Duncan Ogilvie mrexodia

## githook-astyle.sh
#!/bin/bash
# Installation:
#   cd my_gitproject
#   wget -O pre-commit.sh http://tinyurl.com/mkovs45
#   ln -s ../../pre-commit.sh .git/hooks/pre-commit
#   chmod +x pre-commit.sh

function have_uncommitted()
{
    lines=$(git diff --name-only | wc -l)

## cheese.cpp
// TLDR:
// Whitebox 128-bit rsa with e=17. Input is multiplied by a constant before the RSA

#include <Windows.h>
#include <stdio.h>
#include <stdint.h>

extern "C" void __fastcall rsa_encrypt (uint8_t* in, uint8_t* out);

// 1. Func is ~90kb, and control flow is simple. Should be decompilable just extremely SLOW.

## win_re_processes.txt
Filename : ClassName - Program


Debuggers/Disassemblers:
---
OLLYDBG.exe          : OllyDbg              - OllyDbg
x32dbg.exe           : (Qt5QWindowIcon)     - x32Dbg
x64dbg.exe           : (Qt5QWindowIcon)     - x64Dbg
x96dbg.exe           : (#32770)             - x32/x64Dbg Launcher
idag.exe             : TIdaWindow           - IDA native Windows (deprecated)

## stpgetargtype_dump.json
[
    [
        "NtLockProductActivationKeys",
        [
            "UInt32 *",
            "UInt32 *"
        ]
    ],
    [
        "NtLockProductActivationKeys",

## symexec_tut.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              2 stars
            
          
                moyix
                / symexec_tut.md
            
            
              Last active
              March 30, 2022 19:28
            
          
    To get the docker images:
docker pull klee/klee
docker pull angr/angr
KLEE

Start docker:

  
## openItermHere.scpt
-- cd to the current finder window folder in iTerm. Or drag a folder onto this script to cd to that folder in iTerm.
-- found this script in the comments of this article: http://www.macosxhints.com/article.php?story=20050924210643297

-- Instructions for use:
-- paste this script into Script Editor and save as an application to ~/Library/Scripts/Applications/Finder/cd to in iTerm
-- run via the AppleScript Menu item (http://www.apple.com/applescript/scriptmenu/)
-- Or better yet, Control-click and drag it to the top of a finder window so it appears in every finder window.
-- Activate it by clicking on it or dragging a folder onto it.

-- Another nice touch is to give the saved script the same icon as iTerm.

## test_x86.cc
// adder.cpp : This file contains the 'main' function. Program execution begins and ends there.
//

#include <iostream>
#include <cstdint>
#include <intrin.h>
//#include <mmintrin.h>
//#include <emmintrin.h>

uint64_t add(uint64_t a, uint64_t b)

## hello_world_plugin.py
##############################################################################
#
# Name: hello_world_plugin.py
# Auth: @cmatthewbrooks
# Desc: A test plugin to learn how to make these work; Specifically, how to
#       have multiple actions within the same plugin.
#
#       In plain English, IDA will look for the PLUGIN_ENTRY function which
#       should return a plugin object. This object can contain all the
#       functionality itself, or it can have multiple actions.

## pefileseh.py
""" Extends Ero Carrera's pefile with the functionality for parsing exception tables (SEH support).

    Beginning from version 2021.9.3, this functionality has been integrated into pefile, so you will
    need pefileseh.py only if you use an older version of pefile.

    Only x64 and IA64 architectures are supported.

