Nguyen Anh Quynh aquynh

## cover_re.py
#!/bin/env python2
# -*- coding: utf-8 -*-
# Solution to Book Cover Crackme from "Praktyczna inżynieria wstecznia
# Edited by Gynvael Coldwind and Mateusz Jurczyk. (Applied Reverse Engineering)
# PWN Bookstore: https://ksiegarnia.pwn.pl/Praktyczna-inzynieria-wsteczna,622427233,p.html
#
# Props to @radekk for his excellent writeup and for capturing the flag. Read his
# writeup at https://vulnsec.com/2017/reverse-engineering-a-book-cover/
#
# This was a fun opportunity to learn how to use Unicorn Engine, Capstone Engine,

## deobfuscate.py
# Slide : https://docs.google.com/presentation/d/1jLUDucNtvGotHw0LOvDonMYwCkXYcb-cnsOWLNt-Ag0
import sys
import pefile
from capstone import *
from capstone.x86 import *
from keystone import *
from datetime import datetime

MAX_DISASM_COUNT = 1000 * 1000
FILE_NAME = r"dump-g4pic.dll"

## armemu.py
#!/usr/bin/python

import sys
from keystone import *
from unicorn import *
from unicorn.arm_const import *
from capstone import *
from capstone.arm import *
from capstone.x86 import *

## shellcode_maker.py
from keystone import *
from capstone import *
from unicorn import *
from unicorn.x86_const import *

from struct import *
from termcolor import *

import os
import sys

## Capstone.DisasmEx.cs
using Gee.External.Capstone;
using Gee.External.Capstone.X86;
using System;
using System.Collections.Generic;
using System.Linq;

namespace InstructionsCheck
{
	/// <summary>This class implements a way to disassemble real-life modules with Capstone.</summary>
	/// <remarks>Real-life x86 and amd64 code contains inline data.

## gadgetFinder.py
import sys
from capstone import *

if len(sys.argv) < 2:
	print 'Error: need file name argument'
	exit()

# Read binary input file into an array
fileName = sys.argv[1]
file = open(fileName, "rb")

## mips_synci.diff
diff --git a/lib/Target/Mips/Disassembler/MipsDisassembler.cpp b/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
index 5d594f1..dd1a29b 100644
--- a/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
+++ b/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
@@ -247,6 +247,11 @@ static DecodeStatus DecodeCacheOp(MCInst &Inst,
                               uint64_t Address,
                               const void *Decoder);

+static DecodeStatus DecodeSyncI(MCInst &Inst,
+                              unsigned Insn,

## python-ptrace_capstone.patch
--- ptrace/disasm.c     2014-04-10 10:30:33.000000000 +1200
+++ ptrace/disasm2.c    2014-09-04 12:52:53.425315639 +1200
@@ -4,28 +4,21 @@

 try:
     from ptrace.cpu_info import CPU_I386, CPU_X86_64
-    try:
-        from distorm3 import Decode
-        if CPU_X86_64:
-            from distorm3 import Decode64Bits as DecodeBits
	#!/bin/env python2
	# -- coding: utf-8 --
	# Solution to Book Cover Crackme from "Praktyczna inżynieria wstecznia
	# Edited by Gynvael Coldwind and Mateusz Jurczyk. (Applied Reverse Engineering)
	# PWN Bookstore: https://ksiegarnia.pwn.pl/Praktyczna-inzynieria-wsteczna,622427233,p.html
	#
	# Props to @radekk for his excellent writeup and for capturing the flag. Read his
	# writeup at https://vulnsec.com/2017/reverse-engineering-a-book-cover/
	#
	# This was a fun opportunity to learn how to use Unicorn Engine, Capstone Engine,
	# Slide : https://docs.google.com/presentation/d/1jLUDucNtvGotHw0LOvDonMYwCkXYcb-cnsOWLNt-Ag0
	import sys
	import pefile
	from capstone import *
	from capstone.x86 import *
	from keystone import *
	from datetime import datetime

	MAX_DISASM_COUNT = 1000 * 1000
	FILE_NAME = r"dump-g4pic.dll"
	#!/usr/bin/python

	import sys
	from keystone import *
	from unicorn import *
	from unicorn.arm_const import *
	from capstone import *
	from capstone.arm import *
	from capstone.x86 import *
	using Gee.External.Capstone;
	using Gee.External.Capstone.X86;
	using System;
	using System.Collections.Generic;
	using System.Linq;

	namespace InstructionsCheck
	{
	/// <summary>This class implements a way to disassemble real-life modules with Capstone.</summary>
	/// <remarks>Real-life x86 and amd64 code contains inline data.
	import sys
	from capstone import *

	if len(sys.argv) < 2:
	print 'Error: need file name argument'
	exit()

	# Read binary input file into an array
	fileName = sys.argv[1]
	file = open(fileName, "rb")
	diff --git a/lib/Target/Mips/Disassembler/MipsDisassembler.cpp b/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
	index 5d594f1..dd1a29b 100644
	--- a/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
	+++ b/lib/Target/Mips/Disassembler/MipsDisassembler.cpp
	@@ -247,6 +247,11 @@ static DecodeStatus DecodeCacheOp(MCInst &Inst,
	uint64_t Address,
	const void *Decoder);

	+static DecodeStatus DecodeSyncI(MCInst &Inst,
	+ unsigned Insn,
	--- ptrace/disasm.c 2014-04-10 10:30:33.000000000 +1200
	+++ ptrace/disasm2.c 2014-09-04 12:52:53.425315639 +1200
	@@ -4,28 +4,21 @@

	try:
	from ptrace.cpu_info import CPU_I386, CPU_X86_64
	- try:
	- from distorm3 import Decode
	- if CPU_X86_64:
	- from distorm3 import Decode64Bits as DecodeBits