Skip to content

Instantly share code, notes, and snippets.

View stevemk14ebr's full-sized avatar
:octocat:
Reversing Life

Stephen Eckels stevemk14ebr

:octocat:
Reversing Life
565 followers · 35 following
View GitHub Profile
@stevemk14ebr
stevemk14ebr / apiset.bt
Last active January 21, 2022 16:08
ApiSet section 010 template
// Parses .apiset PE section for apiset forwarder dlls
// From: https://lucasg.github.io/2017/10/15/Api-set-resolution/
// which itself uses Alex Ionescu's documented structures (at least in part)
//------------------------------------------------
//--- 010 Editor v8.0 Binary Template
//
// File:
@stevemk14ebr
stevemk14ebr / defer.hpp
Created January 8, 2021 05:02
GoLang's defer in C++
template<typename Func>
class imp_defer_obj {
public:
imp_defer_obj(Func f) : FinalActionFunc(f) {}
~imp_defer_obj() {
FinalActionFunc();
}
private:
Func FinalActionFunc;
};
@stevemk14ebr
stevemk14ebr / MultiThreadAllSubStrings
Last active December 15, 2020 19:15
moodycamel::ConcurrentQueue<std::wstring> worker_queue;
std::wstring ascii = L"abcdefghijklmnopqrstuvwxyz._-0123456789";
void handle_comb()
{
while (true) {
std::wstring attempt;
if (!worker_queue.try_dequeue(attempt)) {
continue;
}
@stevemk14ebr
stevemk14ebr / RTTI
Created September 24, 2020 14:59
RTTI Class layout + Reclass.Net save
// Created with ReClass.NET 1.2 by KN4CK3R
class VFunc_Min8 // this is found at first virtual function - sizeof(void*)
{
public:
class RTTICompleteObjectLocator *m_RTTICompleteObjectLocator; //0x0000
}; //Size: 0x0004
class RTTICompleteObjectLocator
{
@stevemk14ebr
stevemk14ebr / guids
Created September 15, 2020 18:35
COM CLSID, IID's, other guids
This file has been truncated, but you can view the full file.
NAME:AACMFTEncoder VALUE:93af0c51-2275-45d2-a35b-f2ba21caed00
NAME:ACPI_PLD_CONTAINER_BUFFER_GUID VALUE:c02fa109-6a82-4188-9f66-b190ba62db49
NAME:ACPI_PLD_INTERFACE_CLASS_BUFFER_GUID VALUE:1facec76-96a8-4d9e-846e-3a6d687c32fc
NAME:ACPI_PLD_INTERFACE_INSTANCE_ANSI_BUFFER_GUID VALUE:1facea4b-da66-484c-ba5b-5127e05f95b2
NAME:ACPI_PLD_INTERFACE_INSTANCE_GUID_BUFFER_GUID VALUE:1face9db-2530-4248-8ee3-51053aef47c2
NAME:ACPI_PLD_INTERFACE_INSTANCE_UNICODE_BUFFER_GUID VALUE:1face3f6-1a60-4686-9833-ec8402d43b04
NAME:ACPI_PLD_JOINT_BUFFER_GUID VALUE:f01cfc40-3c75-4523-9e44-215cb154bda6
NAME:ACPI_PLD_SPATIAL_BUFFER_GUID VALUE:59af1a1f-aba4-4bb8-81ef-55938e9bc53a
NAME:ADDON_DISABLE_EVENT VALUE:09010002-0204-0002-0000-000000000080
NAME:ADDON_ENABLE_EVENT VALUE:09010001-0104-0001-0000-000000000080
@stevemk14ebr
stevemk14ebr / qemu_aarch64
Last active April 25, 2021 16:28
Qemu aarch64 setup on a debian host OS
# Do this: https://web.archive.org/web/20200909020002/https://blahcat.github.io/2018/01/07/building-a-debian-stretch-qemu-image-for-aarch64/
# Mount qcow2 via this instead of qemu-nbd:
# qemu-img convert -f qcow2 image.qcow2 -O raw image_raw.raw
# sudo losetup /dev/loop0 image_raw.raw
# sudo kpartx -a /dev/loop0
# sudo mkdir /mnt/image && sudo mount /dev/mapper/loop0p1 /mnt/image
qemu-system-aarch64 -smp 2 -M virt -cpu cortex-a57 -m 1G \
-initrd initrd.img-4.19.0-10-arm64 \
-kernel vmlinuz-4.19.0-10-arm64 \
@stevemk14ebr
stevemk14ebr / Win Apis
Created August 24, 2020 00:12
typedef DWORD(__stdcall* GetEffectiveRightsFromAclA)(PACL pacl, PTRUSTEE_A pTrustee, PACCESS_MASK pAccessRights);
typedef DWORD(__stdcall* GetEffectiveRightsFromAclW)(PACL pacl, PTRUSTEE_W pTrustee, PACCESS_MASK pAccessRights);
typedef DWORD(__stdcall* GetAuditedPermissionsFromAclA)(PACL pacl, PTRUSTEE_A pTrustee, PACCESS_MASK pSuccessfulAuditedRights, PACCESS_MASK pFailedAuditRights);
typedef DWORD(__stdcall* GetAuditedPermissionsFromAclW)(PACL pacl, PTRUSTEE_W pTrustee, PACCESS_MASK pSuccessfulAuditedRights, PACCESS_MASK pFailedAuditRights);
typedef DWORD(__stdcall* SetNamedSecurityInfoA)(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl);
typedef DWORD(__stdcall* SetNamedSecurityInfoW)(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl);
typedef DWORD(__stdcall* SetSecurityInfo)(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMAT
@stevemk14ebr
stevemk14ebr / CommonFunctionPads.json
Last active March 29, 2024 10:46
// From Sok Data: https://arxiv.org/ftp/arxiv/papers/2007/2007.14266.pdf
// This is an occurance count. For 53 binaries in various compiler modes how many functions where padded with sequence XXX
{
"cl_m32_O1": {
"cc": 553,
"cccc": 306,
"cccccc": 529,
"cccccccc": 165,
"6666666666660f1f840000000000": 6,
"90": 468,
@stevemk14ebr
stevemk14ebr / cxx_clone_function
Last active August 23, 2020 05:53
//Thanks @_can1357 for help with this.
#include <type_traits>
#include <tuple>
#include <utility>
template<typename T, typename = void>
struct callback_type { using type = T; };
template<typename T>
@stevemk14ebr
stevemk14ebr / Notepad_Log
Last active May 29, 2020 18:07
// https://www.reddit.com/r/programming/comments/gnazif/ray_tracing_in_notepadexe_at_30_fps/
static void nlog(char *str, ...)
{
HWND notepad, edit;
va_list ap;
char buf[256];
va_start(ap, str);
vsprintf(buf, str, ap);
va_end(ap);