# malware source code ## vx-api - [Introduction](https://malwaresourcecode.com/home/readme.md) - [Headers](https://malwaresourcecode.com/home/code-base/headers.md) - [PEB (Process Environment Block)](https://malwaresourcecode.com/home/code-base/headers/peb-process-environment-block.md) - [TEB (Thread Environment Block)](https://malwaresourcecode.com/home/code-base/headers/teb-thread-environment-block.md) - [CRT Recreation](https://malwaresourcecode.com/home/code-base/markdown.md) - [CaplockString](https://malwaresourcecode.com/home/code-base/markdown/caplockstring.md) - [CopyMemory](https://malwaresourcecode.com/home/code-base/markdown/copymemory.md): Custom implementation of CopyMemory. - [StringCompare](https://malwaresourcecode.com/home/code-base/markdown/stringcompare.md) - [StringConcat](https://malwaresourcecode.com/home/code-base/markdown/stringconcat.md) - [StringCopy](https://malwaresourcecode.com/home/code-base/markdown/stringcopy.md) - [StringLength](https://malwaresourcecode.com/home/code-base/markdown/stringlength.md) - [StringLocateChar](https://malwaresourcecode.com/home/code-base/markdown/stringlocatechar.md) - [WCHAR to CHAR](https://malwaresourcecode.com/home/code-base/markdown/wchar-to-char.md) - [WCharToCharUnsafe](https://malwaresourcecode.com/home/code-base/markdown/wchar-to-char/wchartocharunsafe.md) - [WCharToCharSafe](https://malwaresourcecode.com/home/code-base/markdown/wchar-to-char/wchartocharsafe.md) - [ShlwapiWcharToChar](https://malwaresourcecode.com/home/code-base/markdown/wchar-to-char/shlwapiwchartochar.md) - [CHAR to WCHAR](https://malwaresourcecode.com/home/code-base/markdown/char-to-wchar.md) - [CharStringToWCharString](https://malwaresourcecode.com/home/code-base/markdown/char-to-wchar/charstringtowcharstring.md) - [ShlwapiCharStringToWCharString](https://malwaresourcecode.com/home/code-base/markdown/char-to-wchar/shlwapicharstringtowcharstring.md) - [ByteArrayToCharArray](https://malwaresourcecode.com/home/code-base/markdown/bytearraytochararray.md) - [CharArrayToByteArray](https://malwaresourcecode.com/home/code-base/markdown/chararraytobytearray.md) - [StringTerminateStringAtChar](https://malwaresourcecode.com/home/code-base/markdown/stringterminatestringatchar.md) - [RtlInitAnsiString](https://malwaresourcecode.com/home/code-base/markdown/rtlinitansistring.md): Initializes an ANSI\_STRING structure without importing from NTDLL - [RtlInitUnicodeString](https://malwaresourcecode.com/home/code-base/markdown/rtlinitunicodestring.md): Initializes a UNICODE\_STRING structure without importing from NTDLL - [Random Integer](https://malwaresourcecode.com/home/code-base/markdown/random-integer.md) - [RtlUniform](https://malwaresourcecode.com/home/code-base/markdown/random-integer/rtluniform.md) - [IOCTL Cng Random](https://malwaresourcecode.com/home/code-base/markdown/random-integer/ioctl-cng-random.md) - [IOCTL KsecDD Random](https://malwaresourcecode.com/home/code-base/markdown/random-integer/ioctl-ksecdd-random.md) - [WinRT CryptographicBufferStatics](https://malwaresourcecode.com/home/code-base/markdown/random-integer/winrt-cryptographicbufferstatics.md) - [ConvertCharStringToInt (NTDLL)](https://malwaresourcecode.com/home/code-base/markdown/convertcharstringtoint-ntdll.md): This code snippet requires an import from NTDLL - [ZeroMemory](https://malwaresourcecode.com/home/code-base/markdown/zeromemory.md) - [String Hashing](https://malwaresourcecode.com/home/string-hashing.md) - [Djb2](https://malwaresourcecode.com/home/string-hashing/djb2.md) - [Djb2a](https://malwaresourcecode.com/home/string-hashing/djb2a.md) - [FowlerNollVoVariant1a 