├── LICENSE
├── README.md
├── Ssn-Resolvers.sln
└── Ssn-Resolvers
    ├── EvilbytecodeGate.cpp
    ├── EvilbytecodeGate.h
    ├── GetModuleHandleW_Custom.h
    ├── Guard_CF_Table.cpp
    ├── Guard_CF_Table.h
    ├── Main.cpp
    ├── PEB.h
    ├── Ssn-Resolvers.vcxproj
    ├── Ssn-Resolvers.vcxproj.filters
    ├── Ssn-Resolvers.vcxproj.user
    └── utils.h


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2025 EvilBytecode
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to use the Software for educational and authorized cybersecurity research purposes only, subject to the following conditions:
 7 | 
 8 | The above copyright notice, this permission notice, and the following disclaimer shall be included in all copies or substantial portions of the Software.
 9 | 
10 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS (INCLUDING EvilBytecode) BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
12 | WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE, COPYING, DOWNLOADING, OR OTHER DEALINGS IN THE SOFTWARE.
13 | 
14 | DISCLAIMER: I, EvilBytecode, release this project strictly for educational, academic, and authorized cybersecurity research purposes.  
15 | By accessing, downloading, copying, using, or modifying this software, you agree to these terms.  
16 | You must obtain explicit written permission from system owners before conducting any testing using this software.  
17 | Unauthorized use, distribution, or deployment of this software against any third party, device, network, or system without prior consent is strictly forbidden and illegal.  
18 | I, EvilBytecode, disclaim all responsibility, liability, or consequences arising from any misuse, illegal activities, damages, or losses resulting from this software.


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | # Evilbytecode-Gate
 3 | - https://t.me/+TRYMuOVDiWA4MjM0
 4 | Evilbytecode-Gate provides two mechanisms for resolving System Service Numbers (SSNs) of Windows API functions:
 5 | 1. **Control Flow (CF) Way**: Using the Guard CF Table in `ntdll.dll`.
 6 | 2. **By Parsing NTOSKRNL.EXE**: Resolving SSNs by analyzing the kernel export table.
 7 | 
 8 | ## Features
 9 | - **Guard CF Table Resolution**: Extracts SSNs and function jump addresses from the Guard CF Table in `ntdll.dll`.
10 | - **Kernel Export Parsing**: Analyzes `ntoskrnl.exe` to resolve SSNs for Zw-prefixed system calls.
11 | 
12 | ## How It Works
13 | 1. **Guard CF Table Resolution**:
14 |    - Parses the Guard CF Table in `ntdll.dll` to locate system calls.
15 |    - Uses function RVA (Relative Virtual Address) to match exported Zw-prefixed functions.
16 | 
17 | 2. **Parsing NTOSKRNL.EXE**:
18 |    - Loads `ntoskrnl.exe` and iterates through its export table.
19 |    - Identifies Zw-prefixed functions and parses their prologues to extract SSNs (`MOV EAX, SSN`).
20 | 
21 | ## Finding Zw-Prefixed Functions
22 | You can locate Zw-prefixed functions in `ntoskrnl.exe` using tools like:
23 | - **IDA**: Search for "Zw".
24 | 
25 | Once located, analyze the function prologue to extract the SSN. Look for instructions like:
26 | ```
27 | MOV EAX, <SSN>
28 | SYSCALL
29 | ```
30 | 
31 | ## Example Output
32 | ```
33 | [=== GUARD CF TABLE SSN RESOLVER ===]
34 | NAME                    | Number SSN | JumpAddress
35 | ---------------------------------------------------
36 | ZwAllocateVirtualMemory | 24         | 00007FF9BCF1FA10
37 | ZwWriteVirtualMemory    | 58         | 00007FF9BCF1FE50
38 | ZwProtectVirtualMemory  | 80         | 00007FF9BCF20110
39 | ZwCreateThreadEx        | 201        | 00007FF9BCF21020
40 | 
41 | [=== EVILBYTECODE SSN RESOLVER ===]
42 | NAME                    | SSN
43 | ---------------------------------
44 | ZwAllocateVirtualMemory | 0x18
45 | ZwWriteVirtualMemory    | Not Found
46 | ZwProtectVirtualMemory  | 0x50
47 | ZwCreateThreadEx        | Not Found
48 | ```
49 | 
50 | ## Note
51 | This project is a **Proof of Concept** (PoC) and is not intended for malicious purposes.
52 | EvilbytecodeGate wont get you every SSN, wouldnt really depend on it.
53 | 
54 | 
55 | ## License
56 | This project is licensed under the MIT License. See the LICENSE file for details.


