xorhex
/ Tiny R2 Emulation - Code Snippet 1: Brute Forcing XOR Key
Last active
September 15, 2019 22:52
Code Snippet 1: Brute Forcing XOR Key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| >>> for x in range(0xffffffff): | |
| ... if 0x978710a1 ^ x == 0x90909090: | |
| ... print(hex(x)) | |
| ... break | |
| ... | |
| 0x7178031 |
xorhex
/ Tiny R2 Emulation - Code Snippet 2: Pre-emulation Setup Commands
Created
September 15, 2019 22:54
Code Snippet 2: Pre-emulation Setup Commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| e asm.bits=32 | |
| e asm.arch=x86 | |
| e asm.emu.write=true | |
| e io.cache=true |
xorhex
/ Tiny R2 Emulation - Code Snippet 3: Initialize Emulation Engine Commands
Created
September 15, 2019 22:55
Code Snippet 3: Initialize Emulation Engine Commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aei | |
| aeim |
xorhex
/ Tiny R2 Emulation - Code Snippet 4: Configure Memory Commands
Created
September 15, 2019 22:56
Code Snippet 4: Configure Memory Commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aeim 0x800000 0x28000 |
xorhex
/ Tiny R2 Emulation - Code Snippet 5: Configure Registers Commands
Created
September 15, 2019 22:57
Code Snippet 5: Configure Registers Commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| s 0x40104b | |
| aeip | |
| aer eax=0x800000 |
xorhex
/ Tiny R2 Emulation - Code Snippet 6: Run Command
Created
September 15, 2019 22:58
Code Snippet 6: Run Command
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aecu 0x401070 |
xorhex
/ Tiny R2 Emjulation - Code Snippet 7: Deobfuscation emulation commands
Created
September 15, 2019 23:00
Code Snippet 7: Deobfuscation emulation commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aer ecx=0x7178031 | |
| aecu 0x401096 |
xorhex
/ Pin to Unpin - Code Snippet 1 - Demo App
Created
September 15, 2019 23:10
Code Snippet 1 - Demo App
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #pragma comment(lib, "User32.lib") | |
| #pragma comment(lib, "Kernel32.lib") | |
| #define STRICT | |
| #include <windows.h> | |
| int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) | |
| { | |
| if (GetSystemDefaultUILanguage() == 0x40E) | |
| MessageBox(NULL, "Hi there! Wait while I do something bad!", "Success", MB_OK); |
xorhex
/ Pin to Unpin - Code Snippet 2 - Pin Tool `main` function
Created
September 15, 2019 23:15
Code Snippet 2 - Pin Tool `main` function
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int main(int argc, char *argv[]) | |
| { | |
| ... | |
| IMG_AddInstrumentFunction(Image, 0); | |
| ... | |
| } |
xorhex
/ Pin to Unpin - Code Snippet 3 - Pin Tool instrumentation function
Created
September 15, 2019 23:16
Code Snippet 3 - Pin Tool instrumentation function
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| VOID Image(IMG img, VOID *v) | |
| { | |
| RTN sysDefUILangRtn = RTN_FindByName(img, GETSYSTEMDEFAULTUILANGUAGE); | |
| if (RTN_Valid(sysDefUILangRtn)) { | |
| RTN_Open(sysDefUILangRtn); | |
| if (newLangCode > 0) | |
| RTN_Replace(sysDefUILangRtn, (AFUNPTR)SetSystemDefaultUILanguage); | |
| RTN_Close(sysDefUILangRtn); |
OlderNewer