32](https://malwaresourcecode.com/home/string-hashing/fowlernollvovariant1a-32.md) - [JenkinsOneAtATime32Bit](https://malwaresourcecode.com/home/string-hashing/jenkinsoneatatime32bit.md) - [FowlerNollVoVariant1a 64](https://malwaresourcecode.com/home/string-hashing/fowlernollvovariant1a-64.md) - [LoseLose](https://malwaresourcecode.com/home/string-hashing/loselose.md) - [Murmur3](https://malwaresourcecode.com/home/string-hashing/murmur3.md) - [Sdbm](https://malwaresourcecode.com/home/string-hashing/sdbm.md) - [SipHash](https://malwaresourcecode.com/home/string-hashing/siphash.md) - [SuperFastHash](https://malwaresourcecode.com/home/string-hashing/superfasthash.md) - [Pjw](https://malwaresourcecode.com/home/string-hashing/pjw.md) - [XXHash](https://malwaresourcecode.com/home/string-hashing/xxhash.md) - [Crc32NoTable](https://malwaresourcecode.com/home/string-hashing/crc32notable.md) - [Rotr32 Add 13](https://malwaresourcecode.com/home/string-hashing/rotr32-add-13.md) - [Rotr32 Add 7](https://malwaresourcecode.com/home/string-hashing/rotr32-add-7.md) - [Lookup3](https://malwaresourcecode.com/home/string-hashing/lookup3.md) - [Jhash](https://malwaresourcecode.com/home/string-hashing/jhash.md) - [WyHash](https://malwaresourcecode.com/home/string-hashing/wyhash.md) - [Antidebugging Methods](https://malwaresourcecode.com/home/antidebugging-methods.md) - [CloseHandleOnInvalidAddress](https://malwaresourcecode.com/home/antidebugging-methods/closehandleoninvalidaddress.md) - [IsDebuggerPresentEx](https://malwaresourcecode.com/home/antidebugging-methods/isdebuggerpresentex.md) - [IsIntelHardwareBreakpointPresent](https://malwaresourcecode.com/home/antidebugging-methods/isintelhardwarebreakpointpresent.md) - [Library Loading](https://malwaresourcecode.com/home/library-loading.md) - [GetTeb](https://malwaresourcecode.com/home/library-loading/getteb.md) - [GetPeb](https://malwaresourcecode.com/home/library-loading/getpeb.md) - [GetKUserSharedData](https://malwaresourcecode.com/home/library-loading/getkusershareddata.md) - [RtlLoadPeHeaders](https://malwaresourcecode.com/home/library-loading/rtlloadpeheaders.md): Small helper function used by other library loading functions - [LdrLoadGetProcedureAddress](https://malwaresourcecode.com/home/library-loading/ldrloadgetprocedureaddress.md): Subroutine used by library loading functions to handle API sets - [GetRtlUserProcessParameters](https://malwaresourcecode.com/home/library-loading/getrtluserprocessparameters.md) - [ProxyRegisterWaitLoadLibrary](https://malwaresourcecode.com/home/library-loading/proxyregisterwaitloadlibrary.md) - [ProxyWorkItemLoadLibrary](https://malwaresourcecode.com/home/library-loading/proxyworkitemloadlibrary.md) - [Function Import Methods](https://malwaresourcecode.com/home/library-loading/function-import-methods.md) - [GetProcAddress (Safe)](https://malwaresourcecode.com/home/library-loading/function-import-methods/getprocaddress-safe.md) - [GetProcAddressDjb2](https://malwaresourcecode.com/home/library-loading/function-import-methods/getprocaddressdjb2.md) - [GetProcAddressFowlerNollVoVariant1a](https://malwaresourcecode.com/home/library-loading/function-import-methods/getprocaddressfowlernollvovariant1a.md) - [GetProcAddressJenkinsOneAtATime32Bit](https://malwaresourcecode.com/home/library-loading/function-import-methods/getprocaddressjenkinsoneatatime32bit.md) - [GetProcAddressLoseLose](https://malwaresourcecode.com/home/library-loading/function-import-methods/getprocaddressloselose.md) - [GetProcAddressMurmur](https://malwaresourcecode.com/home/library-loading/function-import-methods/getprocaddressmurmur.md) - [GetProcAddressRotr32](https://malwaresourcecode.com/home/library-loading/function-import-methods/getprocaddressrotr32.md) - [GetProcAddressSdbm](https://malwaresourcecode.com/home/library-loading/function-import-methods/getprocaddresssdbm.md) - [GetProcAddressSipHash](https://malwaresourcecode.com/home/library-loading/function-import-methods/getprocaddresssiphash.md) - [GetProcAddressSuperFastHash](https://malwaresourcecode.com/home/library-loading/function-import-methods/getprocaddresssuperfasthash.md) - [GetProcAddressUnknownGenericHash1](https://malwaresourcecode.com/home/library-loading/function-import-methods/getprocaddressunknowngenerichash1.md) - [Error Handling](https://malwaresourcecode.com/home/error-handling.md) - [GetLastErrorFromTeb](https://malwaresourcecode.com/home/error-handling/getlasterrorfromteb.md) - [GetLastNtStatusFromTeb](https://malwaresourcecode.com/home/error-handling/getlastntstatusfromteb.md) - [RtlNtStatusToDosErrorViaImport](https://malwaresourcecode.com/home/error-handling/rtlntstatustodoserrorviaimport.md) - [Win32FromHResult](https://malwaresourcecode.com/home/error-handling/win32fromhresult.md) - [Fingerprinting](https://malwaresourcecode.com/home/fingerprinting.md) - [GetNumberOfLinkedDlls](https://malwaresourcecode.com/home/fingerprinting/getnumberoflinkeddlls.md) - [PEB / TEB related](https://malwaresourcecode.com/home/fingerprinting/peb-teb-related.md) - [GetCurrentLocaleFromTeb](https://malwaresourcecode.com/home/fingerprinting/peb-teb-related/getcurrentlocalefromteb.md) - [GetOsBuildNumberFromPeb](https://malwaresourcecode.com/home/fingerprinting/peb-teb-related/getosbuildnumberfrompeb.md) - [GetOsMajorVersionFromPeb](https://malwaresourcecode.com/home/fingerprinting/peb-teb-related/getosmajorversionfrompeb.md) - [GetOsMinorVersionFromPeb](https://malwaresourcecode.com/home/fingerprinting/peb-teb-related/getosminorversionfrompeb.md) - [GetOsPlatformIdFromPeb](https://malwaresourcecode.com/home/fingerprinting/peb-teb-related/getosplatformidfrompeb.md) - [GetPidFromEnumProcesses](https://malwaresourcecode.com/home/fingerprinting/getpidfromenumprocesses.md) - [IsNvidiaGraphicsCardPresent](https://malwaresourcecode.com/home/fingerprinting/isnvidiagraphicscardpresent.md) - [IsProcessRunning (simple)](https://malwaresourcecode.com/home/fingerprinting/isprocessrunning-simple.md) - [Wrappers and Helpers](https://malwaresourcecode.com/home/wrappers-and-helpers.md) - [GetProcessHeapFromTeb](https://malwaresourcecode.com/home/wrappers-and-helpers/getprocessheapfromteb.md) - [GetCurrentThread](https://malwaresourcecode.com/home/wrappers-and-helpers/getcurrentthread.md) - [IsPathValid](https://malwaresourcecode.com/home/wrappers-and-helpers/ispathvalid.md) - [IsDllLoaded](https://malwaresourcecode.com/home/wrappers-and-helpers/isdllloaded.md) - [GetFileSizeFromPath](https://malwaresourcecode.com/home/wrappers-and-helpers/getfilesizefrompath.md) - [IsRegistryKeyValid](https://malwaresourcecode.com/home/wrappers-and-helpers/isregistrykeyvalid.md) - [GetCurrentProcess](https://malwaresourcecode.com/home/wrappers-and-helpers/getcurrentprocess.md) - [GetCurrentProcessIdFromTeb](https://malwaresourcecode.com/home/wrappers-and-helpers/getcurrentprocessidfromteb.md) - [GetCurrentProcessIdFromOffset](https://malwaresourcecode.com/home/wrappers-and-helpers/getcurrentprocessidfromoffset.md) - [ExecuteBinaryShellExecuteEx](https://malwaresourcecode.com/home/wrappers-and-helpers/executebinaryshellexecuteex.md) - [GetProcessPathFromLoaderLoad](https://malwaresourcecode.com/home/wrappers-and-helpers/getprocesspathfromloaderload.md) - [GetProcessPathFromUserProcessParameters](https://malwaresourcecode.com/home/wrappers-and-helpers/getprocesspathfromuserprocessparameters.md) - [GetProcessBinaryNameFromHwnd](https://malwaresourcecode.com/home/wrappers-and-helpers/getprocessbinarynamefromhwnd.md) - [GetCurrentDirectoryFromUserProcessParameters](https://malwaresourcecode.com/home/wrappers-and-helpers/getcurrentdirectoryfromuserprocessparameters.md) - [GetSystemWindowsDirectory](https://malwaresourcecode.com/home/wrappers-and-helpers/getsystemwindowsdirectory.md) - [ImplGetModuleHandle](https://malwaresourcecode.com/home/wrappers-and-helpers/implgetmodulehandle.md) - [Masquerade Peb as Explorer](https://malwaresourcecode.com/home/wrappers-and-helpers/masquerade-peb-as-explorer.md) - [Process Creation Techniques](https://malwaresourcecode.com/home/process-creation-techniques.md) - [WindowsRHotKey](https://malwaresourcecode.com/home/process-creation-techniques/windowsrhotkey.md) - [WindowsRHotKeyEx](https://malwaresourcecode.com/home/process-creation-techniques/windowsrhotkeyex.md) - [IeFrameOpenUrl](https://malwaresourcecode.com/home/process-creation-techniques/ieframeopenurl.md) - [INFSectionInstallString](https://malwaresourcecode.com/home/process-creation-techniques/infsectioninstallstring.md) - [INFSectionInstallString2](https://malwaresourcecode.com/home/process-creation-techniques/infsectioninstallstring2.md) - [INFSetupCommand](https://malwaresourcecode.com/home/process-creation-techniques/infsetupcommand.md) - [CreateProcessFromMsHTML](https://malwaresourcecode.com/home/process-creation-techniques/createprocessfrommshtml.md) - [CreateProcessFromPcwUtilW](https://malwaresourcecode.com/home/process-creation-techniques/createprocessfrompcwutilw.md) - [ShdocVwOpenUrl](https://malwaresourcecode.com/home/process-creation-techniques/shdocvwopenurl.md) - [ShellExecRunDLL](https://malwaresourcecode.com/home/process-creation-techniques/shellexecrundll.md) - [UrlFileProtocolHandler](https://malwaresourcecode.com/home/process-creation-techniques/urlfileprotocolhandler.md) - [CoShellExecute](https://malwaresourcecode.com/home/process-creation-techniques/coshellexecute.md) - [UrlOpenUrl](https://malwaresourcecode.com/home/process-creation-techniques/urlopenurl.md) - [ZipfldrRouteCall](https://malwaresourcecode.com/home/process-creation-techniques/zipfldrroutecall.md) - [NtCreateUserProcess](https://malwaresourcecode.com/home/process-creation-techniques/ntcreateuserprocess.md) - [CreateProcessWithCfGuard](https://malwaresourcecode.com/home/process-creation-techniques/createprocesswithcfguard.md) - [CoShellWindowExecute](https://malwaresourcecode.com/home/process-creation-techniques/coshellwindowexecute.md) - [RunAsNewUserDllW](https://malwaresourcecode.com/home/process-creation-techniques/runasnewuserdllw.md) - [IHxHelpPaneServer](https://malwaresourcecode.com/home/process-creation-techniques/ihxhelppaneserver.md) - [WmiWin32\_CreateProcess](https://malwaresourcecode.com/home/process-creation-techniques/wmiwin32_createprocess.md) - [IHxInteractiveUser](https://malwaresourcecode.com/home/process-creation-techniques/ihxinteractiveuser.md) - [Touch Injection Click on Desktop Binary](https://malwaresourcecode.com/home/process-creation-techniques/touch-injection-click-on-desktop-binary.md) - [Shellcode