Arnold Osipov osipovar
osipovar
/ Parallax_pastebin_decoder.py
Created
March 9, 2020 18:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import glob | |
| import os | |
| import binascii | |
| import struct | |
| INPUT_DIRECTORY = "pastebins" | |
| OUT_DIRECTORY = "bin" | |
| PASTEBIN_URL_TEMP = "https://pastebin.com/raw/" |
osipovar
/ stackstring_hotkey.py
Created
January 7, 2019 16:09
Set hotkey to assign name to stack string variable in IDA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| def set_stackstring_name(): | |
| head = here() | |
| new_name = "" | |
| size = 0 | |
| while GetOperandValue(head, 1) != 0: | |
| size += 1 | |
| new_name += chr(GetOperandValue(head, 1)) |
osipovar
/ resolve-hash.py
Created
January 7, 2019 16:06
Resolve hash values in shellcode idb to function names
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import idaapi | |
| def get_enum(constant): | |
| all_enums = GetEnumQty() | |
| for enum in range(0, all_enums): | |
| enum_id = GetnEnum(enum) | |
| enum_constant = GetFirstConst(enum_id, -1) | |
| name = GetConstName(GetConstEx(enum_id, enum_constant, 0, -1)) |
osipovar
/ create-hash-db.py
Created
January 7, 2019 16:03
Create dictionary with key=hash value=function names
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pefile | |
| import json | |
| from os import listdir, path | |
| DLL_PATH = <Folder with dll's> | |
| def get_functions(dll_name): | |
| pe = pefile.PE(path.join(DLL_PATH, dll_name)) | |
| if not hasattr(pe, 'DIRECTORY_ENTRY_EXPORT'): |