sl4v sl4v
sl4v
/ heap-demo.c
Created
June 22, 2022 18:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| int main() | |
| { | |
| puts("Basic allocation example.\n"); | |
| char* a = malloc(0x10); | |
| strcpy(a, "AAAAAAAAAAAAAAA"); // A * 15 | |
| char* b = malloc(0x12); | |
| memcpy(b, "BBBBBBBBBBBBBBBBBBBBBBBB", 24); // B * 23 |
sl4v
/ slicer_bw.py
Created
May 19, 2018 15:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from binaryninja import * | |
| class Slicer(): | |
| def __init__(self, instruction): | |
| self.visited = set() | |
| self.instruction = instruction | |
| self.function = instruction.function | |
| def visit_backward(self, instruction): | |
| for var in instruction.vars_read: |
sl4v
/ slicer_init.py
Created
May 19, 2018 15:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Slicer(): | |
| def __init__(self, instruction): | |
| self.visited = set() | |
| self.instruction = instruction | |
| self.function = instruction.function |
sl4v
/ hook_payload_test.c
Last active
December 14, 2017 20:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uint8_t payload[] = { | |
| 0x48, 0xb8, 0x48, 0x47, 0x46, 0x45, 0x44, 0x43, 0x42, 0x41, // movabs rax, 0x4142434445464748 | |
| 0x48, 0x89, 0x02 // mov qword ptr [rdx], rax | |
| }; | |
| LPVOID pHookBody = myVirtualAlloc(0x1000, PAGE_EXECUTE_READWRITE); | |
| hook_body_offset = pHookBody; | |
| // copy payload | |
| myVirtualProtect((LPVOID)sectionInfo.SectionAddress, sectionInfo.SectionSize, PAGE_EXECUTE_READWRITE, &dwOldProtect); |
sl4v
/ LoadLibrary.c
Last active
December 14, 2017 21:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HMODULE user32 = LoadLibrary("user32.dll"); | |
| MsgBox = GetProcAddress(user32, "MessageBoxA"); | |
| MsgBox(NULL, "Text", "Caption", 0, 0); |
sl4v
/ calc_damaged_instructions.c
Created
December 14, 2017 00:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int calc_damaged_instructions(uint8_t *data, size_t len_erased) { | |
| size_t max_len = 50; | |
| size_t decoded_len = 0; | |
| // Initialize decoder context. | |
| ZydisDecoder decoder; | |
| ZydisDecoderInit( | |
| &decoder, | |
| ZYDIS_MACHINE_MODE_LONG_64, | |
| ZYDIS_ADDRESS_WIDTH_64); |
sl4v
/ get_bait_code.c
Created
December 13, 2017 23:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int get_bait_code(uint8_t * trampoline_code_out, uint64_t addr) { | |
| uint8_t trampoline_code[] = | |
| { | |
| 0x68, 0x44, 0x33, 0x22, 0x11, // push 0x11223344 | |
| 0xc7, 0x44, 0x24, 0x04, 0x88, 0x77, 0x66, 0x55, //mov dword ptr [rsp+4], 0x55667788 | |
| 0xc3 //ret | |
| }; | |
| uint32_t addr_right = (uint32_t)(addr & 0xffffffff); | |
| uint32_t addr_left = (uint32_t)((addr & 0xffffffff00000000) >> 32); |
sl4v
/ get-gacha.js
Created
June 25, 2017 10:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| onEnter: function (log, args, state) { | |
| log("get_gacha(" + args[0].toInt32() + "," + args[1].toInt32() + "," + args[2].toInt32() + "," + ")"); | |
| this.args1 = args[1]; | |
| this.args2 = args[2]; | |
| var myfunc = new NativeFunction(Module.findExportByName('libnative-lib.so', 'get_gacha'), 'uint32', ['uint32', 'pointer', 'pointer']); | |
| log('-----'); | |
| a1 = Memory.alloc(4); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| onEnter: function (log, args, state) { | |
| log("get_gacha(" + args[0].toInt32() + "," + args[1].toInt32() + "," + args[2].toInt32() + "," + ")"); | |
| log(hexdump(args[1], { length: 4 })); | |
| log(hexdump(args[2], { length: 4 })); | |
| this.args1 = args[1]; | |
| this.args2 = args[2]; | |
| } | |
| onLeave: function (log, retval, state) { | |
| log(hexdump(this.args1, { length: 1 })); |
sl4v
/ GachaAPI.java
Created
June 25, 2017 09:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class GachaAPI | |
| { | |
| static | |
| { | |
| System.loadLibrary("native-lib"); | |
| } | |
| public static native int[] getGacha(int paramInt); | |
| } |
NewerOlder