Execution](https://malwaresourcecode.com/home/shellcode-execution.md) - [CreateThreadAndWaitForCompletion](https://malwaresourcecode.com/home/shellcode-execution/createthreadandwaitforcompletion.md) - [CDefFolderMenu\_Create2](https://malwaresourcecode.com/home/shellcode-execution/cdeffoldermenu_create2.md) - [CertEnumSystemStore](https://malwaresourcecode.com/home/shellcode-execution/certenumsystemstore.md) - [CertEnumSystemStoreLocation](https://malwaresourcecode.com/home/shellcode-execution/certenumsystemstorelocation.md) - [ChooseColorW](https://malwaresourcecode.com/home/shellcode-execution/choosecolorw.md) - [ClusWorkerCreate](https://malwaresourcecode.com/home/shellcode-execution/clusworkercreate.md) - [CreateTimerQueueTimer](https://malwaresourcecode.com/home/shellcode-execution/createtimerqueuetimer.md) - [CryptEnumOIDInfo](https://malwaresourcecode.com/home/shellcode-execution/cryptenumoidinfo.md) - [DSA\_EnumCallback](https://malwaresourcecode.com/home/shellcode-execution/dsa_enumcallback.md) - [EnumChildWindows](https://malwaresourcecode.com/home/shellcode-execution/enumchildwindows.md) - [EnumDateFormatsW](https://malwaresourcecode.com/home/shellcode-execution/enumdateformatsw.md) - [EnumDesktopsW](https://malwaresourcecode.com/home/shellcode-execution/enumdesktopsw.md) - [EnumDesktopWindows](https://malwaresourcecode.com/home/shellcode-execution/enumdesktopwindows.md) - [EnumDirTreeW](https://malwaresourcecode.com/home/shellcode-execution/enumdirtreew.md) - [EnumDisplayMonitors](https://malwaresourcecode.com/home/shellcode-execution/enumdisplaymonitors.md) - [EnumerateLoadedModules64](https://malwaresourcecode.com/home/shellcode-execution/enumerateloadedmodules64.md) - [EnumFontFamiliesExW](https://malwaresourcecode.com/home/shellcode-execution/enumfontfamiliesexw.md) - [EnumFontsW](https://malwaresourcecode.com/home/shellcode-execution/enumfontsw.md) - [EnumLanguageGroupLocalesW](https://malwaresourcecode.com/home/shellcode-execution/enumlanguagegrouplocalesw.md) - [EnumObjects](https://malwaresourcecode.com/home/shellcode-execution/enumobjects.md) - [EnumPwrSchemes](https://malwaresourcecode.com/home/shellcode-execution/enumpwrschemes.md) - [EnumResourceTypesExW](https://malwaresourcecode.com/home/shellcode-execution/enumresourcetypesexw.md) - [EnumSystemCodePagesW](https://malwaresourcecode.com/home/shellcode-execution/enumsystemcodepagesw.md) - [EnumSystemGeoID](https://malwaresourcecode.com/home/shellcode-execution/enumsystemgeoid.md) - [EnumSystemLanguageGroupsW](https://malwaresourcecode.com/home/shellcode-execution/enumsystemlanguagegroupsw.md) - [EnumSystemLocalesEx](https://malwaresourcecode.com/home/shellcode-execution/enumsystemlocalesex.md) - [EnumThreadWindows](https://malwaresourcecode.com/home/shellcode-execution/enumthreadwindows.md) - [EnumTimeFormatsEx](https://malwaresourcecode.com/home/shellcode-execution/enumtimeformatsex.md) - [EnumUILanguagesW](https://malwaresourcecode.com/home/shellcode-execution/enumuilanguagesw.md) - [EnumWindows](https://malwaresourcecode.com/home/shellcode-execution/enumwindows.md) - [EnumWindowStationsW](https://malwaresourcecode.com/home/shellcode-execution/enumwindowstationsw.md) - [EvtSubscribe](https://malwaresourcecode.com/home/shellcode-execution/evtsubscribe.md) - [FlsAlloc](https://malwaresourcecode.com/home/shellcode-execution/flsalloc.md) - [ImageGetDigestStream](https://malwaresourcecode.com/home/shellcode-execution/imagegetdigeststream.md) - [ImmEnumInputContext](https://malwaresourcecode.com/home/shellcode-execution/immenuminputcontext.md) - [InitOnceExecuteOnce](https://malwaresourcecode.com/home/shellcode-execution/initonceexecuteonce.md) - [K32EnumPageFilesW](https://malwaresourcecode.com/home/shellcode-execution/k32enumpagefilesw.md) - [MessageBoxIndirectW](https://malwaresourcecode.com/home/shellcode-execution/messageboxindirectw.md) - [SymEnumProcesses](https://malwaresourcecode.com/home/shellcode-execution/symenumprocesses.md) - [SymEnumSourceFilesW](https://malwaresourcecode.com/home/shellcode-execution/symenumsourcefilesw.md) - [VerifierEnumerateResource](https://malwaresourcecode.com/home/shellcode-execution/verifierenumerateresource.md) - [Compression](https://malwaresourcecode.com/home/compression.md) - [Lempel-Ziv](https://malwaresourcecode.com/home/compression/lempel-ziv.md) - [LzStandardDecompressBuffer](https://malwaresourcecode.com/home/compression/lempel-ziv/lzstandarddecompressbuffer.md) - [LzStandardCompressBuffer](https://malwaresourcecode.com/home/compression/lempel-ziv/lzstandardcompressbuffer.md) - [LzMaximumDecompressBuffer](https://malwaresourcecode.com/home/compression/lempel-ziv/lzmaximumdecompressbuffer.md) - [LzMaximumCompressBuffer](https://malwaresourcecode.com/home/compression/lempel-ziv/lzmaximumcompressbuffer.md) - [Xpress](https://malwaresourcecode.com/home/compression/xpress.md) - [XpressMaximumCompressBuffer](https://malwaresourcecode.com/home/compression/xpress/xpressmaximumcompressbuffer.md) - [XpressMaximumDecompressBuffer](https://malwaresourcecode.com/home/compression/xpress/xpressmaximumdecompressbuffer.md) - [XpressStandardCompressBuffer](https://malwaresourcecode.com/home/compression/xpress/xpressstandardcompressbuffer.md) - [XpressStandardDecompressBuffer](https://malwaresourcecode.com/home/compression/xpress/xpressstandarddecompressbuffer.md) - [Xpress Huff](https://malwaresourcecode.com/home/compression/xpress-huff.md) - [XpressHuffMaximumCompressBuffer](https://malwaresourcecode.com/home/compression/xpress-huff/xpresshuffmaximumcompressbuffer.md) - [XpressHuffMaximumDecompressBuffer](https://malwaresourcecode.com/home/compression/xpress-huff/xpresshuffmaximumdecompressbuffer.md) - [XpressHuffStandardCompressBuffer](https://malwaresourcecode.com/home/compression/xpress-huff/xpresshuffstandardcompressbuffer.md) - [XpressHuffStandardDecompressBuffer](https://malwaresourcecode.com/home/compression/xpress-huff/xpresshuffstandarddecompressbuffer.md) - [Networking](https://malwaresourcecode.com/home/networking.md) - [IPv4IpAddressStructureToString](https://malwaresourcecode.com/home/networking/ipv4ipaddressstructuretostring.md) - [IPv4IpAddressUnsignedLongToString](https://malwaresourcecode.com/home/networking/ipv4ipaddressunsignedlongtostring.md) - [IPv4StringToUnsignedLong](https://malwaresourcecode.com/home/networking/ipv4stringtounsignedlong.md) - [DnsGetDomainNameIPv4AddressAsString](https://malwaresourcecode.com/home/networking/dnsgetdomainnameipv4addressasstring.md) - [DnsGetDomainNameIPv4AddressUnsignedLong](https://malwaresourcecode.com/home/networking/dnsgetdomainnameipv4addressunsignedlong.md) - [GetDomainNameFromIPV4AddressAsString](https://malwaresourcecode.com/home/networking/getdomainnamefromipv4addressasstring.md) - [GetDomainNameFromUnsignedLongIPV4Address](https://malwaresourcecode.com/home/networking/getdomainnamefromunsignedlongipv4address.md) - [SendIcmpEchoMessageToIPv4Host](https://malwaresourcecode.com/home/networking/sendicmpechomessagetoipv4host.md) - [UrlDownloadToFileSynchronous](https://malwaresourcecode.com/home/networking/urldownloadtofilesynchronous.md) - [Lsass Related](https://malwaresourcecode.com/home/lsass-related.md) - [GetLsaPidFromNamedPipe](https://malwaresourcecode.com/home/lsass-related/getlsapidfromnamedpipe.md) - [GetLsaPidFromRegistry](https://malwaresourcecode.com/home/lsass-related/getlsapidfromregistry.md) - [GetLsaPidFromServiceManager](https://malwaresourcecode.com/home/lsass-related/getlsapidfromservicemanager.md) - [Proxied