--------------------------------------------------------------------------------
/Ssn-Resolvers.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.12.35527.113 d17.12
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Ssn-Resolvers", "Ssn-Resolvers\Ssn-Resolvers.vcxproj", "{3C5C0199-9EF4-4C5C-AD9C-1DE7F3FBE47F}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{3C5C0199-9EF4-4C5C-AD9C-1DE7F3FBE47F}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{3C5C0199-9EF4-4C5C-AD9C-1DE7F3FBE47F}.Debug|x64.Build.0 = Debug|x64
18 | 		{3C5C0199-9EF4-4C5C-AD9C-1DE7F3FBE47F}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{3C5C0199-9EF4-4C5C-AD9C-1DE7F3FBE47F}.Debug|x86.Build.0 = Debug|Win32
20 | 		{3C5C0199-9EF4-4C5C-AD9C-1DE7F3FBE47F}.Release|x64.ActiveCfg = Release|x64
21 | 		{3C5C0199-9EF4-4C5C-AD9C-1DE7F3FBE47F}.Release|x64.Build.0 = Release|x64
22 | 		{3C5C0199-9EF4-4C5C-AD9C-1DE7F3FBE47F}.Release|x86.ActiveCfg = Release|Win32
23 | 		{3C5C0199-9EF4-4C5C-AD9C-1DE7F3FBE47F}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | EndGlobal
29 | 


--------------------------------------------------------------------------------
/Ssn-Resolvers/EvilbytecodeGate.cpp:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include "EvilbytecodeGate.h"
 3 | #include <iostream>
 4 | #include <unordered_map>
 5 | #include "utils.h"
 6 | 
 7 | Pe ParsePeImage(LPCSTR imageName) {
 8 |     Pe pe;
 9 |     // would recommend workaround on loadlibrarya theres repos for it, but im not trying to make this really evasive, as its stands for PoC
10 |     HMODULE hModule = LoadLibraryA(imageName);
11 |     if (!hModule) {
12 |         std::cerr << "Failed to load module: " << imageName << std::endl;
13 |         return pe;
14 |     }
15 | 
16 |     pe.ImageBase = hModule;
17 |     pe.DosHeader = (PIMAGE_DOS_HEADER)hModule;
18 |     pe.NtHeaders = (PIMAGE_NT_HEADERS)((DWORD_PTR)hModule + pe.DosHeader->e_lfanew);
19 |     pe.OptionalHeader = pe.NtHeaders->OptionalHeader;
20 |     pe.FileHeader = pe.NtHeaders->FileHeader;
21 | 
22 |     pe.ImportDescriptor = (PIMAGE_IMPORT_DESCRIPTOR)(
23 |         (DWORD_PTR)hModule + pe.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
24 |     pe.ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)(
25 |         (DWORD_PTR)hModule + pe.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
26 | 
27 |     return pe;
28 | }
29 | 
30 | DWORD GetSSN(PBYTE fnAddr) {
31 |     for (WORD offset = 0;; offset++) {
32 |         if (fnAddr[offset] == 0xE9) return NULL; // JMP detected
33 |         if (fnAddr[offset] == 0xB8) return *(PDWORD)(fnAddr + offset + 1); // MOV EAX, SSN
34 |     }
35 | }
36 | 
37 | std::vector<SystemCall> GetSystemCalls() {
38 |     std::vector<SystemCall> systemCalls;
39 | 
40 |     Pe peImage = ParsePeImage("ntoskrnl.exe");
41 | 
42 |     auto exportDirectory = peImage.ExportDirectory;
43 |     auto peBase = (DWORD_PTR)peImage.ImageBase;
44 | 
45 |     PDWORD funcNames = (PDWORD)(peBase + exportDirectory->AddressOfNames);
46 |     PDWORD funcAddrs = (PDWORD)(peBase + exportDirectory->AddressOfFunctions);
47 |     PWORD funcNameOrds = (PWORD)(peBase + exportDirectory->AddressOfNameOrdinals);
48 | 
49 |     for (size_t i = 0; i < exportDirectory->NumberOfFunctions; i++) {
50 |         LPCSTR fnName = (LPCSTR)(peBase + funcNames[i]);
51 |         WORD fnOrd = (WORD)(funcNameOrds[i]);
52 |         DWORD fnRva = (DWORD)(funcAddrs[fnOrd]);
53 | 
54 |         PBYTE fnAddr = (PBYTE)(peBase + fnRva);
55 | 
56 |         if (!_strnicmp(fnName, "Zw", 2)) {
57 |             DWORD ssn = GetSSN(fnAddr);
58 |             systemCalls.push_back({ fnName, ssn });
59 |         }
60 |     }
61 | 
62 |     return systemCalls;
63 | }
64 | 
65 | SystemCall LookUpByHash(DWORD64 hash, const std::unordered_map<DWORD64, SystemCall>& systemCallMap) {
66 |     auto it = systemCallMap.find(hash);
67 |     if (it != systemCallMap.end()) {
68 |         return it->second;
69 |     }
70 |     return { nullptr, 0 };
71 | }
72 | 
73 | void Evilbytecode_SSN_Resolver(const std::vector<std::string>& functionNames) {
74 |     auto systemCalls = GetSystemCalls();
75 | 
76 |     std::unordered_map<DWORD64, SystemCall> systemCallMap;
77 |     for (const auto& systemCall : systemCalls) {
78 |         DWORD64 hash = djb2((PBYTE)systemCall.fnName);
79 |         systemCallMap[hash] = systemCall;
80 |     }
81 | 
82 |     std::cout << "\n[=== EVILBYTECODE SSN RESOLVER ===]\n";
