Skip to content

Instantly share code, notes, and snippets.

View lallousx86's full-sized avatar

Elias Bachaalany lallousx86

247 followers · 19 following
View GitHub Profile
@lallousx86
lallousx86 / sample-enex.xml
Last active April 26, 2019 03:38 — forked from evernotegists/sample-enex.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE en-export SYSTEM "http://xml.evernote.com/pub/evernote-export3.dtd">
<en-export export-date="20130730T205637Z" application="Evernote" version="Evernote Mac">
<note>
<title>Test Note for Export</title>
<content>
<![CDATA[<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE en-note SYSTEM "http://xml.evernote.com/pub/enml2.dtd">
<en-note style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
Hello, World.
@lallousx86
lallousx86 / GhidraDecompiler.java
Created April 21, 2019 19:16 — forked from guedou/GhidraDecompiler.java
Call the Ghidra decompiler from the command line
// Copyright (C) 2019 Guillaume Valadon <[email protected]>
// This program is published under a GPLv2 license
/*
* Decompile a function with Ghidra
*
* analyzeHeadless . Test.gpr -import $BINARY_NAME -postScript GhidraDecompiler.java $FUNCTION_ADDRESS -deleteProject -noanalysis
*
*/
@lallousx86
lallousx86 / dump_pe_pdb_info.cpp
Created June 20, 2017 00:54 — forked from luser/dump_pe_pdb_info.cpp
Dump PDB information from a PE file
#include <stdio.h>
#include <stdint.h>
#include <Windows.h>
#include <string>
#include <DbgHelp.h>
#pragma comment(lib, "dbghelp.lib")
const DWORD CV_SIGNATURE_RSDS = 0x53445352; // 'SDSR'
@lallousx86
lallousx86 / find_range_templ.cpp
Last active July 6, 2017 01:03
find_range() using lower_bound of std::map(). The underlying mapped type should implement both is() and contains()
// Test std::map's lower_bound()
#include <stdio.h>
#include <map>
#include <iostream>
struct range_t
{
unsigned long a;
unsigned long b;
@lallousx86
lallousx86 / std_map_lowerbound.cpp
Created June 13, 2017 01:23
std::map's lower_bound() test
// Test std::map's lower_bound()
#include <stdio.h>
#include <map>
#include <iostream>
struct range_t
{
unsigned long a;
unsigned long b;
@lallousx86
lallousx86 / text2ulli.py
Created June 11, 2017 23:23
Convert text file to UL and LI items in HTML
#!/usr/bin/python
# -*- coding: utf-8 -*-
out = []
st = 0
out.append('<ul>')
with open('Driving.txt', 'r') as f:
for line in f:
# Skip empty line
if len(line.strip()) == 0:
continue
@lallousx86
lallousx86 / detect_exe.py
Last active May 6, 2017 00:57
Small function to detect the executable type
#---------------------------------------------------------------------
EXEFLAG_NONE = 0x0000
EXEFLAG_LINUX = 0x0001
EXEFLAG_WINDOWS = 0x0002
EXEFLAG_MACOS = 0x0004
EXEFLAG_MACOS_FAT = 0x0008
EXEFLAG_32BITS = 0x0010
EXEFLAG_64BITS = 0x0020
# Keep signatures sorted by size
@lallousx86
lallousx86 / SEHSample1.cpp
Created April 25, 2017 16:55
try/except sample
#include <stdio.h>
#include <windows.h> // for EXCEPTION_ACCESS_VIOLATION
#include <excpt.h>
int filter(unsigned int code, struct _EXCEPTION_POINTERS *ep) {
   puts("in filter.");
   if (code == EXCEPTION_ACCESS_VIOLATION) {
      puts("caught AV as expected.");
      return EXCEPTION_EXECUTE_HANDLER;
   }
   else {
@lallousx86
lallousx86 / GetInfoFromAuthenticodeSignedExe.cpp
Created April 24, 2017 17:43
How To Get Information from Authenticode Signed Executables
// https://support.microsoft.com/en-us/help/323809/how-to-get-information-from-authenticode-signed-executables
#include <windows.h>
#include <wincrypt.h>
#include <wintrust.h>
#include <stdio.h>
#include <tchar.h>
#pragma comment(lib, "crypt32.lib")
@lallousx86
lallousx86 / ExportedMarkedLocations.py
Last active April 20, 2017 17:51
Export marked locations in IDA Pro with IDAPython
#
# Export marked location sorted by their address
#
# Get marked locations
Locs = []
idx = 0
while True:
s = idc.GetMarkComment(idx)
if s is None: