https://github.com/iovisor/ply
You can do kernel tracing and stuff.
specify a kprobe by symbol or by address and you can also get register and stack information.
Reverse Engineering and things I don't want to forget
Thursday, June 6, 2019
Monday, October 29, 2018
Solving a more than a decade's old internet problem
I saw the website was down and thought it was wrong that you couldn't arrange icons in that configuration.
There's a lot wrong in the world today, but we can make things right for at least someone.
There's a lot wrong in the world today, but we can make things right for at least someone.
// how to add to desktop right click menu - https://www.howtogeek.com/howto/windows-vista/add-any-application-to-the-desktop-right-click-menu-in-vista/ // add key to HKEY_CLASSES_ROOT/Directory\Background\shell\<your menu name>\command // value is the program that you want to run #include "stdafx.h" #define UNICODE #define _UNICODE #include <windows.h> #include <shlobj.h> #include <exdisp.h> #include <shlwapi.h> #include <atlbase.h> #include <atlstr.h> #include <atlalloc.h> #include <stdio.h> #include <Lmcons.h> #include <string> #include <iostream> #include <fstream> using namespace std; void FindDesktopFolderView(REFIID riid, void **ppv) { CComPtr<IShellWindows> spShellWindows; spShellWindows.CoCreateInstance(CLSID_ShellWindows); CComVariant vtLoc(CSIDL_DESKTOP); CComVariant vtEmpty; long lhwnd; CComPtr<IDispatch> spdisp; spShellWindows->FindWindowSW( &vtLoc, &vtEmpty, SWC_DESKTOP, &lhwnd, SWFO_NEEDDISPATCH, &spdisp); CComPtr<IShellBrowser> spBrowser; CComQIPtr<IServiceProvider>(spdisp)-> QueryService(SID_STopLevelBrowser, IID_PPV_ARGS(&spBrowser)); CComPtr<IShellView> spView; spBrowser->QueryActiveShellView(&spView); spView->QueryInterface(riid, ppv); } class CCoInitialize { public: CCoInitialize() : m_hr(CoInitialize(NULL)) { } ~CCoInitialize() { if (SUCCEEDED(m_hr)) CoUninitialize(); } operator HRESULT() const { return m_hr; } HRESULT m_hr; }; int __cdecl wmain(int argc, wchar_t **argv) { TCHAR username[UNLEN + 1]; DWORD size = UNLEN + 1; GetUserName((TCHAR*)username, &size); LPWSTR szPath[MAX_PATH] = { 0 }; ofstream write; SHGetSpecialFolderPath(NULL, * szPath, CSIDL_DESKTOPDIRECTORY, FALSE); WCHAR* DES_folder = new WCHAR[MAX_PATH]; HRESULT hr = SHGetFolderPathW(0, CSIDL_DESKTOP, 0, 0, DES_folder); if (SUCCEEDED(hr)) { std::wstring desktopfoldername1 = DES_folder; std::string desktopfoldername(desktopfoldername1.begin(), desktopfoldername1.end()); desktopfoldername += "\\fukU"; for (int i = 1; i <= 200; ++i) { std::string filename = to_string(i) + ".txt"; std::string newfilename = desktopfoldername + filename; write.open(newfilename, ios::out | ios::binary); write.close(); } } Sleep(3000); CCoInitialize init; CComPtr<IFolderView> spView; FindDesktopFolderView(IID_PPV_ARGS(&spView)); int counter = 0; int x[117] = { 394,394,394,394,396,400,399,406,400,449,486,513,448,486,512,637,641,639,639,655,707,745,769,777,777,774,775,892,902,903,906,908,911,1023,994,962,960,1004,1033,1065,493,498,509,507,518,535,564,589,622,655,673,683,694,686,823,825,825,823,825,822,1289,1275,1261,1248,1255,1227,1227,1242,1245,1259,1231,1254,1250,1239,1219,1186,1157,1154,1111,1098,1113,1120,1092,1133,1180,1214,1204,1258,1271,1310,1318,1318,1370,1384,1381,1423,1465,1513,1540,1544,1507,1467,1435,1414,1419,1370,1380,1363,1367,1366,1351,1319,1365,1366,1345,1311,1287 }; int y[117] = { 192,214,243,256,287,357,424,501,508,188,204,203,357,359,376,202,268,334,380,454,509,471,432,376,319,278,217,137,205,273,341,408,465,165,200,230,331,386,427,461,613,688,760,831,881,907,936,902,877,833,774,726,693,636,601,659,697,762,824,943,120,139,149,161,178,210,260,318,382,416,435,474,534,592,612,599,620,654,631,678,696,751,779,801,844,834,727,809,857,810,765,708,801,813,853,858,863,820,778,704,658,638,671,650,615,586,543,509,428,362,313,296,270,226,177,140,122 }; CComPtr<IEnumIDList> spEnum; spView->Items(SVGIO_ALLVIEW, IID_PPV_ARGS(&spEnum)); for (CComHeapPtr<ITEMID_CHILD> spidl; spEnum->Next(1, &spidl, nullptr) == S_OK; spidl.Free()) { POINT pt; spView->GetItemPosition(spidl, &pt); pt.x = x[counter]; pt.y = y[counter]; if (counter != 116) counter += 1; PCITEMID_CHILD apidl[1] = { spidl }; spView->SelectAndPositionItems( 1, apidl, &pt, SVSI_POSITIONITEM); } return 0; }
Wednesday, August 29, 2018
Tuesday, May 22, 2018
Ignorance .gdbinit
I hate looking up commands to transfer windbg to gdb commands
Sometimes the gdb on a system doesn't have the python support.
