├── LoadDriverDebugProcess
├── Apps
│ ├── ImmunityDebugger
│ │ ├── ChildFrm.cpp
│ │ ├── ChildFrm.h
│ │ ├── ImmunityDebugger.aps
│ │ ├── ImmunityDebugger.cpp
│ │ ├── ImmunityDebugger.h
│ │ ├── ImmunityDebugger.rc
│ │ ├── ImmunityDebugger.vcproj
│ │ ├── ImmunityDebugger.vcproj.Pablo-PC.Pablo.user
│ │ ├── ImmunityDebuggerDoc.cpp
│ │ ├── ImmunityDebuggerDoc.h
│ │ ├── ImmunityDebuggerView.cpp
│ │ ├── ImmunityDebuggerView.h
│ │ ├── LeftView.cpp
│ │ ├── LeftView.h
│ │ ├── MainFrm.cpp
│ │ ├── MainFrm.h
│ │ ├── NewView.cpp
│ │ ├── NewView.h
│ │ ├── ReadMe.txt
│ │ ├── Resource.h
│ │ ├── res
│ │ │ ├── ImmunityDebugger.ico
│ │ │ ├── ImmunityDebugger.rc2
│ │ │ ├── ImmunityDebuggerDoc.ico
│ │ │ └── Toolbar.bmp
│ │ ├── stdafx.cpp
│ │ ├── stdafx.h
│ │ └── targetver.h
│ ├── OLLYDBG
│ │ ├── OLLYDBG.APS
│ │ ├── OLLYDBG.cpp
│ │ ├── OLLYDBG.h
│ │ ├── OLLYDBG.ico
│ │ ├── OLLYDBG.rc
│ │ ├── OLLYDBG.vcproj
│ │ ├── OLLYDBG.vcproj.Pablo-PC.Pablo.user
│ │ ├── ReadMe.txt
│ │ ├── resource.h
│ │ ├── small.ico
│ │ ├── stdafx.cpp
│ │ ├── stdafx.h
│ │ └── targetver.h
│ ├── Procmon
│ │ ├── Procmon.aps
│ │ ├── Procmon.cpp
│ │ ├── Procmon.h
│ │ ├── Procmon.ico
│ │ ├── Procmon.rc
│ │ ├── Procmon.vcproj
│ │ ├── Procmon.vcproj.Pablo-PC.Pablo.user
│ │ ├── ReadMe.txt
│ │ ├── Resource.h
│ │ ├── small.ico
│ │ ├── stdafx.cpp
│ │ ├── stdafx.h
│ │ └── targetver.h
│ ├── Wireshark
│ │ ├── ReadMe.txt
│ │ ├── Resource.h
│ │ ├── Wireshark.aps
│ │ ├── Wireshark.cpp
│ │ ├── Wireshark.h
│ │ ├── Wireshark.ico
│ │ ├── Wireshark.rc
│ │ ├── Wireshark.vcproj
│ │ ├── Wireshark.vcproj.Pablo-PC.Pablo.user
│ │ ├── small.ico
│ │ ├── stdafx.cpp
│ │ ├── stdafx.h
│ │ └── targetver.h
│ ├── idag
│ │ ├── ReadMe.txt
│ │ ├── Resource.h
│ │ ├── idag.aps
│ │ ├── idag.cpp
│ │ ├── idag.h
│ │ ├── idag.ico
│ │ ├── idag.rc
│ │ ├── idag.vcproj
│ │ ├── idag.vcproj.Pablo-PC.Pablo.user
│ │ ├── small.ico
│ │ ├── stdafx.cpp
│ │ ├── stdafx.h
│ │ └── targetver.h
│ ├── procexp
│ │ ├── ReadMe.txt
│ │ ├── Resource.h
│ │ ├── procexp.aps
│ │ ├── procexp.cpp
│ │ ├── procexp.h
│ │ ├── procexp.ico
│ │ ├── procexp.rc
│ │ ├── procexp.vcproj
│ │ ├── procexp.vcproj.Pablo-PC.Pablo.user
│ │ ├── small.ico
│ │ ├── stdafx.cpp
│ │ ├── stdafx.h
│ │ └── targetver.h
│ ├── vboxtray
│ │ ├── ReadMe.txt
│ │ ├── Resource.h
│ │ ├── small.ico
│ │ ├── stdafx.cpp
│ │ ├── stdafx.h
│ │ ├── targetver.h
│ │ ├── vboxtray.aps
│ │ ├── vboxtray.cpp
│ │ ├── vboxtray.h
│ │ ├── vboxtray.ico
│ │ ├── vboxtray.rc
│ │ ├── vboxtray.vcproj
│ │ └── vboxtray.vcproj.Pablo-PC.Pablo.user
│ └── windbg
│ │ ├── ReadMe.txt
│ │ ├── Resource.h
│ │ ├── small.ico
│ │ ├── stdafx.cpp
│ │ ├── stdafx.h
│ │ ├── targetver.h
│ │ ├── windbg.aps
│ │ ├── windbg.cpp
│ │ ├── windbg.h
│ │ ├── windbg.ico
│ │ ├── windbg.rc
│ │ ├── windbg.vcproj
│ │ └── windbg.vcproj.Pablo-PC.Pablo.user
├── ConsoleTestDebug
│ ├── ConsoleTestDebug.cpp
│ ├── ConsoleTestDebug.vcproj
│ ├── ConsoleTestDebug.vcproj.Pablo-PC.Pablo.user
│ ├── ReadMe.txt
│ ├── pafish.log
│ ├── stdafx.cpp
│ ├── stdafx.h
│ └── targetver.h
├── Dlls
│ ├── SbieDll.bochs
│ │ ├── SbieDll.bochs.vcproj
│ │ └── SbieDll.bochs.vcproj.Pablo-PC.Pablo.user
│ ├── SbieDll.qemu
│ │ ├── SbieDll.qemu.vcproj
│ │ └── SbieDll.qemu.vcproj.Pablo-PC.Pablo.user
│ ├── SbieDll.vbox
│ │ ├── SbieDll.vbox.vcproj
│ │ └── SbieDll.vbox.vcproj.Pablo-PC.Pablo.user
│ ├── SbieDll.vmware
│ │ ├── SbieDll.vmware.vcproj
│ │ └── SbieDll.vmware.vcproj.Pablo-PC.Pablo.user
│ ├── SbieDll.wine
│ │ ├── SbieDll.wine.vcproj
│ │ └── SbieDll.wine.vcproj.Pablo-PC.Pablo.user
│ └── SbieDll
│ │ ├── IAThijack.cpp
│ │ ├── IAThijack.h
│ │ ├── SbieDll.vcproj
│ │ ├── SbieDll.vcproj.Pablo-PC.Pablo.user
│ │ ├── dllmain.cpp
│ │ ├── dllmain.h
│ │ └── testIAT.h
├── LaunchAll
│ ├── LaunchAll.aps
│ ├── LaunchAll.cpp
│ ├── LaunchAll.h
│ ├── LaunchAll.ico
│ ├── LaunchAll.rc
│ ├── LaunchAll.vcproj
│ ├── LaunchAll.vcproj.Pablo-PC.Pablo.user
│ ├── ReadMe.txt
│ ├── Resource.h
│ ├── small.ico
│ ├── stdafx.cpp
│ ├── stdafx.h
│ └── targetver.h
├── LoadDriver.sln
├── LoadDriver.suo
├── LoadDriver
│ ├── LoadDriver.cpp
│ ├── LoadDriver.vcproj
│ ├── LoadDriver.vcproj.Pablo-PC.Pablo.user
│ ├── ReadMe.txt
│ ├── stdafx.cpp
│ ├── stdafx.h
│ └── targetver.h
├── PREPROCESADO.txt
└── Release
│ ├── ConsoleTestDebug.exe
│ ├── Empty.exe
│ ├── ImmunityDebugger.exe
│ ├── LaunchAll.exe
│ ├── LoadDriver.exe
│ ├── OLLYDBG.exe
│ ├── Procmon.exe
│ ├── SbieDll.bochs.dll
│ ├── SbieDll.dll
│ ├── SbieDll.qemu.dll
│ ├── SbieDll.vbox.dll
│ ├── SbieDll.vmware.dll
│ ├── SbieDll.wine.dll
│ ├── Wireshark.exe
│ ├── idag.exe
│ ├── procexp.exe
│ ├── vboxtray.exe
│ └── windbg.exe
├── ProcWatcherDebugDriver
├── PEStruct.h
├── ProcDebugger.c
├── makefile.def
└── sources
├── README.md
└── bin
└── i386
├── ProcDebugger.pdb
└── ProcDebugger.sys
/LoadDriverDebugProcess/Apps/ImmunityDebugger/ChildFrm.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/ChildFrm.cpp
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/ChildFrm.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/ChildFrm.h
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebugger.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebugger.aps
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebugger.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebugger.cpp
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebugger.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebugger.h
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebugger.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebugger.rc
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebugger.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebuggerDoc.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebuggerDoc.cpp
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebuggerDoc.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebuggerDoc.h
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebuggerView.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebuggerView.cpp
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebuggerView.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/ImmunityDebuggerView.h
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/LeftView.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/LeftView.cpp
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/LeftView.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/LeftView.h
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/MainFrm.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/MainFrm.cpp
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/MainFrm.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/MainFrm.h
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/NewView.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/NewView.cpp
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/NewView.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/NewView.h
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/ReadMe.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/ReadMe.txt
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/Resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by ImmunityDebugger.rc
4 | //
5 | #define IDD_ABOUTBOX 100
6 | #define IDP_OLE_INIT_FAILED 100
7 | #define ID_VIEW_ARRANGE 127
8 | #define IDR_MAINFRAME 128
9 | #define IDR_ImmunityDebuggeTYPE 129
10 |
11 | // Valores predeterminados siguientes para nuevos objetos
12 | //
13 | #ifdef APSTUDIO_INVOKED
14 | #ifndef APSTUDIO_READONLY_SYMBOLS
15 | #define _APS_NEXT_RESOURCE_VALUE 130
16 | #define _APS_NEXT_CONTROL_VALUE 1000
17 | #define _APS_NEXT_SYMED_VALUE 101
18 | #define _APS_NEXT_COMMAND_VALUE 32771
19 | #endif
20 | #endif
21 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/res/ImmunityDebugger.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/res/ImmunityDebugger.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/res/ImmunityDebugger.rc2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/res/ImmunityDebugger.rc2
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/res/ImmunityDebuggerDoc.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/res/ImmunityDebuggerDoc.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/res/Toolbar.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/res/Toolbar.bmp
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/stdafx.cpp
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/stdafx.h
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/ImmunityDebugger/targetver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/ImmunityDebugger/targetver.h
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/OLLYDBG/OLLYDBG.APS:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/OLLYDBG/OLLYDBG.APS
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/OLLYDBG/OLLYDBG.cpp:
--------------------------------------------------------------------------------
1 | // OLLYDBG.cpp : Defines the entry point for the application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include "OLLYDBG.h"
6 |
7 | #define MAX_LOADSTRING 100
8 |
9 | // Global Variables:
10 | HINSTANCE hInst; // current instance
11 | TCHAR szTitle[MAX_LOADSTRING]; // The title bar text
12 | TCHAR szWindowClass[MAX_LOADSTRING]; // the main window class name
13 |
14 | // Forward declarations of functions included in this code module:
15 | ATOM MyRegisterClass(HINSTANCE hInstance);
16 | BOOL InitInstance(HINSTANCE, int);
17 | LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
18 | INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM);
19 |
20 | int APIENTRY _tWinMain(HINSTANCE hInstance,
21 | HINSTANCE hPrevInstance,
22 | LPTSTR lpCmdLine,
23 | int nCmdShow)
24 | {
25 | UNREFERENCED_PARAMETER(hPrevInstance);
26 | UNREFERENCED_PARAMETER(lpCmdLine);
27 |
28 | // TODO: Place code here.
29 | MSG msg;
30 | HACCEL hAccelTable;
31 |
32 | // Initialize global strings
33 | LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);
34 | LoadString(hInstance, IDC_OLLYDBG, szWindowClass, MAX_LOADSTRING);
35 | MyRegisterClass(hInstance);
36 |
37 | // Perform application initialization:
38 | if (!InitInstance (hInstance, 0))
39 | {
40 | return FALSE;
41 | }
42 |
43 | hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_OLLYDBG));
44 |
45 | // Main message loop:
46 | while (GetMessage(&msg, NULL, 0, 0))
47 | {
48 | if (!TranslateAccelerator(msg.hwnd, hAccelTable, &msg))
49 | {
50 | TranslateMessage(&msg);
51 | DispatchMessage(&msg);
52 | }
53 | }
54 |
55 | return (int) msg.wParam;
56 | }
57 |
58 |
59 |
60 | //
61 | // FUNCTION: MyRegisterClass()
62 | //
63 | // PURPOSE: Registers the window class.
64 | //
65 | // COMMENTS:
66 | //
67 | // This function and its usage are only necessary if you want this code
68 | // to be compatible with Win32 systems prior to the 'RegisterClassEx'
69 | // function that was added to Windows 95. It is important to call this function
70 | // so that the application will get 'well formed' small icons associated
71 | // with it.
72 | //
73 | ATOM MyRegisterClass(HINSTANCE hInstance)
74 | {
75 | WNDCLASSEX wcex;
76 |
77 | wcex.cbSize = sizeof(WNDCLASSEX);
78 |
79 | wcex.style = CS_HREDRAW | CS_VREDRAW;
80 | wcex.lpfnWndProc = WndProc;
81 | wcex.cbClsExtra = 0;
82 | wcex.cbWndExtra = 0;
83 | wcex.hInstance = hInstance;
84 | wcex.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(IDI_OLLYDBG));
85 | wcex.hCursor = LoadCursor(NULL, IDC_ARROW);
86 | wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
87 | wcex.lpszMenuName = MAKEINTRESOURCE(IDC_OLLYDBG);
88 | wcex.lpszClassName = szWindowClass;
89 | wcex.hIconSm = LoadIcon(wcex.hInstance, MAKEINTRESOURCE(IDI_SMALL));
90 |
91 | return RegisterClassEx(&wcex);
92 | }
93 |
94 | //
95 | // FUNCTION: InitInstance(HINSTANCE, int)
96 | //
97 | // PURPOSE: Saves instance handle and creates main window
98 | //
99 | // COMMENTS:
100 | //
101 | // In this function, we save the instance handle in a global variable and
102 | // create and display the main program window.
103 | //
104 | BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
105 | {
106 | HWND hWnd;
107 |
108 | hInst = hInstance; // Store instance handle in our global variable
109 |
110 | hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW,
111 | CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL, NULL, hInstance, NULL);
112 |
113 | if (!hWnd)
114 | {
115 | return FALSE;
116 | }
117 |
118 | ShowWindow(hWnd, nCmdShow);
119 | UpdateWindow(hWnd);
120 |
121 | return TRUE;
122 | }
123 |
124 | //
125 | // FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM)
126 | //
127 | // PURPOSE: Processes messages for the main window.
128 | //
129 | // WM_COMMAND - process the application menu
130 | // WM_PAINT - Paint the main window
131 | // WM_DESTROY - post a quit message and return
132 | //
133 | //
134 | LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
135 | {
136 | int wmId, wmEvent;
137 | PAINTSTRUCT ps;
138 | HDC hdc;
139 |
140 | switch (message)
141 | {
142 | case WM_COMMAND:
143 | wmId = LOWORD(wParam);
144 | wmEvent = HIWORD(wParam);
145 | // Parse the menu selections:
146 | switch (wmId)
147 | {
148 | case IDM_ABOUT:
149 | DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
150 | break;
151 | case IDM_EXIT:
152 | DestroyWindow(hWnd);
153 | break;
154 | default:
155 | return DefWindowProc(hWnd, message, wParam, lParam);
156 | }
157 | break;
158 | case WM_PAINT:
159 | hdc = BeginPaint(hWnd, &ps);
160 | // TODO: Add any drawing code here...
