This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
This was the first version - the newer version also includes *When* it was loaded also. | |
https://gist.github.com/olliencc/e166a64ca211c51eb69111f26ce57bc1 | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# @BorjaMerino (Alpine Security) | |
import lznt1, argparse, os, struct | |
TAG = b'\xC6\xA5\x79\xEA' | |
CHUNK_ID = b'\x49\x44\x41\x54' | |
DWORD = 4 | |
def get_header(png): | |
with open(png, "rb") as file: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// An implementation of GetModuleHandle and GetProcAddress that works with manually mapped modules, forwarded exports, | |
// without a CRT standard library, and uses no Windows API or dependencies. | |
// | |
// Author: Bill Demirkapi | |
// License: MIT, appended at the bottom of this document if you care about licensing and want to credit me in your own project. | |
// | |
#include <Windows.h> | |
#include <winternl.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Keybase proof | |
I hereby claim: | |
* I am BorjaMerino on github. | |
* I am borjamerino (https://keybase.io/borjamerino) on keybase. | |
* I have a public key whose fingerprint is 5A29 5A19 7679 EA52 7236 87FE A619 EC45 526A E877 | |
To claim this, I am signing this object: |