botder
/ threads.cpp
Created
July 26, 2025 22:13
This piece of source code shows you how to override BaseThreadInitThunk, which gets called by ntdll.dll before a thread starts its execution. This technique is also used by browsers to combat malicious threads/actors.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <cstdio> | |
| #define UNICODE | |
| #define NOMINMAX | |
| #define WIN32_NO_STATUS | |
| #define WIN32_LEAN_AND_MEAN | |
| #define _WIN32_WINNT 0x0A00 | |
| #include <windows.h> | |
| #include <windowsx.h> | |
| #undef WIN32_NO_STATUS | |
| #include <ntstatus.h> |
botder
/ fibers.cpp
Last active
July 26, 2025 21:38
This piece of source code shows you how to override both RtlUserFiberStart and BaseFiberStart for fibers on the Windows operating system. This was tested on Windows 11 and all the way down to Windows Vista. Does not support ARM64 because I don't own such a device.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <cstdio> | |
| #define UNICODE | |
| #define NOMINMAX | |
| #define WIN32_NO_STATUS | |
| #define WIN32_LEAN_AND_MEAN | |
| #define _WIN32_WINNT 0x0A00 | |
| #include <windows.h> | |
| #include <windowsx.h> | |
| #undef WIN32_NO_STATUS | |
| #include <ntstatus.h> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- | |
| -- Element tree | |
| -- | |
| local screenWidth, screenHeight = guiGetScreenSize() | |
| local function getCenteredPosition(width, height) | |
| return (screenWidth - width) / 2, (screenHeight - height) / 2 | |
| end | |
| local function createChildrenStack(element) |