Skip to content

Instantly share code, notes, and snippets.

View pedramamini's full-sized avatar

Pedram Amini pedramamini

View GitHub Profile
pedramamini /
Created August 19, 2016 13:41 — forked from williballenthin/
generate a yara rule that matches the basic blocks of the current function in IDA Pro
IDAPython script that generates a YARA rule to match against the
basic blocks of the current function. It masks out relocation bytes
and ignores jump instructions (given that we're already trying to
match compiler-specific bytes, this is of arguable benefit).
If python-yara is installed, the IDAPython script also validates that
the generated rule matches at least one segment in the current file.
author: Willi Ballenthin <[email protected]>
pedramamini / disable_ddeauto.reg
Created October 20, 2017 03:41 — forked from wdormann/disable_ddeauto.reg
Disable DDEAUTO for Outlook, Word, and Excel versions 2010, 2013, 2016
Windows Registry Editor Version 5.00