- Ilfak's presentation at Recon 2018
- Microcode in pictures
- Hex-Rays Microcode API vs. Obfuscating Compiler
- Scripts vds10, vds11, vds12 and vds13 from Hex-Rays SDK
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
typedef unsigned char byte; | |
typedef unsigned short uint16; | |
typedef unsigned int uint32; | |
void* get_proc_addr(byte *base, byte *name) | |
{ | |
byte *pe_header = base+*(uint32*)(base+0x3c); | |
byte *exports = base+*(uint32*)(pe_header+0x78); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Copyright (c) 1996, 1998, Oracle and/or its affiliates. All rights reserved. | |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. | |
* | |
* This code is free software; you can redistribute it and/or modify it | |
* under the terms of the GNU General Public License version 2 only, as | |
* published by the Free Software Foundation. Oracle designates this | |
* particular file as subject to the "Classpath" exception as provided | |
* by Oracle in the LICENSE file that accompanied this code. | |
* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
================ | |
PATCHCLEAN.PS1 | |
================= | |
Version 1.0 Patch Folder Cleaner by Greg Linares (@Laughing_Mantis) | |
This Tool will go through the patch folders created by PatchExtract.PS1 and look for files created older | |
than 30 days prior to the current date and move these to a sub folder named "OLD" in the patch folders. |
Below are the steps to get an ARM64 version of Ubuntu running in the QEMU emulator on Windows 10.
Install for Windows from https://qemu.weilnetz.de/w64/ (I used qemu-w64-setup-20181211.exe
)
Put C:\Program Files\qemu
on your PATH, and run the below to check it's working (which will list out
the CPUs the AArch64 emulator can emulate):
qemu-system-aarch64 -M virt -cpu help
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "stdafx.h" | |
int main() | |
{ | |
ICLRMetaHost *metaHost = NULL; | |
IEnumUnknown *runtime = NULL; | |
ICLRRuntimeInfo *runtimeInfo = NULL; | |
ICLRRuntimeHost *runtimeHost = NULL; | |
IUnknown *enumRuntime = NULL; | |
LPWSTR frameworkName = NULL; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/dts-v1/; | |
/ { | |
model = "MT6753"; | |
compatible = "mediatek,MT6735"; | |
interrupt-parent = <0x1>; | |
#address-cells = <0x2>; | |
#size-cells = <0x2>; | |
chosen { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#pragma once | |
// This allows windows.h to be included first, overriding this header file, but be careful | |
// not to do this everywhere as compile-times suffer. | |
#ifndef _WINDOWS_ | |
#define _WIN32_WINNT 0x0601 // _WIN32_WINNT_WIN7 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MTK platform partition meaning | |
#Pre-loader | |
Pre-loader image | |
Handles all the download and secure boot procedure | |
#DSP_BL | |
DSP Boot Loader | |
#MBR、EBR1、EBR2 | |
Ext4 file system partition index table |