- Quick look around VMP 3.x:
- Tickling VMProtect with LLVM:
- Part 3: Optimization
# | |
# Port to binary ninja of the script written during the Off-by-One Security stream | |
# (https://youtu.be/FnIQTL9w-Ow) to synchronize GEF with Binary Ninja | |
# Requires `rpyc` and `pygments` | |
# | |
# In IDA, first download and load https://gist.githubusercontent.com/hugsy/714e0038d5d0b1deb7fad1907928252f/raw/87bd608a859c1699f9fc2fb556394d618747bdc8/binja_rpyc_snippet.py | |
# | |
# @_hugsy_ | |
# | |
import rpyc |
// Created by Anthony Printup on 4/21/2023. | |
#pragma once | |
#include <algorithm> | |
#include <bitset> | |
#include <cstdint> | |
#include <exception> | |
#include <functional> | |
#include <ranges> |
using System.Text; | |
using AsmResolver; | |
using AsmResolver.DotNet; | |
using AsmResolver.DotNet.Builder.Metadata.Blob; | |
using AsmResolver.DotNet.Builder.Metadata.Strings; | |
using AsmResolver.DotNet.Code.Cil; | |
using AsmResolver.DotNet.Signatures; | |
using AsmResolver.IO; | |
using AsmResolver.PE; | |
using AsmResolver.PE.DotNet.Builder; |
// Author: Sean Pesce | |
// | |
// Manual implementations of the CONCAT operations produced by the Ghidra decompiler. | |
// These definitions are helpful for compiling re-implementations of native code using | |
// decompiler output (e.g., with gcc). | |
// | |
// Note that these implementations would be outperformed by minimal C preprocessor macros | |
// that replicate the same logic. |
This downloads standalone MSVC compiler, linker & other tools, also headers/libraries from Windows SDK into portable folder, without installing Visual Studio. Has bare minimum components - no UWP/Store/WindowsRT stuff, just files & tools for native desktop app development.
Run py.exe portable-msvc.py
and it will download output into msvc
folder. By default it will download latest available MSVC & Windows SDK - currently v14.40.33807 and v10.0.26100.0.
You can list available versions with py.exe portable-msvc.py --show-versions
and then pass versions you want with --msvc-version
and --sdk-version
arguments.
To use cl.exe/link.exe first run setup_TARGET.bat
- after that PATH/INCLUDE/LIB env variables will be updated to use all the tools as usual. You can also use clang-cl.exe with these includes & libraries.
To use clang-cl.exe without running setup.bat, pass extra /winsysroot msvc
argument (msvc is folder name where output is stored).
# Script author: Matt Graeber (@mattifestation) | |
# logman start AMSITrace -p Microsoft-Antimalware-Scan-Interface Event1 -o AMSITrace.etl -ets | |
# Do your malicious things here that would be logged by AMSI | |
# logman stop AMSITrace -ets | |
$OSArchProperty = Get-CimInstance -ClassName Win32_OperatingSystem -Property OSArchitecture | |
$OSArch = $OSArchProperty.OSArchitecture | |
$OSPointerSize = 32 | |
if ($OSArch -eq '64-bit') { $OSPointerSize = 64 } |