Elias Bachaalany lallousx86
lallousx86
/ GetInfoFromAuthenticodeSignedExe.cpp
Created
April 24, 2017 17:43
How To Get Information from Authenticode Signed Executables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://support.microsoft.com/en-us/help/323809/how-to-get-information-from-authenticode-signed-executables | |
| #include <windows.h> | |
| #include <wincrypt.h> | |
| #include <wintrust.h> | |
| #include <stdio.h> | |
| #include <tchar.h> | |
| #pragma comment(lib, "crypt32.lib") |
lallousx86
/ ExportedMarkedLocations.py
Last active
April 20, 2017 17:51
Export marked locations in IDA Pro with IDAPython
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Export marked location sorted by their address | |
| # | |
| # Get marked locations | |
| Locs = [] | |
| idx = 0 | |
| while True: | |
| s = idc.GetMarkComment(idx) | |
| if s is None: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //------------------------------------------------------------------------- | |
| PDWORD FindFuncEATAddressSlot( | |
| HMODULE hModule, | |
| LPCSTR FuncName) | |
| { | |
| if (hModule == nullptr) | |
| return nullptr; | |
| ULONG_PTR Base = ULONG_PTR(hModule); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static class ListViewExtensions | |
| { | |
| public static string GetItemsString( | |
| this System.Windows.Forms.ListViewItem lvi, | |
| string SurroundL = "\"", | |
| string SurroundR = "\"", | |
| string Join = "\t") | |
| { | |
| List<string> s = new List<string>(); | |
| foreach (System.Windows.Forms.ListViewItem.ListViewSubItem CurSub in lvi.SubItems) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static class XmlExtensions | |
| { | |
| static public string GetAttrValue( | |
| this XmlNode node, | |
| string AttrName) | |
| { | |
| try | |
| { | |
| return node.Attributes[AttrName].Value; | |
| } |
lallousx86
/ get_rop_gadget_string
Created
September 11, 2014 23:34
Return the body of a ROP gadget as a string
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi | |
| import idautils | |
| import idc | |
| def get_rop_gadget_string(addr): | |
| gb = [] | |
| while True: | |
| # Decode | |
| i = idautils.DecodeInstruction(addr) |
NewerOlder