This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Alloc2Test.cpp : This file contains the 'main' function. Program execution begins and ends there. | |
| // | |
| #include <iostream> | |
| #include <Windows.h> | |
| #include <string> | |
| #include <assert.h> | |
| static inline char* AlignUpwards(const char* stack, size_t align) { |
stevemk14ebr
/ stpgetargtype_dump.json
Created
April 11, 2021 18:15
DTrace's StpGetArgType accesses a metadata table that stores complete arg type information for every syscall.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| [ | |
| "NtLockProductActivationKeys", | |
| [ | |
| "UInt32 *", | |
| "UInt32 *" | |
| ] | |
| ], | |
| [ | |
| "NtLockProductActivationKeys", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Parses .apiset PE section for apiset forwarder dlls | |
| // From: https://lucasg.github.io/2017/10/15/Api-set-resolution/ | |
| // which itself uses Alex Ionescu's documented structures (at least in part) | |
| //------------------------------------------------ | |
| //--- 010 Editor v8.0 Binary Template | |
| // | |
| // File: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| template<typename Func> | |
| class imp_defer_obj { | |
| public: | |
| imp_defer_obj(Func f) : FinalActionFunc(f) {} | |
| ~imp_defer_obj() { | |
| FinalActionFunc(); | |
| } | |
| private: | |
| Func FinalActionFunc; | |
| }; |
stevemk14ebr
/ MultiThreadAllSubStrings
Last active
December 15, 2020 19:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| moodycamel::ConcurrentQueue<std::wstring> worker_queue; | |
| std::wstring ascii = L"abcdefghijklmnopqrstuvwxyz._-0123456789"; | |
| void handle_comb() | |
| { | |
| while (true) { | |
| std::wstring attempt; | |
| if (!worker_queue.try_dequeue(attempt)) { | |
| continue; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Created with ReClass.NET 1.2 by KN4CK3R | |
| class VFunc_Min8 // this is found at first virtual function - sizeof(void*) | |
| { | |
| public: | |
| class RTTICompleteObjectLocator *m_RTTICompleteObjectLocator; //0x0000 | |
| }; //Size: 0x0004 | |
| class RTTICompleteObjectLocator | |
| { |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NAME:AACMFTEncoder VALUE:93af0c51-2275-45d2-a35b-f2ba21caed00 | |
| NAME:ACPI_PLD_CONTAINER_BUFFER_GUID VALUE:c02fa109-6a82-4188-9f66-b190ba62db49 | |
| NAME:ACPI_PLD_INTERFACE_CLASS_BUFFER_GUID VALUE:1facec76-96a8-4d9e-846e-3a6d687c32fc | |
| NAME:ACPI_PLD_INTERFACE_INSTANCE_ANSI_BUFFER_GUID VALUE:1facea4b-da66-484c-ba5b-5127e05f95b2 | |
| NAME:ACPI_PLD_INTERFACE_INSTANCE_GUID_BUFFER_GUID VALUE:1face9db-2530-4248-8ee3-51053aef47c2 | |
| NAME:ACPI_PLD_INTERFACE_INSTANCE_UNICODE_BUFFER_GUID VALUE:1face3f6-1a60-4686-9833-ec8402d43b04 | |
| NAME:ACPI_PLD_JOINT_BUFFER_GUID VALUE:f01cfc40-3c75-4523-9e44-215cb154bda6 | |
| NAME:ACPI_PLD_SPATIAL_BUFFER_GUID VALUE:59af1a1f-aba4-4bb8-81ef-55938e9bc53a | |
| NAME:ADDON_DISABLE_EVENT VALUE:09010002-0204-0002-0000-000000000080 | |
| NAME:ADDON_ENABLE_EVENT VALUE:09010001-0104-0001-0000-000000000080 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Do this: https://web.archive.org/web/20200909020002/https://blahcat.github.io/2018/01/07/building-a-debian-stretch-qemu-image-for-aarch64/ | |
| # Mount qcow2 via this instead of qemu-nbd: | |
| # qemu-img convert -f qcow2 image.qcow2 -O raw image_raw.raw | |
| # sudo losetup /dev/loop0 image_raw.raw | |
| # sudo kpartx -a /dev/loop0 | |
| # sudo mkdir /mnt/image && sudo mount /dev/mapper/loop0p1 /mnt/image | |
| qemu-system-aarch64 -smp 2 -M virt -cpu cortex-a57 -m 1G \ | |
| -initrd initrd.img-4.19.0-10-arm64 \ | |
| -kernel vmlinuz-4.19.0-10-arm64 \ |
stevemk14ebr
/ Win Apis
Created
August 24, 2020 00:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef DWORD(__stdcall* GetEffectiveRightsFromAclA)(PACL pacl, PTRUSTEE_A pTrustee, PACCESS_MASK pAccessRights); | |
| typedef DWORD(__stdcall* GetEffectiveRightsFromAclW)(PACL pacl, PTRUSTEE_W pTrustee, PACCESS_MASK pAccessRights); | |
| typedef DWORD(__stdcall* GetAuditedPermissionsFromAclA)(PACL pacl, PTRUSTEE_A pTrustee, PACCESS_MASK pSuccessfulAuditedRights, PACCESS_MASK pFailedAuditRights); | |
| typedef DWORD(__stdcall* GetAuditedPermissionsFromAclW)(PACL pacl, PTRUSTEE_W pTrustee, PACCESS_MASK pSuccessfulAuditedRights, PACCESS_MASK pFailedAuditRights); | |
| typedef DWORD(__stdcall* SetNamedSecurityInfoA)(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl); | |
| typedef DWORD(__stdcall* SetNamedSecurityInfoW)(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl); | |
| typedef DWORD(__stdcall* SetSecurityInfo)(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMAT |
stevemk14ebr
/ CommonFunctionPads.json
Last active
March 29, 2024 10:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // From Sok Data: https://arxiv.org/ftp/arxiv/papers/2007/2007.14266.pdf | |
| // This is an occurance count. For 53 binaries in various compiler modes how many functions where padded with sequence XXX | |
| { | |
| "cl_m32_O1": { | |
| "cc": 553, | |
| "cccc": 306, | |
| "cccccc": 529, | |
| "cccccccc": 165, | |
| "6666666666660f1f840000000000": 6, | |
| "90": 468, |