Functions](https://malwaresourcecode.com/home/proxied-functions.md) - [CopyFileViaSetupCopyFile](https://malwaresourcecode.com/home/proxied-functions/copyfileviasetupcopyfile.md) - [CreateFileFromDsCopyFromSharedFile](https://malwaresourcecode.com/home/proxied-functions/createfilefromdscopyfromsharedfile.md) - [DeleteDirectoryAndSubData](https://malwaresourcecode.com/home/proxied-functions/deletedirectoryandsubdata.md) - [IeCreateDirectory](https://malwaresourcecode.com/home/proxied-functions/iecreatedirectory.md) - [IeCreateFile](https://malwaresourcecode.com/home/proxied-functions/iecreatefile.md) - [IsProcessRunningAsAdmin2](https://malwaresourcecode.com/home/proxied-functions/isprocessrunningasadmin2.md) - [IEGetFileAttributesEx](https://malwaresourcecode.com/home/proxied-functions/iegetfileattributesex.md) - [IEMoveFileEx](https://malwaresourcecode.com/home/proxied-functions/iemovefileex.md) - [IERemoveDirectory](https://malwaresourcecode.com/home/proxied-functions/ieremovedirectory.md) - [Evasion](https://malwaresourcecode.com/home/evasion.md) - [AmsiBypass by Patching (OLD)](https://malwaresourcecode.com/home/evasion/amsibypass-by-patching-old.md) - [Delay execution until monitor off](https://malwaresourcecode.com/home/evasion/delay-execution-until-monitor-off.md) - [Unlink DLL from process](https://malwaresourcecode.com/home/evasion/unlink-dll-from-process.md) - [Sleep Obfuscation (unstable)](https://malwaresourcecode.com/home/evasion/sleep-obfuscation-unstable.md) - [Component Object Model](https://malwaresourcecode.com/home/component-object-model.md) - [IsComInitialized](https://malwaresourcecode.com/home/component-object-model/iscominitialized.md) - [CoGetEnvironmentVariableW](https://malwaresourcecode.com/home/component-object-model/cogetenvironmentvariablew.md) - [CoCreateIsoForMounting](https://malwaresourcecode.com/home/component-object-model/cocreateisoformounting.md) - [CoXMLHTTPDownloadByteFileW](https://malwaresourcecode.com/home/component-object-model/coxmlhttpdownloadbytefilew.md) - [CoEnumUPnPDevices](https://malwaresourcecode.com/home/component-object-model/coenumupnpdevices.md) - [Proof-of-Concepts](https://malwaresourcecode.com/home/my-projects/proof-of-concepts.md) - ["Jeff", COM-only keylogger](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/jeff-com-only-keylogger.md) - ["Russian Doll", Recursive file loader](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/russian-doll-recursive-file-loader.md) - ["Branchy", Branchless keylogger](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/branchy-branchless-keylogger.md) - ["Fever Dream" - Code executing when the Windows machine is locked](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/fever-dream-code-executing-when-the-windows-machine-is-locked.md) - [Creating "Ransomware" Using WinRT](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/creating-ransomware-using-winrt.md) - [Getting Clipboard History in C++](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/getting-clipboard-history-in-c++.md) - [Hiding data in GPU VRAM using Direct3D 11](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/hiding-data-in-gpu-vram-using-direct3d-11.md) - [OCRMe, dumping OneDrive Business OCR Data](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/ocrme-dumping-onedrive-business-ocr-data.md) - [Meow Meow Kitty Cat Meow