ANDREAS ACEx86

## rich.py
# based on code from http://trendystephen.blogspot.be/2008/01/rich-header.html
import sys
import struct

# I'm trying not to bury the magic number...
CHECKSUM_MASK = 0x536e6144 # DanS (actuall SnaD)
RICH_TEXT = 'Rich'
RICH_TEXT_LENGTH = len(RICH_TEXT)
PE_START = 0x3c
PE_FIELD_LENGTH = 4

## cap2bin.py
# convert Intel firmware update capsules to plain binaries

import sys
import os.path
import struct

fn = sys.argv[1]
inf = open(fn, "rb")
inf.seek(0xC8)
e=[]

## qt5res.py
## parse and dump Qt resources in current IDB
from PyQt5  import QtCore
import os.path
f = LocByName("?qRegisterResourceData@@YA_NHPBE00@Z")
for x in XrefsTo(f, idaapi.XREF_ALL):
  if x.type==fl_CN:
    callea = x.frm
    push1 = DecodePreviousInstruction(callea)
    if push1.itype != idaapi.NN_push:
      print "no push at %08X!"% push1.ea

## scan_jmp.idc
/*scan for far jumps or calls and print their location and destinations
 jmp: 1= search for jumps(0= calls)
 low16: only consider destinations with offset < 16
*/
static scan_jmp_call(jmp, low16)
{
    // start at the minimal address
    auto a = 0;
    auto x, seg, offs, dest;
    for (a = 0; x != BADADDR; a = x + 5 )// skip 5 bytes (size of far jmp/call opcode)

## dump_hdr.py
#! python2
#-------------------------------------------------------------------------------
# Name:        dump_hdr.py
# Purpose:     dump header of a FujiFilm FinePix firmware update
# see https://reverseengineering.stackexchange.com/questions/22549/identifying-rom-segment-in-unknown-firmware-update-file
# Author:      Igor Skochinsky
#
# Created:     16-11-2019
# Copyright:   (c) Igor Skochinsky 2019
# Licence:     MIT

## Readme.md

      
              3 files
            
          
              1 fork
            
          
              0 comments
            
          
              6 stars
            
          
                codekoriko
                / Readme.md
            
            
              Last active
              June 12, 2024 16:49
            
              
                for Dual Display: calculate both display extends and Shift cursor from one display to the other on a key press
              
          
    For Windows Users only

On Dual Display setup, I found it frustrating that the cursor is not bounded to sides of the display anymore. For example reaching the "close window" button needs precise muscle control whereas before you could simply crash again the top & right screen border and smash that window.
So I keep both display separated and created an AutoHotKey script to shift the cursor from my first to my second display on a press of a button.
Setup:

Separate both Display


Win+S -> search: "extend" -> "Duplicate or extend a connected Display"
Move display 2 far away to the Top/bottom left/right corner.


## gist:0aaa205350f959832bdcc505089c8220
	if (HCERTSTORE hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
		CERT_STORE_OPEN_EXISTING_FLAG|CERT_STORE_READONLY_FLAG|
		CERT_SYSTEM_STORE_LOCAL_MACHINE, L"root"))
	{
		PCCERT_CONTEXT pCertContext = 0;
		while (pCertContext = CertEnumCertificatesInStore(hCertStore, pCertContext))
		{

			UCHAR hash[20];
			ULONG cb = sizeof(hash);
	# based on code from http://trendystephen.blogspot.be/2008/01/rich-header.html
	import sys
	import struct

	# I'm trying not to bury the magic number...
	CHECKSUM_MASK = 0x536e6144 # DanS (actuall SnaD)
	RICH_TEXT = 'Rich'
	RICH_TEXT_LENGTH = len(RICH_TEXT)
	PE_START = 0x3c
	PE_FIELD_LENGTH = 4
	# convert Intel firmware update capsules to plain binaries

	import sys
	import os.path
	import struct

	fn = sys.argv[1]
	inf = open(fn, "rb")
	inf.seek(0xC8)
	e=[]
	## parse and dump Qt resources in current IDB
	from PyQt5 import QtCore
	import os.path
	f = LocByName("?qRegisterResourceData@@YA_NHPBE00@Z")
	for x in XrefsTo(f, idaapi.XREF_ALL):
	if x.type==fl_CN:
	callea = x.frm
	push1 = DecodePreviousInstruction(callea)
	if push1.itype != idaapi.NN_push:
	print "no push at %08X!"% push1.ea
	/*scan for far jumps or calls and print their location and destinations
	jmp: 1= search for jumps(0= calls)
	low16: only consider destinations with offset < 16
	*/
	static scan_jmp_call(jmp, low16)
	{
	// start at the minimal address
	auto a = 0;
	auto x, seg, offs, dest;
	for (a = 0; x != BADADDR; a = x + 5 )// skip 5 bytes (size of far jmp/call opcode)
	#! python2
	#-------------------------------------------------------------------------------
	# Name: dump_hdr.py
	# Purpose: dump header of a FujiFilm FinePix firmware update
	# see https://reverseengineering.stackexchange.com/questions/22549/identifying-rom-segment-in-unknown-firmware-update-file
	# Author: Igor Skochinsky
	#
	# Created: 16-11-2019
	# Copyright: (c) Igor Skochinsky 2019
	# Licence: MIT
	if (HCERTSTORE hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
	CERT_STORE_OPEN_EXISTING_FLAG\|CERT_STORE_READONLY_FLAG\|
	CERT_SYSTEM_STORE_LOCAL_MACHINE, L"root"))
	{
	PCCERT_CONTEXT pCertContext = 0;
	while (pCertContext = CertEnumCertificatesInStore(hCertStore, pCertContext))
	{

	UCHAR hash[20];
	ULONG cb = sizeof(hash);