https://github.com/arkane-systems/genie
See Issue arkane-systems/genie#267
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| JETSAM="/System/Library/LaunchDaemons/com.apple.jetsamproperties.D21.plist" | |
| DAEMON="misty.qtierdaemon" | |
| sudo plutil -Version4 -Daemon -Override -key "$DAEMON" -dict $JETSAM | |
| sudo plutil -Version4 -Daemon -Override -key "$DAEMON" -key ActiveHardMemoryLimit -int 256 $JETSAM | |
| sudo plutil -Version4 -Daemon -Override -key "$DAEMON" -key ActiveSoftMemoryLimit -int 256 $JETSAM | |
| sudo plutil -Version4 -Daemon -Override -key "$DAEMON" -key InactiveHardMemoryLimit -int 256 $JETSAM | |
| sudo plutil -Version4 -Daemon -Override -key "$DAEMON" -key InactiveSoftMemoryLimit -int 256 $JETSAM | |
| sudo plutil -Version4 -Daemon -Override -key "$DAEMON" -key EnergyEfficiencyMode -string UserInterface $JETSAM |
NyaMisty
/ outline_graph.py
Created
September 1, 2022 01:02
IDA Graph view with outlined function included
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| summary: drawing custom graphs | |
| description: | |
| Showing custom graphs, using `ida_graph.GraphViewer`. In addition, | |
| show how to write actions that can be performed on those. | |
| keywords: graph, actions | |
| """ | |
| from __future__ import print_function | |
| # ----------------------------------------------------------------------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #*TEMPLATE* | |
| #*TEMPLATE* Rename or copy this file without the .TEMPLATE extension | |
| #*TEMPLATE* | |
| #------------------------------------------------------------------------------ | |
| # JEB Custom Keyboard Shortcuts | |
| #------------------------------------------------------------------------------ | |
| # Uncomment and add your own keyboard shortcuts for the actions for which you'd like to override the default shortcuts | |
| # Example: by default, Jump is mapped to the 'G' key; the following line (minus the # character) can be used to remap the action to CTRL+J: | |
| #jump=Ctrl+J |
NyaMisty
/ mem_scan.c
Last active
September 9, 2022 23:05
search for mem with hex pattern contains wildcards
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| static void* mem_scan(const void* addr, size_t size, const char* hex_pattern) { | |
| union pattern_holder { | |
| struct { | |
| unsigned char content : 8; | |
| unsigned char mask : 8; | |
| }; | |
| wchar_t pat_char; |
NyaMisty
/ extract-installbuilder.tcl
Last active
September 3, 2023 11:11
— forked from zhangyoufu/extract-installbuilder.tcl
extract password-protected InstallBuilder installer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!./tclkit | |
| ## prepare runtime environment | |
| proc init {} { | |
| ## mount optional.pak (for tcltwofish) | |
| set optionalPak installbuilder/paks/optional.pak | |
| vfs::mk4::Mount $optionalPak $optionalPak -readonly | |
| ## adjust library search path | |
| set ::auto_path [list $tcl::kitpath/lib/tcl$::tcl_version $tcl::kitpath/lib $tcl::kitpath/libraries $optionalPak/linux-x64 $tcl::kitpath] |
When you enable HyperV and WSL on the same machine, there'll usually tons of ports being used, see netsh int ipv4 show excl proto=tcp
These excluded ports are managed by winnat (see https://stackoverflow.com/questions/65272764/ports-are-not-available-listen-tcp-0-0-0-0-50070-bind-an-attempt-was-made-to).
HNS is a supporting service for HyperV, managing all HyperV vEthernet adapters and Nat related things.
Sometimes there's some inconsistency between local types and structs view.
Typically, you can see the type in the "Structures" view are zero-lengthed, which should normally be the same size as local type's one.
When this happens, you'll not be able to rename the structure fields in HexRay Decompiler's view, and both hotkey N and right-clicking the item won't show the rename popup.
After reverse engineering the hexx64.dll, I found that IDA tries to do the following things:
NyaMisty
/ idapython_ctree.md
Created
October 29, 2021 15:06
— forked from icecr4ck/idapython_ctree.md
Notes on CTREE usage with IDAPython
The CTREE is built from the optimized microcode (maturity at CMAT_FINAL), it represents an AST-like tree with C statements and expressions. It can be printed as C code.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| import json | |
| import idaapi | |
| import idc | |
| processFields = [ | |
| "ScriptMethod", | |
| "ScriptString", | |
| "ScriptMetadata", | |
| "ScriptMetadataMethod", |