Skip to content

Instantly share code, notes, and snippets.

View mrexodia's full-sized avatar
❤️
‌‌

Duncan Ogilvie mrexodia

❤️
‌‌
View GitHub Profile
@mrexodia
mrexodia / binja.sh
Created December 17, 2024 10:13
Simple utility to quickly open a file in Binary Ninja on your mac
#!/bin/sh
if [ "$#" -gt 1 ]; then
xattr -dr com.apple.quarantine "$1"
fi
open -a "Binary Ninja" $*
#!/bin/bash
FEATURE=$(git branch --show-current)
if git show-ref --quiet refs/remotes/origin/main; then
MAIN=main
elif git show-ref --quiet refs/remotes/origin/master; then
MAIN=master
else
echo "No main branch found" >&2
exit 1
@mrexodia
mrexodia / myexe.c
Created November 26, 2024 14:28
Portable static constructor in C for MSVC, GCC and Clang (Windows, Linux, macos)
#include <stdio.h>
extern void mylib_test();
int main()
{
puts("Hello, world!");
// NOTE: Your project must use at least one symbol from the static library
mylib_test();
@mrexodia
mrexodia / PEmulator-icicle.py
Last active December 17, 2024 18:51
String decryption with icicle
import pefile
import icicle
# Section flags
IMAGE_SCN_MEM_SHARED = 0x10000000
IMAGE_SCN_MEM_EXECUTE = 0x20000000
IMAGE_SCN_MEM_READ = 0x40000000
IMAGE_SCN_MEM_WRITE = 0x80000000
class PEmulator:
import time
import pyautogui
if __name__ == "__main__":
while True:
x, y = pyautogui.position()
h = 400
count = 0
print("testing...")
@mrexodia
mrexodia / hijack-entrypoint.cpp
Last active July 7, 2024 13:05
Example code to show how to execute shellcode from DllMain only once per hijacked DLL.
#include <Windows.h>
#include <intrin.h>
typedef void (*RtlUserThreadStart_t)(PTHREAD_START_ROUTINE fpTransferAddress, PVOID pContext);
static RtlUserThreadStart_t original_RtlUserThreadStart;
static void hook_RtlUserThreadStart(PTHREAD_START_ROUTINE fpTransferAddress, PVOID pContext)
{
MessageBoxA(0, "!Entry point hijacked", "Success", MB_SYSTEMMODAL | MB_RTLREADING);
@mrexodia
mrexodia / bzexcluderules_editable.xml
Created March 9, 2023 09:38
Backblaze exclusions
<?xml version="1.0" encoding="UTF-8" ?>
<bzexclusions>
<!-- Editable Exclusions: You may edit this file. WARNING: ONLY FOR ADVANCED USERS! -->
<!-- To restore the defaults, remove this file (it will return).-->
<!-- -->
<!-- Rule 1: All the excludefname_rule below are case insensitive. -->
<!-- -->
<!-- Rule 2: a file must match ALL criteria on the line to be excluded from backup. -->
@mrexodia
mrexodia / IDAReferences.java
Last active August 3, 2024 22:58
Actually nice to use references for Ghidra
// Emulate IDA's xref window
//@author Duncan Ogilvie
//@category Analysis
//@keybinding X
//@menupath Navigation.IDA References
//@toolbar
// Reference: https://www.reddit.com/r/ghidra/comments/h07yoo/comment/fukuj1c
import ghidra.app.cmd.data.CreateArrayCmd;
import ghidra.app.decompiler.ClangFuncNameToken;
@mrexodia
mrexodia / main.cpp
Last active January 15, 2023 22:18
Remote<T>
#include <cstdio>
#include <cstdint>
#include <cstring>
#include <type_traits>
#include <Windows.h>
void read_memory(const void* address, void* dst, size_t len)
{
printf("read_memory(%p, %zu)\n", address, len);
@mrexodia
mrexodia / # ccls - 2021-12-19_20-28-26.txt
Created December 19, 2021 19:37
ccls on macOS 10.15.7 - Homebrew build logs
Homebrew build logs for ccls on macOS 10.15.7
Build date: 2021-12-19 20:28:26