This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
void PrintDevType(HANDLE hFile) | |
{ | |
IO_STATUS_BLOCK iosb; | |
FILE_FS_DEVICE_INFORMATION ffdi; | |
if (0 <= NtQueryVolumeInformationFile(hFile, &iosb, &ffdi, sizeof(ffdi), FileFsDeviceInformation)) | |
{ | |
DbgPrint("%x %x\n", ffdi.DeviceType, GetFileType(hFile)); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
extern volatile const UCHAR guz = 0; | |
PCSTR get(ULONG Classification, PSTR buf, ULONG cch) | |
{ | |
switch (Classification) | |
{ | |
case SystemProcessClassificationNormal: return "Normal"; | |
case SystemProcessClassificationSystem: return "System"; | |
case SystemProcessClassificationSecureSystem: return "Secure"; | |
case SystemProcessClassificationMemCompression: return "Compression"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PVOID AccessResource(_In_ PVOID hmod, _In_ PCWSTR pri[], _In_ DWORD level, _Out_opt_ PDWORD pcb) | |
{ | |
if (pcb) *pcb = 0; | |
if (!level) return 0; | |
DWORD size; | |
PVOID resBase = RtlImageDirectoryEntryToData(hmod, FALSE, IMAGE_DIRECTORY_ENTRY_RESOURCE, &size); | |
PIMAGE_RESOURCE_DIRECTORY pird = (PIMAGE_RESOURCE_DIRECTORY)resBase; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lsasrv.dll!long WLsaAddPackage(_UNICODE_STRING *,_SECURITY_PACKAGE_OPTIONS *) | |
lsasrv.dll!long LpcAddPackage(_SPM_LPC_MESSAGE *) + 82 | |
lsasrv.dll!long DispatchAPI(_SPM_LPC_MESSAGE *) + 90 | |
lsasrv.dll!unsigned long LpcHandler(void *,void *,_SECPKG_APP_MODE_INFO *) + 195 | |
sspisrv.dll!SspirCallRpc + b2 | |
rpcrt4.dll!Invoke + 73 | |
rpcrt4.dll!long Ndr64StubWorker(void *,void *,_RPC_MESSAGE *,_MIDL_SERVER_INFO_ *,long (*const *)(void),_MIDL_SYNTAX_INFO *,unsigned long *) + b8a | |
rpcrt4.dll!NdrServerCallAll + 3c | |
rpcrt4.dll!DispatchToStubInCNoAvrf + 22 | |
rpcrt4.dll!long RPC_INTERFACE::DispatchToStubWorker(_RPC_MESSAGE *,unsigned int,int,long *) + 1b4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NTSTATUS BuildSupplementalCredential(_In_ MSV1_0_SUPPLEMENTAL_CREDENTIAL_V3* pmsc, | |
_Out_ PSECPKG_SUPPLEMENTAL_CRED_ARRAY* pSupplementalCredentials) | |
{ | |
union { | |
PVOID buf; | |
PSECPKG_SUPPLEMENTAL_CRED_ARRAY SupplementalCredentials; | |
PUCHAR pc; | |
PMSV1_0_SUPPLEMENTAL_CREDENTIAL_V3 pmsvsc; | |
PWSTR psz; | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
void mm(ULONG s) | |
{ | |
alloca(s); | |
} | |
void DumpStackRegion() | |
{ | |
MEMORY_BASIC_INFORMATION mbi; | |
if (VirtualQuery(_AddressOfReturnAddress(), &mbi, sizeof(mbi))) | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Threads=8 Loops=99999 shared/exlusive=8 release/convert=4 | |
[ SRW ] | |
time = 891 | |
08: 00000009 | |
07: 00000116 | |
06: 00000627 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
struct ThreadTestData | |
{ | |
HANDLE hEvent; | |
SRWLOCK SRWLock = {}; | |
LONG numThreads = 1; | |
LONG readCounter = 0; | |
void EndThread() | |
{ | |
if (!InterlockedDecrementNoFence(&numThreads)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
void PrintNameByToken(HANDLE hToken) | |
{ | |
ULONG cb; | |
SE_TOKEN_USER user; | |
NTSTATUS status = NtQueryInformationToken(hToken, TokenUser, &user, sizeof(user), &cb); | |
if (0 <= status) | |
{ | |
LSA_OBJECT_ATTRIBUTES oa = { sizeof(oa) }; | |
HANDLE hPolicy; | |
if (0 <= (status = LsaOpenPolicy(0, &oa, POLICY_LOOKUP_NAMES, &hPolicy))) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#ifdef _X86_ | |
#pragma warning(disable: 4483) // Allow use of __identifier | |
#define __imp_OpenEventW __identifier("_imp__OpenEventW") | |
#define __imp_OpenMutexW __identifier("_imp__OpenMutexW") | |
#endif | |
struct funcRef { | |
PCSTR funcName; | |
LONG numCalls; | |
}; |
NewerOlder