161 | EndPaint(hWnd, &ps);
162 | break;
163 | case WM_DESTROY:
164 | PostQuitMessage(0);
165 | break;
166 | default:
167 | return DefWindowProc(hWnd, message, wParam, lParam);
168 | }
169 | return 0;
170 | }
171 |
172 | // Message handler for about box.
173 | INT_PTR CALLBACK About(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
174 | {
175 | UNREFERENCED_PARAMETER(lParam);
176 | switch (message)
177 | {
178 | case WM_INITDIALOG:
179 | return (INT_PTR)TRUE;
180 |
181 | case WM_COMMAND:
182 | if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL)
183 | {
184 | EndDialog(hDlg, LOWORD(wParam));
185 | return (INT_PTR)TRUE;
186 | }
187 | break;
188 | }
189 | return (INT_PTR)FALSE;
190 | }
191 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/OLLYDBG/OLLYDBG.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "resource.h"
4 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/OLLYDBG/OLLYDBG.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/OLLYDBG/OLLYDBG.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/OLLYDBG/OLLYDBG.rc:
--------------------------------------------------------------------------------
1 | // Microsoft Visual C++ generated resource script.
2 | //
3 | #include "resource.h"
4 |
5 | #define APSTUDIO_READONLY_SYMBOLS
6 | /////////////////////////////////////////////////////////////////////////////
7 | //
8 | // Generated from the TEXTINCLUDE 2 resource.
9 | //
10 | #ifndef APSTUDIO_INVOKED
11 | #include "targetver.h"
12 | #endif
13 | #define APSTUDIO_HIDDEN_SYMBOLS
14 | #include "windows.h"
15 | #undef APSTUDIO_HIDDEN_SYMBOLS
16 |
17 | /////////////////////////////////////////////////////////////////////////////
18 | #undef APSTUDIO_READONLY_SYMBOLS
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | // English (U.S.) resources
22 |
23 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
24 | #ifdef _WIN32
25 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
26 | #pragma code_page(1252)
27 | #endif //_WIN32
28 |
29 | /////////////////////////////////////////////////////////////////////////////
30 | //
31 | // Icon
32 | //
33 |
34 | // Icon with lowest ID value placed first to ensure application icon
35 | // remains consistent on all systems.
36 | IDI_OLLYDBG ICON "OLLYDBG.ico"
37 | IDI_SMALL ICON "small.ico"
38 |
39 | /////////////////////////////////////////////////////////////////////////////
40 | //
41 | // Menu
42 | //
43 |
44 | IDC_OLLYDBG MENU
45 | BEGIN
46 | POPUP "&File"
47 | BEGIN
48 | MENUITEM "E&xit", IDM_EXIT
49 | END
50 | POPUP "&Help"
51 | BEGIN
52 | MENUITEM "&About ...", IDM_ABOUT
53 | END
54 | END
55 |
56 |
57 | /////////////////////////////////////////////////////////////////////////////
58 | //
59 | // Accelerator
60 | //
61 |
62 | IDC_OLLYDBG ACCELERATORS
63 | BEGIN
64 | "?", IDM_ABOUT, ASCII, ALT
65 | "/", IDM_ABOUT, ASCII, ALT
66 | END
67 |
68 |
69 | /////////////////////////////////////////////////////////////////////////////
70 | //
71 | // Dialog
72 | //
73 |
74 | IDD_ABOUTBOX DIALOGEX 0, 0, 170, 62
75 | STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
76 | CAPTION "About OLLYDBG"
77 | FONT 8, "MS Shell Dlg", 0, 0, 0x1
78 | BEGIN
79 | ICON 128,IDC_STATIC,14,14,21,20
80 | LTEXT "OLLYDBG, Version 1.0",IDC_STATIC,42,14,114,8,SS_NOPREFIX
81 | LTEXT "Copyright (C) 2015",IDC_STATIC,42,26,114,8
82 | DEFPUSHBUTTON "OK",IDOK,113,41,50,14,WS_GROUP
83 | END
84 |
85 |
86 | /////////////////////////////////////////////////////////////////////////////
87 | //
88 | // DESIGNINFO
89 | //
90 |
91 | #ifdef APSTUDIO_INVOKED
92 | GUIDELINES DESIGNINFO
93 | BEGIN
94 | IDD_ABOUTBOX, DIALOG
95 | BEGIN
96 | LEFTMARGIN, 7
97 | RIGHTMARGIN, 163
98 | TOPMARGIN, 7
99 | BOTTOMMARGIN, 55
100 | END
101 | END
102 | #endif // APSTUDIO_INVOKED
103 |
104 |
105 | #ifdef APSTUDIO_INVOKED
106 | /////////////////////////////////////////////////////////////////////////////
107 | //
108 | // TEXTINCLUDE
109 | //
110 |
111 | 1 TEXTINCLUDE
112 | BEGIN
113 | "resource.h\0"
114 | END
115 |
116 | 2 TEXTINCLUDE
117 | BEGIN
118 | "#ifndef APSTUDIO_INVOKED\r\n"
119 | "#include ""targetver.h""\r\n"
120 | "#endif\r\n"
121 | "#define APSTUDIO_HIDDEN_SYMBOLS\r\n"
122 | "#include ""windows.h""\r\n"
123 | "#undef APSTUDIO_HIDDEN_SYMBOLS\r\n"
124 | "\0"
125 | END
126 |
127 | 3 TEXTINCLUDE
128 | BEGIN
129 | "\r\n"
130 | "\0"
131 | END
132 |
133 | #endif // APSTUDIO_INVOKED
134 |
135 |
136 | /////////////////////////////////////////////////////////////////////////////
137 | //
138 | // Version
139 | //
140 |
141 | VS_VERSION_INFO VERSIONINFO
142 | FILEVERSION 1,0,10,0
143 | PRODUCTVERSION 1,0,10,0
144 | FILEFLAGSMASK 0x17L
145 | #ifdef _DEBUG
146 | FILEFLAGS 0x1L
147 | #else
148 | FILEFLAGS 0x0L
149 | #endif
150 | FILEOS 0x4L
151 | FILETYPE 0x1L
152 | FILESUBTYPE 0x0L
153 | BEGIN
154 | BLOCK "StringFileInfo"
155 | BEGIN
156 | BLOCK "040904b0"
157 | BEGIN
158 | VALUE "FileDescription", "OllyDbg. 32-bit analysing debugger"
159 | VALUE "FileVersion", "1, 0, 10, 0"
160 | VALUE "InternalName", "OLLYDBG"
161 | VALUE "LegalCopyright", "Copyright (C) 2000-2004 Oleh Yuschuk"
162 | VALUE "ProductVersion", "1, 0, 10, 0"
163 | END
164 | END
165 | BLOCK "VarFileInfo"
166 | BEGIN
167 | VALUE "Translation", 0x409, 1200
168 | END
169 | END
170 |
171 |
172 | /////////////////////////////////////////////////////////////////////////////
173 | //
174 | // String Table
175 | //
176 |
177 | STRINGTABLE
178 | BEGIN
179 | IDS_APP_TITLE "OllyDbg"
180 | IDC_OLLYDBG "OLLYDBG"
181 | END
182 |
183 | #endif // English (U.S.) resources
184 | /////////////////////////////////////////////////////////////////////////////
185 |
186 |
187 |
188 | #ifndef APSTUDIO_INVOKED
189 | /////////////////////////////////////////////////////////////////////////////
190 | //
191 | // Generated from the TEXTINCLUDE 3 resource.
192 | //
193 |
194 |
195 | /////////////////////////////////////////////////////////////////////////////
196 | #endif // not APSTUDIO_INVOKED
197 |
198 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/OLLYDBG/OLLYDBG.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/OLLYDBG/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | WIN32 APPLICATION : OLLYDBG Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this OLLYDBG application for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your OLLYDBG application.
9 |
10 |
11 | OLLYDBG.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | OLLYDBG.cpp
18 | This is the main application source file.
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | AppWizard has created the following resources:
22 |
23 | OLLYDBG.rc
24 | This is a listing of all of the Microsoft Windows resources that the
25 | program uses. It includes the icons, bitmaps, and cursors that are stored
26 | in the RES subdirectory. This file can be directly edited in Microsoft
27 | Visual C++.
28 |
29 | Resource.h
30 | This is the standard header file, which defines new resource IDs.
31 | Microsoft Visual C++ reads and updates this file.
32 |
33 | OLLYDBG.ico
34 | This is an icon file, which is used as the application's icon (32x32).
35 | This icon is included by the main resource file OLLYDBG.rc.
36 |
37 | small.ico
38 | This is an icon file, which contains a smaller version (16x16)
39 | of the application's icon. This icon is included by the main resource
40 | file OLLYDBG.rc.
41 |
42 | /////////////////////////////////////////////////////////////////////////////
43 | Other standard files:
44 |
45 | StdAfx.h, StdAfx.cpp
46 | These files are used to build a precompiled header (PCH) file
47 | named OLLYDBG.pch and a precompiled types file named StdAfx.obj.
48 |
49 | /////////////////////////////////////////////////////////////////////////////
50 | Other notes:
51 |
52 | AppWizard uses "TODO:" comments to indicate parts of the source code you
53 | should add to or customize.
54 |
55 | /////////////////////////////////////////////////////////////////////////////
56 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/OLLYDBG/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by OLLYDBG.rc
4 | //
5 | #define IDC_MYICON 2
6 | #define IDD_OLLYDBG_DIALOG 102
7 | #define IDS_APP_TITLE 103
8 | #define IDD_ABOUTBOX 103
9 | #define IDM_ABOUT 104
10 | #define IDM_EXIT 105
11 | #define IDI_OLLYDBG 107
12 | #define IDI_SMALL 108
13 | #define IDC_OLLYDBG 109
14 | #define IDR_MAINFRAME 128
15 | #define IDC_STATIC -1
16 |
17 | // Next default values for new objects
18 | //
19 | #ifdef APSTUDIO_INVOKED
20 | #ifndef APSTUDIO_READONLY_SYMBOLS
21 | #define _APS_NO_MFC 1
22 | #define _APS_NEXT_RESOURCE_VALUE 130
23 | #define _APS_NEXT_COMMAND_VALUE 32771
24 | #define _APS_NEXT_CONTROL_VALUE 1000
25 | #define _APS_NEXT_SYMED_VALUE 110
26 | #endif
27 | #endif
28 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/OLLYDBG/small.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/OLLYDBG/small.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/OLLYDBG/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // OLLYDBG.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/OLLYDBG/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 |
10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
11 | // Windows Header Files:
12 | #include
13 |
14 | // C RunTime Header Files
15 | #include
16 | #include
17 | #include
18 | #include
19 |
20 |
21 | // TODO: reference additional headers your program requires here
22 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/OLLYDBG/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // The following macros define the minimum required platform. The minimum required platform
4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
5 | // your application. The macros work by enabling all features available on platform versions up to and
6 | // including the version specified.
7 |
8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef WINVER // Specifies that the minimum required platform is Windows Vista.
11 | #define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 |
14 | #ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
15 | #define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
16 | #endif
17 |
18 | #ifndef _WIN32_WINDOWS // Specifies that the minimum required platform is Windows 98.
19 | #define _WIN32_WINDOWS 0x0410 // Change this to the appropriate value to target Windows Me or later.
20 | #endif
21 |
22 | #ifndef _WIN32_IE // Specifies that the minimum required platform is Internet Explorer 7.0.
23 | #define _WIN32_IE 0x0700 // Change this to the appropriate value to target other versions of IE.
24 | #endif
25 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Procmon/Procmon.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/Procmon/Procmon.aps
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Procmon/Procmon.cpp:
--------------------------------------------------------------------------------
1 | // Procmon.cpp : Defines the entry point for the application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include "Procmon.h"
6 |
7 | #define MAX_LOADSTRING 100
8 |
9 | // Global Variables:
10 | HINSTANCE hInst; // current instance
11 | TCHAR szTitle[MAX_LOADSTRING]; // The title bar text
12 | TCHAR szWindowClass[MAX_LOADSTRING]; // the main window class name
13 |
14 | // Forward declarations of functions included in this code module:
15 | ATOM MyRegisterClass(HINSTANCE hInstance);
16 | BOOL InitInstance(HINSTANCE, int);
17 | LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
18 | INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM);
19 |
20 | int APIENTRY _tWinMain(HINSTANCE hInstance,
21 | HINSTANCE hPrevInstance,
22 | LPTSTR lpCmdLine,
23 | int nCmdShow)
24 | {
25 | UNREFERENCED_PARAMETER(hPrevInstance);
26 | UNREFERENCED_PARAMETER(lpCmdLine);
27 |
28 | // TODO: Place code here.
29 | MSG msg;
30 | HACCEL hAccelTable;
31 |
32 | // Initialize global strings
33 | LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);
34 | LoadString(hInstance, IDC_PROCMON, szWindowClass, MAX_LOADSTRING);
35 | MyRegisterClass(hInstance);
36 |
37 | // Perform application initialization:
38 | if (!InitInstance (hInstance, nCmdShow))
39 | {
40 | return FALSE;
41 | }
42 |
43 | hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_PROCMON));
44 |
45 | // Main message loop:
46 | while (GetMessage(&msg, NULL, 0, 0))
47 | {
48 | if (!TranslateAccelerator(msg.hwnd, hAccelTable, &msg))
49 | {
50 | TranslateMessage(&msg);
51 | DispatchMessage(&msg);
52 | }
53 | }
54 |
55 | return (int) msg.wParam;
56 | }
57 |
58 |
59 |
60 | //
61 | // FUNCTION: MyRegisterClass()
62 | //
63 | // PURPOSE: Registers the window class.
64 | //
65 | // COMMENTS:
66 | //
67 | // This function and its usage are only necessary if you want this code
68 | // to be compatible with Win32 systems prior to the 'RegisterClassEx'
69 | // function that was added to Windows 95. It is important to call this function
70 | // so that the application will get 'well formed' small icons associated
71 | // with it.
72 | //
73 | ATOM MyRegisterClass(HINSTANCE hInstance)
74 | {
75 | WNDCLASSEX wcex;
76 |
77 | wcex.cbSize = sizeof(WNDCLASSEX);
78 |
79 | wcex.style = CS_HREDRAW | CS_VREDRAW;
80 | wcex.lpfnWndProc = WndProc;
81 | wcex.cbClsExtra = 0;
82 | wcex.cbWndExtra = 0;
83 | wcex.hInstance = hInstance;
84 | wcex.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(IDI_PROCMON));
85 | wcex.hCursor = LoadCursor(NULL, IDC_ARROW);
86 | wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
87 | wcex.lpszMenuName = MAKEINTRESOURCE(IDC_PROCMON);
88 | wcex.lpszClassName = szWindowClass;
89 | wcex.hIconSm = LoadIcon(wcex.hInstance, MAKEINTRESOURCE(IDI_SMALL));
90 |
91 | return RegisterClassEx(&wcex);
92 | }
93 |
94 | //
95 | // FUNCTION: InitInstance(HINSTANCE, int)
96 | //
97 | // PURPOSE: Saves instance handle and creates main window
98 | //
99 | // COMMENTS:
100 | //
101 | // In this function, we save the instance handle in a global variable and
102 | // create and display the main program window.
