trickster0 trickster0
trickster0
/ SuperReturn.c
Created
June 21, 2025 11:52
— forked from namazso/SuperReturn.c
SuperReturn
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Return, but across multiple frames. | |
| // | |
| // This function unwinds the given number of frames, then sets the return value provided, emulating as if this number | |
| // of functions returned, with the last one returning the value provided in RetVal. Can be used to hook a callee when | |
| // you don't have a convenient way to hook it directly and actually just want to stub it out with a return value. | |
| // | |
| // @param FramesToSkip The number of frames to skip, starting from the current frame. | |
| // @param RetVal The value to return from the last frame. | |
| // @param Context Context to start from, in case you want to SuperReturn from somewhere deeper. | |
| DECLSPEC_NOINLINE void SuperReturn( |
trickster0
/ Entry.c
Created
March 29, 2023 18:05
— forked from realoriginal/Entry.c
TLDR: How a socks proxy client is written to tunnel connections from a 'teamserver' to an agent.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*! | |
| * | |
| * RPROXICMP | |
| * | |
| * GuidePoint Security LLC | |
| * | |
| * Threat and Attack Simulation Team | |
| * | |
| !*/ |
trickster0
/ SysCall.cpp
Created
January 7, 2022 16:59
— forked from benpturner/SysCall.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _CRT_SECURE_NO_WARNINGS | |
| #include <iostream> | |
| #include <windows.h> | |
| #include <psapi.h> | |
| typedef struct _PS_ATTRIBUTE { | |
| ULONG Attribute; | |
| SIZE_T Size; | |
| union { |
trickster0
/ ReflectedDll.c
Created
December 15, 2021 11:30
— forked from Cracked5pider/ReflectedDll.c
Get output from injected reflected dll
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //===============================================================================================// | |
| // This is a stub for the actuall functionality of the DLL. | |
| //===============================================================================================// | |
| #include "ReflectiveLoader.h" | |
| #include <stdio.h> | |
| // Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are | |
| // defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own | |
| // DllMain and use the LoadRemoteLibraryR() API to inject this DLL. |
trickster0
/ StealthNtdll.h
Created
December 15, 2021 10:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #pragma once | |
| #include <Windows.h> | |
| // Macros | |
| // ------------------------------------------------------------------------ | |
| #define STATUS_SUCCESS 0x00000000 | |
| #define STATUS_IMAGE_NOT_AT_BASE 0x40000003 |