Misc - xct's notes

Search…

Misc

Split 64 Bit value into 2 32 Bit values (C)
1
DWORD x[2];
2
memcpy(x, &hevdReturn, sizeof(hevdReturn));
3
memcpy(&hevdReturn, x, sizeof(hevdReturn));
Copied!
TIB (Thread Information Block)
View (WinDBG)
1
ntdll!_TEB
2
dt _peb
3
dt _peb @$peb
4
r $peb
Copied!
Get process parameter
1
dt _peb @$peb processp*
2
dt _RTL_USER_PROCESS_PARAMETERS <addr>
Copied!
Hex to Float (Python 3)
​https://gist.github.com/xct/3f267890067a7d73eb113553ef0b65ff​
​https://gist.github.com/xct/112feb1951d1e43084c6b21325a09ccd​
1
sudo -H python3 setup.py install
Copied!
1
import FloatToHex
2
>>> FloatToHex.hextodouble(0xdeadc0de,False)
3
1.845794201e-314
Copied!
Calculate Value for Neg Assembly Instruction 
1
? 0x00 - 0x1C6
2
Evaluate expression: -454 = fffffe3a
3
? 0x00 - 0xfffffe3a
4
Evaluate expression: -4294966842 = ffffffff`000001c6
Copied!
Now we can store this (null byte free) value ( fffffe3a ) in a register and use neg eax .

Templates

Next - Red Team

Web

Last modified 9mo ago

Copy link

Contents

Split 64 Bit value into 2 32 Bit values (C)

TIB (Thread Information Block)

Hex to Float (Python 3)

Calculate Value for Neg Assembly Instruction