For some reason IDA executes FreeLibrary() to the plugin immediately after getting its PLUGIN structure's address, so later invocations of the plugin lead to calls to nowhere (that was supposed to be python3.dll). Simply patching the location of the FreeLibrary() call fixes the issue. The location is easy to find: go by cross-references to a place where the call to FreeLibrary is followed by a reference to the string "%s: incompatible plugin version..." and NOP it away.
Duncan Ogilvie mrexodia
❤️
wbenny
/ KCONTINUE.h
Last active
August 8, 2023 14:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // NtContinueEx is now used by ntdll!KiUserApcDispatcher. | |
| // The KCONTINUE_ARGUMENT structure is built in the KiInitializeUserApc | |
| // function. | |
| // | |
| typedef enum _KCONTINUE_TYPE | |
| { | |
| KCONTINUE_UNWIND, | |
| KCONTINUE_RESUME, |
mgeeky
/ dtpscan.py
Last active
September 19, 2023 23:15
DTP Scanner - simple script trying to determine type of configured switchport and DTP negotation mode in order to assist in VLAN Hopping attacks.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Simple script showing configuration of the DTP protocol on | |
| # the switch's port. This reconessaince will be helpful for performing | |
| # VLAN Hopping attacks. | |
| # | |
| # Mariusz B. / mgeeky, '18 | |
| # |
anthonyprintup
/ ida.hpp
Created
September 12, 2023 14:26
A compile-time byte pattern matcher designed to match IDA patterns.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Created by Anthony Printup on 4/21/2023. | |
| #pragma once | |
| #include <algorithm> | |
| #include <bitset> | |
| #include <cstdint> | |
| #include <exception> | |
| #include <functional> | |
| #include <ranges> |
Open the console to see detalied info about what's going on
trietptm
/ idapython_ctree.md
Created
May 1, 2020 13:56
— forked from icecr4ck/idapython_ctree.md
Notes on CTREE usage with IDAPython
The CTREE is built from the optimized microcode (maturity at CMAT_FINAL), it represents an AST-like tree with C statements and expressions. It can be printed as C code.
sivachandran
/ bin2h.cmake
Last active
December 7, 2023 22:19
Pure CMake function to convert any file into C/C++ header, implemented with only CMake commands.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| include(CMakeParseArguments) | |
| # Function to wrap a given string into multiple lines at the given column position. | |
| # Parameters: | |
| # VARIABLE - The name of the CMake variable holding the string. | |
| # AT_COLUMN - The column position at which string will be wrapped. | |
| function(WRAP_STRING) | |
| set(oneValueArgs VARIABLE AT_COLUMN) | |
| cmake_parse_arguments(WRAP_STRING "${options}" "${oneValueArgs}" "" ${ARGN}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Author: Sean Pesce | |
| // | |
| // Manual implementations of the CONCAT operations produced by the Ghidra decompiler. | |
| // These definitions are helpful for compiling re-implementations of native code using | |
| // decompiler output (e.g., with gcc). | |
| // | |
| // Note that these implementations would be outperformed by minimal C preprocessor macros | |
| // that replicate the same logic. | |
tandasat
/ CheckGuestVmcsFieldsForVmEntry.c
Last active
December 17, 2023 01:27
Simulation of checks performed as per 26.3 CHECKING AND LOADING GUEST STATE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * @file CheckGuestVmcsFieldsForVmEntry.c | |
| * @author Satoshi Tanda (tanda.sat@gmail.com) | |
| * @brief Checks validity of the guest VMCS fields for VM-entry as per | |
| * 26.3 CHECKING AND LOADING GUEST STATE | |
| * @version 0.1 | |
| * @date 2021-02-20 | |
| * | |
| * @details This file implements part of checks performed by a processor during | |
| * VM-entry as CheckGuestVmcsFieldsForVmEntry(). This can be called on VM-exit |
jerieljan
/ How I Do PlantUML.md
Last active
January 1, 2024 06:23
PlantUML with Style -- How I do PlantUML
I use PlantUML a lot. It's what I use for drawing all sorts of diagrams and it's handy because of its easy markup (once you get used to it) while making things easy to maintain as projects grow (thanks to version control)
This gist explains how I do my PlantUML workspace in a project.
- The idea is to keep a
globalsdirectory for all diagrams to follow (like the "stylesheet" below) to keep things consistent. - I use a
stylesheet.iumlfile that keeps the use of colors consistent through use of basic FOREGROUND, BACKGROUND and ACCENT colors. - The
style-presets.iumlfile defines these colors so you can make "presets" or "themes" out of them. - As stated in the
stylesheet.iuml, you'll need the Roboto Condensed and Inconsolata fonts for these to work properly. - You can choose to either run the PlantUML jar over your file/s, or use an IDE like VSCode with the PlantUML extension. Here's a preview of
example-sequence.pumlfor example: https://imgur.com/Klk3w2F