Petr Beneš wbenny
wbenny
/ 2_BTCpuSimulate_ARM64.h
Created
November 4, 2018 02:41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DECLSPEC_NORETURN | |
| VOID | |
| BTCpuSimulate( | |
| VOID | |
| ) | |
| { | |
| NTSTATUS Status; | |
| PCONTEXT Context; | |
| // |
wbenny
/ 2_IDA_BT_rename.py
Created
November 4, 2018 02:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| begin = 0x01800A8C20 | |
| end = 0x01800B7B4F | |
| struct_size = 24 | |
| ea = begin | |
| while ea < end: | |
| ea += struct_size | |
| name = idc.GetString(idc.Qword(ea)) | |
| idc.MakeName(idc.Qword(ea+8), name) |
wbenny
/ 2_NtWaitForSingleObject.h
Created
November 4, 2018 02:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NTSTATUS | |
| NTAPI | |
| NtWaitForSingleObject( | |
| _In_ HANDLE Handle, | |
| _In_ BOOLEAN Alertable, | |
| _In_ PLARGE_INTEGER Timeout | |
| ); |
wbenny
/ 2_WOW64_SYSTEM_SERVICE_1.h
Created
November 4, 2018 02:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef struct _WOW64_SYSTEM_SERVICE | |
| { | |
| USHORT SystemCallNumber : 12; | |
| USHORT ServiceTableIndex : 4; | |
| } WOW64_SYSTEM_SERVICE, *PWOW64_SYSTEM_SERVICE; |
wbenny
/ 2_WOW64_SYSTEM_SERVICE_2.h
Created
November 4, 2018 02:44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef struct _WOW64_SYSTEM_SERVICE | |
| { | |
| ULONG SystemCallNumber : 12; | |
| ULONG ServiceTableIndex : 4; | |
| ULONG TurboThunkNumber : 5; // Can hold values 0 - 31 | |
| ULONG AlwaysZero : 11; | |
| } WOW64_SYSTEM_SERVICE, *PWOW64_SYSTEM_SERVICE; |
wbenny
/ 2_WOW64_SERVICE_TABLE_DESCRIPTOR.h
Created
November 4, 2018 02:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef struct _WOW64_ERROR_CASE { | |
| ULONG Case; | |
| NTSTATUS TransformedStatus; | |
| } WOW64_ERROR_CASE, *PWOW64_ERROR_CASE; | |
| typedef struct _WOW64_SERVICE_TABLE_DESCRIPTOR { | |
| KSERVICE_TABLE_DESCRIPTOR Descriptor; |
wbenny
/ 2_NtWow64CallFunction64.h
Created
November 4, 2018 15:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef enum _WOW64_FUNCTION { | |
| Wow64Function64Nop, | |
| Wow64FunctionQueryProcessDebugInfo, | |
| Wow64FunctionTurboThunkControl, | |
| Wow64FunctionCfgDispatchControl, | |
| Wow64FunctionOptimizeChpeImportThunks, | |
| } WOW64_FUNCTION; | |
| NTSYSCALLAPI | |
| NTSTATUS |
wbenny
/ 2_NtWow64CallFunction64_Wow64FunctionTurboThunkControl.h
Created
November 4, 2018 15:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define WOW64_TURBO_THUNK_DISABLE 0 | |
| #define WOW64_TURBO_THUNK_ENABLE 1 // STATUS_NOT_SUPPORTED :( | |
| ThunkInput = WOW64_TURBO_THUNK_DISABLE; | |
| Status = NtWow64CallFunction64(Wow64FunctionTurboThunkControl, | |
| 0, | |
| sizeof(ThunkInput), | |
| &ThunkInput, | |
| 0, | |
| NULL, |
wbenny
/ NtGenericCall.h
Last active
September 17, 2020 16:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <ntdll_windows.h> | |
| #include <ntdll.h> | |
| // extern "C" | |
| // UINT_PTR | |
| // NTAPI | |
| // MwGenericCall( | |
| // ULONG SyscallNumber, | |
| // ULONG ArgumentCount, | |
| // va_list ArgumentList |
wbenny
/ intel-sdm-201805-201811.diff
Created
November 23, 2018 19:46
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/2018may.txt b/2018nov.txt | |
| index f007f17..4270c98 100644 | |
| --- a/2018may.txt | |
| +++ b/2018nov.txt | |
| @@ -8,8 +8,8 @@ Developer's Manual: Basic Architecture, Order Number 253665; Instruction Set Ref | |
| Number 325383; System Programming Guide, Order Number 325384; Model-Specific Registers, Order | |
| Number 335592. Refer to all four volumes when evaluating your design needs. | |
| -Order Number: 325462-067US | |
| -May 2018 |