Zhang M1suzu

XNU syscall path

Chart

             +------------------+
             |These push their  |                                  +-----------------------+
             |respective syscall|                                  |This overwrites the    |
             |dispatch functions|                                  |saved dispatch function|
             |onto the stack    |                                  |with hndl_alltraps     |

It is possible to use LLDB with VMware's debug server. While the virtual machine is powered off, add the following to its .vmx file:

debugStub.listen.guest64 = "TRUE"

In LLDB, you will need the x86_64 target definitions file.

(lldb) settings set plugin.process.gdb-remote.target-definition-file x86_64_target_definition.py

	# build wine Docker image
	pushd wine; docker build -t wine .; popd

	# build x11 Docker image for IDA
	pushd ida; docker build -t wine/ida .; popd

	# demonstrate x11 forwarding works
	docker run -ti --rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix wine/ida xclock

	# interactive shell in container

	#
	# Show a hint when the user has his mouse on an instruction
	#
	import idaapi
	import idautils

	class Hooks(idaapi.UI_Hooks):
	def get_custom_viewer_hint(self, view, place):
	insn = idautils.DecodeInstruction(place.toea())
	if insn:

	#
	# Show a hint when the user's mouse is on a register
	#
	from idaapi import *
	import idautils

	def extract_reg(line, cx):
	linelen = len(line)
	if cx >= linelen:
	return

	#!/usr/bin/env python
	# dump-images.py
	#
	# Extract all the image data from the banners and store them as separate images
	# in a provided output directory.
	#
	# Example:
	# shodan download --limit -1 screenshots.json.gz has_screenshot:true
	# ./dump-images.py screenshots.json.gz images/

	0trace 1.5 A hop enumeration tool http://jon.oberheide.org/0trace/
	3proxy 0.7.1.1 Tiny free proxy server. http://3proxy.ru/
	3proxy-win32 0.7.1.1 Tiny free proxy server. http://3proxy.ru/
	42zip 42 Recursive Zip archive bomb. http://blog.fefe.de/?ts=b6cea88d
	acccheck 0.2.1 A password dictionary attack tool that targets windows authentication via the SMB protocol. http://labs.portcullis.co.uk/tools/acccheck/
	ace 1.10 Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface http://ucsniff.sourceforge.net/ace.html
	admid-pack 0.1 ADM DNS spoofing tools - Uses a variety of active and passive methods to spoof DNS packets. Very powerful. http://packetstormsecurity.com/files/10080/ADMid-pkg.tgz.html
	adminpagefinder 0.1 This python script looks for a large amount of possible administrative interfaces on a given site. http://packetstormse

	#!/usr/bin/env python

	import errno
	import os
	import plistlib
	import sys
	import urllib

	def makedirs_if_absent(path):
	try:

	import idaapi
	import idc
	#import idautils
	import sys

	#NOTE: may have to run this a few times to get to the end of the IDB, haven't bothered fixing this

	def add_struct_to_idb(name):
	idc.Til2Idb(-1, name)

	////////////////////////Château-Saint-Martin//////////////////////////////////////////////////////////////////////////////////////////////////
	// /////////////////////////////////////////////////////////////////////
	// FileName : VMProtect Ultra Unpacker 1.0 ////////////////////////////////////////////////////////////////////
	// Features : ///////////////////////////////////////////////////////////////////
	// This script can unpack your VMProtected targets //////////////////////////////////////////////////////////////////
	// completely and independently in the best case. /////////////////////////////////////////////////////////////////
	// If your target is protected with a older VMP ////////////////////////////////////////////////////////////////
	// version then it can be ne