This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| hexdump_path=hexdump | |
| cache_path=.symbol_cache | |
| key_word="$1" | |
| function process_one() { | |
| file_path=$1 | |
| if $hexdump_path -n 4 "$file_path" | grep -i '457f 464c' &>/dev/null; then | |
| readelf -s "$file_path" | awk "\$4 ~ /FUNC/ && \$7 ~ /[0-9]+/ {print \"$file_path:\" \$8}" >>$cache_path |
betamaoIS
/ protobufc-ida-analyze.py
Created
June 5, 2022 12:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import tempfile | |
| from binascii import b2a_hex | |
| from functools import partial | |
| import ida_struct | |
| import idaapi | |
| from ida_bytes import get_dword, get_word, get_byte, get_flags, is_code | |
| from ida_nalt import get_imagebase | |
| from idc import get_strlit_contents, get_qword, parse_decl, apply_type, TINFO_GUESSED, find_imm, SEARCH_DOWN, BADADDR, \ |
betamaoIS
/ fixup_pyco_lnotab.py
Created
April 15, 2022 13:57
修复pyc/pyo的行号表,需要pyc/o文件,反编译的py文件,这个代码是python26写的,高版本CodeType有变化需要移植下...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import marshal | |
| import logging | |
| import os | |
| import sys | |
| import re | |
| from types import CodeType | |
| from zipfile import ZipFile | |
| logging.basicConfig( | |
| level=logging.DEBUG, |
betamaoIS
/ Leagsoft-decode.py
Last active
December 27, 2021 07:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os.path | |
| from zipfile import ZipFile | |
| from struct import unpack | |
| from os import walk | |
| CONSTANT_POOL_COUNT_INDEX = 8 | |
| CONSTANT_Utf8_info = 1 | |
| CONSTANT_Methodref_info = 0x0A | |
| CONSTANT_ITEM_SIZE = 0x13 | |
| CONSTANT_ITEM_LENGTH = (0, 0, 0, 5, 5, 9, 9, 3, 3, 5, 5, 5, 5, 0, 0, 4, 3, 0, 5) |