http://stackoverflow.com/a/1644723
http://blogs.msdn.com/b/debuggingtoolbox/archive/2009/09/23/special-command-saving-modules-using-writemem.aspx
I found this useful when looking at a application that didn't have the dll on the file system for some reason. This was for the newest build of an application I was taking apart and I found it weird so I had to resort to the debugger.
Worst case, if you wanna just IDA, just do a memory snapshot with IDA when attached to the app you're working with.
Hope this helps someone.
Tuesday, December 29, 2015
Friday, December 25, 2015
commands for clones and snapshots with free esxi
http://blog-lrivallain.rhcloud.com/2015/02/26/play-vm-snapshots-esxi-command-line-tools/
It's been a while. But I now have 2 esxi boxes at the house. This is useful for those folks that want to clone and linked clone on the free.
It's been a while. But I now have 2 esxi boxes at the house. This is useful for those folks that want to clone and linked clone on the free.
Wednesday, July 15, 2015
Gnome2 fo lyfe
https://ubuntu-mate.org/
Basically here's the Ubuntu you were using before Unity. Glad this is around. Hope y'all enjoy.
Basically here's the Ubuntu you were using before Unity. Glad this is around. Hope y'all enjoy.
Tuesday, July 7, 2015
Monday, July 6, 2015
Graphs all day
http://www.python-course.eu/graphs_python.php
graphs and python and ida go hand in hand.
Easy code to follow and walk through and very useful for nodes.
Try making stuff with this.
graphs and python and ida go hand in hand.
Easy code to follow and walk through and very useful for nodes.
Try making stuff with this.
Sunday, July 5, 2015
solver/emulation stuff
http://doar-e.github.io/blog/2013/09/16/breaking-kryptonites-obfuscation-with-symbolic-execution/
http://research.microsoft.com/en-us/projects/boogie/
https://github.com/Z3Prover/z3
This is cool because python should be able to hit up all of this. Especially that first link.
I expect this should be nice to have with IDA and your python IDE to go exploring with.
http://research.microsoft.com/en-us/projects/boogie/
https://github.com/Z3Prover/z3
This is cool because python should be able to hit up all of this. Especially that first link.
I expect this should be nice to have with IDA and your python IDE to go exploring with.
Setting up a git server on Windows real easy like
http://gitstack.com/
Yeah it's pretty easy to just go through this and setup a user and a repo to store code at.
Enjoy.
Yeah it's pretty easy to just go through this and setup a user and a repo to store code at.
Enjoy.
Friday, July 3, 2015
.cmd Script to let people know you're haxoring
@echo off
color 0A
title 1337 black and green hacker terminal
mode 1000
:matrix
echo %random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%
goto matrix
color 0A
title 1337 black and green hacker terminal
mode 1000
:matrix
echo %random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%%random%
goto matrix
Python Ascii tree - for all those times you need to go low-tech and draw an ASCII tree
https://pypi.python.org/pypi/asciitree/0.2
This is real cool because it writes stuff like this:
This is real cool because it writes stuff like this:
root
+--sub1
+--sub2
| +--sub2sub1
+--sub3
+--sub3sub1
| +--sub3sub1sub1
+--sub3sub2
Windows symbols for the _NT_SYMBOL_PATH script
setx -m _NT_SYMBOL_PATH SRV*c:\symbols\*http://msdl.microsoft.com/download/symbols;SRV*c:\symbols\*http://symbols.mozilla.org/firefox
Throw this into a .cmd file and run it as admin. Edit this accordingly for chrome or whatevs.
Throw this into a .cmd file and run it as admin. Edit this accordingly for chrome or whatevs.
Auto open dlls and exe in current directory for IDA
---------------------begin .cmd file--------------------
pushd .
cd "C:\Program Files"
FOR /F "delims=" %%F IN ('dir /S /b idaq.exe') DO SET IDAEXE="%%F"
popd
echo "%IDAEXE%"
set IDBDIR=.
for /R %%v in (*.dll) do start /wait "" %IDAEXE% -B -A -c -P -o%IDBDIR%\%%~nv.idb "%%v"
for /R %%v in (*.exe) do start /wait "" %IDAEXE% -B -A -c -P -o%IDBDIR%\%%~nv.idb "%%v"
---------------------.cmd file--------------------
Edit this for x64 with cd "C:\Program Files (x86)"
Edit this for whatever you're working on.
pushd .
cd "C:\Program Files"
FOR /F "delims=" %%F IN ('dir /S /b idaq.exe') DO SET IDAEXE="%%F"
popd
echo "%IDAEXE%"
set IDBDIR=.
for /R %%v in (*.dll) do start /wait "" %IDAEXE% -B -A -c -P -o%IDBDIR%\%%~nv.idb "%%v"
for /R %%v in (*.exe) do start /wait "" %IDAEXE% -B -A -c -P -o%IDBDIR%\%%~nv.idb "%%v"
---------------------.cmd file--------------------
Edit this for x64 with cd "C:\Program Files (x86)"
Edit this for whatever you're working on.
