Requirements: Visual Studio and CMake. Run the commands below under
"Developer Command Prompt VS 2022"
git clone https://github.com/zrax/pycdc.git
Blue DeviL blue-devil
blue-devil
/ _jump2itself.md
Last active
February 14, 2024 18:49
Unconditional Branch/Jump to Itself
In reverse engineering we often need an executable binary to mapped in memory, stopped at a certain address. One approach is to modify the executable binary temporarily to jump at its own address. I have written a very small c code and compile it with optimization level 2.
#include <stdio.h>
blue-devil
/ hex_dump.c
Created
May 5, 2023 13:33
C function that prints hex dump of given memory block.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * hex_dump.c | |
| * Copyright (C) 2022 Blue DeviL <bluedevil.SCT@gmail.com> | |
| * | |
| * This program is free software: you can redistribute it and/or modify | |
| * it under the terms of the GNU General Public License as published by | |
| * the Free Software Foundation, either version 3 of the License, or | |
| * (at your option) any later version. | |
| * | |
| * This program is distributed in the hope that it will be useful, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * rbdumbper.c <Raw bytes dumper from commandline> | |
| * Copyright (C) 2022 Blue DeviL <bluedevil.SCT@gmail.com> | |
| * | |
| * This program is free software: you can redistribute it and/or modify | |
| * it under the terms of the GNU General Public License as published by | |
| * the Free Software Foundation, either version 3 of the License, or | |
| * (at your option) any later version. | |
| * | |
| * This program is distributed in the hope that it will be useful, |
blue-devil
/ winbuildnum.h
Last active
December 30, 2022 14:25
Windows 10 and Windows 11 build numbers as C header for IDA Pro
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| enum MACRO_WIN10_BUILDNUM | |
| { | |
| WIN10_b1507 = 0x2800, | |
| WIN10_b1511 = 0x295A, | |
| WIN10_b1607 = 0x3839, | |
| WIN10_b1703 = 0x3AD7, | |
| WIN10_b1709 = 0x3FAB, | |
| WIN10_b1803 = 0x42EE, | |
| WIN10_b1809 = 0x4563, | |
| WIN10_b1903 = 0x47BA, |
blue-devil
/ keybase.md
Created
August 5, 2020 21:06
I hereby claim:
- I am blue-devil on github.
- I am blue_devil (https://keybase.io/blue_devil) on keybase.
- I have a public key ASBQ1QzWnV5DVTPF8VzWP9IWJROWvn4DOjSMqMFJGUaDCwo
To claim this, I am signing this object: