Skip to content

Instantly share code, notes, and snippets.

View xinali's full-sized avatar
🎯
Focusing

xina1i xinali

🎯
Focusing
242 followers · 97 following
View GitHub Profile
@xinali
xinali / windbg_debug_malware.txt
Created December 12, 2018 09:22
windbg动态调试恶意软件脚本
$$ windbg脚本处理恶意软件
$$ 开启日志
.logopen windbg_execute.log
$$ 清除所有断点
bc *
$$ 网络操作
bu ws2_32!connect ".printf \"ip: %x\", poi(poi(esp+0x8)+0x4); .echo; g"
@xinali
xinali / apimon.wds
Last active December 29, 2018 01:30
windbg 监控api
$$ ApiMon - A simple API Monitor for Windbg
$$ Author : Osanda Malith Jayathissa (@OsandaMalith)
$$ E-Mail: osanda[cat]unseen.is
$$ Website: https://osandamalith.com
aS LogPath @"C:\temp\Output.txt";
.catch {
.if ${/d:$arg1} == 0 {
@xinali
xinali / vimrc
Created May 6, 2019 09:05
set nocompatible
set encoding=utf-8
"set lines=40 columns=100
" set font in linux set guifont=Monospace\ 14
" set font in windows
" set guifont=Consolas:h14
" for gvim
" set guioptions-=T set guioptions-=m
" colorscheme murphy
@xinali
xinali / malware.yar
Created June 6, 2019 03:02
恶意代码的yara规则
rule win_gaudox_auto {
meta:
author = "Felix Bilstein - yara-signator at cocacoding dot com"
date = "2018-11-23"
version = "1"
description = "autogenerated rule brought to you by yara-signator"
tool = "yara-signator 0.1a"
malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.gaudox"
malpedia_version = "20180607"
@xinali
xinali / exp.py
Created June 28, 2019 03:31
from pwn import *
def modify(address, modifiedAddress):
print("modified address is %x" % modifiedAddress)
#puts_got_run = puts_got + binary_base
modifiedAddress_high = (modifiedAddress & 0xffff0000) >> 16
#log.info("strcmp got run high %x " % strncmp_got_run_high)
modifiedAddress_low = modifiedAddress & 0xffff
temp_low = (address + 0x2) & 0xffff
@xinali
xinali / pdb_downloader.py
Created December 30, 2019 08:44 — forked from steeve85/pdb_downloader.py
Python PDB downloader. kind of alternative to Microsoft's symchk.exe
#!/usr/bin/env python
import httplib, os.path, argparse, pefile, struct
"""
pdb_downloader.py
v0.1
Steeve Barbeau
@steevebarbeau
steeve-barbeau.blogspot.com
@xinali
xinali / windbgx_cmdline.txt
Created May 20, 2020 12:31 — forked from hugsy/windbgx_cmdline.txt
/loadSession - Load a saved session configuration file.
/setupFirewallRules - Configures the required firewall rules on the local system to allow kernel debugging.
/c - Executes a command line after the debugger is attached.
/logo - Begins logging information to a log file. If the file exists, it will be overwritten.
/loga - Begins logging information to a log file. If the file exists, it will be appended to.
/e - Signals the event with the given handle after the next exception in a target.
/v - Enables verbose output in the debugger.
/Q - Deprecated command-line option.
/QY - Deprecated command-line option.
/QS - Deprecated command-line option.
@xinali
xinali / codesign_gdb.md
Created August 2, 2022 08:23 — forked from gravitylow/codesign_gdb.md
Codesign gdb on macOS

If you are getting this in gdb on macOS while trying to run a program:

Unable to find Mach task port for process-id 57573: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))
  1. Open Keychain Access
  2. In menu, open Keychain Access > Certificate Assistant > Create a certificate
  3. Give it a name (e.g. gdbc)