Barakat Barakat
Barakat
/ KbdclassFltrDriver.c
Last active
September 12, 2023 11:02
Kbdclass kernel filter driver to log scan-codes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <wdm.h> | |
| #include <ntddkbd.h> | |
| // | |
| // Per-device object extension | |
| // | |
| typedef struct _DEVICE_EXTENSTION | |
| { | |
| // | |
| // Driver must not be deleted as long as there is a pending IRP |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Run as admin */ | |
| #include <Windows.h> | |
| #include <stdio.h> | |
| int main(void) | |
| { | |
| const HANDLE SharedSection = OpenFileMappingW(FILE_MAP_READ, | |
| FALSE, | |
| L"Global\\ToyDriverSharedSection"); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // sysenter/KiFastCallEntry/IA32_SYSENTER_EIP hooking driver | |
| // | |
| // Barakat Soror (https://twitter.com/barakatsoror) | |
| // | |
| #include <wdm.h> | |
| #include <intrin.h> | |
| #ifndef _X86_ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <wdm.h> | |
| #ifndef _X86_ | |
| #error "Only x86 is supported" | |
| #endif | |
| // | |
| // If you disassemble any service, you will see that it moves the service index to EAX in the first | |
| // instruction. The index is right after the first byte of the MOV opcode. This behavior looks stable | |
| // and is used by Sysinternals Procmon. |
Barakat
/ simd-dot-product.cpp
Last active
March 27, 2019 20:38
Optimized dot product using SSE and AVX
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "pch.h" | |
| #include <xmmintrin.h> | |
| #include <immintrin.h> | |
| #include <random> | |
| #include <chrono> | |
| #include <chrono> | |
| #include <functional> | |
| #include <cstdio> |
Barakat
/ egg-hunter.cpp
Last active
August 31, 2019 21:10
Egg hunter shellcode that performs "linear search" looking for an egg shellcode and executes it
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <cassert> | |
| #include <cstring> | |
| #include <cstdio> | |
| #include <cinttypes> | |
| #include <random> | |
| int main() | |
| { | |
| static const unsigned char hunter_shellcode[] = { |
Barakat
/ emulator-extended-x64.py
Last active
May 4, 2022 10:26
Emulating x64 machine code using Unicorn (A CPU scriptable emulator)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!python3 | |
| # -*- coding: utf-8 -*- | |
| # pip install unicorn | |
| import unicorn | |
| import unicorn.x86_const | |
| import struct | |
| def required_mapping_size(size): | |
| page_size = 4096 |
Barakat
/ tcpview.cpp
Created
February 5, 2019 11:13
TCPView like example. It only displays IP4 TCP connections but you can extend it easily.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iphlpapi.h> | |
| #include <cstdio> | |
| #pragma comment(lib, "iphlpapi.lib") | |
| static void Ip4ToString(DWORD ip4, char ip4_string[16]) | |
| { | |
| if (ip4 == 0) | |
| { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!python | |
| # -*- coding: utf-8 -*- | |
| import struct | |
| import socket | |
| import logging | |
| import sys | |
| logging.basicConfig(stream=sys.stdout, level=logging.DEBUG) | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef MBEDTLS_CONFIG_H | |
| #define MBEDTLS_CONFIG_H | |
| #define MBEDTLS_PLATFORM_C | |
| #define MBEDTLS_GCM_C | |
| #define MBEDTLS_PKCS1_V15 | |
| #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | |
| #define MBEDTLS_SSL_PROTO_TLS1_2 | |
| #define MBEDTLS_AES_C | |
| #define MBEDTLS_ASN1_PARSE_C |