B8 ?? ?? ?? ?? mov eax, ??
BA 00 03 FE 7F mov edx, 7FFE0300h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <iostream> | |
#include <thread> | |
#include <cstdlib> | |
#include <cstdint> | |
#include <cinttypes> | |
static uint64_t win = 0; | |
static uint64_t loss = 0; | |
void thread_printer() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Tested on freshly installed Ubuntu 16.04 (amd64) | |
# with VirtualBox 5.1.14 code base. | |
# | |
# | |
# Note: | |
# After a build, there was VBoxDD.so file missing in the | |
# out/linux.amd64/release/bin folder. | |
# The file is located in the out/linux.amd64/release/obj/VBoxDD folder, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// Merge .CRT section to .rdata (read only) | |
// | |
#pragma comment(linker, "/merge:.CRT=.rdata") | |
// | |
// Define variables marking the begin and the end | |
// of the TLS callback array. | |
// |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
typedef enum _SYSTEM_DLL_TYPE | |
{ | |
PsNativeSystemDll = 0, | |
PsWowX86SystemDll = 1, | |
PsWowArm32SystemDll = 2, | |
PsWowAmd64SystemDll = 3, | |
PsWowChpeX86SystemDll = 4, | |
PsVsmEnclaveRuntimeDll = 5, | |
PsSystemDllTotalTypes = 6, | |
} SYSTEM_DLL_TYPE; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// sizeof=0x50, align=0x8 | |
// | |
typedef struct _PS_SYSTEM_DLL_DATA { | |
// | |
// +0x00 | |
// | |
// _SECTION* object of the DLL. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
typedef struct _PS_NTDLL_EXPORT_ITEM { | |
PCSTR RoutineName; | |
PVOID RoutineAddress; | |
} PS_NTDLL_EXPORT_ITEM, *PPS_NTDLL_EXPORT_ITEM; | |
PS_NTDLL_EXPORT_ITEM NtdllExports[] = { | |
// | |
// 19 exports on x64 | |
// 14 exports on ARM64 | |
// |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//////////////////////////////////////////////////////////////////////////////// | |
// General definitions. | |
//////////////////////////////////////////////////////////////////////////////// | |
// | |
// Context flags. | |
// winnt.h (Windows SDK) | |
// |
OlderNewer