Skip to content

Instantly share code, notes, and snippets.

View wyyqyl's full-sized avatar

Stephen Wang wyyqyl

18 followers · 4 following
View GitHub Profile
@wyyqyl
wyyqyl / gist:5228309
Last active December 15, 2015 08:09
void Hook()
{
while (TRUE)
{
PsCreateSystemThread(&hThread, (ACCESS_MASK)0L, NULL, NULL, NULL,
(PKSTART_ROUTINE)HookInt2E, NULL);
KeWaitForSingleObject(&syncEvent, Executive, KernelMode, FALSE, NULL);
if (nIDTHooked == nProcessors)
break;
}
@wyyqyl
wyyqyl / gist:5228315
Last active December 15, 2015 08:09
while (TRUE)
{
CLIENT_ID cid;
PVOID pThread;
PsCreateSystemThread(&hThread, 0L, NULL, NULL, &cid,
(PKSTART_ROUTINE)UnhookInt2E, NULL);
if (hThread)
{
PsLookupThreadByThreadId(cid.UniqueThread, (PETHREAD *)&pThread);
@wyyqyl
wyyqyl / dump.c
Created April 7, 2013 01:44
void Dump(void *ptr, int buflen) {
unsigned char *buf = (unsigned char*)ptr;
int i, j;
for (i=0; i<buflen; i+=16) {
printf("%06x: ", i);
for (j=0; j<16; j++)
if (i+j < buflen)
printf("%02x ", buf[i+j]);
else
printf(" ");
@wyyqyl
wyyqyl / TlsCallback.cpp
Created May 18, 2013 06:33
A code snippet shows how to use Tls callback in VC++
#include <Windows.h>
#include <stdio.h>
VOID NTAPI MyCallback(PVOID handle, DWORD reason, PVOID resv);
#pragma data_seg(".CRT$XLB")
PIMAGE_TLS_CALLBACK tls_entry = MyCallback;
#pragma data_seg()
#pragma comment(linker, "/INCLUDE:__tls_used")
@wyyqyl
wyyqyl / GetAppVersion
Created May 26, 2013 04:34
Disable file system redirection for system32
#include <Windows.h>
#pragma comment(lib, "Version.lib")
BOOL GetAppVersion( char *LibName, WORD *MajorVersion, WORD *MinorVersion, WORD *BuildNumber, WORD *RevisionNumber )
{
DWORD dwHandle, dwLen;
UINT BufLen;
LPTSTR lpData;
VS_FIXEDFILEINFO *pFileInfo;
@wyyqyl
wyyqyl / v8Template.cpp
Created October 25, 2013 07:04
shows the difference between PrototypeTemplate and InstanceTemplate
#include <v8.h>
#include <vld.h>
#include <iostream>
void InvokeCallback(const v8::FunctionCallbackInfo<v8::Value>& args) {
std::cout << "InvokeCallback" << std::endl;
}
void InstanceAccessorCallback(v8::Local<v8::String> property,
const v8::PropertyCallbackInfo<v8::Value>& args) {
@wyyqyl
wyyqyl / ipc.cpp
Created December 24, 2013 07:28
interprocess communication with boost::interprocess
#include <iostream>
#include <boost/interprocess/managed_shared_memory.hpp>
#include <boost/interprocess/ipc/message_queue.hpp>
using namespace boost::interprocess;
const char kSharedMemory[] =
"asdv2_adblock_shared_object_{5095C5F0-D82D-4442-9A62-8769871F42D1}";
const char kMessageQueue[] =
"asdv2_adblock_shared_queue_{5095C5F0-D82D-4442-9A62-8769871F42D1}";
@wyyqyl
wyyqyl / IUnknown.cpp
Created March 25, 2014 13:57
QueryInterface, AddRef, Release
#include <objbase.h>
#include <iostream>
interface IX : IUnknown {
virtual void Fx() = 0;
};
interface IY : IUnknown {
virtual void Fy() = 0;
};
@wyyqyl
wyyqyl / util.cpp
Last active August 29, 2015 13:58
debug utility encapsulating OutputDebugStringA
#include <windows.h>
#include <stdio.h>
#define UID "[yy]"
#define STRINGIZE(x) STRINGIZE2(x)
#define STRINGIZE2(x) #x
#define LINE_STRING STRINGIZE(__LINE__)
#define DEBUG_PREFIX "["__FUNCTION__":"LINE_STRING"] "
@wyyqyl
wyyqyl / FileVersion.cpp
Created April 8, 2014 09:45
Get file version with WIN32 API
// FileVersion.h: interface for the CFileVersion class.
// by Manuel Laflamme
//////////////////////////////////////////////////////////////////////
#ifndef __FILEVERSION_H_
#define __FILEVERSION_H_
#if _MSC_VER >= 1000
#pragma once
#endif // _MSC_VER >= 1000
class CFileVersion {
// Construction