Skip to content

Instantly share code, notes, and snippets.

Elias Bachaalany lallousx86

Block or report user

Report or block lallousx86

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View sample-enex.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE en-export SYSTEM "http://xml.evernote.com/pub/evernote-export3.dtd">
<en-export export-date="20130730T205637Z" application="Evernote" version="Evernote Mac">
<note>
<title>Test Note for Export</title>
<content>
<![CDATA[<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE en-note SYSTEM "http://xml.evernote.com/pub/enml2.dtd">
<en-note style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
Hello, World.
@lallousx86
lallousx86 / GhidraDecompiler.java
Created Apr 21, 2019 — forked from guedou/GhidraDecompiler.java
Call the Ghidra decompiler from the command line
View GhidraDecompiler.java
// Copyright (C) 2019 Guillaume Valadon <guillaume@valadon.net>
// This program is published under a GPLv2 license
/*
* Decompile a function with Ghidra
*
* analyzeHeadless . Test.gpr -import $BINARY_NAME -postScript GhidraDecompiler.java $FUNCTION_ADDRESS -deleteProject -noanalysis
*
*/
@lallousx86
lallousx86 / dump_pe_pdb_info.cpp
Created Jun 20, 2017 — forked from luser/dump_pe_pdb_info.cpp
Dump PDB information from a PE file
View dump_pe_pdb_info.cpp
#include <stdio.h>
#include <stdint.h>
#include <Windows.h>
#include <string>
#include <DbgHelp.h>
#pragma comment(lib, "dbghelp.lib")
const DWORD CV_SIGNATURE_RSDS = 0x53445352; // 'SDSR'
@lallousx86
lallousx86 / find_range_templ.cpp
Last active Jul 6, 2017
find_range() using lower_bound of std::map(). The underlying mapped type should implement both is() and contains()
View find_range_templ.cpp
// Test std::map's lower_bound()
#include <stdio.h>
#include <map>
#include <iostream>
struct range_t
{
unsigned long a;
unsigned long b;
@lallousx86
lallousx86 / std_map_lowerbound.cpp
Created Jun 13, 2017
std::map's lower_bound() test
View std_map_lowerbound.cpp
// Test std::map's lower_bound()
#include <stdio.h>
#include <map>
#include <iostream>
struct range_t
{
unsigned long a;
unsigned long b;
@lallousx86
lallousx86 / text2ulli.py
Created Jun 11, 2017
Convert text file to UL and LI items in HTML
View text2ulli.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
out = []
st = 0
out.append('<ul>')
with open('Driving.txt', 'r') as f:
for line in f:
# Skip empty line
if len(line.strip()) == 0:
continue
@lallousx86
lallousx86 / detect_exe.py
Last active May 6, 2017
Small function to detect the executable type
View detect_exe.py
#---------------------------------------------------------------------
EXEFLAG_NONE = 0x0000
EXEFLAG_LINUX = 0x0001
EXEFLAG_WINDOWS = 0x0002
EXEFLAG_MACOS = 0x0004
EXEFLAG_MACOS_FAT = 0x0008
EXEFLAG_32BITS = 0x0010
EXEFLAG_64BITS = 0x0020
# Keep signatures sorted by size
View SEHSample1.cpp
#include <stdio.h>
#include <windows.h> // for EXCEPTION_ACCESS_VIOLATION
#include <excpt.h>
int filter(unsigned int code, struct _EXCEPTION_POINTERS *ep) {
   puts("in filter.");
   if (code == EXCEPTION_ACCESS_VIOLATION) {
      puts("caught AV as expected.");
      return EXCEPTION_EXECUTE_HANDLER;
   }
   else {
@lallousx86
lallousx86 / GetInfoFromAuthenticodeSignedExe.cpp
Created Apr 24, 2017
How To Get Information from Authenticode Signed Executables
View GetInfoFromAuthenticodeSignedExe.cpp
// https://support.microsoft.com/en-us/help/323809/how-to-get-information-from-authenticode-signed-executables
#include <windows.h>
#include <wincrypt.h>
#include <wintrust.h>
#include <stdio.h>
#include <tchar.h>
#pragma comment(lib, "crypt32.lib")
@lallousx86
lallousx86 / ExportedMarkedLocations.py
Last active Apr 20, 2017
Export marked locations in IDA Pro with IDAPython
View ExportedMarkedLocations.py
#
# Export marked location sorted by their address
#
# Get marked locations
Locs = []
idx = 0
while True:
s = idc.GetMarkComment(idx)
if s is None:
You can’t perform that action at this time.