sbtoonz
sbtoonz
/ gist:7fdf67ebcf941e057836165cf1acf734
Created
February 15, 2023 17:27
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # List distributed by iblocklist.com | |
| China Internet Information Center (CNNIC):1.2.4.0-1.2.4.255 | |
| China Internet Information Center (CNNIC):1.2.8.0-1.2.8.255 | |
| Botnet on Telekom Malaysia:1.9.96.105-1.9.96.105 | |
| Botnet on Telekom Malaysia:1.9.102.251-1.9.102.251 | |
| Botnet on Telekom Malaysia:1.9.106.186-1.9.106.186 | |
| Korea Internet & Security Agency (KISA) - IPv6 Policy:1.16.0.0-1.19.255.255 | |
| Botnet on FPT Telecom:1.55.241.140-1.55.241.140 | |
| AP2P on China Unicom Heilongjiang proxy:1.58.181.97-1.58.181.97 |
sbtoonz
/ detect_dll_hijack.cpp
Created
November 18, 2022 21:29
— forked from veil-ivy/detect_dll_hijack.cpp
detect dll hijacking attempts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #include <iostream> | |
| LPVOID original_func = NULL; | |
| PIMAGE_IMPORT_DESCRIPTOR import_descriptor = NULL; | |
| const wchar_t* back = L"\\"; | |
| wchar_t current_directory[MAX_PATH]; | |
| typedef HMODULE(WINAPI * loadlibrary_def)( | |
| LPCWSTR lpLibFileName |
sbtoonz
/ block_create_process.cpp
Created
November 18, 2022 21:28
— forked from veil-ivy/block_create_process.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <ntddk.h> | |
| #define BLOCK_PROCESS "notepad.exe" | |
| static OB_CALLBACK_REGISTRATION obcallback_registration; | |
| static OB_OPERATION_REGISTRATION oboperation_callback; | |
| #define PROCESS_CREATE_THREAD (0x0002) | |
| #define PROCESS_CREATE_PROCESS (0x0080) | |
| #define PROCESS_TERMINATE (0x0001) | |
| #define PROCESS_VM_WRITE (0x0020) | |
| #define PROCESS_VM_READ (0x0010) | |
| #define PROCESS_VM_OPERATION (0x0008) |
sbtoonz
/ [1] Description
Created
November 14, 2022 01:43
— forked from Little-Ki/[1] Description
[Code] [Kernel] ObRegisterCallbacks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // The ObRegisterCallbacks routine registers a list of callback routines for thread, process, and desktop handle operations. | |
| // This function is a most public method used by anti cheat / anti virus software. | |
| // Offical document: | |
| // https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-obregistercallbacks | |
| // Function syntax: | |
| // NTSTATUS ObRegisterCallbacks( | |
| // POB_CALLBACK_REGISTRATION CallbackRegistration, | |
| // PVOID *RegistrationHandle |
sbtoonz
/ ARK Signatures
Created
November 14, 2022 01:41
Signatures for ARK gworld and gobject and gname
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bool InitSdk() | |
| { | |
| //E8 ? ? ? ? 48 89 1D ? ? ? ? 48 8B C3 48 8B 5C 24 ? 48 83 C4 28 C3 48 8B 5C 24 ? | |
| auto GNamePat = FindPattern("E8 ? ? ? ? 48 89 1D ? ? ? ? 48 8B C3 48 8B 5C 24 ? 48 83 C4 28 C3 48 8B 5C 24 ?"); | |
| if (GNamePat == nullptr)return false; | |
| auto GNamesAddress = *reinterpret_cast<uint32_t*>(GNamePat + 8); | |
| uintptr_t GName = (DWORD64)(GNamePat + 12 + GNamesAddress); | |
| FName::GNames = reinterpret_cast<CG::TNameEntryArray*>(GName); | |
| auto GObjectPat = FindPattern("48 89 74 24 ? 48 89 74 24 ? E8 ? ? ? ? 48 8B 4C 24 ? F2 0F 10 05 ? ? ? ? F2 0F 11 01 8B 05 ? ? ? ? 89 41 08 0F B7 05 ? ? ? ?"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using UnityEngine; | |
| namespace Closure | |
| { | |
| public class ConsoleToGui : MonoBehaviour | |
| { | |
| //#if !UNITY_EDITOR | |
| static string myLog = ""; | |
| private string output; | |
| private string stack; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using UnityEngine; | |
| namespace Closure.Hit_Hurtbox { | |
| [Serializable] | |
| public class HitData | |
| { | |
| public int damage; | |
| public Vector3 hitPoint; | |
| public Vector3 hitNormal; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using BepInEx; | |
| using HarmonyLib; | |
| using UnityEngine; | |
| using System.Linq; | |
| using System.Collections.Generic; | |
| namespace ShaderAnalysis | |
| { | |
| [BepInPlugin(ID, title, version)] |