kconner

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

jessica0f0116

{ "apiset entries": [
{ "apiset name": "api-ms-onecoreuap-print-render-l1-1-0", "hosts": "printrenderapihost.dll" },
{ "apiset name": "api-ms-win-appmodel-identity-l1-2-0", "hosts": "kernel.appcore.dll" },
{ "apiset name": "api-ms-win-appmodel-runtime-internal-l1-1-7", "hosts": "kernel.appcore.dll" },
{ "apiset name": "api-ms-win-appmodel-runtime-l1-1-3", "hosts": "kernel.appcore.dll" },
{ "apiset name": "api-ms-win-appmodel-state-l1-1-2", "hosts": "kernel.appcore.dll" },
{ "apiset name": "api-ms-win-appmodel-state-l1-2-0", "hosts": "kernel.appcore.dll" },
{ "apiset name": "api-ms-win-appmodel-unlock-l1-1-0", "hosts": "kernel.appcore.dll" },
{ "apiset name": "api-ms-win-base-bootconfig-l1-1-0", "hosts": "advapi32.dll" },
{ "apiset name": "api-ms-win-base-util-l1-1-0", "hosts": "advapi32.dll" },

uf0o

import random
import sys
import io
from ctypes import windll, POINTER, byref
from ctypes.wintypes import LPVOID, DWORD, LPCSTR, LPSTR, BOOL, HANDLE

DeviceIoControl = windll.kernel32.DeviceIoControl
CreateFileA = windll.kernel32.CreateFileA
CloseHandle = windll.kernel32.CloseHandle

m1ghtym0

#!/usr/bin/env python2
from pwn import *
import sys
import struct

BINARY = './winterpreter.exe'

IS_REMOTE = True
H,P = ('183.107.102.15', 54321)
if not IS_REMOTE:

saelo

|=-----------------------------------------------------------------------=|
|=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=|
|=-----------------------------------------------------------------------=|
|=------------------------------=[ saelo ]=------------------------------=|
|=-----------------------------------------------------------------------=|

The following are some brief notes about the changes that have taken place
since the release of the "Attacking JavaScript Engines" paper [1]. In
general, no big conceptional changes have happened since. Mitigations have
been added to break some of the presented techniques and, as expected, a

icecr4ck

IDAPython cheatsheet

Important links

• Porting IDAPython plugins to IDA 7.4
• Hex-Rays IDAPython official documentation

Basic commands

Get informations on the binary

apogiatzis

import lief
from sys import argv
import colorama

def _color_print(name):
    colorama.init(autoreset=True)
    def color_print(func):
        def wrapper(*args, **kwargs):
            ret = func(*args, **kwargs)
            if ret != False:

chrisdone

Common

export OPT=/opt
export BUILDS=/some/where/mini_linux
mkdir -p $BUILDS

Linux kernel

apsun

/*
 * Hook main() using LD_PRELOAD, because why not?
 * Obviously, this code is not portable. Use at your own risk.
 *
 * Compile using 'gcc hax.c -o hax.so -fPIC -shared -ldl'
 * Then run your program as 'LD_PRELOAD=$PWD/hax.so ./a.out'
 */

#define _GNU_SOURCE
#include <stdio.h>

n30m1nd

Index: server/main.c
===================================================================
--- server/main.c	(revision 1794475)
+++ server/main.c	(working copy)
@@ -434,11 +434,157 @@
     ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
                  "  -X                 : debug mode (only one worker, do not detach)");
 
-    destroy_and_exit_process(process, 1);
+    destroy_and_exit_process(process, 0);