rbmm rbmm

## gist:95e32370d22a628f83e681493d79e437
#ifndef OFFSETOFCLASS
#define OFFSETOFCLASS(base, derived) ((ULONG)((LONG_PTR)(static_cast<base*>((derived*)MINLONG_PTR))-MINLONG_PTR))
#endif

__declspec(noinline) NTSTATUS TestQuery(PVOID pv, ULONG cb, ULONG* rcb)
{
	ULONG s = GetTickCount() ? 0x64 : 0x20;
	DbgPrint("API: 0x%p 0x%x | 0x%p << 0x%x\n", pv, cb, RtlOffsetToPointer(pv, cb), s);
	*rcb = s;
	if (cb < s)

## gist:9a64857ff9d1f80d996c6aff6295459c
#include <ntlsa.h>

VOID CheckWindowsPrivileges(DWORD PID)
{
	if (HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, PID))
	{
		HANDLE hToken;
		BOOL b = OpenProcessToken(hProcess, TOKEN_QUERY, &hToken);
		CloseHandle(hProcess);
		if (b)

## gist:154da2597da2e2464c7e5e1c6126f788
BOOL timer_create(
				  _Outptr_ PHANDLE phTimer,
				  _In_ WAITORTIMERCALLBACK Callback,
				  _In_opt_ PVOID Parameter,
				  _In_ DWORD DueTime,
				  _In_ DWORD Period
				  );

void timer_release(HANDLE /*hTimer*/);

## gist:0751b4e089c3f67f4e66db97244070a3
struct DTimer
{
	HANDLE _M_hTimer = 0;
	LONG _M_dwRefCount = 1;
	ULONG _M_n = 0;
	ULONG _M_dwThreadId = GetCurrentThreadId();
	LONG _M_stopping = FALSE;

	void AddRef()
	{

## gist:1afb0938b5cd004e7a78a6d9328d9c6a
#define printf DbgPrint

#ifndef IDC_STATIC
#define IDC_STATIC 65535	// MAXUSHORT
#endif

struct DTimer
{
	HANDLE _M_hTimer = 0;
	LONG _M_dwRefCount = 1;

## gist:4789f472c196749b19b49ad0de0e6696
NTSTATUS ShowAuthPackage()
{
	HANDLE hToken;
	NTSTATUS status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, &hToken);
	if (0 <= status)
	{
		TOKEN_STATISTICS ts;
		status = NtQueryInformationToken(hToken, TokenStatistics, &ts, sizeof(ts), &ts.DynamicAvailable);
		NtClose(hToken);

## gist:f6fb914e74b5a81b448889a25e500365
#include "stdafx.h"

_NT_BEGIN

NTSTATUS CreatePlaceHolder(PCWSTR lpFileName, ULONG SizeOfImage)
{
	struct SEF : IMAGE_DOS_HEADER, IMAGE_NT_HEADERS, IMAGE_SECTION_HEADER
	{
	} y {};

## gist:649efd3f332ac38a71c0566ef0f332d0
void MinimizeAll(_In_ BOOL bDialogsToo, _In_opt_ HWND hwndMy = 0)
{
	if (HWND hwnd = FindWindowW(L"Shell_TrayWnd", 0))
	{
		ULONG dwProcessId;

		if (GetWindowThreadProcessId(hwnd, &dwProcessId))
		{
			AllowSetForegroundWindow(dwProcessId);
			//WCHAR name[0x100];

## gist:aec18b296956b33580c708faf7beb002
сейчас у нас есть 2 формата ответов ( FAILURE / OK )

<responseHolder>
	<status>FAILURE</status>
	<error>
		<code>%u</code>
		<message>%s</message>
	</error>
</responseHolder>

