markhc markhc
🏠
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cmake_minimum_required (VERSION 3.12) | |
| # not strictly needed, but it helps when you forget to pass the CMAKE_TOOLCHAIN_FILE as argument to cmake | |
| if(DEFINED ENV{VCPKG_ROOT} AND NOT DEFINED CMAKE_TOOLCHAIN_FILE) | |
| set(CMAKE_TOOLCHAIN_FILE | |
| "$ENV{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" | |
| CACHE STRING "") | |
| endif() | |
| project(cmake_example CXX) |
markhc
/ SafeFileHandle.hpp
Last active
June 18, 2019 20:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "SafeHandles/SafeHandle.hpp" | |
| #include "windows.hpp" | |
| class SafeFileHandle // | |
| : public SafeHandle<INVALID_HANDLE_VALUE> // | |
| { | |
| public: | |
| SafeFileHandle(void* handle) | |
| : SafeHandle(handle, &SafeFileHandle::deleter) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "Lexer.hpp" | |
| namespace sage | |
| { | |
| namespace detail | |
| { | |
| // ---------------------------------------------------------------------------- | |
| inline char getCharAndAdvance(const char*& ptr) | |
| { | |
| return *ptr++; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NTSTATUS KapFindKernelPattern( | |
| _In_ PUCHAR Pattern, | |
| _In_ PUCHAR Mask, | |
| _In_ ULONG PatternLength, | |
| _Out_ PVOID* Result | |
| ) | |
| { | |
| PIMAGE_NT_HEADERS NtHeaders; | |
| PIMAGE_SECTION_HEADER FirstSection; | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #pragma once | |
| #include <cstdint> | |
| #include <array> | |
| #include <string> | |
| template<typename T, uint32_t D> | |
| class vec | |
| { | |
| public: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *.yazzn { | |
| box-sizing: border-box; | |
| } | |
| @media screen and (min-width: 999px) { | |
| code.hljs.javascript { | |
| border-radius: 5px; | |
| max-width: 640px; | |
| max-width: calc(100vw - 347px); | |
| max-height: 700px; |
markhc
/ get_handle.cpp
Created
August 2, 2016 03:00
Uses enumerate_handles from https://gist.github.com/MarkHC/902a13d4b8eab5f2421c13e27003b180
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HANDLE get_handle_to_process(LPWSTR process) | |
| { | |
| HANDLE hProcess = NULL; | |
| enumerate_handles([&](PSYSTEM_HANDLE_TABLE_ENTRY_INFO handle) { | |
| if(GetCurrentProcessId() != handle->UniqueProcessId) return STATUS_UNSUCCESSFUL; | |
| BOOL found = FALSE; | |
| PVOID buffer = NULL; |
markhc
/ enumeration.cpp
Created
August 2, 2016 02:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NTSTATUS enumerate_handles(ENUM_HANDLE_CALLBACK callback) | |
| { | |
| NTSTATUS status = STATUS_UNSUCCESSFUL; | |
| PVOID buffer = NULL; | |
| ULONG bufferSize = 0; | |
| do { | |
| status = NtQuerySystemInformation((SYSTEM_INFORMATION_CLASS)16/*SystemHandleInformation*/, buffer, bufferSize, &bufferSize); | |
| if(!NT_SUCCESS(status)) { | |
| if(status == STATUS_INFO_LENGTH_MISMATCH) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <Psapi.h> | |
| #include <ntstatus.h> | |
| #include <cstdint> | |
| #include <functional> | |
| #include <Shlwapi.h> | |
| #include <winternl.h> | |
| #pragma comment(lib, "ntdll.lib") | |
| #pragma comment(lib, "Shlwapi.lib") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NTSTATUS RDrvAddToInvertedFunctionTable( | |
| VOID | |
| ) | |
| { | |
| NTSTATUS status = STATUS_SUCCESS; | |
| PRTL_INVERTED_FUNCTION_TABLE pInvertedFunctionTable; | |
| CONST UCHAR szPattern[] = "\x89\x74\xCD\x20"; | |
| CONST UCHAR szMask[] = "xxxx"; | |
| status = RDrvGetKernelInfo(NULL, NULL); //Find kernel base & size |