Holds all simple Visual Studio programs that I've created over the years.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
createfile
createremotethread
dga
dllinject
dlltest
flags
helloworld
hookidt
hookmsr
hookssdt
isdebuggerpresent
kerneldebug
linearsweep
setwindowshookex
README.md

README.md

Copyright (C) 2012-2014, Protean Security

All rights reserved.

The Visual Studio Projects contain the projects described below.

  • dga

    Code samples for domain generation algorithm (DGA) article.

  • createfile

    A project that was used in the The Sysenter Instruction and 0x2e Interrupt article.

  • createremotethread

    A project that uses CreateRemoteThread function to inject a DLL into chosen process's address space.

  • dllinject

    The DLL that can be injected into some process so it can hook the IAT import table.

  • dlltest

    This is a sample DLL that was used in the article accessible here: Api Hooking Detours.

  • flags

    A very simple program for reverse engineering where you can see the difference between creating an object on stack versus the heap.

  • helloworld

    This is a "Hello World" project that uses a software interrupt to instruct a debugger to pause execution just before the printf statement is reached. Basically it uses the __asm { int 0x3 }; code block.

  • hookidt

    Windows kernel driver that hooks IDT descriptors and runs arbitrary function when the chosen interrupt is invoked.

  • hookmsr

    Windows kernel driver that hooks MSR entries and runs arbitrary function when the sysenter instruction is used for system calls.

  • hookssdt

    Windows kernel driver that hooks SSDT system calls, which is able to hook arbitrary system calls regardless of whether they're being called with "int 0x2e" or sysenter.

  • isdebuggerpresent

    A project that uses IsDebuggerPresent function that can detect whether a debugger is being used to debug the current program. There are two articles where this project is relevant: Anti-Debugging: Detecting System Debugger

  • kerneldebug

    A simple project that uses the NtQueryInformationProcess function to get information from the process.

  • linearsweep

    This program was used in the following article Linear Sweep vs Recursive Disassembling Algorithm

  • setwindowshookex

    A project that uses SetWindowsHookEx function to inject a DLL into chosen process's address space.