Skip to content

Instantly share code, notes, and snippets.

View RC1140's full-sized avatar
🎿
NOP Sledding

Jameel RC1140

🎿
NOP Sledding
74 followers · 262 following
View GitHub Profile
@RC1140
RC1140 / task1.1.asm
Last active December 15, 2015 01:38
_f proc near
input = dword ptr 8
push ebp ;Stack winding , remember where we came from.
mov ebp, esp ;Stack winding , update the current stack locations.
movzx eax, byte ptr [ebp+input] ; Move the byte value @ the address [ebp + input] and extend it if needed into the eax register
; eax now contains the the first 8 bytes of the stack for the current function which is your first parameter passed to the function
lea edx, [eax-61h] ; This subtracts 61h from eax (the parameter passed in ) and sets edx to the result.
; Assuming we passed in the letter 'a' , this would result in 61h - 61h == 0 in edx
cmp dl, 19h ; Compare the lower register of edx to 19h , if the value is less than 19h then we
; we know we are dealing with lower case letters. Otherwise this is an upper case letter or some other char which means we can ignore it.
@RC1140
RC1140 / compare.c
Created March 17, 2013 11:19
char toupper ( char c )
{
if( c >= ’a’ && c <= ’z’ ) {
c = c - ’a’ + ’A’;
}
return( c );
}
@RC1140
RC1140 / task1.2.asm
Created March 19, 2013 11:57
_f proc near
var_10 = dword ptr -10h
var_9 = byte ptr -9
input = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
jmp short loc_8048410
loc_804840C:
add [ebp+input], 4
@RC1140
RC1140 / convertToLitteEndian.py
Created December 5, 2013 12:56
Converts a memory address to little endian , useful for exploits and such , also prints the format used in an exploit.
import sys
if len(sys.argv) == 1:
sys.exit(-1)
memAddress = sys.argv[1]#'bffffe65'#
start = len(memAddress)
print(memAddress)
outAddress = ''
hexAddress = ''
for i in range(len(memAddress),0,-2):
start -= 2
@RC1140
RC1140 / arborDemoStep1.html
Created June 20, 2011 19:18
<html>
<head>
<script language="javascript" type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script language="javascript" type="text/javascript" src="http://localhost/arbor/lib/arbor.js" ></script>
<script language="javascript" type="text/javascript" src="http://localhost/arbor/demos/_/graphics.js" ></script>
<script language="javascript" type="text/javascript" src="http://localhost/arbor/demos/halfviz/src/renderer.js" ></script>
</head>
<body>
<canvas id="viewport" width="800" height="600"></canvas>
<script language="javascript" type="text/javascript">
@RC1140
RC1140 / cascade.asm
Created March 17, 2013 20:16
Source code for the cascade virus
PAGE 62,132
TITLE _HLV_
SUBTTL Layout (C) 1990 164A12565AA18213165556D3125C4B962712
.RADIX 16
.LALL
TRUE EQU 1
FALSE EQU 0
MONTH EQU 9D
@RC1140
RC1140 / eBPFOverwrite
Created November 5, 2020 08:49
sudo bpftrace -e 'k:__x64_sys_getuid /comm == "id"/ { override(99); }' --unsafe -c /usr/bin/id
@RC1140
RC1140 / gist:3299197
Created August 8, 2012 22:01
Arduino LCD Scrolling
#include <LiquidCrystal.h>
#include <string.h>
// initialize the library with the numbers of the interface pins
LiquidCrystal lcd(7, 8, 9, 10, 11, 12);
char message[] = "This is some long message that will end up scrolling";
int previous = 0;
int pos = 0;