peta909
/ PE PACKER
Created
October 19, 2023 12:22
— forked from securitygab/PE PACKER
A simple x86 packer that uses APLib,
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ######################################### | |
| # Created by @kuroi_dotsh - KuroiSH # | |
| # Website: https://dengisan.nl/ # | |
| # E-mail: [email protected] # | |
| ######################################### | |
| ; | |
| ; The executable is stored in the final section, so that it does not need | |
| ; relocations (as we can simply load it over our own headers and pad with | |
| ; virtualsize to keep our module running). |
| IDA Plugins | Preferred | Neutral | Unreviewed |
|---|
williballenthin
/ peb_parsing.md
Last active
April 18, 2024 03:55
_0:00F20012 33 D2 xor edx, edx
_0:00F20014 64 8B 52 30 mov edx, fs:[edx+30h] // TEB->PEB
_0:00F20018 8B 52 0C mov edx, [edx+0Ch] // PEB->LDR_DATA
_0:00F2001B 8B 52 14 mov edx, [edx+14h] // LDR_DATA->InMemoryOrderLinks (_LDR_DATA_TABLE_ENTRY)
// alt: 0xC: InLoadOrderLinks
// alt: 0x1C: InInitializationOrderLinks
references:
- https://reverseengineering.stackexchange.com/questions/1597/reverse-engineering-a-visual-basic-p-code-binary
- http://web.archive.org/web/20071020232030/http://www.alex-ionescu.com/vb.pdf (ref: Alex Ionescu)
- http://web.archive.org/web/20101127044116/http://vb-decompiler.com/pcode/opcodes.php?t=1
- https://github.com/bontchev/pcodedmp
- http://www.openrce.org/blog/view/1719/Visual_Basic_6_IDC_updated
- https://pediy.com/thread-12832.htm
- https://github.com/vic4key/VB-Exe-Parser/blob/master/VB-Parser.py
- http://www.openrce.org/repositories/users/Paolo/vbpython.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iostream> | |
| #include "ntdll_undoc.h" | |
| PPEB get_default_peb() | |
| { | |
| #if defined(_WIN64) | |
| return (PPEB)__readgsqword(0x60); | |
| #else |
JamesPHoughton
/ gist:0f4f269e93a2b85958d8
Created
September 15, 2014 14:23
Recursively unpack zip files in python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from zipfile import ZipFile | |
| def unpack_zip(zipfile='', path_from_local=''): | |
| filepath = path_from_local+zipfile | |
| extract_path = filepath.strip('.zip')+'/' | |
| parent_archive = ZipFile(filepath) | |
| parent_archive.extractall(extract_path) | |
| namelist = parent_archive.namelist() | |
| parent_archive.close() | |
| for name in namelist: |