This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct PEB_UNIVERSAL | |
| { | |
| BOOLEAN InheritedAddressSpace; //0x0000 | |
| BOOLEAN ReadImageFileExecOptions; //0x0001 | |
| BOOLEAN BeingDebugged; //0x0002 | |
| BYTE byte3; | |
| HANDLE Mutant; //0x0004 | |
| void* ImageBaseAddress; //0x0008 | |
| PEB_LDR_DATA* Ldr; //0x000C | |
| RTL_USER_PROCESS_PARAMETERS* ProcessParameters; //0x0010 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| enum langid_country | |
| { | |
| Afrikaans = 0x36, | |
| Afrikaans_South_Africa = 0x436, | |
| Albanian = 0x1c, | |
| Albanian_Albania = 0x41c, | |
| Alsatian = 0x84, | |
| Alsatian_France = 0x484, | |
| Amharic = 0x5e, | |
| Amharic_Ethiopia = 0x45e, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # In order for gpg to find gpg-agent, gpg-agent must be running, and there must be an env | |
| # variable pointing GPG to the gpg-agent socket. This little script, which must be sourced | |
| # in your shell's init script (ie, .bash_profile, .zshrc, whatever), will either start | |
| # gpg-agent or set up the GPG_AGENT_INFO variable if it's already running. | |
| # Add the following to your shell init to set up gpg-agent automatically for every shell | |
| if [ -f ~/.gnupg/.gpg-agent-info ] && [ -n "$(pgrep gpg-agent)" ]; then | |
| source ~/.gnupg/.gpg-agent-info | |
| export GPG_AGENT_INFO | |
| else |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <idc.idc> | |
| static lmd5(fmd5) | |
| { | |
| auto result,size, nb, x; | |
| size=strlen(fmd5); | |
| result=""; | |
| for (x = 0; x < size; x++) | |
| { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import dnslib | |
| import fcntl | |
| import os | |
| import sys | |
| from bcc import BPF | |
| BPF_APP = r''' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from struct import unpack | |
| from bcc import BPF | |
| from socket import if_indextoname | |
| C_BPF_KPROBE = """ | |
| #include <net/sock.h> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from ctypes import (windll, wintypes, c_uint64, cast, POINTER, Union, c_ubyte, | |
| LittleEndianStructure, byref, c_size_t) | |
| import zlib | |
| # types and flags | |
| DELTA_FLAG_TYPE = c_uint64 | |
| DELTA_FLAG_NONE = 0x00000000 | |
| DELTA_APPLY_FLAG_ALLOW_PA19 = 0x00000001 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| ____ ______ ______ ____ __ __ | |
| /\ _`\ /\ _ \ /\__ _\/\ _`\ /\ \/\ \ | |
| \ \ \L\ \\ \ \L\ \\/_/\ \/\ \ \/\_\\ \ \_\ \ | |
| \ \ ,__/ \ \ __ \ \ \ \ \ \ \/_/_\ \ _ \ | |
| \ \ \/ \ \ \/\ \ \ \ \ \ \ \L\ \\ \ \ \ \ | |
| \ \_\ \ \_\ \_\ \ \_\ \ \____/ \ \_\ \_\ | |
| \/_/ \/_/\/_/ \/_/ \/___/ \/_/\/_/ | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BITS 64 | |
| ; syscall: | |
| ; | |
| ; ptr = mmap(NULL, size, PROT_EXEC | PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, -1, 0) | |
| ; | |
| ; | |
| ; arguments: | |
| ; |