5pider Cracked5pider

## CMakeLists.txt
cmake_minimum_required(VERSION 3.28)
project(untitled C ASM)

set(CMAKE_CXX_STANDARD 17)

set(CMAKE_ASM_COMPILE_OPTIONS_MSVC_RUNTIME_LIBRARY_MultiThreaded "")
set(CMAKE_ASM_COMPILE_OPTIONS_MSVC_RUNTIME_LIBRARY_MultiThreadedDLL "")
set(CMAKE_ASM_COMPILE_OPTIONS_MSVC_RUNTIME_LIBRARY_MultiThreadedDebug "")
set(CMAKE_ASM_COMPILE_OPTIONS_MSVC_RUNTIME_LIBRARY_MultiThreadedDebugDLL "")

## find_function.cpp
#include <windows.h>
#include <stdio.h>
#include <psapi.h>

typedef char * (*ParseHeaders)(LPCSTR, int *);

BOOL bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
    for (; *szMask; ++szMask, ++pData, ++bMask)
        if (*szMask == 'x' && *pData != *bMask)

## lsa_extension.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              4 stars
            
          
                odzhan
                / lsa_extension.md
            
            
              Last active
              July 31, 2022 23:10
            
              
                LSA Extension Internals
              
          
    LSA Extension Internals

About

I want to use lsasrv!LsaProtectMemory() inside the LSASS process to encrypt a block of memory and return the ciphertext. It's part of the LsapLsasrvIfTable interface in lsasrv.dll, but unless I'm mistaken can only be accessed by another LSA extension using the lsasrv!QueryLsaInterface() function. The following text is some basic information about the internal structures.
LsapLsasrvIfTable:
  dq offset LsaProtectMemory
  dq offset LsaUnprotectMemory

dq offset LsaIFreeReturnBuffer

  
## tls_client.c
#define WIN32_LEAN_AND_MEAN
#include <winsock2.h>
#include <windows.h>
#define SECURITY_WIN32
#include <security.h>
#include <schannel.h>
#include <shlwapi.h>
#include <assert.h>
#include <stdio.h>

## SysCall.cpp
#define _CRT_SECURE_NO_WARNINGS

#include <iostream>
#include <windows.h>
#include <psapi.h>

typedef struct _PS_ATTRIBUTE {
    ULONG Attribute;
    SIZE_T Size;
    union {

## memBruteforce.cpp
// memBruteforce.cpp by aaaddress1@chroot.org
// brute search loaded moudules in memory
// rewrite from https://www.exploit-db.com/exploits/45293
#include <Windows.h>
#include <iostream>
#pragma warning(disable:4996)

bool isMemExist(size_t addr) {
    int retv;
    __asm {

## peb_ldr.h
#pragma once
#include <Windows.h>
#include <winnt.h>
#include <winternl.h>

static BYTE prelude1[7]{
	0x4D, 0x8d, 0x4b, 0xf0, // lea r9, [r11-10h]
	0x45, 0x33, 0xc0 // xor r8d, r8d
};

## LowUtilities.cpp
//
// An implementation of GetModuleHandle and GetProcAddress that works with manually mapped modules, forwarded exports,
// without a CRT standard library, and uses no Windows API or dependencies.
//
// Author: Bill Demirkapi
// License: MIT, appended at the bottom of this document if you care about licensing and want to credit me in your own project.
//

#include <Windows.h>
#include <winternl.h>

## process_list_without_handles.cpp
/*
*
* List process information on windows without opening any handles, including process architecture and username
*
*/

#include <Windows.h>
#include <stdio.h>
#include <math.h>

## EnumCLR.c
#include <string.h>
#include <stdio.h>
#include <windows.h>
#include <psapi.h>
#include "beacon.h"


DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcesses(DWORD *, DWORD, LPDWORD);
DECLSPEC_IMPORT WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess(DWORD, BOOL, DWORD);
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcessModulesEx(HANDLE, HMODULE*, DWORD, LPDWORD, DWORD);
	cmake_minimum_required(VERSION 3.28)
	project(untitled C ASM)

	set(CMAKE_CXX_STANDARD 17)

	set(CMAKE_ASM_COMPILE_OPTIONS_MSVC_RUNTIME_LIBRARY_MultiThreaded "")
	set(CMAKE_ASM_COMPILE_OPTIONS_MSVC_RUNTIME_LIBRARY_MultiThreadedDLL "")
	set(CMAKE_ASM_COMPILE_OPTIONS_MSVC_RUNTIME_LIBRARY_MultiThreadedDebug "")
	set(CMAKE_ASM_COMPILE_OPTIONS_MSVC_RUNTIME_LIBRARY_MultiThreadedDebugDLL "")
	#include <windows.h>
	#include <stdio.h>
	#include <psapi.h>

	typedef char * (ParseHeaders)(LPCSTR, int );

	BOOL bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
	{
	for (; *szMask; ++szMask, ++pData, ++bMask)
	if (szMask == 'x' && pData != *bMask)
	#define WIN32_LEAN_AND_MEAN
	#include <winsock2.h>
	#include <windows.h>
	#define SECURITY_WIN32
	#include <security.h>
	#include <schannel.h>
	#include <shlwapi.h>
	#include <assert.h>
	#include <stdio.h>
	#define _CRT_SECURE_NO_WARNINGS

	#include <iostream>
	#include <windows.h>
	#include <psapi.h>

	typedef struct _PS_ATTRIBUTE {
	ULONG Attribute;
	SIZE_T Size;
	union {
	// memBruteforce.cpp by aaaddress1@chroot.org
	// brute search loaded moudules in memory
	// rewrite from https://www.exploit-db.com/exploits/45293
	#include <Windows.h>
	#include <iostream>
	#pragma warning(disable:4996)

	bool isMemExist(size_t addr) {
	int retv;
	__asm {
	#pragma once
	#include <Windows.h>
	#include <winnt.h>
	#include <winternl.h>

	static BYTE prelude1[7]{
	0x4D, 0x8d, 0x4b, 0xf0, // lea r9, [r11-10h]
	0x45, 0x33, 0xc0 // xor r8d, r8d
	};
	//
	// An implementation of GetModuleHandle and GetProcAddress that works with manually mapped modules, forwarded exports,
	// without a CRT standard library, and uses no Windows API or dependencies.
	//
	// Author: Bill Demirkapi
	// License: MIT, appended at the bottom of this document if you care about licensing and want to credit me in your own project.
	//

	#include <Windows.h>
	#include <winternl.h>
	/*
	*
	* List process information on windows without opening any handles, including process architecture and username
	*
	*/

	#include <Windows.h>
	#include <stdio.h>
	#include <math.h>
	#include <string.h>
	#include <stdio.h>
	#include <windows.h>
	#include <psapi.h>
	#include "beacon.h"


	DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcesses(DWORD *, DWORD, LPDWORD);
	DECLSPEC_IMPORT WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess(DWORD, BOOL, DWORD);
	DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcessModulesEx(HANDLE, HMODULE*, DWORD, LPDWORD, DWORD);