Executable and Linkable Format (ELF), is the default binary format on Linux-based systems.
gmh gmh5225
🙃
gmh5225
/ x86_relative_shellcode_strings.c
Created
April 23, 2024 03:17
— forked from CCob/x86_relative_shellcode_strings.c
x86 Relative String Addressing Hack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #ifdef _WIN64 | |
| #define DECLARE_STRING(var, str) __attribute__((section(".text"))) char var[] = "\xe8\x00\x00\x00\x00\x58\x48\x83\xc0\x06\xc3" str; | |
| #elif _WIN32 | |
| #define DECLARE_STRING(var, str) __attribute__((section(".text"))) char var[] = "\xe8\x00\x00\x00\x00\x58\x83\xc0\x05\xc3" str; | |
| #endif | |
gmh5225
/ hint_calls.py
Created
March 15, 2024 07:00
— forked from williballenthin/hint_calls.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| IDA plugin to display the calls and strings referenced by a function as hints. | |
| Installation: put this file in your %IDADIR%/plugins/ directory. | |
| Author: Willi Ballenthin <william.ballenthin@fireeye.com> | |
| Licence: Apache 2.0 | |
| ''' | |
| import idc | |
| import idaapi | |
| import idautils |
gmh5225
/ elf_format_cheatsheet.md
Created
March 6, 2024 06:23
— forked from x0nu11byt3/elf_format_cheatsheet.md
ELF Format Cheatsheet
gmh5225
/ implement-an-elf-linker.md
Created
March 5, 2024 16:33
— forked from MaskRay/implement-an-elf-linker.md
Implement an ELF linker
| theme | class | highlighter | fonts | ||||||
|---|---|---|---|---|---|---|---|---|---|
default |
text-center |
MaskRay |
|
gmh5225
/ createprocess.cpp
Created
February 17, 2024 10:09
— forked from senko37/createprocess.cpp
Create process from KernelMode via APC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef struct _STARTUPINFOW { | |
| UINT32 cb; | |
| LPWSTR lpReserved; | |
| LPWSTR lpDesktop; | |
| LPWSTR lpTitle; | |
| UINT32 dwX; | |
| UINT32 dwY; | |
| UINT32 dwXSize; | |
| UINT32 dwYSize; | |
| UINT32 dwXCountChars; |
gmh5225
/ Dump CPP vtable & record layout information
Last active
February 17, 2024 05:07
— forked from GavinRay97/Makefile
Dump C/C++ vtable & record layout information (clang + msvc + gcc)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Requirements: | |
| # clang - The classes/structs you want to dump must be used in code at least once, not just defined. | |
| # MSVC - The classes/structs you want to dump must have "MEOW" in the name for "reportSingleClass" to work. | |
| # Usage: | |
| # $ make dump_vtables file=test.cpp | |
| dump_vtables: | |
| clang -cc1 -fdump-record-layouts -emit-llvm $(file) > clang-vtable-layout-$(file).txt | |
| clang -cc1 -fdump-vtable-layouts -emit-llvm $(file) > clang-record-layout-$(file).txt | |
| g++ -fdump-lang-class=$(file).txt $(file) | |
| cl.exe $(file) /d1reportSingleClassLayoutMEOW > msvc-single-class-vtable-layout-$(file).txt |
gmh5225
/ PoC.cpp
Created
February 4, 2024 15:32
— forked from blair1922/PoC.cpp
EAC Thread Bypass in 1line 💀
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const std::uint64_t current_thread = reinterpret_cast<std::uint64_t>(current_thread); | |
| *reinterpret_cast<ULONG*>(current_thread + 0x560) = FALSE; // this offset is for my OS version which is windows 11 23h2, you can get offsets at https://www.vergiliusproject.com/ | |
| dbg("thread dbg status %i\n", PsIsThreadTerminating(current_thread)); | |
| //now the 1line version (meme): | |
| *reinterpret_cast<ULONG*>(reinterpret_cast<std::uint64_t>(KeGetCurrentThread()) + 0x560) = FALSE; |
gmh5225
/ PoC_Stripped.cpp
Created
February 4, 2024 15:32
— forked from blair1922/PoC_Stripped.cpp
PatchNotGuard
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // you can hook syscalls without triggering KPP or PG, that's just a project for fun | |
| PVOID DisgustingPatchGuard = Utils::FindPatternImage( KBase, "\x40\x53\x48\x83\xEC\x30\x8B\x41\x18" ); | |
| if ( !DisgustingPatchGuard ) | |
| { | |
| Utils::ThrowException( _( "C4GE: FAILED TO FIND PATCHGUARD INITIALIZATION CONTEXT" ) ); | |
| return STATUS_INVALID_ADDRESS; | |
| } | |
| DisgustingPatchGuard = RVA( DisgustingPatchGuard, 7 ); | |
| if ( !DisgustingPatchGuard ) |
gmh5225
/ gist:820a3dcae2f812960e5c2ca601ea1f60
Created
February 4, 2024 04:21
— forked from syoyo/gist:9acc46554723db14d3a5
clang/LLVM for Android ARM64 corss compile script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| rm -rf CMake* | |
| export NDK=/home/syoyo/local/android-ndk-r10e | |
| export SYSROOT=$NDK/platforms/android-21/arch-arm64 | |
| export CC="$NDK/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-gcc" | |
| export CXX="$NDK/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-g++" |
gmh5225
/ bootstrap.sh
Created
February 4, 2024 04:21
— forked from KireinaHoro/bootstrap.sh
Bootstrap aarch64-linux-android clang/llvm toolchain with sanitizers support
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # script that creates clang/llvm cross toolchain for aarch64 android target | |
| # compile a hello world program that runs on AOSP Android: | |
| # test with: adb push hello /data/cache && adb shell /data/cache/hello | |
| # GCC: | |
| # C: aarch64-linux-android-gcc hello.c -o hello -pie | |
| # C++: aarch64-linux-android-g++ hello.cc -o hello -pie -fPIC -static-libgcc \ | |
| # -nostdlib -L/usr/local/aarch64-linux-android/lib -lc++ -lc -nostdinc++ \ | |
| # -I/usr/local/aarch64-linux-android/include/c++/v1 -std=c++11 | |
| # Clang/LLVM: |
NewerOlder