The CTREE is built from the optimized microcode (maturity at CMAT_FINAL), it represents an AST-like tree with C statements and expressions. It can be printed as C code.
peta909
/ PE PACKER
Created
October 19, 2023 12:22
— forked from securitygab/PE PACKER
A simple x86 packer that uses APLib,
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ######################################### | |
| # Created by @kuroi_dotsh - KuroiSH # | |
| # Website: https://dengisan.nl/ # | |
| # E-mail: [email protected] # | |
| ######################################### | |
| ; | |
| ; The executable is stored in the final section, so that it does not need | |
| ; relocations (as we can simply load it over our own headers and pad with | |
| ; virtualsize to keep our module running). |
peta909
/ idapython_ctree.md
Created
January 16, 2022 12:11
— forked from icecr4ck/idapython_ctree.md
Notes on CTREE usage with IDAPython
peta909
/ x96shell_msgbox.asm
Created
May 8, 2021 01:47
— forked from aaaddress1/x96shell_msgbox.asm
x96 Windows Shellcode: one payload able to used in both 32-bit & 64-bit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; x96 shellcode (x32+x64) by [email protected] | |
| ; yasm -f bin -o x96shell_msgbox x96shell_msgbox.asm | |
| section .text | |
| bits 32 | |
| _main: | |
| call entry | |
| entry: | |
| mov ax, cs | |
| sub ax, 0x23 | |
| jz retTo32b |
peta909
/ main.cpp
Created
November 14, 2020 15:46
— forked from hasherezade/main.cpp
Get PEB64 from a WOW64 process
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iostream> | |
| #include "ntdll_undoc.h" | |
| PPEB get_default_peb() | |
| { | |
| #if defined(_WIN64) | |
| return (PPEB)__readgsqword(0x60); | |
| #else |
peta909
/ Wow64Hook.cpp
Created
August 27, 2020 16:21
— forked from hoangprod/Wow64Hook.cpp
Wow64Hook example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #include <iostream> | |
| LPVOID lpJmpRealloc = nullptr; | |
| DWORD Backup_Eax, Handle, Address_1, New, Old, *DwSizee; | |
| const DWORD_PTR __declspec(naked) GetGateAddress() | |
| { | |
| __asm | |
| { |
peta909
/ hyperdetect.c
Created
June 27, 2020 02:23
— forked from drew-gpf/hyperdetect.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //this requires being able to run at kernel mode and assumes you're using MSVC | |
| //this also uses an unnamed structure for cr0_t, which is a nonstandard extension of the C language | |
| //data structure for cr0 | |
| typedef union _cr0_t | |
| { | |
| struct | |
| { | |
| uint64_t protection_enable : 1; |
peta909
/ peb_parsing.md
Created
June 26, 2019 10:32
— forked from williballenthin/peb_parsing.md
_0:00F20012 33 D2 xor edx, edx
_0:00F20014 64 8B 52 30 mov edx, fs:[edx+30h] // TEB->PEB
_0:00F20018 8B 52 0C mov edx, [edx+0Ch] // PEB->LDR_DATA
_0:00F2001B 8B 52 14 mov edx, [edx+14h] // LDR_DATA->InMemoryOrderLinks (_LDR_DATA_TABLE_ENTRY)
// alt: 0xC: InLoadOrderLinks
// alt: 0x1C: InInitializationOrderLinks
peta909
/ hello_world_plugin.py
Created
April 26, 2019 00:47
— forked from cmatthewbrooks/hello_world_plugin.py
The simplest possible IDA plugin with multiple actions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################## | |
| # | |
| # Name: hello_world_plugin.py | |
| # Auth: @cmatthewbrooks | |
| # Desc: A test plugin to learn how to make these work; Specifically, how to | |
| # have multiple actions within the same plugin. | |
| # | |
| # In plain English, IDA will look for the PLUGIN_ENTRY function which | |
| # should return a plugin object. This object can contain all the | |
| # functionality itself, or it can have multiple actions. |
peta909
/ Function_Pointers.cpp
Created
February 27, 2019 14:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Function_Pointers.cpp : This file contains the 'main' function. Program execution begins and ends there. | |
| // | |
| #include "pch.h" | |
| #include <iostream> | |
| #include <string> | |
| using namespace std; | |
| int add() |
peta909
/ Class_OOP_Virtual_Functions.cpp
Created
February 27, 2019 07:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "pch.h" | |
| #include <iostream> | |
| #include <string> | |
| using namespace std; | |
| //Parent Class | |
| class Animal | |
| { | |
| public: | |
| string name; |
NewerOlder