Mahmoud Rusty Abdelkader mahmoudimus

This has been forked from https://gist.github.com/Alex4386/4cce275760367e9f5e90e2553d655309

For the latest discussion, see the comments there.

Updated guide (for CrossOver 20.0.0)

Install dependencies: Xcode developer tools (Command Line); cmake; gcc or clang to compile C code; bison >= 3.0 (can be upgraded via homebrew); xquartz; flex; mingw-w64; pkgconfig; you might also need freetype with brew install freetype
Make sure the right version of bison is in path: brew upgrade bison then check version and cd /usr/local/Cellar/bison/<version>/bin and export PATH="$(pwd):$PATH" then check with which bison
Download source (CodeWeavers CrossOver FOSS version Source) and extract it (double click the file in Finder or untar it: tar -xz source.tar.gz)
Add missing wine/include/distversion.h file with this content:

IDAPython cheatsheet

Important links

Basic commands

Get informations on the binary

ZSH CheatSheet

This is a cheat sheet for how to perform various actions to ZSH, which can be tricky to find on the web as the syntax is not intuitive and it is generally not very well-documented.

Strings

Description	Syntax
Get the length of a string	`${#VARNAME}`
Get a single character	`${VARNAME[index]}`

Command line usage

pandoc pandoc --quiet -f gfm -s somefile.md

What the options mean:

--quiet: supress "[WARNING] This document format requires a nonempty <title> element."
-f gfm: input format is Github Flavored Markdown

How to Convert iBook EPUBs to standard EPUBs

iBooks EPUBs actually show up on macOS as folders. If you need the actual file you can use the above script to convert your iBook directory of files to a destination directory.

The path of iBook files as of macOS 10.15.7 is: /Users/${USER}/Library/Mobile Documents/iCloud~com~apple~iBooks/Documents

	"""
	@file patmake.py
	@brief Creates a pattern file from a database
	@author neat
	"""
	import os

	import idautils
	import ida_bytes
	import ida_funcs

	##############################################################################
	#
	# Name: hello_world_plugin.py
	# Auth: @cmatthewbrooks
	# Desc: A test plugin to learn how to make these work; Specifically, how to
	# have multiple actions within the same plugin.
	#
	# In plain English, IDA will look for the PLUGIN_ENTRY function which
	# should return a plugin object. This object can contain all the
	# functionality itself, or it can have multiple actions.

	#!/usr/bin/env python

	# Script associated with the blog post: https://lief-project.github.io/blog/2022-05-08-macho/
	# It demonstrates code injection with shell-factory and LIEF

	import lief
	import pathlib
	from pathlib import Path

	CWD = Path(__file__).parent

	# SiInit
	299D6F8B-2EC9-4E40-9EC6-DDAA7EBF5FD9 12 P:81E10080000033C1:9090909090909090

	# PpmInitialize Reset IA32_TSC_ADJUST to 0 instead of enforcing 0xE2 lock
	3FFCAE95-23CF-4967-94F5-16352F68E43B 10 P:742CB9E20000000F3248C1E220480BC20FBAE00F488944240872130FBAE80F89442408488B54240848C1EA200F30:BA00000000B800000000B93B0000000F309090909090909090909090909090909090909090909090909090909090

	# CpuInitPei Reset IA32_TSC_ADJUST to 0 instead of enforcing 0xE2 lock
	01359D99-9446-456D-ADA4-50A711C03ADA 12 P:B9E20000000F328BC8BE0080000023CE0BCF75190BC6894424088954240C8B54240C8B442408B9E20000000F30:BA00000000B800000000B93B0000000F3090909090909090909090909090909090909090909090909090909090

	# CpuMpDxe to disable TSC writes

	# Attempts to demangle all mangled symbols in the current program using the Rust
	# mangling schemes, and replace the default symbol and function signature
	# (if applicable) with the demangled symbol.
	#
	# License: MIT OR Apache-2.0
	#@author Jack Grigg <[email protected]>
	#@category Symbol

	import string