Misc

Split 64 Bit value into 2 32 Bit values (C)
DWORD x[2];
memcpy(x, &hevdReturn, sizeof(hevdReturn));
memcpy(&hevdReturn, x, sizeof(hevdReturn));
TIB (Thread Information Block)
View (WinDBG)
ntdll!_TEB
dt _peb
dt _peb @$peb
r $peb
Get process parameter
dt _peb @$peb processp*
dt _RTL_USER_PROCESS_PARAMETERS <addr>
Hex to Float (Python 3)
​https://gist.github.com/xct/3f267890067a7d73eb113553ef0b65ff​
​https://gist.github.com/xct/112feb1951d1e43084c6b21325a09ccd​
sudo -H python3 setup.py install
import FloatToHex
>>> FloatToHex.hextodouble(0xdeadc0de,False)
1.845794201e-314
Calculate Value for Neg Assembly Instruction
? 0x00 - 0x1C6
Evaluate expression: -454 = fffffe3a
? 0x00 - 0xfffffe3a
Evaluate expression: -4294966842 = ffffffff`000001c6
Now we can store this (null byte free) value ( fffffe3a ) in a register and use neg eax .

Last modified 6mo ago