Created
July 12, 2014 22:40
-
-
Save techbliss/084a6409da27f3e322c0 to your computer and use it in GitHub Desktop.
Ida Pro Winlicense IAT Checker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ida Pro Winlicense IAT checker |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <project version="4"> | |
| <component name="Encoding" useUTFGuessing="true" native2AsciiForPropertiesFiles="false" /> | |
| </project> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <module type="PYTHON_MODULE" version="4"> | |
| <component name="NewModuleRootManager"> | |
| <content url="file://$MODULE_DIR$" /> | |
| <orderEntry type="inheritedJdk" /> | |
| <orderEntry type="sourceFolder" forTests="false" /> | |
| </component> | |
| </module> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <project version="4"> | |
| <component name="ProjectInspectionProfilesVisibleTreeState"> | |
| <entry key="Project Default"> | |
| <profile-state> | |
| <expanded-state> | |
| <State> | |
| <id /> | |
| </State> | |
| </expanded-state> | |
| <selected-state> | |
| <State> | |
| <id>Buildout</id> | |
| </State> | |
| </selected-state> | |
| </profile-state> | |
| </entry> | |
| </component> | |
| <component name="ProjectRootManager" version="2" project-jdk-name="Python 2.7.7rc1 (C:\Python27\python.exe)" project-jdk-type="Python SDK" /> | |
| <component name="PyConsoleOptionsProvider"> | |
| <option name="myPythonConsoleState"> | |
| <console-settings sdk-home="C:\Python27\python.exe"> | |
| <option name="mySdkHome" value="C:\Python27\python.exe" /> | |
| <option name="myAddContentRoots" value="false" /> | |
| </console-settings> | |
| </option> | |
| </component> | |
| </project> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <project version="4"> | |
| <component name="ProjectModuleManager"> | |
| <modules> | |
| <module fileurl="file://$PROJECT_DIR$/.idea/Ida Pro Winlicense IAT checker.iml" filepath="$PROJECT_DIR$/.idea/Ida Pro Winlicense IAT checker.iml" /> | |
| </modules> | |
| </component> | |
| </project> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <component name="DependencyValidationManager"> | |
| <state> | |
| <option name="SKIP_IMPORT_STATEMENTS" value="false" /> | |
| </state> | |
| </component> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <project version="4"> | |
| <component name="VcsDirectoryMappings"> | |
| <mapping directory="" vcs="" /> | |
| </component> | |
| </project> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Just run from Ida Pro | |
| If it dosent jump to Code after execution.It didnt work. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idc | |
| import idaapi | |
| sEA = 0x0000000140001000 | |
| eEA = sEA + 0x1 | |
| ea = GetEntryPoint(1) | |
| ea2 = MaxEA | |
| idc.LoadDebugger("windbg", 1) | |
| LoadDebugger("windbg", 1) | |
| AddBptEx(0x0000000140001000, 0x1, BPT_BRK) | |
| SetDebuggerOptions(DOPT_BPT_MSGS) | |
| path = GetInputFilePath() | |
| args = '' | |
| sdir = '' | |
| StartDebugger(path, args, sdir) | |
| enable_extlang_python(True) | |
| MakeCode(0x0000000140001000) | |
| PauseProcess() | |
| enable_extlang_python(True) | |
| analyze_area(sEA, eEA) | |
| StopDebugger() | |
| print "##################################################\n" \ | |
| " What just HAppend your asked ? \n" \ | |
| " While you blinked. \n" \ | |
| " IDA Python did the work for you \n" \ | |
| " \n" \ | |
| " WinLicense Easy settings checker \n" \ | |
| "#############################################\n" \ | |
| " Storm Shadow \n" \ | |
| "#############################################\n" | |
| print ("IAT = 0000000140001000") | |
| print ("WinLicense IAT is FOUND\n" \ | |
| "IMPORT Breakpoint Adress into Scullahide") | |
| Jump(0x0000000140001000) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment