Barakat Barakat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #pragma warning(push) | |
| #pragma warning(disable: 4996) | |
| bool RunningAsAdmin() | |
| { | |
| OSVERSIONINFOA os_version_information; | |
| os_version_information.dwOSVersionInfoSize = sizeof(os_version_information); | |
| GetVersionExA(&os_version_information); |
Barakat
/ Windows95.asm
Created
January 19, 2019 08:29
Visual Studio 2005 CRT imports IsDebuggerPresent which is missing on Windows 95. This is a workaround, compile the following code as static library and pass it to the linker before kernel32.lib
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .386 | |
| .model flat | |
| extern _IsDebuggerPresentProxy@0:proc | |
| public __imp__IsDebuggerPresent@0 | |
| public _IsDebuggerPresent@0 | |
| .data |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _WIN32_WINNT 0x0600 // Windows Vista | |
| #define WIN32_LEAN_AND_MEAN | |
| #include <windows.h> | |
| #include <bcrypt.h> | |
| #include <cstddef> | |
| #include <memory> | |
| #include <cassert> | |
| #pragma comment(lib, "bcrypt.lib") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef MBEDTLS_CONFIG_H | |
| #define MBEDTLS_CONFIG_H | |
| #define MBEDTLS_PLATFORM_C | |
| #define MBEDTLS_GCM_C | |
| #define MBEDTLS_PKCS1_V15 | |
| #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | |
| #define MBEDTLS_SSL_PROTO_TLS1_2 | |
| #define MBEDTLS_AES_C | |
| #define MBEDTLS_ASN1_PARSE_C |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!python | |
| # -*- coding: utf-8 -*- | |
| import struct | |
| import socket | |
| import logging | |
| import sys | |
| logging.basicConfig(stream=sys.stdout, level=logging.DEBUG) | |
Barakat
/ tcpview.cpp
Created
February 5, 2019 11:13
TCPView like example. It only displays IP4 TCP connections but you can extend it easily.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iphlpapi.h> | |
| #include <cstdio> | |
| #pragma comment(lib, "iphlpapi.lib") | |
| static void Ip4ToString(DWORD ip4, char ip4_string[16]) | |
| { | |
| if (ip4 == 0) | |
| { |
Barakat
/ emulator-extended-x64.py
Last active
May 4, 2022 10:26
Emulating x64 machine code using Unicorn (A CPU scriptable emulator)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!python3 | |
| # -*- coding: utf-8 -*- | |
| # pip install unicorn | |
| import unicorn | |
| import unicorn.x86_const | |
| import struct | |
| def required_mapping_size(size): | |
| page_size = 4096 |
Barakat
/ egg-hunter.cpp
Last active
August 31, 2019 21:10
Egg hunter shellcode that performs "linear search" looking for an egg shellcode and executes it
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <cassert> | |
| #include <cstring> | |
| #include <cstdio> | |
| #include <cinttypes> | |
| #include <random> | |
| int main() | |
| { | |
| static const unsigned char hunter_shellcode[] = { |
Barakat
/ simd-dot-product.cpp
Last active
March 27, 2019 20:38
Optimized dot product using SSE and AVX
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "pch.h" | |
| #include <xmmintrin.h> | |
| #include <immintrin.h> | |
| #include <random> | |
| #include <chrono> | |
| #include <chrono> | |
| #include <functional> | |
| #include <cstdio> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <wdm.h> | |
| #ifndef _X86_ | |
| #error "Only x86 is supported" | |
| #endif | |
| // | |
| // If you disassemble any service, you will see that it moves the service index to EAX in the first | |
| // instruction. The index is right after the first byte of the MOV opcode. This behavior looks stable | |
| // and is used by Sysinternals Procmon. |