83 |     std::cout << "NAME | SSN \n";
84 |     std::cout << "-----------------------------------\n";
85 | 
86 |     for (const auto& fnName : functionNames) {
87 |         DWORD64 hash = djb2((PBYTE)fnName.c_str());
88 |         auto it = systemCallMap.find(hash);
89 | 
90 |         if (it != systemCallMap.end()) {
91 |             const auto& result = it->second;
92 |             std::cout << fnName << " | 0x" << std::hex << result.Ssn << std::dec << "\n";
93 |         }
94 |         else {
95 |             std::cout << fnName << " | Not Found\n";
96 |         }
97 |     }
98 | }
99 | 


--------------------------------------------------------------------------------
/Ssn-Resolvers/EvilbytecodeGate.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #ifndef EVILBYTECODE_GATE_H
 3 | #define EVILBYTECODE_GATE_H
 4 | 
 5 | #include <windows.h>
 6 | #include <string>
 7 | #include <vector>
 8 | 
 9 | // Define SystemCall structure
10 | struct SystemCall {
11 |     LPCSTR fnName;
12 |     DWORD Ssn;
13 | };
14 | 
15 | // Define the PE parser class
16 | class Pe {
17 | public:
18 |     PVOID ImageBase;
19 |     PIMAGE_DOS_HEADER DosHeader;
20 |     PIMAGE_NT_HEADERS NtHeaders;
21 |     IMAGE_OPTIONAL_HEADER OptionalHeader;
22 |     IMAGE_FILE_HEADER FileHeader;
23 | 
24 |     PIMAGE_IMPORT_DESCRIPTOR ImportDescriptor;
25 |     PIMAGE_EXPORT_DIRECTORY ExportDirectory;
26 | };
27 | 
28 | // Function prototypes
29 | Pe ParsePeImage(LPCSTR imageName);
30 | std::vector<SystemCall> GetSystemCalls();
31 | void Evilbytecode_SSN_Resolver(const std::vector<std::string>& functionNames);
32 | 
33 | #endif // EVILBYTECODE_GATE_H
34 | 


--------------------------------------------------------------------------------
/Ssn-Resolvers/GetModuleHandleW_Custom.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | //       --------------------------------------------------
 3 | //       │ Author     : Evilbytecode                      │
 4 | //       │ Name       : Evilbytecode-EDR/XDR/AV-SHC-LOADER│
 5 | //       │ Contact    : https://github.com/Evilbytecode   │
 6 | //       --------------------------------------------------
 7 | //       This program is distributed for educational purposes only.
 8 | 
 9 | #include <windows.h>
10 | #include "peb.h"
11 | #include <wchar.h>
12 | 
13 | #ifndef CONTAINING_RECORD
14 | #define CONTAINING_RECORD(address, type, field) ((type *)((LPBYTE)(address) - (ULONG_PTR)(&((type *)0)->field)))
15 | #endif
16 | 
17 | wchar_t* extractor(LPCWSTR str1) {
18 |     static wchar_t dll_str[50];
19 |     int len = wcslen(str1);
20 |     int loop_to = len + 1;
21 |     int loop_from = 0;
22 |     for (int i = len - 1; i >= 0; i--) {
23 |         if (str1[i] == L'\\') {
24 |             loop_from = i + 1;
25 |             break;
26 |         }
27 |     }
28 |     int incre = 0;
29 |     for (int j = loop_from; j < loop_to; j++) {
30 |         dll_str[incre++] = str1[j];
31 |     }
32 |     dll_str[incre] = L'\0';
33 |     return dll_str;
34 | }
35 | 
36 | HMODULE Custom_GetModuleHandleW(LPCWSTR dllName) {
37 | #ifdef _WIN64
38 |     PPEB PEB_pointer = (PEB*)__readgsqword(0x60);
39 | #elif _WIN32
40 |     PPEB PEB_pointer = (PEB*)__readfsdword(0x30);
41 | #endif
42 |     PPEB_LDR_DATA Ldr_pointer = PEB_pointer->LoaderData;
43 |     PLIST_ENTRY head = &(Ldr_pointer->InMemoryOrderModuleList);
44 |     PLIST_ENTRY current_Poisition = head->Flink;
45 |     while (current_Poisition != head) {
46 |         PLDR_DATA_TABLE_ENTRY module = CONTAINING_RECORD(current_Poisition, LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks);
47 | 
48 |         if (module->FullDllName.Length != 0) {
49 |             if (_wcsicmp(extractor(module->FullDllName.Buffer), dllName) == 0) {
50 |                 return (HMODULE)module->DllBase;
51 |             }
52 |         }
53 |         else {
54 |             break;
55 |         }
56 |         current_Poisition = current_Poisition->Flink;
57 |     }
58 |     return NULL;
59 | }


--------------------------------------------------------------------------------
/Ssn-Resolvers/Guard_CF_Table.cpp:
--------------------------------------------------------------------------------
 1 | #include "Guard_CF_Table.h"
 2 | #include "utils.h"
 3 | #include "GetModuleHandleW_Custom.h"
 4 | #pragma pack(1)
 5 | typedef struct _IMAGE_CFG_ENTRY {
 6 |     DWORD Rva;
 7 |     struct {
 8 |         BOOLEAN SuppressedCall : 1;
