CryptoGear encryption algorithm
Symmetric-key block encryption cipher developed by BreakingSecurity.

You can find its C++ implementation here.

RC4 class in C++

Standard RC4 encryption algorithm.
Simple and fast, it is a famous algorithm used in many applications.

cRC4.h :

/***********************************************************
	* Standard RC4 algorithm
	* class in C++
	* Written by Viotto - BreakingSecurity.net
***********************************************************/

#include <string>
using namespace std;

class CRC4
{
public:

	CRC4(unsigned char* pKey, unsigned int lenKey);
	CRC4();

	void RC4(unsigned char pData[], unsigned long lenData);
	string RC4Str(unsigned char* pInputData, unsigned long InputSize);
	void Initialize(unsigned char* pKey, unsigned int lenKey);

private:
	int m_sBox[256]; //substitution-box
	int a, b;	
	unsigned char swap;
};

 

cRC4.cpp :

/***********************************************************
* Standard RC4 algorithm
* class in C++
* Written by Viotto - BreakingSecurity.net
***********************************************************/


#include "cRC4.h"

// Constructor. It will generate s-box based on the provided key.
// This way future encryption/decryptions routines will not have to recreate s-box each time.
CRC4::CRC4(unsigned char* pKey, unsigned int lenKey)
{
	Initialize(pKey, lenKey);
}

/* Overloaded costructor with no arguments.
   Must initialize s-box manually.           */
CRC4::CRC4()
{}


void CRC4::Initialize(unsigned char* pKey, unsigned int lenKey)
{
	// Initialize substitution box, based on the provided key.

	b = 0;

	for (a = 0; a < 256; a++)
	{
		m_sBox[a] = a;
	}

	for (a = 0; a < 256; a++)
	{
		b = (b + m_sBox[a] + pKey[a % lenKey]) % 256;
		swap = m_sBox[a];
		m_sBox[a] = m_sBox[b];
		m_sBox[b] = swap;
	}
}


void CRC4::RC4(unsigned char pData[], unsigned long lenData)
{
	int sBox[256];
	int i = 0, j = 0;
	long Offset;

	// Create a local copy of the s-box. Better than recreating each time before encrypting/decrypting.
	memcpy(sBox, m_sBox, 256 * sizeof(int));

	//Encrypt the data
	for (Offset = 0; Offset < lenData; Offset++)
	{
		i = (i + 1) % 256;
		j = (j + sBox[i]) % 256;
		swap = sBox[i];
		sBox[i] = sBox[j];
		sBox[j] = swap;
		pData[Offset] ^= sBox[(sBox[i] + sBox[j]) % 256];
	}
}


// This function does not overwrite input with output, but saves it on a separate string.
string CRC4::RC4Str(unsigned char* pInputData, unsigned long InputSize)
{
	string sInputOutputData((char*)pInputData, InputSize);
	RC4((unsigned char*)sInputOutputData.c_str(), InputSize);
	return sInputOutputData;
}
C++ FileSearch

A simple and fast recursive function which can be used to search for a filename or part of it,
inside a specified folder and all of its subdirectories.

#include <windows.h>
#include <algorithm>
#include <string>
using namespace std;

bool FileSearch(string sSearch, string sFolder)
{
	// This recursive function will search for a filename or part of it,
	// inside the specified folder and in all its subfolders.
	// Coded by Viotto - http://Breaking-Security.net

	std::transform(sSearch.begin(), sSearch.end(), sSearch.begin(), ::tolower);

	// Check for final slash in path and append it if missing
	if (sFolder[sFolder.length() -1] != '\')
	{
		sFolder += "\";
	}

	WIN32_FIND_DATA FileInfo;
	HANDLE hFind = FindFirstFileA(string(sFolder + "*").c_str(), &FileInfo);

	if (hFind == INVALID_HANDLE_VALUE)
	{
		FindClose(hFind);
		return false;
	}
	string sFileInfo;

	while (FindNextFile(hFind, &FileInfo) != 0)
	{
		if (FileInfo.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY
			&& strcmp(FileInfo.cFileName, ".") != 0
			&& strcmp(FileInfo.cFileName, "..") != 0)
		{
			string sRecursiveDir = sFolder + string(FileInfo.cFileName);
			FileSearch(sSearch, sRecursiveDir);
		}

		string sFileName(FileInfo.cFileName);
		std::transform(sFileName.begin(), sFileName.end(), sFileName.begin(), ::tolower);
		if (sFileName.find(sSearch) != string::npos)
		{
			//Search string has been found inside file name
			printf(string(sFolder + FileInfo.cFileName + "n").c_str());
		}
	}
	FindClose(hFind);
	return true;
}

// Usage example:
// filesearch "Notepad" "C:Windows"
void main(int argc, char* argv[])
{
	if (argc == 3)
	{
		FileSearch(argv[1], argv[2]);
		printf("Search finished!n");
	}
	else printf("Wrong number of parametersn");

	system("pause");
}
[ C ] Get Process path from PID at kernel level

At user-level, such a simple task is straightforward as it should, by the use of APIs like GetModuleFileNameEx().

