wumb0 wumb0

## CodeCoverage.cpp
#include <iostream>
#include <set>
#include <string>
#include <vector>
#include <utility>
#include <iterator>
#include <algorithm>
#include <cstdio>
#include <cstdarg>
#include <cstdlib>

## drcov-3-to-2.py
"""
drcov version 3 isn't supported by lighthouse :(
convert drcov version 3 with module table version 5 to drcov version 2
    with module table version 2 so lighthouse will eat it!
"""

import sys
import re


## frida-drcov.py
#!/usr/bin/env python
from __future__ import print_function

import argparse
import json
import os
import sys
import threading
import functools

## asmul8r.py
# requires keystone-engine, capstone, prompt_toolkit, and pygments

import keystone as ks
import unicorn as uc
import math
import sys

from pygments.lexers.asm import NasmLexer
from pygments.styles import get_style_by_name
from prompt_toolkit.shortcuts import prompt

## PatchExtract.ps1
<#

 ____     ______   ______  ____     __  __
/\  _`\  /\  _  \ /\__  _\/\  _`\  /\ \/\ \
\ \ \L\ \\ \ \L\ \\/_/\ \/\ \ \/\_\\ \ \_\ \
 \ \ ,__/ \ \  __ \  \ \ \ \ \ \/_/_\ \  _  \
  \ \ \/   \ \ \/\ \  \ \ \ \ \ \L\ \\ \ \ \ \
   \ \_\    \ \_\ \_\  \ \_\ \ \____/ \ \_\ \_\
    \/_/     \/_/\/_/   \/_/  \/___/   \/_/\/_/


## delta_patch.py
from ctypes import (windll, wintypes, c_uint64, cast, POINTER, Union, c_ubyte,
                    LittleEndianStructure, byref, c_size_t)
import zlib


# types and flags
DELTA_FLAG_TYPE             = c_uint64
DELTA_FLAG_NONE             = 0x00000000
DELTA_APPLY_FLAG_ALLOW_PA19 = 0x00000001

## BannedFunctions.py
# This script is a simple script to locate functions within a program
# that are on the Microsoft "banned functions list" inside of banned.h
#@author Jaime Geiger
#@category Vulnerability Research
#@keybinding Ctrl-Shift-Alt-B
#@menupath Tools.Plugins.Banned Functions

banned = ["strcpy","strcpyA","strcpyW","wcscpy","_tcscpy","_mbscpy","StrCpy","StrCpyA","StrCpyW","lstrcpy","lstrcpyA","lstrcpyW","_tccpy","_mbccpy","_ftcscpy","strcat","strcatA","strcatW","wcscat","_tcscat","_mbscat","StrCat","StrCatA","StrCatW","lstrcat","lstrcatA","lstrcatW","StrCatBuff","StrCatBuffA","StrCatBuffW","StrCatChainW","_tccat","_mbccat","_ftcscat","wvsprintf","wvsprintfA","wvsprintfW","vsprintf","_vstprintf","vswprintf","strncpy","wcsncpy","_tcsncpy","_mbsncpy","_mbsnbcpy","StrCpyN","StrCpyNA","StrCpyNW","StrNCpy","strcpynA","StrNCpyA","StrNCpyW","lstrcpyn","lstrcpynA","lstrcpynW","strncat","wcsncat","_tcsncat","_mbsncat","_mbsnbcat","StrCatN","StrCatNA","StrCatNW","StrNCat","StrNCatA","StrNCatW","lstrncat","lstrcatnA","lstrcatnW"

## indexer.py
from sqlalchemy import create_engine, Column, Integer, String, func
from sqlalchemy.orm import sessionmaker
from sqlalchemy.ext.declarative import declarative_base
from reportlab.lib.pagesizes import letter
from reportlab.lib.units import cm
from reportlab.pdfgen import canvas
from reportlab.pdfbase.pdfmetrics import stringWidth
import sys

try:

## MonitorMalware.ps1
$argss = @{Name="MonitorMalwareFilt";QueryLanguage="WQL";Query="select * from __instancecreationevent within 5 where targetinstance isa 'Malware'";EventNamespace="root\Microsoft\SecurityClient"}
$filt = Set-WmiInstance -Namespace root/subscription -Class __EventFilter -Arguments $argss
$argss = @{Name="MonitorMalwareCons";CommandLineTemplate="msg * Malware: %TargetInstance.ThreatName% from %TargetInstance.User% at %TargetInstance.Path% (Severity: %TargetInstance.SeverityID%)"}
$cons = Set-WmiInstance -Namespace root/subscription -Class CommandLineEventConsumer -Arguments $argss
$argss = @{Filter=$filt;Consumer=$cons}
Set-WmiInstance -Namespace root/subscription -Class __FilterToConsumerBinding -Arguments $argss

## Set-WmiNamespaceSecurity.ps1
# Copyright (c) Microsoft Corporation.  All rights reserved.
# For personal use only.  Provided AS IS and WITH ALL FAULTS.

