First we need to create a certificate. The llvm provided a way to do
that, but I found this
way to work slightly better for me. Just substitute
lldb_codesign
for the certificate name, instead of gdb-cert
.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from functools import wraps | |
class Default(object): | |
def __init__(self, name): | |
super(Default, self).__init__() | |
self.name = name | |
def set_defaults(defaults): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<body> | |
<style> | |
#byte_content { | |
margin: 5px 0; | |
max-height: 100px; | |
overflow-y: auto; | |
overflow-x: hidden; | |
} | |
#byte_range { margin-top: 5px; } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def _remove_visual_c_ref(self, manifest_file): | |
try: | |
# Remove references to the Visual C runtime, so they will | |
# fall through to the Visual C dependency of Python.exe. | |
# This way, when installed for a restricted user (e.g. | |
# runtimes are not in WinSxS folder, but in Python's own | |
# folder), the runtimes do not need to be in every folder | |
# with .pyd's. | |
# Returns either the filename of the modified manifest or | |
# None if no manifest should be embedded. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import inspect | |
class Tracer(object): | |
def __init__(self): | |
self._indentation_level = 0 | |
@property | |
def indentation_level(self): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import operator | |
import construct | |
class ConstructGetter(object): | |
def __init__(self): | |
self._index = 0 | |
def __getattr__(self, name): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from easy_construct import cs, struct, Container | |
MyStruct = struct("MyStruct", | |
_0=cs.Magic("EZConstruct"), | |
variable=cs.UBInt32, | |
another_var=cs.UBInt16, | |
_1=cs.Padding(0x4), | |
array=cs.Bytes(13), | |
_2=cs.Magic("MagicEndsHere"), | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Define a class with a method | |
function MyClass(value) { | |
this.value = value; | |
this.function = function() { | |
return this.value; | |
}; | |
} | |
// Instanciate the class | |
my_class = new MyClass("my value"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def get_bb_id(graph, ea): | |
for block in graph: | |
if block.startEA <= ea and block.endEA > ea: | |
return block.id | |
start_ea = 0x15f9ad6 | |
base_block_ea = 0x15f9a60 | |
f = get_func(start_ea) | |
g = FlowChart(f, flags=FC_PREDS) #??? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Param( | |
[Parameter(Mandatory=$true)] | |
[string]$ExeName, | |
[switch] | |
$Disable | |
) | |
{ | |
New-Item -Path "HKLM:\Software\Microsoft\Windows NT\currentversion\image file execution options" -Name $ExeName -Force |
OlderNewer