jamslater

## dasm.txt
0000: 1E 05 07 00                                                    push ebp
0004: 00 26 07 00 06 00                                              mov ebp, esp
000A: 1E 05 02 00                                                    push ecx
000E: 00 C6 00 00 07 00 10 00 00 00 00 00 00 00                      mov eax, [ebp+10h]       ; arg1
001C: 00 C6 02 00 07 00 18 00 00 00 00 00 00 00                      mov ecx, [ebp+18h]       ; arg2
002A: 00 A6 03 00 00 00                                              mov edx, [eax]
0030: 0F A6 03 00 02 00                                              cmp edx, [ecx]
0036: 17 01 60 00 00 00 00 00 00 00                                  jbe 0060h
0040: 00 06 00 00 01 00 00 00 00 00 00 00                            mov eax, 1h
004C: 1D 01 34 02 00 00 00 00 00 00                                  jmp 0234h

## dasm.py
# Byte list to little endian value
def bytes_to_le_value(bytes):
    shift = 0
    value = 0
    for byte in bytes:
        value |= byte << shift
        shift += 8
    return value

# Returns list of VM operand types defined by the given bytecode byte

## stage7.py
import hashlib
import time

derivation_key = 'LETSBUILDAVERYWEAKDERIVATIONKEY!'

def msvcrt_rand(seed):
    seed *= 0x343FD
    seed &= 0xFFFFFFFF
    seed += 0x269EC3
    return (seed, (seed >> 0x10) & 0x7FFF)

## dump_pe_rtti.py
#!/usr/bin/env python
import pefile
import struct

def demangle(name):
    if name[:4] == '.?AV' and name[-2:] == '@@':
        return name[4:-2]
    return name

def dword_from_pos(data, pos):

## gist:6287145
from pydbg import *
from pydbg.defines import *
import struct

def dword_from_addr(addr):
    data = dbg.read_process_memory(addr, 4)
    return struct.unpack('<L', data)[0]

def str_from_addr(addr, chunk_size=128):
    buf = ''

## gist:6195746
magic32 = 3237618779
magic28 = 2813506931

def extended_gcd(a, b):
    if b == 0:
        return (1, 0)
    (q, r) = divmod(a, b)
    (s, t) = extended_gcd(b, r)
    return (t, s - q * t)

## gist:6195577
magic32 = 3237618779
magic28 = 2813506931

def check_secret_key(a, b):
    return ((magic28 * a) - (magic32 * b)) == 1

def format_serial(a, b):
    return "%08X:%08X" % (a, b)

a = 1

## gist:6173615
#!/usr/bin/env python
import SocketServer
import SimpleHTTPServer
import urllib
import urllib2
import urlparse
import re

class EliProxy(SimpleHTTPServer.SimpleHTTPRequestHandler):
    def do_POST(self):
	0000: 1E 05 07 00 push ebp
	0004: 00 26 07 00 06 00 mov ebp, esp
	000A: 1E 05 02 00 push ecx
	000E: 00 C6 00 00 07 00 10 00 00 00 00 00 00 00 mov eax, [ebp+10h] ; arg1
	001C: 00 C6 02 00 07 00 18 00 00 00 00 00 00 00 mov ecx, [ebp+18h] ; arg2
	002A: 00 A6 03 00 00 00 mov edx, [eax]
	0030: 0F A6 03 00 02 00 cmp edx, [ecx]
	0036: 17 01 60 00 00 00 00 00 00 00 jbe 0060h
	0040: 00 06 00 00 01 00 00 00 00 00 00 00 mov eax, 1h
	004C: 1D 01 34 02 00 00 00 00 00 00 jmp 0234h
	# Byte list to little endian value
	def bytes_to_le_value(bytes):
	shift = 0
	value = 0
	for byte in bytes:
	value \|= byte << shift
	shift += 8
	return value

	# Returns list of VM operand types defined by the given bytecode byte
	import hashlib
	import time

	derivation_key = 'LETSBUILDAVERYWEAKDERIVATIONKEY!'

	def msvcrt_rand(seed):
	seed *= 0x343FD
	seed &= 0xFFFFFFFF
	seed += 0x269EC3
	return (seed, (seed >> 0x10) & 0x7FFF)
	#!/usr/bin/env python
	import pefile
	import struct

	def demangle(name):
	if name[:4] == '.?AV' and name[-2:] == '@@':
	return name[4:-2]
	return name

	def dword_from_pos(data, pos):
	from pydbg import *
	from pydbg.defines import *
	import struct

	def dword_from_addr(addr):
	data = dbg.read_process_memory(addr, 4)
	return struct.unpack('<L', data)[0]

	def str_from_addr(addr, chunk_size=128):
	buf = ''
	magic32 = 3237618779
	magic28 = 2813506931

	def extended_gcd(a, b):
	if b == 0:
	return (1, 0)
	(q, r) = divmod(a, b)
	(s, t) = extended_gcd(b, r)
	return (t, s - q * t)
	magic32 = 3237618779
	magic28 = 2813506931

	def check_secret_key(a, b):
	return ((magic28 * a) - (magic32 * b)) == 1

	def format_serial(a, b):
	return "%08X:%08X" % (a, b)

	a = 1
	#!/usr/bin/env python
	import SocketServer
	import SimpleHTTPServer
	import urllib
	import urllib2
	import urlparse
	import re

	class EliProxy(SimpleHTTPServer.SimpleHTTPRequestHandler):
	def do_POST(self):