Skip to content

Instantly share code, notes, and snippets.

Avatar

Brendan Dolan-Gavitt moyix

View GitHub Profile
View stacksort.py
#!/usr/bin/env python
import ast
import inspect
import copy
import stackexchange
import BeautifulSoup
namegen_count = 0
def namegen():
@moyix
moyix / keybase.md
Created Jan 26, 2015
Keybase verification
View keybase.md

Keybase proof

I hereby claim:

  • I am moyix on github.
  • I am moyix (https://keybase.io/moyix) on keybase.
  • I have a public key whose fingerprint is 25D0 DE1E 10E2 D15B 0A4C 535B 1806 C710 C230 3F5D

To claim this, I am signing this object:

View argnums.h
// Derived from ntoskrnl and win32k debug symbols using
// pdbparse's pdb_get_syscall_table.py (modified to work
// with 64-bit PDB)
static const int win7_32_nt_args[] = {6, 8, 11, 11, 16, 11, 16, 17, 3, 2, 2, 6,
6, 2, 1, 1, 3, 3, 4, 6, 9, 3, 11, 3, 6, 4, 3, 3, 3, 3, 3, 3, 2, 3, 6, 6, 5, 6,
3, 8, 4, 2, 2, 2, 3, 2, 3, 3, 2, 1, 1, 3, 2, 2, 2, 2, 3, 1, 1, 8, 2, 4, 3, 8, 5,
3, 11, 4, 3, 3, 7, 4, 8, 8, 4, 14, 4, 5, 4, 8, 9, 9, 10, 7, 7, 5, 4, 8, 11, 4,
13, 10, 6, 11, 5, 10, 2, 3, 2, 1, 1, 1, 1, 1, 3, 1, 2, 10, 0, 1, 1, 7, 6, 0, 2,
2, 6, 3, 5, 6, 2, 6, 3, 2, 2, 3, 1, 0, 4, 0, 3, 4, 1, 2, 10, 2, 0, 2, 3, 5, 6,
View unicorn_obj.py
from __future__ import print_function
from unicorn import *
from unicorn.arm64_const import *
from unicorn.arm_const import *
from unicorn.m68k_const import *
from unicorn.mips_const import *
from unicorn.sparc_const import *
from unicorn.unicorn_const import *
from unicorn.x86_const import *
View constraints.txt
[<Bool And((num_bytes_9_64 == 0x0), (num_bytes_10_64 == 0x0), ((!And((48 <= file_/dev/stdin_0_0_7_8), (file_/dev/stdin_0_0_7_8[7:6] == 0), (file_/dev/stdin_0_0_7_8[5:0] <= 57)) && (num_bytes_11_64 == 0x0)) || And((48 <= file_/dev/stdin_0_0_7_8), (file_/dev/stdin_0_0_7_8[7:6] == 0), (file_/dev/stdin_0_0_7_8[5:0] <= 57), (num_bytes_11_64 == 0x1))), ((if (0x7fffffffffffffff <= (if (num_bytes_11_64 == 0x0) then 0x0 else (if (num_bytes_11_64 == 0x1) then 0x0#120 .. (208 + file_/dev/stdin_0_0_7_8) else (if (num_bytes_11_64 == 0x2) then (0xd0 + (0xa * 0x0#120 .. (208 + file_/dev/stdin_0_0_7_8))) else (if (num_bytes_11_64 == 0x3) then (0x8f0 + (0x64 * 0x0#120 .. (208 + file_/dev/stdin_0_0_7_8))) else (if (num_bytes_11_64 == 0x4) then (0x5a30 + (0x3e8 * 0x0#120 .. (208 + file_/dev/stdin_0_0_7_8))) else (if (num_bytes_11_64 == 0x5) then (0x386b0 + (0x2710 * 0x0#120 .. (208 + file_/dev/stdin_0_0_7_8))) else (if (num_bytes_11_64 == 0x6) then (0x2343b0 + (0x186a0 * 0x0#120 .. (208 + file_/dev/stdin_0_0_7_8))) else (if (nu
View findindex.py
#!/usr/bin/env python
import sys
import numpy as np
import struct
f = open(sys.argv[1])
byte_offset = int(sys.argv[2], 0)
ulong_size = struct.unpack("<i", f.read(4))[0]
View rdrand.s
.global do_rdrand
/* Signature: uint32_t do_rdrand(void); */
do_rdrand:
.Lrdrand_retry:
rdrand %rax
jc .Lrdrand_retry /* Fail? */
ret
@moyix
moyix / strcpy_bug.c
Created Jul 8, 2016
Example of an invalid mutation
View strcpy_bug.c
#include <stdio.h>
#include <string.h>
int main(void) {
const char *foo = "this is a test";
char prefix[4] = {};
strncpy(prefix, foo, 4);
// BUGGY: strcpy(prefix, foo);
printf("Prefix: %.4s\n", prefix);
return 0;
View toy.c
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#pragma pack(1)
#define MAGIC 0x4c415641
enum {
TYPEA = 1,
TYPEB = 2
@moyix
moyix / panda_hypercall_struct.h
Created Jul 10, 2016
Source code for toy program instrumented with taint queries
View panda_hypercall_struct.h
#ifndef __PANDA_HYPERCALL_STRUCT_H__
#define __PANDA_HYPERCALL_STRUCT_H__
// For LAVA use only
/*
* Keep me in sync between PANDA and LAVA repos
*/
#ifdef PANDA