rbmm rbmm
rbmm
/ gist:40528e3add769160e3964cc121af0aca
Created
September 22, 2025 11:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct TPARAMS | |
| { | |
| HANDLE hEvent; | |
| PNT_TIB Tib; | |
| ULONG_PTR LowLimit, HighLimit; | |
| }; | |
| ULONG WINAPI TestThread(TPARAMS* param) | |
| { | |
| param->Tib = reinterpret_cast<PNT_TIB>(NtCurrentTeb()); |
rbmm
/ gist:4c0a51842251904deba3907e4ace6856
Last active
August 7, 2025 22:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void ght(PCWSTR lpMachineName) | |
| { | |
| HKEY hKey, hk; | |
| if (NOERROR == RegConnectRegistry(lpMachineName, HKEY_USERS, &hKey)) | |
| { | |
| ULONG i = 0; | |
| WCHAR name[SECURITY_MAX_SID_STRING_CHARACTERS + 32]; | |
| ULONG cch; | |
| LONG status; | |
| while (ERROR_NO_MORE_ITEMS != (status = RegEnumKeyExW(hKey, i++, name, &(cch = SECURITY_MAX_SID_STRING_CHARACTERS), 0, 0, 0, 0))) |
rbmm
/ gist:d586f56d512c732b84712c32125c2cc5
Created
July 29, 2025 14:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NTSTATUS CreateMountPoint(POBJECT_ATTRIBUTES poa, PCWSTR SubstituteName, PCWSTR PrintName) | |
| { | |
| NTSTATUS status = STATUS_INTERNAL_ERROR; | |
| PREPARSE_DATA_BUFFER prdb = 0; | |
| int len = 0; | |
| PWSTR PathBuffer = 0; | |
| ULONG cb = 0; | |
| while (0 < (len = _snwprintf(PathBuffer, len, L"%ws%c%ws", SubstituteName, 0, PrintName))) | |
| { |
rbmm
/ gist:db2f8bfe0b22d768242eef895a399038
Last active
July 28, 2025 19:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NTSTATUS CreateMountPoint(POBJECT_ATTRIBUTES poa, PCWSTR SubstituteName, PCWSTR PrintName) | |
| { | |
| NTSTATUS status = STATUS_INTERNAL_ERROR; | |
| PREPARSE_DATA_BUFFER prdb = 0; | |
| int len = 0; | |
| PWSTR PathBuffer = 0; | |
| ULONG cb = 0; | |
| while (0 < (len = _snwprintf(PathBuffer, len, L"%ws%c%ws", SubstituteName, 0, PrintName))) | |
| { |
rbmm
/ gist:5270762167c5053a00b70f6760f980d6
Created
July 28, 2025 18:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| inline HANDLE fixH(HANDLE hFile) | |
| { | |
| return hFile == INVALID_HANDLE_VALUE ? 0 : hFile; | |
| } | |
| NTSTATUS CreateMountPoint(PCWSTR pszFileName, PCWSTR SubstituteName, PCWSTR PrintName) | |
| { | |
| NTSTATUS status = STATUS_INTERNAL_ERROR; | |
| PREPARSE_DATA_BUFFER prdb = 0; | |
| int len = 0; |
rbmm
/ gist:da51ff407c86d3ede348689de0d11725
Created
July 28, 2025 16:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NTSTATUS CreateReparse(ULONG ReparseTag, PCWSTR pszFileName, PCWSTR SubstituteName, PCWSTR PrintName) | |
| { | |
| NTSTATUS status; | |
| PREPARSE_DATA_BUFFER prdb = 0; | |
| int len = 0; | |
| PWSTR PathBuffer = 0; | |
| ULONG cb = 0; | |
| UNICODE_STRING ObjectName; |
rbmm
/ gist:b2d053a5b0a226c123951bb43e9a13ff
Created
July 25, 2025 07:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NTSTATUS CreateReparse(PCWSTR pszFileName, PCWSTR SubstituteName, PCWSTR PrintName) | |
| { | |
| NTSTATUS status; | |
| PREPARSE_DATA_BUFFER prdb = 0; | |
| int len = 0; | |
| PWSTR PathBuffer = 0; | |
| ULONG cb = 0; | |
| while (0 < (len = _snwprintf(PathBuffer, len, L"%ws%c%ws", SubstituteName, 0, PrintName))) | |
| { |
rbmm
/ gist:8f49c14f5491438de835a83e75d17e8e
Created
July 25, 2025 07:52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BOOL InternalDeleteFileW(_In_ PCWSTR lpFileName) | |
| { | |
| union { | |
| FILE_ATTRIBUTE_TAG_INFORMATION attr; | |
| FILE_DISPOSITION_INFORMATION_EX fdi; | |
| }; | |
| UNICODE_STRING ObjectName; | |
| NTSTATUS status = RtlDosPathNameToNtPathName_U_WithStatus(lpFileName, &ObjectName, 0, 0); |
rbmm
/ gist:2a0a89af437bc63ddce65bf0b86396dc
Created
July 14, 2025 16:50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p | |
| ------------------------------------------------ | |
| KernelBase.dll!CreateProcessInternalW | |
| KernelBase.dll!CreateProcessAsUserW + 63 | |
| kernel32.dll!CreateProcessAsUserW + 60 | |
| rpcss.dll!long CClassData::PrivilegedLaunchRunAsServer(CToken *,int,unsigned long,unsigned long,unsigned long,unsigned short *,unsigned __int64,unsigned __int64,unsigned __int64,tagBLOB *,_GUID const *,void *,tagBLOB *,void *,void *,void *,void * *,void * | |
| rpcss.dll!<lambda_489b516486e6fe272c46d0ac0b2bfda9>::operator() + 2ff | |
| rpcss.dll!_LaunchWinRTRunAsServer + 1c3 | |
| rpcrt4.dll!Invoke + 73 | |
| rpcrt4.dll!NdrStubCall2 + 30d |
rbmm
/ gist:f9b5faf6e4f843ef1ba408e5fc96551e
Created
July 12, 2025 22:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| long BinToBase64(const unsigned char* data, unsigned cb, char* encoded_string, unsigned * plen, unsigned line = 76) | |
| { | |
| static const char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; | |
| if (!cb) | |
| { | |
| return STATUS_INVALID_PARAMETER; | |
| } | |
| int z = 0, len = *plen; |
NewerOlder