Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
dga
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

Copyright (C) 2012-2014, Protean Security

All rights reserved.

The Visual Studio Projects contain the projects described below.

  • dga

    Code samples for domain generation algorithm (DGA) article.

  • createfile

    A project that was used in the The Sysenter Instruction and 0x2e Interrupt article.

  • createremotethread

    A project that uses CreateRemoteThread function to inject a DLL into chosen process's address space.

  • dllinject

    The DLL that can be injected into some process so it can hook the IAT import table.

  • dlltest

    This is a sample DLL that was used in the article accessible here: Api Hooking Detours.

  • flags

    A very simple program for reverse engineering where you can see the difference between creating an object on stack versus the heap.

  • helloworld

    This is a "Hello World" project that uses a software interrupt to instruct a debugger to pause execution just before the printf statement is reached. Basically it uses the __asm { int 0x3 }; code block.

  • hookidt

    Windows kernel driver that hooks IDT descriptors and runs arbitrary function when the chosen interrupt is invoked.

  • hookmsr

    Windows kernel driver that hooks MSR entries and runs arbitrary function when the sysenter instruction is used for system calls.

  • hookssdt

    Windows kernel driver that hooks SSDT system calls, which is able to hook arbitrary system calls regardless of whether they're being called with "int 0x2e" or sysenter.

  • isdebuggerpresent

    A project that uses IsDebuggerPresent function that can detect whether a debugger is being used to debug the current program. There are two articles where this project is relevant: Anti-Debugging: Detecting System Debugger

  • kerneldebug

    A simple project that uses the NtQueryInformationProcess function to get information from the process.

  • linearsweep

    This program was used in the following article Linear Sweep vs Recursive Disassembling Algorithm

  • setwindowshookex

    A project that uses SetWindowsHookEx function to inject a DLL into chosen process's address space.

About

Holds all simple Visual Studio programs that I've created over the years.

Resources

Releases

No releases published

Packages

No packages published