-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRandom.c
57 lines (48 loc) · 1.05 KB
/
Random.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/*!
*
* Exploit
*
* GuidePoint Security LLC
*
* Threat and Attack Simulation
*
!*/
#include "Common.h"
ULONG
NTAPI
RtlRandomEx(
_In_ PULONG Seed
);
typedef struct
{
D_API( NtGetTickCount );
D_API( RtlRandomEx );
} API ;
#define H_API_NTGETTICKCOUNT 0x6f0ecc3b /* NtGetTickCount */
#define H_API_RTLRANDOMEX 0x7f1224f5 /* RtlRandomEx */
#define H_LIB_NTDLL 0x1edab0ed /* ntdll.dll */
/*!
*
* Purpose:
*
* Creates a random unicode string of the requested length.
*
!*/
D_SEC( C ) VOID RandomStringW( PWCHAR Buffer, ULONG Length )
{
API Api;
INT Idx = 0;
ULONG Val = 0;
ULONG Sed = 0;
PWCHAR Str = C_PTR( G_PTR( Array ) );
RtlSecureZeroMemory( &Api, sizeof( Api ) );
Api.NtGetTickCount = PeGetFuncEat( PebGetModule( H_LIB_NTDLL ), H_API_NTGETTICKCOUNT );
Api.RtlRandomEx = PeGetFuncEat( PebGetModule( H_LIB_NTDLL ), H_API_RTLRANDOMEX );
for ( Idx = 0 ; Idx < Length ; ++Idx ) {
Sed = Api.NtGetTickCount();
Val = Api.RtlRandomEx( &Sed );
Val = Api.RtlRandomEx( &Val );
Val = Val % 26;
Buffer[ Idx ] = Str[ Val ];
};
};