Skip to content

Instantly share code, notes, and snippets.

@namazso
namazso / CMakeLists.txt
Created March 26, 2024 10:22
Universal function proxy
cmake_minimum_required(VERSION 3.28)
project(untitled C ASM)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_ASM_COMPILE_OPTIONS_MSVC_RUNTIME_LIBRARY_MultiThreaded "")
set(CMAKE_ASM_COMPILE_OPTIONS_MSVC_RUNTIME_LIBRARY_MultiThreadedDLL "")
set(CMAKE_ASM_COMPILE_OPTIONS_MSVC_RUNTIME_LIBRARY_MultiThreadedDebug "")
set(CMAKE_ASM_COMPILE_OPTIONS_MSVC_RUNTIME_LIBRARY_MultiThreadedDebugDLL "")
@janoglezcampos
janoglezcampos / find_function.cpp
Last active August 29, 2022 09:24
Find non exported functions in a module using masks.
#include <windows.h>
#include <stdio.h>
#include <psapi.h>
typedef char * (*ParseHeaders)(LPCSTR, int *);
BOOL bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for (; *szMask; ++szMask, ++pData, ++bMask)
if (*szMask == 'x' && *pData != *bMask)
@odzhan
odzhan / lsa_extension.md
Last active July 31, 2022 23:10
LSA Extension Internals

LSA Extension Internals

About

I want to use lsasrv!LsaProtectMemory() inside the LSASS process to encrypt a block of memory and return the ciphertext. It's part of the LsapLsasrvIfTable interface in lsasrv.dll, but unless I'm mistaken can only be accessed by another LSA extension using the lsasrv!QueryLsaInterface() function. The following text is some basic information about the internal structures.

LsapLsasrvIfTable:
  dq offset LsaProtectMemory
  dq offset LsaUnprotectMemory

dq offset LsaIFreeReturnBuffer

#define _CRT_SECURE_NO_WARNINGS
#include <iostream>
#include <windows.h>
#include <psapi.h>
typedef struct _PS_ATTRIBUTE {
ULONG Attribute;
SIZE_T Size;
union {
@aaaddress1
aaaddress1 / memBruteforce.cpp
Last active February 20, 2024 11:16
Windows 32-bit Shellcode Design without TEB & fs:30h
// memBruteforce.cpp by [email protected]
// brute search loaded moudules in memory
// rewrite from https://www.exploit-db.com/exploits/45293
#include <Windows.h>
#include <iostream>
#pragma warning(disable:4996)
bool isMemExist(size_t addr) {
int retv;
__asm {
@alfarom256
alfarom256 / peb_ldr.h
Last active November 7, 2024 18:47
*Improved* header-only hash-based function resolution pt 3: LdrpHashTable
#pragma once
#include <Windows.h>
#include <winnt.h>
#include <winternl.h>
static BYTE prelude1[7]{
0x4D, 0x8d, 0x4b, 0xf0, // lea r9, [r11-10h]
0x45, 0x33, 0xc0 // xor r8d, r8d
};
@mrexodia
mrexodia / LowUtilities.cpp
Last active September 20, 2023 08:09 — forked from D4stiny/LowUtilities.cpp
A dependency-less implementation of GetModuleHandle and GetProcAddress.
//
// An implementation of GetModuleHandle and GetProcAddress that works with manually mapped modules, forwarded exports,
// without a CRT standard library, and uses no Windows API or dependencies.
//
// Author: Bill Demirkapi
// License: MIT, appended at the bottom of this document if you care about licensing and want to credit me in your own project.
//
#include <Windows.h>
#include <winternl.h>
@TheWover
TheWover / process_list_without_handles.cpp
Created June 2, 2021 21:03 — forked from lpBunny/process_list_without_handles.cpp
List process information including process architecture and username without opening any handles
/*
*
* List process information on windows without opening any handles, including process architecture and username
*
*/
#include <Windows.h>
#include <stdio.h>
#include <math.h>
@G0ldenGunSec
G0ldenGunSec / EnumCLR.c
Last active February 23, 2024 10:37
Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.
#include <string.h>
#include <stdio.h>
#include <windows.h>
#include <psapi.h>
#include "beacon.h"
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcesses(DWORD *, DWORD, LPDWORD);
DECLSPEC_IMPORT WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess(DWORD, BOOL, DWORD);
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcessModulesEx(HANDLE, HMODULE*, DWORD, LPDWORD, DWORD);
@fay59
fay59 / Quirks of C.md
Last active September 4, 2024 23:07
Quirks of C

Here's a list of mildly interesting things about the C language that I learned mostly by consuming Clang's ASTs. Although surprises are getting sparser, I might continue to update this document over time.

There are many more mildly interesting features of C++, but the language is literally known for being weird, whereas C is usually considered smaller and simpler, so this is (almost) only about C.

1. Combined type and variable/field declaration, inside a struct scope [https://godbolt.org/g/Rh94Go]

struct foo {
   struct bar {
 int x;