patois
/ child-gating-poc.py
Created
November 15, 2022 19:11
— forked from pellaeon/child-gating-poc.py
Frida child-gating and spawn-gating example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| This POC is based on example from https://frida.re/news/#child-gating | |
| and is aimed to instrument child processes along with the main one. | |
| """ | |
| from __future__ import print_function | |
| import frida | |
| from frida_tools.application import Reactor | |
| import threading |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .386 | |
| .model flat,stdcall | |
| option casemap:none | |
| include include\windows.inc | |
| include include\kernel32.inc | |
| include include\comdlg32.inc | |
| include include\user32.inc | |
| includelib lib\kernel32.lib | |
| includelib lib\comdlg32.lib | |
| includelib lib\user32.lib |
patois
/ config.t32
Last active
September 14, 2022 07:04
ARM(32) Code Snippet debugging with GDB Lauterbach Trace32 Simulator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PBI=SIM | |
| PRINTER=WINDOWS | |
| SCREEN= | |
| HEADER=TRACE32 ARM SIMULATOR | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Install TRACE32 for V850/RH80 from https://www.lauterbach.com/frames.html?download_demo.html | |
| 2. copy *.cmm to the TRACE32 installation folder | |
| 3. overwrite config.t32 found in the TRACE32 installation folder with the one provided, edit "SYS variable | |
| 4. add the content provided with "gdb_arch.cfg" to the existing %IDADIR%\cfg\gdb_arch.cfg file | |
| 5. open the file "ghv850.cfe" from the TRACE32 installation folder with IDA | |
| 6. In IDA, go to "Debugger -> Select debugger", pick "Remote GDB debugger" | |
| 7. Go to "Debugger -> Debugger options -> Set specific options", tick the | |
| "Run a program..." checkbox, then click "choose a configuration", pick the configuration | |
| named "TRACE32: Renesas RH850 (ELF)" and confirm. | |
| 8. Go to "Debugger -> Process options...", fill the hostname (127.0.0.1) and port (30000) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Install TRACE32 for Tricore from https://www.lauterbach.com/frames.html?download_demo.html | |
| 2. place ida.cmm into the TRACE32 installation folder | |
| 3. overwrite config.t32 found in the TRACE32 installation folder with the one provided | |
| 4. change the "SYS" variable of this config.t32 file to point to your TRACE32 install folder | |
| 5. edit %IDADIR%\cfg\gdb_arch.cfg as described in the provided "gdb_arch.cfg" file | |
| 6. open the file "demo.elf" from the TRACE32 installation folder with IDA | |
| 7. In IDA, go to "Debugger -> Select debugger", pick "Remote GDB debugger" | |
| 8. Go to "Debugger -> Debugger options -> Set specific options", tick the | |
| "Run a program..." checkbox, then click "choose a configuration" (which should fill | |
| the "command line" edit field) and confirm. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <idc.idc> | |
| static GetExtfunFlags(flags) | |
| { | |
| auto s = 0; | |
| if ((flags & 1) == 1) | |
| s = "EXTFUN_BASE"; | |
| if ((flags & 2) == 2) | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from idaapi import * | |
| # with code taken from | |
| # - http://hexblog.com/idapro/vmware_modules.py | |
| # - HexRays forum | |
| # - https://gist.github.com/nmulasmajic/f90661489f858237bcd68fbde5516abd#file-find_nt_imagebase_x64-py | |
| class LoadedModulesList(Choose2): | |
| def __init__(self, title, modlistEA=BADADDR, flags=0, width=None, height=None, embedded=False, modal=False): |
patois
/ gist:4627f2d852ef863732c4
Created
June 10, 2015 22:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <string.h> | |
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include "draw.h" | |
| #include "hid.h" | |
| #include "firm.h" | |
| void ClearTop (void) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #pragma once | |
| #include "firm.h" | |
| int get_section_by_address (void *address) { | |
| int i; | |
| struct firm_section_header volatile *sh; | |
| for (i=0; i < FIRM_MAX_SECTION_COUNT; i++) { | |
| sh = &firm->section_headers[i]; | |
| if ((sh->address <= address) && (address < (sh->address + sh->size))) { |
NewerOlder