This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0000: 1E 05 07 00 push ebp | |
0004: 00 26 07 00 06 00 mov ebp, esp | |
000A: 1E 05 02 00 push ecx | |
000E: 00 C6 00 00 07 00 10 00 00 00 00 00 00 00 mov eax, [ebp+10h] ; arg1 | |
001C: 00 C6 02 00 07 00 18 00 00 00 00 00 00 00 mov ecx, [ebp+18h] ; arg2 | |
002A: 00 A6 03 00 00 00 mov edx, [eax] | |
0030: 0F A6 03 00 02 00 cmp edx, [ecx] | |
0036: 17 01 60 00 00 00 00 00 00 00 jbe 0060h | |
0040: 00 06 00 00 01 00 00 00 00 00 00 00 mov eax, 1h | |
004C: 1D 01 34 02 00 00 00 00 00 00 jmp 0234h |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Byte list to little endian value | |
def bytes_to_le_value(bytes): | |
shift = 0 | |
value = 0 | |
for byte in bytes: | |
value |= byte << shift | |
shift += 8 | |
return value | |
# Returns list of VM operand types defined by the given bytecode byte |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import hashlib | |
import time | |
derivation_key = 'LETSBUILDAVERYWEAKDERIVATIONKEY!' | |
def msvcrt_rand(seed): | |
seed *= 0x343FD | |
seed &= 0xFFFFFFFF | |
seed += 0x269EC3 | |
return (seed, (seed >> 0x10) & 0x7FFF) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import pefile | |
import struct | |
def demangle(name): | |
if name[:4] == '.?AV' and name[-2:] == '@@': | |
return name[4:-2] | |
return name | |
def dword_from_pos(data, pos): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from pydbg import * | |
from pydbg.defines import * | |
import struct | |
def dword_from_addr(addr): | |
data = dbg.read_process_memory(addr, 4) | |
return struct.unpack('<L', data)[0] | |
def str_from_addr(addr, chunk_size=128): | |
buf = '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
magic32 = 3237618779 | |
magic28 = 2813506931 | |
def extended_gcd(a, b): | |
if b == 0: | |
return (1, 0) | |
(q, r) = divmod(a, b) | |
(s, t) = extended_gcd(b, r) | |
return (t, s - q * t) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
magic32 = 3237618779 | |
magic28 = 2813506931 | |
def check_secret_key(a, b): | |
return ((magic28 * a) - (magic32 * b)) == 1 | |
def format_serial(a, b): | |
return "%08X:%08X" % (a, b) | |
a = 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import SocketServer | |
import SimpleHTTPServer | |
import urllib | |
import urllib2 | |
import urlparse | |
import re | |
class EliProxy(SimpleHTTPServer.SimpleHTTPRequestHandler): | |
def do_POST(self): |