rbmm rbmm

## gist:0aaa205350f959832bdcc505089c8220
	if (HCERTSTORE hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
		CERT_STORE_OPEN_EXISTING_FLAG|CERT_STORE_READONLY_FLAG|
		CERT_SYSTEM_STORE_LOCAL_MACHINE, L"root"))
	{
		PCCERT_CONTEXT pCertContext = 0;
		while (pCertContext = CertEnumCertificatesInStore(hCertStore, pCertContext))
		{

			UCHAR hash[20];
			ULONG cb = sizeof(hash);

## gist:d2de710d29ef67a6fb63cd4c8392a27e
typedef struct KERB_SMARTCARD_CSP_INFO
{
	ULONG dwCspInfoLen;				// size of this structure w/ payload
	ULONG MessageType;				// info type, currently CertHashInfo
	// payload starts, marshaled structure of MessageType
	union {
		PVOID ContextInformation;	// Reserved
		ULONG64 SpaceHolderForWow64;
	};
	ULONG flags;					// Reserved

## gist:251deaca25b3691b0a4a81349ad7e558
************************
//++ObjectSecurity
DACL:
T FL AcessMsK Sid
A 00 000F01FF [S-1-5-18] 'NT AUTHORITY\SYSTEM' [WellKnownGroup]
A 00 00020008 [S-1-5-32-544] 'BUILTIN\Administrators' [Alias]
A 00 000F01FF [S-1-5-32-544] 'BUILTIN\Administrators' [Alias]
A 00 000F01FF [S-1-5-21-3349500742-45979764-2889026240-500] 'AAA\Administrator' [User]
A 00 000F01FF [S-1-5-21-3349500742-45979764-2889026240-1109] 'AAA\Kelly' [User]
LABEL:

## gist:aec18b296956b33580c708faf7beb002
сейчас у нас есть 2 формата ответов ( FAILURE / OK )

<responseHolder>
	<status>FAILURE</status>
	<error>
		<code>%u</code>
		<message>%s</message>
	</error>
</responseHolder>

## gist:649efd3f332ac38a71c0566ef0f332d0
void MinimizeAll(_In_ BOOL bDialogsToo, _In_opt_ HWND hwndMy = 0)
{
	if (HWND hwnd = FindWindowW(L"Shell_TrayWnd", 0))
	{
		ULONG dwProcessId;

		if (GetWindowThreadProcessId(hwnd, &dwProcessId))
		{
			AllowSetForegroundWindow(dwProcessId);
			//WCHAR name[0x100];

## gist:f6fb914e74b5a81b448889a25e500365
#include "stdafx.h"

_NT_BEGIN

NTSTATUS CreatePlaceHolder(PCWSTR lpFileName, ULONG SizeOfImage)
{
	struct SEF : IMAGE_DOS_HEADER, IMAGE_NT_HEADERS, IMAGE_SECTION_HEADER
	{
	} y {};

## gist:4789f472c196749b19b49ad0de0e6696
NTSTATUS ShowAuthPackage()
{
	HANDLE hToken;
	NTSTATUS status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, &hToken);
	if (0 <= status)
	{
		TOKEN_STATISTICS ts;
		status = NtQueryInformationToken(hToken, TokenStatistics, &ts, sizeof(ts), &ts.DynamicAvailable);
		NtClose(hToken);

## gist:1afb0938b5cd004e7a78a6d9328d9c6a
#define printf DbgPrint

#ifndef IDC_STATIC
#define IDC_STATIC 65535	// MAXUSHORT
#endif

struct DTimer
{
	HANDLE _M_hTimer = 0;
	LONG _M_dwRefCount = 1;