103 | //
104 | BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
105 | {
106 | HWND hWnd;
107 |
108 | hInst = hInstance; // Store instance handle in our global variable
109 |
110 | hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW,
111 | CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL, NULL, hInstance, NULL);
112 |
113 | if (!hWnd)
114 | {
115 | return FALSE;
116 | }
117 |
118 | ShowWindow(hWnd, nCmdShow);
119 | UpdateWindow(hWnd);
120 |
121 | return TRUE;
122 | }
123 |
124 | //
125 | // FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM)
126 | //
127 | // PURPOSE: Processes messages for the main window.
128 | //
129 | // WM_COMMAND - process the application menu
130 | // WM_PAINT - Paint the main window
131 | // WM_DESTROY - post a quit message and return
132 | //
133 | //
134 | LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
135 | {
136 | int wmId, wmEvent;
137 | PAINTSTRUCT ps;
138 | HDC hdc;
139 |
140 | switch (message)
141 | {
142 | case WM_COMMAND:
143 | wmId = LOWORD(wParam);
144 | wmEvent = HIWORD(wParam);
145 | // Parse the menu selections:
146 | switch (wmId)
147 | {
148 | case IDM_ABOUT:
149 | DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
150 | break;
151 | case IDM_EXIT:
152 | DestroyWindow(hWnd);
153 | break;
154 | default:
155 | return DefWindowProc(hWnd, message, wParam, lParam);
156 | }
157 | break;
158 | case WM_PAINT:
159 | hdc = BeginPaint(hWnd, &ps);
160 | // TODO: Add any drawing code here...
161 | EndPaint(hWnd, &ps);
162 | break;
163 | case WM_DESTROY:
164 | PostQuitMessage(0);
165 | break;
166 | default:
167 | return DefWindowProc(hWnd, message, wParam, lParam);
168 | }
169 | return 0;
170 | }
171 |
172 | // Message handler for about box.
173 | INT_PTR CALLBACK About(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
174 | {
175 | UNREFERENCED_PARAMETER(lParam);
176 | switch (message)
177 | {
178 | case WM_INITDIALOG:
179 | return (INT_PTR)TRUE;
180 |
181 | case WM_COMMAND:
182 | if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL)
183 | {
184 | EndDialog(hDlg, LOWORD(wParam));
185 | return (INT_PTR)TRUE;
186 | }
187 | break;
188 | }
189 | return (INT_PTR)FALSE;
190 | }
191 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Procmon/Procmon.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "resource.h"
4 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Procmon/Procmon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/Procmon/Procmon.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Procmon/Procmon.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/Procmon/Procmon.rc
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Procmon/Procmon.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Procmon/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | WIN32 APPLICATION : Procmon Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this Procmon application for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your Procmon application.
9 |
10 |
11 | Procmon.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | Procmon.cpp
18 | This is the main application source file.
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | AppWizard has created the following resources:
22 |
23 | Procmon.rc
24 | This is a listing of all of the Microsoft Windows resources that the
25 | program uses. It includes the icons, bitmaps, and cursors that are stored
26 | in the RES subdirectory. This file can be directly edited in Microsoft
27 | Visual C++.
28 |
29 | Resource.h
30 | This is the standard header file, which defines new resource IDs.
31 | Microsoft Visual C++ reads and updates this file.
32 |
33 | Procmon.ico
34 | This is an icon file, which is used as the application's icon (32x32).
35 | This icon is included by the main resource file Procmon.rc.
36 |
37 | small.ico
38 | This is an icon file, which contains a smaller version (16x16)
39 | of the application's icon. This icon is included by the main resource
40 | file Procmon.rc.
41 |
42 | /////////////////////////////////////////////////////////////////////////////
43 | Other standard files:
44 |
45 | StdAfx.h, StdAfx.cpp
46 | These files are used to build a precompiled header (PCH) file
47 | named Procmon.pch and a precompiled types file named StdAfx.obj.
48 |
49 | /////////////////////////////////////////////////////////////////////////////
50 | Other notes:
51 |
52 | AppWizard uses "TODO:" comments to indicate parts of the source code you
53 | should add to or customize.
54 |
55 | /////////////////////////////////////////////////////////////////////////////
56 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Procmon/Resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by Procmon.rc
4 | //
5 |
6 | #define IDS_APP_TITLE 103
7 |
8 | #define IDR_MAINFRAME 128
9 | #define IDD_PROCMON_DIALOG 102
10 | #define IDD_ABOUTBOX 103
11 | #define IDM_ABOUT 104
12 | #define IDM_EXIT 105
13 | #define IDI_PROCMON 107
14 | #define IDI_SMALL 108
15 | #define IDC_PROCMON 109
16 | #define IDC_MYICON 2
17 | #ifndef IDC_STATIC
18 | #define IDC_STATIC -1
19 | #endif
20 | // Next default values for new objects
21 | //
22 | #ifdef APSTUDIO_INVOKED
23 | #ifndef APSTUDIO_READONLY_SYMBOLS
24 |
25 | #define _APS_NO_MFC 130
26 | #define _APS_NEXT_RESOURCE_VALUE 129
27 | #define _APS_NEXT_COMMAND_VALUE 32771
28 | #define _APS_NEXT_CONTROL_VALUE 1000
29 | #define _APS_NEXT_SYMED_VALUE 110
30 | #endif
31 | #endif
32 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Procmon/small.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/Procmon/small.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Procmon/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // Procmon.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Procmon/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 |
10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
11 | // Windows Header Files:
12 | #include
13 |
14 | // C RunTime Header Files
15 | #include
16 | #include
17 | #include
18 | #include
19 |
20 |
21 | // TODO: reference additional headers your program requires here
22 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Procmon/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // The following macros define the minimum required platform. The minimum required platform
4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
5 | // your application. The macros work by enabling all features available on platform versions up to and
6 | // including the version specified.
7 |
8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef WINVER // Specifies that the minimum required platform is Windows Vista.
11 | #define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 |
14 | #ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
15 | #define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
16 | #endif
17 |
18 | #ifndef _WIN32_WINDOWS // Specifies that the minimum required platform is Windows 98.
19 | #define _WIN32_WINDOWS 0x0410 // Change this to the appropriate value to target Windows Me or later.
20 | #endif
21 |
22 | #ifndef _WIN32_IE // Specifies that the minimum required platform is Internet Explorer 7.0.
23 | #define _WIN32_IE 0x0700 // Change this to the appropriate value to target other versions of IE.
24 | #endif
25 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Wireshark/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | WIN32 APPLICATION : Wireshark Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this Wireshark application for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your Wireshark application.
9 |
10 |
11 | Wireshark.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | Wireshark.cpp
18 | This is the main application source file.
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | AppWizard has created the following resources:
22 |
23 | Wireshark.rc
24 | This is a listing of all of the Microsoft Windows resources that the
25 | program uses. It includes the icons, bitmaps, and cursors that are stored
26 | in the RES subdirectory. This file can be directly edited in Microsoft
27 | Visual C++.
28 |
29 | Resource.h
30 | This is the standard header file, which defines new resource IDs.
31 | Microsoft Visual C++ reads and updates this file.
32 |
33 | Wireshark.ico
34 | This is an icon file, which is used as the application's icon (32x32).
35 | This icon is included by the main resource file Wireshark.rc.
36 |
37 | small.ico
38 | This is an icon file, which contains a smaller version (16x16)
39 | of the application's icon. This icon is included by the main resource
40 | file Wireshark.rc.
41 |
42 | /////////////////////////////////////////////////////////////////////////////
43 | Other standard files:
44 |
45 | StdAfx.h, StdAfx.cpp
46 | These files are used to build a precompiled header (PCH) file
47 | named Wireshark.pch and a precompiled types file named StdAfx.obj.
48 |
49 | /////////////////////////////////////////////////////////////////////////////
50 | Other notes:
51 |
52 | AppWizard uses "TODO:" comments to indicate parts of the source code you
53 | should add to or customize.
54 |
55 | /////////////////////////////////////////////////////////////////////////////
56 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Wireshark/Resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by Wireshark.rc
4 | //
5 |
6 | #define IDS_APP_TITLE 103
7 |
8 | #define IDR_MAINFRAME 128
9 | #define IDD_WIRESHARK_DIALOG 102
10 | #define IDD_ABOUTBOX 103
11 | #define IDM_ABOUT 104
12 | #define IDM_EXIT 105
13 | #define IDI_WIRESHARK 107
14 | #define IDI_SMALL 108
15 | #define IDC_WIRESHARK 109
16 | #define IDC_MYICON 2
17 | #ifndef IDC_STATIC
18 | #define IDC_STATIC -1
19 | #endif
20 | // Next default values for new objects
21 | //
22 | #ifdef APSTUDIO_INVOKED
23 | #ifndef APSTUDIO_READONLY_SYMBOLS
24 |
25 | #define _APS_NO_MFC 130
26 | #define _APS_NEXT_RESOURCE_VALUE 129
27 | #define _APS_NEXT_COMMAND_VALUE 32771
28 | #define _APS_NEXT_CONTROL_VALUE 1000
29 | #define _APS_NEXT_SYMED_VALUE 110
30 | #endif
31 | #endif
32 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Wireshark/Wireshark.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/Wireshark/Wireshark.aps
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Wireshark/Wireshark.cpp:
--------------------------------------------------------------------------------
1 | // Wireshark.cpp : Defines the entry point for the application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include "Wireshark.h"
6 |
7 | #define MAX_LOADSTRING 100
8 |
9 | // Global Variables:
10 | HINSTANCE hInst; // current instance
11 | TCHAR szTitle[MAX_LOADSTRING]; // The title bar text
12 | TCHAR szWindowClass[MAX_LOADSTRING]; // the main window class name
13 |
14 | // Forward declarations of functions included in this code module:
15 | ATOM MyRegisterClass(HINSTANCE hInstance);
16 | BOOL InitInstance(HINSTANCE, int);
17 | LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
18 | INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM);
19 |
20 | int APIENTRY _tWinMain(HINSTANCE hInstance,
21 | HINSTANCE hPrevInstance,
22 | LPTSTR lpCmdLine,
23 | int nCmdShow)
24 | {
25 | UNREFERENCED_PARAMETER(hPrevInstance);
26 | UNREFERENCED_PARAMETER(lpCmdLine);
27 |
28 | // TODO: Place code here.
29 | MSG msg;
30 | HACCEL hAccelTable;
31 |
32 | // Initialize global strings
33 | LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);
34 | LoadString(hInstance, IDC_WIRESHARK, szWindowClass, MAX_LOADSTRING);
35 | MyRegisterClass(hInstance);
36 |
37 | // Perform application initialization:
38 | if (!InitInstance (hInstance, nCmdShow))
39 | {
40 | return FALSE;
41 | }
42 |
43 | hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_WIRESHARK));
44 |
45 | // Main message loop:
46 | while (GetMessage(&msg, NULL, 0, 0))
47 | {
48 | if (!TranslateAccelerator(msg.hwnd, hAccelTable, &msg))
49 | {
50 | TranslateMessage(&msg);
51 | DispatchMessage(&msg);
52 | }
53 | }
54 |
55 | return (int) msg.wParam;
56 | }
57 |
58 |
59 |
60 | //
61 | // FUNCTION: MyRegisterClass()
62 | //
63 | // PURPOSE: Registers the window class.
64 | //
65 | // COMMENTS:
66 | //
67 | // This function and its usage are only necessary if you want this code
68 | // to be compatible with Win32 systems prior to the 'RegisterClassEx'
69 | // function that was added to Windows 95. It is important to call this function
70 | // so that the application will get 'well formed' small icons associated
71 | // with it.
72 | //
73 | ATOM MyRegisterClass(HINSTANCE hInstance)
74 | {
75 | WNDCLASSEX wcex;
76 |
77 | wcex.cbSize = sizeof(WNDCLASSEX);
78 |
79 | wcex.style = CS_HREDRAW | CS_VREDRAW;
80 | wcex.lpfnWndProc = WndProc;
81 | wcex.cbClsExtra = 0;
82 | wcex.cbWndExtra = 0;
83 | wcex.hInstance = hInstance;
84 | wcex.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(IDI_WIRESHARK));
85 | wcex.hCursor = LoadCursor(NULL, IDC_ARROW);
86 | wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
87 | wcex.lpszMenuName = MAKEINTRESOURCE(IDC_WIRESHARK);
88 | wcex.lpszClassName = szWindowClass;
89 | wcex.hIconSm = LoadIcon(wcex.hInstance, MAKEINTRESOURCE(IDI_SMALL));
90 |
91 | return RegisterClassEx(&wcex);
92 | }
93 |
94 | //
95 | // FUNCTION: InitInstance(HINSTANCE, int)
96 | //
97 | // PURPOSE: Saves instance handle and creates main window
98 | //
99 | // COMMENTS:
100 | //
101 | // In this function, we save the instance handle in a global variable and
102 | // create and display the main program window.
103 | //
104 | BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
105 | {
106 | HWND hWnd;
107 |
108 | hInst = hInstance; // Store instance handle in our global variable
109 |
110 | hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW,
111 | CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL, NULL, hInstance, NULL);
112 |
113 | if (!hWnd)
114 | {
115 | return FALSE;
116 | }
117 |
118 | ShowWindow(hWnd, nCmdShow);
119 | UpdateWindow(hWnd);
120 |
121 | return TRUE;
122 | }
123 |
124 | //
125 | // FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM)
126 | //
127 | // PURPOSE: Processes messages for the main window.
128 | //
129 | // WM_COMMAND - process the application menu
130 | // WM_PAINT - Paint the main window
131 | // WM_DESTROY - post a quit message and return
132 | //
133 | //
134 | LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
135 | {
136 | int wmId, wmEvent;
137 | PAINTSTRUCT ps;
138 | HDC hdc;
139 |
140 | switch (message)
141 | {
142 | case WM_COMMAND:
143 | wmId = LOWORD(wParam);
144 | wmEvent = HIWORD(wParam);
145 | // Parse the menu selections:
146 | switch (wmId)
147 | {
148 | case IDM_ABOUT:
149 | DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
150 | break;
151 | case IDM_EXIT:
152 | DestroyWindow(hWnd);
153 | break;
154 | default:
155 | return DefWindowProc(hWnd, message, wParam, lParam);
156 | }
157 | break;
158 | case WM_PAINT:
159 | hdc = BeginPaint(hWnd, &ps);
160 | // TODO: Add any drawing code here...
161 | EndPaint(hWnd, &ps);
162 | break;
163 | case WM_DESTROY:
164 | PostQuitMessage(0);
165 | break;
166 | default:
167 | return DefWindowProc(hWnd, message, wParam, lParam);
168 | }
169 | return 0;
170 | }
171 |
172 | // Message handler for about box.
173 | INT_PTR CALLBACK About(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
174 | {
175 | UNREFERENCED_PARAMETER(lParam);
176 | switch (message)
177 | {
178 | case WM_INITDIALOG:
179 | return (INT_PTR)TRUE;
180 |
181 | case WM_COMMAND:
182 | if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL)
183 | {
184 | EndDialog(hDlg, LOWORD(wParam));
185 | return (INT_PTR)TRUE;
186 | }
187 | break;
188 | }
189 | return (INT_PTR)FALSE;
190 | }
191 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Wireshark/Wireshark.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "resource.h"
4 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Wireshark/Wireshark.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/Wireshark/Wireshark.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Wireshark/Wireshark.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/Wireshark/Wireshark.rc
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Wireshark/Wireshark.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Wireshark/small.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/Wireshark/small.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Wireshark/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // Wireshark.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Wireshark/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 |
10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
11 | // Windows Header Files:
12 | #include
13 |
14 | // C RunTime Header Files
15 | #include
16 | #include
17 | #include
18 | #include
19 |
20 |
21 | // TODO: reference additional headers your program requires here
22 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/Wireshark/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // The following macros define the minimum required platform. The minimum required platform
4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
5 | // your application. The macros work by enabling all features available on platform versions up to and
6 | // including the version specified.
