Vladislav Lastname v14dislav
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Binary editors | |
| hiew | |
| bz | |
| 010 | |
| winhex | |
| binwalk (IDA) | |
| bindiff (IDA) | |
| 2. Disassembling | |
| IDA (+hexrays plugin) (https://t.me/idapro) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from winappdbg import * | |
| import sys | |
| import random | |
| import struct | |
| import subprocess | |
| size = 1000 | |
| exe_name = "fuzz_server.exe" | |
| snapshot_hook = 0x1400070C0 | |
| restore_hook = 0x140007537 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <tlhelp32.h> | |
| DWORD getProcessID() { | |
| DWORD processID = 0; | |
| HANDLE snapHandle; | |
| PROCESSENTRY32 processEntry = {0}; | |
| if( (snapHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)) == INVALID_HANDLE_VALUE ) { | |
| return 0; |
v14dislav
/ process_hollowing.c
Created
April 26, 2019 13:33
replacment process memory. injection technic
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //https://github.com/theevilbit/injection/blob/master/ProcessHollowing/ProcessHollowing/ProcessHollowing.cpp | |
| #include <stdio.h> | |
| #include <Windows.h> | |
| #include <winternl.h> | |
| #pragma comment(lib,"ntdll.lib") | |
| EXTERN_C NTSTATUS NTAPI NtTerminateProcess(HANDLE, NTSTATUS); | |
| EXTERN_C NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, ULONG, PULONG); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| arg= "\x79\x01\x43\x77%s" | |
| cmdline = "C:\\Users\\designer\\Desktop\\printf\\src.exe {}".format(arg) | |
| import binascii | |
| import subprocess | |
| output = subprocess.check_output(cmdline, shell=True) | |
| output = binascii.b2a_hex(output) | |
| print output |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #define ORDER 10 | |
| #define POWER 1024 /* 2^ORDER */ | |
| /** | |
| * Эти две функции вы должны использовать для аллокации | |
| * и освобождения памяти в этом задании. Считайте, что | |
| * внутри они используют buddy аллокатор с размером | |
| * страницы равным 4096 байтам. | |
| **/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <inttypes.h> | |
| #include <stdio.h> | |
| #define FREE 0x6B | |
| #define META 5 | |
| #define MIN_block 16 | |
| void * buffer= 0; | |
| size_t length=0; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct Rational | |
| { | |
| Rational(int numerator = 0, int denominator = 1); | |
| void add(Rational rational); | |
| void sub(Rational rational); | |
| void mul(Rational rational); | |
| void div(Rational rational); | |
| void neg(); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <string.h> | |
| using namespace std; | |
| class SubString; | |
| class String{ | |
| public: | |
| char *str; | |
| size_t size; //len +1 | |
| String(const char *s); |