Skip to content

Instantly share code, notes, and snippets.

View enderdzz's full-sized avatar
🎯
Focusing

Ender enderdzz

🎯
Focusing
View GitHub Profile

The ffast and the Furious

This is a small and admittedly contrived demo showing how some weird but safe code could become vulnerable if run in an environment where some shared library has changed the FPU's FTZ/DAZ bits to force denormals to zero.

To run it:

# Create an empty file
$ touch gofast.c      
@muff-in
muff-in / resources.md
Last active May 30, 2024 06:00
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources
@psifertex
psifertex / 1_Snippet_Instructions.txt
Last active May 23, 2024 18:33
my current collection of snippets
Welcome to Jordan's grab-bag of common Binary Ninja Snippets.
These snippest are meant to run with the Binary Ninja Snippets Plugin
(http://github.com/Vector35/snippets) though they can all also be pasted
directly into the python console or turned into stand-alone plugins if needed.
To install the entire collection at once, just install the Snippets plugin via
the plugin manager (CMD/CTL-SHIFT-M), confirm the Snippet Editor works
(Tool/Snippets/Snippet Editor), and unzip this bundle (Download ZIP above) into
your Snippets folder.
@coolreader18
coolreader18 / segfault.py
Last active March 30, 2024 08:05
CPython segfault in 5 lines of code
class E(BaseException):
def __new__(cls, *args, **kwargs):
return cls
def a(): yield
a().throw(E)
@MattPD
MattPD / analysis.draft.md
Last active June 6, 2024 00:22
Program Analysis Resources (WIP draft)
@Jinmo
Jinmo / _.md
Last active May 28, 2024 15:08
C/C++ header to IDA

Usage

In IDAPython,

execfile('<path>/cxxparser.py')
parse_file('<path>/a.cpp',[r'-I<path>\LuaJIT-2.0.5\src', '-D__NT__', '-D__X64__', '-D__EA64__'])
parse_file('<path>/malloc.c',['-target=x86_64-linux-gnu'])
@yifanlu
yifanlu / Ghidra-OSX-Launcher-Script.scpt
Last active April 4, 2024 21:00
Ghidra.app launcher for OSX

manual import resolution

example from 0f5d5d07c6533bc6d991836ce79daaa1:

_0:00F20012 33 D2                   xor     edx, edx
_0:00F20014 64 8B 52 30             mov     edx, fs:[edx+30h] // TEB->PEB
_0:00F20018 8B 52 0C                mov     edx, [edx+0Ch]    // PEB->LDR_DATA
_0:00F2001B 8B 52 14                mov     edx, [edx+14h]    // LDR_DATA->InMemoryOrderLinks (_LDR_DATA_TABLE_ENTRY)
                                                              // alt: 0xC: InLoadOrderLinks
 // alt: 0x1C: InInitializationOrderLinks
@pzread
pzread / textile.md
Last active October 22, 2022 13:13

天衣無縫 ~ Fantastic Seamless Textile ~

When executing a ELF binary, Linux kernel will pass the memory address of PHDR(program header) to userspace by AT_PHDR entry of AUXV.

ld.so interpreter will parse the PHDR structure at memory addressAT_PHDR and resolve more ELF structures, such as dynamic section.

But Linux kernel wrongly calculate the PHDR address in memory.

NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
@rygorous
rygorous / gist:e0f055bfb74e3d5f0af20690759de5a7
Created May 8, 2016 06:54
A bit of background on compilers exploiting signed overflow
Why do compilers even bother with exploiting undefinedness signed overflow? And what are those
mysterious cases where it helps?
A lot of people (myself included) are against transforms that aggressively exploit undefined behavior, but
I think it's useful to know what compiler writers are accomplishing by this.
TL;DR: C doesn't work very well if int!=register width, but (for backwards compat) int is 32-bit on all
major 64-bit targets, and this causes quite hairy problems for code generation and optimization in some
fairly common cases. The signed overflow UB exploitation is an attempt to work around this.