7 |
8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef WINVER // Specifies that the minimum required platform is Windows Vista.
11 | #define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 |
14 | #ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
15 | #define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
16 | #endif
17 |
18 | #ifndef _WIN32_WINDOWS // Specifies that the minimum required platform is Windows 98.
19 | #define _WIN32_WINDOWS 0x0410 // Change this to the appropriate value to target Windows Me or later.
20 | #endif
21 |
22 | #ifndef _WIN32_IE // Specifies that the minimum required platform is Internet Explorer 7.0.
23 | #define _WIN32_IE 0x0700 // Change this to the appropriate value to target other versions of IE.
24 | #endif
25 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/idag/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | WIN32 APPLICATION : idag Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this idag application for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your idag application.
9 |
10 |
11 | idag.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | idag.cpp
18 | This is the main application source file.
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | AppWizard has created the following resources:
22 |
23 | idag.rc
24 | This is a listing of all of the Microsoft Windows resources that the
25 | program uses. It includes the icons, bitmaps, and cursors that are stored
26 | in the RES subdirectory. This file can be directly edited in Microsoft
27 | Visual C++.
28 |
29 | Resource.h
30 | This is the standard header file, which defines new resource IDs.
31 | Microsoft Visual C++ reads and updates this file.
32 |
33 | idag.ico
34 | This is an icon file, which is used as the application's icon (32x32).
35 | This icon is included by the main resource file idag.rc.
36 |
37 | small.ico
38 | This is an icon file, which contains a smaller version (16x16)
39 | of the application's icon. This icon is included by the main resource
40 | file idag.rc.
41 |
42 | /////////////////////////////////////////////////////////////////////////////
43 | Other standard files:
44 |
45 | StdAfx.h, StdAfx.cpp
46 | These files are used to build a precompiled header (PCH) file
47 | named idag.pch and a precompiled types file named StdAfx.obj.
48 |
49 | /////////////////////////////////////////////////////////////////////////////
50 | Other notes:
51 |
52 | AppWizard uses "TODO:" comments to indicate parts of the source code you
53 | should add to or customize.
54 |
55 | /////////////////////////////////////////////////////////////////////////////
56 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/idag/Resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by idag.rc
4 | //
5 |
6 | #define IDS_APP_TITLE 103
7 |
8 | #define IDR_MAINFRAME 128
9 | #define IDD_IDAG_DIALOG 102
10 | #define IDD_ABOUTBOX 103
11 | #define IDM_ABOUT 104
12 | #define IDM_EXIT 105
13 | #define IDI_IDAG 107
14 | #define IDI_SMALL 108
15 | #define IDC_IDAG 109
16 | #define IDC_MYICON 2
17 | #ifndef IDC_STATIC
18 | #define IDC_STATIC -1
19 | #endif
20 | // Next default values for new objects
21 | //
22 | #ifdef APSTUDIO_INVOKED
23 | #ifndef APSTUDIO_READONLY_SYMBOLS
24 |
25 | #define _APS_NO_MFC 130
26 | #define _APS_NEXT_RESOURCE_VALUE 129
27 | #define _APS_NEXT_COMMAND_VALUE 32771
28 | #define _APS_NEXT_CONTROL_VALUE 1000
29 | #define _APS_NEXT_SYMED_VALUE 110
30 | #endif
31 | #endif
32 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/idag/idag.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/idag/idag.aps
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/idag/idag.cpp:
--------------------------------------------------------------------------------
1 | // idag.cpp : Defines the entry point for the application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include "idag.h"
6 |
7 | #define MAX_LOADSTRING 100
8 |
9 | // Global Variables:
10 | HINSTANCE hInst; // current instance
11 | TCHAR szTitle[MAX_LOADSTRING]; // The title bar text
12 | TCHAR szWindowClass[MAX_LOADSTRING]; // the main window class name
13 |
14 | // Forward declarations of functions included in this code module:
15 | ATOM MyRegisterClass(HINSTANCE hInstance);
16 | BOOL InitInstance(HINSTANCE, int);
17 | LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
18 | INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM);
19 |
20 | int APIENTRY _tWinMain(HINSTANCE hInstance,
21 | HINSTANCE hPrevInstance,
22 | LPTSTR lpCmdLine,
23 | int nCmdShow)
24 | {
25 | UNREFERENCED_PARAMETER(hPrevInstance);
26 | UNREFERENCED_PARAMETER(lpCmdLine);
27 |
28 | // TODO: Place code here.
29 | MSG msg;
30 | HACCEL hAccelTable;
31 |
32 | // Initialize global strings
33 | LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);
34 | LoadString(hInstance, IDC_IDAG, szWindowClass, MAX_LOADSTRING);
35 | MyRegisterClass(hInstance);
36 |
37 | // Perform application initialization:
38 | if (!InitInstance (hInstance, nCmdShow))
39 | {
40 | return FALSE;
41 | }
42 |
43 | hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_IDAG));
44 |
45 | // Main message loop:
46 | while (GetMessage(&msg, NULL, 0, 0))
47 | {
48 | if (!TranslateAccelerator(msg.hwnd, hAccelTable, &msg))
49 | {
50 | TranslateMessage(&msg);
51 | DispatchMessage(&msg);
52 | }
53 | }
54 |
55 | return (int) msg.wParam;
56 | }
57 |
58 |
59 |
60 | //
61 | // FUNCTION: MyRegisterClass()
62 | //
63 | // PURPOSE: Registers the window class.
64 | //
65 | // COMMENTS:
66 | //
67 | // This function and its usage are only necessary if you want this code
68 | // to be compatible with Win32 systems prior to the 'RegisterClassEx'
69 | // function that was added to Windows 95. It is important to call this function
70 | // so that the application will get 'well formed' small icons associated
71 | // with it.
72 | //
73 | ATOM MyRegisterClass(HINSTANCE hInstance)
74 | {
75 | WNDCLASSEX wcex;
76 |
77 | wcex.cbSize = sizeof(WNDCLASSEX);
78 |
79 | wcex.style = CS_HREDRAW | CS_VREDRAW;
80 | wcex.lpfnWndProc = WndProc;
81 | wcex.cbClsExtra = 0;
82 | wcex.cbWndExtra = 0;
83 | wcex.hInstance = hInstance;
84 | wcex.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(IDI_IDAG));
85 | wcex.hCursor = LoadCursor(NULL, IDC_ARROW);
86 | wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
87 | wcex.lpszMenuName = MAKEINTRESOURCE(IDC_IDAG);
88 | wcex.lpszClassName = szWindowClass;
89 | wcex.hIconSm = LoadIcon(wcex.hInstance, MAKEINTRESOURCE(IDI_SMALL));
90 |
91 | return RegisterClassEx(&wcex);
92 | }
93 |
94 | //
95 | // FUNCTION: InitInstance(HINSTANCE, int)
96 | //
97 | // PURPOSE: Saves instance handle and creates main window
98 | //
99 | // COMMENTS:
100 | //
101 | // In this function, we save the instance handle in a global variable and
102 | // create and display the main program window.
103 | //
104 | BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
105 | {
106 | HWND hWnd;
107 |
108 | hInst = hInstance; // Store instance handle in our global variable
109 |
110 | hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW,
111 | CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL, NULL, hInstance, NULL);
112 |
113 | if (!hWnd)
114 | {
115 | return FALSE;
116 | }
117 |
118 | ShowWindow(hWnd, nCmdShow);
119 | UpdateWindow(hWnd);
120 |
121 | return TRUE;
122 | }
123 |
124 | //
125 | // FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM)
126 | //
127 | // PURPOSE: Processes messages for the main window.
128 | //
129 | // WM_COMMAND - process the application menu
130 | // WM_PAINT - Paint the main window
131 | // WM_DESTROY - post a quit message and return
132 | //
133 | //
134 | LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
135 | {
136 | int wmId, wmEvent;
137 | PAINTSTRUCT ps;
138 | HDC hdc;
139 |
140 | switch (message)
141 | {
142 | case WM_COMMAND:
143 | wmId = LOWORD(wParam);
144 | wmEvent = HIWORD(wParam);
145 | // Parse the menu selections:
146 | switch (wmId)
147 | {
148 | case IDM_ABOUT:
149 | DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
150 | break;
151 | case IDM_EXIT:
152 | DestroyWindow(hWnd);
153 | break;
154 | default:
155 | return DefWindowProc(hWnd, message, wParam, lParam);
156 | }
157 | break;
158 | case WM_PAINT:
159 | hdc = BeginPaint(hWnd, &ps);
160 | // TODO: Add any drawing code here...
161 | EndPaint(hWnd, &ps);
162 | break;
163 | case WM_DESTROY:
164 | PostQuitMessage(0);
165 | break;
166 | default:
167 | return DefWindowProc(hWnd, message, wParam, lParam);
168 | }
169 | return 0;
170 | }
171 |
172 | // Message handler for about box.
173 | INT_PTR CALLBACK About(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
174 | {
175 | UNREFERENCED_PARAMETER(lParam);
176 | switch (message)
177 | {
178 | case WM_INITDIALOG:
179 | return (INT_PTR)TRUE;
180 |
181 | case WM_COMMAND:
182 | if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL)
183 | {
184 | EndDialog(hDlg, LOWORD(wParam));
185 | return (INT_PTR)TRUE;
186 | }
187 | break;
188 | }
189 | return (INT_PTR)FALSE;
190 | }
191 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/idag/idag.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "resource.h"
4 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/idag/idag.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/idag/idag.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/idag/idag.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
15 |
16 |
17 |
18 |
19 |
26 |
29 |
32 |
35 |
38 |
41 |
52 |
55 |
58 |
61 |
68 |
71 |
74 |
77 |
80 |
83 |
86 |
89 |
90 |
98 |
101 |
104 |
107 |
110 |
113 |
124 |
127 |
130 |
133 |
142 |
145 |
148 |
151 |
154 |
157 |
160 |
163 |
164 |
165 |
166 |
167 |
168 |
173 |
176 |
177 |
180 |
183 |
187 |
188 |
191 |
195 |
196 |
197 |
198 |
203 |
206 |
207 |
210 |
211 |
214 |
215 |
218 |
219 |
220 |
225 |
228 |
229 |
232 |
233 |
236 |
237 |
238 |
241 |
242 |
243 |
244 |
245 |
246 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/idag/idag.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/idag/small.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/idag/small.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/idag/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // idag.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/idag/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 |
10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
11 | // Windows Header Files:
12 | #include
13 |
14 | // C RunTime Header Files
15 | #include
16 | #include
17 | #include
18 | #include
19 |
20 |
21 | // TODO: reference additional headers your program requires here
22 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/idag/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // The following macros define the minimum required platform. The minimum required platform
4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
5 | // your application. The macros work by enabling all features available on platform versions up to and
6 | // including the version specified.
7 |
8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef WINVER // Specifies that the minimum required platform is Windows Vista.
11 | #define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 |
14 | #ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
15 | #define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
16 | #endif
17 |
18 | #ifndef _WIN32_WINDOWS // Specifies that the minimum required platform is Windows 98.
19 | #define _WIN32_WINDOWS 0x0410 // Change this to the appropriate value to target Windows Me or later.
20 | #endif
21 |
22 | #ifndef _WIN32_IE // Specifies that the minimum required platform is Internet Explorer 7.0.
23 | #define _WIN32_IE 0x0700 // Change this to the appropriate value to target other versions of IE.
24 | #endif
25 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/procexp/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | WIN32 APPLICATION : procexp Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this procexp application for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your procexp application.
9 |
10 |
11 | procexp.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | procexp.cpp
18 | This is the main application source file.
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | AppWizard has created the following resources:
22 |
23 | procexp.rc
24 | This is a listing of all of the Microsoft Windows resources that the
25 | program uses. It includes the icons, bitmaps, and cursors that are stored
26 | in the RES subdirectory. This file can be directly edited in Microsoft
27 | Visual C++.
28 |
29 | Resource.h
30 | This is the standard header file, which defines new resource IDs.
31 | Microsoft Visual C++ reads and updates this file.
32 |
33 | procexp.ico
34 | This is an icon file, which is used as the application's icon (32x32).
35 | This icon is included by the main resource file procexp.rc.
36 |
37 | small.ico
38 | This is an icon file, which contains a smaller version (16x16)
39 | of the application's icon. This icon is included by the main resource
40 | file procexp.rc.
41 |
42 | /////////////////////////////////////////////////////////////////////////////
43 | Other standard files:
44 |
45 | StdAfx.h, StdAfx.cpp
46 | These files are used to build a precompiled header (PCH) file
47 | named procexp.pch and a precompiled types file named StdAfx.obj.
48 |
49 | /////////////////////////////////////////////////////////////////////////////
50 | Other notes:
51 |
52 | AppWizard uses "TODO:" comments to indicate parts of the source code you
53 | should add to or customize.
54 |
55 | /////////////////////////////////////////////////////////////////////////////
56 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/procexp/Resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by procexp.rc
4 | //
5 |
6 | #define IDS_APP_TITLE 103
7 |
8 | #define IDR_MAINFRAME 128
9 | #define IDD_PROCEXP_DIALOG 102
10 | #define IDD_ABOUTBOX 103
11 | #define IDM_ABOUT 104
12 | #define IDM_EXIT 105
13 | #define IDI_PROCEXP 107
14 | #define IDI_SMALL 108
15 | #define IDC_PROCEXP 109
16 | #define IDC_MYICON 2
17 | #ifndef IDC_STATIC
18 | #define IDC_STATIC -1
19 | #endif
20 | // Next default values for new objects
21 | //
22 | #ifdef APSTUDIO_INVOKED
23 | #ifndef APSTUDIO_READONLY_SYMBOLS
24 |
25 | #define _APS_NO_MFC 130
26 | #define _APS_NEXT_RESOURCE_VALUE 129
27 | #define _APS_NEXT_COMMAND_VALUE 32771
28 | #define _APS_NEXT_CONTROL_VALUE 1000
29 | #define _APS_NEXT_SYMED_VALUE 110
30 | #endif
31 | #endif
32 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/procexp/procexp.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/procexp/procexp.aps
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/procexp/procexp.cpp:
--------------------------------------------------------------------------------
1 | // procexp.cpp : Defines the entry point for the application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include "procexp.h"
6 |
7 | #define MAX_LOADSTRING 100
8 |
9 | // Global Variables:
10 | HINSTANCE hInst; // current instance
11 | TCHAR szTitle[MAX_LOADSTRING]; // The title bar text
12 | TCHAR szWindowClass[MAX_LOADSTRING]; // the main window class name
13 |
14 | // Forward declarations of functions included in this code module:
15 | ATOM MyRegisterClass(HINSTANCE hInstance);
16 | BOOL InitInstance(HINSTANCE, int);
17 | LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
18 | INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM);
19 |
20 | int APIENTRY _tWinMain(HINSTANCE hInstance,
21 | HINSTANCE hPrevInstance,
22 | LPTSTR lpCmdLine,
23 | int nCmdShow)
24 | {
25 | UNREFERENCED_PARAMETER(hPrevInstance);
26 | UNREFERENCED_PARAMETER(lpCmdLine);
27 |
28 | // TODO: Place code here.
