Resolve DOS MZ executable symbols at runtime

Related tags

Miscellaneous windows kernel rootkit symbols symbol rootkits ntsymbol
Overview

NtSymbol

Resolve DOS MZ executable symbols at runtime

Example

You no longer have not have to use memory pattern scan inside your sneaky rootkit. Pass the RVAs into your kernel payloads!

int main()
{
    ntsymbol ntoskrnl("%SYSTEMROOT%\\system32\\ntoskrnl.exe");
    ntoskrnl.init();
    /* Useful for retriving NTOS image base without any calls */
    const auto RvaPsNtosImageBase = ntoskrnl.resolve(L"PsNtosImageBase");
    
    
    ntsymbol cidll("%SYSTEMROOT%\\system32\\CI.dll");
    cidll.init();
    /* DSE Bypass! */
    const auto RvaCiOptions = cidll.resolve(L"g_CiOptions");
}
You might also like...
Armazena a tabela nutricional dos alimentos em um banco de dados (SQLITE), salva as quantidades em um arquivo EXCEL, informando se a meta diária foi batida.

QT-Controle-de-Dieta Armazena a tabela nutricional dos alimentos em um banco de dados (SQLITE), salva as quantidades em um arquivo EXCEL, informando s

null 1 Oct 26, 2021
Use DOS object files (OMF) as patch files

omfpatch - Use Intel/Microsoft .OBJ files as binary diffs Overview This tool makes it possible to use MASM / TASM / JWasm / nasm as tool to write patc

Michael Karcher 2 Jan 30, 2022
Adjust Cirrus Logic CL-GD542x memory clock (DOS tool)

clmclk This is a tool for DOS to adjust Cirrus Logic CL-GD542x memory clock. This tool works on ISA and VL graphics cards with the CL-GD542, CL-GD5426

Michael Karcher 3 Apr 6, 2022
DOOM ported to the dos-like framework

doom-for-dos-like This is a quick but fairly complete version of the original DOOM ported to the dos-like framework. The data included is for original

Mattias Gustavsson 30 Sep 25, 2022
Patch for Titanfall 2 that helps prevent disconnects while the servers are being attacked by a DoS attack.

Titanfall2 DeltaBuf patch This patch for Titanfall 2 helps prevent disconnects while the servers are being attacked by a DoS attack. Disclaimer This i

null 7 Jan 8, 2023
Alice Pascal for MS-DOS

Alice Pascal This is the Root of the Alice Source tree. You really want to go into src To find alice source and build it and install apin To build

DosWorld 5 Apr 10, 2022
A DOOM 32 extension for DOS using increased limits beyond what DOOM32 provides.

DOOM128 A DOOM 32 extension for DOS using increased limits beyond what DOOM32 provides. Why Because having a DOS compatible DOOM source port that incr

Gibbon 10 May 5, 2022
JavaScript runtime for Fastly Compute@Edge

Fastly Compute@Edge JS Runtime The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using

Fastly 122 Dec 20, 2022
Embedded Flutter runtime targeting Embedded Linux with Wayland

ivi-homescreen IVI Homescreen for Wayland Strongly Typed (C++) Lightweight Clang 11 Release Stripped = 151k GCC 9.3 Release Stripped = 168k Source run

null 170 Dec 13, 2022
Owner
Kento Oki
Kento Oki
GitHub
A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows

WindowsPermsPoC A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows You can build i

Lorenzo Maffia 55 Jul 21, 2022
Programming language that compiles into a x86 ELF executable.

ocean Programming language that compiles into a x86 ELF executable. The main goal at the moment is to create a C compiler, which can atleast compile i

Richard 166 Jul 27, 2022
Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving

Beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.exe" by using DCOM object.

Chris Au 91 Dec 28, 2022
The C source code was RESTORED by disassembling the original executable file OPTIM.COM from the Hi-Tech v3.09 compiler.

The C source code was RESTORED by disassembling the original executable file OPTIM.COM from the Hi-Tech v3.09 compiler. This file is compiled by Hi-Te

null 11 Dec 10, 2022
Simple one file header for hijacking windows version.dll for desired executable to do 3rd party modifying without dll injection.

Version-Hijack Simple one file header for hijacking windows version.dll for desired executable to do 3rd party modifying without dll injection. Usage

sneakyevil 6 Oct 19, 2022
Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)

Stealthy Kernel-mode Injector Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation

Charlie Wolfe 137 Jan 3, 2023
Run Linux programs on DOS

A WSL alternative for users who prefer an MS-DOS environment. DOS Subsystem for Linux integrates a real Linux environment into MS-DOS systems, allowing users to make use of both DOS and Linux applications from the DOS command prompt.

Hailey Somerville 1.3k Dec 22, 2022
AMD K6-2 (CXT) / K6-2+ / K6-3 / K6-3+ Write Allocate / Write Combine / Write Ordering / Frequency Multiplier Initialization driver for MS-DOS

K6INIT What is this? This is a driver for MS-DOS to replace k6dos.sys which is a bit useless and unflexible. It does not support the CXT versions of t

null 10 Sep 11, 2022
PoC (DoS) for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CallbackHell DoS PoC for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-a

Oliver Lyak 437 Dec 31, 2022
A ZX Spectrum-like library built for "dos-like" by Mattias Gustavsson.

ZX-Like A ZX Spectrum-like library built for "dos-like" by Mattias Gustavsson. It allows for the creation of ZX Spectrum like screens for demos, games

Oli Wilkinson 3 Oct 20, 2021