xct's notes
Search…
Introduction
Red Team
Active Directory
Host Enum
Payloads
Passwords
Privilege Escalation
Evasion & Bypasses
Concepts & Research
Binary Exploitation
Blog Posts & Research
Windows ASLR
Windows ROP
Windows SEH
Windows Stack
Windows Kernel
Windows Shellcode
Windbg
Linux Heap
Linux Kernel
Format String
GDB
Path Hijacking
Templates
Misc
Web
Cloud
Mobile
Hardware
Crypto
Templates
Misc
Blue Team
Active Directory
Malware Analysis
SIEM
Misc
Labs
Keys & Signing
Language & Framwork Specifics
Misc
HackTheBox
Crossfit
Luanne
APT
Attended
Delivery
Cereal
Powered By
GitBook
Misc
Split 64 Bit value into 2 32 Bit values (C)
1
DWORD x[2];
2
memcpy(x, &hevdReturn, sizeof(hevdReturn));
3
memcpy(&hevdReturn, x, sizeof(hevdReturn));
Copied!
TIB (Thread Information Block)
View (WinDBG)
1
ntdll!_TEB
2
dt _peb
3
dt _peb @$peb
4
r $peb
Copied!
Get process parameter
1
dt _peb @$peb processp*
2
dt _RTL_USER_PROCESS_PARAMETERS <addr>
Copied!
Hex to Float (Python 3)
​
https://gist.github.com/xct/3f267890067a7d73eb113553ef0b65ff
​
​
https://gist.github.com/xct/112feb1951d1e43084c6b21325a09ccd
​
1
sudo
-H python3 setup.py
install
Copied!
1
import
FloatToHex
2
>>>
FloatToHex
.
hextodouble
(
0xdeadc0de
,
False
)
3
1.845794201e-314
Copied!
Calculate Value for Neg Assembly Instruction
1
? 0x00 - 0x1C6
2
Evaluate expression: -454 = fffffe3a
3
? 0x00 - 0xfffffe3a
4
Evaluate expression: -4294966842 = ffffffff`000001c6
Copied!
Now we can store this (null byte free) value ( fffffe3a ) in a register and use
neg eax
.
Previous
Templates
Next - Red Team
Web
Last modified
1yr ago
Copy link
Contents
Split 64 Bit value into 2 32 Bit values (C)
TIB (Thread Information Block)
Hex to Float (Python 3)
Calculate Value for Neg Assembly Instruction