29 | MSG msg;
30 | HACCEL hAccelTable;
31 |
32 | // Initialize global strings
33 | LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);
34 | LoadString(hInstance, IDC_PROCEXP, szWindowClass, MAX_LOADSTRING);
35 | MyRegisterClass(hInstance);
36 |
37 | // Perform application initialization:
38 | if (!InitInstance (hInstance, nCmdShow))
39 | {
40 | return FALSE;
41 | }
42 |
43 | hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_PROCEXP));
44 |
45 | // Main message loop:
46 | while (GetMessage(&msg, NULL, 0, 0))
47 | {
48 | if (!TranslateAccelerator(msg.hwnd, hAccelTable, &msg))
49 | {
50 | TranslateMessage(&msg);
51 | DispatchMessage(&msg);
52 | }
53 | }
54 |
55 | return (int) msg.wParam;
56 | }
57 |
58 |
59 |
60 | //
61 | // FUNCTION: MyRegisterClass()
62 | //
63 | // PURPOSE: Registers the window class.
64 | //
65 | // COMMENTS:
66 | //
67 | // This function and its usage are only necessary if you want this code
68 | // to be compatible with Win32 systems prior to the 'RegisterClassEx'
69 | // function that was added to Windows 95. It is important to call this function
70 | // so that the application will get 'well formed' small icons associated
71 | // with it.
72 | //
73 | ATOM MyRegisterClass(HINSTANCE hInstance)
74 | {
75 | WNDCLASSEX wcex;
76 |
77 | wcex.cbSize = sizeof(WNDCLASSEX);
78 |
79 | wcex.style = CS_HREDRAW | CS_VREDRAW;
80 | wcex.lpfnWndProc = WndProc;
81 | wcex.cbClsExtra = 0;
82 | wcex.cbWndExtra = 0;
83 | wcex.hInstance = hInstance;
84 | wcex.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(IDI_PROCEXP));
85 | wcex.hCursor = LoadCursor(NULL, IDC_ARROW);
86 | wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
87 | wcex.lpszMenuName = MAKEINTRESOURCE(IDC_PROCEXP);
88 | wcex.lpszClassName = szWindowClass;
89 | wcex.hIconSm = LoadIcon(wcex.hInstance, MAKEINTRESOURCE(IDI_SMALL));
90 |
91 | return RegisterClassEx(&wcex);
92 | }
93 |
94 | //
95 | // FUNCTION: InitInstance(HINSTANCE, int)
96 | //
97 | // PURPOSE: Saves instance handle and creates main window
98 | //
99 | // COMMENTS:
100 | //
101 | // In this function, we save the instance handle in a global variable and
102 | // create and display the main program window.
103 | //
104 | BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
105 | {
106 | HWND hWnd;
107 |
108 | hInst = hInstance; // Store instance handle in our global variable
109 |
110 | hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW,
111 | CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL, NULL, hInstance, NULL);
112 |
113 | if (!hWnd)
114 | {
115 | return FALSE;
116 | }
117 |
118 | ShowWindow(hWnd, nCmdShow);
119 | UpdateWindow(hWnd);
120 |
121 | return TRUE;
122 | }
123 |
124 | //
125 | // FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM)
126 | //
127 | // PURPOSE: Processes messages for the main window.
128 | //
129 | // WM_COMMAND - process the application menu
130 | // WM_PAINT - Paint the main window
131 | // WM_DESTROY - post a quit message and return
132 | //
133 | //
134 | LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
135 | {
136 | int wmId, wmEvent;
137 | PAINTSTRUCT ps;
138 | HDC hdc;
139 |
140 | switch (message)
141 | {
142 | case WM_COMMAND:
143 | wmId = LOWORD(wParam);
144 | wmEvent = HIWORD(wParam);
145 | // Parse the menu selections:
146 | switch (wmId)
147 | {
148 | case IDM_ABOUT:
149 | DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
150 | break;
151 | case IDM_EXIT:
152 | DestroyWindow(hWnd);
153 | break;
154 | default:
155 | return DefWindowProc(hWnd, message, wParam, lParam);
156 | }
157 | break;
158 | case WM_PAINT:
159 | hdc = BeginPaint(hWnd, &ps);
160 | // TODO: Add any drawing code here...
161 | EndPaint(hWnd, &ps);
162 | break;
163 | case WM_DESTROY:
164 | PostQuitMessage(0);
165 | break;
166 | default:
167 | return DefWindowProc(hWnd, message, wParam, lParam);
168 | }
169 | return 0;
170 | }
171 |
172 | // Message handler for about box.
173 | INT_PTR CALLBACK About(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
174 | {
175 | UNREFERENCED_PARAMETER(lParam);
176 | switch (message)
177 | {
178 | case WM_INITDIALOG:
179 | return (INT_PTR)TRUE;
180 |
181 | case WM_COMMAND:
182 | if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL)
183 | {
184 | EndDialog(hDlg, LOWORD(wParam));
185 | return (INT_PTR)TRUE;
186 | }
187 | break;
188 | }
189 | return (INT_PTR)FALSE;
190 | }
191 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/procexp/procexp.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "resource.h"
4 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/procexp/procexp.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/procexp/procexp.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/procexp/procexp.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/procexp/procexp.rc
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/procexp/procexp.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/procexp/small.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/procexp/small.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/procexp/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // procexp.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/procexp/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 |
10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
11 | // Windows Header Files:
12 | #include
13 |
14 | // C RunTime Header Files
15 | #include
16 | #include
17 | #include
18 | #include
19 |
20 |
21 | // TODO: reference additional headers your program requires here
22 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/procexp/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // The following macros define the minimum required platform. The minimum required platform
4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
5 | // your application. The macros work by enabling all features available on platform versions up to and
6 | // including the version specified.
7 |
8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef WINVER // Specifies that the minimum required platform is Windows Vista.
11 | #define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 |
14 | #ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
15 | #define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
16 | #endif
17 |
18 | #ifndef _WIN32_WINDOWS // Specifies that the minimum required platform is Windows 98.
19 | #define _WIN32_WINDOWS 0x0410 // Change this to the appropriate value to target Windows Me or later.
20 | #endif
21 |
22 | #ifndef _WIN32_IE // Specifies that the minimum required platform is Internet Explorer 7.0.
23 | #define _WIN32_IE 0x0700 // Change this to the appropriate value to target other versions of IE.
24 | #endif
25 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/vboxtray/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | WIN32 APPLICATION : vboxtray Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this vboxtray application for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your vboxtray application.
9 |
10 |
11 | vboxtray.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | vboxtray.cpp
18 | This is the main application source file.
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | AppWizard has created the following resources:
22 |
23 | vboxtray.rc
24 | This is a listing of all of the Microsoft Windows resources that the
25 | program uses. It includes the icons, bitmaps, and cursors that are stored
26 | in the RES subdirectory. This file can be directly edited in Microsoft
27 | Visual C++.
28 |
29 | Resource.h
30 | This is the standard header file, which defines new resource IDs.
31 | Microsoft Visual C++ reads and updates this file.
32 |
33 | vboxtray.ico
34 | This is an icon file, which is used as the application's icon (32x32).
35 | This icon is included by the main resource file vboxtray.rc.
36 |
37 | small.ico
38 | This is an icon file, which contains a smaller version (16x16)
39 | of the application's icon. This icon is included by the main resource
40 | file vboxtray.rc.
41 |
42 | /////////////////////////////////////////////////////////////////////////////
43 | Other standard files:
44 |
45 | StdAfx.h, StdAfx.cpp
46 | These files are used to build a precompiled header (PCH) file
47 | named vboxtray.pch and a precompiled types file named StdAfx.obj.
48 |
49 | /////////////////////////////////////////////////////////////////////////////
50 | Other notes:
51 |
52 | AppWizard uses "TODO:" comments to indicate parts of the source code you
53 | should add to or customize.
54 |
55 | /////////////////////////////////////////////////////////////////////////////
56 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/vboxtray/Resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by vboxtray.rc
4 | //
5 |
6 | #define IDS_APP_TITLE 103
7 |
8 | #define IDR_MAINFRAME 128
9 | #define IDD_VBOXTRAY_DIALOG 102
10 | #define IDD_ABOUTBOX 103
11 | #define IDM_ABOUT 104
12 | #define IDM_EXIT 105
13 | #define IDI_VBOXTRAY 107
14 | #define IDI_SMALL 108
15 | #define IDC_VBOXTRAY 109
16 | #define IDC_MYICON 2
17 | #ifndef IDC_STATIC
18 | #define IDC_STATIC -1
19 | #endif
20 | // Next default values for new objects
21 | //
22 | #ifdef APSTUDIO_INVOKED
23 | #ifndef APSTUDIO_READONLY_SYMBOLS
24 |
25 | #define _APS_NO_MFC 130
26 | #define _APS_NEXT_RESOURCE_VALUE 129
27 | #define _APS_NEXT_COMMAND_VALUE 32771
28 | #define _APS_NEXT_CONTROL_VALUE 1000
29 | #define _APS_NEXT_SYMED_VALUE 110
30 | #endif
31 | #endif
32 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/vboxtray/small.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/vboxtray/small.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/vboxtray/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // vboxtray.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/vboxtray/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 |
10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
11 | // Windows Header Files:
12 | #include
13 |
14 | // C RunTime Header Files
15 | #include
16 | #include
17 | #include
18 | #include
19 |
20 |
21 | // TODO: reference additional headers your program requires here
22 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/vboxtray/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // The following macros define the minimum required platform. The minimum required platform
4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
5 | // your application. The macros work by enabling all features available on platform versions up to and
6 | // including the version specified.
7 |
8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef WINVER // Specifies that the minimum required platform is Windows Vista.
11 | #define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 |
14 | #ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
15 | #define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
16 | #endif
17 |
18 | #ifndef _WIN32_WINDOWS // Specifies that the minimum required platform is Windows 98.
19 | #define _WIN32_WINDOWS 0x0410 // Change this to the appropriate value to target Windows Me or later.
20 | #endif
21 |
22 | #ifndef _WIN32_IE // Specifies that the minimum required platform is Internet Explorer 7.0.
23 | #define _WIN32_IE 0x0700 // Change this to the appropriate value to target other versions of IE.
24 | #endif
25 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/vboxtray/vboxtray.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/vboxtray/vboxtray.aps
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/vboxtray/vboxtray.cpp:
--------------------------------------------------------------------------------
1 | // vboxtray.cpp : Defines the entry point for the application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include "vboxtray.h"
6 |
7 | #define MAX_LOADSTRING 100
8 |
9 | // Global Variables:
10 | HINSTANCE hInst; // current instance
11 | TCHAR szTitle[MAX_LOADSTRING]; // The title bar text
12 | TCHAR szWindowClass[MAX_LOADSTRING]; // the main window class name
13 |
14 | // Forward declarations of functions included in this code module:
15 | ATOM MyRegisterClass(HINSTANCE hInstance);
16 | BOOL InitInstance(HINSTANCE, int);
17 | LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
18 | INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM);
19 |
20 | int APIENTRY _tWinMain(HINSTANCE hInstance,
21 | HINSTANCE hPrevInstance,
22 | LPTSTR lpCmdLine,
23 | int nCmdShow)
24 | {
25 | UNREFERENCED_PARAMETER(hPrevInstance);
26 | UNREFERENCED_PARAMETER(lpCmdLine);
27 |
28 | // TODO: Place code here.
29 | MSG msg;
30 | HACCEL hAccelTable;
31 |
32 | // Initialize global strings
33 | LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);
34 | LoadString(hInstance, IDC_VBOXTRAY, szWindowClass, MAX_LOADSTRING);
35 | MyRegisterClass(hInstance);
36 |
37 | // Perform application initialization:
38 | if (!InitInstance (hInstance, nCmdShow))
39 | {
40 | return FALSE;
41 | }
42 |
43 | hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_VBOXTRAY));
44 |
45 | // Main message loop:
46 | while (GetMessage(&msg, NULL, 0, 0))
47 | {
48 | if (!TranslateAccelerator(msg.hwnd, hAccelTable, &msg))
49 | {
50 | TranslateMessage(&msg);
51 | DispatchMessage(&msg);
52 | }
53 | }
54 |
55 | return (int) msg.wParam;
56 | }
57 |
58 |
59 |
60 | //
61 | // FUNCTION: MyRegisterClass()
62 | //
63 | // PURPOSE: Registers the window class.
64 | //
65 | // COMMENTS:
66 | //
67 | // This function and its usage are only necessary if you want this code
68 | // to be compatible with Win32 systems prior to the 'RegisterClassEx'
69 | // function that was added to Windows 95. It is important to call this function
70 | // so that the application will get 'well formed' small icons associated
71 | // with it.
72 | //
73 | ATOM MyRegisterClass(HINSTANCE hInstance)
74 | {
75 | WNDCLASSEX wcex;
76 |
77 | wcex.cbSize = sizeof(WNDCLASSEX);
78 |
79 | wcex.style = CS_HREDRAW | CS_VREDRAW;
80 | wcex.lpfnWndProc = WndProc;
81 | wcex.cbClsExtra = 0;
82 | wcex.cbWndExtra = 0;
83 | wcex.hInstance = hInstance;
84 | wcex.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(IDI_VBOXTRAY));
85 | wcex.hCursor = LoadCursor(NULL, IDC_ARROW);
86 | wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
87 | wcex.lpszMenuName = MAKEINTRESOURCE(IDC_VBOXTRAY);
88 | wcex.lpszClassName = szWindowClass;
89 | wcex.hIconSm = LoadIcon(wcex.hInstance, MAKEINTRESOURCE(IDI_SMALL));
90 |
91 | return RegisterClassEx(&wcex);
92 | }
93 |
94 | //
95 | // FUNCTION: InitInstance(HINSTANCE, int)
96 | //
97 | // PURPOSE: Saves instance handle and creates main window
98 | //
99 | // COMMENTS:
100 | //
101 | // In this function, we save the instance handle in a global variable and
102 | // create and display the main program window.
103 | //
104 | BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
105 | {
106 | HWND hWnd;
107 |
108 | hInst = hInstance; // Store instance handle in our global variable
109 |
110 | hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW,
111 | CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL, NULL, hInstance, NULL);
112 |
113 | if (!hWnd)
114 | {
115 | return FALSE;
116 | }
117 |
118 | ShowWindow(hWnd, nCmdShow);
119 | UpdateWindow(hWnd);
120 |
121 | return TRUE;
122 | }
123 |
124 | //
125 | // FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM)
126 | //
127 | // PURPOSE: Processes messages for the main window.
128 | //
129 | // WM_COMMAND - process the application menu
130 | // WM_PAINT - Paint the main window
131 | // WM_DESTROY - post a quit message and return
132 | //
133 | //
134 | LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
135 | {
136 | int wmId, wmEvent;
137 | PAINTSTRUCT ps;
138 | HDC hdc;
139 |
140 | switch (message)
141 | {
142 | case WM_COMMAND:
143 | wmId = LOWORD(wParam);
144 | wmEvent = HIWORD(wParam);
145 | // Parse the menu selections:
146 | switch (wmId)
147 | {
148 | case IDM_ABOUT:
149 | DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
150 | break;
151 | case IDM_EXIT:
152 | DestroyWindow(hWnd);
153 | break;
154 | default:
155 | return DefWindowProc(hWnd, message, wParam, lParam);
156 | }
157 | break;
158 | case WM_PAINT:
159 | hdc = BeginPaint(hWnd, &ps);
160 | // TODO: Add any drawing code here...
161 | EndPaint(hWnd, &ps);
162 | break;
163 | case WM_DESTROY:
164 | PostQuitMessage(0);
165 | break;
166 | default:
167 | return DefWindowProc(hWnd, message, wParam, lParam);
168 | }
169 | return 0;
170 | }
171 |
172 | // Message handler for about box.
