This is a work in progress by someone who is learning about Binary Ninja.
References
- https://api.binary.ninja/binaryninja.binaryview-module.html
- https://gist.github.com/psifertex/6fbc7532f536775194edd26290892ef7
Get database name
Alexander Hanel alexander-hanel
😶
alexander-hanel
/ Malware Analysis Resources.md
Last active
May 1, 2024 03:02
Recommended resources for learning reverse engineering (emphasis on malware analysis)
- Crash Course Computer Science
- Start here.
Check out the first two books but download the Intel Software Manuals and use as references.
- Assembly Language Step by Step
- Easy introduction to Assembly Language
- Assembly Language for X86 Processors by Kip Irvine
alexander-hanel
/ GORE.md
Last active
April 12, 2024 02:33
Go Lang Reverse Engineering Resources/Links
- Dissecting Go Binaries
- Go: Overview of the Compiler
- Go compiler internals: adding a new statement to Go - Part 1
- Go compiler internals: adding a new statement to Go - Part 2
- Reversing GO binaries like a pro
- How a Go Program Compiles down to Machine Code
- Analyzing Golang Executables
- Go Reverse Engineering Tool Kit
- go-internals book
- [Reconstructing Program Semantics from Go Binaries](http://home.in.tum.de/
Occasionally I get asked what resources I would recommend for someone who wants to get into working out or to start exercising. The following is a list of resources that I have found useful over the years.
The first resource I would recommend is the book Core Performance. It is probably the best introductory book that you can read on exercising. Its not a book about picking up weights. That is only one of the seven parts of this book. It covers movement prep (dynamic stretching), prehab, physio-ball routines (stability), elasticity, strength, cardio and regeneration. All of these topics are perfect for anyone getting into exercising or anyone who wants to prevent injuries. The book has beginner, intermediate and advanced routines in the back. TIP: download the app FitNotes. It might take a little bit of time to add your routines but it is the best app a
- https://ollama.com/blog/windows-preview
- https://www.vox.com/the-highlight/24034907/use-anger-productively-motivation-problem-solving
- https://werat.dev/blog/learning-about-debuggers/
- https://revers.engineering/beyond-process-and-object-callbacks-an-unconventional-method/
- https://www.paloaltonetworks.com/blog/security-operations/a-deep-dive-into-malicious-direct-syscall-detection/
- https://mcyoung.xyz/2023/08/01/llvm-ir/
alexander-hanel
/ example.py
Created
February 12, 2024 23:29
A hackish way to extract arguments passed to a function from hex-rays decompiler output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idautils | |
| ea = 0x000000140013188 | |
| name = ida_name.get_ea_name(ea) | |
| print("found") | |
| # get xrefs to function | |
| xrefs = [x for x in idautils.CodeRefsTo(ea, 0)] | |
| for func in xrefs: |
- https://bmcder.com/blog/a-begginers-all-inclusive-guide-to-etw
- https://nasbench.medium.com/a-primer-on-event-tracing-for-windows-etw-997725c082bf
- https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/about-event-tracing-for-drivers
- https://gist.github.com/acumenix/ff377ffada032354ad06f61526efc42e
- https://gist.github.com/Holo-Krzysztof/9600dbe63859ee5a8add1123466be187
- https://gist.github.com/mattifestation/04e8299d8bc97ef825affe733310f7bd
- https://github.com/tpn/winsdk-10/blob/master/Include/10.0.14393.0/shared/TraceLoggingProvider.h
- https://blog.palantir.com/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
- https://posts.specterops.io/data-source-analysis-and-dynamic-windows-re-using-wpp-and-tracelogging-e465f8b653f7
alexander-hanel
/ nopme.py
Last active
January 16, 2024 08:02
IDAPYTHON script for patching bytes that match a regex pattern with NOPs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idautils | |
| import re | |
| import struct | |
| """ | |
| Example 1 | |
| .text:3500108D 60 pusha | |
| .text:3500108E 66 B8 65 4B mov ax, 4B65h | |
| .text:35001092 |
from cmd or Run
powershell -Command "Start-Process cmd -Verb RunAs"
alexander-hanel
/ dll_exports.py
Last active
November 1, 2023 20:57
— forked from OALabs/dll_exports.py
Build dictionary of DLL exports (Windows API Names)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import pefile | |
| import json | |
| INTERESTING_DLLS = [ | |
| 'kernel32.dll', 'comctl32.dll', 'advapi32.dll', 'comdlg32.dll', | |
| 'gdi32.dll', 'msvcrt.dll', 'netapi32.dll', 'ntdll.dll', | |
| 'ntoskrnl.exe', 'oleaut32.dll', 'psapi.dll', 'shell32.dll', | |
| 'shlwapi.dll', 'srsvc.dll', 'urlmon.dll', 'user32.dll', |
NewerOlder