PACKAGE_OPTIONS *)
lsasrv.dll!long LpcAddPackage(_SPM_LPC_MESSAGE *) + 82
lsasrv.dll!long DispatchAPI(_SPM_LPC_MESSAGE *) + 90
lsasrv.dll!unsigned long LpcHandler(void *,void *,_SECPKG_APP_MODE_INFO *) + 195
sspisrv.dll!SspirCallRpc + b2
rpcrt4.dll!Invoke + 73
rpcrt4.dll!long Ndr64StubWorker(void *,void *,_RPC_MESSAGE *,_MIDL_SERVER_INFO_ *,long (*const *)(void),_MIDL_SYNTAX_INFO *,unsigned long *) + b8a
rpcrt4.dll!NdrServerCallAll + 3c
rpcrt4.dll!DispatchToStubInCNoAvrf + 22
rpcrt4.dll!long RPC_INTERFACE::DispatchToStubWorker(_RPC_MESSAGE *,unsigned int,int,long *) + 1b4
@rbmm
rbmm / gist:60d0944b1bb19df5fa213edcf9732ed4
Created April 19, 2024 00:17
NTSTATUS BuildSupplementalCredential(_In_ MSV1_0_SUPPLEMENTAL_CREDENTIAL_V3* pmsc,
_Out_ PSECPKG_SUPPLEMENTAL_CRED_ARRAY* pSupplementalCredentials)
{
union {
PVOID buf;
PSECPKG_SUPPLEMENTAL_CRED_ARRAY SupplementalCredentials;
PUCHAR pc;
PMSV1_0_SUPPLEMENTAL_CREDENTIAL_V3 pmsvsc;
PWSTR psz;
};
@rbmm
rbmm / gist:2419121a7ae8857dbad3c5bb50d9d7e5
Created April 12, 2024 21:23
void mm(ULONG s)
{
alloca(s);
}
void DumpStackRegion()
{
MEMORY_BASIC_INFORMATION mbi;
if (VirtualQuery(_AddressOfReturnAddress(), &mbi, sizeof(mbi)))
{
@rbmm
rbmm / gist:10c5eda3547786bb90a81d66c94f193f
Created March 5, 2024 21:58
Threads=8 Loops=99999 shared/exlusive=8 release/convert=4
[ SRW ]
time = 891
08: 00000009
07: 00000116
06: 00000627
@rbmm
rbmm / gist:678abaa008f12aaf1851e5df6e670515
Last active March 2, 2024 00:20
struct ThreadTestData
{
HANDLE hEvent;
SRWLOCK SRWLock = {};
LONG numThreads = 1;
LONG readCounter = 0;
void EndThread()
{
if (!InterlockedDecrementNoFence(&numThreads))
@rbmm
rbmm / gist:3a4c80b45f87a11654cf4458d7418981
Created February 19, 2024 21:36
void PrintNameByToken(HANDLE hToken)
{
ULONG cb;
SE_TOKEN_USER user;
NTSTATUS status = NtQueryInformationToken(hToken, TokenUser, &user, sizeof(user), &cb);
if (0 <= status)
{
LSA_OBJECT_ATTRIBUTES oa = { sizeof(oa) };
HANDLE hPolicy;
if (0 <= (status = LsaOpenPolicy(0, &oa, POLICY_LOOKUP_NAMES, &hPolicy)))
@rbmm
rbmm / gist:5036188ed2a2e3004fdb12aa980a8a04
Created February 18, 2024 09:29
#ifdef _X86_
#pragma warning(disable: 4483) // Allow use of __identifier
#define __imp_OpenEventW __identifier("_imp__OpenEventW")
#define __imp_OpenMutexW __identifier("_imp__OpenMutexW")
#endif
struct funcRef {
PCSTR funcName;
LONG numCalls;
};
@rbmm
rbmm / gist:7fd88329330e72d9922934b2a1a15e38
Last active February 15, 2024 15:33
// public flags for ExInitializeFastResource
//
#define EX_FAST_RESOURCE_ENABLE_LEGACY_APIS 1
// private, internal flags ReservedLowFlags
//
#define FAST_RESOURCE 0x01
#define FAST_RESOURCE_ENABLE_LEGACY_APIS 0x40
NTSTATUS ExInitializeFastResource( _Out_ PERESOURCE Resource, _In_ ULONG dwFlags )