Александр HoShiMin
- Telegram: @HoShiMin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <ntstatus.h> | |
| #define NOMINMAX | |
| #define WIN32_NO_STATUS | |
| #define WIN32_LEAN_AND_MEAN | |
| #include <Windows.h> | |
| #include <winternl.h> | |
| #pragma comment(lib, "ntdll.lib") |
HoShiMin
/ SyscallStub.asm
Last active
November 25, 2021 21:53
Syscalls caller for NativeAPI functions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; You should define the 'AMD64' MASM-preprocessor definition | |
| ; at the 'General' MASM properties page in the project properties (for the x64 only). | |
| IFNDEF AMD64 | |
| .686P | |
| .XMM | |
| .MODEL FLAT, STDCALL | |
| ENDIF | |
| .CODE |
HoShiMin
/ StringsAPI.cpp
Last active
February 20, 2024 15:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define WIN32_LEAN_AND_MEAN | |
| #define WIN32_NO_STATUS | |
| #include <windows.h> | |
| #undef WIN32_NO_STATUS | |
| #include <string> | |
| #include <sstream> | |
| #include <iomanip> | |
| #include <algorithm> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <vector> | |
| #include <string> | |
| #include "SymParser.h" | |
| // Using Wide-versions of DbgHelp functions: | |
| #define DBGHELP_TRANSLATE_TCHAR | |
| // Expose additional declarations from DbgHelp.h: | |
| #define _NO_CVCONST_H |
HoShiMin
/ ColoredConsole.h
Last active
December 3, 2021 09:43
printf("" $Y "Yellow is %s!" $fill("cool") "");
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #pragma once | |
| #include <Windows.h> | |
| void inline pclr(unsigned short attributes) { | |
| static HANDLE hConsole = NULL; | |
| if (!hConsole) hConsole = GetStdHandle(STD_OUTPUT_HANDLE); | |
| SetConsoleTextAttribute(hConsole, attributes); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| unit EnjoyTheRing0; | |
| interface | |
| uses | |
| Windows, SysUtils, DriversAPI; | |
| // Загрузка и выгрузка драйвера: | |
| function ETR0GetHandlesCount: Integer; // Количество открытых в данный момент дескрипторов драйвера | |
| function ETR0LoadDriver: Boolean; // Загрузить и запустить драйвер |
HoShiMin
/ DbgHelpWrapper.cpp
Created
March 7, 2016 20:30
Ещё один простой парсер PDB на DbgHelp с возможностью загрузки отладочных символов
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #include "DbgHelpWrapper.h" | |
| DbgHelpWrapper::DbgHelpWrapper() { | |
| hProcess = GetCurrentProcess(); | |
| } | |
| DbgHelpWrapper::~DbgHelpWrapper() { | |
| DeinitializeDbgHelp(); |
HoShiMin
/ DIAWrapper.cpp
Last active
February 16, 2019 21:07
Удобный парсер PDB-файлов с помощью DIA (входит в Windows Kits)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #include "DIAWrapper.h" | |
| // Очистка ресурсов: | |
| VOID DIAWrapper::Cleanup() { | |
| if (pGlobalSymbol) pGlobalSymbol -> Release(); | |
| if (pDiaSession) pDiaSession -> Release(); | |
| if (pDiaDataSource) pDiaDataSource -> Release(); | |
| pGlobalSymbol = NULL; |
HoShiMin
/ WinTrust.pas
Created
January 26, 2016 21:35
Функция для проверки валидности цифровой подписи бинарника
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| unit WinTrust; | |
| interface | |
| uses | |
| Windows, System.SysUtils; | |
| // Проверить валидность цифровой подписи: | |
| function IsFileTrusted(const FileName: string): Boolean; |
HoShiMin
/ HashMaster.pas
Created
December 14, 2015 15:29
Распараллеленная хэшировалка на основе cHash
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| unit HashMaster; | |
| interface | |
| uses | |
| Windows, Classes, System.SysUtils, System.Threading, cHash, CodepageAPI; | |
| type | |
| THashTask = record | |
| Calculate : Boolean; |
NewerOlder