exref.pl
averycommonproblem in staticcode analysis is findingan exported functions that refers tosome desired address. For example KseEngine has 21 references in windows kernel but only 5of these...
View Articlecrc32 binding for perl
I am tired calculating thousands crc32 hashes of exported functions so I made today binding crc32 for perlSample of using:my $val = crc::my_crc32("GetProcAddress"); # 0xC97C1FFFor even inside IDA...
View Articleclang and msbuild integration
chapter 12 of "Inside the Microsoft Build Engine" describes how you can add mingw toolchain to msbuild (visual studio 2010 and newer versions)So I was very glad to see this patch. But it seems that it...
View Articlentstatus.idc for WDK 8.1
Add 35 new NTSTATUS values#include <idc.idc>static Enums(void) { auto id,cid; id = AddEnum( 0, "NTSTATUS", 0x1100000 ); if ( id == -1 ) { id = GetEnum("NTSTATUS"); } if ( id != -1 ) {...
View Articlemsbuild 4.0 debugger
Just patch registry:c:\windows\system32\reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\4.0" /v DebuggerEnabled /d true and for syswow64:c:\windows\syswow64\reg add...
View Articlellvm 3.3 - wtf ?
was built under xp 64bit with visual studio 2010And I got:30> Testing Time: 106.52s30> ********************30> Failing Tests (32):30> LLVM ::...
View ArticleClik here to view.
ids files for MFC 12
I uploaded archive of IDS files for both 32 & 64bit MFC 12 dll modulesThis archive also contains IDT files used for building
View ArticlemsvcrXXX.dll exports
for msvcr70.dll, msvcr71.dll, msvcr80.dll, msvcr90.dll, msvcr100.dll, msvcr110.dll &...
View Articleida 6.5
changelogPC: handle code sequences which load imagebase value into a temporary register (common in x64 Windows code)yeah, finally I don`t need to recompile my plugin wpic64 for each new ida version...
View ArticleCapstone
I play a bit today with this disasm library with BSD license and I should notethatit is nowvirtually unusablesize of libcapstone.so is 6.5Mb and even if you remove arch/Mips, arch/AArch64 and arch/ARM...
View Articlewincheck rc8.51
DownloadmirrorChangelog:add checking of some callbacks in MS crt modules (like purecall_handler, pInvalidArgHandler etc)add MiFlags dumpingsome bugs were fixed
View Articlewindows 10 Technical Preview W32pServiceTable
W32pServiceLimit .eq. 0x441 and now available via exported function...
View ArticleCmControlVector from windows 10 Technical Preview
just to compare with w8.1 rtmKeyValueNamew81rtmw10tpSession Manager\Debug Print FilterACPI_Kd_ACPI_Maskw81rtmw10tpSession Manager\Debug Print FilterALPC_Kd_ALPC_Maskw81rtmw10tpSession Manager\Debug...
View Article