Skip to content

Instantly share code, notes, and snippets.

View hxm-cpp's full-sized avatar
:octocat:

hxm-cpp

:octocat:
View GitHub Profile
@hxm-cpp
hxm-cpp / FindInvalidMemoryReferences.java
Created November 17, 2024 20:53 — forked from starfleetcadet75/FindInvalidMemoryReferences.java
Ghidra script that searches all instructions for any references to undefined memory addresses. Useful for reversing firmware when you are still determining the correct memory mappings. Invalid addresses could indicate that you need to add a new segment at that address.
// Searches all instructions for any references to undefined memory addresses.
// Useful for reversing firmware when you are still determining the correct memory mappings.
// Invalid addresses could indicate that you need to add a new segment at that address.
//
// @author starfleetcadet75
// @category Search
// @keybinding
// @menupath
// @toolbar
@hxm-cpp
hxm-cpp / bn-cheat.md
Created November 17, 2024 16:24 — forked from alexander-hanel/bn-cheat.md
Cheat Sheet for Binary Ninja
define noundef ptr @Func_180000000(ptr readonly returned %MEMORY, i64 %RAX, i64 %RBX, i64 %RCX, i64 %RDX, i64 %RBP, i64 %R8, i64 %R9, i64 %R10, i64 %R11, i64 %R12, i64 %R13, i64 %R14, i64 %R15, i64 %GSBASE, i64 %FSBASE) local_unnamed_addr #0 {
%0 = load ptr, ptr %MEMORY, align 8, !tbaa !6
%1 = getelementptr inbounds i8, ptr %0, i64 99992
%2 = getelementptr inbounds i8, ptr %0, i64 99984
%3 = getelementptr inbounds i8, ptr %0, i64 99976
%4 = getelementptr inbounds i8, ptr %0, i64 99968
store i64 %RDX, ptr %3, align 8, !tbaa !11
%5 = getelementptr inbounds i8, ptr %0, i64 99952
%6 = getelementptr inbounds i8, ptr %0, i64 99936
@hxm-cpp
hxm-cpp / WindowsApisPrefixes.txt
Last active September 13, 2023 12:58
Windows Apis Prefixes
Alpc = Advanced Local Inter-Process Communication
Cc = Common Cache
Cm = Configuration Manager
Dbgk = Debugging Framework for User-Mode
Em = Errata Manager