Elias Bachaalany lallousx86
lallousx86
/ get_rop_gadget_string
Created
September 11, 2014 23:34
Return the body of a ROP gadget as a string
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi | |
| import idautils | |
| import idc | |
| def get_rop_gadget_string(addr): | |
| gb = [] | |
| while True: | |
| # Decode | |
| i = idautils.DecodeInstruction(addr) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static class XmlExtensions | |
| { | |
| static public string GetAttrValue( | |
| this XmlNode node, | |
| string AttrName) | |
| { | |
| try | |
| { | |
| return node.Attributes[AttrName].Value; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static class ListViewExtensions | |
| { | |
| public static string GetItemsString( | |
| this System.Windows.Forms.ListViewItem lvi, | |
| string SurroundL = "\"", | |
| string SurroundR = "\"", | |
| string Join = "\t") | |
| { | |
| List<string> s = new List<string>(); | |
| foreach (System.Windows.Forms.ListViewItem.ListViewSubItem CurSub in lvi.SubItems) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //------------------------------------------------------------------------- | |
| PDWORD FindFuncEATAddressSlot( | |
| HMODULE hModule, | |
| LPCSTR FuncName) | |
| { | |
| if (hModule == nullptr) | |
| return nullptr; | |
| ULONG_PTR Base = ULONG_PTR(hModule); |
lallousx86
/ ExportedMarkedLocations.py
Last active
April 20, 2017 17:51
Export marked locations in IDA Pro with IDAPython
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Export marked location sorted by their address | |
| # | |
| # Get marked locations | |
| Locs = [] | |
| idx = 0 | |
| while True: | |
| s = idc.GetMarkComment(idx) | |
| if s is None: |
lallousx86
/ GetInfoFromAuthenticodeSignedExe.cpp
Created
April 24, 2017 17:43
How To Get Information from Authenticode Signed Executables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://support.microsoft.com/en-us/help/323809/how-to-get-information-from-authenticode-signed-executables | |
| #include <windows.h> | |
| #include <wincrypt.h> | |
| #include <wintrust.h> | |
| #include <stdio.h> | |
| #include <tchar.h> | |
| #pragma comment(lib, "crypt32.lib") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> // for EXCEPTION_ACCESS_VIOLATION | |
| #include <excpt.h> | |
| int filter(unsigned int code, struct _EXCEPTION_POINTERS *ep) { | |
| puts("in filter."); | |
| if (code == EXCEPTION_ACCESS_VIOLATION) { | |
| puts("caught AV as expected."); | |
| return EXCEPTION_EXECUTE_HANDLER; | |
| } | |
| else { |
lallousx86
/ detect_exe.py
Last active
May 6, 2017 00:57
Small function to detect the executable type
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--------------------------------------------------------------------- | |
| EXEFLAG_NONE = 0x0000 | |
| EXEFLAG_LINUX = 0x0001 | |
| EXEFLAG_WINDOWS = 0x0002 | |
| EXEFLAG_MACOS = 0x0004 | |
| EXEFLAG_MACOS_FAT = 0x0008 | |
| EXEFLAG_32BITS = 0x0010 | |
| EXEFLAG_64BITS = 0x0020 | |
| # Keep signatures sorted by size |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # -*- coding: utf-8 -*- | |
| out = [] | |
| st = 0 | |
| out.append('<ul>') | |
| with open('Driving.txt', 'r') as f: | |
| for line in f: | |
| # Skip empty line | |
| if len(line.strip()) == 0: | |
| continue |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //-------------------------------------------------------------------------- | |
| #pragma warning(push) | |
| #pragma warning(disable: 4127) | |
| template <class DT, class ST> class AnsiOrWideString_t | |
| { | |
| const DT *dstr; | |
| bool bOwned; | |
| AnsiOrWideString_t &operator =(const AnsiOrWideString_t &) { } | |
| AnsiOrWideString_t(const AnsiOrWideString_t &) { } |
OlderNewer