 9 |         BOOLEAN ExportSuppressed : 1;
10 |         BOOLEAN LangExcptHandler : 1;
11 |         BOOLEAN Xfg : 1;
12 |         BOOLEAN Reserved : 4;
13 |     } Flags;
14 | } IMAGE_CFG_ENTRY, * PIMAGE_CFG_ENTRY;
15 | 
16 | 
17 | std::vector<GuardTableEntry> GetAllGuardEntries() {
18 |     auto peBase = (DWORD_PTR)Custom_GetModuleHandleW(L"ntdll.dll");
19 |     PIMAGE_DOS_HEADER dosHdr = (PIMAGE_DOS_HEADER)peBase;
20 |     PIMAGE_NT_HEADERS ntHdrs = (PIMAGE_NT_HEADERS)(peBase + dosHdr->e_lfanew);
21 |     IMAGE_OPTIONAL_HEADER optHdr = ntHdrs->OptionalHeader;
22 |     PIMAGE_LOAD_CONFIG_DIRECTORY loadConfigDir = (PIMAGE_LOAD_CONFIG_DIRECTORY)(peBase + optHdr.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress);
23 |     PIMAGE_EXPORT_DIRECTORY expDir = (PIMAGE_EXPORT_DIRECTORY)(peBase + optHdr.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
24 |     PDWORD addrOfNames = (PDWORD)(peBase + expDir->AddressOfNames);
25 |     PDWORD addrOfFuncs = (PDWORD)(peBase + expDir->AddressOfFunctions);
26 |     PWORD addrOfOrds = (PWORD)(peBase + expDir->AddressOfNameOrdinals);
27 |     PIMAGE_CFG_ENTRY gcfTable = (PIMAGE_CFG_ENTRY)loadConfigDir->GuardCFFunctionTable;
28 | 
29 |     int x = 0, ssn = 0;
30 |     std::vector<GuardTableEntry> systemCalls;
31 | 
32 |     while (gcfTable[x].Rva != NULL) {
33 |         DWORD gfRva = gcfTable[x].Rva;
34 |         for (size_t i = 0; i < expDir->NumberOfFunctions; i++) {
35 |             LPCSTR fnName = (LPCSTR)(peBase + addrOfNames[i]);
36 |             WORD fnOrd = (WORD)(addrOfOrds[i]);
37 |             DWORD fnRva = (DWORD)(addrOfFuncs[fnOrd]);
38 |             if (strncmp(fnName, "Zw", 2) == 0 && fnRva == gfRva) {
39 |                 systemCalls.push_back(
40 |                     GuardTableEntry{
41 |                         djb2((PBYTE)fnName),
42 |                         (WORD)ssn,
43 |                         (PVOID)((DWORD_PTR)peBase + fnRva)
44 |                     });
45 |                 ssn++;
46 |                 break;
47 |             }
48 |         }
49 |         x++;
50 |     }
51 |     return systemCalls;
52 | }
53 | 
54 | GuardTableEntry LookUpByHash(DWORD64 dwHash, const std::vector<GuardTableEntry>& entries) {
55 |     for (const auto& entry : entries) {
56 |         if (entry.dwHash == dwHash) {
57 |             return entry;
58 |         }
59 |     }
60 |     return GuardTableEntry{ 0 };
61 | }
62 | 
63 | void GuardCF_SSN_Resolver(const std::vector<std::string>& functionNames) {
64 |     auto entries = GetAllGuardEntries();
65 | 
66 |     std::cout << "[=== GUARD CF TABLE SSN RESOLVER ===]\n";
67 |     std::cout << "NAME | Number SSN | JumpAddress\n";
68 |     std::cout << "-----------------------------------\n";
69 | 
70 |     for (const auto& functionName : functionNames) {
71 |         DWORD64 hash = djb2((PBYTE)functionName.c_str());
72 |         auto entry = LookUpByHash(hash, entries);
73 | 
74 |         if (entry.wSystemCall != 0) {
75 |             std::cout << functionName << " | " << entry.wSystemCall << " | " << entry.functionAddress << "\n";
76 |         }
77 |         else {
78 |             std::cout << functionName << " | Not Found\n";
79 |         }
80 |     }
81 | }
82 | 


--------------------------------------------------------------------------------
/Ssn-Resolvers/Guard_CF_Table.h:
--------------------------------------------------------------------------------
 1 | #ifndef GUARD_CF_TABLE_H
 2 | #define GUARD_CF_TABLE_H
 3 | 
 4 | #include <windows.h>
 5 | #include <vector>
 6 | #include <string>
 7 | #include <iostream>
 8 | 
 9 | struct GuardTableEntry {
10 |     DWORD64 dwHash;
11 |     WORD wSystemCall;
12 |     PVOID functionAddress;
13 | };
14 | 
15 | std::vector<GuardTableEntry> GetAllGuardEntries();
16 | GuardTableEntry LookUpByHash(DWORD64 dwHash, const std::vector<GuardTableEntry>& entries);
17 | void GuardCF_SSN_Resolver(const std::vector<std::string>& functionNames);
18 | 
19 | #endif // GUARD_CF_TABLE_H
20 | 


--------------------------------------------------------------------------------
/Ssn-Resolvers/Main.cpp:
--------------------------------------------------------------------------------
 1 | #include "Guard_CF_Table.h"
 2 | #include "EvilbytecodeGate.h"
 3 | 
 4 | int main() {
 5 |     std::vector<std::string> guardcfssnsnames = {
 6 |         "ZwAllocateVirtualMemory",
 7 |         "ZwWriteVirtualMemory",
 8 |         "ZwProtectVirtualMemory",
 9 |         "ZwCreateThreadEx"
