Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Mark Lim peta909

🏠
Working from home
View GitHub Profile
@peta909
peta909 / main.cpp
Created Jan 7, 2018 — forked from hasherezade/main.cpp
FlareOn4 Chall6 - solution using #libpeconv
View main.cpp
#include <stdio.h>
#include <windows.h>
#include "peconv.h"
const size_t g_flagLen = 26;
char g_flag[g_flagLen + 1] = { 0 };
int my_index()
{
static int index = 0;
View PythonCheatSheet.py
import struct
# Rotate left: 0b1001 --> 0b0011
rol = lambda val, r_bits, max_bits: \
(val << r_bits%max_bits) & (2**max_bits-1) | \
((val & (2**max_bits-1)) >> (max_bits-(r_bits%max_bits)))
# Rotate right: 0b1001 --> 0b1100
ror = lambda val, r_bits, max_bits: \
((val & (2**max_bits-1)) >> r_bits%max_bits) | \
@peta909
peta909 / MakeComm_DecodingStrFunc.py
Last active Apr 29, 2018
IDApython script to be used during debugging to make comments using results from string decoding functions.
View MakeComm_DecodingStrFunc.py
#make comms using result from string decoding functions
#27 Apr 2018
#Mark Lim @peta909
def get_string(addr):
out = ""
while True:
if Byte(addr) != 0:
out += chr(Byte(addr))
else:
@peta909
peta909 / MakeName_Indirect_FuncCalls.py
Last active May 21, 2018
IDApython script used to rename addresses with strings of function names
View MakeName_Indirect_FuncCalls.py
#Author: Mark Lim
#Version: 0.2 (01 May 2018)
#Use while debugging target using IDAPro
#locate list of function pointers
#Make names of function pointers using strings of function names
#FuncName without DLL prefix result in IDA recognizing the API functions and populate the parameter arguments. [Credits to @nullandnull]
ea = SelStart()
end = SelEnd()
View peta909_IDA_color.clr
[DISASM]
000000 //
aaaaaa //Default color
f3c5ff //Regular comment
7e6082 //Repeatable comment
666666 //Automatic comment
ffffff //Instruction
b9ebeb //Dummy Data Name
b9ebeb //Regular Data Name
bbecff //Demangled Name
@peta909
peta909 / SimpleCreateProcess.cpp
Last active Jan 18, 2019
Simple CreateProcessW()
View SimpleCreateProcess.cpp
#include <stdio.h> //c header for things like Printf
#include <Windows.h> //Added in order to use windows apis; could also be added to pch.h
int main()
{
wchar_t cmd[] = L"notepad.exe";//unicode string as parameters for strings are unicode for CreateProcessW
STARTUPINFO si = { sizeof(si) };
//memset(&si, 0, sizeof(si));//These 2 lines are the same as the init done via C style shortcut in the line above
//si.cb = sizeof(ci)
PROCESS_INFORMATION pi;
View closehandles.cpp
CloseHandle(pi.hProcess);//Handles must be explicitly closed if not parent process will hold on to it even if child process is terminated.
CloseHandle(pi.hThread);
@peta909
peta909 / LocateProcess.cpp
Created Jan 22, 2019
Function to locate PID based on given process name in string
View LocateProcess.cpp
int LocateProcess(wchar_t* proc)
{
// Need to add #include <tlhelp32.h> for PROCESS* definitions
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass;
int FoundPID;
// Take a snapshot of all processes in the system.
@peta909
peta909 / LocateProcess.cpp
Created Jan 22, 2019
Function to locate PID based on given process name in string
View LocateProcess.cpp
int LocateProcess(wchar_t* proc)
{
// Need to add #include <tlhelp32.h> for PROCESS* definitions
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass;
int FoundPID;
// Take a snapshot of all processes in the system.
@peta909
peta909 / SimpleHexDump.py
Created Feb 15, 2019
Simple hex dump using python. using binascii and struct modules
View SimpleHexDump.py
#try to write a simple hex dump
import binascii,struct
fd = open("abcd.exe", "r")
fd_contents_str = fd.read()
fd_contents_hex = (binascii.b2a_hex(fd_contents_str)).upper()
Hex_dump = []
Byte_str = ""
for i, Half_byte in enumerate(fd_contents_hex):