Travis Mathison tdmathison
OALabs
/ dll_exports.py
Created
December 1, 2019 05:12
Build dictionary of DLL exports (Windows API Names)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import pefile | |
| import json | |
| INTERESTING_DLLS = [ | |
| 'kernel32.dll', 'comctl32.dll', 'advapi32.dll', 'comdlg32.dll', | |
| 'gdi32.dll', 'msvcrt.dll', 'netapi32.dll', 'ntdll.dll', | |
| 'ntoskrnl.exe', 'oleaut32.dll', 'psapi.dll', 'shell32.dll', | |
| 'shlwapi.dll', 'srsvc.dll', 'urlmon.dll', 'user32.dll', |
OALabs
/ revil_import_builder.py
Created
December 1, 2019 05:11
IDA Python script to decipher and label REvil imports
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| # fn_name = "wsprintfW" | |
| # api_hash = 0x0B6D391AE | |
| export_db = {} | |
| def get_api_hash(fn_name): | |
| result = 0x2b | |
| for c in fn_name: |
