Skip to content

Instantly share code, notes, and snippets.

View CreateRemoteThread's full-sized avatar
💭
fuck

Norm CreateRemoteThread

💭
fuck
58 followers · 107 following
View GitHub Profile
@ayosec
ayosec / README.md
Created January 29, 2012 11:55
GDB commands to trace calls to malloc/free

Attach to a running process with

  gdb -x trace-dyn-mem -p $PID

After every malloc the returned value (the allocated address) will be read from the RAX (64 bits) register.

After every free the last item in the backtrace (the free itself) will be shown. With the libc6-dbg package installed you can see the address passed as the first argument of free.

@Tatsh
Tatsh / screenshot-win32.c
Created May 10, 2012 03:52
Make a screen shot (Win32)
#include <windows.h>
#include <stdio.h>
void errhandler(char *msg) {
printf("%s\n", msg);
}
PBITMAPINFO CreateBitmapInfoStruct(HWND hwnd, HBITMAP hBmp)
{
BITMAP bmp;
@staaldraad
staaldraad / veripos_fuzz.py
Last active June 30, 2022 17:49
Fuzz Verifone PoS terminals through exposed port
#!/usr/env/python
'''
Script for fuzzing verifone terminal/pos devices. This is a bad reverse-engineer and implementation of the official protocol: http://web.archive.org/web/20120603221525/http://www.verifone.com/PDF/guides/tcl_ref.pdf
Should work fine. Official docs were only found after the initial implementation. Not fully tested with CRC-16 checksum correctly implemented.
Author: [email protected]
Version: 1.0
License: GNU GENERAL PUBLIC LICENSE (GNU) Version 2
'''
@ErikAugust
ErikAugust / spectre.c
Last active January 5, 2025 07:01
Spectre example code
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif
@four0four
four0four / 01-zynq-uart.md
Last active May 12, 2024 04:20
Zynq BootROM Secrets - UART loader

Zynq BootROM Secrets: UART loader

Recently I acquired (md5: ADF639AFE9855EE86C8FAAD216C970D9) the Zynq bootrom, and during the reversing process uncovered some interesting secrets, one of which is an as-of-yet undocumented UART loader. As documented the Zynq bootrom will load from NOR/NAND/SPI flashes, eMMC/SDIO-based storage (unfortunately) not USB, or anything else more complex.

Not sure why Xilinx didn't document this. In my brief testing it is super unreliable if you just spit everything at once - they reset the RX/TX paths during the process, so timing is critical, but that might be the janky meter-long ftdi cable. You can change the baudrate during the process, but I was too lazy to do the math.

Here's the disassembly that made me look twice (that, and checks for the MIO boot_mode[2:0] that weren't specified in the docs :)):

ROM:0000A220 BL              uart_init
@lauhayden
lauhayden / mono-fm.py
Created February 10, 2021 02:43
Simple mono FM radio demodulator in Python
"""
Mono FM Demodulator
Dependencies:
numpy
scipy
This script is meant to take in raw IQ samples from stdin and output audio samples via stdout.
An SDR utility like rtl_sdr (from librtlsdr) can be used to capture IQ samples and a media