Skip to content

Instantly share code, notes, and snippets.

View mahmoudimus's full-sized avatar
💭
@_@

Mahmoud Rusty Abdelkader mahmoudimus

💭
@_@
293 followers · 928 following
View GitHub Profile
@mahmoudimus
mahmoudimus / crossover-howtocompile.md
Created December 30, 2022 00:24 — forked from sarimarton/crossover-howtocompile.md
CodeWeavers CrossOver - How to compile from source! for macOS

This has been forked from https://gist.github.com/Alex4386/4cce275760367e9f5e90e2553d655309

For the latest discussion, see the comments there.

Updated guide (for CrossOver 20.0.0)

  • Install dependencies: Xcode developer tools (Command Line); cmake; gcc or clang to compile C code; bison >= 3.0 (can be upgraded via homebrew); xquartz; flex; mingw-w64; pkgconfig; you might also need freetype with brew install freetype
  • Make sure the right version of bison is in path: brew upgrade bison then check version and cd /usr/local/Cellar/bison/<version>/bin and export PATH="$(pwd):$PATH" then check with which bison
  • Download source (CodeWeavers CrossOver FOSS version Source) and extract it (double click the file in Finder or untar it: tar -xz source.tar.gz)
  • Add missing wine/include/distversion.h file with this content:
@mahmoudimus
mahmoudimus / hello_world_plugin.py
Created December 26, 2022 17:34 — forked from cmatthewbrooks/hello_world_plugin.py
The simplest possible IDA plugin with multiple actions
##############################################################################
#
# Name: hello_world_plugin.py
# Auth: @cmatthewbrooks
# Desc: A test plugin to learn how to make these work; Specifically, how to
# have multiple actions within the same plugin.
#
# In plain English, IDA will look for the PLUGIN_ENTRY function which
# should return a plugin object. This object can contain all the
# functionality itself, or it can have multiple actions.
@mahmoudimus
mahmoudimus / inject.py
Created December 22, 2022 22:11 — forked from romainthomas/inject.py
Mach-O code injection with LIEF and shell-factory
#!/usr/bin/env python
# Script associated with the blog post: https://lief-project.github.io/blog/2022-05-08-macho/
# It demonstrates code injection with shell-factory and LIEF
import lief
import pathlib
from pathlib import Path
CWD = Path(__file__).parent
@mahmoudimus
mahmoudimus / CodeCaveFinder.md
Last active December 22, 2022 19:30
(Python) Code Cave By Jean-Pierre LESUEUR

(Python) Code Cave By Jean-Pierre LESUEUR

Taken from https://unprotect.it/snippet/code-cave/54/

Description

-f / --file : Valid PE File location (Ex: /path/to/calc.exe).
-p / --payload : Shellcode Payload (Example: "\x01\x02\x03…\x0a").
-x / --encrypt : Encrypt main section (entry point section).
@mahmoudimus
mahmoudimus / fcntl.py
Created December 21, 2022 01:01
Fake fcntl module for windows
"""
This *fake* module is for windows only
Based on:
- https://github.com/facebook/tornado/blob/master/tornado/win32_support.py
- https://github.com/typecode/wikileaks/blob/23a6243df473102a9a1b84f5dde66173df3132b5/lib/tornado/win32_support.py
- https://raw.githubusercontent.com/twisted/twistedmatrix.com-trac-attachments/0a05e3294e7488d8864a73666a007db842c9633e/ticket/bc1/bc1a1f5e1875e3916492b3b509f58cd420eba1d5/b683c2d57b5d19e4fb24a78b44e76ad9129fe19f.patch
- https://github.com/yt-dlp/yt-dlp/blob/1fc089143c79b02b8373ae1d785d5e3a68635d4d/yt_dlp/utils.py#L2095-L2150
"""
@mahmoudimus
mahmoudimus / Microsoft.PowerShell_profile.ps1
Last active September 23, 2023 16:36
M$ Windowz Powershell mapping
# Inspirations from:
# - https://github.com/tex2e/blog/blob/master/_posts/powershell/2021-01-11-open.md?plain=1
# - https://github.com/PowerShell/Community-Blog/blob/main/Posts/2022/07/cheat-sheet-console-experience.md?plain=1
# Other PowerShell profiles
# - https://github.com/mikemaccana/powershell-profile/blob/master/defaults.ps1
# - https://github.com/staxmanade/DevMachineSetup/blob/master/initProfile.ps1
# - https://github.com/epoweripione/dotfiles/blob/main/powershell/Microsoft.PowerShell_profile.ps1
# - https://github.com/effs/dotfiles/blob/main/powershell/pwsh7_profile.ps1
# - https://github.com/razy69/Powershell/blob/master/Doc/Machine_Profile.ps1
@mahmoudimus
mahmoudimus / mac4win.ahk
Last active January 17, 2023 13:39
autohotkey mac4win/emacs
/*
Symbol Key
^ RCtrl
! Alt
# Windows Key (cmd in mac keyboard)
+ SHIFT
#c::Send, ^c
#v::Send, ^v
#x::Send, ^x
@mahmoudimus
mahmoudimus / patches.txt
Created December 19, 2022 22:36 — forked from interferenc/patches.txt
Skylake-X and X299 BIOS patches to disable MSR 0xE2 lock AND TSC Fix
# SiInit
299D6F8B-2EC9-4E40-9EC6-DDAA7EBF5FD9 12 P:81E10080000033C1:9090909090909090
# PpmInitialize Reset IA32_TSC_ADJUST to 0 instead of enforcing 0xE2 lock
3FFCAE95-23CF-4967-94F5-16352F68E43B 10 P:742CB9E20000000F3248C1E220480BC20FBAE00F488944240872130FBAE80F89442408488B54240848C1EA200F30:BA00000000B800000000B93B0000000F309090909090909090909090909090909090909090909090909090909090
# CpuInitPei Reset IA32_TSC_ADJUST to 0 instead of enforcing 0xE2 lock
01359D99-9446-456D-ADA4-50A711C03ADA 12 P:B9E20000000F328BC8BE0080000023CE0BCF75190BC6894424088954240C8B54240C8B442408B9E20000000F30:BA00000000B800000000B93B0000000F3090909090909090909090909090909090909090909090909090909090
# CpuMpDxe to disable TSC writes
@mahmoudimus
mahmoudimus / idapython_cheatsheet.md
Created December 16, 2022 04:56 — forked from icecr4ck/idapython_cheatsheet.md
Cheatsheet for IDAPython
@mahmoudimus
mahmoudimus / DemangleRust.py
Created December 12, 2022 23:11 — forked from str4d/DemangleRust.py
Ghidra script for demangling Rust symbols
# Attempts to demangle all mangled symbols in the current program using the Rust
# mangling schemes, and replace the default symbol and function signature
# (if applicable) with the demangled symbol.
#
# License: MIT OR Apache-2.0
#@author Jack Grigg <thestr4d@gmail.com>
#@category Symbol
import string