If you are getting this in gdb on macOS while trying to run a program:
Unable to find Mach task port for process-id 57573: (os/kern) failure (0x5).
(please check gdb is codesigned - see taskgated(8))gdbc)
| /loadSession - Load a saved session configuration file. | |
| /setupFirewallRules - Configures the required firewall rules on the local system to allow kernel debugging. | |
| /c - Executes a command line after the debugger is attached. | |
| /logo - Begins logging information to a log file. If the file exists, it will be overwritten. | |
| /loga - Begins logging information to a log file. If the file exists, it will be appended to. | |
| /e - Signals the event with the given handle after the next exception in a target. | |
| /v - Enables verbose output in the debugger. | |
| /Q - Deprecated command-line option. | |
| /QY - Deprecated command-line option. | |
| /QS - Deprecated command-line option. |
| #!/usr/bin/env python | |
| import httplib, os.path, argparse, pefile, struct | |
| """ | |
| pdb_downloader.py | |
| v0.1 | |
| Steeve Barbeau | |
| @steevebarbeau | |
| steeve-barbeau.blogspot.com |
| from pwn import * | |
| def modify(address, modifiedAddress): | |
| print("modified address is %x" % modifiedAddress) | |
| #puts_got_run = puts_got + binary_base | |
| modifiedAddress_high = (modifiedAddress & 0xffff0000) >> 16 | |
| #log.info("strcmp got run high %x " % strncmp_got_run_high) | |
| modifiedAddress_low = modifiedAddress & 0xffff | |
| temp_low = (address + 0x2) & 0xffff |
| rule win_gaudox_auto { | |
| meta: | |
| author = "Felix Bilstein - yara-signator at cocacoding dot com" | |
| date = "2018-11-23" | |
| version = "1" | |
| description = "autogenerated rule brought to you by yara-signator" | |
| tool = "yara-signator 0.1a" | |
| malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.gaudox" | |
| malpedia_version = "20180607" |
| set nocompatible | |
| set encoding=utf-8 | |
| "set lines=40 columns=100 | |
| " set font in linux set guifont=Monospace\ 14 | |
| " set font in windows | |
| " set guifont=Consolas:h14 | |
| " for gvim | |
| " set guioptions-=T set guioptions-=m | |
| " colorscheme murphy |
| $$ ApiMon - A simple API Monitor for Windbg | |
| $$ Author : Osanda Malith Jayathissa (@OsandaMalith) | |
| $$ E-Mail: osanda[cat]unseen.is | |
| $$ Website: https://osandamalith.com | |
| aS LogPath @"C:\temp\Output.txt"; | |
| .catch { | |
| .if ${/d:$arg1} == 0 { |
| $$ windbg脚本处理恶意软件 | |
| $$ 开启日志 | |
| .logopen windbg_execute.log | |
| $$ 清除所有断点 | |
| bc * | |
| $$ 网络操作 | |
| bu ws2_32!connect ".printf \"ip: %x\", poi(poi(esp+0x8)+0x4); .echo; g" |
| ================================================================================ | |
| Output generated by mona.py v2.0, rev 576 - Immunity Debugger | |
| Corelan Team - https://www.corelan.be | |
| ================================================================================ | |
| OS : post2008server, release 6.2.9200 | |
| Process being debugged : dep_close (pid 3416) | |
| Current mona arguments: rop -m kernel32.dll,ntdll.dll | |
| ================================================================================ | |
| 2017-11-06 15:40:06 | |
| ================================================================================ |
| This can be used in Mac by using following trick: | |
| Open trial.key at path: /Applications/Beyond\ Compare.app/Contents/Resources/trial.key | |
| Replace content of trial.key with: | |
| --- BEGIN LICENSE KEY --- | |
| H1bJTd2SauPv5Garuaq0Ig43uqq5NJOEw94wxdZTpU-pFB9GmyPk677gJ | |
| vC1Ro6sbAvKR4pVwtxdCfuoZDb6hJ5bVQKqlfihJfSYZt-xVrVU27+0Ja | |
| hFbqTmYskatMTgPyjvv99CF2Te8ec+Ys2SPxyZAF0YwOCNOWmsyqN5y9t | |
| q2Kw2pjoiDs5gIH-uw5U49JzOB6otS7kThBJE-H9A76u4uUvR8DKb+VcB | |
| rWu5qSJGEnbsXNfJdq5L2D8QgRdV-sXHp2A-7j1X2n4WIISvU1V9koIyS |