This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // How to locate the WOW64 Callback Table in ntdll.dll | |
| // | |
| // @modexpblog | |
| // | |
| #define PHNT_VERSION PHNT_VISTA | |
| #include <phnt_windows.h> | |
| #include <phnt.h> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // LZ77 compression / decompression algorithm | |
| // this is the compression Microsoft used in Windows *.HLP and *.MRB files | |
| // It is also used with Install Shield files. These files are | |
| // recognizable by the letters SZDD in the first 4 bytes. The file | |
| // names for files compressed in this way are usually the name of the | |
| // file as it would be installed but with the last character replaced | |
| // by '_' | |
| // This program is a complete hack. I am not responsible for the |
reiterjr
/ rdp_pack.cpp
Created
January 1, 2024 16:19
— forked from odzhan/rdp_pack.cpp
Compression using RDP API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| Compression using undocumented API in rdpbase.dll | |
| RDPCompressEx supports four algorithms : MPPC-8K, MPPC-64K, NCRUSH and XCRUSH. | |
| This code supports all except NCRUSH. | |
| The MPPC compression ratio is very similar to LZSS, so this could be quite useful for shellcode trying to evade detection. | |
| NCRUSH compression appears to work but fails for decompression. |
reiterjr
/ nobackspace.c
Created
April 27, 2023 01:54
— forked from lnicola/nobackspace.c
Windows keyboard filter driver that makes the backspace stop working
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*-- | |
| Copyright (c) Microsoft Corporation. All rights reserved. | |
| THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY | |
| KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE | |
| IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR | |
| PURPOSE. | |