10 |     };
11 | 
12 |     GuardCF_SSN_Resolver(guardcfssnsnames);
13 |     Evilbytecode_SSN_Resolver(guardcfssnsnames);
14 |     return 0;
15 | }
16 | 


--------------------------------------------------------------------------------
/Ssn-Resolvers/PEB.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #pragma once
  3 | #include <Windows.h>
  4 | typedef struct _LSA_UNICODE_STRING {
  5 | 	USHORT Length;
  6 | 	USHORT MaximumLength;
  7 | 	PWSTR  Buffer;
  8 | } LSA_UNICODE_STRING, * PLSA_UNICODE_STRING, UNICODE_STRING, * PUNICODE_STRING, * PUNICODE_STR;
  9 | 
 10 | typedef struct _LDR_MODULE {
 11 | 	LIST_ENTRY              InLoadOrderModuleList;
 12 | 	LIST_ENTRY              InMemoryOrderModuleList;
 13 | 	LIST_ENTRY              InInitializationOrderModuleList;
 14 | 	PVOID                   BaseAddress;
 15 | 	PVOID                   EntryPoint;
 16 | 	ULONG                   SizeOfImage;
 17 | 	UNICODE_STRING          FullDllName;
 18 | 	UNICODE_STRING          BaseDllName;
 19 | 	ULONG                   Flags;
 20 | 	SHORT                   LoadCount;
 21 | 	SHORT                   TlsIndex;
 22 | 	LIST_ENTRY              HashTableEntry;
 23 | 	ULONG                   TimeDateStamp;
 24 | } LDR_MODULE, * PLDR_MODULE;
 25 | 
 26 | typedef struct _PEB_LDR_DATA {
 27 | 	ULONG                   Length;
 28 | 	ULONG                   Initialized;
 29 | 	PVOID                   SsHandle;
 30 | 	LIST_ENTRY              InLoadOrderModuleList;
 31 | 	LIST_ENTRY              InMemoryOrderModuleList;
 32 | 	LIST_ENTRY              InInitializationOrderModuleList;
 33 | } PEB_LDR_DATA, * PPEB_LDR_DATA;
 34 | 
 35 | typedef struct _PEB {
 36 | 	BOOLEAN                 InheritedAddressSpace;
 37 | 	BOOLEAN                 ReadImageFileExecOptions;
 38 | 	BOOLEAN                 BeingDebugged;
 39 | 	BOOLEAN                 Spare;
 40 | 	HANDLE                  Mutant;
 41 | 	PVOID                   ImageBase;
 42 | 	PPEB_LDR_DATA           LoaderData;
 43 | 	PVOID                   ProcessParameters;
 44 | 	PVOID                   SubSystemData;
 45 | 	PVOID                   ProcessHeap;
 46 | 	PVOID                   FastPebLock;
 47 | 	PVOID                   FastPebLockRoutine;
 48 | 	PVOID                   FastPebUnlockRoutine;
 49 | 	ULONG                   EnvironmentUpdateCount;
 50 | 	PVOID* KernelCallbackTable;
 51 | 	PVOID                   EventLogSection;
 52 | 	PVOID                   EventLog;
 53 | 	PVOID                   FreeList;
 54 | 	ULONG                   TlsExpansionCounter;
 55 | 	PVOID                   TlsBitmap;
 56 | 	ULONG                   TlsBitmapBits[0x2];
 57 | 	PVOID                   ReadOnlySharedMemoryBase;
 58 | 	PVOID                   ReadOnlySharedMemoryHeap;
 59 | 	PVOID* ReadOnlyStaticServerData;
 60 | 	PVOID                   AnsiCodePageData;
 61 | 	PVOID                   OemCodePageData;
 62 | 	PVOID                   UnicodeCaseTableData;
 63 | 	ULONG                   NumberOfProcessors;
 64 | 	ULONG                   NtGlobalFlag;
 65 | 	BYTE                    Spare2[0x4];
 66 | 	LARGE_INTEGER           CriticalSectionTimeout;
 67 | 	ULONG                   HeapSegmentReserve;
 68 | 	ULONG                   HeapSegmentCommit;
 69 | 	ULONG                   HeapDeCommitTotalFreeThreshold;
 70 | 	ULONG                   HeapDeCommitFreeBlockThreshold;
 71 | 	ULONG                   NumberOfHeaps;
 72 | 	ULONG                   MaximumNumberOfHeaps;
 73 | 	PVOID** ProcessHeaps;
 74 | 	PVOID                   GdiSharedHandleTable;
 75 | 	PVOID                   ProcessStarterHelper;
 76 | 	PVOID                   GdiDCAttributeList;
 77 | 	PVOID                   LoaderLock;
 78 | 	ULONG                   OSMajorVersion;
 79 | 	ULONG                   OSMinorVersion;
 80 | 	ULONG                   OSBuildNumber;
 81 | 	ULONG                   OSPlatformId;
 82 | 	ULONG                   ImageSubSystem;
 83 | 	ULONG                   ImageSubSystemMajorVersion;
 84 | 	ULONG                   ImageSubSystemMinorVersion;
 85 | 	ULONG                   GdiHandleBuffer[0x22];
 86 | 	ULONG                   PostProcessInitRoutine;
 87 | 	ULONG                   TlsExpansionBitmap;
 88 | 	BYTE                    TlsExpansionBitmapBits[0x80];
 89 | 	ULONG                   SessionId;
 90 | } PEB, * PPEB;
 91 | 
 92 | typedef struct __CLIENT_ID {
 93 | 	HANDLE UniqueProcess;
 94 | 	HANDLE UniqueThread;
