Daax daaximus
🎉
daaximus
/ windows-11-ioctls.cpp
Last active
February 25, 2026 22:15
Windows 11 26100 All IOCTL List
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; ioctl codes extracted | |
| ; daax (2026) -- win 11 26100 | |
| ; | |
| #pragma once | |
| #include <stdint.h> | |
| typedef struct _ioctl_t { | |
| const char* ioctl_name; |
daaximus
/ gist:f920abae5286d23ddc5817998838003b
Created
February 23, 2026 05:04
Windows 11 24H2 (26100.4484) Feature IDs
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generated by Daax | |
| # | |
| Feature_TestConfNum=54237951 ; ref(s): UIEOrchestrator.exe | |
| Feature_TestGateImp=54237988 ; ref(s): SIHClient.exe | |
| Feature_0f8498a613ff4665910f9f73646d48f0=49402909 ; ref(s): wdc.dll | |
| Feature_0f8498a613ff4665910f9f73646d48f1=50228026 ; ref(s): wdc.dll | |
| Feature_1045439803=55954065 ; ref(s): mprapi.dll | |
| Feature_1078995259=55986830 ; ref(s): MFMediaEngine.dll | |
| Feature_1089498424=55009870 ; ref(s): dwmapi.dll, uDWM.dll, win32kbase.sys |
daaximus
/ show_imported_module.py
Created
February 16, 2026 00:37
IDA Pro 9.x Plugin to comment where an API is imported from
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi | |
| import idc | |
| class import_lib_commenter(idaapi.plugin_t): | |
| flags = 0 | |
| comment = "comment the import module for the __imp_ entries" | |
| help = "" | |
| wanted_name = "import_lib_commenter" | |
| wanted_hotkey = "Shift+L" |
daaximus
/ Windows 10 22H2 (19045.6466) Feature IDs
Last active
January 24, 2026 20:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generated by Daax (1.23.2026) | |
| # | |
| Feature_1006150970=58040528 ; ref(s): wuceffects.dll | |
| Feature_104367419=58577055 ; ref(s): lsm.dll | |
| Feature_1047043387=58442897 ; ref(s): wpncore.dll | |
| Feature_1055183162=57206737 ; ref(s): negoexts.dll | |
| Feature_1078506808=57756750 ; ref(s): aadcloudap.dll, cloudAP.dll | |
| Feature_1083755833=57636878 ; ref(s): Windows.UI.Xaml.Maps.dll | |
| Feature_1084499257=55932686 ; ref(s): urlmon.dll |
daaximus
/ symcache.ps1
Created
September 1, 2025 14:06
symcache - recurse and dump all windbg symbols for a given directory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # probably exists in a better form; but script is useful for caching OS modules based on major OS version/build and file | |
| # hash. intended to make life easier, ymmv. | |
| # | |
| # .\symcache.ps1 -src "C:\Windows\System32\drivers" -dst "X:\Windows\drivers" | |
| # ^^ This will copy and organize the bins in the subdirectory and recurse through all subdirectories, and then download | |
| # the symbols if they are available. | |
| # | |
| # - daax | |
| param( |
daaximus
/ working_set_peb_search.cpp
Last active
July 26, 2025 08:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // author: daax | |
| // 0x4a65 = 19045 (windows version) | |
| int main() | |
| { | |
| PSAPI_WORKING_SET_INFORMATION* w = ( PSAPI_WORKING_SET_INFORMATION* ) malloc( 1 << 20 ); | |
| QueryWorkingSet( GetCurrentProcess(), w, 1 << 20 ); | |
| for ( u32 i = 0; i < w->NumberOfEntries; i++ ) | |
| if ( ( w->WorkingSetInfo[ i ].Flags & 31 ) == 4 ) | |
| for ( u8* p = ( u8* ) ( ( w->WorkingSetInfo[ i ].Flags >> 12 ) << 12 ), |
daaximus
/ expmod.cpp
Last active
May 5, 2025 17:16
A simple utility for modifying/adding exports to a PE file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <iostream> | |
| #include <fstream> | |
| #include <string> | |
| #include <vector> | |
| #include <ctime> | |
| #include <memory> | |
| #include <optional> | |
| #include <random> | |
| #include <string_view> |
daaximus
/ memeloggerv2.cpp
Last active
January 16, 2025 06:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Compiled with LLVM clang-cl in VS2022, latest-working draft c/++ | |
| // no ifs ands or buts keylogger (@https://x.com/vxunderground/status/1879395134321954958) | |
| // updated with RYO if-else construct | |
| // v1 using ternary+logical-and+comma: https://gist.github.com/daaximus/1f6125f0e7da3072bc7e8a403245ef1b | |
| // | |
| #define _CRT_SECURE_NO_WARNINGS | |
| #include <cstdint> | |
| #include <windows.h> | |
| #include <stdio.h> |
daaximus
/ valorant_gamer_capture3000.cpp
Last active
May 5, 2025 17:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <gdiplus.h> | |
| #include <string> | |
| #include <iostream> | |
| #include <fstream> | |
| using namespace Gdiplus; | |
| #pragma comment (lib,"Gdiplus.lib") | |
| int get_encoder_clsid( const WCHAR* format, CLSID* clsid ) |
daaximus
/ dump_exports_ntoskrnl_example.py
Created
May 9, 2023 01:21
Dump all exports and their prototypes if available (IDAPython)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idautils | |
| import idaapi | |
| import idc | |
| def get_func_prototype(ea): | |
| tinfo = idaapi.tinfo_t() | |
| if idaapi.get_tinfo(tinfo, ea): | |
| return idaapi.print_tinfo("", 0, 0, idaapi.PRTYPE_1LINE, tinfo, "", "") | |
| else: | |
| return None |
NewerOlder