RistBS
/ ntIoFunctions.txt
Created
October 31, 2023 19:59
— forked from joshfinley/ntIoFunctions.txt
Windows native I/O manager support functions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2: kd> x nt!Io* | |
| fffff800`3e820158 nt!IopStoreArcInformation (void) | |
| fffff800`3df1ee6c nt!IopCheckListForCancelableIrp (void) | |
| fffff800`3e56ebc4 nt!IopInitializeCrashDump (void) | |
| fffff800`3df74b50 nt!IoCsqRemoveIrp (void) | |
| fffff800`3e560a70 nt!IopPortAddAllocation (void) | |
| fffff800`3df164f0 nt!IoReleaseRemoveLockEx (void) | |
| fffff800`3df95750 nt!IoAllocateDriverObjectExtension (void) | |
| fffff800`3e446f34 nt!IopQueryNameInternal (void) | |
| fffff800`3ded49b0 nt!IoReportTargetDeviceChangeAsynchronous (void) |
RistBS
/ CtlInject_Legacy.c
Created
October 27, 2023 16:41
— forked from realoriginal/CtlInject_Legacy.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*! | |
| * | |
| * ROGUE | |
| * | |
| * GuidePoint Security LLC | |
| * | |
| * Threat and Attack Simulation Team | |
| * | |
| !*/ |
RistBS
/ export_payload_dialog.py
Created
July 25, 2023 14:31
— forked from realoriginal/export_payload_dialog.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import qtinter | |
| import ipaddress | |
| from PyQt5.QtWidgets import * | |
| from PyQt5.QtCore import * | |
| from PyQt5.QtGui import * | |
| class ExportPayloadDialog( QObject ): | |
| """ |
RistBS
/ shellcode_exec_workerfactory.c
Last active
July 30, 2024 16:31
Just another shellcode execution technique :)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #define PRINTDEBUG(fmt, ...) printf(fmt "\n", ##__VA_ARGS__) | |
| #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0) | |
| #define WORKER_FACTORY_FULL_ACCESS 0xf00ff | |
| typedef struct _UNICODE_STRING { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // How to locate the WOW64 Callback Table in ntdll.dll | |
| // | |
| // @modexpblog | |
| // | |
| #define PHNT_VERSION PHNT_VISTA | |
| #include <phnt_windows.h> | |
| #include <phnt.h> |
RistBS
/ Entry.c
Created
March 29, 2023 16:46
— forked from realoriginal/Entry.c
TLDR: How a socks proxy client is written to tunnel connections from a 'teamserver' to an agent.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*! | |
| * | |
| * RPROXICMP | |
| * | |
| * GuidePoint Security LLC | |
| * | |
| * Threat and Attack Simulation Team | |
| * | |
| !*/ |