 95 | } CLIENT_ID, * PCLIENT_ID;
 96 | 
 97 | typedef struct _TEB_ACTIVE_FRAME_CONTEXT {
 98 | 	ULONG Flags;
 99 | 	PCHAR FrameName;
100 | } TEB_ACTIVE_FRAME_CONTEXT, * PTEB_ACTIVE_FRAME_CONTEXT;
101 | 
102 | typedef struct _TEB_ACTIVE_FRAME {
103 | 	ULONG Flags;
104 | 	struct _TEB_ACTIVE_FRAME* Previous;
105 | 	PTEB_ACTIVE_FRAME_CONTEXT Context;
106 | } TEB_ACTIVE_FRAME, * PTEB_ACTIVE_FRAME;
107 | 
108 | typedef struct _GDI_TEB_BATCH {
109 | 	ULONG Offset;
110 | 	ULONG HDC;
111 | 	ULONG Buffer[310];
112 | } GDI_TEB_BATCH, * PGDI_TEB_BATCH;
113 | 
114 | typedef PVOID PACTIVATION_CONTEXT;
115 | 
116 | typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME {
117 | 	struct __RTL_ACTIVATION_CONTEXT_STACK_FRAME* Previous;
118 | 	PACTIVATION_CONTEXT ActivationContext;
119 | 	ULONG Flags;
120 | } RTL_ACTIVATION_CONTEXT_STACK_FRAME, * PRTL_ACTIVATION_CONTEXT_STACK_FRAME;
121 | 
122 | typedef struct _ACTIVATION_CONTEXT_STACK {
123 | 	PRTL_ACTIVATION_CONTEXT_STACK_FRAME ActiveFrame;
124 | 	LIST_ENTRY FrameListCache;
125 | 	ULONG Flags;
126 | 	ULONG NextCookieSequenceNumber;
127 | 	ULONG StackId;
128 | } ACTIVATION_CONTEXT_STACK, * PACTIVATION_CONTEXT_STACK;
129 | 
130 | typedef struct _TEB {
131 | 	NT_TIB				NtTib;
132 | 	PVOID				EnvironmentPointer;
133 | 	CLIENT_ID			ClientId;
134 | 	PVOID				ActiveRpcHandle;
135 | 	PVOID				ThreadLocalStoragePointer;
136 | 	PPEB				ProcessEnvironmentBlock;
137 | 	ULONG               LastErrorValue;
138 | 	ULONG               CountOfOwnedCriticalSections;
139 | 	PVOID				CsrClientThread;
140 | 	PVOID				Win32ThreadInfo;
141 | 	ULONG               User32Reserved[26];
142 | 	ULONG               UserReserved[5];
143 | 	PVOID				WOW32Reserved;
144 | 	LCID                CurrentLocale;
145 | 	ULONG               FpSoftwareStatusRegister;
146 | 	PVOID				SystemReserved1[54];
147 | 	LONG                ExceptionCode;
148 | #if (NTDDI_VERSION >= NTDDI_LONGHORN)
149 | 	PACTIVATION_CONTEXT_STACK* ActivationContextStackPointer;
150 | 	UCHAR                  SpareBytes1[0x30 - 3 * sizeof(PVOID)];
151 | 	ULONG                  TxFsContext;
152 | #elif (NTDDI_VERSION >= NTDDI_WS03)
153 | 	PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;
154 | 	UCHAR                  SpareBytes1[0x34 - 3 * sizeof(PVOID)];
155 | #else
156 | 	ACTIVATION_CONTEXT_STACK ActivationContextStack;
157 | 	UCHAR                  SpareBytes1[24];
158 | #endif
159 | 	GDI_TEB_BATCH			GdiTebBatch;
160 | 	CLIENT_ID				RealClientId;
161 | 	PVOID					GdiCachedProcessHandle;
162 | 	ULONG                   GdiClientPID;
163 | 	ULONG                   GdiClientTID;
164 | 	PVOID					GdiThreadLocalInfo;
165 | 	PSIZE_T					Win32ClientInfo[62];
166 | 	PVOID					glDispatchTable[233];
167 | 	PSIZE_T					glReserved1[29];
168 | 	PVOID					glReserved2;
169 | 	PVOID					glSectionInfo;
170 | 	PVOID					glSection;
171 | 	PVOID					glTable;
172 | 	PVOID					glCurrentRC;
173 | 	PVOID					glContext;
174 | 	NTSTATUS                LastStatusValue;
175 | 	UNICODE_STRING			StaticUnicodeString;
176 | 	WCHAR                   StaticUnicodeBuffer[261];
177 | 	PVOID					DeallocationStack;
178 | 	PVOID					TlsSlots[64];
179 | 	LIST_ENTRY				TlsLinks;
180 | 	PVOID					Vdm;
181 | 	PVOID					ReservedForNtRpc;
182 | 	PVOID					DbgSsReserved[2];
183 | #if (NTDDI_VERSION >= NTDDI_WS03) // THIS IS LOWER VER WIN SHIT
184 | 	ULONG                   HardErrorMode;
185 | #else
186 | 	ULONG                  HardErrorsAreDisabled;
187 | #endif
188 | #if (NTDDI_VERSION >= NTDDI_LONGHORN)
189 | 	PVOID					Instrumentation[13 - sizeof(GUID) / sizeof(PVOID)];
190 | 	GUID                    ActivityId;
191 | 	PVOID					SubProcessTag;
192 | 	PVOID					EtwLocalData;
193 | 	PVOID					EtwTraceData;
194 | #elif (NTDDI_VERSION >= NTDDI_WS03)
195 | 	PVOID					Instrumentation[14];
196 | 	PVOID					SubProcessTag;
197 | 	PVOID					EtwLocalData;
198 | #else
199 | 	PVOID					Instrumentation[16];
200 | #endif
201 | 	PVOID					WinSockData;
202 | 	ULONG					GdiBatchCount;
203 | #if (NTDDI_VERSION >= NTDDI_LONGHORN)
204 | 	BOOLEAN                SpareBool0;
205 | 	BOOLEAN                SpareBool1;
206 | 	BOOLEAN                SpareBool2;
207 | #else
208 | 	BOOLEAN                InDbgPrint;
209 | 	BOOLEAN                FreeStackOnTermination;
210 | 	BOOLEAN                HasFiberData;
211 | #endif
212 | 	UCHAR                  IdealProcessor;
213 | #if (NTDDI_VERSION >= NTDDI_WS03)
214 | 	ULONG                  GuaranteedStackBytes;
