rbmm rbmm
rbmm
/ gist:95e32370d22a628f83e681493d79e437
Created
May 15, 2023 13:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef OFFSETOFCLASS | |
| #define OFFSETOFCLASS(base, derived) ((ULONG)((LONG_PTR)(static_cast<base*>((derived*)MINLONG_PTR))-MINLONG_PTR)) | |
| #endif | |
| __declspec(noinline) NTSTATUS TestQuery(PVOID pv, ULONG cb, ULONG* rcb) | |
| { | |
| ULONG s = GetTickCount() ? 0x64 : 0x20; | |
| DbgPrint("API: 0x%p 0x%x | 0x%p << 0x%x\n", pv, cb, RtlOffsetToPointer(pv, cb), s); | |
| *rcb = s; | |
| if (cb < s) |
rbmm
/ gist:9a64857ff9d1f80d996c6aff6295459c
Created
May 17, 2023 12:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <ntlsa.h> | |
| VOID CheckWindowsPrivileges(DWORD PID) | |
| { | |
| if (HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, PID)) | |
| { | |
| HANDLE hToken; | |
| BOOL b = OpenProcessToken(hProcess, TOKEN_QUERY, &hToken); | |
| CloseHandle(hProcess); | |
| if (b) |
rbmm
/ gist:154da2597da2e2464c7e5e1c6126f788
Created
May 19, 2023 21:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BOOL timer_create( | |
| _Outptr_ PHANDLE phTimer, | |
| _In_ WAITORTIMERCALLBACK Callback, | |
| _In_opt_ PVOID Parameter, | |
| _In_ DWORD DueTime, | |
| _In_ DWORD Period | |
| ); | |
| void timer_release(HANDLE /*hTimer*/); |
rbmm
/ gist:0751b4e089c3f67f4e66db97244070a3
Created
May 20, 2023 16:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct DTimer | |
| { | |
| HANDLE _M_hTimer = 0; | |
| LONG _M_dwRefCount = 1; | |
| ULONG _M_n = 0; | |
| ULONG _M_dwThreadId = GetCurrentThreadId(); | |
| LONG _M_stopping = FALSE; | |
| void AddRef() | |
| { |
rbmm
/ gist:1afb0938b5cd004e7a78a6d9328d9c6a
Created
May 20, 2023 17:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define printf DbgPrint | |
| #ifndef IDC_STATIC | |
| #define IDC_STATIC 65535 // MAXUSHORT | |
| #endif | |
| struct DTimer | |
| { | |
| HANDLE _M_hTimer = 0; | |
| LONG _M_dwRefCount = 1; |
rbmm
/ gist:4789f472c196749b19b49ad0de0e6696
Created
May 22, 2023 22:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NTSTATUS ShowAuthPackage() | |
| { | |
| HANDLE hToken; | |
| NTSTATUS status = NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, &hToken); | |
| if (0 <= status) | |
| { | |
| TOKEN_STATISTICS ts; | |
| status = NtQueryInformationToken(hToken, TokenStatistics, &ts, sizeof(ts), &ts.DynamicAvailable); | |
| NtClose(hToken); |
rbmm
/ gist:f6fb914e74b5a81b448889a25e500365
Created
May 30, 2023 09:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| _NT_BEGIN | |
| NTSTATUS CreatePlaceHolder(PCWSTR lpFileName, ULONG SizeOfImage) | |
| { | |
| struct SEF : IMAGE_DOS_HEADER, IMAGE_NT_HEADERS, IMAGE_SECTION_HEADER | |
| { | |
| } y {}; |
rbmm
/ gist:649efd3f332ac38a71c0566ef0f332d0
Last active
August 15, 2023 13:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void MinimizeAll(_In_ BOOL bDialogsToo, _In_opt_ HWND hwndMy = 0) | |
| { | |
| if (HWND hwnd = FindWindowW(L"Shell_TrayWnd", 0)) | |
| { | |
| ULONG dwProcessId; | |
| if (GetWindowThreadProcessId(hwnd, &dwProcessId)) | |
| { | |
| AllowSetForegroundWindow(dwProcessId); | |
| //WCHAR name[0x100]; |
rbmm
/ gist:aec18b296956b33580c708faf7beb002
Created
August 28, 2023 07:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| сейчас у нас есть 2 формата ответов ( FAILURE / OK ) | |
| <responseHolder> | |
| <status>FAILURE</status> | |
| <error> | |
| <code>%u</code> | |
| <message>%s</message> | |
| </error> | |
| </responseHolder> |
rbmm
/ gist:251deaca25b3691b0a4a81349ad7e558
Created
August 28, 2023 23:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ************************ | |
| //++ObjectSecurity | |
| DACL: | |
| T FL AcessMsK Sid | |
| A 00 000F01FF [S-1-5-18] 'NT AUTHORITY\SYSTEM' [WellKnownGroup] | |
| A 00 00020008 [S-1-5-32-544] 'BUILTIN\Administrators' [Alias] | |
| A 00 000F01FF [S-1-5-32-544] 'BUILTIN\Administrators' [Alias] | |
| A 00 000F01FF [S-1-5-21-3349500742-45979764-2889026240-500] 'AAA\Administrator' [User] | |
| A 00 000F01FF [S-1-5-21-3349500742-45979764-2889026240-1109] 'AAA\Kelly' [User] | |
| LABEL: |
OlderNewer