Cr4sh

0xfe82801c: addr = 0xfe84804b, type = 0x3d, id = 0x0805, args = 2, name = tzbsp_pil_init_image_ns
0xfe828038: addr = 0xfe8482c1, type = 0x3d, id = 0x0802, args = 1, name = tzbsp_pil_auth_reset_ns
0xfe828050: addr = 0xfe847c85, type = 0x0d, id = 0x0806, args = 3, name = tzbsp_pil_mem_area
0xfe828070: addr = 0xfe847ce7, type = 0x0d, id = 0x0807, args = 1, name = tzbsp_pil_unlock_area
0xfe828088: addr = 0xfe84831b, type = 0x0f, id = 0x0808, args = 1, name = tzbsp_pil_is_subsystem_supported
0xfe8280a0: addr = 0xfe84835f, type = 0x0f, id = 0x0c01, args = 1, name = tzbsp_pil_is_subsystem_mandated
0xfe8280b8: addr = 0xfe84c7d9, type = 0x0d, id = 0x0c02, args = 1, name = tzbsp_write_lpass_qdsp6_nmi
0xfe8280d0: addr = 0xfe8079bd, type = 0x0d, id = 0x0c04, args = 2, name = tzbsp_set_cpu_ctx_buf
0xfe8280ec: addr = 0xfe80972b, type = 0x0d, id = 0x0c06, args = 2, name = tzbsp_set_l1_dump_buf
0xfe828108: addr = 0xfe8097e5, type = 0x0f, id = 0x0c07, args = 1, name = tzbsp_query_l1_dump_buf_size

Cr4sh

'''
###########################################################################

  Extract SW SMI handlers information from SMRAM dump of Skylake based 
  AMI Aptio V firmware. 

  To use full capabilities of this tool you need to install UEFIDump 
  (https://github.com/LongSoft/UEFITool/releases/tag/A32), ida-efiutils 
  (https://github.com/snare/ida-efiutils) and edit corresponding variables 
  below.

Cr4sh

/** 
 * Declaration
 */

/*
    'tfp_format' really is the central function for all tinyprintf. For each output character 
    after formatting, the 'putf' callback is called with 2 args:

    - an arbitrary void* 'putp' param defined by the user and passed unmodified from 'tfp_format';
    - the character;

Cr4sh

void TestCopy()
{
    BOOL                cond = FALSE;
    IFileOperation     *FileOperation1 = NULL;
    IShellItem         *isrc = NULL, *idst = NULL;
    BIND_OPTS3          bop;
    SHELLEXECUTEINFOW   shexec;
    HRESULT             r;

    do {

Cr4sh

/*
 * fork.c
 * Experimental fork() on Windows.  Requires NT 6 subsystem or
 * newer.
 *
 * Copyright (c) 2012 William Pitcock <[email protected]>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.

Cr4sh

/*
    JTAGenum

    Given a Arduino compatible microcontroller JTAGenum scans
    pins[] for basic JTAG functionality. After programming 
    your microcontroller open a serial terminal with 115200 
    baud and send 'h' to see usage information. 

    SETUP:
    Define the pins[] and pinnames[] map of pin names to pins 

Cr4sh

#!/usr/bin/env python

import sys, os
from subprocess import Popen, PIPE
from struct import pack, unpack
from portio import *

def hexdump(data, width = 16, addr = 0):

    ret = ''

Cr4sh

'''

Extract SW SMI handlers information from
Intel DQ77KB board SMRAM dump.

Example:

$ python smi_handlers.py TSEG.bin
0xcc: 0xd70259d8
0xb8: 0xd706673c

Cr4sh

### Keybase proof

I hereby claim:

  * I am Cr4sh on github.
  * I am d_olex (https://keybase.io/d_olex) on keybase.
  * I have a public key whose fingerprint is 9DEA 2C4E E86D ACDB 4313  F192 7572 EE56 6093 29C3

To claim this, I am signing this object:

Cr4sh

$$ enum active proceses
r $t0 = nt!PsActiveProcessHead

.for (r $t1 = poi(@$t0);
      (@$t1 != 0) & (@$t1 != @$t0);
      r $t1 = poi(@$t1))
{
    r? $t2 = #CONTAINING_RECORD(@$t1, nt!_EPROCESS, 
        ActiveProcessLinks)