215 | #else
216 | 	ULONG                  Spare3;
217 | #endif
218 | 	PVOID				   ReservedForPerf;
219 | 	PVOID				   ReservedForOle;
220 | 	ULONG                  WaitingOnLoaderLock;
221 | #if (NTDDI_VERSION >= NTDDI_LONGHORN)
222 | 	PVOID				   SavedPriorityState;
223 | 	ULONG_PTR			   SoftPatchPtr1;
224 | 	ULONG_PTR			   ThreadPoolData;
225 | #elif (NTDDI_VERSION >= NTDDI_WS03)
226 | 	ULONG_PTR			   SparePointer1;
227 | 	ULONG_PTR              SoftPatchPtr1;
228 | 	ULONG_PTR              SoftPatchPtr2;
229 | #else
230 | 	Wx86ThreadState        Wx86Thread;
231 | #endif
232 | 	PVOID* TlsExpansionSlots;
233 | #if defined(_WIN64) && !defined(EXPLICIT_32BIT)
234 | 	PVOID                  DeallocationBStore;
235 | 	PVOID                  BStoreLimit;
236 | #endif
237 | 	ULONG                  ImpersonationLocale;
238 | 	ULONG                  IsImpersonating;
239 | 	PVOID                  NlsCache;
240 | 	PVOID                  pShimData;
241 | 	ULONG                  HeapVirtualAffinity;
242 | 	HANDLE                 CurrentTransactionHandle;
243 | 	PTEB_ACTIVE_FRAME      ActiveFrame;
244 | #if (NTDDI_VERSION >= NTDDI_WS03)
245 | 	PVOID FlsData;
246 | #endif
247 | #if (NTDDI_VERSION >= NTDDI_LONGHORN)
248 | 	PVOID PreferredLangauges;
249 | 	PVOID UserPrefLanguages;
250 | 	PVOID MergedPrefLanguages;
251 | 	ULONG MuiImpersonation;
252 | 	union
253 | 	{
254 | 		struct
255 | 		{
256 | 			USHORT SpareCrossTebFlags : 16;
257 | 		};
258 | 		USHORT CrossTebFlags;
259 | 	};
260 | 	union
261 | 	{
262 | 		struct
263 | 		{
264 | 			USHORT DbgSafeThunkCall : 1;
265 | 			USHORT DbgInDebugPrint : 1;
266 | 			USHORT DbgHasFiberData : 1;
267 | 			USHORT DbgSkipThreadAttach : 1;
268 | 			USHORT DbgWerInShipAssertCode : 1;
269 | 			USHORT DbgIssuedInitialBp : 1;
270 | 			USHORT DbgClonedThread : 1;
271 | 			USHORT SpareSameTebBits : 9;
272 | 		};
273 | 		USHORT SameTebFlags;
274 | 	};
275 | 	PVOID TxnScopeEntercallback;
276 | 	PVOID TxnScopeExitCAllback;
277 | 	PVOID TxnScopeContext;
278 | 	ULONG LockCount;
279 | 	ULONG ProcessRundown;
280 | 	ULONG64 LastSwitchTime;
281 | 	ULONG64 TotalSwitchOutTime;
282 | 	LARGE_INTEGER WaitReasonBitMap;
283 | #else
284 | 	BOOLEAN SafeThunkCall;
285 | 	BOOLEAN BooleanSpare[3];
286 | #endif
287 | } TEB, * PTEB;
288 | 
289 | typedef struct _LDR_DATA_TABLE_ENTRY {
290 | 	LIST_ENTRY InLoadOrderLinks;
291 | 	LIST_ENTRY InMemoryOrderLinks;
292 | 	LIST_ENTRY InInitializationOrderLinks;
293 | 	PVOID DllBase;
294 | 	PVOID EntryPoint;
295 | 	ULONG SizeOfImage;
296 | 	UNICODE_STRING FullDllName;
297 | 	UNICODE_STRING BaseDllName;
298 | 	ULONG Flags;
299 | 	WORD LoadCount;
300 | 	WORD TlsIndex;
301 | 	union {
302 | 		LIST_ENTRY HashLinks;
303 | 		struct {
304 | 			PVOID SectionPointer;
305 | 			ULONG CheckSum;
306 | 		};
307 | 	};
308 | 	union {
309 | 		ULONG TimeDateStamp;
310 | 		PVOID LoadedImports;
311 | 	};
312 | 	PACTIVATION_CONTEXT EntryPointActivationContext;
313 | 	PVOID PatchInformation;
314 | 	LIST_ENTRY ForwarderLinks;
315 | 	LIST_ENTRY ServiceTagLinks;
316 | 	LIST_ENTRY StaticLinks;
317 | } LDR_DATA_TABLE_ENTRY, * PLDR_DATA_TABLE_ENTRY;
318 | 
319 | typedef struct _OBJECT_ATTRIBUTES {
320 | 	ULONG Length;
321 | 	PVOID RootDirectory;
322 | 	PUNICODE_STRING ObjectName;
323 | 	ULONG Attributes;
324 | 	PVOID SecurityDescriptor;
325 | 	PVOID SecurityQualityOfService;
326 | } OBJECT_ATTRIBUTES, * POBJECT_ATTRIBUTES;
327 | 
328 | typedef struct _INITIAL_TEB {
329 | 	PVOID                StackBase;
330 | 	PVOID                StackLimit;
331 | 	PVOID                StackCommit;
332 | 	PVOID                StackCommitMax;
333 | 	PVOID                StackReserved;
334 | } INITIAL_TEB, * PINITIAL_TEB;


--------------------------------------------------------------------------------
/Ssn-Resolvers/Ssn-Resolvers.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>17.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{3c5c0199-9ef4-4c5c-ad9c-1de7f3fbe47f}</ProjectGuid>
 25 |     <RootNamespace>SsnResolvers</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v143</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v143</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <ClCompile>
 75 |       <WarningLevel>Level3</WarningLevel>
 76 |       <SDLCheck>true</SDLCheck>
 77 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 78 |       <ConformanceMode>true</ConformanceMode>
 79 |     </ClCompile>
 80 |     <Link>
 81 |       <SubSystem>Console</SubSystem>
