Skip to content

Instantly share code, notes, and snippets.

View jmpews's full-sized avatar
🌴
Zzzzzzz

jmpews(AKA.zz) jmpews

🌴
Zzzzzzz
1.1k followers · 174 following
View GitHub Profile
@jmpews
jmpews / android_native_hook.md
Created November 18, 2020 15:45
android interpreter 
* thread #1, name = 'm.example.dobby', stop reason = signal SIGABRT
  * frame #0: 0x000074c1722b32a8 libc.so`syscall + 24
    frame #1: 0x000074c1722b6213 libc.so`abort + 195
    frame #2: 0x000074c172322162 libc.so`__fortify_fatal(char const*, ...) + 162
    frame #3: 0x000074c172321929 libc.so`HandleUsingDestroyedMutex(pthread_mutex_t*, char const*) + 41
    frame #4: 0x000074c172321804 libc.so`pthread_mutex_lock + 132
    frame #5: 0x000074c171de3e06 libc++.so`std::__1::mutex::lock() + 6
    frame #6: 0x000074be8600a004 libopenjdkjvmti.so`___lldb_unnamed_symbol281$$libopenjdkjvmti.so + 36
    frame #7: 0x000074be86009230 libopenjdkjvmti.so`___lldb_unnamed_symbol280$$libopenjdkjvmti.so + 112
@jmpews
jmpews / dig_il2cpp.md
Created August 20, 2020 07:55
il2cpp

il2cpp runtime dump

void Image::GetTypes(const Il2CppImage* image, bool exportedOnly, TypeVector* target)
{
    size_t typeCount = Image::GetNumTypes(image);

    for (size_t sourceIndex = 0; sourceIndex < typeCount; sourceIndex++)
    {
 const Il2CppClass* type = Image::GetType(image, sourceIndex);
@jmpews
jmpews / x64.md
Last active July 15, 2020 07:30
x86 & x64 architecture manual 

mov rax, rbx // MR encoding

> rex > 0100, W = 1, R = 0, X = 0, B = 0
      > 0100 1 0 0 0 = 0x48
> opcode = 0x89
> ModR/M > REG = 011, Mod = 11, R/M = 000
         > 11 011 000 = 0xd8
> 0x48 0x89 0xd8
@jmpews
jmpews / initial
Last active May 3, 2020 06:58
unknown server configuation
# initial
sudo apt update & sudo apt upgrade & sudo apt install git cmake zsh
# initialize user
useradd -s /bin/bash -d /home/accel -m accel
usermod -s /usr/bin/zsh
# docker
https://docs.docker.com/engine/install/ubuntu/
@jmpews
jmpews / tmux.conf
Last active March 30, 2020 00:03
conf
#设置前缀为Ctrl + a
set -g prefix C-b
#解除Ctrl+b 与前缀的对应关系
unbind C-a
# 绑定 R 重载配置文件
bind r source-file ~/.tmux.conf \; display "Reloaded!"
# Set default shell to zsh
@jmpews
jmpews / llvm_build.md
Last active March 5, 2021 07:17
llvm build 
cmake -G Ninja \
-DLLVM_ENABLE_PROJECTS="clang;lld;libcxx;libcxxabi;libunwind;compiler-rt" \
-DLLVM_TARGETS_TO_BUILD="X86;AArch64;ARM;WebAssembly" \
-DLLVM_BUILD_TESTS=OFF \
-DLLVM_BUILD_EXAMPLES=OFF \
-DLLVM_INCLUDE_TESTS=OFF \
-DLLVM_INCLUDE_EXAMPLES=OFF \
-DBUILD_SHARED_LIBS=ON \
-DCMAKE_BUILD_TYPE=Debug \
@jmpews
jmpews / powershell_snippet.md
Created January 14, 2020 06:06
powershell snippet 
# create symbol link
New-Item -ItemType SymbolicLink -Name Mystique -Value D:\Codehub\LLVMext\llvm-project-swift-5.1.3\llvm-project-swift-5.1.3-RELEASE\llvm\lib\Mystique -Path D:\Codehub\PersonalOpensource\Mystique
@jmpews
jmpews / xnu_internal_function.md
Last active November 30, 2019 12:07
xnu internal function 
task_create_internal

pmap_create_internal
@jmpews
jmpews / ida_python_script.py
Last active January 4, 2022 16:11
ida python script
import binascii
def memory_dump(ea, size, file):
data = idc.get_bytes(ea, size, use_dbg = 0)
with open(file, "wb") as fp:
fp.write(data)
print("memory dump success!")
# memdump(0x1E140, 25978, "C:/Users/vm/Desktop/ios_sandbox_kext/dump.bin")
def print_hex_format(ea, size):
@jmpews
jmpews / SandboxDig.md
Created November 7, 2019 15:24
reversing Sandbox kext

macOS Sandbox.kext

  if ( (unsigned int)do_profile_create(&platform_profile, &the_real_platform_profile_data, 0LL, 25978LL, 0LL) )
    panic(
      "\"failed to initialize platform sandbox\"@/BuildRoot/Library/Caches/com.apple.xbs/Sources/Sandbox_executables/Sand"
      "box-851.201.1/src/kext/kext.c:3434");
}