Ilja van Sprundel iljavs
iljavs
/ getsubsystem.c
Last active
July 14, 2020 20:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #define BYTE unsigned char | |
| #define WORD unsigned short | |
| #define DWORD unsigned int | |
| #define LONG long | |
| #define ULONGLONG unsigned long long | |
| #define IMAGE_FILE_MACHINE_I386 0x014c |
iljavs
/ cpuRateCtl.c
Created
July 15, 2020 12:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| int main(int argc, char **argv){ | |
| if (argc < 3) { | |
| printf("<pid> <percentage> arguments required\n"); | |
| exit(0); | |
| } |
iljavs
/ CreateProcess.c
Last active
July 16, 2020 21:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| int main(){ | |
| STARTUPINFOW su; | |
| PROCESS_INFORMATION pi; | |
| memset(&su, 0x00, sizeof(su)); | |
| memset(&pi, 0x00, sizeof(pi)); | |
| su.cb = sizeof(su); |
iljavs
/ PrimesThread.cpp
Created
July 16, 2020 07:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <time.h> | |
| #define PRIME_DEFAULT_SIZE 64 | |
| #define DEFAULT_MAX 4000000 | |
| typedef struct _prime { | |
| ULONG start; | |
| ULONG range; |
iljavs
/ MaxHandles.c
Last active
July 16, 2020 15:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| int main() { | |
| DWORD hcount = 0; | |
| int end = 0; | |
| printf("starting handle loop (this could take a while) "); | |
| fflush(stdout); | |
| while (!end) { | |
| if (!(hcount % 10000)) { |
iljavs
/ SysModInfo.c
Last active
July 19, 2020 18:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #include <ntstatus.h> | |
| #define SystemModuleInformation 0x0b | |
| typedef struct SYSTEM_MODULE { | |
| PVOID Reserved1; | |
| PVOID Reserved2; | |
| PVOID ImageBase; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void hexdump(unsigned char *data, size_t size) { | |
| char ascii[17] = {0}; | |
| size_t i; | |
| for (i = 0; i < size; ++i) { | |
| unsigned char c = data[i]; | |
| size_t next = i+1; | |
| printf("%02X ", c); | |
| ascii[i % 16] = isprint(c) ? c : '.'; | |
| if (next % 8 == 0 || next == size) { |
iljavs
/ ProcReveal.c
Created
October 15, 2020 16:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <ntddk.h> | |
| #include <windef.h> | |
| #define DEVNAME L"\\Device\\ProcReveal" | |
| #define LINKNAME L"\\??\\ProcReveal" | |
| #define IOCTL_OPEN_PROCESS CTL_CODE(FILE_DEVICE_UNKNOWN , 1, METHOD_NEITHER, FILE_ANY_ACCESS) | |
| void PrUnload(PDRIVER_OBJECT DriverObject) { | |
| NTSTATUS status; |
iljavs
/ ProcGet.cpp
Created
October 15, 2020 16:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ProcGet.cpp : This file contains the 'main' function. Program execution begins and ends there. | |
| // | |
| #include <Windows.h> | |
| #include <stdio.h> | |
| #include <psapi.h> | |
| #define IOCTL_OPEN_PROCESS CTL_CODE(FILE_DEVICE_UNKNOWN , 1, METHOD_NEITHER, FILE_ANY_ACCESS) | |
| int main(int argc, char **argv) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <ntddk.h> | |
| #define SIMPLE_TAG 'pmis' | |
| void* p; | |
| void SimpleUnload(PDRIVER_OBJECT DriverObject) { | |
| UNREFERENCED_PARAMETER(DriverObject); | |
| DbgPrint("SimpleUnload called \n"); |
OlderNewer