Barakat Barakat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _WIN32_WINNT 0x0600 // Windows Vista | |
| #define WIN32_LEAN_AND_MEAN | |
| #include <windows.h> | |
| #include <bcrypt.h> | |
| #include <cstddef> | |
| #include <memory> | |
| #include <cassert> | |
| #pragma comment(lib, "bcrypt.lib") |
Barakat
/ Windows95.asm
Created
January 19, 2019 08:29
Visual Studio 2005 CRT imports IsDebuggerPresent which is missing on Windows 95. This is a workaround, compile the following code as static library and pass it to the linker before kernel32.lib
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .386 | |
| .model flat | |
| extern _IsDebuggerPresentProxy@0:proc | |
| public __imp__IsDebuggerPresent@0 | |
| public _IsDebuggerPresent@0 | |
| .data |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #pragma warning(push) | |
| #pragma warning(disable: 4996) | |
| bool RunningAsAdmin() | |
| { | |
| OSVERSIONINFOA os_version_information; | |
| os_version_information.dwOSVersionInfoSize = sizeof(os_version_information); | |
| GetVersionExA(&os_version_information); |
Barakat
/ kernel-shellcode.cpp
Created
December 27, 2018 19:55
Windows x64 shellcode for locating the base address of ntoskrnl.exe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <wdm.h> | |
| __declspec(dllexport) | |
| __declspec(noinline) | |
| void* | |
| GetNtoskrnlBaseAddress() | |
| { | |
| // | |
| // From Windows Internals part 1, chapter 2: | |
| // |
Barakat
/ shellcode.cpp
Last active
December 26, 2018 19:27
Locating KERNEL32.DLL base address shellcode for x86 and x64 using C++
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <winternl.h> | |
| #include <cassert> | |
| __declspec(dllexport) | |
| __declspec(noinline) | |
| void* | |
| __stdcall | |
| GetKernel32BaseAddress() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <ntdef.h> | |
| #include <cstdint> | |
| #include <cassert> | |
| #include <cstring> | |
| #include <cstdio> | |
| typedef enum | |
| { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cl /MT /LD winmm.c User32.lib Advapi32.lib | |
| mkdir "\\?\C:\Windows " | |
| mkdir "\\?\C:\Windows \System32" | |
| copy "C:\Windows\System32\WinSAT.exe" "C:\Windows \System32\" | |
| copy "winmm.dll" "C:\Windows \System32\" | |
| "C:\Windows \System32\WinSAT.exe" |
Barakat
/ alloc-executable-memory.cpp
Created
November 11, 2018 16:37
Allocate executable memory by creating a memory section with CreateFileMapping and MapViewOfFile
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <cinttypes> | |
| int main() | |
| { | |
| static uint8_t code[] = { | |
| 0x90, // nop | |
| 0x90, // nop | |
| 0xc3 // ret | |
| }; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| typedef struct _Object | |
| { | |
| int x; | |
| int y; | |
| } Object; | |
| void |
Barakat
/ kill-msi-logo-leds.cpp
Last active
July 28, 2018 16:20
Kill MSI logo LEDs in MSI GTX 980 Ti Graphics Card
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| typedef bool (__stdcall *NDA_SetIlluminationParm_t)(int adapter_index, int attribute, int value); | |
| typedef bool (__stdcall *NDA_GetIlluminationParm_t)(int adapter_index, int attribute, int *value); | |
| typedef bool (__stdcall *NDA_GetGPUCounts_t)(int *gpu_count); | |
| typedef bool (__stdcall *NDA_Initialize_t)(); | |
| typedef bool (__stdcall *NDA_Unload_t)(); | |
| int | |
| main() |