    Classes defined in this module:
        * StructureWithBitfields
        * ExceptionsDirEntryData

## Accessing llvm.global.annotations
    if(GlobalVariable* GA = M.getGlobalVariable("llvm.global.annotations")) {
      // the first operand holds the metadata
      for (Value *AOp : GA->operands()) {
        // all metadata are stored in an array of struct of metadata
        if (ConstantArray *CA = dyn_cast<ConstantArray>(AOp)) {
          // so iterate over the operands
          for (Value *CAOp : CA->operands()) {
            // get the struct, which holds a pointer to the annotated function
            // as first field, and the annotation as second field
            if (ConstantStruct *CS = dyn_cast<ConstantStruct>(CAOp)) {
	#!/bin/bash
	# Installation:
	# cd my_gitproject
	# wget -O pre-commit.sh http://tinyurl.com/mkovs45
	# ln -s ../../pre-commit.sh .git/hooks/pre-commit
	# chmod +x pre-commit.sh

	function have_uncommitted()
	{
	lines=$(git diff --name-only \| wc -l)
	// TLDR:
	// Whitebox 128-bit rsa with e=17. Input is multiplied by a constant before the RSA

	#include <Windows.h>
	#include <stdio.h>
	#include <stdint.h>

	extern "C" void __fastcall rsa_encrypt (uint8_t* in, uint8_t* out);

	// 1. Func is ~90kb, and control flow is simple. Should be decompilable just extremely SLOW.
	Filename : ClassName - Program


	Debuggers/Disassemblers:
	---
	OLLYDBG.exe : OllyDbg - OllyDbg
	x32dbg.exe : (Qt5QWindowIcon) - x32Dbg
	x64dbg.exe : (Qt5QWindowIcon) - x64Dbg
	x96dbg.exe : (#32770) - x32/x64Dbg Launcher
	idag.exe : TIdaWindow - IDA native Windows (deprecated)
	[
	[
	"NtLockProductActivationKeys",
	[
	"UInt32 *",
	"UInt32 *"
	]
	],
	[
	"NtLockProductActivationKeys",
	-- cd to the current finder window folder in iTerm. Or drag a folder onto this script to cd to that folder in iTerm.
	-- found this script in the comments of this article: http://www.macosxhints.com/article.php?story=20050924210643297

	-- Instructions for use:
	-- paste this script into Script Editor and save as an application to ~/Library/Scripts/Applications/Finder/cd to in iTerm
	-- run via the AppleScript Menu item (http://www.apple.com/applescript/scriptmenu/)
	-- Or better yet, Control-click and drag it to the top of a finder window so it appears in every finder window.
	-- Activate it by clicking on it or dragging a folder onto it.

	-- Another nice touch is to give the saved script the same icon as iTerm.
	// adder.cpp : This file contains the 'main' function. Program execution begins and ends there.
	//

	#include <iostream>
	#include <cstdint>
	#include <intrin.h>
	//#include <mmintrin.h>
	//#include <emmintrin.h>

	uint64_t add(uint64_t a, uint64_t b)
	##############################################################################
	#
	# Name: hello_world_plugin.py
	# Auth: @cmatthewbrooks
	# Desc: A test plugin to learn how to make these work; Specifically, how to
	# have multiple actions within the same plugin.
	#
	# In plain English, IDA will look for the PLUGIN_ENTRY function which
	# should return a plugin object. This object can contain all the
	# functionality itself, or it can have multiple actions.
	""" Extends Ero Carrera's pefile with the functionality for parsing exception tables (SEH support).

	Beginning from version 2021.9.3, this functionality has been integrated into pefile, so you will
	need pefileseh.py only if you use an older version of pefile.

	Only x64 and IA64 architectures are supported.

	Classes defined in this module:
	* StructureWithBitfields
	* ExceptionsDirEntryData
	if(GlobalVariable* GA = M.getGlobalVariable("llvm.global.annotations")) {
	// the first operand holds the metadata
	for (Value *AOp : GA->operands()) {
	// all metadata are stored in an array of struct of metadata
	if (ConstantArray *CA = dyn_cast<ConstantArray>(AOp)) {
	// so iterate over the operands
	for (Value *CAOp : CA->operands()) {
	// get the struct, which holds a pointer to the annotated function
	// as first field, and the annotation as second field
	if (ConstantStruct *CS = dyn_cast<ConstantStruct>(CAOp)) {