- windows-syscall-nt-csv (from here)
- windows-syscall-32k-csv (from here)
- mac (from here and here)
hshrzd
hshrzd
/ readme.md
Created
June 4, 2021 17:36
— forked from lancejpollard/readme.md
System Call List for Windows, Mac, and Linux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef struct _IMAGE_DOS_HEADER | |
| { | |
| _WORD e_magic; | |
| _WORD e_cblp; | |
| _WORD e_cp; | |
| _WORD e_crlc; | |
| _WORD e_cparhdr; | |
| _WORD e_minalloc; | |
| _WORD e_maxalloc; | |
| _WORD e_ss; |
hshrzd
/ scrdec18-VC8.exe
Created
February 17, 2021 23:04
— forked from bcse/scrdec18-VC8.exe
Windows Script Decoder 1.8 (Decoding JScript.Encoded)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idautils | |
| sc = idautils.Strings() | |
| for s in sc: | |
| curr_str = str(s) | |
| str_offset = s.ea | |
| for xref in idautils.XrefsTo(s.ea): | |
| func = idaapi.get_func(xref.frm) | |
| if not func: |
hshrzd
/ immunity_list_calls_via_reg.py
Created
April 18, 2020 20:27
Immunity PyCommand: list calls via registry
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| (c) hAsh, 2015 run via ImmunityDbg | |
| """ | |
| __VERSION__ = '0.3.1' | |
| __AUTHOR__ = 'hAsh' | |
| import immlib | |
| import pefile |