"Type", 0x2
"Directory", 0x3
"SymbolicLink", 0x4
"Token", 0x5  
"Job", 0x6  
"Process", 0x7  
"Thread", 0x8  
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | # probably exists in a better form; but script is useful for caching OS modules based on major OS version/build and file | |
| # hash. intended to make life easier, ymmv. | |
| # | |
| # .\symcache.ps1 -src "C:\Windows\System32\drivers" -dst "X:\Windows\drivers" | |
| # ^^ This will copy and organize the bins in the subdirectory and recurse through all subdirectories, and then download | |
| # the symbols if they are available. | |
| # | |
| # - daax | |
| param( | 
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | // author: daax | |
| // 0x4a65 = 19045 (windows version) | |
| int main() | |
| { | |
| PSAPI_WORKING_SET_INFORMATION* w = ( PSAPI_WORKING_SET_INFORMATION* ) malloc( 1 << 20 ); | |
| QueryWorkingSet( GetCurrentProcess(), w, 1 << 20 ); | |
| for ( u32 i = 0; i < w->NumberOfEntries; i++ ) | |
| if ( ( w->WorkingSetInfo[ i ].Flags & 31 ) == 4 ) | |
| for ( u8* p = ( u8* ) ( ( w->WorkingSetInfo[ i ].Flags >> 12 ) << 12 ), | 
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | #include <windows.h> | |
| #include <iostream> | |
| #include <fstream> | |
| #include <string> | |
| #include <vector> | |
| #include <ctime> | |
| #include <memory> | |
| #include <optional> | |
| #include <random> | |
| #include <string_view> | 
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | // Compiled with LLVM clang-cl in VS2022, latest-working draft c/++ | |
| // no ifs ands or buts keylogger (@https://x.com/vxunderground/status/1879395134321954958) | |
| // updated with RYO if-else construct | |
| // v1 using ternary+logical-and+comma: https://gist.github.com/daaximus/1f6125f0e7da3072bc7e8a403245ef1b | |
| // | |
| #define _CRT_SECURE_NO_WARNINGS | |
| #include <cstdint> | |
| #include <windows.h> | |
| #include <stdio.h> | 
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | #include <windows.h> | |
| #include <gdiplus.h> | |
| #include <string> | |
| #include <iostream> | |
| #include <fstream> | |
| using namespace Gdiplus; | |
| #pragma comment (lib,"Gdiplus.lib") | |
| int get_encoder_clsid( const WCHAR* format, CLSID* clsid ) | 
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | import idautils | |
| import idaapi | |
| import idc | |
| def get_func_prototype(ea): | |
| tinfo = idaapi.tinfo_t() | |
| if idaapi.get_tinfo(tinfo, ea): | |
| return idaapi.print_tinfo("", 0, 0, idaapi.PRTYPE_1LINE, tinfo, "", "") | |
| else: | |
| return None | 
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | import idaapi | |
| import idc | |
| import idautils | |
| import ida_auto | |
| import ida_bytes | |
| def is_call_instruction(ea): | |
| return 'call' in idc.generate_disasm_line(ea, idc.GENDSM_FORCE_CODE) | |
| def is_rsp_add_instruction(ea): | 
      This file has been truncated, but you can view the full file.
    
    
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | 0000:0000=Device | |
| 0000:0002=USB Implementer Forum Mass Storage | |
| 0000:3825=USB Mouse | |
| 0000:7777=USB Flash Drive | |
| 0001:0001=Gaming Optical Mouse5 | |
| 0001:142b=Arbiter Systems, Inc. | |
| 0001:7778=Fry's Electronics Counterfeit flash drive [Kingston] | |
| 0002:0002=Ingram passport00 | |
| 0002:7007=Ingram HPRT XT300 | 
The CTREE is built from the optimized microcode (maturity at CMAT_FINAL), it represents an AST-like tree with C statements and expressions. It can be printed as C code.
NewerOlder