alfarom256

MIIDqDCCApCgAwIBAgIFAKZhPbcwDQYJKoZIhvcNAQELBQAwgYoxFDASBgNVBAYTC1BvcnRTd2lnZ2VyMRQwEgYDVQQIEwtQb3J0U3dpZ2dlcjEUMBIGA1UEBxMLUG9ydFN3aWdnZXIxFDASBgNVBAoTC1BvcnRTd2lnZ2VyMRcwFQYDVQQLEw5Qb3J0U3dpZ2dlciBDQTEXMBUGA1UEAxMOUG9ydFN3aWdnZXIgQ0EwHhcNMTQwNjE1MTcwMzEzWhcNMzEwNjE1MTcwMzEzWjCBijEUMBIGA1UEBhMLUG9ydFN3aWdnZXIxFDASBgNVBAgTC1BvcnRTd2lnZ2VyMRQwEgYDVQQHEwtQb3J0U3dpZ2dlcjEUMBIGA1UEChMLUG9ydFN3aWdnZXIxFzAVBgNVBAsTDlBvcnRTd2lnZ2VyIENBMRcwFQYDVQQDEw5Qb3J0U3dpZ2dlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbA4H8Iw1ASx3s9zX254I/+jsyqiudXwpeOSsTWPIdtWRpofqbxCV0cYbAAzPvUU3i/hM2u69vi9kf2NQMG8mwnGkMwJdCeawFsNw7GnmArMVkXgUgZAIdNAphjf8jyqrcULRIv5fdC9Ewr65mKWePQVf+uz7Zuv8DsnYCu8InijVu6PRf9D7fyyb3BcGpQ3e/4IGflUyE0OuDyHHavFQHzkD6DJeZBIK09zigEFRWzmUZ/RgwxmQW5DdtWTKFU8nZXtVg9+AnVy5e6CKLn3TrTNp8l2AqnLzbmudIMsilYR5sYJDN9G5WhFq70BaV0UwAQw9IpOCAo1+Mxl7KBHBsCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQDAYqgSUyLzecfOcKHttLc8P8I09ec9uScBCyZIut43qY/aIy4nUTucuBM/1g6HEhRN4x3kmiYh336XDYo+d74tHmUlEAuW/eCc3xusP4/EtHuE7

alfarom256

#include <Windows.h>

#define OFFSET_InstrumentationCallbackSp 0x2d0
#define OFFSET_InstrumentationCallbackPreviousPc 0x2d8
#define OFFSET_InstrumentationCallbackPreviousSp 0x2e0
#define OFFSET_InstrumentationCallbackDisabled 0x2ec
#define OFFSET_Instrumentation 0x16b8

typedef struct SyscallInstrumentation {
	BYTE InstrumentationCallbackDisabled;

alfarom256

#[repr(C)]
pub struct LDR_DATA_TABLE_ENTRY<'ldte> {
    pub _reserved0: [PVOID; 2],
    pub in_initialize_order_links: LIST_ENTRY<'ldte>, 
    // removed PVOID[2]
    pub dll_base: PVOID,
    pub entry_point: PVOID,
    pub _reserved1: [PVOID; 3], // Additional 2 PVOID's go here
    pub full_dll_name: UNICODE_STRING,
    pub _reserved3: [u8; 8],

alfarom256

#include <windows.h>
#include <stdio.h>
#include <threadpoolapiset.h>

#define LEN 277

// run calc
unsigned char op[] =
"\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52"
"\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48"

alfarom256

#include <Windows.h>
#include <jobapi2.h>
#include <stdlib.h>
// something something don't use iostream
#include <iostream>
#define IF_ERR(x,y) if(x == y) {std::cout<<"Error! : " << GetLastError() << std::endl; exit(-1);}

int main() {
	int x;
	std::cout << "Enter PID: ";

alfarom256

netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:2015          0.0.0.0:*               LISTEN      503/expressvpnd     
tcp        0      0 127.0.0.1:38629         0.0.0.0:*               LISTEN      1389/expressvpn-age 
tcp        0      0 127.0.0.1:43569         0.0.0.0:*               LISTEN      1800/openvpn-expres 
udp        0      0 0.0.0.0:68              0.0.0.0:*                           697/dhclient        
udp        0      0 0.0.0.0:43381           0.0.0.0:*                           1800/openvpn-expres 

alfarom256

./Cutter-v1.4-x86_64.AppImage 
Setting r2 prefix = "/tmp/.mount_CutterW0QrH6/usr"  for AppImage.
Setting PYTHONHOME = "/tmp/.mount_CutterW0QrH6/usr"  for AppImage.
PYTHONHOME = "/tmp/.mount_CutterW0QrH6/usr"
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/tmp/.mount_CutterW0QrH6/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
    self.run()
  File "/tmp/.mount_CutterW0QrH6/usr/lib/python3.6/threading.py", line 864, in run
    self._target(*self._args, **self._kwargs)