helloobaby
helloobaby
/ main.cpp
Created
January 3, 2023 04:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //sender | |
| #include <ntifs.h> | |
| #define CALLBACKNAME L"\\Callback\\driverStart" | |
| VOID UnloadDriver(PDRIVER_OBJECT driver); | |
| VOID MyThread(PVOID context); |
helloobaby
/ main.c
Created
December 22, 2022 13:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include<ntifs.h> | |
| #include<ntddk.h> | |
| #include<wdm.h> | |
| #include "symcrypt.h" | |
| template<typename... types> | |
| void print(types... args) | |
| { | |
| DbgPrintEx(DPFLTR_DEFAULT_ID, DPFLTR_ERROR_LEVEL, args...); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include"minifilter.h" | |
| namespace minifilter { | |
| // minifilter加载的时候会给每个卷都挂载上 | |
| NTSTATUS InstanceSetup(_In_ PCFLT_RELATED_OBJECTS FltObjects, | |
| _In_ FLT_INSTANCE_SETUP_FLAGS Flags, | |
| _In_ DEVICE_TYPE VolumeDeviceType, | |
| _In_ FLT_FILESYSTEM_TYPE VolumeFilesystemType) { | |
| PAGED_CODE(); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ZydisDisassembledInstruction insn; | |
| ZydisDisassembleIntel(ZYDIS_MACHINE_MODE_LONG_COMPAT_32, (ZyanU64)ip, ip, | |
| 15, &insn); | |
| ZyanU64 ResultAddress; | |
| if (insn.info.mnemonic == ZYDIS_MNEMONIC_CALL) { | |
| ZydisCalcAbsoluteAddress(&insn.info, insn.operands, (ZyanU64)ip, | |
| &ResultAddress); | |
| TraceFile << hex << "ip : ResultAddress " << ip << "\t" << ResultAddress | |
| << endl; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import unicorn | |
| import pefile | |
| import capstone | |
| # 要分析的样本路径 | |
| sample_file_path = 'C:\\Users\\asdf\\Desktop\\a9542676ee9a25c64a9fec1466664511f6059b51d8192025f95855b02ffe9620\\' \ | |
| 'a9542676ee9a25c64a9fec1466664511f6059b51d8192025f95855b02ffe9620.malware' | |
| # 初始化unicorn | |
| uc = unicorn.Uc(unicorn.UC_ARCH_X86, unicorn.UC_MODE_32) |
helloobaby
/ main.cpp
Created
November 7, 2022 06:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| sub_4220B0 | |
| 字符串动态解密 demo | |
| */ | |
| #include <iostream> | |
| #include <windows.h> | |
| #include <memory> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <benchmark/benchmark.h> | |
| #include <iostream> | |
| #include <codecvt> | |
| #include <windows.h> | |
| #pragma comment(lib,"Shlwapi.lib") | |
| wchar_t *Curl_convert_UTF8_to_wchar(const char *str_utf8) { | |
| wchar_t *str_w = NULL; | |
| if (str_utf8) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use warp::Filter; | |
| fn template_fn<F:std::ops::Add<Output=F> + From<i32> >(mut num: F) -> F{ | |
| num = num + 2.into(); | |
| num | |
| } | |
| fn main() { | |
| println!("{}",template_fn(2)); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _CRT_SECURE_NO_WARNINGS | |
| #include <iostream> | |
| #include <chrono> | |
| #include <windows.h> | |
| using namespace std; | |
| int main(int ac, char* av[]) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //https://stackoverflow.com/questions/7941725/boosttokenizer-comma-separated-c | |
| #include <iostream> | |
| #include <exception> | |
| #include <vector> | |
| #include <algorithm> | |
| #include <cassert> | |
| #include <boost/tokenizer.hpp> |
NewerOlder