Duncan Ogilvie mrexodia

Here's a list of mildly interesting things about the C language that I learned mostly by consuming Clang's ASTs. Although surprises are getting sparser, I might continue to update this document over time.

There are many more mildly interesting features of C++, but the language is literally known for being weird, whereas C is usually considered smaller and simpler, so this is (almost) only about C.

1. Combined type and variable/field declaration, inside a struct scope [https://godbolt.org/g/Rh94Go]

struct foo {
   struct bar {
 int x;

I use PlantUML a lot. It's what I use for drawing all sorts of diagrams and it's handy because of its easy markup (once you get used to it) while making things easy to maintain as projects grow (thanks to version control)

This gist explains how I do my PlantUML workspace in a project.

The idea is to keep a globals directory for all diagrams to follow (like the "stylesheet" below) to keep things consistent.
I use a stylesheet.iuml file that keeps the use of colors consistent through use of basic FOREGROUND, BACKGROUND and ACCENT colors.
The style-presets.iuml file defines these colors so you can make "presets" or "themes" out of them.
As stated in the stylesheet.iuml, you'll need the Roboto Condensed and Inconsolata fonts for these to work properly.
You can choose to either run the PlantUML jar over your file/s, or use an IDE like VSCode with the PlantUML extension. Here's a preview of example-sequence.puml for example: https://imgur.com/Klk3w2F

This is a technique for extracting all imported modules from a packaged Python application as .pyc files, then decompiling them. The target program needs to be run from scratch, but no debugging symbols are necessary (assuming an unmodified build of Python is being used).

This was originally performed on 64-bit Linux with a Python 3.6 target. The Python scripts have since been updated to handle pyc files for Python 2.7 - 3.9.

Theory

In Python we can leverage the fact that any module import involving a .py* file will eventually arrive as ready-to-execute Python code object at this function:

PyObject* PyEval_EvalCode(PyObject *co, PyObject *globals, PyObject *locals);

	pragma solidity ^0.4.19;

	contract ERC20Basic {

	string public constant name = "ERC20Basic";
	string public constant symbol = "BSC";
	uint8 public constant decimals = 18;


	event Approval(address indexed tokenOwner, address indexed spender, uint tokens);

	#if _CRT_DISABLE

	extern "C" int _fltused = 0x9875;

	#define WIN32_LEAN_AND_MEAN
	#include <stdint.h>
	#include <limits.h>
	#include <windows.h>

	//#include <Windows.h>

	##############################################################################
	#
	# Name: hello_world_plugin.py
	# Auth: @cmatthewbrooks
	# Desc: A test plugin to learn how to make these work; Specifically, how to
	# have multiple actions within the same plugin.
	#
	# In plain English, IDA will look for the PLUGIN_ENTRY function which
	# should return a plugin object. This object can contain all the
	# functionality itself, or it can have multiple actions.

	//
	// NtContinueEx is now used by ntdll!KiUserApcDispatcher.
	// The KCONTINUE_ARGUMENT structure is built in the KiInitializeUserApc
	// function.
	//

	typedef enum _KCONTINUE_TYPE
	{
	KCONTINUE_UNWIND,
	KCONTINUE_RESUME,

	import idaapi, idc, idautils


	class DecryptorError(Exception):
	pass


	def rc4crypt(key, data):
	x = 0
	box = range(256)

Duncan Ogilvie mrexodia

1. Combined type and variable/field declaration, inside a struct scope [https://godbolt.org/g/Rh94Go]

Theory

IDAPython cheatsheet

Important links

Basic commands

Get informations on the binary

	# an example of the way how undocumented option of MSVC compiler, /d1reportallclasslayout,
	# can be used to generate static reflection information for C++ sources

	import sys
	import re
	import subprocess

	cl_exe = 'C:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Community\\VC\\Tools\\MSVC\\14.16.27023\\bin\Hostx64\\x64\\cl.exe'

	file = 'test.cc'