This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file is a copy of gdata.py from pdbparse library ver. 1.5 | |
# (see https://github.com/moyix/pdbparse) | |
# with a few mofifications that are necessary for my scripts to work correctly | |
# Ry Auscitte | |
# Python 2 and 3 | |
from construct import * | |
gsym = Struct( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// WARNING: Could not reconcile some variable overlaps | |
// WARNING: Unknown calling convention yet parameter storage is locked | |
// WARNING: [r2ghidra] Matching calling convention amd64 of function ServerDllInitialization failed, args may be | |
// inaccurate. | |
// WARNING: [r2ghidra] Var arg_10h is stack pointer based, which is not supported for decompilation. | |
// WARNING: [r2ghidra] Var arg_18h is stack pointer based, which is not supported for decompilation. | |
// WARNING: [r2ghidra] Var arg_20h is stack pointer based, which is not supported for decompilation. | |
// WARNING: [r2ghidra] Matching calling convention amd64 of function pdb.RtlStringCchPrintfW failed, args may be | |
// inaccurate. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
struct s0 { | |
struct s0* f0; | |
signed char[3] pad4; | |
struct s0* f4; | |
signed char[1] pad6; | |
uint16_t f6; | |
struct s0* f8; | |
signed char[3] pad12; | |
struct s0* f12; | |
signed char[3] pad16; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Address range: 0x180004f72 - 0x180004f77 | |
int64_t function_180004f72(void) { | |
// 0x180004f72 | |
int64_t result; // 0x180004f72 | |
return result; | |
} | |
// Address range: 0x180004f77 - 0x180004f8a | |
int64_t function_180004f77(void) { | |
// 0x180004f77 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function sym.BASESRV.dll_ServerDllInitialization () { | |
// 92 basic blocks | |
loc_0x180001680: | |
push rbp | |
push rbx | |
push rsi | |
push r12 | |
push r15 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* r2dec pseudo code output */ | |
/* /home/ubuntu/basesrv.dll @ 0x180001680 */ | |
#include <stdint.h> | |
int64_t ServerDllInitialization (int64_t arg_10h, int64_t arg_18h, int64_t arg_20h, int64_t arg1, int64_t arg2, int64_t arg4) { | |
int64_t var_ee8h; | |
int64_t var_ee0h; | |
int64_t var_ea8h; | |
int64_t var_ea0h; | |
int64_t var_e98h; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file is a copy of gdata.py from pdbparse library ver. 1.5 | |
# (see https://github.com/moyix/pdbparse) | |
# with a few mofifications that are necessary for my scripts to work correctly | |
# Ry Auscitte | |
# Python 2 and 3 | |
from construct import * | |
gsym = Struct( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* @file ServerDllInitialization.cpp | |
* @brief Some partially reverse-engineered functions and structures from basesrv.dll (build 1804). | |
* | |
* The file contains ServerDllInitialization(), BaseSrvInitializeIniFileMappings(), and CreateBaseAcls(), | |
* reverse-engineered to the extent and with accuracy necessary to figure out the reason why the OS | |
* installed on authors' laptop failed to boot. | |
* | |
* @author Ry Auscitte | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/python | |
# This file was borrowed from python-registry, version 1.3.1, | |
# and modified by Ry Auscitte to work with a registry-recovery script (breg.py). | |
# This file is part of python-registry. | |
# | |
# Copyright 2011 Will Ballenthin <william.ballenthin@mandiant.com> | |
# while at Mandiant <http://www.mandiant.com> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" Extends Ero Carrera's pefile with the functionality for parsing exception tables (SEH support). | |
Beginning from version 2021.9.3, this functionality has been integrated into pefile, so you will | |
need pefileseh.py only if you use an older version of pefile. | |
Only x64 and IA64 architectures are supported. | |
Classes defined in this module: | |
* StructureWithBitfields | |
* ExceptionsDirEntryData |
OlderNewer