Forgetting Windbg commands? Too lazy to type? Use .cmdtree in windbg!
Refer to this:
http://blogs.msdn.com/b/debuggingtoolbox/archive/2008/09/17/special-command-execute-commands-from-a-customized-user-interface-with-cmdtree.aspx
Look at other people's cmdtree's: https://github.com/goldshtn/windbg-extensions/blob/master/cmdtree.txt
Make your own.
I'm pretty sure you don't want to type this a lot if you're looking at Internet Explorer:
ed MSHTML!MemoryProtection::CMemoryProtector::tlsSlot
The cmdtree file is space delimited. So maintain the proper structure and you'll be ok.
http://blogs.msdn.com/b/debuggingtoolbox/archive/2008/09/17/special-command-execute-commands-from-a-customized-user-interface-with-cmdtree.aspx
Look at other people's cmdtree's: https://github.com/goldshtn/windbg-extensions/blob/master/cmdtree.txt
Make your own.
I'm pretty sure you don't want to type this a lot if you're looking at Internet Explorer:
ed MSHTML!MemoryProtection::CMemoryProtector::tlsSlot
The cmdtree file is space delimited. So maintain the proper structure and you'll be ok.
Xenserver - I need to set this up for home VM farm.
http://hak5.org/episodes/hak5-1819
I'm sold now.
http://xenserver.org/open-source-virtualization-download.html
I'm sold now.
http://xenserver.org/open-source-virtualization-download.html
Setting up a git server for people that are lazy like me
Follow this:
https://help.ubuntu.com/lts/serverguide/git.html
https://help.ubuntu.com/lts/serverguide/git.html
Pycharm for your IDA development
Download it here https://www.jetbrains.com/pycharm/download/
Here's some ghetto autocomplete:
Create a new project and throw the following python files from your IDADir/python into it
idaapi.py
idautils.py
idc.py
Create your new script and type in any of these:
idaapi.
press ctrl-spacebar
idautils.
press ctrl-spacebar
idc.
press ctrl-spacebar
And there you go. Let the IDE work for you.
Also, if you want to get code flow, you can hold down ctrl and left click into methods.
There's also Version control. So setup your git and version your code.
This makes development super easy.
-----------------
Another nice thing is the alt-enter hotkey. If you're missing imports for a particular class, it will help auto import things for you.
I spent many years coding in eclipse because I was a Java Software Engineer. Transitioning to this was easy because they maintained all the key schemes for these types of developers like me. Being able to quickly get all references with ctrl-G and looking up methods and objects within a file with ctrl-O is very handy and will help you push out code faster.
Refactoring is painless with alt-shift-R and walking through the menus.
-----------------
Refer to http://djmanilaice.blogspot.com/2015/07/learning-pyside-with-qt-designer-on.html to setup auto complete for pyside.
Here's some ghetto autocomplete:
Create a new project and throw the following python files from your IDADir/python into it
idaapi.py
idautils.py
idc.py
Create your new script and type in any of these:
idaapi.
press ctrl-spacebar
idautils.
press ctrl-spacebar
idc.
press ctrl-spacebar
Also, if you want to get code flow, you can hold down ctrl and left click into methods.
There's also Version control. So setup your git and version your code.
This makes development super easy.
-----------------
Another nice thing is the alt-enter hotkey. If you're missing imports for a particular class, it will help auto import things for you.
I spent many years coding in eclipse because I was a Java Software Engineer. Transitioning to this was easy because they maintained all the key schemes for these types of developers like me. Being able to quickly get all references with ctrl-G and looking up methods and objects within a file with ctrl-O is very handy and will help you push out code faster.
Refactoring is painless with alt-shift-R and walking through the menus.
-----------------
Refer to http://djmanilaice.blogspot.com/2015/07/learning-pyside-with-qt-designer-on.html to setup auto complete for pyside.
Learning Pyside with qt designer on ubuntu
Follow this:
http://pyside.readthedocs.org/en/latest/building/linux.html
Watch this: https://www.youtube.com/watch?v=Dmo8eZG5I2w
Save out the qt designer file. eg. myfile.ui
sudo apt-get install pyqt4-dev-tools
pyuic4 myfile.ui -o myfile.py
After that start code ripping.
Why do this? Well it's nice to auto complete code in your ide when coding up idapython with pyside work.
http://pyside.readthedocs.org/en/latest/building/linux.html
Watch this: https://www.youtube.com/watch?v=Dmo8eZG5I2w
Save out the qt designer file. eg. myfile.ui
sudo apt-get install pyqt4-dev-tools
pyuic4 myfile.ui -o myfile.py
After that start code ripping.
Why do this? Well it's nice to auto complete code in your ide when coding up idapython with pyside work.
Converting exported VMWare ovf and Importing them into VirtualBox
Do this: https://www.polibyte.com/blog/massaging_ovf_for_virtualbox
And then get rid of the .mf file.
And then get rid of the .mf file.
Subscribe to:
Posts (Atom)