173 | INT_PTR CALLBACK About(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
174 | {
175 | UNREFERENCED_PARAMETER(lParam);
176 | switch (message)
177 | {
178 | case WM_INITDIALOG:
179 | return (INT_PTR)TRUE;
180 |
181 | case WM_COMMAND:
182 | if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL)
183 | {
184 | EndDialog(hDlg, LOWORD(wParam));
185 | return (INT_PTR)TRUE;
186 | }
187 | break;
188 | }
189 | return (INT_PTR)FALSE;
190 | }
191 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/vboxtray/vboxtray.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "resource.h"
4 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/vboxtray/vboxtray.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/vboxtray/vboxtray.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/vboxtray/vboxtray.rc:
--------------------------------------------------------------------------------
1 | // Microsoft Visual C++ generated resource script.
2 | //
3 | #include "resource.h"
4 |
5 | #define APSTUDIO_READONLY_SYMBOLS
6 | /////////////////////////////////////////////////////////////////////////////
7 | //
8 | // Generated from the TEXTINCLUDE 2 resource.
9 | //
10 | #ifndef APSTUDIO_INVOKED
11 | #include "targetver.h"
12 | #endif
13 | #define APSTUDIO_HIDDEN_SYMBOLS
14 | #include "windows.h"
15 | #undef APSTUDIO_HIDDEN_SYMBOLS
16 |
17 | /////////////////////////////////////////////////////////////////////////////
18 | #undef APSTUDIO_READONLY_SYMBOLS
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | // English (U.S.) resources
22 |
23 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
24 | #ifdef _WIN32
25 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
26 | #pragma code_page(1252)
27 | #endif //_WIN32
28 |
29 | /////////////////////////////////////////////////////////////////////////////
30 | //
31 | // Icon
32 | //
33 |
34 | // Icon with lowest ID value placed first to ensure application icon
35 | // remains consistent on all systems.
36 | IDI_VBOXTRAY ICON "vboxtray.ico"
37 | IDI_SMALL ICON "small.ico"
38 |
39 | /////////////////////////////////////////////////////////////////////////////
40 | //
41 | // Menu
42 | //
43 |
44 | IDC_VBOXTRAY MENU
45 | BEGIN
46 | POPUP "&File"
47 | BEGIN
48 | MENUITEM "E&xit", IDM_EXIT
49 | END
50 | POPUP "&Help"
51 | BEGIN
52 | MENUITEM "&About ...", IDM_ABOUT
53 | END
54 | END
55 |
56 |
57 | /////////////////////////////////////////////////////////////////////////////
58 | //
59 | // Accelerator
60 | //
61 |
62 | IDC_VBOXTRAY ACCELERATORS
63 | BEGIN
64 | "?", IDM_ABOUT, ASCII, ALT
65 | "/", IDM_ABOUT, ASCII, ALT
66 | END
67 |
68 |
69 | /////////////////////////////////////////////////////////////////////////////
70 | //
71 | // Dialog
72 | //
73 |
74 | IDD_ABOUTBOX DIALOGEX 0, 0, 170, 62
75 | STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
76 | CAPTION "About vboxtray"
77 | FONT 8, "MS Shell Dlg", 0, 0, 0x1
78 | BEGIN
79 | ICON 128,IDC_STATIC,14,14,21,20
80 | LTEXT "vboxtray, Version 1.0",IDC_STATIC,42,14,114,8,SS_NOPREFIX
81 | LTEXT "Copyright (C) 2015",IDC_STATIC,42,26,114,8
82 | DEFPUSHBUTTON "OK",IDOK,113,41,50,14,WS_GROUP
83 | END
84 |
85 |
86 | /////////////////////////////////////////////////////////////////////////////
87 | //
88 | // DESIGNINFO
89 | //
90 |
91 | #ifdef APSTUDIO_INVOKED
92 | GUIDELINES DESIGNINFO
93 | BEGIN
94 | IDD_ABOUTBOX, DIALOG
95 | BEGIN
96 | LEFTMARGIN, 7
97 | RIGHTMARGIN, 163
98 | TOPMARGIN, 7
99 | BOTTOMMARGIN, 55
100 | END
101 | END
102 | #endif // APSTUDIO_INVOKED
103 |
104 |
105 | #ifdef APSTUDIO_INVOKED
106 | /////////////////////////////////////////////////////////////////////////////
107 | //
108 | // TEXTINCLUDE
109 | //
110 |
111 | 1 TEXTINCLUDE
112 | BEGIN
113 | "resource.h\0"
114 | END
115 |
116 | 2 TEXTINCLUDE
117 | BEGIN
118 | "#ifndef APSTUDIO_INVOKED\r\n"
119 | "#include ""targetver.h""\r\n"
120 | "#endif\r\n"
121 | "#define APSTUDIO_HIDDEN_SYMBOLS\r\n"
122 | "#include ""windows.h""\r\n"
123 | "#undef APSTUDIO_HIDDEN_SYMBOLS\r\n"
124 | "\0"
125 | END
126 |
127 | 3 TEXTINCLUDE
128 | BEGIN
129 | "\r\n"
130 | "\0"
131 | END
132 |
133 | #endif // APSTUDIO_INVOKED
134 |
135 |
136 | /////////////////////////////////////////////////////////////////////////////
137 | //
138 | // String Table
139 | //
140 |
141 | STRINGTABLE
142 | BEGIN
143 | IDS_APP_TITLE "VBoxTrayToolWnd"
144 | IDC_VBOXTRAY "VBoxTrayToolWndClass"
145 | END
146 |
147 | #endif // English (U.S.) resources
148 | /////////////////////////////////////////////////////////////////////////////
149 |
150 |
151 |
152 | #ifndef APSTUDIO_INVOKED
153 | /////////////////////////////////////////////////////////////////////////////
154 | //
155 | // Generated from the TEXTINCLUDE 3 resource.
156 | //
157 |
158 |
159 | /////////////////////////////////////////////////////////////////////////////
160 | #endif // not APSTUDIO_INVOKED
161 |
162 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/vboxtray/vboxtray.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/windbg/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | WIN32 APPLICATION : windbg Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this windbg application for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your windbg application.
9 |
10 |
11 | windbg.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | windbg.cpp
18 | This is the main application source file.
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | AppWizard has created the following resources:
22 |
23 | windbg.rc
24 | This is a listing of all of the Microsoft Windows resources that the
25 | program uses. It includes the icons, bitmaps, and cursors that are stored
26 | in the RES subdirectory. This file can be directly edited in Microsoft
27 | Visual C++.
28 |
29 | Resource.h
30 | This is the standard header file, which defines new resource IDs.
31 | Microsoft Visual C++ reads and updates this file.
32 |
33 | windbg.ico
34 | This is an icon file, which is used as the application's icon (32x32).
35 | This icon is included by the main resource file windbg.rc.
36 |
37 | small.ico
38 | This is an icon file, which contains a smaller version (16x16)
39 | of the application's icon. This icon is included by the main resource
40 | file windbg.rc.
41 |
42 | /////////////////////////////////////////////////////////////////////////////
43 | Other standard files:
44 |
45 | StdAfx.h, StdAfx.cpp
46 | These files are used to build a precompiled header (PCH) file
47 | named windbg.pch and a precompiled types file named StdAfx.obj.
48 |
49 | /////////////////////////////////////////////////////////////////////////////
50 | Other notes:
51 |
52 | AppWizard uses "TODO:" comments to indicate parts of the source code you
53 | should add to or customize.
54 |
55 | /////////////////////////////////////////////////////////////////////////////
56 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/windbg/Resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by windbg.rc
4 | //
5 |
6 | #define IDS_APP_TITLE 103
7 |
8 | #define IDR_MAINFRAME 128
9 | #define IDD_WINDBG_DIALOG 102
10 | #define IDD_ABOUTBOX 103
11 | #define IDM_ABOUT 104
12 | #define IDM_EXIT 105
13 | #define IDI_WINDBG 107
14 | #define IDI_SMALL 108
15 | #define IDC_WINDBG 109
16 | #define IDC_MYICON 2
17 | #ifndef IDC_STATIC
18 | #define IDC_STATIC -1
19 | #endif
20 | // Next default values for new objects
21 | //
22 | #ifdef APSTUDIO_INVOKED
23 | #ifndef APSTUDIO_READONLY_SYMBOLS
24 |
25 | #define _APS_NO_MFC 130
26 | #define _APS_NEXT_RESOURCE_VALUE 129
27 | #define _APS_NEXT_COMMAND_VALUE 32771
28 | #define _APS_NEXT_CONTROL_VALUE 1000
29 | #define _APS_NEXT_SYMED_VALUE 110
30 | #endif
31 | #endif
32 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/windbg/small.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/windbg/small.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/windbg/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // windbg.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/windbg/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 |
10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
11 | // Windows Header Files:
12 | #include
13 |
14 | // C RunTime Header Files
15 | #include
16 | #include
17 | #include
18 | #include
19 |
20 |
21 | // TODO: reference additional headers your program requires here
22 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/windbg/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // The following macros define the minimum required platform. The minimum required platform
4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
5 | // your application. The macros work by enabling all features available on platform versions up to and
6 | // including the version specified.
7 |
8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef WINVER // Specifies that the minimum required platform is Windows Vista.
11 | #define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 |
14 | #ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
15 | #define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
16 | #endif
17 |
18 | #ifndef _WIN32_WINDOWS // Specifies that the minimum required platform is Windows 98.
19 | #define _WIN32_WINDOWS 0x0410 // Change this to the appropriate value to target Windows Me or later.
20 | #endif
21 |
22 | #ifndef _WIN32_IE // Specifies that the minimum required platform is Internet Explorer 7.0.
23 | #define _WIN32_IE 0x0700 // Change this to the appropriate value to target other versions of IE.
24 | #endif
25 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/windbg/windbg.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/windbg/windbg.aps
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/windbg/windbg.cpp:
--------------------------------------------------------------------------------
1 | // windbg.cpp : Defines the entry point for the application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include "windbg.h"
6 |
7 | #define MAX_LOADSTRING 100
8 |
9 | // Global Variables:
10 | HINSTANCE hInst; // current instance
11 | TCHAR szTitle[MAX_LOADSTRING]; // The title bar text
12 | TCHAR szWindowClass[MAX_LOADSTRING]; // the main window class name
13 |
14 | // Forward declarations of functions included in this code module:
15 | ATOM MyRegisterClass(HINSTANCE hInstance);
16 | BOOL InitInstance(HINSTANCE, int);
17 | LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
18 | INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM);
19 |
20 | int APIENTRY _tWinMain(HINSTANCE hInstance,
21 | HINSTANCE hPrevInstance,
22 | LPTSTR lpCmdLine,
23 | int nCmdShow)
24 | {
25 | UNREFERENCED_PARAMETER(hPrevInstance);
26 | UNREFERENCED_PARAMETER(lpCmdLine);
27 |
28 | // TODO: Place code here.
29 | MSG msg;
30 | HACCEL hAccelTable;
31 |
32 | // Initialize global strings
33 | LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);
34 | LoadString(hInstance, IDC_WINDBG, szWindowClass, MAX_LOADSTRING);
35 | MyRegisterClass(hInstance);
36 |
37 | // Perform application initialization:
38 | if (!InitInstance (hInstance, nCmdShow))
39 | {
40 | return FALSE;
41 | }
42 |
43 | hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_WINDBG));
44 |
45 | // Main message loop:
46 | while (GetMessage(&msg, NULL, 0, 0))
47 | {
48 | if (!TranslateAccelerator(msg.hwnd, hAccelTable, &msg))
49 | {
50 | TranslateMessage(&msg);
51 | DispatchMessage(&msg);
52 | }
53 | }
54 |
55 | return (int) msg.wParam;
56 | }
57 |
58 |
59 |
60 | //
61 | // FUNCTION: MyRegisterClass()
62 | //
63 | // PURPOSE: Registers the window class.
64 | //
65 | // COMMENTS:
66 | //
67 | // This function and its usage are only necessary if you want this code
68 | // to be compatible with Win32 systems prior to the 'RegisterClassEx'
69 | // function that was added to Windows 95. It is important to call this function
70 | // so that the application will get 'well formed' small icons associated
71 | // with it.
72 | //
73 | ATOM MyRegisterClass(HINSTANCE hInstance)
74 | {
75 | WNDCLASSEX wcex;
76 |
77 | wcex.cbSize = sizeof(WNDCLASSEX);
78 |
79 | wcex.style = CS_HREDRAW | CS_VREDRAW;
80 | wcex.lpfnWndProc = WndProc;
81 | wcex.cbClsExtra = 0;
82 | wcex.cbWndExtra = 0;
83 | wcex.hInstance = hInstance;
84 | wcex.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(IDI_WINDBG));
85 | wcex.hCursor = LoadCursor(NULL, IDC_ARROW);
86 | wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
87 | wcex.lpszMenuName = MAKEINTRESOURCE(IDC_WINDBG);
88 | wcex.lpszClassName = szWindowClass;
89 | wcex.hIconSm = LoadIcon(wcex.hInstance, MAKEINTRESOURCE(IDI_SMALL));
90 |
91 | return RegisterClassEx(&wcex);
92 | }
93 |
94 | //
95 | // FUNCTION: InitInstance(HINSTANCE, int)
96 | //
97 | // PURPOSE: Saves instance handle and creates main window
98 | //
99 | // COMMENTS:
100 | //
101 | // In this function, we save the instance handle in a global variable and
102 | // create and display the main program window.
103 | //
104 | BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
105 | {
106 | HWND hWnd;
107 |
108 | hInst = hInstance; // Store instance handle in our global variable
109 |
110 | hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW,
111 | CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL, NULL, hInstance, NULL);
112 |
113 | if (!hWnd)
114 | {
115 | return FALSE;
116 | }
117 |
118 | ShowWindow(hWnd, nCmdShow);
119 | UpdateWindow(hWnd);
120 |
121 | return TRUE;
122 | }
123 |
124 | //
125 | // FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM)
126 | //
127 | // PURPOSE: Processes messages for the main window.
128 | //
129 | // WM_COMMAND - process the application menu
130 | // WM_PAINT - Paint the main window
131 | // WM_DESTROY - post a quit message and return
132 | //
133 | //
134 | LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
135 | {
136 | int wmId, wmEvent;
137 | PAINTSTRUCT ps;
138 | HDC hdc;
139 |
140 | switch (message)
141 | {
142 | case WM_COMMAND:
143 | wmId = LOWORD(wParam);
144 | wmEvent = HIWORD(wParam);
145 | // Parse the menu selections:
146 | switch (wmId)
147 | {
148 | case IDM_ABOUT:
149 | DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
150 | break;
151 | case IDM_EXIT:
152 | DestroyWindow(hWnd);
153 | break;
154 | default:
155 | return DefWindowProc(hWnd, message, wParam, lParam);
156 | }
157 | break;
158 | case WM_PAINT:
159 | hdc = BeginPaint(hWnd, &ps);
160 | // TODO: Add any drawing code here...
161 | EndPaint(hWnd, &ps);
162 | break;
163 | case WM_DESTROY:
164 | PostQuitMessage(0);
165 | break;
166 | default:
167 | return DefWindowProc(hWnd, message, wParam, lParam);
168 | }
169 | return 0;
170 | }
171 |
172 | // Message handler for about box.
