rbmm rbmm
rbmm
/ gist:3e584c9fc91882a6c3079d05cb6a432d
Created
June 26, 2025 21:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define SHORT_SIZE (sizeof(USHORT)) | |
| #define SHORT_MASK (SHORT_SIZE - 1) | |
| #define LONG_SIZE (sizeof(LONG)) | |
| #define LONGLONG_SIZE (sizeof(LONGLONG)) | |
| #define LONG_MASK (LONG_SIZE - 1) | |
| #define LONGLONG_MASK (LONGLONG_SIZE - 1) | |
| #define LOWBYTE_MASK 0x00FF | |
| #define FIRSTBYTE(VALUE) ((VALUE) & LOWBYTE_MASK) | |
| #define SECONDBYTE(VALUE) (((VALUE) >> 8) & LOWBYTE_MASK) |
rbmm
/ gist:e4539c739464550e0b456c1e3d7903a2
Created
June 26, 2025 14:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ucrtbase.dll | |
| // 10.0.26100.1591 | |
| // setlocale=English_United States.utf8 | |
| ftest(L"test_utf8_文件.txt"); | |
| const VS_FIXEDFILEINFO* GetFileVersion(PVOID ImageBase); | |
| void ftest(PCWSTR pcwz) |
rbmm
/ gist:d1020b728793824d57a5a3102c3fa459
Created
May 21, 2025 13:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void GetCentennialNotepadAppExecutionAliasPath(PWSTR path, int cch) | |
| { | |
| PWSTR pszPath = 0; | |
| SHGetKnownFolderPath(FOLDERID_LocalAppData, 0, 0, &pszPath); | |
| StringCchCatW(path, cch, pszPath); | |
| StringCchCatW(path, cch, L"\\Microsoft\\WindowsApps\\Microsoft.WindowsNotepad_8wekyb3d8bbwe\\notepad.exe"); | |
| if (pszPath) CoTaskMemFree(pszPath); | |
| } |
rbmm
/ gist:aef5c8344a8b2686cd7398ade0db0fdd
Created
April 27, 2025 01:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| NTSTATUS CreatePipePair(_Out_ PHANDLE phServerPipe, | |
| _Out_ PHANDLE phClientPipe, | |
| _In_ ULONG ClientOptions = FILE_SYNCHRONOUS_IO_NONALERT, | |
| _In_ ULONG ServerOptions = 0) | |
| { | |
| HANDLE hFile; | |
| IO_STATUS_BLOCK iosb; |
rbmm
/ gist:2b6a788b5d767520c09878e7028a2d8e
Created
February 18, 2025 17:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PsSetCreateProcessNotifyRoutineEx=0 | |
| PsSetLoadImageNotifyRoutine=0 | |
| 00001 17:38:07 + 13ac(sc.exe) 00007FFEEDED0000{1a000} u \Device\HarddiskVolume9\Windows\System32\kernel.appcore.dll | |
| (::)C:\WINDOWS\SYSTEM32\kernel.appcore.dll | |
| 00002 17:38:07 + 13ac(sc.exe) 00007FFEEFB20000{a9000} u \Device\HarddiskVolume9\Windows\System32\msvcrt.dll | |
| (::)C:\WINDOWS\System32\msvcrt.dll | |
| 1 13ac exit [1]13ac(sc.exe) ================ | |
| 00003 17:38:07 b58(cmd.exe) 00007FFEEDED0000{1a000} u \Device\HarddiskVolume9\Windows\System32\kernel.appcore.dll | |
| (::)C:\WINDOWS\SYSTEM32\kernel.appcore.dll |
rbmm
/ gist:aeb4d3ed288995fcdee6d72763057c56
Created
February 18, 2025 16:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| EXTERN_C_START | |
| NTSYSAPI | |
| NTSTATUS | |
| NTAPI | |
| RtlPrepareForProcessCloning(); | |
| NTSYSAPI | |
| NTSTATUS | |
| NTAPI |
rbmm
/ gist:3d09b53bc3d85523c1a91a326969d06b
Created
February 10, 2025 14:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <ntnls.h> | |
| NTSTATUS MakeProcessUTF8(PVOID hmod, PVOID BaseAddress, SIZE_T ViewSize) | |
| { | |
| UINT AnsiCodePage = GetACP(); | |
| PIMAGE_NT_HEADERS pinth; | |
| NTSTATUS status = RtlImageNtHeaderEx(0, BaseAddress, ViewSize, &pinth); | |
| if (0 > status) | |
| { |
rbmm
/ gist:b0bcd7eb381b84b7616100d79719595b
Created
February 10, 2025 14:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define RTL_USER_PROC_UTF8_PROCESS 0x08000000 | |
| NTSTATUS SetPtocessUtf8(HANDLE hProcess) | |
| { | |
| PROCESS_BASIC_INFORMATION pbi; | |
| _RTL_USER_PROCESS_PARAMETERS* ProcessParameters; | |
| ULONG Flags; | |
| NTSTATUS status; | |
| 0 <= (status = NtQueryInformationProcess(hProcess, ProcessBasicInformation, &pbi, sizeof(pbi), 0)) && |
rbmm
/ gist:ffc9125a8f1d3e2536071fa8cd7486b4
Last active
February 6, 2025 17:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct IDriverInstallStatusNotify | |
| { | |
| virtual HRESULT STDMETHODCALLTYPE Notify(ULONG s) | |
| { | |
| __debugbreak(); | |
| DbgPrint("Notify(%x)\n", s); | |
| return S_OK; | |
| } | |
| }; |
rbmm
/ gist:4ce18b4fe82f9c5d8187f00658c9dc13
Created
February 5, 2025 21:26
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1>------ Build started: Project: prepare, Configuration: Release x64 ------ | |
| 1>stdafx.cpp | |
| 1>Note: including file: C:\Users\Harry\Documents\GitHub\SC_DEMO\prepare\stdafx.h | |
| 1>Note: including file: C:\Users\Harry\Documents\GitHub\SC_DEMO\pnth\pch.h | |
| 1>Note: including file: C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\km\crt\stdlib.h | |
| 1>Note: including file: C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\km\crt\crtdefs.h | |
| 1>Note: including file: C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\shared\specstrings.h | |
| 1>Note: including file: C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\shared\sal.h | |
| 1>Note: including file: C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\shared\concurrencysal.h | |
| 1>Note: including file: C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\shared\specstrings_strict.h |
NewerOlder