strictlymike
/ pt.cs
Created
August 24, 2016 14:47
Quick and dirty copy-pasta process tracing systray app for the curious and paranoid
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Drawing; | |
| using System.Management; | |
| using System.Windows.Forms; | |
| namespace MyTrayApp | |
| { | |
| public class SysTrayApp : Form | |
| { |
strictlymike
/ ptray2.cs
Created
August 29, 2016 22:07
Enhanced quick and dirty copy-pasta process tracing systray app for the curious and paranoid
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Drawing; | |
| using System.Management; | |
| using System.Text.RegularExpressions; | |
| using System.Windows.Forms; | |
| namespace MyTrayApp | |
| { | |
| public class SysTrayApp : Form |
strictlymike
/ trigger.c
Created
April 22, 2017 15:07
Automated performance monitoring diagnostics trigger
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * @file | |
| * High CPU utilization in a particular process. Herein, Single-CPU | |
| * %utilization for both threads and processes is calculated as: | |
| * | |
| * 100 * kernel + user | |
| * %u1 = ------------------- | |
| * elapsed | |
| * | |
| * For multi-threaded applications, this figure can exceed 100% with regard to |
strictlymike
/ inspect.cpp
Created
April 22, 2017 15:09
Automated performance monitoring application diagnostics
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * @file | |
| * A rough sketch of providing diagnostic information about to the state of an | |
| * application relevant to diagnosing prolonged high CPU. When prolonged high | |
| * CPU occurs, the high-level question that must be answered is: | |
| * | |
| * 1. What is the application doing? | |
| * and, | |
| * 2. Why aren't CPU throttling controls working? (if applicable) | |
| * |
strictlymike
/ getpdb.py
Last active
October 14, 2018 19:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import pefile | |
| import struct | |
| import httplib | |
| import os.path | |
| import argparse | |
| # from urllib.parse import urlparse # Python 3 | |
| import urlparse | |
| # PDB downloading adapted from: |
strictlymike
/ pwtopmost.c
Created
November 21, 2019 18:15
Prevent Windows 10 from stealing the focus from the zip file password dialog
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Prevent Windows 10 file transfer dialog ("0% complete") from stealing focus | |
| * from "Password needed" dialog when copying files out of a password-protected | |
| * zip file. */ | |
| #include <windows.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "user32") | |
| #define MY_EVENT_MIN EVENT_OBJECT_CREATE |
strictlymike
/ top3mz.yara
Created
November 22, 2021 20:38
Top 3 PE headers through offset 0x3B (not rigorous, mostly Win10)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule top3mz { | |
| meta: | |
| author = "Michael Bailey (@mykill)" | |
| strings: | |
| // More precision than with just IMAGE_DOS_SIGNATURE, at a risk of losing some valid hits | |
| $imghdr_mz_01 = { 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 } // 905 mal + 4,157 system32 and 35,983 Windows\ overall (Win10) | |
| $imghdr_mz_02 = { 4d 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 } // 385 under Windows\ (recursive) | |
| $imghdr_mz_03 = { 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 } // 15 mal + 2 system32 | |
| condition: | |
| any of ($imghdr_mz_*) |
strictlymike
/ py3_interface_encapsulation_example.py
Created
July 6, 2023 14:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2023 Google LLC. | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # This snippet of Py3 code shows a way to pass a restricted object to a callee, | |
| # so as to prevent the callee from wandering outside the walled garden of callbacks | |
| # specified by a given mixin. It does not secure the original instance from tampering, | |
| # but it removes all doubt about which methods are expected to be accessed and used | |
| # by the callee. | |
| # | |
| # This assumes the lifetime of the original instance will exceed that of the |