sparkyparrot
sparkyparrot
/ listkmods.py
Created
December 9, 2020 11:01
— forked from patois/listkmods.py
ida/vmware kernel debugging helper
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from idaapi import * | |
| # with code taken from | |
| # - http://hexblog.com/idapro/vmware_modules.py | |
| # - HexRays forum | |
| # - https://gist.github.com/nmulasmajic/f90661489f858237bcd68fbde5516abd#file-find_nt_imagebase_x64-py | |
| class LoadedModulesList(Choose2): | |
| def __init__(self, title, modlistEA=BADADDR, flags=0, width=None, height=None, embedded=False, modal=False): |
sparkyparrot
/ deobfuscate.py
Last active
January 21, 2019 22:47
— forked from quangnh89/deobfuscate.py
A malware analysis case-study: Deobfuscate Windows malicious obfuscated code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Slide : https://docs.google.com/presentation/d/1jLUDucNtvGotHw0LOvDonMYwCkXYcb-cnsOWLNt-Ag0 | |
| import sys | |
| import pefile | |
| from capstone import * | |
| from capstone.x86 import * | |
| from keystone import * | |
| from datetime import datetime | |
| MAX_DISASM_COUNT = 1000 * 1000 | |
| FILE_NAME = r"dump-g4pic.dll" |