Meow](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/meow-meow-kitty-cat-meow-meow.md) - [MMKCMM Insert](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/meow-meow-kitty-cat-meow-meow/mmkcmm-insert.md) - [MMKCMM Pspsps](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/meow-meow-kitty-cat-meow-meow/mmkcmm-pspsps.md) - [MMKCMM Loader](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/meow-meow-kitty-cat-meow-meow/mmkcmm-loader.md) - [Syscall Trampoline](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/meow-meow-kitty-cat-meow-meow/mmkcmm-loader/syscall-trampoline.md) - [MMKCMM Loader](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/meow-meow-kitty-cat-meow-meow/mmkcmm-loader/mmkcmm-loader.md) - [No Need COM WMI](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/no-need-com-wmi.md) - [Disabling Bitlocker Encryption using undocumented COM objects](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/disabling-bitlocker-encryption-using-undocumented-com-objects.md) - [Stupid callbacks for malware evasion](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/stupid-callbacks-for-malware-evasion.md) - [Microsoft Copilot, Copilot my payload](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/microsoft-copilot-copilot-my-payload.md) - [HTTPS TLS with AFD.sys, WinSocks not necessary](https://malwaresourcecode.com/home/my-projects/proof-of-concepts/https-tls-with-afd.sys-winsocks-not-necessary.md) - [Write-ups](https://malwaresourcecode.com/home/my-projects/write-ups.md) - [A Quick Guide to Defining Malware with $0, Python3, and Windows](https://malwaresourcecode.com/home/my-projects/write-ups/a-quick-guide-to-defining-malware-with-usd0-python3-and-windows.md) - [Why do video games use kernel-mode anti-cheats?](https://malwaresourcecode.com/home/my-projects/write-ups/why-do-video-games-use-kernel-mode-anti-cheats.md) - [Fake Lockbit 5.0 silliness and 3 layers of ransomware lasagna](https://malwaresourcecode.com/home/my-projects/write-ups/fake-lockbit-5.0-silliness-and-3-layers-of-ransomware-lasagna.md) - [Wtf are these Threat Actors doing? XUbuntu malware is dumb and stinky](https://malwaresourcecode.com/home/my-projects/write-ups/wtf-are-these-threat-actors-doing-xubuntu-malware-is-dumb-and-stinky.md) - [The rise of malware mainstream "acceptance" and "popularity" is thanks to the government](https://malwaresourcecode.com/home/my-projects/write-ups/the-rise-of-malware-mainstream-acceptance-and-popularity-is-thanks-to-the-government.md) - [Can "adult" websites actually "infect" your computer?](https://malwaresourcecode.com/home/my-projects/write-ups/can-adult-websites-actually-infect-your-computer.md) - [Free MacOS malware for everyone! Hurry up before Google patches it!](https://malwaresourcecode.com/home/my-projects/write-ups/free-macos-malware-for-everyone-hurry-up-before-google-patches-it.md) - [Some quick notes on Microsoft Copilot](https://malwaresourcecode.com/home/my-projects/write-ups/some-quick-notes-on-microsoft-copilot.md) - [r/PiratedGames drama. Is it malware? Yes. Is it cool malware? No](https://malwaresourcecode.com/home/my-projects/write-ups/r-piratedgames-drama.-is-it-malware-yes.-is-it-cool-malware-no.md) - [MalwareBytes internals (incomplete)](https://malwaresourcecode.com/home/my-projects/write-ups/malwarebytes-internals-incomplete.md) - [Smokest Stealer, a new malware family? Maybe?](https://malwaresourcecode.com/home/my-projects/write-ups/smokest-stealer-a-new-malware-family-maybe.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://malwaresourcecode.com/home/readme.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.