tandasat/scripts_for_RE

Stars
178
Rank 214,989 (Top 5 %)
Language
Python
Created almost 11 years ago
Updated over 3 years ago

tandasat/scripts_for_RE

tandasat

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Python scripts for reverse engineering.

scripts_for_RE

Python scripts for reverse engineering.

create_suspended_process.py

Launches a suspended process.

mem2file.py

Modifies the give raw PE memory dump file to load it with IDA properly.

load_IAT.py

(IDA Only) Loads an output of a 'dps' command and apply it to the IDB file.

parse_x64_SEH.py

(IDA Only) Locates SEH try blocks, exception filters and handlers for x64 Windows.

parse_ARM_SEH.py

(IDA Only) Locates SEH try blocks, exception filters and handlers for Windows RT.

merge_functions.py

(IDA Only) Merges a given function with the next function.

visualize_binary.py

Generates a PNG image file that represents the contents of a specified file.

apply_all_signatures.py

(IDA Only) Applies all FLIRT signatures in a /sig directory.

color_as_default.py

(IDA Only) Changes all instructions color to default.

find_ARMB_prologue.py

(IDA Only) Finds function-prologue-like byte sequences for ARMB.

highlight_all_CALLs.py

(IDA Only) Highlights all function call instructions in a given binary file.

show_SEH_chain.py

(IDA Only) Shows SEH chains (stack and handlers) for all threads.

rotate.py

Provides _ROR4_, _ROR8_, _ROL4_ and _ROL8_ functions.

HyperPlatform

Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.

DdiMon

Monitoring and controlling kernel API calls with stealth hook using EPT

Hypervisor-101-in-Rust

The materials of "Hypervisor 101 in Rust", a one-day long course, to quickly learn hardware-assisted virtualization technology and its application for high-performance fuzzing on Intel/AMD processors.

MiniVisorPkg

The research UEFI hypervisor that supports booting an operating system.

SimpleSvmHook

SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.

SimpleSvm

A minimalistic educational hypervisor for Windows on AMD processors.

PgResarch

PatchGuard Research

ExploitCapcom

This is a standalone exploit for a vulnerable feature in Capcom.sys

MemoryMon

Detecting execution of kernel memory where is not backed by any image file

DotNetHooking

Sample use cases of the .NET native code hooking technique

barevisor

A bare minimum hypervisor on AMD and Intel processors for learners.

GuardMon

Hypervisor based tool for monitoring system register accesses.

UefiVarMonitor

The runtime DXE driver monitoring access to the UEFI variables by hooking the runtime service table.

SmmExploit

The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.

hvext

The Windbg extension that implements commands helpful to study Hyper-V on Intel processors.

EopMon

Elevation of privilege detector based on HyperPlatform

Sushi

a Japanese food keeps you sane

findpg

Windbg extension to find PatchGuard pages

UEFI-BIOS-Security

Security Camp 2021 & GCC 2022

WinIoCtlDecoder

IDA Plugin which decodes Windows Device I/O control code into DeviceType, FunctionCode, AccessType and MethodType.

FU_Hypervisor

A hypervisor hiding user-mode memory using EPT

WPBT-Builder

The simple UEFI application to create a Windows Platform Binary Table (WPBT) from the UEFI shell.

HelloSmm

This is an instruction to run your own SMM code.

DebugLogger

A software driver that lets you log kernel-mode debug output into a file on Windows.

Hello-VT-rp

A simple hypervisor demonstrating the use of the Intel VT-rp (redirect protection) technology.

kraft_dinner

Tool to dump UEFI runtime drivers implementing runtime services for Windows

HelloAmdHvPkg

HelloAmdHvPkg is a type-1 research hypervisor for AMD processors.

CVE-2023-36427

Report and exploit of CVE-2023-36427

Scavenger

A minifilter driver preserves all modified and deleted files.

RemoteWriteMonitor

A tool to help malware analysts tell that the sample is injecting code into other process.

meow

HelloIommuPkg

The sample DXE runtime driver demonstrating how to program DMA remapping.

DumpVTable

Generates a Python script to give public interface names in an ActiveX file to an IDB file.

DrvLoader

A command line tool to load and unload a device driver.

CVE-2022-25949

A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.

cs_driver

A sample project for using Capstone from a driver in Visual Studio 2015

CVE-2024-21305

Report and exploit of CVE-2024-21305.

CVE-2014-0816

tandasat.github.io

hyperplatform_log_parser

User-mode program parsing logs created by HyperPlatform

ProjectLoadTimeMonitor

The Visual Studio extension that measures load time of each project when a solution file is opened.

recon2024_demo

Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No test signing mode is required.

CheckSDL

A tool evaluates security configurations of a given PE based on SDL without source code

ListWorkItems

Lists work items being queued currently.

DeviceOpener

A command line tool to check if a specified device is accessible.

List-UEFI-Configuration-Tables

List UEFI Configuration Tables

windbg_init

Windbg Init Script

ScopedResource

Scoped Resource - Generic RAII Wrapper for the Standard Library by Peter Sommerlad and Andrew L. Sandoval

win32_debugout

Shows debug strings on DebubView from an attached process by win32_remote.exe.

ping_vmm

A user-mode program knocking at HyperPlatform's "backdoor"

SecRuntimeSample

A sample usege of SecRuntime.dll on Windows Phone

blog

CopyFiles

Copy files onto the IsolatedStorage so that you can download them using IsoStoreSpy.

mylight

Using LED of Samsung Galaxy Ace S5830

tandasat

shared

Manages files that are shared with multiple boxes.