Tuesday, December 29, 2015

windbg - Dumping a dll from a debugged process to disk

http://stackoverflow.com/a/1644723
http://blogs.msdn.com/b/debuggingtoolbox/archive/2009/09/23/special-command-saving-modules-using-writemem.aspx

I found this useful when looking at a application that didn't have the dll on the file system for some reason.  This was for the newest build of an application I was taking apart and I found it weird so I had to resort to the debugger.

Worst case, if you wanna just IDA, just do a memory snapshot with IDA when attached to the app you're working with.

Hope this helps someone.

Friday, December 25, 2015

commands for clones and snapshots with free esxi

http://blog-lrivallain.rhcloud.com/2015/02/26/play-vm-snapshots-esxi-command-line-tools/

It's been a while.  But I now have 2 esxi boxes at the house.  This is useful for those folks that want to clone and linked clone on the free.

Wednesday, July 15, 2015

Gnome2 fo lyfe

https://ubuntu-mate.org/

Basically here's the Ubuntu you were using before Unity.  Glad this is around.  Hope y'all enjoy.

Tuesday, July 7, 2015

Monday, July 6, 2015

Graphs all day

http://www.python-course.eu/graphs_python.php

graphs and python and ida go hand in hand.
Easy code to follow and walk through and very useful for nodes.
Try making stuff with this.


Sunday, July 5, 2015

solver/emulation stuff

http://doar-e.github.io/blog/2013/09/16/breaking-kryptonites-obfuscation-with-symbolic-execution/
http://research.microsoft.com/en-us/projects/boogie/
https://github.com/Z3Prover/z3

This is cool because python should be able to hit up all of this.  Especially that first link.
I expect this should be nice to have with IDA and your python IDE to go exploring with.

Setting up a git server on Windows real easy like

http://gitstack.com/

Yeah it's pretty easy to just go through this and setup a user and a repo to store code at.

Enjoy.

Friday, July 3, 2015

.cmd Script to let people know you're haxoring

@echo off
color 0A
title 1337 black and green hacker terminal
mode 1000
:matrix
echo %random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%
goto matrix

Python Ascii tree - for all those times you need to go low-tech and draw an ASCII tree

https://pypi.python.org/pypi/asciitree/0.2

This is real cool because it writes stuff like this:
root
  +--sub1
  +--sub2
  |  +--sub2sub1
  +--sub3
     +--sub3sub1
     |  +--sub3sub1sub1
     +--sub3sub2

Windows symbols for the _NT_SYMBOL_PATH script

setx -m _NT_SYMBOL_PATH SRV*c:\symbols\*http://msdl.microsoft.com/download/symbols;SRV*c:\symbols\*http://symbols.mozilla.org/firefox


Throw this into a .cmd file and run it as admin.  Edit this accordingly for chrome or whatevs.

Auto open dlls and exe in current directory for IDA

---------------------begin .cmd file--------------------
pushd .
cd "C:\Program Files"
FOR /F "delims=" %%F IN ('dir /S /b idaq.exe') DO SET IDAEXE="%%F"
popd
echo "%IDAEXE%"
set IDBDIR=.

for /R %%v in (*.dll) do start /wait "" %IDAEXE% -B -A -c -P -o%IDBDIR%\%%~nv.idb "%%v"
for /R %%v in (*.exe) do start /wait "" %IDAEXE% -B -A -c -P -o%IDBDIR%\%%~nv.idb "%%v"

---------------------.cmd file--------------------

Edit this for x64 with cd "C:\Program Files (x86)"

Edit this for whatever you're working on.

Forgetting Windbg commands? Too lazy to type? Use .cmdtree in windbg!

Refer to this:
http://blogs.msdn.com/b/debuggingtoolbox/archive/2008/09/17/special-command-execute-commands-from-a-customized-user-interface-with-cmdtree.aspx

Look at other people's cmdtree's: https://github.com/goldshtn/windbg-extensions/blob/master/cmdtree.txt

Make your own.

I'm pretty sure you don't want to type this a lot if you're looking at Internet Explorer:
ed MSHTML!MemoryProtection::CMemoryProtector::tlsSlotForInstance 0xffffffff

The cmdtree file is space delimited.  So maintain the proper structure and you'll be ok.


Xenserver - I need to set this up for home VM farm.

http://hak5.org/episodes/hak5-1819
I'm sold now.
http://xenserver.org/open-source-virtualization-download.html


Setting up a git server for people that are lazy like me

Follow this:
https://help.ubuntu.com/lts/serverguide/git.html

Pycharm for your IDA development

Download it here https://www.jetbrains.com/pycharm/download/

Here's some ghetto autocomplete:
Create a new project and throw the following python files from your IDADir/python into it
idaapi.py
idautils.py
idc.py

Create your new script and type in any of these:
idaapi.
press ctrl-spacebar

idautils.
press ctrl-spacebar

idc.
press ctrl-spacebar

And there you go.  Let the IDE work for you.

Also, if you want to get code flow, you can hold down ctrl and left click into methods.

There's also Version control.  So setup your git and version your code.
This makes development super easy.

-----------------
Another nice thing is the alt-enter hotkey.  If you're missing imports for a particular class, it will help auto import things for you.

I spent many years coding in eclipse because I was a Java Software Engineer.  Transitioning to this was easy because they maintained all the key schemes for these types of developers like me.  Being able to quickly get all references with ctrl-G and looking up methods and objects within a file with ctrl-O is very handy and will help you push out code faster.

Refactoring is painless with alt-shift-R and walking through the menus.

-----------------
Refer to http://djmanilaice.blogspot.com/2015/07/learning-pyside-with-qt-designer-on.html to setup auto complete for pyside.


Learning Pyside with qt designer on ubuntu

Follow this:
http://pyside.readthedocs.org/en/latest/building/linux.html

Watch this: https://www.youtube.com/watch?v=Dmo8eZG5I2w

Save out the qt designer file.  eg. myfile.ui

sudo apt-get install pyqt4-dev-tools

pyuic4 myfile.ui -o myfile.py

After that start code ripping.

Why do this?  Well it's nice to auto complete code in your ide when coding up idapython with pyside work.

Converting exported VMWare ovf and Importing them into VirtualBox

Do this: https://www.polibyte.com/blog/massaging_ovf_for_virtualbox
And then get rid of the .mf file.