Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Mark Lim peta909

🏠
Working from home
View GitHub Profile
@peta909
peta909 / x96shell_msgbox.asm
Created May 8, 2021 — forked from aaaddress1/x96shell_msgbox.asm
x96 Windows Shellcode: one payload able to used in both 32-bit & 64-bit
View x96shell_msgbox.asm
; x96 shellcode (x32+x64) by aaaddress1@chroot.org
; yasm -f bin -o x96shell_msgbox x96shell_msgbox.asm
section .text
bits 32
_main:
call entry
entry:
mov ax, cs
sub ax, 0x23
jz retTo32b
@peta909
peta909 / main.cpp
Created Nov 14, 2020 — forked from hasherezade/main.cpp
Get PEB64 from a WOW64 process
View main.cpp
#include <Windows.h>
#include <iostream>
#include "ntdll_undoc.h"
PPEB get_default_peb()
{
#if defined(_WIN64)
return (PPEB)__readgsqword(0x60);
#else
@peta909
peta909 / Wow64Hook.cpp
Created Aug 27, 2020 — forked from hoangprod/Wow64Hook.cpp
Wow64Hook example
View Wow64Hook.cpp
#include "stdafx.h"
#include <iostream>
LPVOID lpJmpRealloc = nullptr;
DWORD Backup_Eax, Handle, Address_1, New, Old, *DwSizee;
const DWORD_PTR __declspec(naked) GetGateAddress()
{
__asm
{
View hyperdetect.c
//this requires being able to run at kernel mode and assumes you're using MSVC
//this also uses an unnamed structure for cr0_t, which is a nonstandard extension of the C language
//data structure for cr0
typedef union _cr0_t
{
struct
{
uint64_t protection_enable : 1;
View peb_parsing.md

manual import resolution

example from 0f5d5d07c6533bc6d991836ce79daaa1:

_0:00F20012 33 D2                   xor     edx, edx
_0:00F20014 64 8B 52 30             mov     edx, fs:[edx+30h] // TEB->PEB
_0:00F20018 8B 52 0C                mov     edx, [edx+0Ch]    // PEB->LDR_DATA
_0:00F2001B 8B 52 14                mov     edx, [edx+14h]    // LDR_DATA->InMemoryOrderLinks (_LDR_DATA_TABLE_ENTRY)
                                                              // alt: 0xC: InLoadOrderLinks
                                                              // alt: 0x1C: InInitializationOrderLinks
@peta909
peta909 / hello_world_plugin.py
Created Apr 26, 2019 — forked from cmatthewbrooks/hello_world_plugin.py
The simplest possible IDA plugin with multiple actions
View hello_world_plugin.py
##############################################################################
#
# Name: hello_world_plugin.py
# Auth: @cmatthewbrooks
# Desc: A test plugin to learn how to make these work; Specifically, how to
# have multiple actions within the same plugin.
#
# In plain English, IDA will look for the PLUGIN_ENTRY function which
# should return a plugin object. This object can contain all the
# functionality itself, or it can have multiple actions.
@peta909
peta909 / Python_CheatSheet.py
Last active Mar 29, 2019
Python code with comments
View Python_CheatSheet.py
from math import *
import struct
'''
This is
Multi
Line
comment
'''
View Function_Pointers.cpp
// Function_Pointers.cpp : This file contains the 'main' function. Program execution begins and ends there.
//
#include "pch.h"
#include <iostream>
#include <string>
using namespace std;
int add()
View Class_OOP_Virtual_Functions.cpp
#include "pch.h"
#include <iostream>
#include <string>
using namespace std;
//Parent Class
class Animal
{
public:
string name;
@peta909
peta909 / Class_OOP_inheritance_DynamicMem.cpp
Last active Feb 25, 2019
Demo use of OOP inheritance and use of Dynamic member to create new objects
View Class_OOP_inheritance_DynamicMem.cpp
#include "pch.h"
#include <iostream>
#include <string>
using namespace std;
//Parent Class
class Animal
{
public:
string name;