## gist:0751b4e089c3f67f4e66db97244070a3
struct DTimer
{
	HANDLE _M_hTimer = 0;
	LONG _M_dwRefCount = 1;
	ULONG _M_n = 0;
	ULONG _M_dwThreadId = GetCurrentThreadId();
	LONG _M_stopping = FALSE;

	void AddRef()
	{

## gist:154da2597da2e2464c7e5e1c6126f788
BOOL timer_create(
				  _Outptr_ PHANDLE phTimer,
				  _In_ WAITORTIMERCALLBACK Callback,
				  _In_opt_ PVOID Parameter,
				  _In_ DWORD DueTime,
				  _In_ DWORD Period
				  );

void timer_release(HANDLE /*hTimer*/);
	if (HCERTSTORE hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
	CERT_STORE_OPEN_EXISTING_FLAG\|CERT_STORE_READONLY_FLAG\|
	CERT_SYSTEM_STORE_LOCAL_MACHINE, L"root"))
	{
	PCCERT_CONTEXT pCertContext = 0;
	while (pCertContext = CertEnumCertificatesInStore(hCertStore, pCertContext))
	{

	UCHAR hash[20];
	ULONG cb = sizeof(hash);
	typedef struct KERB_SMARTCARD_CSP_INFO
	{
	ULONG dwCspInfoLen; // size of this structure w/ payload
	ULONG MessageType; // info type, currently CertHashInfo
	// payload starts, marshaled structure of MessageType
	union {
	PVOID ContextInformation; // Reserved
	ULONG64 SpaceHolderForWow64;
	};
	ULONG flags; // Reserved
	************************
	//++ObjectSecurity
	DACL:
	T FL AcessMsK Sid
	A 00 000F01FF [S-1-5-18] 'NT AUTHORITY\SYSTEM' [WellKnownGroup]
	A 00 00020008 [S-1-5-32-544] 'BUILTIN\Administrators' [Alias]
	A 00 000F01FF [S-1-5-32-544] 'BUILTIN\Administrators' [Alias]
	A 00 000F01FF [S-1-5-21-3349500742-45979764-2889026240-500] 'AAA\Administrator' [User]
	A 00 000F01FF [S-1-5-21-3349500742-45979764-2889026240-1109] 'AAA\Kelly' [User]
	LABEL:
	сейчас у нас есть 2 формата ответов ( FAILURE / OK )

	<responseHolder>
	<status>FAILURE</status>
	<error>
	<code>%u</code>
	<message>%s</message>
	</error>
	</responseHolder>
	void MinimizeAll(_In_ BOOL bDialogsToo, _In_opt_ HWND hwndMy = 0)
	{
	if (HWND hwnd = FindWindowW(L"Shell_TrayWnd", 0))
	{
	ULONG dwProcessId;

	if (GetWindowThreadProcessId(hwnd, &dwProcessId))
	{
	AllowSetForegroundWindow(dwProcessId);
	//WCHAR name[0x100];
	#include "stdafx.h"

	_NT_BEGIN

	NTSTATUS CreatePlaceHolder(PCWSTR lpFileName, ULONG SizeOfImage)
	{
	struct SEF : IMAGE_DOS_HEADER, IMAGE_NT_HEADERS, IMAGE_SECTION_HEADER
	{
	} y {};
	NTSTATUS ShowAuthPackage()
	{
	HANDLE hToken;
	NTSTATUS status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, &hToken);
	if (0 <= status)
	{
	TOKEN_STATISTICS ts;
	status = NtQueryInformationToken(hToken, TokenStatistics, &ts, sizeof(ts), &ts.DynamicAvailable);
	NtClose(hToken);
	#define printf DbgPrint

	#ifndef IDC_STATIC
	#define IDC_STATIC 65535 // MAXUSHORT
	#endif

	struct DTimer
	{
	HANDLE _M_hTimer = 0;
	LONG _M_dwRefCount = 1;
	BOOL timer_create(
	_Outptr_ PHANDLE phTimer,
	_In_ WAITORTIMERCALLBACK Callback,
	_In_opt_ PVOID Parameter,
	_In_ DWORD DueTime,
	_In_ DWORD Period
	);

	void timer_release(HANDLE /hTimer/);