seth1002
/ WoW64_call.cpp
Created
July 30, 2019 06:59
— forked from Cr4sh/WoW64_call.cpp
WoW64 Heaven's Gate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #define DB(_val_) __asm __emit (_val_) | |
| #define INVALID_SYSCALL (DWORD)(-1) | |
| // code selectors | |
| #define CS_32 0x23 | |
| #define CS_64 0x33 |
seth1002
/ HexCopy.py
Created
March 7, 2019 08:02
— forked from herrcore/HexCopy.py
IDA Plugin for quickly copying disassembly as encoded hex bytes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################################ | |
| ## | |
| ## Quick IDA Hex Bytes Copy | |
| ## | |
| ## All credit for logic and code chunks: | |
| ## @tmr232 | |
| ## https://github.com/tmr232/Sark | |
| ## | |
| ## I simply removed dependencies and made it standalone. | |
| ## |
seth1002
/ ucl_nrv2b.py
Created
March 7, 2019 08:01
— forked from herrcore/ucl_nrv2b.py
UCL NRV2B Decompression Library - Full Python (compression used by Zeus variants)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ################################################################################################ | |
| ## UCL NRV2B Decompression Library | |
| ## | |
| ## Code from "Clash of the Titans: ZeuS v SpyEye": | |
| ## https://www.sans.org/reading-room/whitepapers/malicious/clash-titans-zeus-spyeye-33393 | |
| ## Author: Harshit Nayyar, harshit.nayyar@telus.com | |
| ## | |
| ## NOTE: This is the compression algorithm used in the Zeus trojan and subsequent variants | |
| ## |