yeggor
yeggor
/ efi-enums.py
Last active
November 23, 2024 05:00
IDAPython script to apply enum values from MACRO_EFI to analysed EFI modules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IDAPython script to apply enum values from MACRO_EFI to analysed EFI modules | |
| from typing import Optional, List | |
| import ida_allins | |
| import ida_bytes | |
| import ida_ida | |
| import ida_typeinf | |
| import ida_ua | |
| import idaapi |
yeggor
/ update_guids_lvfs.py
Created
July 19, 2023 00:38
Populating the guids.json with GUIDs from the LVFS public database
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Populating the guids.json with GUIDs from the LVFS public database | |
| # https://github.com/fwupd/fwupd/issues/5869 | |
| import json | |
| import re | |
| import struct | |
| import uuid | |
| import requests |
yeggor
/ efixloader_define_funcs.py
Last active
December 9, 2021 12:38
IDAPython script to resolve functions in UEFI firmware loaded with efiXloader
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IDAPython script to resolve functions in UEFI firmware | |
| # loaded with efiXloader | |
| import ida_bytes | |
| import ida_funcs | |
| import ida_idaapi | |
| import idautils | |
| import idc | |
yeggor
/ stack_xrefs.py
Last active
November 1, 2021 14:27
Get xrefs to a stack variable (https://reverseengineering.stackexchange.com/questions/16055/idapython-get-xrefs-to-a-stack-variable)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ida_frame | |
| import ida_funcs | |
| import idc | |
| FUNC_ADDRESS = 0x0000000080002BC0 | |
| VAR_NAME = "EfiSmmBase2Protocol" | |
| def get_member_by_name(pframe, var_name): | |
| for mid in range(pframe.memqty): |
yeggor
/ get_sig.py
Created
March 20, 2021 02:32
Fixed ida2pat.py script provided by fireeye (https://github.com/fireeye/flare-ida/blob/master/python/flare/idb2pat.py) + get_sig.py script to generate FLIRT SIG file from many source binary files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import os | |
| import platform | |
| import subprocess | |
| import time | |
| from concurrent.futures import ProcessPoolExecutor, as_completed | |
| import click | |
| from elftools.elf.elffile import ELFFile |
yeggor
/ tictactoe.c
Last active
March 20, 2021 01:13
This file was created with the Hex-Rays decompiler
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* This file was generated by the Hex-Rays decompiler. | |
| Copyright (c) 2007-2020 Hex-Rays <[email protected]> | |
| Detected compiler: GNU C++ | |
| Changed: manual error resolve + clang formatting | |
| */ | |
| #include "defs.h" |