# Set-WmiNamespaceSecurity.ps1
# Example: Set-WmiNamespaceSecurity root/cimv2 add steve Enable,RemoteAccess

# https://blogs.msdn.microsoft.com/wmi/2009/07/27/scripting-wmi-namespace-security-part-3-of-3/

function Set-WmiNamespaceSecurity {
    Param (
	#include <iostream>
	#include <set>
	#include <string>
	#include <vector>
	#include <utility>
	#include <iterator>
	#include <algorithm>
	#include <cstdio>
	#include <cstdarg>
	#include <cstdlib>
	"""
	drcov version 3 isn't supported by lighthouse :(
	convert drcov version 3 with module table version 5 to drcov version 2
	with module table version 2 so lighthouse will eat it!
	"""

	import sys
	import re
	#!/usr/bin/env python
	from __future__ import print_function

	import argparse
	import json
	import os
	import sys
	import threading
	import functools
	# requires keystone-engine, capstone, prompt_toolkit, and pygments

	import keystone as ks
	import unicorn as uc
	import math
	import sys

	from pygments.lexers.asm import NasmLexer
	from pygments.styles import get_style_by_name
	from prompt_toolkit.shortcuts import prompt
	<#

	____ ______ ______ ____ __ __
	/\ _`\ /\ _ \ /\__ _\/\ _`\ /\ \/\ \
	\ \ \L\ \\ \ \L\ \\/_/\ \/\ \ \/\_\\ \ \_\ \
	\ \ ,__/ \ \ __ \ \ \ \ \ \ \/_/_\ \ _ \
	\ \ \/ \ \ \/\ \ \ \ \ \ \ \L\ \\ \ \ \ \
	\ \_\ \ \_\ \_\ \ \_\ \ \____/ \ \_\ \_\
	\/_/ \/_/\/_/ \/_/ \/___/ \/_/\/_/
	from ctypes import (windll, wintypes, c_uint64, cast, POINTER, Union, c_ubyte,
	LittleEndianStructure, byref, c_size_t)
	import zlib


	# types and flags
	DELTA_FLAG_TYPE = c_uint64
	DELTA_FLAG_NONE = 0x00000000
	DELTA_APPLY_FLAG_ALLOW_PA19 = 0x00000001
	# This script is a simple script to locate functions within a program
	# that are on the Microsoft "banned functions list" inside of banned.h
	#@author Jaime Geiger
	#@category Vulnerability Research
	#@keybinding Ctrl-Shift-Alt-B
	#@menupath Tools.Plugins.Banned Functions

	banned = ["strcpy","strcpyA","strcpyW","wcscpy","_tcscpy","_mbscpy","StrCpy","StrCpyA","StrCpyW","lstrcpy","lstrcpyA","lstrcpyW","_tccpy","_mbccpy","_ftcscpy","strcat","strcatA","strcatW","wcscat","_tcscat","_mbscat","StrCat","StrCatA","StrCatW","lstrcat","lstrcatA","lstrcatW","StrCatBuff","StrCatBuffA","StrCatBuffW","StrCatChainW","_tccat","_mbccat","_ftcscat","wvsprintf","wvsprintfA","wvsprintfW","vsprintf","_vstprintf","vswprintf","strncpy","wcsncpy","_tcsncpy","_mbsncpy","_mbsnbcpy","StrCpyN","StrCpyNA","StrCpyNW","StrNCpy","strcpynA","StrNCpyA","StrNCpyW","lstrcpyn","lstrcpynA","lstrcpynW","strncat","wcsncat","_tcsncat","_mbsncat","_mbsnbcat","StrCatN","StrCatNA","StrCatNW","StrNCat","StrNCatA","StrNCatW","lstrncat","lstrcatnA","lstrcatnW"
	from sqlalchemy import create_engine, Column, Integer, String, func
	from sqlalchemy.orm import sessionmaker
	from sqlalchemy.ext.declarative import declarative_base
	from reportlab.lib.pagesizes import letter
	from reportlab.lib.units import cm
	from reportlab.pdfgen import canvas
	from reportlab.pdfbase.pdfmetrics import stringWidth
	import sys

	try:
	$argss = @{Name="MonitorMalwareFilt";QueryLanguage="WQL";Query="select * from __instancecreationevent within 5 where targetinstance isa 'Malware'";EventNamespace="root\Microsoft\SecurityClient"}
	$filt = Set-WmiInstance -Namespace root/subscription -Class __EventFilter -Arguments $argss
	$argss = @{Name="MonitorMalwareCons";CommandLineTemplate="msg * Malware: %TargetInstance.ThreatName% from %TargetInstance.User% at %TargetInstance.Path% (Severity: %TargetInstance.SeverityID%)"}
	$cons = Set-WmiInstance -Namespace root/subscription -Class CommandLineEventConsumer -Arguments $argss
	$argss = @{Filter=$filt;Consumer=$cons}
	Set-WmiInstance -Namespace root/subscription -Class __FilterToConsumerBinding -Arguments $argss
	# Copyright (c) Microsoft Corporation. All rights reserved.
	# For personal use only. Provided AS IS and WITH ALL FAULTS.

	# Set-WmiNamespaceSecurity.ps1
	# Example: Set-WmiNamespaceSecurity root/cimv2 add steve Enable,RemoteAccess

	# https://blogs.msdn.microsoft.com/wmi/2009/07/27/scripting-wmi-namespace-security-part-3-of-3/

	function Set-WmiNamespaceSecurity {
	Param (