rbmm’s gists

rbmm / gist:fa844c6aa4e4c4d72f4dcaf7733c7980

Last active April 14, 2026 18:25

	NTSTATUS CreateECDHKey(_In_ BCRYPT_KEY_HANDLE *phKey, PCWSTR pszAlgId)
	{
	NTSTATUS status;
	BCRYPT_ALG_HANDLE hAlgorithm;

	if (0 <= (status = BCryptOpenAlgorithmProvider(&hAlgorithm, pszAlgId, 0, 0)))
	{
	BCRYPT_KEY_HANDLE hKey;
	status = BCryptGenerateKeyPair(hAlgorithm, &hKey, 0, 0);
	BCryptCloseAlgorithmProvider(hAlgorithm, 0);

rbmm / gist:efed234d477e02c71726150de56b0650

Created March 19, 2026 09:32

	NTSTATUS GenRsaKey(_Out_ BCRYPT_KEY_HANDLE *phKey, _In_ ULONG dwLength = 2048)
	{
	NTSTATUS status;
	BCRYPT_ALG_HANDLE hAlgorithm;

	if (0 <= (status = BCryptOpenAlgorithmProvider(&hAlgorithm, BCRYPT_RSA_ALGORITHM, 0, 0)))
	{
	BCRYPT_KEY_HANDLE hKey;

	status = BCryptGenerateKeyPair(hAlgorithm, &hKey, dwLength, 0);

rbmm / gist:7187b226d49018ef34f1c883ef7a03c9

Created March 18, 2026 19:32

	NTSTATUS GenRsaKey(_Out_ BCRYPT_KEY_HANDLE *phKey, _In_ ULONG dwLength = 2048)
	{
	NTSTATUS status;
	BCRYPT_ALG_HANDLE hAlgorithm;

	if (0 <= (status = BCryptOpenAlgorithmProvider(&hAlgorithm, BCRYPT_RSA_ALGORITHM, 0, 0)))
	{
	BCRYPT_KEY_HANDLE hKey;

	status = BCryptGenerateKeyPair(hAlgorithm, &hKey, dwLength, 0);

rbmm / gist:2167d2ee35e877d48db5b4a5917046c5

Created February 22, 2026 09:09

	namespace std
	{
	class latch
	{
	HANDLE _hEvent;
	volatile LONG _Counter;
	public:
	latch(LONG Expected) : _Counter(Expected), _hEvent(CreateEventW(0,0,0,0))
	{
	}

rbmm / gist:5108df1be88a7c70e734e7121ea86a1f

Last active March 11, 2026 07:52

	NTSTATUS GenDHKey(_Out_ BCRYPT_KEY_HANDLE* phKey)
	{
	NTSTATUS status;
	BCRYPT_ALG_HANDLE hAlgorithm;

	if (0 <= (status = BCryptOpenAlgorithmProvider(&hAlgorithm, BCRYPT_DH_ALGORITHM, 0, 0)))
	{
	BCRYPT_KEY_HANDLE hKey;

	status = BCryptGenerateKeyPair(hAlgorithm, &hKey, 0, 0);

rbmm / gist:d7418d854594e2ec71d4464da4f8df07

Created November 28, 2025 08:06

	void TestDllReloc()
	{
	if (HMODULE hmod = GetModuleHandleW(L"kernel32.dll"))
	{
	STARTUPINFOW si = { sizeof(si) };
	PROCESS_INFORMATION pi;
	WCHAR cmd[] = L"notepad.exe";
	if (CreateProcessW(0, cmd, 0, 0, FALSE, CREATE_SUSPENDED, 0, 0, &si, &pi))
	{
	VirtualAllocEx(pi.hProcess, hmod, 1, MEM_RESERVE, PAGE_NOACCESS);

rbmm / gist:40528e3add769160e3964cc121af0aca

Created September 22, 2025 11:57

	struct TPARAMS
	{
	HANDLE hEvent;
	PNT_TIB Tib;
	ULONG_PTR LowLimit, HighLimit;
	};

	ULONG WINAPI TestThread(TPARAMS* param)
	{
	param->Tib = reinterpret_cast<PNT_TIB>(NtCurrentTeb());

rbmm / gist:4c0a51842251904deba3907e4ace6856

Last active August 7, 2025 22:15

	void ght(PCWSTR lpMachineName)
	{
	HKEY hKey, hk;
	if (NOERROR == RegConnectRegistry(lpMachineName, HKEY_USERS, &hKey))
	{
	ULONG i = 0;
	WCHAR name[SECURITY_MAX_SID_STRING_CHARACTERS + 32];
	ULONG cch;
	LONG status;
	while (ERROR_NO_MORE_ITEMS != (status = RegEnumKeyExW(hKey, i++, name, &(cch = SECURITY_MAX_SID_STRING_CHARACTERS), 0, 0, 0, 0)))

rbmm / gist:d586f56d512c732b84712c32125c2cc5

Created July 29, 2025 14:00

	NTSTATUS CreateMountPoint(POBJECT_ATTRIBUTES poa, PCWSTR SubstituteName, PCWSTR PrintName)
	{
	NTSTATUS status = STATUS_INTERNAL_ERROR;
	PREPARSE_DATA_BUFFER prdb = 0;
	int len = 0;
	PWSTR PathBuffer = 0;
	ULONG cb = 0;

	while (0 < (len = _snwprintf(PathBuffer, len, L"%ws%c%ws", SubstituteName, 0, PrintName)))
	{

rbmm / gist:db2f8bfe0b22d768242eef895a399038

Last active July 28, 2025 19:01

	NTSTATUS CreateMountPoint(POBJECT_ATTRIBUTES poa, PCWSTR SubstituteName, PCWSTR PrintName)
	{
	NTSTATUS status = STATUS_INTERNAL_ERROR;
	PREPARSE_DATA_BUFFER prdb = 0;
	int len = 0;
	PWSTR PathBuffer = 0;
	ULONG cb = 0;

	while (0 < (len = _snwprintf(PathBuffer, len, L"%ws%c%ws", SubstituteName, 0, PrintName)))
	{

rbmm rbmm