Skip to content

Instantly share code, notes, and snippets.

View tmr232's full-sized avatar

Tamir Bahar tmr232

202 followers · 8 following
View GitHub Profile
@tmr232
tmr232 / XrefViewer.ipynb
Created May 10, 2015 13:15
View screenshots of xrefs inside the IPython shell
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@tmr232
tmr232 / color_block.py
Created October 21, 2015 08:17 — forked from ret5et/color_block.py
def get_bb_id(graph, ea):
for block in graph:
if block.startEA <= ea and block.endEA > ea:
return block.id
start_ea = 0x15f9ad6
base_block_ea = 0x15f9a60
f = get_func(start_ea)
g = FlowChart(f, flags=FC_PREDS) #???
@tmr232
tmr232 / builiding-lldb-on-mac-with-jit-support-simple-steps.md
Created November 9, 2015 14:59 — forked from thlorenz/builiding-lldb-on-mac-with-jit-support-simple-steps.md
Building lldb with GDB JIT support on Mac OSX.

Building lldb on Mac

Create Codesign Certificate

First we need to create a certificate. The llvm provided a way to do that, but I found this way to work slightly better for me. Just substitute lldb_codesign for the certificate name, instead of gdb-cert.

Install swig dependency

@tmr232
tmr232 / setdebugger.ps1
Created January 18, 2016 09:46
Enable or disable debugger-on-launch for Windows executables
Param(
[Parameter(Mandatory=$true)]
[string]$ExeName,
[switch]
$Disable
)
{
New-Item -Path "HKLM:\Software\Microsoft\Windows NT\currentversion\image file execution options" -Name $ExeName -Force
@tmr232
tmr232 / findguid.ps1
Last active February 9, 2016 13:14
Easily find GUIDs in the classes list in the registry
<#
Easily find GUIDs in the classes root
#>
Param(
[Parameter(Mandatory=$true)]
[string]$GUID,
[switch]
$all
@tmr232
tmr232 / Plugin-Configuration-Standards.md
Last active February 8, 2016 16:23
Proposed conventions for IDA configurations

The Problem

When writing and using IDA plugins, configurations tend to be quite a mess. With each plugin having it's own:

  1. Color scheme
  2. Hotkeys
  3. Configuration file format
  4. Configuration location

(And that's when you have a seprtate configuration, and not some variables in the plugin itself).

@tmr232
tmr232 / sudo.ps1
Created January 25, 2016 17:48
Sudo for Windows - Run Elevated applications
if (!$args)
{
Write-Host "Usage: sudo <executable> [<arguments...>]"
return
}
$arguments = $args[1..$args.Length]
if ($arguments)
{
@tmr232
tmr232 / get-location.cs
Created January 31, 2016 11:57
Debug prints in C#
// `using` directives
using System.Runtime.CompilerServices;
// Actual code
public static string GetLocation(
[CallerFilePath] string filePath = null,
[CallerLineNumber] int lineNumber = 0,
@tmr232
tmr232 / read-guid.py
Last active March 28, 2016 16:22
Read a GUID from IDB
import idaapi
import uuid
def read_guid(ea=None):
if ea is None:
ea = idaapi.get_screen_ea()
# Pay attention to the endian!
return '{{{}}}'.format(uuid.UUID(bytes_le=idaapi.get_many_bytes(ea, 16)))
Octotree is enabled on this page. Click this button or press cmd shift s (or ctrl shift s) to show it.
@tmr232
tmr232 / simple_names.py
Created February 7, 2016 11:58
Simplify names in IDA for long template-infested C++ symbols
import re
import idaapi
import sark
import abc
class IDATracker(idaapi.UI_Hooks):
__metaclass__ = abc.ABCMeta
def __init__(self):