alastorid alastorid
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Text; | |
| using System.Text.RegularExpressions; | |
| using System.Threading; | |
| using System.Threading.Tasks; | |
| using System.Windows.Forms; | |
| namespace ConsoleApplication2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| '{s/^\([^\$]*\), \(.*\)$/\2 , \1/; ;s/^\(\$[0-9]\+.\)\?\$\([0-9]\+\)[^,]*,/\$\2 ,/;p}' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| for i in $* ;do | |
| f_in="$i" | |
| f_out=`echo "$f_in"|sed 's/\./\.out\./'` | |
| if (echo "$f_in"|sed '/\.out\./ q 1;q0' >/dev/null) then | |
| #echo "$f_in -> $f_out" | |
| ffmpeg -i "$f_in" -c:a copy -map 0:a? -c:s copy -map 0:s? -c:v hevc -map 0:v -preset medium -x265-params crf=20:qcomp=0.75:me=star "$f_out" | |
| fi | |
| done |
alastorid
/ show segment name of every exported entries
Created
July 10, 2020 16:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi | |
| out = "" | |
| for index, ordinal, ea, name in list(idautils.Entries()): | |
| seg_name = ida_segment.get_segm_name(ida_segment.getseg(ea)) | |
| out += ("%08X %s %s\n" %(ea, name, seg_name)) | |
| print out |
alastorid
/ pdbdump.c
Last active
July 11, 2020 05:21
— forked from mridgers/pdbdump.c
Small tool to give you the result of ? nt!MiValidateSectionSigningPolicy - nt!PsInitialSystemProcess
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //------------------------------------------------------------------------------ | |
| // pdbdump.c - dump symbols from .pdb and executable files (public domain). | |
| // - to compile; cl.exe /Ox /Zi pdbdump.c | |
| // - | |
| // - Martin Ridgers, pdbdump 'at' fireproofgravy.co.uk | |
| //------------------------------------------------------------------------------ | |
| #include <stdio.h> | |
| #include <Windows.h> | |
| #include <DbgHelp.h> |
alastorid
/ GetThreadCount.c
Created
July 29, 2020 10:08
tested on 18363, structures may be different across versions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #pragma comment(lib, "ntdll") | |
| #define STATUS_INFO_LENGTH_MISMATCH 0xC0000004L | |
| #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) | |
| #define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 ) | |
| typedef enum _SYSTEM_INFORMATION_CLASS | |
| { | |
| SystemProcessInformation = 5, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NTSTATUS GetLuid(PLUID pLuid) | |
| { | |
| NTSTATUS status; | |
| ULONG ReturnLength; | |
| TOKEN_STATISTICS token_statistics; | |
| ReturnLength = 0; | |
| if ( NULL == pLuid ) | |
| return STATUS_INVALID_PARAMETER; | |
| status = NtQueryInformationToken( |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #pragma comment(lib, "ntdll") | |
| #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) | |
| #define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 ) | |
| NTSTATUS | |
| NtQueryInformationToken ( | |
| HANDLE TokenHandle, | |
| TOKEN_INFORMATION_CLASS TokenInformationClass, | |
| PVOID TokenInformation, | |
| ULONG TokenInformationLength, |
alastorid
/ CompressEx.cmd
Created
August 7, 2020 06:07
believe it or not, it will always compress your stuffs into a neatly square block of code, using lovely makecab, suitable for less than 4 files, since it tries all combinations to make it as tiny as possible
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pushd %TMP% | |
| @( | |
| echo TVNDRgAAAADAAwAAAAAAACwAAAAAAAAAAwEBAAEAAACLBQAASwAAAAE | |
| echo AAQDxBwAAAAAAAAAA2FA0jSAAY29tcHJlc3NleC5wczEAHxubnW0D8Q | |
| echo dDS5VV3W/bNhB/N+D/gRC4VLRL1R6KPQTI5iBtsgFpESQD9pAVKSOeb | |
| echo C6U6FE0nM7x/947fTsNtk4PpO5+98Xj3ZGHfM1O2O1yY/Sn4+OPsL3A | |
| echo v1gktI1HvNhYi3j+oI1nJNzzUt0wts4/ZNZtWZaNR7vxiOG3Vl7lMVd | |
| echo +KWrGufPvVbpi8goRa8EyRJkp2ECm0aWPG/0vYQ3ktM5QMOI7o/cJEt | |
| echo EAS9V9jyExxMJj6DEkBtii+U9KCOxM3ZsCwkeVw/ykszQQeGfKh3fGQ | |
| echo xqc/zI/Sf78VvncWDhzmyL8vvJQrpzVJ7OB1DkywH+X0I35B17GP6jH |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pushd %TMP% | |
| @( | |
| echo TVNDRgAAAAAvAwAAAAAAACwAAAAAAAAAAwEBAAEAAAAXAgAAQwA | |
| echo AAAEAAQBGBgAAAAAAAAAAB1FDbiAAc2IucHMxANlelZHkAkYGQ0 | |
| echo uNVF9P1EAQf7/kvsOkWaW9cwsY4gMJegQFTdAYMPEBDazd6d1Ku | |
| echo 3tp9wJ43Hd3pt1eDzRoHzqd3/yfzozw5RwO4GK6MPr7/v4nvDmh | |
| echo rzhJmQwHwi6KguTltTYVsHKPZToA+cJm3jgLeT4cLIcDoGeuKlX | |
| echo GQiUtK4x+IkrQ0TonpUgsjV6lxEQBz9SPHiemw/2t73FiAj4hmt | |
| echo bo4Uj9MBb9J1Xi7sHaOgjfmvr6rakw86662z1Ivz00OjYFHrmF9 | |
| echo V9mFdYzV+iDnaBxTAxW/1Q4N7/wT9lHdRsisHwT5oTWTh8LOuXl |