173 | INT_PTR CALLBACK About(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
174 | {
175 | UNREFERENCED_PARAMETER(lParam);
176 | switch (message)
177 | {
178 | case WM_INITDIALOG:
179 | return (INT_PTR)TRUE;
180 |
181 | case WM_COMMAND:
182 | if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL)
183 | {
184 | EndDialog(hDlg, LOWORD(wParam));
185 | return (INT_PTR)TRUE;
186 | }
187 | break;
188 | }
189 | return (INT_PTR)FALSE;
190 | }
191 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/windbg/windbg.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "resource.h"
4 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/windbg/windbg.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/windbg/windbg.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/windbg/windbg.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Apps/windbg/windbg.rc
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Apps/windbg/windbg.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/ConsoleTestDebug/ConsoleTestDebug.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
15 |
16 |
17 |
18 |
19 |
26 |
29 |
32 |
35 |
38 |
41 |
53 |
56 |
59 |
62 |
70 |
73 |
76 |
79 |
82 |
85 |
88 |
91 |
92 |
100 |
103 |
106 |
109 |
112 |
115 |
126 |
129 |
132 |
135 |
145 |
148 |
151 |
154 |
157 |
160 |
163 |
166 |
167 |
168 |
169 |
170 |
171 |
176 |
179 |
180 |
183 |
186 |
190 |
191 |
194 |
198 |
199 |
200 |
201 |
206 |
209 |
210 |
213 |
214 |
215 |
220 |
221 |
224 |
225 |
226 |
227 |
228 |
229 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/ConsoleTestDebug/ConsoleTestDebug.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/ConsoleTestDebug/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | CONSOLE APPLICATION : ConsoleTestDebug Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this ConsoleTestDebug application for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your ConsoleTestDebug application.
9 |
10 |
11 | ConsoleTestDebug.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | ConsoleTestDebug.cpp
18 | This is the main application source file.
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | Other standard files:
22 |
23 | StdAfx.h, StdAfx.cpp
24 | These files are used to build a precompiled header (PCH) file
25 | named ConsoleTestDebug.pch and a precompiled types file named StdAfx.obj.
26 |
27 | /////////////////////////////////////////////////////////////////////////////
28 | Other notes:
29 |
30 | AppWizard uses "TODO:" comments to indicate parts of the source code you
31 | should add to or customize.
32 |
33 | /////////////////////////////////////////////////////////////////////////////
34 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/ConsoleTestDebug/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // ConsoleTestDebug.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/ConsoleTestDebug/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 |
10 | #include
11 |
12 | #include
13 | #include
14 | #include
15 | #include
16 |
17 |
18 |
19 |
20 |
21 | // TODO: reference additional headers your program requires here
22 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/ConsoleTestDebug/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // The following macros define the minimum required platform. The minimum required platform
4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
5 | // your application. The macros work by enabling all features available on platform versions up to and
6 | // including the version specified.
7 |
8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
11 | #define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 |
14 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll.bochs/SbieDll.bochs.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
15 |
16 |
17 |
18 |
19 |
26 |
29 |
32 |
35 |
38 |
41 |
52 |
55 |
58 |
61 |
69 |
72 |
75 |
78 |
81 |
84 |
87 |
90 |
91 |
99 |
102 |
105 |
108 |
111 |
114 |
125 |
128 |
131 |
134 |
144 |
147 |
150 |
153 |
156 |
159 |
162 |
165 |
166 |
167 |
168 |
169 |
170 |
175 |
178 |
179 |
182 |
183 |
184 |
189 |
192 |
193 |
196 |
197 |
198 |
199 |
200 |
201 |
202 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll.bochs/SbieDll.bochs.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll.qemu/SbieDll.qemu.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
15 |
16 |
17 |
18 |
19 |
26 |
29 |
32 |
35 |
38 |
41 |
52 |
55 |
58 |
61 |
69 |
72 |
75 |
78 |
81 |
84 |
87 |
90 |
91 |
99 |
102 |
105 |
108 |
111 |
114 |
125 |
128 |
131 |
134 |
144 |
147 |
150 |
153 |
156 |
159 |
162 |
165 |
166 |
167 |
168 |
169 |
170 |
175 |
178 |
179 |
182 |
183 |
184 |
189 |
192 |
193 |
196 |
197 |
198 |
199 |
200 |
201 |
202 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll.qemu/SbieDll.qemu.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll.vbox/SbieDll.vbox.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
15 |
16 |
17 |
18 |
19 |
26 |
29 |
32 |
35 |
38 |
41 |
53 |
56 |
59 |
62 |
70 |
73 |
76 |
79 |
82 |
85 |
88 |
91 |
92 |
100 |
103 |
106 |
109 |
112 |
115 |
127 |
130 |
133 |
136 |
146 |
149 |
152 |
155 |
158 |
161 |
164 |
167 |
168 |
169 |
170 |
171 |
172 |
177 |
180 |
181 |
184 |
185 |
186 |
191 |
194 |
195 |
198 |
199 |
200 |
201 |
202 |
203 |
204 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll.vbox/SbieDll.vbox.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll.vmware/SbieDll.vmware.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
15 |
16 |
17 |
18 |
19 |
26 |
29 |
32 |
35 |
38 |
41 |
52 |
55 |
58 |
61 |
69 |
72 |
75 |
78 |
81 |
84 |
87 |
90 |
91 |
99 |
102 |
105 |
108 |
111 |
114 |
125 |
128 |
131 |
134 |
144 |
147 |
150 |
153 |
156 |
159 |
162 |
165 |
166 |
167 |
168 |
169 |
170 |
175 |
178 |
179 |
182 |
183 |
184 |
189 |
192 |
193 |
196 |
197 |
198 |
199 |
200 |
201 |
202 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll.vmware/SbieDll.vmware.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll.wine/SbieDll.wine.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
15 |
16 |
17 |
18 |
19 |
26 |
29 |
32 |
35 |
38 |
41 |
52 |
55 |
58 |
61 |
69 |
72 |
75 |
78 |
81 |
84 |
87 |
90 |
91 |
99 |
102 |
105 |
108 |
111 |
114 |
125 |
128 |
131 |
134 |
144 |
147 |
150 |
153 |
156 |
159 |
162 |
165 |
166 |
167 |
168 |
169 |
170 |
175 |
178 |
179 |
182 |
183 |
184 |
189 |
192 |
193 |
196 |
197 |
198 |
199 |
200 |
201 |
202 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll.wine/SbieDll.wine.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll/IAThijack.h:
--------------------------------------------------------------------------------
1 | /*--------------------------------------------------------------------------------------------------------
2 | APIHIJACK.H - Based on DelayLoadProfileDLL.CPP, by Matt Pietrek for MSJ February 2000.
3 | http://msdn.microsoft.com/library/periodic/period00/hood0200.htm
4 | Adapted by Wade Brainerd, wadeb@wadeb.com
5 | Adapted by Pablo San Emeterio, psaneme@gmail.com to W7
6 | --------------------------------------------------------------------------------------------------------*/
7 | #ifndef APIHIJACK_H
8 | #define APIHIJACK_H
9 |
10 | #pragma warning(disable:4200)
11 |
12 | // Macro for convenient pointer addition.
13 | // Essentially treats the last two parameters as DWORDs. The first
14 | // parameter is used to typecast the result to the appropriate pointer type.
15 | #define MakePtr(cast, ptr, addValue ) (cast)( (DWORD)(ptr)+(DWORD)(addValue))
16 |
17 | // Default Hook Stub Structure: Contains data about the original function, Name/Ordinal, Address
18 | // and a Count field. This is actually a block of assembly code.
19 | #pragma pack( push, 1 )
20 | struct DLPD_IAT_STUB
21 | {
22 | BYTE instr_CALL;
23 | DWORD data_call;
24 | BYTE instr_JMP;
25 | DWORD data_JMP;
26 | DWORD count;
27 | DWORD pszNameOrOrdinal;
28 |
29 | DLPD_IAT_STUB() : instr_CALL( 0xE8 ), instr_JMP( 0xE9 ), count( 0 ) {}
30 | };
31 | #pragma pack( pop )
32 |
33 | // Example DefaultHook procedure, called from the DLPD_IAT_STUB stubs.
34 | // Increments "count" field of the stub.
35 | // See the implementation for more information.
36 | void __cdecl DefaultHook( PVOID dummy );
37 |
38 | struct SFunctionHook
39 | {
40 | char* Name; // Function name, e.g. "DirectDrawCreateEx".
41 | void* HookFn; // Address of your function.
42 | void* OrigFn; // Stored by HookAPICalls, the address of the original function.
43 | };
44 |
45 | struct SDLLHook
46 | {
47 | // Name of the DLL, e.g. "DDRAW.DLL"
48 | char* Name;
49 |
50 | // Set true to call the default for all non-hooked functions before they are executed.
51 | bool UseDefault;
52 | void* DefaultFn;
53 |
54 | // Function hook array. Terminated with a NULL Name field.
55 | SFunctionHook Functions[];
56 | };
57 |
58 | // Hook functions one or more DLLs.
59 | bool HookAPICalls( SDLLHook* Hook, bool hookFunction );
60 |
61 | #endif
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll/SbieDll.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll/dllmain.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Dlls/SbieDll/dllmain.cpp
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll/dllmain.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | using namespace System;
4 | using namespace System::ComponentModel;
5 | using namespace System::Collections;
6 | using namespace System::Windows::Forms;
7 | using namespace System::Data;
8 | using namespace System::Drawing;
9 |
10 |
11 | namespace SbieDll {
12 |
13 | ///
14 | /// Summary for dllmain
15 | ///
16 | /// WARNING: If you change the name of this class, you will need to change the
17 | /// 'Resource File Name' property for the managed resource compiler tool
18 | /// associated with all .resx files this class depends on. Otherwise,
19 | /// the designers will not be able to interact properly with localized
20 | /// resources associated with this form.
21 | ///
22 | public ref class dllmain : public System::Windows::Forms::Form
23 | {
24 | public:
25 | dllmain(void)
26 | {
27 | InitializeComponent();
28 | //
29 | //TODO: Add the constructor code here
30 | //
31 | }
32 |
33 | protected:
34 | ///
35 | /// Clean up any resources being used.
36 | ///
37 | ~dllmain()
38 | {
39 | if (components)
40 | {
41 | delete components;
42 | }
43 | }
44 |
45 | private:
46 | ///
47 | /// Required designer variable.
48 | ///
49 | System::ComponentModel::Container ^components;
50 |
51 | #pragma region Windows Form Designer generated code
52 | ///
53 | /// Required method for Designer support - do not modify
54 | /// the contents of this method with the code editor.
55 | ///
56 | void InitializeComponent(void)
57 | {
58 | this->components = gcnew System::ComponentModel::Container();
59 | this->Size = System::Drawing::Size(300,300);
60 | this->Text = L"dllmain";
61 | this->Padding = System::Windows::Forms::Padding(0);
62 | this->AutoScaleMode = System::Windows::Forms::AutoScaleMode::Font;
63 | }
64 | #pragma endregion
65 | };
66 | }
67 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Dlls/SbieDll/testIAT.h:
--------------------------------------------------------------------------------
1 | // TestIAT header file.
2 | #ifdef SBIEDLL_EXPORTS
3 | #define TEST_SBIE_API __declspec(dllexport)
4 | #else
5 | #define TEST_SBIE_API __declspec(dllimport)
6 | #endif
7 |
8 | TEST_SBIE_API LRESULT CALLBACK HookProc(int nCode, WPARAM wParam, LPARAM lParam);
9 | TEST_SBIE_API LRESULT CALLBACK HookMouse(int nCode, WPARAM wParam, LPARAM lParam);
10 | //TESTIAT_API
11 | void InstallHook();
12 | //TESTIAT_API
13 | void RemoveHook();
14 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LaunchAll/LaunchAll.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/LaunchAll/LaunchAll.aps
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LaunchAll/LaunchAll.cpp:
--------------------------------------------------------------------------------
1 | // LaunchAll.cpp : Defines the entry point for the application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include "LaunchAll.h"
6 |
7 | #define MAX_LOADSTRING 100
8 |
9 | // Global Variables:
10 | HINSTANCE hInst; // current instance
11 | TCHAR szTitle[MAX_LOADSTRING]; // The title bar text
12 | TCHAR szWindowClass[MAX_LOADSTRING]; // the main window class name
13 |
14 | // Forward declarations of functions included in this code module:
15 | ATOM MyRegisterClass(HINSTANCE hInstance);
16 | BOOL InitInstance(HINSTANCE, int);
17 | LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
18 | INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM);
19 |
20 | int APIENTRY _tWinMain(HINSTANCE hInstance,
21 | HINSTANCE hPrevInstance,
22 | LPTSTR lpCmdLine,
23 | int nCmdShow)
24 | {
25 | UNREFERENCED_PARAMETER(hPrevInstance);
26 | UNREFERENCED_PARAMETER(lpCmdLine);
27 |
28 | // TODO: Place code here.
29 | MSG msg;
30 | HACCEL hAccelTable;
31 |
32 | // Initialize global strings
33 | LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);
34 | LoadString(hInstance, IDC_LAUNCHALL, szWindowClass, MAX_LOADSTRING);
35 | MyRegisterClass(hInstance);
36 |
37 | // Perform application initialization:
38 | if (!InitInstance (hInstance, nCmdShow))
39 | {
40 | return FALSE;
41 | }
42 |
43 | hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_LAUNCHALL));
44 |
45 | // Main message loop:
46 | while (GetMessage(&msg, NULL, 0, 0))
47 | {
48 | if (!TranslateAccelerator(msg.hwnd, hAccelTable, &msg))
49 | {
50 | TranslateMessage(&msg);
51 | DispatchMessage(&msg);
52 | }
53 | }
54 |
55 | return (int) msg.wParam;
56 | }
57 |
58 |
59 |
60 | //
61 | // FUNCTION: MyRegisterClass()
62 | //
63 | // PURPOSE: Registers the window class.
64 | //
65 | // COMMENTS:
66 | //
67 | // This function and its usage are only necessary if you want this code
68 | // to be compatible with Win32 systems prior to the 'RegisterClassEx'
69 | // function that was added to Windows 95. It is important to call this function
70 | // so that the application will get 'well formed' small icons associated
71 | // with it.
72 | //
73 | ATOM MyRegisterClass(HINSTANCE hInstance)
74 | {
75 | WNDCLASSEX wcex;
76 |
77 | wcex.cbSize = sizeof(WNDCLASSEX);
78 |
79 | wcex.style = CS_HREDRAW | CS_VREDRAW;
80 | wcex.lpfnWndProc = WndProc;
81 | wcex.cbClsExtra = 0;
82 | wcex.cbWndExtra = 0;
83 | wcex.hInstance = hInstance;
84 | wcex.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(IDI_LAUNCHALL));
85 | wcex.hCursor = LoadCursor(NULL, IDC_ARROW);
86 | wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
87 | wcex.lpszMenuName = MAKEINTRESOURCE(IDC_LAUNCHALL);
88 | wcex.lpszClassName = szWindowClass;
89 | wcex.hIconSm = LoadIcon(wcex.hInstance, MAKEINTRESOURCE(IDI_SMALL));
90 |
91 | return RegisterClassEx(&wcex);
92 | }
93 |
94 | //
95 | // FUNCTION: InitInstance(HINSTANCE, int)
96 | //
97 | // PURPOSE: Saves instance handle and creates main window
98 | //
99 | // COMMENTS:
100 | //
101 | // In this function, we save the instance handle in a global variable and
102 | // create and display the main program window.
103 | //
104 | BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
105 | {
106 | HWND hWnd;
107 |
108 | hInst = hInstance; // Store instance handle in our global variable
109 |
110 | hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW,
111 | CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL, NULL, hInstance, NULL);
112 |
113 | if (!hWnd)
114 | {
115 | return FALSE;
116 | }
117 |
118 | ShowWindow(hWnd, 1);
119 | UpdateWindow(hWnd);
120 |
121 | return TRUE;
122 | }
123 |
124 | //
125 | // FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM)
126 | //
127 | // PURPOSE: Processes messages for the main window.
128 | //
129 | // WM_COMMAND - process the application menu
130 | // WM_PAINT - Paint the main window
131 | // WM_DESTROY - post a quit message and return
132 | //
133 | //
134 | LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
135 | {
136 | int wmId, wmEvent;
137 | PAINTSTRUCT ps;
138 | HDC hdc;
139 |
140 | switch (message)
141 | {
142 | case WM_COMMAND:
143 | wmId = LOWORD(wParam);
144 | wmEvent = HIWORD(wParam);
145 | // Parse the menu selections:
146 | switch (wmId)
147 | {
148 | case IDM_ABOUT:
149 | DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
150 | break;
151 | case IDM_EXIT:
152 | DestroyWindow(hWnd);
153 | break;
154 | default:
155 | return DefWindowProc(hWnd, message, wParam, lParam);
156 | }
157 | break;
158 | case WM_PAINT:
159 | hdc = BeginPaint(hWnd, &ps);
160 | // TODO: Add any drawing code here...
161 | EndPaint(hWnd, &ps);
162 | break;
163 | case WM_DESTROY:
164 | PostQuitMessage(0);
165 | break;
166 | default:
167 | return DefWindowProc(hWnd, message, wParam, lParam);
168 | }
169 | return 0;
170 | }
171 |
172 | // Message handler for about box.
173 | INT_PTR CALLBACK About(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
174 | {
175 | UNREFERENCED_PARAMETER(lParam);
176 | switch (message)
177 | {
178 | case WM_INITDIALOG:
179 | return (INT_PTR)TRUE;
180 |
181 | case WM_COMMAND:
182 | if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL)
183 | {
184 | EndDialog(hDlg, LOWORD(wParam));
185 | return (INT_PTR)TRUE;
186 | }
187 | break;
188 | }
189 | return (INT_PTR)FALSE;
190 | }
191 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LaunchAll/LaunchAll.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "resource.h"
4 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LaunchAll/LaunchAll.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/LaunchAll/LaunchAll.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LaunchAll/LaunchAll.rc:
--------------------------------------------------------------------------------
1 | // Microsoft Visual C++ generated resource script.
2 | //
3 | #include "resource.h"
4 |
5 | #define APSTUDIO_READONLY_SYMBOLS
6 | /////////////////////////////////////////////////////////////////////////////
7 | //
8 | // Generated from the TEXTINCLUDE 2 resource.
9 | //
10 | #ifndef APSTUDIO_INVOKED
11 | #include "targetver.h"
12 | #endif
13 | #define APSTUDIO_HIDDEN_SYMBOLS
14 | #include "windows.h"
15 | #undef APSTUDIO_HIDDEN_SYMBOLS
16 |
17 | /////////////////////////////////////////////////////////////////////////////
18 | #undef APSTUDIO_READONLY_SYMBOLS
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | // English (U.S.) resources
22 |
23 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
24 | #ifdef _WIN32
25 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
26 | #pragma code_page(1252)
27 | #endif //_WIN32
28 |
29 | /////////////////////////////////////////////////////////////////////////////
30 | //
31 | // Icon
32 | //
33 |
34 | // Icon with lowest ID value placed first to ensure application icon
35 | // remains consistent on all systems.
36 | IDI_LAUNCHALL ICON "LaunchAll.ico"
37 | IDI_SMALL ICON "small.ico"
38 |
39 | /////////////////////////////////////////////////////////////////////////////
40 | //
41 | // Menu
42 | //
43 |
44 | IDC_LAUNCHALL MENU
45 | BEGIN
46 | POPUP "&File"
47 | BEGIN
48 | MENUITEM "E&xit", IDM_EXIT
49 | END
50 | POPUP "&Help"
51 | BEGIN
52 | MENUITEM "&About ...", IDM_ABOUT
53 | END
54 | END
55 |
56 |
57 | /////////////////////////////////////////////////////////////////////////////
58 | //
59 | // Accelerator
60 | //
61 |
62 | IDC_LAUNCHALL ACCELERATORS
63 | BEGIN
64 | "?", IDM_ABOUT, ASCII, ALT
65 | "/", IDM_ABOUT, ASCII, ALT
66 | END
67 |
68 |
69 | /////////////////////////////////////////////////////////////////////////////
70 | //
71 | // Dialog
72 | //
73 |
74 | IDD_ABOUTBOX DIALOGEX 0, 0, 170, 62
75 | STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
76 | CAPTION "About LaunchAll"
77 | FONT 8, "MS Shell Dlg", 0, 0, 0x1
78 | BEGIN
79 | ICON 128,IDC_STATIC,14,14,21,20
80 | LTEXT "LaunchAll, Version 1.0",IDC_STATIC,42,14,114,8,SS_NOPREFIX
81 | LTEXT "Copyright (C) 2015",IDC_STATIC,42,26,114,8
82 | DEFPUSHBUTTON "OK",IDOK,113,41,50,14,WS_GROUP
83 | END
84 |
85 |
86 | /////////////////////////////////////////////////////////////////////////////
87 | //
88 | // DESIGNINFO
89 | //
90 |
91 | #ifdef APSTUDIO_INVOKED
92 | GUIDELINES DESIGNINFO
93 | BEGIN
94 | IDD_ABOUTBOX, DIALOG
95 | BEGIN
96 | LEFTMARGIN, 7
97 | RIGHTMARGIN, 163
98 | TOPMARGIN, 7
99 | BOTTOMMARGIN, 55
100 | END
101 | END
102 | #endif // APSTUDIO_INVOKED
103 |
104 |
105 | #ifdef APSTUDIO_INVOKED
106 | /////////////////////////////////////////////////////////////////////////////
107 | //
108 | // TEXTINCLUDE
109 | //
110 |
111 | 1 TEXTINCLUDE
112 | BEGIN
113 | "resource.h\0"
114 | END
115 |
116 | 2 TEXTINCLUDE
117 | BEGIN
118 | "#ifndef APSTUDIO_INVOKED\r\n"
119 | "#include ""targetver.h""\r\n"
120 | "#endif\r\n"
121 | "#define APSTUDIO_HIDDEN_SYMBOLS\r\n"
122 | "#include ""windows.h""\r\n"
123 | "#undef APSTUDIO_HIDDEN_SYMBOLS\r\n"
124 | "\0"
125 | END
126 |
127 | 3 TEXTINCLUDE
128 | BEGIN
129 | "\r\n"
130 | "\0"
131 | END
132 |
133 | #endif // APSTUDIO_INVOKED
134 |
135 |
136 | /////////////////////////////////////////////////////////////////////////////
137 | //
138 | // String Table
139 | //
140 |
141 | STRINGTABLE
142 | BEGIN
143 | IDS_APP_TITLE "OllyDbg"
144 | IDC_LAUNCHALL "OLLYDBG"
145 | END
146 |
147 | #endif // English (U.S.) resources
148 | /////////////////////////////////////////////////////////////////////////////
149 |
150 |
151 |
152 | #ifndef APSTUDIO_INVOKED
153 | /////////////////////////////////////////////////////////////////////////////
154 | //
155 | // Generated from the TEXTINCLUDE 3 resource.
156 | //
157 |
158 |
159 | /////////////////////////////////////////////////////////////////////////////
160 | #endif // not APSTUDIO_INVOKED
161 |
162 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LaunchAll/LaunchAll.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LaunchAll/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | WIN32 APPLICATION : LaunchAll Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this LaunchAll application for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your LaunchAll application.
9 |
10 |
11 | LaunchAll.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | LaunchAll.cpp
18 | This is the main application source file.
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | AppWizard has created the following resources:
22 |
23 | LaunchAll.rc
24 | This is a listing of all of the Microsoft Windows resources that the
25 | program uses. It includes the icons, bitmaps, and cursors that are stored
26 | in the RES subdirectory. This file can be directly edited in Microsoft
27 | Visual C++.
28 |
29 | Resource.h
30 | This is the standard header file, which defines new resource IDs.
31 | Microsoft Visual C++ reads and updates this file.
32 |
33 | LaunchAll.ico
34 | This is an icon file, which is used as the application's icon (32x32).
35 | This icon is included by the main resource file LaunchAll.rc.
36 |
37 | small.ico
38 | This is an icon file, which contains a smaller version (16x16)
39 | of the application's icon. This icon is included by the main resource
40 | file LaunchAll.rc.
41 |
42 | /////////////////////////////////////////////////////////////////////////////
43 | Other standard files:
44 |
45 | StdAfx.h, StdAfx.cpp
46 | These files are used to build a precompiled header (PCH) file
47 | named LaunchAll.pch and a precompiled types file named StdAfx.obj.
48 |
49 | /////////////////////////////////////////////////////////////////////////////
50 | Other notes:
51 |
52 | AppWizard uses "TODO:" comments to indicate parts of the source code you
53 | should add to or customize.
54 |
55 | /////////////////////////////////////////////////////////////////////////////
56 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LaunchAll/Resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by LaunchAll.rc
4 | //
5 |
6 | #define IDS_APP_TITLE 103
7 |
8 | #define IDR_MAINFRAME 128
9 | #define IDD_LAUNCHALL_DIALOG 102
10 | #define IDD_ABOUTBOX 103
11 | #define IDM_ABOUT 104
12 | #define IDM_EXIT 105
13 | #define IDI_LAUNCHALL 107
14 | #define IDI_SMALL 108
15 | #define IDC_LAUNCHALL 109
16 | #define IDC_MYICON 2
17 | #ifndef IDC_STATIC
18 | #define IDC_STATIC -1
19 | #endif
20 | // Next default values for new objects
21 | //
22 | #ifdef APSTUDIO_INVOKED
23 | #ifndef APSTUDIO_READONLY_SYMBOLS
24 |
25 | #define _APS_NO_MFC 130
26 | #define _APS_NEXT_RESOURCE_VALUE 129
27 | #define _APS_NEXT_COMMAND_VALUE 32771
28 | #define _APS_NEXT_CONTROL_VALUE 1000
29 | #define _APS_NEXT_SYMED_VALUE 110
30 | #endif
31 | #endif
32 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LaunchAll/small.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/LaunchAll/small.ico
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LaunchAll/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // LaunchAll.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LaunchAll/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 |
10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
11 | // Windows Header Files:
12 | #include
13 |
14 | // C RunTime Header Files
15 | #include
16 | #include
17 | #include
18 | #include
19 |
20 |
21 | // TODO: reference additional headers your program requires here
22 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LaunchAll/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // The following macros define the minimum required platform. The minimum required platform
4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
5 | // your application. The macros work by enabling all features available on platform versions up to and
6 | // including the version specified.
7 |
8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef WINVER // Specifies that the minimum required platform is Windows Vista.
11 | #define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 |
14 | #ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
15 | #define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
16 | #endif
17 |
18 | #ifndef _WIN32_WINDOWS // Specifies that the minimum required platform is Windows 98.
19 | #define _WIN32_WINDOWS 0x0410 // Change this to the appropriate value to target Windows Me or later.
20 | #endif
21 |
22 | #ifndef _WIN32_IE // Specifies that the minimum required platform is Internet Explorer 7.0.
23 | #define _WIN32_IE 0x0700 // Change this to the appropriate value to target other versions of IE.
24 | #endif
25 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LoadDriver.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/LoadDriver.suo
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LoadDriver/LoadDriver.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
15 |
16 |
17 |
18 |
19 |
26 |
29 |
32 |
35 |
38 |
41 |
52 |
55 |
58 |
61 |
70 |
73 |
76 |
79 |
82 |
85 |
88 |
91 |
92 |
100 |
103 |
106 |
109 |
112 |
115 |
126 |
129 |
132 |
135 |
144 |
147 |
150 |
153 |
156 |
159 |
162 |
165 |
166 |
167 |
168 |
169 |
170 |
175 |
178 |
179 |
182 |
183 |
184 |
189 |
192 |
193 |
196 |
197 |
198 |
203 |
204 |
207 |
208 |
211 |
212 |
213 |
214 |
215 |
216 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LoadDriver/LoadDriver.vcproj.Pablo-PC.Pablo.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LoadDriver/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | CONSOLE APPLICATION : LoadDriver Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this LoadDriver application for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your LoadDriver application.
9 |
10 |
11 | LoadDriver.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | LoadDriver.cpp
18 | This is the main application source file.
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | Other standard files:
22 |
23 | StdAfx.h, StdAfx.cpp
24 | These files are used to build a precompiled header (PCH) file
25 | named LoadDriver.pch and a precompiled types file named StdAfx.obj.
26 |
27 | /////////////////////////////////////////////////////////////////////////////
28 | Other notes:
29 |
30 | AppWizard uses "TODO:" comments to indicate parts of the source code you
31 | should add to or customize.
32 |
33 | /////////////////////////////////////////////////////////////////////////////
34 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LoadDriver/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // LoadDriver.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LoadDriver/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 | #include
10 | #include
11 | #include
12 | #include
13 |
14 | // TODO: reference additional headers your program requires here
15 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/LoadDriver/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // The following macros define the minimum required platform. The minimum required platform
4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run
5 | // your application. The macros work by enabling all features available on platform versions up to and
6 | // including the version specified.
7 |
8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
11 | #define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 |
14 |
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/PREPROCESADO.txt:
--------------------------------------------------------------------------------
1 | $(TargetPath)
2 |
3 | VMWARE
4 | USERSANDBOX
5 | PATHSANDBOX
6 | VBOX
7 | WINE
8 | QEMU
9 | BOCHS
10 | USERMALWARE
11 | PATHSAMPLE
12 | USERVIRUS
13 | PATHVIRUS
14 |
15 |
16 | SANDBOXIE_DLL_PATH
17 |
18 | SANDBOXIE_PATH
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/ConsoleTestDebug.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/ConsoleTestDebug.exe
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/Empty.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/Empty.exe
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/ImmunityDebugger.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/ImmunityDebugger.exe
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/LaunchAll.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/LaunchAll.exe
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/LoadDriver.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/LoadDriver.exe
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/OLLYDBG.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/OLLYDBG.exe
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/Procmon.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/Procmon.exe
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/SbieDll.bochs.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/SbieDll.bochs.dll
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/SbieDll.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/SbieDll.dll
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/SbieDll.qemu.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/SbieDll.qemu.dll
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/SbieDll.vbox.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/SbieDll.vbox.dll
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/SbieDll.vmware.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/SbieDll.vmware.dll
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/SbieDll.wine.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/SbieDll.wine.dll
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/Wireshark.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/Wireshark.exe
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/idag.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/idag.exe
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/procexp.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/procexp.exe
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/vboxtray.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/vboxtray.exe
--------------------------------------------------------------------------------
/LoadDriverDebugProcess/Release/windbg.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/LoadDriverDebugProcess/Release/windbg.exe
--------------------------------------------------------------------------------
/ProcWatcherDebugDriver/makefile.def:
--------------------------------------------------------------------------------
1 | !INCLUDE $(NTMAKEENV)\makefile.def
--------------------------------------------------------------------------------
/ProcWatcherDebugDriver/sources:
--------------------------------------------------------------------------------
1 | TARGETNAME = ProcDebugger
2 | TARGETPATH = ..\bin
3 | TARGETTYPE = DRIVER
4 |
5 | INCLUDES = %BUILD%\inc
6 | LIBS = %BUILD%\lib
7 |
8 |
9 | SOURCES = ProcDebugger.c
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Kung-Fu-Malware
--------------------------------------------------------------------------------
/bin/i386/ProcDebugger.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/bin/i386/ProcDebugger.pdb
--------------------------------------------------------------------------------
/bin/i386/ProcDebugger.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/psaneme/Kung-Fu-Malware/d149a7b7a5b2a62fc6e0bc36818fb540447809d4/bin/i386/ProcDebugger.sys
--------------------------------------------------------------------------------