Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

CSS

Swift

Java

Julia

TypeScript

Shell

Dart

Erlang

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Swift

Go

C++

Kotlin

Jupyter Notebook

Rust

PHP

C

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇳🇦 Namibia

🇱🇻 Latvia

🇲🇦 Morocco

🇹🇷 Türkiye

🇺🇬 Uganda

🇨🇷 Costa Rica

🇲🇹 Malta

🇨🇻 Cape Verde

All Countries Compare Countries

icchy/tracecorn

Stars
116
Rank 303,894 (Top 6 %)
Language
Python
License
MIT License
Created almost 8 years ago
Updated about 7 years ago

icchy/tracecorn

icchy

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Windows API tracer for malware (oldname: unitracer)

unitracer

Windows API tracer for malware

based on Dutas and PyAna

Requirements

Unicorn 1.0
Capstone
some dlls

Features

Windows API trace/hook
setup special data of TIB, PEB, LDR...
using original PE parser (faster than pefile)

Usage

import unitracer
from unicorn.x86_const import *


uni = unitracer.Windows()

# add search path for dll
uni.dll_path.insert(0, "dlls")

# change stack
uni.STACK_BASE = 0x60000000
uni.STACK_SIZE = 0x10000

# load binary
uni.load_pe('./samples/AntiDebug.exe')
# uni.load_code(open('./samples/URLDownloadToFile.sc').read())

# add api hooks
def IsDebuggerPresent(ut):
    emu = ut.emu
    retaddr = ut.popstack()
    print "IsDebuggerPresent"
    emu.reg_write(UC_X86_REG_EAX, 0)
    ut.pushstack(retaddr)

uni.api_hooks['IsDebuggerPresent'] = IsDebuggerPresent

# add original hooks
def myhook(ut, address, size, userdata):
    if address == 0xdeadbeef:
        ut.dumpregs(["eax", "ebx"])

uni.hooks.append(myhook)

# suppress verbose output (disassemble)
uni.verbose = False

uni.start(0)

Sample

running samples/URLDownloadToFile.sc

TODO

64 bit
etc...

wctf2019-gtf

WCTF2019 challenge: Gyotaku The Flag

pe

simple PE parser

pwnenv

auto container build tool for pwn

tscjammer

ctftemp

solver templates for ctf

gfd

pseudo Great Firewall Daemon

minijson

tiny json parser

ctf-writeups

isucon13

binsec-docker

Dockerfile for binsec server

xxe-lab

adv_tec

isucon12q