mrexodia/lolbin-poc

Stars
112
Rank 312,240 (Top 7 %)
Language
C++
Created almost 2 years ago
Updated over 1 year ago

mrexodia/lolbin-poc

mrexodia

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Small PoC of using a Microsoft signed executable as a lolbin.

lolbin-poc

Small PoC of using a Microsoft signed executable as a lolbin.

Building (32-bit)

cmake -B build32 -A Win32
cmake --build build32 --config Release

Building (64-bit)

cmake -B build64 -A x64
cmake --build build64 --config Release

Usage

Download WinDbg from here, put the compiled dbgeng.dll next to windbg.exe.

Bonus

There's also a bunch of other DLLs you can use:

TitanHide

Hiding kernel-driver for x86/x64.

dumpulator

An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).

AppInitHook

Global user-mode hooking framework, based on AppInit_DLLs. The goal is to allow you to rapidly develop hooks to inject in an arbitrary process.

NtPhp

Ever wanted to execute PHP in your kernel driver? Look no further!

akt

Armadillo Key Tool

JitMagic

Simple tool that allows you to have multiple Just-In-Time debuggers at once.

haxxmap

Some simple go tools to perform a Man-in-the-middle (MITM) attack on your IMAP server in case you forgot your password.

EfiCMake

CMake template for a basic EFI application/bootkit. This library is header-only, there is no EDK2 runtime!).

driver_unpacking

Ghetto user mode emulation of Windows kernel drivers.

ArmaG3ddon

ArmaG3ddon by CondZero/ARTeam

idapatch

IDA plugin to patch IDA Pro in memory.

MiniDumpPlugin

Simple x64dbg plugin to save a full memory dump

perfect-dll-proxy

Perfect DLL Proxying using forwards with absolute paths.

YaraGen

Plugin for x64dbg to generate Yara rules from function basic blocks.

REToolSync

Collaboration platform for reverse engineering tools.

PatternFinder

Parallel signature matcher in C#

CEAutoAttach

Tool to automatically make Cheat Engine attach to a process via the command line.

zig-cross

Example of using as a CMake Toolchain for cross compiling.

Diff

Diff plugin for x64dbg

WorkraveQt

Modern reimplementation of Workrave in Qt. Optimized to look out for you where you don't.

portable-executable-library

Automatically exported from code.google.com/p/portable-executable-library

IATFaker

Small project to generate fake DLLs based on an executable's import table

DotNetPluginCS

DotNetPluginCS based on:

FunUtils

Just some fun utilities I wrote for productivity reasons.

VMHunt_instracelog

Windows build files for the VMHunt Intel PIN Trace tool

CpConverter

Code Page Converter - Convert HTML/Text files to different encoding formats e.g. ANSI to UTF-8 or Unicode. Convert multiple files with 1 click. Works with all encodings.

VMProtectTest

WibuDebugHook

Injectable DLL that helps with debugging Wibu CodeMeter.

go-gitea-webhook

Simple webhook receiver implementation for Gitea/Gogs.

regstep

Simple x64dbg plugin to show registers on every step.

DisableParallelLoader

Plugin for x64dbg to disable parallel loading of dependencies

AStyleHelper

Simple tool to perform AStyle formatting in a git repository.

DarkSouls3.TextViewer

This tool helps you view all in-game text of Dark Souls 3.

cxx-common-cmake

Experiment building lifting-bits dependencies with pure CMake

rosetta-multipass

Use Rosetta to run amd64 binaries on your M1 with Multipass.

StackContains

Sample x64dbg plugin to scan the stack during tracing.

mrexodia.github.io

SN8F2288_gui

Interactive disassembler and emulator for the SN8F2288.

NoFlashWindow

Disables FlashWindow and FlashWindowEx using AppInit_DLLs hook.

BoomPowGui

Simple C# GUI for BoomPow (banano miner).

Utf8Ini

Small C++ INI Parser.

BreakpointUnresolved

Plugin for x64dbg to break on unresolved APIs.

gogitterirc

Gitter/IRC Sync bot written in Go

imgui_cmkr

Experimental imgui app framework for rapid prototyping.

DrDecode

Simple plugin for x64dbg to decode debug registers

cloudflare-redirect

Simple CloudFlare Worker to implement a service similar to redirect.name, but with HTTPS support.

SimpleAutoItCrypter

Simple AutoIt crypter.

YaraFlirt

Project to convert F.L.I.R.T. Signatures signatures to Yara Rules.

Arxan

Some super old control flow exploration experiments

TracePlugin

Very simple trace plugin example for x64dbg.

pygame_qt

Combinding pygame and PyQt5 in python3

GitIdentityManagerCpp

Very simple cross-platform utility to manage your git identities.

svelte-cpp-whiskey-list

Example Svelte frontend with C++ backend

LivecodingTwitch

Bot to synchronize Livecoding and Twitch chats.

CMakeMASM

BrainfuckInterpreter

Simple brainfuck interpreter written for Quora.

PasteFile

Plugin for x64dbg to paste a file in memory...

AsmParser

Loose parser for x86 assembly, used for translating them into IR.

ClickCatcher

Example plugin for x64dbg to handle mouse click events.

unicorn_template

Project template for unicorn based on CPM.

IXWebSocket_template

Simple template for IXWebSocket (websocket and http client/server library for C++) based on CPM.

VTIL-Hello

Example CMake project for VTIL.

CutterUpdater

Very simple utility to automatically check for, download and install the latest version of Cutter.

XInputScanner

Tool for x360ce to scan which XInput DLL is used.

BatchDecompiler

Script to batch-decompile things with IDA.

SMMNEX

010 editor binary templates for SMM NEX

JNIEnv

Plugin to assist in reverse engineering programs that use JNI.

debuggerpyd

Random Script DLL for x64dbg

TimeStampFormat

Example plugin to print a timestamp in the log.

GleeDbg

Experiments with imgui

gotgslack

Telegram/Slack synchronization bot.

NativeExport

Very simple example of native exports with C# and C++

vergiliusparser

Simple script to scrape https://www.vergiliusproject.com/

ExtendDumpSel

Plugin for x64dbg to add a command that extends the dump selection

StaticEngine

Playground for statically loading files into x64dbg.

ModulePathList

A simple x64dbg plugin to list modules with their paths.

cgit-theme

A theme for cgit

ExpressionParser

Very simple expression parser for binary operations with operator precedence, unary minus/plus/NOT and parentheses.

fluffy-adventure

Some testing code with binary visualization

reimagined-umbrella

SwigSample

SwigSample with C#

miasm-old

Automatically exported from code.google.com/p/miasm

yara_vs13

The pattern matching swiss knife (used by x64dbg).

QClickableMenu

Project to support the triggered signal of the QMenu::menuAction if you click on the QMenu.

CMakePackageExample

llvm-headers

Easily search LLVM headers for all major versions!

cryptopals

My solutions to the cryptopals crypto challenges.

RestartSpam

Simple plugin to spam restarts in x64dbg

VisualMutatorGUI

Simple GUI to visualize a results file from VisualMutator.

pybind11_example

kraken

knowledge-base

Knowledge base watching and scraping service.

angelscript-cpp-interface-generator

Automatically exported from code.google.com/p/angelscript-cpp-interface-generator

SimpleIATParser

DebugLoopRace

mandelbrot

RotMG.Common

Common utility library for RotMG by creepylava.

python64

Hack to have both python and python64 in your PATH environment variable.

OpenCVTest

A test CLion/CMake project for OpenCV 3 on OS X.

psychic-octo-fiesta