For some reason IDA executes FreeLibrary() to the plugin immediately after getting its PLUGIN structure's address, so later invocations of the plugin lead to calls to nowhere (that was supposed to be python3.dll). Simply patching the location of the FreeLibrary() call fixes the issue. The location is easy to find: go by cross-references to a place where the call to FreeLibrary is followed by a reference to the string "%s: incompatible plugin version..." and NOP it away.
Duncan Ogilvie mrexodia
🍍
bolry
/ example.cpp
Created
November 4, 2021 09:06
Visual struct layout and padding bytes by Vittorio Romeo, gcc.godbolt.org/z/aG5dedPbn
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Pretty-printer for `struct` layout and padding bytes | |
| // by Vittorio Romeo (@supahvee1234) (https://vittorioromeo.info) | |
| #include <boost/pfr.hpp> | |
| #include <iostream> | |
| #include <tuple> | |
| #include <utility> | |
| #include <type_traits> | |
| #include <typeinfo> | |
| #include <cmath> |
mmozeiko
/ tls_client.c
Last active
July 23, 2025 11:25
simple example of TLS socket client using win32 schannel api
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define WIN32_LEAN_AND_MEAN | |
| #include <winsock2.h> | |
| #include <windows.h> | |
| #define SECURITY_WIN32 | |
| #include <security.h> | |
| #include <schannel.h> | |
| #include <shlwapi.h> | |
| #include <assert.h> | |
| #include <stdio.h> |
aaaddress1
/ memBruteforce.cpp
Last active
February 20, 2024 11:16
Windows 32-bit Shellcode Design without TEB & fs:30h
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // memBruteforce.cpp by [email protected] | |
| // brute search loaded moudules in memory | |
| // rewrite from https://www.exploit-db.com/exploits/45293 | |
| #include <Windows.h> | |
| #include <iostream> | |
| #pragma warning(disable:4996) | |
| bool isMemExist(size_t addr) { | |
| int retv; | |
| __asm { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ Extends Ero Carrera's pefile with the functionality for parsing exception tables (SEH support). | |
| Beginning from version 2021.9.3, this functionality has been integrated into pefile, so you will | |
| need pefileseh.py only if you use an older version of pefile. | |
| Only x64 and IA64 architectures are supported. | |
| Classes defined in this module: | |
| * StructureWithBitfields | |
| * ExceptionsDirEntryData |
chris124567
/ DeriveZeroMBA.cpp
Last active
August 26, 2024 20:27
create convoluted MBA expressions that always evaluate to 0. for instance `(a & ~b & ~c | a & ~b & c | a & b & ~c | a & b & c)*1 - (~a & ~b & ~c | a & ~b & ~c | a & ~b & c | a & b & ~c | a & b & c) + (~a & ~b & ~c)` will evaluate to 0 regardless of the values of a, b, or c. code mostly ported from https://github.com/Pusty/Obfuscat/blob/master/ut…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <z3++.h> | |
| #include <armadillo> | |
| #include <array> | |
| #include <cmath> | |
| #include <cstdlib> | |
| #include <ctime> | |
| #include <functional> | |
| #include <iostream> | |
| #include <numeric> |
stevemk14ebr
/ stpgetargtype_dump.json
Created
April 11, 2021 18:15
DTrace's StpGetArgType accesses a metadata table that stores complete arg type information for every syscall.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| [ | |
| "NtLockProductActivationKeys", | |
| [ | |
| "UInt32 *", | |
| "UInt32 *" | |
| ] | |
| ], | |
| [ | |
| "NtLockProductActivationKeys", |
tandasat
/ CheckGuestVmcsFieldsForVmEntry.c
Last active
June 16, 2025 18:10
Simulation of checks performed as per 26.3 CHECKING AND LOADING GUEST STATE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * @file CheckGuestVmcsFieldsForVmEntry.c | |
| * @author Satoshi Tanda ([email protected]) | |
| * @brief Checks validity of the guest VMCS fields for VM-entry as per | |
| * 26.3 CHECKING AND LOADING GUEST STATE | |
| * @version 0.1 | |
| * @date 2021-02-20 | |
| * | |
| * @details This file implements part of checks performed by a processor during | |
| * VM-entry as CheckGuestVmcsFieldsForVmEntry(). This can be called on VM-exit |
bluewalk
/ GetNordVPNWireGuardDetails.md
Last active
August 1, 2025 19:50
Getting NordVPN WireGuard details
Instructions to obtain WireGuard details of your NordVPN account. These can be used to setup a WireGuard tunnel on your router to NordVPN.
Source: https://forum.gl-inet.com/t/configure-wireguard-client-to-connect-to-nordvpn-servers/10422/27
If you have any linux machine, use that or install a vm if you don't have one.
Get their official linux app installed. Make sure you have wireguard installed too. And set the used technology to Nordlynx by running nordvpn set technology nordlynx