This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1: kd> u ffff818a`4f400000 L20 | |
ffff818a`4f400000 65488b142588010000 mov rdx,qword ptr gs:[188h] | |
ffff818a`4f400009 4c8b82b8000000 mov r8,qword ptr [rdx+0B8h] | |
ffff818a`4f400010 4d8b88e8020000 mov r9,qword ptr [r8+2E8h] | |
ffff818a`4f400017 498b09 mov rcx,qword ptr [r9] | |
ffff818a`4f40001a 488b51f8 mov rdx,qword ptr [rcx-8] | |
ffff818a`4f40001e 3400 xor al,0 | |
ffff818a`4f400020 4883fa04 cmp rdx,4 | |
ffff818a`4f400024 7407 je ffff818a`4f40002d | |
ffff818a`4f400026 3400 xor al,0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kd> dt nt!_PS_PROTECTED_TYPE | |
PsProtectedTypeNone = 0n0 | |
PsProtectedTypeProtectedLight = 0n1 | |
PsProtectedTypeProtected = 0n2 | |
PsProtectedTypeMax = 0n3 | |
kd> dt nt!_PS_PROTECTED_SIGNER | |
PsProtectedSignerNone = 0n0 | |
PsProtectedSignerAuthenticode = 0n1 | |
PsProtectedSignerCodeGen = 0n2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
struct _OBJECT_HEADER [sizeof = 56] { | |
data +0x00 [sizeof=8] __int64 PointerCount | |
data +0x08 [sizeof=8] __int64 HandleCount | |
data +0x08 [sizeof=8] void* NextToFree | |
data +0x10 [sizeof=8] _EX_PUSH_LOCK Lock | |
data +0x18 [sizeof=1] unsigned char TypeIndex | |
data +0x19 [sizeof=1] unsigned char TraceFlags | |
data +0x19 [sizeof=1] unsigned char DbgRefTrace : 1 | |
data +0x19 [sizeof=1] unsigned char DbgTracePermanent : 1 | |
data +0x1a [sizeof=1] unsigned char InfoMask |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
::https://llvm.org/docs/CommandGuide/llvm-pdbutil.html | |
@echo off | |
:main | |
setlocal enableextensions | |
if [%1]==[] goto usage | |
if [%2]==[] goto usage | |
if [%3]==[] goto usage | |
if [%4]==[] goto usage | |
set vstudio="C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\devenv.exe" | |
set first_pdb=%1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
typedef struct _OBJECT_CALLBACK_ENTRY_COMMON { | |
LIST_ENTRY CallbackList; | |
OB_OPERATION Operations; | |
ULONG Active; | |
PVOID Handle; | |
POBJECT_TYPE ObjectType; | |
POB_PRE_OPERATION_CALLBACK PreOperation; | |
POB_POST_OPERATION_CALLBACK PostOperation; | |
} OBJECT_CALLBACK_ENTRY_COMMON, *POBJECT_CALLBACK_ENTRY_COMMON; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
KiSetupForInstrumentationReturn proc near | |
mov rax, gs:188h ; Get current thread | |
mov rdx, [rax+0B8h] ; Thread->Process | |
mov r8, [rdx+2C8h] ; Process->Pcb.InstrumentationCallback | |
test r8, r8 | |
jnz CallbackPresent | |
Exit: | |
retn | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <Ntifs.h> | |
typedef enum _PROCESS_INFORMATION_CLASS { | |
ProcessMemoryPriority, | |
ProcessMemoryExhaustionInfo, | |
ProcessAppMemoryInfo, | |
ProcessInPrivateInfo, | |
ProcessEDPStateInfo, | |
ProcessInformationClassMax | |
} PROCESS_INFORMATION_CLASS; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if ( !RegOpenKeyExW(v1, L"Software\\Microsoft\\Symbol Server", 0, 0x20019u, &hKey) ) | |
{ | |
cbData = REG_DWORD; | |
Type = REG_DWORD; | |
v14 = RegQueryValueExW(hKey, L"NoInternetProxy", 0i64, &Type, Data, &cbData); | |
v15 = g_NoProxy; | |
if ( !v14 ) | |
v15 = *(_DWORD *)Data; | |
g_NoProxy = v15; | |
RegCloseKey(hKey); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if ( g_NoProxy ) | |
goto set_no_proxy_parameters; | |
pszProxyW = Str1; | |
if ( Str1 ) | |
{ | |
if ( !wcscmp(Str1, L"SymSrvDirectProxy") ) | |
{ | |
set_no_proxy_parameters: | |
v6 = v21; | |
dwAccessType = 1; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using EnvDTE; | |
using EnvDTE80; | |
public class E : VisualCommanderExt.IExtension | |
{ | |
public void SetSite(EnvDTE80.DTE2 DTE_, Microsoft.VisualStudio.Shell.Package package) | |
{ | |
DTE = DTE_; | |
events = DTE.Events; | |
documentEvents = events.DocumentEvents; |
NewerOlder