Skip to content

Instantly share code, notes, and snippets.

View peta909's full-sized avatar
🏠
Working from home

Mark Lim peta909

🏠
Working from home
28 followers · 4 following
View GitHub Profile
@peta909
peta909 / main.cpp
Created January 7, 2018 16:27 — forked from hasherezade/main.cpp
FlareOn4 Chall6 - solution using #libpeconv
#include <stdio.h>
#include <windows.h>
#include "peconv.h"
const size_t g_flagLen = 26;
char g_flag[g_flagLen + 1] = { 0 };
int my_index()
{
static int index = 0;
@peta909
peta909 / PythonCheatSheet.py
Created February 1, 2018 01:42
import struct
# Rotate left: 0b1001 --> 0b0011
rol = lambda val, r_bits, max_bits: \
(val << r_bits%max_bits) & (2**max_bits-1) | \
((val & (2**max_bits-1)) >> (max_bits-(r_bits%max_bits)))
# Rotate right: 0b1001 --> 0b1100
ror = lambda val, r_bits, max_bits: \
((val & (2**max_bits-1)) >> r_bits%max_bits) | \
@peta909
peta909 / MakeName_Indirect_FuncCalls.py
Last active May 21, 2018 19:13
IDApython script used to rename addresses with strings of function names
#Author: Mark Lim
#Version: 0.2 (01 May 2018)
#Use while debugging target using IDAPro
#locate list of function pointers
#Make names of function pointers using strings of function names
#FuncName without DLL prefix result in IDA recognizing the API functions and populate the parameter arguments. [Credits to @nullandnull]
ea = SelStart()
end = SelEnd()
@peta909
peta909 / MakeComm_DecodingStrFunc.py
Last active April 29, 2018 17:10
IDApython script to be used during debugging to make comments using results from string decoding functions.
#make comms using result from string decoding functions
#27 Apr 2018
#Mark Lim @peta909
def get_string(addr):
out = ""
while True:
if Byte(addr) != 0:
out += chr(Byte(addr))
else:
@peta909
peta909 / peta909_IDA_color.clr
Created December 31, 2018 17:49
[DISASM]
000000 //
aaaaaa //Default color
f3c5ff //Regular comment
7e6082 //Repeatable comment
666666 //Automatic comment
ffffff //Instruction
b9ebeb //Dummy Data Name
b9ebeb //Regular Data Name
bbecff //Demangled Name
@peta909
peta909 / SimpleCreateProcess.cpp
Last active January 18, 2019 01:06
Simple CreateProcessW()
#include <stdio.h> //c header for things like Printf
#include <Windows.h> //Added in order to use windows apis; could also be added to pch.h
int main()
{
wchar_t cmd[] = L"notepad.exe";//unicode string as parameters for strings are unicode for CreateProcessW
STARTUPINFO si = { sizeof(si) };
//memset(&si, 0, sizeof(si));//These 2 lines are the same as the init done via C style shortcut in the line above
//si.cb = sizeof(ci)
PROCESS_INFORMATION pi;
@peta909
peta909 / closehandles.cpp
Created January 18, 2019 01:25
Close Handles
CloseHandle(pi.hProcess);//Handles must be explicitly closed if not parent process will hold on to it even if child process is terminated.
CloseHandle(pi.hThread);
@peta909
peta909 / LocateProcess.cpp
Created January 22, 2019 07:17
Function to locate PID based on given process name in string
int LocateProcess(wchar_t* proc)
{
// Need to add #include <tlhelp32.h> for PROCESS* definitions
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass;
int FoundPID;
// Take a snapshot of all processes in the system.
@peta909
peta909 / LocateProcess.cpp
Created January 22, 2019 07:17
Function to locate PID based on given process name in string
int LocateProcess(wchar_t* proc)
{
// Need to add #include <tlhelp32.h> for PROCESS* definitions
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass;
int FoundPID;
// Take a snapshot of all processes in the system.
@peta909
peta909 / SimpleHexDump.py
Created February 15, 2019 08:36
Simple hex dump using python. using binascii and struct modules
#try to write a simple hex dump
import binascii,struct
fd = open("abcd.exe", "r")
fd_contents_str = fd.read()
fd_contents_hex = (binascii.b2a_hex(fd_contents_str)).upper()
Hex_dump = []
Byte_str = ""
for i, Half_byte in enumerate(fd_contents_hex):