 82 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 83 |     </Link>
 84 |   </ItemDefinitionGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 89 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 90 |       <SDLCheck>true</SDLCheck>
 91 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 92 |       <ConformanceMode>true</ConformanceMode>
 93 |     </ClCompile>
 94 |     <Link>
 95 |       <SubSystem>Console</SubSystem>
 96 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 97 |       <OptimizeReferences>true</OptimizeReferences>
 98 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 99 |     </Link>
100 |   </ItemDefinitionGroup>
101 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
102 |     <ClCompile>
103 |       <WarningLevel>Level3</WarningLevel>
104 |       <SDLCheck>true</SDLCheck>
105 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
106 |       <ConformanceMode>true</ConformanceMode>
107 |     </ClCompile>
108 |     <Link>
109 |       <SubSystem>Console</SubSystem>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <FunctionLevelLinking>true</FunctionLevelLinking>
117 |       <IntrinsicFunctions>true</IntrinsicFunctions>
118 |       <SDLCheck>true</SDLCheck>
119 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
120 |       <ConformanceMode>true</ConformanceMode>
121 |     </ClCompile>
122 |     <Link>
123 |       <SubSystem>Console</SubSystem>
124 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
125 |       <OptimizeReferences>true</OptimizeReferences>
126 |       <GenerateDebugInformation>true</GenerateDebugInformation>
127 |     </Link>
128 |   </ItemDefinitionGroup>
129 |   <ItemGroup>
130 |     <ClCompile Include="EvilbytecodeGate.cpp" />
131 |     <ClCompile Include="Guard_CF_Table.cpp" />
132 |     <ClCompile Include="Main.cpp" />
133 |   </ItemGroup>
134 |   <ItemGroup>
135 |     <ClInclude Include="EvilbytecodeGate.h" />
136 |     <ClInclude Include="GetModuleHandleW_Custom.h" />
137 |     <ClInclude Include="Guard_CF_Table.h" />
138 |     <ClInclude Include="PEB.h" />
139 |     <ClInclude Include="utils.h" />
140 |   </ItemGroup>
141 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
142 |   <ImportGroup Label="ExtensionTargets">
143 |   </ImportGroup>
144 | </Project>


--------------------------------------------------------------------------------
/Ssn-Resolvers/Ssn-Resolvers.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Header Files">
 5 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
 6 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Resource Files">
 9 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
10 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
11 |     </Filter>
12 |     <Filter Include="Source Files">
13 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
14 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="Main.cpp">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |     <ClCompile Include="Guard_CF_Table.cpp">
22 |       <Filter>Source Files</Filter>
23 |     </ClCompile>
24 |     <ClCompile Include="EvilbytecodeGate.cpp">
25 |       <Filter>Source Files</Filter>
26 |     </ClCompile>
27 |   </ItemGroup>
28 |   <ItemGroup>
29 |     <ClInclude Include="GetModuleHandleW_Custom.h">
30 |       <Filter>Header Files</Filter>
31 |     </ClInclude>
32 |     <ClInclude Include="PEB.h">
33 |       <Filter>Header Files</Filter>
34 |     </ClInclude>
35 |     <ClInclude Include="Guard_CF_Table.h">
36 |       <Filter>Header Files</Filter>
37 |     </ClInclude>
38 |     <ClInclude Include="EvilbytecodeGate.h">
39 |       <Filter>Header Files</Filter>
40 |     </ClInclude>
41 |     <ClInclude Include="utils.h">
42 |       <Filter>Header Files</Filter>
43 |     </ClInclude>
44 |   </ItemGroup>
45 | </Project>


--------------------------------------------------------------------------------
/Ssn-Resolvers/Ssn-Resolvers.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/Ssn-Resolvers/utils.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #ifndef UTILS_H
 3 | #define UTILS_H
 4 | 
 5 | #include <cstdint>
 6 | 
 7 | inline uint64_t djb2(const uint8_t* str) {
 8 |     uint64_t dwHash = 0x7734773477347734;
 9 |     int c;
10 |     while ((c = *str++)) {
11 |         dwHash = ((dwHash << 5) + dwHash) + c;
12 |     }
13 |     return dwHash;
14 | }
15 | 
16 | #endif 
17 | 


--------------------------------------------------------------------------------