View dll_functions.txt
advapi32.dll, ADVAPI32_1000
advapi32.dll, I_ScGetCurrentGroupStateW
advapi32.dll, A_SHAFinal
advapi32.dll, A_SHAInit
advapi32.dll, A_SHAUpdate
advapi32.dll, AbortSystemShutdownA
advapi32.dll, AbortSystemShutdownW
advapi32.dll, AccessCheck
advapi32.dll, AccessCheckAndAuditAlarmA
advapi32.dll, AccessCheckAndAuditAlarmW
from idaapi import *
from idautils import *
def ROR(x, n):
return ((x >> n) | (x << (32 - n))) & 0xFFFFFFFF
def calc_FBI_hash(dllname, function):
dll_hash = 0
for char in dllname:
View diasasm.asm
; Input SHA256 : 3A74FBDF96B5E73F930F5887A82E4008FFB8484AE180DD3F7DE7480BC5577345
; Input MD5 : 614D07EF7777CFF5CFDF741587A097DA
; Input CRC32 : B326AB6B
; ---------------------------------------------------------------------------
; File Name : D:\_anal_temp\shellcode2.bin
; Format : Binary file
; Base Address: 0000h Range: 0000h - 02FCh Loaded length: 02FCh
import struct
import hashlib
def ROR(x, n):
return ((x >> n) | (x << (32 - n))) & 0xFFFFFFFF
def ROL(x, n):
return ((x << n) | ((x) >> (32-(n)))) & 0xFFFFFFFF
def matrix_print(matrix):
View fonts_check_result.txt
My attempt to check signatures of font files (*.ttc and *.ttf) from Dragos Ruiu's #badBIOS kit:
Used tools:
Sysinternals Sigcheck v2.01:
mssipotf.dll - DLL file that implements a Subject Interface Package (SIP) for font files:
algcheck.exe - Homemade tool for checking signing algorithm and public key size
Following files don't have digital signature: