Carlos Garcia Prado carlosgprado
🏠
carlosgprado
/ NTDLL syscall numbers enumerator
Created
April 22, 2014 11:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # After reading this very good article: http://bit.ly/1ic3SDs | |
| # I wanted to quickly do the same in IDAPython. It turns out it is very easy. | |
| # This is a Quick & Dirty hack for Windows XP SP3. EOL, I know but the only VM I have available right now ;) | |
| # For other OS, well you get the idea... | |
| # | |
| for f_ea in Functions(): | |
| fname = GetFunctionName(f_ea) | |
| if fname.startswith('_Nt'): |
carlosgprado
/ solve_flare_6.py
Created
September 16, 2015 21:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Divisors is a massive table in RO memory | |
| # This has to be implemented within IDA | |
| # | |
| from idaapi import * | |
| from idc import * | |
| from idautils import * | |
| # Every key is a pointer to a 0xD94 (divLen / 2) long array |
carlosgprado
/ get_all_comments.py
Created
August 1, 2018 12:16
Get all function comments on IDA Pro
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ------------------------------------- | |
| # Get all comments on a function | |
| # ------------------------------------- | |
| from idc import * | |
| from idaapi import * | |
| from idautils import * | |
| def get_da_comment(ea): | |
| # Try to get a regular comment |