mabj
/ smokeloader_pe.py
Created Jun 10, 2020
View smokeloader_pe.py
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| from lief import PE | |
| # Constants | |
| IMAGE_BASE = 0x02060000 | |
| ENTRY_POINT_OFFSET = 0x734 | |
| CODE_PAYLOAD_FILE = 'explorer_02060000.bin' | |
| DATA_PAYLOAD_FILE = 'explorer_00B60000.bin' | |
| FILE_ALIGNMENT = 0x200 |
mabj
/ HexCopy.py
Created Jun 6, 2020
— forked from herrcore/HexCopy.py
IDA Plugin for quickly copying disassembly as encoded hex bytes (updated for IDA 7xx)
View HexCopy.py
| ############################################################################################ | |
| ## | |
| ## One-Click Hex Copy! | |
| ## | |
| ## Updated for IDA 7.xx | |
| ## | |
| ## All credit for actual IOCTL decode logic: | |
| ## http://www.osronline.com/article.cfm?article=229 | |
| ## | |
| ## Big thanks to @gaasedelen for the IDA 7 update ideas: |
mabj
/ calls_compression_looper.cpp
Created Jan 13, 2020
View calls_compression_looper.cpp
| #define _WIN32_WINNT 0x0501 | |
| #define _GLIBCXX_USE_C99 1 | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <windows.h> | |
| #include <iostream> | |
| #include <string> | |
| #include <sstream> |
mabj
/ calls_compression_snip_004_output.txt
Created Jan 10, 2020
View calls_compression_snip_004_output.txt
| [INFO] [2020-01-08 16:37:03,477] <module>(): [+] Original buffer: ['0', '1', '2', '2', '2', '2', '0', '1', '2', '2', '2', '2'] | |
| [INFO] [2020-01-08 16:37:03,477] <module>(): [+] Compressed list: [['0', 2], ['1', 2], ['2', 8]] | |
| [INFO] [2020-01-08 16:37:03,477] <module>(): [+] Compression rate: 75.00% |
mabj
/ calls_compression_snip_004.py
Created Jan 10, 2020
View calls_compression_snip_004.py
| class NGram: | |
| def __init__(self, order): | |
| self.order = order | |
| self.buffer = [] | |
| def add(self, element): | |
| tmp = None | |
| if not element: | |
| return tmp |
mabj
/ calls_compression_pseudo_003.py
Last active Jan 12, 2020
View calls_compression_pseudo_003.py
| class Compressor: | |
| def init(level): | |
| buffer = List(level*2) | |
| def add(element): | |
| tmp = None | |
| if not element: | |
| return tmp | |
| if len(buffer) == level*2: |
mabj
/ calls_compression_pseudo_002.py
Last active Jan 12, 2020
View calls_compression_pseudo_002.py
| compressors = [] | |
| for i in range(1,level): | |
| compressors.append(Compressor(i)) | |
| for e in data: | |
| e1 = checksum(e) | |
| c = compressors[0] | |
| out = c.add(e1) | |
| for c in compressor[1:]: | |
| out = c.add(out) |
mabj
/ calls_compression_snip_003_output.txt
Last active Jan 12, 2020
View calls_compression_snip_003_output.txt
| ['call_0', 'call_1', 'call_2', 'call_2', 'call_2', 'call_2', 'call_0', 'call_1', 'call_2', 'call_2', 'call_2', 'call_2'] | |
| [{'label': 'call_0', 'repeated': 2}, {'label': 'call_1', 'repeated': 2}, {'label': 'call_2', 'repeated': 8}] |
mabj
/ calls_compression_snip_003.py
Last active Jan 12, 2020
View calls_compression_snip_003.py
| import os | |
| import sys | |
| import logging | |
| import hashlib | |
| import numpy | |
| from random import randint | |
| from itertools import groupby, chain | |
| logger = logging.getLogger(__name__) |
mabj
/ calls_compression_snip_002_01.py
Last active Jan 12, 2020
View calls_compression_snip_002_01.py
| data = [0, 1, 2, 2, 2, 2, 0, 1, 2, 2, 2, 2] | |
| lrs = calculate_lrs(data) # [0, 1, 2, 2, 2, 2] <= First While | |
| while lst: | |
| lrs = calculate_lrs() | |
| # [2, 2] <= Second while |
NewerOlder