This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import binascii | |
| import hashlib | |
| import os | |
| import re | |
| import sys | |
| import traceback | |
| __author__ = "Jeff White [karttoon] @noottrak" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !pe | |
| .exr -1 `last exception | |
| !sos.pe `last clr exception | |
| !dso `dump stack object | |
| .chain | |
| .load sos |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import time | |
| from typing import List | |
| import pefile | |
| from capstone import * | |
| from capstone.x86 import * | |
| import re | |
| import struct | |
| # SAMPLE_PATH = 'bin/enc_string_test.bin32' | |
| SAMPLE_PATH = 'bin/2cd2f077ca597ad0ef234a357ea71558d5e039da9df9958d0b8bd0efa92e74c9.bin32' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I run this on my server called 'empty'. | |
| Assuming you've done a git clone or a git pull of the code... | |
| Switch to the release you want to build: | |
| [dan@empty:~/librenms] $ export RELEASE=1.56 | |
| [dan@empty:~/librenms] $ git checkout master | |
| [dan@empty:~/librenms] $ git pull | |
| [dan@empty:~/librenms] $ git checkout tags/$RELEASE |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| union PE_BASE { | |
| PVOID baseAddress; | |
| IMAGE_DOS_HEADER *mz; | |
| IMAGE_NT_HEADERS *pe; | |
| }; | |
| union PE_BASE64 { | |
| PVOID baseAddress; | |
| IMAGE_DOS_HEADER *mz; | |
| IMAGE_NT_HEADERS64 *pe; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # only used for ports in poudriere.conf:ALLOW_MAKE_JOBS_PACKAGES | |
| # ALLOW_MAKE_JOBS_PACKAGES="pkg llvm* openjdk*" | |
| MAKE_JOBS_NUMBER=4 | |
| DEFAULT_VERSIONS+=ssl=libressl | |
| DEFAULT_VERSIONS+=python=2.7 python2=2.7 python3=3.6 | |
| DEFAULT_VERSIONS+=mysql=10.2m | |
| DEFAULT_VERSIONS+=samba=4.6 |
We can make this file beautiful and searchable if this error is corrected: It looks like row 9 should actually have 4 columns, instead of 2 in line 8.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SHA256,Name,Signer,Description | |
| 04A85E359525D662338CAE86C1E59B1D7AA9BD12B920E8067503723DC1E03162,ADV64DRV.sys,"""FUJITSU LIMITED """, | |
| 05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows | |
| 4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows | |
| 6948480954137987A0BE626C24CF594390960242CD75F094CD6AAA5C2E7A54FA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows | |
| 8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F,Agent64.sys,"""eSupport.com, Inc""",DriverAgent Direct I/O for 64-bit Windows | |
| B1D96233235A62DBB21B8DBE2D1AE333199669F67664B107BFF1AD49B41D9414,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows | |
| 7196187FB1EF8D108B380D37B2AF8EFDEB3CA1F6EEFD37B5DC114C609147216D,ALSysIO64.sys,Artur Liberman,ALSysIO | |
| 7F375639A0DF7FE51E5518CF87C3F513C55BC117DB47D28DA8C615642EB18BFA,ALSys |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import struct | |
| def extract_stage3(stage3_buffer): | |
| # struct stage3_header | |
| # { | |
| # uint32_t magic; | |
| # uint16_t block_count; | |
| # uint16_t header_size; | |
| # uint32_t entry_offset; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import sys | |
| import logging | |
| import pefile | |
| import ucutils | |
| import unicorn | |
| import capstone | |
| import argparse |