Skip to content

Instantly share code, notes, and snippets.

View tmr232's full-sized avatar

Tamir Bahar tmr232

202 followers · 8 following
View GitHub Profile
@tmr232
tmr232 / sudo.ps1
Created January 25, 2016 17:48
Sudo for Windows - Run Elevated applications
if (!$args)
{
Write-Host "Usage: sudo <executable> [<arguments...>]"
return
}
$arguments = $args[1..$args.Length]
if ($arguments)
{
@tmr232
tmr232 / Plugin-Configuration-Standards.md
Last active February 8, 2016 16:23
Proposed conventions for IDA configurations

The Problem

When writing and using IDA plugins, configurations tend to be quite a mess. With each plugin having it's own:

  1. Color scheme
  2. Hotkeys
  3. Configuration file format
  4. Configuration location

(And that's when you have a seprtate configuration, and not some variables in the plugin itself).

@tmr232
tmr232 / findguid.ps1
Last active February 9, 2016 13:14
Easily find GUIDs in the classes list in the registry
<#
Easily find GUIDs in the classes root
#>
Param(
[Parameter(Mandatory=$true)]
[string]$GUID,
[switch]
$all
@tmr232
tmr232 / setdebugger.ps1
Created January 18, 2016 09:46
Enable or disable debugger-on-launch for Windows executables
Param(
[Parameter(Mandatory=$true)]
[string]$ExeName,
[switch]
$Disable
)
{
New-Item -Path "HKLM:\Software\Microsoft\Windows NT\currentversion\image file execution options" -Name $ExeName -Force
@tmr232
tmr232 / builiding-lldb-on-mac-with-jit-support-simple-steps.md
Created November 9, 2015 14:59 — forked from thlorenz/builiding-lldb-on-mac-with-jit-support-simple-steps.md
Building lldb with GDB JIT support on Mac OSX.

Building lldb on Mac

Create Codesign Certificate

First we need to create a certificate. The llvm provided a way to do that, but I found this way to work slightly better for me. Just substitute lldb_codesign for the certificate name, instead of gdb-cert.

Install swig dependency

@tmr232
tmr232 / color_block.py
Created October 21, 2015 08:17 — forked from ret5et/color_block.py
def get_bb_id(graph, ea):
for block in graph:
if block.startEA <= ea and block.endEA > ea:
return block.id
start_ea = 0x15f9ad6
base_block_ea = 0x15f9a60
f = get_func(start_ea)
g = FlowChart(f, flags=FC_PREDS) #???
@tmr232
tmr232 / XrefViewer.ipynb
Created May 10, 2015 13:15
View screenshots of xrefs inside the IPython shell
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@tmr232
tmr232 / bitmapper.py
Last active July 26, 2025 17:53
Bitmapper - Visual Reverse Engineering
"""Bitmapper
Usage:
bitmapper.py <input> <output> [<width>]
Options:
-h --help Show this screen.
<input> The input binary file.
<output> The output bitmap.
<width> The width of the bitmap in pixels. Optional.
@tmr232
tmr232 / demo.py
Created April 2, 2015 11:30
Construct Suggestion - Ordered Keyword Arguments
from easy_construct import cs, struct, Container
MyStruct = struct("MyStruct",
_0=cs.Magic("EZConstruct"),
variable=cs.UBInt32,
another_var=cs.UBInt16,
_1=cs.Padding(0x4),
array=cs.Bytes(13),
_2=cs.Magic("MagicEndsHere"),
)
@tmr232
tmr232 / abbreviate.py
Created March 23, 2015 09:16
Python WTF - Attribute Abbreviation
"""Attribute Abbreviation.
This file contains a metaclass that can be used to abbreviate attribute names for a class.
This is a POC made for fun.
Do yourself a favor and NEVER do this in actual code.
You've been warned.
"""
class AbbreviationError(Exception):