Skip to content

Instantly share code, notes, and snippets.

View wbenny's full-sized avatar

Petr Beneš wbenny

825 followers · 14 following
View GitHub Profile
@wbenny
wbenny / race.cpp
Created January 3, 2016 04:06
#include <iostream>
#include <thread>
#include <cstdlib>
#include <cstdint>
#include <cinttypes>
static uint64_t win = 0;
static uint64_t loss = 0;
void thread_printer()
@wbenny
wbenny / nt_syscalls.md
Last active September 16, 2024 22:11
Windows syscall stubs

Windows system calls

...by stub

x86

Windows XP

B8 ?? ?? ?? ??                mov     eax, ??
BA 00 03 FE 7F                mov     edx, 7FFE0300h
@wbenny
wbenny / install-virtualbox-dependencies.sh
Last active February 12, 2017 21:55
Installs packages required to build a VirtualBox
#
# Tested on freshly installed Ubuntu 16.04 (amd64)
# with VirtualBox 5.1.14 code base.
#
#
# Note:
# After a build, there was VBoxDD.so file missing in the
# out/linux.amd64/release/bin folder.
# The file is located in the out/linux.amd64/release/obj/VBoxDD folder,
@wbenny
wbenny / vmcs_field_encoding.md
Last active December 11, 2020 10:04
VMCS field encoding

VMCS field encoding

Values of VMCS fields are encoded as per section VMREAD, VMWRITE, and Encodings of VMCS Field (24.11.2, Intel Manual Volume 3C - May 2018).

This encoding can be transcribed into C:

union vmcs_component_encoding
{
 struct
@wbenny
wbenny / TlsCallback.c
Created September 29, 2018 19:36
TLS callback minimal example
//
// Merge .CRT section to .rdata (read only)
//
#pragma comment(linker, "/merge:.CRT=.rdata")
//
// Define variables marking the begin and the end
// of the TLS callback array.
//
@wbenny
wbenny / SYSTEM_DLL_TYPE.h
Created October 30, 2018 01:13
typedef enum _SYSTEM_DLL_TYPE
{
PsNativeSystemDll = 0,
PsWowX86SystemDll = 1,
PsWowArm32SystemDll = 2,
PsWowAmd64SystemDll = 3,
PsWowChpeX86SystemDll = 4,
PsVsmEnclaveRuntimeDll = 5,
PsSystemDllTotalTypes = 6,
} SYSTEM_DLL_TYPE;
@wbenny
wbenny / PS_SYSTEM_DLL_DATA.h
Created October 30, 2018 01:16
//
// sizeof=0x50, align=0x8
//
typedef struct _PS_SYSTEM_DLL_DATA {
//
// +0x00
//
// _SECTION* object of the DLL.
@wbenny
wbenny / WOW64_SHARED_INFORMATION.h
Created October 30, 2018 01:30
typedef enum _WOW64_SHARED_INFORMATION
{
SharedNtdll32LdrInitializeThunk = 0,
SharedNtdll32KiUserExceptionDispatcher = 1,
SharedNtdll32KiUserApcDispatcher = 2,
SharedNtdll32KiUserCallbackDispatcher = 3,
SharedNtdll32RtlUserThreadStart = 4,
SharedNtdll32pQueryProcessDebugInformationRemote = 5,
SharedNtdll32BaseAddress = 6,
SharedNtdll32LdrSystemDllInitBlock = 7,
@wbenny
wbenny / NTDLL_EXPORTS.h
Last active November 5, 2020 01:15
typedef struct _PS_NTDLL_EXPORT_ITEM {
PCSTR RoutineName;
PVOID RoutineAddress;
} PS_NTDLL_EXPORT_ITEM, *PPS_NTDLL_EXPORT_ITEM;
PS_NTDLL_EXPORT_ITEM NtdllExports[] = {
//
// 19 exports on x64
// 14 exports on ARM64
//
@wbenny
wbenny / 2_appendix.h
Created November 4, 2018 02:40
////////////////////////////////////////////////////////////////////////////////
// General definitions.
////////////////////////////////////////////////////////////////////////////////
//
// Context flags.
// winnt.h (Windows SDK)
//