Valentin Radu valinet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Copyright 2026 Valentin Radu | |
| // License: GPLv2 | |
| // | |
| // cl /nologo winring0.c kernel32.lib ntdll.lib /O1 /GS- /Gs9999999 /GF /kernel /link /DLL /ENTRY:DllMain /NODEFAULTLIB /SUBSYSTEM:windows /NOCOFFGRPINFO /ALIGN:16 /MERGE:.rdata=.text /MERGE:.pdata=.text /OUT:WinRing0x64.dll | |
| // | |
| // cl /nologo winring0.c kernel32.lib ntdll.lib /O1 /GS- /Gs9999999 /GF /kernel /link /DLL /ENTRY:DllMain /NODEFAULTLIB /SUBSYSTEM:windows /NOCOFFGRPINFO /ALIGN:16 /MERGE:.rdata=.text /MERGE:.pdata=.text /OUT:WinRing0.dll | |
| // | |
| #define WIN32_LEAN_AND_MEAN | |
| #include <ntstatus.h> | |
| #define WIN32_NO_STATUS |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| WinRing0 Fix(ish) | |
| ================= | |
| Recently, there's been a ton of debate about how WinRing0 is the worst thing to have hit | |
| the planet. A lot of overexaggerated crap, yet the conclusion seems to be that WinRing0 | |
| is the ultimate sin because it doesn't protect its device with a DACL that disallows | |
| non-elevated processes from interacting with it. For now, until "security" becomes even | |
| more "secure", the consensus is that it is okayish for apps to mess with arbitrary | |
| memory regions (or at least, there's not much you can do about it), only when elevated tho. |
valinet
/ local_spawn.c
Last active
May 17, 2026 15:40
Launch processes from SSH into the logged in user session
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // cl /nologo main.c kernel32.lib user32.lib advapi32.lib wtsapi32.lib userenv.lib /O1 /GS- /Gs9999999 /GF /kernel /link /ENTRY:main /NODEFAULTLIB /SUBSYSTEM:windows /NOCOFFGRPINFO /ALIGN:16 /MERGE:.rdata=.text /MERGE:.pdata=.text /OUT:local_spawn.exe | |
| #include <Windows.h> | |
| #include <strsafe.h> | |
| #include <TlHelp32.h> | |
| #include <wtsapi32.h> | |
| #include <UserEnv.h> | |
| #include <Lmcons.h> | |
| #ifndef _DEBUG | |
| #pragma comment(linker, "/NODEFAULTLIB") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // cl /nologo uaskmgr.c advapi32.lib kernel32.lib user32.lib /O1 /GS- /Gs9999999 /GF /kernel /link /ENTRY:main /NODEFAULTLIB /SUBSYSTEM:windows /NOCOFFGRPINFO /ALIGN:16 /MERGE:.rdata=.text /MERGE:.pdata=.text /OUT:uaskmgr.exe | |
| #include <Windows.h> | |
| int main() { | |
| char map = 0; | |
| PROCESS_INFORMATION pi; | |
| STARTUPINFOW si; | |
| for (int i = 0; i < sizeof(si); i = i + 2) |
valinet
/ WhSignalDrv.c
Created
June 22, 2024 17:02
Exmple of DLL and driver that signal Windhawk to scan for new processes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Example of a driver that helps Windhawk | |
| // inject processes created by inaccessible processes early on | |
| // ========================================================================== | |
| // Valentin-Gabriel Radu, valentin.radu@valinet.ro | |
| // | |
| // Upstream issue: | |
| // https://github.com/ramensoftware/windhawk/issues/197 | |
| // | |
| #include <ntifs.h> | |
| #define INVALID_HANDLE_VALUE ((HANDLE)(LONG_PTR)-1) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <initguid.h> | |
| #include <Windows.h> | |
| #include <roapi.h> | |
| #include <Windows.ui.notifications.h> | |
| #include <notificationactivationcallback.h> | |
| #include <tchar.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "runtimeobject.lib") | |
| DWORD dwMainThreadId = 0; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iostream> | |
| #include <io.h> | |
| #include <fcntl.h> | |
| BOOL EnumresLang(HMODULE hModule, LPCWSTR lpType, LPCWSTR lpName, WORD wLanguage, LONG_PTR lParam) | |
| { | |
| if (lpType == RT_STRING) | |
| { | |
| const HRSRC res = FindResourceEx(hModule, lpType, lpName, wLanguage); |
valinet
/ toggle_clock_flyout.c
Last active
October 12, 2023 01:31
An example showing an interesting technique necessary to toggle the clock flyout in the Windows 10 taskbar on the monitor containing the mouse
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Example showing an interesting technique necessary to toggle the clock flyout | |
| * in the Windows 10 taskbar on the monitor containing the mouse | |
| * | |
| * Copyright (C) 2006-2021 VALINET Solutions SRL. All rights reserved. | |
| * License: GPLv2 | |
| */ | |
| #include <Windows.h> | |
| #include <TlHelp32.h> |
valinet
/ WinCenterTitle.xml
Created
January 13, 2021 23:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-16"?> | |
| <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> | |
| <RegistrationInfo> | |
| <Date>2020-12-31T19:52:44.3288116</Date> | |
| <Author>DESKTOP-JIAP5UR\Administrator</Author> | |
| <Description>Center the text in windows' title bars.</Description> | |
| <URI>\WinCenterTitle</URI> | |
| </RegistrationInfo> | |
| <Triggers> | |
| <LogonTrigger> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <unattend xmlns="urn:schemas-microsoft-com:unattend"> | |
| <settings pass="windowsPE"> | |
| <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |
| <UserData> | |
| <AcceptEula>true</AcceptEula> | |
| </UserData> | |
| </component> | |
| </settings> | |
| <settings pass="oobeSystem"> |
NewerOlder