However, there’s no documented way to do it at kernel level.
I found a lot of people asking for it, but didn’t find any clear functioning snippet, so I figured it could be useful to share mine.

BOOLEAN KrnGetProcessPath(HANDLE hProcessId)
// ProcessID handle can be get using PsGetCurrentProcessId(),
// or by using process callback routines such as PsSetCreateProcessNotifyRoutine()
{
	HANDLE hProcess = NULL;
	OBJECT_ATTRIBUTES obj_attr;
	CLIENT_ID cid;

	cid.UniqueProcess = hProcessId; 
	cid.UniqueThread = NULL;
	InitializeObjectAttributes(&obj_attr, NULL, 0, NULL, NULL);
	ZwOpenProcess(&hProcess, GENERIC_READ, &obj_attr, &cid);

	// When the ProcessInformationClass parameter is ProcessImageFileName, 
	//	the buffer pointed to by the ProcessInformation parameter should be large enough to hold a UNICODE_STRING structure, 
	//	as well as the string itself.
	WCHAR ustrBuffer[(sizeof(UNICODE_STRING) / sizeof(WCHAR)) + 260];
	UNICODE_STRING ustrPath;

	// Initialize UNICODE_STRING
	ustrPath.Buffer = ustrBuffer;
	ustrPath.Length = 0x0;
	ustrPath.MaximumLength = sizeof(ustrBuffer);

	// Process path will be saved inside the unicode string.
	NTSTATUS ret = ZwQueryInformationProcess(hProcess, ProcessImageFileName, &ustrPath, sizeof(ustrBuffer), NULL);

	if (NT_SUCCESS(ret))
	{
		DbgPrintEx(DPFLTR_IHVDRIVER_ID, 0, "[DEBUG] process path: %wZn", ustrPath);
		return TRUE;
	}
	else
	{
		DbgPrintEx(DPFLTR_IHVDRIVER_ID, 0, "[ERROR] error getting process path: %xn", ret);
		return FALSE;
	}
}
LoadDll: LoadLibrary alternative in C

The following code is a replacement for the Windows LoadLibrary() function, an alternative way to load a DLL in our address space.

#include <Windows.h>

typedef struct _UNICODE_STRING 
{ // UNICODE_STRING structure
         USHORT Length;
         USHORT MaximumLength;
         PWSTR  Buffer;
} UNICODE_STRING, *PUNICODE_STRING;

typedef NTSTATUS (WINAPI *fLdrLoadDll) //LdrLoadDll function prototype 
    (
         IN PWCHAR PathToFile OPTIONAL,
         IN ULONG Flags OPTIONAL, 
         IN PUNICODE_STRING ModuleFileName, 
         OUT PHANDLE ModuleHandle 
    ); 

typedef VOID (WINAPI *fRtlInitUnicodeString) //RtlInitUnicodeString function prototype
    (
         PUNICODE_STRING DestinationString,
         PCWSTR SourceString
    );

HMODULE hntdll;
fLdrLoadDll _LdrLoadDll;
fRtlInitUnicodeString _RtlInitUnicodeString;

HMODULE LoadDll( LPCSTR lpFileName) 
{  
   //by Viotto - http://breaking-security.net

   if (hntdll      == NULL) { hntdll = GetModuleHandleA("ntdll.dll"); }
   if (_LdrLoadDll == NULL) { _LdrLoadDll = (fLdrLoadDll) GetProcAddress ( hntdll, "LdrLoadDll"); }
   if (_RtlInitUnicodeString == NULL) 
   { _RtlInitUnicodeString = (fRtlInitUnicodeString) GetProcAddress ( hntdll, "RtlInitUnicodeString"); }

   int StrLen = lstrlenA(lpFileName);
   BSTR WideStr = SysAllocStringLen(NULL, StrLen);
   MultiByteToWideChar(CP_ACP, 0, lpFileName, StrLen, WideStr, StrLen);

   UNICODE_STRING usDllName;
   _RtlInitUnicodeString(&usDllName, WideStr);
   SysFreeString(WideStr);

   HANDLE DllHandle; 
   _LdrLoadDll(0, 0, &usDllName, &DllHandle);

   return (HMODULE)DllHandle;
}

int main() //Usage example
{
   HMODULE hmodule = LoadDll("Kernel32.dll");
   //HMODULE hmodule = LoadLibraryA("Kernel32.dll");
   return (int)hmodule;
}
Viotto .OCX Registrator

Viotto OCX Registrator is a simple tool to install, register and unregister OCX files.
It is released free and open source.
It is coded in Embarcadero C++.
You can find it here.

Menu