Skip to content

Instantly share code, notes, and snippets.

View illnyang's full-sized avatar
🪶
blissful

Illyan Garte illnyang

🪶
blissful
42 followers · 167 following
  • traversing the 7 seas
View GitHub Profile
@Fonger
Fonger / HideModule.cpp
Last active September 6, 2024 15:43
Hide DLL ( 32bit and 64bit support)
#include "stdafx.h"
#include "HideModule.h"
std::vector<UNLINKED_MODULE> UnlinkedModules;
void RelinkModuleToPEB(HMODULE hModule)
{
std::vector<UNLINKED_MODULE>::iterator it = std::find_if(UnlinkedModules.begin(), UnlinkedModules.end(), FindModuleHandle(hModule));
if (it == UnlinkedModules.end())
@serge-sans-paille
serge-sans-paille / Accessing llvm.global.annotations
Last active May 17, 2023 18:03
if(GlobalVariable* GA = M.getGlobalVariable("llvm.global.annotations")) {
// the first operand holds the metadata
for (Value *AOp : GA->operands()) {
// all metadata are stored in an array of struct of metadata
if (ConstantArray *CA = dyn_cast<ConstantArray>(AOp)) {
// so iterate over the operands
for (Value *CAOp : CA->operands()) {
// get the struct, which holds a pointer to the annotated function
// as first field, and the annotation as second field
if (ConstantStruct *CS = dyn_cast<ConstantStruct>(CAOp)) {
@Cr4sh
Cr4sh / WoW64_call.cpp
Created May 22, 2014 19:33
WoW64 Heaven's Gate
#include "stdafx.h"
#define DB(_val_) __asm __emit (_val_)
#define INVALID_SYSCALL (DWORD)(-1)
// code selectors
#define CS_32 0x23
#define CS_64 0x33
@azadkuh
azadkuh / dll2lib.md
Last active February 17, 2023 13:47
extract the *.lib from a *.dll in Win32

extract *.lib from *.dll

do the following steps:

1. exports

extract the functions and classes in *.dll by:
$> dumpbin.exe /exports libsample.dll /out:libsample.def

2. function names