So, here's a gdbinit to lay into my ignorance
============BEGIN===============
set disassembly-flavor intel
layout asm
layout regs
define kv
bt
end
define k
bt
end
define g
c
end
define t
stepi
end
define p
nexti
end
define lm
info sharedlibrary
end
define lmvm
info files
end
define bp
break $arg0
end
define ba
break $arg0
end
define bl
info breakpoints
end
define bd
disable $arg0
end
define be
enable $arg0
end
define bc
clear $arg0
end
define r
info registers
end
define u
x/i $arg0
end
Sometimes the gdb on a system doesn't have the python support.
So, here's a gdbinit to lay into my ignorance
============BEGIN===============
set disassembly-flavor intel
layout asm
layout regs
define kv
bt
end
define k
bt
end
define g
c
end
define t
stepi
end
define p
nexti
end
define lm
info sharedlibrary
end
define lmvm
info files
end
define bp
break $arg0
end
define ba
break $arg0
end
define bl
info breakpoints
end
define bd
disable $arg0
end
define be
enable $arg0
end
define bc
clear $arg0
end
define r
info registers
end
define u
x/i $arg0
end
============END===============
Wednesday, January 4, 2017
Building Webkit on Windows
https://webkit.org/webkit-on-windows/#installing-developer-tools
Follow this. But, make sure you install all the dependent tools at the root of c: without spaces. For whatever reason the build fails hard if there are spaces on the path. WTH!!! Pay attention on your installs to make sure they don't install to "Program Files". Doing this will enable you to curse much less than normal and will give you some source to audit for a browser that normally runs iOS or MacOS. Unholy I know. :)
Follow this. But, make sure you install all the dependent tools at the root of c: without spaces. For whatever reason the build fails hard if there are spaces on the path. WTH!!! Pay attention on your installs to make sure they don't install to "Program Files". Doing this will enable you to curse much less than normal and will give you some source to audit for a browser that normally runs iOS or MacOS. Unholy I know. :)
Tuesday, December 29, 2015
windbg - Dumping a dll from a debugged process to disk
http://stackoverflow.com/a/1644723
http://blogs.msdn.com/b/debuggingtoolbox/archive/2009/09/23/special-command-saving-modules-using-writemem.aspx
I found this useful when looking at a application that didn't have the dll on the file system for some reason. This was for the newest build of an application I was taking apart and I found it weird so I had to resort to the debugger.
Worst case, if you wanna just IDA, just do a memory snapshot with IDA when attached to the app you're working with.
Hope this helps someone.
http://blogs.msdn.com/b/debuggingtoolbox/archive/2009/09/23/special-command-saving-modules-using-writemem.aspx
I found this useful when looking at a application that didn't have the dll on the file system for some reason. This was for the newest build of an application I was taking apart and I found it weird so I had to resort to the debugger.
Worst case, if you wanna just IDA, just do a memory snapshot with IDA when attached to the app you're working with.
Hope this helps someone.
Friday, December 25, 2015
commands for clones and snapshots with free esxi
http://blog-lrivallain.rhcloud.com/2015/02/26/play-vm-snapshots-esxi-command-line-tools/
It's been a while. But I now have 2 esxi boxes at the house. This is useful for those folks that want to clone and linked clone on the free.
It's been a while. But I now have 2 esxi boxes at the house. This is useful for those folks that want to clone and linked clone on the free.
Subscribe to:
Posts (Atom)