Skip to content

Instantly share code, notes, and snippets.

View ek0's full-sized avatar

Jessy Campos ek0

26 followers · 18 following
View GitHub Profile
@ek0
ek0 / ast-fun.rs
Last active May 28, 2025 21:59
use std::fs;
use tree_sitter::{InputEdit, Language, Node, Parser, Point};
use tree_sitter_cpp;
fn find_matching_parenthesis(node: &Node) -> Option<usize> {
for index in (0..node.child_count()).rev() {
println!("{}", node.child(index).unwrap());
let current = node.child(index).unwrap();
if current.kind() == ")" {
@ek0
ek0 / scope_extractor.cc
Created May 27, 2025 02:26
#include <clang/AST/ASTConsumer.h>
#include <clang/AST/RecursiveASTVisitor.h>
#include <clang/Frontend/FrontendAction.h>
#include <clang/Frontend/FrontendActions.h>
#include <clang/Tooling/CommonOptionsParser.h>
#include <clang/Tooling/Tooling.h>
#include <llvm/Support/CommandLine.h>
#include <llvm/Support/MemoryBuffer.h>
#include <filesystem>
@ek0
ek0 / lua_repl.rs
Last active February 4, 2025 02:05
use mlua::Lua;
use rustyline::{
CompletionType, Config, EditMode, Editor,
completion::{Completer, Pair, extract_word},
error::ReadlineError,
history::FileHistory,
};
use rustyline_derive::{Helper, Highlighter, Hinter, Validator};
struct MyObject {
@ek0
ek0 / get_object_name.cc
Created February 21, 2022 21:29
Get object name for handle
// Returns an OBJECT_NAME_INFORMATION object pointed by name
// Caller must free `name` after usage
UNICODE_STRING* GetObjectNameInformation(HANDLE object_handle)
{
ULONG length = 0;
UNICODE_STRING* obj = (UNICODE_STRING*)malloc(sizeof(UNICODE_STRING));
NTSTATUS(*myNtQueryObject)(HANDLE, ObjectInfoClass, UNICODE_STRING*, uint32_t, PULONG) = (NTSTATUS(*)(HANDLE, ObjectInfoClass, UNICODE_STRING*, uint32_t, PULONG))GetProcAddress(GetModuleHandle("ntdll"), "NtQueryObject");
NTSTATUS status = myNtQueryObject(object_handle, ObjectNameInformation, obj, sizeof(UNICODE_STRING), &length);
if (!NT_SUCCESS(status) && (status == 0xc0000004 || status == 0x80000005))
{
@ek0
ek0 / test_x86.cc
Last active February 1, 2023 22:20
Various functions to test different lifting/disassembly/decompilation from static analysis tools.
// adder.cpp : This file contains the 'main' function. Program execution begins and ends there.
//
#include <iostream>
#include <cstdint>
#include <intrin.h>
//#include <mmintrin.h>
//#include <emmintrin.h>
uint64_t add(uint64_t a, uint64_t b)
@ek0
ek0 / Create-REFolder.ps1
Created March 28, 2020 22:35
param([Parameter(Mandatory=$true)] [String]$File)
# PATH of your RE projects.
$re_path = "D:\RE\"
$temp_filename = Split-Path $File -leaf
if(-not (Test-Path ($re_path + $temp_filename + "\") -PathType Container))
{
# Add subfolder
}
else
@ek0
ek0 / dump_page.cpp
Created February 28, 2020 23:28
void DumpPages(void* address)
{
MEMORY_BASIC_INFORMATION mem_info;
FILE* desc = nullptr;
FILE* bin = nullptr;
char module_name[MAX_PATH] = { 0 };
char desc_filename_buffer[MAX_PATH] = { 0 };
char bin_filename_buffer[MAX_PATH] = { 0 };
char buffer[0x1000] = { 0 };
snprintf(desc_filename_buffer, MAX_PATH, "desc_%#016" PRIx64 ".txt", address);
@ek0
ek0 / guid.py
Created February 25, 2020 00:38
import ctypes
import ctypes.wintypes
class GUID(ctypes.Structure):
_fields_ = [("Data1", ctypes.wintypes.DWORD),
("Data2", ctypes.wintypes.WORD),
("Data3", ctypes.wintypes.WORD),
("Data4", ctypes.c_ubyte * 8)]
def __repr__(self):
return "{0:08X}-{1:04X}-{2:04X}-{3:02X}{4:02X}-{5:02X}{6:02X}{7:02X}{8:02X}{9:02X}{10:02X}".format(self.Data1,
@ek0
ek0 / qbdi_test.cpp
Created October 29, 2019 00:15
QBDI tests
#include <iostream>
#include <iomanip>
#include <QBDI.h>
int Test(int a, int b)
{
return a + b;
}
@ek0
ek0 / ida7_utils.py
Last active October 28, 2019 00:31
Small re-implementation of removed functions
def crefs_from(address = here()):
current = ida_xref.get_first_cref_from(address)
while current != ida_idaapi.BADADDR:
yield current
current = ida_xref.get_next_cref_from(address, current)
def crefs_to(address = here()):
current = ida_xref.get_first_cref_to(address)
while current != ida_idaapi.BADADDR:
yield current