rbmm

void ght(PCWSTR lpMachineName)
{
	HKEY hKey, hk;
	if (NOERROR == RegConnectRegistry(lpMachineName, HKEY_USERS, &hKey))
	{
		ULONG i = 0;
		WCHAR name[SECURITY_MAX_SID_STRING_CHARACTERS + 32];
		ULONG cch;
		LONG status;
		while (ERROR_NO_MORE_ITEMS != (status = RegEnumKeyExW(hKey, i++, name, &(cch = SECURITY_MAX_SID_STRING_CHARACTERS), 0, 0, 0, 0)))

rbmm

NTSTATUS CreateMountPoint(POBJECT_ATTRIBUTES poa, PCWSTR SubstituteName, PCWSTR PrintName)
{
	NTSTATUS status = STATUS_INTERNAL_ERROR;
	PREPARSE_DATA_BUFFER prdb = 0;
	int len = 0;
	PWSTR PathBuffer = 0;
	ULONG cb = 0;

	while (0 < (len = _snwprintf(PathBuffer, len, L"%ws%c%ws", SubstituteName, 0, PrintName)))
	{

rbmm

NTSTATUS CreateMountPoint(POBJECT_ATTRIBUTES poa, PCWSTR SubstituteName, PCWSTR PrintName)
{
	NTSTATUS status = STATUS_INTERNAL_ERROR;
	PREPARSE_DATA_BUFFER prdb = 0;
	int len = 0;
	PWSTR PathBuffer = 0;
	ULONG cb = 0;

	while (0 < (len = _snwprintf(PathBuffer, len, L"%ws%c%ws", SubstituteName, 0, PrintName)))
	{

rbmm

inline HANDLE fixH(HANDLE hFile)
{
	return hFile == INVALID_HANDLE_VALUE ? 0 : hFile;
}

NTSTATUS CreateMountPoint(PCWSTR pszFileName, PCWSTR SubstituteName, PCWSTR PrintName)
{
	NTSTATUS status = STATUS_INTERNAL_ERROR;
	PREPARSE_DATA_BUFFER prdb = 0;
	int len = 0;

rbmm

NTSTATUS CreateReparse(ULONG ReparseTag, PCWSTR pszFileName, PCWSTR SubstituteName, PCWSTR PrintName)
{
	NTSTATUS status;
	PREPARSE_DATA_BUFFER prdb = 0;
	int len = 0;
	PWSTR PathBuffer = 0;
	ULONG cb = 0;

	UNICODE_STRING ObjectName;

rbmm

NTSTATUS CreateReparse(PCWSTR pszFileName, PCWSTR SubstituteName, PCWSTR PrintName)
{
	NTSTATUS status;
	PREPARSE_DATA_BUFFER prdb = 0;
	int len = 0;
	PWSTR PathBuffer = 0;
	ULONG cb = 0;

	while (0 < (len = _snwprintf(PathBuffer, len, L"%ws%c%ws", SubstituteName, 0, PrintName)))
	{

rbmm

BOOL InternalDeleteFileW(_In_ PCWSTR lpFileName)
{
	union {
		FILE_ATTRIBUTE_TAG_INFORMATION attr;
		FILE_DISPOSITION_INFORMATION_EX fdi;
	};

	UNICODE_STRING ObjectName;
	NTSTATUS status = RtlDosPathNameToNtPathName_U_WithStatus(lpFileName, &ObjectName, 0, 0);

rbmm

C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
------------------------------------------------
KernelBase.dll!CreateProcessInternalW
KernelBase.dll!CreateProcessAsUserW + 63
kernel32.dll!CreateProcessAsUserW + 60
rpcss.dll!long CClassData::PrivilegedLaunchRunAsServer(CToken *,int,unsigned long,unsigned long,unsigned long,unsigned short *,unsigned __int64,unsigned __int64,unsigned __int64,tagBLOB *,_GUID const *,void *,tagBLOB *,void *,void *,void *,void * *,void *
rpcss.dll!<lambda_489b516486e6fe272c46d0ac0b2bfda9>::operator() + 2ff
rpcss.dll!_LaunchWinRTRunAsServer + 1c3
rpcrt4.dll!Invoke + 73
rpcrt4.dll!NdrStubCall2 + 30d

rbmm

long BinToBase64(const unsigned char* data, unsigned cb, char* encoded_string, unsigned * plen, unsigned line = 76)
{
	static const char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

	if (!cb)
	{
		return STATUS_INVALID_PARAMETER;
	}

	int z = 0, len = *plen;

rbmm

#define SHORT_SIZE  (sizeof(USHORT))
#define SHORT_MASK  (SHORT_SIZE - 1)
#define LONG_SIZE       (sizeof(LONG))
#define LONGLONG_SIZE   (sizeof(LONGLONG))
#define LONG_MASK       (LONG_SIZE - 1)
#define LONGLONG_MASK   (LONGLONG_SIZE - 1)
#define LOWBYTE_MASK 0x00FF

#define FIRSTBYTE(VALUE)  ((VALUE) & LOWBYTE_MASK)
#define SECONDBYTE(VALUE) (((VALUE) >> 8) & LOWBYTE_MASK)