## gist:251deaca25b3691b0a4a81349ad7e558
************************
//++ObjectSecurity
DACL:
T FL AcessMsK Sid
A 00 000F01FF [S-1-5-18] 'NT AUTHORITY\SYSTEM' [WellKnownGroup]
A 00 00020008 [S-1-5-32-544] 'BUILTIN\Administrators' [Alias]
A 00 000F01FF [S-1-5-32-544] 'BUILTIN\Administrators' [Alias]
A 00 000F01FF [S-1-5-21-3349500742-45979764-2889026240-500] 'AAA\Administrator' [User]
A 00 000F01FF [S-1-5-21-3349500742-45979764-2889026240-1109] 'AAA\Kelly' [User]
LABEL:
	#ifndef OFFSETOFCLASS
	#define OFFSETOFCLASS(base, derived) ((ULONG)((LONG_PTR)(static_cast<base>((derived)MINLONG_PTR))-MINLONG_PTR))
	#endif

	__declspec(noinline) NTSTATUS TestQuery(PVOID pv, ULONG cb, ULONG* rcb)
	{
	ULONG s = GetTickCount() ? 0x64 : 0x20;
	DbgPrint("API: 0x%p 0x%x \| 0x%p << 0x%x\n", pv, cb, RtlOffsetToPointer(pv, cb), s);
	*rcb = s;
	if (cb < s)
	#include <ntlsa.h>

	VOID CheckWindowsPrivileges(DWORD PID)
	{
	if (HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, PID))
	{
	HANDLE hToken;
	BOOL b = OpenProcessToken(hProcess, TOKEN_QUERY, &hToken);
	CloseHandle(hProcess);
	if (b)
	BOOL timer_create(
	_Outptr_ PHANDLE phTimer,
	_In_ WAITORTIMERCALLBACK Callback,
	_In_opt_ PVOID Parameter,
	_In_ DWORD DueTime,
	_In_ DWORD Period
	);

	void timer_release(HANDLE /hTimer/);
	struct DTimer
	{
	HANDLE _M_hTimer = 0;
	LONG _M_dwRefCount = 1;
	ULONG _M_n = 0;
	ULONG _M_dwThreadId = GetCurrentThreadId();
	LONG _M_stopping = FALSE;

	void AddRef()
	{
	#define printf DbgPrint

	#ifndef IDC_STATIC
	#define IDC_STATIC 65535 // MAXUSHORT
	#endif

	struct DTimer
	{
	HANDLE _M_hTimer = 0;
	LONG _M_dwRefCount = 1;
	NTSTATUS ShowAuthPackage()
	{
	HANDLE hToken;
	NTSTATUS status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, &hToken);
	if (0 <= status)
	{
	TOKEN_STATISTICS ts;
	status = NtQueryInformationToken(hToken, TokenStatistics, &ts, sizeof(ts), &ts.DynamicAvailable);
	NtClose(hToken);
	#include "stdafx.h"

	_NT_BEGIN

	NTSTATUS CreatePlaceHolder(PCWSTR lpFileName, ULONG SizeOfImage)
	{
	struct SEF : IMAGE_DOS_HEADER, IMAGE_NT_HEADERS, IMAGE_SECTION_HEADER
	{
	} y {};
	void MinimizeAll(_In_ BOOL bDialogsToo, _In_opt_ HWND hwndMy = 0)
	{
	if (HWND hwnd = FindWindowW(L"Shell_TrayWnd", 0))
	{
	ULONG dwProcessId;

	if (GetWindowThreadProcessId(hwnd, &dwProcessId))
	{
	AllowSetForegroundWindow(dwProcessId);
	//WCHAR name[0x100];
	сейчас у нас есть 2 формата ответов ( FAILURE / OK )

	<responseHolder>
	<status>FAILURE</status>
	<error>
	<code>%u</code>
	<message>%s</message>
	</error>
	</responseHolder>
	************************
	//++ObjectSecurity
	DACL:
	T FL AcessMsK Sid
	A 00 000F01FF [S-1-5-18] 'NT AUTHORITY\SYSTEM' [WellKnownGroup]
	A 00 00020008 [S-1-5-32-544] 'BUILTIN\Administrators' [Alias]
	A 00 000F01FF [S-1-5-32-544] 'BUILTIN\Administrators' [Alias]
	A 00 000F01FF [S-1-5-21-3349500742-45979764-2889026240-500] 'AAA\Administrator' [User]
	A 00 000F01FF [S-1-5-21-3349500742-45979764-2889026240-1109] 'AAA\Kelly' [User]
	LABEL: