Skip to content

Instantly share code, notes, and snippets.

View reiterjr's full-sized avatar
🎯
Focusing

Jonathan Reiter reiterjr

🎯
Focusing
View GitHub Profile
@reiterjr
reiterjr / wow64.cpp
Created January 1, 2024 16:21 — forked from odzhan/wow64.cpp
WOW64 Callbacks
//
// How to locate the WOW64 Callback Table in ntdll.dll
//
// @modexpblog
//
#define PHNT_VERSION PHNT_VISTA
#include <phnt_windows.h>
#include <phnt.h>
@reiterjr
reiterjr / szdd.c
Created January 1, 2024 16:19 — forked from odzhan/szdd.c
SZDD compression
// LZ77 compression / decompression algorithm
// this is the compression Microsoft used in Windows *.HLP and *.MRB files
// It is also used with Install Shield files. These files are
// recognizable by the letters SZDD in the first 4 bytes. The file
// names for files compressed in this way are usually the name of the
// file as it would be installed but with the last character replaced
// by '_'
// This program is a complete hack. I am not responsible for the
@reiterjr
reiterjr / rdp_pack.cpp
Created January 1, 2024 16:19 — forked from odzhan/rdp_pack.cpp
Compression using RDP API
/**
Compression using undocumented API in rdpbase.dll
RDPCompressEx supports four algorithms : MPPC-8K, MPPC-64K, NCRUSH and XCRUSH.
This code supports all except NCRUSH.
The MPPC compression ratio is very similar to LZSS, so this could be quite useful for shellcode trying to evade detection.
NCRUSH compression appears to work but fails for decompression.
@reiterjr
reiterjr / nobackspace.c
Created April 27, 2023 01:54 — forked from lnicola/nobackspace.c
Windows keyboard filter driver that makes the backspace stop working
/*--
Copyright (c) Microsoft Corporation. All rights reserved.
THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
PURPOSE.